Dynamic vlan assignment
Dario Palmisano
Dario.Palmisano at icgeb.org
Fri Jul 19 17:17:37 CEST 2013
On Friday 19 July 2013 16:57:07 A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
> > Here you can download the (almost complete) debug log. Near the end I
> > added a text to make evident when I disconnected.
> >
> > http://webshare.icgeb.org//data/public/ce2e2ee9fbd84c362fd49b10805b36c8.p
> >hp?lang=en
>
> please dont ask me to visit random web sites that require to to click on
> things etc. just email the output to this list.
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
OK, I thought it was wiser not to send on the list...
FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 2
2012 at 23:16:43
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/replicate
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/redis
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/soh
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/f_ticks
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/rediswho
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/eap.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/eduroam
including configuration file /etc/raddb/sites-enabled/eduroam-inner-tunnel
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 0
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server eduroam-upstream-flr-1 {
ipaddr = 192.168.1.1
port = 1812
type = "auth+acct"
secret = "secretstuff"
response_window = 30
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
}
home_server eduroam-upstream-flr-2 {
ipaddr = 192.168.1.2
port = 1812
type = "auth+acct"
secret = "secretstuff"
response_window = 30
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
}
realm icgeb.trieste.it {
}
realm icgeb.ts.it {
}
realm NULL {
}
realm LOCAL {
}
home_server_pool EDUROAM {
type = fail-over
home_server = eduroam-upstream-flr-1
home_server = eduroam-upstream-flr-2
}
realm ~.+$ {
pool = EDUROAM
nostrip
}
radiusd: #### Loading Clients ####
client 172.16.254.45 {
require_message_authenticator = yes
secret = "SECRET"
shortname = "ap-test-1"
}
radiusd: #### Instantiating modules ####
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
modules {
} # modules
} # server
server eduroam { # from file /etc/raddb/sites-enabled/eduroam
modules {
Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/raddb/eap.conf
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/raddb/certs/radius-
radiust.icgeb.trieste.it.key"
certificate_file = "/etc/raddb/certs/radius-
radiust.icgeb.trieste.it.crt"
CA_file = "/etc/raddb/certs/ca-helixt.icgeb.trieste.it.crt"
private_key_password = "ICGEB_PaSsWoRd"
dh_file = "/etc/raddb/certs/radius-dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = yes
lifetime = 24
max_entries = 255
}
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "eduroam-inner-tunnel"
soh = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/etc/raddb/modules/preprocess
preprocess {
huntgroups = "/etc/raddb/huntgroups"
hints = "/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_detail
Module: Instantiating module "auth_log" from file
/etc/raddb/modules/detail.log
detail auth_log {
detailfile = "/var/log/radius/radacct/auth-detail.log"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/raddb/modules/files
files {
usersfile = "/etc/raddb/users"
acctusersfile = "/etc/raddb/acct_users"
preproxy_usersfile = "/etc/raddb/preproxy_users"
compat = "no"
key = "%{%{Stripped-User-Name}:-%{User-Name}}"
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating module "detail" from file /etc/raddb/modules/detail
detail {
detailfile = "/var/log/radius/radacct/detail"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{%{Stripped-User-Name}:-%{User-Name}}"
case_sensitive = yes
check_with_nas = no
perm = 384
callerid = yes
}
Module: Instantiating module "sradutmp" from file /etc/raddb/modules/sradutmp
radutmp sradutmp {
filename = "/var/log/radius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 420
callerid = no
}
Module: Checking pre-proxy {...} for more modules to load
Module: Instantiating module "pre_proxy_log" from file
/etc/raddb/modules/detail.log
detail pre_proxy_log {
detailfile = "/var/log/radius/radacct/pre-proxy-detail.log"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.pre-proxy" from file
/etc/raddb/modules/attr_filter
attr_filter attr_filter.pre-proxy {
attrsfile = "/etc/raddb/attrs.pre-proxy"
key = "%{Realm}"
relaxed = no
}
Module: Checking post-proxy {...} for more modules to load
Module: Instantiating module "post_proxy_log" from file
/etc/raddb/modules/detail.log
detail post_proxy_log {
detailfile = "/var/log/radius/radacct/post-proxy-detail.log"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "attr_filter.post-proxy" from file
/etc/raddb/modules/attr_filter
attr_filter attr_filter.post-proxy {
attrsfile = "/etc/raddb/attrs"
key = "%{Realm}"
relaxed = no
}
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "reply_log" from file
/etc/raddb/modules/detail.log
detail reply_log {
detailfile = "/var/log/radius/radacct/reply-detail.log"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_linelog
Module: Instantiating module "f_ticks" from file /etc/raddb/modules/f_ticks
linelog f_ticks {
filename = "/var/log/radius/radacct/f_ticks"
permissions = 384
format = ""
reference = "f_ticks.%{%{reply:Packet-Type}:-format}"
}
} # modules
} # server
server eduroam-inner-tunnel { # from file /etc/raddb/sites-enabled/eduroam-
inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
allow_retry = yes
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_always
Module: Instantiating module "reject" from file /etc/raddb/modules/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
Module: Linked to module rlm_ldap
Module: Instantiating module "ldap1" from file /etc/raddb/modules/ldap
ldap ldap1 {
server = "ldap1.icgeb.org"
port = 389
password = "SECRET"
identity = "cn=samba,dc=icgeb,dc=org"
net_timeout = 1
timeout = 4
timelimit = 3
tls_mode = no
start_tls = no
tls_require_cert = "allow"
tls {
start_tls = yes
require_cert = "never"
}
basedn = "ou=Users,dc=icgeb,dc=org"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
auto_header = no
access_attr = "uid"
access_attr_used_for_allow = yes
groupname_attribute = "cn"
groupmembership_filter = "(|(&(objectClass=GroupOfNames)
(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)
(uniquemember=%{Ldap-UserDn})))"
dictionary_mapping = "/etc/raddb/ldap.attrmap"
ldap_debug = 0
ldap_connections_number = 5
compare_check_items = no
do_xlat = yes
set_auth_type = yes
keepalive {
idle = 60
probes = 3
interval = 3
}
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap1-Ldap-Group
rlm_ldap: Registering ldap_groupcmp for ldap1-Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap1
rlm_ldap: Over-riding set_auth_type, as there is no module ldap1 listed in the
"authenticate" section.
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-
Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-
Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-
Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-
Group-Id
conns: 0x7f4c61f9ac40
Module: Instantiating module "ldap2" from file /etc/raddb/modules/ldap
ldap ldap2 {
server = "ldap2.icgeb.org"
port = 389
password = "SECRET"
identity = "cn=samba,dc=icgeb,dc=org"
net_timeout = 1
timeout = 4
timelimit = 3
tls_mode = no
start_tls = no
tls_require_cert = "allow"
tls {
start_tls = yes
require_cert = "never"
}
basedn = "ou=Users,dc=icgeb,dc=org"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
auto_header = no
access_attr = "uid"
access_attr_used_for_allow = yes
groupname_attribute = "cn"
groupmembership_filter = "(|(&(objectClass=GroupOfNames)
(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)
(uniquemember=%{Ldap-UserDn})))"
dictionary_mapping = "/etc/raddb/ldap.attrmap"
ldap_debug = 0
ldap_connections_number = 5
compare_check_items = no
do_xlat = yes
set_auth_type = yes
keepalive {
idle = 60
probes = 3
interval = 3
}
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap2-Ldap-Group
rlm_ldap: Registering ldap_groupcmp for ldap2-Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap2
rlm_ldap: Over-riding set_auth_type, as there is no module ldap2 listed in the
"authenticate" section.
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-
Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-
Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-
Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-
Group-Id
conns: 0x7f4c61f9c680
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/etc/raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Checking session {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
virtual_server = "eduroam"
ipaddr = *
port = 0
}
listen {
type = "acct"
virtual_server = "eduroam"
ipaddr = *
port = 0
}
... adding new socket proxy address * port 50818
... adding new socket proxy address * port 48997
... adding new socket proxy address * port 36625
... adding new socket proxy address * port 51958
Listening on authentication address * port 1812 as server eduroam
Listening on accounting address * port 1813 as server eduroam
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=180,
length=251
User-Name = "palmi at icgeb.ts.it"
Framed-MTU = 1400
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Service-Type = Login-User
Message-Authenticator = 0xfc2c0afcddc3f092eb89869e5cdccbcc
EAP-Message = 0x020100160170616c6d694069636765622e74732e6974
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] expand: /var/log/radius/radacct/auth-detail.log ->
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to
/var/log/radius/radacct/auth-detail.log
[auth_log] expand: %t -> Fri Jul 19 15:02:51 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 22
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Flushing SSL sessions (of #0)
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 180 to 172.16.254.45 port 1645
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x669027bd66923e30f26eb21d75d65d85
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=181,
length=411
User-Name = "palmi at icgeb.ts.it"
Framed-MTU = 1400
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Service-Type = Login-User
Message-Authenticator = 0x79d8e016f5c847ef528f668472bb9a59
EAP-Message =
0x020200a419800000009a160301009501000091030151e93900542f13df3626ff6d17f8c44f8a5b2e5d2789dbdcf49a02dc36bc7d1e000056c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a00170019000101000012000a00080006001700180019000b00020100
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
State = 0x669027bd66923e30f26eb21d75d65d85
NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] expand: /var/log/radius/radacct/auth-detail.log ->
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to
/var/log/radius/radacct/auth-detail.log
[auth_log] expand: %t -> Fri Jul 19 15:02:51 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 164
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 154
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0095], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 004a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0790], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 181 to 172.16.254.45 port 1645
EAP-Message =
0x0103040019c0000007ed160301004a02000046030151e938fbc7620d4fbcde52beebee35261e32ac240ac914ded87da542f76fce5420d13d4c1b37c5a8c5abc874c7b8ebcfb2adee9ed86972f10820789335d57620cd002f0016030107900b00078c0007890003cd308203c9308202b1a003020102020101300d06092a864886f70d010105050030819a310b3009060355040613024954310e300c060355040813054974616c793110300e0603550407130754726965737465310e300c060355040a1305494347454231163014060355040b130d436f6d707574657220556e6974311f301d06092a864886f70d010901161073797361646d4069636765
EAP-Message =
0x622e6f72673120301e0603550403131768656c6978742e69636765622e747269657374652e6974301e170d3133303730393039313634345a170d3433303730323039313634345a30819b310b3009060355040613024954310e300c060355040813054974616c793110300e0603550407130754726965737465310e300c060355040a1305494347454231163014060355040b130d436f6d707574657220556e6974311f301d06092a864886f70d010901161073797361646d4069636765622e6f72673121301f06035504031318726164697573742e69636765622e747269657374652e697430820122300d06092a864886f70d01010105000382010f00
EAP-Message =
0x3082010a0282010100c979e46c9cde8cf2c80df8c846dafaf642d4e5855fd369b069bfdf09e1d4d0bad965114dbec1aaacb81543e9399a87a73d723b6ee2a6ff4d1fddb96ca6a8b540bb82bc0fe8d2578937fd34d1b7945c2288f13f4f996a35316c413ce361db45f5b460ce35b5c294a4bf165030bcfd4986b9fc3790d4b4811c06e4f51f473a288029f8e674faa574eafd5d356abfe1295b05d32a344eb19d159526be6d9efc99f4d9f8f5a0a3269441c8535f933b535510e8848bd2518a4cb2096bd3e5e637296072a4ba1e0dff960b124a108329988b2a0eaaa9688cac3f9913bc37b1025f47527f2d972555d65685c509fc0906001fdee214de19
EAP-Message =
0xe2889d4fa82f472920611b0f0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101004fc473c5789733c97ddc8b7fe530ecb0fe4f3a86d4c27c8c8154a0872e21d15ee25b16f106b6330921292ec1627cd6e9e066cb36b8ffdd640e87bd8dfa496b362850ef8af23d8f8e3b74714208461fd250240cd7d4a77015e69640b0eeb7ac4a1601329a2c97aee6799446e2320f9a0c670d7b67732a7f3e3a425462adc297d384f4ca3b31bb318061b9f002553d7cbadd8b6342e54823ef44a34a525ea02772b6e6220724e6a2e39ccd9ed54b7d44b58afceff3de5f178ef4ebe691e5210d
EAP-Message = 0x5f3eb23962f874699e641862
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x669027bd67933e30f26eb21d75d65d85
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=182,
length=253
User-Name = "palmi at icgeb.ts.it"
Framed-MTU = 1400
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Service-Type = Login-User
Message-Authenticator = 0x538a1d81b611fde158176047d16a7a69
EAP-Message = 0x020300061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
State = 0x669027bd67933e30f26eb21d75d65d85
NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] expand: /var/log/radius/radacct/auth-detail.log ->
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to
/var/log/radius/radacct/auth-detail.log
[auth_log] expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 182 to 172.16.254.45 port 1645
EAP-Message =
0x010403fc1940258df22a84e2e9a9aff58ca761d45210d122606db6735bffcea1ad8d0c27606ba3326203b3e415d84d513a1692b992e31683a729d50003b6308203b23082029a020900db825bfb96c90cea300d06092a864886f70d010105050030819a310b3009060355040613024954310e300c060355040813054974616c793110300e0603550407130754726965737465310e300c060355040a1305494347454231163014060355040b130d436f6d707574657220556e6974311f301d06092a864886f70d010901161073797361646d4069636765622e6f72673120301e0603550403131768656c6978742e69636765622e747269657374652e6974
EAP-Message =
0x301e170d3133303730393039313633315a170d3233303730373039313633315a30819a310b3009060355040613024954310e300c060355040813054974616c793110300e0603550407130754726965737465310e300c060355040a1305494347454231163014060355040b130d436f6d707574657220556e6974311f301d06092a864886f70d010901161073797361646d4069636765622e6f72673120301e0603550403131768656c6978742e69636765622e747269657374652e697430820122300d06092a864886f70d01010105000382010f003082010a0282010100ba393288c78bc251ede2a3928cf908844db6bea8a9850b86765ec6bf6ca650
EAP-Message =
0x2d67ab8fb53bead648f7f1c2aaa1a88fc2224317dce1c4e176aa072edb3cb640353dfcfedee8695bce862b7ba1a224ccfc1b96615067d6e7bf824bde42b52763e392b91f2ba163ac501ef4dbeab18eb6e7ed08a8e02a5b4558cb21886d69974ab1404cad961044af66069d1cab98475e5a47ee503111b4a61a7bb393665e5a4404d547e4fc86437ffca7c1073ca29930932977b86b063144e7c6356ac42ed0aa1458275d0f487805142170f29659b175d36eadd01218ac19107ce1a37216fc1372076bbe3d25deef56656eb5905a8be2f0d2e245bf7c1cdde2b97c544c3dc045f10203010001300d06092a864886f70d010105050003820101002ce5c1
EAP-Message =
0x1608e87136325db92df41abad7837ba24969dd7a6833c66a3386cf5a804805fe91c77f46a544da5bd650e09750a3766933b028c8ac6dc91d7c67b9301d50cfb1b820ffd24615e3c6c0dfae04fb1b108af7d15a1c141bc9b3d4cb71e97748495376dd09dfbc791db404b66d2e5226947d2eec3789981daecf310dfb46139e9e054efe7e7eea41e92923db041f91ace2745a19a44e817bc1dc753fda067d35dd33155d468f99240b718d9b30f86e299734860d4e20654c9fead475723ff2720f5f68c63a8530999198b515e3f89012f15bd1696ecb3ef035703d68af0d63f53994c2dcdbb774c0a4ef19db8a7ff047523187b4b7c0d50e549ccde4b77db2
EAP-Message = 0x16030100040e0000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x669027bd64943e30f26eb21d75d65d85
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=183,
length=253
User-Name = "palmi at icgeb.ts.it"
Framed-MTU = 1400
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Service-Type = Login-User
Message-Authenticator = 0x27c83e5b3123ec9cd32a9a0e4287ea7a
EAP-Message = 0x020400061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
State = 0x669027bd64943e30f26eb21d75d65d85
NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] expand: /var/log/radius/radacct/auth-detail.log ->
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to
/var/log/radius/radacct/auth-detail.log
[auth_log] expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 183 to 172.16.254.45 port 1645
EAP-Message = 0x01050007190000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x669027bd65953e30f26eb21d75d65d85
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=184,
length=585
User-Name = "palmi at icgeb.ts.it"
Framed-MTU = 1400
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Service-Type = Login-User
Message-Authenticator = 0x4f4006c7ee8fc3c4d08f33997ef0f9ea
EAP-Message =
0x0205015019800000014616030101061000010201005cbeaf7e39a5128df9b044ded226d6da6a1df06c4c14b6248c3b017e350a3c18ff08ea6e865545f21f29187c9cbbeca27526b21e5d3e7c172068d92318972e404019e7d241b473c0f2f6288f6b25f78cec134805f2d45b51a8d09095e30be78c069e8c2681c00da8bde4cd70411f0a5e694d4f7f94e4efaaabb32fb80e99b8b79163e574aa56094b6007743d0ae1886934242ee6bca933f4d500df29976c80ef6b77dac039faa296079b9eb8fa234a800788add69c2981962048ba3a965d56c93438a808db460918deac5deb2af03ebb682c972cb9a8361897793b667a77317c4027e29fe7f69c5e
EAP-Message =
0x97bb4f0d9afebd4e276d9c2e7ae1565dae8fcb2c50bf94681403010001011603010030cac6507c26ca4546f6571611d86d8a9cf189a6cd3d7a827e0693e92fc2403dd8d394adf41b299e3a165846ba39108984
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
State = 0x669027bd65953e30f26eb21d75d65d85
NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] expand: /var/log/radius/radacct/auth-detail.log ->
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to
/var/log/radius/radacct/auth-detail.log
[auth_log] expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
SSL: adding session
d13d4c1b37c5a8c5abc874c7b8ebcfb2adee9ed86972f10820789335d57620cd to cache
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 184 to 172.16.254.45 port 1645
EAP-Message =
0x01060041190014030100010116030100307628a872abf1034fb3f8c9e92cde545d25d682118edb43927185247ec8f5ab630379ea6045aa8a5177f25cbae275a27f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x669027bd62963e30f26eb21d75d65d85
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=185,
length=253
User-Name = "palmi at icgeb.ts.it"
Framed-MTU = 1400
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Service-Type = Login-User
Message-Authenticator = 0x12b44dd4d38f59bdfd0f7cdf01739c54
EAP-Message = 0x020600061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
State = 0x669027bd62963e30f26eb21d75d65d85
NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] expand: /var/log/radius/radacct/auth-detail.log ->
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to
/var/log/radius/radacct/auth-detail.log
[auth_log] expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 185 to 172.16.254.45 port 1645
EAP-Message =
0x0107002b19001703010020a9e273a342b9e50c6f22c2b7decbfa7a9ad396cbbcb7c91663c8c6dc3059382e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x669027bd63973e30f26eb21d75d65d85
Finished request 5.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=186,
length=306
User-Name = "palmi at icgeb.ts.it"
Framed-MTU = 1400
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Service-Type = Login-User
Message-Authenticator = 0x58780dba17878ac8570d3045fb9218b4
EAP-Message =
0x0207003b19001703010030d4189c5081ce041f25e2e134a4e9d7ba2067f9c7a525156f41405eec84b3c4e9255fa1fbb1db92587f815951ee27b8e9
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
State = 0x669027bd63973e30f26eb21d75d65d85
NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] expand: /var/log/radius/radacct/auth-detail.log ->
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to
/var/log/radius/radacct/auth-detail.log
[auth_log] expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 7 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - palmi at icgeb.ts.it
[peap] Got inner identity 'palmi at icgeb.ts.it'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x020700160170616c6d694069636765622e74732e6974
server eduroam {
[peap] Setting User-Name to palmi at icgeb.ts.it
Sending tunneled request
EAP-Message = 0x020700160170616c6d694069636765622e74732e6974
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "palmi at icgeb.ts.it"
Framed-MTU = 1400
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
NAS-IP-Address = 172.16.254.45
Operator-Name = "1icgeb.trieste.it"
server eduroam-inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam-
inner-tunnel
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[auth_log] expand: /var/log/radius/radacct/auth-detail.log ->
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to
/var/log/radius/radacct/auth-detail.log
[auth_log] expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[eap] EAP packet type response id 7 length 22
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] expand: %{Stripped-User-Name} -> palmi
[files] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
[files] users: Matched entry palmi at line 438
++[files] returns ok
++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL)
? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE
? Evaluating (Realm == NULL) -> FALSE
++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL) -> FALSE
++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled ||
control:ICGEB-Eduroam-Enabled != Yes))
? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE
?? Evaluating !(control:ICGEB-Eduroam-Enabled ) -> FALSE
?? Evaluating (control:ICGEB-Eduroam-Enabled != Yes) -> FALSE
++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled ||
control:ICGEB-Eduroam-Enabled != Yes)) -> FALSE
++- entering else else {...}
+++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for palmi
[ldap1] expand: %{Stripped-User-Name} -> palmi
[ldap1] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=palmi)
[ldap1] expand: ou=Users,dc=icgeb,dc=org -> ou=Users,dc=icgeb,dc=org
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] attempting LDAP reconnection
[ldap1] (re)connect to ldap1.icgeb.org:389, authentication 0
[ldap1] setting TLS Require Cert to never
[ldap1] starting TLS
[ldap1] bind as cn=samba,dc=icgeb,dc=org/SECRET to ldap1.icgeb.org:389
[ldap1] waiting for bind result ...
[ldap1] Bind was successful
[ldap1] performing search in ou=Users,dc=icgeb,dc=org, with filter
(uid=palmi)
[ldap1] checking if remote access for palmi is allowed by uid
[ldap1] looking for check items in directory...
[ldap1] sambaNtPassword -> NT-Password ==
0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[ldap1] sambaLmPassword -> LM-Password ==
0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[ldap1] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap1] user palmi authorized to use remote access
[ldap1] ldap_release_conn: Release Id: 0
++++[ldap1] returns ok
+++- redundant-load-balance group redundant-load-balance returns ok
+++[expiration] returns noop
++- else else returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam-inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server eduroam-inner-tunnel
[peap] Got tunneled reply code 11
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "220"
EAP-Message =
0x0108002b1a010800261031bbf45a68ff5991a784b7775ad66d0f70616c6d694069636765622e74732e6974
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xac6f4ed7ac6754fe563139e39634b030
[peap] Got tunneled reply RADIUS code 11
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "220"
EAP-Message =
0x0108002b1a010800261031bbf45a68ff5991a784b7775ad66d0f70616c6d694069636765622e74732e6974
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xac6f4ed7ac6754fe563139e39634b030
[peap] Got tunneled Access-Challenge
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 186 to 172.16.254.45 port 1645
EAP-Message =
0x0108004b190017030100407551bcc12b2ed0feac5f15ba5fa6ad83f217dd6ae55063326b6059264b1f953c94ccc718eadc9621d0be180137c8f111fbafe7bc100eff058756bebb490d095a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x669027bd60983e30f26eb21d75d65d85
Finished request 6.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=187,
length=354
User-Name = "palmi at icgeb.ts.it"
Framed-MTU = 1400
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Service-Type = Login-User
Message-Authenticator = 0x9a32cc720eca9c8424fd7ad00e8ab3bf
EAP-Message =
0x0208006b19001703010060adc8a19d618921aa8fa847c35215bbd5da5aff1bb2e5181cee87cc1be6f7a74a4fd73f16dc290bf5937c44dfe080a9b6b9570b42011aac39617c06480c879c28116d65575bf375e04be2490fb411ba819a4411060d439e2a366841bfe801a741
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
State = 0x669027bd60983e30f26eb21d75d65d85
NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] expand: /var/log/radius/radacct/auth-detail.log ->
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to
/var/log/radius/radacct/auth-detail.log
[auth_log] expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 8 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x0208004c1a02080047317b0c4f82dc21d6ba0960f3d09523fda00000000000000000f3daf62acb5f6cbc9566592c64b57d73ba4ebf437eb029910070616c6d694069636765622e74732e6974
server eduroam {
[peap] Setting User-Name to palmi at icgeb.ts.it
Sending tunneled request
EAP-Message =
0x0208004c1a02080047317b0c4f82dc21d6ba0960f3d09523fda00000000000000000f3daf62acb5f6cbc9566592c64b57d73ba4ebf437eb029910070616c6d694069636765622e74732e6974
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "palmi at icgeb.ts.it"
State = 0xac6f4ed7ac6754fe563139e39634b030
Framed-MTU = 1400
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
NAS-IP-Address = 172.16.254.45
Operator-Name = "1icgeb.trieste.it"
server eduroam-inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam-
inner-tunnel
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[auth_log] expand: /var/log/radius/radacct/auth-detail.log ->
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to
/var/log/radius/radacct/auth-detail.log
[auth_log] expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[eap] EAP packet type response id 8 length 76
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] expand: %{Stripped-User-Name} -> palmi
[files] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
[files] users: Matched entry palmi at line 438
++[files] returns ok
++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL)
? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE
? Evaluating (Realm == NULL) -> FALSE
++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL) -> FALSE
++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled ||
control:ICGEB-Eduroam-Enabled != Yes))
? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE
?? Evaluating !(control:ICGEB-Eduroam-Enabled ) -> FALSE
?? Evaluating (control:ICGEB-Eduroam-Enabled != Yes) -> FALSE
++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled ||
control:ICGEB-Eduroam-Enabled != Yes)) -> FALSE
++- entering else else {...}
+++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for palmi
[ldap1] expand: %{Stripped-User-Name} -> palmi
[ldap1] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=palmi)
[ldap1] expand: ou=Users,dc=icgeb,dc=org -> ou=Users,dc=icgeb,dc=org
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] performing search in ou=Users,dc=icgeb,dc=org, with filter
(uid=palmi)
[ldap1] checking if remote access for palmi is allowed by uid
[ldap1] looking for check items in directory...
[ldap1] sambaNtPassword -> NT-Password ==
0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[ldap1] sambaLmPassword -> LM-Password ==
0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[ldap1] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap1] user palmi authorized to use remote access
[ldap1] ldap_release_conn: Release Id: 0
++++[ldap1] returns ok
+++- redundant-load-balance group redundant-load-balance returns ok
+++[expiration] returns noop
++- else else returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam-inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/eduroam-inner-
tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Found LM-Password
[mschap] Found NT-Password
[mschap] Creating challenge hash with username: palmi at icgeb.ts.it
[mschap] Told to do MS-CHAPv2 for palmi at icgeb.ts.it with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server eduroam-inner-tunnel
[peap] Got tunneled reply code 11
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "220"
EAP-Message =
0x010900331a0308002e533d46434546384137334445324244353032344230414632413139334635464446444637453838364532
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xac6f4ed7ad6654fe563139e39634b030
[peap] Got tunneled reply RADIUS code 11
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "220"
EAP-Message =
0x010900331a0308002e533d46434546384137334445324244353032344230414632413139334635464446444637453838364532
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xac6f4ed7ad6654fe563139e39634b030
[peap] Got tunneled Access-Challenge
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 187 to 172.16.254.45 port 1645
EAP-Message =
0x0109005b190017030100508b428fcbaba9455852f5170646e2df5522351f71a2ce8c1d7a276dcd36366d325356aec936a2282d9fe3386fde30c15f2c6b08faf44485a0d35b368aa684156593d286df9a3dbb8285733e737f2bc604
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x669027bd61993e30f26eb21d75d65d85
Finished request 7.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=188,
length=290
User-Name = "palmi at icgeb.ts.it"
Framed-MTU = 1400
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Service-Type = Login-User
Message-Authenticator = 0x1b70ff8392af063cd76871601bb653aa
EAP-Message =
0x0209002b19001703010020aca48497bb2e628cb8380aecb52865e5ff28b39d4cf95a8aef162a3b0bc703fe
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
State = 0x669027bd61993e30f26eb21d75d65d85
NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] expand: /var/log/radius/radacct/auth-detail.log ->
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to
/var/log/radius/radacct/auth-detail.log
[auth_log] expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020900061a03
server eduroam {
[peap] Setting User-Name to palmi at icgeb.ts.it
Sending tunneled request
EAP-Message = 0x020900061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "palmi at icgeb.ts.it"
State = 0xac6f4ed7ad6654fe563139e39634b030
Framed-MTU = 1400
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
NAS-IP-Address = 172.16.254.45
Operator-Name = "1icgeb.trieste.it"
server eduroam-inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam-
inner-tunnel
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[auth_log] expand: /var/log/radius/radacct/auth-detail.log ->
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to
/var/log/radius/radacct/auth-detail.log
[auth_log] expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] expand: %{Stripped-User-Name} -> palmi
[files] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
[files] users: Matched entry palmi at line 438
++[files] returns ok
++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL)
? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE
? Evaluating (Realm == NULL) -> FALSE
++? if (Cisco-AVPair == "ssid=XXX-ER" && Realm == NULL) -> FALSE
++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled ||
control:ICGEB-Eduroam-Enabled != Yes))
? Evaluating (Cisco-AVPair == "ssid=XXX-ER" ) -> TRUE
?? Evaluating !(control:ICGEB-Eduroam-Enabled ) -> FALSE
?? Evaluating (control:ICGEB-Eduroam-Enabled != Yes) -> FALSE
++? elsif (Cisco-AVPair == "ssid=XXX-ER" && (!control:ICGEB-Eduroam-Enabled ||
control:ICGEB-Eduroam-Enabled != Yes)) -> FALSE
++- entering else else {...}
+++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for palmi
[ldap1] expand: %{Stripped-User-Name} -> palmi
[ldap1] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=palmi)
[ldap1] expand: ou=Users,dc=icgeb,dc=org -> ou=Users,dc=icgeb,dc=org
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] performing search in ou=Users,dc=icgeb,dc=org, with filter
(uid=palmi)
[ldap1] checking if remote access for palmi is allowed by uid
[ldap1] looking for check items in directory...
[ldap1] sambaNtPassword -> NT-Password ==
0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[ldap1] sambaLmPassword -> LM-Password ==
0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[ldap1] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap1] user palmi authorized to use remote access
[ldap1] ldap_release_conn: Release Id: 0
++++[ldap1] returns ok
+++- redundant-load-balance group redundant-load-balance returns ok
+++[expiration] returns noop
++- else else returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam-inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
# Executing section session from file /etc/raddb/sites-enabled/eduroam-inner-
tunnel
+- entering group session {...}
[radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp] expand: %{Stripped-User-Name} -> palmi
[radutmp] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
++[radutmp] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/eduroam-
inner-tunnel
+- entering group post-auth {...}
++? if (outer.request:User-Name != "%{request:User-Name}")
expand: %{request:User-Name} -> palmi at icgeb.ts.it
? Evaluating (outer.request:User-Name != "%{request:User-Name}") -> FALSE
++? if (outer.request:User-Name != "%{request:User-Name}") -> FALSE
[reply_log] expand: /var/log/radius/radacct/reply-detail.log ->
/var/log/radius/radacct/reply-detail.log
[reply_log] /var/log/radius/radacct/reply-detail.log expands to
/var/log/radius/radacct/reply-detail.log
[reply_log] expand: %t -> Fri Jul 19 15:02:52 2013
++[reply_log] returns ok
} # server eduroam-inner-tunnel
[peap] Got tunneled reply code 2
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "220"
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0xbe1daddb8ed87c9b5e06ce402b322c71
MS-MPPE-Recv-Key = 0x4bd89713a7634f3d3ce739d3e21738f3
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "palmi"
[peap] Got tunneled reply RADIUS code 2
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "220"
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0xbe1daddb8ed87c9b5e06ce402b322c71
MS-MPPE-Recv-Key = 0x4bd89713a7634f3d3ce739d3e21738f3
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "palmi"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
[peap] Saving tunneled attributes for later
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 188 to 172.16.254.45 port 1645
EAP-Message =
0x010a002b19001703010020723574f51e400d5fd7c58894bf8b6d79afe0482191f3a11696858d1afad5bded
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x669027bd6e9a3e30f26eb21d75d65d85
Finished request 8.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 172.16.254.45 port 1645, id=189,
length=290
User-Name = "palmi at icgeb.ts.it"
Framed-MTU = 1400
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Service-Type = Login-User
Message-Authenticator = 0xf30f3bd40f6109c508a83f933cd65d1e
EAP-Message =
0x020a002b190017030100209afce8ff8c13dd63d65628da201d3ea4bf820c83dbc028062ce807b02c1931e4
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
State = 0x669027bd6e9a3e30f26eb21d75d65d85
NAS-IP-Address = 172.16.254.45
server eduroam {
# Executing section authorize from file /etc/raddb/sites-enabled/eduroam
+- entering group authorize {...}
++[preprocess] returns ok
++[request] returns ok
[auth_log] expand: /var/log/radius/radacct/auth-detail.log ->
/var/log/radius/radacct/auth-detail.log
[auth_log] /var/log/radius/radacct/auth-detail.log expands to
/var/log/radius/radacct/auth-detail.log
[auth_log] expand: %t -> Fri Jul 19 15:02:52 2013
++[auth_log] returns ok
[suffix] Looking up realm "icgeb.ts.it" for User-Name = "palmi at icgeb.ts.it"
[suffix] Found realm "icgeb.ts.it"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "icgeb.ts.it"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 10 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[peap] Using saved attributes from the original Access-Accept
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "220"
User-Name = "palmi"
[peap] Saving response in the cache
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/eduroam
+- entering group post-auth {...}
[reply_log] expand: /var/log/radius/radacct/reply-detail.log ->
/var/log/radius/radacct/reply-detail.log
[reply_log] /var/log/radius/radacct/reply-detail.log expands to
/var/log/radius/radacct/reply-detail.log
[reply_log] expand: %t -> Fri Jul 19 15:02:52 2013
++[reply_log] returns ok
++? if (Cisco-AVPair == "ssid=XXX-ER")
? Evaluating (Cisco-AVPair == "ssid=XXX-ER") -> TRUE
++? if (Cisco-AVPair == "ssid=XXX-ER") -> TRUE
++- entering if (Cisco-AVPair == "ssid=XXX-ER") {...}
[f_ticks] expand: %{reply:Packet-Type} -> Access-Accept
[f_ticks] expand: f_ticks.%{%{reply:Packet-Type}:-format} ->
f_ticks.Access-Accept
[f_ticks] expand: /var/log/radius/radacct/f_ticks ->
/var/log/radius/radacct/f_ticks
[f_ticks] expand: F-
TICKS/eduroam/1.0#REALM=%{Realm}#VISCOUNTRY=LU#VISINST=YOUR-ID#CSI=%{Calling-
Station-Id}#RESULT=OK# -> F-
TICKS/eduroam/1.0#REALM=icgeb.ts.it#VISCOUNTRY=LU#VISINST=YOUR-
ID#CSI=d49a.2063.2450#RESULT=OK#
+++[f_ticks] returns ok
++- if (Cisco-AVPair == "ssid=XXX-ER") returns ok
} # server eduroam
Sending Access-Accept of id 189 to 172.16.254.45 port 1645
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:0 := "220"
User-Name = "palmi"
MS-MPPE-Recv-Key =
0xf308f970d2507771e30d0f1cc87c6d35ab9a6c65b56dfec2141f50273d6045ff
MS-MPPE-Send-Key =
0xa68961323bdf00916cf8ee1043d99477eeaf6a46de78f1101234e9a8a5faf8e2
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 9.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Accounting-Request packet from host 172.16.254.45 port 1646, id=17,
length=366
Acct-Session-Id = "0000038C"
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
Cisco-AVPair = "vlan-id=220"
Cisco-AVPair = "nas-location=Floor Ground, Building F1 (test)"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
User-Name = "palmi"
Cisco-AVPair = "connect-progress=Call Up"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
Service-Type = Framed-User
NAS-IP-Address = 172.16.254.45
Acct-Delay-Time = 0
server eduroam {
# Executing section preacct from file /etc/raddb/sites-enabled/eduroam
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1016,Client-IP-Address = 172.16.254.45,NAS-
IP-Address = 172.16.254.45,Acct-Session-Id = "0000038C",User-Name = "palmi"'
[acct_unique] Acct-Unique-Session-ID = "4cdcd06ed9699fd5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "palmi", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "NULL"
[suffix] Accounting realm is LOCAL.
++[suffix] returns ok
[files] expand: %{Stripped-User-Name} -> palmi
[files] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/eduroam
+- entering group accounting {...}
[detail] expand: /var/log/radius/radacct/detail ->
/var/log/radius/radacct/detail
[detail] /var/log/radius/radacct/detail expands to
/var/log/radius/radacct/detail
[detail] expand: %t -> Fri Jul 19 15:02:52 2013
++[detail] returns ok
[radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp] expand: %{Stripped-User-Name} -> palmi
[radutmp] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
++[radutmp] returns ok
[sradutmp] expand: /var/log/radius/sradutmp -> /var/log/radius/sradutmp
[sradutmp] expand: %{User-Name} -> palmi
++[sradutmp] returns ok
} # server eduroam
Sending Accounting-Response of id 17 to 172.16.254.45 port 1646
Finished request 10.
Cleaning up request 10 ID 17 with timestamp +7
Going to the next request
Waking up in 4.5 seconds.
Cleaning up request 0 ID 180 with timestamp +6
Cleaning up request 1 ID 181 with timestamp +6
Cleaning up request 2 ID 182 with timestamp +7
Cleaning up request 3 ID 183 with timestamp +7
Cleaning up request 4 ID 184 with timestamp +7
Cleaning up request 5 ID 185 with timestamp +7
Cleaning up request 6 ID 186 with timestamp +7
Cleaning up request 7 ID 187 with timestamp +7
Cleaning up request 8 ID 188 with timestamp +7
Cleaning up request 9 ID 189 with timestamp +7
Ready to process requests.
###################################################################################################
HERE I DISCONNECTED FROM WIRELESS NETWORK
###################################################################################################
rad_recv: Accounting-Request packet from host 172.16.254.45 port 1646, id=18,
length=465
Acct-Session-Id = "0000038C"
Called-Station-Id = "003a.9ae0.1460"
Calling-Station-Id = "d49a.2063.2450"
Cisco-AVPair = "ssid=XXX-ER"
Cisco-AVPair = "vlan-id=220"
Cisco-AVPair = "nas-location=Floor Ground, Building F1 (test)"
WISPr-Location-Name = "Floor Ground, Building F1 (test)"
Cisco-AVPair = "auth-algo-type=eap-peap"
User-Name = "palmi"
Acct-Authentic = RADIUS
Cisco-AVPair = "connect-progress=Call Up"
Acct-Session-Time = 37
Acct-Input-Octets = 19549
Acct-Output-Octets = 15498
Acct-Input-Packets = 88
Acct-Output-Packets = 72
Acct-Terminate-Cause = Lost-Carrier
Cisco-AVPair = "disc-cause-ext=No Reason"
Acct-Status-Type = Stop
NAS-Port-Type = Wireless-802.11
NAS-Port = 1016
NAS-Port-Id = "1016"
Service-Type = Framed-User
NAS-IP-Address = 172.16.254.45
Acct-Delay-Time = 0
server eduroam {
# Executing section preacct from file /etc/raddb/sites-enabled/eduroam
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1016,Client-IP-Address = 172.16.254.45,NAS-
IP-Address = 172.16.254.45,Acct-Session-Id = "0000038C",User-Name = "palmi"'
[acct_unique] Acct-Unique-Session-ID = "4cdcd06ed9699fd5".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "palmi", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "palmi"
[suffix] Adding Realm = "NULL"
[suffix] Accounting realm is LOCAL.
++[suffix] returns ok
[files] expand: %{Stripped-User-Name} -> palmi
[files] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/eduroam
+- entering group accounting {...}
[detail] expand: /var/log/radius/radacct/detail ->
/var/log/radius/radacct/detail
[detail] /var/log/radius/radacct/detail expands to
/var/log/radius/radacct/detail
[detail] expand: %t -> Fri Jul 19 15:03:28 2013
++[detail] returns ok
[radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp] expand: %{Stripped-User-Name} -> palmi
[radutmp] expand: %{%{Stripped-User-Name}:-%{User-Name}} -> palmi
++[radutmp] returns ok
[sradutmp] expand: /var/log/radius/sradutmp -> /var/log/radius/sradutmp
[sradutmp] expand: %{User-Name} -> palmi
++[sradutmp] returns ok
} # server eduroam
Sending Accounting-Response of id 18 to 172.16.254.45 port 1646
Finished request 11.
Cleaning up request 11 ID 18 with timestamp +43
Going to the next request
Ready to process requests.
More information about the Freeradius-Users
mailing list