Glitch in FreeRADIUS when final Access-Accept bigger than 4096 octets
stefan.paetow at diamond.ac.uk
stefan.paetow at diamond.ac.uk
Mon Nov 4 14:31:22 CET 2013
Alan D, Arran,
This issue was raised on the Project Moonshot list, where an Access-Accept packet was exceeding the 4096 octet limit as per the RFC. Apparently the daemon goes into a loop (as seen below) once the packet size exceeds the limit, and the original poster pointed out that his debug session had continued looping for several minutes before he terminated the session with a Ctrl+C. This was a build of FreeRADIUS 3.0, possibly rc0 or rc1 (I know we're now in release, but I'm sure I can try to reproduce this again even with the release version).
Logically, I would expect the warning message to be printed once per attribute statement remaining (according to the complete reply section fragment at http://pastebin.com/ZqUh5Tzj, there are 5 more "SAML-AAA-Assertion +=" statements left), and then leave it at that, not loop on for minutes (or hours).
Perhaps it would be useful to point out WHY encoding failed, instead of merely saying that it failed. In this specific case, it was a matter of exceeding the packet size (proven by the original poster by extending each += statement to the full 252 or so characters per attribute at my suggestion, which reduced the number of statements and hence the 2-octet overhead per statement).
The full debug log is below:
freeradius: FreeRADIUS Version 3.0.0, for host , built on Jun 1 2013 at 18:02:35
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/mods-enabled/
including configuration file /etc/freeradius/mods-enabled/sradutmp
including configuration file /etc/freeradius/mods-enabled/logintime
including configuration file /etc/freeradius/mods-enabled/wimax
including configuration file /etc/freeradius/mods-enabled/mschap
including configuration file /etc/freeradius/mods-enabled/soh
including configuration file /etc/freeradius/mods-enabled/attr_rewrite
including configuration file /etc/freeradius/mods-enabled/radutmp
including configuration file /etc/freeradius/mods-enabled/eap
including configuration file /etc/freeradius/mods-enabled/psk
including configuration file /etc/freeradius/mods-enabled/dynamic_clients
including configuration file /etc/freeradius/mods-enabled/pap
including configuration file /etc/freeradius/mods-enabled/expiration
including configuration file /etc/freeradius/mods-enabled/chap
including configuration file /etc/freeradius/mods-enabled/cui
including configuration file /etc/freeradius/mods-enabled/../sql/cui/mysql/queries.conf
including configuration file /etc/freeradius/mods-enabled/replicate
including configuration file /etc/freeradius/mods-enabled/linelog
including configuration file /etc/freeradius/mods-enabled/krb_tgt2
including configuration file /etc/freeradius/mods-enabled/expr
including configuration file /etc/freeradius/mods-enabled/passwd
including configuration file /etc/freeradius/mods-enabled/preprocess
including configuration file /etc/freeradius/mods-enabled/realm
including configuration file /etc/freeradius/mods-enabled/attr_filter
including configuration file /etc/freeradius/mods-enabled/exec
including configuration file /etc/freeradius/mods-enabled/dhcp
including configuration file /etc/freeradius/mods-enabled/krb_tgt
including configuration file /etc/freeradius/mods-enabled/unix
including configuration file /etc/freeradius/mods-enabled/cache_eap
including configuration file /etc/freeradius/mods-enabled/ntlm_auth
including configuration file /etc/freeradius/mods-enabled/digest
including configuration file /etc/freeradius/mods-enabled/detail.log
including configuration file /etc/freeradius/mods-enabled/checkval
including configuration file /etc/freeradius/mods-enabled/files
including configuration file /etc/freeradius/mods-enabled/inner-eap
including configuration file /etc/freeradius/mods-enabled/detail
including configuration file /etc/freeradius/mods-enabled/utf8
including configuration file /etc/freeradius/mods-enabled/always
including configuration file /etc/freeradius/mods-enabled/counter
including configuration file /etc/freeradius/mods-enabled/echo
including files in directory /etc/freeradius/policy.d/
including configuration file /etc/freeradius/policy.d/canonicalization
including configuration file /etc/freeradius/policy.d/operator-name
including configuration file /etc/freeradius/policy.d/eap
including configuration file /etc/freeradius/policy.d/cui
including configuration file /etc/freeradius/policy.d/accounting
including configuration file /etc/freeradius/policy.d/dhcp
including configuration file /etc/freeradius/policy.d/filter
including configuration file /etc/freeradius/policy.d/control
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
including configuration file /etc/freeradius/sites-enabled/tls
main {
security {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
}
including dictionary file /etc/freeradius/dictionary
main {
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
revive_interval = 120
status_check_timeout = 4
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
}
home_server tls {
ipaddr = 127.0.0.1
port = 2083
type = "auth"
proto = "tcp"
secret = "testing123"
response_window = 30
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
revive_interval = 300
status_check_timeout = 4
}
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
dh_file = "/etc/freeradius/certs/dh"
random_file = "/etc/freeradius/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
ecdh_curve = "prime256v1"
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
home_server_pool tls {
type = fail-over
home_server = tls
}
realm tls {
auth_pool = tls
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/freeradius/mods-enabled/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/freeradius/mods-enabled/expr
expr {
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
Module: Linked to module rlm_dhcp
Module: Instantiating module "dhcp" from file /etc/freeradius/mods-enabled/dhcp
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/radiusd.conf
modules {
} # modules
} # server
server default { # from file /etc/freeradius/sites-enabled/default
modules {
Module: Creating Auth-Type = digest
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap
pap {
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/freeradius/mods-enabled/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
}
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file /etc/freeradius/mods-enabled/digest
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/freeradius/mods-enabled/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap
eap {
default_eap_type = "ttls"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
tls = "tls-common"
}
tls-config tls-common {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.pem"
certificate_file = "/etc/freeradius/certs/server.pem"
CA_file = "/etc/freeradius/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/etc/freeradius/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/freeradius/certs/bootstrap"
ecdh_curve = "prime256v1"
cache {
enable = yes
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = yes
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
tls = "tls-common"
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
require_client_cert = no
}
debug: Using cached TLS configuration from previous invocation
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
debug: Using cached TLS configuration from previous invocation
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Checking authorize {...} for more modules to load
Module: Loading virtual module filter_username
Module: Linked to module rlm_always
Module: Instantiating module "reject" from file /etc/freeradius/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
reading pairlist file /etc/freeradius/huntgroups
reading pairlist file /etc/freeradius/hints
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
default_community = "apc.moonshot.ja.net"
rp_realm = "local"
trust_router = "localhost"
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/freeradius/mods-enabled/files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
reading pairlist file /etc/freeradius/users
reading pairlist file /etc/freeradius/acct_users
reading pairlist file /etc/freeradius/preproxy_users
Module: Checking preacct {...} for more modules to load
Module: Loading virtual module acct_unique
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail
detail {
detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.accounting_response {
file = "/etc/freeradius/filter/accounting_response"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/freeradius/filter/accounting_response
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Loading virtual module remove_reply_message_if_eap
Module: Instantiating module "noop" from file /etc/freeradius/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
file = "/etc/freeradius/filter/access_reject"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/freeradius/filter/access_reject
Module: Loading virtual module remove_reply_message_if_eap
} # modules
} # server
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/freeradius/mods-enabled/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
cleanup_delay = 5
max_queue_size = 65536
auto_limit_acct = no
}
Thread spawned new child 1. Total threads in pool: 1
Thread spawned new child 2. Total threads in pool: 2
Thread spawned new child 3. Total threads in pool: 3
Thread spawned new child 4. Total threads in pool: 4
Thread spawned new child 5. Total threads in pool: 5
Thread pool initialized
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 2083
max_pps = 0
proto = "tcp"
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.pem"
certificate_file = "/etc/freeradius/certs/server.pem"
CA_file = "/etc/freeradius/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/etc/freeradius/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "PSK:ALL:!aNULL:!eNULL"
require_client_cert = yes
ecdh_curve = "prime256v1"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
}
Thread 5 waiting to be assigned a request
Thread 4 waiting to be assigned a request
Thread 3 waiting to be assigned a request
Thread 2 waiting to be assigned a request
Thread 1 waiting to be assigned a request
clients = "radsec"
client 127.0.0.1 {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
virtual_server = "default"
proto = "tcp"
}
client default {
ipaddr = 0.0.0.0
netmask = 0
require_message_authenticator = no
secret = "radsec"
virtual_server = "default"
proto = "tcp"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 4000
max_pps = 0
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
}
listen {
type = "auth"
ipaddr = *
port = 0
max_pps = 0
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
}
listen {
type = "acct"
ipaddr = *
port = 0
max_pps = 0
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
max_pps = 0
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
}
Listening on authentication proto tcp address * port 2083 (TLS)
Listening on authentication address 127.0.0.1 port 4000
Listening on authentication address * port 1812 as server default
Listening on accounting address * port 1813 as server default
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Opening new proxy address * port 2085
Listening on proxy address * port 2085
Ready to process requests.
... new connection request on TCP socket.
Listening on authentication from client (127.0.0.1, 35521) -> (*, 2083)
Waking up in 0.7 seconds.
(0) Requiring client certificate
(0) Initiate
(0) (other): before/accept initialization
(0) TLS_accept: before/accept initialization
(0) <<< TLS 1.0 Handshake [length 00dd], ClientHello
(0) TLS_accept: SSLv3 read client hello A
(0) >>> TLS 1.0 Handshake [length 003e], ServerHello
(0) TLS_accept: SSLv3 write server hello A
(0) >>> TLS 1.0 Handshake [length 085e], Certificate
(0) TLS_accept: SSLv3 write certificate A
(0) >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
(0) TLS_accept: SSLv3 write key exchange A
(0) >>> TLS 1.0 Handshake [length 00a6], CertificateRequest
(0) TLS_accept: SSLv3 write certificate request A
(0) TLS_accept: SSLv3 flush data
(0) TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
Waking up in 0.7 seconds.
(0) <<< TLS 1.0 Handshake [length 0853], Certificate
(0) chain-depth=1,
(0) error=0
(0) --> BUF-Name = Example Certificate Authority
(0) --> subject = /C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin at example.com/CN=Example Certificate Authority
(0) --> issuer = /C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin at example.com/CN=Example Certificate Authority
(0) --> verify return:1
(0) chain-depth=0,
(0) error=0
(0) --> BUF-Name = user at example.com
(0) --> subject = /C=FR/ST=Radius/O=Example Inc./CN=user at example.com/emailAddress=user at example.com
(0) --> issuer = /C=FR/ST=Radius/L=Somewhere/O=Example Inc./emailAddress=admin at example.com/CN=Example Certificate Authority
(0) --> verify return:1
(0) TLS_accept: SSLv3 read client certificate A
(0) <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
(0) TLS_accept: SSLv3 read client key exchange A
(0) <<< TLS 1.0 Handshake [length 0106], CertificateVerify
(0) TLS_accept: SSLv3 read certificate verify A
(0) <<< TLS 1.0 ChangeCipherSpec [length 0001]
(0) <<< TLS 1.0 Handshake [length 0010], Finished
(0) TLS_accept: SSLv3 read finished A
(0) >>> TLS 1.0 ChangeCipherSpec [length 0001]
(0) TLS_accept: SSLv3 write change cipher spec A
(0) >>> TLS 1.0 Handshake [length 0010], Finished
(0) TLS_accept: SSLv3 write finished A
(0) TLS_accept: SSLv3 flush data
(0) (other): SSL negotiation finished successfully
SSL Connection Established
Waking up in 0.7 seconds.
(0) Application data status 7
(0) tls_recv: Access-Request packet from host 127.0.0.1 port 35521, id=0, length=76
Threads: total/active/spare threads = 5/0/5
Thread 5 got semaphore
Thread 5 handling request 0, (1 handled so far)
(0) <thread> : # Executing section authorize from file /etc/freeradius/sites-enabled/default
(0) <thread> : group authorize {
(0) <thread> : - entering group authorize {...}
(0) <thread> : policy filter_username {
(0) <thread> : - entering policy filter_username {...}
(0) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}")
(0) <thread> : expand: '%{User-Name}' -> '@local'
(0) <thread> : expand: '%{tolower:%{User-Name}}' -> '@local'
(0) <thread> : ? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(0) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(0) <thread> : ? if (User-Name =~ / /)
(0) <thread> : ? Evaluating (User-Name =~ / /) -> FALSE
(0) <thread> : ? if (User-Name =~ / /) -> FALSE
(0) <thread> : ? if (User-Name =~ /@.*@/ )
(0) <thread> : ? Evaluating (User-Name =~ /@.*@/) -> FALSE
(0) <thread> : ? if (User-Name =~ /@.*@/ ) -> FALSE
(0) <thread> : ? if (User-Name =~ /\\.\\./ )
(0) <thread> : ? Evaluating (User-Name =~ /\\.\\./) -> FALSE
(0) <thread> : ? if (User-Name =~ /\\.\\./ ) -> FALSE
(0) <thread> : ? if (User-Name =~ /\\.$/)
(0) <thread> : ? Evaluating (User-Name =~ /\\.$/) -> FALSE
(0) <thread> : ? if (User-Name =~ /\\.$/) -> FALSE
(0) <thread> : ? if (User-Name =~ /@\\./)
(0) <thread> : ? Evaluating (User-Name =~ /@\\./) -> FALSE
(0) <thread> : ? if (User-Name =~ /@\\./) -> FALSE
(0) <thread> : - policy filter_username returns notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix : Looking up realm "local" for User-Name = "@local"
(0) suffix : Found realm "LOCAL"
(0) suffix : Adding Stripped-User-Name = ""
(0) suffix : Adding Realm = "LOCAL"
(0) suffix : Authentication realm is LOCAL.
(0) [suffix] = ok
(0) eap : EAP packet type response id 0 length 11
(0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /etc/freeradius/sites-enabled/default
(0) group authenticate {
(0) - entering group authenticate {...}
(0) eap : EAP Identity
(0) eap : processing type ttls
(0) ttls : Flushing SSL sessions (of #0)
(0) ttls : Initiate
(0) ttls : Start returned 1
(0) eap : New EAP session, adding 'State' attribute to reply 0x5547a69c5546b331
(0) [eap] = handled
(0) Finished request 0.
Thread 5 waiting to be assigned a request
Waking up in 0.3 seconds.
(0) Application data status 7
(0) tls_recv: Access-Request packet from host 127.0.0.1 port 35521, id=0, length=145
(0) Cleaning up request packet ID 0 with timestamp +10
Waking up in 0.3 seconds.
Thread 4 got semaphore
Thread 4 handling request 1, (1 handled so far)
(1) <thread> : # Executing section authorize from file /etc/freeradius/sites-enabled/default
(1) <thread> : group authorize {
(1) <thread> : - entering group authorize {...}
(1) <thread> : policy filter_username {
(1) <thread> : - entering policy filter_username {...}
(1) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}")
(1) <thread> : expand: '%{User-Name}' -> '@local'
(1) <thread> : expand: '%{tolower:%{User-Name}}' -> '@local'
(1) <thread> : ? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(1) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(1) <thread> : ? if (User-Name =~ / /)
(1) <thread> : ? Evaluating (User-Name =~ / /) -> FALSE
(1) <thread> : ? if (User-Name =~ / /) -> FALSE
(1) <thread> : ? if (User-Name =~ /@.*@/ )
(1) <thread> : ? Evaluating (User-Name =~ /@.*@/) -> FALSE
(1) <thread> : ? if (User-Name =~ /@.*@/ ) -> FALSE
(1) <thread> : ? if (User-Name =~ /\\.\\./ )
(1) <thread> : ? Evaluating (User-Name =~ /\\.\\./) -> FALSE
(1) <thread> : ? if (User-Name =~ /\\.\\./ ) -> FALSE
(1) <thread> : ? if (User-Name =~ /\\.$/)
(1) <thread> : ? Evaluating (User-Name =~ /\\.$/) -> FALSE
(1) <thread> : ? if (User-Name =~ /\\.$/) -> FALSE
(1) <thread> : ? if (User-Name =~ /@\\./)
(1) <thread> : ? Evaluating (User-Name =~ /@\\./) -> FALSE
(1) <thread> : ? if (User-Name =~ /@\\./) -> FALSE
(1) <thread> : - policy filter_username returns notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix : Looking up realm "local" for User-Name = "@local"
(1) suffix : Found realm "LOCAL"
(1) suffix : Adding Stripped-User-Name = ""
(1) suffix : Adding Realm = "LOCAL"
(1) suffix : Authentication realm is LOCAL.
(1) [suffix] = ok
(1) eap : EAP packet type response id 1 length 62
(1) eap : Continuing tunnel setup.
(1) [eap] = ok
(1) Found Auth-Type = EAP
(1) # Executing group from file /etc/freeradius/sites-enabled/default
(1) group authenticate {
(1) - entering group authenticate {...}
(1) eap : Expiring EAP session with state 0x5547a69c5546b331
(1) eap : Finished EAP session with state 0x5547a69c5546b331
(1) eap : Previous EAP request found for state 0x5547a69c5546b331, released from the list
(1) eap : EAP/ttls
(1) eap : processing type ttls
(1) ttls : Authenticate
(1) ttls : processing EAP-TLS
(1) ttls : eaptls_verify returned 7
(1) ttls : Done initial handshake
(1) ttls : (other): before/accept initialization
(1) ttls : TLS_accept: before/accept initialization
(1) ttls : <<< TLS 1.0 Handshake [length 0033], ClientHello
(1) ttls : TLS_accept: SSLv3 read client hello A
(1) ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello
(1) ttls : TLS_accept: SSLv3 write server hello A
(1) ttls : >>> TLS 1.0 Handshake [length 085e], Certificate
(1) ttls : TLS_accept: SSLv3 write certificate A
(1) ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
(1) ttls : TLS_accept: SSLv3 write server done A
(1) ttls : TLS_accept: SSLv3 flush data
(1) ttls : TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
(1) ttls : eaptls_process returned 13
(1) eap : New EAP session, adding 'State' attribute to reply 0x5547a69c5445b331
(1) [eap] = handled
(1) Finished request 1.
Thread 4 waiting to be assigned a request
(0) Application data status 7
(0) tls_recv: Access-Request packet from host 127.0.0.1 port 35521, id=0, length=89
(1) Cleaning up request packet ID 0 with timestamp +10
Waking up in 0.3 seconds.
Thread 3 got semaphore
Thread 3 handling request 2, (1 handled so far)
(2) <thread> : # Executing section authorize from file /etc/freeradius/sites-enabled/default
(2) <thread> : group authorize {
(2) <thread> : - entering group authorize {...}
(2) <thread> : policy filter_username {
(2) <thread> : - entering policy filter_username {...}
(2) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}")
(2) <thread> : expand: '%{User-Name}' -> '@local'
(2) <thread> : expand: '%{tolower:%{User-Name}}' -> '@local'
(2) <thread> : ? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(2) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(2) <thread> : ? if (User-Name =~ / /)
(2) <thread> : ? Evaluating (User-Name =~ / /) -> FALSE
(2) <thread> : ? if (User-Name =~ / /) -> FALSE
(2) <thread> : ? if (User-Name =~ /@.*@/ )
(2) <thread> : ? Evaluating (User-Name =~ /@.*@/) -> FALSE
(2) <thread> : ? if (User-Name =~ /@.*@/ ) -> FALSE
(2) <thread> : ? if (User-Name =~ /\\.\\./ )
(2) <thread> : ? Evaluating (User-Name =~ /\\.\\./) -> FALSE
(2) <thread> : ? if (User-Name =~ /\\.\\./ ) -> FALSE
(2) <thread> : ? if (User-Name =~ /\\.$/)
(2) <thread> : ? Evaluating (User-Name =~ /\\.$/) -> FALSE
(2) <thread> : ? if (User-Name =~ /\\.$/) -> FALSE
(2) <thread> : ? if (User-Name =~ /@\\./)
(2) <thread> : ? Evaluating (User-Name =~ /@\\./) -> FALSE
(2) <thread> : ? if (User-Name =~ /@\\./) -> FALSE
(2) <thread> : - policy filter_username returns notfound
(2) [preprocess] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix : Looking up realm "local" for User-Name = "@local"
(2) suffix : Found realm "LOCAL"
(2) suffix : Adding Stripped-User-Name = ""
(2) suffix : Adding Realm = "LOCAL"
(2) suffix : Authentication realm is LOCAL.
(2) [suffix] = ok
(2) eap : EAP packet type response id 2 length 6
(2) eap : Continuing tunnel setup.
(2) [eap] = ok
(2) Found Auth-Type = EAP
(2) # Executing group from file /etc/freeradius/sites-enabled/default
(2) group authenticate {
(2) - entering group authenticate {...}
(2) eap : Expiring EAP session with state 0x5547a69c5445b331
(2) eap : Finished EAP session with state 0x5547a69c5445b331
(2) eap : Previous EAP request found for state 0x5547a69c5445b331, released from the list
(2) eap : EAP/ttls
(2) eap : processing type ttls
(2) ttls : Authenticate
(2) ttls : processing EAP-TLS
(2) ttls : Received TLS ACK
(2) ttls : Received TLS ACK
(2) ttls : ACK handshake fragment handler
(2) ttls : eaptls_verify returned 1
(2) ttls : eaptls_process returned 13
(2) eap : New EAP session, adding 'State' attribute to reply 0x5547a69c5744b331
(2) [eap] = handled
User-Name = "@local"
Attr-164 = 0x677373
Attr-165 = 0x6d6f6f6e73686f747063
EAP-Message = 0x0200000b01406c6f63616c
Message-Authenticator = 0x0270fc6d540b3fcba6c2c457f5fa90e7
Sending Access-Challenge of id 0 from 0.0.0.0 port 2083 to 127.0.0.1 port 35521
EAP-Message = 0x010100061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5547a69c5546b3319371950f23751f07
User-Name = "@local"
Attr-164 = 0x677373
Attr-165 = 0x6d6f6f6e73686f747063
EAP-Message = 0x0201003e150016030100330100002f030152714f7bcd9d2ea5d160057846af3c7e070bce5fc18925544d4f4e3aff4f43f5000008002f000a000500040100
State = 0x5547a69c5546b3319371950f23751f07
Message-Authenticator = 0x5da266f79063df9470a7e8a2820aa238
Sending Access-Challenge of id 0 from 0.0.0.0 port 2083 to 127.0.0.1 port 35521
EAP-Message = 0x010203ec15c0000008bb160301004a02000046030152714f7b3f2e08219fdc96ec7bfbde0a4f9ed0e45054a702692e2619de46769d2068c663d2584e6ad5c297c0b4a0abaf1d9cf417fda2bb4abb885001ca535288de002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3133303731353132343733345a170d3134303731353132343733345a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb4c7c0f30d1d64db6ade1d89fbe70189bf7fcbd61dd48395bd3687efde1
EAP-Message = 0xac77abbbaa8881fb01f1edc3da1c2532fc53ee021cafc92aa28701e707ff3e1b36848e22d40a025074a0f7536597daa683ac7cf093101909452aa4f10164510fa57d12a0d9ddeee693532d8e1c3e135eaa3c5d5501c3ca0696db562d518ac6cf2e9ce268f5e44eba748726ebc354d87fbe95fe8d255628b2ed3213d1199506f0458da6adc25d1fd3b2d0fd404931b848ecb5ba4606ab3b281d11e82289a55da473804653d8510a4128cef182e65ded7ec54e1b64186d887e7d16c4f31de7c91a125b4dff30effba255179f5bf1dc5a4fdac5db9756cb85bff82ff4f60a9e9e63b9090203010001a317301530130603551d25040c300a06082b06010505
EAP-Message = 0x070301300d06092a864886f70d01010505000382010100c1be2cfc27d57e0f3e6b4256286b39f6e8150e4b7ebd8e8f59e40cf852afe17a7265523e4024a06ae1e189df86b460850628e4ad6c1bed4af7c255f805504dfe478dee6913088d44850ccda56deb94aee83211a425b78bc14b7701f2d4c7d0be73bced64ff5f4467cfedc2520960e43a534f23aa84626597f19c02c779fb5af8e7e32d22112c642d168e802a38096c43e406ee20c42cc3e9eed96bff2b8e47f3cc92fa3d3fce3005c507aa9c05265b9e34f64720b142a5db3e55c1a000c702542dadbfd4b3ed8c36cecfd4897f21d328c27f6045fa5f289b9a4355375686
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5547a69c5445b3319371950f23751f07
User-Name = "@local"
Attr-164 = 0x677373
Attr-165 = 0x6d6f6f6e73686f747063
EAP-Message = 0x020200061500
State = 0x5547a69c5445b3319371950f23751f07
Message-Authenticator = 0x84a704dc26e7de0546c51cd00ba99029
Sending Access-Challenge of id 0 from 0.0.0.0 port 2083 to 127.0.0.1 port 35521
EAP-Message = 0x010303ec15c0000008bb864211062c5217e1ea6839c544d0135a95b159048453d6b73d8a96ad30741e050edb0004ab308204a73082038fa003020102020900c9cdc1e9c0118238300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3133303731353132343733345a
EAP-Message = 0x170d3134303731353132343733345a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706(2) Finished request 2.
Thread 3 waiting to be assigned a request
(0) Application data status 7
(0) tls_recv: Access-Request packet from host 127.0.0.1 port 35521, id=0, length=89
(2) Cleaning up request packet ID 0 with timestamp +10
Waking up in 0.3 seconds.
Thread 2 got semaphore
Thread 2 handling request 3, (1 handled so far)
(3) <thread> : # Executing section authorize from file /etc/freeradius/sites-enabled/default
(3) <thread> : group authorize {
(3) <thread> : - entering group authorize {...}
(3) <thread> : policy filter_username {
(3) <thread> : - entering policy filter_username {...}
(3) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}")
(3) <thread> : expand: '%{User-Name}' -> '@local'
(3) <thread> : expand: '%{tolower:%{User-Name}}' -> '@local'
(3) <thread> : ? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(3) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(3) <thread> : ? if (User-Name =~ / /)
(3) <thread> : ? Evaluating (User-Name =~ / /) -> FALSE
(3) <thread> : ? if (User-Name =~ / /) -> FALSE
(3) <thread> : ? if (User-Name =~ /@.*@/ )
(3) <thread> : ? Evaluating (User-Name =~ /@.*@/) -> FALSE
(3) <thread> : ? if (User-Name =~ /@.*@/ ) -> FALSE
(3) <thread> : ? if (User-Name =~ /\\.\\./ )
(3) <thread> : ? Evaluating (User-Name =~ /\\.\\./) -> FALSE
(3) <thread> : ? if (User-Name =~ /\\.\\./ ) -> FALSE
(3) <thread> : ? if (User-Name =~ /\\.$/)
(3) <thread> : ? Evaluating (User-Name =~ /\\.$/) -> FALSE
(3) <thread> : ? if (User-Name =~ /\\.$/) -> FALSE
(3) <thread> : ? if (User-Name =~ /@\\./)
(3) <thread> : ? Evaluating (User-Name =~ /@\\./) -> FALSE
(3) <thread> : ? if (User-Name =~ /@\\./) -> FALSE
(3) <thread> : - policy filter_username returns notfound
(3) [preprocess] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix : Looking up realm "local" for User-Name = "@local"
(3) suffix : Found realm "LOCAL"
(3) suffix : Adding Stripped-User-Name = ""
(3) suffix : Adding Realm = "LOCAL"
(3) suffix : Authentication realm is LOCAL.
(3) [suffix] = ok
(3) eap : EAP packet type response id 3 length 6
(3) eap : Continuing tunnel setup.
(3) [eap] = ok
(3) Found Auth-Type = EAP
(3) # Executing group from file /etc/freeradius/sites-enabled/default
(3) group authenticate {
(3) - entering group authenticate {...}
(3) eap : Expiring EAP session with state 0x5547a69c5744b331
(3) eap : Finished EAP session with state 0x5547a69c5744b331
(3) eap : Previous EAP request found for state 0x5547a69c5744b331, released from the list
(3) eap : EAP/ttls
(3) eap : processing type ttls
(3) ttls : Authenticate
(3) ttls : processing EAP-TLS
(3) ttls : Received TLS ACK
(3) ttls : Received TLS ACK
(3) ttls : ACK handshake fragment handler
(3) ttls : eaptls_verify returned 1
(3) ttls : eaptls_process returned 13
(3) eap : New EAP session, adding 'State' attribute to reply 0x5547a69c5643b331
(3) [eap] = handled
(3) Finished request 3.
Thread 2 waiting to be assigned a request
(0) Application data status 7
(0) tls_recv: Access-Request packet from host 127.0.0.1 port 35521, id=0, length=417
(3) Cleaning up request packet ID 0 with timestamp +10
Waking up in 0.3 seconds.
Thread 1 got semaphore
Thread 1 handling request 4, (1 handled so far)
(4) <thread> : # Executing section authorize from file /etc/freeradius/sites-enabled/default
(4) <thread> : group authorize {
(4) <thread> : - entering group authorize {...}
(4) <thread> : policy filter_username {
(4) <thread> : - entering policy filter_username {...}
(4) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}")
(4) <thread> : expand: '%{User-Name}' -> '@local'
(4) <thread> : expand: '%{tolower:%{User-Name}}' -> '@local'
(4) <thread> : ? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(4) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(4) <thread> : ? if (User-Name =~ / /)
(4) <thread> : ? Evaluating (User-Name =~ / /) -> FALSE
(4) <thread> : ? if (User-Name =~ / /) -> FALSE
(4) <thread> : ? if (User-Name =~ /@.*@/ )
(4) <thread> : ? Evaluating (User-Name =~ /@.*@/) -> FALSE
(4) <thread> : ? if (User-Name =~ /@.*@/ ) -> FALSE
(4) <thread> : ? if (User-Name =~ /\\.\\./ )
(4) <thread> : ? Evaluating (User-Name =~ /\\.\\./) -> FALSE
(4) <thread> : ? if (User-Name =~ /\\.\\./ ) -> FALSE
(4) <thread> : ? if (User-Name =~ /\\.$/)
(4) <thread> : ? Evaluating (User-Name =~ /\\.$/) -> FALSE
(4) <thread> : ? if (User-Name =~ /\\.$/) -> FALSE
(4) <thread> : ? if (User-Name =~ /@\\./)
(4) <thread> : ? Evaluating (User-Name =~ /@\\./) -> FALSE
(4) <thread> : ? if (User-Name =~ /@\\./) -> FALSE
(4) <thread> : - policy filter_username returns notfound
(4) [preprocess] = ok
(4) [chap] = noop
(4) [mschap] = noop
(4) [digest] = noop
(4) suffix : Looking up realm "local" for User-Name = "@local"
(4) suffix : Found realm "LOCAL"
(4) suffix : Adding Stripped-User-Name = ""
(4) suffix : Adding Realm = "LOCAL"
(4) suffix : Authentication realm is LOCAL.
(4) [suffix] = ok
(4) eap : EAP packet type response id 4 length 253
(4) eap : Continuing tunnel setup.
(4) [eap] = ok
(4) Found Auth-Type = EAP
(4) # Executing group from file /etc/freeradius/sites-enabled/default
(4) group authenticate {
(4) - entering group authenticate {...}
(4) eap : Expiring EAP session with state 0x5547a69c5643b331
(4) eap : Finished EAP session with state 0x5547a69c5643b331
(4) eap : Previous EAP request found for state 0x5547a69c5643b331, released from the list
(4) eap : EAP/ttls
(4) eap : processing type ttls
(4) ttls : Authenticate
(4) ttls : processing EAP-TLS
(4) ttls : eaptls_verify returned 7
(4) ttls : Done initial handshake
(4) ttls : <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
(4) ttls : TLS_accept: SSLv3 read client key exchange A
(4) ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001]
(4) ttls : <<< TLS 1.0 Handshake [length 0010], Finished
(4) ttls : TLS_accept: SSLv3 read finished A
(4) ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001]
(4) ttls : TLS_accept: SSLv3 write change cipher spec A
(4) ttls : >>> TLS 1.0 Handshake [length 0010], Finished
(4) ttls : TLS_accept: SSLv3 write finished A
(4) ttls : TLS_accept: SSLv3 flush data
SSL: adding session 68c663d2584e6ad5c297c0b4a0abaf1d9cf417fda2bb4abb885001ca535288de to cache
(4) ttls : (other): SSL negotiation finished successfully
SSL Connection Established
(4) ttls : eaptls_process returned 13
(4) eap : New EAP session, adding 'State' attribute to reply 0x5547a69c5142b331
(4) [eap] = handled
(4) Finished request 4.
Thread 1 waiting to be assigned a request
(0) Application data status 7
(0) tls_recv: Access-Request packet from host 127.0.0.1 port 35521, id=0, length=142
(4) Cleaning up request packet ID 0 with timestamp +10
Waking up in 0.2 seconds.
Thread 5 got semaphore
Thread 5 handling request 5, (2 handled so far)
(5) <thread> : # Executing section authorize from file /etc/freeradius/sites-enabled/default
(5) <thread> : group authorize {
(5) <thread> : - entering group authorize {...}
(5) <thread> : policy filter_username {
(5) <thread> : - entering policy filter_username {...}
(5) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}")
(5) <thread> : expand: '%{User-Name}' -> '@local'
(5) <thread> : expand: '%{tolower:%{User-Name}}' -> '@local'
(5) <thread> : ? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(5) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(5) <thread> : ? if (User-Name =~ / /)
(5) <thread> : ? Evaluating (User-Name =~ / /) -> FALSE
(5) <thread> : ? if (User-Name =~ / /) -> FALSE
(5) <thread> : ? if (User-Name =~ /@.*@/ )
(5) <thread> : ? Evaluating (User-Name =~ /@.*@/) -> FALSE
(5) <thread> : ? if (User-Name =~ /@.*@/ ) -> FALSE
(5) <thread> : ? if (User-Name =~ /\\.\\./ )
(5) <thread> : ? Evaluating (User-Name =~ /\\.\\./) -> FALSE
(5) <thread> : ? if (User-Name =~ /\\.\\./ ) -> FALSE
(5) <thread> : ? if (User-Name =~ /\\.$/)
(5) <thread> : ? Evaluating (User-Name =~ /\\.$/) -> FALSE
(5) <thread> : ? if (User-Name =~ /\\.$/) -> FALSE
(5) <thread> : ? if (User-Name =~ /@\\./)
(5) <thread> : ? Evaluating (User-Name =~ /@\\./) -> FALSE
(5) <thread> : ? if (User-Name =~ /@\\./) -> FALSE
(5) <thread> : - policy filter_username returns notfound
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix : Looking up realm "local" for User-Name = "@local"
(5) suffix : Found realm "LOCAL"
(5) suffix : Adding Stripped-User-Name = ""
(5) suffix : Adding Realm = "LOCAL"
(5) suffix : Authentication realm is LOCAL.
(5) [suffix] = ok
(5) eap : EAP packet type response id 5 length 59
(5) eap : Continuing tunnel setup.
(5) [eap] = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /etc/freeradius/sites-enabled/default
(5) group authenticate {
(5) - entering group authenticate {...}
(5) eap : Expiring EAP session with state 0x5547a69c5142b331
(5) eap : Finished EAP session with state 0x5547a69c5142b331
(5) eap : Previous EAP request found for state 0x5547a69c5142b331, released from the list
(5) eap : EAP/ttls
(5) eap : processing type ttls
(5) ttls : Authenticate
(5) ttls : processing EAP-TLS
(5) ttls : eaptls_verify returned 7
(5) ttls : Done initial handshake
(5) ttls : eaptls_process returned 7
(5) ttls : Session established. Proceeding to decode tunneled attributes.
(5) ttls : Got tunneled request
c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c7c0b514e13e357465467c8844f27180928b32a60a0b1096f0e2987672615b18e54b3b7fc1cd15fde9f3a5afcf32570266a401ba3425da
EAP-Message = 0x2e99ba99dc539e351794f8c23872645f02629c74f112c4dfcad9f26b27483a0e0ef25e61aa644004dfeef77fd6bd34fce35531b81ed472ef64633896b1020347e8e876c940461fe5a0b321017524fc6ecd79942135c16fc3c04c679e73e0f9fa5cb5da67de0cc9013ebf17881351b3963896b6e1123c8f763d507f4df0a0250a3200314abc21b5a563a0212b4652dfaca9264b2ffc77dbe891a59391f92f0b1011cfb255c85eac3e5b3eba7ed6565db1d10475678e3b8b595f0b03cbb6307808e3eabfa08f9b99d8930203010001a381fb3081f8301d0603551d0e04160414a330989c80aede5ae5df40a911898d5a705fcc013081c80603551d230481
EAP-Message = 0xc03081bd8014a330989c80aede5ae5df40a911898d5a705fcc01a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900c9cdc1e9c0118238300c0603551d13040530030101ff300d06092a864886f70d010105050003820101008cc8230ef7bfc46ff89497446d5fb541534b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5547a69c5744b3319371950f23751f07
User-Name = "@local"
Attr-164 = 0x677373
Attr-165 = 0x6d6f6f6e73686f747063
EAP-Message = 0x020300061500
State = 0x5547a69c5744b3319371950f23751f07
Message-Authenticator = 0x74c6d5fa6cd77f54303872bc138b5614
Sending Access-Challenge of id 0 from 0.0.0.0 port 2083 to 127.0.0.1 port 35521
EAP-Message = 0x010401011580000008bb90e187b84335167cdf78f98aa689351940859c6e85ab8a446878da189707bc1106384de02da1d850011d5f28e5f3337cecf7df59707fe2dc03ab76284f1c29d4cd52a5f26bd69986da96ed77dfaaa9c97635958b52bf2fb6a92a97c354e1c15972efa4f611d9fe921cebc1e8f25a9201fef323e2f11cda768d8df1c9a161aa8f0629ce7b4f21c925c23f92d3e9ac02006287881cbbcdf1c919909cb7adc61bde055564ff281a37f2c176a135915ca4f379f1b4a56f8ff7077c7c9f287034cb59ebd80ddca3861bb6a3add8fbe1edb7175af027eb5c898a9fbbebcb53a61759bcd389d5140d7658c6dbcf8e3838a51603010004
EAP-Message = 0x0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5547a69c5643b3319371950f23751f07
User-Name = "@local"
Attr-164 = 0x677373
Attr-165 = 0x6d6f6f6e73686f747063
EAP-Message = 0x0204014c150016030101061000010201006510ccb3a4efaf2740df07a579e16cec7d68ca8f8229e00ad556fd7d3fafcd976faed918f8930e7111e7f839df5a032ed2dc9ccbeda99a014ee2e811ce0d6bc20c50d9ce75f349c952e73e23d4337917786a2b033903982a77111938504dbe9db114538a14c94fef3cb04950c96e3fb4e152462e07926cbc8e43cad5fa5cef5ce7e79d92907a5ff45d3258e7928c3a16b0b75dc965a721b8f5a98b9a3eea4b91ae396b5fafdb8c8a80d4798e79de8a63e1d95752394d10cce9958c66a824c4a5e58319fc80fdf8adda1f1d7f9ef1a6d41872f2e944477ecd7c7bbdfd7e77013b436d110f0b00f28663c805e9
EAP-Message = 0x5030df44439795b29b56b6def7f4bd0fe42dd3cd1403010001011603010030ed9db0209ea11578554dcfefafac72a829471e5db3c9feee31f24b20fe493b94c46ceb741fe075290a04326d0ef69d87
State = 0x5547a69c5643b3319371950f23751f07
Message-Authenticator = 0xe2c8c94ea046c5067dbba80d54abd56a
Sending Access-Challenge of id 0 from 0.0.0.0 port 2083 to 127.0.0.1 port 35521
EAP-Message = 0x0105004515800000003b1403010001011603010030cf3496d880a56ab898975f792c2fdef629f79da719647dc1029ee716a5fa8a867c8eed4b7b91376cc2cf5b4af226419d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5547a69c5142b3319371950f23751f07
User-Name = "@local"
Attr-164 = 0x677373
Attr-165 = 0x6d6f6f6e73686f747063
EAP-Message = 0x0205003b15001703010030a4af959ed2d484f2c45b000995ea7a041f5001e1da0cf44c8ee06d555efe12c20ba7ea91a735bd88b709803eff3596cc
State = 0x5547a69c5142b3319371950f23751f07
Message-Authenticator = 0x8b573629de542e890c5a41bc62ca7f8d
EAP-Message = 0x02000010017374657665406c6f63616c
FreeRADIUS-Proxied-To = 127.0.0.1
(5) ttls : Got tunneled identity of steve at local
(5) ttls : Setting default EAP type for tunneled EAP session.
(5) ttls : Sending tunneled request
EAP-Message = 0x02000010017374657665406c6f63616c
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "steve at local"
(5) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(5) group authorize {
(5) - entering group authorize {...}
(5) [chap] = noop
(5) [mschap] = noop
(5) suffix : Looking up realm "local" for User-Name = "steve at local"
(5) suffix : Found realm "LOCAL"
(5) suffix : Adding Stripped-User-Name = "steve"
(5) suffix : Adding Realm = "LOCAL"
(5) suffix : Authentication realm is LOCAL.
(5) [suffix] = ok
(5) update control {
(5) } # update control = ok
(5) eap : EAP packet type response id 0 length 16
(5) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(5) [eap] = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(5) group authenticate {
(5) - entering group authenticate {...}
(5) eap : EAP Identity
(5) eap : processing type md5
rlm_eap_md5: Issuing Challenge
(5) eap : New EAP session, adding 'State' attribute to reply 0x784c0f04784d0b4a
(5) [eap] = handled
(5) ttls : Got tunneled reply code 11
server inner-tunnel {
} # server inner-tunnel
EAP-Message = 0x010100160410b939bb8dae2fd97f9e6307eea70e4398
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x784c0f04784d0b4abb8299b1e3c275ed
(5) ttls : Got tunneled Access-Challenge
(5) eap : New EAP session, adding 'State' attribute to reply 0x5547a69c5041b331
(5) [eap] = handled
(5) Finished request 5.
Thread 5 waiting to be assigned a request
(0) Application data status 7
(0) tls_recv: Access-Request packet from host 127.0.0.1 port 35521, id=0, length=158
(5) Cleaning up request packet ID 0 with timestamp +10
Waking up in 0.2 seconds.
Thread 4 got semaphore
Thread 4 handling request 6, (2 handled so far)
(6) <thread> : # Executing section authorize from file /etc/freeradius/sites-enabled/default
(6) <thread> : group authorize {
(6) <thread> : - entering group authorize {...}
(6) <thread> : policy filter_username {
(6) <thread> : - entering policy filter_username {...}
(6) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}")
(6) <thread> : expand: '%{User-Name}' -> '@local'
(6) <thread> : expand: '%{tolower:%{User-Name}}' -> '@local'
(6) <thread> : ? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(6) <thread> : ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE
(6) <thread> : ? if (User-Name =~ / /)
(6) <thread> : ? Evaluating (User-Name =~ / /) -> FALSE
(6) <thread> : ? if (User-Name =~ / /) -> FALSE
(6) <thread> : ? if (User-Name =~ /@.*@/ )
(6) <thread> : ? Evaluating (User-Name =~ /@.*@/) -> FALSE
(6) <thread> : ? if (User-Name =~ /@.*@/ ) -> FALSE
(6) <thread> : ? if (User-Name =~ /\\.\\./ )
(6) <thread> : ? Evaluating (User-Name =~ /\\.\\./) -> FALSE
(6) <thread> : ? if (User-Name =~ /\\.\\./ ) -> FALSE
(6) <thread> : ? if (User-Name =~ /\\.$/)
(6) <thread> : ? Evaluating (User-Name =~ /\\.$/) -> FALSE
(6) <thread> : ? if (User-Name =~ /\\.$/) -> FALSE
(6) <thread> : ? if (User-Name =~ /@\\./)
(6) <thread> : ? Evaluating (User-Name =~ /@\\./) -> FALSE
(6) <thread> : ? if (User-Name =~ /@\\./) -> FALSE
(6) <thread> : - policy filter_username returns notfound
(6) [preprocess] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix : Looking up realm "local" for User-Name = "@local"
(6) suffix : Found realm "LOCAL"
(6) suffix : Adding Stripped-User-Name = ""
(6) suffix : Adding Realm = "LOCAL"
(6) suffix : Authentication realm is LOCAL.
(6) [suffix] = ok
(6) eap : EAP packet type response id 6 length 75
(6) eap : Continuing tunnel setup.
(6) [eap] = ok
(6) Found Auth-Type = EAP
(6) # Executing group from file /etc/freeradius/sites-enabled/default
(6) group authenticate {
(6) - entering group authenticate {...}
(6) eap : Expiring EAP session with state 0x784c0f04784d0b4a
(6) eap : Finished EAP session with state 0x5547a69c5041b331
(6) eap : Previous EAP request found for state 0x5547a69c5041b331, released from the list
(6) eap : EAP/ttls
(6) eap : processing type ttls
(6) ttls : Authenticate
(6) ttls : processing EAP-TLS
(6) ttls : eaptls_verify returned 7
(6) ttls : Done initial handshake
(6) ttls : eaptls_process returned 7
(6) ttls : Session established. Proceeding to decode tunneled attributes.
(6) ttls : Got tunneled request
Sending Access-Challenge of id 0 from 0.0.0.0 port 2083 to 127.0.0.1 port 35521
EAP-Message = 0x0106004f15800000004517030100409264112c179a134cd880bff6c5d6929b98b33d975c659e8563c9f4123d6b9cc16d3b97a075f776b6a9e68b564f555be43b8ab55dc6d06de6dec516365118b861
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5547a69c5041b3319371950f23751f07
User-Name = "@local"
Attr-164 = 0x677373
Attr-165 = 0x6d6f6f6e73686f747063
EAP-Message = 0x0206004b15001703010040c4b8acddaf7709767af14b6857f12552b95cac3327fb74e156c354f9958d160035b003e43dded3cbc2e87d3b886361c44785960685fb1373dc363b075044d365
State = 0x5547a69c5041b3319371950f23751f07
Message-Authenticator = 0x7a3f61592c1ddbe896aeeb2e987d1bd8
EAP-Message = 0x020100160410ec392501be988e8997d5f9d6672da988
FreeRADIUS-Proxied-To = 127.0.0.1
(6) ttls : Sending tunneled request
EAP-Message = 0x020100160410ec392501be988e8997d5f9d6672da988
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "steve at local"
State = 0x784c0f04784d0b4abb8299b1e3c275ed
(6) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(6) group authorize {
(6) - entering group authorize {...}
(6) [chap] = noop
(6) [mschap] = noop
(6) suffix : Looking up realm "local" for User-Name = "steve at local"
(6) suffix : Found realm "LOCAL"
(6) suffix : Adding Stripped-User-Name = "steve"
(6) suffix : Adding Realm = "LOCAL"
(6) suffix : Authentication realm is LOCAL.
(6) [suffix] = ok
(6) update control {
(6) } # update control = ok
(6) eap : EAP packet type response id 1 length 22
(6) eap : No EAP Start, assuming it's an on-going EAP conversation
(6) [eap] = updated
(6) files : users: Matched entry steve at line 76
(6) [files] = ok
(6) [expiration] = noop
(6) [logintime] = noop
(6) WARNING: pap : Auth-Type already set. Not setting to PAP
(6) [pap] = noop
(6) Found Auth-Type = EAP
(6) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(6) group authenticate {
(6) - entering group authenticate {...}
(6) eap : Expiring EAP session with state 0x784c0f04784d0b4a
(6) eap : Finished EAP session with state 0x784c0f04784d0b4a
(6) eap : Previous EAP request found for state 0x784c0f04784d0b4a, released from the list
(6) eap : EAP/md5
(6) eap : processing type md5
(6) eap : Freeing handler
(6) [eap] = ok
(6) WARNING: Empty post-auth section. Using default return values.
(6) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
(6) ttls : Got tunneled reply code 2
server inner-tunnel {
} # server inner-tunnel
EAP-Message = 0x03010004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "steve"
(6) ttls : Got tunneled Access-Accept
(6) ttls : Saving session 68c663d2584e6ad5c297c0b4a0abaf1d9cf417fda2bb4abb885001ca535288de vps 0xa0e6c40 in the cache
(6) eap : Freeing handler
rlm_eap_ttls: Freeing handler for user steve at local
(6) [eap] = ok
(6) # Executing section post-auth from file /etc/freeradius/sites-enabled/default
(6) group post-auth {
(6) - entering group post-auth {...}
(6) update reply {
(6) } # update reply = noop
(6) [exec] = noop
(6) policy remove_reply_message_if_eap {
(6) - entering policy remove_reply_message_if_eap {...}
(6) ? if (reply:EAP-Message && reply:Reply-Message)
(6) ? Evaluating (reply:EAP-Message ) -> TRUE
(6) ? Evaluating (reply:Reply-Message) -> FALSE
(6) ? if (reply:EAP-Message && reply:Reply-Message) -> FALSE
(6) else else {
(6) - entering else else {...}
(6) [noop] = noop
(6) - else else returns noop
(6) - policy remove_reply_message_if_eap returns noop
Sending Access-Accept of id 0 from 0.0.0.0 port 2083 to 127.0.0.1 port 35521
MS-MPPE-Recv-Key = 0x13232a1746a4113151339205bd2aa4224b2385cd8dcb98bb115b23d3448aa09b
MS-MPPE-Send-Key = 0x905ca07a796a6acf044a0d0642e2eb8d78fad0650cc1c56ab3c4b51bdd970d85
Attr-26.6.122.4 = 0x1552714f7bcd9d2ea5d160057846af3c7e070bce5fc18925544d4f4e3aff4f43f552714f7b3f2e08219fdc96ec7bfbde0a4f9ed0e45054a702692e2619de46769d
EAP-Message = 0x03060004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = ""
WARNING: Skipping zero-length attribute User-Name
SAML-AAA-Assertion = "<saml:Assertion xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" IssueInstant=\"2011-04-19T08:30:00Z\" ID=\"foo3\" Version=\"2.0\">"
SAML-AAA-Assertion = "<saml:Issuer>urn:mace:incommon:osu.edu</saml:Issuer>"
SAML-AAA-Assertion = "<saml:AttributeStatement>"
SAML-AAA-Assertion = "<saml:Attribute NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\"><saml:AttributeValue>steve at local</saml:AttributeValue></saml:Attribute>"
SAML-AAA-Assertion = "<saml:Attribute NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.7\"><saml:AttributeValue>moonshot</saml:AttributeValue></saml:Attribute>"
SAML-AAA-Assertion = "</saml:AttributeStatement>"
SAML-AAA-Assertion = "<saml:AttributeStatement>"
SAML-AAA-Assertion = "<saml:Attribute NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" Name=\"http://some.url.testing.cert\"><saml:AttributeValue>"
SAML-AAA-Assertion = "-----BEGIN CERTIFICATE-----"
SAML-AAA-Assertion = "MIIDkzCCAnugAwIBAgIBEjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDWjEl"
SAML-AAA-Assertion = "MCMGA1UECgwcTW9vbnNob3QgdGVzdGluZyBkZWxlZ2F0aW9uczEbMBkGA1UEAwwS"
SAML-AAA-Assertion = "TW9vbnNob3QgTWFydmVsIENBMB4XDTEzMTAzMDEwMTYyNVoXDTIzMTAyODEwMTYy"
SAML-AAA-Assertion = "NVowTDELMAkGA1UEBhMCQ1oxJTAjBgNVBAoMHE1vb25zaG90IHRlc3RpbmcgZGVs"
SAML-AAA-Assertion = "ZWdhdGlvbnMxFjAUBgNVBAMMDXRlc3RpbmcgdXNlcjIwggEiMA0GCSqGSIb3DQEB"
SAML-AAA-Assertion = "AQUAA4IBDwAwggEKAoIBAQC1RPpEyWts7MWXmIRfhZjbjwmLeEShf7P+/+0ryBgJ"
SAML-AAA-Assertion = "ptw5BHYbdsZkdVOGnTs/FmuZLYd9UbF//pgQCaPWc5952uRbijPYWwFWlFS7pn2k"
SAML-AAA-Assertion = "LTvTTsCEvxUA33J1iE9ZDSHevaChpa2V8y2sBG3pu8z1K9qxQ87eJ4/jEkBSElvp"
SAML-AAA-Assertion = "clfBZ+3O4lMQ2gPMzunMFVcPEdbrPGlYIoEVEe2XZarbubvntTLMV5mlKDjN2XTB"
SAML-AAA-Assertion = "0SCyoovUgPiNBJ9KiYGIiP4tRtSiZRA5KjI6/nbPC2MDv7aFqeidPba/rUX2ba2E"
SAML-AAA-Assertion = "4C1CGL/uO0QSxgCwTNdXVMZ0ej5SzhBFHrmwzWvVpwWTAgMBAAGjezB5MAkGA1Ud"
SAML-AAA-Assertion = "EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj"
SAML-AAA-Assertion = "YXRlMB0GA1UdDgQWBBRUc95gdP0zoU4KeP34y7KoIn/WHjAfBgNVHSMEGDAWgBQK"
SAML-AAA-Assertion = "Cjk66p5IbJNBXKfu/loXUSeFhDANBgkqhkiG9w0BAQUFAAOCAQEAfzvKUpbxiWlz"
SAML-AAA-Assertion = "/xsofv8CsmGfn+WwZ6EDh0YHkv6wFxzDV8QcJgqQPlmpAzaNNnW98QxpQ7VwyLaN"
SAML-AAA-Assertion = "F5+gf7Qpoyo2dn7DvF+tOQ3LQkbbIwhfNGWm9rLYkABbtTNvS8laK/+mY6pqnque"
SAML-AAA-Assertion = "pSSRZ+MosFwS+C1RsdjaFTW9nE4UDnhutEAktg6k82V9HwS+nCakHidDumI2vCh5"
SAML-AAA-Assertion = "ijiNSnITrorvmH10s0qhGXVizem5C4gLA5qwD1g3KxwvqP734BDg19n96P7jBkkV"
SAML-AAA-Assertion = "+e7Iz9+SgE1piniM3M9h5jhqfllZ2ztDh2HmuYRzXGtu6KkD607Yjz7SKfCL/S5U"
SAML-AAA-Assertion = "FUstGvd2aQ=="
SAML-AAA-Assertion = "-----END CERTIFICATE-----"
SAML-AAA-Assertion = "</saml:AttributeValue></saml:Attribute></saml:AttributeStatement>"
SAML-AAA-Assertion = "<saml:AttributeStatement>"
SAML-AAA-Assertion = "<saml:Attribute NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\" Name=\"http://some.url.testing.key\"><saml:AttributeValue>"
SAML-AAA-Assertion = "-----BEGIN PRIVATE KEY-----"
SAML-AAA-Assertion = "MIIDkzCCAnugAwIBAgIBEjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDWjEl"
SAML-AAA-Assertion = "MCMGA1UECgwcTW9vbnNob3QgdGVzdGluZyBkZWxlZ2F0aW9uczEbMBkGA1UEAwwS"
SAML-AAA-Assertion = "TW9vbnNob3QgTWFydmVsIENBMB4XDTEzMTAzMDEwMTYyNVoXDTIzMTAyODEwMTYy"
SAML-AAA-Assertion = "NVowTDELMAkGA1UEBhMCQ1oxJTAjBgNVBAoMHE1vb25zaG90IHRlc3RpbmcgZGVs"
SAML-AAA-Assertion = "ZWdhdGlvbnMxFjAUBgNVBAMMDXRlc3RpbmcgdXNlcjIwggEiMA0GCSqGSIb3DQEB"
SAML-AAA-Assertion = "AQUAA4IBDwAwggEKAoIBAQC1RPpEyWts7MWXmIRfhZjbjwmLeEShf7P+/+0ryBgJ"
SAML-AAA-Assertion = "ptw5BHYbdsZkdVOGnTs/FmuZLYd9UbF//pgQCaPWc5952uRbijPYWwFWlFS7pn2k"
SAML-AAA-Assertion = "LTvTTsCEvxUA33J1iE9ZDSHevaChpa2V8y2sBG3pu8z1K9qxQ87eJ4/jEkBSElvp"
SAML-AAA-Assertion = "clfBZ+3O4lMQ2gPMzunMFVcPEdbrPGlYIoEVEe2XZarbubvntTLMV5mlKDjN2XTB"
SAML-AAA-Assertion = "0SCyoovUgPiNBJ9KiYGIiP4tRtSiZRA5KjI6/nbPC2MDv7aFqeidPba/rUX2ba2E"
SAML-AAA-Assertion = "4C1CGL/uO0QSxgCwTNdXVMZ0ej5SzhBFHrmwzWvVpwWTAgMBAAGjezB5MAkGA1Ud"
SAML-AAA-Assertion = "EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj"
SAML-AAA-Assertion = "YXRlMB0GA1UdDgQWBBRUc95gdP0zoU4KeP34y7KoIn/WHjAfBgNVHSMEGDAWgBQK"
SAML-AAA-Assertion = "Cjk66p5IbJNBXKfu/loXUSeFhDANBgkqhkiG9w0BAQUFAAOCAQEAfzvKUpbxiWlz"
SAML-AAA-Assertion = "/xsofv8CsmGfn+WwZ6EDh0YHkv6wFxzDV8QcJgqQPlmpAzaNNnW98QxpQ7VwyLaN"
SAML-AAA-Assertion = "F5+gf7Qpoyo2dn7DvF+tOQ3LQkbbIwhfNGWm9rLYkABbtTNvS8laK/+mY6pqnque"
SAML-AAA-Assertion = "pSSRZ+MosFwS+C1RsdjaFTW9nE4UDnhutEAktg6k82V9HwS+nCakHidDumI2vCh5"
SAML-AAA-Assertion = "ijiNSnITrorvmH10s0qhGXVizem5C4gLA5qwD1g3KxwvqP734BDg19n96P7jBkkV"
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
WARNING: Failed encoding attribute SAML-AAA-Assertion
--
This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail.
Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd.
Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message.
Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom
More information about the Freeradius-Users
mailing list