proxy keyed-balance setting
Scott McLane Gardner
sgardne at uark.edu
Wed Sep 7 17:56:34 CEST 2016
I'm attempting to proxy based on Calling-Station-Id using the pre-proxy config in sites-available/default and proxy.conf. I think I have it all configured correctly, but the proxy server always forwards to the first server in the home_server_pool regardless. Will the proxy server do the server calculation (server = (hash % num_servers_in_pool)) for every request, or only if a threshold of requests per second are coming in or something like that? Here is my relevant config:
sites-available/default :
<snip>
pre-proxy {
update control {
Load-Balance-Key := "%{Calling-Station-Id}"
}
updated
}
</snip>
proxy.conf :
<snip>
home_server_pool redrads {
type = keyed-balance
#type = client-port-balance
home_server = redrad01
home_server = redrad02
home_server = redrad03
}
</snip>
How can I tell that the Load-Balance-Key is being set? I see the following in the debug, but it still just punts to the first server no matter what.
(131) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(131) pre-proxy {
(131) update control {
(131) EXPAND %{Calling-Station-Id}
(131) --> 6c:8d:c1:d1:65:65
(131) Load-Balance-Key := "6c:8d:c1:d1:65:65"
(131) } # update control = noop
(131) [updated] = updated
(131) } # pre-proxy = updated
(131) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
10.7.0.29 is redrad01
Here's the full debug output of one connection attempt:
radiusd: FreeRADIUS Version 3.0.4, for host x86_64-redhat-linux-gnu, built on Dec 28 2014 at 07:00:16
Copyright (C) 1999-2014 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/raddb/dictionary
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/mods-enabled/
including configuration file /etc/raddb/mods-enabled/always
including configuration file /etc/raddb/mods-enabled/attr_filter
including configuration file /etc/raddb/mods-enabled/cache_eap
including configuration file /etc/raddb/mods-enabled/chap
including configuration file /etc/raddb/mods-enabled/detail
including configuration file /etc/raddb/mods-enabled/detail.log
including configuration file /etc/raddb/mods-enabled/dhcp
including configuration file /etc/raddb/mods-enabled/digest
including configuration file /etc/raddb/mods-enabled/dynamic_clients
including configuration file /etc/raddb/mods-enabled/eap
including configuration file /etc/raddb/mods-enabled/echo
including configuration file /etc/raddb/mods-enabled/exec
including configuration file /etc/raddb/mods-enabled/expiration
including configuration file /etc/raddb/mods-enabled/expr
including configuration file /etc/raddb/mods-enabled/files
including configuration file /etc/raddb/mods-enabled/linelog
including configuration file /etc/raddb/mods-enabled/logintime
including configuration file /etc/raddb/mods-enabled/mschap
including configuration file /etc/raddb/mods-enabled/ntlm_auth
including configuration file /etc/raddb/mods-enabled/pap
including configuration file /etc/raddb/mods-enabled/passwd
including configuration file /etc/raddb/mods-enabled/preprocess
including configuration file /etc/raddb/mods-enabled/radutmp
including configuration file /etc/raddb/mods-enabled/realm
including configuration file /etc/raddb/mods-enabled/replicate
including configuration file /etc/raddb/mods-enabled/soh
including configuration file /etc/raddb/mods-enabled/sradutmp
including configuration file /etc/raddb/mods-enabled/unix
including configuration file /etc/raddb/mods-enabled/unpack
including configuration file /etc/raddb/mods-enabled/utf8
including files in directory /etc/raddb/policy.d/
including configuration file /etc/raddb/policy.d/accounting
including configuration file /etc/raddb/policy.d/canonicalization
including configuration file /etc/raddb/policy.d/control
including configuration file /etc/raddb/policy.d/cui
including configuration file /etc/raddb/policy.d/debug
including configuration file /etc/raddb/policy.d/dhcp
including configuration file /etc/raddb/policy.d/eap
including configuration file /etc/raddb/policy.d/filter
including configuration file /etc/raddb/policy.d/operator-name
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
security {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
}
main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server redrad01 {
ipaddr = 10.7.0.29
port = 1812
type = "auth"
secret = <<< secret >>>
response_window = 20.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 120
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
}
home_server redrad02 {
ipaddr = 10.7.0.30
port = 1812
type = "auth"
secret = <<< secret >>>
response_window = 20.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 120
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
}
home_server redrad03 {
ipaddr = 10.7.0.31
port = 1812
type = "auth"
secret = <<< secret >>>
response_window = 20.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 120
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
}
home_server_pool redrads {
type = keyed-balance
home_server = redrad01
home_server = redrad02
home_server = redrad03
}
realm DEFAULT {
auth_pool = redrads
}
radiusd: #### Loading Clients ####
client blue8510.myOrg.org {
ipaddr = 10.250.0.18
require_message_authenticator = no
secret = <<< secret >>>
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 0
}
}
client red8510.myOrg.org {
ipaddr = 10.250.0.19
require_message_authenticator = no
secret = <<< secret >>>
nas_type = "cisco"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 0
}
}
client localhost_ipv6 {
ipv6addr = ::1
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
radiusd: #### Instantiating modules ####
instantiate {
}
modules {
# Loaded module rlm_always
# Instantiating module "reject" from file /etc/raddb/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
# Instantiating module "fail" from file /etc/raddb/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Instantiating module "ok" from file /etc/raddb/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Instantiating module "handled" from file /etc/raddb/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
always invalid {
rcode = "invalid"
simulcount = 0
mpp = no
}
# Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
always userlock {
rcode = "userlock"
simulcount = 0
mpp = no
}
# Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
always notfound {
rcode = "notfound"
simulcount = 0
mpp = no
}
# Instantiating module "noop" from file /etc/raddb/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
# Instantiating module "updated" from file /etc/raddb/mods-enabled/always
always updated {
rcode = "updated"
simulcount = 0
mpp = no
}
# Loaded module rlm_attr_filter
# Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.post-proxy {
filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
key = "%{Realm}"
relaxed = no
}
reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.pre-proxy {
filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
key = "%{Realm}"
relaxed = no
}
reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
filename = "/etc/raddb/mods-config/attr_filter/access_reject"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
# Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_challenge {
filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.accounting_response {
filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
# Loaded module rlm_cache
# Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
cache cache_eap {
key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
ttl = 15
max_entries = 16384
epoch = 0
add_stats = no
}
# Loaded module rlm_chap
# Instantiating module "chap" from file /etc/raddb/mods-enabled/chap
# Loaded module rlm_detail
# Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
detail {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
log_packet_header = no
}
# Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
detail auth_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
log_packet_header = no
}
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
# Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
detail reply_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
log_packet_header = no
}
# Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
detail pre_proxy_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
log_packet_header = no
}
# Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
detail post_proxy_log {
filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
log_packet_header = no
}
# Loaded module rlm_dhcp
# Instantiating module "dhcp" from file /etc/raddb/mods-enabled/dhcp
# Loaded module rlm_digest
# Instantiating module "digest" from file /etc/raddb/mods-enabled/digest
# Loaded module rlm_dynamic_clients
# Instantiating module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients
# Loaded module rlm_eap
# Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
mod_accounting_username_bug = no
max_sessions = 1024
}
# Linked to sub-module rlm_eap_md5
# Linked to sub-module rlm_eap_leap
# Linked to sub-module rlm_eap_gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
ca_path = "/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
ca_file = "/etc/raddb/certs/ca.pem"
private_key_password = <<< secret >>>
dh_file = "/etc/raddb/certs/dh"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
ecdh_curve = "prime256v1"
cache {
enable = yes
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = yes
}
}
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
require_client_cert = no
}
Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_method = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Loaded module rlm_exec
# Instantiating module "echo" from file /etc/raddb/mods-enabled/echo
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
# Instantiating module "exec" from file /etc/raddb/mods-enabled/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
# Loaded module rlm_expiration
# Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration
# Loaded module rlm_expr
# Instantiating module "expr" from file /etc/raddb/mods-enabled/expr
expr {
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
# Loaded module rlm_files
# Instantiating module "files" from file /etc/raddb/mods-enabled/files
files {
filename = "/etc/raddb/mods-config/files/authorize"
usersfile = "/etc/raddb/mods-config/files/authorize"
acctusersfile = "/etc/raddb/mods-config/files/accounting"
preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
compat = "cistron"
}
reading pairlist file /etc/raddb/mods-config/files/authorize
[/etc/raddb/mods-config/files/authorize]:2 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/mods-config/files/authorize]:183 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/mods-config/files/authorize]:190 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/mods-config/files/authorize]:197 Cistron compatibility checks for entry DEFAULT ...
reading pairlist file /etc/raddb/mods-config/files/authorize
[/etc/raddb/mods-config/files/authorize]:2 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/mods-config/files/authorize]:183 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/mods-config/files/authorize]:190 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/mods-config/files/authorize]:197 Cistron compatibility checks for entry DEFAULT ...
reading pairlist file /etc/raddb/mods-config/files/accounting
reading pairlist file /etc/raddb/mods-config/files/pre-proxy
# Loaded module rlm_linelog
# Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
linelog {
filename = "/var/log/radius/linelog"
permissions = 384
format = "This is a log message for %{User-Name}"
reference = "messages.%{%{Packet-Type}:-default}"
}
# Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/linelog
linelog log_accounting {
filename = "/var/log/radius/linelog-accounting"
permissions = 384
format = ""
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
}
# Loaded module rlm_logintime
# Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
logintime {
minimum_timeout = 60
}
# Loaded module rlm_mschap
# Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
ntlm_auth = "/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"
passchange {
}
allow_retry = yes
}
# Instantiating module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
shell_escape = yes
}
# Loaded module rlm_pap
# Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
pap {
normalise = yes
}
# Loaded module rlm_passwd
# Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
passwd etc_passwd {
filename = "/etc/passwd"
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
# Loaded module rlm_preprocess
# Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
preprocess {
huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
hints = "/etc/raddb/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /etc/raddb/mods-config/preprocess/hints
# Loaded module rlm_radutmp
# Instantiating module "radutmp" from file /etc/raddb/mods-enabled/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 384
caller_id = yes
}
# Loaded module rlm_realm
# Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
# Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
# Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm
realm realmpercent {
format = "suffix"
delimiter = "%"
ignore_default = no
ignore_null = no
}
# Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
realm ntdomain {
format = "prefix"
delimiter = "\"
ignore_default = no
ignore_null = no
}
# Loaded module rlm_replicate
# Instantiating module "replicate" from file /etc/raddb/mods-enabled/replicate
# Loaded module rlm_soh
# Instantiating module "soh" from file /etc/raddb/mods-enabled/soh
soh {
dhcp = yes
}
# Instantiating module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
radutmp sradutmp {
filename = "/var/log/radius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 420
caller_id = no
}
# Loaded module rlm_unix
# Instantiating module "unix" from file /etc/raddb/mods-enabled/unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
# Loaded module rlm_unpack
# Instantiating module "unpack" from file /etc/raddb/mods-enabled/unpack
# Loaded module rlm_utf8
# Instantiating module "utf8" from file /etc/raddb/mods-enabled/utf8
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
} # server
server default { # from file /etc/raddb/sites-enabled/default
# Creating Auth-Type = digest
# Loading authenticate {...}
# Loading authorize {...}
Ignoring "sql" (see raddb/mods-available/README.rst)
Ignoring "ldap" (see raddb/mods-available/README.rst)
# Loading preacct {...}
# Loading accounting {...}
# Loading pre-proxy {...}
# Loading post-proxy {...}
# Loading post-auth {...}
} # server default
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
# Loading authenticate {...}
# Loading authorize {...}
# Loading session {...}
# Loading post-proxy {...}
# Loading post-auth {...}
} # server inner-tunnel
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on auth address * port 1812 as server default
Listening on acct address * port 1813 as server default
Listening on auth address :: port 1812 as server default
Listening on acct address :: port 1813 as server default
Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel
Opening new proxy socket 'proxy address * port 0'
Listening on proxy address * port 58962
Ready to process requests
Received Access-Request Id 133 from 10.250.0.19:32777 to 10.7.0.28:1812 length 290
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x0201000c0173676172646e65
Message-Authenticator = 0x0c7aa5f145c2a3a21a3d3599ebd65013
(0) Received Access-Request packet from host 10.250.0.19 port 32777, id=133, length=290
(0) User-Name = 'myUsername'
(0) Chargeable-User-Identity = 0x00
(0) Location-Capable = Civix-Location
(0) Calling-Station-Id = '88:63:df:a5:2a:c7'
(0) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(0) NAS-Port = 4
(0) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(0) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(0) Cisco-AVPair = 'mDNS=true'
(0) NAS-IP-Address = 10.250.0.19
(0) NAS-Identifier = 'Red 8510'
(0) Airespace-Wlan-Id = 8
(0) Service-Type = Framed-User
(0) Framed-MTU = 1300
(0) NAS-Port-Type = Wireless-802.11
(0) Tunnel-Type:0 = VLAN
(0) Tunnel-Medium-Type:0 = IEEE-802
(0) Tunnel-Private-Group-Id:0 = '477'
(0) EAP-Message = 0x0201000c0173676172646e65
(0) Message-Authenticator = 0x0c7aa5f145c2a3a21a3d3599ebd65013
(0) # Executing section authorize from file /etc/raddb/sites-enabled/default
(0) authorize {
(0) filter_username filter_username {
(0) if (!&User-Name)
(0) if (!&User-Name) -> FALSE
(0) if (&User-Name =~ / /)
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@.*@/ )
(0) if (&User-Name =~ /@.*@/ ) -> FALSE
(0) if (&User-Name =~ /\\.\\./ )
(0) if (&User-Name =~ /\\.\\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\\.$/)
(0) if (&User-Name =~ /\\.$/) -> FALSE
(0) if (&User-Name =~ /@\\./)
(0) if (&User-Name =~ /@\\./) -> FALSE
(0) } # filter_username filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix : Checking for suffix after "@"
(0) suffix : No '@' in User-Name = "myUsername", looking up realm NULL
(0) suffix : Found realm "DEFAULT"
(0) suffix : Adding Stripped-User-Name = "myUsername"
(0) suffix : Adding Realm = "DEFAULT"
(0) suffix : Proxying request from user myUsername to realm DEFAULT
(0) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(0) [suffix] = updated
(0) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
(0) [eap] = noop
(0) files : users: Matched entry DEFAULT at line 2
(0) [files] = ok
(0) [expiration] = noop
(0) [logintime] = noop
(0) [pap] = noop
(0) } # authorize = updated
(0) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(0) pre-proxy {
(0) update control {
(0) EXPAND %{Calling-Station-Id}
(0) --> 88:63:df:a5:2a:c7
(0) Load-Balance-Key := "88:63:df:a5:2a:c7"
(0) } # update control = noop
(0) [updated] = updated
(0) } # pre-proxy = updated
Opening new proxy socket 'proxy address * port 0'
Listening on proxy address * port 32820
(0) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
(0) Sending Access-Request packet to host 10.7.0.29 port 1812, id=81, length=0
(0) User-Name = 'myUsername'
(0) Chargeable-User-Identity = 0x00
(0) Location-Capable = Civix-Location
(0) Calling-Station-Id = '88:63:df:a5:2a:c7'
(0) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(0) NAS-Port = 4
(0) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(0) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(0) Cisco-AVPair = 'mDNS=true'
(0) NAS-IP-Address = 10.250.0.19
(0) NAS-Identifier = 'Red 8510'
(0) Airespace-Wlan-Id = 8
(0) Service-Type = Framed-User
(0) Framed-MTU = 1300
(0) NAS-Port-Type = Wireless-802.11
(0) Tunnel-Type:0 = VLAN
(0) Tunnel-Medium-Type:0 = IEEE-802
(0) Tunnel-Private-Group-Id:0 = '477'
(0) EAP-Message = 0x0201000c0173676172646e65
(0) Message-Authenticator = 0x0c7aa5f145c2a3a21a3d3599ebd65013
(0) Event-Timestamp = 'Sep 7 2016 10:45:30 CDT'
(0) Stripped-User-Name = 'myUsername'
(0) Realm = 'DEFAULT'
(0) EAP-Type = Identity
(0) Proxy-State = 0x313333
Sending Access-Request Id 81 from 0.0.0.0:32820 to 10.7.0.29:1812
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x0201000c0173676172646e65
Message-Authenticator = 0x0c7aa5f145c2a3a21a3d3599ebd65013
Event-Timestamp = 'Sep 7 2016 10:45:30 CDT'
Proxy-State = 0x313333
Waking up in 0.3 seconds.
Received Access-Challenge Id 81 from 10.7.0.29:1812 to 10.7.0.28:32820 length 69
EAP-Message = 0x010200061920
Message-Authenticator = 0xe3e99e6b01a32aae781244fb9e9e1c79
State = 0x7f32d9747f30c071723770ef4b853a0b
Proxy-State = 0x313333
(0) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=81, length=69
(0) EAP-Message = 0x010200061920
(0) Message-Authenticator = 0xe3e99e6b01a32aae781244fb9e9e1c79
(0) State = 0x7f32d9747f30c071723770ef4b853a0b
(0) Proxy-State = 0x313333
(0) # Executing section post-proxy from file /etc/raddb/sites-enabled/default
(0) post-proxy {
(0) eap : No pre-existing handler found
(0) [eap] = noop
(0) } # post-proxy = noop
(0) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=133, length=0
(0) EAP-Message = 0x010200061920
(0) Message-Authenticator = 0xe3e99e6b01a32aae781244fb9e9e1c79
(0) State = 0x7f32d9747f30c071723770ef4b853a0b
Sending Access-Challenge Id 133 from 10.7.0.28:1812 to 10.250.0.19:32777
EAP-Message = 0x010200061920
Message-Authenticator = 0xe3e99e6b01a32aae781244fb9e9e1c79
State = 0x7f32d9747f30c071723770ef4b853a0b
(0) Finished request
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
Received Access-Request Id 134 from 10.250.0.19:32777 to 10.7.0.28:1812 length 427
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x02020083198000000079160301007401000070030157d0361b7e203d57e5bcc6c45d4ef147e49fdfb1edc8cc23db3bfd77d3524dc600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000
State = 0x7f32d9747f30c071723770ef4b853a0b
Message-Authenticator = 0x0801e4ea24b0e67675287c8b67291e91
(1) Received Access-Request packet from host 10.250.0.19 port 32777, id=134, length=427
(1) User-Name = 'myUsername'
(1) Chargeable-User-Identity = 0x00
(1) Location-Capable = Civix-Location
(1) Calling-Station-Id = '88:63:df:a5:2a:c7'
(1) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(1) NAS-Port = 4
(1) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(1) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(1) Cisco-AVPair = 'mDNS=true'
(1) NAS-IP-Address = 10.250.0.19
(1) NAS-Identifier = 'Red 8510'
(1) Airespace-Wlan-Id = 8
(1) Service-Type = Framed-User
(1) Framed-MTU = 1300
(1) NAS-Port-Type = Wireless-802.11
(1) Tunnel-Type:0 = VLAN
(1) Tunnel-Medium-Type:0 = IEEE-802
(1) Tunnel-Private-Group-Id:0 = '477'
(1) EAP-Message = 0x02020083198000000079160301007401000070030157d0361b7e203d57e5bcc6c45d4ef147e49fdfb1edc8cc23db3bfd77d3524dc600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000
(1) State = 0x7f32d9747f30c071723770ef4b853a0b
(1) Message-Authenticator = 0x0801e4ea24b0e67675287c8b67291e91
(1) # Executing section authorize from file /etc/raddb/sites-enabled/default
(1) authorize {
(1) filter_username filter_username {
(1) if (!&User-Name)
(1) if (!&User-Name) -> FALSE
(1) if (&User-Name =~ / /)
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@.*@/ )
(1) if (&User-Name =~ /@.*@/ ) -> FALSE
(1) if (&User-Name =~ /\\.\\./ )
(1) if (&User-Name =~ /\\.\\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\\.$/)
(1) if (&User-Name =~ /\\.$/) -> FALSE
(1) if (&User-Name =~ /@\\./)
(1) if (&User-Name =~ /@\\./) -> FALSE
(1) } # filter_username filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix : Checking for suffix after "@"
(1) suffix : No '@' in User-Name = "myUsername", looking up realm NULL
(1) suffix : Found realm "DEFAULT"
(1) suffix : Adding Stripped-User-Name = "myUsername"
(1) suffix : Adding Realm = "DEFAULT"
(1) suffix : Proxying request from user myUsername to realm DEFAULT
(1) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(1) [suffix] = updated
(1) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
(1) [eap] = noop
(1) files : users: Matched entry DEFAULT at line 2
(1) [files] = ok
(1) [expiration] = noop
(1) [logintime] = noop
(1) [pap] = noop
(1) } # authorize = updated
(1) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(1) pre-proxy {
(1) update control {
(1) EXPAND %{Calling-Station-Id}
(1) --> 88:63:df:a5:2a:c7
(1) Load-Balance-Key := "88:63:df:a5:2a:c7"
(1) } # update control = noop
(1) [updated] = updated
(1) } # pre-proxy = updated
(1) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
(1) Sending Access-Request packet to host 10.7.0.29 port 1812, id=20, length=0
(1) User-Name = 'myUsername'
(1) Chargeable-User-Identity = 0x00
(1) Location-Capable = Civix-Location
(1) Calling-Station-Id = '88:63:df:a5:2a:c7'
(1) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(1) NAS-Port = 4
(1) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(1) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(1) Cisco-AVPair = 'mDNS=true'
(1) NAS-IP-Address = 10.250.0.19
(1) NAS-Identifier = 'Red 8510'
(1) Airespace-Wlan-Id = 8
(1) Service-Type = Framed-User
(1) Framed-MTU = 1300
(1) NAS-Port-Type = Wireless-802.11
(1) Tunnel-Type:0 = VLAN
(1) Tunnel-Medium-Type:0 = IEEE-802
(1) Tunnel-Private-Group-Id:0 = '477'
(1) EAP-Message = 0x02020083198000000079160301007401000070030157d0361b7e203d57e5bcc6c45d4ef147e49fdfb1edc8cc23db3bfd77d3524dc600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000
(1) State = 0x7f32d9747f30c071723770ef4b853a0b
(1) Message-Authenticator = 0x0801e4ea24b0e67675287c8b67291e91
(1) Event-Timestamp = 'Sep 7 2016 10:45:31 CDT'
(1) Stripped-User-Name = 'myUsername'
(1) Realm = 'DEFAULT'
(1) EAP-Type = PEAP
(1) Proxy-State = 0x313334
Sending Access-Request Id 20 from 0.0.0.0:32820 to 10.7.0.29:1812
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x02020083198000000079160301007401000070030157d0361b7e203d57e5bcc6c45d4ef147e49fdfb1edc8cc23db3bfd77d3524dc600002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000
State = 0x7f32d9747f30c071723770ef4b853a0b
Message-Authenticator = 0x0801e4ea24b0e67675287c8b67291e91
Event-Timestamp = 'Sep 7 2016 10:45:31 CDT'
Proxy-State = 0x313334
Waking up in 0.3 seconds.
Received Access-Challenge Id 20 from 10.7.0.29:1812 to 10.7.0.28:32820 length 1073
EAP-Message = 0x010303ec19c000001709160301005902000055030157d0361aca92a67745d40e35156c7ad740c541016d178f5273f5af1f59a50b60204821ad3949787ca622cad771b3b67c02410b620893a6387c2c7b9571def4bfa3c01400000dff01000100000b000403000102160301154d0b001549001546000588308205843082046ca0030201020210202d6f1b7599d63a02581661d5a66855300d06092a864886f70d01010b05003076310b3009060355040613025553310b3009060355040813024d493112301006035504071309416e6e204172626f7231123010060355040a1309496e7465726e6574323111300f060355040b1308496e436f6d6d6f6e311f301d06035504031316496e436f6d6d6f6e2052534120536572766572204341301e170d3136303831383030303030305a170d3138303831383233353935395a3081bc310b3009060355040613025553310e300c060355041113053732373031310b3009060355040813024152311530130603550407130c4661796574746576696c6c65311f301d06035504091316556e6976657273697479206f662041726b616e736173311f301d060355040a1316556e6976657273697479206f662041726b616e736173311b3019060355040b131255495453202d204954205365727669636573311a30180603550403131172656472616430312e75617
Message-Authenticator = 0x5c78ba0db4500c1c263a70fd546949ec
State = 0x7f32d9747e31c071723770ef4b853a0b
Proxy-State = 0x313334
(1) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=20, length=1073
(1) EAP-Message = 0x010303ec19c000001709160301005902000055030157d0361aca92a67745d40e35156c7ad740c541016d178f5273f5af1f59a50b60204821ad3949787ca622cad771b3b67c02410b620893a6387c2c7b9571def4bfa3c01400000dff01000100000b000403000102160301154d0b001549001546000588308205843082046ca0030201020210202d6f1b7599d63a02581661d5a66855300d06092a864886f70d01010b05003076310b3009060355040613025553310b3009060355040813024d493112301006035504071309416e6e204172626f7231123010060355040a1309496e7465726e6574323111300f060355040b1308496e436f6d6d6f6e311f301d06035504031316496e436f6d6d6f6e2052534120536572766572204341301e170d3136303831383030303030305a170d3138303831383233353935395a3081bc310b3009060355040613025553310e300c060355041113053732373031310b3009060355040813024152311530130603550407130c4661796574746576696c6c65311f301d06035504091316556e6976657273697479206f662041726b616e736173311f301d060355040a1316556e6976657273697479206f662041726b616e736173311b3019060355040b131255495453202d204954205365727669636573311a30180603550403131172656472616430312e756172
(1) Message-Authenticator = 0x5c78ba0db4500c1c263a70fd546949ec
(1) State = 0x7f32d9747e31c071723770ef4b853a0b
(1) Proxy-State = 0x313334
(1) # Executing section post-proxy from file /etc/raddb/sites-enabled/default
(1) post-proxy {
(1) eap : No pre-existing handler found
(1) [eap] = noop
(1) } # post-proxy = noop
(1) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=134, length=0
(1) EAP-Message = 0x010303ec19c000001709160301005902000055030157d0361aca92a67745d40e35156c7ad740c541016d178f5273f5af1f59a50b60204821ad3949787ca622cad771b3b67c02410b620893a6387c2c7b9571def4bfa3c01400000dff01000100000b000403000102160301154d0b001549001546000588308205843082046ca0030201020210202d6f1b7599d63a02581661d5a66855300d06092a864886f70d01010b05003076310b3009060355040613025553310b3009060355040813024d493112301006035504071309416e6e204172626f7231123010060355040a1309496e7465726e6574323111300f060355040b1308496e436f6d6d6f6e311f301d06035504031316496e436f6d6d6f6e2052534120536572766572204341301e170d3136303831383030303030305a170d3138303831383233353935395a3081bc310b3009060355040613025553310e300c060355041113053732373031310b3009060355040813024152311530130603550407130c4661796574746576696c6c65311f301d06035504091316556e6976657273697479206f662041726b616e736173311f301d060355040a1316556e6976657273697479206f662041726b616e736173311b3019060355040b131255495453202d204954205365727669636573311a30180603550403131172656472616430312e756172
(1) Message-Authenticator = 0x5c78ba0db4500c1c263a70fd546949ec
(1) State = 0x7f32d9747e31c071723770ef4b853a0b
Sending Access-Challenge Id 134 from 10.7.0.28:1812 to 10.250.0.19:32777
EAP-Message = 0x010303ec19c000001709160301005902000055030157d0361aca92a67745d40e35156c7ad740c541016d178f5273f5af1f59a50b60204821ad3949787ca622cad771b3b67c02410b620893a6387c2c7b9571def4bfa3c01400000dff01000100000b000403000102160301154d0b001549001546000588308205843082046ca0030201020210202d6f1b7599d63a02581661d5a66855300d06092a864886f70d01010b05003076310b3009060355040613025553310b3009060355040813024d493112301006035504071309416e6e204172626f7231123010060355040a1309496e7465726e6574323111300f060355040b1308496e436f6d6d6f6e311f301d06035504031316496e436f6d6d6f6e2052534120536572766572204341301e170d3136303831383030303030305a170d3138303831383233353935395a3081bc310b3009060355040613025553310e300c060355041113053732373031310b3009060355040813024152311530130603550407130c4661796574746576696c6c65311f301d06035504091316556e6976657273697479206f662041726b616e736173311f301d060355040a1316556e6976657273697479206f662041726b616e736173311b3019060355040b131255495453202d204954205365727669636573311a30180603550403131172656472616430312e75617
Message-Authenticator = 0x5c78ba0db4500c1c263a70fd546949ec
State = 0x7f32d9747e31c071723770ef4b853a0b
(1) Finished request
Waking up in 0.3 seconds.
Waking up in 4.1 seconds.
Received Access-Request Id 135 from 10.250.0.19:32777 to 10.7.0.28:1812 length 302
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020300061900
State = 0x7f32d9747e31c071723770ef4b853a0b
Message-Authenticator = 0x55ffccc26bf1aa1a7b9317356e84ad62
(2) Received Access-Request packet from host 10.250.0.19 port 32777, id=135, length=302
(2) User-Name = 'myUsername'
(2) Chargeable-User-Identity = 0x00
(2) Location-Capable = Civix-Location
(2) Calling-Station-Id = '88:63:df:a5:2a:c7'
(2) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(2) NAS-Port = 4
(2) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(2) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(2) Cisco-AVPair = 'mDNS=true'
(2) NAS-IP-Address = 10.250.0.19
(2) NAS-Identifier = 'Red 8510'
(2) Airespace-Wlan-Id = 8
(2) Service-Type = Framed-User
(2) Framed-MTU = 1300
(2) NAS-Port-Type = Wireless-802.11
(2) Tunnel-Type:0 = VLAN
(2) Tunnel-Medium-Type:0 = IEEE-802
(2) Tunnel-Private-Group-Id:0 = '477'
(2) EAP-Message = 0x020300061900
(2) State = 0x7f32d9747e31c071723770ef4b853a0b
(2) Message-Authenticator = 0x55ffccc26bf1aa1a7b9317356e84ad62
(2) # Executing section authorize from file /etc/raddb/sites-enabled/default
(2) authorize {
(2) filter_username filter_username {
(2) if (!&User-Name)
(2) if (!&User-Name) -> FALSE
(2) if (&User-Name =~ / /)
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@.*@/ )
(2) if (&User-Name =~ /@.*@/ ) -> FALSE
(2) if (&User-Name =~ /\\.\\./ )
(2) if (&User-Name =~ /\\.\\./ ) -> FALSE
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(2) if (&User-Name =~ /\\.$/)
(2) if (&User-Name =~ /\\.$/) -> FALSE
(2) if (&User-Name =~ /@\\./)
(2) if (&User-Name =~ /@\\./) -> FALSE
(2) } # filter_username filter_username = notfound
(2) [preprocess] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix : Checking for suffix after "@"
(2) suffix : No '@' in User-Name = "myUsername", looking up realm NULL
(2) suffix : Found realm "DEFAULT"
(2) suffix : Adding Stripped-User-Name = "myUsername"
(2) suffix : Adding Realm = "DEFAULT"
(2) suffix : Proxying request from user myUsername to realm DEFAULT
(2) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(2) [suffix] = updated
(2) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
(2) [eap] = noop
(2) files : users: Matched entry DEFAULT at line 2
(2) [files] = ok
(2) [expiration] = noop
(2) [logintime] = noop
(2) [pap] = noop
(2) } # authorize = updated
(2) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(2) pre-proxy {
(2) update control {
(2) EXPAND %{Calling-Station-Id}
(2) --> 88:63:df:a5:2a:c7
(2) Load-Balance-Key := "88:63:df:a5:2a:c7"
(2) } # update control = noop
(2) [updated] = updated
(2) } # pre-proxy = updated
(2) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
(2) Sending Access-Request packet to host 10.7.0.29 port 1812, id=113, length=0
(2) User-Name = 'myUsername'
(2) Chargeable-User-Identity = 0x00
(2) Location-Capable = Civix-Location
(2) Calling-Station-Id = '88:63:df:a5:2a:c7'
(2) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(2) NAS-Port = 4
(2) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(2) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(2) Cisco-AVPair = 'mDNS=true'
(2) NAS-IP-Address = 10.250.0.19
(2) NAS-Identifier = 'Red 8510'
(2) Airespace-Wlan-Id = 8
(2) Service-Type = Framed-User
(2) Framed-MTU = 1300
(2) NAS-Port-Type = Wireless-802.11
(2) Tunnel-Type:0 = VLAN
(2) Tunnel-Medium-Type:0 = IEEE-802
(2) Tunnel-Private-Group-Id:0 = '477'
(2) EAP-Message = 0x020300061900
(2) State = 0x7f32d9747e31c071723770ef4b853a0b
(2) Message-Authenticator = 0x55ffccc26bf1aa1a7b9317356e84ad62
(2) Event-Timestamp = 'Sep 7 2016 10:45:31 CDT'
(2) Stripped-User-Name = 'myUsername'
(2) Realm = 'DEFAULT'
(2) EAP-Type = PEAP
(2) Proxy-State = 0x313335
Sending Access-Request Id 113 from 0.0.0.0:32820 to 10.7.0.29:1812
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020300061900
State = 0x7f32d9747e31c071723770ef4b853a0b
Message-Authenticator = 0x55ffccc26bf1aa1a7b9317356e84ad62
Event-Timestamp = 'Sep 7 2016 10:45:31 CDT'
Proxy-State = 0x313335
Waking up in 0.3 seconds.
Received Access-Challenge Id 113 from 10.7.0.29:1812 to 10.7.0.28:32820 length 1069
EAP-Message = 0x010403e819406572742f7265706f7369746f72792f6370735f73736c2e7064663008060667810c01020230440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e696e636f6d6d6f6e2d7273612e6f72672f496e436f6d6d6f6e52534153657276657243412e63726c307506082b0601050507010104693067303e06082b060105050730028632687474703a2f2f6372742e7573657274727573742e636f6d2f496e436f6d6d6f6e52534153657276657243415f322e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d301c0603551d1104153013821172656472616430312e7561726b2e656475300d06092a864886f70d01010b050003820101002e8720c2323cd071993255679ffc7e2c1d795c9dcf3ab9f04f3f54d5696a23efd344d5e630ce4e74f3b85b2a9681309d7547ae1c6a06b59c371d06d7bb17d88261b8098420c51b59b4c7d6b95eb783a4cfd0db440f103a7ef4e99f3315063d3b448768ab63ff38b6492c61eef570ca451d69c6daffce6707d142e9565914a663aa1d52589f7c757e8f62d5f38bc54f746d8ed54b5aed57651863b7e054025d386814aef2d3a94b862b439aa68a4fa58c7b59bc1fdac5ede0d305cc349db069580eda39f1f117d8ba15d5f8665e935928af424ffa8c8789bfc2af9357bde
Message-Authenticator = 0x31ce7af26188fa294fecde6ad695cc4a
State = 0x7f32d9747d36c071723770ef4b853a0b
Proxy-State = 0x313335
(2) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=113, length=1069
(2) EAP-Message = 0x010403e819406572742f7265706f7369746f72792f6370735f73736c2e7064663008060667810c01020230440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e696e636f6d6d6f6e2d7273612e6f72672f496e436f6d6d6f6e52534153657276657243412e63726c307506082b0601050507010104693067303e06082b060105050730028632687474703a2f2f6372742e7573657274727573742e636f6d2f496e436f6d6d6f6e52534153657276657243415f322e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d301c0603551d1104153013821172656472616430312e7561726b2e656475300d06092a864886f70d01010b050003820101002e8720c2323cd071993255679ffc7e2c1d795c9dcf3ab9f04f3f54d5696a23efd344d5e630ce4e74f3b85b2a9681309d7547ae1c6a06b59c371d06d7bb17d88261b8098420c51b59b4c7d6b95eb783a4cfd0db440f103a7ef4e99f3315063d3b448768ab63ff38b6492c61eef570ca451d69c6daffce6707d142e9565914a663aa1d52589f7c757e8f62d5f38bc54f746d8ed54b5aed57651863b7e054025d386814aef2d3a94b862b439aa68a4fa58c7b59bc1fdac5ede0d305cc349db069580eda39f1f117d8ba15d5f8665e935928af424ffa8c8789bfc2af9357bde1
(2) Message-Authenticator = 0x31ce7af26188fa294fecde6ad695cc4a
(2) State = 0x7f32d9747d36c071723770ef4b853a0b
(2) Proxy-State = 0x313335
(2) # Executing section post-proxy from file /etc/raddb/sites-enabled/default
(2) post-proxy {
(2) eap : No pre-existing handler found
(2) [eap] = noop
(2) } # post-proxy = noop
(2) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=135, length=0
(2) EAP-Message = 0x010403e819406572742f7265706f7369746f72792f6370735f73736c2e7064663008060667810c01020230440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e696e636f6d6d6f6e2d7273612e6f72672f496e436f6d6d6f6e52534153657276657243412e63726c307506082b0601050507010104693067303e06082b060105050730028632687474703a2f2f6372742e7573657274727573742e636f6d2f496e436f6d6d6f6e52534153657276657243415f322e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d301c0603551d1104153013821172656472616430312e7561726b2e656475300d06092a864886f70d01010b050003820101002e8720c2323cd071993255679ffc7e2c1d795c9dcf3ab9f04f3f54d5696a23efd344d5e630ce4e74f3b85b2a9681309d7547ae1c6a06b59c371d06d7bb17d88261b8098420c51b59b4c7d6b95eb783a4cfd0db440f103a7ef4e99f3315063d3b448768ab63ff38b6492c61eef570ca451d69c6daffce6707d142e9565914a663aa1d52589f7c757e8f62d5f38bc54f746d8ed54b5aed57651863b7e054025d386814aef2d3a94b862b439aa68a4fa58c7b59bc1fdac5ede0d305cc349db069580eda39f1f117d8ba15d5f8665e935928af424ffa8c8789bfc2af9357bde1
(2) Message-Authenticator = 0x31ce7af26188fa294fecde6ad695cc4a
(2) State = 0x7f32d9747d36c071723770ef4b853a0b
Sending Access-Challenge Id 135 from 10.7.0.28:1812 to 10.250.0.19:32777
EAP-Message = 0x010403e819406572742f7265706f7369746f72792f6370735f73736c2e7064663008060667810c01020230440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e696e636f6d6d6f6e2d7273612e6f72672f496e436f6d6d6f6e52534153657276657243412e63726c307506082b0601050507010104693067303e06082b060105050730028632687474703a2f2f6372742e7573657274727573742e636f6d2f496e436f6d6d6f6e52534153657276657243415f322e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d301c0603551d1104153013821172656472616430312e7561726b2e656475300d06092a864886f70d01010b050003820101002e8720c2323cd071993255679ffc7e2c1d795c9dcf3ab9f04f3f54d5696a23efd344d5e630ce4e74f3b85b2a9681309d7547ae1c6a06b59c371d06d7bb17d88261b8098420c51b59b4c7d6b95eb783a4cfd0db440f103a7ef4e99f3315063d3b448768ab63ff38b6492c61eef570ca451d69c6daffce6707d142e9565914a663aa1d52589f7c757e8f62d5f38bc54f746d8ed54b5aed57651863b7e054025d386814aef2d3a94b862b439aa68a4fa58c7b59bc1fdac5ede0d305cc349db069580eda39f1f117d8ba15d5f8665e935928af424ffa8c8789bfc2af9357bde
Message-Authenticator = 0x31ce7af26188fa294fecde6ad695cc4a
State = 0x7f32d9747d36c071723770ef4b853a0b
(2) Finished request
Waking up in 0.3 seconds.
Waking up in 3.5 seconds.
Received Access-Request Id 136 from 10.250.0.19:32777 to 10.7.0.28:1812 length 302
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020400061900
State = 0x7f32d9747d36c071723770ef4b853a0b
Message-Authenticator = 0x0f2f551fdac847a020dfb7ba2f6b4a8d
(3) Received Access-Request packet from host 10.250.0.19 port 32777, id=136, length=302
(3) User-Name = 'myUsername'
(3) Chargeable-User-Identity = 0x00
(3) Location-Capable = Civix-Location
(3) Calling-Station-Id = '88:63:df:a5:2a:c7'
(3) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(3) NAS-Port = 4
(3) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(3) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(3) Cisco-AVPair = 'mDNS=true'
(3) NAS-IP-Address = 10.250.0.19
(3) NAS-Identifier = 'Red 8510'
(3) Airespace-Wlan-Id = 8
(3) Service-Type = Framed-User
(3) Framed-MTU = 1300
(3) NAS-Port-Type = Wireless-802.11
(3) Tunnel-Type:0 = VLAN
(3) Tunnel-Medium-Type:0 = IEEE-802
(3) Tunnel-Private-Group-Id:0 = '477'
(3) EAP-Message = 0x020400061900
(3) State = 0x7f32d9747d36c071723770ef4b853a0b
(3) Message-Authenticator = 0x0f2f551fdac847a020dfb7ba2f6b4a8d
(3) # Executing section authorize from file /etc/raddb/sites-enabled/default
(3) authorize {
(3) filter_username filter_username {
(3) if (!&User-Name)
(3) if (!&User-Name) -> FALSE
(3) if (&User-Name =~ / /)
(3) if (&User-Name =~ / /) -> FALSE
(3) if (&User-Name =~ /@.*@/ )
(3) if (&User-Name =~ /@.*@/ ) -> FALSE
(3) if (&User-Name =~ /\\.\\./ )
(3) if (&User-Name =~ /\\.\\./ ) -> FALSE
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(3) if (&User-Name =~ /\\.$/)
(3) if (&User-Name =~ /\\.$/) -> FALSE
(3) if (&User-Name =~ /@\\./)
(3) if (&User-Name =~ /@\\./) -> FALSE
(3) } # filter_username filter_username = notfound
(3) [preprocess] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix : Checking for suffix after "@"
(3) suffix : No '@' in User-Name = "myUsername", looking up realm NULL
(3) suffix : Found realm "DEFAULT"
(3) suffix : Adding Stripped-User-Name = "myUsername"
(3) suffix : Adding Realm = "DEFAULT"
(3) suffix : Proxying request from user myUsername to realm DEFAULT
(3) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(3) [suffix] = updated
(3) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
(3) [eap] = noop
(3) files : users: Matched entry DEFAULT at line 2
(3) [files] = ok
(3) [expiration] = noop
(3) [logintime] = noop
(3) [pap] = noop
(3) } # authorize = updated
(3) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(3) pre-proxy {
(3) update control {
(3) EXPAND %{Calling-Station-Id}
(3) --> 88:63:df:a5:2a:c7
(3) Load-Balance-Key := "88:63:df:a5:2a:c7"
(3) } # update control = noop
(3) [updated] = updated
(3) } # pre-proxy = updated
(3) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
(3) Sending Access-Request packet to host 10.7.0.29 port 1812, id=152, length=0
(3) User-Name = 'myUsername'
(3) Chargeable-User-Identity = 0x00
(3) Location-Capable = Civix-Location
(3) Calling-Station-Id = '88:63:df:a5:2a:c7'
(3) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(3) NAS-Port = 4
(3) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(3) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(3) Cisco-AVPair = 'mDNS=true'
(3) NAS-IP-Address = 10.250.0.19
(3) NAS-Identifier = 'Red 8510'
(3) Airespace-Wlan-Id = 8
(3) Service-Type = Framed-User
(3) Framed-MTU = 1300
(3) NAS-Port-Type = Wireless-802.11
(3) Tunnel-Type:0 = VLAN
(3) Tunnel-Medium-Type:0 = IEEE-802
(3) Tunnel-Private-Group-Id:0 = '477'
(3) EAP-Message = 0x020400061900
(3) State = 0x7f32d9747d36c071723770ef4b853a0b
(3) Message-Authenticator = 0x0f2f551fdac847a020dfb7ba2f6b4a8d
(3) Event-Timestamp = 'Sep 7 2016 10:45:32 CDT'
(3) Stripped-User-Name = 'myUsername'
(3) Realm = 'DEFAULT'
(3) EAP-Type = PEAP
(3) Proxy-State = 0x313336
Sending Access-Request Id 152 from 0.0.0.0:32820 to 10.7.0.29:1812
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020400061900
State = 0x7f32d9747d36c071723770ef4b853a0b
Message-Authenticator = 0x0f2f551fdac847a020dfb7ba2f6b4a8d
Event-Timestamp = 'Sep 7 2016 10:45:32 CDT'
Proxy-State = 0x313336
Waking up in 0.3 seconds.
Received Access-Challenge Id 152 from 10.7.0.29:1812 to 10.7.0.28:32820 length 1069
EAP-Message = 0x010503e81940f4a834dbe242c8a5db37d5b5e7e442723fb413cf8b0724451e8c918346b909a6fc18a30602ec348d32669527eae197e8db35a32b56eb57e8f01059df6d700c666ad064e5a8a39831ad1d62d5fa92e39a43cd2d35fbd99e335b457dc486282c6612c8db0f19300d3fe9f0ea4a5e4007c7f6207a537881647a7e456a166ff49358c962fb29277da17f21cee74f47d68a56e0e366f8ecdd89dc268c19683b8d8be2fb47230b7f370203010001a382016e3082016a301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb301d0603551d0e041604141e05a3778f6c96e25b874ba6b486ac71000ce738300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff020100301d0603551d250416301406082b0601050507030106082b06010505070302301b0603551d200414301230060604551d20003008060667810c01020230500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737452534143657274696669636174696f6e417574686f726974792e63726c307606082b06010505070101046a3068303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f55534552547275737452534141646454727573744
Message-Authenticator = 0xffe356a1b5de045026b21b97d6531288
State = 0x7f32d9747c37c071723770ef4b853a0b
Proxy-State = 0x313336
(3) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=152, length=1069
(3) EAP-Message = 0x010503e81940f4a834dbe242c8a5db37d5b5e7e442723fb413cf8b0724451e8c918346b909a6fc18a30602ec348d32669527eae197e8db35a32b56eb57e8f01059df6d700c666ad064e5a8a39831ad1d62d5fa92e39a43cd2d35fbd99e335b457dc486282c6612c8db0f19300d3fe9f0ea4a5e4007c7f6207a537881647a7e456a166ff49358c962fb29277da17f21cee74f47d68a56e0e366f8ecdd89dc268c19683b8d8be2fb47230b7f370203010001a382016e3082016a301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb301d0603551d0e041604141e05a3778f6c96e25b874ba6b486ac71000ce738300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff020100301d0603551d250416301406082b0601050507030106082b06010505070302301b0603551d200414301230060604551d20003008060667810c01020230500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737452534143657274696669636174696f6e417574686f726974792e63726c307606082b06010505070101046a3068303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f555345525472757374525341416464547275737443
(3) Message-Authenticator = 0xffe356a1b5de045026b21b97d6531288
(3) State = 0x7f32d9747c37c071723770ef4b853a0b
(3) Proxy-State = 0x313336
(3) # Executing section post-proxy from file /etc/raddb/sites-enabled/default
(3) post-proxy {
(3) eap : No pre-existing handler found
(3) [eap] = noop
(3) } # post-proxy = noop
(3) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=136, length=0
(3) EAP-Message = 0x010503e81940f4a834dbe242c8a5db37d5b5e7e442723fb413cf8b0724451e8c918346b909a6fc18a30602ec348d32669527eae197e8db35a32b56eb57e8f01059df6d700c666ad064e5a8a39831ad1d62d5fa92e39a43cd2d35fbd99e335b457dc486282c6612c8db0f19300d3fe9f0ea4a5e4007c7f6207a537881647a7e456a166ff49358c962fb29277da17f21cee74f47d68a56e0e366f8ecdd89dc268c19683b8d8be2fb47230b7f370203010001a382016e3082016a301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb301d0603551d0e041604141e05a3778f6c96e25b874ba6b486ac71000ce738300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff020100301d0603551d250416301406082b0601050507030106082b06010505070302301b0603551d200414301230060604551d20003008060667810c01020230500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737452534143657274696669636174696f6e417574686f726974792e63726c307606082b06010505070101046a3068303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f555345525472757374525341416464547275737443
(3) Message-Authenticator = 0xffe356a1b5de045026b21b97d6531288
(3) State = 0x7f32d9747c37c071723770ef4b853a0b
Sending Access-Challenge Id 136 from 10.7.0.28:1812 to 10.250.0.19:32777
EAP-Message = 0x010503e81940f4a834dbe242c8a5db37d5b5e7e442723fb413cf8b0724451e8c918346b909a6fc18a30602ec348d32669527eae197e8db35a32b56eb57e8f01059df6d700c666ad064e5a8a39831ad1d62d5fa92e39a43cd2d35fbd99e335b457dc486282c6612c8db0f19300d3fe9f0ea4a5e4007c7f6207a537881647a7e456a166ff49358c962fb29277da17f21cee74f47d68a56e0e366f8ecdd89dc268c19683b8d8be2fb47230b7f370203010001a382016e3082016a301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb301d0603551d0e041604141e05a3778f6c96e25b874ba6b486ac71000ce738300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff020100301d0603551d250416301406082b0601050507030106082b06010505070302301b0603551d200414301230060604551d20003008060667810c01020230500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737452534143657274696669636174696f6e417574686f726974792e63726c307606082b06010505070101046a3068303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f55534552547275737452534141646454727573744
Message-Authenticator = 0xffe356a1b5de045026b21b97d6531288
State = 0x7f32d9747c37c071723770ef4b853a0b
(3) Finished request
Waking up in 0.3 seconds.
Waking up in 2.9 seconds.
Received Access-Request Id 137 from 10.250.0.19:32777 to 10.7.0.28:1812 length 302
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020500061900
State = 0x7f32d9747c37c071723770ef4b853a0b
Message-Authenticator = 0x179c27dcfcb213745451499ae90edcce
(4) Received Access-Request packet from host 10.250.0.19 port 32777, id=137, length=302
(4) User-Name = 'myUsername'
(4) Chargeable-User-Identity = 0x00
(4) Location-Capable = Civix-Location
(4) Calling-Station-Id = '88:63:df:a5:2a:c7'
(4) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(4) NAS-Port = 4
(4) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(4) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(4) Cisco-AVPair = 'mDNS=true'
(4) NAS-IP-Address = 10.250.0.19
(4) NAS-Identifier = 'Red 8510'
(4) Airespace-Wlan-Id = 8
(4) Service-Type = Framed-User
(4) Framed-MTU = 1300
(4) NAS-Port-Type = Wireless-802.11
(4) Tunnel-Type:0 = VLAN
(4) Tunnel-Medium-Type:0 = IEEE-802
(4) Tunnel-Private-Group-Id:0 = '477'
(4) EAP-Message = 0x020500061900
(4) State = 0x7f32d9747c37c071723770ef4b853a0b
(4) Message-Authenticator = 0x179c27dcfcb213745451499ae90edcce
(4) # Executing section authorize from file /etc/raddb/sites-enabled/default
(4) authorize {
(4) filter_username filter_username {
(4) if (!&User-Name)
(4) if (!&User-Name) -> FALSE
(4) if (&User-Name =~ / /)
(4) if (&User-Name =~ / /) -> FALSE
(4) if (&User-Name =~ /@.*@/ )
(4) if (&User-Name =~ /@.*@/ ) -> FALSE
(4) if (&User-Name =~ /\\.\\./ )
(4) if (&User-Name =~ /\\.\\./ ) -> FALSE
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(4) if (&User-Name =~ /\\.$/)
(4) if (&User-Name =~ /\\.$/) -> FALSE
(4) if (&User-Name =~ /@\\./)
(4) if (&User-Name =~ /@\\./) -> FALSE
(4) } # filter_username filter_username = notfound
(4) [preprocess] = ok
(4) [chap] = noop
(4) [mschap] = noop
(4) [digest] = noop
(4) suffix : Checking for suffix after "@"
(4) suffix : No '@' in User-Name = "myUsername", looking up realm NULL
(4) suffix : Found realm "DEFAULT"
(4) suffix : Adding Stripped-User-Name = "myUsername"
(4) suffix : Adding Realm = "DEFAULT"
(4) suffix : Proxying request from user myUsername to realm DEFAULT
(4) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(4) [suffix] = updated
(4) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
(4) [eap] = noop
(4) files : users: Matched entry DEFAULT at line 2
(4) [files] = ok
(4) [expiration] = noop
(4) [logintime] = noop
(4) [pap] = noop
(4) } # authorize = updated
(4) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(4) pre-proxy {
(4) update control {
(4) EXPAND %{Calling-Station-Id}
(4) --> 88:63:df:a5:2a:c7
(4) Load-Balance-Key := "88:63:df:a5:2a:c7"
(4) } # update control = noop
(4) [updated] = updated
(4) } # pre-proxy = updated
(4) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
(4) Sending Access-Request packet to host 10.7.0.29 port 1812, id=121, length=0
(4) User-Name = 'myUsername'
(4) Chargeable-User-Identity = 0x00
(4) Location-Capable = Civix-Location
(4) Calling-Station-Id = '88:63:df:a5:2a:c7'
(4) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(4) NAS-Port = 4
(4) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(4) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(4) Cisco-AVPair = 'mDNS=true'
(4) NAS-IP-Address = 10.250.0.19
(4) NAS-Identifier = 'Red 8510'
(4) Airespace-Wlan-Id = 8
(4) Service-Type = Framed-User
(4) Framed-MTU = 1300
(4) NAS-Port-Type = Wireless-802.11
(4) Tunnel-Type:0 = VLAN
(4) Tunnel-Medium-Type:0 = IEEE-802
(4) Tunnel-Private-Group-Id:0 = '477'
(4) EAP-Message = 0x020500061900
(4) State = 0x7f32d9747c37c071723770ef4b853a0b
(4) Message-Authenticator = 0x179c27dcfcb213745451499ae90edcce
(4) Event-Timestamp = 'Sep 7 2016 10:45:32 CDT'
(4) Stripped-User-Name = 'myUsername'
(4) Realm = 'DEFAULT'
(4) EAP-Type = PEAP
(4) Proxy-State = 0x313337
Sending Access-Request Id 121 from 0.0.0.0:32820 to 10.7.0.29:1812
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020500061900
State = 0x7f32d9747c37c071723770ef4b853a0b
Message-Authenticator = 0x179c27dcfcb213745451499ae90edcce
Event-Timestamp = 'Sep 7 2016 10:45:32 CDT'
Proxy-State = 0x313337
Waking up in 0.3 seconds.
Received Access-Challenge Id 121 from 10.7.0.29:1812 to 10.7.0.28:32820 length 1069
EAP-Message = 0x010603e819402a87b95ccaf2834c4003b2521a79210837184ed98d5f99c6055ff16aaeba755a78473a3a655ee5c4d0e3dad2eb5a282db9029960a26f3c2f667c98459cc9fa01ef328e7c3ef9f4037b24a656098c2400057b308205773082045fa003020102021013ea28705bf4eced0c36630980614336300d06092a864886f70d01010c0500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b37281
Message-Authenticator = 0x21ea0b5359ce13b7be9dec242663548a
State = 0x7f32d9747b34c071723770ef4b853a0b
Proxy-State = 0x313337
(4) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=121, length=1069
(4) EAP-Message = 0x010603e819402a87b95ccaf2834c4003b2521a79210837184ed98d5f99c6055ff16aaeba755a78473a3a655ee5c4d0e3dad2eb5a282db9029960a26f3c2f667c98459cc9fa01ef328e7c3ef9f4037b24a656098c2400057b308205773082045fa003020102021013ea28705bf4eced0c36630980614336300d06092a864886f70d01010c0500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b372811
(4) Message-Authenticator = 0x21ea0b5359ce13b7be9dec242663548a
(4) State = 0x7f32d9747b34c071723770ef4b853a0b
(4) Proxy-State = 0x313337
(4) # Executing section post-proxy from file /etc/raddb/sites-enabled/default
(4) post-proxy {
(4) eap : No pre-existing handler found
(4) [eap] = noop
(4) } # post-proxy = noop
(4) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=137, length=0
(4) EAP-Message = 0x010603e819402a87b95ccaf2834c4003b2521a79210837184ed98d5f99c6055ff16aaeba755a78473a3a655ee5c4d0e3dad2eb5a282db9029960a26f3c2f667c98459cc9fa01ef328e7c3ef9f4037b24a656098c2400057b308205773082045fa003020102021013ea28705bf4eced0c36630980614336300d06092a864886f70d01010c0500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b372811
(4) Message-Authenticator = 0x21ea0b5359ce13b7be9dec242663548a
(4) State = 0x7f32d9747b34c071723770ef4b853a0b
Sending Access-Challenge Id 137 from 10.7.0.28:1812 to 10.250.0.19:32777
EAP-Message = 0x010603e819402a87b95ccaf2834c4003b2521a79210837184ed98d5f99c6055ff16aaeba755a78473a3a655ee5c4d0e3dad2eb5a282db9029960a26f3c2f667c98459cc9fa01ef328e7c3ef9f4037b24a656098c2400057b308205773082045fa003020102021013ea28705bf4eced0c36630980614336300d06092a864886f70d01010c0500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b37281
Message-Authenticator = 0x21ea0b5359ce13b7be9dec242663548a
State = 0x7f32d9747b34c071723770ef4b853a0b
(4) Finished request
Waking up in 0.3 seconds.
Waking up in 2.3 seconds.
Received Access-Request Id 138 from 10.250.0.19:32777 to 10.7.0.28:1812 length 302
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020600061900
State = 0x7f32d9747b34c071723770ef4b853a0b
Message-Authenticator = 0x793941bee6d2a20c5e40eab7187ed082
(5) Received Access-Request packet from host 10.250.0.19 port 32777, id=138, length=302
(5) User-Name = 'myUsername'
(5) Chargeable-User-Identity = 0x00
(5) Location-Capable = Civix-Location
(5) Calling-Station-Id = '88:63:df:a5:2a:c7'
(5) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(5) NAS-Port = 4
(5) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(5) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(5) Cisco-AVPair = 'mDNS=true'
(5) NAS-IP-Address = 10.250.0.19
(5) NAS-Identifier = 'Red 8510'
(5) Airespace-Wlan-Id = 8
(5) Service-Type = Framed-User
(5) Framed-MTU = 1300
(5) NAS-Port-Type = Wireless-802.11
(5) Tunnel-Type:0 = VLAN
(5) Tunnel-Medium-Type:0 = IEEE-802
(5) Tunnel-Private-Group-Id:0 = '477'
(5) EAP-Message = 0x020600061900
(5) State = 0x7f32d9747b34c071723770ef4b853a0b
(5) Message-Authenticator = 0x793941bee6d2a20c5e40eab7187ed082
(5) # Executing section authorize from file /etc/raddb/sites-enabled/default
(5) authorize {
(5) filter_username filter_username {
(5) if (!&User-Name)
(5) if (!&User-Name) -> FALSE
(5) if (&User-Name =~ / /)
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@.*@/ )
(5) if (&User-Name =~ /@.*@/ ) -> FALSE
(5) if (&User-Name =~ /\\.\\./ )
(5) if (&User-Name =~ /\\.\\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(5) if (&User-Name =~ /\\.$/)
(5) if (&User-Name =~ /\\.$/) -> FALSE
(5) if (&User-Name =~ /@\\./)
(5) if (&User-Name =~ /@\\./) -> FALSE
(5) } # filter_username filter_username = notfound
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix : Checking for suffix after "@"
(5) suffix : No '@' in User-Name = "myUsername", looking up realm NULL
(5) suffix : Found realm "DEFAULT"
(5) suffix : Adding Stripped-User-Name = "myUsername"
(5) suffix : Adding Realm = "DEFAULT"
(5) suffix : Proxying request from user myUsername to realm DEFAULT
(5) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(5) [suffix] = updated
(5) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
(5) [eap] = noop
(5) files : users: Matched entry DEFAULT at line 2
(5) [files] = ok
(5) [expiration] = noop
(5) [logintime] = noop
(5) [pap] = noop
(5) } # authorize = updated
(5) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(5) pre-proxy {
(5) update control {
(5) EXPAND %{Calling-Station-Id}
(5) --> 88:63:df:a5:2a:c7
(5) Load-Balance-Key := "88:63:df:a5:2a:c7"
(5) } # update control = noop
(5) [updated] = updated
(5) } # pre-proxy = updated
(5) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
(5) Sending Access-Request packet to host 10.7.0.29 port 1812, id=212, length=0
(5) User-Name = 'myUsername'
(5) Chargeable-User-Identity = 0x00
(5) Location-Capable = Civix-Location
(5) Calling-Station-Id = '88:63:df:a5:2a:c7'
(5) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(5) NAS-Port = 4
(5) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(5) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(5) Cisco-AVPair = 'mDNS=true'
(5) NAS-IP-Address = 10.250.0.19
(5) NAS-Identifier = 'Red 8510'
(5) Airespace-Wlan-Id = 8
(5) Service-Type = Framed-User
(5) Framed-MTU = 1300
(5) NAS-Port-Type = Wireless-802.11
(5) Tunnel-Type:0 = VLAN
(5) Tunnel-Medium-Type:0 = IEEE-802
(5) Tunnel-Private-Group-Id:0 = '477'
(5) EAP-Message = 0x020600061900
(5) State = 0x7f32d9747b34c071723770ef4b853a0b
(5) Message-Authenticator = 0x793941bee6d2a20c5e40eab7187ed082
(5) Event-Timestamp = 'Sep 7 2016 10:45:33 CDT'
(5) Stripped-User-Name = 'myUsername'
(5) Realm = 'DEFAULT'
(5) EAP-Type = PEAP
(5) Proxy-State = 0x313338
Sending Access-Request Id 212 from 0.0.0.0:32820 to 10.7.0.29:1812
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020600061900
State = 0x7f32d9747b34c071723770ef4b853a0b
Message-Authenticator = 0x793941bee6d2a20c5e40eab7187ed082
Event-Timestamp = 'Sep 7 2016 10:45:33 CDT'
Proxy-State = 0x313338
Waking up in 0.3 seconds.
Received Access-Challenge Id 212 from 10.7.0.29:1812 to 10.7.0.28:32820 length 1069
EAP-Message = 0x010703e8194003bde024cb541a301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c303506082b0601050507010104293027302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d01010c050003820101009365f63783950f5ec3821c1fd677e73c8ac0aa09f0e90b26f1e0c26a75a1c779c9b95260c829120ef0ad03d609c476dfe5a68195a746da8257a99592c5b68f03226c3377c17b32176e07ce5a14413a05241bf614063ba825240ebbcc2a75ddb970413f7cd0633621071f46ff60a491e167bcde1f7e1914c9636791ea67076bb48f8bc06e437dc3a1806cb21ebc53857ddc90a1a4bc2def4672573505bfbb46bb6e6d3799b6ff239291c66e40f88f2956ea5fd55f1453acf04f61eaf722cca7560be2b8341f26d97b1905683fba3cd43806a2d3e68f0ee3b4716d4042c584b440952bf465a04879f61d8163969d4f75e0f87ce48ea9d1f2ad8ab38cc721cdc2ef00043a30820
Message-Authenticator = 0x7cbe966dd0238f8b291b7a1c48ddeb42
State = 0x7f32d9747a35c071723770ef4b853a0b
Proxy-State = 0x313338
(5) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=212, length=1069
(5) EAP-Message = 0x010703e8194003bde024cb541a301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c303506082b0601050507010104293027302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d01010c050003820101009365f63783950f5ec3821c1fd677e73c8ac0aa09f0e90b26f1e0c26a75a1c779c9b95260c829120ef0ad03d609c476dfe5a68195a746da8257a99592c5b68f03226c3377c17b32176e07ce5a14413a05241bf614063ba825240ebbcc2a75ddb970413f7cd0633621071f46ff60a491e167bcde1f7e1914c9636791ea67076bb48f8bc06e437dc3a1806cb21ebc53857ddc90a1a4bc2def4672573505bfbb46bb6e6d3799b6ff239291c66e40f88f2956ea5fd55f1453acf04f61eaf722cca7560be2b8341f26d97b1905683fba3cd43806a2d3e68f0ee3b4716d4042c584b440952bf465a04879f61d8163969d4f75e0f87ce48ea9d1f2ad8ab38cc721cdc2ef00043a308204
(5) Message-Authenticator = 0x7cbe966dd0238f8b291b7a1c48ddeb42
(5) State = 0x7f32d9747a35c071723770ef4b853a0b
(5) Proxy-State = 0x313338
(5) # Executing section post-proxy from file /etc/raddb/sites-enabled/default
(5) post-proxy {
(5) eap : No pre-existing handler found
(5) [eap] = noop
(5) } # post-proxy = noop
(5) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=138, length=0
(5) EAP-Message = 0x010703e8194003bde024cb541a301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c303506082b0601050507010104293027302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d01010c050003820101009365f63783950f5ec3821c1fd677e73c8ac0aa09f0e90b26f1e0c26a75a1c779c9b95260c829120ef0ad03d609c476dfe5a68195a746da8257a99592c5b68f03226c3377c17b32176e07ce5a14413a05241bf614063ba825240ebbcc2a75ddb970413f7cd0633621071f46ff60a491e167bcde1f7e1914c9636791ea67076bb48f8bc06e437dc3a1806cb21ebc53857ddc90a1a4bc2def4672573505bfbb46bb6e6d3799b6ff239291c66e40f88f2956ea5fd55f1453acf04f61eaf722cca7560be2b8341f26d97b1905683fba3cd43806a2d3e68f0ee3b4716d4042c584b440952bf465a04879f61d8163969d4f75e0f87ce48ea9d1f2ad8ab38cc721cdc2ef00043a308204
(5) Message-Authenticator = 0x7cbe966dd0238f8b291b7a1c48ddeb42
(5) State = 0x7f32d9747a35c071723770ef4b853a0b
Sending Access-Challenge Id 138 from 10.7.0.28:1812 to 10.250.0.19:32777
EAP-Message = 0x010703e8194003bde024cb541a301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c303506082b0601050507010104293027302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d01010c050003820101009365f63783950f5ec3821c1fd677e73c8ac0aa09f0e90b26f1e0c26a75a1c779c9b95260c829120ef0ad03d609c476dfe5a68195a746da8257a99592c5b68f03226c3377c17b32176e07ce5a14413a05241bf614063ba825240ebbcc2a75ddb970413f7cd0633621071f46ff60a491e167bcde1f7e1914c9636791ea67076bb48f8bc06e437dc3a1806cb21ebc53857ddc90a1a4bc2def4672573505bfbb46bb6e6d3799b6ff239291c66e40f88f2956ea5fd55f1453acf04f61eaf722cca7560be2b8341f26d97b1905683fba3cd43806a2d3e68f0ee3b4716d4042c584b440952bf465a04879f61d8163969d4f75e0f87ce48ea9d1f2ad8ab38cc721cdc2ef00043a30820
Message-Authenticator = 0x7cbe966dd0238f8b291b7a1c48ddeb42
State = 0x7f32d9747a35c071723770ef4b853a0b
(5) Finished request
Waking up in 0.3 seconds.
Waking up in 1.8 seconds.
Received Access-Request Id 139 from 10.250.0.19:32777 to 10.7.0.28:1812 length 302
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020700061900
State = 0x7f32d9747a35c071723770ef4b853a0b
Message-Authenticator = 0x1d34b533c22550014d8a2b2c2368443f
(6) Received Access-Request packet from host 10.250.0.19 port 32777, id=139, length=302
(6) User-Name = 'myUsername'
(6) Chargeable-User-Identity = 0x00
(6) Location-Capable = Civix-Location
(6) Calling-Station-Id = '88:63:df:a5:2a:c7'
(6) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(6) NAS-Port = 4
(6) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(6) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(6) Cisco-AVPair = 'mDNS=true'
(6) NAS-IP-Address = 10.250.0.19
(6) NAS-Identifier = 'Red 8510'
(6) Airespace-Wlan-Id = 8
(6) Service-Type = Framed-User
(6) Framed-MTU = 1300
(6) NAS-Port-Type = Wireless-802.11
(6) Tunnel-Type:0 = VLAN
(6) Tunnel-Medium-Type:0 = IEEE-802
(6) Tunnel-Private-Group-Id:0 = '477'
(6) EAP-Message = 0x020700061900
(6) State = 0x7f32d9747a35c071723770ef4b853a0b
(6) Message-Authenticator = 0x1d34b533c22550014d8a2b2c2368443f
(6) # Executing section authorize from file /etc/raddb/sites-enabled/default
(6) authorize {
(6) filter_username filter_username {
(6) if (!&User-Name)
(6) if (!&User-Name) -> FALSE
(6) if (&User-Name =~ / /)
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@.*@/ )
(6) if (&User-Name =~ /@.*@/ ) -> FALSE
(6) if (&User-Name =~ /\\.\\./ )
(6) if (&User-Name =~ /\\.\\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(6) if (&User-Name =~ /\\.$/)
(6) if (&User-Name =~ /\\.$/) -> FALSE
(6) if (&User-Name =~ /@\\./)
(6) if (&User-Name =~ /@\\./) -> FALSE
(6) } # filter_username filter_username = notfound
(6) [preprocess] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix : Checking for suffix after "@"
(6) suffix : No '@' in User-Name = "myUsername", looking up realm NULL
(6) suffix : Found realm "DEFAULT"
(6) suffix : Adding Stripped-User-Name = "myUsername"
(6) suffix : Adding Realm = "DEFAULT"
(6) suffix : Proxying request from user myUsername to realm DEFAULT
(6) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(6) [suffix] = updated
(6) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
(6) [eap] = noop
(6) files : users: Matched entry DEFAULT at line 2
(6) [files] = ok
(6) [expiration] = noop
(6) [logintime] = noop
(6) [pap] = noop
(6) } # authorize = updated
(6) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(6) pre-proxy {
(6) update control {
(6) EXPAND %{Calling-Station-Id}
(6) --> 88:63:df:a5:2a:c7
(6) Load-Balance-Key := "88:63:df:a5:2a:c7"
(6) } # update control = noop
(6) [updated] = updated
(6) } # pre-proxy = updated
(6) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
(6) Sending Access-Request packet to host 10.7.0.29 port 1812, id=103, length=0
(6) User-Name = 'myUsername'
(6) Chargeable-User-Identity = 0x00
(6) Location-Capable = Civix-Location
(6) Calling-Station-Id = '88:63:df:a5:2a:c7'
(6) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(6) NAS-Port = 4
(6) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(6) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(6) Cisco-AVPair = 'mDNS=true'
(6) NAS-IP-Address = 10.250.0.19
(6) NAS-Identifier = 'Red 8510'
(6) Airespace-Wlan-Id = 8
(6) Service-Type = Framed-User
(6) Framed-MTU = 1300
(6) NAS-Port-Type = Wireless-802.11
(6) Tunnel-Type:0 = VLAN
(6) Tunnel-Medium-Type:0 = IEEE-802
(6) Tunnel-Private-Group-Id:0 = '477'
(6) EAP-Message = 0x020700061900
(6) State = 0x7f32d9747a35c071723770ef4b853a0b
(6) Message-Authenticator = 0x1d34b533c22550014d8a2b2c2368443f
(6) Event-Timestamp = 'Sep 7 2016 10:45:34 CDT'
(6) Stripped-User-Name = 'myUsername'
(6) Realm = 'DEFAULT'
(6) EAP-Type = PEAP
(6) Proxy-State = 0x313339
Sending Access-Request Id 103 from 0.0.0.0:32820 to 10.7.0.29:1812
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020700061900
State = 0x7f32d9747a35c071723770ef4b853a0b
Message-Authenticator = 0x1d34b533c22550014d8a2b2c2368443f
Event-Timestamp = 'Sep 7 2016 10:45:34 CDT'
Proxy-State = 0x313339
Waking up in 0.3 seconds.
Received Access-Challenge Id 103 from 10.7.0.29:1812 to 10.7.0.28:32820 length 1002
EAP-Message = 0x010803a519009437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa7622168152
Message-Authenticator = 0x9f268fb0f8593cd72abd7cfbad1d29ac
State = 0x7f32d974793ac071723770ef4b853a0b
Proxy-State = 0x313339
(6) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=103, length=1002
(6) EAP-Message = 0x010803a519009437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520
(6) Message-Authenticator = 0x9f268fb0f8593cd72abd7cfbad1d29ac
(6) State = 0x7f32d974793ac071723770ef4b853a0b
(6) Proxy-State = 0x313339
(6) # Executing section post-proxy from file /etc/raddb/sites-enabled/default
(6) post-proxy {
(6) eap : No pre-existing handler found
(6) [eap] = noop
(6) } # post-proxy = noop
(6) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=139, length=0
(6) EAP-Message = 0x010803a519009437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520
(6) Message-Authenticator = 0x9f268fb0f8593cd72abd7cfbad1d29ac
(6) State = 0x7f32d974793ac071723770ef4b853a0b
Sending Access-Challenge Id 139 from 10.7.0.28:1812 to 10.250.0.19:32777
EAP-Message = 0x010803a519009437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa7622168152
Message-Authenticator = 0x9f268fb0f8593cd72abd7cfbad1d29ac
State = 0x7f32d974793ac071723770ef4b853a0b
(6) Finished request
Waking up in 0.3 seconds.
Waking up in 1.2 seconds.
Received Access-Request Id 140 from 10.250.0.19:32777 to 10.7.0.28:1812 length 440
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x02080090198000000086160301004610000042410429e8c93c050497d3c969d24265991784e53f8e974d047c0afe53fe094be8aebf1cdb5c532b66bca8e62c0a4de444911ee842ef54549de8d6f1bab50ab3c027e214030100010116030100304ceb36a7e8d6f0939c12ecc9d58fcb1cd48e6ff0c0554cdd9b69c189dd0fc9dcfe74da9b32db30a4ad253d91db07be92
State = 0x7f32d974793ac071723770ef4b853a0b
Message-Authenticator = 0xa163342ab96eda59991b0b6c9b4d1ac8
(7) Received Access-Request packet from host 10.250.0.19 port 32777, id=140, length=440
(7) User-Name = 'myUsername'
(7) Chargeable-User-Identity = 0x00
(7) Location-Capable = Civix-Location
(7) Calling-Station-Id = '88:63:df:a5:2a:c7'
(7) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(7) NAS-Port = 4
(7) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(7) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(7) Cisco-AVPair = 'mDNS=true'
(7) NAS-IP-Address = 10.250.0.19
(7) NAS-Identifier = 'Red 8510'
(7) Airespace-Wlan-Id = 8
(7) Service-Type = Framed-User
(7) Framed-MTU = 1300
(7) NAS-Port-Type = Wireless-802.11
(7) Tunnel-Type:0 = VLAN
(7) Tunnel-Medium-Type:0 = IEEE-802
(7) Tunnel-Private-Group-Id:0 = '477'
(7) EAP-Message = 0x02080090198000000086160301004610000042410429e8c93c050497d3c969d24265991784e53f8e974d047c0afe53fe094be8aebf1cdb5c532b66bca8e62c0a4de444911ee842ef54549de8d6f1bab50ab3c027e214030100010116030100304ceb36a7e8d6f0939c12ecc9d58fcb1cd48e6ff0c0554cdd9b69c189dd0fc9dcfe74da9b32db30a4ad253d91db07be92
(7) State = 0x7f32d974793ac071723770ef4b853a0b
(7) Message-Authenticator = 0xa163342ab96eda59991b0b6c9b4d1ac8
(7) # Executing section authorize from file /etc/raddb/sites-enabled/default
(7) authorize {
(7) filter_username filter_username {
(7) if (!&User-Name)
(7) if (!&User-Name) -> FALSE
(7) if (&User-Name =~ / /)
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@.*@/ )
(7) if (&User-Name =~ /@.*@/ ) -> FALSE
(7) if (&User-Name =~ /\\.\\./ )
(7) if (&User-Name =~ /\\.\\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(7) if (&User-Name =~ /\\.$/)
(7) if (&User-Name =~ /\\.$/) -> FALSE
(7) if (&User-Name =~ /@\\./)
(7) if (&User-Name =~ /@\\./) -> FALSE
(7) } # filter_username filter_username = notfound
(7) [preprocess] = ok
(7) [chap] = noop
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix : Checking for suffix after "@"
(7) suffix : No '@' in User-Name = "myUsername", looking up realm NULL
(7) suffix : Found realm "DEFAULT"
(7) suffix : Adding Stripped-User-Name = "myUsername"
(7) suffix : Adding Realm = "DEFAULT"
(7) suffix : Proxying request from user myUsername to realm DEFAULT
(7) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(7) [suffix] = updated
(7) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
(7) [eap] = noop
(7) files : users: Matched entry DEFAULT at line 2
(7) [files] = ok
(7) [expiration] = noop
(7) [logintime] = noop
(7) [pap] = noop
(7) } # authorize = updated
(7) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(7) pre-proxy {
(7) update control {
(7) EXPAND %{Calling-Station-Id}
(7) --> 88:63:df:a5:2a:c7
(7) Load-Balance-Key := "88:63:df:a5:2a:c7"
(7) } # update control = noop
(7) [updated] = updated
(7) } # pre-proxy = updated
(7) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
(7) Sending Access-Request packet to host 10.7.0.29 port 1812, id=156, length=0
(7) User-Name = 'myUsername'
(7) Chargeable-User-Identity = 0x00
(7) Location-Capable = Civix-Location
(7) Calling-Station-Id = '88:63:df:a5:2a:c7'
(7) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(7) NAS-Port = 4
(7) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(7) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(7) Cisco-AVPair = 'mDNS=true'
(7) NAS-IP-Address = 10.250.0.19
(7) NAS-Identifier = 'Red 8510'
(7) Airespace-Wlan-Id = 8
(7) Service-Type = Framed-User
(7) Framed-MTU = 1300
(7) NAS-Port-Type = Wireless-802.11
(7) Tunnel-Type:0 = VLAN
(7) Tunnel-Medium-Type:0 = IEEE-802
(7) Tunnel-Private-Group-Id:0 = '477'
(7) EAP-Message = 0x02080090198000000086160301004610000042410429e8c93c050497d3c969d24265991784e53f8e974d047c0afe53fe094be8aebf1cdb5c532b66bca8e62c0a4de444911ee842ef54549de8d6f1bab50ab3c027e214030100010116030100304ceb36a7e8d6f0939c12ecc9d58fcb1cd48e6ff0c0554cdd9b69c189dd0fc9dcfe74da9b32db30a4ad253d91db07be92
(7) State = 0x7f32d974793ac071723770ef4b853a0b
(7) Message-Authenticator = 0xa163342ab96eda59991b0b6c9b4d1ac8
(7) Event-Timestamp = 'Sep 7 2016 10:45:34 CDT'
(7) Stripped-User-Name = 'myUsername'
(7) Realm = 'DEFAULT'
(7) EAP-Type = PEAP
(7) Proxy-State = 0x313430
Sending Access-Request Id 156 from 0.0.0.0:32820 to 10.7.0.29:1812
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x02080090198000000086160301004610000042410429e8c93c050497d3c969d24265991784e53f8e974d047c0afe53fe094be8aebf1cdb5c532b66bca8e62c0a4de444911ee842ef54549de8d6f1bab50ab3c027e214030100010116030100304ceb36a7e8d6f0939c12ecc9d58fcb1cd48e6ff0c0554cdd9b69c189dd0fc9dcfe74da9b32db30a4ad253d91db07be92
State = 0x7f32d974793ac071723770ef4b853a0b
Message-Authenticator = 0xa163342ab96eda59991b0b6c9b4d1ac8
Event-Timestamp = 'Sep 7 2016 10:45:34 CDT'
Proxy-State = 0x313430
Waking up in 0.3 seconds.
Received Access-Challenge Id 156 from 10.7.0.29:1812 to 10.7.0.28:32820 length 128
EAP-Message = 0x0109004119001403010001011603010030319532f72d4702e3e7168c18318061baa1178d4104ec7b8ff01fd4de7837730400f8c867195e19123d7820fbe26de308
Message-Authenticator = 0xaa8fb77da2b03ee73c0cfacb26d9543a
State = 0x7f32d974783bc071723770ef4b853a0b
Proxy-State = 0x313430
(7) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=156, length=128
(7) EAP-Message = 0x0109004119001403010001011603010030319532f72d4702e3e7168c18318061baa1178d4104ec7b8ff01fd4de7837730400f8c867195e19123d7820fbe26de308
(7) Message-Authenticator = 0xaa8fb77da2b03ee73c0cfacb26d9543a
(7) State = 0x7f32d974783bc071723770ef4b853a0b
(7) Proxy-State = 0x313430
(7) # Executing section post-proxy from file /etc/raddb/sites-enabled/default
(7) post-proxy {
(7) eap : No pre-existing handler found
(7) [eap] = noop
(7) } # post-proxy = noop
(7) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=140, length=0
(7) EAP-Message = 0x0109004119001403010001011603010030319532f72d4702e3e7168c18318061baa1178d4104ec7b8ff01fd4de7837730400f8c867195e19123d7820fbe26de308
(7) Message-Authenticator = 0xaa8fb77da2b03ee73c0cfacb26d9543a
(7) State = 0x7f32d974783bc071723770ef4b853a0b
Sending Access-Challenge Id 140 from 10.7.0.28:1812 to 10.250.0.19:32777
EAP-Message = 0x0109004119001403010001011603010030319532f72d4702e3e7168c18318061baa1178d4104ec7b8ff01fd4de7837730400f8c867195e19123d7820fbe26de308
Message-Authenticator = 0xaa8fb77da2b03ee73c0cfacb26d9543a
State = 0x7f32d974783bc071723770ef4b853a0b
(7) Finished request
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
Received Access-Request Id 141 from 10.250.0.19:32777 to 10.7.0.28:1812 length 302
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020900061900
State = 0x7f32d974783bc071723770ef4b853a0b
Message-Authenticator = 0x5a346273cf37875c673969c7831b84ec
(8) Received Access-Request packet from host 10.250.0.19 port 32777, id=141, length=302
(8) User-Name = 'myUsername'
(8) Chargeable-User-Identity = 0x00
(8) Location-Capable = Civix-Location
(8) Calling-Station-Id = '88:63:df:a5:2a:c7'
(8) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(8) NAS-Port = 4
(8) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(8) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(8) Cisco-AVPair = 'mDNS=true'
(8) NAS-IP-Address = 10.250.0.19
(8) NAS-Identifier = 'Red 8510'
(8) Airespace-Wlan-Id = 8
(8) Service-Type = Framed-User
(8) Framed-MTU = 1300
(8) NAS-Port-Type = Wireless-802.11
(8) Tunnel-Type:0 = VLAN
(8) Tunnel-Medium-Type:0 = IEEE-802
(8) Tunnel-Private-Group-Id:0 = '477'
(8) EAP-Message = 0x020900061900
(8) State = 0x7f32d974783bc071723770ef4b853a0b
(8) Message-Authenticator = 0x5a346273cf37875c673969c7831b84ec
(8) # Executing section authorize from file /etc/raddb/sites-enabled/default
(8) authorize {
(8) filter_username filter_username {
(8) if (!&User-Name)
(8) if (!&User-Name) -> FALSE
(8) if (&User-Name =~ / /)
(8) if (&User-Name =~ / /) -> FALSE
(8) if (&User-Name =~ /@.*@/ )
(8) if (&User-Name =~ /@.*@/ ) -> FALSE
(8) if (&User-Name =~ /\\.\\./ )
(8) if (&User-Name =~ /\\.\\./ ) -> FALSE
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(8) if (&User-Name =~ /\\.$/)
(8) if (&User-Name =~ /\\.$/) -> FALSE
(8) if (&User-Name =~ /@\\./)
(8) if (&User-Name =~ /@\\./) -> FALSE
(8) } # filter_username filter_username = notfound
(8) [preprocess] = ok
(8) [chap] = noop
(8) [mschap] = noop
(8) [digest] = noop
(8) suffix : Checking for suffix after "@"
(8) suffix : No '@' in User-Name = "myUsername", looking up realm NULL
(8) suffix : Found realm "DEFAULT"
(8) suffix : Adding Stripped-User-Name = "myUsername"
(8) suffix : Adding Realm = "DEFAULT"
(8) suffix : Proxying request from user myUsername to realm DEFAULT
(8) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(8) [suffix] = updated
(8) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
(8) [eap] = noop
(8) files : users: Matched entry DEFAULT at line 2
(8) [files] = ok
(8) [expiration] = noop
(8) [logintime] = noop
(8) [pap] = noop
(8) } # authorize = updated
(8) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(8) pre-proxy {
(8) update control {
(8) EXPAND %{Calling-Station-Id}
(8) --> 88:63:df:a5:2a:c7
(8) Load-Balance-Key := "88:63:df:a5:2a:c7"
(8) } # update control = noop
(8) [updated] = updated
(8) } # pre-proxy = updated
(8) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
(8) Sending Access-Request packet to host 10.7.0.29 port 1812, id=156, length=0
(8) User-Name = 'myUsername'
(8) Chargeable-User-Identity = 0x00
(8) Location-Capable = Civix-Location
(8) Calling-Station-Id = '88:63:df:a5:2a:c7'
(8) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(8) NAS-Port = 4
(8) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(8) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(8) Cisco-AVPair = 'mDNS=true'
(8) NAS-IP-Address = 10.250.0.19
(8) NAS-Identifier = 'Red 8510'
(8) Airespace-Wlan-Id = 8
(8) Service-Type = Framed-User
(8) Framed-MTU = 1300
(8) NAS-Port-Type = Wireless-802.11
(8) Tunnel-Type:0 = VLAN
(8) Tunnel-Medium-Type:0 = IEEE-802
(8) Tunnel-Private-Group-Id:0 = '477'
(8) EAP-Message = 0x020900061900
(8) State = 0x7f32d974783bc071723770ef4b853a0b
(8) Message-Authenticator = 0x5a346273cf37875c673969c7831b84ec
(8) Event-Timestamp = 'Sep 7 2016 10:45:35 CDT'
(8) Stripped-User-Name = 'myUsername'
(8) Realm = 'DEFAULT'
(8) EAP-Type = PEAP
(8) Proxy-State = 0x313431
Sending Access-Request Id 156 from 0.0.0.0:32820 to 10.7.0.29:1812
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020900061900
State = 0x7f32d974783bc071723770ef4b853a0b
Message-Authenticator = 0x5a346273cf37875c673969c7831b84ec
Event-Timestamp = 'Sep 7 2016 10:45:35 CDT'
Proxy-State = 0x313431
Waking up in 0.3 seconds.
Received Access-Challenge Id 156 from 10.7.0.29:1812 to 10.7.0.28:32820 length 106
EAP-Message = 0x010a002b19001703010020b994d439e402f8844ffc35d40e1619b45ea52ecc4503846b6479e88004f5b2f6
Message-Authenticator = 0xb559b631e9a05ff09a132b9b18d5f41d
State = 0x7f32d9747738c071723770ef4b853a0b
Proxy-State = 0x313431
(8) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=156, length=106
(8) EAP-Message = 0x010a002b19001703010020b994d439e402f8844ffc35d40e1619b45ea52ecc4503846b6479e88004f5b2f6
(8) Message-Authenticator = 0xb559b631e9a05ff09a132b9b18d5f41d
(8) State = 0x7f32d9747738c071723770ef4b853a0b
(8) Proxy-State = 0x313431
(8) # Executing section post-proxy from file /etc/raddb/sites-enabled/default
(8) post-proxy {
(8) eap : No pre-existing handler found
(8) [eap] = noop
(8) } # post-proxy = noop
(8) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=141, length=0
(8) EAP-Message = 0x010a002b19001703010020b994d439e402f8844ffc35d40e1619b45ea52ecc4503846b6479e88004f5b2f6
(8) Message-Authenticator = 0xb559b631e9a05ff09a132b9b18d5f41d
(8) State = 0x7f32d9747738c071723770ef4b853a0b
Sending Access-Challenge Id 141 from 10.7.0.28:1812 to 10.250.0.19:32777
EAP-Message = 0x010a002b19001703010020b994d439e402f8844ffc35d40e1619b45ea52ecc4503846b6479e88004f5b2f6
Message-Authenticator = 0xb559b631e9a05ff09a132b9b18d5f41d
State = 0x7f32d9747738c071723770ef4b853a0b
(8) Finished request
Waking up in 0.3 seconds.
Waking up in 0.1 seconds.
(0) Cleaning up request packet ID 133 with timestamp +8
Waking up in 0.5 seconds.
Received Access-Request Id 142 from 10.250.0.19:32777 to 10.7.0.28:1812 length 339
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020a002b19001703010020e9cb715bd5ec105e20f76cac2c01c5f99230edaa4d52b0e9d1c853dba7ab4aa1
State = 0x7f32d9747738c071723770ef4b853a0b
Message-Authenticator = 0xfc94b778553fb1128fab89148506888f
(9) Received Access-Request packet from host 10.250.0.19 port 32777, id=142, length=339
(9) User-Name = 'myUsername'
(9) Chargeable-User-Identity = 0x00
(9) Location-Capable = Civix-Location
(9) Calling-Station-Id = '88:63:df:a5:2a:c7'
(9) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(9) NAS-Port = 4
(9) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(9) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(9) Cisco-AVPair = 'mDNS=true'
(9) NAS-IP-Address = 10.250.0.19
(9) NAS-Identifier = 'Red 8510'
(9) Airespace-Wlan-Id = 8
(9) Service-Type = Framed-User
(9) Framed-MTU = 1300
(9) NAS-Port-Type = Wireless-802.11
(9) Tunnel-Type:0 = VLAN
(9) Tunnel-Medium-Type:0 = IEEE-802
(9) Tunnel-Private-Group-Id:0 = '477'
(9) EAP-Message = 0x020a002b19001703010020e9cb715bd5ec105e20f76cac2c01c5f99230edaa4d52b0e9d1c853dba7ab4aa1
(9) State = 0x7f32d9747738c071723770ef4b853a0b
(9) Message-Authenticator = 0xfc94b778553fb1128fab89148506888f
(9) # Executing section authorize from file /etc/raddb/sites-enabled/default
(9) authorize {
(9) filter_username filter_username {
(9) if (!&User-Name)
(9) if (!&User-Name) -> FALSE
(9) if (&User-Name =~ / /)
(9) if (&User-Name =~ / /) -> FALSE
(9) if (&User-Name =~ /@.*@/ )
(9) if (&User-Name =~ /@.*@/ ) -> FALSE
(9) if (&User-Name =~ /\\.\\./ )
(9) if (&User-Name =~ /\\.\\./ ) -> FALSE
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(9) if (&User-Name =~ /\\.$/)
(9) if (&User-Name =~ /\\.$/) -> FALSE
(9) if (&User-Name =~ /@\\./)
(9) if (&User-Name =~ /@\\./) -> FALSE
(9) } # filter_username filter_username = notfound
(9) [preprocess] = ok
(9) [chap] = noop
(9) [mschap] = noop
(9) [digest] = noop
(9) suffix : Checking for suffix after "@"
(9) suffix : No '@' in User-Name = "myUsername", looking up realm NULL
(9) suffix : Found realm "DEFAULT"
(9) suffix : Adding Stripped-User-Name = "myUsername"
(9) suffix : Adding Realm = "DEFAULT"
(9) suffix : Proxying request from user myUsername to realm DEFAULT
(9) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(9) [suffix] = updated
(9) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
(9) [eap] = noop
(9) files : users: Matched entry DEFAULT at line 2
(9) [files] = ok
(9) [expiration] = noop
(9) [logintime] = noop
(9) [pap] = noop
(9) } # authorize = updated
(9) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(9) pre-proxy {
(9) update control {
(9) EXPAND %{Calling-Station-Id}
(9) --> 88:63:df:a5:2a:c7
(9) Load-Balance-Key := "88:63:df:a5:2a:c7"
(9) } # update control = noop
(9) [updated] = updated
(9) } # pre-proxy = updated
(9) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
(9) Sending Access-Request packet to host 10.7.0.29 port 1812, id=14, length=0
(9) User-Name = 'myUsername'
(9) Chargeable-User-Identity = 0x00
(9) Location-Capable = Civix-Location
(9) Calling-Station-Id = '88:63:df:a5:2a:c7'
(9) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(9) NAS-Port = 4
(9) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(9) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(9) Cisco-AVPair = 'mDNS=true'
(9) NAS-IP-Address = 10.250.0.19
(9) NAS-Identifier = 'Red 8510'
(9) Airespace-Wlan-Id = 8
(9) Service-Type = Framed-User
(9) Framed-MTU = 1300
(9) NAS-Port-Type = Wireless-802.11
(9) Tunnel-Type:0 = VLAN
(9) Tunnel-Medium-Type:0 = IEEE-802
(9) Tunnel-Private-Group-Id:0 = '477'
(9) EAP-Message = 0x020a002b19001703010020e9cb715bd5ec105e20f76cac2c01c5f99230edaa4d52b0e9d1c853dba7ab4aa1
(9) State = 0x7f32d9747738c071723770ef4b853a0b
(9) Message-Authenticator = 0xfc94b778553fb1128fab89148506888f
(9) Event-Timestamp = 'Sep 7 2016 10:45:35 CDT'
(9) Stripped-User-Name = 'myUsername'
(9) Realm = 'DEFAULT'
(9) EAP-Type = PEAP
(9) Proxy-State = 0x313432
Sending Access-Request Id 14 from 0.0.0.0:32820 to 10.7.0.29:1812
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020a002b19001703010020e9cb715bd5ec105e20f76cac2c01c5f99230edaa4d52b0e9d1c853dba7ab4aa1
State = 0x7f32d9747738c071723770ef4b853a0b
Message-Authenticator = 0xfc94b778553fb1128fab89148506888f
Event-Timestamp = 'Sep 7 2016 10:45:35 CDT'
Proxy-State = 0x313432
Waking up in 0.3 seconds.
Received Access-Challenge Id 14 from 10.7.0.29:1812 to 10.7.0.28:32820 length 138
EAP-Message = 0x010b004b190017030100402a952dce06857b01c71e6b3c96bac014777efadb450b19ba9a517729c72562591ede479beb1284a533b040ffb50df9de4b05dbf09b2842cafe56771e0ffb557f
Message-Authenticator = 0xa42225b2698c5d719e9068b81cd29a54
State = 0x7f32d9747639c071723770ef4b853a0b
Proxy-State = 0x313432
(9) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=14, length=138
(9) EAP-Message = 0x010b004b190017030100402a952dce06857b01c71e6b3c96bac014777efadb450b19ba9a517729c72562591ede479beb1284a533b040ffb50df9de4b05dbf09b2842cafe56771e0ffb557f
(9) Message-Authenticator = 0xa42225b2698c5d719e9068b81cd29a54
(9) State = 0x7f32d9747639c071723770ef4b853a0b
(9) Proxy-State = 0x313432
(9) # Executing section post-proxy from file /etc/raddb/sites-enabled/default
(9) post-proxy {
(9) eap : No pre-existing handler found
(9) [eap] = noop
(9) } # post-proxy = noop
(9) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=142, length=0
(9) EAP-Message = 0x010b004b190017030100402a952dce06857b01c71e6b3c96bac014777efadb450b19ba9a517729c72562591ede479beb1284a533b040ffb50df9de4b05dbf09b2842cafe56771e0ffb557f
(9) Message-Authenticator = 0xa42225b2698c5d719e9068b81cd29a54
(9) State = 0x7f32d9747639c071723770ef4b853a0b
Sending Access-Challenge Id 142 from 10.7.0.28:1812 to 10.250.0.19:32777
EAP-Message = 0x010b004b190017030100402a952dce06857b01c71e6b3c96bac014777efadb450b19ba9a517729c72562591ede479beb1284a533b040ffb50df9de4b05dbf09b2842cafe56771e0ffb557f
Message-Authenticator = 0xa42225b2698c5d719e9068b81cd29a54
State = 0x7f32d9747639c071723770ef4b853a0b
(9) Finished request
Waking up in 0.3 seconds.
Waking up in 0.1 seconds.
(1) Cleaning up request packet ID 134 with timestamp +9
Waking up in 0.5 seconds.
Received Access-Request Id 143 from 10.250.0.19:32777 to 10.7.0.28:1812 length 403
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020b006b190017030100602da275e2c0a123497d8f596416abddf9cc8541b7f81ea401e9f1cd2ca4a58622009c16cdb4fecaab55fcbd546ea4a4ab945805dd9bdf5806893b788e67e76f3dddcdaf38e70b1e1742270592e954b3fca8c138c6d7e5f257868cc3722d3c2895
State = 0x7f32d9747639c071723770ef4b853a0b
Message-Authenticator = 0xc242bff0076b825acf333cbe51605d0d
(10) Received Access-Request packet from host 10.250.0.19 port 32777, id=143, length=403
(10) User-Name = 'myUsername'
(10) Chargeable-User-Identity = 0x00
(10) Location-Capable = Civix-Location
(10) Calling-Station-Id = '88:63:df:a5:2a:c7'
(10) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(10) NAS-Port = 4
(10) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(10) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(10) Cisco-AVPair = 'mDNS=true'
(10) NAS-IP-Address = 10.250.0.19
(10) NAS-Identifier = 'Red 8510'
(10) Airespace-Wlan-Id = 8
(10) Service-Type = Framed-User
(10) Framed-MTU = 1300
(10) NAS-Port-Type = Wireless-802.11
(10) Tunnel-Type:0 = VLAN
(10) Tunnel-Medium-Type:0 = IEEE-802
(10) Tunnel-Private-Group-Id:0 = '477'
(10) EAP-Message = 0x020b006b190017030100602da275e2c0a123497d8f596416abddf9cc8541b7f81ea401e9f1cd2ca4a58622009c16cdb4fecaab55fcbd546ea4a4ab945805dd9bdf5806893b788e67e76f3dddcdaf38e70b1e1742270592e954b3fca8c138c6d7e5f257868cc3722d3c2895
(10) State = 0x7f32d9747639c071723770ef4b853a0b
(10) Message-Authenticator = 0xc242bff0076b825acf333cbe51605d0d
(10) # Executing section authorize from file /etc/raddb/sites-enabled/default
(10) authorize {
(10) filter_username filter_username {
(10) if (!&User-Name)
(10) if (!&User-Name) -> FALSE
(10) if (&User-Name =~ / /)
(10) if (&User-Name =~ / /) -> FALSE
(10) if (&User-Name =~ /@.*@/ )
(10) if (&User-Name =~ /@.*@/ ) -> FALSE
(10) if (&User-Name =~ /\\.\\./ )
(10) if (&User-Name =~ /\\.\\./ ) -> FALSE
(10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(10) if (&User-Name =~ /\\.$/)
(10) if (&User-Name =~ /\\.$/) -> FALSE
(10) if (&User-Name =~ /@\\./)
(10) if (&User-Name =~ /@\\./) -> FALSE
(10) } # filter_username filter_username = notfound
(10) [preprocess] = ok
(10) [chap] = noop
(10) [mschap] = noop
(10) [digest] = noop
(10) suffix : Checking for suffix after "@"
(10) suffix : No '@' in User-Name = "myUsername", looking up realm NULL
(10) suffix : Found realm "DEFAULT"
(10) suffix : Adding Stripped-User-Name = "myUsername"
(10) suffix : Adding Realm = "DEFAULT"
(10) suffix : Proxying request from user myUsername to realm DEFAULT
(10) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(10) [suffix] = updated
(10) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
(10) [eap] = noop
(10) files : users: Matched entry DEFAULT at line 2
(10) [files] = ok
(10) [expiration] = noop
(10) [logintime] = noop
(10) [pap] = noop
(10) } # authorize = updated
(10) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(10) pre-proxy {
(10) update control {
(10) EXPAND %{Calling-Station-Id}
(10) --> 88:63:df:a5:2a:c7
(10) Load-Balance-Key := "88:63:df:a5:2a:c7"
(10) } # update control = noop
(10) [updated] = updated
(10) } # pre-proxy = updated
(10) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
(10) Sending Access-Request packet to host 10.7.0.29 port 1812, id=183, length=0
(10) User-Name = 'myUsername'
(10) Chargeable-User-Identity = 0x00
(10) Location-Capable = Civix-Location
(10) Calling-Station-Id = '88:63:df:a5:2a:c7'
(10) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(10) NAS-Port = 4
(10) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(10) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(10) Cisco-AVPair = 'mDNS=true'
(10) NAS-IP-Address = 10.250.0.19
(10) NAS-Identifier = 'Red 8510'
(10) Airespace-Wlan-Id = 8
(10) Service-Type = Framed-User
(10) Framed-MTU = 1300
(10) NAS-Port-Type = Wireless-802.11
(10) Tunnel-Type:0 = VLAN
(10) Tunnel-Medium-Type:0 = IEEE-802
(10) Tunnel-Private-Group-Id:0 = '477'
(10) EAP-Message = 0x020b006b190017030100602da275e2c0a123497d8f596416abddf9cc8541b7f81ea401e9f1cd2ca4a58622009c16cdb4fecaab55fcbd546ea4a4ab945805dd9bdf5806893b788e67e76f3dddcdaf38e70b1e1742270592e954b3fca8c138c6d7e5f257868cc3722d3c2895
(10) State = 0x7f32d9747639c071723770ef4b853a0b
(10) Message-Authenticator = 0xc242bff0076b825acf333cbe51605d0d
(10) Event-Timestamp = 'Sep 7 2016 10:45:36 CDT'
(10) Stripped-User-Name = 'myUsername'
(10) Realm = 'DEFAULT'
(10) EAP-Type = PEAP
(10) Proxy-State = 0x313433
Sending Access-Request Id 183 from 0.0.0.0:32820 to 10.7.0.29:1812
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020b006b190017030100602da275e2c0a123497d8f596416abddf9cc8541b7f81ea401e9f1cd2ca4a58622009c16cdb4fecaab55fcbd546ea4a4ab945805dd9bdf5806893b788e67e76f3dddcdaf38e70b1e1742270592e954b3fca8c138c6d7e5f257868cc3722d3c2895
State = 0x7f32d9747639c071723770ef4b853a0b
Message-Authenticator = 0xc242bff0076b825acf333cbe51605d0d
Event-Timestamp = 'Sep 7 2016 10:45:36 CDT'
Proxy-State = 0x313433
Waking up in 0.3 seconds.
Waking up in 0.1 seconds.
(10) Expecting proxy response no later than 19.499791 seconds from now
(2) Cleaning up request packet ID 135 with timestamp +9
Waking up in 0.5 seconds.
Received Access-Challenge Id 183 from 10.7.0.29:1812 to 10.7.0.28:32820 length 154
EAP-Message = 0x010c005b19001703010050e28c28af0b5f0499c200f091c5e6c4b4c6692a23e0a5b08c3a79b24afbf72c73c0d044c22dbeca8c2b8f6d6299df9c0ace358170c817f2e82ead03f44fa56c38bfc8bb4677604d57caf831c27c7ea841
Message-Authenticator = 0x60dce85f1339f1fa27a3d9b3015d5395
State = 0x7f32d974753ec071723770ef4b853a0b
Proxy-State = 0x313433
(10) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=183, length=154
(10) EAP-Message = 0x010c005b19001703010050e28c28af0b5f0499c200f091c5e6c4b4c6692a23e0a5b08c3a79b24afbf72c73c0d044c22dbeca8c2b8f6d6299df9c0ace358170c817f2e82ead03f44fa56c38bfc8bb4677604d57caf831c27c7ea841
(10) Message-Authenticator = 0x60dce85f1339f1fa27a3d9b3015d5395
(10) State = 0x7f32d974753ec071723770ef4b853a0b
(10) Proxy-State = 0x313433
(10) # Executing section post-proxy from file /etc/raddb/sites-enabled/default
(10) post-proxy {
(10) eap : No pre-existing handler found
(10) [eap] = noop
(10) } # post-proxy = noop
(10) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=143, length=0
(10) EAP-Message = 0x010c005b19001703010050e28c28af0b5f0499c200f091c5e6c4b4c6692a23e0a5b08c3a79b24afbf72c73c0d044c22dbeca8c2b8f6d6299df9c0ace358170c817f2e82ead03f44fa56c38bfc8bb4677604d57caf831c27c7ea841
(10) Message-Authenticator = 0x60dce85f1339f1fa27a3d9b3015d5395
(10) State = 0x7f32d974753ec071723770ef4b853a0b
Sending Access-Challenge Id 143 from 10.7.0.28:1812 to 10.250.0.19:32777
EAP-Message = 0x010c005b19001703010050e28c28af0b5f0499c200f091c5e6c4b4c6692a23e0a5b08c3a79b24afbf72c73c0d044c22dbeca8c2b8f6d6299df9c0ace358170c817f2e82ead03f44fa56c38bfc8bb4677604d57caf831c27c7ea841
Message-Authenticator = 0x60dce85f1339f1fa27a3d9b3015d5395
State = 0x7f32d974753ec071723770ef4b853a0b
(10) Finished request
(3) Cleaning up request packet ID 136 with timestamp +10
Waking up in 0.3 seconds.
Waking up in 0.2 seconds.
Received Access-Request Id 144 from 10.250.0.19:32777 to 10.7.0.28:1812 length 339
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020c002b19001703010020911ecd2d497a5e7dae6ad8d5c34f8a92e478d38e2983c8df3ada40d274fc1590
State = 0x7f32d974753ec071723770ef4b853a0b
Message-Authenticator = 0x578cbfc6ebd90cea760bf130e5c2b704
(11) Received Access-Request packet from host 10.250.0.19 port 32777, id=144, length=339
(11) User-Name = 'myUsername'
(11) Chargeable-User-Identity = 0x00
(11) Location-Capable = Civix-Location
(11) Calling-Station-Id = '88:63:df:a5:2a:c7'
(11) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(11) NAS-Port = 4
(11) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(11) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(11) Cisco-AVPair = 'mDNS=true'
(11) NAS-IP-Address = 10.250.0.19
(11) NAS-Identifier = 'Red 8510'
(11) Airespace-Wlan-Id = 8
(11) Service-Type = Framed-User
(11) Framed-MTU = 1300
(11) NAS-Port-Type = Wireless-802.11
(11) Tunnel-Type:0 = VLAN
(11) Tunnel-Medium-Type:0 = IEEE-802
(11) Tunnel-Private-Group-Id:0 = '477'
(11) EAP-Message = 0x020c002b19001703010020911ecd2d497a5e7dae6ad8d5c34f8a92e478d38e2983c8df3ada40d274fc1590
(11) State = 0x7f32d974753ec071723770ef4b853a0b
(11) Message-Authenticator = 0x578cbfc6ebd90cea760bf130e5c2b704
(11) # Executing section authorize from file /etc/raddb/sites-enabled/default
(11) authorize {
(11) filter_username filter_username {
(11) if (!&User-Name)
(11) if (!&User-Name) -> FALSE
(11) if (&User-Name =~ / /)
(11) if (&User-Name =~ / /) -> FALSE
(11) if (&User-Name =~ /@.*@/ )
(11) if (&User-Name =~ /@.*@/ ) -> FALSE
(11) if (&User-Name =~ /\\.\\./ )
(11) if (&User-Name =~ /\\.\\./ ) -> FALSE
(11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(11) if (&User-Name =~ /\\.$/)
(11) if (&User-Name =~ /\\.$/) -> FALSE
(11) if (&User-Name =~ /@\\./)
(11) if (&User-Name =~ /@\\./) -> FALSE
(11) } # filter_username filter_username = notfound
(11) [preprocess] = ok
(11) [chap] = noop
(11) [mschap] = noop
(11) [digest] = noop
(11) suffix : Checking for suffix after "@"
(11) suffix : No '@' in User-Name = "myUsername", looking up realm NULL
(11) suffix : Found realm "DEFAULT"
(11) suffix : Adding Stripped-User-Name = "myUsername"
(11) suffix : Adding Realm = "DEFAULT"
(11) suffix : Proxying request from user myUsername to realm DEFAULT
(11) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(11) [suffix] = updated
(11) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
(11) [eap] = noop
(11) files : users: Matched entry DEFAULT at line 2
(11) [files] = ok
(11) [expiration] = noop
(11) [logintime] = noop
(11) [pap] = noop
(11) } # authorize = updated
(11) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(11) pre-proxy {
(11) update control {
(11) EXPAND %{Calling-Station-Id}
(11) --> 88:63:df:a5:2a:c7
(11) Load-Balance-Key := "88:63:df:a5:2a:c7"
(11) } # update control = noop
(11) [updated] = updated
(11) } # pre-proxy = updated
(11) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
(11) Sending Access-Request packet to host 10.7.0.29 port 1812, id=253, length=0
(11) User-Name = 'myUsername'
(11) Chargeable-User-Identity = 0x00
(11) Location-Capable = Civix-Location
(11) Calling-Station-Id = '88:63:df:a5:2a:c7'
(11) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(11) NAS-Port = 4
(11) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(11) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(11) Cisco-AVPair = 'mDNS=true'
(11) NAS-IP-Address = 10.250.0.19
(11) NAS-Identifier = 'Red 8510'
(11) Airespace-Wlan-Id = 8
(11) Service-Type = Framed-User
(11) Framed-MTU = 1300
(11) NAS-Port-Type = Wireless-802.11
(11) Tunnel-Type:0 = VLAN
(11) Tunnel-Medium-Type:0 = IEEE-802
(11) Tunnel-Private-Group-Id:0 = '477'
(11) EAP-Message = 0x020c002b19001703010020911ecd2d497a5e7dae6ad8d5c34f8a92e478d38e2983c8df3ada40d274fc1590
(11) State = 0x7f32d974753ec071723770ef4b853a0b
(11) Message-Authenticator = 0x578cbfc6ebd90cea760bf130e5c2b704
(11) Event-Timestamp = 'Sep 7 2016 10:45:37 CDT'
(11) Stripped-User-Name = 'myUsername'
(11) Realm = 'DEFAULT'
(11) EAP-Type = PEAP
(11) Proxy-State = 0x313434
Sending Access-Request Id 253 from 0.0.0.0:32820 to 10.7.0.29:1812
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020c002b19001703010020911ecd2d497a5e7dae6ad8d5c34f8a92e478d38e2983c8df3ada40d274fc1590
State = 0x7f32d974753ec071723770ef4b853a0b
Message-Authenticator = 0x578cbfc6ebd90cea760bf130e5c2b704
Event-Timestamp = 'Sep 7 2016 10:45:37 CDT'
Proxy-State = 0x313434
(4) Cleaning up request packet ID 137 with timestamp +10
Waking up in 0.2 seconds.
Waking up in 0.1 seconds.
(11) Expecting proxy response no later than 19.499789 seconds from now
Waking up in 0.1 seconds.
(5) Cleaning up request packet ID 138 with timestamp +11
Waking up in 0.5 seconds.
Received Access-Challenge Id 253 from 10.7.0.29:1812 to 10.7.0.28:32820 length 106
EAP-Message = 0x010d002b190017030100200403349d9bc7d3fcb0026f77dec021dab2ea898176664dd8b72b2a4f5a3a05c2
Message-Authenticator = 0x300f82004967dab208d08d9bc44e0faa
State = 0x7f32d974743fc071723770ef4b853a0b
Proxy-State = 0x313434
(11) Received Access-Challenge packet from host 10.7.0.29 port 1812, id=253, length=106
(11) EAP-Message = 0x010d002b190017030100200403349d9bc7d3fcb0026f77dec021dab2ea898176664dd8b72b2a4f5a3a05c2
(11) Message-Authenticator = 0x300f82004967dab208d08d9bc44e0faa
(11) State = 0x7f32d974743fc071723770ef4b853a0b
(11) Proxy-State = 0x313434
(11) # Executing section post-proxy from file /etc/raddb/sites-enabled/default
(11) post-proxy {
(11) eap : No pre-existing handler found
(11) [eap] = noop
(11) } # post-proxy = noop
(11) Sending Access-Challenge packet to host 10.250.0.19 port 32777, id=144, length=0
(11) EAP-Message = 0x010d002b190017030100200403349d9bc7d3fcb0026f77dec021dab2ea898176664dd8b72b2a4f5a3a05c2
(11) Message-Authenticator = 0x300f82004967dab208d08d9bc44e0faa
(11) State = 0x7f32d974743fc071723770ef4b853a0b
Sending Access-Challenge Id 144 from 10.7.0.28:1812 to 10.250.0.19:32777
EAP-Message = 0x010d002b190017030100200403349d9bc7d3fcb0026f77dec021dab2ea898176664dd8b72b2a4f5a3a05c2
Message-Authenticator = 0x300f82004967dab208d08d9bc44e0faa
State = 0x7f32d974743fc071723770ef4b853a0b
(11) Finished request
(6) Cleaning up request packet ID 139 with timestamp +12
Waking up in 0.2 seconds.
Waking up in 0.3 seconds.
Received Access-Request Id 145 from 10.250.0.19:32777 to 10.7.0.28:1812 length 339
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020d002b19001703010020f5be6094de8c99ffc9a8273924c8a31d6ff7972691b7ada6632f5872eedfbb55
State = 0x7f32d974743fc071723770ef4b853a0b
Message-Authenticator = 0xfcfa5d93078a1affcb6cb3e7b745229e
(12) Received Access-Request packet from host 10.250.0.19 port 32777, id=145, length=339
(12) User-Name = 'myUsername'
(12) Chargeable-User-Identity = 0x00
(12) Location-Capable = Civix-Location
(12) Calling-Station-Id = '88:63:df:a5:2a:c7'
(12) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(12) NAS-Port = 4
(12) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(12) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(12) Cisco-AVPair = 'mDNS=true'
(12) NAS-IP-Address = 10.250.0.19
(12) NAS-Identifier = 'Red 8510'
(12) Airespace-Wlan-Id = 8
(12) Service-Type = Framed-User
(12) Framed-MTU = 1300
(12) NAS-Port-Type = Wireless-802.11
(12) Tunnel-Type:0 = VLAN
(12) Tunnel-Medium-Type:0 = IEEE-802
(12) Tunnel-Private-Group-Id:0 = '477'
(12) EAP-Message = 0x020d002b19001703010020f5be6094de8c99ffc9a8273924c8a31d6ff7972691b7ada6632f5872eedfbb55
(12) State = 0x7f32d974743fc071723770ef4b853a0b
(12) Message-Authenticator = 0xfcfa5d93078a1affcb6cb3e7b745229e
(12) # Executing section authorize from file /etc/raddb/sites-enabled/default
(12) authorize {
(12) filter_username filter_username {
(12) if (!&User-Name)
(12) if (!&User-Name) -> FALSE
(12) if (&User-Name =~ / /)
(12) if (&User-Name =~ / /) -> FALSE
(12) if (&User-Name =~ /@.*@/ )
(12) if (&User-Name =~ /@.*@/ ) -> FALSE
(12) if (&User-Name =~ /\\.\\./ )
(12) if (&User-Name =~ /\\.\\./ ) -> FALSE
(12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(12) if (&User-Name =~ /\\.$/)
(12) if (&User-Name =~ /\\.$/) -> FALSE
(12) if (&User-Name =~ /@\\./)
(12) if (&User-Name =~ /@\\./) -> FALSE
(12) } # filter_username filter_username = notfound
(12) [preprocess] = ok
(12) [chap] = noop
(12) [mschap] = noop
(12) [digest] = noop
(12) suffix : Checking for suffix after "@"
(12) suffix : No '@' in User-Name = "myUsername", looking up realm NULL
(12) suffix : Found realm "DEFAULT"
(12) suffix : Adding Stripped-User-Name = "myUsername"
(12) suffix : Adding Realm = "DEFAULT"
(12) suffix : Proxying request from user myUsername to realm DEFAULT
(12) suffix : Preparing to proxy authentication request to realm "DEFAULT"
(12) [suffix] = updated
(12) eap : Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
(12) [eap] = noop
(12) files : users: Matched entry DEFAULT at line 2
(12) [files] = ok
(12) [expiration] = noop
(12) [logintime] = noop
(12) [pap] = noop
(12) } # authorize = updated
(12) # Executing section pre-proxy from file /etc/raddb/sites-enabled/default
(12) pre-proxy {
(12) update control {
(12) EXPAND %{Calling-Station-Id}
(12) --> 88:63:df:a5:2a:c7
(12) Load-Balance-Key := "88:63:df:a5:2a:c7"
(12) } # update control = noop
(12) [updated] = updated
(12) } # pre-proxy = updated
(12) Proxying request to home server 10.7.0.29 port 1812 timeout 20.000000
(12) Sending Access-Request packet to host 10.7.0.29 port 1812, id=118, length=0
(12) User-Name = 'myUsername'
(12) Chargeable-User-Identity = 0x00
(12) Location-Capable = Civix-Location
(12) Calling-Station-Id = '88:63:df:a5:2a:c7'
(12) Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
(12) NAS-Port = 4
(12) Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
(12) Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
(12) Cisco-AVPair = 'mDNS=true'
(12) NAS-IP-Address = 10.250.0.19
(12) NAS-Identifier = 'Red 8510'
(12) Airespace-Wlan-Id = 8
(12) Service-Type = Framed-User
(12) Framed-MTU = 1300
(12) NAS-Port-Type = Wireless-802.11
(12) Tunnel-Type:0 = VLAN
(12) Tunnel-Medium-Type:0 = IEEE-802
(12) Tunnel-Private-Group-Id:0 = '477'
(12) EAP-Message = 0x020d002b19001703010020f5be6094de8c99ffc9a8273924c8a31d6ff7972691b7ada6632f5872eedfbb55
(12) State = 0x7f32d974743fc071723770ef4b853a0b
(12) Message-Authenticator = 0xfcfa5d93078a1affcb6cb3e7b745229e
(12) Event-Timestamp = 'Sep 7 2016 10:45:39 CDT'
(12) Stripped-User-Name = 'myUsername'
(12) Realm = 'DEFAULT'
(12) EAP-Type = PEAP
(12) Proxy-State = 0x313435
Sending Access-Request Id 118 from 0.0.0.0:32820 to 10.7.0.29:1812
User-Name = 'myUsername'
Chargeable-User-Identity = 0x00
Location-Capable = Civix-Location
Calling-Station-Id = '88:63:df:a5:2a:c7'
Called-Station-Id = '7c:95:f3:74:d7:00:myOrg Test'
NAS-Port = 4
Cisco-AVPair = 'audit-session-id=1300fa0a0123a7ea281ed057'
Acct-Session-Id = '57d01e28/88:63:df:a5:2a:c7/12483975'
Cisco-AVPair = 'mDNS=true'
NAS-IP-Address = 10.250.0.19
NAS-Identifier = 'Red 8510'
Airespace-Wlan-Id = 8
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = '477'
EAP-Message = 0x020d002b19001703010020f5be6094de8c99ffc9a8273924c8a31d6ff7972691b7ada6632f5872eedfbb55
State = 0x7f32d974743fc071723770ef4b853a0b
Message-Authenticator = 0xfcfa5d93078a1affcb6cb3e7b745229e
Event-Timestamp = 'Sep 7 2016 10:45:39 CDT'
Proxy-State = 0x313435
Received Access-Accept Id 118 from 10.7.0.29:1812 to 10.7.0.28:32820 length 174
MS-MPPE-Recv-Key = 0x87d6d56616f17435791ec25e960ef9fcbb21bd47bdb2eb1c15159c36c9bb784f
MS-MPPE-Send-Key = 0x307ca9d1487812fefdd04427922b02676fde3978a1525dd9fdfc1580209c606f
EAP-Message = 0x030d0004
Message-Authenticator = 0x724b9960b386632612c62d9408baf6f5
User-Name = 'myUsername'
Proxy-State = 0x313435
(12) Received Access-Accept packet from host 10.7.0.29 port 1812, id=118, length=174
(12) MS-MPPE-Recv-Key = 0x87d6d56616f17435791ec25e960ef9fcbb21bd47bdb2eb1c15159c36c9bb784f
(12) MS-MPPE-Send-Key = 0x307ca9d1487812fefdd04427922b02676fde3978a1525dd9fdfc1580209c606f
(12) EAP-Message = 0x030d0004
(12) Message-Authenticator = 0x724b9960b386632612c62d9408baf6f5
(12) User-Name = 'myUsername'
(12) Proxy-State = 0x313435
(12) # Executing section post-proxy from file /etc/raddb/sites-enabled/default
(12) post-proxy {
(12) eap : No pre-existing handler found
(12) [eap] = noop
(12) } # post-proxy = noop
(12) Found Auth-Type = Accept
(12) Auth-Type = Accept, accepting the user
(12) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(12) post-auth {
(12) [exec] = noop
(12) remove_reply_message_if_eap remove_reply_message_if_eap {
(12) if (&reply:EAP-Message && &reply:Reply-Message)
(12) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(12) else else {
(12) [noop] = noop
(12) } # else else = noop
(12) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(12) } # post-auth = noop
(12) Sending Access-Accept packet to host 10.250.0.19 port 32777, id=145, length=0
(12) MS-MPPE-Recv-Key = 0x87d6d56616f17435791ec25e960ef9fcbb21bd47bdb2eb1c15159c36c9bb784f
(12) MS-MPPE-Send-Key = 0x307ca9d1487812fefdd04427922b02676fde3978a1525dd9fdfc1580209c606f
(12) EAP-Message = 0x030d0004
(12) Message-Authenticator = 0x724b9960b386632612c62d9408baf6f5
(12) User-Name = 'myUsername'
Sending Access-Accept Id 145 from 10.7.0.28:1812 to 10.250.0.19:32777
MS-MPPE-Recv-Key = 0x87d6d56616f17435791ec25e960ef9fcbb21bd47bdb2eb1c15159c36c9bb784f
MS-MPPE-Send-Key = 0x307ca9d1487812fefdd04427922b02676fde3978a1525dd9fdfc1580209c606f
EAP-Message = 0x030d0004
Message-Authenticator = 0x724b9960b386632612c62d9408baf6f5
User-Name = 'myUsername'
(12) Finished request
(7) Cleaning up request packet ID 140 with timestamp +12
Waking up in 0.2 seconds.
Waking up in 0.3 seconds.
(8) Cleaning up request packet ID 141 with timestamp +13
Waking up in 0.5 seconds.
(9) Cleaning up request packet ID 142 with timestamp +13
Waking up in 1.6 seconds.
(10) Cleaning up request packet ID 143 with timestamp +14
Waking up in 1.6 seconds.
https://directory.uark.edu/people/sgardne
Senior Network Engineer
University of Arkansas, ITS-NET
More information about the Freeradius-Users
mailing list