FreeRADIUS Output

1. login as: root
2. Authenticating with public key "FBMI radius Pass Phrase" from agent
3. Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-45-generic x86_64)
4.  
5.  * Documentation:  https://help.ubuntu.com
6.  * Management:     https://landscape.canonical.com
7.  * Support:        https://ubuntu.com/advantage
8.  
9. Last login: Wed Nov  2 11:25:05 2016 from 10.168.108.41
10. root@penguin:~# samba -V
11. Version 4.3.11-Ubuntu
12. root@penguin:~# radiusd -X
13. FreeRADIUS Version 3.0.12
14. Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
15. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
16. PARTICULAR PURPOSE
17. You may redistribute copies of FreeRADIUS under the terms of the
18. GNU General Public License
19. For more information about these matters, see the file named COPYRIGHT
20. Starting - reading configuration files ...
21. including dictionary file /usr/local/share/freeradius/dictionary
22. including dictionary file /usr/local/share/freeradius/dictionary.dhcp
23. including dictionary file /usr/local/share/freeradius/dictionary.vqp
24. including dictionary file /usr/local/etc/raddb/dictionary
25. including configuration file /usr/local/etc/raddb/radiusd.conf
26. including configuration file /usr/local/etc/raddb/proxy.conf
27. including configuration file /usr/local/etc/raddb/clients.conf
28. including files in directory /usr/local/etc/raddb/mods-enabled/
29. including configuration file /usr/local/etc/raddb/mods-enabled/digest
30. including configuration file /usr/local/etc/raddb/mods-enabled/passwd
31. including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth
32. including configuration file /usr/local/etc/raddb/mods-enabled/echo
33. including configuration file /usr/local/etc/raddb/mods-enabled/replicate
34. including configuration file /usr/local/etc/raddb/mods-enabled/soh
35. including configuration file /usr/local/etc/raddb/mods-enabled/chap
36. including configuration file /usr/local/etc/raddb/mods-enabled/files
37. including configuration file /usr/local/etc/raddb/mods-enabled/detail.log
38. including configuration file /usr/local/etc/raddb/mods-enabled/linelog
39. including configuration file /usr/local/etc/raddb/mods-enabled/logintime
40. including configuration file /usr/local/etc/raddb/mods-enabled/exec
41. including configuration file /usr/local/etc/raddb/mods-enabled/dhcp
42. including configuration file /usr/local/etc/raddb/mods-enabled/radutmp
43. including configuration file /usr/local/etc/raddb/mods-enabled/mschap_hbs
44. including configuration file /usr/local/etc/raddb/mods-enabled/unpack
45. including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter
46. including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients
47. including configuration file /usr/local/etc/raddb/mods-enabled/eap
48. including configuration file /usr/local/etc/raddb/mods-enabled/mschap_hac
49. including configuration file /usr/local/etc/raddb/mods-enabled/ldap
50. including configuration file /usr/local/etc/raddb/mods-enabled/unix
51. including configuration file /usr/local/etc/raddb/mods-enabled/mschap_fbc
52. including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap
53. including configuration file /usr/local/etc/raddb/mods-enabled/expiration
54. including configuration file /usr/local/etc/raddb/mods-enabled/expr
55. including configuration file /usr/local/etc/raddb/mods-enabled/realm
56. including configuration file /usr/local/etc/raddb/mods-enabled/preprocess
57. including configuration file /usr/local/etc/raddb/mods-enabled/always
58. including configuration file /usr/local/etc/raddb/mods-enabled/mschap_cbs
59. including configuration file /usr/local/etc/raddb/mods-enabled/date
60. including configuration file /usr/local/etc/raddb/mods-enabled/utf8
61. including configuration file /usr/local/etc/raddb/mods-enabled/pap
62. including configuration file /usr/local/etc/raddb/mods-enabled/detail
63. including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp
64. including files in directory /usr/local/etc/raddb/policy.d/
65. including configuration file /usr/local/etc/raddb/policy.d/debug
66. including configuration file /usr/local/etc/raddb/policy.d/control
67. including configuration file /usr/local/etc/raddb/policy.d/filter
68. including configuration file /usr/local/etc/raddb/policy.d/moonshot-targeted-ids
69. including configuration file /usr/local/etc/raddb/policy.d/canonicalization
70. including configuration file /usr/local/etc/raddb/policy.d/dhcp
71. including configuration file /usr/local/etc/raddb/policy.d/accounting
72. including configuration file /usr/local/etc/raddb/policy.d/cui
73. including configuration file /usr/local/etc/raddb/policy.d/eap
74. including configuration file /usr/local/etc/raddb/policy.d/operator-name
75. including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
76. including files in directory /usr/local/etc/raddb/sites-enabled/
77. including configuration file /usr/local/etc/raddb/sites-enabled/default
78. including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
79. main {
80.  security {
81.         allow_core_dumps = no
82.  }
83.         name = "radiusd"
84.         prefix = "/usr/local"
85.         localstatedir = "/usr/local/var"
86.         logdir = "/usr/local/var/log/radius"
87.         run_dir = "/usr/local/var/run/radiusd"
88. }
89. main {
90.         name = "radiusd"
91.         prefix = "/usr/local"
92.         localstatedir = "/usr/local/var"
93.         sbindir = "/usr/local/sbin"
94.         logdir = "/usr/local/var/log/radius"
95.         run_dir = "/usr/local/var/run/radiusd"
96.         libdir = "/usr/local/lib"
97.         radacctdir = "/usr/local/var/log/radius/radacct"
98.         hostname_lookups = no
99.         max_request_time = 30
100.         cleanup_delay = 5
101.         max_requests = 16384
102.         pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
103.         checkrad = "/usr/local/sbin/checkrad"
104.         debug_level = 0
105.         proxy_requests = yes
106.  log {
107.         stripped_names = no
108.         auth = no
109.         auth_badpass = no
110.         auth_goodpass = no
111.         colourise = yes
112.         msg_denied = "You are already logged in - access denied"
113.  }
114.  resources {
115.  }
116.  security {
117.         max_attributes = 200
118.         reject_delay = 1.000000
119.         status_server = yes
120.         allow_vulnerable_openssl = "CVE-2016-6304"
121.  }
122. }
123. radiusd: #### Loading Realms and Home Servers ####
124.  proxy server {
125.         retry_delay = 5
126.         retry_count = 3
127.         default_fallback = no
128.         dead_time = 120
129.         wake_all_if_all_dead = no
130.  }
131.  home_server localhost {
132.         ipaddr = 127.0.0.1
133.         port = 1812
134.         type = "auth"
135.         secret = <<< secret >>>
136.         response_window = 20.000000
137.         response_timeouts = 1
138.         max_outstanding = 65536
139.         zombie_period = 40
140.         status_check = "status-server"
141.         ping_interval = 30
142.         check_interval = 30
143.         check_timeout = 4
144.         num_answers_to_alive = 3
145.         revive_interval = 120
146.   limit {
147.         max_connections = 16
148.         max_requests = 0
149.         lifetime = 0
150.         idle_timeout = 0
151.   }
152.   coa {
153.         irt = 2
154.         mrt = 16
155.         mrc = 5
156.         mrd = 30
157.   }
158.  }
159.  home_server_pool my_auth_failover {
160.         type = fail-over
161.         home_server = localhost
162.  }
163.  realm example.com {
164.         auth_pool = my_auth_failover
165.  }
166.  realm LOCAL {
167.  }
168. radiusd: #### Loading Clients ####
169.  client Aruba {
170.         ipaddr = 10.168.149.99
171.         require_message_authenticator = no
172.         secret = <<< secret >>>
173.   limit {
174.         max_connections = 16
175.         lifetime = 0
176.         idle_timeout = 30
177.   }
178.  }
179.  client localhost {
180.         ipaddr = 127.0.0.1
181.         require_message_authenticator = no
182.         secret = <<< secret >>>
183.         nas_type = "other"
184.         proto = "*"
185.   limit {
186.         max_connections = 16
187.         lifetime = 0
188.         idle_timeout = 30
189.   }
190.  }
191.  client localhost_ipv6 {
192.         ipv6addr = ::1
193.         require_message_authenticator = no
194.         secret = <<< secret >>>
195.   limit {
196.         max_connections = 16
197.         lifetime = 0
198.         idle_timeout = 30
199.   }
200.  }
201. Debugger not attached
202.  # Creating Auth-Type = digest
203.  # Creating Auth-Type = eap
204.  # Creating Auth-Type = PAP
205.  # Creating Auth-Type = CHAP
206.  # Creating Auth-Type = MS-CHAP
207.  # Creating Auth-Type = LDAP
208. radiusd: #### Instantiating modules ####
209.  modules {
210.   # Loaded module rlm_digest
211.   # Loading module "digest" from file /usr/local/etc/raddb/mods-enabled/digest
212.   # Loaded module rlm_passwd
213.   # Loading module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/pass                                                                                                                                                             wd
214.   passwd etc_passwd {
215.         filename = "/etc/passwd"
216.         format = "*User-Name:Crypt-Password:"
217.         delimiter = ":"
218.         ignore_nislike = no
219.         ignore_empty = yes
220.         allow_multiple_keys = no
221.         hash_size = 100
222.   }
223.   # Loaded module rlm_exec
224.   # Loading module "ntlm_auth1" from file /usr/local/etc/raddb/mods-enabled/ntlm                                                                                                                                                             _auth
225.   exec ntlm_auth1 {
226.         wait = yes
227.         program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --usern                                                                                                                                                             ame=%{mschap_fbc:User-Name} --password=%{User-Password}"
228.         shell_escape = yes
229.   }
230.   # Loading module "echo" from file /usr/local/etc/raddb/mods-enabled/echo
231.   exec echo {
232.         wait = yes
233.         program = "/bin/echo %{User-Name}"
234.         input_pairs = "request"
235.         output_pairs = "reply"
236.         shell_escape = yes
237.   }
238.   # Loaded module rlm_replicate
239.   # Loading module "replicate" from file /usr/local/etc/raddb/mods-enabled/repli                                                                                                                                                             cate
240.   # Loaded module rlm_soh
241.   # Loading module "soh" from file /usr/local/etc/raddb/mods-enabled/soh
242.   soh {
243.         dhcp = yes
244.   }
245.   # Loaded module rlm_chap
246.   # Loading module "chap" from file /usr/local/etc/raddb/mods-enabled/chap
247.   # Loaded module rlm_files
248.   # Loading module "files" from file /usr/local/etc/raddb/mods-enabled/files
249.   files {
250.         filename = "/usr/local/etc/raddb/mods-config/files/authorize"
251.         acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting"
252.         preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy"
253.   }
254.   # Loaded module rlm_detail
255.   # Loading module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail                                                                                                                                                             .log
256.   detail auth_log {
257.         filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}                                                                                                                                                             :-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
258.         header = "%t"
259.         permissions = 384
260.         locking = no
261.         escape_filenames = no
262.         log_packet_header = no
263.   }
264.   # Loading module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detai                                                                                                                                                             l.log
265.   detail reply_log {
266.         filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}                                                                                                                                                             :-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
267.         header = "%t"
268.         permissions = 384
269.         locking = no
270.         escape_filenames = no
271.         log_packet_header = no
272.   }
273.   # Loading module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/d                                                                                                                                                             etail.log
274.   detail pre_proxy_log {
275.         filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}                                                                                                                                                             :-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
276.         header = "%t"
277.         permissions = 384
278.         locking = no
279.         escape_filenames = no
280.         log_packet_header = no
281.   }
282.   # Loading module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/                                                                                                                                                             detail.log
283.   detail post_proxy_log {
284.         filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}                                                                                                                                                             :-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
285.         header = "%t"
286.         permissions = 384
287.         locking = no
288.         escape_filenames = no
289.         log_packet_header = no
290.   }
291.   # Loaded module rlm_linelog
292.   # Loading module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog
293.   linelog {
294.         filename = "/usr/local/var/log/radius/linelog"
295.         escape_filenames = no
296.         syslog_severity = "info"
297.         permissions = 384
298.         format = "This is a log message for %{User-Name}"
299.         reference = "messages.%{%{reply:Packet-Type}:-default}"
300.   }
301.   # Loading module "log_accounting" from file /usr/local/etc/raddb/mods-enabled/                                                                                                                                                             linelog
302.   linelog log_accounting {
303.         filename = "/usr/local/var/log/radius/linelog-accounting"
304.         escape_filenames = no
305.         syslog_severity = "info"
306.         permissions = 384
307.         format = ""
308.         reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
309.   }
310.   # Loaded module rlm_logintime
311.   # Loading module "logintime" from file /usr/local/etc/raddb/mods-enabled/login                                                                                                                                                             time
312.   logintime {
313.         minimum_timeout = 60
314.   }
315.   # Loading module "exec" from file /usr/local/etc/raddb/mods-enabled/exec
316.   exec {
317.         wait = no
318.         input_pairs = "request"
319.         shell_escape = yes
320.         timeout = 10
321.   }
322.   # Loaded module rlm_dhcp
323.   # Loading module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp
324.   # Loaded module rlm_radutmp
325.   # Loading module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp
326.   radutmp {
327.         filename = "/usr/local/var/log/radius/radutmp"
328.         username = "%{User-Name}"
329.         case_sensitive = yes
330.         check_with_nas = yes
331.         permissions = 384
332.         caller_id = yes
333.   }
334.   # Loaded module rlm_mschap
335.   # Loading module "mschap_hbs" from file /usr/local/etc/raddb/mods-enabled/msch                                                                                                                                                             ap_hbs
336.   mschap mschap_hbs {
337.         use_mppe = yes
338.         require_encryption = no
339.         require_strong = no
340.         with_ntdomain_hack = yes
341.         ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=hbs.fbcexample                                                                                                                                                             .com --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{                                                                                                                                                             mschap_hbs:Challenge}:-00} --nt-response=%{%{mschap_hbs:NT-Response}:-00} --requ                                                                                                                                                             ire-membership-of='fbcexample\\LDAP_WiFi'"
342.    passchange {
343.    }
344.         allow_retry = yes
345.   }
346.   # Loaded module rlm_unpack
347.   # Loading module "unpack" from file /usr/local/etc/raddb/mods-enabled/unpack
348.   # Loaded module rlm_attr_filter
349.   # Loading module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-                                                                                                                                                             enabled/attr_filter
350.   attr_filter attr_filter.post-proxy {
351.         filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy"
352.         key = "%{Realm}"
353.         relaxed = no
354.   }
355.   # Loading module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-e                                                                                                                                                             nabled/attr_filter
356.   attr_filter attr_filter.pre-proxy {
357.         filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy"
358.         key = "%{Realm}"
359.         relaxed = no
360.   }
361.   # Loading module "attr_filter.access_reject" from file /usr/local/etc/raddb/mo                                                                                                                                                             ds-enabled/attr_filter
362.   attr_filter attr_filter.access_reject {
363.         filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject"
364.         key = "%{User-Name}"
365.         relaxed = no
366.   }
367.   # Loading module "attr_filter.access_challenge" from file /usr/local/etc/raddb                                                                                                                                                             /mods-enabled/attr_filter
368.   attr_filter attr_filter.access_challenge {
369.         filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challeng                                                                                                                                                             e"
370.         key = "%{User-Name}"
371.         relaxed = no
372.   }
373.   # Loading module "attr_filter.accounting_response" from file /usr/local/etc/ra                                                                                                                                                             ddb/mods-enabled/attr_filter
374.   attr_filter attr_filter.accounting_response {
375.         filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_resp                                                                                                                                                             onse"
376.         key = "%{User-Name}"
377.         relaxed = no
378.   }
379.   # Loaded module rlm_dynamic_clients
380.   # Loading module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled                                                                                                                                                             /dynamic_clients
381.   # Loaded module rlm_eap
382.   # Loading module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
383.   eap {
384.         default_eap_type = "peap"
385.         timer_expire = 60
386.         ignore_unknown_eap_types = no
387.         cisco_accounting_username_bug = no
388.         max_sessions = 16384
389.   }
390.   # Loading module "mschap_hac" from file /usr/local/etc/raddb/mods-enabled/msch                                                                                                                                                             ap_hac
391.   mschap mschap_hac {
392.         use_mppe = yes
393.         require_encryption = no
394.         require_strong = no
395.         with_ntdomain_hack = yes
396.         ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=hac.fbcexample                                                                                                                                                             .com --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{                                                                                                                                                             mschap_hac:Challenge}:-00} --nt-response=%{%{mschap_hac:NT-Response}:-00}  --req                                                                                                                                                             uire-membership-of=fbcexample\\LDAP_WiFi"
397.    passchange {
398.    }
399.         allow_retry = yes
400.   }
401.   # Loaded module rlm_ldap
402.   # Loading module "ldap" from file /usr/local/etc/raddb/mods-enabled/ldap
403.   ldap {
404.         server = "10.168.109.12"
405.         identity = "CN=free radius,OU=Service Accounts,DC=fbcexample,DC=com"
406.         password = <<< secret >>>
407.    sasl {
408.    }
409.    user {
410.         scope = "sub"
411.         access_positive = yes
412.     sasl {
413.     }
414.    }
415.    group {
416.         filter = "(objectClass=posixGroup)"
417.         scope = "sub"
418.         name_attribute = "cn"
419.         membership_attribute = "memberOf"
420.         cacheable_name = no
421.         cacheable_dn = no
422.    }
423.    client {
424.         filter = "(objectClass=radiusClient)"
425.         scope = "sub"
426.         base_dn = "DC=fbcexample,DC=com"
427.    }
428.    profile {
429.    }
430.    options {
431.         ldap_debug = 40
432.         chase_referrals = yes
433.         rebind = yes
434.         net_timeout = 1
435.         res_timeout = 10
436.         srv_timelimit = 3
437.         idle = 60
438.         probes = 3
439.         interval = 3
440.    }
441.    tls {
442.         start_tls = no
443.    }
444.   }
445. Creating attribute LDAP-Group
446.   # Loaded module rlm_unix
447.   # Loading module "unix" from file /usr/local/etc/raddb/mods-enabled/unix
448.   unix {
449.         radwtmp = "/usr/local/var/log/radius/radwtmp"
450.   }
451. Creating attribute Unix-Group
452.   # Loading module "mschap_fbc" from file /usr/local/etc/raddb/mods-enabled/msch                                                                                                                                                             ap_fbc
453.   mschap mschap_fbc {
454.         use_mppe = yes
455.         require_encryption = no
456.         require_strong = no
457.         with_ntdomain_hack = yes
458.         ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=fbcexample --u                                                                                                                                                             sername=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap_f                                                                                                                                                             bc:Challenge}:-00} --nt-response=%{%{mschap_fbc:NT-Response}:-00}  --require-mem                                                                                                                                                             bership-of='fbcexample\\LDAP_WiFi'"
459.    passchange {
460.    }
461.         allow_retry = yes
462.   }
463.   # Loaded module rlm_cache
464.   # Loading module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache                                                                                                                                                             _eap
465.   cache cache_eap {
466.         driver = "rlm_cache_rbtree"
467.         key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
468.         ttl = 15
469.         max_entries = 0
470.         epoch = 0
471.         add_stats = no
472.   }
473.   # Loaded module rlm_expiration
474.   # Loading module "expiration" from file /usr/local/etc/raddb/mods-enabled/expi                                                                                                                                                             ration
475.   # Loaded module rlm_expr
476.   # Loading module "expr" from file /usr/local/etc/raddb/mods-enabled/expr
477.   expr {
478.         safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ                                                                                                                                                             0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
479.   }
480.   # Loaded module rlm_realm
481.   # Loading module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm
482.   realm IPASS {
483.         format = "prefix"
484.         delimiter = "/"
485.         ignore_default = no
486.         ignore_null = no
487.   }
488.   # Loading module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm
489.   realm suffix {
490.         format = "suffix"
491.         delimiter = "@"
492.         ignore_default = no
493.         ignore_null = no
494.   }
495.   # Loading module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/re                                                                                                                                                             alm
496.   realm realmpercent {
497.         format = "suffix"
498.         delimiter = "%"
499.         ignore_default = no
500.         ignore_null = no
501.   }
502.   # Loading module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm
503.   realm ntdomain {
504.         format = "prefix"
505.         delimiter = "\\"
506.        ignore_default = no
507.        ignore_null = no
508.  }
509.  # Loaded module rlm_preprocess
510.  # Loading module "preprocess" from file /usr/local/etc/raddb/mods-enabled/prep                                                                                                                                                             rocess
511.  preprocess {
512.        huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups"
513.        hints = "/usr/local/etc/raddb/mods-config/preprocess/hints"
514.        with_ascend_hack = no
515.        ascend_channels_per_line = 23
516.        with_ntdomain_hack = no
517.        with_specialix_jetstream_hack = no
518.        with_cisco_vsa_hack = no
519.        with_alvarion_vsa_hack = no
520.  }
521.  # Loaded module rlm_always
522.  # Loading module "reject" from file /usr/local/etc/raddb/mods-enabled/always
523.  always reject {
524.        rcode = "reject"
525.        simulcount = 0
526.        mpp = no
527.  }
528.  # Loading module "fail" from file /usr/local/etc/raddb/mods-enabled/always
529.  always fail {
530.        rcode = "fail"
531.        simulcount = 0
532.        mpp = no
533.  }
534.  # Loading module "ok" from file /usr/local/etc/raddb/mods-enabled/always
535.  always ok {
536.        rcode = "ok"
537.        simulcount = 0
538.        mpp = no
539.  }
540.  # Loading module "handled" from file /usr/local/etc/raddb/mods-enabled/always
541.  always handled {
542.        rcode = "handled"
543.        simulcount = 0
544.        mpp = no
545.  }
546.  # Loading module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
547.  always invalid {
548.        rcode = "invalid"
549.        simulcount = 0
550.        mpp = no
551.  }
552.  # Loading module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
553.  always userlock {
554.        rcode = "userlock"
555.        simulcount = 0
556.        mpp = no
557.  }
558.  # Loading module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
559.  always notfound {
560.        rcode = "notfound"
561.        simulcount = 0
562.        mpp = no
563.  }
564.  # Loading module "noop" from file /usr/local/etc/raddb/mods-enabled/always
565.  always noop {
566.        rcode = "noop"
567.        simulcount = 0
568.        mpp = no
569.  }
570.  # Loading module "updated" from file /usr/local/etc/raddb/mods-enabled/always
571.  always updated {
572.        rcode = "updated"
573.        simulcount = 0
574.        mpp = no
575.  }
576.  # Loading module "mschap_cbs" from file /usr/local/etc/raddb/mods-enabled/msch                                                                                                                                                             ap_cbs
577.  mschap mschap_cbs {
578.        use_mppe = yes
579.        require_encryption = no
580.        require_strong = no
581.        with_ntdomain_hack = yes
582.        ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=cbs.fbcexample                                                                                                                                                             .com --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{                                                                                                                                                             mschap_cbs:Challenge}:-00} --nt-response=%{%{mschap_cbs:NT-Response}:-00} --requ                                                                                                                                                             ire-membership-of='fbcexample\\LDAP_WiFi'"
583.   passchange {
584.   }
585.        allow_retry = yes
586.  }
587.  # Loaded module rlm_date
588.  # Loading module "date" from file /usr/local/etc/raddb/mods-enabled/date
589.  date {
590.        format = "%b %e %Y %H:%M:%S %Z"
591.  }
592.  # Loaded module rlm_utf8
593.  # Loading module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8
594.  # Loaded module rlm_pap
595.  # Loading module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
596.  pap {
597.        normalise = yes
598.  }
599.  # Loading module "detail" from file /usr/local/etc/raddb/mods-enabled/detail
600.  detail {
601.        filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}                                                                                                                                                             :-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
602.        header = "%t"
603.        permissions = 384
604.        locking = no
605.        escape_filenames = no
606.        log_packet_header = no
607.  }
608.  # Loading module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradut                                                                                                                                                             mp
609.  radutmp sradutmp {
610.        filename = "/usr/local/var/log/radius/sradutmp"
611.        username = "%{User-Name}"
612.        case_sensitive = yes
613.        check_with_nas = yes
614.        permissions = 420
615.        caller_id = no
616.  }
617.  instantiate {
618.  }
619.  # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enable                                                                                                                                                             d/passwd
620. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
621.  # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/fil                                                                                                                                                             es
622. reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize
623. reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting
624. reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy
625.  # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/                                                                                                                                                             detail.log
626. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail out                                                                                                                                                             put
627.  # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled                                                                                                                                                             /detail.log
628.  # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-ena                                                                                                                                                             bled/detail.log
629.  # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-en                                                                                                                                                             abled/detail.log
630.  # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/l                                                                                                                                                             inelog
631.  # Instantiating module "log_accounting" from file /usr/local/etc/raddb/mods-en                                                                                                                                                             abled/linelog
632.  # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled                                                                                                                                                             /logintime
633.  # Instantiating module "mschap_hbs" from file /usr/local/etc/raddb/mods-enable                                                                                                                                                             d/mschap_hbs
634. rlm_mschap (mschap_hbs): authenticating by calling 'ntlm_auth'
635.  # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb                                                                                                                                                             /mods-enabled/attr_filter
636. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/post-proxy
637.  # Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/                                                                                                                                                             mods-enabled/attr_filter
638. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/pre-proxy
639.  # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/ra                                                                                                                                                             ddb/mods-enabled/attr_filter
640. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_reject
641. [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "Free                                                                                                                                                             RADIUS-Response-Delay"  found in filter list for realm "DEFAULT".
642. [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "Free                                                                                                                                                             RADIUS-Response-Delay-USec"     found in filter list for realm "DEFAULT".
643.  # Instantiating module "attr_filter.access_challenge" from file /usr/local/etc                                                                                                                                                             /raddb/mods-enabled/attr_filter
644. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/access_challe                                                                                                                                                             nge
645.  # Instantiating module "attr_filter.accounting_response" from file /usr/local/                                                                                                                                                             etc/raddb/mods-enabled/attr_filter
646. reading pairlist file /usr/local/etc/raddb/mods-config/attr_filter/accounting_re                                                                                                                                                             sponse
647.  # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap
648.   # Linked to sub-module rlm_eap_md5
649.   # Linked to sub-module rlm_eap_leap
650.   # Linked to sub-module rlm_eap_gtc
651.   gtc {
652.        challenge = "Password: "
653.        auth_type = "PAP"
654.   }
655.   # Linked to sub-module rlm_eap_tls
656.   tls {
657.        tls = "tls-common"
658.   }
659.   tls-config tls-common {
660.        verify_depth = 0
661.        ca_path = "/usr/local/etc/raddb/certs"
662.        pem_file_type = yes
663.        private_key_file = "/usr/local/etc/raddb/certs/server.pem"
664.        certificate_file = "/usr/local/etc/raddb/certs/server.pem"
665.        ca_file = "/usr/local/etc/raddb/certs/ca.pem"
666.        private_key_password = <<< secret >>>
667.        dh_file = "/usr/local/etc/raddb/certs/dh"
668.        random_file = "/dev/urandom"
669.        fragment_size = 1024
670.        include_length = yes
671.        auto_chain = yes
672.        check_crl = no
673.        check_all_crl = no
674.        cipher_list = "DEFAULT"
675.        ecdh_curve = "prime256v1"
676.    cache {
677.        enable = yes
678.        lifetime = 24
679.        max_entries = 255
680.    }
681.    verify {
682.        skip_if_ocsp_ok = no
683.    }
684.    ocsp {
685.        enable = no
686.        override_cert_url = yes
687.        url = "http://127.0.0.1/ocsp/"
688.        use_nonce = yes
689.        timeout = 0
690.        softfail = no
691.    }
692.   }
693.   # Linked to sub-module rlm_eap_ttls
694.   ttls {
695.        tls = "tls-common"
696.        default_eap_type = "md5"
697.        copy_request_to_tunnel = no
698.        use_tunneled_reply = no
699.        virtual_server = "inner-tunnel"
700.        include_length = yes
701.        require_client_cert = no
702.   }
703. tls: Using cached TLS configuration from previous invocation
704.   # Linked to sub-module rlm_eap_peap
705.   peap {
706.        tls = "tls-common"
707.        default_eap_type = "mschapv2"
708.        copy_request_to_tunnel = no
709.        use_tunneled_reply = no
710.        proxy_tunneled_request_as_eap = yes
711.        virtual_server = "inner-tunnel"
712.        soh = no
713.        require_client_cert = no
714.   }
715. tls: Using cached TLS configuration from previous invocation
716.   # Linked to sub-module rlm_eap_mschapv2
717.   mschapv2 {
718.        with_ntdomain_hack = no
719.        send_error = no
720.   }
721.  # Instantiating module "mschap_hac" from file /usr/local/etc/raddb/mods-enable                                                                                                                                                             d/mschap_hac
722. rlm_mschap (mschap_hac): authenticating by calling 'ntlm_auth'
723.  # Instantiating module "ldap" from file /usr/local/etc/raddb/mods-enabled/ldap
724. rlm_ldap: libldap vendor: OpenLDAP, version: 20442
725.   accounting {
726.        reference = "%{tolower:type.%{Acct-Status-Type}}"
727.   }
728.   post-auth {
729.        reference = "."
730.   }
731. rlm_ldap (ldap): Initialising connection pool
732.   pool {
733.        start = 5
734.        min = 3
735.        max = 32
736.        spare = 10
737.        uses = 0
738.        lifetime = 0
739.        cleanup_interval = 30
740.        idle_timeout = 60
741.        retry_delay = 30
742.        spread = no
743.   }
744. rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
745. rlm_ldap (ldap): Connecting to ldap://10.168.109.12:389
746. rlm_ldap (ldap): Waiting for bind result...
747. rlm_ldap (ldap): Bind successful
748. rlm_ldap (ldap): Opening additional connection (1), 1 of 31 pending slots used
749. rlm_ldap (ldap): Connecting to ldap://10.168.109.12:389
750. rlm_ldap (ldap): Waiting for bind result...
751. rlm_ldap (ldap): Bind successful
752. rlm_ldap (ldap): Opening additional connection (2), 1 of 30 pending slots used
753. rlm_ldap (ldap): Connecting to ldap://10.168.109.12:389
754. rlm_ldap (ldap): Waiting for bind result...
755. rlm_ldap (ldap): Bind successful
756. rlm_ldap (ldap): Opening additional connection (3), 1 of 29 pending slots used
757. rlm_ldap (ldap): Connecting to ldap://10.168.109.12:389
758. rlm_ldap (ldap): Waiting for bind result...
759. rlm_ldap (ldap): Bind successful
760. rlm_ldap (ldap): Opening additional connection (4), 1 of 28 pending slots used
761. rlm_ldap (ldap): Connecting to ldap://10.168.109.12:389
762. rlm_ldap (ldap): Waiting for bind result...
763. rlm_ldap (ldap): Bind successful
764.  # Instantiating module "mschap_fbc" from file /usr/local/etc/raddb/mods-enable                                                                                                                                                             d/mschap_fbc
765. rlm_mschap (mschap_fbc): authenticating by calling 'ntlm_auth'
766.  # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled                                                                                                                                                             /cache_eap
767. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded                                                                                                                                                              and linked
768.  # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enable                                                                                                                                                             d/expiration
769.  # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/rea                                                                                                                                                             lm
770.  # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/re                                                                                                                                                             alm
771.  # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enab                                                                                                                                                             led/realm
772.  # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/                                                                                                                                                             realm
773.  # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enable                                                                                                                                                             d/preprocess
774. reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups
775. reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints
776.  # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/al                                                                                                                                                             ways
777.  # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/alwa                                                                                                                                                             ys
778.  # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always
779.  # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/a                                                                                                                                                             lways
780.  # Instantiating module "invalid" from file /usr/local/etc/raddb/mods-enabled/a                                                                                                                                                             lways
781.  # Instantiating module "userlock" from file /usr/local/etc/raddb/mods-enabled/                                                                                                                                                             always
782.  # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/                                                                                                                                                             always
783.  # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/alwa                                                                                                                                                             ys
784.  # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/a                                                                                                                                                             lways
785.  # Instantiating module "mschap_cbs" from file /usr/local/etc/raddb/mods-enable                                                                                                                                                             d/mschap_cbs
786. rlm_mschap (mschap_cbs): authenticating by calling 'ntlm_auth'
787.  # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap
788.  # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/de                                                                                                                                                             tail
789. } # modules
790. radiusd: #### Loading Virtual Servers ####
791. server { # from file /usr/local/etc/raddb/radiusd.conf
792. } # server
793. server default { # from file /usr/local/etc/raddb/sites-enabled/default
794. # Loading authenticate {...}
795. # Loading authorize {...}
796. Ignoring "sql" (see raddb/mods-available/README.rst)
797. # Loading preacct {...}
798. # Loading accounting {...}
799. # Loading post-proxy {...}
800. # Loading post-auth {...}
801. } # server default
802. server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunne                                                                                                                                                             l
803. # Loading authenticate {...}
804. # Loading authorize {...}
805. # Loading session {...}
806. # Loading post-proxy {...}
807. # Loading post-auth {...}
808. } # server inner-tunnel
809. radiusd: #### Opening IP addresses and Ports ####
810. listen {
811.        type = "auth"
812.        ipaddr = *
813.        port = 0
814.   limit {
815.        max_connections = 16
816.        lifetime = 0
817.        idle_timeout = 30
818.   }
819. }
820. listen {
821.        type = "acct"
822.        ipaddr = *
823.        port = 0
824.   limit {
825.        max_connections = 16
826.        lifetime = 0
827.        idle_timeout = 30
828.   }
829. }
830. listen {
831.        type = "auth"
832.        ipv6addr = ::
833.        port = 0
834.   limit {
835.        max_connections = 16
836.        lifetime = 0
837.        idle_timeout = 30
838.   }
839. }
840. listen {
841.        type = "acct"
842.        ipv6addr = ::
843.        port = 0
844.   limit {
845.        max_connections = 16
846.        lifetime = 0
847.        idle_timeout = 30
848.   }
849. }
850. listen {
851.        type = "auth"
852.        ipaddr = 127.0.0.1
853.        port = 18120
854. }
855. Listening on auth address * port 1812 bound to server default
856. Listening on acct address * port 1813 bound to server default
857. Listening on auth address :: port 1812 bound to server default
858. Listening on acct address :: port 1813 bound to server default
859. Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
860. Listening on proxy address * port 51077
861. Listening on proxy address :: port 38969
862. Ready to process requests
863.  
864.  
865.  
866.  
867.  
868.  
869.  
870.  
871. DONE LOADING
872.  
873.  
874.  
875.  
876.  
877.  
878.  
879.  
880.  
881. (0) Received Access-Request Id 111 from 10.168.149.99:33240 to 10.168.109.39:1812 length 218
882. (0)   User-Name = "host/FBC-2007.fbcexample.com"
883. (0)   NAS-IP-Address = 10.168.149.99
884. (0)   NAS-Port = 0
885. (0)   NAS-Identifier = "10.168.149.99"
886. (0)   NAS-Port-Type = Wireless-802.11
887. (0)   Calling-Station-Id = "C0335E160E17"
888. (0)   Called-Station-Id = "000B866DC9CC"
889. (0)   Service-Type = Login-User
890. (0)   Framed-MTU = 1100
891. (0)   EAP-Message = 0x0201002101686f73742f4642432d323030372e66626368616d6d6f6e642e636f6d
892. (0)   Aruba-Essid-Name = "Testnet"
893. (0)   Aruba-Location-Id = "FBC-2103"
894. (0)   Aruba-AP-Group = "FBC"
895. (0)   Message-Authenticator = 0xe8156c70f328ebe0d03721fa4d256f73
896. (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
897. (0)   authorize {
898. (0)     policy filter_username {
899. (0)       if (&User-Name) {
900. (0)       if (&User-Name)  -> TRUE
901. (0)       if (&User-Name)  {
902. (0)         if (&User-Name =~ / /) {
903. (0)         if (&User-Name =~ / /)  -> FALSE
904. (0)         if (&User-Name =~ /@[^@]*@/ ) {
905. (0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
906. (0)         if (&User-Name =~ /\.\./ ) {
907. (0)         if (&User-Name =~ /\.\./ )  -> FALSE
908. (0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
909. (0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
910. (0)         if (&User-Name =~ /\.$/)  {
911. (0)         if (&User-Name =~ /\.$/)   -> FALSE
912. (0)         if (&User-Name =~ /@\./)  {
913. (0)         if (&User-Name =~ /@\./)   -> FALSE
914. (0)       } # if (&User-Name)  = notfound
915. (0)     } # policy filter_username = notfound
916. (0)     [preprocess] = ok
917. (0)     [chap] = noop
918. (0)     [mschap_fbc] = noop
919. (0)     [mschap_hac] = noop
920. (0)     [mschap_hbs] = noop
921. (0)     [mschap_cbs] = noop
922. (0)     [digest] = noop
923. (0) suffix: Checking for suffix after "@"
924. (0) suffix: No '@' in User-Name = "host/FBC-2007.fbcexample.com", looking up realm NULL
925. (0) suffix: No such realm "NULL"
926. (0)     [suffix] = noop
927. (0) eap: Peer sent EAP Response (code 2) ID 1 length 33
928. (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
929. (0)     [eap] = ok
930. (0)   } # authorize = ok
931. (0) Found Auth-Type = eap
932. (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
933. (0)   authenticate {
934. (0) eap: Peer sent packet with method EAP Identity (1)
935. (0) eap: Calling submodule eap_peap to process data
936. (0) eap_peap: Initiating new EAP-TLS session
937. (0) eap_peap: Flushing SSL sessions (of #0)
938. (0) eap_peap: [eaptls start] = request
939. (0) eap: Sending EAP Request (code 1) ID 2 length 6
940. (0) eap: EAP session adding &reply:State = 0x9c1879469c1a60a4
941. (0)     [eap] = handled
942. (0)   } # authenticate = handled
943. (0) Using Post-Auth-Type Challenge
944. (0) Post-Auth-Type sub-section not found.  Ignoring.
945. (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
946. (0) Sent Access-Challenge Id 111 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
947. (0)   EAP-Message = 0x010200061920
948. (0)   Message-Authenticator = 0x00000000000000000000000000000000
949. (0)   State = 0x9c1879469c1a60a4861a78f51320a634
950. (0) Finished request
951. Waking up in 4.9 seconds.
952. (1) Received Access-Request Id 112 from 10.168.149.99:33240 to 10.168.109.39:1812 length 385
953. (1)   User-Name = "host/FBC-2007.fbcexample.com"
954. (1)   NAS-IP-Address = 10.168.149.99
955. (1)   NAS-Port = 0
956. (1)   NAS-Identifier = "10.168.149.99"
957. (1)   NAS-Port-Type = Wireless-802.11
958. (1)   Calling-Station-Id = "C0335E160E17"
959. (1)   Called-Station-Id = "000B866DC9CC"
960. (1)   Service-Type = Login-User
961. (1)   Framed-MTU = 1100
962. (1)   EAP-Message = 0x020200b61980000000ac16030300a7010000a30303581a16368f6d2594d5faaee3731b97add7cce5976fd8c992a5699065bc384e7500003cc02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c01300390033009d009c003d003c0035002f000a006a004000380032001300050004010000
963. (1)   State = 0x9c1879469c1a60a4861a78f51320a634
964. (1)   Aruba-Essid-Name = "Testnet"
965. (1)   Aruba-Location-Id = "FBC-2103"
966. (1)   Aruba-AP-Group = "FBC"
967. (1)   Message-Authenticator = 0x87a1aa971c96a09b6b6f939431ecea10
968. (1) session-state: No cached attributes
969. (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
970. (1)   authorize {
971. (1)     policy filter_username {
972. (1)       if (&User-Name) {
973. (1)       if (&User-Name)  -> TRUE
974. (1)       if (&User-Name)  {
975. (1)         if (&User-Name =~ / /) {
976. (1)         if (&User-Name =~ / /)  -> FALSE
977. (1)         if (&User-Name =~ /@[^@]*@/ ) {
978. (1)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
979. (1)         if (&User-Name =~ /\.\./ ) {
980. (1)         if (&User-Name =~ /\.\./ )  -> FALSE
981. (1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
982. (1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
983. (1)         if (&User-Name =~ /\.$/)  {
984. (1)         if (&User-Name =~ /\.$/)   -> FALSE
985. (1)         if (&User-Name =~ /@\./)  {
986. (1)         if (&User-Name =~ /@\./)   -> FALSE
987. (1)       } # if (&User-Name)  = notfound
988. (1)     } # policy filter_username = notfound
989. (1)     [preprocess] = ok
990. (1)     [chap] = noop
991. (1)     [mschap_fbc] = noop
992. (1)     [mschap_hac] = noop
993. (1)     [mschap_hbs] = noop
994. (1)     [mschap_cbs] = noop
995. (1)     [digest] = noop
996. (1) suffix: Checking for suffix after "@"
997. (1) suffix: No '@' in User-Name = "host/FBC-2007.fbcexample.com", looking up realm NULL
998. (1) suffix: No such realm "NULL"
999. (1)     [suffix] = noop
1000. (1) eap: Peer sent EAP Response (code 2) ID 2 length 182
1001. (1) eap: Continuing tunnel setup
1002. (1)     [eap] = ok
1003. (1)   } # authorize = ok
1004. (1) Found Auth-Type = eap
1005. (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1006. (1)   authenticate {
1007. (1) eap: Expiring EAP session with state 0x9c1879469c1a60a4
1008. (1) eap: Finished EAP session with state 0x9c1879469c1a60a4
1009. (1) eap: Previous EAP request found for state 0x9c1879469c1a60a4, released from the list
1010. (1) eap: Peer sent packet with method EAP PEAP (25)
1011. (1) eap: Calling submodule eap_peap to process data
1012. (1) eap_peap: Continuing EAP-TLS
1013. (1) eap_peap: Peer indicated complete TLS record size will be 172 bytes
1014. (1) eap_peap: Got complete TLS record (172 bytes)
1015. (1) eap_peap: [eaptls verify] = length included
1016. (1) eap_peap: (other): before/accept initialization
1017. (1) eap_peap: TLS_accept: before/accept initialization
1018. (1) eap_peap: <<< recv TLS 1.2  [length 00a7]
1019. (1) eap_peap: TLS_accept: unknown state
1020. (1) eap_peap: >>> send TLS 1.2  [length 0059]
1021. (1) eap_peap: TLS_accept: unknown state
1022. (1) eap_peap: >>> send TLS 1.2  [length 08be]
1023. (1) eap_peap: TLS_accept: unknown state
1024. (1) eap_peap: >>> send TLS 1.2  [length 014d]
1025. (1) eap_peap: TLS_accept: unknown state
1026. (1) eap_peap: >>> send TLS 1.2  [length 0004]
1027. (1) eap_peap: TLS_accept: unknown state
1028. (1) eap_peap: TLS_accept: unknown state
1029. (1) eap_peap: TLS_accept: unknown state
1030. (1) eap_peap: TLS_accept: Need to read more data: unknown state
1031. (1) eap_peap: TLS_accept: Need to read more data: unknown state
1032. (1) eap_peap: In SSL Handshake Phase
1033. (1) eap_peap: In SSL Accept mode
1034. (1) eap_peap: [eaptls process] = handled
1035. (1) eap: Sending EAP Request (code 1) ID 3 length 1004
1036. (1) eap: EAP session adding &reply:State = 0x9c1879469d1b60a4
1037. (1)     [eap] = handled
1038. (1)   } # authenticate = handled
1039. (1) Using Post-Auth-Type Challenge
1040. (1) Post-Auth-Type sub-section not found.  Ignoring.
1041. (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1042. (1) Sent Access-Challenge Id 112 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
1043. (1)   EAP-Message = 0x010303ec19c000000a7c160303005902000055030316b58a86014a574803a5917a7619b9bed60f79713e4d92eb933bea51fbc14b0820942ba95fc4f50210ffaff7f1db6e4988de62b9cd67d1e582bfdfbb347c280cc7c03000000dff01000100000b00040300010216030308be0b0008ba0008b70003db
1044. (1)   Message-Authenticator = 0x00000000000000000000000000000000
1045. (1)   State = 0x9c1879469d1b60a4861a78f51320a634
1046. (1) Finished request
1047. Waking up in 4.9 seconds.
1048. (2) Received Access-Request Id 113 from 10.168.149.99:33240 to 10.168.109.39:1812 length 209
1049. (2)   User-Name = "host/FBC-2007.fbcexample.com"
1050. (2)   NAS-IP-Address = 10.168.149.99
1051. (2)   NAS-Port = 0
1052. (2)   NAS-Identifier = "10.168.149.99"
1053. (2)   NAS-Port-Type = Wireless-802.11
1054. (2)   Calling-Station-Id = "C0335E160E17"
1055. (2)   Called-Station-Id = "000B866DC9CC"
1056. (2)   Service-Type = Login-User
1057. (2)   Framed-MTU = 1100
1058. (2)   EAP-Message = 0x020300061900
1059. (2)   State = 0x9c1879469d1b60a4861a78f51320a634
1060. (2)   Aruba-Essid-Name = "Testnet"
1061. (2)   Aruba-Location-Id = "FBC-2103"
1062. (2)   Aruba-AP-Group = "FBC"
1063. (2)   Message-Authenticator = 0xab6c2d611d5e6db595d5d50478d88fdc
1064. (2) session-state: No cached attributes
1065. (2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
1066. (2)   authorize {
1067. (2)     policy filter_username {
1068. (2)       if (&User-Name) {
1069. (2)       if (&User-Name)  -> TRUE
1070. (2)       if (&User-Name)  {
1071. (2)         if (&User-Name =~ / /) {
1072. (2)         if (&User-Name =~ / /)  -> FALSE
1073. (2)         if (&User-Name =~ /@[^@]*@/ ) {
1074. (2)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
1075. (2)         if (&User-Name =~ /\.\./ ) {
1076. (2)         if (&User-Name =~ /\.\./ )  -> FALSE
1077. (2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
1078. (2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
1079. (2)         if (&User-Name =~ /\.$/)  {
1080. (2)         if (&User-Name =~ /\.$/)   -> FALSE
1081. (2)         if (&User-Name =~ /@\./)  {
1082. (2)         if (&User-Name =~ /@\./)   -> FALSE
1083. (2)       } # if (&User-Name)  = notfound
1084. (2)     } # policy filter_username = notfound
1085. (2)     [preprocess] = ok
1086. (2)     [chap] = noop
1087. (2)     [mschap_fbc] = noop
1088. (2)     [mschap_hac] = noop
1089. (2)     [mschap_hbs] = noop
1090. (2)     [mschap_cbs] = noop
1091. (2)     [digest] = noop
1092. (2) suffix: Checking for suffix after "@"
1093. (2) suffix: No '@' in User-Name = "host/FBC-2007.fbcexample.com", looking up realm NULL
1094. (2) suffix: No such realm "NULL"
1095. (2)     [suffix] = noop
1096. (2) eap: Peer sent EAP Response (code 2) ID 3 length 6
1097. (2) eap: Continuing tunnel setup
1098. (2)     [eap] = ok
1099. (2)   } # authorize = ok
1100. (2) Found Auth-Type = eap
1101. (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1102. (2)   authenticate {
1103. (2) eap: Expiring EAP session with state 0x9c1879469d1b60a4
1104. (2) eap: Finished EAP session with state 0x9c1879469d1b60a4
1105. (2) eap: Previous EAP request found for state 0x9c1879469d1b60a4, released from the list
1106. (2) eap: Peer sent packet with method EAP PEAP (25)
1107. (2) eap: Calling submodule eap_peap to process data
1108. (2) eap_peap: Continuing EAP-TLS
1109. (2) eap_peap: Peer ACKed our handshake fragment
1110. (2) eap_peap: [eaptls verify] = request
1111. (2) eap_peap: [eaptls process] = handled
1112. (2) eap: Sending EAP Request (code 1) ID 4 length 1000
1113. (2) eap: EAP session adding &reply:State = 0x9c1879469e1c60a4
1114. (2)     [eap] = handled
1115. (2)   } # authenticate = handled
1116. (2) Using Post-Auth-Type Challenge
1117. (2) Post-Auth-Type sub-section not found.  Ignoring.
1118. (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1119. (2) Sent Access-Challenge Id 113 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
1120. (2)   EAP-Message = 0x010403e8194011a8e7c1e27393a346149fb1639e1304ff78a88f8fa230137fd87b47f8bc022ab208d74616992c217d84c16e609fc97c061b00a95d113885a5560268e2d5dae8e0b34facb1d8d3df51af1969d21ad174554bf3cf49642df9ebc917d33bae29018bf8778c4b3f0004d6308204d2308203ba
1121. (2)   Message-Authenticator = 0x00000000000000000000000000000000
1122. (2)   State = 0x9c1879469e1c60a4861a78f51320a634
1123. (2) Finished request
1124. Waking up in 4.9 seconds.
1125. (3) Received Access-Request Id 114 from 10.168.149.99:33240 to 10.168.109.39:1812 length 209
1126. (3)   User-Name = "host/FBC-2007.fbcexample.com"
1127. (3)   NAS-IP-Address = 10.168.149.99
1128. (3)   NAS-Port = 0
1129. (3)   NAS-Identifier = "10.168.149.99"
1130. (3)   NAS-Port-Type = Wireless-802.11
1131. (3)   Calling-Station-Id = "C0335E160E17"
1132. (3)   Called-Station-Id = "000B866DC9CC"
1133. (3)   Service-Type = Login-User
1134. (3)   Framed-MTU = 1100
1135. (3)   EAP-Message = 0x020400061900
1136. (3)   State = 0x9c1879469e1c60a4861a78f51320a634
1137. (3)   Aruba-Essid-Name = "Testnet"
1138. (3)   Aruba-Location-Id = "FBC-2103"
1139. (3)   Aruba-AP-Group = "FBC"
1140. (3)   Message-Authenticator = 0x713439b95aea0acde30416f3ee81ba37
1141. (3) session-state: No cached attributes
1142. (3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
1143. (3)   authorize {
1144. (3)     policy filter_username {
1145. (3)       if (&User-Name) {
1146. (3)       if (&User-Name)  -> TRUE
1147. (3)       if (&User-Name)  {
1148. (3)         if (&User-Name =~ / /) {
1149. (3)         if (&User-Name =~ / /)  -> FALSE
1150. (3)         if (&User-Name =~ /@[^@]*@/ ) {
1151. (3)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
1152. (3)         if (&User-Name =~ /\.\./ ) {
1153. (3)         if (&User-Name =~ /\.\./ )  -> FALSE
1154. (3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
1155. (3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
1156. (3)         if (&User-Name =~ /\.$/)  {
1157. (3)         if (&User-Name =~ /\.$/)   -> FALSE
1158. (3)         if (&User-Name =~ /@\./)  {
1159. (3)         if (&User-Name =~ /@\./)   -> FALSE
1160. (3)       } # if (&User-Name)  = notfound
1161. (3)     } # policy filter_username = notfound
1162. (3)     [preprocess] = ok
1163. (3)     [chap] = noop
1164. (3)     [mschap_fbc] = noop
1165. (3)     [mschap_hac] = noop
1166. (3)     [mschap_hbs] = noop
1167. (3)     [mschap_cbs] = noop
1168. (3)     [digest] = noop
1169. (3) suffix: Checking for suffix after "@"
1170. (3) suffix: No '@' in User-Name = "host/FBC-2007.fbcexample.com", looking up realm NULL
1171. (3) suffix: No such realm "NULL"
1172. (3)     [suffix] = noop
1173. (3) eap: Peer sent EAP Response (code 2) ID 4 length 6
1174. (3) eap: Continuing tunnel setup
1175. (3)     [eap] = ok
1176. (3)   } # authorize = ok
1177. (3) Found Auth-Type = eap
1178. (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1179. (3)   authenticate {
1180. (3) eap: Expiring EAP session with state 0x9c1879469e1c60a4
1181. (3) eap: Finished EAP session with state 0x9c1879469e1c60a4
1182. (3) eap: Previous EAP request found for state 0x9c1879469e1c60a4, released from the list
1183. (3) eap: Peer sent packet with method EAP PEAP (25)
1184. (3) eap: Calling submodule eap_peap to process data
1185. (3) eap_peap: Continuing EAP-TLS
1186. (3) eap_peap: Peer ACKed our handshake fragment
1187. (3) eap_peap: [eaptls verify] = request
1188. (3) eap_peap: [eaptls process] = handled
1189. (3) eap: Sending EAP Request (code 1) ID 5 length 702
1190. (3) eap: EAP session adding &reply:State = 0x9c1879469f1d60a4
1191. (3)     [eap] = handled
1192. (3)   } # authenticate = handled
1193. (3) Using Post-Auth-Type Challenge
1194. (3) Post-Auth-Type sub-section not found.  Ignoring.
1195. (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1196. (3) Sent Access-Challenge Id 114 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
1197. (3)   EAP-Message = 0x010502be1900300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b05000382010100706bdef08ab24a28fb45ef114b73dc360c440688
1198. (3)   Message-Authenticator = 0x00000000000000000000000000000000
1199. (3)   State = 0x9c1879469f1d60a4861a78f51320a634
1200. (3) Finished request
1201. Waking up in 4.9 seconds.
1202. (4) Received Access-Request Id 115 from 10.168.149.99:33240 to 10.168.109.39:1812 length 339
1203. (4)   User-Name = "host/FBC-2007.fbcexample.com"
1204. (4)   NAS-IP-Address = 10.168.149.99
1205. (4)   NAS-Port = 0
1206. (4)   NAS-Identifier = "10.168.149.99"
1207. (4)   NAS-Port-Type = Wireless-802.11
1208. (4)   Calling-Station-Id = "C0335E160E17"
1209. (4)   Called-Station-Id = "000B866DC9CC"
1210. (4)   Service-Type = Login-User
1211. (4)   Framed-MTU = 1100
1212. (4)   EAP-Message = 0x0205008819800000007e1603030046100000424104ddc79e4af94da68fd8d0140f1bb076c99f95dda18b2d7ee91ee0c898ce7c88cdf6e60352beb4d030b8cef10b8e6feef92da6415eac1ce7545361c88b3d88213a140303000101160303002800000000000000007bb7865eddd8d6d6c2dd7b87d2747d
1213. (4)   State = 0x9c1879469f1d60a4861a78f51320a634
1214. (4)   Aruba-Essid-Name = "Testnet"
1215. (4)   Aruba-Location-Id = "FBC-2103"
1216. (4)   Aruba-AP-Group = "FBC"
1217. (4)   Message-Authenticator = 0xca28c7ab123166b734f0ec922fbcfbee
1218. (4) session-state: No cached attributes
1219. (4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
1220. (4)   authorize {
1221. (4)     policy filter_username {
1222. (4)       if (&User-Name) {
1223. (4)       if (&User-Name)  -> TRUE
1224. (4)       if (&User-Name)  {
1225. (4)         if (&User-Name =~ / /) {
1226. (4)         if (&User-Name =~ / /)  -> FALSE
1227. (4)         if (&User-Name =~ /@[^@]*@/ ) {
1228. (4)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
1229. (4)         if (&User-Name =~ /\.\./ ) {
1230. (4)         if (&User-Name =~ /\.\./ )  -> FALSE
1231. (4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
1232. (4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
1233. (4)         if (&User-Name =~ /\.$/)  {
1234. (4)         if (&User-Name =~ /\.$/)   -> FALSE
1235. (4)         if (&User-Name =~ /@\./)  {
1236. (4)         if (&User-Name =~ /@\./)   -> FALSE
1237. (4)       } # if (&User-Name)  = notfound
1238. (4)     } # policy filter_username = notfound
1239. (4)     [preprocess] = ok
1240. (4)     [chap] = noop
1241. (4)     [mschap_fbc] = noop
1242. (4)     [mschap_hac] = noop
1243. (4)     [mschap_hbs] = noop
1244. (4)     [mschap_cbs] = noop
1245. (4)     [digest] = noop
1246. (4) suffix: Checking for suffix after "@"
1247. (4) suffix: No '@' in User-Name = "host/FBC-2007.fbcexample.com", looking up realm NULL
1248. (4) suffix: No such realm "NULL"
1249. (4)     [suffix] = noop
1250. (4) eap: Peer sent EAP Response (code 2) ID 5 length 136
1251. (4) eap: Continuing tunnel setup
1252. (4)     [eap] = ok
1253. (4)   } # authorize = ok
1254. (4) Found Auth-Type = eap
1255. (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1256. (4)   authenticate {
1257. (4) eap: Expiring EAP session with state 0x9c1879469f1d60a4
1258. (4) eap: Finished EAP session with state 0x9c1879469f1d60a4
1259. (4) eap: Previous EAP request found for state 0x9c1879469f1d60a4, released from the list
1260. (4) eap: Peer sent packet with method EAP PEAP (25)
1261. (4) eap: Calling submodule eap_peap to process data
1262. (4) eap_peap: Continuing EAP-TLS
1263. (4) eap_peap: Peer indicated complete TLS record size will be 126 bytes
1264. (4) eap_peap: Got complete TLS record (126 bytes)
1265. (4) eap_peap: [eaptls verify] = length included
1266. (4) eap_peap: <<< recv TLS 1.2  [length 0046]
1267. (4) eap_peap: TLS_accept: unknown state
1268. (4) eap_peap: TLS_accept: unknown state
1269. (4) eap_peap: <<< recv TLS 1.2  [length 0001]
1270. (4) eap_peap: <<< recv TLS 1.2  [length 0010]
1271. (4) eap_peap: TLS_accept: unknown state
1272. (4) eap_peap: >>> send TLS 1.2  [length 0001]
1273. (4) eap_peap: TLS_accept: unknown state
1274. (4) eap_peap: >>> send TLS 1.2  [length 0010]
1275. (4) eap_peap: TLS_accept: unknown state
1276. (4) eap_peap: TLS_accept: unknown state
1277. (4) eap_peap: (other): SSL negotiation finished successfully
1278. (4) eap_peap: SSL Connection Established
1279. (4) eap_peap: [eaptls process] = handled
1280. (4) eap: Sending EAP Request (code 1) ID 6 length 57
1281. (4) eap: EAP session adding &reply:State = 0x9c187946981e60a4
1282. (4)     [eap] = handled
1283. (4)   } # authenticate = handled
1284. (4) Using Post-Auth-Type Challenge
1285. (4) Post-Auth-Type sub-section not found.  Ignoring.
1286. (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1287. (4) Sent Access-Challenge Id 115 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
1288. (4)   EAP-Message = 0x0106003919001403030001011603030028570a86b772a74a60ce455cdf8e16bdb26598e515dddc9c0631b365981f906a8a1e10692dfee48e6f
1289. (4)   Message-Authenticator = 0x00000000000000000000000000000000
1290. (4)   State = 0x9c187946981e60a4861a78f51320a634
1291. (4) Finished request
1292. Waking up in 4.9 seconds.
1293. (5) Received Access-Request Id 116 from 10.168.149.99:33240 to 10.168.109.39:1812 length 209
1294. (5)   User-Name = "host/FBC-2007.fbcexample.com"
1295. (5)   NAS-IP-Address = 10.168.149.99
1296. (5)   NAS-Port = 0
1297. (5)   NAS-Identifier = "10.168.149.99"
1298. (5)   NAS-Port-Type = Wireless-802.11
1299. (5)   Calling-Station-Id = "C0335E160E17"
1300. (5)   Called-Station-Id = "000B866DC9CC"
1301. (5)   Service-Type = Login-User
1302. (5)   Framed-MTU = 1100
1303. (5)   EAP-Message = 0x020600061900
1304. (5)   State = 0x9c187946981e60a4861a78f51320a634
1305. (5)   Aruba-Essid-Name = "Testnet"
1306. (5)   Aruba-Location-Id = "FBC-2103"
1307. (5)   Aruba-AP-Group = "FBC"
1308. (5)   Message-Authenticator = 0x7aab59fe48d064233cd413c2e97ce0ec
1309. (5) session-state: No cached attributes
1310. (5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
1311. (5)   authorize {
1312. (5)     policy filter_username {
1313. (5)       if (&User-Name) {
1314. (5)       if (&User-Name)  -> TRUE
1315. (5)       if (&User-Name)  {
1316. (5)         if (&User-Name =~ / /) {
1317. (5)         if (&User-Name =~ / /)  -> FALSE
1318. (5)         if (&User-Name =~ /@[^@]*@/ ) {
1319. (5)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
1320. (5)         if (&User-Name =~ /\.\./ ) {
1321. (5)         if (&User-Name =~ /\.\./ )  -> FALSE
1322. (5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
1323. (5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
1324. (5)         if (&User-Name =~ /\.$/)  {
1325. (5)         if (&User-Name =~ /\.$/)   -> FALSE
1326. (5)         if (&User-Name =~ /@\./)  {
1327. (5)         if (&User-Name =~ /@\./)   -> FALSE
1328. (5)       } # if (&User-Name)  = notfound
1329. (5)     } # policy filter_username = notfound
1330. (5)     [preprocess] = ok
1331. (5)     [chap] = noop
1332. (5)     [mschap_fbc] = noop
1333. (5)     [mschap_hac] = noop
1334. (5)     [mschap_hbs] = noop
1335. (5)     [mschap_cbs] = noop
1336. (5)     [digest] = noop
1337. (5) suffix: Checking for suffix after "@"
1338. (5) suffix: No '@' in User-Name = "host/FBC-2007.fbcexample.com", looking up realm NULL
1339. (5) suffix: No such realm "NULL"
1340. (5)     [suffix] = noop
1341. (5) eap: Peer sent EAP Response (code 2) ID 6 length 6
1342. (5) eap: Continuing tunnel setup
1343. (5)     [eap] = ok
1344. (5)   } # authorize = ok
1345. (5) Found Auth-Type = eap
1346. (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1347. (5)   authenticate {
1348. (5) eap: Expiring EAP session with state 0x9c187946981e60a4
1349. (5) eap: Finished EAP session with state 0x9c187946981e60a4
1350. (5) eap: Previous EAP request found for state 0x9c187946981e60a4, released from the list
1351. (5) eap: Peer sent packet with method EAP PEAP (25)
1352. (5) eap: Calling submodule eap_peap to process data
1353. (5) eap_peap: Continuing EAP-TLS
1354. (5) eap_peap: Peer ACKed our handshake fragment.  handshake is finished
1355. (5) eap_peap: [eaptls verify] = success
1356. (5) eap_peap: [eaptls process] = success
1357. (5) eap_peap: Session established.  Decoding tunneled attributes
1358. (5) eap_peap: PEAP state TUNNEL ESTABLISHED
1359. (5) eap: Sending EAP Request (code 1) ID 7 length 40
1360. (5) eap: EAP session adding &reply:State = 0x9c187946991f60a4
1361. (5)     [eap] = handled
1362. (5)   } # authenticate = handled
1363. (5) Using Post-Auth-Type Challenge
1364. (5) Post-Auth-Type sub-section not found.  Ignoring.
1365. (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1366. (5) Sent Access-Challenge Id 116 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
1367. (5)   EAP-Message = 0x010700281900170303001d570a86b772a74a610dd9c3e15861539e046f6c6f9c522a9a5e670e377e
1368. (5)   Message-Authenticator = 0x00000000000000000000000000000000
1369. (5)   State = 0x9c187946991f60a4861a78f51320a634
1370. (5) Finished request
1371. Waking up in 3.5 seconds.
1372. (6) Received Access-Request Id 117 from 10.168.149.99:33240 to 10.168.109.39:1812 length 267
1373. (6)   User-Name = "host/FBC-2007.fbcexample.com"
1374. (6)   NAS-IP-Address = 10.168.149.99
1375. (6)   NAS-Port = 0
1376. (6)   NAS-Identifier = "10.168.149.99"
1377. (6)   NAS-Port-Type = Wireless-802.11
1378. (6)   Calling-Station-Id = "C0335E160E17"
1379. (6)   Called-Station-Id = "000B866DC9CC"
1380. (6)   Service-Type = Login-User
1381. (6)   Framed-MTU = 1100
1382. (6)   EAP-Message = 0x02070040190017030300350000000000000001fb3132605d0afa6a49f41513db416674a4f6393cfd525d464423f35b16d3532725f52255969761c6860ee998ae
1383. (6)   State = 0x9c187946991f60a4861a78f51320a634
1384. (6)   Aruba-Essid-Name = "Testnet"
1385. (6)   Aruba-Location-Id = "FBC-2103"
1386. (6)   Aruba-AP-Group = "FBC"
1387. (6)   Message-Authenticator = 0x42080da9c0b0a931c5e749a68fccdf2d
1388. (6) session-state: No cached attributes
1389. (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
1390. (6)   authorize {
1391. (6)     policy filter_username {
1392. (6)       if (&User-Name) {
1393. (6)       if (&User-Name)  -> TRUE
1394. (6)       if (&User-Name)  {
1395. (6)         if (&User-Name =~ / /) {
1396. (6)         if (&User-Name =~ / /)  -> FALSE
1397. (6)         if (&User-Name =~ /@[^@]*@/ ) {
1398. (6)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
1399. (6)         if (&User-Name =~ /\.\./ ) {
1400. (6)         if (&User-Name =~ /\.\./ )  -> FALSE
1401. (6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
1402. (6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
1403. (6)         if (&User-Name =~ /\.$/)  {
1404. (6)         if (&User-Name =~ /\.$/)   -> FALSE
1405. (6)         if (&User-Name =~ /@\./)  {
1406. (6)         if (&User-Name =~ /@\./)   -> FALSE
1407. (6)       } # if (&User-Name)  = notfound
1408. (6)     } # policy filter_username = notfound
1409. (6)     [preprocess] = ok
1410. (6)     [chap] = noop
1411. (6)     [mschap_fbc] = noop
1412. (6)     [mschap_hac] = noop
1413. (6)     [mschap_hbs] = noop
1414. (6)     [mschap_cbs] = noop
1415. (6)     [digest] = noop
1416. (6) suffix: Checking for suffix after "@"
1417. (6) suffix: No '@' in User-Name = "host/FBC-2007.fbcexample.com", looking up realm NULL
1418. (6) suffix: No such realm "NULL"
1419. (6)     [suffix] = noop
1420. (6) eap: Peer sent EAP Response (code 2) ID 7 length 64
1421. (6) eap: Continuing tunnel setup
1422. (6)     [eap] = ok
1423. (6)   } # authorize = ok
1424. (6) Found Auth-Type = eap
1425. (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1426. (6)   authenticate {
1427. (6) eap: Expiring EAP session with state 0x9c187946991f60a4
1428. (6) eap: Finished EAP session with state 0x9c187946991f60a4
1429. (6) eap: Previous EAP request found for state 0x9c187946991f60a4, released from the list
1430. (6) eap: Peer sent packet with method EAP PEAP (25)
1431. (6) eap: Calling submodule eap_peap to process data
1432. (6) eap_peap: Continuing EAP-TLS
1433. (6) eap_peap: [eaptls verify] = ok
1434. (6) eap_peap: Done initial handshake
1435. (6) eap_peap: [eaptls process] = ok
1436. (6) eap_peap: Session established.  Decoding tunneled attributes
1437. (6) eap_peap: PEAP state WAITING FOR INNER IDENTITY
1438. (6) eap_peap: Identity - host/FBC-2007.fbcexample.com
1439. (6) eap_peap: Got inner identity 'host/FBC-2007.fbcexample.com'
1440. (6) eap_peap: Setting default EAP type for tunneled EAP session
1441. (6) eap_peap: Got tunneled request
1442. (6) eap_peap:   EAP-Message = 0x0207002101686f73742f4642432d323030372e66626368616d6d6f6e642e636f6d
1443. (6) eap_peap: Setting User-Name to host/FBC-2007.fbcexample.com
1444. (6) eap_peap: Sending tunneled request to inner-tunnel
1445. (6) eap_peap:   EAP-Message = 0x0207002101686f73742f4642432d323030372e66626368616d6d6f6e642e636f6d
1446. (6) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
1447. (6) eap_peap:   User-Name = "host/FBC-2007.fbcexample.com"
1448. (6) Virtual server inner-tunnel received request
1449. (6)   EAP-Message = 0x0207002101686f73742f4642432d323030372e66626368616d6d6f6e642e636f6d
1450. (6)   FreeRADIUS-Proxied-To = 127.0.0.1
1451. (6)   User-Name = "host/FBC-2007.fbcexample.com"
1452. (6) WARNING: Outer and inner identities are the same.  User privacy is compromised.
1453. (6) server inner-tunnel {
1454. (6)   # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
1455. (6)     authorize {
1456. (6)       policy filter_username {
1457. (6)         if (&User-Name) {
1458. (6)         if (&User-Name)  -> TRUE
1459. (6)         if (&User-Name)  {
1460. (6)           if (&User-Name =~ / /) {
1461. (6)           if (&User-Name =~ / /)  -> FALSE
1462. (6)           if (&User-Name =~ /@[^@]*@/ ) {
1463. (6)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
1464. (6)           if (&User-Name =~ /\.\./ ) {
1465. (6)           if (&User-Name =~ /\.\./ )  -> FALSE
1466. (6)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
1467. (6)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
1468. (6)           if (&User-Name =~ /\.$/)  {
1469. (6)           if (&User-Name =~ /\.$/)   -> FALSE
1470. (6)           if (&User-Name =~ /@\./)  {
1471. (6)           if (&User-Name =~ /@\./)   -> FALSE
1472. (6)         } # if (&User-Name)  = notfound
1473. (6)       } # policy filter_username = notfound
1474. (6)       [chap] = noop
1475. (6)       [mschap_fbc] = noop
1476. (6)       [mschap_hac] = noop
1477. (6)       [mschap_hbs] = noop
1478. (6)       [mschap_cbs] = noop
1479. (6) suffix: Checking for suffix after "@"
1480. (6) suffix: No '@' in User-Name = "host/FBC-2007.fbcexample.com", looking up realm NULL
1481. (6) suffix: No such realm "NULL"
1482. (6)       [suffix] = noop
1483. (6)       update control {
1484. (6)         &Proxy-To-Realm := LOCAL
1485. (6)       } # update control = noop
1486. (6) eap: Peer sent EAP Response (code 2) ID 7 length 33
1487. (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
1488. (6)       [eap] = ok
1489. (6)     } # authorize = ok
1490. (6)   Found Auth-Type = eap
1491. (6)   # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
1492. (6)     authenticate {
1493. (6) eap: Peer sent packet with method EAP Identity (1)
1494. (6) eap: Calling submodule eap_mschapv2 to process data
1495. (6) eap_mschapv2: Issuing Challenge
1496. (6) eap: Sending EAP Request (code 1) ID 8 length 43
1497. (6) eap: EAP session adding &reply:State = 0xd0e0a42fd0e8be1d
1498. (6)       [eap] = handled
1499. (6)     } # authenticate = handled
1500. (6) } # server inner-tunnel
1501. (6) Virtual server sending reply
1502. (6)   EAP-Message = 0x0108002b1a0108002610feae9608bb379f29c05355f3125612bc667265657261646975732d332e302e3132
1503. (6)   Message-Authenticator = 0x00000000000000000000000000000000
1504. (6)   State = 0xd0e0a42fd0e8be1d6bcf733b96e786eb
1505. (6) eap_peap: Got tunneled reply code 11
1506. (6) eap_peap:   EAP-Message = 0x0108002b1a0108002610feae9608bb379f29c05355f3125612bc667265657261646975732d332e302e3132
1507. (6) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
1508. (6) eap_peap:   State = 0xd0e0a42fd0e8be1d6bcf733b96e786eb
1509. (6) eap_peap: Got tunneled reply RADIUS code 11
1510. (6) eap_peap:   EAP-Message = 0x0108002b1a0108002610feae9608bb379f29c05355f3125612bc667265657261646975732d332e302e3132
1511. (6) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
1512. (6) eap_peap:   State = 0xd0e0a42fd0e8be1d6bcf733b96e786eb
1513. (6) eap_peap: Got tunneled Access-Challenge
1514. (6) eap: Sending EAP Request (code 1) ID 8 length 74
1515. (6) eap: EAP session adding &reply:State = 0x9c1879469a1060a4
1516. (6)     [eap] = handled
1517. (6)   } # authenticate = handled
1518. (6) Using Post-Auth-Type Challenge
1519. (6) Post-Auth-Type sub-section not found.  Ignoring.
1520. (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1521. (6) Sent Access-Challenge Id 117 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
1522. (6)   EAP-Message = 0x0108004a1900170303003f570a86b772a74a625e875c6347c75e83c2bfe4a1adc9a6597df1c3441898e6c373c522d3ac24583365399eb0bd567523dad600b3723489d853b4a12723a018
1523. (6)   Message-Authenticator = 0x00000000000000000000000000000000
1524. (6)   State = 0x9c1879469a1060a4861a78f51320a634
1525. (6) Finished request
1526. Waking up in 3.5 seconds.
1527. (7) Received Access-Request Id 118 from 10.168.149.99:33240 to 10.168.109.39:1812 length 321
1528. (7)   User-Name = "host/FBC-2007.fbcexample.com"
1529. (7)   NAS-IP-Address = 10.168.149.99
1530. (7)   NAS-Port = 0
1531. (7)   NAS-Identifier = "10.168.149.99"
1532. (7)   NAS-Port-Type = Wireless-802.11
1533. (7)   Calling-Station-Id = "C0335E160E17"
1534. (7)   Called-Station-Id = "000B866DC9CC"
1535. (7)   Service-Type = Login-User
1536. (7)   Framed-MTU = 1100
1537. (7)   EAP-Message = 0x020800761900170303006b0000000000000002a2cf27a1c9ead490ed4b2c96513e6ea968b34819356566077930fdfdea9c50360476e85459e894c6f66f4fda45c36d3911b93bab1196f8ec3ac8310ca77ff4b54ec81ad06ca52ffde8a3daf0bf2fbe4d8d1f6bfa91339d6e5f816415c7b386153bccaf
1538. (7)   State = 0x9c1879469a1060a4861a78f51320a634
1539. (7)   Aruba-Essid-Name = "Testnet"
1540. (7)   Aruba-Location-Id = "FBC-2103"
1541. (7)   Aruba-AP-Group = "FBC"
1542. (7)   Message-Authenticator = 0x4cad1ffac9781c9f8baf0a3748dd5288
1543. (7) session-state: No cached attributes
1544. (7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
1545. (7)   authorize {
1546. (7)     policy filter_username {
1547. (7)       if (&User-Name) {
1548. (7)       if (&User-Name)  -> TRUE
1549. (7)       if (&User-Name)  {
1550. (7)         if (&User-Name =~ / /) {
1551. (7)         if (&User-Name =~ / /)  -> FALSE
1552. (7)         if (&User-Name =~ /@[^@]*@/ ) {
1553. (7)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
1554. (7)         if (&User-Name =~ /\.\./ ) {
1555. (7)         if (&User-Name =~ /\.\./ )  -> FALSE
1556. (7)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
1557. (7)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
1558. (7)         if (&User-Name =~ /\.$/)  {
1559. (7)         if (&User-Name =~ /\.$/)   -> FALSE
1560. (7)         if (&User-Name =~ /@\./)  {
1561. (7)         if (&User-Name =~ /@\./)   -> FALSE
1562. (7)       } # if (&User-Name)  = notfound
1563. (7)     } # policy filter_username = notfound
1564. (7)     [preprocess] = ok
1565. (7)     [chap] = noop
1566. (7)     [mschap_fbc] = noop
1567. (7)     [mschap_hac] = noop
1568. (7)     [mschap_hbs] = noop
1569. (7)     [mschap_cbs] = noop
1570. (7)     [digest] = noop
1571. (7) suffix: Checking for suffix after "@"
1572. (7) suffix: No '@' in User-Name = "host/FBC-2007.fbcexample.com", looking up realm NULL
1573. (7) suffix: No such realm "NULL"
1574. (7)     [suffix] = noop
1575. (7) eap: Peer sent EAP Response (code 2) ID 8 length 118
1576. (7) eap: Continuing tunnel setup
1577. (7)     [eap] = ok
1578. (7)   } # authorize = ok
1579. (7) Found Auth-Type = eap
1580. (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1581. (7)   authenticate {
1582. (7) eap: Expiring EAP session with state 0xd0e0a42fd0e8be1d
1583. (7) eap: Finished EAP session with state 0x9c1879469a1060a4
1584. (7) eap: Previous EAP request found for state 0x9c1879469a1060a4, released from the list
1585. (7) eap: Peer sent packet with method EAP PEAP (25)
1586. (7) eap: Calling submodule eap_peap to process data
1587. (7) eap_peap: Continuing EAP-TLS
1588. (7) eap_peap: [eaptls verify] = ok
1589. (7) eap_peap: Done initial handshake
1590. (7) eap_peap: [eaptls process] = ok
1591. (7) eap_peap: Session established.  Decoding tunneled attributes
1592. (7) eap_peap: PEAP state phase2
1593. (7) eap_peap: EAP method MSCHAPv2 (26)
1594. (7) eap_peap: Got tunneled request
1595. (7) eap_peap:   EAP-Message = 0x020800571a0208005231ae84e182b00e66c868e19492ba489a5f0000000000000000890af10856073a5636482d4644932eaf632c1bf2e74aee6700686f73742f4642432d323030372e66626368616d6d6f6e642e636f6d
1596. (7) eap_peap: Setting User-Name to host/FBC-2007.fbcexample.com
1597. (7) eap_peap: Sending tunneled request to inner-tunnel
1598. (7) eap_peap:   EAP-Message = 0x020800571a0208005231ae84e182b00e66c868e19492ba489a5f0000000000000000890af10856073a5636482d4644932eaf632c1bf2e74aee6700686f73742f4642432d323030372e66626368616d6d6f6e642e636f6d
1599. (7) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
1600. (7) eap_peap:   User-Name = "host/FBC-2007.fbcexample.com"
1601. (7) eap_peap:   State = 0xd0e0a42fd0e8be1d6bcf733b96e786eb
1602. (7) Virtual server inner-tunnel received request
1603. (7)   EAP-Message = 0x020800571a0208005231ae84e182b00e66c868e19492ba489a5f0000000000000000890af10856073a5636482d4644932eaf632c1bf2e74aee6700686f73742f4642432d323030372e66626368616d6d6f6e642e636f6d
1604. (7)   FreeRADIUS-Proxied-To = 127.0.0.1
1605. (7)   User-Name = "host/FBC-2007.fbcexample.com"
1606. (7)   State = 0xd0e0a42fd0e8be1d6bcf733b96e786eb
1607. (7) WARNING: Outer and inner identities are the same.  User privacy is compromised.
1608. (7) server inner-tunnel {
1609. (7)   session-state: No cached attributes
1610. (7)   # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
1611. (7)     authorize {
1612. (7)       policy filter_username {
1613. (7)         if (&User-Name) {
1614. (7)         if (&User-Name)  -> TRUE
1615. (7)         if (&User-Name)  {
1616. (7)           if (&User-Name =~ / /) {
1617. (7)           if (&User-Name =~ / /)  -> FALSE
1618. (7)           if (&User-Name =~ /@[^@]*@/ ) {
1619. (7)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
1620. (7)           if (&User-Name =~ /\.\./ ) {
1621. (7)           if (&User-Name =~ /\.\./ )  -> FALSE
1622. (7)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
1623. (7)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
1624. (7)           if (&User-Name =~ /\.$/)  {
1625. (7)           if (&User-Name =~ /\.$/)   -> FALSE
1626. (7)           if (&User-Name =~ /@\./)  {
1627. (7)           if (&User-Name =~ /@\./)   -> FALSE
1628. (7)         } # if (&User-Name)  = notfound
1629. (7)       } # policy filter_username = notfound
1630. (7)       [chap] = noop
1631. (7)       [mschap_fbc] = noop
1632. (7)       [mschap_hac] = noop
1633. (7)       [mschap_hbs] = noop
1634. (7)       [mschap_cbs] = noop
1635. (7) suffix: Checking for suffix after "@"
1636. (7) suffix: No '@' in User-Name = "host/FBC-2007.fbcexample.com", looking up realm NULL
1637. (7) suffix: No such realm "NULL"
1638. (7)       [suffix] = noop
1639. (7)       update control {
1640. (7)         &Proxy-To-Realm := LOCAL
1641. (7)       } # update control = noop
1642. (7) eap: Peer sent EAP Response (code 2) ID 8 length 87
1643. (7) eap: No EAP Start, assuming it's an on-going EAP conversation
1644. (7)       [eap] = updated
1645. (7)       [files] = noop
1646. rlm_ldap (ldap): Reserved connection (0)
1647. (7) ldap: EXPAND (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
1648. (7) ldap:    --> (sAMAccountName=host/FBC-2007.fbcexample.com)
1649. (7) ldap: Performing search in "DC=fbcexample,DC=com" with filter "(sAMAccountName=host/FBC-2007.fbcexample.com)", scope "sub"
1650. (7) ldap: Waiting for search result...
1651. rlm_ldap (ldap): Rebinding to URL ldap://hbs.fbcexample.com/DC=hbs,DC=fbcexample,DC=com
1652. rlm_ldap (ldap): Waiting for bind result...
1653. rlm_ldap (ldap): Rebinding to URL ldap://hac.fbcexample.com/DC=hac,DC=fbcexample,DC=com
1654. rlm_ldap (ldap): Waiting for bind result...
1655. rlm_ldap (ldap): Rebinding to URL ldap://cbs.fbcexample.com/DC=cbs,DC=fbcexample,DC=com
1656. rlm_ldap (ldap): Waiting for bind result...
1657. rlm_ldap (ldap): Rebinding to URL ldap://fbcexample.com/CN=Configuration,DC=fbcexample,DC=com
1658. rlm_ldap (ldap): Waiting for bind result...
1659. Unable to chase referral "ldap://LimitLogin.fbcexample.com/DC=LimitLogin,DC=fbcexample,DC=com" (-1: Can't contact LDAP server)
1660. rlm_ldap (ldap): Bind successful
1661. Unable to chase referral "ldap://ForestDnsZones.fbcexample.com/DC=ForestDnsZones,DC=fbcexample,DC=com" (-1: Can't contact LDAP server)
1662. rlm_ldap (ldap): Bind successful
1663. rlm_ldap (ldap): Bind successful
1664. rlm_ldap (ldap): Bind successful
1665. more than 5 referral hops (dropping)
1666. Unable to chase referral "ldap://DomainDnsZones.cbs.fbcexample.com/DC=DomainDnsZones,DC=cbs,DC=fbcexample,DC=com" (-1: Can't contact LDAP server)
1667. rlm_ldap (ldap): Rebinding to URL ldap://DomainDnsZones.hac.fbcexample.com/DC=DomainDnsZones,DC=hac,DC=fbcexample,DC=com
1668. rlm_ldap (ldap): Waiting for bind result...
1669. more than 5 referral hops (dropping)
1670. rlm_ldap (ldap): Bind successful
1671. (7) ldap: Search returned no results
1672. rlm_ldap (ldap): Deleting connection (0)
1673. rlm_ldap (ldap): Need 6 more connections to reach 10 spares
1674. rlm_ldap (ldap): Opening additional connection (5), 1 of 28 pending slots used
1675. rlm_ldap (ldap): Connecting to ldap://10.168.109.12:389
1676. rlm_ldap (ldap): Waiting for bind result...
1677. rlm_ldap (ldap): Bind successful
1678. (7)       [ldap] = notfound
1679. (7)       [expiration] = noop
1680. (7)       [logintime] = noop
1681. (7)       [pap] = noop
1682. (7)     } # authorize = updated
1683. (7)   Found Auth-Type = eap
1684. (7)   # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
1685. (7)     authenticate {
1686. (7) eap: Expiring EAP session with state 0xd0e0a42fd0e8be1d
1687. (7) eap: Finished EAP session with state 0xd0e0a42fd0e8be1d
1688. (7) eap: Previous EAP request found for state 0xd0e0a42fd0e8be1d, released from the list
1689. (7) eap: Peer sent packet with method EAP MSCHAPv2 (26)
1690. (7) eap: Calling submodule eap_mschapv2 to process data
1691. (7) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
1692. (7) eap_mschapv2:   Auth-Type MS-CHAP {
1693. (7) mschap_fbc: Creating challenge hash with username: host/FBC-2007.fbcexample.com
1694. (7) mschap_fbc: Client is using MS-CHAPv2
1695. (7) mschap_fbc: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=fbcexample --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap_fbc:Challenge}:-00} --nt-response=%{%{mschap_fbc:NT-Response}:-00}  --require-membership-of='fbcexample\\LDAP_WiFi':
1696. (7) mschap_fbc: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
1697. (7) mschap_fbc:    --> --username=host/FBC-2007.fbcexample.com
1698. (7) mschap_fbc: Creating challenge hash with username: host/FBC-2007.fbcexample.com
1699. (7) mschap_fbc: EXPAND --challenge=%{%{mschap_fbc:Challenge}:-00}
1700. (7) mschap_fbc:    --> --challenge=dc3f35abd8ca2037
1701. (7) mschap_fbc: EXPAND --nt-response=%{%{mschap_fbc:NT-Response}:-00}
1702. (7) mschap_fbc:    --> --nt-response=890af10856073a5636482d4644932eaf632c1bf2e74aee67
1703. (7) mschap_fbc: ERROR: Program returned code (1) and output 'Logon failure (0xc000006d)'
1704. (7) mschap_fbc: External script failed
1705. (7) mschap_fbc: ERROR: External script says: Logon failure (0xc000006d)
1706. (7) mschap_fbc: ERROR: MS-CHAP2-Response is incorrect
1707. (7)     [mschap_fbc] = reject
1708. (7)     if (reject){
1709. (7)     if (reject) -> TRUE
1710. (7)     if (reject) {
1711. (7) mschap_hac: Creating challenge hash with username: host/FBC-2007.fbcexample.com
1712. (7) mschap_hac: Client is using MS-CHAPv2
1713. (7) mschap_hac: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=hac.fbcexample.com --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap_hac:Challenge}:-00} --nt-response=%{%{mschap_hac:NT-Response}:-00}  --require-membership-of=fbcexample\\LDAP_WiFi:
1714. (7) mschap_hac: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
1715. (7) mschap_hac:    --> --username=host/FBC-2007.fbcexample.com
1716. (7) mschap_hac: Creating challenge hash with username: host/FBC-2007.fbcexample.com
1717. (7) mschap_hac: EXPAND --challenge=%{%{mschap_hac:Challenge}:-00}
1718. (7) mschap_hac:    --> --challenge=dc3f35abd8ca2037
1719. (7) mschap_hac: EXPAND --nt-response=%{%{mschap_hac:NT-Response}:-00}
1720. (7) mschap_hac:    --> --nt-response=890af10856073a5636482d4644932eaf632c1bf2e74aee67
1721. (7) mschap_hac: ERROR: Program returned code (1) and output 'Logon failure (0xc000006d)'
1722. (7) mschap_hac: External script failed
1723. (7) mschap_hac: ERROR: External script says: Logon failure (0xc000006d)
1724. (7) mschap_hac: ERROR: MS-CHAP2-Response is incorrect
1725. (7)       [mschap_hac] = reject
1726. (7)     } # if (reject) = reject
1727. (7)     if (reject){
1728. (7)     if (reject) -> TRUE
1729. (7)     if (reject) {
1730. (7) mschap_hbs: Creating challenge hash with username: host/FBC-2007.fbcexample.com
1731. (7) mschap_hbs: Client is using MS-CHAPv2
1732. (7) mschap_hbs: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=hbs.fbcexample.com --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap_hbs:Challenge}:-00} --nt-response=%{%{mschap_hbs:NT-Response}:-00} --require-membership-of='fbcexample\\LDAP_WiFi':
1733. (7) mschap_hbs: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
1734. (7) mschap_hbs:    --> --username=host/FBC-2007.fbcexample.com
1735. (7) mschap_hbs: Creating challenge hash with username: host/FBC-2007.fbcexample.com
1736. (7) mschap_hbs: EXPAND --challenge=%{%{mschap_hbs:Challenge}:-00}
1737. (7) mschap_hbs:    --> --challenge=dc3f35abd8ca2037
1738. (7) mschap_hbs: EXPAND --nt-response=%{%{mschap_hbs:NT-Response}:-00}
1739. (7) mschap_hbs:    --> --nt-response=890af10856073a5636482d4644932eaf632c1bf2e74aee67
1740. (7) mschap_hbs: ERROR: Program returned code (1) and output 'Logon failure (0xc000006d)'
1741. (7) mschap_hbs: External script failed
1742. (7) mschap_hbs: ERROR: External script says: Logon failure (0xc000006d)
1743. (7) mschap_hbs: ERROR: MS-CHAP2-Response is incorrect
1744. (7)       [mschap_hbs] = reject
1745. (7)     } # if (reject) = reject
1746. (7)     if (reject){
1747. (7)     if (reject) -> TRUE
1748. (7)     if (reject) {
1749. (7) mschap_cbs: Creating challenge hash with username: host/FBC-2007.fbcexample.com
1750. (7) mschap_cbs: Client is using MS-CHAPv2
1751. (7) mschap_cbs: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=cbs.fbcexample.com --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap_cbs:Challenge}:-00} --nt-response=%{%{mschap_cbs:NT-Response}:-00} --require-membership-of='fbcexample\\LDAP_WiFi':
1752. (7) mschap_cbs: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
1753. (7) mschap_cbs:    --> --username=host/FBC-2007.fbcexample.com
1754. (7) mschap_cbs: Creating challenge hash with username: host/FBC-2007.fbcexample.com
1755. (7) mschap_cbs: EXPAND --challenge=%{%{mschap_cbs:Challenge}:-00}
1756. (7) mschap_cbs:    --> --challenge=dc3f35abd8ca2037
1757. (7) mschap_cbs: EXPAND --nt-response=%{%{mschap_cbs:NT-Response}:-00}
1758. (7) mschap_cbs:    --> --nt-response=890af10856073a5636482d4644932eaf632c1bf2e74aee67
1759. (7) mschap_cbs: ERROR: Program returned code (1) and output 'Logon failure (0xc000006d)'
1760. (7) mschap_cbs: External script failed
1761. (7) mschap_cbs: ERROR: External script says: Logon failure (0xc000006d)
1762. (7) mschap_cbs: ERROR: MS-CHAP2-Response is incorrect
1763. (7)       [mschap_cbs] = reject
1764. (7)     } # if (reject) = reject
1765. (7)   } # Auth-Type MS-CHAP = reject
1766. (7) eap: Sending EAP Failure (code 4) ID 8 length 4
1767. (7) eap: Freeing handler
1768. (7)       [eap] = reject
1769. (7)     } # authenticate = reject
1770. (7)   Failed to authenticate the user
1771. (7)   Using Post-Auth-Type Reject
1772. (7)   # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
1773. (7)     Post-Auth-Type REJECT {
1774. (7) attr_filter.access_reject: EXPAND %{User-Name}
1775. (7) attr_filter.access_reject:    --> host/FBC-2007.fbcexample.com
1776. (7) attr_filter.access_reject: Matched entry DEFAULT at line 11
1777. (7)       [attr_filter.access_reject] = updated
1778. (7)       update outer.session-state {
1779. (7)         &Module-Failure-Message := &request:Module-Failure-Message -> 'mschap_fbc: Program returned code (1) and output \'Logon failure (0xc000006d)\''
1780. (7)       } # update outer.session-state = noop
1781. (7)     } # Post-Auth-Type REJECT = updated
1782. (7) } # server inner-tunnel
1783. (7) Virtual server sending reply
1784. (7)   MS-CHAP-Error = "\010E=691 R=1 C=c1831391dfbef9d40ef1ec69601601d2 V=3 M=Authentication failed"
1785. (7)   MS-CHAP-Error = "\010E=691 R=1 C=1e29c3f691a9b3cecf42f848b88183d5 V=3 M=Authentication failed"
1786. (7)   MS-CHAP-Error = "\010E=691 R=1 C=35a55fc249ce19fa9fa51b0e5fcbc3a2 V=3 M=Authentication failed"
1787. (7)   MS-CHAP-Error = "\010E=691 R=1 C=93f08729da2382ec7c638f308ad85718 V=3 M=Authentication failed"
1788. (7)   EAP-Message = 0x04080004
1789. (7)   Message-Authenticator = 0x00000000000000000000000000000000
1790. (7) eap_peap: Got tunneled reply code 3
1791. (7) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=c1831391dfbef9d40ef1ec69601601d2 V=3 M=Authentication failed"
1792. (7) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=1e29c3f691a9b3cecf42f848b88183d5 V=3 M=Authentication failed"
1793. (7) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=35a55fc249ce19fa9fa51b0e5fcbc3a2 V=3 M=Authentication failed"
1794. (7) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=93f08729da2382ec7c638f308ad85718 V=3 M=Authentication failed"
1795. (7) eap_peap:   EAP-Message = 0x04080004
1796. (7) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
1797. (7) eap_peap: Got tunneled reply RADIUS code 3
1798. (7) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=c1831391dfbef9d40ef1ec69601601d2 V=3 M=Authentication failed"
1799. (7) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=1e29c3f691a9b3cecf42f848b88183d5 V=3 M=Authentication failed"
1800. (7) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=35a55fc249ce19fa9fa51b0e5fcbc3a2 V=3 M=Authentication failed"
1801. (7) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=93f08729da2382ec7c638f308ad85718 V=3 M=Authentication failed"
1802. (7) eap_peap:   EAP-Message = 0x04080004
1803. (7) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
1804. (7) eap_peap: Tunneled authentication was rejected
1805. (7) eap_peap: FAILURE
1806. (7) eap: Sending EAP Request (code 1) ID 9 length 46
1807. (7) eap: EAP session adding &reply:State = 0x9c1879469b1160a4
1808. (7)     [eap] = handled
1809. (7)   } # authenticate = handled
1810. (7) Using Post-Auth-Type Challenge
1811. (7) Post-Auth-Type sub-section not found.  Ignoring.
1812. (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1813. (7) session-state: Saving cached attributes
1814. (7)   Module-Failure-Message := "mschap_fbc: Program returned code (1) and output 'Logon failure (0xc000006d)'"
1815. (7) Sent Access-Challenge Id 118 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
1816. (7)   EAP-Message = 0x0109002e19001703030023570a86b772a74a63bb878f77a33b64c3a7ee7f3ae76e306ed2de839b34b99964119227
1817. (7)   Message-Authenticator = 0x00000000000000000000000000000000
1818. (7)   State = 0x9c1879469b1160a4861a78f51320a634
1819. (7) Finished request
1820. Waking up in 0.2 seconds.
1821. (8) Received Access-Request Id 119 from 10.168.149.99:33240 to 10.168.109.39:1812 length 249
1822. (8)   User-Name = "host/FBC-2007.fbcexample.com"
1823. (8)   NAS-IP-Address = 10.168.149.99
1824. (8)   NAS-Port = 0
1825. (8)   NAS-Identifier = "10.168.149.99"
1826. (8)   NAS-Port-Type = Wireless-802.11
1827. (8)   Calling-Station-Id = "C0335E160E17"
1828. (8)   Called-Station-Id = "000B866DC9CC"
1829. (8)   Service-Type = Login-User
1830. (8)   Framed-MTU = 1100
1831. (8)   EAP-Message = 0x0209002e190017030300230000000000000003681e53e8ba57bc68a2e500cc24a0d3cadfe1a840827112d6c119c8
1832. (8)   State = 0x9c1879469b1160a4861a78f51320a634
1833. (8)   Aruba-Essid-Name = "Testnet"
1834. (8)   Aruba-Location-Id = "FBC-2103"
1835. (8)   Aruba-AP-Group = "FBC"
1836. (8)   Message-Authenticator = 0xb19542437a2258435a249ea19aa4bfc6
1837. (8) Restoring &session-state
1838. (8)   &session-state:Module-Failure-Message := "mschap_fbc: Program returned code (1) and output 'Logon failure (0xc000006d)'"
1839. (8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
1840. (8)   authorize {
1841. (8)     policy filter_username {
1842. (8)       if (&User-Name) {
1843. (8)       if (&User-Name)  -> TRUE
1844. (8)       if (&User-Name)  {
1845. (8)         if (&User-Name =~ / /) {
1846. (8)         if (&User-Name =~ / /)  -> FALSE
1847. (8)         if (&User-Name =~ /@[^@]*@/ ) {
1848. (8)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
1849. (8)         if (&User-Name =~ /\.\./ ) {
1850. (8)         if (&User-Name =~ /\.\./ )  -> FALSE
1851. (8)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
1852. (8)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
1853. (8)         if (&User-Name =~ /\.$/)  {
1854. (8)         if (&User-Name =~ /\.$/)   -> FALSE
1855. (8)         if (&User-Name =~ /@\./)  {
1856. (8)         if (&User-Name =~ /@\./)   -> FALSE
1857. (8)       } # if (&User-Name)  = notfound
1858. (8)     } # policy filter_username = notfound
1859. (8)     [preprocess] = ok
1860. (8)     [chap] = noop
1861. (8)     [mschap_fbc] = noop
1862. (8)     [mschap_hac] = noop
1863. (8)     [mschap_hbs] = noop
1864. (8)     [mschap_cbs] = noop
1865. (8)     [digest] = noop
1866. (8) suffix: Checking for suffix after "@"
1867. (8) suffix: No '@' in User-Name = "host/FBC-2007.fbcexample.com", looking up realm NULL
1868. (8) suffix: No such realm "NULL"
1869. (8)     [suffix] = noop
1870. (8) eap: Peer sent EAP Response (code 2) ID 9 length 46
1871. (8) eap: Continuing tunnel setup
1872. (8)     [eap] = ok
1873. (8)   } # authorize = ok
1874. (8) Found Auth-Type = eap
1875. (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1876. (8)   authenticate {
1877. (8) eap: Expiring EAP session with state 0x9c1879469b1160a4
1878. (8) eap: Finished EAP session with state 0x9c1879469b1160a4
1879. (8) eap: Previous EAP request found for state 0x9c1879469b1160a4, released from the list
1880. (8) eap: Peer sent packet with method EAP PEAP (25)
1881. (8) eap: Calling submodule eap_peap to process data
1882. (8) eap_peap: Continuing EAP-TLS
1883. (8) eap_peap: [eaptls verify] = ok
1884. (8) eap_peap: Done initial handshake
1885. (8) eap_peap: [eaptls process] = ok
1886. (8) eap_peap: Session established.  Decoding tunneled attributes
1887. (8) eap_peap: PEAP state send tlv failure
1888. (8) eap_peap: Received EAP-TLV response
1889. (8) eap_peap:   The users session was previously rejected: returning reject (again.)
1890. (8) eap_peap:   This means you need to read the PREVIOUS messages in the debug output
1891. (8) eap_peap:   to find out the reason why the user was rejected
1892. (8) eap_peap:   Look for "reject" or "fail".  Those earlier messages will tell you
1893. (8) eap_peap:   what went wrong, and how to fix the problem
1894. (8) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
1895. (8) eap: Sending EAP Failure (code 4) ID 9 length 4
1896. (8) eap: Failed in EAP select
1897. (8)     [eap] = invalid
1898. (8)   } # authenticate = invalid
1899. (8) Failed to authenticate the user
1900. (8) Using Post-Auth-Type Reject
1901. (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1902. (8)   Post-Auth-Type REJECT {
1903. (8) attr_filter.access_reject: EXPAND %{User-Name}
1904. (8) attr_filter.access_reject:    --> host/FBC-2007.fbcexample.com
1905. (8) attr_filter.access_reject: Matched entry DEFAULT at line 11
1906. (8)     [attr_filter.access_reject] = updated
1907. (8)     [eap] = noop
1908. (8)     policy remove_reply_message_if_eap {
1909. (8)       if (&reply:EAP-Message && &reply:Reply-Message) {
1910. (8)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
1911. (8)       else {
1912. (8)         [noop] = noop
1913. (8)       } # else = noop
1914. (8)     } # policy remove_reply_message_if_eap = noop
1915. (8)   } # Post-Auth-Type REJECT = updated
1916. (8) Delaying response for 1.000000 seconds
1917. Waking up in 0.1 seconds.
1918. (0) Cleaning up request packet ID 111 with timestamp +16
1919. (1) Cleaning up request packet ID 112 with timestamp +16
1920. (2) Cleaning up request packet ID 113 with timestamp +16
1921. (3) Cleaning up request packet ID 114 with timestamp +16
1922. (4) Cleaning up request packet ID 115 with timestamp +16
1923. Waking up in 0.6 seconds.
1924. (8) Sending delayed response
1925. (8) Sent Access-Reject Id 119 from 10.168.109.39:1812 to 10.168.149.99:33240 length 44
1926. (8)   EAP-Message = 0x04090004
1927. (8)   Message-Authenticator = 0x00000000000000000000000000000000
1928. Waking up in 0.6 seconds.
1929. (5) Cleaning up request packet ID 116 with timestamp +18
1930. (6) Cleaning up request packet ID 117 with timestamp +18
1931. Waking up in 3.2 seconds.
1932. (9) Received Access-Request Id 120 from 10.168.149.99:33240 to 10.168.109.39:1812 length 208
1933. (9)   User-Name = "FBCEXAMPLE\\daniel.radius"
1934. (9)   NAS-IP-Address = 10.168.149.99
1935. (9)   NAS-Port = 0
1936. (9)   NAS-Identifier = "10.168.149.99"
1937. (9)   NAS-Port-Type = Wireless-802.11
1938. (9)   Calling-Station-Id = "C0335E160E17"
1939. (9)   Called-Station-Id = "000B866DC9CC"
1940. (9)   Service-Type = Login-User
1941. (9)   Framed-MTU = 1100
1942. (9)   EAP-Message = 0x0201001c0146424348414d4d4f4e445c64616e69656c2e777275636b
1943. (9)   Aruba-Essid-Name = "Testnet"
1944. (9)   Aruba-Location-Id = "FBC-2103"
1945. (9)   Aruba-AP-Group = "FBC"
1946. (9)   Message-Authenticator = 0x48660cf5e0ae605076c24f0cb4703293
1947. (9) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
1948. (9)   authorize {
1949. (9)     policy filter_username {
1950. (9)       if (&User-Name) {
1951. (9)       if (&User-Name)  -> TRUE
1952. (9)       if (&User-Name)  {
1953. (9)         if (&User-Name =~ / /) {
1954. (9)         if (&User-Name =~ / /)  -> FALSE
1955. (9)         if (&User-Name =~ /@[^@]*@/ ) {
1956. (9)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
1957. (9)         if (&User-Name =~ /\.\./ ) {
1958. (9)         if (&User-Name =~ /\.\./ )  -> FALSE
1959. (9)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
1960. (9)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
1961. (9)         if (&User-Name =~ /\.$/)  {
1962. (9)         if (&User-Name =~ /\.$/)   -> FALSE
1963. (9)         if (&User-Name =~ /@\./)  {
1964. (9)         if (&User-Name =~ /@\./)   -> FALSE
1965. (9)       } # if (&User-Name)  = notfound
1966. (9)     } # policy filter_username = notfound
1967. (9)     [preprocess] = ok
1968. (9)     [chap] = noop
1969. (9)     [mschap_fbc] = noop
1970. (9)     [mschap_hac] = noop
1971. (9)     [mschap_hbs] = noop
1972. (9)     [mschap_cbs] = noop
1973. (9)     [digest] = noop
1974. (9) suffix: Checking for suffix after "@"
1975. (9) suffix: No '@' in User-Name = "FBCEXAMPLE\daniel.radius", looking up realm NULL
1976. (9) suffix: No such realm "NULL"
1977. (9)     [suffix] = noop
1978. (9) eap: Peer sent EAP Response (code 2) ID 1 length 28
1979. (9) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
1980. (9)     [eap] = ok
1981. (9)   } # authorize = ok
1982. (9) Found Auth-Type = eap
1983. (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1984. (9)   authenticate {
1985. (9) eap: Peer sent packet with method EAP Identity (1)
1986. (9) eap: Calling submodule eap_peap to process data
1987. (9) eap_peap: Initiating new EAP-TLS session
1988. (9) eap_peap: [eaptls start] = request
1989. (9) eap: Sending EAP Request (code 1) ID 2 length 6
1990. (9) eap: EAP session adding &reply:State = 0x47e4fe3d47e6e7f3
1991. (9)     [eap] = handled
1992. (9)   } # authenticate = handled
1993. (9) Using Post-Auth-Type Challenge
1994. (9) Post-Auth-Type sub-section not found.  Ignoring.
1995. (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
1996. (9) Sent Access-Challenge Id 120 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
1997. (9)   EAP-Message = 0x010200061920
1998. (9)   Message-Authenticator = 0x00000000000000000000000000000000
1999. (9)   State = 0x47e4fe3d47e6e7f39737dc8eeb024c67
2000. (9) Finished request
2001. Waking up in 0.2 seconds.
2002. (10) Received Access-Request Id 121 from 10.168.149.99:33240 to 10.168.109.39:1812 length 380
2003. (10)   User-Name = "FBCEXAMPLE\\daniel.radius"
2004. (10)   NAS-IP-Address = 10.168.149.99
2005. (10)   NAS-Port = 0
2006. (10)   NAS-Identifier = "10.168.149.99"
2007. (10)   NAS-Port-Type = Wireless-802.11
2008. (10)   Calling-Station-Id = "C0335E160E17"
2009. (10)   Called-Station-Id = "000B866DC9CC"
2010. (10)   Service-Type = Login-User
2011. (10)   Framed-MTU = 1100
2012. (10)   EAP-Message = 0x020200b61980000000ac16030300a7010000a30303581a16408b2e56f10901eb7c0b9b45b1e335750ff20b815d84bcfc0f7f32a8d900003cc02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c01300390033009d009c003d003c0035002f000a006a004000380032001300050004010000
2013. (10)   State = 0x47e4fe3d47e6e7f39737dc8eeb024c67
2014. (10)   Aruba-Essid-Name = "Testnet"
2015. (10)   Aruba-Location-Id = "FBC-2103"
2016. (10)   Aruba-AP-Group = "FBC"
2017. (10)   Message-Authenticator = 0xa68f1dfaf700d635d39c377ee0ae99c8
2018. (10) session-state: No cached attributes
2019. (10) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
2020. (10)   authorize {
2021. (10)     policy filter_username {
2022. (10)       if (&User-Name) {
2023. (10)       if (&User-Name)  -> TRUE
2024. (10)       if (&User-Name)  {
2025. (10)         if (&User-Name =~ / /) {
2026. (10)         if (&User-Name =~ / /)  -> FALSE
2027. (10)         if (&User-Name =~ /@[^@]*@/ ) {
2028. (10)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
2029. (10)         if (&User-Name =~ /\.\./ ) {
2030. (10)         if (&User-Name =~ /\.\./ )  -> FALSE
2031. (10)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
2032. (10)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
2033. (10)         if (&User-Name =~ /\.$/)  {
2034. (10)         if (&User-Name =~ /\.$/)   -> FALSE
2035. (10)         if (&User-Name =~ /@\./)  {
2036. (10)         if (&User-Name =~ /@\./)   -> FALSE
2037. (10)       } # if (&User-Name)  = notfound
2038. (10)     } # policy filter_username = notfound
2039. (10)     [preprocess] = ok
2040. (10)     [chap] = noop
2041. (10)     [mschap_fbc] = noop
2042. (10)     [mschap_hac] = noop
2043. (10)     [mschap_hbs] = noop
2044. (10)     [mschap_cbs] = noop
2045. (10)     [digest] = noop
2046. (10) suffix: Checking for suffix after "@"
2047. (10) suffix: No '@' in User-Name = "FBCEXAMPLE\daniel.radius", looking up realm NULL
2048. (10) suffix: No such realm "NULL"
2049. (10)     [suffix] = noop
2050. (10) eap: Peer sent EAP Response (code 2) ID 2 length 182
2051. (10) eap: Continuing tunnel setup
2052. (10)     [eap] = ok
2053. (10)   } # authorize = ok
2054. (10) Found Auth-Type = eap
2055. (10) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2056. (10)   authenticate {
2057. (10) eap: Expiring EAP session with state 0x47e4fe3d47e6e7f3
2058. (10) eap: Finished EAP session with state 0x47e4fe3d47e6e7f3
2059. (10) eap: Previous EAP request found for state 0x47e4fe3d47e6e7f3, released from the list
2060. (10) eap: Peer sent packet with method EAP PEAP (25)
2061. (10) eap: Calling submodule eap_peap to process data
2062. (10) eap_peap: Continuing EAP-TLS
2063. (10) eap_peap: Peer indicated complete TLS record size will be 172 bytes
2064. (10) eap_peap: Got complete TLS record (172 bytes)
2065. (10) eap_peap: [eaptls verify] = length included
2066. (10) eap_peap: (other): before/accept initialization
2067. (10) eap_peap: TLS_accept: before/accept initialization
2068. (10) eap_peap: <<< recv TLS 1.2  [length 00a7]
2069. (10) eap_peap: TLS_accept: unknown state
2070. (10) eap_peap: >>> send TLS 1.2  [length 0059]
2071. (10) eap_peap: TLS_accept: unknown state
2072. (10) eap_peap: >>> send TLS 1.2  [length 08be]
2073. (10) eap_peap: TLS_accept: unknown state
2074. (10) eap_peap: >>> send TLS 1.2  [length 014d]
2075. (10) eap_peap: TLS_accept: unknown state
2076. (10) eap_peap: >>> send TLS 1.2  [length 0004]
2077. (10) eap_peap: TLS_accept: unknown state
2078. (10) eap_peap: TLS_accept: unknown state
2079. (10) eap_peap: TLS_accept: unknown state
2080. (10) eap_peap: TLS_accept: Need to read more data: unknown state
2081. (10) eap_peap: TLS_accept: Need to read more data: unknown state
2082. (10) eap_peap: In SSL Handshake Phase
2083. (10) eap_peap: In SSL Accept mode
2084. (10) eap_peap: [eaptls process] = handled
2085. (10) eap: Sending EAP Request (code 1) ID 3 length 1004
2086. (10) eap: EAP session adding &reply:State = 0x47e4fe3d46e7e7f3
2087. (10)     [eap] = handled
2088. (10)   } # authenticate = handled
2089. (10) Using Post-Auth-Type Challenge
2090. (10) Post-Auth-Type sub-section not found.  Ignoring.
2091. (10) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2092. (10) Sent Access-Challenge Id 121 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
2093. (10)   EAP-Message = 0x010303ec19c000000a7c1603030059020000550303c217ea996f916752244dcdaf1bf0fd866f2954fc095a4ff06a89190393f79f0e20365df402a8bad811f34877ce186b5ded20adbfe8adb795394dba15d0607bd6a5c03000000dff01000100000b00040300010216030308be0b0008ba0008b70003db
2094. (10)   Message-Authenticator = 0x00000000000000000000000000000000
2095. (10)   State = 0x47e4fe3d46e7e7f39737dc8eeb024c67
2096. (10) Finished request
2097. Waking up in 0.2 seconds.
2098. (11) Received Access-Request Id 122 from 10.168.149.99:33240 to 10.168.109.39:1812 length 204
2099. (11)   User-Name = "FBCEXAMPLE\\daniel.radius"
2100. (11)   NAS-IP-Address = 10.168.149.99
2101. (11)   NAS-Port = 0
2102. (11)   NAS-Identifier = "10.168.149.99"
2103. (11)   NAS-Port-Type = Wireless-802.11
2104. (11)   Calling-Station-Id = "C0335E160E17"
2105. (11)   Called-Station-Id = "000B866DC9CC"
2106. (11)   Service-Type = Login-User
2107. (11)   Framed-MTU = 1100
2108. (11)   EAP-Message = 0x020300061900
2109. (11)   State = 0x47e4fe3d46e7e7f39737dc8eeb024c67
2110. (11)   Aruba-Essid-Name = "Testnet"
2111. (11)   Aruba-Location-Id = "FBC-2103"
2112. (11)   Aruba-AP-Group = "FBC"
2113. (11)   Message-Authenticator = 0xc08a7ab0dcf2f0e5664b98b868c01ec7
2114. (11) session-state: No cached attributes
2115. (11) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
2116. (11)   authorize {
2117. (11)     policy filter_username {
2118. (11)       if (&User-Name) {
2119. (11)       if (&User-Name)  -> TRUE
2120. (11)       if (&User-Name)  {
2121. (11)         if (&User-Name =~ / /) {
2122. (11)         if (&User-Name =~ / /)  -> FALSE
2123. (11)         if (&User-Name =~ /@[^@]*@/ ) {
2124. (11)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
2125. (11)         if (&User-Name =~ /\.\./ ) {
2126. (11)         if (&User-Name =~ /\.\./ )  -> FALSE
2127. (11)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
2128. (11)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
2129. (11)         if (&User-Name =~ /\.$/)  {
2130. (11)         if (&User-Name =~ /\.$/)   -> FALSE
2131. (11)         if (&User-Name =~ /@\./)  {
2132. (11)         if (&User-Name =~ /@\./)   -> FALSE
2133. (11)       } # if (&User-Name)  = notfound
2134. (11)     } # policy filter_username = notfound
2135. (11)     [preprocess] = ok
2136. (11)     [chap] = noop
2137. (11)     [mschap_fbc] = noop
2138. (11)     [mschap_hac] = noop
2139. (11)     [mschap_hbs] = noop
2140. (11)     [mschap_cbs] = noop
2141. (11)     [digest] = noop
2142. (11) suffix: Checking for suffix after "@"
2143. (11) suffix: No '@' in User-Name = "FBCEXAMPLE\daniel.radius", looking up realm NULL
2144. (11) suffix: No such realm "NULL"
2145. (11)     [suffix] = noop
2146. (11) eap: Peer sent EAP Response (code 2) ID 3 length 6
2147. (11) eap: Continuing tunnel setup
2148. (11)     [eap] = ok
2149. (11)   } # authorize = ok
2150. (11) Found Auth-Type = eap
2151. (11) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2152. (11)   authenticate {
2153. (11) eap: Expiring EAP session with state 0x47e4fe3d46e7e7f3
2154. (11) eap: Finished EAP session with state 0x47e4fe3d46e7e7f3
2155. (11) eap: Previous EAP request found for state 0x47e4fe3d46e7e7f3, released from the list
2156. (11) eap: Peer sent packet with method EAP PEAP (25)
2157. (11) eap: Calling submodule eap_peap to process data
2158. (11) eap_peap: Continuing EAP-TLS
2159. (11) eap_peap: Peer ACKed our handshake fragment
2160. (11) eap_peap: [eaptls verify] = request
2161. (11) eap_peap: [eaptls process] = handled
2162. (11) eap: Sending EAP Request (code 1) ID 4 length 1000
2163. (11) eap: EAP session adding &reply:State = 0x47e4fe3d45e0e7f3
2164. (11)     [eap] = handled
2165. (11)   } # authenticate = handled
2166. (11) Using Post-Auth-Type Challenge
2167. (11) Post-Auth-Type sub-section not found.  Ignoring.
2168. (11) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2169. (11) Sent Access-Challenge Id 122 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
2170. (11)   EAP-Message = 0x010403e8194011a8e7c1e27393a346149fb1639e1304ff78a88f8fa230137fd87b47f8bc022ab208d74616992c217d84c16e609fc97c061b00a95d113885a5560268e2d5dae8e0b34facb1d8d3df51af1969d21ad174554bf3cf49642df9ebc917d33bae29018bf8778c4b3f0004d6308204d2308203ba
2171. (11)   Message-Authenticator = 0x00000000000000000000000000000000
2172. (11)   State = 0x47e4fe3d45e0e7f39737dc8eeb024c67
2173. (11) Finished request
2174. Waking up in 0.2 seconds.
2175. (12) Received Access-Request Id 123 from 10.168.149.99:33240 to 10.168.109.39:1812 length 204
2176. (12)   User-Name = "FBCEXAMPLE\\daniel.radius"
2177. (12)   NAS-IP-Address = 10.168.149.99
2178. (12)   NAS-Port = 0
2179. (12)   NAS-Identifier = "10.168.149.99"
2180. (12)   NAS-Port-Type = Wireless-802.11
2181. (12)   Calling-Station-Id = "C0335E160E17"
2182. (12)   Called-Station-Id = "000B866DC9CC"
2183. (12)   Service-Type = Login-User
2184. (12)   Framed-MTU = 1100
2185. (12)   EAP-Message = 0x020400061900
2186. (12)   State = 0x47e4fe3d45e0e7f39737dc8eeb024c67
2187. (12)   Aruba-Essid-Name = "Testnet"
2188. (12)   Aruba-Location-Id = "FBC-2103"
2189. (12)   Aruba-AP-Group = "FBC"
2190. (12)   Message-Authenticator = 0x4a3434989816923881c5ad0ac52801c0
2191. (12) session-state: No cached attributes
2192. (12) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
2193. (12)   authorize {
2194. (12)     policy filter_username {
2195. (12)       if (&User-Name) {
2196. (12)       if (&User-Name)  -> TRUE
2197. (12)       if (&User-Name)  {
2198. (12)         if (&User-Name =~ / /) {
2199. (12)         if (&User-Name =~ / /)  -> FALSE
2200. (12)         if (&User-Name =~ /@[^@]*@/ ) {
2201. (12)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
2202. (12)         if (&User-Name =~ /\.\./ ) {
2203. (12)         if (&User-Name =~ /\.\./ )  -> FALSE
2204. (12)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
2205. (12)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
2206. (12)         if (&User-Name =~ /\.$/)  {
2207. (12)         if (&User-Name =~ /\.$/)   -> FALSE
2208. (12)         if (&User-Name =~ /@\./)  {
2209. (12)         if (&User-Name =~ /@\./)   -> FALSE
2210. (12)       } # if (&User-Name)  = notfound
2211. (12)     } # policy filter_username = notfound
2212. (12)     [preprocess] = ok
2213. (12)     [chap] = noop
2214. (12)     [mschap_fbc] = noop
2215. (12)     [mschap_hac] = noop
2216. (12)     [mschap_hbs] = noop
2217. (12)     [mschap_cbs] = noop
2218. (12)     [digest] = noop
2219. (12) suffix: Checking for suffix after "@"
2220. (12) suffix: No '@' in User-Name = "FBCEXAMPLE\daniel.radius", looking up realm NULL
2221. (12) suffix: No such realm "NULL"
2222. (12)     [suffix] = noop
2223. (12) eap: Peer sent EAP Response (code 2) ID 4 length 6
2224. (12) eap: Continuing tunnel setup
2225. (12)     [eap] = ok
2226. (12)   } # authorize = ok
2227. (12) Found Auth-Type = eap
2228. (12) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2229. (12)   authenticate {
2230. (12) eap: Expiring EAP session with state 0x47e4fe3d45e0e7f3
2231. (12) eap: Finished EAP session with state 0x47e4fe3d45e0e7f3
2232. (12) eap: Previous EAP request found for state 0x47e4fe3d45e0e7f3, released from the list
2233. (12) eap: Peer sent packet with method EAP PEAP (25)
2234. (12) eap: Calling submodule eap_peap to process data
2235. (12) eap_peap: Continuing EAP-TLS
2236. (12) eap_peap: Peer ACKed our handshake fragment
2237. (12) eap_peap: [eaptls verify] = request
2238. (12) eap_peap: [eaptls process] = handled
2239. (12) eap: Sending EAP Request (code 1) ID 5 length 702
2240. (12) eap: EAP session adding &reply:State = 0x47e4fe3d44e1e7f3
2241. (12)     [eap] = handled
2242. (12)   } # authenticate = handled
2243. (12) Using Post-Auth-Type Challenge
2244. (12) Post-Auth-Type sub-section not found.  Ignoring.
2245. (12) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2246. (12) Sent Access-Challenge Id 123 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
2247. (12)   EAP-Message = 0x010502be1900300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b05000382010100706bdef08ab24a28fb45ef114b73dc360c440688
2248. (12)   Message-Authenticator = 0x00000000000000000000000000000000
2249. (12)   State = 0x47e4fe3d44e1e7f39737dc8eeb024c67
2250. (12) Finished request
2251. Waking up in 0.2 seconds.
2252. (13) Received Access-Request Id 124 from 10.168.149.99:33240 to 10.168.109.39:1812 length 334
2253. (13)   User-Name = "FBCEXAMPLE\\daniel.radius"
2254. (13)   NAS-IP-Address = 10.168.149.99
2255. (13)   NAS-Port = 0
2256. (13)   NAS-Identifier = "10.168.149.99"
2257. (13)   NAS-Port-Type = Wireless-802.11
2258. (13)   Calling-Station-Id = "C0335E160E17"
2259. (13)   Called-Station-Id = "000B866DC9CC"
2260. (13)   Service-Type = Login-User
2261. (13)   Framed-MTU = 1100
2262. (13)   EAP-Message = 0x0205008819800000007e160303004610000042410469d02066dc1d395a83336d860bbb19c3e49d5c0486a755f05f7168b20905dc0808756bdfd2083fed58c055ae8cfc3f3b2425b6893d70ce9e82ced8a77410ec231403030001011603030028000000000000000090b38152f982b43da51e485ff31e93
2263. (13)   State = 0x47e4fe3d44e1e7f39737dc8eeb024c67
2264. (13)   Aruba-Essid-Name = "Testnet"
2265. (13)   Aruba-Location-Id = "FBC-2103"
2266. (13)   Aruba-AP-Group = "FBC"
2267. (13)   Message-Authenticator = 0xc29b5630e38e4b1be55176ac3a9d137f
2268. (13) session-state: No cached attributes
2269. (13) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
2270. (13)   authorize {
2271. (13)     policy filter_username {
2272. (13)       if (&User-Name) {
2273. (13)       if (&User-Name)  -> TRUE
2274. (13)       if (&User-Name)  {
2275. (13)         if (&User-Name =~ / /) {
2276. (13)         if (&User-Name =~ / /)  -> FALSE
2277. (13)         if (&User-Name =~ /@[^@]*@/ ) {
2278. (13)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
2279. (13)         if (&User-Name =~ /\.\./ ) {
2280. (13)         if (&User-Name =~ /\.\./ )  -> FALSE
2281. (13)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
2282. (13)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
2283. (13)         if (&User-Name =~ /\.$/)  {
2284. (13)         if (&User-Name =~ /\.$/)   -> FALSE
2285. (13)         if (&User-Name =~ /@\./)  {
2286. (13)         if (&User-Name =~ /@\./)   -> FALSE
2287. (13)       } # if (&User-Name)  = notfound
2288. (13)     } # policy filter_username = notfound
2289. (13)     [preprocess] = ok
2290. (13)     [chap] = noop
2291. (13)     [mschap_fbc] = noop
2292. (13)     [mschap_hac] = noop
2293. (13)     [mschap_hbs] = noop
2294. (13)     [mschap_cbs] = noop
2295. (13)     [digest] = noop
2296. (13) suffix: Checking for suffix after "@"
2297. (13) suffix: No '@' in User-Name = "FBCEXAMPLE\daniel.radius", looking up realm NULL
2298. (13) suffix: No such realm "NULL"
2299. (13)     [suffix] = noop
2300. (13) eap: Peer sent EAP Response (code 2) ID 5 length 136
2301. (13) eap: Continuing tunnel setup
2302. (13)     [eap] = ok
2303. (13)   } # authorize = ok
2304. (13) Found Auth-Type = eap
2305. (13) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2306. (13)   authenticate {
2307. (13) eap: Expiring EAP session with state 0x47e4fe3d44e1e7f3
2308. (13) eap: Finished EAP session with state 0x47e4fe3d44e1e7f3
2309. (13) eap: Previous EAP request found for state 0x47e4fe3d44e1e7f3, released from the list
2310. (13) eap: Peer sent packet with method EAP PEAP (25)
2311. (13) eap: Calling submodule eap_peap to process data
2312. (13) eap_peap: Continuing EAP-TLS
2313. (13) eap_peap: Peer indicated complete TLS record size will be 126 bytes
2314. (13) eap_peap: Got complete TLS record (126 bytes)
2315. (13) eap_peap: [eaptls verify] = length included
2316. (13) eap_peap: <<< recv TLS 1.2  [length 0046]
2317. (13) eap_peap: TLS_accept: unknown state
2318. (13) eap_peap: TLS_accept: unknown state
2319. (13) eap_peap: <<< recv TLS 1.2  [length 0001]
2320. (13) eap_peap: <<< recv TLS 1.2  [length 0010]
2321. (13) eap_peap: TLS_accept: unknown state
2322. (13) eap_peap: >>> send TLS 1.2  [length 0001]
2323. (13) eap_peap: TLS_accept: unknown state
2324. (13) eap_peap: >>> send TLS 1.2  [length 0010]
2325. (13) eap_peap: TLS_accept: unknown state
2326. (13) eap_peap: TLS_accept: unknown state
2327. (13) eap_peap: (other): SSL negotiation finished successfully
2328. (13) eap_peap: SSL Connection Established
2329. (13) eap_peap: [eaptls process] = handled
2330. (13) eap: Sending EAP Request (code 1) ID 6 length 57
2331. (13) eap: EAP session adding &reply:State = 0x47e4fe3d43e2e7f3
2332. (13)     [eap] = handled
2333. (13)   } # authenticate = handled
2334. (13) Using Post-Auth-Type Challenge
2335. (13) Post-Auth-Type sub-section not found.  Ignoring.
2336. (13) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2337. (13) Sent Access-Challenge Id 124 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
2338. (13)   EAP-Message = 0x01060039190014030300010116030300281ed9e340415001df71ba910873f0749f4a688b33d3ec3078be77f13907c7a33bbaca40862e64e026
2339. (13)   Message-Authenticator = 0x00000000000000000000000000000000
2340. (13)   State = 0x47e4fe3d43e2e7f39737dc8eeb024c67
2341. (13) Finished request
2342. Waking up in 0.2 seconds.
2343. (7) Cleaning up request packet ID 118 with timestamp +18
2344. (8) Cleaning up request packet ID 119 with timestamp +21
2345. Waking up in 4.6 seconds.
2346. (9) Cleaning up request packet ID 120 with timestamp +26
2347. (10) Cleaning up request packet ID 121 with timestamp +26
2348. (11) Cleaning up request packet ID 122 with timestamp +26
2349. (12) Cleaning up request packet ID 123 with timestamp +26
2350. (13) Cleaning up request packet ID 124 with timestamp +26
2351. Ready to process requests
2352. (14) Received Access-Request Id 125 from 10.168.149.99:33240 to 10.168.109.39:1812 length 204
2353. (14)   User-Name = "FBCEXAMPLE\\daniel.radius"
2354. (14)   NAS-IP-Address = 10.168.149.99
2355. (14)   NAS-Port = 0
2356. (14)   NAS-Identifier = "10.168.149.99"
2357. (14)   NAS-Port-Type = Wireless-802.11
2358. (14)   Calling-Station-Id = "C0335E160E17"
2359. (14)   Called-Station-Id = "000B866DC9CC"
2360. (14)   Service-Type = Login-User
2361. (14)   Framed-MTU = 1100
2362. (14)   EAP-Message = 0x020600061900
2363. (14)   State = 0x47e4fe3d43e2e7f39737dc8eeb024c67
2364. (14)   Aruba-Essid-Name = "Testnet"
2365. (14)   Aruba-Location-Id = "FBC-2103"
2366. (14)   Aruba-AP-Group = "FBC"
2367. (14)   Message-Authenticator = 0x6621ff3b6e70bd2f7126c78498e10c67
2368. (14) session-state: No cached attributes
2369. (14) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
2370. (14)   authorize {
2371. (14)     policy filter_username {
2372. (14)       if (&User-Name) {
2373. (14)       if (&User-Name)  -> TRUE
2374. (14)       if (&User-Name)  {
2375. (14)         if (&User-Name =~ / /) {
2376. (14)         if (&User-Name =~ / /)  -> FALSE
2377. (14)         if (&User-Name =~ /@[^@]*@/ ) {
2378. (14)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
2379. (14)         if (&User-Name =~ /\.\./ ) {
2380. (14)         if (&User-Name =~ /\.\./ )  -> FALSE
2381. (14)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
2382. (14)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
2383. (14)         if (&User-Name =~ /\.$/)  {
2384. (14)         if (&User-Name =~ /\.$/)   -> FALSE
2385. (14)         if (&User-Name =~ /@\./)  {
2386. (14)         if (&User-Name =~ /@\./)   -> FALSE
2387. (14)       } # if (&User-Name)  = notfound
2388. (14)     } # policy filter_username = notfound
2389. (14)     [preprocess] = ok
2390. (14)     [chap] = noop
2391. (14)     [mschap_fbc] = noop
2392. (14)     [mschap_hac] = noop
2393. (14)     [mschap_hbs] = noop
2394. (14)     [mschap_cbs] = noop
2395. (14)     [digest] = noop
2396. (14) suffix: Checking for suffix after "@"
2397. (14) suffix: No '@' in User-Name = "FBCEXAMPLE\daniel.radius", looking up realm NULL
2398. (14) suffix: No such realm "NULL"
2399. (14)     [suffix] = noop
2400. (14) eap: Peer sent EAP Response (code 2) ID 6 length 6
2401. (14) eap: Continuing tunnel setup
2402. (14)     [eap] = ok
2403. (14)   } # authorize = ok
2404. (14) Found Auth-Type = eap
2405. (14) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2406. (14)   authenticate {
2407. (14) eap: Expiring EAP session with state 0x47e4fe3d43e2e7f3
2408. (14) eap: Finished EAP session with state 0x47e4fe3d43e2e7f3
2409. (14) eap: Previous EAP request found for state 0x47e4fe3d43e2e7f3, released from the list
2410. (14) eap: Peer sent packet with method EAP PEAP (25)
2411. (14) eap: Calling submodule eap_peap to process data
2412. (14) eap_peap: Continuing EAP-TLS
2413. (14) eap_peap: Peer ACKed our handshake fragment.  handshake is finished
2414. (14) eap_peap: [eaptls verify] = success
2415. (14) eap_peap: [eaptls process] = success
2416. (14) eap_peap: Session established.  Decoding tunneled attributes
2417. (14) eap_peap: PEAP state TUNNEL ESTABLISHED
2418. (14) eap: Sending EAP Request (code 1) ID 7 length 40
2419. (14) eap: EAP session adding &reply:State = 0x47e4fe3d42e3e7f3
2420. (14)     [eap] = handled
2421. (14)   } # authenticate = handled
2422. (14) Using Post-Auth-Type Challenge
2423. (14) Post-Auth-Type sub-section not found.  Ignoring.
2424. (14) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2425. (14) Sent Access-Challenge Id 125 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
2426. (14)   EAP-Message = 0x010700281900170303001d1ed9e340415001e0e242a9354b723f3fac7f668b1cb76c3792b39659a8
2427. (14)   Message-Authenticator = 0x00000000000000000000000000000000
2428. (14)   State = 0x47e4fe3d42e3e7f39737dc8eeb024c67
2429. (14) Finished request
2430. Waking up in 4.9 seconds.
2431. (15) Received Access-Request Id 126 from 10.168.149.99:33240 to 10.168.109.39:1812 length 257
2432. (15)   User-Name = "FBCEXAMPLE\\daniel.radius"
2433. (15)   NAS-IP-Address = 10.168.149.99
2434. (15)   NAS-Port = 0
2435. (15)   NAS-Identifier = "10.168.149.99"
2436. (15)   NAS-Port-Type = Wireless-802.11
2437. (15)   Calling-Station-Id = "C0335E160E17"
2438. (15)   Called-Station-Id = "000B866DC9CC"
2439. (15)   Service-Type = Login-User
2440. (15)   Framed-MTU = 1100
2441. (15)   EAP-Message = 0x0207003b190017030300300000000000000001f1b223d4118db7a82d0b2b85211815ab38efb4d4aa244610d175fd411c38424dc952702c78b4f31a
2442. (15)   State = 0x47e4fe3d42e3e7f39737dc8eeb024c67
2443. (15)   Aruba-Essid-Name = "Testnet"
2444. (15)   Aruba-Location-Id = "FBC-2103"
2445. (15)   Aruba-AP-Group = "FBC"
2446. (15)   Message-Authenticator = 0x1c66aa55f176f57b6334e12595141220
2447. (15) session-state: No cached attributes
2448. (15) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
2449. (15)   authorize {
2450. (15)     policy filter_username {
2451. (15)       if (&User-Name) {
2452. (15)       if (&User-Name)  -> TRUE
2453. (15)       if (&User-Name)  {
2454. (15)         if (&User-Name =~ / /) {
2455. (15)         if (&User-Name =~ / /)  -> FALSE
2456. (15)         if (&User-Name =~ /@[^@]*@/ ) {
2457. (15)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
2458. (15)         if (&User-Name =~ /\.\./ ) {
2459. (15)         if (&User-Name =~ /\.\./ )  -> FALSE
2460. (15)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
2461. (15)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
2462. (15)         if (&User-Name =~ /\.$/)  {
2463. (15)         if (&User-Name =~ /\.$/)   -> FALSE
2464. (15)         if (&User-Name =~ /@\./)  {
2465. (15)         if (&User-Name =~ /@\./)   -> FALSE
2466. (15)       } # if (&User-Name)  = notfound
2467. (15)     } # policy filter_username = notfound
2468. (15)     [preprocess] = ok
2469. (15)     [chap] = noop
2470. (15)     [mschap_fbc] = noop
2471. (15)     [mschap_hac] = noop
2472. (15)     [mschap_hbs] = noop
2473. (15)     [mschap_cbs] = noop
2474. (15)     [digest] = noop
2475. (15) suffix: Checking for suffix after "@"
2476. (15) suffix: No '@' in User-Name = "FBCEXAMPLE\daniel.radius", looking up realm NULL
2477. (15) suffix: No such realm "NULL"
2478. (15)     [suffix] = noop
2479. (15) eap: Peer sent EAP Response (code 2) ID 7 length 59
2480. (15) eap: Continuing tunnel setup
2481. (15)     [eap] = ok
2482. (15)   } # authorize = ok
2483. (15) Found Auth-Type = eap
2484. (15) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2485. (15)   authenticate {
2486. (15) eap: Expiring EAP session with state 0x47e4fe3d42e3e7f3
2487. (15) eap: Finished EAP session with state 0x47e4fe3d42e3e7f3
2488. (15) eap: Previous EAP request found for state 0x47e4fe3d42e3e7f3, released from the list
2489. (15) eap: Peer sent packet with method EAP PEAP (25)
2490. (15) eap: Calling submodule eap_peap to process data
2491. (15) eap_peap: Continuing EAP-TLS
2492. (15) eap_peap: [eaptls verify] = ok
2493. (15) eap_peap: Done initial handshake
2494. (15) eap_peap: [eaptls process] = ok
2495. (15) eap_peap: Session established.  Decoding tunneled attributes
2496. (15) eap_peap: PEAP state WAITING FOR INNER IDENTITY
2497. (15) eap_peap: Identity - FBCEXAMPLE\daniel.radius
2498. (15) eap_peap: Got inner identity 'FBCEXAMPLE\daniel.radius'
2499. (15) eap_peap: Setting default EAP type for tunneled EAP session
2500. (15) eap_peap: Got tunneled request
2501. (15) eap_peap:   EAP-Message = 0x0207001c0146424348414d4d4f4e445c64616e69656c2e777275636b
2502. (15) eap_peap: Setting User-Name to FBCEXAMPLE\daniel.radius
2503. (15) eap_peap: Sending tunneled request to inner-tunnel
2504. (15) eap_peap:   EAP-Message = 0x0207001c0146424348414d4d4f4e445c64616e69656c2e777275636b
2505. (15) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
2506. (15) eap_peap:   User-Name = "FBCEXAMPLE\\daniel.radius"
2507. (15) Virtual server inner-tunnel received request
2508. (15)   EAP-Message = 0x0207001c0146424348414d4d4f4e445c64616e69656c2e777275636b
2509. (15)   FreeRADIUS-Proxied-To = 127.0.0.1
2510. (15)   User-Name = "FBCEXAMPLE\\daniel.radius"
2511. (15) WARNING: Outer and inner identities are the same.  User privacy is compromised.
2512. (15) server inner-tunnel {
2513. (15)   # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
2514. (15)     authorize {
2515. (15)       policy filter_username {
2516. (15)         if (&User-Name) {
2517. (15)         if (&User-Name)  -> TRUE
2518. (15)         if (&User-Name)  {
2519. (15)           if (&User-Name =~ / /) {
2520. (15)           if (&User-Name =~ / /)  -> FALSE
2521. (15)           if (&User-Name =~ /@[^@]*@/ ) {
2522. (15)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
2523. (15)           if (&User-Name =~ /\.\./ ) {
2524. (15)           if (&User-Name =~ /\.\./ )  -> FALSE
2525. (15)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
2526. (15)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
2527. (15)           if (&User-Name =~ /\.$/)  {
2528. (15)           if (&User-Name =~ /\.$/)   -> FALSE
2529. (15)           if (&User-Name =~ /@\./)  {
2530. (15)           if (&User-Name =~ /@\./)   -> FALSE
2531. (15)         } # if (&User-Name)  = notfound
2532. (15)       } # policy filter_username = notfound
2533. (15)       [chap] = noop
2534. (15)       [mschap_fbc] = noop
2535. (15)       [mschap_hac] = noop
2536. (15)       [mschap_hbs] = noop
2537. (15)       [mschap_cbs] = noop
2538. (15) suffix: Checking for suffix after "@"
2539. (15) suffix: No '@' in User-Name = "FBCEXAMPLE\daniel.radius", looking up realm NULL
2540. (15) suffix: No such realm "NULL"
2541. (15)       [suffix] = noop
2542. (15)       update control {
2543. (15)         &Proxy-To-Realm := LOCAL
2544. (15)       } # update control = noop
2545. (15) eap: Peer sent EAP Response (code 2) ID 7 length 28
2546. (15) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
2547. (15)       [eap] = ok
2548. (15)     } # authorize = ok
2549. (15)   Found Auth-Type = eap
2550. (15)   # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
2551. (15)     authenticate {
2552. (15) eap: Peer sent packet with method EAP Identity (1)
2553. (15) eap: Calling submodule eap_mschapv2 to process data
2554. (15) eap_mschapv2: Issuing Challenge
2555. (15) eap: Sending EAP Request (code 1) ID 8 length 43
2556. (15) eap: EAP session adding &reply:State = 0x2dd385462ddb9fc9
2557. (15)       [eap] = handled
2558. (15)     } # authenticate = handled
2559. (15) } # server inner-tunnel
2560. (15) Virtual server sending reply
2561. (15)   EAP-Message = 0x0108002b1a0108002610a8752c82adb718e1c1baab940a11bc66667265657261646975732d332e302e3132
2562. (15)   Message-Authenticator = 0x00000000000000000000000000000000
2563. (15)   State = 0x2dd385462ddb9fc952bb1d757e6ccda3
2564. (15) eap_peap: Got tunneled reply code 11
2565. (15) eap_peap:   EAP-Message = 0x0108002b1a0108002610a8752c82adb718e1c1baab940a11bc66667265657261646975732d332e302e3132
2566. (15) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
2567. (15) eap_peap:   State = 0x2dd385462ddb9fc952bb1d757e6ccda3
2568. (15) eap_peap: Got tunneled reply RADIUS code 11
2569. (15) eap_peap:   EAP-Message = 0x0108002b1a0108002610a8752c82adb718e1c1baab940a11bc66667265657261646975732d332e302e3132
2570. (15) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
2571. (15) eap_peap:   State = 0x2dd385462ddb9fc952bb1d757e6ccda3
2572. (15) eap_peap: Got tunneled Access-Challenge
2573. (15) eap: Sending EAP Request (code 1) ID 8 length 74
2574. (15) eap: EAP session adding &reply:State = 0x47e4fe3d41ece7f3
2575. (15)     [eap] = handled
2576. (15)   } # authenticate = handled
2577. (15) Using Post-Auth-Type Challenge
2578. (15) Post-Auth-Type sub-section not found.  Ignoring.
2579. (15) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2580. (15) Sent Access-Challenge Id 126 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
2581. (15)   EAP-Message = 0x0108004a1900170303003f1ed9e340415001e13e4d4223e2f6bc92de29c995c61bd9c942fb93b08a1f0b75ec5dad30c081942ce8a1fe59919bdcd259379cf0fde53eaa1046826a06f4a0
2582. (15)   Message-Authenticator = 0x00000000000000000000000000000000
2583. (15)   State = 0x47e4fe3d41ece7f39737dc8eeb024c67
2584. (15) Finished request
2585. Waking up in 4.9 seconds.
2586. (16) Received Access-Request Id 127 from 10.168.149.99:33240 to 10.168.109.39:1812 length 311
2587. (16)   User-Name = "FBCEXAMPLE\\daniel.radius"
2588. (16)   NAS-IP-Address = 10.168.149.99
2589. (16)   NAS-Port = 0
2590. (16)   NAS-Identifier = "10.168.149.99"
2591. (16)   NAS-Port-Type = Wireless-802.11
2592. (16)   Calling-Station-Id = "C0335E160E17"
2593. (16)   Called-Station-Id = "000B866DC9CC"
2594. (16)   Service-Type = Login-User
2595. (16)   Framed-MTU = 1100
2596. (16)   EAP-Message = 0x0208007119001703030066000000000000000253d5b1023faf0e738da4bc6dfdd1c2b1201423532101a7db35f64a5556d05c8d471e2559deebe7a0b94c8ef4373d3cf57048f449f9fedb47ae802a9590ac1625b2dff0718c31b11bf50f44baab297a5ae6de97dbc2cdf8fff01c9f8dc80a
2597. (16)   State = 0x47e4fe3d41ece7f39737dc8eeb024c67
2598. (16)   Aruba-Essid-Name = "Testnet"
2599. (16)   Aruba-Location-Id = "FBC-2103"
2600. (16)   Aruba-AP-Group = "FBC"
2601. (16)   Message-Authenticator = 0x6e1fc246c0e114f2889cb3cabd518eef
2602. (16) session-state: No cached attributes
2603. (16) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
2604. (16)   authorize {
2605. (16)     policy filter_username {
2606. (16)       if (&User-Name) {
2607. (16)       if (&User-Name)  -> TRUE
2608. (16)       if (&User-Name)  {
2609. (16)         if (&User-Name =~ / /) {
2610. (16)         if (&User-Name =~ / /)  -> FALSE
2611. (16)         if (&User-Name =~ /@[^@]*@/ ) {
2612. (16)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
2613. (16)         if (&User-Name =~ /\.\./ ) {
2614. (16)         if (&User-Name =~ /\.\./ )  -> FALSE
2615. (16)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
2616. (16)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
2617. (16)         if (&User-Name =~ /\.$/)  {
2618. (16)         if (&User-Name =~ /\.$/)   -> FALSE
2619. (16)         if (&User-Name =~ /@\./)  {
2620. (16)         if (&User-Name =~ /@\./)   -> FALSE
2621. (16)       } # if (&User-Name)  = notfound
2622. (16)     } # policy filter_username = notfound
2623. (16)     [preprocess] = ok
2624. (16)     [chap] = noop
2625. (16)     [mschap_fbc] = noop
2626. (16)     [mschap_hac] = noop
2627. (16)     [mschap_hbs] = noop
2628. (16)     [mschap_cbs] = noop
2629. (16)     [digest] = noop
2630. (16) suffix: Checking for suffix after "@"
2631. (16) suffix: No '@' in User-Name = "FBCEXAMPLE\daniel.radius", looking up realm NULL
2632. (16) suffix: No such realm "NULL"
2633. (16)     [suffix] = noop
2634. (16) eap: Peer sent EAP Response (code 2) ID 8 length 113
2635. (16) eap: Continuing tunnel setup
2636. (16)     [eap] = ok
2637. (16)   } # authorize = ok
2638. (16) Found Auth-Type = eap
2639. (16) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2640. (16)   authenticate {
2641. (16) eap: Expiring EAP session with state 0x2dd385462ddb9fc9
2642. (16) eap: Finished EAP session with state 0x47e4fe3d41ece7f3
2643. (16) eap: Previous EAP request found for state 0x47e4fe3d41ece7f3, released from the list
2644. (16) eap: Peer sent packet with method EAP PEAP (25)
2645. (16) eap: Calling submodule eap_peap to process data
2646. (16) eap_peap: Continuing EAP-TLS
2647. (16) eap_peap: [eaptls verify] = ok
2648. (16) eap_peap: Done initial handshake
2649. (16) eap_peap: [eaptls process] = ok
2650. (16) eap_peap: Session established.  Decoding tunneled attributes
2651. (16) eap_peap: PEAP state phase2
2652. (16) eap_peap: EAP method MSCHAPv2 (26)
2653. (16) eap_peap: Got tunneled request
2654. (16) eap_peap:   EAP-Message = 0x020800521a0208004d3161b47129046a3204efc7e0e3ee0af94a00000000000000006bdebf5ac39680b7070c457fefacbdc1596103429c14eb640046424348414d4d4f4e445c64616e69656c2e777275636b
2655. (16) eap_peap: Setting User-Name to FBCEXAMPLE\daniel.radius
2656. (16) eap_peap: Sending tunneled request to inner-tunnel
2657. (16) eap_peap:   EAP-Message = 0x020800521a0208004d3161b47129046a3204efc7e0e3ee0af94a00000000000000006bdebf5ac39680b7070c457fefacbdc1596103429c14eb640046424348414d4d4f4e445c64616e69656c2e777275636b
2658. (16) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
2659. (16) eap_peap:   User-Name = "FBCEXAMPLE\\daniel.radius"
2660. (16) eap_peap:   State = 0x2dd385462ddb9fc952bb1d757e6ccda3
2661. (16) Virtual server inner-tunnel received request
2662. (16)   EAP-Message = 0x020800521a0208004d3161b47129046a3204efc7e0e3ee0af94a00000000000000006bdebf5ac39680b7070c457fefacbdc1596103429c14eb640046424348414d4d4f4e445c64616e69656c2e777275636b
2663. (16)   FreeRADIUS-Proxied-To = 127.0.0.1
2664. (16)   User-Name = "FBCEXAMPLE\\daniel.radius"
2665. (16)   State = 0x2dd385462ddb9fc952bb1d757e6ccda3
2666. (16) WARNING: Outer and inner identities are the same.  User privacy is compromised.
2667. (16) server inner-tunnel {
2668. (16)   session-state: No cached attributes
2669. (16)   # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
2670. (16)     authorize {
2671. (16)       policy filter_username {
2672. (16)         if (&User-Name) {
2673. (16)         if (&User-Name)  -> TRUE
2674. (16)         if (&User-Name)  {
2675. (16)           if (&User-Name =~ / /) {
2676. (16)           if (&User-Name =~ / /)  -> FALSE
2677. (16)           if (&User-Name =~ /@[^@]*@/ ) {
2678. (16)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
2679. (16)           if (&User-Name =~ /\.\./ ) {
2680. (16)           if (&User-Name =~ /\.\./ )  -> FALSE
2681. (16)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
2682. (16)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
2683. (16)           if (&User-Name =~ /\.$/)  {
2684. (16)           if (&User-Name =~ /\.$/)   -> FALSE
2685. (16)           if (&User-Name =~ /@\./)  {
2686. (16)           if (&User-Name =~ /@\./)   -> FALSE
2687. (16)         } # if (&User-Name)  = notfound
2688. (16)       } # policy filter_username = notfound
2689. (16)       [chap] = noop
2690. (16)       [mschap_fbc] = noop
2691. (16)       [mschap_hac] = noop
2692. (16)       [mschap_hbs] = noop
2693. (16)       [mschap_cbs] = noop
2694. (16) suffix: Checking for suffix after "@"
2695. (16) suffix: No '@' in User-Name = "FBCEXAMPLE\daniel.radius", looking up realm NULL
2696. (16) suffix: No such realm "NULL"
2697. (16)       [suffix] = noop
2698. (16)       update control {
2699. (16)         &Proxy-To-Realm := LOCAL
2700. (16)       } # update control = noop
2701. (16) eap: Peer sent EAP Response (code 2) ID 8 length 82
2702. (16) eap: No EAP Start, assuming it's an on-going EAP conversation
2703. (16)       [eap] = updated
2704. (16)       [files] = noop
2705. rlm_ldap (ldap): Reserved connection (1)
2706. (16) ldap: EXPAND (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
2707. (16) ldap:    --> (sAMAccountName=FBCEXAMPLE\5c5cdaniel.radius)
2708. (16) ldap: Performing search in "DC=fbcexample,DC=com" with filter "(sAMAccountName=FBCEXAMPLE\5c5cdaniel.radius)", scope "sub"
2709. (16) ldap: Waiting for search result...
2710. rlm_ldap (ldap): Rebinding to URL ldap://hbs.fbcexample.com/DC=hbs,DC=fbcexample,DC=com
2711. rlm_ldap (ldap): Waiting for bind result...
2712. rlm_ldap (ldap): Rebinding to URL ldap://hac.fbcexample.com/DC=hac,DC=fbcexample,DC=com
2713. rlm_ldap (ldap): Waiting for bind result...
2714. rlm_ldap (ldap): Rebinding to URL ldap://cbs.fbcexample.com/DC=cbs,DC=fbcexample,DC=com
2715. rlm_ldap (ldap): Waiting for bind result...
2716. rlm_ldap (ldap): Rebinding to URL ldap://fbcexample.com/CN=Configuration,DC=fbcexample,DC=com
2717. rlm_ldap (ldap): Waiting for bind result...
2718. Unable to chase referral "ldap://LimitLogin.fbcexample.com/DC=LimitLogin,DC=fbcexample,DC=com" (-1: Can't contact LDAP server)
2719. rlm_ldap (ldap): Bind successful
2720. rlm_ldap (ldap): Bind successful
2721. rlm_ldap (ldap): Bind successful
2722. rlm_ldap (ldap): Bind successful
2723. Unable to chase referral "ldap://ForestDnsZones.fbcexample.com/DC=ForestDnsZones,DC=fbcexample,DC=com" (-1: Can't contact LDAP server)
2724. Unable to chase referral "ldap://DomainDnsZones.cbs.fbcexample.com/DC=DomainDnsZones,DC=cbs,DC=fbcexample,DC=com" (-1: Can't contact LDAP server)
2725. rlm_ldap (ldap): Rebinding to URL ldap://DomainDnsZones.hac.fbcexample.com/DC=DomainDnsZones,DC=hac,DC=fbcexample,DC=com
2726. rlm_ldap (ldap): Waiting for bind result...
2727. rlm_ldap (ldap): Rebinding to URL ldap://DomainDnsZones.hbs.fbcexample.com/DC=DomainDnsZones,DC=hbs,DC=fbcexample,DC=com
2728. rlm_ldap (ldap): Waiting for bind result...
2729. more than 5 referral hops (dropping)
2730. rlm_ldap (ldap): Bind successful
2731. rlm_ldap (ldap): Bind successful
2732. (16) ldap: Search returned no results
2733. rlm_ldap (ldap): Deleting connection (1)
2734. rlm_ldap (ldap): Need 6 more connections to reach 10 spares
2735. rlm_ldap (ldap): Opening additional connection (6), 1 of 28 pending slots used
2736. rlm_ldap (ldap): Connecting to ldap://10.168.109.12:389
2737. rlm_ldap (ldap): Waiting for bind result...
2738. rlm_ldap (ldap): Bind successful
2739. (16)       [ldap] = notfound
2740. (16)       [expiration] = noop
2741. (16)       [logintime] = noop
2742. (16)       [pap] = noop
2743. (16)     } # authorize = updated
2744. (16)   Found Auth-Type = eap
2745. (16)   # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
2746. (16)     authenticate {
2747. (16) eap: Expiring EAP session with state 0x2dd385462ddb9fc9
2748. (16) eap: Finished EAP session with state 0x2dd385462ddb9fc9
2749. (16) eap: Previous EAP request found for state 0x2dd385462ddb9fc9, released from the list
2750. (16) eap: Peer sent packet with method EAP MSCHAPv2 (26)
2751. (16) eap: Calling submodule eap_mschapv2 to process data
2752. (16) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
2753. (16) eap_mschapv2:   Auth-Type MS-CHAP {
2754. (16) mschap_fbc: Creating challenge hash with username: daniel.radius
2755. (16) mschap_fbc: Client is using MS-CHAPv2
2756. (16) mschap_fbc: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=fbcexample --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap_fbc:Challenge}:-00} --nt-response=%{%{mschap_fbc:NT-Response}:-00}  --require-membership-of='fbcexample\\LDAP_WiFi':
2757. (16) mschap_fbc: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
2758. (16) mschap_fbc:    --> --username=FBCEXAMPLE\\daniel.radius
2759. (16) mschap_fbc: Creating challenge hash with username: daniel.radius
2760. (16) mschap_fbc: EXPAND --challenge=%{%{mschap_fbc:Challenge}:-00}
2761. (16) mschap_fbc:    --> --challenge=63abafd041820bf2
2762. (16) mschap_fbc: EXPAND --nt-response=%{%{mschap_fbc:NT-Response}:-00}
2763. (16) mschap_fbc:    --> --nt-response=6bdebf5ac39680b7070c457fefacbdc1596103429c14eb64
2764. (16) mschap_fbc: ERROR: Program returned code (1) and output 'Logon failure (0xc000006d)'
2765. (16) mschap_fbc: External script failed
2766. (16) mschap_fbc: ERROR: External script says: Logon failure (0xc000006d)
2767. (16) mschap_fbc: ERROR: MS-CHAP2-Response is incorrect
2768. (16)     [mschap_fbc] = reject
2769. (16)     if (reject){
2770. (16)     if (reject) -> TRUE
2771. (16)     if (reject) {
2772. (16) mschap_hac: Creating challenge hash with username: daniel.radius
2773. (16) mschap_hac: Client is using MS-CHAPv2
2774. (16) mschap_hac: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=hac.fbcexample.com --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap_hac:Challenge}:-00} --nt-response=%{%{mschap_hac:NT-Response}:-00}  --require-membership-of=fbcexample\\LDAP_WiFi:
2775. (16) mschap_hac: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
2776. (16) mschap_hac:    --> --username=FBCEXAMPLE\\daniel.radius
2777. (16) mschap_hac: Creating challenge hash with username: daniel.radius
2778. (16) mschap_hac: EXPAND --challenge=%{%{mschap_hac:Challenge}:-00}
2779. (16) mschap_hac:    --> --challenge=63abafd041820bf2
2780. (16) mschap_hac: EXPAND --nt-response=%{%{mschap_hac:NT-Response}:-00}
2781. (16) mschap_hac:    --> --nt-response=6bdebf5ac39680b7070c457fefacbdc1596103429c14eb64
2782. Domain specified in username (FBCEXAMPLE) doesn't match specified domain (hac.fbcexample.com)!
2783.  
2784. Usage: [OPTION...]
2785.      --helper-protocol=helper protocol to use     operate as a stdio-based helper
2786.      --username=STRING                            username
2787.      --domain=STRING                              domain name
2788.      --workstation=STRING                         workstation
2789.      --challenge=STRING                           challenge (HEX encoded)
2790.      --lm-response=STRING                         LM Response to the challenge (HEX encoded)
2791.      --nt-response=STRING                         NT or NTLMv2 Response to the challenge (HEX encoded)
2792.      --password=STRING                            User's plaintext password
2793.      --request-lm-key                             Retrieve LM session key
2794.      --request-nt-key                             Retrieve User (NT) session key
2795.      --use-cached-creds                           Use cached credentials if no password is given
2796.      --diagnostics                                Perform diagnostics on the authentication chain
2797.      --require-membership-of=STRING               Require that a user be a member of this group (either name or SID) for authentication to succeed
2798.      --pam-winbind-conf=STRING                    Require that request must set WBFLAG_PAM_CONTACT_TRUSTDOM when krb5 auth is required
2799.      --target-service=STRING                      Target service (eg http)
2800.      --target-hostname=STRING                     Target hostname
2801.  
2802. Help options:
2803.  -?, --help                                       Show this help message
2804.      --usage                                      Display brief usage message
2805.  
2806. Common samba config:
2807.      --configfile=CONFIGFILE                      Use alternate configuration file
2808.  
2809. Common samba options:
2810.  -V, --version                                    Print version
2811.  
2812. Common samba commandline config:
2813.      --option=name=value                          Set smb.conf option from command line
2814. (16) mschap_hac: ERROR: Program returned code (1) and output ''
2815. (16) mschap_hac: External script failed
2816. (16) mschap_hac: ERROR: External script says:
2817. (16) mschap_hac: ERROR: MS-CHAP2-Response is incorrect
2818. (16)       [mschap_hac] = reject
2819. (16)     } # if (reject) = reject
2820. (16)     if (reject){
2821. (16)     if (reject) -> TRUE
2822. (16)     if (reject) {
2823. (16) mschap_hbs: Creating challenge hash with username: daniel.radius
2824. (16) mschap_hbs: Client is using MS-CHAPv2
2825. (16) mschap_hbs: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=hbs.fbcexample.com --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap_hbs:Challenge}:-00} --nt-response=%{%{mschap_hbs:NT-Response}:-00} --require-membership-of='fbcexample\\LDAP_WiFi':
2826. (16) mschap_hbs: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
2827. (16) mschap_hbs:    --> --username=FBCEXAMPLE\\daniel.radius
2828. (16) mschap_hbs: Creating challenge hash with username: daniel.radius
2829. (16) mschap_hbs: EXPAND --challenge=%{%{mschap_hbs:Challenge}:-00}
2830. (16) mschap_hbs:    --> --challenge=63abafd041820bf2
2831. (16) mschap_hbs: EXPAND --nt-response=%{%{mschap_hbs:NT-Response}:-00}
2832. (16) mschap_hbs:    --> --nt-response=6bdebf5ac39680b7070c457fefacbdc1596103429c14eb64
2833. Domain specified in username (FBCEXAMPLE) doesn't match specified domain (hbs.fbcexample.com)!
2834.  
2835. Usage: [OPTION...]
2836.      --helper-protocol=helper protocol to use     operate as a stdio-based helper
2837.      --username=STRING                            username
2838.      --domain=STRING                              domain name
2839.      --workstation=STRING                         workstation
2840.      --challenge=STRING                           challenge (HEX encoded)
2841.      --lm-response=STRING                         LM Response to the challenge (HEX encoded)
2842.      --nt-response=STRING                         NT or NTLMv2 Response to the challenge (HEX encoded)
2843.      --password=STRING                            User's plaintext password
2844.      --request-lm-key                             Retrieve LM session key
2845.      --request-nt-key                             Retrieve User (NT) session key
2846.      --use-cached-creds                           Use cached credentials if no password is given
2847.      --diagnostics                                Perform diagnostics on the authentication chain
2848.      --require-membership-of=STRING               Require that a user be a member of this group (either name or SID) for authentication to succeed
2849.      --pam-winbind-conf=STRING                    Require that request must set WBFLAG_PAM_CONTACT_TRUSTDOM when krb5 auth is required
2850.      --target-service=STRING                      Target service (eg http)
2851.      --target-hostname=STRING                     Target hostname
2852.  
2853. Help options:
2854.  -?, --help                                       Show this help message
2855.      --usage                                      Display brief usage message
2856.  
2857. Common samba config:
2858.      --configfile=CONFIGFILE                      Use alternate configuration file
2859.  
2860. Common samba options:
2861.  -V, --version                                    Print version
2862.  
2863. Common samba commandline config:
2864.      --option=name=value                          Set smb.conf option from command line
2865. (16) mschap_hbs: ERROR: Program returned code (1) and output ''
2866. (16) mschap_hbs: External script failed
2867. (16) mschap_hbs: ERROR: External script says:
2868. (16) mschap_hbs: ERROR: MS-CHAP2-Response is incorrect
2869. (16)       [mschap_hbs] = reject
2870. (16)     } # if (reject) = reject
2871. (16)     if (reject){
2872. (16)     if (reject) -> TRUE
2873. (16)     if (reject) {
2874. (16) mschap_cbs: Creating challenge hash with username: daniel.radius
2875. (16) mschap_cbs: Client is using MS-CHAPv2
2876. (16) mschap_cbs: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=cbs.fbcexample.com --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap_cbs:Challenge}:-00} --nt-response=%{%{mschap_cbs:NT-Response}:-00} --require-membership-of='fbcexample\\LDAP_WiFi':
2877. (16) mschap_cbs: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
2878. (16) mschap_cbs:    --> --username=FBCEXAMPLE\\daniel.radius
2879. (16) mschap_cbs: Creating challenge hash with username: daniel.radius
2880. (16) mschap_cbs: EXPAND --challenge=%{%{mschap_cbs:Challenge}:-00}
2881. (16) mschap_cbs:    --> --challenge=63abafd041820bf2
2882. (16) mschap_cbs: EXPAND --nt-response=%{%{mschap_cbs:NT-Response}:-00}
2883. (16) mschap_cbs:    --> --nt-response=6bdebf5ac39680b7070c457fefacbdc1596103429c14eb64
2884. Domain specified in username (FBCEXAMPLE) doesn't match specified domain (cbs.fbcexample.com)!
2885.  
2886. Usage: [OPTION...]
2887.      --helper-protocol=helper protocol to use     operate as a stdio-based helper
2888.      --username=STRING                            username
2889.      --domain=STRING                              domain name
2890.      --workstation=STRING                         workstation
2891.      --challenge=STRING                           challenge (HEX encoded)
2892.      --lm-response=STRING                         LM Response to the challenge (HEX encoded)
2893.      --nt-response=STRING                         NT or NTLMv2 Response to the challenge (HEX encoded)
2894.      --password=STRING                            User's plaintext password
2895.      --request-lm-key                             Retrieve LM session key
2896.      --request-nt-key                             Retrieve User (NT) session key
2897.      --use-cached-creds                           Use cached credentials if no password is given
2898.      --diagnostics                                Perform diagnostics on the authentication chain
2899.      --require-membership-of=STRING               Require that a user be a member of this group (either name or SID) for authentication to succeed
2900.      --pam-winbind-conf=STRING                    Require that request must set WBFLAG_PAM_CONTACT_TRUSTDOM when krb5 auth is required
2901.      --target-service=STRING                      Target service (eg http)
2902.      --target-hostname=STRING                     Target hostname
2903.  
2904. Help options:
2905.  -?, --help                                       Show this help message
2906.      --usage                                      Display brief usage message
2907.  
2908. Common samba config:
2909.      --configfile=CONFIGFILE                      Use alternate configuration file
2910.  
2911. Common samba options:
2912.  -V, --version                                    Print version
2913.  
2914. Common samba commandline config:
2915.      --option=name=value                          Set smb.conf option from command line
2916. (16) mschap_cbs: ERROR: Program returned code (1) and output ''
2917. (16) mschap_cbs: External script failed
2918. (16) mschap_cbs: ERROR: External script says:
2919. (16) mschap_cbs: ERROR: MS-CHAP2-Response is incorrect
2920. (16)       [mschap_cbs] = reject
2921. (16)     } # if (reject) = reject
2922. (16)   } # Auth-Type MS-CHAP = reject
2923. (16) eap: Sending EAP Failure (code 4) ID 8 length 4
2924. (16) eap: Freeing handler
2925. (16)       [eap] = reject
2926. (16)     } # authenticate = reject
2927. (16)   Failed to authenticate the user
2928. (16)   Using Post-Auth-Type Reject
2929. (16)   # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
2930. (16)     Post-Auth-Type REJECT {
2931. (16) attr_filter.access_reject: EXPAND %{User-Name}
2932. (16) attr_filter.access_reject:    --> FBCEXAMPLE\\daniel.radius
2933. (16) attr_filter.access_reject: Matched entry DEFAULT at line 11
2934. (16)       [attr_filter.access_reject] = updated
2935. (16)       update outer.session-state {
2936. (16)         &Module-Failure-Message := &request:Module-Failure-Message -> 'mschap_fbc: Program returned code (1) and output \'Logon failure (0xc000006d)\''
2937. (16)       } # update outer.session-state = noop
2938. (16)     } # Post-Auth-Type REJECT = updated
2939. (16) } # server inner-tunnel
2940. (16) Virtual server sending reply
2941. (16)   MS-CHAP-Error = "\010E=691 R=1 C=01df8d0d2186902ea16efe3b7ad97da4 V=3 M=Authentication failed"
2942. (16)   MS-CHAP-Error = "\010E=691 R=1 C=a777d759e6e4a6a4d677a7d1d52a9c53 V=3 M=Authentication failed"
2943. (16)   MS-CHAP-Error = "\010E=691 R=1 C=f86d0501557bbf2f50af2b3315ed1eb5 V=3 M=Authentication failed"
2944. (16)   MS-CHAP-Error = "\010E=691 R=1 C=e8a9e81ed118c94ca3b2aad65b830b90 V=3 M=Authentication failed"
2945. (16)   EAP-Message = 0x04080004
2946. (16)   Message-Authenticator = 0x00000000000000000000000000000000
2947. (16) eap_peap: Got tunneled reply code 3
2948. (16) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=01df8d0d2186902ea16efe3b7ad97da4 V=3 M=Authentication failed"
2949. (16) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=a777d759e6e4a6a4d677a7d1d52a9c53 V=3 M=Authentication failed"
2950. (16) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=f86d0501557bbf2f50af2b3315ed1eb5 V=3 M=Authentication failed"
2951. (16) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=e8a9e81ed118c94ca3b2aad65b830b90 V=3 M=Authentication failed"
2952. (16) eap_peap:   EAP-Message = 0x04080004
2953. (16) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
2954. (16) eap_peap: Got tunneled reply RADIUS code 3
2955. (16) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=01df8d0d2186902ea16efe3b7ad97da4 V=3 M=Authentication failed"
2956. (16) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=a777d759e6e4a6a4d677a7d1d52a9c53 V=3 M=Authentication failed"
2957. (16) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=f86d0501557bbf2f50af2b3315ed1eb5 V=3 M=Authentication failed"
2958. (16) eap_peap:   MS-CHAP-Error = "\010E=691 R=1 C=e8a9e81ed118c94ca3b2aad65b830b90 V=3 M=Authentication failed"
2959. (16) eap_peap:   EAP-Message = 0x04080004
2960. (16) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
2961. (16) eap_peap: Tunneled authentication was rejected
2962. (16) eap_peap: FAILURE
2963. (16) eap: Sending EAP Request (code 1) ID 9 length 46
2964. (16) eap: EAP session adding &reply:State = 0x47e4fe3d40ede7f3
2965. (16)     [eap] = handled
2966. (16)   } # authenticate = handled
2967. (16) Using Post-Auth-Type Challenge
2968. (16) Post-Auth-Type sub-section not found.  Ignoring.
2969. (16) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
2970. (16) session-state: Saving cached attributes
2971. (16)   Module-Failure-Message := "mschap_fbc: Program returned code (1) and output 'Logon failure (0xc000006d)'"
2972. (16) Sent Access-Challenge Id 127 from 10.168.109.39:1812 to 10.168.149.99:33240 length 0
2973. (16)   EAP-Message = 0x0109002e190017030300231ed9e340415001e2293bf44f910658e92eb682a427872079e54166d9aa423879ea8ed7
2974. (16)   Message-Authenticator = 0x00000000000000000000000000000000
2975. (16)   State = 0x47e4fe3d40ede7f39737dc8eeb024c67
2976. (16) Finished request
2977. Waking up in 2.8 seconds.
2978. (17) Received Access-Request Id 128 from 10.168.149.99:33240 to 10.168.109.39:1812 length 244
2979. (17)   User-Name = "FBCEXAMPLE\\daniel.radius"
2980. (17)   NAS-IP-Address = 10.168.149.99
2981. (17)   NAS-Port = 0
2982. (17)   NAS-Identifier = "10.168.149.99"
2983. (17)   NAS-Port-Type = Wireless-802.11
2984. (17)   Calling-Station-Id = "C0335E160E17"
2985. (17)   Called-Station-Id = "000B866DC9CC"
2986. (17)   Service-Type = Login-User
2987. (17)   Framed-MTU = 1100
2988. (17)   EAP-Message = 0x0209002e19001703030023000000000000000318a2dcc6a1e26705c9ee920bbf852e4e3ac9b354085bc170a9bffc
2989. (17)   State = 0x47e4fe3d40ede7f39737dc8eeb024c67
2990. (17)   Aruba-Essid-Name = "Testnet"
2991. (17)   Aruba-Location-Id = "FBC-2103"
2992. (17)   Aruba-AP-Group = "FBC"
2993. (17)   Message-Authenticator = 0x92fda2a50dfe5d0a59fc16d1717b035e
2994. (17) Restoring &session-state
2995. (17)   &session-state:Module-Failure-Message := "mschap_fbc: Program returned code (1) and output 'Logon failure (0xc000006d)'"
2996. (17) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
2997. (17)   authorize {
2998. (17)     policy filter_username {
2999. (17)       if (&User-Name) {
3000. (17)       if (&User-Name)  -> TRUE
3001. (17)       if (&User-Name)  {
3002. (17)         if (&User-Name =~ / /) {
3003. (17)         if (&User-Name =~ / /)  -> FALSE
3004. (17)         if (&User-Name =~ /@[^@]*@/ ) {
3005. (17)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
3006. (17)         if (&User-Name =~ /\.\./ ) {
3007. (17)         if (&User-Name =~ /\.\./ )  -> FALSE
3008. (17)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
3009. (17)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
3010. (17)         if (&User-Name =~ /\.$/)  {
3011. (17)         if (&User-Name =~ /\.$/)   -> FALSE
3012. (17)         if (&User-Name =~ /@\./)  {
3013. (17)         if (&User-Name =~ /@\./)   -> FALSE
3014. (17)       } # if (&User-Name)  = notfound
3015. (17)     } # policy filter_username = notfound
3016. (17)     [preprocess] = ok
3017. (17)     [chap] = noop
3018. (17)     [mschap_fbc] = noop
3019. (17)     [mschap_hac] = noop
3020. (17)     [mschap_hbs] = noop
3021. (17)     [mschap_cbs] = noop
3022. (17)     [digest] = noop
3023. (17) suffix: Checking for suffix after "@"
3024. (17) suffix: No '@' in User-Name = "FBCEXAMPLE\daniel.radius", looking up realm NULL
3025. (17) suffix: No such realm "NULL"
3026. (17)     [suffix] = noop
3027. (17) eap: Peer sent EAP Response (code 2) ID 9 length 46
3028. (17) eap: Continuing tunnel setup
3029. (17)     [eap] = ok
3030. (17)   } # authorize = ok
3031. (17) Found Auth-Type = eap
3032. (17) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
3033. (17)   authenticate {
3034. (17) eap: Expiring EAP session with state 0x47e4fe3d40ede7f3
3035. (17) eap: Finished EAP session with state 0x47e4fe3d40ede7f3
3036. (17) eap: Previous EAP request found for state 0x47e4fe3d40ede7f3, released from the list
3037. (17) eap: Peer sent packet with method EAP PEAP (25)
3038. (17) eap: Calling submodule eap_peap to process data
3039. (17) eap_peap: Continuing EAP-TLS
3040. (17) eap_peap: [eaptls verify] = ok
3041. (17) eap_peap: Done initial handshake
3042. (17) eap_peap: [eaptls process] = ok
3043. (17) eap_peap: Session established.  Decoding tunneled attributes
3044. (17) eap_peap: PEAP state send tlv failure
3045. (17) eap_peap: Received EAP-TLV response
3046. (17) eap_peap:   The users session was previously rejected: returning reject (again.)
3047. (17) eap_peap:   This means you need to read the PREVIOUS messages in the debug output
3048. (17) eap_peap:   to find out the reason why the user was rejected
3049. (17) eap_peap:   Look for "reject" or "fail".  Those earlier messages will tell you
3050. (17) eap_peap:   what went wrong, and how to fix the problem
3051. (17) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
3052. (17) eap: Sending EAP Failure (code 4) ID 9 length 4
3053. (17) eap: Failed in EAP select
3054. (17)     [eap] = invalid
3055. (17)   } # authenticate = invalid
3056. (17) Failed to authenticate the user
3057. (17) Using Post-Auth-Type Reject
3058. (17) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
3059. (17)   Post-Auth-Type REJECT {
3060. (17) attr_filter.access_reject: EXPAND %{User-Name}
3061. (17) attr_filter.access_reject:    --> FBCEXAMPLE\\daniel.radius
3062. (17) attr_filter.access_reject: Matched entry DEFAULT at line 11
3063. (17)     [attr_filter.access_reject] = updated
3064. (17)     [eap] = noop
3065. (17)     policy remove_reply_message_if_eap {
3066. (17)       if (&reply:EAP-Message && &reply:Reply-Message) {
3067. (17)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
3068. (17)       else {
3069. (17)         [noop] = noop
3070. (17)       } # else = noop
3071. (17)     } # policy remove_reply_message_if_eap = noop
3072. (17)   } # Post-Auth-Type REJECT = updated
3073. (17) Delaying response for 1.000000 seconds
3074. Waking up in 0.3 seconds.
3075. Waking up in 0.6 seconds.
3076. (17) Sending delayed response
3077. (17) Sent Access-Reject Id 128 from 10.168.109.39:1812 to 10.168.149.99:33240 length 44
3078. (17)   EAP-Message = 0x04090004
3079. (17)   Message-Authenticator = 0x00000000000000000000000000000000
3080. Waking up in 1.7 seconds.
3081. (14) Cleaning up request packet ID 125 with timestamp +32
3082. (15) Cleaning up request packet ID 126 with timestamp +32
3083. Waking up in 2.1 seconds.
3084. (16) Cleaning up request packet ID 127 with timestamp +32
3085. (17) Cleaning up request packet ID 128 with timestamp +35
3086. Ready to process requests