EAP-FAST with FreeRADIUS 3.0.18

Sergio NNX sfhacker at hotmail.com
Mon Mar 4 17:16:50 CET 2019


>  <sigh>  I pushed a fix.

Thanks Alan.

That seems to fix it!



<snip>

Ready to process requests
(0) Received Access-Request Id 0 from 127.0.0.1:62244 to 0.0.0.0:1812 length 122
(0)   User-Name = "1234"
(0)   NAS-IP-Address = 127.0.0.1
(0)   Calling-Station-Id = "02-00-00-00-00-01"
(0)   Framed-MTU = 1400
(0)   NAS-Port-Type = Wireless-802.11
(0)   Service-Type = Framed-User
(0)   Connect-Info = "CONNECT 11Mbps 802.11b"
(0)   EAP-Message = 0x02e900090131323334
(0)   Message-Authenticator = 0x8862b1c49abc0f9646933a0c5bd925df
(0) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(0)   authorize {
(0)     policy filter_username {
(0)       if (&User-Name) {
(0)       if (&User-Name)  -> TRUE
(0)       if (&User-Name)  {
(0)         if (&User-Name =~ / /) {
(0)         if (&User-Name =~ / /)  -> FALSE
(0)         if (&User-Name =~ /@[^@]*@/ ) {
(0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(0)         if (&User-Name =~ /\.\./ ) {
(0)         if (&User-Name =~ /\.\./ )  -> FALSE
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(0)         if (&User-Name =~ /\.$/)  {
(0)         if (&User-Name =~ /\.$/)   -> FALSE
(0)         if (&User-Name =~ /@\./)  {
(0)         if (&User-Name =~ /@\./)   -> FALSE
(0)       } # if (&User-Name)  = notfound
(0)     } # policy filter_username = notfound
(0)     [preprocess] = ok
(0)     [chap] = noop
(0)     [mschap] = noop
(0)     [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "1234", looking up realm NULL
(0) suffix: No such realm "NULL"
(0)     [suffix] = noop
(0) eap: Peer sent EAP Response (code 2) ID 233 length 9
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0)     [eap] = ok
(0)   } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(0)   authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_md5 to process data
(0) eap_md5: Issuing MD5 Challenge
(0) eap: Sending EAP Request (code 1) ID 234 length 22
(0) eap: EAP session adding &reply:State = 0xb22431b3b2ce35db
(0)     [eap] = handled
(0)   } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(0)   Challenge { ... } # empty sub-section is ignored
(0) Sent Access-Challenge Id 0 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(0)   EAP-Message = 0x01ea001604101b80c0994cef15a0e2e3c889ab57c1fb
(0)   Message-Authenticator = 0x00000000000000000000000000000000
(0)   State = 0xb22431b3b2ce35db7f72bc3d985e2006
(0) Finished request
Waking up in 5.0 seconds.
(1) Received Access-Request Id 1 from 127.0.0.1:62244 to 0.0.0.0:1812 length 137
(1)   User-Name = "1234"
(1)   NAS-IP-Address = 127.0.0.1
(1)   Calling-Station-Id = "02-00-00-00-00-01"
(1)   Framed-MTU = 1400
(1)   NAS-Port-Type = Wireless-802.11
(1)   Service-Type = Framed-User
(1)   Connect-Info = "CONNECT 11Mbps 802.11b"
(1)   EAP-Message = 0x02ea0006032b
(1)   State = 0xb22431b3b2ce35db7f72bc3d985e2006
(1)   Message-Authenticator = 0x0d4078ec678e91427c5dcdea27f451ed
(1) session-state: No cached attributes
(1) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(1)   authorize {
(1)     policy filter_username {
(1)       if (&User-Name) {
(1)       if (&User-Name)  -> TRUE
(1)       if (&User-Name)  {
(1)         if (&User-Name =~ / /) {
(1)         if (&User-Name =~ / /)  -> FALSE
(1)         if (&User-Name =~ /@[^@]*@/ ) {
(1)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(1)         if (&User-Name =~ /\.\./ ) {
(1)         if (&User-Name =~ /\.\./ )  -> FALSE
(1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(1)         if (&User-Name =~ /\.$/)  {
(1)         if (&User-Name =~ /\.$/)   -> FALSE
(1)         if (&User-Name =~ /@\./)  {
(1)         if (&User-Name =~ /@\./)   -> FALSE
(1)       } # if (&User-Name)  = notfound
(1)     } # policy filter_username = notfound
(1)     [preprocess] = ok
(1)     [chap] = noop
(1)     [mschap] = noop
(1)     [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "1234", looking up realm NULL
(1) suffix: No such realm "NULL"
(1)     [suffix] = noop
(1) eap: Peer sent EAP Response (code 2) ID 234 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1)     [eap] = updated
(1)     [files] = noop
(1)     [expiration] = noop
(1)     [logintime] = noop
Not doing PAP as Auth-Type is already set.
(1)     [pap] = noop
(1)   } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(1)   authenticate {
(1) eap: Expiring EAP session with state 0xb22431b3b2ce35db
(1) eap: Finished EAP session with state 0xb22431b3b2ce35db
(1) eap: Previous EAP request found for state 0xb22431b3b2ce35db, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type FAST (43)
(1) eap: Calling submodule eap_fast to process data
(1) eap_fast: Initiating new TLS session
(1) eap_fast: Over-riding main cipher list with 'ALL:!EXPORT:!eNULL:!SSLv2:@SECLEVEL=0'
(1) eap: Sending EAP Request (code 1) ID 235 length 26
(1) eap: EAP session adding &reply:State = 0xb22431b3b3cf1adb
(1)     [eap] = handled
(1)   } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(1)   Challenge { ... } # empty sub-section is ignored
(1) Sent Access-Challenge Id 1 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(1)   EAP-Message = 0x01eb001a2b210004001081dc9bdb52d04dc20036dbd8313ed055
(1)   Message-Authenticator = 0x00000000000000000000000000000000
(1)   State = 0xb22431b3b3cf1adb7f72bc3d985e2006
(1) Finished request
Waking up in 4.8 seconds.
(2) Received Access-Request Id 2 from 127.0.0.1:62244 to 0.0.0.0:1812 length 435
(2)   User-Name = "1234"
(2)   NAS-IP-Address = 127.0.0.1
(2)   Calling-Station-Id = "02-00-00-00-00-01"
(2)   Framed-MTU = 1400
(2)   NAS-Port-Type = Wireless-802.11
(2)   Service-Type = Framed-User
(2)   Connect-Info = "CONNECT 11Mbps 802.11b"
(2)   EAP-Message = 0x02eb012e2b0116030101230100011f030378420a4919f64442d67aff80fc92e77ed25aa36ae5f79d8ab4a67bf0dae196be000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff010000be000b000403000102000a000c000a001d0017001e00190018002300660002006281dc9bdb52d04dc20036dbd8313ed05500000000000000000000000000000000c74015d15ee1a1baa583108cdc4cd94aa2de29d0a3da8ae33197c989c7a371d3f1d17a12e553b578c02414b0fd3653d967add12b7843eb713e03e320b050a04ef2290016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602
(2)   State = 0xb22431b3b3cf1adb7f72bc3d985e2006
(2)   Message-Authenticator = 0x6736bdb225fc511ed8430552ebaa7960
(2) session-state: No cached attributes
(2) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(2)   authorize {
(2)     policy filter_username {
(2)       if (&User-Name) {
(2)       if (&User-Name)  -> TRUE
(2)       if (&User-Name)  {
(2)         if (&User-Name =~ / /) {
(2)         if (&User-Name =~ / /)  -> FALSE
(2)         if (&User-Name =~ /@[^@]*@/ ) {
(2)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(2)         if (&User-Name =~ /\.\./ ) {
(2)         if (&User-Name =~ /\.\./ )  -> FALSE
(2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(2)         if (&User-Name =~ /\.$/)  {
(2)         if (&User-Name =~ /\.$/)   -> FALSE
(2)         if (&User-Name =~ /@\./)  {
(2)         if (&User-Name =~ /@\./)   -> FALSE
(2)       } # if (&User-Name)  = notfound
(2)     } # policy filter_username = notfound
(2)     [preprocess] = ok
(2)     [chap] = noop
(2)     [mschap] = noop
(2)     [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: No '@' in User-Name = "1234", looking up realm NULL
(2) suffix: No such realm "NULL"
(2)     [suffix] = noop
(2) eap: Peer sent EAP Response (code 2) ID 235 length 302
(2) eap: No EAP Start, assuming it's an on-going EAP conversation
(2)     [eap] = updated
(2)     [files] = noop
(2)     [expiration] = noop
(2)     [logintime] = noop
Not doing PAP as Auth-Type is already set.
(2)     [pap] = noop
(2)   } # authorize = updated
(2) Found Auth-Type = eap
(2) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(2)   authenticate {
(2) eap: Expiring EAP session with state 0xb22431b3b3cf1adb
(2) eap: Finished EAP session with state 0xb22431b3b3cf1adb
(2) eap: Previous EAP request found for state 0xb22431b3b3cf1adb, released from the list
(2) eap: Peer sent packet with method EAP FAST (43)
(2) eap: Calling submodule eap_fast to process data
(2) eap_fast: Authenticate
(2) eap_fast: Continuing EAP-TLS
(2) eap_fast: [eaptls verify] = ok
(2) eap_fast: Done initial handshake
(2) eap_fast: (other): before SSL initialization
(2) eap_fast: TLS_accept: before SSL initialization
(2) eap_fast: TLS_accept: before SSL initialization
(2) eap_fast: <<< recv TLS 1.3  [length 0123]
(2) eap_fast: PAC provided via ClientHello SessionTicket extension
(2) eap_fast: processing PAC-Opaque
(2) eap_fast: TLS_accept: SSLv3/TLS read client hello
(2) eap_fast: >>> send TLS 1.1  [length 0061]
(2) eap_fast: TLS_accept: SSLv3/TLS write server hello
(2) eap_fast: >>> send TLS 1.1  [length 0001]
(2) eap_fast: TLS_accept: SSLv3/TLS write change cipher spec
(2) eap_fast: >>> send TLS 1.1  [length 0010]
(2) eap_fast: TLS_accept: SSLv3/TLS write finished
(2) eap_fast: TLS_accept: Need to read more data: SSLv3/TLS write finished
(2) eap_fast: TLS - In Handshake Phase
(2) eap_fast: TLS - got 181 bytes of data
(2) eap_fast: [eaptls process] = handled
(2) eap: Sending EAP Request (code 1) ID 236 length 187
(2) eap: EAP session adding &reply:State = 0xb22431b3b0c81adb
(2)     [eap] = handled
(2)   } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(2)   Challenge { ... } # empty sub-section is ignored
(2) Sent Access-Challenge Id 2 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(2)   EAP-Message = 0x01ec00bb2b0116030200610200005d0302bbf51c0cb48cc0765363b9c213a47cf6931892812fe8759e3b6e827995a9b67e20330701c670dbe0d22ffb307123950ac4c6c2ee823ba2dfec928d2a04df3c56c4c014000015ff01000100000b0004030001020016000000170000140302000101160302004495074e2bdb445df173c2d6d8ae04bb4c8c87aac49bc347a09c48fa5e5f992a7c93a5f1b2489d1b00d083a5da13dd60fc0c8872815e8053599ca2188727d82ffd92b0a92e
(2)   Message-Authenticator = 0x00000000000000000000000000000000
(2)   State = 0xb22431b3b0c81adb7f72bc3d985e2006
(2) Finished request
Waking up in 4.7 seconds.
(3) Received Access-Request Id 3 from 127.0.0.1:62244 to 0.0.0.0:1812 length 216
(3)   User-Name = "1234"
(3)   NAS-IP-Address = 127.0.0.1
(3)   Calling-Station-Id = "02-00-00-00-00-01"
(3)   Framed-MTU = 1400
(3)   NAS-Port-Type = Wireless-802.11
(3)   Service-Type = Framed-User
(3)   Connect-Info = "CONNECT 11Mbps 802.11b"
(3)   EAP-Message = 0x02ec00552b01140302000101160302004461b980a6609a1ebb3672eb7087f4eb6eee13106d7747b84de958e9744e47b923804398bf7909c30d7735b1b56364b07b6198879b4ebaf4f99d3b0f0631cf3c64f04922f7
(3)   State = 0xb22431b3b0c81adb7f72bc3d985e2006
(3)   Message-Authenticator = 0x7aaf468640e84bc844d9bc88c00e0741
(3) session-state: No cached attributes
(3) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(3)   authorize {
(3)     policy filter_username {
(3)       if (&User-Name) {
(3)       if (&User-Name)  -> TRUE
(3)       if (&User-Name)  {
(3)         if (&User-Name =~ / /) {
(3)         if (&User-Name =~ / /)  -> FALSE
(3)         if (&User-Name =~ /@[^@]*@/ ) {
(3)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(3)         if (&User-Name =~ /\.\./ ) {
(3)         if (&User-Name =~ /\.\./ )  -> FALSE
(3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(3)         if (&User-Name =~ /\.$/)  {
(3)         if (&User-Name =~ /\.$/)   -> FALSE
(3)         if (&User-Name =~ /@\./)  {
(3)         if (&User-Name =~ /@\./)   -> FALSE
(3)       } # if (&User-Name)  = notfound
(3)     } # policy filter_username = notfound
(3)     [preprocess] = ok
(3)     [chap] = noop
(3)     [mschap] = noop
(3)     [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "1234", looking up realm NULL
(3) suffix: No such realm "NULL"
(3)     [suffix] = noop
(3) eap: Peer sent EAP Response (code 2) ID 236 length 85
(3) eap: No EAP Start, assuming it's an on-going EAP conversation
(3)     [eap] = updated
(3)     [files] = noop
(3)     [expiration] = noop
(3)     [logintime] = noop
Not doing PAP as Auth-Type is already set.
(3)     [pap] = noop
(3)   } # authorize = updated
(3) Found Auth-Type = eap
(3) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(3)   authenticate {
(3) eap: Expiring EAP session with state 0xb22431b3b0c81adb
(3) eap: Finished EAP session with state 0xb22431b3b0c81adb
(3) eap: Previous EAP request found for state 0xb22431b3b0c81adb, released from the list
(3) eap: Peer sent packet with method EAP FAST (43)
(3) eap: Calling submodule eap_fast to process data
(3) eap_fast: Authenticate
(3) eap_fast: Continuing EAP-TLS
(3) eap_fast: [eaptls verify] = ok
(3) eap_fast: Done initial handshake
(3) eap_fast: TLS_accept: SSLv3/TLS write finished
(3) eap_fast: TLS_accept: SSLv3/TLS read change cipher spec
(3) eap_fast: <<< recv TLS 1.1  [length 0010]
(3) eap_fast: TLS_accept: SSLv3/TLS read finished
(3) eap_fast: (other): SSL negotiation finished successfully
(3) eap_fast: TLS - Connection Established
(3) eap_fast: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(3) eap_fast: TLS-Session-Version = "TLS 1.1"
(3) eap_fast: TLS - Application data.
(3) eap_fast: WARNING: No information in cached session 330701c670dbe0d22ffb307123950ac4c6c2ee823ba2dfec928d2a04df3c56c4
(3) eap_fast: [eaptls process] = success
(3) eap_fast: Session established.  Proceeding to decode tunneled attributes
(3) eap_fast: Session Resumed from PAC
(3) eap_fast: Deriving EAP-FAST keys
(3) eap_fast: OpenSSL: cipher nid 427 digest nid 64
(3) eap_fast: OpenSSL: keyblock size: key_len=32 MD_size=20 IV_len=16
(3) eap_fast: Sending EAP-Identity
(3) eap_fast: Challenge
(3) eap: Sending EAP Request (code 1) ID 237 length 63
(3) eap: EAP session adding &reply:State = 0xb22431b3b1c91adb
(3)     [eap] = handled
(3)   } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(3)   Challenge { ... } # empty sub-section is ignored
(3) session-state: Saving cached attributes
(3)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(3)   TLS-Session-Version = "TLS 1.1"
(3) Sent Access-Challenge Id 3 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(3)   EAP-Message = 0x01ed003f2b011703020034cb57db7430b66bf855e9064c66187f83f6585c2f20fca65dc9ed6f7d3f0fde0a6fe8ed752bb936ca202c3cab5796671194d77336
(3)   Message-Authenticator = 0x00000000000000000000000000000000
(3)   State = 0xb22431b3b1c91adb7f72bc3d985e2006
(3) Finished request
Waking up in 4.5 seconds.
(4) Received Access-Request Id 4 from 127.0.0.1:62244 to 0.0.0.0:1812 length 194
(4)   User-Name = "1234"
(4)   NAS-IP-Address = 127.0.0.1
(4)   Calling-Station-Id = "02-00-00-00-00-01"
(4)   Framed-MTU = 1400
(4)   NAS-Port-Type = Wireless-802.11
(4)   Service-Type = Framed-User
(4)   Connect-Info = "CONNECT 11Mbps 802.11b"
(4)   EAP-Message = 0x02ed003f2b011703020034f4ff56e41a0cba313310f866b62b2c6c1e23d9884a80a3cb2b820560f85529fd79e6b93eccf6c842fa56a30c0bc9d1bc0745898e
(4)   State = 0xb22431b3b1c91adb7f72bc3d985e2006
(4)   Message-Authenticator = 0x7147944225bb3ebc6566df9d97ee45fb
(4) Restoring &session-state
(4)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(4)   &session-state:TLS-Session-Version = "TLS 1.1"
(4) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(4)   authorize {
(4)     policy filter_username {
(4)       if (&User-Name) {
(4)       if (&User-Name)  -> TRUE
(4)       if (&User-Name)  {
(4)         if (&User-Name =~ / /) {
(4)         if (&User-Name =~ / /)  -> FALSE
(4)         if (&User-Name =~ /@[^@]*@/ ) {
(4)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(4)         if (&User-Name =~ /\.\./ ) {
(4)         if (&User-Name =~ /\.\./ )  -> FALSE
(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(4)         if (&User-Name =~ /\.$/)  {
(4)         if (&User-Name =~ /\.$/)   -> FALSE
(4)         if (&User-Name =~ /@\./)  {
(4)         if (&User-Name =~ /@\./)   -> FALSE
(4)       } # if (&User-Name)  = notfound
(4)     } # policy filter_username = notfound
(4)     [preprocess] = ok
(4)     [chap] = noop
(4)     [mschap] = noop
(4)     [digest] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: No '@' in User-Name = "1234", looking up realm NULL
(4) suffix: No such realm "NULL"
(4)     [suffix] = noop
(4) eap: Peer sent EAP Response (code 2) ID 237 length 63
(4) eap: No EAP Start, assuming it's an on-going EAP conversation
(4)     [eap] = updated
(4)     [files] = noop
(4)     [expiration] = noop
(4)     [logintime] = noop
Not doing PAP as Auth-Type is already set.
(4)     [pap] = noop
(4)   } # authorize = updated
(4) Found Auth-Type = eap
(4) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(4)   authenticate {
(4) eap: Expiring EAP session with state 0xb22431b3b1c91adb
(4) eap: Finished EAP session with state 0xb22431b3b1c91adb
(4) eap: Previous EAP request found for state 0xb22431b3b1c91adb, released from the list
(4) eap: Peer sent packet with method EAP FAST (43)
(4) eap: Calling submodule eap_fast to process data
(4) eap_fast: Authenticate
(4) eap_fast: Continuing EAP-TLS
(4) eap_fast: [eaptls verify] = ok
(4) eap_fast: Done initial handshake
(4) eap_fast: [eaptls process] = ok
(4) eap_fast: Session established.  Proceeding to decode tunneled attributes
(4) eap_fast: Got Tunneled FAST TLVs
(4) eap_fast:   FreeRADIUS-EAP-FAST-EAP-Payload = 0x02ed0008016d6777
(4) eap_fast: Processing received EAP Payload
(4) eap_fast: Got tunneled request
(4) eap_fast:   EAP-Message = 0x02ed0008016d6777
(4) eap_fast: Got tunneled identity of mgw
(4) eap_fast: AUTHENTICATION
(4) Virtual server inner-tunnel received request
(4)   EAP-Message = 0x02ed0008016d6777
(4)   FreeRADIUS-Proxied-To = 127.0.0.1
(4)   User-Name = "mgw"
(4) WARNING: Outer User-Name is not anonymized.  User privacy is compromised.
(4) server inner-tunnel {
(4)   # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(4)     authorize {
(4)       policy filter_username {
(4)         if (&User-Name) {
(4)         if (&User-Name)  -> TRUE
(4)         if (&User-Name)  {
(4)           if (&User-Name =~ / /) {
(4)           if (&User-Name =~ / /)  -> FALSE
(4)           if (&User-Name =~ /@[^@]*@/ ) {
(4)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(4)           if (&User-Name =~ /\.\./ ) {
(4)           if (&User-Name =~ /\.\./ )  -> FALSE
(4)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(4)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(4)           if (&User-Name =~ /\.$/)  {
(4)           if (&User-Name =~ /\.$/)   -> FALSE
(4)           if (&User-Name =~ /@\./)  {
(4)           if (&User-Name =~ /@\./)   -> FALSE
(4)         } # if (&User-Name)  = notfound
(4)       } # policy filter_username = notfound
(4)       [chap] = noop
(4)       [mschap] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: No '@' in User-Name = "mgw", looking up realm NULL
(4) suffix: No such realm "NULL"
(4)       [suffix] = noop
(4)       update control {
(4)         &Proxy-To-Realm := LOCAL
(4)       } # update control = noop
(4) eap: Peer sent EAP Response (code 2) ID 237 length 8
(4) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(4)       [eap] = ok
(4)     } # authorize = ok
(4)   Found Auth-Type = eap
(4)   # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(4)     authenticate {
(4) eap: Peer sent packet with method EAP Identity (1)
(4) eap: Calling submodule eap_mschapv2 to process data
(4) eap_mschapv2: Issuing Challenge
(4) eap: Sending EAP Request (code 1) ID 238 length 43
(4) eap: EAP session adding &reply:State = 0xe3368f25e3d895bc
(4)       [eap] = handled
(4)     } # authenticate = handled
(4) } # server inner-tunnel
(4) Virtual server sending reply
(4)   EAP-Message = 0x01ee002b1a01ee0026103110d50663aee1e22b52404ccb89303b667265657261646975732d332e302e3138
(4)   Message-Authenticator = 0x00000000000000000000000000000000
(4)   State = 0xe3368f25e3d895bc2c65ae25c75c3478
(4) eap_fast: Got tunneled Access-Challenge
(4) eap_fast: Challenge
(4) eap: Sending EAP Request (code 1) ID 238 length 95
(4) eap: EAP session adding &reply:State = 0xb22431b3b6ca1adb
(4)     [eap] = handled
(4)   } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(4)   Challenge { ... } # empty sub-section is ignored
(4) session-state: Saving cached attributes
(4)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(4)   TLS-Session-Version = "TLS 1.1"
(4) Sent Access-Challenge Id 4 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(4)   EAP-Message = 0x01ee005f2b011703020054473429758f9db17f0ae8957b91950face79823365b7cad281515172e53715604e136da70224095aa01ec8400f754cec046515d4fcda35efbc8350dda31439607a2d92976a20e10f2138756795d04eabf0c8693f7
(4)   Message-Authenticator = 0x00000000000000000000000000000000
(4)   State = 0xb22431b3b6ca1adb7f72bc3d985e2006
(4) Finished request
Waking up in 4.3 seconds.
(5) Received Access-Request Id 5 from 127.0.0.1:62244 to 0.0.0.0:1812 length 258
(5)   User-Name = "1234"
(5)   NAS-IP-Address = 127.0.0.1
(5)   Calling-Station-Id = "02-00-00-00-00-01"
(5)   Framed-MTU = 1400
(5)   NAS-Port-Type = Wireless-802.11
(5)   Service-Type = Framed-User
(5)   Connect-Info = "CONNECT 11Mbps 802.11b"
(5)   EAP-Message = 0x02ee007f2b0117030200747f38e22f07b9ac8bca3a0398c0a7794d11e0a33a3b2b94219f11a1d2442e381d8942a8febe3444e2c28707aab957908f3c0b9254418499b373868e39ce13b825d9718ef42b7a98d699a68e85c9fbf49dfb1a45d9e7762b76f1ed6bde2fe30df088210f67a394d9c4e3becb26d81e9ff41144c0f7
(5)   State = 0xb22431b3b6ca1adb7f72bc3d985e2006
(5)   Message-Authenticator = 0x8e40c8ea8e4f541690157aa75c2732d6
(5) Restoring &session-state
(5)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(5)   &session-state:TLS-Session-Version = "TLS 1.1"
(5) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(5)   authorize {
(5)     policy filter_username {
(5)       if (&User-Name) {
(5)       if (&User-Name)  -> TRUE
(5)       if (&User-Name)  {
(5)         if (&User-Name =~ / /) {
(5)         if (&User-Name =~ / /)  -> FALSE
(5)         if (&User-Name =~ /@[^@]*@/ ) {
(5)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(5)         if (&User-Name =~ /\.\./ ) {
(5)         if (&User-Name =~ /\.\./ )  -> FALSE
(5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(5)         if (&User-Name =~ /\.$/)  {
(5)         if (&User-Name =~ /\.$/)   -> FALSE
(5)         if (&User-Name =~ /@\./)  {
(5)         if (&User-Name =~ /@\./)   -> FALSE
(5)       } # if (&User-Name)  = notfound
(5)     } # policy filter_username = notfound
(5)     [preprocess] = ok
(5)     [chap] = noop
(5)     [mschap] = noop
(5)     [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "1234", looking up realm NULL
(5) suffix: No such realm "NULL"
(5)     [suffix] = noop
(5) eap: Peer sent EAP Response (code 2) ID 238 length 127
(5) eap: No EAP Start, assuming it's an on-going EAP conversation
(5)     [eap] = updated
(5)     [files] = noop
(5)     [expiration] = noop
(5)     [logintime] = noop
Not doing PAP as Auth-Type is already set.
(5)     [pap] = noop
(5)   } # authorize = updated
(5) Found Auth-Type = eap
(5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(5)   authenticate {
(5) eap: Expiring EAP session with state 0xe3368f25e3d895bc
(5) eap: Finished EAP session with state 0xb22431b3b6ca1adb
(5) eap: Previous EAP request found for state 0xb22431b3b6ca1adb, released from the list
(5) eap: Peer sent packet with method EAP FAST (43)
(5) eap: Calling submodule eap_fast to process data
(5) eap_fast: Authenticate
(5) eap_fast: Continuing EAP-TLS
(5) eap_fast: [eaptls verify] = ok
(5) eap_fast: Done initial handshake
(5) eap_fast: [eaptls process] = ok
(5) eap_fast: Session established.  Proceeding to decode tunneled attributes
(5) eap_fast: Got Tunneled FAST TLVs
(5) eap_fast:   FreeRADIUS-EAP-FAST-EAP-Payload = 0x02ee003e1a02ee003931b788fe4ec73ae1dcef2977c9f261a20b0000000000000000bbfadae962ed13ccba78ef79edde455a8bb19177712d7a9c006d6777
(5) eap_fast: Processing received EAP Payload
(5) eap_fast: Got tunneled request
(5) eap_fast:   EAP-Message = 0x02ee003e1a02ee003931b788fe4ec73ae1dcef2977c9f261a20b0000000000000000bbfadae962ed13ccba78ef79edde455a8bb19177712d7a9c006d6777
(5) eap_fast: AUTHENTICATION
(5) Virtual server inner-tunnel received request
(5)   EAP-Message = 0x02ee003e1a02ee003931b788fe4ec73ae1dcef2977c9f261a20b0000000000000000bbfadae962ed13ccba78ef79edde455a8bb19177712d7a9c006d6777
(5)   FreeRADIUS-Proxied-To = 127.0.0.1
(5)   User-Name = "mgw"
(5)   State = 0xe3368f25e3d895bc2c65ae25c75c3478
(5) WARNING: Outer User-Name is not anonymized.  User privacy is compromised.
(5) server inner-tunnel {
(5)   session-state: No cached attributes
(5)   # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(5)     authorize {
(5)       policy filter_username {
(5)         if (&User-Name) {
(5)         if (&User-Name)  -> TRUE
(5)         if (&User-Name)  {
(5)           if (&User-Name =~ / /) {
(5)           if (&User-Name =~ / /)  -> FALSE
(5)           if (&User-Name =~ /@[^@]*@/ ) {
(5)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(5)           if (&User-Name =~ /\.\./ ) {
(5)           if (&User-Name =~ /\.\./ )  -> FALSE
(5)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(5)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(5)           if (&User-Name =~ /\.$/)  {
(5)           if (&User-Name =~ /\.$/)   -> FALSE
(5)           if (&User-Name =~ /@\./)  {
(5)           if (&User-Name =~ /@\./)   -> FALSE
(5)         } # if (&User-Name)  = notfound
(5)       } # policy filter_username = notfound
(5)       [chap] = noop
(5)       [mschap] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "mgw", looking up realm NULL
(5) suffix: No such realm "NULL"
(5)       [suffix] = noop
(5)       update control {
(5)         &Proxy-To-Realm := LOCAL
(5)       } # update control = noop
(5) eap: Peer sent EAP Response (code 2) ID 238 length 62
(5) eap: No EAP Start, assuming it's an on-going EAP conversation
(5)       [eap] = updated
(5) files: users: Matched entry mgw at line 68
(5)       [files] = ok
(5)       [expiration] = noop
(5)       [logintime] = noop
(5) pap: WARNING: Auth-Type already set.  Not setting to PAP
(5)       [pap] = noop
(5)     } # authorize = updated
(5)   Found Auth-Type = eap
(5)   # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(5)     authenticate {
(5) eap: Expiring EAP session with state 0xe3368f25e3d895bc
(5) eap: Finished EAP session with state 0xe3368f25e3d895bc
(5) eap: Previous EAP request found for state 0xe3368f25e3d895bc, released from the list
(5) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(5) eap: Calling submodule eap_mschapv2 to process data
(5) eap_mschapv2: # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(5) eap_mschapv2:   authenticate {
(5) mschap: Found Cleartext-Password, hashing to create NT-Password
(5) mschap: Found Cleartext-Password, hashing to create LM-Password
(5) mschap: Creating challenge hash with username: mgw
(5) mschap: Client is using MS-CHAPv2
(5) mschap: Adding MS-CHAPv2 MPPE keys
(5)     [mschap] = ok
(5)   } # authenticate = ok
(5) MSCHAP Success
(5) eap: Sending EAP Request (code 1) ID 239 length 51
(5) eap: EAP session adding &reply:State = 0xe3368f25e2d995bc
(5)       [eap] = handled
(5)     } # authenticate = handled
(5) } # server inner-tunnel
(5) Virtual server sending reply
(5)   EAP-Message = 0x01ef00331a03ee002e533d37393836433534434446394230334436444441393837384442413736333044303244383234344142
(5)   Message-Authenticator = 0x00000000000000000000000000000000
(5)   State = 0xe3368f25e2d995bc2c65ae25c75c3478
(5) eap_fast: Got tunneled Access-Challenge
(5) eap_fast: Challenge
(5) eap: Sending EAP Request (code 1) ID 239 length 111
(5) eap: EAP session adding &reply:State = 0xb22431b3b7cb1adb
(5)     [eap] = handled
(5)   } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(5)   Challenge { ... } # empty sub-section is ignored
(5) session-state: Saving cached attributes
(5)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(5)   TLS-Session-Version = "TLS 1.1"
(5) Sent Access-Challenge Id 5 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(5)   EAP-Message = 0x01ef006f2b011703020064e77850006db663e3cb8f8bc0a50bc2da30a5689ce3dc0a39c694374e26c5cc5932f3e543c1ff63b44aafa554bdc04d5c8a1bc8beb819653b75ac4760be0c7f6ce69f0f9d23a1d819176fba30e9269991d7901a377638e0cdb86599cecb11d552c614b262
(5)   Message-Authenticator = 0x00000000000000000000000000000000
(5)   State = 0xb22431b3b7cb1adb7f72bc3d985e2006
(5) Finished request
Waking up in 4.1 seconds.
(6) Received Access-Request Id 6 from 127.0.0.1:62244 to 0.0.0.0:1812 length 194
(6)   User-Name = "1234"
(6)   NAS-IP-Address = 127.0.0.1
(6)   Calling-Station-Id = "02-00-00-00-00-01"
(6)   Framed-MTU = 1400
(6)   NAS-Port-Type = Wireless-802.11
(6)   Service-Type = Framed-User
(6)   Connect-Info = "CONNECT 11Mbps 802.11b"
(6)   EAP-Message = 0x02ef003f2b011703020034215c7108855a146498fb7e075f8a21004c222739fd3a10199ec97b6661def96b46be7a7fd36d88cb87d5adf864a7bc008cdafefb
(6)   State = 0xb22431b3b7cb1adb7f72bc3d985e2006
(6)   Message-Authenticator = 0x2789e6c321d010bb4970f96d043f9a91
(6) Restoring &session-state
(6)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(6)   &session-state:TLS-Session-Version = "TLS 1.1"
(6) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(6)   authorize {
(6)     policy filter_username {
(6)       if (&User-Name) {
(6)       if (&User-Name)  -> TRUE
(6)       if (&User-Name)  {
(6)         if (&User-Name =~ / /) {
(6)         if (&User-Name =~ / /)  -> FALSE
(6)         if (&User-Name =~ /@[^@]*@/ ) {
(6)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(6)         if (&User-Name =~ /\.\./ ) {
(6)         if (&User-Name =~ /\.\./ )  -> FALSE
(6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(6)         if (&User-Name =~ /\.$/)  {
(6)         if (&User-Name =~ /\.$/)   -> FALSE
(6)         if (&User-Name =~ /@\./)  {
(6)         if (&User-Name =~ /@\./)   -> FALSE
(6)       } # if (&User-Name)  = notfound
(6)     } # policy filter_username = notfound
(6)     [preprocess] = ok
(6)     [chap] = noop
(6)     [mschap] = noop
(6)     [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "1234", looking up realm NULL
(6) suffix: No such realm "NULL"
(6)     [suffix] = noop
(6) eap: Peer sent EAP Response (code 2) ID 239 length 63
(6) eap: No EAP Start, assuming it's an on-going EAP conversation
(6)     [eap] = updated
(6)     [files] = noop
(6)     [expiration] = noop
(6)     [logintime] = noop
Not doing PAP as Auth-Type is already set.
(6)     [pap] = noop
(6)   } # authorize = updated
(6) Found Auth-Type = eap
(6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(6)   authenticate {
(6) eap: Expiring EAP session with state 0xe3368f25e2d995bc
(6) eap: Finished EAP session with state 0xb22431b3b7cb1adb
(6) eap: Previous EAP request found for state 0xb22431b3b7cb1adb, released from the list
(6) eap: Peer sent packet with method EAP FAST (43)
(6) eap: Calling submodule eap_fast to process data
(6) eap_fast: Authenticate
(6) eap_fast: Continuing EAP-TLS
(6) eap_fast: [eaptls verify] = ok
(6) eap_fast: Done initial handshake
(6) eap_fast: [eaptls process] = ok
(6) eap_fast: Session established.  Proceeding to decode tunneled attributes
(6) eap_fast: Got Tunneled FAST TLVs
(6) eap_fast:   FreeRADIUS-EAP-FAST-EAP-Payload = 0x02ef00061a03
(6) eap_fast: Processing received EAP Payload
(6) eap_fast: Got tunneled request
(6) eap_fast:   EAP-Message = 0x02ef00061a03
(6) eap_fast: AUTHENTICATION
(6) Virtual server inner-tunnel received request
(6)   EAP-Message = 0x02ef00061a03
(6)   FreeRADIUS-Proxied-To = 127.0.0.1
(6)   User-Name = "mgw"
(6)   State = 0xe3368f25e2d995bc2c65ae25c75c3478
(6) WARNING: Outer User-Name is not anonymized.  User privacy is compromised.
(6) server inner-tunnel {
(6)   session-state: No cached attributes
(6)   # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(6)     authorize {
(6)       policy filter_username {
(6)         if (&User-Name) {
(6)         if (&User-Name)  -> TRUE
(6)         if (&User-Name)  {
(6)           if (&User-Name =~ / /) {
(6)           if (&User-Name =~ / /)  -> FALSE
(6)           if (&User-Name =~ /@[^@]*@/ ) {
(6)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(6)           if (&User-Name =~ /\.\./ ) {
(6)           if (&User-Name =~ /\.\./ )  -> FALSE
(6)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(6)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(6)           if (&User-Name =~ /\.$/)  {
(6)           if (&User-Name =~ /\.$/)   -> FALSE
(6)           if (&User-Name =~ /@\./)  {
(6)           if (&User-Name =~ /@\./)   -> FALSE
(6)         } # if (&User-Name)  = notfound
(6)       } # policy filter_username = notfound
(6)       [chap] = noop
(6)       [mschap] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "mgw", looking up realm NULL
(6) suffix: No such realm "NULL"
(6)       [suffix] = noop
(6)       update control {
(6)         &Proxy-To-Realm := LOCAL
(6)       } # update control = noop
(6) eap: Peer sent EAP Response (code 2) ID 239 length 6
(6) eap: No EAP Start, assuming it's an on-going EAP conversation
(6)       [eap] = updated
(6) files: users: Matched entry mgw at line 68
(6)       [files] = ok
(6)       [expiration] = noop
(6)       [logintime] = noop
(6) pap: WARNING: Auth-Type already set.  Not setting to PAP
(6)       [pap] = noop
(6)     } # authorize = updated
(6)   Found Auth-Type = eap
(6)   # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(6)     authenticate {
(6) eap: Expiring EAP session with state 0xe3368f25e2d995bc
(6) eap: Finished EAP session with state 0xe3368f25e2d995bc
(6) eap: Previous EAP request found for state 0xe3368f25e2d995bc, released from the list
(6) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(6) eap: Calling submodule eap_mschapv2 to process data
(6) eap: Sending EAP Success (code 3) ID 239 length 4
(6) eap: Freeing handler
(6)       [eap] = ok
(6)     } # authenticate = ok
(6)   # Executing section post-auth from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(6)     post-auth {
(6)       if (0) {
(6)       if (0)  -> FALSE
(6)     } # post-auth = noop
(6) } # server inner-tunnel
(6) Virtual server sending reply
(6)   MS-MPPE-Encryption-Policy = Encryption-Allowed
(6)   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(6)   MS-MPPE-Send-Key = 0xce9491926bc2c79a3f1431e5e21391f5
(6)   MS-MPPE-Recv-Key = 0xeb638c24bfa050d0069792e946c20e23
(6)   EAP-Message = 0x03ef0004
(6)   Message-Authenticator = 0x00000000000000000000000000000000
(6)   User-Name = "mgw"
(6) eap_fast: Got tunneled Access-Accept
(6) eap_fast: Updating ICMK
(6) eap_fast: Sending Cryptobinding
(6) eap_fast: Challenge
(6) eap: Sending EAP Request (code 1) ID 240 length 127
(6) eap: EAP session adding &reply:State = 0xb22431b3b4d41adb
(6)     [eap] = handled
(6)   } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(6)   Challenge { ... } # empty sub-section is ignored
(6) session-state: Saving cached attributes
(6)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(6)   TLS-Session-Version = "TLS 1.1"
(6) Sent Access-Challenge Id 6 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(6)   EAP-Message = 0x01f0007f2b011703020074299c8187b828c7d3995e79e4ff3d74d800a552a67ffd98f85b3d0bc79e5aee5f0f1f5cdcb314ced5f0a322acf7722de24b0610dc0e98f6413d77620150aa052194b876d892cef177aa7ce513411df490a3fc7460e8c44c491d183df33eabc4dd34f5266ab8c869d902547e859054c24b60b15dfb
(6)   Message-Authenticator = 0x00000000000000000000000000000000
(6)   State = 0xb22431b3b4d41adb7f72bc3d985e2006
(6) Finished request
Waking up in 3.9 seconds.
(7) Received Access-Request Id 7 from 127.0.0.1:62244 to 0.0.0.0:1812 length 258
(7)   User-Name = "1234"
(7)   NAS-IP-Address = 127.0.0.1
(7)   Calling-Station-Id = "02-00-00-00-00-01"
(7)   Framed-MTU = 1400
(7)   NAS-Port-Type = Wireless-802.11
(7)   Service-Type = Framed-User
(7)   Connect-Info = "CONNECT 11Mbps 802.11b"
(7)   EAP-Message = 0x02f0007f2b011703020074780334064673d0fb51e06fe8ec527ed50174de91c8e6105d1c66c95e40987481ac18b2559b8642a58e12e8dbc8ebdfb5666c973da24b5f437251ac90cedb46b871fb0b1894810a453546090d56eed532a88d2d63ebecb4f0f5c66c44f5e22b338889b42e7cfb746d5dbe9d91069feb40f1b3f66e
(7)   State = 0xb22431b3b4d41adb7f72bc3d985e2006
(7)   Message-Authenticator = 0x4553f5e6d65b5993e23f64147bf95f06
(7) Restoring &session-state
(7)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(7)   &session-state:TLS-Session-Version = "TLS 1.1"
(7) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(7)   authorize {
(7)     policy filter_username {
(7)       if (&User-Name) {
(7)       if (&User-Name)  -> TRUE
(7)       if (&User-Name)  {
(7)         if (&User-Name =~ / /) {
(7)         if (&User-Name =~ / /)  -> FALSE
(7)         if (&User-Name =~ /@[^@]*@/ ) {
(7)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(7)         if (&User-Name =~ /\.\./ ) {
(7)         if (&User-Name =~ /\.\./ )  -> FALSE
(7)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(7)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(7)         if (&User-Name =~ /\.$/)  {
(7)         if (&User-Name =~ /\.$/)   -> FALSE
(7)         if (&User-Name =~ /@\./)  {
(7)         if (&User-Name =~ /@\./)   -> FALSE
(7)       } # if (&User-Name)  = notfound
(7)     } # policy filter_username = notfound
(7)     [preprocess] = ok
(7)     [chap] = noop
(7)     [mschap] = noop
(7)     [digest] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "1234", looking up realm NULL
(7) suffix: No such realm "NULL"
(7)     [suffix] = noop
(7) eap: Peer sent EAP Response (code 2) ID 240 length 127
(7) eap: No EAP Start, assuming it's an on-going EAP conversation
(7)     [eap] = updated
(7)     [files] = noop
(7)     [expiration] = noop
(7)     [logintime] = noop
Not doing PAP as Auth-Type is already set.
(7)     [pap] = noop
(7)   } # authorize = updated
(7) Found Auth-Type = eap
(7) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(7)   authenticate {
(7) eap: Expiring EAP session with state 0xb22431b3b4d41adb
(7) eap: Finished EAP session with state 0xb22431b3b4d41adb
(7) eap: Previous EAP request found for state 0xb22431b3b4d41adb, released from the list
(7) eap: Peer sent packet with method EAP FAST (43)
(7) eap: Calling submodule eap_fast to process data
(7) eap_fast: Authenticate
(7) eap_fast: Continuing EAP-TLS
(7) eap_fast: [eaptls verify] = ok
(7) eap_fast: Done initial handshake
(7) eap_fast: [eaptls process] = ok
(7) eap_fast: Session established.  Proceeding to decode tunneled attributes
(7) eap_fast: Got Tunneled FAST TLVs
(7) eap_fast:   FreeRADIUS-EAP-FAST-Result = 1
(7) eap_fast:   FreeRADIUS-EAP-FAST-Crypto-Binding = 0x00010101ac837d7f5580b23cd65efd092cef4cc5a7fe7d46b32327c6ba8037304146643d4f9e2cef97169b908fe30c1865b53909b0903557
(7) eap_fast: Forcibly stopping session resumption as it is not allowed
(7) eap: Sending EAP Success (code 3) ID 240 length 4
(7) eap: Freeing handler
(7)     [eap] = ok
(7)   } # authenticate = ok
(7) # Executing section post-auth from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(7)   post-auth {
(7)     update {
(7)       &reply::TLS-Session-Cipher-Suite += &session-state:TLS-Session-Cipher-Suite[*] -> 'ECDHE-RSA-AES256-SHA'
(7)       &reply::TLS-Session-Version += &session-state:TLS-Session-Version[*] -> 'TLS 1.1'
(7)     } # update = noop
(7)     [exec] = noop
(7)     policy remove_reply_message_if_eap {
(7)       if (&reply:EAP-Message && &reply:Reply-Message) {
(7)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(7)       else {
(7)         [noop] = noop
(7)       } # else = noop
(7)     } # policy remove_reply_message_if_eap = noop
(7)   } # post-auth = noop
(7) Sent Access-Accept Id 7 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(7)   MS-MPPE-Recv-Key = 0x41cce86a7d5697650b7f5ffce0fc1285f330cae573c5140484f030572881adee
(7)   MS-MPPE-Send-Key = 0xc0b77cfa7d332913d1fe7741d41a25139c0c73523d31f70cc5cc211a44a3318a
(7)   EAP-Message = 0x03f00004
(7)   Message-Authenticator = 0x00000000000000000000000000000000
(7)   User-Name = "1234"
(7) Finished request
Waking up in 3.7 seconds.
(0) Cleaning up request packet ID 0 with timestamp +10
(1) Cleaning up request packet ID 1 with timestamp +10
Waking up in 0.1 seconds.
(2) Cleaning up request packet ID 2 with timestamp +10
Waking up in 0.1 seconds.
(3) Cleaning up request packet ID 3 with timestamp +10
Waking up in 0.1 seconds.
(4) Cleaning up request packet ID 4 with timestamp +10
Waking up in 0.2 seconds.
(5) Cleaning up request packet ID 5 with timestamp +11
Waking up in 0.1 seconds.
(6) Cleaning up request packet ID 6 with timestamp +11
Waking up in 0.1 seconds.
(7) Cleaning up request packet ID 7 with timestamp +11
Ready to process requests



More information about the Freeradius-Users mailing list