Attribute NOT being returned in access-accept but is returned in Access-Challenge

Jake He jake.he at gmail.com
Fri Jun 26 05:38:49 CEST 2015


Here is the debug output:

Listening on auth address * port 1812 bound to server default

Listening on acct address * port 1813 bound to server default

Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel

Ready to process requests

(0) Received Access-Request Id 241 from 203.59.132.253:38386 to
172.17.0.68:1812 length 222

(0)   Service-Type = Framed-User

(0)   Framed-MTU = 1400

(0)   User-Name = 'jake'

(0)   NAS-Port-Id = 'wlan4'

(0)   NAS-Port-Type = Wireless-802.11

(0)   Acct-Session-Id = '82200019'

(0)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(0)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(0)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(0)   EAP-Message = 0x02000009016a616b65

(0)   Message-Authenticator = 0x0942bb06979bc2c6859785baa97efea0

(0)   NAS-Identifier = 'MikroTik'

(0)   NAS-IP-Address = 10.1.1.23

(0) # Executing section authorize from file
/etc/freeradius/sites-enabled/default

(0)   authorize {

(0)     policy filter_username {

(0)       if (!&User-Name) {

(0)       if (!&User-Name)  -> FALSE

(0)       if (&User-Name =~ / /) {

(0)       if (&User-Name =~ / /)  -> FALSE

(0)       if (&User-Name =~ /@.*@/ ) {

(0)       if (&User-Name =~ /@.*@/ )  -> FALSE

(0)       if (&User-Name =~ /\.\./ ) {

(0)       if (&User-Name =~ /\.\./ )  -> FALSE

(0)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(0)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(0)       if (&User-Name =~ /\.$/)  {

(0)       if (&User-Name =~ /\.$/)   -> FALSE

(0)       if (&User-Name =~ /@\./)  {

(0)       if (&User-Name =~ /@\./)   -> FALSE

(0)     } # policy filter_username = notfound

(0)     [preprocess] = ok

(0)     [chap] = noop

(0)     [mschap] = noop

(0)     [digest] = noop

(0) suffix: Checking for suffix after "@"

(0) suffix: No '@' in User-Name = "jake", looking up realm NULL

(0) suffix: No such realm "NULL"

(0)     [suffix] = noop

(0) eap: Peer sent code Response (2) ID 0 length 9

(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize

(0)     [eap] = ok

(0)   } # authorize = ok

(0) Found Auth-Type = EAP

(0) # Executing group from file /etc/freeradius/sites-enabled/default

(0)   authenticate {

(0) eap: Peer sent method Identity (1)

(0) eap: Calling eap_md5 to process EAP data

(0) eap_md5: Issuing MD5 Challenge

(0) eap: EAP session adding &reply:State = 0x2ae8af442ae9ab52

(0)     [eap] = handled

(0)   } # authenticate = handled

(0) Using Post-Auth-Type Challenge

(0) Post-Auth-Type sub-section not found.  Ignoring.

(0) # Executing group from file /etc/freeradius/sites-enabled/default

(0) Sent Access-Challenge Id 241 from 172.17.0.68:1812 to
203.59.132.253:38386 length 0

(0)   EAP-Message = 0x010100160410e9962633c394d82e8af727f23160824c

(0)   Message-Authenticator = 0x00000000000000000000000000000000

(0)   State = 0x2ae8af442ae9ab526f505f86b4932430

(0) Finished request

Waking up in 4.9 seconds.

(1) Received Access-Request Id 242 from 203.59.132.253:44270 to
172.17.0.68:1812 length 237

(1)   Service-Type = Framed-User

(1)   Framed-MTU = 1400

(1)   User-Name = 'jake'

(1)   State = 0x2ae8af442ae9ab526f505f86b4932430

(1)   NAS-Port-Id = 'wlan4'

(1)   NAS-Port-Type = Wireless-802.11

(1)   Acct-Session-Id = '82200019'

(1)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(1)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(1)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(1)   EAP-Message = 0x020100060319

(1)   Message-Authenticator = 0x23c1df8ed8c64f231b0e8b9a5c48c798

(1)   NAS-Identifier = 'MikroTik'

(1)   NAS-IP-Address = 10.1.1.23

(1) session-state: No cached attributes

(1) # Executing section authorize from file
/etc/freeradius/sites-enabled/default

(1)   authorize {

(1)     policy filter_username {

(1)       if (!&User-Name) {

(1)       if (!&User-Name)  -> FALSE

(1)       if (&User-Name =~ / /) {

(1)       if (&User-Name =~ / /)  -> FALSE

(1)       if (&User-Name =~ /@.*@/ ) {

(1)       if (&User-Name =~ /@.*@/ )  -> FALSE

(1)       if (&User-Name =~ /\.\./ ) {

(1)       if (&User-Name =~ /\.\./ )  -> FALSE

(1)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(1)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(1)       if (&User-Name =~ /\.$/)  {

(1)       if (&User-Name =~ /\.$/)   -> FALSE

(1)       if (&User-Name =~ /@\./)  {

(1)       if (&User-Name =~ /@\./)   -> FALSE

(1)     } # policy filter_username = notfound

(1)     [preprocess] = ok

(1)     [chap] = noop

(1)     [mschap] = noop

(1)     [digest] = noop

(1) suffix: Checking for suffix after "@"

(1) suffix: No '@' in User-Name = "jake", looking up realm NULL

(1) suffix: No such realm "NULL"

(1)     [suffix] = noop

(1) eap: Peer sent code Response (2) ID 1 length 6

(1) eap: No EAP Start, assuming it's an on-going EAP conversation

(1)     [eap] = updated

(1) sql: EXPAND %{User-Name}

(1) sql:    --> jake

(1) sql: SQL-User-Name set to 'jake'

rlm_sql (sql): Reserved connection (4)

(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id

(1) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'jake' ORDER BY id

(1) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'jake' ORDER BY id

(1) sql: User found in radcheck table

(1) sql: Conditional check items matched, merging assignment check items

(1) sql:   Cleartext-Password := 'fheman123'

(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id

(1) sql:    --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'jake' ORDER BY id

(1) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'jake' ORDER BY id

(1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority

(1) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'jake'
ORDER BY priority

(1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'jake' ORDER BY priority

(1) sql: User found in the group table

(1) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id

(1) sql:    --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id

(1) sql: Executing select query: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id

(1) sql: Group "14kimberleyst": Conditional check items matched

(1) sql: Group "14kimberleyst": Merging assignment check items

(1) sql:   Reset-Date := '13'

(1) sql:   Total-Bytes := '999999999999999999'

(1) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id

(1) sql:    --> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id

(1) sql: Executing select query: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id

(1) sql: Group "14kimberleyst": Merging reply items

(1) sql:   Session-Timeout := 10800

rlm_sql (sql): Released connection (4)

(1)     [sql] = ok

(1)     policy site-restriction {

(1)       update request {

(1)         EXPAND %{User-Name}

(1)            --> jake

(1)         SQL-User-Name set to 'jake'

rlm_sql (sql): Reserved connection (4)

(1)         Executing select query: SET @user = 'jake'; SET @nasmac =
'02-0C-42-B7-A9-5E:GRACE UPON GRACE'; SELECT COUNT(*) FROM (SELECT
radsitegroup.nasshortname FROM `radsitegroup` INNER JOIN `radusergroup` ON
radsitegroup.groupname=radusergroup.groupname WHERE nasshortname='ALL' AND
`radusergroup`.`username` = @user UNION ALL SELECT
radsitegroup.nasshortname FROM `radsitegroup` INNER JOIN `radusergroup` ON
radsitegroup.groupname=radusergroup.groupname INNER JOIN `nas` ON
nas.shortname=radsitegroup.nasshortname WHERE nas.nasidentifier=@nasmac AND
`radusergroup`.`username` = @user) as a

rlm_sql (sql): Released connection (4)

(1)         EXPAND %{sql:SET @user = '%{User-Name}'; SET @nasmac =
'%{request:Called-Station-Id}'; SELECT COUNT(*) FROM (SELECT
radsitegroup.nasshortname FROM `radsitegroup` INNER JOIN `radusergroup` ON
radsitegroup.groupname=radusergroup.groupname WHERE nasshortname='ALL' AND
`radusergroup`.`username` = @user UNION ALL SELECT
radsitegroup.nasshortname FROM `radsitegroup` INNER JOIN `radusergroup` ON
radsitegroup.groupname=radusergroup.groupname INNER JOIN `nas` ON
nas.shortname=radsitegroup.nasshortname WHERE nas.nasidentifier=@nasmac AND
`radusergroup`.`username` = @user) as a}

(1)            --> 1

(1)         Site := 1

(1)       } # update request = noop

(1)       if ( Site == '0' ) {

(1)       if ( Site == '0' )  -> FALSE

(1)     } # policy site-restriction = noop

(1)     policy data-restriction {

(1)       if ((control:Total-Bytes)){

(1)       if ((control:Total-Bytes)) -> TRUE

(1)       if ((control:Total-Bytes)) {

(1)         update control {

(1)           EXPAND %{User-Name}

(1)              --> jake

(1)           SQL-User-Name set to 'jake'

rlm_sql (sql): Reserved connection (4)

(1)           Executing select query: SET @reset_date = '13'; SELECT
IFNULL((sum(acctinputoctets)+sum(acctoutputoctets)),0) FROM `radacct` WHERE
UserName='jake' AND DATE(`acctstarttime`) BETWEEN (CASE WHEN @reset_date >
DAYOFMONTH(NOW()) THEN DATE( DATE_SUB( CONCAT( YEAR( NOW( ) ) , '-', MONTH(
NOW( ) ) , '-', @reset_date ) , INTERVAL 1 MONTH ) ) ELSE CONCAT( YEAR(
NOW( ) ) , '-', MONTH( NOW( ) ) , '-', @reset_date )END) AND DATE(NOW());

rlm_sql (sql): Released connection (4)

(1)           EXPAND %{sql:SET @reset_date = '%{control:Reset-Date}';
SELECT IFNULL((sum(acctinputoctets)+sum(acctoutputoctets)),0) FROM
`radacct` WHERE UserName='%{request:User-Name}' AND DATE(`acctstarttime`)
BETWEEN (CASE WHEN @reset_date > DAYOFMONTH(NOW()) THEN DATE( DATE_SUB(
CONCAT( YEAR( NOW( ) ) , '-', MONTH( NOW( ) ) , '-', @reset_date ) ,
INTERVAL 1 MONTH ) ) ELSE CONCAT( YEAR( NOW( ) ) , '-', MONTH( NOW( ) ) ,
'-', @reset_date )END) AND DATE(NOW());}

(1)              --> 154996

(1)           Used-Bytes := 154996

(1)           EXPAND %{User-Name}

(1)              --> jake

(1)           SQL-User-Name set to 'jake'

rlm_sql (sql): Reserved connection (4)

(1)           Executing select query: SELECT `email` FROM `users` WHERE
`username` = 'jake'

rlm_sql (sql): Released connection (4)

(1)           EXPAND %{sql:SELECT `email` FROM `users` WHERE `username` =
'%{request:User-Name}'}

(1)              --> zhex900 at gmail.com

(1)           Email := zhex900 at gmail.com

(1)           EXPAND %{User-Name}

(1)              --> jake

(1)           SQL-User-Name set to 'jake'

rlm_sql (sql): Reserved connection (4)

(1)           Executing select query: SELECT `sentmail` FROM `users` WHERE
`username` = 'jake'

rlm_sql (sql): Released connection (4)

(1)           EXPAND %{sql:SELECT `sentmail` FROM `users` WHERE `username`
= '%{request:User-Name}'}

(1)              --> 0

(1)           Sent-Mail := 0

(1)           EXPAND %{User-Name}

(1)              --> jake

(1)           SQL-User-Name set to 'jake'

rlm_sql (sql): Reserved connection (4)

(1)           Executing select query: SELECT `mobile_suffix` FROM `users`
WHERE `username` = 'jake'

rlm_sql (sql): Released connection (4)

(1)           EXPAND %{sql:SELECT `mobile_suffix` FROM `users` WHERE
`username` = '%{request:User-Name}'}

(1)              --> 0433169153

(1)           Mobile := 0433169153

(1)         } # update control = noop

(1) sendmsg:   $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'jake'

(1) sendmsg:   $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address ->
'10.1.1.23'

(1) sendmsg:   $RAD_REQUEST{'Service-Type'} = &request:Service-Type ->
'Framed-User'

(1) sendmsg:   $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1400'

(1) sendmsg:   $RAD_REQUEST{'State'} = &request:State ->
'0x2ae8af442ae9ab526f505f86b4932430'

(1) sendmsg:   $RAD_REQUEST{'Called-Station-Id'} =
&request:Called-Station-Id -> '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(1) sendmsg:   $RAD_REQUEST{'Calling-Station-Id'} =
&request:Calling-Station-Id -> 'F8-A9-D0-18-F2-24'

(1) sendmsg:   $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier ->
'MikroTik'

(1) sendmsg:   $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type ->
'Wireless-802.11'

(1) sendmsg:   $RAD_REQUEST{'Acct-Session-Id'} = &request:Acct-Session-Id
-> '82200019'

(1) sendmsg:   $RAD_REQUEST{'Acct-Multi-Session-Id'} =
&request:Acct-Multi-Session-Id ->
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(1) sendmsg:   $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp
-> 'Jun 26 2015 03:36:51 UTC'

(1) sendmsg:   $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message ->
'0x020100060319'

(1) sendmsg:   $RAD_REQUEST{'Message-Authenticator'} =
&request:Message-Authenticator -> '0x23c1df8ed8c64f231b0e8b9a5c48c798'

(1) sendmsg:   $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id -> 'wlan4'

(1) sendmsg:   $RAD_REQUEST{'EAP-Type'} = &request:EAP-Type -> 'NAK'

(1) sendmsg:   $RAD_REQUEST{'SQL-User-Name'} = &request:SQL-User-Name ->
'jake'

(1) sendmsg:   $RAD_REQUEST{'Site'} = &request:Site -> '1'

(1) sendmsg:   $RAD_REPLY{'Session-Timeout'} = &reply:Session-Timeout ->
'10800'

(1) sendmsg:   $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'EAP'

(1) sendmsg:   $RAD_CHECK{'Cleartext-Password'} =
&control:Cleartext-Password -> 'fheman123'

(1) sendmsg:   $RAD_CHECK{'Total-Bytes'} = &control:Total-Bytes ->
'999999999999999999'

(1) sendmsg:   $RAD_CHECK{'Used-Bytes'} = &control:Used-Bytes -> '154996'

(1) sendmsg:   $RAD_CHECK{'Reset-Date'} = &control:Reset-Date -> '13'

(1) sendmsg:   $RAD_CHECK{'Email'} = &control:Email -> 'zhex900 at gmail.com'

(1) sendmsg:   $RAD_CHECK{'Sent-Mail'} = &control:Sent-Mail -> '0'

(1) sendmsg:   $RAD_CHECK{'Mobile'} = &control:Mobile -> '0433169153'

(1) sendmsg:   $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'EAP'

(1) sendmsg:   $RAD_CONFIG{'Cleartext-Password'} =
&control:Cleartext-Password -> 'fheman123'

(1) sendmsg:   $RAD_CONFIG{'Total-Bytes'} = &control:Total-Bytes ->
'999999999999999999'

(1) sendmsg:   $RAD_CONFIG{'Used-Bytes'} = &control:Used-Bytes -> '154996'

(1) sendmsg:   $RAD_CONFIG{'Reset-Date'} = &control:Reset-Date -> '13'

(1) sendmsg:   $RAD_CONFIG{'Email'} = &control:Email -> 'zhex900 at gmail.com'

(1) sendmsg:   $RAD_CONFIG{'Sent-Mail'} = &control:Sent-Mail -> '0'

(1) sendmsg:   $RAD_CONFIG{'Mobile'} = &control:Mobile -> '0433169153'

(1) sendmsg: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400'

(1) sendmsg: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} ->
'Jun 26 2015 03:36:51 UTC'

(1) sendmsg: &request:Service-Type = $RAD_REQUEST{'Service-Type'} ->
'Framed-User'

(1) sendmsg: &request:Calling-Station-Id =
$RAD_REQUEST{'Calling-Station-Id'} -> 'F8-A9-D0-18-F2-24'

(1) sendmsg: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'jake'

(1) sendmsg: &request:EAP-Type = $RAD_REQUEST{'EAP-Type'} -> 'NAK'

(1) sendmsg: &request:Message-Authenticator =
$RAD_REQUEST{'Message-Authenticator'} ->
'0x23c1df8ed8c64f231b0e8b9a5c48c798'

(1) sendmsg: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} ->
'Wireless-802.11'

(1) sendmsg: &request:Acct-Multi-Session-Id =
$RAD_REQUEST{'Acct-Multi-Session-Id'} ->
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(1) sendmsg: &request:SQL-User-Name = $RAD_REQUEST{'SQL-User-Name'} ->
'jake'

(1) sendmsg: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'}
-> '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(1) sendmsg: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} ->
'10.1.1.23'

(1) sendmsg: &request:Acct-Session-Id = $RAD_REQUEST{'Acct-Session-Id'} ->
'82200019'

(1) sendmsg: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} -> 'wlan4'

(1) sendmsg: &request:Site = $RAD_REQUEST{'Site'} -> '1'

(1) sendmsg: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} ->
'0x020100060319'

(1) sendmsg: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} ->
'MikroTik'

(1) sendmsg: &request:State = $RAD_REQUEST{'State'} ->
'0x2ae8af442ae9ab526f505f86b4932430'

(1) sendmsg: &reply:Session-Timeout = $RAD_REPLY{'Session-Timeout'} ->
'10800'

(1) sendmsg: &control:Cleartext-Password = $RAD_CHECK{'Cleartext-Password'}
-> 'fheman123'

(1) sendmsg: &control:Mobile = $RAD_CHECK{'Mobile'} -> '0433169153'

(1) sendmsg: &control:Reset-Date = $RAD_CHECK{'Reset-Date'} -> '13'

(1) sendmsg: &control:Sent-Mail = $RAD_CHECK{'Sent-Mail'} -> '0'

(1) sendmsg: &control:Total-Bytes = $RAD_CHECK{'Total-Bytes'} ->
'999999999999999999'

(1) sendmsg: &control:Used-Bytes = $RAD_CHECK{'Used-Bytes'} -> '154996'

(1) sendmsg: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'EAP'

(1) sendmsg: &control:Email = $RAD_CHECK{'Email'} -> 'zhex900 at gmail.com'

(1)         [sendmsg] = noop

(1) check_usage:   $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'jake'

(1) check_usage:   $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address
-> '10.1.1.23'

(1) check_usage:   $RAD_REQUEST{'Service-Type'} = &request:Service-Type ->
'Framed-User'

(1) check_usage:   $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU ->
'1400'

(1) check_usage:   $RAD_REQUEST{'State'} = &request:State ->
'0x2ae8af442ae9ab526f505f86b4932430'

(1) check_usage:   $RAD_REQUEST{'Called-Station-Id'} =
&request:Called-Station-Id -> '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(1) check_usage:   $RAD_REQUEST{'Calling-Station-Id'} =
&request:Calling-Station-Id -> 'F8-A9-D0-18-F2-24'

(1) check_usage:   $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier
-> 'MikroTik'

(1) check_usage:   $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type
-> 'Wireless-802.11'

(1) check_usage:   $RAD_REQUEST{'Acct-Session-Id'} =
&request:Acct-Session-Id -> '82200019'

(1) check_usage:   $RAD_REQUEST{'Acct-Multi-Session-Id'} =
&request:Acct-Multi-Session-Id ->
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(1) check_usage:   $RAD_REQUEST{'Event-Timestamp'} =
&request:Event-Timestamp -> 'Jun 26 2015 03:36:51 UTC'

(1) check_usage:   $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message ->
'0x020100060319'

(1) check_usage:   $RAD_REQUEST{'Message-Authenticator'} =
&request:Message-Authenticator -> '0x23c1df8ed8c64f231b0e8b9a5c48c798'

(1) check_usage:   $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id ->
'wlan4'

(1) check_usage:   $RAD_REQUEST{'EAP-Type'} = &request:EAP-Type -> 'NAK'

(1) check_usage:   $RAD_REQUEST{'SQL-User-Name'} = &request:SQL-User-Name
-> 'jake'

(1) check_usage:   $RAD_REQUEST{'Site'} = &request:Site -> '1'

(1) check_usage:   $RAD_REPLY{'Session-Timeout'} = &reply:Session-Timeout
-> '10800'

(1) check_usage:   $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'EAP'

(1) check_usage:   $RAD_CHECK{'Cleartext-Password'} =
&control:Cleartext-Password -> 'fheman123'

(1) check_usage:   $RAD_CHECK{'Total-Bytes'} = &control:Total-Bytes ->
'999999999999999999'

(1) check_usage:   $RAD_CHECK{'Used-Bytes'} = &control:Used-Bytes ->
'154996'

(1) check_usage:   $RAD_CHECK{'Reset-Date'} = &control:Reset-Date -> '13'

(1) check_usage:   $RAD_CHECK{'Email'} = &control:Email -> '
zhex900 at gmail.com'

(1) check_usage:   $RAD_CHECK{'Sent-Mail'} = &control:Sent-Mail -> '0'

(1) check_usage:   $RAD_CHECK{'Mobile'} = &control:Mobile -> '0433169153'

(1) check_usage:   $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'EAP'

(1) check_usage:   $RAD_CONFIG{'Cleartext-Password'} =
&control:Cleartext-Password -> 'fheman123'

(1) check_usage:   $RAD_CONFIG{'Total-Bytes'} = &control:Total-Bytes ->
'999999999999999999'

(1) check_usage:   $RAD_CONFIG{'Used-Bytes'} = &control:Used-Bytes ->
'154996'

(1) check_usage:   $RAD_CONFIG{'Reset-Date'} = &control:Reset-Date -> '13'

(1) check_usage:   $RAD_CONFIG{'Email'} = &control:Email -> '
zhex900 at gmail.com'

(1) check_usage:   $RAD_CONFIG{'Sent-Mail'} = &control:Sent-Mail -> '0'

(1) check_usage:   $RAD_CONFIG{'Mobile'} = &control:Mobile -> '0433169153'

(1) check_usage: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1400'

(1) check_usage: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'}
-> 'Jun 26 2015 03:36:51 UTC'

(1) check_usage: &request:Service-Type = $RAD_REQUEST{'Service-Type'} ->
'Framed-User'

(1) check_usage: &request:Calling-Station-Id =
$RAD_REQUEST{'Calling-Station-Id'} -> 'F8-A9-D0-18-F2-24'

(1) check_usage: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'jake'

(1) check_usage: &request:EAP-Type = $RAD_REQUEST{'EAP-Type'} -> 'NAK'

(1) check_usage: &request:Message-Authenticator =
$RAD_REQUEST{'Message-Authenticator'} ->
'0x23c1df8ed8c64f231b0e8b9a5c48c798'

(1) check_usage: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} ->
'Wireless-802.11'

(1) check_usage: &request:Acct-Multi-Session-Id =
$RAD_REQUEST{'Acct-Multi-Session-Id'} ->
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(1) check_usage: &request:SQL-User-Name = $RAD_REQUEST{'SQL-User-Name'} ->
'jake'

(1) check_usage: &request:Called-Station-Id =
$RAD_REQUEST{'Called-Station-Id'} -> '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(1) check_usage: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'}
-> '10.1.1.23'

(1) check_usage: &request:Acct-Session-Id = $RAD_REQUEST{'Acct-Session-Id'}
-> '82200019'

(1) check_usage: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} ->
'wlan4'

(1) check_usage: &request:Site = $RAD_REQUEST{'Site'} -> '1'

(1) check_usage: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} ->
'0x020100060319'

(1) check_usage: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'}
-> 'MikroTik'

(1) check_usage: &request:State = $RAD_REQUEST{'State'} ->
'0x2ae8af442ae9ab526f505f86b4932430'

(1) check_usage: &reply:Mikrotik-Total-Limit-Gigawords =
$RAD_REPLY{'Mikrotik-Total-Limit-Gigawords'} -> '232830643'

(1) check_usage: &reply:Mikrotik-Total-Limit =
$RAD_REPLY{'Mikrotik-Total-Limit'} -> '2808193675'

(1) check_usage: &reply:Session-Timeout = $RAD_REPLY{'Session-Timeout'} ->
'10800'

(1) check_usage: &control:Cleartext-Password =
$RAD_CHECK{'Cleartext-Password'} -> 'fheman123'

(1) check_usage: &control:Avail-Bytes = $RAD_CHECK{'Avail-Bytes'} ->
'999999999999845003'

(1) check_usage: &control:Mobile = $RAD_CHECK{'Mobile'} -> '0433169153'

(1) check_usage: &control:Reset-Date = $RAD_CHECK{'Reset-Date'} -> '13'

(1) check_usage: &control:Sent-Mail = $RAD_CHECK{'Sent-Mail'} -> '0'

(1) check_usage: &control:Total-Bytes = $RAD_CHECK{'Total-Bytes'} ->
'999999999999999999'

(1) check_usage: &control:Used-Bytes = $RAD_CHECK{'Used-Bytes'} -> '154996'

(1) check_usage: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'EAP'

(1) check_usage: &control:Email = $RAD_CHECK{'Email'} -> 'zhex900 at gmail.com'

(1)         [check_usage] = updated

(1)       } # if ((control:Total-Bytes)) = updated

(1)     } # policy data-restriction = updated

(1)     [expiration] = noop

(1)     [logintime] = noop

(1) pap: WARNING: Auth-Type already set.  Not setting to PAP

(1)     [pap] = noop

(1)   } # authorize = updated

(1) Found Auth-Type = EAP

(1) # Executing group from file /etc/freeradius/sites-enabled/default

(1)   authenticate {

(1) eap: Expiring EAP session with state 0x2ae8af442ae9ab52

(1) eap: Finished EAP session with state 0x2ae8af442ae9ab52

(1) eap: Previous EAP request found for state 0x2ae8af442ae9ab52, released
from the list

(1) eap: Peer sent method NAK (3)

(1) eap: Found mutually acceptable type PEAP (25)

(1) eap: Calling eap_peap to process EAP data

(1) eap_peap: Flushing SSL sessions (of #0)

(1) eap_peap: Initiate

(1) eap_peap: Start returned 1

(1) eap: EAP session adding &reply:State = 0x2ae8af442beab652

(1)     [eap] = handled

(1)   } # authenticate = handled

(1) Using Post-Auth-Type Challenge

(1) Post-Auth-Type sub-section not found.  Ignoring.

(1) # Executing group from file /etc/freeradius/sites-enabled/default

(1) Sent Access-Challenge Id 242 from 172.17.0.68:1812 to
203.59.132.253:44270 length 0

(1)   Mikrotik-Total-Limit-Gigawords = 232830643

(1)   Mikrotik-Total-Limit = 2808193675

(1)   Session-Timeout = 10800

(1)   EAP-Message = 0x010200061920

(1)   Message-Authenticator = 0x00000000000000000000000000000000

(1)   State = 0x2ae8af442beab6526f505f86b4932430

(1) Finished request

Waking up in 4.8 seconds.

(2) Received Access-Request Id 243 from 203.59.132.253:52144 to
172.17.0.68:1812 length 427

(2)   Service-Type = Framed-User

(2)   Framed-MTU = 1400

(2)   User-Name = 'jake'

(2)   State = 0x2ae8af442beab6526f505f86b4932430

(2)   NAS-Port-Id = 'wlan4'

(2)   NAS-Port-Type = Wireless-802.11

(2)   Acct-Session-Id = '82200019'

(2)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(2)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(2)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(2)   EAP-Message =
0x020200c41980000000ba16030100b5010000b103016e692cd58137a32168d3f582da80112b10f99f0b740669a6ebb3372583558513000048c014c00a00390038c00fc0050035c013c00900330032c00ec004002fc011c007c00cc00200050004c012c00800160013c00dc003000a001500120009001400

(2)   Message-Authenticator = 0xe1a2042b676d0a3bca307cb23bd11d3d

(2)   NAS-Identifier = 'MikroTik'

(2)   NAS-IP-Address = 10.1.1.23

(2) session-state: No cached attributes

(2) # Executing section authorize from file
/etc/freeradius/sites-enabled/default

(2)   authorize {

(2)     policy filter_username {

(2)       if (!&User-Name) {

(2)       if (!&User-Name)  -> FALSE

(2)       if (&User-Name =~ / /) {

(2)       if (&User-Name =~ / /)  -> FALSE

(2)       if (&User-Name =~ /@.*@/ ) {

(2)       if (&User-Name =~ /@.*@/ )  -> FALSE

(2)       if (&User-Name =~ /\.\./ ) {

(2)       if (&User-Name =~ /\.\./ )  -> FALSE

(2)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(2)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(2)       if (&User-Name =~ /\.$/)  {

(2)       if (&User-Name =~ /\.$/)   -> FALSE

(2)       if (&User-Name =~ /@\./)  {

(2)       if (&User-Name =~ /@\./)   -> FALSE

(2)     } # policy filter_username = notfound

(2)     [preprocess] = ok

(2)     [chap] = noop

(2)     [mschap] = noop

(2)     [digest] = noop

(2) suffix: Checking for suffix after "@"

(2) suffix: No '@' in User-Name = "jake", looking up realm NULL

(2) suffix: No such realm "NULL"

(2)     [suffix] = noop

(2) eap: Peer sent code Response (2) ID 2 length 196

(2) eap: Continuing tunnel setup

(2)     [eap] = ok

(2)   } # authorize = ok

(2) Found Auth-Type = EAP

(2) # Executing group from file /etc/freeradius/sites-enabled/default

(2)   authenticate {

(2) eap: Expiring EAP session with state 0x2ae8af442beab652

(2) eap: Finished EAP session with state 0x2ae8af442beab652

(2) eap: Previous EAP request found for state 0x2ae8af442beab652, released
from the list

(2) eap: Peer sent method PEAP (25)

(2) eap: EAP PEAP (25)

(2) eap: Calling eap_peap to process EAP data

(2) eap_peap: processing EAP-TLS

(2) eap_peap: TLS Length 186

(2) eap_peap: Length Included

(2) eap_peap: eaptls_verify returned 11

(2) eap_peap: (other): before/accept initialization

(2) eap_peap: TLS_accept: before/accept initialization

(2) eap_peap: <<< TLS 1.0 Handshake [length 00b5], ClientHello

(2) eap_peap: TLS_accept: SSLv3 read client hello A

(2) eap_peap: >>> TLS 1.0 Handshake [length 0059], ServerHello

(2) eap_peap: TLS_accept: SSLv3 write server hello A

(2) eap_peap: >>> TLS 1.0 Handshake [length 08d0], Certificate

(2) eap_peap: TLS_accept: SSLv3 write certificate A

(2) eap_peap: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange

(2) eap_peap: TLS_accept: SSLv3 write key exchange A

(2) eap_peap: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone

(2) eap_peap: TLS_accept: SSLv3 write server done A

(2) eap_peap: TLS_accept: SSLv3 flush data

(2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client
certificate A

(2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client
certificate A

In SSL Handshake Phase

In SSL Accept mode

(2) eap_peap: eaptls_process returned 13

(2) eap_peap: FR_TLS_HANDLED

(2) eap: EAP session adding &reply:State = 0x2ae8af4428ebb652

(2)     [eap] = handled

(2)   } # authenticate = handled

(2) Using Post-Auth-Type Challenge

(2) Post-Auth-Type sub-section not found.  Ignoring.

(2) # Executing group from file /etc/freeradius/sites-enabled/default

(2) Sent Access-Challenge Id 243 from 172.17.0.68:1812 to
203.59.132.253:52144 length 0

(2)   EAP-Message =
0x010303ec19c000000a8c1603010059020000550301d46c8d0a4b602b18e16f0c2eca4ab0b9923c8c75937b6be866c61bccebeff4f020f8318cccbe262c0e3e6529d8f49d6f94bb3d20480c225789496ecaf88b6d23bbc01400000dff01000100000b00040300010216030108d00b0008cc0008c90003de

(2)   Message-Authenticator = 0x00000000000000000000000000000000

(2)   State = 0x2ae8af4428ebb6526f505f86b4932430

(2) Finished request

Waking up in 4.7 seconds.

(3) Received Access-Request Id 244 from 203.59.132.253:35924 to
172.17.0.68:1812 length 237

(3)   Service-Type = Framed-User

(3)   Framed-MTU = 1400

(3)   User-Name = 'jake'

(3)   State = 0x2ae8af4428ebb6526f505f86b4932430

(3)   NAS-Port-Id = 'wlan4'

(3)   NAS-Port-Type = Wireless-802.11

(3)   Acct-Session-Id = '82200019'

(3)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(3)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(3)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(3)   EAP-Message = 0x020300061900

(3)   Message-Authenticator = 0xbcede2e1f511c39d7829a8d31d3056ca

(3)   NAS-Identifier = 'MikroTik'

(3)   NAS-IP-Address = 10.1.1.23

(3) session-state: No cached attributes

(3) # Executing section authorize from file
/etc/freeradius/sites-enabled/default

(3)   authorize {

(3)     policy filter_username {

(3)       if (!&User-Name) {

(3)       if (!&User-Name)  -> FALSE

(3)       if (&User-Name =~ / /) {

(3)       if (&User-Name =~ / /)  -> FALSE

(3)       if (&User-Name =~ /@.*@/ ) {

(3)       if (&User-Name =~ /@.*@/ )  -> FALSE

(3)       if (&User-Name =~ /\.\./ ) {

(3)       if (&User-Name =~ /\.\./ )  -> FALSE

(3)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(3)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(3)       if (&User-Name =~ /\.$/)  {

(3)       if (&User-Name =~ /\.$/)   -> FALSE

(3)       if (&User-Name =~ /@\./)  {

(3)       if (&User-Name =~ /@\./)   -> FALSE

(3)     } # policy filter_username = notfound

(3)     [preprocess] = ok

(3)     [chap] = noop

(3)     [mschap] = noop

(3)     [digest] = noop

(3) suffix: Checking for suffix after "@"

(3) suffix: No '@' in User-Name = "jake", looking up realm NULL

(3) suffix: No such realm "NULL"

(3)     [suffix] = noop

(3) eap: Peer sent code Response (2) ID 3 length 6

(3) eap: Continuing tunnel setup

(3)     [eap] = ok

(3)   } # authorize = ok

(3) Found Auth-Type = EAP

(3) # Executing group from file /etc/freeradius/sites-enabled/default

(3)   authenticate {

(3) eap: Expiring EAP session with state 0x2ae8af4428ebb652

(3) eap: Finished EAP session with state 0x2ae8af4428ebb652

(3) eap: Previous EAP request found for state 0x2ae8af4428ebb652, released
from the list

(3) eap: Peer sent method PEAP (25)

(3) eap: EAP PEAP (25)

(3) eap: Calling eap_peap to process EAP data

(3) eap_peap: processing EAP-TLS

(3) eap_peap: Received TLS ACK

(3) eap_peap: Received TLS ACK

(3) eap_peap: ACK handshake fragment handler

(3) eap_peap: eaptls_verify returned 1

(3) eap_peap: eaptls_process returned 13

(3) eap_peap: FR_TLS_HANDLED

(3) eap: EAP session adding &reply:State = 0x2ae8af4429ecb652

(3)     [eap] = handled

(3)   } # authenticate = handled

(3) Using Post-Auth-Type Challenge

(3) Post-Auth-Type sub-section not found.  Ignoring.

(3) # Executing group from file /etc/freeradius/sites-enabled/default

(3) Sent Access-Challenge Id 244 from 172.17.0.68:1812 to
203.59.132.253:35924 length 0

(3)   EAP-Message =
0x010403e8194070fc3072618327914b90833c80b17761d6b71ed327b33f801709abca73c4785893e2238950ca0494c79dceb74a47d2ae97f2cf40c1857e89d6543f5d275ca54082c2d8a4ec8109ca6d7161699efce7a8d33588e1f1403c619f4ebd02f166ab8a0d9b07ad442d0202e60004e5308204e130

(3)   Message-Authenticator = 0x00000000000000000000000000000000

(3)   State = 0x2ae8af4429ecb6526f505f86b4932430

(3) Finished request

Waking up in 4.6 seconds.

(4) Received Access-Request Id 245 from 203.59.132.253:39524 to
172.17.0.68:1812 length 237

(4)   Service-Type = Framed-User

(4)   Framed-MTU = 1400

(4)   User-Name = 'jake'

(4)   State = 0x2ae8af4429ecb6526f505f86b4932430

(4)   NAS-Port-Id = 'wlan4'

(4)   NAS-Port-Type = Wireless-802.11

(4)   Acct-Session-Id = '82200019'

(4)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(4)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(4)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(4)   EAP-Message = 0x020400061900

(4)   Message-Authenticator = 0x54aecaf6cd05e5bf1bce8ad82728077d

(4)   NAS-Identifier = 'MikroTik'

(4)   NAS-IP-Address = 10.1.1.23

(4) session-state: No cached attributes

(4) # Executing section authorize from file
/etc/freeradius/sites-enabled/default

(4)   authorize {

(4)     policy filter_username {

(4)       if (!&User-Name) {

(4)       if (!&User-Name)  -> FALSE

(4)       if (&User-Name =~ / /) {

(4)       if (&User-Name =~ / /)  -> FALSE

(4)       if (&User-Name =~ /@.*@/ ) {

(4)       if (&User-Name =~ /@.*@/ )  -> FALSE

(4)       if (&User-Name =~ /\.\./ ) {

(4)       if (&User-Name =~ /\.\./ )  -> FALSE

(4)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(4)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(4)       if (&User-Name =~ /\.$/)  {

(4)       if (&User-Name =~ /\.$/)   -> FALSE

(4)       if (&User-Name =~ /@\./)  {

(4)       if (&User-Name =~ /@\./)   -> FALSE

(4)     } # policy filter_username = notfound

(4)     [preprocess] = ok

(4)     [chap] = noop

(4)     [mschap] = noop

(4)     [digest] = noop

(4) suffix: Checking for suffix after "@"

(4) suffix: No '@' in User-Name = "jake", looking up realm NULL

(4) suffix: No such realm "NULL"

(4)     [suffix] = noop

(4) eap: Peer sent code Response (2) ID 4 length 6

(4) eap: Continuing tunnel setup

(4)     [eap] = ok

(4)   } # authorize = ok

(4) Found Auth-Type = EAP

(4) # Executing group from file /etc/freeradius/sites-enabled/default

(4)   authenticate {

(4) eap: Expiring EAP session with state 0x2ae8af4429ecb652

(4) eap: Finished EAP session with state 0x2ae8af4429ecb652

(4) eap: Previous EAP request found for state 0x2ae8af4429ecb652, released
from the list

(4) eap: Peer sent method PEAP (25)

(4) eap: EAP PEAP (25)

(4) eap: Calling eap_peap to process EAP data

(4) eap_peap: processing EAP-TLS

(4) eap_peap: Received TLS ACK

(4) eap_peap: Received TLS ACK

(4) eap_peap: ACK handshake fragment handler

(4) eap_peap: eaptls_verify returned 1

(4) eap_peap: eaptls_process returned 13

(4) eap_peap: FR_TLS_HANDLED

(4) eap: EAP session adding &reply:State = 0x2ae8af442eedb652

(4)     [eap] = handled

(4)   } # authenticate = handled

(4) Using Post-Auth-Type Challenge

(4) Post-Auth-Type sub-section not found.  Ignoring.

(4) # Executing group from file /etc/freeradius/sites-enabled/default

(4) Sent Access-Challenge Id 245 from 172.17.0.68:1812 to
203.59.132.253:39524 length 0

(4)   EAP-Message =
0x010502ce190020417574686f72697479820900b019525dc1d9412e300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101006f73

(4)   Message-Authenticator = 0x00000000000000000000000000000000

(4)   State = 0x2ae8af442eedb6526f505f86b4932430

(4) Finished request

Waking up in 4.4 seconds.

(5) Received Access-Request Id 246 from 203.59.132.253:45440 to
172.17.0.68:1812 length 375

(5)   Service-Type = Framed-User

(5)   Framed-MTU = 1400

(5)   User-Name = 'jake'

(5)   State = 0x2ae8af442eedb6526f505f86b4932430

(5)   NAS-Port-Id = 'wlan4'

(5)   NAS-Port-Type = Wireless-802.11

(5)   Acct-Session-Id = '82200019'

(5)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(5)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(5)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(5)   EAP-Message =
0x020500901980000000861603010046100000424104bd66ff8372c1dc049759a9b955193ffa8e8e4da7348cc4e36500cb9b5198ba94ea171b8d06416f4894d5ff73e68fa74a8d6fd8563daec796148288a0a5ed0ebb1403010001011603010030bfe20542d15a4dfa96fecdb720ea6156305308632d1890

(5)   Message-Authenticator = 0x7df94396891c33014810e3acbeafcbb1

(5)   NAS-Identifier = 'MikroTik'

(5)   NAS-IP-Address = 10.1.1.23

(5) session-state: No cached attributes

(5) # Executing section authorize from file
/etc/freeradius/sites-enabled/default

(5)   authorize {

(5)     policy filter_username {

(5)       if (!&User-Name) {

(5)       if (!&User-Name)  -> FALSE

(5)       if (&User-Name =~ / /) {

(5)       if (&User-Name =~ / /)  -> FALSE

(5)       if (&User-Name =~ /@.*@/ ) {

(5)       if (&User-Name =~ /@.*@/ )  -> FALSE

(5)       if (&User-Name =~ /\.\./ ) {

(5)       if (&User-Name =~ /\.\./ )  -> FALSE

(5)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(5)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(5)       if (&User-Name =~ /\.$/)  {

(5)       if (&User-Name =~ /\.$/)   -> FALSE

(5)       if (&User-Name =~ /@\./)  {

(5)       if (&User-Name =~ /@\./)   -> FALSE

(5)     } # policy filter_username = notfound

(5)     [preprocess] = ok

(5)     [chap] = noop

(5)     [mschap] = noop

(5)     [digest] = noop

(5) suffix: Checking for suffix after "@"

(5) suffix: No '@' in User-Name = "jake", looking up realm NULL

(5) suffix: No such realm "NULL"

(5)     [suffix] = noop

(5) eap: Peer sent code Response (2) ID 5 length 144

(5) eap: Continuing tunnel setup

(5)     [eap] = ok

(5)   } # authorize = ok

(5) Found Auth-Type = EAP

(5) # Executing group from file /etc/freeradius/sites-enabled/default

(5)   authenticate {

(5) eap: Expiring EAP session with state 0x2ae8af442eedb652

(5) eap: Finished EAP session with state 0x2ae8af442eedb652

(5) eap: Previous EAP request found for state 0x2ae8af442eedb652, released
from the list

(5) eap: Peer sent method PEAP (25)

(5) eap: EAP PEAP (25)

(5) eap: Calling eap_peap to process EAP data

(5) eap_peap: processing EAP-TLS

(5) eap_peap: TLS Length 134

(5) eap_peap: Length Included

(5) eap_peap: eaptls_verify returned 11

(5) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange

(5) eap_peap: TLS_accept: SSLv3 read client key exchange A

(5) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001]

(5) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished

(5) eap_peap: TLS_accept: SSLv3 read finished A

(5) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001]

(5) eap_peap: TLS_accept: SSLv3 write change cipher spec A

(5) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished

(5) eap_peap: TLS_accept: SSLv3 write finished A

(5) eap_peap: TLS_accept: SSLv3 flush data

  TLS: adding session
f8318cccbe262c0e3e6529d8f49d6f94bb3d20480c225789496ecaf88b6d23bb to cache

(5) eap_peap: (other): SSL negotiation finished successfully

SSL Connection Established

(5) eap_peap: eaptls_process returned 13

(5) eap_peap: FR_TLS_HANDLED

(5) eap: EAP session adding &reply:State = 0x2ae8af442feeb652

(5)     [eap] = handled

(5)   } # authenticate = handled

(5) Using Post-Auth-Type Challenge

(5) Post-Auth-Type sub-section not found.  Ignoring.

(5) # Executing group from file /etc/freeradius/sites-enabled/default

(5) Sent Access-Challenge Id 246 from 172.17.0.68:1812 to
203.59.132.253:45440 length 0

(5)   EAP-Message =
0x0106004119001403010001011603010030b50c5c6bcd7f1f0c3cdb9a9dd16fb6d24bfc64db51180644d3f3806f9a566ed700be78e43a68b107312669ee0fbe6d1f

(5)   Message-Authenticator = 0x00000000000000000000000000000000

(5)   State = 0x2ae8af442feeb6526f505f86b4932430

(5) Finished request

Waking up in 4.3 seconds.

(6) Received Access-Request Id 247 from 203.59.132.253:39369 to
172.17.0.68:1812 length 237

(6)   Service-Type = Framed-User

(6)   Framed-MTU = 1400

(6)   User-Name = 'jake'

(6)   State = 0x2ae8af442feeb6526f505f86b4932430

(6)   NAS-Port-Id = 'wlan4'

(6)   NAS-Port-Type = Wireless-802.11

(6)   Acct-Session-Id = '82200019'

(6)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(6)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(6)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(6)   EAP-Message = 0x020600061900

(6)   Message-Authenticator = 0xb6affee6faf6ee543b6ef9c9f52f74ec

(6)   NAS-Identifier = 'MikroTik'

(6)   NAS-IP-Address = 10.1.1.23

(6) session-state: No cached attributes

(6) # Executing section authorize from file
/etc/freeradius/sites-enabled/default

(6)   authorize {

(6)     policy filter_username {

(6)       if (!&User-Name) {

(6)       if (!&User-Name)  -> FALSE

(6)       if (&User-Name =~ / /) {

(6)       if (&User-Name =~ / /)  -> FALSE

(6)       if (&User-Name =~ /@.*@/ ) {

(6)       if (&User-Name =~ /@.*@/ )  -> FALSE

(6)       if (&User-Name =~ /\.\./ ) {

(6)       if (&User-Name =~ /\.\./ )  -> FALSE

(6)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(6)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(6)       if (&User-Name =~ /\.$/)  {

(6)       if (&User-Name =~ /\.$/)   -> FALSE

(6)       if (&User-Name =~ /@\./)  {

(6)       if (&User-Name =~ /@\./)   -> FALSE

(6)     } # policy filter_username = notfound

(6)     [preprocess] = ok

(6)     [chap] = noop

(6)     [mschap] = noop

(6)     [digest] = noop

(6) suffix: Checking for suffix after "@"

(6) suffix: No '@' in User-Name = "jake", looking up realm NULL

(6) suffix: No such realm "NULL"

(6)     [suffix] = noop

(6) eap: Peer sent code Response (2) ID 6 length 6

(6) eap: Continuing tunnel setup

(6)     [eap] = ok

(6)   } # authorize = ok

(6) Found Auth-Type = EAP

(6) # Executing group from file /etc/freeradius/sites-enabled/default

(6)   authenticate {

(6) eap: Expiring EAP session with state 0x2ae8af442feeb652

(6) eap: Finished EAP session with state 0x2ae8af442feeb652

(6) eap: Previous EAP request found for state 0x2ae8af442feeb652, released
from the list

(6) eap: Peer sent method PEAP (25)

(6) eap: EAP PEAP (25)

(6) eap: Calling eap_peap to process EAP data

(6) eap_peap: processing EAP-TLS

(6) eap_peap: Received TLS ACK

(6) eap_peap: Received TLS ACK

(6) eap_peap: ACK handshake is finished

(6) eap_peap: eaptls_verify returned 3

(6) eap_peap: eaptls_process returned 3

(6) eap_peap: FR_TLS_SUCCESS

(6) eap_peap: Session established.  Decoding tunneled attributes

(6) eap_peap: PEAP state TUNNEL ESTABLISHED

(6) eap: EAP session adding &reply:State = 0x2ae8af442cefb652

(6)     [eap] = handled

(6)   } # authenticate = handled

(6) Using Post-Auth-Type Challenge

(6) Post-Auth-Type sub-section not found.  Ignoring.

(6) # Executing group from file /etc/freeradius/sites-enabled/default

(6) Sent Access-Challenge Id 247 from 172.17.0.68:1812 to
203.59.132.253:39369 length 0

(6)   EAP-Message =
0x0107002b190017030100209db4b82b7785ec126910f4c56f3693646b7c87d993175dec544c881e17ff7e66

(6)   Message-Authenticator = 0x00000000000000000000000000000000

(6)   State = 0x2ae8af442cefb6526f505f86b4932430

(6) Finished request

Waking up in 4.2 seconds.

(7) Received Access-Request Id 248 from 203.59.132.253:54163 to
172.17.0.68:1812 length 274

(7)   Service-Type = Framed-User

(7)   Framed-MTU = 1400

(7)   User-Name = 'jake'

(7)   State = 0x2ae8af442cefb6526f505f86b4932430

(7)   NAS-Port-Id = 'wlan4'

(7)   NAS-Port-Type = Wireless-802.11

(7)   Acct-Session-Id = '82200019'

(7)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(7)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(7)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(7)   EAP-Message =
0x0207002b190017030100208286978455a47dcaa043b6ee4493bf1162e7a1a6105b84d369f022c49c2db0b8

(7)   Message-Authenticator = 0xb259288f94fab665a32a8e25909eabe9

(7)   NAS-Identifier = 'MikroTik'

(7)   NAS-IP-Address = 10.1.1.23

(7) session-state: No cached attributes

(7) # Executing section authorize from file
/etc/freeradius/sites-enabled/default

(7)   authorize {

(7)     policy filter_username {

(7)       if (!&User-Name) {

(7)       if (!&User-Name)  -> FALSE

(7)       if (&User-Name =~ / /) {

(7)       if (&User-Name =~ / /)  -> FALSE

(7)       if (&User-Name =~ /@.*@/ ) {

(7)       if (&User-Name =~ /@.*@/ )  -> FALSE

(7)       if (&User-Name =~ /\.\./ ) {

(7)       if (&User-Name =~ /\.\./ )  -> FALSE

(7)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(7)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(7)       if (&User-Name =~ /\.$/)  {

(7)       if (&User-Name =~ /\.$/)   -> FALSE

(7)       if (&User-Name =~ /@\./)  {

(7)       if (&User-Name =~ /@\./)   -> FALSE

(7)     } # policy filter_username = notfound

(7)     [preprocess] = ok

(7)     [chap] = noop

(7)     [mschap] = noop

(7)     [digest] = noop

(7) suffix: Checking for suffix after "@"

(7) suffix: No '@' in User-Name = "jake", looking up realm NULL

(7) suffix: No such realm "NULL"

(7)     [suffix] = noop

(7) eap: Peer sent code Response (2) ID 7 length 43

(7) eap: Continuing tunnel setup

(7)     [eap] = ok

(7)   } # authorize = ok

(7) Found Auth-Type = EAP

(7) # Executing group from file /etc/freeradius/sites-enabled/default

(7)   authenticate {

(7) eap: Expiring EAP session with state 0x2ae8af442cefb652

(7) eap: Finished EAP session with state 0x2ae8af442cefb652

(7) eap: Previous EAP request found for state 0x2ae8af442cefb652, released
from the list

(7) eap: Peer sent method PEAP (25)

(7) eap: EAP PEAP (25)

(7) eap: Calling eap_peap to process EAP data

(7) eap_peap: processing EAP-TLS

(7) eap_peap: eaptls_verify returned 7

(7) eap_peap: Done initial handshake

(7) eap_peap: eaptls_process returned 7

(7) eap_peap: FR_TLS_OK

(7) eap_peap: Session established.  Decoding tunneled attributes

(7) eap_peap: PEAP state WAITING FOR INNER IDENTITY

(7) eap_peap: Identity - jake

(7) eap_peap: Got inner identity 'jake'

(7) eap_peap: Setting default EAP type for tunneled EAP session

(7) eap_peap: Got tunneled request

(7) eap_peap:   EAP-Message = 0x02070009016a616b65

(7) eap_peap: Setting User-Name to jake

(7) eap_peap: Sending tunneled request to inner-tunnel

(7) eap_peap:   EAP-Message = 0x02070009016a616b65

(7) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1

(7) eap_peap:   User-Name = 'jake'

(7) eap_peap:   Service-Type = Framed-User

(7) eap_peap:   Framed-MTU = 1400

(7) eap_peap:   NAS-Port-Id = 'wlan4'

(7) eap_peap:   NAS-Port-Type = Wireless-802.11

(7) eap_peap:   Acct-Session-Id = '82200019'

(7) eap_peap:   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(7) eap_peap:   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(7) eap_peap:   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(7) eap_peap:   NAS-Identifier = 'MikroTik'

(7) eap_peap:   NAS-IP-Address = 10.1.1.23

(7) eap_peap:   Event-Timestamp = 'Jun 26 2015 03:36:52 UTC'

(7) Virtual server inner-tunnel received request

(7)   EAP-Message = 0x02070009016a616b65

(7)   FreeRADIUS-Proxied-To = 127.0.0.1

(7)   User-Name = 'jake'

(7)   Service-Type = Framed-User

(7)   Framed-MTU = 1400

(7)   NAS-Port-Id = 'wlan4'

(7)   NAS-Port-Type = Wireless-802.11

(7)   Acct-Session-Id = '82200019'

(7)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(7)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(7)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(7)   NAS-Identifier = 'MikroTik'

(7)   NAS-IP-Address = 10.1.1.23

(7)   Event-Timestamp = 'Jun 26 2015 03:36:52 UTC'

(7) server inner-tunnel {

(7)   # Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel

(7)     authorize {

(7)       [chap] = noop

(7)       [mschap] = noop

(7) suffix: Checking for suffix after "@"

(7) suffix: No '@' in User-Name = "jake", looking up realm NULL

(7) suffix: No such realm "NULL"

(7)       [suffix] = noop

(7)       update control {

(7)         &Proxy-To-Realm := LOCAL

(7)       } # update control = noop

(7) eap: Peer sent code Response (2) ID 7 length 9

(7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize

(7)       [eap] = ok

(7)     } # authorize = ok

(7)   Found Auth-Type = EAP

(7)   # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel

(7)     authenticate {

(7) eap: Peer sent method Identity (1)

(7) eap: Calling eap_mschapv2 to process EAP data

(7) eap_mschapv2: Issuing Challenge

(7) eap: EAP session adding &reply:State = 0x22b0356022b82f2e

(7)       [eap] = handled

(7)     } # authenticate = handled

(7) } # server inner-tunnel

(7) Virtual server sending reply

(7)   EAP-Message =
0x0108002a1a010800251014f3168a99ab99e591528dc482b16e2c667265657261646975732d332e302e38

(7)   Message-Authenticator = 0x00000000000000000000000000000000

(7)   State = 0x22b0356022b82f2e85a63bb65e619718

(7) eap_peap: Got tunneled reply code 11

(7) eap_peap:   EAP-Message =
0x0108002a1a010800251014f3168a99ab99e591528dc482b16e2c667265657261646975732d332e302e38

(7) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000

(7) eap_peap:   State = 0x22b0356022b82f2e85a63bb65e619718

(7) eap_peap: Got tunneled reply RADIUS code 11

(7) eap_peap:   EAP-Message =
0x0108002a1a010800251014f3168a99ab99e591528dc482b16e2c667265657261646975732d332e302e38

(7) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000

(7) eap_peap:   State = 0x22b0356022b82f2e85a63bb65e619718

(7) eap_peap: Got tunneled Access-Challenge

(7) eap: EAP session adding &reply:State = 0x2ae8af442de0b652

(7)     [eap] = handled

(7)   } # authenticate = handled

(7) Using Post-Auth-Type Challenge

(7) Post-Auth-Type sub-section not found.  Ignoring.

(7) # Executing group from file /etc/freeradius/sites-enabled/default

(7) Sent Access-Challenge Id 248 from 172.17.0.68:1812 to
203.59.132.253:54163 length 0

(7)   EAP-Message =
0x0108004b190017030100405d23e6bcb09cb6d20b68d9aaca1f83e4091ceff102e5083ddd35b9012b3d0e7188c3b1e155ea8f9bddc0ea1f850f357d2b8f6240e497819ecfd11cf2a7c0fbbb

(7)   Message-Authenticator = 0x00000000000000000000000000000000

(7)   State = 0x2ae8af442de0b6526f505f86b4932430

(7) Finished request

Waking up in 4.1 seconds.

(8) Received Access-Request Id 249 from 203.59.132.253:36869 to
172.17.0.68:1812 length 322

(8)   Service-Type = Framed-User

(8)   Framed-MTU = 1400

(8)   User-Name = 'jake'

(8)   State = 0x2ae8af442de0b6526f505f86b4932430

(8)   NAS-Port-Id = 'wlan4'

(8)   NAS-Port-Type = Wireless-802.11

(8)   Acct-Session-Id = '82200019'

(8)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(8)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(8)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(8)   EAP-Message =
0x0208005b190017030100507a6c5910e9c1dc3a4adf8951c44d459517e50c2a6116265ff2d8924df35f0557e921ca3264d2be55f40dc688cb5fa91b6d9c14b1c9a895996ca03e1c224e31a2efb0740a6415f05685f77b4427b49f76

(8)   Message-Authenticator = 0x1b7b410bbe118d5b2da8add5b4ac1a43

(8)   NAS-Identifier = 'MikroTik'

(8)   NAS-IP-Address = 10.1.1.23

(8) session-state: No cached attributes

(8) # Executing section authorize from file
/etc/freeradius/sites-enabled/default

(8)   authorize {

(8)     policy filter_username {

(8)       if (!&User-Name) {

(8)       if (!&User-Name)  -> FALSE

(8)       if (&User-Name =~ / /) {

(8)       if (&User-Name =~ / /)  -> FALSE

(8)       if (&User-Name =~ /@.*@/ ) {

(8)       if (&User-Name =~ /@.*@/ )  -> FALSE

(8)       if (&User-Name =~ /\.\./ ) {

(8)       if (&User-Name =~ /\.\./ )  -> FALSE

(8)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(8)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(8)       if (&User-Name =~ /\.$/)  {

(8)       if (&User-Name =~ /\.$/)   -> FALSE

(8)       if (&User-Name =~ /@\./)  {

(8)       if (&User-Name =~ /@\./)   -> FALSE

(8)     } # policy filter_username = notfound

(8)     [preprocess] = ok

(8)     [chap] = noop

(8)     [mschap] = noop

(8)     [digest] = noop

(8) suffix: Checking for suffix after "@"

(8) suffix: No '@' in User-Name = "jake", looking up realm NULL

(8) suffix: No such realm "NULL"

(8)     [suffix] = noop

(8) eap: Peer sent code Response (2) ID 8 length 91

(8) eap: Continuing tunnel setup

(8)     [eap] = ok

(8)   } # authorize = ok

(8) Found Auth-Type = EAP

(8) # Executing group from file /etc/freeradius/sites-enabled/default

(8)   authenticate {

(8) eap: Expiring EAP session with state 0x22b0356022b82f2e

(8) eap: Finished EAP session with state 0x2ae8af442de0b652

(8) eap: Previous EAP request found for state 0x2ae8af442de0b652, released
from the list

(8) eap: Peer sent method PEAP (25)

(8) eap: EAP PEAP (25)

(8) eap: Calling eap_peap to process EAP data

(8) eap_peap: processing EAP-TLS

(8) eap_peap: eaptls_verify returned 7

(8) eap_peap: Done initial handshake

(8) eap_peap: eaptls_process returned 7

(8) eap_peap: FR_TLS_OK

(8) eap_peap: Session established.  Decoding tunneled attributes

(8) eap_peap: PEAP state phase2

(8) eap_peap: EAP type MSCHAPv2 (26)

(8) eap_peap: Got tunneled request

(8) eap_peap:   EAP-Message =
0x0208003f1a0208003a31fcc0fb5d30dd364f4a9edc06a2029b9d0000000000000000312629d61823e24eb9069392de30e57b93615a8ff11013d1006a616b65

(8) eap_peap: Setting User-Name to jake

(8) eap_peap: Sending tunneled request to inner-tunnel

(8) eap_peap:   EAP-Message =
0x0208003f1a0208003a31fcc0fb5d30dd364f4a9edc06a2029b9d0000000000000000312629d61823e24eb9069392de30e57b93615a8ff11013d1006a616b65

(8) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1

(8) eap_peap:   User-Name = 'jake'

(8) eap_peap:   State = 0x22b0356022b82f2e85a63bb65e619718

(8) eap_peap:   Service-Type = Framed-User

(8) eap_peap:   Framed-MTU = 1400

(8) eap_peap:   NAS-Port-Id = 'wlan4'

(8) eap_peap:   NAS-Port-Type = Wireless-802.11

(8) eap_peap:   Acct-Session-Id = '82200019'

(8) eap_peap:   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(8) eap_peap:   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(8) eap_peap:   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(8) eap_peap:   NAS-Identifier = 'MikroTik'

(8) eap_peap:   NAS-IP-Address = 10.1.1.23

(8) eap_peap:   Event-Timestamp = 'Jun 26 2015 03:36:52 UTC'

(8) Virtual server inner-tunnel received request

(8)   EAP-Message =
0x0208003f1a0208003a31fcc0fb5d30dd364f4a9edc06a2029b9d0000000000000000312629d61823e24eb9069392de30e57b93615a8ff11013d1006a616b65

(8)   FreeRADIUS-Proxied-To = 127.0.0.1

(8)   User-Name = 'jake'

(8)   State = 0x22b0356022b82f2e85a63bb65e619718

(8)   Service-Type = Framed-User

(8)   Framed-MTU = 1400

(8)   NAS-Port-Id = 'wlan4'

(8)   NAS-Port-Type = Wireless-802.11

(8)   Acct-Session-Id = '82200019'

(8)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(8)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(8)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(8)   NAS-Identifier = 'MikroTik'

(8)   NAS-IP-Address = 10.1.1.23

(8)   Event-Timestamp = 'Jun 26 2015 03:36:52 UTC'

(8) server inner-tunnel {

(8)   session-state: No cached attributes

(8)   # Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel

(8)     authorize {

(8)       [chap] = noop

(8)       [mschap] = noop

(8) suffix: Checking for suffix after "@"

(8) suffix: No '@' in User-Name = "jake", looking up realm NULL

(8) suffix: No such realm "NULL"

(8)       [suffix] = noop

(8)       update control {

(8)         &Proxy-To-Realm := LOCAL

(8)       } # update control = noop

(8) eap: Peer sent code Response (2) ID 8 length 63

(8) eap: No EAP Start, assuming it's an on-going EAP conversation

(8)       [eap] = updated

(8)       [files] = noop

(8) sql: EXPAND %{User-Name}

(8) sql:    --> jake

(8) sql: SQL-User-Name set to 'jake'

rlm_sql (sql): Reserved connection (4)

(8) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id

(8) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'jake' ORDER BY id

(8) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'jake' ORDER BY id

(8) sql: User found in radcheck table

(8) sql: Conditional check items matched, merging assignment check items

(8) sql:   Cleartext-Password := 'fheman123'

(8) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id

(8) sql:    --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'jake' ORDER BY id

(8) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'jake' ORDER BY id

(8) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority

(8) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'jake'
ORDER BY priority

(8) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'jake' ORDER BY priority

(8) sql: User found in the group table

(8) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id

(8) sql:    --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id

(8) sql: Executing select query: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id

(8) sql: Group "14kimberleyst": Conditional check items matched

(8) sql: Group "14kimberleyst": Merging assignment check items

(8) sql:   Reset-Date := '13'

(8) sql:   Total-Bytes := '999999999999999999'

(8) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id

(8) sql:    --> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id

(8) sql: Executing select query: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id

(8) sql: Group "14kimberleyst": Merging reply items

(8) sql:   Session-Timeout := 10800

rlm_sql (sql): Released connection (4)

(8)       [sql] = ok

(8)       [expiration] = noop

(8)       [logintime] = noop

(8) pap: WARNING: Auth-Type already set.  Not setting to PAP

(8)       [pap] = noop

(8)     } # authorize = updated

(8)   Found Auth-Type = EAP

(8)   # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel

(8)     authenticate {

(8) eap: Expiring EAP session with state 0x22b0356022b82f2e

(8) eap: Finished EAP session with state 0x22b0356022b82f2e

(8) eap: Previous EAP request found for state 0x22b0356022b82f2e, released
from the list

(8) eap: Peer sent method MSCHAPv2 (26)

(8) eap: EAP MSCHAPv2 (26)

(8) eap: Calling eap_mschapv2 to process EAP data

(8) eap_mschapv2: # Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel

(8) eap_mschapv2:   Auth-Type MS-CHAP {

(8) mschap: Found Cleartext-Password, hashing to create NT-Password

(8) mschap: Found Cleartext-Password, hashing to create LM-Password

(8) mschap: Creating challenge hash with username: jake

(8) mschap: Client is using MS-CHAPv2

(8) mschap: Adding MS-CHAPv2 MPPE keys

(8)     [mschap] = ok

(8)   } # Auth-Type MS-CHAP = ok

(8) MSCHAP Success

(8) eap: EAP session adding &reply:State = 0x22b0356023b92f2e

(8)       [eap] = handled

(8)     } # authenticate = handled

(8) } # server inner-tunnel

(8) Virtual server sending reply

(8)   Session-Timeout = 10800

(8)   EAP-Message =
0x010900331a0308002e533d41333944323941353645323936313832444636323842413142393243463244353430393334463042

(8)   Message-Authenticator = 0x00000000000000000000000000000000

(8)   State = 0x22b0356023b92f2e85a63bb65e619718

(8) eap_peap: Got tunneled reply code 11

(8) eap_peap:   Session-Timeout = 10800

(8) eap_peap:   EAP-Message =
0x010900331a0308002e533d41333944323941353645323936313832444636323842413142393243463244353430393334463042

(8) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000

(8) eap_peap:   State = 0x22b0356023b92f2e85a63bb65e619718

(8) eap_peap: Got tunneled reply RADIUS code 11

(8) eap_peap:   Session-Timeout = 10800

(8) eap_peap:   EAP-Message =
0x010900331a0308002e533d41333944323941353645323936313832444636323842413142393243463244353430393334463042

(8) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000

(8) eap_peap:   State = 0x22b0356023b92f2e85a63bb65e619718

(8) eap_peap: Got tunneled Access-Challenge

(8) eap: EAP session adding &reply:State = 0x2ae8af4422e1b652

(8)     [eap] = handled

(8)   } # authenticate = handled

(8) Using Post-Auth-Type Challenge

(8) Post-Auth-Type sub-section not found.  Ignoring.

(8) # Executing group from file /etc/freeradius/sites-enabled/default

(8) Sent Access-Challenge Id 249 from 172.17.0.68:1812 to
203.59.132.253:36869 length 0

(8)   EAP-Message =
0x0109005b19001703010050ff2fa83e838510f3b311adc6a2de5dd4e3bf9e49ca7b67699dc84fd1c698570243feeaa1c808dee3846a38ffbdf223dee1afbe871ba2398fe4bc3653e21b24c6fcee8c9607bbe10fe7370c07f0b041f4

(8)   Message-Authenticator = 0x00000000000000000000000000000000

(8)   State = 0x2ae8af4422e1b6526f505f86b4932430

(8) Finished request

Waking up in 4.0 seconds.

(9) Received Access-Request Id 250 from 203.59.132.253:51671 to
172.17.0.68:1812 length 274

(9)   Service-Type = Framed-User

(9)   Framed-MTU = 1400

(9)   User-Name = 'jake'

(9)   State = 0x2ae8af4422e1b6526f505f86b4932430

(9)   NAS-Port-Id = 'wlan4'

(9)   NAS-Port-Type = Wireless-802.11

(9)   Acct-Session-Id = '82200019'

(9)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(9)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(9)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(9)   EAP-Message =
0x0209002b19001703010020b385b35defe2309a0a1087757d0f1334ba0c847fa90fecacec7d8233ff986872

(9)   Message-Authenticator = 0xd85c93784094e1af3cf813ae7c2212c5

(9)   NAS-Identifier = 'MikroTik'

(9)   NAS-IP-Address = 10.1.1.23

(9) session-state: No cached attributes

(9) # Executing section authorize from file
/etc/freeradius/sites-enabled/default

(9)   authorize {

(9)     policy filter_username {

(9)       if (!&User-Name) {

(9)       if (!&User-Name)  -> FALSE

(9)       if (&User-Name =~ / /) {

(9)       if (&User-Name =~ / /)  -> FALSE

(9)       if (&User-Name =~ /@.*@/ ) {

(9)       if (&User-Name =~ /@.*@/ )  -> FALSE

(9)       if (&User-Name =~ /\.\./ ) {

(9)       if (&User-Name =~ /\.\./ )  -> FALSE

(9)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(9)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(9)       if (&User-Name =~ /\.$/)  {

(9)       if (&User-Name =~ /\.$/)   -> FALSE

(9)       if (&User-Name =~ /@\./)  {

(9)       if (&User-Name =~ /@\./)   -> FALSE

(9)     } # policy filter_username = notfound

(9)     [preprocess] = ok

(9)     [chap] = noop

(9)     [mschap] = noop

(9)     [digest] = noop

(9) suffix: Checking for suffix after "@"

(9) suffix: No '@' in User-Name = "jake", looking up realm NULL

(9) suffix: No such realm "NULL"

(9)     [suffix] = noop

(9) eap: Peer sent code Response (2) ID 9 length 43

(9) eap: Continuing tunnel setup

(9)     [eap] = ok

(9)   } # authorize = ok

(9) Found Auth-Type = EAP

(9) # Executing group from file /etc/freeradius/sites-enabled/default

(9)   authenticate {

(9) eap: Expiring EAP session with state 0x22b0356023b92f2e

(9) eap: Finished EAP session with state 0x2ae8af4422e1b652

(9) eap: Previous EAP request found for state 0x2ae8af4422e1b652, released
from the list

(9) eap: Peer sent method PEAP (25)

(9) eap: EAP PEAP (25)

(9) eap: Calling eap_peap to process EAP data

(9) eap_peap: processing EAP-TLS

(9) eap_peap: eaptls_verify returned 7

(9) eap_peap: Done initial handshake

(9) eap_peap: eaptls_process returned 7

(9) eap_peap: FR_TLS_OK

(9) eap_peap: Session established.  Decoding tunneled attributes

(9) eap_peap: PEAP state phase2

(9) eap_peap: EAP type MSCHAPv2 (26)

(9) eap_peap: Got tunneled request

(9) eap_peap:   EAP-Message = 0x020900061a03

(9) eap_peap: Setting User-Name to jake

(9) eap_peap: Sending tunneled request to inner-tunnel

(9) eap_peap:   EAP-Message = 0x020900061a03

(9) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1

(9) eap_peap:   User-Name = 'jake'

(9) eap_peap:   State = 0x22b0356023b92f2e85a63bb65e619718

(9) eap_peap:   Service-Type = Framed-User

(9) eap_peap:   Framed-MTU = 1400

(9) eap_peap:   NAS-Port-Id = 'wlan4'

(9) eap_peap:   NAS-Port-Type = Wireless-802.11

(9) eap_peap:   Acct-Session-Id = '82200019'

(9) eap_peap:   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(9) eap_peap:   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(9) eap_peap:   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(9) eap_peap:   NAS-Identifier = 'MikroTik'

(9) eap_peap:   NAS-IP-Address = 10.1.1.23

(9) eap_peap:   Event-Timestamp = 'Jun 26 2015 03:36:52 UTC'

(9) Virtual server inner-tunnel received request

(9)   EAP-Message = 0x020900061a03

(9)   FreeRADIUS-Proxied-To = 127.0.0.1

(9)   User-Name = 'jake'

(9)   State = 0x22b0356023b92f2e85a63bb65e619718

(9)   Service-Type = Framed-User

(9)   Framed-MTU = 1400

(9)   NAS-Port-Id = 'wlan4'

(9)   NAS-Port-Type = Wireless-802.11

(9)   Acct-Session-Id = '82200019'

(9)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(9)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(9)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(9)   NAS-Identifier = 'MikroTik'

(9)   NAS-IP-Address = 10.1.1.23

(9)   Event-Timestamp = 'Jun 26 2015 03:36:52 UTC'

(9) server inner-tunnel {

(9)   session-state: No cached attributes

(9)   # Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel

(9)     authorize {

(9)       [chap] = noop

(9)       [mschap] = noop

(9) suffix: Checking for suffix after "@"

(9) suffix: No '@' in User-Name = "jake", looking up realm NULL

(9) suffix: No such realm "NULL"

(9)       [suffix] = noop

(9)       update control {

(9)         &Proxy-To-Realm := LOCAL

(9)       } # update control = noop

(9) eap: Peer sent code Response (2) ID 9 length 6

(9) eap: No EAP Start, assuming it's an on-going EAP conversation

(9)       [eap] = updated

(9)       [files] = noop

(9) sql: EXPAND %{User-Name}

(9) sql:    --> jake

(9) sql: SQL-User-Name set to 'jake'

rlm_sql (sql): Reserved connection (4)

(9) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id

(9) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'jake' ORDER BY id

(9) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'jake' ORDER BY id

(9) sql: User found in radcheck table

(9) sql: Conditional check items matched, merging assignment check items

(9) sql:   Cleartext-Password := 'fheman123'

(9) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id

(9) sql:    --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'jake' ORDER BY id

(9) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'jake' ORDER BY id

(9) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority

(9) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'jake'
ORDER BY priority

(9) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'jake' ORDER BY priority

(9) sql: User found in the group table

(9) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id

(9) sql:    --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id

(9) sql: Executing select query: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id

(9) sql: Group "14kimberleyst": Conditional check items matched

(9) sql: Group "14kimberleyst": Merging assignment check items

(9) sql:   Reset-Date := '13'

(9) sql:   Total-Bytes := '999999999999999999'

(9) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id

(9) sql:    --> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id

(9) sql: Executing select query: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id

(9) sql: Group "14kimberleyst": Merging reply items

(9) sql:   Session-Timeout := 10800

rlm_sql (sql): Released connection (4)

(9)       [sql] = ok

(9)       [expiration] = noop

(9)       [logintime] = noop

(9) pap: WARNING: Auth-Type already set.  Not setting to PAP

(9)       [pap] = noop

(9)     } # authorize = updated

(9)   Found Auth-Type = EAP

(9)   # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel

(9)     authenticate {

(9) eap: Expiring EAP session with state 0x22b0356023b92f2e

(9) eap: Finished EAP session with state 0x22b0356023b92f2e

(9) eap: Previous EAP request found for state 0x22b0356023b92f2e, released
from the list

(9) eap: Peer sent method MSCHAPv2 (26)

(9) eap: EAP MSCHAPv2 (26)

(9) eap: Calling eap_mschapv2 to process EAP data

(9) eap: Freeing handler

(9)       [eap] = ok

(9)     } # authenticate = ok

(9)   # Executing section post-auth from file
/etc/freeradius/sites-enabled/inner-tunnel

(9)     post-auth {

(9) sql: EXPAND .query

(9) sql:    --> .query

(9) sql: Using query template 'query'

rlm_sql (sql): Reserved connection (4)

(9) sql: EXPAND %{User-Name}

(9) sql:    --> jake

(9) sql: SQL-User-Name set to 'jake'

(9) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')

(9) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'jake', '', 'Access-Accept', '2015-06-26 03:36:52')

(9) sql: Executing query: INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( 'jake', '', 'Access-Accept', '2015-06-26 03:36:52')

(9) sql: SQL query returned: success

(9) sql: 1 record(s) updated

rlm_sql (sql): Released connection (4)

(9)       [sql] = ok

(9)       update {

(9)         &outer.session-state:Session-Timeout += &reply:Session-Timeout
-> 10800

(9)         &outer.session-state:MS-MPPE-Encryption-Policy +=
&reply:MS-MPPE-Encryption-Policy -> Encryption-Allowed

(9)         &outer.session-state:MS-MPPE-Encryption-Types +=
&reply:MS-MPPE-Encryption-Types -> RC4-40or128-bit-Allowed

(9)         &outer.session-state:MS-MPPE-Send-Key +=
&reply:MS-MPPE-Send-Key -> 0x89180aba877672b89e8af47487914f88

(9)         &outer.session-state:MS-MPPE-Recv-Key +=
&reply:MS-MPPE-Recv-Key -> 0xeb1d86612d6cfa12c45d9dfa87f470d1

(9)         &outer.session-state:EAP-Message += &reply:EAP-Message ->
0x03090004

(9)         &outer.session-state:Message-Authenticator +=
&reply:Message-Authenticator -> 0x00000000000000000000000000000000

(9)         &outer.session-state:User-Name += &reply:User-Name -> jake

(9)       } # update = noop

(9)       update outer.session-state {

(9)         MS-MPPE-Encryption-Policy !* ANY

(9)         MS-MPPE-Encryption-Types !* ANY

(9)         MS-MPPE-Send-Key !* ANY

(9)         MS-MPPE-Recv-Key !* ANY

(9)         Message-Authenticator !* ANY

(9)         EAP-Message !* ANY

(9)         Proxy-State !* ANY

(9)       } # update outer.session-state = noop

(9)     } # post-auth = ok

(9) } # server inner-tunnel

(9) Virtual server sending reply

(9)   Session-Timeout = 10800

(9)   MS-MPPE-Encryption-Policy = Encryption-Allowed

(9)   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed

(9)   MS-MPPE-Send-Key = 0x89180aba877672b89e8af47487914f88

(9)   MS-MPPE-Recv-Key = 0xeb1d86612d6cfa12c45d9dfa87f470d1

(9)   EAP-Message = 0x03090004

(9)   Message-Authenticator = 0x00000000000000000000000000000000

(9)   User-Name = 'jake'

(9) eap_peap: Got tunneled reply code 2

(9) eap_peap:   Session-Timeout = 10800

(9) eap_peap:   MS-MPPE-Encryption-Policy = Encryption-Allowed

(9) eap_peap:   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed

(9) eap_peap:   MS-MPPE-Send-Key = 0x89180aba877672b89e8af47487914f88

(9) eap_peap:   MS-MPPE-Recv-Key = 0xeb1d86612d6cfa12c45d9dfa87f470d1

(9) eap_peap:   EAP-Message = 0x03090004

(9) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000

(9) eap_peap:   User-Name = 'jake'

(9) eap_peap: Got tunneled reply RADIUS code 2

(9) eap_peap:   Session-Timeout = 10800

(9) eap_peap:   MS-MPPE-Encryption-Policy = Encryption-Allowed

(9) eap_peap:   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed

(9) eap_peap:   MS-MPPE-Send-Key = 0x89180aba877672b89e8af47487914f88

(9) eap_peap:   MS-MPPE-Recv-Key = 0xeb1d86612d6cfa12c45d9dfa87f470d1

(9) eap_peap:   EAP-Message = 0x03090004

(9) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000

(9) eap_peap:   User-Name = 'jake'

(9) eap_peap: Tunneled authentication was successful

(9) eap_peap: SUCCESS

(9) eap_peap: Saving tunneled attributes for later

(9) eap: EAP session adding &reply:State = 0x2ae8af4423e2b652

(9)     [eap] = handled

(9)   } # authenticate = handled

(9) Using Post-Auth-Type Challenge

(9) Post-Auth-Type sub-section not found.  Ignoring.

(9) # Executing group from file /etc/freeradius/sites-enabled/default

(9) session-state: Saving cached attributes

(9)   Session-Timeout += 10800

(9)   User-Name += 'jake'

(9) Sent Access-Challenge Id 250 from 172.17.0.68:1812 to
203.59.132.253:51671 length 0

(9)   EAP-Message =
0x010a002b190017030100209ffa89db62ad66cc4ddee6a4a1950f7ef37a98001a17f318cb0b6beb1492a1e0

(9)   Message-Authenticator = 0x00000000000000000000000000000000

(9)   State = 0x2ae8af4423e2b6526f505f86b4932430

(9) Finished request

Waking up in 3.9 seconds.

(10) Received Access-Request Id 251 from 203.59.132.253:49242 to
172.17.0.68:1812 length 274

(10)   Service-Type = Framed-User

(10)   Framed-MTU = 1400

(10)   User-Name = 'jake'

(10)   State = 0x2ae8af4423e2b6526f505f86b4932430

(10)   NAS-Port-Id = 'wlan4'

(10)   NAS-Port-Type = Wireless-802.11

(10)   Acct-Session-Id = '82200019'

(10)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(10)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(10)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(10)   EAP-Message =
0x020a002b1900170301002026447f2d4d239efdc5f79e265525ede34826f132b7d0c5c8874169bacc4ac3a3

(10)   Message-Authenticator = 0xa5e90887435c642376fc2a49a006da0b

(10)   NAS-Identifier = 'MikroTik'

(10)   NAS-IP-Address = 10.1.1.23

(10) session-state: Found cached attributes

(10)   Session-Timeout += 10800

(10)   User-Name += 'jake'

(10) # Executing section authorize from file
/etc/freeradius/sites-enabled/default

(10)   authorize {

(10)     policy filter_username {

(10)       if (!&User-Name) {

(10)       if (!&User-Name)  -> FALSE

(10)       if (&User-Name =~ / /) {

(10)       if (&User-Name =~ / /)  -> FALSE

(10)       if (&User-Name =~ /@.*@/ ) {

(10)       if (&User-Name =~ /@.*@/ )  -> FALSE

(10)       if (&User-Name =~ /\.\./ ) {

(10)       if (&User-Name =~ /\.\./ )  -> FALSE

(10)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {

(10)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
FALSE

(10)       if (&User-Name =~ /\.$/)  {

(10)       if (&User-Name =~ /\.$/)   -> FALSE

(10)       if (&User-Name =~ /@\./)  {

(10)       if (&User-Name =~ /@\./)   -> FALSE

(10)     } # policy filter_username = notfound

(10)     [preprocess] = ok

(10)     [chap] = noop

(10)     [mschap] = noop

(10)     [digest] = noop

(10) suffix: Checking for suffix after "@"

(10) suffix: No '@' in User-Name = "jake", looking up realm NULL

(10) suffix: No such realm "NULL"

(10)     [suffix] = noop

(10) eap: Peer sent code Response (2) ID 10 length 43

(10) eap: Continuing tunnel setup

(10)     [eap] = ok

(10)   } # authorize = ok

(10) Found Auth-Type = EAP

(10) # Executing group from file /etc/freeradius/sites-enabled/default

(10)   authenticate {

(10) eap: Expiring EAP session with state 0x2ae8af4423e2b652

(10) eap: Finished EAP session with state 0x2ae8af4423e2b652

(10) eap: Previous EAP request found for state 0x2ae8af4423e2b652, released
from the list

(10) eap: Peer sent method PEAP (25)

(10) eap: EAP PEAP (25)

(10) eap: Calling eap_peap to process EAP data

(10) eap_peap: processing EAP-TLS

(10) eap_peap: eaptls_verify returned 7

(10) eap_peap: Done initial handshake

(10) eap_peap: eaptls_process returned 7

(10) eap_peap: FR_TLS_OK

(10) eap_peap: Session established.  Decoding tunneled attributes

(10) eap_peap: PEAP state send tlv success

(10) eap_peap: Received EAP-TLV response

(10) eap_peap: Success

(10) eap_peap: Using saved attributes from the original Access-Accept

(10) eap_peap:   Session-Timeout = 10800

(10) eap_peap:   User-Name = 'jake'

(10) eap_peap: Saving session
f8318cccbe262c0e3e6529d8f49d6f94bb3d20480c225789496ecaf88b6d23bb vps
0x18cb740 in the cache

(10) eap: Freeing handler

(10)     [eap] = ok

(10)   } # authenticate = ok

(10) # Executing section post-auth from file
/etc/freeradius/sites-enabled/default

(10)   post-auth {

(10)     update {

(10)       &reply:Session-Timeout += &session-state:Session-Timeout -> 10800

(10)       &reply:User-Name += &session-state:User-Name -> jake

(10)     } # update = noop

(10) sql: EXPAND .query

(10) sql:    --> .query

(10) sql: Using query template 'query'

rlm_sql (sql): Reserved connection (4)

(10) sql: EXPAND %{User-Name}

(10) sql:    --> jake

(10) sql: SQL-User-Name set to 'jake'

(10) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')

(10) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'jake', '', 'Access-Accept', '2015-06-26 03:36:52')

(10) sql: Executing query: INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( 'jake', '', 'Access-Accept', '2015-06-26 03:36:52')

(10) sql: SQL query returned: success

(10) sql: 1 record(s) updated

rlm_sql (sql): Released connection (4)

(10)     [sql] = ok

(10)     [exec] = noop

(10)     policy remove_reply_message_if_eap {

(10)       if (&reply:EAP-Message && &reply:Reply-Message) {

(10)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE

(10)       else {

(10)         [noop] = noop

(10)       } # else = noop

(10)     } # policy remove_reply_message_if_eap = noop

(10)   } # post-auth = ok

(10) Sent Access-Accept Id 251 from 172.17.0.68:1812 to 203.59.132.253:49242
length 0

(10)   Session-Timeout = 10800

(10)   User-Name = 'jake'

(10)   MS-MPPE-Recv-Key =
0xe5deb546fc8f6e00acdf29b623d95704d2ed1020f037955b5200e47def068653

(10)   MS-MPPE-Send-Key =
0x1c0c6d0296a173ab78c88bae351114f84de5cdc9386cbb1dc93bb9ff188d29ef

(10)   EAP-Message = 0x030a0004

(10)   Message-Authenticator = 0x00000000000000000000000000000000

(10)   Session-Timeout += 10800

(10)   User-Name += 'jake'

(10) Finished request

Waking up in 3.8 seconds.

(11) Received Accounting-Request Id 252 from 203.59.132.253:49829 to
172.17.0.68:1813 length 205

(11)   Service-Type = Framed-User

(11)   NAS-Port-Id = 'wlan4'

(11)   NAS-Port-Type = Wireless-802.11

(11)   User-Name = 'jake'

(11)   Acct-Session-Id = '82200019'

(11)   Acct-Multi-Session-Id =
'02-0C-42-B7-A9-5E-F8-A9-D0-18-F2-24-82-20-00-00-00-00-00-18'

(11)   Calling-Station-Id = 'F8-A9-D0-18-F2-24'

(11)   Called-Station-Id = '02-0C-42-B7-A9-5E:GRACE UPON GRACE'

(11)   Acct-Authentic = RADIUS

(11)   Acct-Status-Type = Start

(11)   NAS-Identifier = 'MikroTik'

(11)   Acct-Delay-Time = 0

(11)   NAS-IP-Address = 10.1.1.23

(11) # Executing section preacct from file
/etc/freeradius/sites-enabled/default

(11)   preacct {

(11)     [preprocess] = ok

(11)     policy acct_unique {

(11)       if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i) {

(11)       EXPAND %{string:Class}

(11)          -->

(11)       if ("%{string:Class}" =~ /ai:([0-9a-f]{32})/i)  -> FALSE

(11)       else {

(11)         update request {

(11)           EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}

(11)              --> fbad663f9e23f248b243af3297e4a26d

(11)           &Acct-Unique-Session-Id := fbad663f9e23f248b243af3297e4a26d

(11)         } # update request = noop

(11)       } # else = noop

(11)     } # policy acct_unique = noop

(11) suffix: Checking for suffix after "@"

(11) suffix: No '@' in User-Name = "jake", looking up realm NULL

(11) suffix: No such realm "NULL"

(11)     [suffix] = noop

(11)     [files] = noop

(11)   } # preacct = ok

(11) # Executing section accounting from file
/etc/freeradius/sites-enabled/default

(11)   accounting {

(11) detail: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d

(11) detail:    --> /var/log/freeradius/radacct/
203.59.132.253/detail-20150626

(11) detail:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/203.59.132.253/detail-20150626

(11) detail: EXPAND %t

(11) detail:    --> Fri Jun 26 03:36:52 2015

(11)     [detail] = ok

(11)     [unix] = ok

(11) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query}

(11) sql:    --> type.start.query

(11) sql: Using query template 'query'

rlm_sql (sql): Reserved connection (4)

(11) sql: EXPAND %{User-Name}

(11) sql:    --> jake

(11) sql: SQL-User-Name set to 'jake'

(11) sql: EXPAND INSERT INTO radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress, nasportid, nasporttype,acctstarttime,
acctupdatetime, acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause, servicetype,
framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}',
FROM_UNIXTIME(%{integer:Event-Timestamp}),
FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}')

(11) sql:    --> INSERT INTO radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress, nasportid, nasporttype,acctstarttime,
acctupdatetime, acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause, servicetype,
framedprotocol, framedipaddress) VALUES ('82200019',
'fbad663f9e23f248b243af3297e4a26d', 'jake', '', '10.1.1.23', '',
'Wireless-802.11', FROM_UNIXTIME(1435289812), FROM_UNIXTIME(1435289812),
NULL, '0', 'RADIUS', '', '', '0', '0', '02-0C-42-B7-A9-5E:GRACE UPON
GRACE', 'F8-A9-D0-18-F2-24', '', 'Framed-User', '', '')

(11) sql: Executing query: INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype,
acctstarttime, acctupdatetime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress) VALUES ('82200019',
'fbad663f9e23f248b243af3297e4a26d', 'jake', '', '10.1.1.23', '',
'Wireless-802.11', FROM_UNIXTIME(1435289812), FROM_UNIXTIME(1435289812),
NULL, '0', 'RADIUS', '', '', '0', '0', '02-0C-42-B7-A9-5E:GRACE UPON
GRACE', 'F8-A9-D0-18-F2-24', '', 'Framed-User', '', '')

(11) sql: SQL query returned: success

(11) sql: 1 record(s) updated

rlm_sql (sql): Released connection (4)

(11)     [sql] = ok

(11)     [exec] = noop

(11) attr_filter.accounting_response: EXPAND %{User-Name}

(11) attr_filter.accounting_response:    --> jake

(11) attr_filter.accounting_response: Matched entry DEFAULT at line 15

(11)     [attr_filter.accounting_response] = updated

(11)   } # accounting = updated

(11) Sent Accounting-Response Id 252 from 172.17.0.68:1813 to
203.59.132.253:49829 length 0

(11) Finished request

(11) <done>: Cleaning up request packet ID 252 with timestamp +10

Waking up in 3.7 seconds.

(0) <done>: Cleaning up request packet ID 241 with timestamp +9

Waking up in 0.1 seconds.

(1) <done>: Cleaning up request packet ID 242 with timestamp +9

Waking up in 0.1 seconds.

(2) <done>: Cleaning up request packet ID 243 with timestamp +9

Waking up in 0.1 seconds.

(3) <done>: Cleaning up request packet ID 244 with timestamp +9

Waking up in 0.1 seconds.

(4) <done>: Cleaning up request packet ID 245 with timestamp +9

Waking up in 0.1 seconds.

(5) <done>: Cleaning up request packet ID 246 with timestamp +9

Waking up in 0.1 seconds.

(6) <done>: Cleaning up request packet ID 247 with timestamp +10

(7) <done>: Cleaning up request packet ID 248 with timestamp +10

Waking up in 0.1 seconds.

(8) <done>: Cleaning up request packet ID 249 with timestamp +10

Waking up in 0.1 seconds.

(9) <done>: Cleaning up request packet ID 250 with timestamp +10

Waking up in 0.1 seconds.

(10) <done>: Cleaning up request packet ID 251 with timestamp +10

Ready to process requests


On 26 June 2015 at 11:33, Arran Cudbard-Bell <a.cudbardb at freeradius.org>
wrote:
>
>
> > On 25 Jun 2015, at 23:21, Jake He <jake.he at gmail.com> wrote:
> >
> > Hi,
> >
> > I have a problem where Attribute MT-Recv-Limit is returned in
> > Access-Challenge but not in Access-Accept.
> >
> > This is my setup. FR 3.0.8
> >
> > I have configured following in the eap.conf file in the ttls section :
> >
> > copy_request_to_tunnel = yes
> > use_tunneled_reply = yes
> > virtual_server = "inner-tunnel"
> >
> > /etc/freeradius/sites-available/inner-tunnel. post-auth block,
uncommented.
> >
> > update {
> >                &outer.session-state: += &reply:
> >          }
> >
> > update outer.session-state {
> >
> >                MS-MPPE-Encryption-Policy !* ANY
> >
> >                MS-MPPE-Encryption-Types !* ANY
> >
> >                MS-MPPE-Send-Key !* ANY
> >
> >                MS-MPPE-Recv-Key !* ANY
> >
> >                Message-Authenticator !* ANY
> >
> >                EAP-Message !* ANY
> >
> >                Proxy-State !* ANY
> >
> >        }
> >
> > I have a fixed radreply attribute Session-Timeout in the database. This
is
> > sent in the Access-Accept.
> >
> > MT-Recv-Limit is sent by a perl script
> > <
https://raw.githubusercontent.com/zhex900/radius-config/master/version.3/mods-config/perl/check_usage.pl
>.
> > This
> > script add a new radreply $RAD_REPLY{'Mikrotik-Recv-Limit'}. This is
called
> > in the site-available/default authorize block.
> > Mikrotik-Recv-Limit does appear in the Access-Challenge but not in the
> > Access-Accept.
> >
> > Any ideas?
>
> Not really, seeing as you've not provided the debug output...
>
> -Arran
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS development team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list