EAP Submodule failed. PAM module issue.
HORMAZABAL PI�ONES BARBARA FRANCISCA
bhp001 at alumnos.ucn.cl
Sat Aug 29 01:18:13 CEST 2020
Greetings, I'm a Freeradius newbie and I apologize if I make mistakes with
some concepts or get my point across (english is not my first language).
Anyway, I'm setting up freeradius in Ubuntu server 18.04 to authenticate
users (teachers, students) through their google accounts (we have a couple
of domains for each one), so I was adviced to use the PAM-IMAP module. When
trying to authenticate however, it fails going through the eap-peap
authentication. I read the output and checked that authentication is
invalid in the pam module however I do not know how to fix it.
This is the output:
(0) Received Access-Request Id 11 from 192.168.128.34:39957 to
146.83.124.26:1812 length 401
(0) User-Name = "wifi at ucn.cl"
(0) NAS-IP-Address = 192.168.128.34
(0) Called-Station-Id = "36-18-0A-7B-A4-6E:Red Radius"
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) NAS-Port = 1
(0) Calling-Station-Id = "E4-6F-13-2C-A4-C3"
(0) Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 56 / Channel: 1"
(0) Acct-Session-Id = "B51015A162BFE948"
(0) Acct-Multi-Session-Id = "8F5640A8CB689CCA"
(0) WLAN-Pairwise-Cipher = 1027076
(0) WLAN-Group-Cipher = 1027074
(0) WLAN-AKM-Suite = 1027073
(0) WLAN-Group-Mgmt-Cipher = 1027078
(0) Attr-26.29671.2 =
0x55434e20416e746f66616761737461202d2053574150202d20776972656c657373
(0) Attr-26.29671.3 = 0x41502d56312d536f706f727465
(0) Attr-26.29671.4 =
0x20414c554d4e4f5320454455524f414d2046554e43494f4e4152494f5320524144495553205445434e49434f53205649
(0) Meraki-Device-Name = "AP-V1-Soporte"
(0) Framed-MTU = 1400
(0) EAP-Message = 0x0273001001776966694075636e2e636c
(0) Message-Authenticator = 0xae977006014c0b9d5e053dcf6096b593
(0) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) ->
FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /@\./) {
(0) if (&User-Name =~ /@\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) auth_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(0) auth_log: --> /var/log/freeradius/radacct/
192.168.128.34/auth-detail-20200828
(0) auth_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.128.34/auth-detail-20200828
(0) auth_log: EXPAND %t
(0) auth_log: --> Fri Aug 28 18:49:24 2020
(0) [auth_log] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: Looking up realm "ucn.cl" for User-Name = "wifi at ucn.cl"
(0) suffix: Found realm "ucn.cl"
(0) suffix: Adding Stripped-User-Name = "wifi"
(0) suffix: Adding Realm = "ucn.cl"
(0) suffix: Authentication realm is LOCAL
(0) [suffix] = ok
(0) eap: Peer sent EAP Response (code 2) ID 115 length 16
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0) authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_peap to process data
(0) eap_peap: Initiating new EAP-TLS session
(0) eap_peap: [eaptls start] = request
(0) eap: Sending EAP Request (code 1) ID 116 length 6
(0) eap: EAP session adding &reply:State = 0x21dd954121a98c3d
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0) Challenge { ... } # empty sub-section is ignored
(0) Sent Access-Challenge Id 11 from 146.83.124.26:1812 to
192.168.128.34:39957 length 0
(0) EAP-Message = 0x017400061920
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0x21dd954121a98c3dcbc41c49c2b781e8
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 12 from 192.168.128.34:39957 to
146.83.124.26:1812 length 569
(1) User-Name = "wifi at ucn.cl"
(1) NAS-IP-Address = 192.168.128.34
(1) Called-Station-Id = "36-18-0A-7B-A4-6E:Red Radius"
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) NAS-Port = 1
(1) Calling-Station-Id = "E4-6F-13-2C-A4-C3"
(1) Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 58 / Channel: 1"
(1) Acct-Session-Id = "B51015A162BFE948"
(1) Acct-Multi-Session-Id = "8F5640A8CB689CCA"
(1) WLAN-Pairwise-Cipher = 1027076
(1) WLAN-Group-Cipher = 1027074
(1) WLAN-AKM-Suite = 1027073
(1) WLAN-Group-Mgmt-Cipher = 1027078
(1) Attr-26.29671.2 =
0x55434e20416e746f66616761737461202d2053574150202d20776972656c657373
(1) Attr-26.29671.3 = 0x41502d56312d536f706f727465
(1) Attr-26.29671.4 =
0x20414c554d4e4f5320454455524f414d2046554e43494f4e4152494f5320524144495553205445434e49434f53205649
(1) Meraki-Device-Name = "AP-V1-Soporte"
(1) Framed-MTU = 1400
(1) EAP-Message =
0x027400a619800000009c16030300970100009303035f4989f5fe7058f0113f2253369f4f35c5566c645792b9886416adff683207c000002ac02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a01000040000500050100000000000a00080006001d
(1) State = 0x21dd954121a98c3dcbc41c49c2b781e8
(1) Message-Authenticator = 0xe979fd0de253104acb886c6a7bb04df5
(1) session-state: No cached attributes
(1) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) ->
FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /@\./) {
(1) if (&User-Name =~ /@\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) auth_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(1) auth_log: --> /var/log/freeradius/radacct/
192.168.128.34/auth-detail-20200828
(1) auth_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.128.34/auth-detail-20200828
(1) auth_log: EXPAND %t
(1) auth_log: --> Fri Aug 28 18:49:24 2020
(1) [auth_log] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: Looking up realm "ucn.cl" for User-Name = "wifi at ucn.cl"
(1) suffix: Found realm "ucn.cl"
(1) suffix: Adding Stripped-User-Name = "wifi"
(1) suffix: Adding Realm = "ucn.cl"
(1) suffix: Authentication realm is LOCAL
(1) [suffix] = ok
(1) eap: Peer sent EAP Response (code 2) ID 116 length 166
(1) eap: Continuing tunnel setup
(1) [eap] = ok
(1) } # authorize = ok
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) authenticate {
(1) eap: Expiring EAP session with state 0x21dd954121a98c3d
(1) eap: Finished EAP session with state 0x21dd954121a98c3d
(1) eap: Previous EAP request found for state 0x21dd954121a98c3d, released
from the list
(1) eap: Peer sent packet with method EAP PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: Continuing EAP-TLS
(1) eap_peap: Peer indicated complete TLS record size will be 156 bytes
(1) eap_peap: Got complete TLS record (156 bytes)
(1) eap_peap: [eaptls verify] = length included
(1) eap_peap: (other): before SSL initialization
(1) eap_peap: TLS_accept: before SSL initialization
(1) eap_peap: TLS_accept: before SSL initialization
(1) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 0097]
(1) eap_peap: TLS_accept: SSLv3/TLS read client hello
(1) eap_peap: >>> send TLS 1.2 [length 003d]
(1) eap_peap: TLS_accept: SSLv3/TLS write server hello
(1) eap_peap: >>> send TLS 1.2 [length 0d45]
(1) eap_peap: TLS_accept: SSLv3/TLS write certificate
(1) eap_peap: >>> send TLS 1.2 [length 024d]
(1) eap_peap: TLS_accept: SSLv3/TLS write key exchange
(1) eap_peap: >>> send TLS 1.2 [length 0004]
(1) eap_peap: TLS_accept: SSLv3/TLS write server done
(1) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server
done
(1) eap_peap: In SSL Handshake Phase
(1) eap_peap: In SSL Accept mode
(1) eap_peap: [eaptls process] = handled
(1) eap: Sending EAP Request (code 1) ID 117 length 1004
(1) eap: EAP session adding &reply:State = 0x21dd954120a88c3d
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) Challenge { ... } # empty sub-section is ignored
(1) Sent Access-Challenge Id 12 from 146.83.124.26:1812 to
192.168.128.34:39957 length 0
(1) EAP-Message =
0x017503ec19c000000fe7160303003d020000390303e6bb468a26622401d34769af834e6eb662e6224e5c0e8d88cacb79590bae22cd00c030000011ff01000100000b000403000102001700001603030d450b000d41000d3e000601308205fd308203e5a003020102020101300d06092a864886f70d0101
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x21dd954120a88c3dcbc41c49c2b781e8
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 13 from 192.168.128.34:39957 to
146.83.124.26:1812 length 409
(2) User-Name = "wifi at ucn.cl"
(2) NAS-IP-Address = 192.168.128.34
(2) Called-Station-Id = "36-18-0A-7B-A4-6E:Red Radius"
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) NAS-Port = 1
(2) Calling-Station-Id = "E4-6F-13-2C-A4-C3"
(2) Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 59 / Channel: 1"
(2) Acct-Session-Id = "B51015A162BFE948"
(2) Acct-Multi-Session-Id = "8F5640A8CB689CCA"
(2) WLAN-Pairwise-Cipher = 1027076
(2) WLAN-Group-Cipher = 1027074
(2) WLAN-AKM-Suite = 1027073
(2) WLAN-Group-Mgmt-Cipher = 1027078
(2) Attr-26.29671.2 =
0x55434e20416e746f66616761737461202d2053574150202d20776972656c657373
(2) Attr-26.29671.3 = 0x41502d56312d536f706f727465
(2) Attr-26.29671.4 =
0x20414c554d4e4f5320454455524f414d2046554e43494f4e4152494f5320524144495553205445434e49434f53205649
(2) Meraki-Device-Name = "AP-V1-Soporte"
(2) Framed-MTU = 1400
(2) EAP-Message = 0x027500061900
(2) State = 0x21dd954120a88c3dcbc41c49c2b781e8
(2) Message-Authenticator = 0x34512dbcef44c467f7a9576c277cb9de
(2) session-state: No cached attributes
(2) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(2) authorize {
(2) policy filter_username {
(2) if (&User-Name) {
(2) if (&User-Name) -> TRUE
(2) if (&User-Name) {
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@[^@]*@/ ) {
(2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(2) if (&User-Name =~ /\.\./ ) {
(2) if (&User-Name =~ /\.\./ ) -> FALSE
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) ->
FALSE
(2) if (&User-Name =~ /\.$/) {
(2) if (&User-Name =~ /\.$/) -> FALSE
(2) if (&User-Name =~ /@\./) {
(2) if (&User-Name =~ /@\./) -> FALSE
(2) } # if (&User-Name) = notfound
(2) } # policy filter_username = notfound
(2) [preprocess] = ok
(2) auth_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(2) auth_log: --> /var/log/freeradius/radacct/
192.168.128.34/auth-detail-20200828
(2) auth_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.128.34/auth-detail-20200828
(2) auth_log: EXPAND %t
(2) auth_log: --> Fri Aug 28 18:49:24 2020
(2) [auth_log] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: Looking up realm "ucn.cl" for User-Name = "wifi at ucn.cl"
(2) suffix: Found realm "ucn.cl"
(2) suffix: Adding Stripped-User-Name = "wifi"
(2) suffix: Adding Realm = "ucn.cl"
(2) suffix: Authentication realm is LOCAL
(2) [suffix] = ok
(2) eap: Peer sent EAP Response (code 2) ID 117 length 6
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2) authenticate {
(2) eap: Expiring EAP session with state 0x21dd954120a88c3d
(2) eap: Finished EAP session with state 0x21dd954120a88c3d
(2) eap: Previous EAP request found for state 0x21dd954120a88c3d, released
from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: Continuing EAP-TLS
(2) eap_peap: Peer ACKed our handshake fragment
(2) eap_peap: [eaptls verify] = request
(2) eap_peap: [eaptls process] = handled
(2) eap: Sending EAP Request (code 1) ID 118 length 1000
(2) eap: EAP session adding &reply:State = 0x21dd954123ab8c3d
(2) [eap] = handled
(2) } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2) Challenge { ... } # empty sub-section is ignored
(2) Sent Access-Challenge Id 13 from 146.83.124.26:1812 to
192.168.128.34:39957 length 0
(2) EAP-Message =
0x017603e81940209dba66581b0203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820201005e
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0x21dd954123ab8c3dcbc41c49c2b781e8
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 14 from 192.168.128.34:39957 to
146.83.124.26:1812 length 409
(3) User-Name = "wifi at ucn.cl"
(3) NAS-IP-Address = 192.168.128.34
(3) Called-Station-Id = "36-18-0A-7B-A4-6E:Red Radius"
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) NAS-Port = 1
(3) Calling-Station-Id = "E4-6F-13-2C-A4-C3"
(3) Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 60 / Channel: 1"
(3) Acct-Session-Id = "B51015A162BFE948"
(3) Acct-Multi-Session-Id = "8F5640A8CB689CCA"
(3) WLAN-Pairwise-Cipher = 1027076
(3) WLAN-Group-Cipher = 1027074
(3) WLAN-AKM-Suite = 1027073
(3) WLAN-Group-Mgmt-Cipher = 1027078
(3) Attr-26.29671.2 =
0x55434e20416e746f66616761737461202d2053574150202d20776972656c657373
(3) Attr-26.29671.3 = 0x41502d56312d536f706f727465
(3) Attr-26.29671.4 =
0x20414c554d4e4f5320454455524f414d2046554e43494f4e4152494f5320524144495553205445434e49434f53205649
(3) Meraki-Device-Name = "AP-V1-Soporte"
(3) Framed-MTU = 1400
(3) EAP-Message = 0x027600061900
(3) State = 0x21dd954123ab8c3dcbc41c49c2b781e8
(3) Message-Authenticator = 0xdf7908d357b2fcfc9280a77d13deeb86
(3) session-state: No cached attributes
(3) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(3) authorize {
(3) policy filter_username {
(3) if (&User-Name) {
(3) if (&User-Name) -> TRUE
(3) if (&User-Name) {
(3) if (&User-Name =~ / /) {
(3) if (&User-Name =~ / /) -> FALSE
(3) if (&User-Name =~ /@[^@]*@/ ) {
(3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(3) if (&User-Name =~ /\.\./ ) {
(3) if (&User-Name =~ /\.\./ ) -> FALSE
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) ->
FALSE
(3) if (&User-Name =~ /\.$/) {
(3) if (&User-Name =~ /\.$/) -> FALSE
(3) if (&User-Name =~ /@\./) {
(3) if (&User-Name =~ /@\./) -> FALSE
(3) } # if (&User-Name) = notfound
(3) } # policy filter_username = notfound
(3) [preprocess] = ok
(3) auth_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(3) auth_log: --> /var/log/freeradius/radacct/
192.168.128.34/auth-detail-20200828
(3) auth_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.128.34/auth-detail-20200828
(3) auth_log: EXPAND %t
(3) auth_log: --> Fri Aug 28 18:49:24 2020
(3) [auth_log] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: Looking up realm "ucn.cl" for User-Name = "wifi at ucn.cl"
(3) suffix: Found realm "ucn.cl"
(3) suffix: Adding Stripped-User-Name = "wifi"
(3) suffix: Adding Realm = "ucn.cl"
(3) suffix: Authentication realm is LOCAL
(3) [suffix] = ok
(3) eap: Peer sent EAP Response (code 2) ID 118 length 6
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) } # authorize = ok
(3) Found Auth-Type = eap
(3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(3) authenticate {
(3) eap: Expiring EAP session with state 0x21dd954123ab8c3d
(3) eap: Finished EAP session with state 0x21dd954123ab8c3d
(3) eap: Previous EAP request found for state 0x21dd954123ab8c3d, released
from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: Continuing EAP-TLS
(3) eap_peap: Peer ACKed our handshake fragment
(3) eap_peap: [eaptls verify] = request
(3) eap_peap: [eaptls process] = handled
(3) eap: Sending EAP Request (code 1) ID 119 length 1000
(3) eap: EAP session adding &reply:State = 0x21dd954122aa8c3d
(3) [eap] = handled
(3) } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(3) Challenge { ... } # empty sub-section is ignored
(3) Sent Access-Challenge Id 14 from 146.83.124.26:1812 to
192.168.128.34:39957 length 0
(3) EAP-Message =
0x017703e81940303140616c756d6e6f732e75636e2e636c3122302006035504030c19456e746964616420636572746966696361646f72612055434e30820222300d06092a864886f70d01010105000382020f003082020a0282020100bac4e13cd8c7fa57371bce6d41f22a26bcad2ffba6e97df5048e2d
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0x21dd954122aa8c3dcbc41c49c2b781e8
(3) Finished request
Waking up in 4.9 seconds.
(4) Received Access-Request Id 15 from 192.168.128.34:39957 to
146.83.124.26:1812 length 409
(4) User-Name = "wifi at ucn.cl"
(4) NAS-IP-Address = 192.168.128.34
(4) Called-Station-Id = "36-18-0A-7B-A4-6E:Red Radius"
(4) NAS-Port-Type = Wireless-802.11
(4) Service-Type = Framed-User
(4) NAS-Port = 1
(4) Calling-Station-Id = "E4-6F-13-2C-A4-C3"
(4) Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 57 / Channel: 1"
(4) Acct-Session-Id = "B51015A162BFE948"
(4) Acct-Multi-Session-Id = "8F5640A8CB689CCA"
(4) WLAN-Pairwise-Cipher = 1027076
(4) WLAN-Group-Cipher = 1027074
(4) WLAN-AKM-Suite = 1027073
(4) WLAN-Group-Mgmt-Cipher = 1027078
(4) Attr-26.29671.2 =
0x55434e20416e746f66616761737461202d2053574150202d20776972656c657373
(4) Attr-26.29671.3 = 0x41502d56312d536f706f727465
(4) Attr-26.29671.4 =
0x20414c554d4e4f5320454455524f414d2046554e43494f4e4152494f5320524144495553205445434e49434f53205649
(4) Meraki-Device-Name = "AP-V1-Soporte"
(4) Framed-MTU = 1400
(4) EAP-Message = 0x027700061900
(4) State = 0x21dd954122aa8c3dcbc41c49c2b781e8
(4) Message-Authenticator = 0x7747c72fb1b5d7e944b19d7fe7e11405
(4) session-state: No cached attributes
(4) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(4) authorize {
(4) policy filter_username {
(4) if (&User-Name) {
(4) if (&User-Name) -> TRUE
(4) if (&User-Name) {
(4) if (&User-Name =~ / /) {
(4) if (&User-Name =~ / /) -> FALSE
(4) if (&User-Name =~ /@[^@]*@/ ) {
(4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(4) if (&User-Name =~ /\.\./ ) {
(4) if (&User-Name =~ /\.\./ ) -> FALSE
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) ->
FALSE
(4) if (&User-Name =~ /\.$/) {
(4) if (&User-Name =~ /\.$/) -> FALSE
(4) if (&User-Name =~ /@\./) {
(4) if (&User-Name =~ /@\./) -> FALSE
(4) } # if (&User-Name) = notfound
(4) } # policy filter_username = notfound
(4) [preprocess] = ok
(4) auth_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(4) auth_log: --> /var/log/freeradius/radacct/
192.168.128.34/auth-detail-20200828
(4) auth_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.128.34/auth-detail-20200828
(4) auth_log: EXPAND %t
(4) auth_log: --> Fri Aug 28 18:49:25 2020
(4) [auth_log] = ok
(4) [chap] = noop
(4) [mschap] = noop
(4) [digest] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: Looking up realm "ucn.cl" for User-Name = "wifi at ucn.cl"
(4) suffix: Found realm "ucn.cl"
(4) suffix: Adding Stripped-User-Name = "wifi"
(4) suffix: Adding Realm = "ucn.cl"
(4) suffix: Authentication realm is LOCAL
(4) [suffix] = ok
(4) eap: Peer sent EAP Response (code 2) ID 119 length 6
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) } # authorize = ok
(4) Found Auth-Type = eap
(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(4) authenticate {
(4) eap: Expiring EAP session with state 0x21dd954122aa8c3d
(4) eap: Finished EAP session with state 0x21dd954122aa8c3d
(4) eap: Previous EAP request found for state 0x21dd954122aa8c3d, released
from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: Continuing EAP-TLS
(4) eap_peap: Peer ACKed our handshake fragment
(4) eap_peap: [eaptls verify] = request
(4) eap_peap: [eaptls process] = handled
(4) eap: Sending EAP Request (code 1) ID 120 length 1000
(4) eap: EAP session adding &reply:State = 0x21dd954125a58c3d
(4) [eap] = handled
(4) } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(4) Challenge { ... } # empty sub-section is ignored
(4) Sent Access-Challenge Id 15 from 146.83.124.26:1812 to
192.168.128.34:39957 length 0
(4) EAP-Message =
0x017803e81940c77251950fa0fe126a12332e02a8771ae735a0577b0809945f2151bb00b8f395f3f54573f94c87a0ad1afb624ea621c50e5cd9581e9bd0b5cc20a6f0c9bdbbbe326850002220a5b201f4bee09362a04c3dea95c4263c7c8ae9852a2a4c882975dc2cf44699206592149806fb22a1c9d191
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0x21dd954125a58c3dcbc41c49c2b781e8
(4) Finished request
Waking up in 4.9 seconds.
(5) Received Access-Request Id 16 from 192.168.128.34:39957 to
146.83.124.26:1812 length 409
(5) User-Name = "wifi at ucn.cl"
(5) NAS-IP-Address = 192.168.128.34
(5) Called-Station-Id = "36-18-0A-7B-A4-6E:Red Radius"
(5) NAS-Port-Type = Wireless-802.11
(5) Service-Type = Framed-User
(5) NAS-Port = 1
(5) Calling-Station-Id = "E4-6F-13-2C-A4-C3"
(5) Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 56 / Channel: 1"
(5) Acct-Session-Id = "B51015A162BFE948"
(5) Acct-Multi-Session-Id = "8F5640A8CB689CCA"
(5) WLAN-Pairwise-Cipher = 1027076
(5) WLAN-Group-Cipher = 1027074
(5) WLAN-AKM-Suite = 1027073
(5) WLAN-Group-Mgmt-Cipher = 1027078
(5) Attr-26.29671.2 =
0x55434e20416e746f66616761737461202d2053574150202d20776972656c657373
(5) Attr-26.29671.3 = 0x41502d56312d536f706f727465
(5) Attr-26.29671.4 =
0x20414c554d4e4f5320454455524f414d2046554e43494f4e4152494f5320524144495553205445434e49434f53205649
(5) Meraki-Device-Name = "AP-V1-Soporte"
(5) Framed-MTU = 1400
(5) EAP-Message = 0x027800061900
(5) State = 0x21dd954125a58c3dcbc41c49c2b781e8
(5) Message-Authenticator = 0x14679f103d269b881a86323b6d1e8549
(5) session-state: No cached attributes
(5) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) ->
FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ /@\./) {
(5) if (&User-Name =~ /@\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [preprocess] = ok
(5) auth_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(5) auth_log: --> /var/log/freeradius/radacct/
192.168.128.34/auth-detail-20200828
(5) auth_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.128.34/auth-detail-20200828
(5) auth_log: EXPAND %t
(5) auth_log: --> Fri Aug 28 18:49:25 2020
(5) [auth_log] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: Looking up realm "ucn.cl" for User-Name = "wifi at ucn.cl"
(5) suffix: Found realm "ucn.cl"
(5) suffix: Adding Stripped-User-Name = "wifi"
(5) suffix: Adding Realm = "ucn.cl"
(5) suffix: Authentication realm is LOCAL
(5) [suffix] = ok
(5) eap: Peer sent EAP Response (code 2) ID 120 length 6
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5) authenticate {
(5) eap: Expiring EAP session with state 0x21dd954125a58c3d
(5) eap: Finished EAP session with state 0x21dd954125a58c3d
(5) eap: Previous EAP request found for state 0x21dd954125a58c3d, released
from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: Continuing EAP-TLS
(5) eap_peap: Peer ACKed our handshake fragment
(5) eap_peap: [eaptls verify] = request
(5) eap_peap: [eaptls process] = handled
(5) eap: Sending EAP Request (code 1) ID 121 length 101
(5) eap: EAP session adding &reply:State = 0x21dd954124a48c3d
(5) [eap] = handled
(5) } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5) Challenge { ... } # empty sub-section is ignored
(5) Sent Access-Challenge Id 16 from 146.83.124.26:1812 to
192.168.128.34:39957 length 0
(5) EAP-Message =
0x017900651900b69a44dd3c02289e1d59e3c9942f182daeeaf01b0f7a2e2ad802551c3563754923a576bf26f9b0e0c6f3af501b6adccd04f8dd1d542c997d9ddce0870cb079731b1d26fde666eb374bdbbfb958b1467d9eb84423ac0816030300040e000000
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x21dd954124a48c3dcbc41c49c2b781e8
(5) Finished request
Waking up in 4.8 seconds.
(6) Received Access-Request Id 17 from 192.168.128.34:39957 to
146.83.124.26:1812 length 539
(6) User-Name = "wifi at ucn.cl"
(6) NAS-IP-Address = 192.168.128.34
(6) Called-Station-Id = "36-18-0A-7B-A4-6E:Red Radius"
(6) NAS-Port-Type = Wireless-802.11
(6) Service-Type = Framed-User
(6) NAS-Port = 1
(6) Calling-Station-Id = "E4-6F-13-2C-A4-C3"
(6) Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 58 / Channel: 1"
(6) Acct-Session-Id = "B51015A162BFE948"
(6) Acct-Multi-Session-Id = "8F5640A8CB689CCA"
(6) WLAN-Pairwise-Cipher = 1027076
(6) WLAN-Group-Cipher = 1027074
(6) WLAN-AKM-Suite = 1027073
(6) WLAN-Group-Mgmt-Cipher = 1027078
(6) Attr-26.29671.2 =
0x55434e20416e746f66616761737461202d2053574150202d20776972656c657373
(6) Attr-26.29671.3 = 0x41502d56312d536f706f727465
(6) Attr-26.29671.4 =
0x20414c554d4e4f5320454455524f414d2046554e43494f4e4152494f5320524144495553205445434e49434f53205649
(6) Meraki-Device-Name = "AP-V1-Soporte"
(6) Framed-MTU = 1400
(6) EAP-Message =
0x0279008819800000007e16030300461000004241046788806fbe757cf78d6a08d389fa7e8e550a21e4f195bff23a790c07e11ad380d541a0611f622fa4eb278e6a47fc06503e47e7d0675dfc89ef1975734a5f8cb614030300010116030300280000000000000000b8bf847857e145f1074457e48f47b4
(6) State = 0x21dd954124a48c3dcbc41c49c2b781e8
(6) Message-Authenticator = 0x756e5b4622e8707f399a8f35de7abb61
(6) session-state: No cached attributes
(6) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(6) authorize {
(6) policy filter_username {
(6) if (&User-Name) {
(6) if (&User-Name) -> TRUE
(6) if (&User-Name) {
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@[^@]*@/ ) {
(6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(6) if (&User-Name =~ /\.\./ ) {
(6) if (&User-Name =~ /\.\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) ->
FALSE
(6) if (&User-Name =~ /\.$/) {
(6) if (&User-Name =~ /\.$/) -> FALSE
(6) if (&User-Name =~ /@\./) {
(6) if (&User-Name =~ /@\./) -> FALSE
(6) } # if (&User-Name) = notfound
(6) } # policy filter_username = notfound
(6) [preprocess] = ok
(6) auth_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(6) auth_log: --> /var/log/freeradius/radacct/
192.168.128.34/auth-detail-20200828
(6) auth_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.128.34/auth-detail-20200828
(6) auth_log: EXPAND %t
(6) auth_log: --> Fri Aug 28 18:49:25 2020
(6) [auth_log] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: Looking up realm "ucn.cl" for User-Name = "wifi at ucn.cl"
(6) suffix: Found realm "ucn.cl"
(6) suffix: Adding Stripped-User-Name = "wifi"
(6) suffix: Adding Realm = "ucn.cl"
(6) suffix: Authentication realm is LOCAL
(6) [suffix] = ok
(6) eap: Peer sent EAP Response (code 2) ID 121 length 136
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) } # authorize = ok
(6) Found Auth-Type = eap
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6) authenticate {
(6) eap: Expiring EAP session with state 0x21dd954124a48c3d
(6) eap: Finished EAP session with state 0x21dd954124a48c3d
(6) eap: Previous EAP request found for state 0x21dd954124a48c3d, released
from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: Continuing EAP-TLS
(6) eap_peap: Peer indicated complete TLS record size will be 126 bytes
(6) eap_peap: Got complete TLS record (126 bytes)
(6) eap_peap: [eaptls verify] = length included
(6) eap_peap: TLS_accept: SSLv3/TLS write server done
(6) eap_peap: <<< recv TLS 1.2 [length 0046]
(6) eap_peap: TLS_accept: SSLv3/TLS read client key exchange
(6) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec
(6) eap_peap: <<< recv TLS 1.2 [length 0010]
(6) eap_peap: TLS_accept: SSLv3/TLS read finished
(6) eap_peap: >>> send TLS 1.2 [length 0001]
(6) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec
(6) eap_peap: >>> send TLS 1.2 [length 0010]
(6) eap_peap: TLS_accept: SSLv3/TLS write finished
(6) eap_peap: (other): SSL negotiation finished successfully
(6) eap_peap: SSL Connection Established
(6) eap_peap: [eaptls process] = handled
(6) eap: Sending EAP Request (code 1) ID 122 length 57
(6) eap: EAP session adding &reply:State = 0x21dd954127a78c3d
(6) [eap] = handled
(6) } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6) Challenge { ... } # empty sub-section is ignored
(6) Sent Access-Challenge Id 17 from 146.83.124.26:1812 to
192.168.128.34:39957 length 0
(6) EAP-Message =
0x017a0039190014030300010116030300282fa7d91ce14448b5632cba41946bad19f391306bae4b4b64a1293149cc0357f01a76329107706008
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0x21dd954127a78c3dcbc41c49c2b781e8
(6) Finished request
Waking up in 4.8 seconds.
(7) Received Access-Request Id 18 from 192.168.128.34:39957 to
146.83.124.26:1812 length 409
(7) User-Name = "wifi at ucn.cl"
(7) NAS-IP-Address = 192.168.128.34
(7) Called-Station-Id = "36-18-0A-7B-A4-6E:Red Radius"
(7) NAS-Port-Type = Wireless-802.11
(7) Service-Type = Framed-User
(7) NAS-Port = 1
(7) Calling-Station-Id = "E4-6F-13-2C-A4-C3"
(7) Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 56 / Channel: 1"
(7) Acct-Session-Id = "B51015A162BFE948"
(7) Acct-Multi-Session-Id = "8F5640A8CB689CCA"
(7) WLAN-Pairwise-Cipher = 1027076
(7) WLAN-Group-Cipher = 1027074
(7) WLAN-AKM-Suite = 1027073
(7) WLAN-Group-Mgmt-Cipher = 1027078
(7) Attr-26.29671.2 =
0x55434e20416e746f66616761737461202d2053574150202d20776972656c657373
(7) Attr-26.29671.3 = 0x41502d56312d536f706f727465
(7) Attr-26.29671.4 =
0x20414c554d4e4f5320454455524f414d2046554e43494f4e4152494f5320524144495553205445434e49434f53205649
(7) Meraki-Device-Name = "AP-V1-Soporte"
(7) Framed-MTU = 1400
(7) EAP-Message = 0x027a00061900
(7) State = 0x21dd954127a78c3dcbc41c49c2b781e8
(7) Message-Authenticator = 0xa6eabb00fc3dbb9f8a77e3e189c08f82
(7) session-state: No cached attributes
(7) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(7) authorize {
(7) policy filter_username {
(7) if (&User-Name) {
(7) if (&User-Name) -> TRUE
(7) if (&User-Name) {
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@[^@]*@/ ) {
(7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(7) if (&User-Name =~ /\.\./ ) {
(7) if (&User-Name =~ /\.\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) ->
FALSE
(7) if (&User-Name =~ /\.$/) {
(7) if (&User-Name =~ /\.$/) -> FALSE
(7) if (&User-Name =~ /@\./) {
(7) if (&User-Name =~ /@\./) -> FALSE
(7) } # if (&User-Name) = notfound
(7) } # policy filter_username = notfound
(7) [preprocess] = ok
(7) auth_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(7) auth_log: --> /var/log/freeradius/radacct/
192.168.128.34/auth-detail-20200828
(7) auth_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.128.34/auth-detail-20200828
(7) auth_log: EXPAND %t
(7) auth_log: --> Fri Aug 28 18:49:27 2020
(7) [auth_log] = ok
(7) [chap] = noop
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: Looking up realm "ucn.cl" for User-Name = "wifi at ucn.cl"
(7) suffix: Found realm "ucn.cl"
(7) suffix: Adding Stripped-User-Name = "wifi"
(7) suffix: Adding Realm = "ucn.cl"
(7) suffix: Authentication realm is LOCAL
(7) [suffix] = ok
(7) eap: Peer sent EAP Response (code 2) ID 122 length 6
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(7) authenticate {
(7) eap: Expiring EAP session with state 0x21dd954127a78c3d
(7) eap: Finished EAP session with state 0x21dd954127a78c3d
(7) eap: Previous EAP request found for state 0x21dd954127a78c3d, released
from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: Continuing EAP-TLS
(7) eap_peap: Peer ACKed our handshake fragment. handshake is finished
(7) eap_peap: [eaptls verify] = success
(7) eap_peap: [eaptls process] = success
(7) eap_peap: Session established. Decoding tunneled attributes
(7) eap_peap: PEAP state TUNNEL ESTABLISHED
(7) eap: Sending EAP Request (code 1) ID 123 length 40
(7) eap: EAP session adding &reply:State = 0x21dd954126a68c3d
(7) [eap] = handled
(7) } # authenticate = handled
(7) Using Post-Auth-Type Challenge
(7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(7) Challenge { ... } # empty sub-section is ignored
(7) Sent Access-Challenge Id 18 from 146.83.124.26:1812 to
192.168.128.34:39957 length 0
(7) EAP-Message =
0x017b00281900170303001d2fa7d91ce14448b6c26c44cc6ab809edad31b8e6e88a368d132b76190a
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x21dd954126a68c3dcbc41c49c2b781e8
(7) Finished request
Waking up in 2.6 seconds.
(8) Received Access-Request Id 19 from 192.168.128.34:39957 to
146.83.124.26:1812 length 450
(8) User-Name = "wifi at ucn.cl"
(8) NAS-IP-Address = 192.168.128.34
(8) Called-Station-Id = "36-18-0A-7B-A4-6E:Red Radius"
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) NAS-Port = 1
(8) Calling-Station-Id = "E4-6F-13-2C-A4-C3"
(8) Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 59 / Channel: 1"
(8) Acct-Session-Id = "B51015A162BFE948"
(8) Acct-Multi-Session-Id = "8F5640A8CB689CCA"
(8) WLAN-Pairwise-Cipher = 1027076
(8) WLAN-Group-Cipher = 1027074
(8) WLAN-AKM-Suite = 1027073
(8) WLAN-Group-Mgmt-Cipher = 1027078
(8) Attr-26.29671.2 =
0x55434e20416e746f66616761737461202d2053574150202d20776972656c657373
(8) Attr-26.29671.3 = 0x41502d56312d536f706f727465
(8) Attr-26.29671.4 =
0x20414c554d4e4f5320454455524f414d2046554e43494f4e4152494f5320524144495553205445434e49434f53205649
(8) Meraki-Device-Name = "AP-V1-Soporte"
(8) Framed-MTU = 1400
(8) EAP-Message =
0x027b002f19001703030024000000000000000160600c8649acac0a4995596f57083fda3fb934048eec7b2d68991701
(8) State = 0x21dd954126a68c3dcbc41c49c2b781e8
(8) Message-Authenticator = 0xb6ce80dae8ccb6105cd97cfbcd9fe078
(8) session-state: No cached attributes
(8) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(8) authorize {
(8) policy filter_username {
(8) if (&User-Name) {
(8) if (&User-Name) -> TRUE
(8) if (&User-Name) {
(8) if (&User-Name =~ / /) {
(8) if (&User-Name =~ / /) -> FALSE
(8) if (&User-Name =~ /@[^@]*@/ ) {
(8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(8) if (&User-Name =~ /\.\./ ) {
(8) if (&User-Name =~ /\.\./ ) -> FALSE
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) ->
FALSE
(8) if (&User-Name =~ /\.$/) {
(8) if (&User-Name =~ /\.$/) -> FALSE
(8) if (&User-Name =~ /@\./) {
(8) if (&User-Name =~ /@\./) -> FALSE
(8) } # if (&User-Name) = notfound
(8) } # policy filter_username = notfound
(8) [preprocess] = ok
(8) auth_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(8) auth_log: --> /var/log/freeradius/radacct/
192.168.128.34/auth-detail-20200828
(8) auth_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.128.34/auth-detail-20200828
(8) auth_log: EXPAND %t
(8) auth_log: --> Fri Aug 28 18:49:27 2020
(8) [auth_log] = ok
(8) [chap] = noop
(8) [mschap] = noop
(8) [digest] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: Looking up realm "ucn.cl" for User-Name = "wifi at ucn.cl"
(8) suffix: Found realm "ucn.cl"
(8) suffix: Adding Stripped-User-Name = "wifi"
(8) suffix: Adding Realm = "ucn.cl"
(8) suffix: Authentication realm is LOCAL
(8) [suffix] = ok
(8) eap: Peer sent EAP Response (code 2) ID 123 length 47
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) } # authorize = ok
(8) Found Auth-Type = eap
(8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(8) authenticate {
(8) eap: Expiring EAP session with state 0x21dd954126a68c3d
(8) eap: Finished EAP session with state 0x21dd954126a68c3d
(8) eap: Previous EAP request found for state 0x21dd954126a68c3d, released
from the list
(8) eap: Peer sent packet with method EAP PEAP (25)
(8) eap: Calling submodule eap_peap to process data
(8) eap_peap: Continuing EAP-TLS
(8) eap_peap: [eaptls verify] = ok
(8) eap_peap: Done initial handshake
(8) eap_peap: [eaptls process] = ok
(8) eap_peap: Session established. Decoding tunneled attributes
(8) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(8) eap_peap: Identity - wifi at ucn.cl
(8) eap_peap: Got inner identity 'wifi at ucn.cl'
(8) eap_peap: Setting default EAP type for tunneled EAP session
(8) eap_peap: Got tunneled request
(8) eap_peap: EAP-Message = 0x027b001001776966694075636e2e636c
(8) eap_peap: Setting User-Name to wifi at ucn.cl
(8) eap_peap: Sending tunneled request to inner-tunnel
(8) eap_peap: EAP-Message = 0x027b001001776966694075636e2e636c
(8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(8) eap_peap: User-Name = "wifi at ucn.cl"
(8) Virtual server inner-tunnel received request
(8) EAP-Message = 0x027b001001776966694075636e2e636c
(8) FreeRADIUS-Proxied-To = 127.0.0.1
(8) User-Name = "wifi at ucn.cl"
(8) WARNING: Outer and inner identities are the same. User privacy is
compromised.
(8) server inner-tunnel {
(8) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(8) authorize {
(8) policy filter_username {
(8) if (&User-Name) {
(8) if (&User-Name) -> TRUE
(8) if (&User-Name) {
(8) if (&User-Name =~ / /) {
(8) if (&User-Name =~ / /) -> FALSE
(8) if (&User-Name =~ /@[^@]*@/ ) {
(8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(8) if (&User-Name =~ /\.\./ ) {
(8) if (&User-Name =~ /\.\./ ) -> FALSE
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))
-> FALSE
(8) if (&User-Name =~ /\.$/) {
(8) if (&User-Name =~ /\.$/) -> FALSE
(8) if (&User-Name =~ /@\./) {
(8) if (&User-Name =~ /@\./) -> FALSE
(8) } # if (&User-Name) = notfound
(8) } # policy filter_username = notfound
(8) [mschap] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: Looking up realm "ucn.cl" for User-Name = "wifi at ucn.cl"
(8) suffix: Found realm "ucn.cl"
(8) suffix: Adding Stripped-User-Name = "wifi"
(8) suffix: Adding Realm = "ucn.cl"
(8) suffix: Authentication realm is LOCAL
(8) [suffix] = ok
(8) update control {
(8) &Proxy-To-Realm := LOCAL
(8) } # update control = noop
(8) eap: Peer sent EAP Response (code 2) ID 123 length 16
(8) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(8) [eap] = ok
(8) } # authorize = ok
(8) Found Auth-Type = eap
(8) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(8) authenticate {
(8) eap: Peer sent packet with method EAP Identity (1)
(8) eap: Calling submodule eap_mschapv2 to process data
(8) eap_mschapv2: Issuing Challenge
(8) eap: Sending EAP Request (code 1) ID 124 length 43
(8) eap: EAP session adding &reply:State = 0xc56f897cc5139321
(8) [eap] = handled
(8) } # authenticate = handled
(8) } # server inner-tunnel
(8) Virtual server sending reply
(8) EAP-Message =
0x017c002b1a017c002610ef5df80f43a08b0517f2eebd51c95820667265657261646975732d332e302e3136
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0xc56f897cc5139321a7b06bef2a6a6d11
(8) eap_peap: Got tunneled reply code 11
(8) eap_peap: EAP-Message =
0x017c002b1a017c002610ef5df80f43a08b0517f2eebd51c95820667265657261646975732d332e302e3136
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: State = 0xc56f897cc5139321a7b06bef2a6a6d11
(8) eap_peap: Got tunneled reply RADIUS code 11
(8) eap_peap: EAP-Message =
0x017c002b1a017c002610ef5df80f43a08b0517f2eebd51c95820667265657261646975732d332e302e3136
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: State = 0xc56f897cc5139321a7b06bef2a6a6d11
(8) eap_peap: Got tunneled Access-Challenge
(8) eap: Sending EAP Request (code 1) ID 124 length 74
(8) eap: EAP session adding &reply:State = 0x21dd954129a18c3d
(8) [eap] = handled
(8) } # authenticate = handled
(8) Using Post-Auth-Type Challenge
(8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(8) Challenge { ... } # empty sub-section is ignored
(8) Sent Access-Challenge Id 19 from 146.83.124.26:1812 to
192.168.128.34:39957 length 0
(8) EAP-Message =
0x017c004a1900170303003f2fa7d91ce14448b7e5c0c32388ddc8194a591f34dc604c741d5fdbf79a47dce0e95eacb441f26d50b86e8204cf425c95a8be1d58c1239799c5c6e254b47166
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x21dd954129a18c3dcbc41c49c2b781e8
(8) Finished request
Waking up in 2.6 seconds.
(9) Received Access-Request Id 20 from 192.168.128.34:39957 to
146.83.124.26:1812 length 504
(9) User-Name = "wifi at ucn.cl"
(9) NAS-IP-Address = 192.168.128.34
(9) Called-Station-Id = "36-18-0A-7B-A4-6E:Red Radius"
(9) NAS-Port-Type = Wireless-802.11
(9) Service-Type = Framed-User
(9) NAS-Port = 1
(9) Calling-Station-Id = "E4-6F-13-2C-A4-C3"
(9) Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 59 / Channel: 1"
(9) Acct-Session-Id = "B51015A162BFE948"
(9) Acct-Multi-Session-Id = "8F5640A8CB689CCA"
(9) WLAN-Pairwise-Cipher = 1027076
(9) WLAN-Group-Cipher = 1027074
(9) WLAN-AKM-Suite = 1027073
(9) WLAN-Group-Mgmt-Cipher = 1027078
(9) Attr-26.29671.2 =
0x55434e20416e746f66616761737461202d2053574150202d20776972656c657373
(9) Attr-26.29671.3 = 0x41502d56312d536f706f727465
(9) Attr-26.29671.4 =
0x20414c554d4e4f5320454455524f414d2046554e43494f4e4152494f5320524144495553205445434e49434f53205649
(9) Meraki-Device-Name = "AP-V1-Soporte"
(9) Framed-MTU = 1400
(9) EAP-Message =
0x027c00651900170303005a00000000000000024a9bc269a4199bdc550260ada1d90a510ef9fbf7753f11ec5fe5be876f6eeb2e234a0365719abde087d2a48deb5cf395ca9706c7efe83b694fcfaa80a0a1d145c0357c0bf7ff504d9b9ac35051cf54949111
(9) State = 0x21dd954129a18c3dcbc41c49c2b781e8
(9) Message-Authenticator = 0xc9f8565bd068d6ad35c63cd3ec5e16d2
(9) session-state: No cached attributes
(9) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(9) authorize {
(9) policy filter_username {
(9) if (&User-Name) {
(9) if (&User-Name) -> TRUE
(9) if (&User-Name) {
(9) if (&User-Name =~ / /) {
(9) if (&User-Name =~ / /) -> FALSE
(9) if (&User-Name =~ /@[^@]*@/ ) {
(9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(9) if (&User-Name =~ /\.\./ ) {
(9) if (&User-Name =~ /\.\./ ) -> FALSE
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) ->
FALSE
(9) if (&User-Name =~ /\.$/) {
(9) if (&User-Name =~ /\.$/) -> FALSE
(9) if (&User-Name =~ /@\./) {
(9) if (&User-Name =~ /@\./) -> FALSE
(9) } # if (&User-Name) = notfound
(9) } # policy filter_username = notfound
(9) [preprocess] = ok
(9) auth_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(9) auth_log: --> /var/log/freeradius/radacct/
192.168.128.34/auth-detail-20200828
(9) auth_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.128.34/auth-detail-20200828
(9) auth_log: EXPAND %t
(9) auth_log: --> Fri Aug 28 18:49:27 2020
(9) [auth_log] = ok
(9) [chap] = noop
(9) [mschap] = noop
(9) [digest] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: Looking up realm "ucn.cl" for User-Name = "wifi at ucn.cl"
(9) suffix: Found realm "ucn.cl"
(9) suffix: Adding Stripped-User-Name = "wifi"
(9) suffix: Adding Realm = "ucn.cl"
(9) suffix: Authentication realm is LOCAL
(9) [suffix] = ok
(9) eap: Peer sent EAP Response (code 2) ID 124 length 101
(9) eap: Continuing tunnel setup
(9) [eap] = ok
(9) } # authorize = ok
(9) Found Auth-Type = eap
(9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(9) authenticate {
(9) eap: Expiring EAP session with state 0xc56f897cc5139321
(9) eap: Finished EAP session with state 0x21dd954129a18c3d
(9) eap: Previous EAP request found for state 0x21dd954129a18c3d, released
from the list
(9) eap: Peer sent packet with method EAP PEAP (25)
(9) eap: Calling submodule eap_peap to process data
(9) eap_peap: Continuing EAP-TLS
(9) eap_peap: [eaptls verify] = ok
(9) eap_peap: Done initial handshake
(9) eap_peap: [eaptls process] = ok
(9) eap_peap: Session established. Decoding tunneled attributes
(9) eap_peap: PEAP state phase2
(9) eap_peap: EAP method MSCHAPv2 (26)
(9) eap_peap: Got tunneled request
(9) eap_peap: EAP-Message =
0x027c00461a027c00413112edf048489e741053571c93c8bcbb060000000000000000ef518244cd55d743a477d7e0528409c7d7373fb0f1a54f1200776966694075636e2e636c
(9) eap_peap: Setting User-Name to wifi at ucn.cl
(9) eap_peap: Sending tunneled request to inner-tunnel
(9) eap_peap: EAP-Message =
0x027c00461a027c00413112edf048489e741053571c93c8bcbb060000000000000000ef518244cd55d743a477d7e0528409c7d7373fb0f1a54f1200776966694075636e2e636c
(9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(9) eap_peap: User-Name = "wifi at ucn.cl"
(9) eap_peap: State = 0xc56f897cc5139321a7b06bef2a6a6d11
(9) Virtual server inner-tunnel received request
(9) EAP-Message =
0x027c00461a027c00413112edf048489e741053571c93c8bcbb060000000000000000ef518244cd55d743a477d7e0528409c7d7373fb0f1a54f1200776966694075636e2e636c
(9) FreeRADIUS-Proxied-To = 127.0.0.1
(9) User-Name = "wifi at ucn.cl"
(9) State = 0xc56f897cc5139321a7b06bef2a6a6d11
(9) WARNING: Outer and inner identities are the same. User privacy is
compromised.
(9) server inner-tunnel {
(9) session-state: No cached attributes
(9) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(9) authorize {
(9) policy filter_username {
(9) if (&User-Name) {
(9) if (&User-Name) -> TRUE
(9) if (&User-Name) {
(9) if (&User-Name =~ / /) {
(9) if (&User-Name =~ / /) -> FALSE
(9) if (&User-Name =~ /@[^@]*@/ ) {
(9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(9) if (&User-Name =~ /\.\./ ) {
(9) if (&User-Name =~ /\.\./ ) -> FALSE
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))
-> FALSE
(9) if (&User-Name =~ /\.$/) {
(9) if (&User-Name =~ /\.$/) -> FALSE
(9) if (&User-Name =~ /@\./) {
(9) if (&User-Name =~ /@\./) -> FALSE
(9) } # if (&User-Name) = notfound
(9) } # policy filter_username = notfound
(9) [mschap] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: Looking up realm "ucn.cl" for User-Name = "wifi at ucn.cl"
(9) suffix: Found realm "ucn.cl"
(9) suffix: Adding Stripped-User-Name = "wifi"
(9) suffix: Adding Realm = "ucn.cl"
(9) suffix: Authentication realm is LOCAL
(9) [suffix] = ok
(9) update control {
(9) &Proxy-To-Realm := LOCAL
(9) } # update control = noop
(9) eap: Peer sent EAP Response (code 2) ID 124 length 70
(9) eap: No EAP Start, assuming it's an on-going EAP conversation
(9) [eap] = updated
(9) if (Realm == 'ucn.cl') {
(9) if (Realm == 'ucn.cl') -> TRUE
(9) if (Realm == 'ucn.cl') {
(9) first_files: EXPAND %{Virtual-Server}
(9) first_files: --> inner-tunnel
(9) first_files: users: Matched entry DEFAULT at line 93
(9) [first_files] = ok
(9) } # if (Realm == 'ucn.cl') = ok
(9) if (Realm == 'alumnos.ucn.cl') {
(9) if (Realm == 'alumnos.ucn.cl') -> FALSE
(9) files: EXPAND %{Virtual-Server}
(9) files: --> inner-tunnel
(9) files: users: Matched entry DEFAULT at line 95
(9) [files] = ok
(9) first_files: EXPAND %{Virtual-Server}
(9) first_files: --> inner-tunnel
(9) first_files: users: Matched entry DEFAULT at line 93
(9) [first_files] = ok
(9) second_files: EXPAND %{Virtual-Server}
(9) second_files: --> inner-tunnel
(9) second_files: users: Matched entry DEFAULT at line 93
(9) [second_files] = ok
(9) [expiration] = noop
(9) [logintime] = noop
(9) [pap] = noop
(9) } # authorize = updated
(9) Found Auth-Type = pam
(9) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(9) authenticate {
(9) pam: Attribute "User-Password" is required for authentication
(9) [pam] = invalid
(9) } # authenticate = invalid
(9) Failed to authenticate the user
(9) Using Post-Auth-Type Reject
(9) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(9) Post-Auth-Type REJECT {
(9) reply_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
(9) reply_log: --> /var/log/freeradius/radacct/
192.168.128.34/reply-detail-20200828
(9) reply_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.128.34/reply-detail-20200828
(9) reply_log: WARNING: Skipping empty packet
(9) [reply_log] = ok
(9) attr_filter.access_reject: EXPAND %{User-Name}
(9) attr_filter.access_reject: --> wifi at ucn.cl
(9) attr_filter.access_reject: Matched entry DEFAULT at line 11
(9) [attr_filter.access_reject] = updated
(9) update outer.session-state {
(9) No attributes updated
(9) } # update outer.session-state = noop
(9) } # Post-Auth-Type REJECT = updated
(9) } # server inner-tunnel
(9) Virtual server sending reply
(9) eap_peap: Got tunneled reply code 3
(9) eap_peap: Got tunneled reply RADIUS code 3
(9) eap_peap: Tunneled authentication was rejected
(9) eap_peap: FAILURE
(9) eap: Sending EAP Request (code 1) ID 125 length 46
(9) eap: EAP session adding &reply:State = 0x21dd954128a08c3d
(9) [eap] = handled
(9) } # authenticate = handled
(9) Using Post-Auth-Type Challenge
(9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(9) Challenge { ... } # empty sub-section is ignored
(9) Sent Access-Challenge Id 20 from 146.83.124.26:1812 to
192.168.128.34:39957 length 0
(9) EAP-Message =
0x017d002e190017030300232fa7d91ce14448b8ddd68976e03c329bec9e1fd5f358bc7cec4fd90c62fe6eab52678f
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0x21dd954128a08c3dcbc41c49c2b781e8
(9) Finished request
Waking up in 2.6 seconds.
(10) Received Access-Request Id 21 from 192.168.128.34:39957 to
146.83.124.26:1812 length 449
(10) User-Name = "wifi at ucn.cl"
(10) NAS-IP-Address = 192.168.128.34
(10) Called-Station-Id = "36-18-0A-7B-A4-6E:Red Radius"
(10) NAS-Port-Type = Wireless-802.11
(10) Service-Type = Framed-User
(10) NAS-Port = 1
(10) Calling-Station-Id = "E4-6F-13-2C-A4-C3"
(10) Connect-Info = "CONNECT 54.00 Mbps / 802.11n / RSSI: 56 / Channel: 1"
(10) Acct-Session-Id = "B51015A162BFE948"
(10) Acct-Multi-Session-Id = "8F5640A8CB689CCA"
(10) WLAN-Pairwise-Cipher = 1027076
(10) WLAN-Group-Cipher = 1027074
(10) WLAN-AKM-Suite = 1027073
(10) WLAN-Group-Mgmt-Cipher = 1027078
(10) Attr-26.29671.2 =
0x55434e20416e746f66616761737461202d2053574150202d20776972656c657373
(10) Attr-26.29671.3 = 0x41502d56312d536f706f727465
(10) Attr-26.29671.4 =
0x20414c554d4e4f5320454455524f414d2046554e43494f4e4152494f5320524144495553205445434e49434f53205649
(10) Meraki-Device-Name = "AP-V1-Soporte"
(10) Framed-MTU = 1400
(10) EAP-Message =
0x027d002e19001703030023000000000000000376d2d8397dd47c5aa4c12397dc5d81bd6492de176eb0693ea9966a
(10) State = 0x21dd954128a08c3dcbc41c49c2b781e8
(10) Message-Authenticator = 0x1cc95b6ddafcd8b2fa3b088b64b138db
(10) session-state: No cached attributes
(10) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(10) authorize {
(10) policy filter_username {
(10) if (&User-Name) {
(10) if (&User-Name) -> TRUE
(10) if (&User-Name) {
(10) if (&User-Name =~ / /) {
(10) if (&User-Name =~ / /) -> FALSE
(10) if (&User-Name =~ /@[^@]*@/ ) {
(10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(10) if (&User-Name =~ /\.\./ ) {
(10) if (&User-Name =~ /\.\./ ) -> FALSE
(10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))
-> FALSE
(10) if (&User-Name =~ /\.$/) {
(10) if (&User-Name =~ /\.$/) -> FALSE
(10) if (&User-Name =~ /@\./) {
(10) if (&User-Name =~ /@\./) -> FALSE
(10) } # if (&User-Name) = notfound
(10) } # policy filter_username = notfound
(10) [preprocess] = ok
(10) auth_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(10) auth_log: --> /var/log/freeradius/radacct/
192.168.128.34/auth-detail-20200828
(10) auth_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.128.34/auth-detail-20200828
(10) auth_log: EXPAND %t
(10) auth_log: --> Fri Aug 28 18:49:27 2020
(10) [auth_log] = ok
(10) [chap] = noop
(10) [mschap] = noop
(10) [digest] = noop
(10) suffix: Checking for suffix after "@"
(10) suffix: Looking up realm "ucn.cl" for User-Name = "wifi at ucn.cl"
(10) suffix: Found realm "ucn.cl"
(10) suffix: Adding Stripped-User-Name = "wifi"
(10) suffix: Adding Realm = "ucn.cl"
(10) suffix: Authentication realm is LOCAL
(10) [suffix] = ok
(10) eap: Peer sent EAP Response (code 2) ID 125 length 46
(10) eap: Continuing tunnel setup
(10) [eap] = ok
(10) } # authorize = ok
(10) Found Auth-Type = eap
(10) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(10) authenticate {
(10) eap: Expiring EAP session with state 0xc56f897cc5139321
(10) eap: Finished EAP session with state 0x21dd954128a08c3d
(10) eap: Previous EAP request found for state 0x21dd954128a08c3d, released
from the list
(10) eap: Peer sent packet with method EAP PEAP (25)
(10) eap: Calling submodule eap_peap to process data
(10) eap_peap: Continuing EAP-TLS
(10) eap_peap: [eaptls verify] = ok
(10) eap_peap: Done initial handshake
(10) eap_peap: [eaptls process] = ok
(10) eap_peap: Session established. Decoding tunneled attributes
(10) eap_peap: PEAP state send tlv failure
(10) eap_peap: Received EAP-TLV response
(10) eap_peap: ERROR: The users session was previously rejected:
returning reject (again.)
(10) eap_peap: This means you need to read the PREVIOUS messages in the
debug output
(10) eap_peap: to find out the reason why the user was rejected
(10) eap_peap: Look for "reject" or "fail". Those earlier messages will
tell you
(10) eap_peap: what went wrong, and how to fix the problem
(10) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module
failed
(10) eap: Sending EAP Failure (code 4) ID 125 length 4
(10) eap: Failed in EAP select
(10) [eap] = invalid
(10) } # authenticate = invalid
(10) Failed to authenticate the user
(10) Using Post-Auth-Type Reject
(10) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(10) Post-Auth-Type REJECT {
(10) attr_filter.access_reject: EXPAND %{User-Name}
(10) attr_filter.access_reject: --> wifi at ucn.cl
(10) attr_filter.access_reject: Matched entry DEFAULT at line 11
(10) [attr_filter.access_reject] = updated
(10) [eap] = noop
(10) reply_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
(10) reply_log: --> /var/log/freeradius/radacct/
192.168.128.34/reply-detail-20200828
(10) reply_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.128.34/reply-detail-20200828
(10) reply_log: EXPAND %t
(10) reply_log: --> Fri Aug 28 18:49:27 2020
(10) [reply_log] = ok
(10) policy remove_reply_message_if_eap {
(10) if (&reply:EAP-Message && &reply:Reply-Message) {
(10) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(10) else {
(10) [noop] = noop
(10) } # else = noop
(10) } # policy remove_reply_message_if_eap = noop
(10) } # Post-Auth-Type REJECT = updated
(10) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(10) Sending delayed response
(10) Sent Access-Reject Id 21 from 146.83.124.26:1812 to
192.168.128.34:39957 length 44
(10) EAP-Message = 0x047d0004
(10) Message-Authenticator = 0x00000000000000000000000000000000
Thanks in advance.
Bárbara.
More information about the Freeradius-Users
mailing list