EAP-FAST with FreeRADIUS 3.0.18
Sergio NNX
sfhacker at hotmail.com
Mon Mar 4 17:16:50 CET 2019
> <sigh> I pushed a fix.
Thanks Alan.
That seems to fix it!
<snip>
Ready to process requests
(0) Received Access-Request Id 0 from 127.0.0.1:62244 to 0.0.0.0:1812 length 122
(0) User-Name = "1234"
(0) NAS-IP-Address = 127.0.0.1
(0) Calling-Station-Id = "02-00-00-00-00-01"
(0) Framed-MTU = 1400
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) Connect-Info = "CONNECT 11Mbps 802.11b"
(0) EAP-Message = 0x02e900090131323334
(0) Message-Authenticator = 0x8862b1c49abc0f9646933a0c5bd925df
(0) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /@\./) {
(0) if (&User-Name =~ /@\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "1234", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) eap: Peer sent EAP Response (code 2) ID 233 length 9
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(0) authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_md5 to process data
(0) eap_md5: Issuing MD5 Challenge
(0) eap: Sending EAP Request (code 1) ID 234 length 22
(0) eap: EAP session adding &reply:State = 0xb22431b3b2ce35db
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(0) Challenge { ... } # empty sub-section is ignored
(0) Sent Access-Challenge Id 0 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(0) EAP-Message = 0x01ea001604101b80c0994cef15a0e2e3c889ab57c1fb
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0xb22431b3b2ce35db7f72bc3d985e2006
(0) Finished request
Waking up in 5.0 seconds.
(1) Received Access-Request Id 1 from 127.0.0.1:62244 to 0.0.0.0:1812 length 137
(1) User-Name = "1234"
(1) NAS-IP-Address = 127.0.0.1
(1) Calling-Station-Id = "02-00-00-00-00-01"
(1) Framed-MTU = 1400
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) Connect-Info = "CONNECT 11Mbps 802.11b"
(1) EAP-Message = 0x02ea0006032b
(1) State = 0xb22431b3b2ce35db7f72bc3d985e2006
(1) Message-Authenticator = 0x0d4078ec678e91427c5dcdea27f451ed
(1) session-state: No cached attributes
(1) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /@\./) {
(1) if (&User-Name =~ /@\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "1234", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) eap: Peer sent EAP Response (code 2) ID 234 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) [files] = noop
(1) [expiration] = noop
(1) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(1) [pap] = noop
(1) } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(1) authenticate {
(1) eap: Expiring EAP session with state 0xb22431b3b2ce35db
(1) eap: Finished EAP session with state 0xb22431b3b2ce35db
(1) eap: Previous EAP request found for state 0xb22431b3b2ce35db, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type FAST (43)
(1) eap: Calling submodule eap_fast to process data
(1) eap_fast: Initiating new TLS session
(1) eap_fast: Over-riding main cipher list with 'ALL:!EXPORT:!eNULL:!SSLv2:@SECLEVEL=0'
(1) eap: Sending EAP Request (code 1) ID 235 length 26
(1) eap: EAP session adding &reply:State = 0xb22431b3b3cf1adb
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(1) Challenge { ... } # empty sub-section is ignored
(1) Sent Access-Challenge Id 1 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(1) EAP-Message = 0x01eb001a2b210004001081dc9bdb52d04dc20036dbd8313ed055
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0xb22431b3b3cf1adb7f72bc3d985e2006
(1) Finished request
Waking up in 4.8 seconds.
(2) Received Access-Request Id 2 from 127.0.0.1:62244 to 0.0.0.0:1812 length 435
(2) User-Name = "1234"
(2) NAS-IP-Address = 127.0.0.1
(2) Calling-Station-Id = "02-00-00-00-00-01"
(2) Framed-MTU = 1400
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) Connect-Info = "CONNECT 11Mbps 802.11b"
(2) EAP-Message = 0x02eb012e2b0116030101230100011f030378420a4919f64442d67aff80fc92e77ed25aa36ae5f79d8ab4a67bf0dae196be000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff010000be000b000403000102000a000c000a001d0017001e00190018002300660002006281dc9bdb52d04dc20036dbd8313ed05500000000000000000000000000000000c74015d15ee1a1baa583108cdc4cd94aa2de29d0a3da8ae33197c989c7a371d3f1d17a12e553b578c02414b0fd3653d967add12b7843eb713e03e320b050a04ef2290016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602
(2) State = 0xb22431b3b3cf1adb7f72bc3d985e2006
(2) Message-Authenticator = 0x6736bdb225fc511ed8430552ebaa7960
(2) session-state: No cached attributes
(2) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(2) authorize {
(2) policy filter_username {
(2) if (&User-Name) {
(2) if (&User-Name) -> TRUE
(2) if (&User-Name) {
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@[^@]*@/ ) {
(2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(2) if (&User-Name =~ /\.\./ ) {
(2) if (&User-Name =~ /\.\./ ) -> FALSE
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(2) if (&User-Name =~ /\.$/) {
(2) if (&User-Name =~ /\.$/) -> FALSE
(2) if (&User-Name =~ /@\./) {
(2) if (&User-Name =~ /@\./) -> FALSE
(2) } # if (&User-Name) = notfound
(2) } # policy filter_username = notfound
(2) [preprocess] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: No '@' in User-Name = "1234", looking up realm NULL
(2) suffix: No such realm "NULL"
(2) [suffix] = noop
(2) eap: Peer sent EAP Response (code 2) ID 235 length 302
(2) eap: No EAP Start, assuming it's an on-going EAP conversation
(2) [eap] = updated
(2) [files] = noop
(2) [expiration] = noop
(2) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(2) [pap] = noop
(2) } # authorize = updated
(2) Found Auth-Type = eap
(2) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(2) authenticate {
(2) eap: Expiring EAP session with state 0xb22431b3b3cf1adb
(2) eap: Finished EAP session with state 0xb22431b3b3cf1adb
(2) eap: Previous EAP request found for state 0xb22431b3b3cf1adb, released from the list
(2) eap: Peer sent packet with method EAP FAST (43)
(2) eap: Calling submodule eap_fast to process data
(2) eap_fast: Authenticate
(2) eap_fast: Continuing EAP-TLS
(2) eap_fast: [eaptls verify] = ok
(2) eap_fast: Done initial handshake
(2) eap_fast: (other): before SSL initialization
(2) eap_fast: TLS_accept: before SSL initialization
(2) eap_fast: TLS_accept: before SSL initialization
(2) eap_fast: <<< recv TLS 1.3 [length 0123]
(2) eap_fast: PAC provided via ClientHello SessionTicket extension
(2) eap_fast: processing PAC-Opaque
(2) eap_fast: TLS_accept: SSLv3/TLS read client hello
(2) eap_fast: >>> send TLS 1.1 [length 0061]
(2) eap_fast: TLS_accept: SSLv3/TLS write server hello
(2) eap_fast: >>> send TLS 1.1 [length 0001]
(2) eap_fast: TLS_accept: SSLv3/TLS write change cipher spec
(2) eap_fast: >>> send TLS 1.1 [length 0010]
(2) eap_fast: TLS_accept: SSLv3/TLS write finished
(2) eap_fast: TLS_accept: Need to read more data: SSLv3/TLS write finished
(2) eap_fast: TLS - In Handshake Phase
(2) eap_fast: TLS - got 181 bytes of data
(2) eap_fast: [eaptls process] = handled
(2) eap: Sending EAP Request (code 1) ID 236 length 187
(2) eap: EAP session adding &reply:State = 0xb22431b3b0c81adb
(2) [eap] = handled
(2) } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(2) Challenge { ... } # empty sub-section is ignored
(2) Sent Access-Challenge Id 2 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(2) EAP-Message = 0x01ec00bb2b0116030200610200005d0302bbf51c0cb48cc0765363b9c213a47cf6931892812fe8759e3b6e827995a9b67e20330701c670dbe0d22ffb307123950ac4c6c2ee823ba2dfec928d2a04df3c56c4c014000015ff01000100000b0004030001020016000000170000140302000101160302004495074e2bdb445df173c2d6d8ae04bb4c8c87aac49bc347a09c48fa5e5f992a7c93a5f1b2489d1b00d083a5da13dd60fc0c8872815e8053599ca2188727d82ffd92b0a92e
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0xb22431b3b0c81adb7f72bc3d985e2006
(2) Finished request
Waking up in 4.7 seconds.
(3) Received Access-Request Id 3 from 127.0.0.1:62244 to 0.0.0.0:1812 length 216
(3) User-Name = "1234"
(3) NAS-IP-Address = 127.0.0.1
(3) Calling-Station-Id = "02-00-00-00-00-01"
(3) Framed-MTU = 1400
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) Connect-Info = "CONNECT 11Mbps 802.11b"
(3) EAP-Message = 0x02ec00552b01140302000101160302004461b980a6609a1ebb3672eb7087f4eb6eee13106d7747b84de958e9744e47b923804398bf7909c30d7735b1b56364b07b6198879b4ebaf4f99d3b0f0631cf3c64f04922f7
(3) State = 0xb22431b3b0c81adb7f72bc3d985e2006
(3) Message-Authenticator = 0x7aaf468640e84bc844d9bc88c00e0741
(3) session-state: No cached attributes
(3) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(3) authorize {
(3) policy filter_username {
(3) if (&User-Name) {
(3) if (&User-Name) -> TRUE
(3) if (&User-Name) {
(3) if (&User-Name =~ / /) {
(3) if (&User-Name =~ / /) -> FALSE
(3) if (&User-Name =~ /@[^@]*@/ ) {
(3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(3) if (&User-Name =~ /\.\./ ) {
(3) if (&User-Name =~ /\.\./ ) -> FALSE
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(3) if (&User-Name =~ /\.$/) {
(3) if (&User-Name =~ /\.$/) -> FALSE
(3) if (&User-Name =~ /@\./) {
(3) if (&User-Name =~ /@\./) -> FALSE
(3) } # if (&User-Name) = notfound
(3) } # policy filter_username = notfound
(3) [preprocess] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "1234", looking up realm NULL
(3) suffix: No such realm "NULL"
(3) [suffix] = noop
(3) eap: Peer sent EAP Response (code 2) ID 236 length 85
(3) eap: No EAP Start, assuming it's an on-going EAP conversation
(3) [eap] = updated
(3) [files] = noop
(3) [expiration] = noop
(3) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(3) [pap] = noop
(3) } # authorize = updated
(3) Found Auth-Type = eap
(3) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(3) authenticate {
(3) eap: Expiring EAP session with state 0xb22431b3b0c81adb
(3) eap: Finished EAP session with state 0xb22431b3b0c81adb
(3) eap: Previous EAP request found for state 0xb22431b3b0c81adb, released from the list
(3) eap: Peer sent packet with method EAP FAST (43)
(3) eap: Calling submodule eap_fast to process data
(3) eap_fast: Authenticate
(3) eap_fast: Continuing EAP-TLS
(3) eap_fast: [eaptls verify] = ok
(3) eap_fast: Done initial handshake
(3) eap_fast: TLS_accept: SSLv3/TLS write finished
(3) eap_fast: TLS_accept: SSLv3/TLS read change cipher spec
(3) eap_fast: <<< recv TLS 1.1 [length 0010]
(3) eap_fast: TLS_accept: SSLv3/TLS read finished
(3) eap_fast: (other): SSL negotiation finished successfully
(3) eap_fast: TLS - Connection Established
(3) eap_fast: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(3) eap_fast: TLS-Session-Version = "TLS 1.1"
(3) eap_fast: TLS - Application data.
(3) eap_fast: WARNING: No information in cached session 330701c670dbe0d22ffb307123950ac4c6c2ee823ba2dfec928d2a04df3c56c4
(3) eap_fast: [eaptls process] = success
(3) eap_fast: Session established. Proceeding to decode tunneled attributes
(3) eap_fast: Session Resumed from PAC
(3) eap_fast: Deriving EAP-FAST keys
(3) eap_fast: OpenSSL: cipher nid 427 digest nid 64
(3) eap_fast: OpenSSL: keyblock size: key_len=32 MD_size=20 IV_len=16
(3) eap_fast: Sending EAP-Identity
(3) eap_fast: Challenge
(3) eap: Sending EAP Request (code 1) ID 237 length 63
(3) eap: EAP session adding &reply:State = 0xb22431b3b1c91adb
(3) [eap] = handled
(3) } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(3) Challenge { ... } # empty sub-section is ignored
(3) session-state: Saving cached attributes
(3) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(3) TLS-Session-Version = "TLS 1.1"
(3) Sent Access-Challenge Id 3 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(3) EAP-Message = 0x01ed003f2b011703020034cb57db7430b66bf855e9064c66187f83f6585c2f20fca65dc9ed6f7d3f0fde0a6fe8ed752bb936ca202c3cab5796671194d77336
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0xb22431b3b1c91adb7f72bc3d985e2006
(3) Finished request
Waking up in 4.5 seconds.
(4) Received Access-Request Id 4 from 127.0.0.1:62244 to 0.0.0.0:1812 length 194
(4) User-Name = "1234"
(4) NAS-IP-Address = 127.0.0.1
(4) Calling-Station-Id = "02-00-00-00-00-01"
(4) Framed-MTU = 1400
(4) NAS-Port-Type = Wireless-802.11
(4) Service-Type = Framed-User
(4) Connect-Info = "CONNECT 11Mbps 802.11b"
(4) EAP-Message = 0x02ed003f2b011703020034f4ff56e41a0cba313310f866b62b2c6c1e23d9884a80a3cb2b820560f85529fd79e6b93eccf6c842fa56a30c0bc9d1bc0745898e
(4) State = 0xb22431b3b1c91adb7f72bc3d985e2006
(4) Message-Authenticator = 0x7147944225bb3ebc6566df9d97ee45fb
(4) Restoring &session-state
(4) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(4) &session-state:TLS-Session-Version = "TLS 1.1"
(4) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(4) authorize {
(4) policy filter_username {
(4) if (&User-Name) {
(4) if (&User-Name) -> TRUE
(4) if (&User-Name) {
(4) if (&User-Name =~ / /) {
(4) if (&User-Name =~ / /) -> FALSE
(4) if (&User-Name =~ /@[^@]*@/ ) {
(4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(4) if (&User-Name =~ /\.\./ ) {
(4) if (&User-Name =~ /\.\./ ) -> FALSE
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(4) if (&User-Name =~ /\.$/) {
(4) if (&User-Name =~ /\.$/) -> FALSE
(4) if (&User-Name =~ /@\./) {
(4) if (&User-Name =~ /@\./) -> FALSE
(4) } # if (&User-Name) = notfound
(4) } # policy filter_username = notfound
(4) [preprocess] = ok
(4) [chap] = noop
(4) [mschap] = noop
(4) [digest] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: No '@' in User-Name = "1234", looking up realm NULL
(4) suffix: No such realm "NULL"
(4) [suffix] = noop
(4) eap: Peer sent EAP Response (code 2) ID 237 length 63
(4) eap: No EAP Start, assuming it's an on-going EAP conversation
(4) [eap] = updated
(4) [files] = noop
(4) [expiration] = noop
(4) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(4) [pap] = noop
(4) } # authorize = updated
(4) Found Auth-Type = eap
(4) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(4) authenticate {
(4) eap: Expiring EAP session with state 0xb22431b3b1c91adb
(4) eap: Finished EAP session with state 0xb22431b3b1c91adb
(4) eap: Previous EAP request found for state 0xb22431b3b1c91adb, released from the list
(4) eap: Peer sent packet with method EAP FAST (43)
(4) eap: Calling submodule eap_fast to process data
(4) eap_fast: Authenticate
(4) eap_fast: Continuing EAP-TLS
(4) eap_fast: [eaptls verify] = ok
(4) eap_fast: Done initial handshake
(4) eap_fast: [eaptls process] = ok
(4) eap_fast: Session established. Proceeding to decode tunneled attributes
(4) eap_fast: Got Tunneled FAST TLVs
(4) eap_fast: FreeRADIUS-EAP-FAST-EAP-Payload = 0x02ed0008016d6777
(4) eap_fast: Processing received EAP Payload
(4) eap_fast: Got tunneled request
(4) eap_fast: EAP-Message = 0x02ed0008016d6777
(4) eap_fast: Got tunneled identity of mgw
(4) eap_fast: AUTHENTICATION
(4) Virtual server inner-tunnel received request
(4) EAP-Message = 0x02ed0008016d6777
(4) FreeRADIUS-Proxied-To = 127.0.0.1
(4) User-Name = "mgw"
(4) WARNING: Outer User-Name is not anonymized. User privacy is compromised.
(4) server inner-tunnel {
(4) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(4) authorize {
(4) policy filter_username {
(4) if (&User-Name) {
(4) if (&User-Name) -> TRUE
(4) if (&User-Name) {
(4) if (&User-Name =~ / /) {
(4) if (&User-Name =~ / /) -> FALSE
(4) if (&User-Name =~ /@[^@]*@/ ) {
(4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(4) if (&User-Name =~ /\.\./ ) {
(4) if (&User-Name =~ /\.\./ ) -> FALSE
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(4) if (&User-Name =~ /\.$/) {
(4) if (&User-Name =~ /\.$/) -> FALSE
(4) if (&User-Name =~ /@\./) {
(4) if (&User-Name =~ /@\./) -> FALSE
(4) } # if (&User-Name) = notfound
(4) } # policy filter_username = notfound
(4) [chap] = noop
(4) [mschap] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: No '@' in User-Name = "mgw", looking up realm NULL
(4) suffix: No such realm "NULL"
(4) [suffix] = noop
(4) update control {
(4) &Proxy-To-Realm := LOCAL
(4) } # update control = noop
(4) eap: Peer sent EAP Response (code 2) ID 237 length 8
(4) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(4) [eap] = ok
(4) } # authorize = ok
(4) Found Auth-Type = eap
(4) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(4) authenticate {
(4) eap: Peer sent packet with method EAP Identity (1)
(4) eap: Calling submodule eap_mschapv2 to process data
(4) eap_mschapv2: Issuing Challenge
(4) eap: Sending EAP Request (code 1) ID 238 length 43
(4) eap: EAP session adding &reply:State = 0xe3368f25e3d895bc
(4) [eap] = handled
(4) } # authenticate = handled
(4) } # server inner-tunnel
(4) Virtual server sending reply
(4) EAP-Message = 0x01ee002b1a01ee0026103110d50663aee1e22b52404ccb89303b667265657261646975732d332e302e3138
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0xe3368f25e3d895bc2c65ae25c75c3478
(4) eap_fast: Got tunneled Access-Challenge
(4) eap_fast: Challenge
(4) eap: Sending EAP Request (code 1) ID 238 length 95
(4) eap: EAP session adding &reply:State = 0xb22431b3b6ca1adb
(4) [eap] = handled
(4) } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(4) Challenge { ... } # empty sub-section is ignored
(4) session-state: Saving cached attributes
(4) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(4) TLS-Session-Version = "TLS 1.1"
(4) Sent Access-Challenge Id 4 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(4) EAP-Message = 0x01ee005f2b011703020054473429758f9db17f0ae8957b91950face79823365b7cad281515172e53715604e136da70224095aa01ec8400f754cec046515d4fcda35efbc8350dda31439607a2d92976a20e10f2138756795d04eabf0c8693f7
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0xb22431b3b6ca1adb7f72bc3d985e2006
(4) Finished request
Waking up in 4.3 seconds.
(5) Received Access-Request Id 5 from 127.0.0.1:62244 to 0.0.0.0:1812 length 258
(5) User-Name = "1234"
(5) NAS-IP-Address = 127.0.0.1
(5) Calling-Station-Id = "02-00-00-00-00-01"
(5) Framed-MTU = 1400
(5) NAS-Port-Type = Wireless-802.11
(5) Service-Type = Framed-User
(5) Connect-Info = "CONNECT 11Mbps 802.11b"
(5) EAP-Message = 0x02ee007f2b0117030200747f38e22f07b9ac8bca3a0398c0a7794d11e0a33a3b2b94219f11a1d2442e381d8942a8febe3444e2c28707aab957908f3c0b9254418499b373868e39ce13b825d9718ef42b7a98d699a68e85c9fbf49dfb1a45d9e7762b76f1ed6bde2fe30df088210f67a394d9c4e3becb26d81e9ff41144c0f7
(5) State = 0xb22431b3b6ca1adb7f72bc3d985e2006
(5) Message-Authenticator = 0x8e40c8ea8e4f541690157aa75c2732d6
(5) Restoring &session-state
(5) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(5) &session-state:TLS-Session-Version = "TLS 1.1"
(5) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ /@\./) {
(5) if (&User-Name =~ /@\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "1234", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) eap: Peer sent EAP Response (code 2) ID 238 length 127
(5) eap: No EAP Start, assuming it's an on-going EAP conversation
(5) [eap] = updated
(5) [files] = noop
(5) [expiration] = noop
(5) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(5) [pap] = noop
(5) } # authorize = updated
(5) Found Auth-Type = eap
(5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(5) authenticate {
(5) eap: Expiring EAP session with state 0xe3368f25e3d895bc
(5) eap: Finished EAP session with state 0xb22431b3b6ca1adb
(5) eap: Previous EAP request found for state 0xb22431b3b6ca1adb, released from the list
(5) eap: Peer sent packet with method EAP FAST (43)
(5) eap: Calling submodule eap_fast to process data
(5) eap_fast: Authenticate
(5) eap_fast: Continuing EAP-TLS
(5) eap_fast: [eaptls verify] = ok
(5) eap_fast: Done initial handshake
(5) eap_fast: [eaptls process] = ok
(5) eap_fast: Session established. Proceeding to decode tunneled attributes
(5) eap_fast: Got Tunneled FAST TLVs
(5) eap_fast: FreeRADIUS-EAP-FAST-EAP-Payload = 0x02ee003e1a02ee003931b788fe4ec73ae1dcef2977c9f261a20b0000000000000000bbfadae962ed13ccba78ef79edde455a8bb19177712d7a9c006d6777
(5) eap_fast: Processing received EAP Payload
(5) eap_fast: Got tunneled request
(5) eap_fast: EAP-Message = 0x02ee003e1a02ee003931b788fe4ec73ae1dcef2977c9f261a20b0000000000000000bbfadae962ed13ccba78ef79edde455a8bb19177712d7a9c006d6777
(5) eap_fast: AUTHENTICATION
(5) Virtual server inner-tunnel received request
(5) EAP-Message = 0x02ee003e1a02ee003931b788fe4ec73ae1dcef2977c9f261a20b0000000000000000bbfadae962ed13ccba78ef79edde455a8bb19177712d7a9c006d6777
(5) FreeRADIUS-Proxied-To = 127.0.0.1
(5) User-Name = "mgw"
(5) State = 0xe3368f25e3d895bc2c65ae25c75c3478
(5) WARNING: Outer User-Name is not anonymized. User privacy is compromised.
(5) server inner-tunnel {
(5) session-state: No cached attributes
(5) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ /@\./) {
(5) if (&User-Name =~ /@\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [chap] = noop
(5) [mschap] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "mgw", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) update control {
(5) &Proxy-To-Realm := LOCAL
(5) } # update control = noop
(5) eap: Peer sent EAP Response (code 2) ID 238 length 62
(5) eap: No EAP Start, assuming it's an on-going EAP conversation
(5) [eap] = updated
(5) files: users: Matched entry mgw at line 68
(5) [files] = ok
(5) [expiration] = noop
(5) [logintime] = noop
(5) pap: WARNING: Auth-Type already set. Not setting to PAP
(5) [pap] = noop
(5) } # authorize = updated
(5) Found Auth-Type = eap
(5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(5) authenticate {
(5) eap: Expiring EAP session with state 0xe3368f25e3d895bc
(5) eap: Finished EAP session with state 0xe3368f25e3d895bc
(5) eap: Previous EAP request found for state 0xe3368f25e3d895bc, released from the list
(5) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(5) eap: Calling submodule eap_mschapv2 to process data
(5) eap_mschapv2: # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(5) eap_mschapv2: authenticate {
(5) mschap: Found Cleartext-Password, hashing to create NT-Password
(5) mschap: Found Cleartext-Password, hashing to create LM-Password
(5) mschap: Creating challenge hash with username: mgw
(5) mschap: Client is using MS-CHAPv2
(5) mschap: Adding MS-CHAPv2 MPPE keys
(5) [mschap] = ok
(5) } # authenticate = ok
(5) MSCHAP Success
(5) eap: Sending EAP Request (code 1) ID 239 length 51
(5) eap: EAP session adding &reply:State = 0xe3368f25e2d995bc
(5) [eap] = handled
(5) } # authenticate = handled
(5) } # server inner-tunnel
(5) Virtual server sending reply
(5) EAP-Message = 0x01ef00331a03ee002e533d37393836433534434446394230334436444441393837384442413736333044303244383234344142
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0xe3368f25e2d995bc2c65ae25c75c3478
(5) eap_fast: Got tunneled Access-Challenge
(5) eap_fast: Challenge
(5) eap: Sending EAP Request (code 1) ID 239 length 111
(5) eap: EAP session adding &reply:State = 0xb22431b3b7cb1adb
(5) [eap] = handled
(5) } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(5) Challenge { ... } # empty sub-section is ignored
(5) session-state: Saving cached attributes
(5) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(5) TLS-Session-Version = "TLS 1.1"
(5) Sent Access-Challenge Id 5 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(5) EAP-Message = 0x01ef006f2b011703020064e77850006db663e3cb8f8bc0a50bc2da30a5689ce3dc0a39c694374e26c5cc5932f3e543c1ff63b44aafa554bdc04d5c8a1bc8beb819653b75ac4760be0c7f6ce69f0f9d23a1d819176fba30e9269991d7901a377638e0cdb86599cecb11d552c614b262
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0xb22431b3b7cb1adb7f72bc3d985e2006
(5) Finished request
Waking up in 4.1 seconds.
(6) Received Access-Request Id 6 from 127.0.0.1:62244 to 0.0.0.0:1812 length 194
(6) User-Name = "1234"
(6) NAS-IP-Address = 127.0.0.1
(6) Calling-Station-Id = "02-00-00-00-00-01"
(6) Framed-MTU = 1400
(6) NAS-Port-Type = Wireless-802.11
(6) Service-Type = Framed-User
(6) Connect-Info = "CONNECT 11Mbps 802.11b"
(6) EAP-Message = 0x02ef003f2b011703020034215c7108855a146498fb7e075f8a21004c222739fd3a10199ec97b6661def96b46be7a7fd36d88cb87d5adf864a7bc008cdafefb
(6) State = 0xb22431b3b7cb1adb7f72bc3d985e2006
(6) Message-Authenticator = 0x2789e6c321d010bb4970f96d043f9a91
(6) Restoring &session-state
(6) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(6) &session-state:TLS-Session-Version = "TLS 1.1"
(6) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(6) authorize {
(6) policy filter_username {
(6) if (&User-Name) {
(6) if (&User-Name) -> TRUE
(6) if (&User-Name) {
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@[^@]*@/ ) {
(6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(6) if (&User-Name =~ /\.\./ ) {
(6) if (&User-Name =~ /\.\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(6) if (&User-Name =~ /\.$/) {
(6) if (&User-Name =~ /\.$/) -> FALSE
(6) if (&User-Name =~ /@\./) {
(6) if (&User-Name =~ /@\./) -> FALSE
(6) } # if (&User-Name) = notfound
(6) } # policy filter_username = notfound
(6) [preprocess] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "1234", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) eap: Peer sent EAP Response (code 2) ID 239 length 63
(6) eap: No EAP Start, assuming it's an on-going EAP conversation
(6) [eap] = updated
(6) [files] = noop
(6) [expiration] = noop
(6) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(6) [pap] = noop
(6) } # authorize = updated
(6) Found Auth-Type = eap
(6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(6) authenticate {
(6) eap: Expiring EAP session with state 0xe3368f25e2d995bc
(6) eap: Finished EAP session with state 0xb22431b3b7cb1adb
(6) eap: Previous EAP request found for state 0xb22431b3b7cb1adb, released from the list
(6) eap: Peer sent packet with method EAP FAST (43)
(6) eap: Calling submodule eap_fast to process data
(6) eap_fast: Authenticate
(6) eap_fast: Continuing EAP-TLS
(6) eap_fast: [eaptls verify] = ok
(6) eap_fast: Done initial handshake
(6) eap_fast: [eaptls process] = ok
(6) eap_fast: Session established. Proceeding to decode tunneled attributes
(6) eap_fast: Got Tunneled FAST TLVs
(6) eap_fast: FreeRADIUS-EAP-FAST-EAP-Payload = 0x02ef00061a03
(6) eap_fast: Processing received EAP Payload
(6) eap_fast: Got tunneled request
(6) eap_fast: EAP-Message = 0x02ef00061a03
(6) eap_fast: AUTHENTICATION
(6) Virtual server inner-tunnel received request
(6) EAP-Message = 0x02ef00061a03
(6) FreeRADIUS-Proxied-To = 127.0.0.1
(6) User-Name = "mgw"
(6) State = 0xe3368f25e2d995bc2c65ae25c75c3478
(6) WARNING: Outer User-Name is not anonymized. User privacy is compromised.
(6) server inner-tunnel {
(6) session-state: No cached attributes
(6) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(6) authorize {
(6) policy filter_username {
(6) if (&User-Name) {
(6) if (&User-Name) -> TRUE
(6) if (&User-Name) {
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@[^@]*@/ ) {
(6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(6) if (&User-Name =~ /\.\./ ) {
(6) if (&User-Name =~ /\.\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(6) if (&User-Name =~ /\.$/) {
(6) if (&User-Name =~ /\.$/) -> FALSE
(6) if (&User-Name =~ /@\./) {
(6) if (&User-Name =~ /@\./) -> FALSE
(6) } # if (&User-Name) = notfound
(6) } # policy filter_username = notfound
(6) [chap] = noop
(6) [mschap] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "mgw", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) update control {
(6) &Proxy-To-Realm := LOCAL
(6) } # update control = noop
(6) eap: Peer sent EAP Response (code 2) ID 239 length 6
(6) eap: No EAP Start, assuming it's an on-going EAP conversation
(6) [eap] = updated
(6) files: users: Matched entry mgw at line 68
(6) [files] = ok
(6) [expiration] = noop
(6) [logintime] = noop
(6) pap: WARNING: Auth-Type already set. Not setting to PAP
(6) [pap] = noop
(6) } # authorize = updated
(6) Found Auth-Type = eap
(6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(6) authenticate {
(6) eap: Expiring EAP session with state 0xe3368f25e2d995bc
(6) eap: Finished EAP session with state 0xe3368f25e2d995bc
(6) eap: Previous EAP request found for state 0xe3368f25e2d995bc, released from the list
(6) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(6) eap: Calling submodule eap_mschapv2 to process data
(6) eap: Sending EAP Success (code 3) ID 239 length 4
(6) eap: Freeing handler
(6) [eap] = ok
(6) } # authenticate = ok
(6) # Executing section post-auth from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/inner-tunnel
(6) post-auth {
(6) if (0) {
(6) if (0) -> FALSE
(6) } # post-auth = noop
(6) } # server inner-tunnel
(6) Virtual server sending reply
(6) MS-MPPE-Encryption-Policy = Encryption-Allowed
(6) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(6) MS-MPPE-Send-Key = 0xce9491926bc2c79a3f1431e5e21391f5
(6) MS-MPPE-Recv-Key = 0xeb638c24bfa050d0069792e946c20e23
(6) EAP-Message = 0x03ef0004
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) User-Name = "mgw"
(6) eap_fast: Got tunneled Access-Accept
(6) eap_fast: Updating ICMK
(6) eap_fast: Sending Cryptobinding
(6) eap_fast: Challenge
(6) eap: Sending EAP Request (code 1) ID 240 length 127
(6) eap: EAP session adding &reply:State = 0xb22431b3b4d41adb
(6) [eap] = handled
(6) } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(6) Challenge { ... } # empty sub-section is ignored
(6) session-state: Saving cached attributes
(6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(6) TLS-Session-Version = "TLS 1.1"
(6) Sent Access-Challenge Id 6 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(6) EAP-Message = 0x01f0007f2b011703020074299c8187b828c7d3995e79e4ff3d74d800a552a67ffd98f85b3d0bc79e5aee5f0f1f5cdcb314ced5f0a322acf7722de24b0610dc0e98f6413d77620150aa052194b876d892cef177aa7ce513411df490a3fc7460e8c44c491d183df33eabc4dd34f5266ab8c869d902547e859054c24b60b15dfb
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0xb22431b3b4d41adb7f72bc3d985e2006
(6) Finished request
Waking up in 3.9 seconds.
(7) Received Access-Request Id 7 from 127.0.0.1:62244 to 0.0.0.0:1812 length 258
(7) User-Name = "1234"
(7) NAS-IP-Address = 127.0.0.1
(7) Calling-Station-Id = "02-00-00-00-00-01"
(7) Framed-MTU = 1400
(7) NAS-Port-Type = Wireless-802.11
(7) Service-Type = Framed-User
(7) Connect-Info = "CONNECT 11Mbps 802.11b"
(7) EAP-Message = 0x02f0007f2b011703020074780334064673d0fb51e06fe8ec527ed50174de91c8e6105d1c66c95e40987481ac18b2559b8642a58e12e8dbc8ebdfb5666c973da24b5f437251ac90cedb46b871fb0b1894810a453546090d56eed532a88d2d63ebecb4f0f5c66c44f5e22b338889b42e7cfb746d5dbe9d91069feb40f1b3f66e
(7) State = 0xb22431b3b4d41adb7f72bc3d985e2006
(7) Message-Authenticator = 0x4553f5e6d65b5993e23f64147bf95f06
(7) Restoring &session-state
(7) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-SHA"
(7) &session-state:TLS-Session-Version = "TLS 1.1"
(7) # Executing section authorize from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(7) authorize {
(7) policy filter_username {
(7) if (&User-Name) {
(7) if (&User-Name) -> TRUE
(7) if (&User-Name) {
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@[^@]*@/ ) {
(7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(7) if (&User-Name =~ /\.\./ ) {
(7) if (&User-Name =~ /\.\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(7) if (&User-Name =~ /\.$/) {
(7) if (&User-Name =~ /\.$/) -> FALSE
(7) if (&User-Name =~ /@\./) {
(7) if (&User-Name =~ /@\./) -> FALSE
(7) } # if (&User-Name) = notfound
(7) } # policy filter_username = notfound
(7) [preprocess] = ok
(7) [chap] = noop
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "1234", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) eap: Peer sent EAP Response (code 2) ID 240 length 127
(7) eap: No EAP Start, assuming it's an on-going EAP conversation
(7) [eap] = updated
(7) [files] = noop
(7) [expiration] = noop
(7) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(7) [pap] = noop
(7) } # authorize = updated
(7) Found Auth-Type = eap
(7) # Executing group from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(7) authenticate {
(7) eap: Expiring EAP session with state 0xb22431b3b4d41adb
(7) eap: Finished EAP session with state 0xb22431b3b4d41adb
(7) eap: Previous EAP request found for state 0xb22431b3b4d41adb, released from the list
(7) eap: Peer sent packet with method EAP FAST (43)
(7) eap: Calling submodule eap_fast to process data
(7) eap_fast: Authenticate
(7) eap_fast: Continuing EAP-TLS
(7) eap_fast: [eaptls verify] = ok
(7) eap_fast: Done initial handshake
(7) eap_fast: [eaptls process] = ok
(7) eap_fast: Session established. Proceeding to decode tunneled attributes
(7) eap_fast: Got Tunneled FAST TLVs
(7) eap_fast: FreeRADIUS-EAP-FAST-Result = 1
(7) eap_fast: FreeRADIUS-EAP-FAST-Crypto-Binding = 0x00010101ac837d7f5580b23cd65efd092cef4cc5a7fe7d46b32327c6ba8037304146643d4f9e2cef97169b908fe30c1865b53909b0903557
(7) eap_fast: Forcibly stopping session resumption as it is not allowed
(7) eap: Sending EAP Success (code 3) ID 240 length 4
(7) eap: Freeing handler
(7) [eap] = ok
(7) } # authenticate = ok
(7) # Executing section post-auth from file C:\freeradius-3.0.18\etc\raddb\sites-enabled/default
(7) post-auth {
(7) update {
(7) &reply::TLS-Session-Cipher-Suite += &session-state:TLS-Session-Cipher-Suite[*] -> 'ECDHE-RSA-AES256-SHA'
(7) &reply::TLS-Session-Version += &session-state:TLS-Session-Version[*] -> 'TLS 1.1'
(7) } # update = noop
(7) [exec] = noop
(7) policy remove_reply_message_if_eap {
(7) if (&reply:EAP-Message && &reply:Reply-Message) {
(7) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(7) else {
(7) [noop] = noop
(7) } # else = noop
(7) } # policy remove_reply_message_if_eap = noop
(7) } # post-auth = noop
(7) Sent Access-Accept Id 7 from 0.0.0.0:1812 to 127.0.0.1:62244 length 0
(7) MS-MPPE-Recv-Key = 0x41cce86a7d5697650b7f5ffce0fc1285f330cae573c5140484f030572881adee
(7) MS-MPPE-Send-Key = 0xc0b77cfa7d332913d1fe7741d41a25139c0c73523d31f70cc5cc211a44a3318a
(7) EAP-Message = 0x03f00004
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) User-Name = "1234"
(7) Finished request
Waking up in 3.7 seconds.
(0) Cleaning up request packet ID 0 with timestamp +10
(1) Cleaning up request packet ID 1 with timestamp +10
Waking up in 0.1 seconds.
(2) Cleaning up request packet ID 2 with timestamp +10
Waking up in 0.1 seconds.
(3) Cleaning up request packet ID 3 with timestamp +10
Waking up in 0.1 seconds.
(4) Cleaning up request packet ID 4 with timestamp +10
Waking up in 0.2 seconds.
(5) Cleaning up request packet ID 5 with timestamp +11
Waking up in 0.1 seconds.
(6) Cleaning up request packet ID 6 with timestamp +11
Waking up in 0.1 seconds.
(7) Cleaning up request packet ID 7 with timestamp +11
Ready to process requests
More information about the Freeradius-Users
mailing list