RES: Incorrect username being registered by freeradius

Daniel Guimaraes Pena daniel.pena at mpdft.mp.br
Tue Jun 23 17:34:30 CEST 2020


Thanks for anwaring, Alan, you were right: that is his MAC Address.

Sorry for that missing debug... I had just restarted server and lost all logs.

Until this moment, no mac address appeared at radacct table, so I don’t have debug for that yet.
For this, if I may ask, why user is registered in radacct table with mac address but in radius log appears his real username?

And this one here, that is NOT a mac address:
[local]:5432 radius at radius=> select * from radacct where radacctid = '6000795';
-[ RECORD 1 ]------+---------------------------------
radacctid          | 6000795
acctsessionid      | 38EBA713-00000041
acctuniqueid       | 6b521bf17a61aa914f0f67b33c558e07
username           | 347117
groupname          |
realm              |
nasipaddress       | 10.34.15.221
nasportid          | 2
nasporttype        | Wireless-802.11
acctstarttime      | 2020-06-23 11:18:40-03
acctupdatetime     | 2020-06-23 11:18:40-03
acctstoptime       |
acctinterval       |
acctsessiontime    | 0
acctauthentic      | RADIUS
connectinfo_start  | CONNECT 54Mbps 802.11g
connectinfo_stop   |
acctinputoctets    | 0
acctoutputoctets   | 0
calledstationid    | 5C-D9-98-14-37-48:MPDFT
callingstationid   | 48-49-C7-71-79-66
acctterminatecause |
servicetype        |
framedprotocol     |
framedipaddress    |

Time: 4.267 ms
[local]:5432 radius at radius=>


Reading debug, real login is "luciana.nogueira"
Here the debug log for this entry:
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.06.23 12:21:07 =~=~=~=~=~=~=~=~=~=~=~=
grep -E "\(4925[7-9]\)|\(4926[0-7]\)" debug.log 
(49257) Received Access-Request Id 151 from 10.34.15.221:1384 to 10.34.242.3:1812 length 151
(49257)   User-Name = "347117"
(49257)   NAS-IP-Address = 10.34.15.221
(49257)   NAS-Port = 2
(49257)   Called-Station-Id = "5C-D9-98-14-37-48:MPDFT"
(49257)   Calling-Station-Id = "48-49-C7-71-79-66"
(49257)   Framed-MTU = 1400
(49257)   NAS-Port-Type = Wireless-802.11
(49257)   Connect-Info = "CONNECT 54Mbps 802.11g"
(49257)   EAP-Message = 0x0200000b01333437313137
(49257)   Message-Authenticator = 0x05d29ff74e6c4903b1ab83208153a6ad
(49257) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(49257)   authorize {
(49257)     policy filter_username {
(49257)       if (&User-Name) {
(49257)       if (&User-Name)  -> TRUE
(49257)       if (&User-Name)  {
(49257)         if (&User-Name != "%{tolower:%{User-Name}}") {
(49257)         EXPAND %{tolower:%{User-Name}}
(49257)            --> 347117
(49257)         if (&User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(49257)         if (&User-Name =~ / /) {
(49257)         if (&User-Name =~ / /)  -> FALSE
(49257)         if (&User-Name =~ /@[^@]*@/ ) {
(49257)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(49257)         if (&User-Name =~ /\.\./ ) {
(49257)         if (&User-Name =~ /\.\./ )  -> FALSE
(49257)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(49257)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(49257)         if (&User-Name =~ /\.$/)  {
(49257)         if (&User-Name =~ /\.$/)   -> FALSE
(49257)         if (&User-Name =~ /@\./)  {
(49257)         if (&User-Name =~ /@\./)   -> FALSE
(49257)       } # if (&User-Name)  = notfound
(49257)     } # policy filter_username = notfound
(49257)     [preprocess] = ok
(49257) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail
(49257) auth_log:    --> /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49257) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail expands to /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49257) auth_log: EXPAND %t
(49257) auth_log:    --> Tue Jun 23 11:18:40 2020
(49257)     [auth_log] = ok
(49257)     [chap] = noop
(49257)     [mschap] = noop
(49257)     [digest] = noop
(49257) suffix: Checking for suffix after "@"
(49257) suffix: No '@' in User-Name = "347117", looking up realm NULL
(49257) suffix: No such realm "NULL"
(49257)     [suffix] = noop
(49257) eap: Peer sent EAP Response (code 2) ID 0 length 11
(49257) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(49257)     [eap] = ok
(49257)   } # authorize = ok
(49257) Found Auth-Type = eap
(49257) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49257)   authenticate {
(49257) eap: Peer sent packet with method EAP Identity (1)
(49257) eap: Calling submodule eap_md5 to process data
(49257) eap_md5: Issuing MD5 Challenge
(49257) eap: Sending EAP Request (code 1) ID 1 length 22
(49257) eap: EAP session adding &reply:State = 0x343264483433605b
(49257)     [eap] = handled
(49257)   } # authenticate = handled
(49257) Using Post-Auth-Type Challenge
(49257) Post-Auth-Type sub-section not found.  Ignoring.
(49257) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49257) Sent Access-Challenge Id 151 from 10.34.242.3:1812 to 10.34.15.221:1384 length 0
(49257)   EAP-Message = 0x010100160410f293b8de33b4c8cebe98befea9b4bfc6
(49257)   Message-Authenticator = 0x00000000000000000000000000000000
(49257)   State = 0x343264483433605baa04a227c6849a7d
(49257) Finished request
(49258) Received Access-Request Id 152 from 10.34.15.221:1384 to 10.34.242.3:1812 length 164
(49258)   User-Name = "347117"
(49258)   NAS-IP-Address = 10.34.15.221
(49258)   NAS-Port = 2
(49258)   Called-Station-Id = "5C-D9-98-14-37-48:MPDFT"
(49258)   Calling-Station-Id = "48-49-C7-71-79-66"
(49258)   Framed-MTU = 1400
(49258)   NAS-Port-Type = Wireless-802.11
(49258)   Connect-Info = "CONNECT 54Mbps 802.11g"
(49258)   EAP-Message = 0x020100060319
(49258)   State = 0x343264483433605baa04a227c6849a7d
(49258)   Message-Authenticator = 0x2e74fdc7c9c9592fc2232375736fd39e
(49258) session-state: No cached attributes
(49258) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(49258)   authorize {
(49258)     policy filter_username {
(49258)       if (&User-Name) {
(49258)       if (&User-Name)  -> TRUE
(49258)       if (&User-Name)  {
(49258)         if (&User-Name != "%{tolower:%{User-Name}}") {
(49258)         EXPAND %{tolower:%{User-Name}}
(49258)            --> 347117
(49258)         if (&User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(49258)         if (&User-Name =~ / /) {
(49258)         if (&User-Name =~ / /)  -> FALSE
(49258)         if (&User-Name =~ /@[^@]*@/ ) {
(49258)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(49258)         if (&User-Name =~ /\.\./ ) {
(49258)         if (&User-Name =~ /\.\./ )  -> FALSE
(49258)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(49258)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(49258)         if (&User-Name =~ /\.$/)  {
(49258)         if (&User-Name =~ /\.$/)   -> FALSE
(49258)         if (&User-Name =~ /@\./)  {
(49258)         if (&User-Name =~ /@\./)   -> FALSE
(49258)       } # if (&User-Name)  = notfound
(49258)     } # policy filter_username = notfound
(49258)     [preprocess] = ok
(49258) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail
(49258) auth_log:    --> /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49258) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail expands to /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49258) auth_log: EXPAND %t
(49258) auth_log:    --> Tue Jun 23 11:18:40 2020
(49258)     [auth_log] = ok
(49258)     [chap] = noop
(49258)     [mschap] = noop
(49258)     [digest] = noop
(49258) suffix: Checking for suffix after "@"
(49258) suffix: No '@' in User-Name = "347117", looking up realm NULL
(49258) suffix: No such realm "NULL"
(49258)     [suffix] = noop
(49258) eap: Peer sent EAP Response (code 2) ID 1 length 6
(49258) eap: No EAP Start, assuming it's an on-going EAP conversation
(49258)     [eap] = updated
(49258) files: Failed resolving UID: No error
(49258) files: Failed resolving UID: No error
(49258) files: Failed resolving UID: No error
(49258) files: Failed resolving UID: No error
(49258) files: Failed resolving UID: No error
(49258)     [files] = noop
(49258) sql: EXPAND %{tolower:%{%{Stripped-User-Name}:-%{%{User-Name}:-none}}}
(49258) sql:    --> 347117
(49258) sql: SQL-User-Name set to '347117'
(49258) sql: EXPAND SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id
(49258) sql:    --> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '347117' ORDER BY id
(49258) sql: Executing select query: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '347117' ORDER BY id
(49258) sql: EXPAND SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority
(49258) sql:    --> SELECT GroupName FROM radusergroup WHERE UserName='347117' ORDER BY priority
(49258) sql: Executing select query: SELECT GroupName FROM radusergroup WHERE UserName='347117' ORDER BY priority
(49258) sql: User not found in any groups
(49258)     [sql] = notfound
(49258)     [expiration] = noop
(49258)     [logintime] = noop
(49258)     if (ok) {
(49258)     if (ok)  -> FALSE
(49258) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type
(49258) pap: WARNING: Authentication will fail unless a "known good" password is available
(49258)     [pap] = noop
(49258)   } # authorize = updated
(49258) Found Auth-Type = eap
(49258) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49258)   authenticate {
(49258) eap: Expiring EAP session with state 0x9e6734429e602efe
(49258) eap: Finished EAP session with state 0x343264483433605b
(49258) eap: Previous EAP request found for state 0x343264483433605b, released from the list
(49258) eap: Peer sent packet with method EAP NAK (3)
(49258) eap: Found mutually acceptable type PEAP (25)
(49258) eap: Calling submodule eap_peap to process data
(49258) eap_peap: Initiating new EAP-TLS session
(49258) eap_peap: [eaptls start] = request
(49258) eap: Sending EAP Request (code 1) ID 2 length 6
(49258) eap: EAP session adding &reply:State = 0x3432644835307d5b
(49258)     [eap] = handled
(49258)   } # authenticate = handled
(49258) Using Post-Auth-Type Challenge
(49258) Post-Auth-Type sub-section not found.  Ignoring.
(49258) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49258) Sent Access-Challenge Id 152 from 10.34.242.3:1812 to 10.34.15.221:1384 length 0
(49258)   EAP-Message = 0x010200061920
(49258)   Message-Authenticator = 0x00000000000000000000000000000000
(49258)   State = 0x3432644835307d5baa04a227c6849a7d
(49258) Finished request
(49259) Received Access-Request Id 153 from 10.34.15.221:1384 to 10.34.242.3:1812 length 326
(49259)   User-Name = "347117"
(49259)   NAS-IP-Address = 10.34.15.221
(49259)   NAS-Port = 2
(49259)   Called-Station-Id = "5C-D9-98-14-37-48:MPDFT"
(49259)   Calling-Station-Id = "48-49-C7-71-79-66"
(49259)   Framed-MTU = 1400
(49259)   NAS-Port-Type = Wireless-802.11
(49259)   Connect-Info = "CONNECT 54Mbps 802.11g"
(49259)   EAP-Message = 0x020200a819800000009e1603010099010000950303262d96da74efd8b3abd9ea487f3eefd244880121eafd4d7ae21333a470c9fa8000003cc02cc030009fc02bc02f009ec00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a00ff010000
(49259)   State = 0x3432644835307d5baa04a227c6849a7d
(49259)   Message-Authenticator = 0x50041aeb08622f23641026170cf40598
(49259) session-state: No cached attributes
(49259) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(49259)   authorize {
(49259)     policy filter_username {
(49259)       if (&User-Name) {
(49259)       if (&User-Name)  -> TRUE
(49259)       if (&User-Name)  {
(49259)         if (&User-Name != "%{tolower:%{User-Name}}") {
(49259)         EXPAND %{tolower:%{User-Name}}
(49259)            --> 347117
(49259)         if (&User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(49259)         if (&User-Name =~ / /) {
(49259)         if (&User-Name =~ / /)  -> FALSE
(49259)         if (&User-Name =~ /@[^@]*@/ ) {
(49259)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(49259)         if (&User-Name =~ /\.\./ ) {
(49259)         if (&User-Name =~ /\.\./ )  -> FALSE
(49259)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(49259)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(49259)         if (&User-Name =~ /\.$/)  {
(49259)         if (&User-Name =~ /\.$/)   -> FALSE
(49259)         if (&User-Name =~ /@\./)  {
(49259)         if (&User-Name =~ /@\./)   -> FALSE
(49259)       } # if (&User-Name)  = notfound
(49259)     } # policy filter_username = notfound
(49259)     [preprocess] = ok
(49259) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail
(49259) auth_log:    --> /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49259) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail expands to /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49259) auth_log: EXPAND %t
(49259) auth_log:    --> Tue Jun 23 11:18:40 2020
(49259)     [auth_log] = ok
(49259)     [chap] = noop
(49259)     [mschap] = noop
(49259)     [digest] = noop
(49259) suffix: Checking for suffix after "@"
(49259) suffix: No '@' in User-Name = "347117", looking up realm NULL
(49259) suffix: No such realm "NULL"
(49259)     [suffix] = noop
(49259) eap: Peer sent EAP Response (code 2) ID 2 length 168
(49259) eap: Continuing tunnel setup
(49259)     [eap] = ok
(49259)   } # authorize = ok
(49259) Found Auth-Type = eap
(49259) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49259)   authenticate {
(49259) eap: Expiring EAP session with state 0x9e6734429e602efe
(49259) eap: Finished EAP session with state 0x3432644835307d5b
(49259) eap: Previous EAP request found for state 0x3432644835307d5b, released from the list
(49259) eap: Peer sent packet with method EAP PEAP (25)
(49259) eap: Calling submodule eap_peap to process data
(49259) eap_peap: Continuing EAP-TLS
(49259) eap_peap: Peer indicated complete TLS record size will be 158 bytes
(49259) eap_peap: Got complete TLS record (158 bytes)
(49259) eap_peap: [eaptls verify] = length included
(49259) eap_peap: (other): before SSL initialization
(49259) eap_peap: TLS_accept: before SSL initialization
(49259) eap_peap: TLS_accept: before SSL initialization
(49259) eap_peap: <<< recv TLS 1.2  [length 0099] 
(49259) eap_peap: TLS_accept: SSLv3/TLS read client hello
(49259) eap_peap: >>> send TLS 1.2  [length 003d] 
(49259) eap_peap: TLS_accept: SSLv3/TLS write server hello
(49259) eap_peap: >>> send TLS 1.2  [length 0309] 
(49259) eap_peap: TLS_accept: SSLv3/TLS write certificate
(49259) eap_peap: >>> send TLS 1.2  [length 014d] 
(49259) eap_peap: TLS_accept: SSLv3/TLS write key exchange
(49259) eap_peap: >>> send TLS 1.2  [length 0004] 
(49259) eap_peap: TLS_accept: SSLv3/TLS write server done
(49259) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
(49259) eap_peap: In SSL Handshake Phase
(49259) eap_peap: In SSL Accept mode
(49259) eap_peap: [eaptls process] = handled
(49259) eap: Sending EAP Request (code 1) ID 3 length 1004
(49259) eap: EAP session adding &reply:State = 0x3432644836317d5b
(49259)     [eap] = handled
(49259)   } # authenticate = handled
(49259) Using Post-Auth-Type Challenge
(49259) Post-Auth-Type sub-section not found.  Ignoring.
(49259) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49259) Sent Access-Challenge Id 153 from 10.34.242.3:1812 to 10.34.15.221:1384 length 0
(49259)   EAP-Message = 0x010303ec19c0000004ab160303003d020000390303f241d7c71827a10f2a9b2a858a6aa1d49a9d9ac5b04e7214afadfd6e9e950a4500c030000011ff01000100000b0004030001020017000016030303090b0003050003020002ff308202fb308201e3a003020102020900c2aeeb1715cab80a300d0609
(49259)   Message-Authenticator = 0x00000000000000000000000000000000
(49259)   State = 0x3432644836317d5baa04a227c6849a7d
(49259) Finished request
(49260) Received Access-Request Id 154 from 10.34.15.221:1384 to 10.34.242.3:1812 length 164
(49260)   User-Name = "347117"
(49260)   NAS-IP-Address = 10.34.15.221
(49260)   NAS-Port = 2
(49260)   Called-Station-Id = "5C-D9-98-14-37-48:MPDFT"
(49260)   Calling-Station-Id = "48-49-C7-71-79-66"
(49260)   Framed-MTU = 1400
(49260)   NAS-Port-Type = Wireless-802.11
(49260)   Connect-Info = "CONNECT 54Mbps 802.11g"
(49260)   EAP-Message = 0x020300061900
(49260)   State = 0x3432644836317d5baa04a227c6849a7d
(49260)   Message-Authenticator = 0x1f873dbabab484975e0fafe17930a45a
(49260) session-state: No cached attributes
(49260) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(49260)   authorize {
(49260)     policy filter_username {
(49260)       if (&User-Name) {
(49260)       if (&User-Name)  -> TRUE
(49260)       if (&User-Name)  {
(49260)         if (&User-Name != "%{tolower:%{User-Name}}") {
(49260)         EXPAND %{tolower:%{User-Name}}
(49260)            --> 347117
(49260)         if (&User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(49260)         if (&User-Name =~ / /) {
(49260)         if (&User-Name =~ / /)  -> FALSE
(49260)         if (&User-Name =~ /@[^@]*@/ ) {
(49260)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(49260)         if (&User-Name =~ /\.\./ ) {
(49260)         if (&User-Name =~ /\.\./ )  -> FALSE
(49260)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(49260)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(49260)         if (&User-Name =~ /\.$/)  {
(49260)         if (&User-Name =~ /\.$/)   -> FALSE
(49260)         if (&User-Name =~ /@\./)  {
(49260)         if (&User-Name =~ /@\./)   -> FALSE
(49260)       } # if (&User-Name)  = notfound
(49260)     } # policy filter_username = notfound
(49260)     [preprocess] = ok
(49260) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail
(49260) auth_log:    --> /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49260) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail expands to /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49260) auth_log: EXPAND %t
(49260) auth_log:    --> Tue Jun 23 11:18:40 2020
(49260)     [auth_log] = ok
(49260)     [chap] = noop
(49260)     [mschap] = noop
(49260)     [digest] = noop
(49260) suffix: Checking for suffix after "@"
(49260) suffix: No '@' in User-Name = "347117", looking up realm NULL
(49260) suffix: No such realm "NULL"
(49260)     [suffix] = noop
(49260) eap: Peer sent EAP Response (code 2) ID 3 length 6
(49260) eap: Continuing tunnel setup
(49260)     [eap] = ok
(49260)   } # authorize = ok
(49260) Found Auth-Type = eap
(49260) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49260)   authenticate {
(49260) eap: Expiring EAP session with state 0x9e6734429e602efe
(49260) eap: Finished EAP session with state 0x3432644836317d5b
(49260) eap: Previous EAP request found for state 0x3432644836317d5b, released from the list
(49260) eap: Peer sent packet with method EAP PEAP (25)
(49260) eap: Calling submodule eap_peap to process data
(49260) eap_peap: Continuing EAP-TLS
(49260) eap_peap: Peer ACKed our handshake fragment
(49260) eap_peap: [eaptls verify] = request
(49260) eap_peap: [eaptls process] = handled
(49260) eap: Sending EAP Request (code 1) ID 4 length 207
(49260) eap: EAP session adding &reply:State = 0x3432644837367d5b
(49260)     [eap] = handled
(49260)   } # authenticate = handled
(49260) Using Post-Auth-Type Challenge
(49260) Post-Auth-Type sub-section not found.  Ignoring.
(49260) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49260) Sent Access-Challenge Id 154 from 10.34.242.3:1812 to 10.34.15.221:1384 length 0
(49260)   EAP-Message = 0x010400cf1900305906ade17209efbcdb1498025ff3d98879761462b514b58ec19daff0e28525b8909274c327a5b9f22c77451d049714cbe1b8e95e49ff1eb91889a006f05bba93c0807640ba9eeb989f8c432facb809700019a772e41794c376b7529859d9e66686b46b10ac8917506a28b5c755f6f8b1
(49260)   Message-Authenticator = 0x00000000000000000000000000000000
(49260)   State = 0x3432644837367d5baa04a227c6849a7d
(49260) Finished request
(49261) Received Access-Request Id 155 from 10.34.15.221:1384 to 10.34.242.3:1812 length 294
(49261)   User-Name = "347117"
(49261)   NAS-IP-Address = 10.34.15.221
(49261)   NAS-Port = 2
(49261)   Called-Station-Id = "5C-D9-98-14-37-48:MPDFT"
(49261)   Calling-Station-Id = "48-49-C7-71-79-66"
(49261)   Framed-MTU = 1400
(49261)   NAS-Port-Type = Wireless-802.11
(49261)   Connect-Info = "CONNECT 54Mbps 802.11g"
(49261)   EAP-Message = 0x0204008819800000007e1603030046100000424104e347c229d4720d030776a26d2195a9d2619346feaa947b8d43fe9fad8481577166a001a8d60a615e17594c4f5d1c555f15ad394a27ea517bd9a9ee202255842914030300010116030300280000000000000000129345887899d05232b771b7479ff7
(49261)   State = 0x3432644837367d5baa04a227c6849a7d
(49261)   Message-Authenticator = 0x8f80e28e4efc8628917e8dcbe18e0622
(49261) session-state: No cached attributes
(49261) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(49261)   authorize {
(49261)     policy filter_username {
(49261)       if (&User-Name) {
(49261)       if (&User-Name)  -> TRUE
(49261)       if (&User-Name)  {
(49261)         if (&User-Name != "%{tolower:%{User-Name}}") {
(49261)         EXPAND %{tolower:%{User-Name}}
(49261)            --> 347117
(49261)         if (&User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(49261)         if (&User-Name =~ / /) {
(49261)         if (&User-Name =~ / /)  -> FALSE
(49261)         if (&User-Name =~ /@[^@]*@/ ) {
(49261)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(49261)         if (&User-Name =~ /\.\./ ) {
(49261)         if (&User-Name =~ /\.\./ )  -> FALSE
(49261)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(49261)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(49261)         if (&User-Name =~ /\.$/)  {
(49261)         if (&User-Name =~ /\.$/)   -> FALSE
(49261)         if (&User-Name =~ /@\./)  {
(49261)         if (&User-Name =~ /@\./)   -> FALSE
(49261)       } # if (&User-Name)  = notfound
(49261)     } # policy filter_username = notfound
(49261)     [preprocess] = ok
(49261) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail
(49261) auth_log:    --> /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49261) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail expands to /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49261) auth_log: EXPAND %t
(49261) auth_log:    --> Tue Jun 23 11:18:40 2020
(49261)     [auth_log] = ok
(49261)     [chap] = noop
(49261)     [mschap] = noop
(49261)     [digest] = noop
(49261) suffix: Checking for suffix after "@"
(49261) suffix: No '@' in User-Name = "347117", looking up realm NULL
(49261) suffix: No such realm "NULL"
(49261)     [suffix] = noop
(49261) eap: Peer sent EAP Response (code 2) ID 4 length 136
(49261) eap: Continuing tunnel setup
(49261)     [eap] = ok
(49261)   } # authorize = ok
(49261) Found Auth-Type = eap
(49261) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49261)   authenticate {
(49261) eap: Expiring EAP session with state 0x9e6734429e602efe
(49261) eap: Finished EAP session with state 0x3432644837367d5b
(49261) eap: Previous EAP request found for state 0x3432644837367d5b, released from the list
(49261) eap: Peer sent packet with method EAP PEAP (25)
(49261) eap: Calling submodule eap_peap to process data
(49261) eap_peap: Continuing EAP-TLS
(49261) eap_peap: Peer indicated complete TLS record size will be 126 bytes
(49261) eap_peap: Got complete TLS record (126 bytes)
(49261) eap_peap: [eaptls verify] = length included
(49261) eap_peap: TLS_accept: SSLv3/TLS write server done
(49261) eap_peap: <<< recv TLS 1.2  [length 0046] 
(49261) eap_peap: TLS_accept: SSLv3/TLS read client key exchange
(49261) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec
(49261) eap_peap: <<< recv TLS 1.2  [length 0010] 
(49261) eap_peap: TLS_accept: SSLv3/TLS read finished
(49261) eap_peap: >>> send TLS 1.2  [length 0001] 
(49261) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec
(49261) eap_peap: >>> send TLS 1.2  [length 0010] 
(49261) eap_peap: TLS_accept: SSLv3/TLS write finished
(49261) eap_peap: (other): SSL negotiation finished successfully
(49261) eap_peap: SSL Connection Established
(49261) eap_peap: [eaptls process] = handled
(49261) eap: Sending EAP Request (code 1) ID 5 length 57
(49261) eap: EAP session adding &reply:State = 0x3432644830377d5b
(49261)     [eap] = handled
(49261)   } # authenticate = handled
(49261) Using Post-Auth-Type Challenge
(49261) Post-Auth-Type sub-section not found.  Ignoring.
(49261) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49261) Sent Access-Challenge Id 155 from 10.34.242.3:1812 to 10.34.15.221:1384 length 0
(49261)   EAP-Message = 0x01050039190014030300010116030300288ad05ce60e5ee56aa8fd940dbf64fb565398577f45d3a8687b23d15f21a95ece7c4c893f88783014
(49261)   Message-Authenticator = 0x00000000000000000000000000000000
(49261)   State = 0x3432644830377d5baa04a227c6849a7d
(49261) Finished request
(49262) Received Access-Request Id 156 from 10.34.15.221:1384 to 10.34.242.3:1812 length 164
(49262)   User-Name = "347117"
(49262)   NAS-IP-Address = 10.34.15.221
(49262)   NAS-Port = 2
(49262)   Called-Station-Id = "5C-D9-98-14-37-48:MPDFT"
(49262)   Calling-Station-Id = "48-49-C7-71-79-66"
(49262)   Framed-MTU = 1400
(49262)   NAS-Port-Type = Wireless-802.11
(49262)   Connect-Info = "CONNECT 54Mbps 802.11g"
(49262)   EAP-Message = 0x020500061900
(49262)   State = 0x3432644830377d5baa04a227c6849a7d
(49262)   Message-Authenticator = 0x9a71a530fc4e39a0cda671f47b038d60
(49262) session-state: No cached attributes
(49262) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(49262)   authorize {
(49262)     policy filter_username {
(49262)       if (&User-Name) {
(49262)       if (&User-Name)  -> TRUE
(49262)       if (&User-Name)  {
(49262)         if (&User-Name != "%{tolower:%{User-Name}}") {
(49262)         EXPAND %{tolower:%{User-Name}}
(49262)            --> 347117
(49262)         if (&User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(49262)         if (&User-Name =~ / /) {
(49262)         if (&User-Name =~ / /)  -> FALSE
(49262)         if (&User-Name =~ /@[^@]*@/ ) {
(49262)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(49262)         if (&User-Name =~ /\.\./ ) {
(49262)         if (&User-Name =~ /\.\./ )  -> FALSE
(49262)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(49262)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(49262)         if (&User-Name =~ /\.$/)  {
(49262)         if (&User-Name =~ /\.$/)   -> FALSE
(49262)         if (&User-Name =~ /@\./)  {
(49262)         if (&User-Name =~ /@\./)   -> FALSE
(49262)       } # if (&User-Name)  = notfound
(49262)     } # policy filter_username = notfound
(49262)     [preprocess] = ok
(49262) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail
(49262) auth_log:    --> /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49262) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail expands to /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49262) auth_log: EXPAND %t
(49262) auth_log:    --> Tue Jun 23 11:18:40 2020
(49262)     [auth_log] = ok
(49262)     [chap] = noop
(49262)     [mschap] = noop
(49262)     [digest] = noop
(49262) suffix: Checking for suffix after "@"
(49262) suffix: No '@' in User-Name = "347117", looking up realm NULL
(49262) suffix: No such realm "NULL"
(49262)     [suffix] = noop
(49262) eap: Peer sent EAP Response (code 2) ID 5 length 6
(49262) eap: Continuing tunnel setup
(49262)     [eap] = ok
(49262)   } # authorize = ok
(49262) Found Auth-Type = eap
(49262) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49262)   authenticate {
(49262) eap: Expiring EAP session with state 0x9e6734429e602efe
(49262) eap: Finished EAP session with state 0x3432644830377d5b
(49262) eap: Previous EAP request found for state 0x3432644830377d5b, released from the list
(49262) eap: Peer sent packet with method EAP PEAP (25)
(49262) eap: Calling submodule eap_peap to process data
(49262) eap_peap: Continuing EAP-TLS
(49262) eap_peap: Peer ACKed our handshake fragment.  handshake is finished
(49262) eap_peap: [eaptls verify] = success
(49262) eap_peap: [eaptls process] = success
(49262) eap_peap: Session established.  Decoding tunneled attributes
(49262) eap_peap: PEAP state TUNNEL ESTABLISHED
(49262) eap: Sending EAP Request (code 1) ID 6 length 40
(49262) eap: EAP session adding &reply:State = 0x3432644831347d5b
(49262)     [eap] = handled
(49262)   } # authenticate = handled
(49262) Using Post-Auth-Type Challenge
(49262) Post-Auth-Type sub-section not found.  Ignoring.
(49262) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49262) Sent Access-Challenge Id 156 from 10.34.242.3:1812 to 10.34.15.221:1384 length 0
(49262)   EAP-Message = 0x010600281900170303001d8ad05ce60e5ee56b04ae2e2e3b80438ad90309abe6117ae0e5da1b62b4
(49262)   Message-Authenticator = 0x00000000000000000000000000000000
(49262)   State = 0x3432644831347d5baa04a227c6849a7d
(49262) Finished request
(49263) Received Access-Request Id 157 from 10.34.15.221:1384 to 10.34.242.3:1812 length 210
(49263)   User-Name = "347117"
(49263)   NAS-IP-Address = 10.34.15.221
(49263)   NAS-Port = 2
(49263)   Called-Station-Id = "5C-D9-98-14-37-48:MPDFT"
(49263)   Calling-Station-Id = "48-49-C7-71-79-66"
(49263)   Framed-MTU = 1400
(49263)   NAS-Port-Type = Wireless-802.11
(49263)   Connect-Info = "CONNECT 54Mbps 802.11g"
(49263)   EAP-Message = 0x0206003419001703030029000000000000000128fd4cc44d77dddfae0f69a41d8c6d206cad6d4b0935736eb8e7051c2e6845eeff
(49263)   State = 0x3432644831347d5baa04a227c6849a7d
(49263)   Message-Authenticator = 0x8eb9fb4fd0d08a9bab42661adcc8d699
(49263) session-state: No cached attributes
(49263) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(49263)   authorize {
(49263)     policy filter_username {
(49263)       if (&User-Name) {
(49263)       if (&User-Name)  -> TRUE
(49263)       if (&User-Name)  {
(49263)         if (&User-Name != "%{tolower:%{User-Name}}") {
(49263)         EXPAND %{tolower:%{User-Name}}
(49263)            --> 347117
(49263)         if (&User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(49263)         if (&User-Name =~ / /) {
(49263)         if (&User-Name =~ / /)  -> FALSE
(49263)         if (&User-Name =~ /@[^@]*@/ ) {
(49263)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(49263)         if (&User-Name =~ /\.\./ ) {
(49263)         if (&User-Name =~ /\.\./ )  -> FALSE
(49263)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(49263)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(49263)         if (&User-Name =~ /\.$/)  {
(49263)         if (&User-Name =~ /\.$/)   -> FALSE
(49263)         if (&User-Name =~ /@\./)  {
(49263)         if (&User-Name =~ /@\./)   -> FALSE
(49263)       } # if (&User-Name)  = notfound
(49263)     } # policy filter_username = notfound
(49263)     [preprocess] = ok
(49263) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail
(49263) auth_log:    --> /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49263) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail expands to /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49263) auth_log: EXPAND %t
(49263) auth_log:    --> Tue Jun 23 11:18:40 2020
(49263)     [auth_log] = ok
(49263)     [chap] = noop
(49263)     [mschap] = noop
(49263)     [digest] = noop
(49263) suffix: Checking for suffix after "@"
(49263) suffix: No '@' in User-Name = "347117", looking up realm NULL
(49263) suffix: No such realm "NULL"
(49263)     [suffix] = noop
(49263) eap: Peer sent EAP Response (code 2) ID 6 length 52
(49263) eap: Continuing tunnel setup
(49263)     [eap] = ok
(49263)   } # authorize = ok
(49263) Found Auth-Type = eap
(49263) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49263)   authenticate {
(49263) eap: Expiring EAP session with state 0x9e6734429e602efe
(49263) eap: Finished EAP session with state 0x3432644831347d5b
(49263) eap: Previous EAP request found for state 0x3432644831347d5b, released from the list
(49263) eap: Peer sent packet with method EAP PEAP (25)
(49263) eap: Calling submodule eap_peap to process data
(49263) eap_peap: Continuing EAP-TLS
(49263) eap_peap: [eaptls verify] = ok
(49263) eap_peap: Done initial handshake
(49263) eap_peap: [eaptls process] = ok
(49263) eap_peap: Session established.  Decoding tunneled attributes
(49263) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(49263) eap_peap: Identity - luciana.nogueira
(49263) eap_peap: Got inner identity 'luciana.nogueira'
(49263) eap_peap: Setting default EAP type for tunneled EAP session
(49263) eap_peap: Got tunneled request
(49263) eap_peap:   EAP-Message = 0x02060015016c756369616e612e6e6f677565697261
(49263) eap_peap: Setting User-Name to luciana.nogueira
(49263) eap_peap: Sending tunneled request to inner-tunnel
(49263) eap_peap:   EAP-Message = 0x02060015016c756369616e612e6e6f677565697261
(49263) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
(49263) eap_peap:   User-Name = "luciana.nogueira"
(49263) Virtual server inner-tunnel received request
(49263)   EAP-Message = 0x02060015016c756369616e612e6e6f677565697261
(49263)   FreeRADIUS-Proxied-To = 127.0.0.1
(49263)   User-Name = "luciana.nogueira"
(49263) WARNING: Outer User-Name is not anonymized.  User privacy is compromised.
(49263) server inner-tunnel {
(49263)   # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(49263)     authorize {
(49263)       policy filter_username {
(49263)         if (&User-Name) {
(49263)         if (&User-Name)  -> TRUE
(49263)         if (&User-Name)  {
(49263)           if (&User-Name != "%{tolower:%{User-Name}}") {
(49263)           EXPAND %{tolower:%{User-Name}}
(49263)              --> luciana.nogueira
(49263)           if (&User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(49263)           if (&User-Name =~ / /) {
(49263)           if (&User-Name =~ / /)  -> FALSE
(49263)           if (&User-Name =~ /@[^@]*@/ ) {
(49263)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(49263)           if (&User-Name =~ /\.\./ ) {
(49263)           if (&User-Name =~ /\.\./ )  -> FALSE
(49263)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(49263)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(49263)           if (&User-Name =~ /\.$/)  {
(49263)           if (&User-Name =~ /\.$/)   -> FALSE
(49263)           if (&User-Name =~ /@\./)  {
(49263)           if (&User-Name =~ /@\./)   -> FALSE
(49263)         } # if (&User-Name)  = notfound
(49263)       } # policy filter_username = notfound
(49263)       [chap] = noop
(49263)       [mschap] = noop
(49263) suffix: Checking for suffix after "@"
(49263) suffix: No '@' in User-Name = "luciana.nogueira", looking up realm NULL
(49263) suffix: No such realm "NULL"
(49263)       [suffix] = noop
(49263)       update control {
(49263)         &Proxy-To-Realm := LOCAL
(49263)       } # update control = noop
(49263) eap: Peer sent EAP Response (code 2) ID 6 length 21
(49263) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(49263)       [eap] = ok
(49263)     } # authorize = ok
(49263)   Found Auth-Type = eap
(49263)   # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(49263)     authenticate {
(49263) eap: Peer sent packet with method EAP Identity (1)
(49263) eap: Calling submodule eap_mschapv2 to process data
(49263) eap_mschapv2: Issuing Challenge
(49263) eap: Sending EAP Request (code 1) ID 7 length 43
(49263) eap: EAP session adding &reply:State = 0x214671d321416b6e
(49263)       [eap] = handled
(49263)     } # authenticate = handled
(49263) } # server inner-tunnel
(49263) Virtual server sending reply
(49263)   EAP-Message = 0x0107002b1a01070026109a0612b5b180d839a6e75523a82f49ec667265657261646975732d332e302e3132
(49263)   Message-Authenticator = 0x00000000000000000000000000000000
(49263)   State = 0x214671d321416b6e6c123acd822f47ac
(49263) eap_peap: Got tunneled reply code 11
(49263) eap_peap:   EAP-Message = 0x0107002b1a01070026109a0612b5b180d839a6e75523a82f49ec667265657261646975732d332e302e3132
(49263) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(49263) eap_peap:   State = 0x214671d321416b6e6c123acd822f47ac
(49263) eap_peap: Got tunneled reply RADIUS code 11
(49263) eap_peap:   EAP-Message = 0x0107002b1a01070026109a0612b5b180d839a6e75523a82f49ec667265657261646975732d332e302e3132
(49263) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(49263) eap_peap:   State = 0x214671d321416b6e6c123acd822f47ac
(49263) eap_peap: Got tunneled Access-Challenge
(49263) eap: Sending EAP Request (code 1) ID 7 length 74
(49263) eap: EAP session adding &reply:State = 0x3432644832357d5b
(49263)     [eap] = handled
(49263)   } # authenticate = handled
(49263) Using Post-Auth-Type Challenge
(49263) Post-Auth-Type sub-section not found.  Ignoring.
(49263) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49263) Sent Access-Challenge Id 157 from 10.34.242.3:1812 to 10.34.15.221:1384 length 0
(49263)   EAP-Message = 0x0107004a1900170303003f8ad05ce60e5ee56c153fb28473439215526db8736ab97058edf5170bf7b140e9d16783b78ce6e18c1cb2d3fa04bb51df1ecdc736140a04d7d4e797dc3229c3
(49263)   Message-Authenticator = 0x00000000000000000000000000000000
(49263)   State = 0x3432644832357d5baa04a227c6849a7d
(49263) Finished request
(49264) Received Access-Request Id 158 from 10.34.15.221:1384 to 10.34.242.3:1812 length 264
(49264)   User-Name = "347117"
(49264)   NAS-IP-Address = 10.34.15.221
(49264)   NAS-Port = 2
(49264)   Called-Station-Id = "5C-D9-98-14-37-48:MPDFT"
(49264)   Calling-Station-Id = "48-49-C7-71-79-66"
(49264)   Framed-MTU = 1400
(49264)   NAS-Port-Type = Wireless-802.11
(49264)   Connect-Info = "CONNECT 54Mbps 802.11g"
(49264)   EAP-Message = 0x0207006a1900170303005f0000000000000002d9c7a4e9ae59cfe3d90af91aa0aee002c3b4dc78422285bc88a8e33d7ffa1e58aa98f6fac7d72b4dbffe3a3b4aeccaeaa42df4ab91e78e2aeee31026e98609cd8b51b88663710a6bb29088279292a2cb18a4259c051294
(49264)   State = 0x3432644832357d5baa04a227c6849a7d
(49264)   Message-Authenticator = 0x4b17fd5d5a9b8fd97344948d8a46de86
(49264) session-state: No cached attributes
(49264) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(49264)   authorize {
(49264)     policy filter_username {
(49264)       if (&User-Name) {
(49264)       if (&User-Name)  -> TRUE
(49264)       if (&User-Name)  {
(49264)         if (&User-Name != "%{tolower:%{User-Name}}") {
(49264)         EXPAND %{tolower:%{User-Name}}
(49264)            --> 347117
(49264)         if (&User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(49264)         if (&User-Name =~ / /) {
(49264)         if (&User-Name =~ / /)  -> FALSE
(49264)         if (&User-Name =~ /@[^@]*@/ ) {
(49264)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(49264)         if (&User-Name =~ /\.\./ ) {
(49264)         if (&User-Name =~ /\.\./ )  -> FALSE
(49264)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(49264)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(49264)         if (&User-Name =~ /\.$/)  {
(49264)         if (&User-Name =~ /\.$/)   -> FALSE
(49264)         if (&User-Name =~ /@\./)  {
(49264)         if (&User-Name =~ /@\./)   -> FALSE
(49264)       } # if (&User-Name)  = notfound
(49264)     } # policy filter_username = notfound
(49264)     [preprocess] = ok
(49264) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail
(49264) auth_log:    --> /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49264) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail expands to /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49264) auth_log: EXPAND %t
(49264) auth_log:    --> Tue Jun 23 11:18:40 2020
(49264)     [auth_log] = ok
(49264)     [chap] = noop
(49264)     [mschap] = noop
(49264)     [digest] = noop
(49264) suffix: Checking for suffix after "@"
(49264) suffix: No '@' in User-Name = "347117", looking up realm NULL
(49264) suffix: No such realm "NULL"
(49264)     [suffix] = noop
(49264) eap: Peer sent EAP Response (code 2) ID 7 length 106
(49264) eap: Continuing tunnel setup
(49264)     [eap] = ok
(49264)   } # authorize = ok
(49264) Found Auth-Type = eap
(49264) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49264)   authenticate {
(49264) eap: Expiring EAP session with state 0x9e6734429e602efe
(49264) eap: Finished EAP session with state 0x3432644832357d5b
(49264) eap: Previous EAP request found for state 0x3432644832357d5b, released from the list
(49264) eap: Peer sent packet with method EAP PEAP (25)
(49264) eap: Calling submodule eap_peap to process data
(49264) eap_peap: Continuing EAP-TLS
(49264) eap_peap: [eaptls verify] = ok
(49264) eap_peap: Done initial handshake
(49264) eap_peap: [eaptls process] = ok
(49264) eap_peap: Session established.  Decoding tunneled attributes
(49264) eap_peap: PEAP state phase2
(49264) eap_peap: EAP method MSCHAPv2 (26)
(49264) eap_peap: Got tunneled request
(49264) eap_peap:   EAP-Message = 0x0207004b1a02070046317d5d43a19660ebbee7c397f7438f711a00000000000000004fa6868fa93a73fa085c7782f38db715816854ca6d1cc81b006c756369616e612e6e6f677565697261
(49264) eap_peap: Setting User-Name to luciana.nogueira
(49264) eap_peap: Sending tunneled request to inner-tunnel
(49264) eap_peap:   EAP-Message = 0x0207004b1a02070046317d5d43a19660ebbee7c397f7438f711a00000000000000004fa6868fa93a73fa085c7782f38db715816854ca6d1cc81b006c756369616e612e6e6f677565697261
(49264) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
(49264) eap_peap:   User-Name = "luciana.nogueira"
(49264) eap_peap:   State = 0x214671d321416b6e6c123acd822f47ac
(49264) Virtual server inner-tunnel received request
(49264)   EAP-Message = 0x0207004b1a02070046317d5d43a19660ebbee7c397f7438f711a00000000000000004fa6868fa93a73fa085c7782f38db715816854ca6d1cc81b006c756369616e612e6e6f677565697261
(49264)   FreeRADIUS-Proxied-To = 127.0.0.1
(49264)   User-Name = "luciana.nogueira"
(49264)   State = 0x214671d321416b6e6c123acd822f47ac
(49264) WARNING: Outer User-Name is not anonymized.  User privacy is compromised.
(49264) server inner-tunnel {
(49264)   session-state: No cached attributes
(49264)   # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(49264)     authorize {
(49264)       policy filter_username {
(49264)         if (&User-Name) {
(49264)         if (&User-Name)  -> TRUE
(49264)         if (&User-Name)  {
(49264)           if (&User-Name != "%{tolower:%{User-Name}}") {
(49264)           EXPAND %{tolower:%{User-Name}}
(49264)              --> luciana.nogueira
(49264)           if (&User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(49264)           if (&User-Name =~ / /) {
(49264)           if (&User-Name =~ / /)  -> FALSE
(49264)           if (&User-Name =~ /@[^@]*@/ ) {
(49264)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(49264)           if (&User-Name =~ /\.\./ ) {
(49264)           if (&User-Name =~ /\.\./ )  -> FALSE
(49264)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(49264)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(49264)           if (&User-Name =~ /\.$/)  {
(49264)           if (&User-Name =~ /\.$/)   -> FALSE
(49264)           if (&User-Name =~ /@\./)  {
(49264)           if (&User-Name =~ /@\./)   -> FALSE
(49264)         } # if (&User-Name)  = notfound
(49264)       } # policy filter_username = notfound
(49264)       [chap] = noop
(49264)       [mschap] = noop
(49264) suffix: Checking for suffix after "@"
(49264) suffix: No '@' in User-Name = "luciana.nogueira", looking up realm NULL
(49264) suffix: No such realm "NULL"
(49264)       [suffix] = noop
(49264)       update control {
(49264)         &Proxy-To-Realm := LOCAL
(49264)       } # update control = noop
(49264) eap: Peer sent EAP Response (code 2) ID 7 length 75
(49264) eap: No EAP Start, assuming it's an on-going EAP conversation
(49264)       [eap] = updated
(49264) files: users: Matched entry DEFAULT at line 90
(49264)       [files] = ok
(49264) sql: EXPAND %{tolower:%{%{Stripped-User-Name}:-%{%{User-Name}:-none}}}
(49264) sql:    --> luciana.nogueira
(49264) sql: SQL-User-Name set to 'luciana.nogueira'
(49264) sql: EXPAND SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id
(49264) sql:    --> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'luciana.nogueira' ORDER BY id
(49264) sql: Executing select query: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'luciana.nogueira' ORDER BY id
(49264) sql: EXPAND SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority
(49264) sql:    --> SELECT GroupName FROM radusergroup WHERE UserName='luciana.nogueira' ORDER BY priority
(49264) sql: Executing select query: SELECT GroupName FROM radusergroup WHERE UserName='luciana.nogueira' ORDER BY priority
(49264) sql: User not found in any groups
(49264)       [sql] = notfound
(49264)       [expiration] = noop
(49264)       [logintime] = noop
(49264)       [pap] = noop
(49264)     } # authorize = updated
(49264)   Found Auth-Type = eap
(49264)   # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(49264)     authenticate {
(49264) eap: Expiring EAP session with state 0x9e6734429e602efe
(49264) eap: Finished EAP session with state 0x214671d321416b6e
(49264) eap: Previous EAP request found for state 0x214671d321416b6e, released from the list
(49264) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(49264) eap: Calling submodule eap_mschapv2 to process data
(49264) eap_mschapv2: # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(49264) eap_mschapv2:   authenticate {
(49264) mschap: Creating challenge hash with username: luciana.nogueira
(49264) mschap: Client is using MS-CHAPv2
(49264) mschap: EXPAND %{mschap:User-Name}
(49264) mschap:    --> luciana.nogueira
(49264) mschap: ERROR: No NT-Domain was found in the User-Name
(49264) mschap: EXPAND %{mschap:NT-Domain}
(49264) mschap:    --> 
(49264) mschap: sending authentication request user='luciana.nogueira' domain=''
(49264) mschap: Authenticated successfully
(49264) mschap: Adding MS-CHAPv2 MPPE keys
(49264)     [mschap] = ok
(49264)   } # authenticate = ok
(49264) MSCHAP Success
(49264) eap: Sending EAP Request (code 1) ID 8 length 51
(49264) eap: EAP session adding &reply:State = 0x214671d3204e6b6e
(49264)       [eap] = handled
(49264)     } # authenticate = handled
(49264) } # server inner-tunnel
(49264) Virtual server sending reply
(49264)   Idle-Timeout = 300
(49264)   EAP-Message = 0x010800331a0307002e533d37324435314333433134354231383437464635313334414535453342374531304436323434453630
(49264)   Message-Authenticator = 0x00000000000000000000000000000000
(49264)   State = 0x214671d3204e6b6e6c123acd822f47ac
(49264) eap_peap: Got tunneled reply code 11
(49264) eap_peap:   Idle-Timeout = 300
(49264) eap_peap:   EAP-Message = 0x010800331a0307002e533d37324435314333433134354231383437464635313334414535453342374531304436323434453630
(49264) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(49264) eap_peap:   State = 0x214671d3204e6b6e6c123acd822f47ac
(49264) eap_peap: Got tunneled reply RADIUS code 11
(49264) eap_peap:   Idle-Timeout = 300
(49264) eap_peap:   EAP-Message = 0x010800331a0307002e533d37324435314333433134354231383437464635313334414535453342374531304436323434453630
(49264) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(49264) eap_peap:   State = 0x214671d3204e6b6e6c123acd822f47ac
(49264) eap_peap: Got tunneled Access-Challenge
(49264) eap: Sending EAP Request (code 1) ID 8 length 82
(49264) eap: EAP session adding &reply:State = 0x34326448333a7d5b
(49264)     [eap] = handled
(49264)   } # authenticate = handled
(49264) Using Post-Auth-Type Challenge
(49264) Post-Auth-Type sub-section not found.  Ignoring.
(49264) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49264) Sent Access-Challenge Id 158 from 10.34.242.3:1812 to 10.34.15.221:1384 length 0
(49264)   EAP-Message = 0x01080052190017030300478ad05ce60e5ee56dce23340a3be2c962cc4f7d1ee8e7ae9aef666bf4fac4aa03796c641f3b59020ff440d471af287ef622a0fb7b6e3775db7348671ab310c104c57ca5045628d7
(49264)   Message-Authenticator = 0x00000000000000000000000000000000
(49264)   State = 0x34326448333a7d5baa04a227c6849a7d
(49264) Finished request
(49265) Received Access-Request Id 159 from 10.34.15.221:1384 to 10.34.242.3:1812 length 195
(49265)   User-Name = "347117"
(49265)   NAS-IP-Address = 10.34.15.221
(49265)   NAS-Port = 2
(49265)   Called-Station-Id = "5C-D9-98-14-37-48:MPDFT"
(49265)   Calling-Station-Id = "48-49-C7-71-79-66"
(49265)   Framed-MTU = 1400
(49265)   NAS-Port-Type = Wireless-802.11
(49265)   Connect-Info = "CONNECT 54Mbps 802.11g"
(49265)   EAP-Message = 0x020800251900170303001a00000000000000031247ab59722d1f524f21b21b65b88b21dc63
(49265)   State = 0x34326448333a7d5baa04a227c6849a7d
(49265)   Message-Authenticator = 0x4e23dd00e538823df81cfcd85802e7d5
(49265) session-state: No cached attributes
(49265) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(49265)   authorize {
(49265)     policy filter_username {
(49265)       if (&User-Name) {
(49265)       if (&User-Name)  -> TRUE
(49265)       if (&User-Name)  {
(49265)         if (&User-Name != "%{tolower:%{User-Name}}") {
(49265)         EXPAND %{tolower:%{User-Name}}
(49265)            --> 347117
(49265)         if (&User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(49265)         if (&User-Name =~ / /) {
(49265)         if (&User-Name =~ / /)  -> FALSE
(49265)         if (&User-Name =~ /@[^@]*@/ ) {
(49265)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(49265)         if (&User-Name =~ /\.\./ ) {
(49265)         if (&User-Name =~ /\.\./ )  -> FALSE
(49265)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(49265)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(49265)         if (&User-Name =~ /\.$/)  {
(49265)         if (&User-Name =~ /\.$/)   -> FALSE
(49265)         if (&User-Name =~ /@\./)  {
(49265)         if (&User-Name =~ /@\./)   -> FALSE
(49265)       } # if (&User-Name)  = notfound
(49265)     } # policy filter_username = notfound
(49265)     [preprocess] = ok
(49265) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail
(49265) auth_log:    --> /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49265) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail expands to /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49265) auth_log: EXPAND %t
(49265) auth_log:    --> Tue Jun 23 11:18:40 2020
(49265)     [auth_log] = ok
(49265)     [chap] = noop
(49265)     [mschap] = noop
(49265)     [digest] = noop
(49265) suffix: Checking for suffix after "@"
(49265) suffix: No '@' in User-Name = "347117", looking up realm NULL
(49265) suffix: No such realm "NULL"
(49265)     [suffix] = noop
(49265) eap: Peer sent EAP Response (code 2) ID 8 length 37
(49265) eap: Continuing tunnel setup
(49265)     [eap] = ok
(49265)   } # authorize = ok
(49265) Found Auth-Type = eap
(49265) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49265)   authenticate {
(49265) eap: Expiring EAP session with state 0x9e6734429e602efe
(49265) eap: Finished EAP session with state 0x34326448333a7d5b
(49265) eap: Previous EAP request found for state 0x34326448333a7d5b, released from the list
(49265) eap: Peer sent packet with method EAP PEAP (25)
(49265) eap: Calling submodule eap_peap to process data
(49265) eap_peap: Continuing EAP-TLS
(49265) eap_peap: [eaptls verify] = ok
(49265) eap_peap: Done initial handshake
(49265) eap_peap: [eaptls process] = ok
(49265) eap_peap: Session established.  Decoding tunneled attributes
(49265) eap_peap: PEAP state phase2
(49265) eap_peap: EAP method MSCHAPv2 (26)
(49265) eap_peap: Got tunneled request
(49265) eap_peap:   EAP-Message = 0x020800061a03
(49265) eap_peap: Setting User-Name to luciana.nogueira
(49265) eap_peap: Sending tunneled request to inner-tunnel
(49265) eap_peap:   EAP-Message = 0x020800061a03
(49265) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
(49265) eap_peap:   User-Name = "luciana.nogueira"
(49265) eap_peap:   State = 0x214671d3204e6b6e6c123acd822f47ac
(49265) Virtual server inner-tunnel received request
(49265)   EAP-Message = 0x020800061a03
(49265)   FreeRADIUS-Proxied-To = 127.0.0.1
(49265)   User-Name = "luciana.nogueira"
(49265)   State = 0x214671d3204e6b6e6c123acd822f47ac
(49265) WARNING: Outer User-Name is not anonymized.  User privacy is compromised.
(49265) server inner-tunnel {
(49265)   session-state: No cached attributes
(49265)   # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(49265)     authorize {
(49265)       policy filter_username {
(49265)         if (&User-Name) {
(49265)         if (&User-Name)  -> TRUE
(49265)         if (&User-Name)  {
(49265)           if (&User-Name != "%{tolower:%{User-Name}}") {
(49265)           EXPAND %{tolower:%{User-Name}}
(49265)              --> luciana.nogueira
(49265)           if (&User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(49265)           if (&User-Name =~ / /) {
(49265)           if (&User-Name =~ / /)  -> FALSE
(49265)           if (&User-Name =~ /@[^@]*@/ ) {
(49265)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(49265)           if (&User-Name =~ /\.\./ ) {
(49265)           if (&User-Name =~ /\.\./ )  -> FALSE
(49265)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(49265)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(49265)           if (&User-Name =~ /\.$/)  {
(49265)           if (&User-Name =~ /\.$/)   -> FALSE
(49265)           if (&User-Name =~ /@\./)  {
(49265)           if (&User-Name =~ /@\./)   -> FALSE
(49265)         } # if (&User-Name)  = notfound
(49265)       } # policy filter_username = notfound
(49265)       [chap] = noop
(49265)       [mschap] = noop
(49265) suffix: Checking for suffix after "@"
(49265) suffix: No '@' in User-Name = "luciana.nogueira", looking up realm NULL
(49265) suffix: No such realm "NULL"
(49265)       [suffix] = noop
(49265)       update control {
(49265)         &Proxy-To-Realm := LOCAL
(49265)       } # update control = noop
(49265) eap: Peer sent EAP Response (code 2) ID 8 length 6
(49265) eap: No EAP Start, assuming it's an on-going EAP conversation
(49265)       [eap] = updated
(49265) files: users: Matched entry DEFAULT at line 90
(49265)       [files] = ok
(49265) sql: EXPAND %{tolower:%{%{Stripped-User-Name}:-%{%{User-Name}:-none}}}
(49265) sql:    --> luciana.nogueira
(49265) sql: SQL-User-Name set to 'luciana.nogueira'
(49265) sql: EXPAND SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id
(49265) sql:    --> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'luciana.nogueira' ORDER BY id
(49265) sql: Executing select query: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'luciana.nogueira' ORDER BY id
(49265) sql: EXPAND SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority
(49265) sql:    --> SELECT GroupName FROM radusergroup WHERE UserName='luciana.nogueira' ORDER BY priority
(49265) sql: Executing select query: SELECT GroupName FROM radusergroup WHERE UserName='luciana.nogueira' ORDER BY priority
(49265) sql: User not found in any groups
(49265)       [sql] = notfound
(49265)       [expiration] = noop
(49265)       [logintime] = noop
(49265)       [pap] = noop
(49265)     } # authorize = updated
(49265)   Found Auth-Type = eap
(49265)   # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(49265)     authenticate {
(49265) eap: Expiring EAP session with state 0x9e6734429e602efe
(49265) eap: Finished EAP session with state 0x214671d3204e6b6e
(49265) eap: Previous EAP request found for state 0x214671d3204e6b6e, released from the list
(49265) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(49265) eap: Calling submodule eap_mschapv2 to process data
(49265) eap: Sending EAP Success (code 3) ID 8 length 4
(49265) eap: Freeing handler
(49265)       [eap] = ok
(49265)     } # authenticate = ok
(49265)   # Executing section session from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(49265)     session {
(49265) sql: EXPAND %{tolower:%{%{Stripped-User-Name}:-%{%{User-Name}:-none}}}
(49265) sql:    --> luciana.nogueira
(49265) sql: SQL-User-Name set to 'luciana.nogueira'
(49265) sql: EXPAND SELECT COUNT(distinct callingstationid) FROM radacct WHERE UserName='%{SQL-User-Name}' AND CallingStationId<>'%{outer.request:Calling-Station-Id}' AND AcctStopTime IS NULL
(49265) sql:    --> SELECT COUNT(distinct callingstationid) FROM radacct WHERE UserName='luciana.nogueira' AND CallingStationId<>'48-49-C7-71-79-66' AND AcctStopTime IS NULL
(49265) sql: Executing select query: SELECT COUNT(distinct callingstationid) FROM radacct WHERE UserName='luciana.nogueira' AND CallingStationId<>'48-49-C7-71-79-66' AND AcctStopTime IS NULL
(49265)       [sql] = ok
(49265)     } # session = ok
(49265)   # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(49265)     post-auth {
(49265) reply_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail
(49265) reply_log:    --> /var/log/freeradius/radacct/10.34.15.221/reply-detail
(49265) reply_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail expands to /var/log/freeradius/radacct/10.34.15.221/reply-detail
(49265) reply_log: EXPAND %t
(49265) reply_log:    --> Tue Jun 23 11:18:40 2020
(49265)       [reply_log] = ok
(49265)     } # post-auth = ok
(49265)   Login OK: [luciana.nogueira] (from client AP-SD1-A03-Q01 port 0 via TLS tunnel)
(49265) } # server inner-tunnel
(49265) Virtual server sending reply
(49265)   Idle-Timeout = 300
(49265)   MS-MPPE-Encryption-Policy = Encryption-Allowed
(49265)   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(49265)   MS-MPPE-Send-Key = 0x0442265aeb85be20654b653f432e0880
(49265)   MS-MPPE-Recv-Key = 0x1e4c074598ed6ae313dab160b53e5d6c
(49265)   EAP-Message = 0x03080004
(49265)   Message-Authenticator = 0x00000000000000000000000000000000
(49265)   User-Name = "luciana.nogueira"
(49265) eap_peap: Got tunneled reply code 2
(49265) eap_peap:   Idle-Timeout = 300
(49265) eap_peap:   MS-MPPE-Encryption-Policy = Encryption-Allowed
(49265) eap_peap:   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(49265) eap_peap:   MS-MPPE-Send-Key = 0x0442265aeb85be20654b653f432e0880
(49265) eap_peap:   MS-MPPE-Recv-Key = 0x1e4c074598ed6ae313dab160b53e5d6c
(49265) eap_peap:   EAP-Message = 0x03080004
(49265) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(49265) eap_peap:   User-Name = "luciana.nogueira"
(49265) eap_peap: Got tunneled reply RADIUS code 2
(49265) eap_peap:   Idle-Timeout = 300
(49265) eap_peap:   MS-MPPE-Encryption-Policy = Encryption-Allowed
(49265) eap_peap:   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(49265) eap_peap:   MS-MPPE-Send-Key = 0x0442265aeb85be20654b653f432e0880
(49265) eap_peap:   MS-MPPE-Recv-Key = 0x1e4c074598ed6ae313dab160b53e5d6c
(49265) eap_peap:   EAP-Message = 0x03080004
(49265) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(49265) eap_peap:   User-Name = "luciana.nogueira"
(49265) eap_peap: Tunneled authentication was successful
(49265) eap_peap: SUCCESS
(49265) eap: Sending EAP Request (code 1) ID 9 length 46
(49265) eap: EAP session adding &reply:State = 0x343264483c3b7d5b
(49265)     [eap] = handled
(49265)   } # authenticate = handled
(49265) Using Post-Auth-Type Challenge
(49265) Post-Auth-Type sub-section not found.  Ignoring.
(49265) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49265) Sent Access-Challenge Id 159 from 10.34.242.3:1812 to 10.34.15.221:1384 length 0
(49265)   EAP-Message = 0x0109002e190017030300238ad05ce60e5ee56e3f85995ad4d9fa3e7353121ef0323fdf5e8a60cf3b9b554a80d3dd
(49265)   Message-Authenticator = 0x00000000000000000000000000000000
(49265)   State = 0x343264483c3b7d5baa04a227c6849a7d
(49265) Finished request
(49266) Received Access-Request Id 160 from 10.34.15.221:1384 to 10.34.242.3:1812 length 204
(49266)   User-Name = "347117"
(49266)   NAS-IP-Address = 10.34.15.221
(49266)   NAS-Port = 2
(49266)   Called-Station-Id = "5C-D9-98-14-37-48:MPDFT"
(49266)   Calling-Station-Id = "48-49-C7-71-79-66"
(49266)   Framed-MTU = 1400
(49266)   NAS-Port-Type = Wireless-802.11
(49266)   Connect-Info = "CONNECT 54Mbps 802.11g"
(49266)   EAP-Message = 0x0209002e190017030300230000000000000004c778ad733d5b70db3716819554f83810f465ba77cd7845e575c9ff
(49266)   State = 0x343264483c3b7d5baa04a227c6849a7d
(49266)   Message-Authenticator = 0x855882f09e771e57421e4a41f6ea470c
(49266) session-state: No cached attributes
(49266) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(49266)   authorize {
(49266)     policy filter_username {
(49266)       if (&User-Name) {
(49266)       if (&User-Name)  -> TRUE
(49266)       if (&User-Name)  {
(49266)         if (&User-Name != "%{tolower:%{User-Name}}") {
(49266)         EXPAND %{tolower:%{User-Name}}
(49266)            --> 347117
(49266)         if (&User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(49266)         if (&User-Name =~ / /) {
(49266)         if (&User-Name =~ / /)  -> FALSE
(49266)         if (&User-Name =~ /@[^@]*@/ ) {
(49266)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(49266)         if (&User-Name =~ /\.\./ ) {
(49266)         if (&User-Name =~ /\.\./ )  -> FALSE
(49266)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(49266)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(49266)         if (&User-Name =~ /\.$/)  {
(49266)         if (&User-Name =~ /\.$/)   -> FALSE
(49266)         if (&User-Name =~ /@\./)  {
(49266)         if (&User-Name =~ /@\./)   -> FALSE
(49266)       } # if (&User-Name)  = notfound
(49266)     } # policy filter_username = notfound
(49266)     [preprocess] = ok
(49266) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail
(49266) auth_log:    --> /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49266) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail expands to /var/log/freeradius/radacct/10.34.15.221/auth-detail
(49266) auth_log: EXPAND %t
(49266) auth_log:    --> Tue Jun 23 11:18:40 2020
(49266)     [auth_log] = ok
(49266)     [chap] = noop
(49266)     [mschap] = noop
(49266)     [digest] = noop
(49266) suffix: Checking for suffix after "@"
(49266) suffix: No '@' in User-Name = "347117", looking up realm NULL
(49266) suffix: No such realm "NULL"
(49266)     [suffix] = noop
(49266) eap: Peer sent EAP Response (code 2) ID 9 length 46
(49266) eap: Continuing tunnel setup
(49266)     [eap] = ok
(49266)   } # authorize = ok
(49266) Found Auth-Type = eap
(49266) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(49266)   authenticate {
(49266) eap: Expiring EAP session with state 0x9e6734429e602efe
(49266) eap: Finished EAP session with state 0x343264483c3b7d5b
(49266) eap: Previous EAP request found for state 0x343264483c3b7d5b, released from the list
(49266) eap: Peer sent packet with method EAP PEAP (25)
(49266) eap: Calling submodule eap_peap to process data
(49266) eap_peap: Continuing EAP-TLS
(49266) eap_peap: [eaptls verify] = ok
(49266) eap_peap: Done initial handshake
(49266) eap_peap: [eaptls process] = ok
(49266) eap_peap: Session established.  Decoding tunneled attributes
(49266) eap_peap: PEAP state send tlv success
(49266) eap_peap: Received EAP-TLV response
(49266) eap_peap: Success
(49266) eap: Sending EAP Success (code 3) ID 9 length 4
(49266) eap: Freeing handler
(49266)     [eap] = ok
(49266)   } # authenticate = ok
(49266) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default
(49266)   post-auth {
(49266)     update {
(49266)       No attributes updated
(49266)     } # update = noop
(49266) sql: EXPAND .query
(49266) sql:    --> .query
(49266) sql: Using query template 'query'
(49266) sql: EXPAND %{tolower:%{%{Stripped-User-Name}:-%{%{User-Name}:-none}}}
(49266) sql:    --> 347117
(49266) sql: SQL-User-Name set to '347117'
(49266) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, calledstationid, callingstationid, authdate) VALUES('%{User-Name}', '%{%{User-Password}:-Chap-Password}', '%{reply:Packet-Type}', '%{Called-Station-Id}', '%{Calling-Station-Id}', TO_TIMESTAMP(%{integer:Event-Timestamp}))
(49266) sql:    --> INSERT INTO radpostauth (username, pass, reply, calledstationid, callingstationid, authdate) VALUES('347117', 'Chap-Password', 'Access-Accept', '5C-D9-98-14-37-48:MPDFT', '48-49-C7-71-79-66', TO_TIMESTAMP(1592921920))
(49266) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, calledstationid, callingstationid, authdate) VALUES('347117', 'Chap-Password', 'Access-Accept', '5C-D9-98-14-37-48:MPDFT', '48-49-C7-71-79-66', TO_TIMESTAMP(1592921920))
(49266) sql: SQL query returned: success
(49266) sql: 1 record(s) updated
(49266)     [sql] = ok
(49266)     [exec] = noop
(49266)     policy remove_reply_message_if_eap {
(49266)       if (&reply:EAP-Message && &reply:Reply-Message) {
(49266)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(49266)       else {
(49266)         [noop] = noop
(49266)       } # else = noop
(49266)     } # policy remove_reply_message_if_eap = noop
(49266)   } # post-auth = ok
(49266) Login OK: [347117] (from client AP-SD1-A03-Q01 port 2 cli 48-49-C7-71-79-66)
(49266) Sent Access-Accept Id 160 from 10.34.242.3:1812 to 10.34.15.221:1384 length 0
(49266)   MS-MPPE-Recv-Key = 0x542d83c1eb40f8c303c2eb8158cb7e7db2151c3568559646f0ae6cc2b4834cdc
(49266)   MS-MPPE-Send-Key = 0xe5c545e00159f5d356a41a506a2bfdda247960a2b6a0044c7bf9037a48336c63
(49266)   EAP-Message = 0x03090004
(49266)   Message-Authenticator = 0x00000000000000000000000000000000
(49266)   User-Name = "347117"
(49266) Finished request
(49267) Received Accounting-Request Id 161 from 10.34.15.221:1386 to 10.34.242.3:1813 length 145
(49267)   Acct-Session-Id = "38EBA713-00000041"
(49267)   Acct-Status-Type = Start
(49267)   Acct-Authentic = RADIUS
(49267)   User-Name = "347117"
(49267)   NAS-IP-Address = 10.34.15.221
(49267)   NAS-Port = 2
(49267)   Called-Station-Id = "5C-D9-98-14-37-48:MPDFT"
(49267)   Calling-Station-Id = "48-49-C7-71-79-66"
(49267)   NAS-Port-Type = Wireless-802.11
(49267)   Connect-Info = "CONNECT 54Mbps 802.11g"
(49267) # Executing section preacct from file /etc/freeradius/3.0/sites-enabled/default
(49267)   preacct {
(49267)     [preprocess] = ok
(49267)     update request {
(49267)       EXPAND %{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}
(49267)          --> 1592921920
(49267)       FreeRADIUS-Acct-Session-Start-Time = Jun 23 2020 11:18:40 -03
(49267)     } # update request = noop
(49267)     policy acct_unique {
(49267)       update request {
(49267)         Tmp-String-9 := "ai:"
(49267)       } # update request = noop
(49267)       if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&     ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(49267)       EXPAND %{hex:&Class}
(49267)          --> 
(49267)       EXPAND ^%{hex:&Tmp-String-9}
(49267)          --> ^61693a
(49267)       if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&     ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i))  -> FALSE
(49267)       else {
(49267)         update request {
(49267)           EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{Calling-Station-Id}}
(49267)              --> 6b521bf17a61aa914f0f67b33c558e07
(49267)           &Acct-Unique-Session-Id := 6b521bf17a61aa914f0f67b33c558e07
(49267)         } # update request = noop
(49267)       } # else = noop
(49267)     } # policy acct_unique = noop
(49267) suffix: Checking for suffix after "@"
(49267) suffix: No '@' in User-Name = "347117", looking up realm NULL
(49267) suffix: No such realm "NULL"
(49267)     [suffix] = noop
(49267) files: acct_users: Matched entry DEFAULT at line 22
(49267) files: EXPAND %{%{Stripped-User-Name}:-%{User-Name}}
(49267) files:    --> 347117
(49267)     [files] = ok
(49267)   } # preacct = ok
(49267) # Executing section accounting from file /etc/freeradius/3.0/sites-enabled/default
(49267)   accounting {
(49267) log_accounting: EXPAND Accounting-Request.%{%{Acct-Status-Type}:-unknown}
(49267) log_accounting:    --> Accounting-Request.Start
(49267) log_accounting: EXPAND %{date:Event-Timestamp} Connect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address})
(49267) log_accounting:    --> Tue, 23-06-2020 11:18:40 Connect: [347117] (did 5C-D9-98-14-37-48:MPDFT cli 48-49-C7-71-79-66 port 2 ip )
(49267) log_accounting: EXPAND /var/log/freeradius/linelog-accounting
(49267) log_accounting:    --> /var/log/freeradius/linelog-accounting
(49267)     [log_accounting] = ok
(49267) sql: EXPAND %{tolower:type.%{%{Acct-Status-Type}:-none}.query}
(49267) sql:    --> type.start.query
(49267) sql: Using query template 'query'
(49267) sql: EXPAND %{tolower:%{%{Stripped-User-Name}:-%{%{User-Name}:-none}}}
(49267) sql:    --> 347117
(49267) sql: SQL-User-Name set to '347117'
(49267) sql: EXPAND INSERT INTO radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctUpdateTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_Stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIpAddress) VALUES('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', NULLIF('%{Realm}', ''), '%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}}', NULLIF('%{%{NAS-Port-ID}:-%{NAS-Port}}', ''), '%{NAS-Port-Type}', TO_TIMESTAMP(%{integer:Event-Timestamp}), TO_TIMESTAMP(%{integer:Event-Timestamp}), NULL, 0, '%{Acct-Authentic}', '%{Connect-Info}', NULL, 0, 0, '%{Called-Station-Id}', '%{Calling-Station-Id}', NULL, '%{Service-Type}', '%{Framed-Protocol}', NULLIF('%{Framed-IP-Address}', '')::inet)
(49267) sql:    --> INSERT INTO radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctUpdateTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_Stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIpAddress) VALUES('38EBA713-00000041', '6b521bf17a61aa914f0f67b33c558e07', '347117', NULLIF('', ''), '10.34.15.221', NULLIF('2', ''), 'Wireless-802.11', TO_TIMESTAMP(1592921920), TO_TIMESTAMP(1592921920), NULL, 0, 'RADIUS', 'CONNECT 54Mbps 802.11g', NULL, 0, 0, '5C-D9-98-14-37-48:MPDFT', '48-49-C7-71-79-66', NULL, '', '', NULLIF('', '')::inet)
(49267) sql: Executing query: INSERT INTO radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctUpdateTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_Stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIpAddress) VALUES('38EBA713-00000041', '6b521bf17a61aa914f0f67b33c558e07', '347117', NULLIF('', ''), '10.34.15.221', NULLIF('2', ''), 'Wireless-802.11', TO_TIMESTAMP(1592921920), TO_TIMESTAMP(1592921920), NULL, 0, 'RADIUS', 'CONNECT 54Mbps 802.11g', NULL, 0, 0, '5C-D9-98-14-37-48:MPDFT', '48-49-C7-71-79-66', NULL, '', '', NULLIF('', '')::inet)
(49267) sql: SQL query returned: success
(49267) sql: 1 record(s) updated
(49267)     [sql] = ok
(49267)     if (&request:Acct-Status-Type == start) {
(49267)     if (&request:Acct-Status-Type == start)  -> TRUE
(49267)     if (&request:Acct-Status-Type == start)  {
(49267)       EXPAND %{tolower:%{%{Stripped-User-Name}:-%{%{User-Name}:-none}}}
(49267)          --> 347117
(49267)       SQL-User-Name set to '347117'
(49267)       Executing query: UPDATE radacct SET AcctStopTime = TO_TIMESTAMP(1592921920), AcctUpdateTime = TO_TIMESTAMP(1592921920), AcctTerminateCause = 'Stalled-session', ConnectInfo_stop = 'CONNECT 54Mbps 802.11g' WHERE UserName = '347117' AND AcctUniqueId <> '6b521bf17a61aa914f0f67b33c558e07' AND CallingStationId = '48-49-C7-71-79-66' AND AcctStopTime IS NULL
(49267)       SQL query affected no rows
(49267)       EXPAND %{sql:UPDATE radacct SET AcctStopTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctUpdateTime = TO_TIMESTAMP(%{integer:Event-Timestamp}), AcctTerminateCause = 'Stalled-session', ConnectInfo_stop = '%{Connect-Info}' WHERE UserName = '%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}' AND AcctUniqueId <> '%{Acct-Unique-Session-Id}' AND CallingStationId = '%{Calling-Station-Id}' AND AcctStopTime IS NULL}
(49267)          --> 
(49267)     } # if (&request:Acct-Status-Type == start)  = ok
(49267)     [exec] = noop
(49267) attr_filter.accounting_response: EXPAND %{User-Name}
(49267) attr_filter.accounting_response:    --> 347117
(49267) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(49267)     [attr_filter.accounting_response] = updated
(49267)   } # accounting = updated
(49267) Sent Accounting-Response Id 161 from 10.34.242.3:1813 to 10.34.15.221:1386 length 0
(49267) Finished request
(49267) Cleaning up request packet ID 161 with timestamp +43054
(49257) Cleaning up request packet ID 151 with timestamp +43054
(49258) Cleaning up request packet ID 152 with timestamp +43054
(49259) Cleaning up request packet ID 153 with timestamp +43054
(49260) Cleaning up request packet ID 154 with timestamp +43054
(49261) Cleaning up request packet ID 155 with timestamp +43054
(49262) Cleaning up request packet ID 156 with timestamp +43054
(49263) Cleaning up request packet ID 157 with timestamp +43054
(49264) Cleaning up request packet ID 158 with timestamp +43054
(49265) Cleaning up request packet ID 159 with timestamp +43054
(49266) Cleaning up request packet ID 160 with timestamp +43054
root at vp2-seg-008:/var/log/freeradius#



More information about the Freeradius-Users mailing list