Terminate EAP-TTLS then proxy
adrian.p.smith at bt.com
adrian.p.smith at bt.com
Tue Jun 13 14:42:26 CEST 2017
If I send a (non-EAP) request directly to the inner tunnel, it does get proxied ok.
-----Original Message-----
From: Smith,AP,Adrian,TNK6 R
Sent: 13 June 2017 10:43
To: 'FreeRadius users mailing list'
Subject: RE: Terminate EAP-TTLS then proxy
Here is the full debug output which hopefully shows all the proxy configuration:
FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 2 2012 at 18:42:42
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including files in directory /etc/raddb/proxies/
including configuration file /etc/raddb/proxies/mis.conf
including configuration file /etc/raddb/proxies/vodafone.lab.conf
including configuration file /etc/raddb/proxies/sps_fr.lab.conf
including configuration file /etc/raddb/proxies/bt_mobile_consumer.lab.conf
including configuration file /etc/raddb/proxies/mna.lab.conf
including configuration file /etc/raddb/proxies/tbb_802_1x.lab.conf
including configuration file /etc/raddb/proxies/ip_tracker.lab.conf
including configuration file /etc/raddb/proxies/proxy.conf
including configuration file /etc/raddb/proxies/wifi_roam_realms.conf
including configuration file /etc/raddb/proxies/consulate.lab.conf
including configuration file /etc/raddb/proxies/paulw_test_lab.conf
including configuration file /etc/raddb/proxies/wifi_roam.lab.conf
including configuration file /etc/raddb/proxies/nonso_test_lab.conf
including configuration file /etc/raddb/proxies/mis.lab.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/detail-store.btngh.openzone.com
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/sql_log_store
including configuration file /etc/raddb/modules/detail.iptracker
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/soh
including configuration file /etc/raddb/modules/rediswho
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/replicate
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/detail.btngh.openzone.com
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/redis
including configuration file /etc/raddb/modules/detail.vodafone
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/detail.wifi-roam
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/detail.consulate
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/detail.relay-wlc-mis
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/acct_wifi-roam
including configuration file /etc/raddb/sites-enabled/consulate-server
including configuration file /etc/raddb/sites-enabled/wifi_roam-server
including configuration file /etc/raddb/sites-enabled/nonso_wifi_roam-server
including configuration file /etc/raddb/sites-enabled/acct_iptracker
including configuration file /etc/raddb/sites-enabled/bt-mobile-consumer-server
including configuration file /etc/raddb/sites-enabled/acct_consulate
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/acct_aggregator_wlc
including configuration file /etc/raddb/sites-enabled/vodafone
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/testing_802.1x
including configuration file /etc/raddb/sites-enabled/acct_aggregator
including configuration file /etc/raddb/sites-enabled/802.1x-server
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server mis-acct-relay-server-1 {
ipaddr = 192.168.160.16
port = 1813
type = "acct"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server mis-acct-relay-server-2 {
ipaddr = 192.168.160.17
port = 1813
type = "acct"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server par {
ipaddr = 192.168.24.22
port = 1645
type = "auth+acct"
secret = "BTpwlan-rds"
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
username = "test_user_please_reject_me"
password = "this is meaningless"
}
home_server SPS_FR {
ipaddr = 192.168.19.20
port = 1812
type = "auth"
secret = "RVfbRy4T"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server bt-mobile-consumer-acct-spool-server {
virtual_server = "bt-mobile-consumer-server-acct"
port = 0
type = "acct"
response_window = 30
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
}
home_server mna-auth-server-harmondsworth-a {
ipaddr = 193.113.44.19
port = 1645
type = "auth"
secret = "nean1ngTwoLiph3"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
username = "server at test.alive.com"
password = "this is meaningless"
}
home_server mna-auth-server-harmondsworth-b {
ipaddr = 193.113.44.20
port = 1645
type = "auth"
secret = "nean1ngTwoLiph3"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
username = "server at test.alive.com"
password = "this is meaningless"
}
home_server mna-auth-server-reigate-a {
ipaddr = 193.113.44.21
port = 1645
type = "auth"
secret = "nean1ngTwoLiph3"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
username = "server at test.alive.com"
password = "this is meaningless"
}
home_server mna-auth-server-reigate-b {
ipaddr = 193.113.44.22
port = 1645
type = "auth"
secret = "nean1ngTwoLiph3"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "request"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
username = "server at test.alive.com"
password = "this is meaningless"
}
home_server tbb_802.1x-acct-spool-server {
virtual_server = "tbb_802.1x-server-acct"
port = 0
type = "acct"
response_window = 30
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
}
home_server IPTracker {
ipaddr = 193.113.44.16
port = 1813
type = "acct"
secret = "mysecret"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server consulate-server-1 {
ipaddr = 193.113.24.74
port = 1645
type = "auth+acct"
secret = "BCt0ONn53uPLh40tn332013"
response_window = 30
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
}
home_server consulate-acct {
virtual_server = "consulate-server-acct"
port = 0
response_window = 30
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
}
home_server testing-802.1x-auth-server {
ipaddr = 192.168.49.99
port = 1812
type = "auth+acct"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server wifi-roam-server-1 {
ipaddr = 147.152.56.119
port = 1812
type = "auth+acct"
secret = "radius123"
response_window = 30
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
}
home_server wifi-roam-acct {
virtual_server = "wifi-roam-server-acct"
port = 0
response_window = 30
max_outstanding = 65536
zombie_period = 40
status_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 300
status_check_timeout = 4
}
home_server_pool mis-acct-relay-pool {
type = fail-over
home_server = mis-acct-relay-server-1
home_server = mis-acct-relay-server-2
}
realm acct_mis_aggregator {
acct_pool = mis-acct-relay-pool
}
home_server_pool vf_auth_failover {
type = fail-over
virtual_server = vf-server-auth
home_server = par
}
realm wlan.mnc015.mcc234.3gppnetwork.org {
auth_pool = vf_auth_failover
nostrip
}
home_server_pool SPS_FR_pool {
home_server = SPS_FR
}
realm passpoint {
auth_pool = SPS_FR_pool
nostrip
}
home_server_pool bt-mobile-consumer-auth-pool {
type = fail-over
virtual_server = bt-mobile-consumer-server-auth
home_server = mna-auth-server-harmondsworth-a
home_server = mna-auth-server-harmondsworth-b
home_server = mna-auth-server-reigate-a
home_server = mna-auth-server-reigate-b
}
home_server_pool bt-mobile-consumer-acct-pool {
home_server = bt-mobile-consumer-acct-spool-server
}
realm wlan.mnc030.mcc234.3gppnetwork.org {
auth_pool = bt-mobile-consumer-auth-pool
acct_pool = bt-mobile-consumer-acct-pool
nostrip
}
home_server_pool tbb_802.1x-auth-pool {
type = fail-over
virtual_server = tbb_802.1x-server-auth
home_server = mna-auth-server-harmondsworth-a
home_server = mna-auth-server-harmondsworth-b
home_server = mna-auth-server-reigate-a
home_server = mna-auth-server-reigate-b
}
home_server_pool tbb_802.1x-acct-pool {
home_server = tbb_802.1x-acct-spool-server
}
realm 8021x:BTRCon {
auth_pool = tbb_802.1x-auth-pool
acct_pool = tbb_802.1x-acct-pool
nostrip
}
home_server_pool IPTracker_pool {
home_server = IPTracker
}
realm iptracker {
acct_pool = IPTracker_pool
}
realm LOCAL {
}
home_server_pool wifi-roam-auth-pool {
type = fail-over
virtual_server = wifi-roam-server-auth
home_server = wifi-roam-server-1
}
home_server_pool wifi-roam-acct-pool {
home_server = wifi-roam-acct
}
realm adastral.bt.com {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
home_server_pool wifi-roam-mobile-data-offload-auth-pool {
type = fail-over
virtual_server = wifi-roam-server-mobile-data-offload-auth
home_server = wifi-roam-server-1
}
realm adastral-offload.bt.com {
auth_pool = wifi-roam-mobile-data-offload-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
realm wlan.mnc008.mcc450.3gppnetwork.org {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
realm ktwifi.com {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
realm wlan.mnc410.mcc310.3gppnetwork.org {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
realm bandwidthx {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
realm bwxeap {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
realm wlan.mnc023.mcc724.3gppnetwork.org {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
realm wlan.mnc010.mcc724.3gppnetwork.org {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
realm wlan.mnc011.mcc724.3gppnetwork.org {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
realm wlan.mnc006.mcc724.3gppnetwork.org {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
realm wlan.mnc004.mcc410.3gppnetwork.org {
auth_pool = wifi-roam-mobile-data-offload-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
realm wlan.mnc050.mcc621.3gppnetwork.org {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
realm wlan.mnc010.mcc440.3gppnetwork.org {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
realm wifiroam.bt.com {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
home_server_pool consulate-auth-pool {
virtual_server = consulate-server-auth
home_server = consulate-server-1
}
home_server_pool consulate-acct-pool {
home_server = consulate-acct
}
realm wlan.mnc008.mcc234.3gppnetwork.org {
auth_pool = consulate-auth-pool
acct_pool = consulate-acct-pool
nostrip
}
home_server_pool consulate-acct-relay-pool {
home_server = consulate-server-1
}
realm acct_consulate {
acct_pool = consulate-acct-relay-pool
nostrip
}
home_server_pool testing-802.1x-auth-pool {
virtual_server = testing_802.1x-server
home_server = testing-802.1x-auth-server
}
realm 1xTesting {
auth_pool = testing-802.1x-auth-pool
acct_pool = tbb_802.1x-acct-pool
nostrip
}
home_server_pool wifi-roam-acct-relay-pool {
type = fail-over
home_server = wifi-roam-server-1
}
realm acct_wifi-roam {
acct_pool = wifi-roam-acct-relay-pool
nostrip
}
realm wifi-roam {
auth_pool = wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
home_server_pool nonso-wifi-roam-auth-pool {
type = fail-over
virtual_server = nonso-wifi-roam-server-auth
home_server = mna-auth-server-harmondsworth-a
}
realm nonso {
auth_pool = nonso-wifi-roam-auth-pool
acct_pool = wifi-roam-acct-pool
nostrip
}
home_server_pool testing-802.1x-acct-pool {
home_server = testing-802.1x-auth-server
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
shortname = "localhost"
nastype = "other"
}
client 192.168.70.0/24 {
require_message_authenticator = no
secret = "cisco"
shortname = "isg-ssg-net-1"
nastype = "cisco"
}
client 192.168.170.0/24 {
require_message_authenticator = no
secret = "cisco"
shortname = "isg-ssg-net-2"
nastype = "cisco"
}
client 192.168.14.0/24 {
require_message_authenticator = no
secret = "cisco"
shortname = "isg-ssg-net-3"
nastype = "cisco"
}
client 192.168.100.31 {
require_message_authenticator = no
secret = "m0n1t0r"
shortname = "monitor-1"
}
client 192.168.160.31 {
require_message_authenticator = no
secret = "m0n1t0r"
shortname = "monitor-2"
}
client 192.168.79.2 {
require_message_authenticator = no
secret = "Vop&in2SwAsf"
shortname = "ACE-Probe"
nastype = "cisco"
}
client 192.168.79.3 {
require_message_authenticator = no
secret = "Vop&in2SwAsf"
shortname = "ACE-Probe"
nastype = "cisco"
}
client 192.168.179.2 {
require_message_authenticator = no
secret = "Vop&in2SwAsf"
shortname = "ACE-Probe"
nastype = "cisco"
}
client 192.168.179.3 {
require_message_authenticator = no
secret = "Vop&in2SwAsf"
shortname = "ACE-Probe"
nastype = "cisco"
}
client 192.168.18.2 {
require_message_authenticator = no
secret = "Vop&in2SwAsf"
shortname = "ACE-Probe"
nastype = "cisco"
}
client 192.168.18.3 {
require_message_authenticator = no
secret = "Vop&in2SwAsf"
shortname = "ACE-Probe"
nastype = "cisco"
}
client 192.168.49.96 {
require_message_authenticator = no
secret = "8021x"
}
client 10.0.0.0/8 {
require_message_authenticator = no
secret = "1t5b1gg3rthan1tl00k5"
nastype = "cisco"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/raddb/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
modules {
Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/raddb/eap.conf
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
CA_file = "/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/raddb/certs/dh"
random_file = "/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess
preprocess {
huntgroups = "/etc/raddb/huntgroups"
hints = "/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
allow_retry = yes
}
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file /etc/raddb/modules/digest
Module: Linked to module rlm_realm
Module: Instantiating module "IPASS" from file /etc/raddb/modules/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
Module: Instantiating module "suffix" from file /etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/raddb/modules/files
files {
usersfile = "/etc/raddb/users"
acctusersfile = "/etc/raddb/acct_users"
preproxy_usersfile = "/etc/raddb/preproxy_users"
compat = "no"
}
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/raddb/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Loading virtual module update_proxy_realm_for_wifi_roam_ee_traffic
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Framed-IP-Address, NAS-Port-Id"
}
Module: Checking accounting {...} for more modules to load
Module: Loading virtual module update_proxy_realm_for_wifi_roam_ee_traffic
Module: Linked to module rlm_detail
Module: Instantiating module "detail.relay-wlc-mis" from file /etc/raddb/modules/detail.relay-wlc-mis
detail detail.relay-wlc-mis {
detailfile = "/var/log/radius/radacct/relay-wlc-mis-acct/detail-%Y%m%d:%H"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_always
Module: Instantiating module "ok" from file /etc/raddb/modules/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_sql_log
Module: Instantiating module "sql_log" from file /etc/raddb/modules/sql_log
sql_log {
path = "/var/log/radius/radacct/relay-acct/reject-%Y%m%d:%H"
Post-Auth = "%t Acct-Status-Type = Interim-Update User-Name = "%{User-Name}" Acct-Session-Id = "REJECT" BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}" NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Called-Station-Id = %{Called-Station-Id} Calling-Station-Id = %{Calling-Station-Id} Acct-Delay-Time = 0 Timestamp = %l "
sql_user_name = "%{%{User-Name}:-DEFAULT}"
utf8 = yes
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
Module: Instantiating module "sql_log_store" from file /etc/raddb/modules/sql_log_store
sql_log sql_log_store {
path = "/var/log/radius/radacct/store-acct/reject-%Y%m%d:%H"
Post-Auth = "%t Acct-Status-Type = Interim-Update User-Name = "%{User-Name}" Acct-Session-Id = "REJECT" BTOpenzone-Reject-Message = "8021xReject:%{reply:Reply-Message}" NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Called-Station-Id = %{Called-Station-Id} Calling-Station-Id = %{Calling-Station-Id} Acct-Delay-Time = 0 Timestamp = %l "
sql_user_name = "%{%{User-Name}:-DEFAULT}"
utf8 = yes
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
} # modules
} # server
server acct_wifi-roam { # from file /etc/raddb/sites-enabled/acct_wifi-roam
modules {
Module: Checking accounting {...} for more modules to load
} # modules
} # server
server consulate-server-auth { # from file /etc/raddb/sites-enabled/consulate-server
modules {
Module: Checking post-proxy {...} for more modules to load
} # modules
} # server
server consulate-server-acct { # from file /etc/raddb/sites-enabled/consulate-server
modules {
Module: Checking accounting {...} for more modules to load
Module: Loading virtual module set_customer_info_vsa
Module: Loading virtual module log_packet
Module: Instantiating module "detail-store.btngh.openzone.com" from file /etc/raddb/modules/detail-store.btngh.openzone.com
detail detail-store.btngh.openzone.com {
detailfile = "/var/log/radius/radacct/store-acct/detail-%Y%m%d:%H"
header = "%t"
detailperm = 416
dirperm = 493
locking = no
log_packet_header = no
}
Module: Loading virtual module proxy_to_mis
Module: Instantiating module "detail.btngh.openzone.com" from file /etc/raddb/modules/detail.btngh.openzone.com
detail detail.btngh.openzone.com {
detailfile = "/var/log/radius/radacct/relay-acct/detail-%Y%m%d:%H"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Loading virtual module remove_btopenzone_vsas
Module: Instantiating module "detail.consulate" from file /etc/raddb/modules/detail.consulate
detail detail.consulate {
detailfile = "/var/log/radius/radacct/consulate/detail-%Y%m%d:%H"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
} # modules
} # server
server wifi-roam-server-auth { # from file /etc/raddb/sites-enabled/wifi_roam-server
modules {
Module: Checking pre-proxy {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
} # modules
} # server
server wifi-roam-server-mobile-data-offload-auth { # from file /etc/raddb/sites-enabled/wifi_roam-server
modules {
Module: Checking pre-proxy {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
} # modules
} # server
server wifi-roam-server-acct { # from file /etc/raddb/sites-enabled/wifi_roam-server
modules {
Module: Checking accounting {...} for more modules to load
Module: Loading virtual module set_customer_info_vsa
Module: Loading virtual module log_packet
Module: Loading virtual module proxy_to_mis
Module: Loading virtual module remove_btopenzone_vsas
Module: Instantiating module "detail.wifi-roam" from file /etc/raddb/modules/detail.wifi-roam
detail detail.wifi-roam {
detailfile = "/var/log/radius/radacct/wifi-roam/detail-%Y%m%d:%H"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
} # modules
} # server
server nonso-wifi-roam-server-auth { # from file /etc/raddb/sites-enabled/nonso_wifi_roam-server
modules {
Module: Checking pre-proxy {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
} # modules
} # server
server acct_iptracker { # from file /etc/raddb/sites-enabled/acct_iptracker
modules {
Module: Checking accounting {...} for more modules to load
} # modules
} # server
server bt-mobile-consumer-server-auth { # from file /etc/raddb/sites-enabled/bt-mobile-consumer-server
modules {
Module: Checking pre-proxy {...} for more modules to load
Module: Instantiating module "reject" from file /etc/raddb/modules/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
Module: Checking post-proxy {...} for more modules to load
} # modules
} # server
server bt-mobile-consumer-server-acct { # from file /etc/raddb/sites-enabled/bt-mobile-consumer-server
modules {
Module: Checking accounting {...} for more modules to load
Module: Loading virtual module set_customer_info_vsa
Module: Loading virtual module log_packet
Module: Loading virtual module proxy_to_mis
Module: Loading virtual module set_class_with_parental_control_csfid
Module: Loading virtual module proxy_to_iptracker
Module: Instantiating module "detail.iptracker" from file /etc/raddb/modules/detail.iptracker
detail detail.iptracker {
detailfile = "/var/log/radius/radacct/iptracker/detail-%Y%m%d:%H"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
} # modules
} # server
server acct_consulate { # from file /etc/raddb/sites-enabled/acct_consulate
modules {
Module: Checking accounting {...} for more modules to load
} # modules
} # server
server acct_aggregator_wlc { # from file /etc/raddb/sites-enabled/acct_aggregator_wlc
modules {
Module: Checking accounting {...} for more modules to load
} # modules
} # server
server vf-server-auth { # from file /etc/raddb/sites-enabled/vodafone
modules {
Module: Checking pre-proxy {...} for more modules to load
} # modules
} # server
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/raddb/modules/unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
server testing_802.1x-server { # from file /etc/raddb/sites-enabled/testing_802.1x
modules {
Module: Checking post-proxy {...} for more modules to load
} # modules
} # server
server acct_aggregator { # from file /etc/raddb/sites-enabled/acct_aggregator
modules {
Module: Checking accounting {...} for more modules to load
} # modules
} # server
server tbb_802.1x-server-auth { # from file /etc/raddb/sites-enabled/802.1x-server
modules {
Module: Checking post-proxy {...} for more modules to load
} # modules
} # server
server tbb_802.1x-server-acct { # from file /etc/raddb/sites-enabled/802.1x-server
modules {
Module: Checking accounting {...} for more modules to load
Module: Loading virtual module set_customer_info_vsa
Module: Loading virtual module proxy_to_mis
Module: Loading virtual module log_packet
Module: Loading virtual module set_class_with_parental_control_csfid
Module: Loading virtual module proxy_to_iptracker
Module: Loading virtual module set_customer_info_vsa
Module: Loading virtual module proxy_to_mis
Module: Loading virtual module log_packet
Module: Loading virtual module set_class_with_parental_control_csfid
Module: Loading virtual module proxy_to_iptracker
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/var/run/radiusd/radiusd.sock"
mode = "rw"
}
}
listen {
type = "detail"
listen {
filename = "/var/log/radius/radacct/wifi-roam/*"
load_factor = 10
poll_interval = 1
retry_interval = 30
}
}
listen {
type = "detail"
listen {
filename = "/var/log/radius/radacct/iptracker/*"
load_factor = 10
poll_interval = 1
retry_interval = 30
}
}
listen {
type = "detail"
listen {
filename = "/var/log/radius/radacct/consulate/*"
load_factor = 10
poll_interval = 1
retry_interval = 30
}
}
listen {
type = "detail"
listen {
filename = "/var/log/radius/radacct/relay-wlc-mis-acct/*"
load_factor = 10
poll_interval = 1
retry_interval = 30
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
listen {
type = "detail"
listen {
filename = "/var/log/radius/radacct/relay-acct/*"
load_factor = 10
poll_interval = 1
retry_interval = 30
}
}
... adding new socket proxy address * port 51816
... adding new socket proxy address * port 35812
... adding new socket proxy address * port 49773
... adding new socket proxy address * port 35902
... adding new socket proxy address * port 53673
... adding new socket proxy address * port 56106
... adding new socket proxy address * port 44312
... adding new socket proxy address * port 36881
... adding new socket proxy address * port 57465
... adding new socket proxy address * port 57482
... adding new socket proxy address * port 52562
... adding new socket proxy address * port 54724
... adding new socket proxy address * port 52919
... adding new socket proxy address * port 33010
... adding new socket proxy address * port 36902
... adding new socket proxy address * port 34021
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on detail file /var/log/radius/radacct/wifi-roam/* as server acct_wifi-roam
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.000000 sec
Listening on detail file /var/log/radius/radacct/iptracker/* as server acct_iptracker
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.000000 sec
Listening on detail file /var/log/radius/radacct/consulate/* as server acct_consulate
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.000000 sec
Listening on detail file /var/log/radius/radacct/relay-wlc-mis-acct/* as server acct_aggregator_wlc
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.000000 sec
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on detail file /var/log/radius/radacct/relay-acct/* as server acct_aggregator
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.000000 sec
Listening on proxy address * port 1814
Waking up in 0.9 seconds.
Ignoring request to accounting address * port 1813 from unknown client 192.168.210.119 port 15584
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.762087 sec
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.184472 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.968853 sec
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.196113 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.159930 sec
Waking up in 0.7 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.910616 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.090084 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.047471 sec
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.791355 sec
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.934825 sec
Waking up in 0.4 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.133416 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.880455 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.024520 sec
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.998717 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.876140 sec
Waking up in 0.5 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.095130 sec
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.761203 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.897342 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.203089 sec
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.987794 sec
Waking up in 0.4 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.171263 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.859814 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.103368 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.165571 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.959404 sec
Waking up in 0.4 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.179172 sec
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.169633 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.055037 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.804247 sec
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.884002 sec
Waking up in 0.6 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.101099 sec
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.827031 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.049407 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.844278 sec
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.936085 sec
Waking up in 0.6 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.962783 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.763935 sec
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.849558 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.816061 sec
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.158354 sec
Waking up in 0.6 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.795744 sec
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.016506 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.026287 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.866814 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.841071 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.119251 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.887604 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.814666 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.924802 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.178640 sec
Waking up in 0.4 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.806821 sec
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.213465 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.169523 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.870682 sec
Waking up in 0.4 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.864038 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.781469 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.765307 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.938362 sec
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.203898 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.778849 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.939067 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.095710 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.837704 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.888245 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.050866 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.247675 sec
Waking up in 0.4 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.968173 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.930630 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.120660 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.870914 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.163044 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.803467 sec
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.007536 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.762546 sec
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.183909 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.118080 sec
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=92, length=298
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020100150170617373706f696e742f61647269616e
Message-Authenticator = 0xdce173614585eee51e3f391f5272dbca
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 0: Preceding "if" was taken
[eap] EAP packet type response id 1 length 21
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...}
+++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) )
? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE
??? Skipping (User-Name >= '0234081219003212' )
??? Skipping (User-Name < '0234081219003215')
??? Skipping (User-Name >= '1234081219003212' )
??? Skipping (User-Name < '1234081219003215')
+++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE
++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 92 to 192.168.70.22 port 21652
EAP-Message = 0x01020016041084b12e630735452cd5eb22349496369d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x69a2611669a065fbab376a297e7dc1fa
Finished request 0.
Going to the next request
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=93, length=301
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020200060315
State = 0x69a2611669a065fbab376a297e7dc1fa
Message-Authenticator = 0x74934585fb3c792bcfa76eb4d1fa8fac
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 1: Preceding "if" was taken
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...}
+++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) )
? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE
??? Skipping (User-Name >= '0234081219003212' )
??? Skipping (User-Name < '0234081219003215')
??? Skipping (User-Name >= '1234081219003212' )
??? Skipping (User-Name < '1234081219003215')
+++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE
++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/ttls
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 93 to 192.168.70.22 port 21652
EAP-Message = 0x010300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x69a2611668a174fbab376a297e7dc1fa
Finished request 1.
Going to the next request
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=94, length=422
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x0203007f15800000007516030100700100006c0301593fb27d0543bff4106d055f6c72e468ba33ead96239fee54ab3c41fcc41727500002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000
State = 0x69a2611668a174fbab376a297e7dc1fa
Message-Authenticator = 0xfd37c07fad4424f3cb1f6600d6d971fd
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 2: Preceding "if" was taken
[eap] EAP packet type response id 3 length 127
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 117
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 0070], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 085e], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 94 to 192.168.70.22 port 21652
EAP-Message = 0x0104040015c0000008a216030100310200002d0301593fb253915b26746a88ec852836e50cbb23e4eace6110dd23f3f36e2185c9a3000035000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175
EAP-Message = 0x74686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b371e076b9340e282c6e1cf5c7f590455edd0fd3a687ce88156a2b9a50c6bbb66b6faffddc57708681a1674f3ab015da579681f9d90bf7
EAP-Message = 0xd1330c7ac1c7b7874052c6c2bcca7ecbc91594cc9a604d2f2b797305601b8eeff38552d3f16ae0b91d1b2b030da5502a542a9048540d7b33010fbe20d41944be461f594c2cce0e3fb50317af8e5aae7a3a6736b563578ef69a53c2d76a1ba30e05ed164b8a6ad8176027bf441a896408f36e03c63e882efa495adcd55f4a5718afc237414efe3b25782b535c64ed95b829e372f142df1a6a36d50701d259362fedbbeabbd224332c69121a08406a746330fb2c1d142c154e70396141b72730e4a75f9e991407257f030203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101006dfa
EAP-Message = 0x5e04b81b2ffdeffb1f3f69247b47e419fe62e7ac89540cd2085ce6788ad8bd21b5bd1e522cbe0600ebce7160f0ac20d8ce5a2260332dd3771926f66fb5ce67da8f234cf3d134077337bd0c702c6c30348515804c21b78698585c565d27d083558d117883502e091eaf14192e8b8968ba76a058da7e7216ea651fa7bfdfcef58f529f322e4ac8470d2b39d6ff44ff5c6537cd395ab2db31274806b6d3cae72cf6402b688ba0b1a88177ed1437f85f29272468cfea3d9cd8bad0987409665081059d869bea56f6f5532603a5e5bfd9a60d9c86a0fc509c5aa88bba6aca64d6c4c613ceca414c8cb1b8c90c93f2a808f2010ad6ff18001b103ebff52b3cfe
EAP-Message = 0x360004ab308204a73082038f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x69a261166ba674fbab376a297e7dc1fa
Finished request 2.
Going to the next request
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.838692 sec
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=95, length=301
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020400061500
State = 0x69a261166ba674fbab376a297e7dc1fa
Message-Authenticator = 0x7aa62ceaa5cd777c0d17ca355e54fef6
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 3: Preceding "if" was taken
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 95 to 192.168.70.22 port 21652
EAP-Message = 0x0105040015c0000008a2a003020102020900fd65661b682c5e78300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a308193310b3009060355040613024652310f300d06035504081306526164
EAP-Message = 0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ee3c2ba8f85aeccc234f9f45096a92322fa364d02f7f15a9592ab47d52ad5986a9fbf9180db38c1af8eb224cd6fe6679e0d7e0648a55a300a47230a0484060db26f903ea9051bb7d3cc7f76a8724cf06872cc63f936368643acdf0a4d4a05c8ac709d55b
EAP-Message = 0x3b05244b648c04e99a459b9d8acc97bdbfe10e012fd54d4a4ffe6e23eb8a91d2863405e2f6dfb6d105d1277ebe4b834fefec0fcb5c84de23f41da805493e3ac6b29ade601a3891f995b741df4319feba99c44ef6f1c15d58bcb14be3af7cc25e60e4580b835a9d35699294e1ef7326f8eae174cb5576ec182ad7ff75441e92bfc695366edb74035d315a0c0d4de88aaeae5a7b96a43449db6ecc28a50203010001a381fb3081f8301d0603551d0e04160414148539189e922627c55b7d1c5c83d4e2143cd8453081c80603551d230481c03081bd8014148539189e922627c55b7d1c5c83d4e2143cd845a18199a48196308193310b3009060355040613
EAP-Message = 0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900fd65661b682c5e78300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100dc740339a8b23806ed73149bc8dea84d031846f478fddb33fd69758358091fc3589fb6315d325b24eaf3bc83525c81c3043e0ef2f64be3e68df936d299c8e36e1eb0aa529d7252
EAP-Message = 0xadc89de309a2b64b03db41c5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x69a261166aa774fbab376a297e7dc1fa
Finished request 3.
Going to the next request
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.917240 sec
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=96, length=301
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020500061500
State = 0x69a261166aa774fbab376a297e7dc1fa
Message-Authenticator = 0x72271a5a20f083cb1ac844a149d3e1bd
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 4: Preceding "if" was taken
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 96 to 192.168.70.22 port 21652
EAP-Message = 0x010600c01580000008a2b5f52cd563f8b30d8cf1a81f9b88a0635659f6da57ffac9851e7a2d5541878f14ffd640011ed52fe5884fa34d2a8f793bbcabc9d415b656a54bf93317216dfb5df372942a7ec23d4adf37114088858a21b35886a08df05448cce7bdfecf2201788c350466387cc8391cb547efa8feacfd34e3da7ffbfee827d66c5476756bd1540dd6af11cdf8a8d96384e7a4bb6aa9f8ea07cf211bfa7e45bc81529eaaf76108bad0a14bef793a29f4b15a64716030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x69a261166da474fbab376a297e7dc1fa
Finished request 4.
Going to the next request
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=97, length=633
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020601501580000001461603010106100001020100a3a6fc81ed5db338b094fc36d60260c21f7d25f0b3ca016ec64cae258aff16375caa4e600c3ca12d3a955c992d447a3aeda5e61a2c96c809084d2f98ea094fb4367594ecdc54659ec61117e10d86ec36121332876b932d4845d14763dd8efafdcb60bf570db90f509bf4b22dcbad841af192945427c39e085b70738438f3942aa25fdd524189bdd40c1b241f1b9bb8073cbfacef6c241e7e3b1979604c0d97957c92d44e41ee9af64fbff6269bae9bcde3bb8c0f8c82bd110ed29e6798a39678b5c36d7c583b219f92d30e4db7cb407f6520642768cf56198a5f729798a7a2cc0a48e61a3af826c3
EAP-Message = 0x36639897c11875370386fab261580f84474d26e7b5092ddd1403010001011603010030eaaac2eb818252a3144bdac118efede1100277e235494f8179796375b3c2c7f532eb1aebe8285f30910986b8a397e150
State = 0x69a261166da474fbab376a297e7dc1fa
Message-Authenticator = 0x91105ccbf2c6132fefea1c979f1cd27d
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 5: Preceding "if" was taken
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 326
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[ttls] TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 write finished A
[ttls] TLS_accept: SSLv3 flush data
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 97 to 192.168.70.22 port 21652
EAP-Message = 0x0107004515800000003b1403010001011603010030c3583d7653c71743721a01e1ce855489d7307206046d7da4c754168362027679b16fd21c3a5e3012289826cb3ec5b27e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x69a261166ca574fbab376a297e7dc1fa
Finished request 5.
Going to the next request
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=98, length=454
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x0207009f15800000009517030100901b0641cc4dd8cf820d4d8f862f22643fd2a7a1073e85497d35540626380ca09415650a2780711204909f665b28cca0a19354416693547b047cade705c6d83cf4e50e3441b6abb284a09b405f31db48c3f6ee43fed65e65e2e865079da3aec3a74a37d1fc02943c80663b11124fb0895e05c07b75b2d04ac70a28fe0863ebd4efd1898d813a8f0cdee906488235a0ccc3
State = 0x69a261166ca574fbab376a297e7dc1fa
Message-Authenticator = 0xf33714776f1fd97f16730136f7ac668f
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 6: Preceding "if" was taken
[eap] EAP packet type response id 7 length 159
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 149
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
User-Name = "passpoint/adrian"
MS-CHAP-Challenge = 0xba956d6414cbada455e28df890856b4c
MS-CHAP2-Response = 0xc0000a3cf94104027b86e5abeefb6cf2bd9d000000000000000032c8458f9484d3fab8b6160a01d0aedfafe6364504932a2a
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
User-Name = "passpoint/adrian"
MS-CHAP-Challenge = 0xba956d6414cbada455e28df890856b4c
MS-CHAP2-Response = 0xc0000a3cf94104027b86e5abeefb6cf2bd9d000000000000000032c8458f9484d3fab8b6160a01d0aedfafe6364504932a2a
FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
[suffix] Request already proxied. Ignoring.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
[ttls] Got tunneled reply code 0
[ttls] Tunneled authentication will be proxied to passpoint
[eap] Tunneled session will be proxied. Not doing EAP.
++[eap] returns handled
WARNING: Cancelling proxy to Realm LOCAL, as the realm is local.
There was no response configured: rejecting request 6
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" )
? Evaluating (Realm == "8021x:BTRCon" ) -> FALSE
? Evaluating (Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE
++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE
[attr_filter.access_reject] expand: %{User-Name} -> passpoint/adrian
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 6 for 1 seconds
Going to the next request
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.957823 sec
Waking up in 0.4 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.871929 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.134881 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.069443 sec
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.244343 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.764676 sec
Sending delayed reject for request 6
Sending Access-Reject of id 98 to 192.168.70.22 port 21652
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.794117 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.103433 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.098922 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.156253 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.965056 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.042876 sec
Waking up in 0.6 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.955702 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.020365 sec
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.007534 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.828720 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.750868 sec
Waking up in 0.5 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.149131 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.191976 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.964907 sec
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.901226 sec
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.247231 sec
Waking up in 0.6 seconds.
Cleaning up request 0 ID 92 with timestamp +15
Cleaning up request 1 ID 93 with timestamp +15
Cleaning up request 2 ID 94 with timestamp +15
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.750784 sec
Cleaning up request 3 ID 95 with timestamp +16
Cleaning up request 4 ID 96 with timestamp +16
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.052604 sec
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.149995 sec
Cleaning up request 5 ID 97 with timestamp +16
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.804373 sec
Waking up in 0.2 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=99, length=298
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020100150170617373706f696e742f61647269616e
Message-Authenticator = 0x206af0d737136bdb9c5aa6656b1d11e4
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 7: Preceding "if" was taken
[eap] EAP packet type response id 1 length 21
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...}
+++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) )
? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE
??? Skipping (User-Name >= '0234081219003212' )
??? Skipping (User-Name < '0234081219003215')
??? Skipping (User-Name >= '1234081219003212' )
??? Skipping (User-Name < '1234081219003215')
+++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE
++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 99 to 192.168.70.22 port 21652
EAP-Message = 0x0102001604105c300e63c8ec3c399d7c7a04e7aa3ed8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8acd71128acf75d0313964ead8c014bc
Finished request 7.
Going to the next request
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=100, length=301
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020200060315
State = 0x8acd71128acf75d0313964ead8c014bc
Message-Authenticator = 0xf6b8bdd0867e9ce4a330f36ed2e6966c
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 8: Preceding "if" was taken
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...}
+++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) )
? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE
??? Skipping (User-Name >= '0234081219003212' )
??? Skipping (User-Name < '0234081219003215')
??? Skipping (User-Name >= '1234081219003212' )
??? Skipping (User-Name < '1234081219003215')
+++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE
++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/ttls
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 100 to 192.168.70.22 port 21652
EAP-Message = 0x010300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8acd71128bce64d0313964ead8c014bc
Finished request 8.
Going to the next request
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.973939 sec
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=101, length=422
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x0203007f15800000007516030100700100006c0301593fb282bd583ebe6c01b0889edda2ca0fd75b0abf504762bff57eae4b55981800002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000
State = 0x8acd71128bce64d0313964ead8c014bc
Message-Authenticator = 0xea79054cf335166262e4264c39b055b0
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 9: Preceding "if" was taken
[eap] EAP packet type response id 3 length 127
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 117
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 0070], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 085e], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 101 to 192.168.70.22 port 21652
EAP-Message = 0x0104040015c0000008a216030100310200002d0301593fb2593c06266c34a51b62b1d48acae97bf00962e144b89cefc30255cc73fe000035000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175
EAP-Message = 0x74686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b371e076b9340e282c6e1cf5c7f590455edd0fd3a687ce88156a2b9a50c6bbb66b6faffddc57708681a1674f3ab015da579681f9d90bf7
EAP-Message = 0xd1330c7ac1c7b7874052c6c2bcca7ecbc91594cc9a604d2f2b797305601b8eeff38552d3f16ae0b91d1b2b030da5502a542a9048540d7b33010fbe20d41944be461f594c2cce0e3fb50317af8e5aae7a3a6736b563578ef69a53c2d76a1ba30e05ed164b8a6ad8176027bf441a896408f36e03c63e882efa495adcd55f4a5718afc237414efe3b25782b535c64ed95b829e372f142df1a6a36d50701d259362fedbbeabbd224332c69121a08406a746330fb2c1d142c154e70396141b72730e4a75f9e991407257f030203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101006dfa
EAP-Message = 0x5e04b81b2ffdeffb1f3f69247b47e419fe62e7ac89540cd2085ce6788ad8bd21b5bd1e522cbe0600ebce7160f0ac20d8ce5a2260332dd3771926f66fb5ce67da8f234cf3d134077337bd0c702c6c30348515804c21b78698585c565d27d083558d117883502e091eaf14192e8b8968ba76a058da7e7216ea651fa7bfdfcef58f529f322e4ac8470d2b39d6ff44ff5c6537cd395ab2db31274806b6d3cae72cf6402b688ba0b1a88177ed1437f85f29272468cfea3d9cd8bad0987409665081059d869bea56f6f5532603a5e5bfd9a60d9c86a0fc509c5aa88bba6aca64d6c4c613ceca414c8cb1b8c90c93f2a808f2010ad6ff18001b103ebff52b3cfe
EAP-Message = 0x360004ab308204a73082038f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8acd711288c964d0313964ead8c014bc
Finished request 9.
Going to the next request
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=102, length=301
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020400061500
State = 0x8acd711288c964d0313964ead8c014bc
Message-Authenticator = 0x893622df889ca2eb0c194e208e7a14ad
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 10: Preceding "if" was taken
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 102 to 192.168.70.22 port 21652
EAP-Message = 0x0105040015c0000008a2a003020102020900fd65661b682c5e78300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a308193310b3009060355040613024652310f300d06035504081306526164
EAP-Message = 0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ee3c2ba8f85aeccc234f9f45096a92322fa364d02f7f15a9592ab47d52ad5986a9fbf9180db38c1af8eb224cd6fe6679e0d7e0648a55a300a47230a0484060db26f903ea9051bb7d3cc7f76a8724cf06872cc63f936368643acdf0a4d4a05c8ac709d55b
EAP-Message = 0x3b05244b648c04e99a459b9d8acc97bdbfe10e012fd54d4a4ffe6e23eb8a91d2863405e2f6dfb6d105d1277ebe4b834fefec0fcb5c84de23f41da805493e3ac6b29ade601a3891f995b741df4319feba99c44ef6f1c15d58bcb14be3af7cc25e60e4580b835a9d35699294e1ef7326f8eae174cb5576ec182ad7ff75441e92bfc695366edb74035d315a0c0d4de88aaeae5a7b96a43449db6ecc28a50203010001a381fb3081f8301d0603551d0e04160414148539189e922627c55b7d1c5c83d4e2143cd8453081c80603551d230481c03081bd8014148539189e922627c55b7d1c5c83d4e2143cd845a18199a48196308193310b3009060355040613
EAP-Message = 0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900fd65661b682c5e78300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100dc740339a8b23806ed73149bc8dea84d031846f478fddb33fd69758358091fc3589fb6315d325b24eaf3bc83525c81c3043e0ef2f64be3e68df936d299c8e36e1eb0aa529d7252
EAP-Message = 0xadc89de309a2b64b03db41c5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8acd711289c864d0313964ead8c014bc
Finished request 10.
Going to the next request
Waking up in 0.2 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=103, length=301
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020500061500
State = 0x8acd711289c864d0313964ead8c014bc
Message-Authenticator = 0x6846920d72f185205389d9cc018324d4
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 11: Preceding "if" was taken
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 103 to 192.168.70.22 port 21652
EAP-Message = 0x010600c01580000008a2b5f52cd563f8b30d8cf1a81f9b88a0635659f6da57ffac9851e7a2d5541878f14ffd640011ed52fe5884fa34d2a8f793bbcabc9d415b656a54bf93317216dfb5df372942a7ec23d4adf37114088858a21b35886a08df05448cce7bdfecf2201788c350466387cc8391cb547efa8feacfd34e3da7ffbfee827d66c5476756bd1540dd6af11cdf8a8d96384e7a4bb6aa9f8ea07cf211bfa7e45bc81529eaaf76108bad0a14bef793a29f4b15a64716030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8acd71128ecb64d0313964ead8c014bc
Finished request 11.
Going to the next request
Waking up in 0.2 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=104, length=633
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x0206015015800000014616030101061000010201008e4dfe01161ae76fb73ca9884839b33e61a1f6d59c3881c01fa95d4c0f97b9fdca0c798d5421003fdc1e4bf27c8a4403d411a3ab5ef86dcc85cc0da58755b87ad6004b14e3abe1e51c60ed309b85ae5364df097153cc1898b63114ffb7033d70a1183a6c5e71202513b192761ab124217061659d08977dc216c81577264fe80b0d4998b8975bc84098dd0eedbb200d311c438beb405cf9a0742843de0009348fc9b43b5e28ad9aafa3ddee5a54da6d5acf3bc300c77d0555b0423dbf3dae52b018f7a10edd4bbbdfc798de68f72f65b8567005fd712e65e21940fa02b644d5c1c9309e2408008058
EAP-Message = 0x016b3d01fe35da4088bb101c1cb9180d513d497a9ce967611403010001011603010030a9e4f3711a6d319dcaed146aa81f6be008b906da6f3b09a4ab8c8999fd1c475b96e5d4fab2b1b1ac6f6ec93488076ce7
State = 0x8acd71128ecb64d0313964ead8c014bc
Message-Authenticator = 0x5090eaa217243f73702f3f0d9b1ceb6a
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 12: Preceding "if" was taken
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 326
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[ttls] TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 write finished A
[ttls] TLS_accept: SSLv3 flush data
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 104 to 192.168.70.22 port 21652
EAP-Message = 0x0107004515800000003b14030100010116030100305ce3efeda48c2870b6488e33cb240e83af43d61daa7853b1cfadc94d068f16aefe45637723e6d1a057057e871abf3911
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8acd71128fca64d0313964ead8c014bc
Finished request 12.
Going to the next request
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=105, length=454
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x0207009f15800000009517030100903c067027f79e1d7700547201d5b1d9df8e011ff874f5475cc1cd6d861ef8719ff3556e9192baf4e5978592e39a8fae52b8b80b98a318fa9dc90a8b6963973d12bcf376602cc949f7f9e414b5889c85b82c8c91b4aab71d89b740c14a01859f3759b4d71434c3f1810e14db56fd71f19a564f4950c7e550635b9e86c858d405a52dfc1f8b3a90808d51b1f6689d4e565f
State = 0x8acd71128fca64d0313964ead8c014bc
Message-Authenticator = 0x132c2a4018ee0c4625b62371e33eb00e
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 13: Preceding "if" was taken
[eap] EAP packet type response id 7 length 159
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 149
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
User-Name = "passpoint/adrian"
MS-CHAP-Challenge = 0xe37bb3a315466bfb6af06a0999eb9fa1
MS-CHAP2-Response = 0xf5004a5b3e7fd8d8cc045ffc5ef564af4f07000000000000000094112ef25226f191fca68d32c48212eb88e757d99272ca9c
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
User-Name = "passpoint/adrian"
MS-CHAP-Challenge = 0xe37bb3a315466bfb6af06a0999eb9fa1
MS-CHAP2-Response = 0xf5004a5b3e7fd8d8cc045ffc5ef564af4f07000000000000000094112ef25226f191fca68d32c48212eb88e757d99272ca9c
FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
[suffix] Request already proxied. Ignoring.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
[ttls] Got tunneled reply code 0
[ttls] Tunneled authentication will be proxied to passpoint
[eap] Tunneled session will be proxied. Not doing EAP.
++[eap] returns handled
WARNING: Cancelling proxy to Realm LOCAL, as the realm is local.
There was no response configured: rejecting request 13
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" )
? Evaluating (Realm == "8021x:BTRCon" ) -> FALSE
? Evaluating (Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE
++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE
[attr_filter.access_reject] expand: %{User-Name} -> passpoint/adrian
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 13 for 1 seconds
Going to the next request
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.813461 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.829886 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.033527 sec
Cleaning up request 6 ID 98 with timestamp +16
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.777113 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.940748 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.817344 sec
Sending delayed reject for request 13
Sending Access-Reject of id 105 to 192.168.70.22 port 21652
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.027554 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.793098 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.858643 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.974457 sec
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.152280 sec
Waking up in 0.4 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.105497 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.794828 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.810880 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.007277 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.095163 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.132496 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.028052 sec
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.823217 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.880446 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.799977 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.069586 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.786498 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 0.957779 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.033822 sec
Waking up in 0.1 seconds.
Cleaning up request 7 ID 99 with timestamp +21
Cleaning up request 8 ID 100 with timestamp +21
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.173967 sec
Cleaning up request 9 ID 101 with timestamp +21
Cleaning up request 10 ID 102 with timestamp +21
Cleaning up request 11 ID 103 with timestamp +21
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.971243 sec
Cleaning up request 12 ID 104 with timestamp +21
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.185601 sec
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.797453 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.876348 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.230513 sec
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.767555 sec
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.096276 sec
Cleaning up request 13 ID 105 with timestamp +21
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.031048 sec
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.863706 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.985683 sec
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=106, length=298
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020100150170617373706f696e742f61647269616e
Message-Authenticator = 0x94789caf32bd0646c47dad46ac458da0
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 14: Preceding "if" was taken
[eap] EAP packet type response id 1 length 21
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...}
+++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) )
? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE
??? Skipping (User-Name >= '0234081219003212' )
??? Skipping (User-Name < '0234081219003215')
??? Skipping (User-Name >= '1234081219003212' )
??? Skipping (User-Name < '1234081219003215')
+++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE
++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 106 to 192.168.70.22 port 21652
EAP-Message = 0x0102001604102a24918f38f84fc915d96251dad983cd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x55de78a955dc7ca410ead8eb71766904
Finished request 14.
Going to the next request
Waking up in 0.2 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=107, length=301
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020200060315
State = 0x55de78a955dc7ca410ead8eb71766904
Message-Authenticator = 0x1740934a4dc11a2b4bc38f4b251ac980
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 15: Preceding "if" was taken
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
++- entering policy update_proxy_realm_for_wifi_roam_ee_traffic {...}
+++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) )
? Evaluating (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" ) -> FALSE
??? Skipping (User-Name >= '0234081219003212' )
??? Skipping (User-Name < '0234081219003215')
??? Skipping (User-Name >= '1234081219003212' )
??? Skipping (User-Name < '1234081219003215')
+++? if (Realm == "wlan.mnc008.mcc234.3gppnetwork.org" && ( (User-Name >= '0234081219003212' && User-Name < '0234081219003215') || (User-Name >= '1234081219003212' && User-Name < '1234081219003215') ) ) -> FALSE
++- policy update_proxy_realm_for_wifi_roam_ee_traffic returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/ttls
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 107 to 192.168.70.22 port 21652
EAP-Message = 0x010300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x55de78a954dd6da410ead8eb71766904
Finished request 15.
Going to the next request
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=108, length=422
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x0203007f15800000007516030100700100006c0301593fb289e7e9e013f7728e134357e7453c6f8f914faee52a8e970257d3f0f27f00002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000
State = 0x55de78a954dd6da410ead8eb71766904
Message-Authenticator = 0x61679bd7c65dca909186eef34fbfee15
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 16: Preceding "if" was taken
[eap] EAP packet type response id 3 length 127
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 117
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 0070], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 085e], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 108 to 192.168.70.22 port 21652
EAP-Message = 0x0104040015c0000008a216030100310200002d0301593fb26026d0dc41fdc3b0a887c6e0253595a794d810f424f680900ae9e2d4ed000035000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175
EAP-Message = 0x74686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b371e076b9340e282c6e1cf5c7f590455edd0fd3a687ce88156a2b9a50c6bbb66b6faffddc57708681a1674f3ab015da579681f9d90bf7
EAP-Message = 0xd1330c7ac1c7b7874052c6c2bcca7ecbc91594cc9a604d2f2b797305601b8eeff38552d3f16ae0b91d1b2b030da5502a542a9048540d7b33010fbe20d41944be461f594c2cce0e3fb50317af8e5aae7a3a6736b563578ef69a53c2d76a1ba30e05ed164b8a6ad8176027bf441a896408f36e03c63e882efa495adcd55f4a5718afc237414efe3b25782b535c64ed95b829e372f142df1a6a36d50701d259362fedbbeabbd224332c69121a08406a746330fb2c1d142c154e70396141b72730e4a75f9e991407257f030203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101006dfa
EAP-Message = 0x5e04b81b2ffdeffb1f3f69247b47e419fe62e7ac89540cd2085ce6788ad8bd21b5bd1e522cbe0600ebce7160f0ac20d8ce5a2260332dd3771926f66fb5ce67da8f234cf3d134077337bd0c702c6c30348515804c21b78698585c565d27d083558d117883502e091eaf14192e8b8968ba76a058da7e7216ea651fa7bfdfcef58f529f322e4ac8470d2b39d6ff44ff5c6537cd395ab2db31274806b6d3cae72cf6402b688ba0b1a88177ed1437f85f29272468cfea3d9cd8bad0987409665081059d869bea56f6f5532603a5e5bfd9a60d9c86a0fc509c5aa88bba6aca64d6c4c613ceca414c8cb1b8c90c93f2a808f2010ad6ff18001b103ebff52b3cfe
EAP-Message = 0x360004ab308204a73082038f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x55de78a957da6da410ead8eb71766904
Finished request 16.
Going to the next request
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=109, length=301
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020400061500
State = 0x55de78a957da6da410ead8eb71766904
Message-Authenticator = 0xce53084dd64cf4cf21a03e145405f088
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 17: Preceding "if" was taken
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 109 to 192.168.70.22 port 21652
EAP-Message = 0x0105040015c0000008a2a003020102020900fd65661b682c5e78300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303431393038303834335a170d3137303631383038303834335a308193310b3009060355040613024652310f300d06035504081306526164
EAP-Message = 0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ee3c2ba8f85aeccc234f9f45096a92322fa364d02f7f15a9592ab47d52ad5986a9fbf9180db38c1af8eb224cd6fe6679e0d7e0648a55a300a47230a0484060db26f903ea9051bb7d3cc7f76a8724cf06872cc63f936368643acdf0a4d4a05c8ac709d55b
EAP-Message = 0x3b05244b648c04e99a459b9d8acc97bdbfe10e012fd54d4a4ffe6e23eb8a91d2863405e2f6dfb6d105d1277ebe4b834fefec0fcb5c84de23f41da805493e3ac6b29ade601a3891f995b741df4319feba99c44ef6f1c15d58bcb14be3af7cc25e60e4580b835a9d35699294e1ef7326f8eae174cb5576ec182ad7ff75441e92bfc695366edb74035d315a0c0d4de88aaeae5a7b96a43449db6ecc28a50203010001a381fb3081f8301d0603551d0e04160414148539189e922627c55b7d1c5c83d4e2143cd8453081c80603551d230481c03081bd8014148539189e922627c55b7d1c5c83d4e2143cd845a18199a48196308193310b3009060355040613
EAP-Message = 0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900fd65661b682c5e78300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100dc740339a8b23806ed73149bc8dea84d031846f478fddb33fd69758358091fc3589fb6315d325b24eaf3bc83525c81c3043e0ef2f64be3e68df936d299c8e36e1eb0aa529d7252
EAP-Message = 0xadc89de309a2b64b03db41c5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x55de78a956db6da410ead8eb71766904
Finished request 17.
Going to the next request
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=110, length=301
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020500061500
State = 0x55de78a956db6da410ead8eb71766904
Message-Authenticator = 0x38f164964fda41ea99ab94411a9b4bca
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 18: Preceding "if" was taken
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 110 to 192.168.70.22 port 21652
EAP-Message = 0x010600c01580000008a2b5f52cd563f8b30d8cf1a81f9b88a0635659f6da57ffac9851e7a2d5541878f14ffd640011ed52fe5884fa34d2a8f793bbcabc9d415b656a54bf93317216dfb5df372942a7ec23d4adf37114088858a21b35886a08df05448cce7bdfecf2201788c350466387cc8391cb547efa8feacfd34e3da7ffbfee827d66c5476756bd1540dd6af11cdf8a8d96384e7a4bb6aa9f8ea07cf211bfa7e45bc81529eaaf76108bad0a14bef793a29f4b15a64716030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x55de78a951d86da410ead8eb71766904
Finished request 18.
Going to the next request
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.944075 sec
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=111, length=633
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x020601501580000001461603010106100001020100151070a791def4c9ce6aa9a210936cbcb19c16c64c200cb65b77b3136edc93ed6947fa08a2614c50d82fb9a01bc1d052e9774a62df04d1e2026eb56a9697230406687c9d9501bb575c82efb13b81028bc8162393fd0f19c5a0a8c9bfb45cf24d7432a52131e2a3baa5be4b783970b14c172151f79688680362429dc358f6256412c81a5c0724719585ef225e1745f0a42c0c3b9d41f74762a1b90844a115f8fd4dc4e59ff2a22f79b3db63d781d08a0d7d2d1f9e91dfc4bbf6fecc3c80b6b5ac2afa5a9313a2b324ca97f5ee378ea606ef98806c76d616fcb4c919e3c5b61b80d3ab90d97dd08725
EAP-Message = 0x080804f3bb3f21200042c1641a82740587c2a9be41de2e111403010001011603010030e93d2b879d132fb31e807571b5cc758b972225ef97f0af291e24c3adb8f435201d65e18a461386a17ec47568ea05925c
State = 0x55de78a951d86da410ead8eb71766904
Message-Authenticator = 0x13372cc3426516ef77c5bf272f5d1b42
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 19: Preceding "if" was taken
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 326
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[ttls] TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 write finished A
[ttls] TLS_accept: SSLv3 flush data
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 111 to 192.168.70.22 port 21652
EAP-Message = 0x0107004515800000003b14030100010116030100309c222ec982006809790a9c2919d10a2f1b2565b8bc96b5ff2e5553bdb41340a1e1682a5234747b218e42c4c4e579d35b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x55de78a950d96da410ead8eb71766904
Finished request 19.
Going to the next request
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.129376 sec
Waking up in 0.2 seconds.
rad_recv: Access-Request packet from host 192.168.70.22 port 21652, id=112, length=454
User-Name = "passpoint/adrian"
Chargeable-User-Identity = ""
Operator-Name = "11xTesting"
Location-Capable = Civix-Location
Calling-Station-Id = "54ea.a824.a00d"
Called-Station-Id = "TNK6-Adrian-01-Test"
NAS-Port = 4
Cisco-AVPair = "audit-session-id=850027d9000000cb7ab23f59"
Acct-Session-Id = "593fb27a/54:ea:a8:24:a0:0d/1180"
NAS-IP-Address = 10.150.48.2
NAS-Identifier = "baynard-cso-wlc02"
Airespace-Wlan-Id = 110
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1783"
EAP-Message = 0x0207009f1580000000951703010090bed3fef3622c94a55d4d20677b2056fe14578cb1ec6518795511c4f6092783cd3b97788fa8baf3fc68a8617d5c63e2ea04a7ad1eaf25e550c42a0d37fad6c07288aa8ebb8225b5a103d75729a0f8952087825d8497d6ddb40c435e225b5c2a960c50f281a0768a0c6baa9ec1e79281fe585ea06e3d0f3065ea499c3c33f60fac52636f9863e60fc3986e22545062c96c
State = 0x55de78a950d96da410ead8eb71766904
Message-Authenticator = 0xe5645ddc511b3c835037bcc2a8adfed5
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
++? if (Realm == 'passpoint')
? Evaluating (Realm == 'passpoint') -> TRUE
++? if (Realm == 'passpoint') -> TRUE
++- entering if (Realm == 'passpoint') {...}
+++[control] returns updated
++- if (Realm == 'passpoint') returns updated
++ ... skipping else for request 20: Preceding "if" was taken
[eap] EAP packet type response id 7 length 159
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 149
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
User-Name = "passpoint/adrian"
MS-CHAP-Challenge = 0xf1e8cc0e49325414b2f191350344d954
MS-CHAP2-Response = 0x0d00e349a94d15eb6b413a1795bd88effc1500000000000000000ba1f6b617ee509e5204bf9b3d832784867e0b1097474d2b
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
User-Name = "passpoint/adrian"
MS-CHAP-Challenge = 0xf1e8cc0e49325414b2f191350344d954
MS-CHAP2-Response = 0x0d00e349a94d15eb6b413a1795bd88effc1500000000000000000ba1f6b617ee509e5204bf9b3d832784867e0b1097474d2b
FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[IPASS] Looking up realm "passpoint" for User-Name = "passpoint/adrian"
[IPASS] Found realm "passpoint"
[IPASS] Adding Realm = "passpoint"
[IPASS] Proxying request from user adrian to realm passpoint
[IPASS] Preparing to proxy authentication request to realm "passpoint"
++[IPASS] returns updated
[suffix] Request already proxied. Ignoring.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
[ttls] Got tunneled reply code 0
[ttls] Tunneled authentication will be proxied to passpoint
[eap] Tunneled session will be proxied. Not doing EAP.
++[eap] returns handled
WARNING: Cancelling proxy to Realm LOCAL, as the realm is local.
There was no response configured: rejecting request 20
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" )
? Evaluating (Realm == "8021x:BTRCon" ) -> FALSE
? Evaluating (Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE
++? if (Realm == "8021x:BTRCon" || Realm == "wlan.mnc030.mcc234.3gppnetwork.org" ) -> FALSE
[attr_filter.access_reject] expand: %{User-Name} -> passpoint/adrian
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 20 for 1 seconds
Going to the next request
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.751837 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.243590 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.876885 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.762210 sec
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.239831 sec
Sending delayed reject for request 20
Sending Access-Reject of id 112 to 192.168.70.22 port 21652
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.931724 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.821277 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.215098 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.798647 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.972355 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.819912 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.142257 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.882873 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.174178 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.923319 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.796417 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 1.101806 sec
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 1.195755 sec
Waking up in 0.3 seconds.
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 0.836153 sec
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.201596 sec
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 1.172237 sec
Waking up in 0.5 seconds.
Polling for detail file /var/log/radius/radacct/relay-wlc-mis-acct/*
Detail listener /var/log/radius/radacct/relay-wlc-mis-acct/* state unopened signalled 0 waiting 0.949951 sec
Waking up in 0.2 seconds.
Polling for detail file /var/log/radius/radacct/iptracker/*
Detail listener /var/log/radius/radacct/iptracker/* state unopened signalled 0 waiting 0.780669 sec
Polling for detail file /var/log/radius/radacct/consulate/*
Detail listener /var/log/radius/radacct/consulate/* state unopened signalled 0 waiting 1.221639 sec
Cleaning up request 14 ID 106 with timestamp +28
Cleaning up request 15 ID 107 with timestamp +28
Cleaning up request 16 ID 108 with timestamp +28
Cleaning up request 17 ID 109 with timestamp +28
Cleaning up request 18 ID 110 with timestamp +28
Cleaning up request 19 ID 111 with timestamp +28
Waking up in 0.1 seconds.
Polling for detail file /var/log/radius/radacct/relay-acct/*
Detail listener /var/log/radius/radacct/relay-acct/* state unopened signalled 0 waiting 1.157646 sec
Polling for detail file /var/log/radius/radacct/wifi-roam/*
Detail listener /var/log/radius/radacct/wifi-roam/* state unopened signalled 0 waiting 0.933433 sec
Waking up in 0.2 seconds.
-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org] On Behalf Of Matthew Newton
Sent: 13 June 2017 10:24
To: FreeRadius users mailing list
Subject: RE: Terminate EAP-TTLS then proxy
On 13 June 2017 10:20:56 BST, adrian.p.smith at bt.com wrote:
>Ah sorry, here's the rest of it:
>
>[ttls] Got tunneled reply code 0
>[ttls] Tunneled authentication will be proxied to passpoint
>[eap] Tunneled session will be proxied. Not doing EAP.
>++[eap] returns handled
> WARNING: Cancelling proxy to Realm LOCAL, as the realm is local.
Look in proxy.conf. The 'passpoint' realm likely isn't configured correctly.
--
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list