FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Sep 24 2012 at

1. FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Sep 24 2012 at 17:58:57
2. Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
4. PARTICULAR PURPOSE.
5. You may redistribute copies of FreeRADIUS under the terms of the
6. GNU General Public License v2.
7. Starting - reading configuration files ...
8. including configuration file /etc/freeradius/radiusd.conf
9. including configuration file /etc/freeradius/proxy.conf
10. including configuration file /etc/freeradius/clients.conf
11. including files in directory /etc/freeradius/modules/
12. including configuration file /etc/freeradius/modules/always
13. including configuration file /etc/freeradius/modules/exec
14. including configuration file /etc/freeradius/modules/sql_log
15. including configuration file /etc/freeradius/modules/passwd
16. including configuration file /etc/freeradius/modules/mschap
17. including configuration file /etc/freeradius/modules/logintime
18. including configuration file /etc/freeradius/modules/echo
19. including configuration file /etc/freeradius/modules/expiration
20. including configuration file /etc/freeradius/modules/detail.log
21. including configuration file /etc/freeradius/modules/realm
22. including configuration file /etc/freeradius/modules/unix
23. including configuration file /etc/freeradius/modules/expr
24. including configuration file /etc/freeradius/modules/dynamic_clients
25. including configuration file /etc/freeradius/modules/policy
26. including configuration file /etc/freeradius/modules/cui
27. including configuration file /etc/freeradius/modules/mac2vlan
28. including configuration file /etc/freeradius/modules/krb5
29. including configuration file /etc/freeradius/modules/ippool
30. including configuration file /etc/freeradius/modules/attr_rewrite
31. including configuration file /etc/freeradius/modules/pap
32. including configuration file /etc/freeradius/modules/detail.example.com
33. including configuration file /etc/freeradius/modules/acct_unique
34. including configuration file /etc/freeradius/modules/checkval
35. including configuration file /etc/freeradius/modules/sradutmp
36. including configuration file /etc/freeradius/modules/preprocess
37. including configuration file /etc/freeradius/modules/counter
38. including configuration file /etc/freeradius/modules/opendirectory
39. including configuration file /etc/freeradius/modules/chap
40. including configuration file /etc/freeradius/modules/attr_filter
41. including configuration file /etc/freeradius/modules/files
42. including configuration file /etc/freeradius/modules/etc_group
43. including configuration file /etc/freeradius/modules/perl
44. including configuration file /etc/freeradius/modules/radutmp
45. including configuration file /etc/freeradius/modules/wimax
46. including configuration file /etc/freeradius/modules/mac2ip
47. including configuration file /etc/freeradius/modules/ldap
48. including configuration file /etc/freeradius/modules/smbpasswd
49. including configuration file /etc/freeradius/modules/detail
50. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
51. including configuration file /etc/freeradius/modules/smsotp
52. including configuration file /etc/freeradius/modules/digest
53. including configuration file /etc/freeradius/modules/linelog
54. including configuration file /etc/freeradius/modules/ntlm_auth
55. including configuration file /etc/freeradius/modules/inner-eap
56. including configuration file /etc/freeradius/modules/pam
57. including configuration file /etc/freeradius/modules/otp
58. including configuration file /etc/freeradius/eap.conf
59. including configuration file /etc/freeradius/sql.conf
60. including configuration file /etc/freeradius/sql/mysql/dialup.conf
61. including configuration file /etc/freeradius/policy.conf
62. including files in directory /etc/freeradius/sites-enabled/
63. including configuration file /etc/freeradius/sites-enabled/ausgabe.txt
64. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
65. including configuration file /etc/freeradius/sites-enabled/default
66. main {
67. user = "freerad"
68. group = "freerad"
69. allow_core_dumps = no
70. }
71. including dictionary file /etc/freeradius/dictionary
72. main {
73. prefix = "/usr"
74. localstatedir = "/var"
75. logdir = "/var/log/freeradius"
76. libdir = "/usr/lib/freeradius"
77. radacctdir = "/var/log/freeradius/radacct"
78. hostname_lookups = no
79. max_request_time = 30
80. cleanup_delay = 5
81. max_requests = 1024
82. pidfile = "/var/run/freeradius/freeradius.pid"
83. checkrad = "/usr/sbin/checkrad"
84. debug_level = 0
85. proxy_requests = yes
86. log {
87. stripped_names = no
88. auth = no
89. auth_badpass = no
90. auth_goodpass = no
91. }
92. security {
93. max_attributes = 200
94. reject_delay = 1
95. status_server = yes
96. }
97. }
98. radiusd: #### Loading Realms and Home Servers ####
99. proxy server {
100. retry_delay = 5
101. retry_count = 3
102. default_fallback = no
103. dead_time = 120
104. wake_all_if_all_dead = no
105. }
106. realm LOCAL {
107. }
108. realm kl-dfki.de {
109. authhost = LOCAL
110. accthost = LOCAL
111. }
112. realm DEFAULT {
113. nostrip
114. authhost = 172.16.3.225
115. accthost = 172.16.3.225
116. secret = xxxxx
117. }
118. radiusd: #### Loading Clients ####
119. client localhost {
120. ipaddr = 127.0.0.1
121. require_message_authenticator = no
122. secret = "xxxx"
123. nastype = "other"
124. }
125. client OpenURC-Global {
126. ipaddr = 172.16.3.225
127. require_message_authenticator = no
128. secret = "xxxx"
129. nastype = "other"
130. }
131. client Router1 {
132. ipaddr = 192.168.1.1
133. require_message_authenticator = no
134. secret = "xxxx"
135. nastype = "other"
136. }
137. radiusd: #### Instantiating modules ####
138. instantiate {
139. Module: Linked to module rlm_exec
140. Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
141. exec {
142. wait = no
143. input_pairs = "request"
144. shell_escape = yes
145. }
146. Module: Linked to module rlm_expr
147. Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
148. Module: Linked to module rlm_expiration
149. Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
150. expiration {
151. reply-message = "Password Has Expired "
152. }
153. Module: Linked to module rlm_logintime
154. Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
155. logintime {
156. reply-message = "You are calling outside your allowed timespan "
157. minimum-timeout = 60
158. }
159. }
160. radiusd: #### Loading Virtual Servers ####
161. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
162. modules {
163. Module: Checking authenticate {...} for more modules to load
164. Module: Linked to module rlm_mschap
165. Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
166. mschap {
167. use_mppe = yes
168. require_encryption = no
169. require_strong = no
170. with_ntdomain_hack = no
171. }
172. Module: Linked to module rlm_eap
173. Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
174. eap {
175. default_eap_type = "peap"
176. timer_expire = 60
177. ignore_unknown_eap_types = no
178. cisco_accounting_username_bug = no
179. max_sessions = 4096
180. }
181. Module: Linked to sub-module rlm_eap_md5
182. Module: Instantiating eap-md5
183. Module: Linked to sub-module rlm_eap_leap
184. Module: Instantiating eap-leap
185. Module: Linked to sub-module rlm_eap_gtc
186. Module: Instantiating eap-gtc
187. gtc {
188. challenge = "Password: "
189. auth_type = "PAP"
190. }
191. Module: Linked to sub-module rlm_eap_tls
192. Module: Instantiating eap-tls
193. tls {
194. rsa_key_exchange = no
195. dh_key_exchange = yes
196. rsa_key_length = 512
197. dh_key_length = 512
198. verify_depth = 0
199. pem_file_type = yes
200. private_key_file = "/etc/wireless/certs/server/server.pem"
201. certificate_file = "/etc/wireless/certs/server/server.pem"
202. CA_file = "/etc/wireless/certs/server/ca.pem"
203. private_key_password = "xxxxx"
204. dh_file = "/etc/wireless/dh"
205. random_file = "/etc/wireless/random"
206. fragment_size = 1024
207. include_length = yes
208. check_crl = no
209. cipher_list = "HIGH"
210. cache {
211. enable = no
212. lifetime = 24
213. max_entries = 255
214. }
215. verify {
216. }
217. }
218. Module: Linked to sub-module rlm_eap_ttls
219. Module: Instantiating eap-ttls
220. ttls {
221. default_eap_type = "mschapv2"
222. copy_request_to_tunnel = yes
223. use_tunneled_reply = yes
224. virtual_server = "inner-tunnel"
225. include_length = yes
226. }
227. Module: Linked to sub-module rlm_eap_peap
228. Module: Instantiating eap-peap
229. peap {
230. default_eap_type = "mschapv2"
231. copy_request_to_tunnel = yes
232. use_tunneled_reply = yes
233. proxy_tunneled_request_as_eap = no
234. virtual_server = "inner-tunnel"
235. }
236. Module: Linked to sub-module rlm_eap_mschapv2
237. Module: Instantiating eap-mschapv2
238. mschapv2 {
239. with_ntdomain_hack = no
240. }
241. Module: Checking authorize {...} for more modules to load
242. Module: Linked to module rlm_realm
243. Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
244. realm suffix {
245. format = "suffix"
246. delimiter = "@"
247. ignore_default = no
248. ignore_null = no
249. }
250. Module: Linked to module rlm_files
251. Module: Instantiating module "files" from file /etc/freeradius/modules/files
252. files {
253. usersfile = "/etc/freeradius/users"
254. acctusersfile = "/etc/freeradius/acct_users"
255. preproxy_usersfile = "/etc/freeradius/preproxy_users"
256. compat = "no"
257. }
258. Module: Linked to module rlm_sql
259. Module: Instantiating module "sql" from file /etc/freeradius/sql.conf
260. sql {
261. driver = "rlm_sql_mysql"
262. server = "localhost"
263. port = ""
264. login = "root"
265. password = "xxxxx"
266. radius_db = "radius"
267. read_groups = yes
268. sqltrace = no
269. sqltracefile = "/var/log/freeradius/sqltrace.sql"
270. readclients = yes
271. deletestalesessions = yes
272. num_sql_socks = 5
273. lifetime = 0
274. max_queries = 0
275. sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
276. default_user_profile = ""
277. nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
278. authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
279. authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
280. authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
281. authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
282. accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"
283. accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
284. accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
285. accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
286. accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
287. accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
288. accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
289. group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
290. connect_failure_retry_delay = 60
291. simul_count_query = ""
292. simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
293. postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
294. safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
295. }
296. rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
297. rlm_sql (sql): Attempting to connect to root@localhost:/radius
298. rlm_sql (sql): starting 0
299. rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
300. rlm_sql_mysql: Starting connect to MySQL server for #0
301. rlm_sql (sql): Connected new DB handle, #0
302. rlm_sql (sql): starting 1
303. rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
304. rlm_sql_mysql: Starting connect to MySQL server for #1
305. rlm_sql (sql): Connected new DB handle, #1
306. rlm_sql (sql): starting 2
307. rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
308. rlm_sql_mysql: Starting connect to MySQL server for #2
309. rlm_sql (sql): Connected new DB handle, #2
310. rlm_sql (sql): starting 3
311. rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
312. rlm_sql_mysql: Starting connect to MySQL server for #3
313. rlm_sql (sql): Connected new DB handle, #3
314. rlm_sql (sql): starting 4
315. rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
316. rlm_sql_mysql: Starting connect to MySQL server for #4
317. rlm_sql (sql): Connected new DB handle, #4
318. rlm_sql (sql): Processing generate_sql_clients
319. rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
320. rlm_sql (sql): Reserving sql socket id: 4
321. rlm_sql (sql): Read entry nasname=172.16.18.238,shortname=OpenURC_KL,secret=xxxx
322. rlm_sql (sql): Adding client 172.16.18.238 (OpenURC_KL, server=<none>) to clients list
323. rlm_sql (sql): Released sql socket id: 4
324. Module: Checking session {...} for more modules to load
325. Module: Linked to module rlm_radutmp
326. Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
327. radutmp {
328. filename = "/var/log/freeradius/radutmp"
329. username = "%{User-Name}"
330. case_sensitive = yes
331. check_with_nas = yes
332. perm = 384
333. callerid = yes
334. }
335. Module: Checking post-proxy {...} for more modules to load
336. Module: Checking post-auth {...} for more modules to load
337. Module: Linked to module rlm_attr_filter
338. Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
339. attr_filter attr_filter.access_reject {
340. attrsfile = "/etc/freeradius/attrs.access_reject"
341. key = "%{User-Name}"
342. }
343. } # modules
344. } # server
345. server { # from file /etc/freeradius/radiusd.conf
346. modules {
347. Module: Checking authenticate {...} for more modules to load
348. Module: Linked to module rlm_digest
349. Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
350. Module: Checking authorize {...} for more modules to load
351. Module: Linked to module rlm_preprocess
352. Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
353. preprocess {
354. huntgroups = "/etc/freeradius/huntgroups"
355. hints = "/etc/freeradius/hints"
356. with_ascend_hack = no
357. ascend_channels_per_line = 23
358. with_ntdomain_hack = no
359. with_specialix_jetstream_hack = no
360. with_cisco_vsa_hack = no
361. with_alvarion_vsa_hack = no
362. }
363. Module: Linked to module rlm_detail
364. Module: Instantiating module "auth_log" from file /etc/freeradius/modules/detail.log
365. detail auth_log {
366. detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
367. header = "%t"
368. detailperm = 384
369. dirperm = 493
370. locking = no
371. log_packet_header = no
372. }
373. Module: Checking preacct {...} for more modules to load
374. Module: Linked to module rlm_acct_unique
375. Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
376. acct_unique {
377. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
378. }
379. Module: Checking accounting {...} for more modules to load
380. Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
381. detail {
382. detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
383. header = "%t"
384. detailperm = 384
385. dirperm = 493
386. locking = no
387. log_packet_header = no
388. }
389. Module: Linked to module rlm_unix
390. Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
391. unix {
392. radwtmp = "/var/log/freeradius/radwtmp"
393. }
394. Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
395. attr_filter attr_filter.accounting_response {
396. attrsfile = "/etc/freeradius/attrs.accounting_response"
397. key = "%{User-Name}"
398. }
399. Module: Checking session {...} for more modules to load
400. Module: Checking post-proxy {...} for more modules to load
401. Module: Checking post-auth {...} for more modules to load
402. } # modules
403. } # server
404. radiusd: #### Opening IP addresses and Ports ####
405. listen {
406. type = "auth"
407. ipaddr = *
408. port = 0
409. }
410. listen {
411. type = "acct"
412. ipaddr = *
413. port = 0
414. }
415. listen {
416. type = "auth"
417. ipaddr = 127.0.0.1
418. port = 18120
419. }
420. Listening on authentication address * port 1812
421. Listening on accounting address * port 1813
422. Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
423. Listening on proxy address * port 1814
424. Ready to process requests.
425. rad_recv: Access-Request packet from host 172.16.3.225 port 1814, id=205, length=184
426. User-Name = "markus@kl-dfki.de"
427. NAS-IP-Address = 172.16.18.82
428. NAS-Port = 1
429. Called-Station-Id = "4C-E6-76-CC-54-C7:OpenURC"
430. Calling-Station-Id = "00-24-2C-2A-F9-89"
431. Framed-MTU = 1400
432. NAS-Port-Type = Wireless-802.11
433. Connect-Info = "CONNECT 54Mbps 802.11g"
434. EAP-Message = 0x02050016016d61726b7573406b6c2d64666b692e6465
435. Message-Authenticator = 0xd2c63516a877eb07e6ea2ff536b59c7f
436. Proxy-State = 0x3336
437. Proxy-State = 0x313433
438. # Executing section authorize from file /etc/freeradius/sites-enabled/default
439. +- entering group authorize {...}
440. ++[preprocess] returns ok
441. [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
442. [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
443. [auth_log] expand: %t -> Wed Oct 10 14:33:38 2012
444. ++[auth_log] returns ok
445. ++[mschap] returns noop
446. ++[digest] returns noop
447. [suffix] Looking up realm "kl-dfki.de" for User-Name = "markus@kl-dfki.de"
448. [suffix] Found realm "kl-dfki.de"
449. [suffix] Adding Stripped-User-Name = "markus"
450. [suffix] Adding Realm = "kl-dfki.de"
451. [suffix] Authentication realm is LOCAL.
452. ++[suffix] returns ok
453. [eap] EAP packet type response id 5 length 22
454. [eap] No EAP Start, assuming it's an on-going EAP conversation
455. ++[eap] returns updated
456. ++[files] returns noop
457. [sql] expand: %{Stripped-User-Name} -> markus
458. [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> markus
459. [sql] sql_set_user escaped user --> 'markus'
460. rlm_sql (sql): Reserving sql socket id: 3
461. [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'markus' ORDER BY id
462. [sql] User found in radcheck table
463. [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'markus' ORDER BY id
464. [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'markus' ORDER BY priority
465. rlm_sql (sql): Released sql socket id: 3
466. ++[sql] returns ok
467. ++[expiration] returns noop
468. ++[logintime] returns noop
469. Found Auth-Type = EAP
470. # Executing group from file /etc/freeradius/sites-enabled/default
471. +- entering group authenticate {...}
472. [eap] EAP Identity
473. [eap] processing type tls
474. [tls] Initiate
475. [tls] Start returned 1
476. ++[eap] returns handled
477. Sending Access-Challenge of id 205 to 172.16.3.225 port 1814
478. EAP-Message = 0x010600061920
479. Message-Authenticator = 0x00000000000000000000000000000000
480. State = 0xbd14c6c2bd12dfa7a4efca0ea3eef625
481. Proxy-State = 0x3336
482. Proxy-State = 0x313433
483. Finished request 0.
484. Going to the next request
485. Waking up in 4.9 seconds.
486. rad_recv: Access-Request packet from host 172.16.3.225 port 1814, id=160, length=267
487. User-Name = "markus@kl-dfki.de"
488. NAS-IP-Address = 172.16.18.82
489. NAS-Port = 1
490. Called-Station-Id = "4C-E6-76-CC-54-C7:OpenURC"
491. Calling-Station-Id = "00-24-2C-2A-F9-89"
492. Framed-MTU = 1400
493. NAS-Port-Type = Wireless-802.11
494. Connect-Info = "CONNECT 54Mbps 802.11g"
495. EAP-Message = 0x0206005719800000004d160301004801000044030150756b236af31d1cff7a4452e8365d1ec47009d9c46593b13f83e9f13140e8d900001600040005000a0009006400620003000600130012006301000005ff01000100
496. State = 0xbd14c6c2bd12dfa7a4efca0ea3eef625
497. Message-Authenticator = 0xa876367ceab654fa12cbc8ff013ea449
498. Proxy-State = 0x3337
499. Proxy-State = 0x323533
500. # Executing section authorize from file /etc/freeradius/sites-enabled/default
501. +- entering group authorize {...}
502. ++[preprocess] returns ok
503. [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
504. [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
505. [auth_log] expand: %t -> Wed Oct 10 14:33:38 2012
506. ++[auth_log] returns ok
507. ++[mschap] returns noop
508. ++[digest] returns noop
509. [suffix] Looking up realm "kl-dfki.de" for User-Name = "markus@kl-dfki.de"
510. [suffix] Found realm "kl-dfki.de"
511. [suffix] Adding Stripped-User-Name = "markus"
512. [suffix] Adding Realm = "kl-dfki.de"
513. [suffix] Authentication realm is LOCAL.
514. ++[suffix] returns ok
515. [eap] EAP packet type response id 6 length 87
516. [eap] Continuing tunnel setup.
517. ++[eap] returns ok
518. Found Auth-Type = EAP
519. # Executing group from file /etc/freeradius/sites-enabled/default
520. +- entering group authenticate {...}
521. [eap] Request found, released from the list
522. [eap] EAP/peap
523. [eap] processing type peap
524. [peap] processing EAP-TLS
525. TLS Length 77
526. [peap] Length Included
527. [peap] eaptls_verify returned 11
528. [peap] (other): before/accept initialization
529. [peap] TLS_accept: before/accept initialization
530. [peap] <<< TLS 1.0 Handshake [length 0048], ClientHello
531. [peap] TLS_accept: SSLv3 read client hello A
532. [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
533. [peap] TLS_accept: SSLv3 write server hello A
534. [peap] >>> TLS 1.0 Handshake [length 07b2], Certificate
535. [peap] TLS_accept: SSLv3 write certificate A
536. [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
537. [peap] TLS_accept: SSLv3 write server done A
538. [peap] TLS_accept: SSLv3 flush data
539. [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
540. In SSL Handshake Phase
541. In SSL Accept mode
542. [peap] eaptls_process returned 13
543. [peap] EAPTLS_HANDLED
544. ++[eap] returns handled
545. Sending Access-Challenge of id 160 to 172.16.3.225 port 1814
546. EAP-Message = 0x0107040019c0000007f616030100310200002d030150756b224cd3f5bede02b0f9d8357089615302dee136ac1fa3efc4f85bff91df00000a000005ff0100010016030107b20b0007ae0007ab0003653082036130820249a003020102020101300d06092a864886f70d01010405003071310b3009060355040613024445310f300d060355040813065261646975733111300f06035504071308536161726c616e64310d300b060355040a130444464b49311d301b06092a864886f70d010901160e61646d696e4064666b692e636f6d3110300e060355040313074f70656e555243301e170d3132313030313136303135385a170d313331303031313630
547. EAP-Message = 0x3135385a305e310b3009060355040613024445310f300d06035504081306526164697573310d300b060355040a130444464b493110300e060355040313074f70656e555243311d301b06092a864886f70d010901160e61646d696e4064666b692e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100bcd6c17681a176bbbe2db5065e8114a27d42330a9aa7648df4c042697ba254341f7d1ac1eaeb8f7519fd0d23365356b3721e30541db6228d8addcfe7683d23156e7b892a1429ef89cfed4d42d8a5be337c3918712115d43dacc8dbabc9dfadd389ce621aa744fd2738387dbf106c7d3742beb45b73dc5799
548. EAP-Message = 0x89e39d883f8a9ea82709e2f2c21405f777b178ad759ebf1a7db1fd8e79e9c44699840765a4e9ff2110bc5f40aebeb02a0526f40fa50460311a6466cb5fec569f2be0143a12ab7c5ec9ab7ce36f41ad02e4b58899a36fac57e3953618a2d5af97d463ef353562ceac83e3260069c92a47736a122a87958dc055d18a79812b2465dfa580ddfabc0e0d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100705316e84a45d684ce9a240af0f38dc3d51c3ef0767812b2cb5108630a2f4a3705a22c365edc04948fd3aad63d8d05ec3baf32fbc8b97f0629c5cca3f0f3a966b5de35
549. EAP-Message = 0x2c4f0da3db0cfff2dfa81f2dd2b651fc2b14d91ffc9e24581976f3736ec56a0938ccca0cbbd292c20389c16d6d3688af50bb77175361da7ba9e911c78b9c49e69ba88befa0eeca697cdf778753817fb1d61fd475772ff44c867709f21a78e11e7259164a45a751ac1c6f26e745701d5800ca20627b825810b7177af63504bfb49ee8b05bf310052153aaafd24b241886b9bf79edeb26c7cf3d893a023b5409945daef31821ec71dd3f04974e36ee99e4db63e66bddcf182f558cd473980004403082043c30820324a003020102020900c80d86abf0d12be2300d06092a864886f70d01010505003071310b3009060355040613024445310f300d060355
550. EAP-Message = 0x040813065261646975733111
551. Message-Authenticator = 0x00000000000000000000000000000000
552. State = 0xbd14c6c2bc13dfa7a4efca0ea3eef625
553. Proxy-State = 0x3337
554. Proxy-State = 0x323533
555. Finished request 1.
556. Going to the next request
557. Waking up in 4.9 seconds.
558. rad_recv: Access-Request packet from host 172.16.3.225 port 1814, id=74, length=186
559. User-Name = "markus@kl-dfki.de"
560. NAS-IP-Address = 172.16.18.82
561. NAS-Port = 1
562. Called-Station-Id = "4C-E6-76-CC-54-C7:OpenURC"
563. Calling-Station-Id = "00-24-2C-2A-F9-89"
564. Framed-MTU = 1400
565. NAS-Port-Type = Wireless-802.11
566. Connect-Info = "CONNECT 54Mbps 802.11g"
567. EAP-Message = 0x020700061900
568. State = 0xbd14c6c2bc13dfa7a4efca0ea3eef625
569. Message-Authenticator = 0xa9b62c87a019129aa9fcb3b8f9559096
570. Proxy-State = 0x3338
571. Proxy-State = 0x313536
572. # Executing section authorize from file /etc/freeradius/sites-enabled/default
573. +- entering group authorize {...}
574. ++[preprocess] returns ok
575. [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
576. [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
577. [auth_log] expand: %t -> Wed Oct 10 14:33:38 2012
578. ++[auth_log] returns ok
579. ++[mschap] returns noop
580. ++[digest] returns noop
581. [suffix] Looking up realm "kl-dfki.de" for User-Name = "markus@kl-dfki.de"
582. [suffix] Found realm "kl-dfki.de"
583. [suffix] Adding Stripped-User-Name = "markus"
584. [suffix] Adding Realm = "kl-dfki.de"
585. [suffix] Authentication realm is LOCAL.
586. ++[suffix] returns ok
587. [eap] EAP packet type response id 7 length 6
588. [eap] Continuing tunnel setup.
589. ++[eap] returns ok
590. Found Auth-Type = EAP
591. # Executing group from file /etc/freeradius/sites-enabled/default
592. +- entering group authenticate {...}
593. [eap] Request found, released from the list
594. [eap] EAP/peap
595. [eap] processing type peap
596. [peap] processing EAP-TLS
597. [peap] Received TLS ACK
598. [peap] ACK handshake fragment handler
599. [peap] eaptls_verify returned 1
600. [peap] eaptls_process returned 13
601. [peap] EAPTLS_HANDLED
602. ++[eap] returns handled
603. Sending Access-Challenge of id 74 to 172.16.3.225 port 1814
604. EAP-Message = 0x010803fc1940300f06035504071308536161726c616e64310d300b060355040a130444464b49311d301b06092a864886f70d010901160e61646d696e4064666b692e636f6d3110300e060355040313074f70656e555243301e170d3132313030313136303135385a170d3133313030313136303135385a3071310b3009060355040613024445310f300d060355040813065261646975733111300f06035504071308536161726c616e64310d300b060355040a130444464b49311d301b06092a864886f70d010901160e61646d696e4064666b692e636f6d3110300e060355040313074f70656e55524330820122300d06092a864886f70d0101010500
605. EAP-Message = 0x0382010f003082010a0282010100d2c5c75600372e4aeef7ba1e1ddb69d6b457aacae441c07f6cae9a398506492ab16c46eb1965813c9e81da8db928539aab5299090f0986fd893cffe5cbdc55333e6812c2087e1f832062255400069d78a56c208fa37d1b374efe0b21797f8d8a8da5b86f80ec98dd6dc703c7dce6b2f5c6242d19d9ecd2f2c3f3c71fca3cff827d8dab44e8b53c993350f5f8ac76c5c79f3537c757e4a63fcc967c6adb56602e1c698717f7798d667ce7daa4d8a012d6c873079081786acc0ffc992020b07414253f24c5f774410c8f9075b13487840e44a03e0d42c2a1e38ad4315d62c8b0b7062d3fe2b4e4cdc6322f306b3d1509
606. EAP-Message = 0x5c524471d0f67173d6e4094a2e939e03df0203010001a381d63081d3301d0603551d0e041604144a392713a2a5d078a97bd76691bd8c54ad56cfce3081a30603551d2304819b30819880144a392713a2a5d078a97bd76691bd8c54ad56cfcea175a4733071310b3009060355040613024445310f300d060355040813065261646975733111300f06035504071308536161726c616e64310d300b060355040a130444464b49311d301b06092a864886f70d010901160e61646d696e4064666b692e636f6d3110300e060355040313074f70656e555243820900c80d86abf0d12be2300c0603551d13040530030101ff300d06092a864886f70d01010505
607. EAP-Message = 0x000382010100648ffc18ffaf9da4e13fcfe30a9e918b005a9c9ba28ba66df04fd4ee2c2deb02aab7e5f7c5072800e4c2209ed11d6fcdbf702f0edf6ea10dacba484f63ea1964fdcb0160e22598ac3904feba329f58ae04522d9a1b2024893207aab51c0687afc3dd9952fc75a11de5655c0f6bc8bf1f167eb9a14671bcf8dd536e367189f836f2fab3266a3ae5e770c117e1b6c291e33851f70bd373bcacae3c117659820f7d00d64200b1eb17df522a13b03f42fef987fad98c1ff4a0db6cee6e4ccf9f9b893af776c2510d9d0dcf15720d3623cebe24272507f2791e0aea53299b9e4b76990d4a5f1f1dbfd4eed18939ef72d4aeba072fcfa6f15c43
608. EAP-Message = 0x3987a767df292136
609. Message-Authenticator = 0x00000000000000000000000000000000
610. State = 0xbd14c6c2bf1cdfa7a4efca0ea3eef625
611. Proxy-State = 0x3338
612. Proxy-State = 0x313536
613. Finished request 2.
614. Going to the next request
615. Waking up in 4.9 seconds.
616. rad_recv: Access-Request packet from host 172.16.3.225 port 1814, id=165, length=185
617. User-Name = "markus@kl-dfki.de"
618. NAS-IP-Address = 172.16.18.82
619. NAS-Port = 1
620. Called-Station-Id = "4C-E6-76-CC-54-C7:OpenURC"
621. Calling-Station-Id = "00-24-2C-2A-F9-89"
622. Framed-MTU = 1400
623. NAS-Port-Type = Wireless-802.11
624. Connect-Info = "CONNECT 54Mbps 802.11g"
625. EAP-Message = 0x020800061900
626. State = 0xbd14c6c2bf1cdfa7a4efca0ea3eef625
627. Message-Authenticator = 0x54471b5225d084f791010e38a0feedf9
628. Proxy-State = 0x3339
629. Proxy-State = 0x3831
630. # Executing section authorize from file /etc/freeradius/sites-enabled/default
631. +- entering group authorize {...}
632. ++[preprocess] returns ok
633. [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
634. [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
635. [auth_log] expand: %t -> Wed Oct 10 14:33:38 2012
636. ++[auth_log] returns ok
637. ++[mschap] returns noop
638. ++[digest] returns noop
639. [suffix] Looking up realm "kl-dfki.de" for User-Name = "markus@kl-dfki.de"
640. [suffix] Found realm "kl-dfki.de"
641. [suffix] Adding Stripped-User-Name = "markus"
642. [suffix] Adding Realm = "kl-dfki.de"
643. [suffix] Authentication realm is LOCAL.
644. ++[suffix] returns ok
645. [eap] EAP packet type response id 8 length 6
646. [eap] Continuing tunnel setup.
647. ++[eap] returns ok
648. Found Auth-Type = EAP
649. # Executing group from file /etc/freeradius/sites-enabled/default
650. +- entering group authenticate {...}
651. [eap] Request found, released from the list
652. [eap] EAP/peap
653. [eap] processing type peap
654. [peap] processing EAP-TLS
655. [peap] Received TLS ACK
656. [peap] ACK handshake fragment handler
657. [peap] eaptls_verify returned 1
658. [peap] eaptls_process returned 13
659. [peap] EAPTLS_HANDLED
660. ++[eap] returns handled
661. Sending Access-Challenge of id 165 to 172.16.3.225 port 1814
662. EAP-Message = 0x010900101900e316030100040e000000
663. Message-Authenticator = 0x00000000000000000000000000000000
664. State = 0xbd14c6c2be1ddfa7a4efca0ea3eef625
665. Proxy-State = 0x3339
666. Proxy-State = 0x3831
667. Finished request 3.
668. Going to the next request
669. Waking up in 4.9 seconds.
670. rad_recv: Access-Request packet from host 172.16.3.225 port 1814, id=87, length=509
671. User-Name = "markus@kl-dfki.de"
672. NAS-IP-Address = 172.16.18.82
673. NAS-Port = 1
674. Called-Station-Id = "4C-E6-76-CC-54-C7:OpenURC"
675. Calling-Station-Id = "00-24-2C-2A-F9-89"
676. Framed-MTU = 1400
677. NAS-Port-Type = Wireless-802.11
678. Connect-Info = "CONNECT 54Mbps 802.11g"
679. EAP-Message = 0x0209014819800000013e16030101061000010201001df36c097efe7a76d9cf933070f8471a1985208574e5cf44c6931e741b1889ab5a1064448f1a0a0f668957a46847b808c6b746490e6fdc10ce433971719435b82cdf964960a5262cf6157653b0aef36c3ee1a92aa57adabf5f229bc1b688f24ad5a97344e344dbf379f63c8bec9195dc23314a4a1bd8b1f575ff6888fa5fdc3bf22151a56f8693de1381c804850fa51f3f119f424a38c0370e77cba524a9b75c6f2852b2cd53ca6b24bf65f0f8fbb86fb71bb554e91b6ed1558233df49876b5066d55e0169cac06ef3eea07e8f95133f5c056605b5e7d3f8d9b7b19f9844e0778e13708ac2c8192f
680. EAP-Message = 0x6b27691a4231de7b2aad4dcfbd5aeec9c8847b72b999702d140301000101160301002868d139093bc34d87e116f596db8d145bfc7365a7f97425b99f7384629efd306332cc31807e92221b
681. State = 0xbd14c6c2be1ddfa7a4efca0ea3eef625
682. Message-Authenticator = 0x85f35437110f84a3e50c0b928d4a84ef
683. Proxy-State = 0x3430
684. Proxy-State = 0x3935
685. # Executing section authorize from file /etc/freeradius/sites-enabled/default
686. +- entering group authorize {...}
687. ++[preprocess] returns ok
688. [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
689. [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
690. [auth_log] expand: %t -> Wed Oct 10 14:33:38 2012
691. ++[auth_log] returns ok
692. ++[mschap] returns noop
693. ++[digest] returns noop
694. [suffix] Looking up realm "kl-dfki.de" for User-Name = "markus@kl-dfki.de"
695. [suffix] Found realm "kl-dfki.de"
696. [suffix] Adding Stripped-User-Name = "markus"
697. [suffix] Adding Realm = "kl-dfki.de"
698. [suffix] Authentication realm is LOCAL.
699. ++[suffix] returns ok
700. [eap] EAP packet type response id 9 length 253
701. [eap] Continuing tunnel setup.
702. ++[eap] returns ok
703. Found Auth-Type = EAP
704. # Executing group from file /etc/freeradius/sites-enabled/default
705. +- entering group authenticate {...}
706. [eap] Request found, released from the list
707. [eap] EAP/peap
708. [eap] processing type peap
709. [peap] processing EAP-TLS
710. TLS Length 318
711. [peap] Length Included
712. [peap] eaptls_verify returned 11
713. [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
714. [peap] TLS_accept: SSLv3 read client key exchange A
715. [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
716. [peap] <<< TLS 1.0 Handshake [length 0010], Finished
717. [peap] TLS_accept: SSLv3 read finished A
718. [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
719. [peap] TLS_accept: SSLv3 write change cipher spec A
720. [peap] >>> TLS 1.0 Handshake [length 0010], Finished
721. [peap] TLS_accept: SSLv3 write finished A
722. [peap] TLS_accept: SSLv3 flush data
723. [peap] (other): SSL negotiation finished successfully
724. SSL Connection Established
725. [peap] eaptls_process returned 13
726. [peap] EAPTLS_HANDLED
727. ++[eap] returns handled
728. Sending Access-Challenge of id 87 to 172.16.3.225 port 1814
729. EAP-Message = 0x010a003919001403010001011603010028efa6af376a7473eea192489827277d5c1c877a929f4c6a05635c1ff7c529bb5c0ffb9bf2d6127060
730. Message-Authenticator = 0x00000000000000000000000000000000
731. State = 0xbd14c6c2b91edfa7a4efca0ea3eef625
732. Proxy-State = 0x3430
733. Proxy-State = 0x3935
734. Finished request 4.
735. Going to the next request
736. Waking up in 4.9 seconds.
737. rad_recv: Access-Request packet from host 172.16.3.225 port 1814, id=21, length=186
738. User-Name = "markus@kl-dfki.de"
739. NAS-IP-Address = 172.16.18.82
740. NAS-Port = 1
741. Called-Station-Id = "4C-E6-76-CC-54-C7:OpenURC"
742. Calling-Station-Id = "00-24-2C-2A-F9-89"
743. Framed-MTU = 1400
744. NAS-Port-Type = Wireless-802.11
745. Connect-Info = "CONNECT 54Mbps 802.11g"
746. EAP-Message = 0x020a00061900
747. State = 0xbd14c6c2b91edfa7a4efca0ea3eef625
748. Message-Authenticator = 0x363fd9e959d2bfb32a6555ab233a8798
749. Proxy-State = 0x3431
750. Proxy-State = 0x313435
751. # Executing section authorize from file /etc/freeradius/sites-enabled/default
752. +- entering group authorize {...}
753. ++[preprocess] returns ok
754. [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
755. [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
756. [auth_log] expand: %t -> Wed Oct 10 14:33:38 2012
757. ++[auth_log] returns ok
758. ++[mschap] returns noop
759. ++[digest] returns noop
760. [suffix] Looking up realm "kl-dfki.de" for User-Name = "markus@kl-dfki.de"
761. [suffix] Found realm "kl-dfki.de"
762. [suffix] Adding Stripped-User-Name = "markus"
763. [suffix] Adding Realm = "kl-dfki.de"
764. [suffix] Authentication realm is LOCAL.
765. ++[suffix] returns ok
766. [eap] EAP packet type response id 10 length 6
767. [eap] Continuing tunnel setup.
768. ++[eap] returns ok
769. Found Auth-Type = EAP
770. # Executing group from file /etc/freeradius/sites-enabled/default
771. +- entering group authenticate {...}
772. [eap] Request found, released from the list
773. [eap] EAP/peap
774. [eap] processing type peap
775. [peap] processing EAP-TLS
776. [peap] Received TLS ACK
777. [peap] ACK handshake is finished
778. [peap] eaptls_verify returned 3
779. [peap] eaptls_process returned 3
780. [peap] EAPTLS_SUCCESS
781. [peap] Session established. Decoding tunneled attributes.
782. [peap] Peap state TUNNEL ESTABLISHED
783. ++[eap] returns handled
784. Sending Access-Challenge of id 21 to 172.16.3.225 port 1814
785. EAP-Message = 0x010b002b19001703010020dfb9390fbb1f525218dd469968c68ec210efc73324abc99c584eaa342165433c
786. Message-Authenticator = 0x00000000000000000000000000000000
787. State = 0xbd14c6c2b81fdfa7a4efca0ea3eef625
788. Proxy-State = 0x3431
789. Proxy-State = 0x313435
790. Finished request 5.
791. Going to the next request
792. Waking up in 4.9 seconds.
793. rad_recv: Access-Request packet from host 172.16.3.225 port 1814, id=173, length=230
794. User-Name = "markus@kl-dfki.de"
795. NAS-IP-Address = 172.16.18.82
796. NAS-Port = 1
797. Called-Station-Id = "4C-E6-76-CC-54-C7:OpenURC"
798. Calling-Station-Id = "00-24-2C-2A-F9-89"
799. Framed-MTU = 1400
800. NAS-Port-Type = Wireless-802.11
801. Connect-Info = "CONNECT 54Mbps 802.11g"
802. EAP-Message = 0x020b00331900170301002819c6e29242e49dacbde95dcced1a40d20412b42ce84efdf7e189599de1436bf1538f8263c50e645b
803. State = 0xbd14c6c2b81fdfa7a4efca0ea3eef625
804. Message-Authenticator = 0x4681dc3b23c6df583d389258d40c55bb
805. Proxy-State = 0x3432
806. Proxy-State = 0x3135
807. # Executing section authorize from file /etc/freeradius/sites-enabled/default
808. +- entering group authorize {...}
809. ++[preprocess] returns ok
810. [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
811. [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
812. [auth_log] expand: %t -> Wed Oct 10 14:33:38 2012
813. ++[auth_log] returns ok
814. ++[mschap] returns noop
815. ++[digest] returns noop
816. [suffix] Looking up realm "kl-dfki.de" for User-Name = "markus@kl-dfki.de"
817. [suffix] Found realm "kl-dfki.de"
818. [suffix] Adding Stripped-User-Name = "markus"
819. [suffix] Adding Realm = "kl-dfki.de"
820. [suffix] Authentication realm is LOCAL.
821. ++[suffix] returns ok
822. [eap] EAP packet type response id 11 length 51
823. [eap] Continuing tunnel setup.
824. ++[eap] returns ok
825. Found Auth-Type = EAP
826. # Executing group from file /etc/freeradius/sites-enabled/default
827. +- entering group authenticate {...}
828. [eap] Request found, released from the list
829. [eap] EAP/peap
830. [eap] processing type peap
831. [peap] processing EAP-TLS
832. [peap] eaptls_verify returned 7
833. [peap] Done initial handshake
834. [peap] eaptls_process returned 7
835. [peap] EAPTLS_OK
836. [peap] Session established. Decoding tunneled attributes.
837. [peap] Peap state WAITING FOR INNER IDENTITY
838. [peap] Identity - markus@kl-dfki.de
839. [peap] Got inner identity 'markus@kl-dfki.de'
840. [peap] Setting default EAP type for tunneled EAP session.
841. [peap] Got tunneled request
842. EAP-Message = 0x020b0016016d61726b7573406b6c2d64666b692e6465
843. server {
844. PEAP: Setting User-Name to markus@kl-dfki.de
845. Sending tunneled request
846. EAP-Message = 0x020b0016016d61726b7573406b6c2d64666b692e6465
847. FreeRADIUS-Proxied-To = 127.0.0.1
848. User-Name = "markus@kl-dfki.de"
849. NAS-IP-Address = 172.16.18.82
850. NAS-Port = 1
851. Called-Station-Id = "4C-E6-76-CC-54-C7:OpenURC"
852. Calling-Station-Id = "00-24-2C-2A-F9-89"
853. Framed-MTU = 1400
854. NAS-Port-Type = Wireless-802.11
855. Connect-Info = "CONNECT 54Mbps 802.11g"
856. server inner-tunnel {
857. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
858. +- entering group authorize {...}
859. ++[mschap] returns noop
860. [suffix] Looking up realm "kl-dfki.de" for User-Name = "markus@kl-dfki.de"
861. [suffix] Found realm "kl-dfki.de"
862. [suffix] Adding Stripped-User-Name = "markus"
863. [suffix] Adding Realm = "kl-dfki.de"
864. [suffix] Authentication realm is LOCAL.
865. ++[suffix] returns ok
866. ++[control] returns ok
867. [eap] EAP packet type response id 11 length 22
868. [eap] No EAP Start, assuming it's an on-going EAP conversation
869. ++[eap] returns updated
870. ++[files] returns noop
871. [sql] expand: %{Stripped-User-Name} -> markus
872. [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> markus
873. [sql] sql_set_user escaped user --> 'markus'
874. rlm_sql (sql): Reserving sql socket id: 2
875. [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'markus' ORDER BY id
876. [sql] User found in radcheck table
877. [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'markus' ORDER BY id
878. [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'markus' ORDER BY priority
879. rlm_sql (sql): Released sql socket id: 2
880. ++[sql] returns ok
881. ++[expiration] returns noop
882. ++[logintime] returns noop
883. Found Auth-Type = EAP
884. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
885. +- entering group authenticate {...}
886. [eap] EAP Identity
887. [eap] processing type mschapv2
888. rlm_eap_mschapv2: Issuing Challenge
889. ++[eap] returns handled
890. } # server inner-tunnel
891. [peap] Got tunneled reply code 11
892. EAP-Message = 0x010c002b1a010c002610dff330499f0888961177e7d367fda8a76d61726b7573406b6c2d64666b692e6465
893. Message-Authenticator = 0x00000000000000000000000000000000
894. State = 0xbc13db05bc1fc1d3c3eff3a8118293e8
895. [peap] Got tunneled reply RADIUS code 11
896. EAP-Message = 0x010c002b1a010c002610dff330499f0888961177e7d367fda8a76d61726b7573406b6c2d64666b692e6465
897. Message-Authenticator = 0x00000000000000000000000000000000
898. State = 0xbc13db05bc1fc1d3c3eff3a8118293e8
899. [peap] Got tunneled Access-Challenge
900. ++[eap] returns handled
901. Sending Access-Challenge of id 173 to 172.16.3.225 port 1814
902. EAP-Message = 0x010c004b19001703010040b79adadf8d5cb5d88870b5783adf0196322e2d7567f69159df3571676eaee865c6fe637288f35c29646f9d4f9d3f039e812003d257a8f490acecdb38336d8cac
903. Message-Authenticator = 0x00000000000000000000000000000000
904. State = 0xbd14c6c2bb18dfa7a4efca0ea3eef625
905. Proxy-State = 0x3432
906. Proxy-State = 0x3135
907. Finished request 6.
908. Going to the next request
909. Waking up in 4.9 seconds.
910. rad_recv: Access-Request packet from host 172.16.3.225 port 1814, id=18, length=286
911. User-Name = "markus@kl-dfki.de"
912. NAS-IP-Address = 172.16.18.82
913. NAS-Port = 1
914. Called-Station-Id = "4C-E6-76-CC-54-C7:OpenURC"
915. Calling-Station-Id = "00-24-2C-2A-F9-89"
916. Framed-MTU = 1400
917. NAS-Port-Type = Wireless-802.11
918. Connect-Info = "CONNECT 54Mbps 802.11g"
919. EAP-Message = 0x020c006b1900170301006080fe867c0feee663e9a5c8b7260d6a4bd5e54f777bfcc846dc7f8da84c01dd9dd39ced0ada46bc6ddb428ad97f50e7f8483153ae8b09dc58d4dd1cf85d4b18ded79e222a7e8d71f3adb9be5a0ac61ecbe5672bfa31b2999fcb00944c76831b08
920. State = 0xbd14c6c2bb18dfa7a4efca0ea3eef625
921. Message-Authenticator = 0x917259924db687a9c48331c16f1f5783
922. Proxy-State = 0x3433
923. Proxy-State = 0x3836
924. # Executing section authorize from file /etc/freeradius/sites-enabled/default
925. +- entering group authorize {...}
926. ++[preprocess] returns ok
927. [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
928. [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
929. [auth_log] expand: %t -> Wed Oct 10 14:33:38 2012
930. ++[auth_log] returns ok
931. ++[mschap] returns noop
932. ++[digest] returns noop
933. [suffix] Looking up realm "kl-dfki.de" for User-Name = "markus@kl-dfki.de"
934. [suffix] Found realm "kl-dfki.de"
935. [suffix] Adding Stripped-User-Name = "markus"
936. [suffix] Adding Realm = "kl-dfki.de"
937. [suffix] Authentication realm is LOCAL.
938. ++[suffix] returns ok
939. [eap] EAP packet type response id 12 length 107
940. [eap] Continuing tunnel setup.
941. ++[eap] returns ok
942. Found Auth-Type = EAP
943. # Executing group from file /etc/freeradius/sites-enabled/default
944. +- entering group authenticate {...}
945. [eap] Request found, released from the list
946. [eap] EAP/peap
947. [eap] processing type peap
948. [peap] processing EAP-TLS
949. [peap] eaptls_verify returned 7
950. [peap] Done initial handshake
951. [peap] eaptls_process returned 7
952. [peap] EAPTLS_OK
953. [peap] Session established. Decoding tunneled attributes.
954. [peap] Peap state phase2
955. [peap] EAP type mschapv2
956. [peap] Got tunneled request
957. EAP-Message = 0x020c004c1a020c004731d37619192b238a1d9e8f22f4a84f5cd1000000000000000064a56d5ac725ff35d8473e01a5b9b762f88251dfa7d921ca006d61726b7573406b6c2d64666b692e6465
958. server {
959. PEAP: Setting User-Name to markus@kl-dfki.de
960. Sending tunneled request
961. EAP-Message = 0x020c004c1a020c004731d37619192b238a1d9e8f22f4a84f5cd1000000000000000064a56d5ac725ff35d8473e01a5b9b762f88251dfa7d921ca006d61726b7573406b6c2d64666b692e6465
962. FreeRADIUS-Proxied-To = 127.0.0.1
963. User-Name = "markus@kl-dfki.de"
964. State = 0xbc13db05bc1fc1d3c3eff3a8118293e8
965. NAS-IP-Address = 172.16.18.82
966. NAS-Port = 1
967. Called-Station-Id = "4C-E6-76-CC-54-C7:OpenURC"
968. Calling-Station-Id = "00-24-2C-2A-F9-89"
969. Framed-MTU = 1400
970. NAS-Port-Type = Wireless-802.11
971. Connect-Info = "CONNECT 54Mbps 802.11g"
972. server inner-tunnel {
973. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
974. +- entering group authorize {...}
975. ++[mschap] returns noop
976. [suffix] Looking up realm "kl-dfki.de" for User-Name = "markus@kl-dfki.de"
977. [suffix] Found realm "kl-dfki.de"
978. [suffix] Adding Stripped-User-Name = "markus"
979. [suffix] Adding Realm = "kl-dfki.de"
980. [suffix] Authentication realm is LOCAL.
981. ++[suffix] returns ok
982. ++[control] returns ok
983. [eap] EAP packet type response id 12 length 76
984. [eap] No EAP Start, assuming it's an on-going EAP conversation
985. ++[eap] returns updated
986. ++[files] returns noop
987. [sql] expand: %{Stripped-User-Name} -> markus
988. [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> markus
989. [sql] sql_set_user escaped user --> 'markus'
990. rlm_sql (sql): Reserving sql socket id: 1
991. [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'markus' ORDER BY id
992. [sql] User found in radcheck table
993. [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'markus' ORDER BY id
994. [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'markus' ORDER BY priority
995. rlm_sql (sql): Released sql socket id: 1
996. ++[sql] returns ok
997. ++[expiration] returns noop
998. ++[logintime] returns noop
999. Found Auth-Type = EAP
1000. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
1001. +- entering group authenticate {...}
1002. [eap] Request found, released from the list
1003. [eap] EAP/mschapv2
1004. [eap] processing type mschapv2
1005. [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
1006. [mschapv2] +- entering group MS-CHAP {...}
1007. [mschap] Creating challenge hash with username: markus@kl-dfki.de
1008. [mschap] Told to do MS-CHAPv2 for markus@kl-dfki.de with NT-Password
1009. [mschap] adding MS-CHAPv2 MPPE keys
1010. ++[mschap] returns ok
1011. MSCHAP Success
1012. ++[eap] returns handled
1013. } # server inner-tunnel
1014. [peap] Got tunneled reply code 11
1015. EAP-Message = 0x010d00331a030c002e533d43384334393446454633313434323338363345413644453738434230383845343445353431373739
1016. Message-Authenticator = 0x00000000000000000000000000000000
1017. State = 0xbc13db05bd1ec1d3c3eff3a8118293e8
1018. [peap] Got tunneled reply RADIUS code 11
1019. EAP-Message = 0x010d00331a030c002e533d43384334393446454633313434323338363345413644453738434230383845343445353431373739
1020. Message-Authenticator = 0x00000000000000000000000000000000
1021. State = 0xbc13db05bd1ec1d3c3eff3a8118293e8
1022. [peap] Got tunneled Access-Challenge
1023. ++[eap] returns handled
1024. Sending Access-Challenge of id 18 to 172.16.3.225 port 1814
1025. EAP-Message = 0x010d005319001703010048218e2326e06471b07ba743719f2d8325a00fcb24a27225d21f80d657186ce4980527ff86b25c10950fa55cf9ad3fdf768f1ffe419a700668c6546c586b6d62a2765276083b726777
1026. Message-Authenticator = 0x00000000000000000000000000000000
1027. State = 0xbd14c6c2ba19dfa7a4efca0ea3eef625
1028. Proxy-State = 0x3433
1029. Proxy-State = 0x3836
1030. Finished request 7.
1031. Going to the next request
1032. Waking up in 4.9 seconds.
1033. rad_recv: Access-Request packet from host 172.16.3.225 port 1814, id=212, length=215
1034. User-Name = "markus@kl-dfki.de"
1035. NAS-IP-Address = 172.16.18.82
1036. NAS-Port = 1
1037. Called-Station-Id = "4C-E6-76-CC-54-C7:OpenURC"
1038. Calling-Station-Id = "00-24-2C-2A-F9-89"
1039. Framed-MTU = 1400
1040. NAS-Port-Type = Wireless-802.11
1041. Connect-Info = "CONNECT 54Mbps 802.11g"
1042. EAP-Message = 0x020d002319001703010018c7d47c7efec6b3cee59b0b2151a6a9fb01e8f4a7bf72394b
1043. State = 0xbd14c6c2ba19dfa7a4efca0ea3eef625
1044. Message-Authenticator = 0xb14dd8164450f3cbf6a6ea80bbf600cc
1045. Proxy-State = 0x3434
1046. Proxy-State = 0x323331
1047. # Executing section authorize from file /etc/freeradius/sites-enabled/default
1048. +- entering group authorize {...}
1049. ++[preprocess] returns ok
1050. [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
1051. [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
1052. [auth_log] expand: %t -> Wed Oct 10 14:33:38 2012
1053. ++[auth_log] returns ok
1054. ++[mschap] returns noop
1055. ++[digest] returns noop
1056. [suffix] Looking up realm "kl-dfki.de" for User-Name = "markus@kl-dfki.de"
1057. [suffix] Found realm "kl-dfki.de"
1058. [suffix] Adding Stripped-User-Name = "markus"
1059. [suffix] Adding Realm = "kl-dfki.de"
1060. [suffix] Authentication realm is LOCAL.
1061. ++[suffix] returns ok
1062. [eap] EAP packet type response id 13 length 35
1063. [eap] Continuing tunnel setup.
1064. ++[eap] returns ok
1065. Found Auth-Type = EAP
1066. # Executing group from file /etc/freeradius/sites-enabled/default
1067. +- entering group authenticate {...}
1068. [eap] Request found, released from the list
1069. [eap] EAP/peap
1070. [eap] processing type peap
1071. [peap] processing EAP-TLS
1072. [peap] eaptls_verify returned 7
1073. [peap] Done initial handshake
1074. [peap] eaptls_process returned 7
1075. [peap] EAPTLS_OK
1076. [peap] Session established. Decoding tunneled attributes.
1077. [peap] Peap state phase2
1078. [peap] EAP type mschapv2
1079. [peap] Got tunneled request
1080. EAP-Message = 0x020d00061a03
1081. server {
1082. PEAP: Setting User-Name to markus@kl-dfki.de
1083. Sending tunneled request
1084. EAP-Message = 0x020d00061a03
1085. FreeRADIUS-Proxied-To = 127.0.0.1
1086. User-Name = "markus@kl-dfki.de"
1087. State = 0xbc13db05bd1ec1d3c3eff3a8118293e8
1088. NAS-IP-Address = 172.16.18.82
1089. NAS-Port = 1
1090. Called-Station-Id = "4C-E6-76-CC-54-C7:OpenURC"
1091. Calling-Station-Id = "00-24-2C-2A-F9-89"
1092. Framed-MTU = 1400
1093. NAS-Port-Type = Wireless-802.11
1094. Connect-Info = "CONNECT 54Mbps 802.11g"
1095. server inner-tunnel {
1096. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
1097. +- entering group authorize {...}
1098. ++[mschap] returns noop
1099. [suffix] Looking up realm "kl-dfki.de" for User-Name = "markus@kl-dfki.de"
1100. [suffix] Found realm "kl-dfki.de"
1101. [suffix] Adding Stripped-User-Name = "markus"
1102. [suffix] Adding Realm = "kl-dfki.de"
1103. [suffix] Authentication realm is LOCAL.
1104. ++[suffix] returns ok
1105. ++[control] returns ok
1106. [eap] EAP packet type response id 13 length 6
1107. [eap] No EAP Start, assuming it's an on-going EAP conversation
1108. ++[eap] returns updated
1109. ++[files] returns noop
1110. [sql] expand: %{Stripped-User-Name} -> markus
1111. [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> markus
1112. [sql] sql_set_user escaped user --> 'markus'
1113. rlm_sql (sql): Reserving sql socket id: 0
1114. [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'markus' ORDER BY id
1115. [sql] User found in radcheck table
1116. [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'markus' ORDER BY id
1117. [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'markus' ORDER BY priority
1118. rlm_sql (sql): Released sql socket id: 0
1119. ++[sql] returns ok
1120. ++[expiration] returns noop
1121. ++[logintime] returns noop
1122. Found Auth-Type = EAP
1123. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
1124. +- entering group authenticate {...}
1125. [eap] Request found, released from the list
1126. [eap] EAP/mschapv2
1127. [eap] processing type mschapv2
1128. [eap] Freeing handler
1129. ++[eap] returns ok
1130. WARNING: Empty post-auth section. Using default return values.
1131. # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
1132. } # server inner-tunnel
1133. [peap] Got tunneled reply code 2
1134. MS-MPPE-Encryption-Policy = 0x00000001
1135. MS-MPPE-Encryption-Types = 0x00000006
1136. MS-MPPE-Send-Key = 0xfdb1b0daec75e2fc02fd948810c5e66b
1137. MS-MPPE-Recv-Key = 0xbf96319899b9f1a859df71230454d6b5
1138. EAP-Message = 0x030d0004
1139. Message-Authenticator = 0x00000000000000000000000000000000
1140. User-Name = "markus"
1141. [peap] Got tunneled reply RADIUS code 2
1142. MS-MPPE-Encryption-Policy = 0x00000001
1143. MS-MPPE-Encryption-Types = 0x00000006
1144. MS-MPPE-Send-Key = 0xfdb1b0daec75e2fc02fd948810c5e66b
1145. MS-MPPE-Recv-Key = 0xbf96319899b9f1a859df71230454d6b5
1146. EAP-Message = 0x030d0004
1147. Message-Authenticator = 0x00000000000000000000000000000000
1148. User-Name = "markus"
1149. [peap] Tunneled authentication was successful.
1150. [peap] SUCCESS
1151. [peap] Saving tunneled attributes for later
1152. ++[eap] returns handled
1153. Sending Access-Challenge of id 212 to 172.16.3.225 port 1814
1154. EAP-Message = 0x010e002b190017030100207b41f9f268d1c6d52ed4ac639296a1b981e6e3966262909f58a2b5fb90d8984d
1155. Message-Authenticator = 0x00000000000000000000000000000000
1156. State = 0xbd14c6c2b51adfa7a4efca0ea3eef625
1157. Proxy-State = 0x3434
1158. Proxy-State = 0x323331
1159. Finished request 8.
1160. Going to the next request
1161. Waking up in 4.9 seconds.
1162. rad_recv: Access-Request packet from host 172.16.3.225 port 1814, id=58, length=223
1163. User-Name = "markus@kl-dfki.de"
1164. NAS-IP-Address = 172.16.18.82
1165. NAS-Port = 1
1166. Called-Station-Id = "4C-E6-76-CC-54-C7:OpenURC"
1167. Calling-Station-Id = "00-24-2C-2A-F9-89"
1168. Framed-MTU = 1400
1169. NAS-Port-Type = Wireless-802.11
1170. Connect-Info = "CONNECT 54Mbps 802.11g"
1171. EAP-Message = 0x020e002b19001703010020e45d47b3679ba850d20f535b695395ecc7d20eac30d8516bdbd4ef36c92b824d
1172. State = 0xbd14c6c2b51adfa7a4efca0ea3eef625
1173. Message-Authenticator = 0x19a3643a556af28f90dfe535b826023a
1174. Proxy-State = 0x3435
1175. Proxy-State = 0x313437
1176. # Executing section authorize from file /etc/freeradius/sites-enabled/default
1177. +- entering group authorize {...}
1178. ++[preprocess] returns ok
1179. [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
1180. [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.16.3.225/auth-detail-20121010
1181. [auth_log] expand: %t -> Wed Oct 10 14:33:38 2012
1182. ++[auth_log] returns ok
1183. ++[mschap] returns noop
1184. ++[digest] returns noop
1185. [suffix] Looking up realm "kl-dfki.de" for User-Name = "markus@kl-dfki.de"
1186. [suffix] Found realm "kl-dfki.de"
1187. [suffix] Adding Stripped-User-Name = "markus"
1188. [suffix] Adding Realm = "kl-dfki.de"
1189. [suffix] Authentication realm is LOCAL.
1190. ++[suffix] returns ok
1191. [eap] EAP packet type response id 14 length 43
1192. [eap] Continuing tunnel setup.
1193. ++[eap] returns ok
1194. Found Auth-Type = EAP
1195. # Executing group from file /etc/freeradius/sites-enabled/default
1196. +- entering group authenticate {...}
1197. [eap] Request found, released from the list
1198. [eap] EAP/peap
1199. [eap] processing type peap
1200. [peap] processing EAP-TLS
1201. [peap] eaptls_verify returned 7
1202. [peap] Done initial handshake
1203. [peap] eaptls_process returned 7
1204. [peap] EAPTLS_OK
1205. [peap] Session established. Decoding tunneled attributes.
1206. [peap] Peap state send tlv success
1207. [peap] Received EAP-TLV response.
1208. [peap] Success
1209. [peap] Using saved attributes from the original Access-Accept
1210. User-Name = "markus"
1211. [eap] Freeing handler
1212. ++[eap] returns ok
1213. # Executing section post-auth from file /etc/freeradius/sites-enabled/default
1214. +- entering group post-auth {...}
1215. ++[exec] returns noop
1216. Sending Access-Accept of id 58 to 172.16.3.225 port 1814
1217. User-Name = "markus"
1218. MS-MPPE-Recv-Key = 0x26c83d9577f8e06537d0b2d74ffd6194175771c85f16ff741e3178cba1b6cfb4
1219. MS-MPPE-Send-Key = 0x54375696e746e92edc43738d5f266116756be409d577ebbb3c769b456fa34f77
1220. EAP-Message = 0x030e0004
1221. Message-Authenticator = 0x00000000000000000000000000000000
1222. Proxy-State = 0x3435
1223. Proxy-State = 0x313437
1224. Finished request 9.
1225. Going to the next request
1226. Waking up in 4.9 seconds.
1227. Cleaning up request 0 ID 205 with timestamp +16
1228. Cleaning up request 1 ID 160 with timestamp +16
1229. Cleaning up request 2 ID 74 with timestamp +16
1230. Cleaning up request 3 ID 165 with timestamp +16
1231. Cleaning up request 4 ID 87 with timestamp +16
1232. Cleaning up request 5 ID 21 with timestamp +16
1233. Cleaning up request 6 ID 173 with timestamp +16
1234. Cleaning up request 7 ID 18 with timestamp +16
1235. Cleaning up request 8 ID 212 with timestamp +16
1236. Cleaning up request 9 ID 58 with timestamp +16
1237. Ready to process requests.