Guest User

Untitled

a guest
Jun 1st, 2016
253
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 487.81 KB | None | 0 0
  1. [root@radius001 vkratsberg]# radiusd -X
  2. Server was built with:
  3. accounting : yes
  4. authentication : yes
  5. ascend-binary-attributes : yes
  6. coa : yes
  7. control-socket : yes
  8. detail : yes
  9. dhcp : yes
  10. dynamic-clients : yes
  11. osfc2 : no
  12. proxy : yes
  13. regex-pcre : yes
  14. regex-posix : no
  15. regex-posix-extended : no
  16. session-management : yes
  17. stats : yes
  18. tcp : yes
  19. threads : yes
  20. tls : yes
  21. unlang : yes
  22. vmps : yes
  23. developer : no
  24. Server core libs:
  25. freeradius-server : 3.0.11
  26. talloc : 2.0.*
  27. ssl : 1.0.1e release
  28. pcre : 8.32 2012-11-30
  29. Endianness:
  30. little
  31. Compilation flags:
  32. cppflags :
  33. cflags : -I/root/rpmbuild/BUILD/freeradius-server-3.0.11 -I/root/rpmbuild/BUILD/freeradius-server-3.0.11/src -include /root/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/autoconf.h -include /root/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/build.h -include /root/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/features.h -include /root/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/radpaths.h -fno-strict-aliasing -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wall -std=c99 -D_GNU_SOURCE -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -DNDEBUG -DIS_MODULE=1
  34. ldflags : -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
  35. libs : -lcrypto -lssl -ltalloc -lpcre -lnsl -lresolv -ldl -lpthread -lreadline
  36.  
  37. Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
  38. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  39. PARTICULAR PURPOSE
  40. You may redistribute copies of FreeRADIUS under the terms of the
  41. GNU General Public License
  42. For more information about these matters, see the file named COPYRIGHT
  43. Starting - reading configuration files ...
  44. including dictionary file /usr/share/freeradius/dictionary
  45. including dictionary file /usr/share/freeradius/dictionary.dhcp
  46. including dictionary file /usr/share/freeradius/dictionary.vqp
  47. including dictionary file /etc/raddb/dictionary
  48. including configuration file /etc/raddb/radiusd.conf
  49. including configuration file /etc/raddb/proxy.conf
  50. including configuration file /etc/raddb/clients.conf
  51. including files in directory /etc/raddb/mods-enabled/
  52. including configuration file /etc/raddb/mods-enabled/logintime
  53. including configuration file /etc/raddb/mods-enabled/mschap
  54. including configuration file /etc/raddb/mods-enabled/passwd
  55. including configuration file /etc/raddb/mods-enabled/preprocess
  56. including configuration file /etc/raddb/mods-enabled/radutmp
  57. including configuration file /etc/raddb/mods-enabled/soh
  58. including configuration file /etc/raddb/mods-enabled/unix
  59. including configuration file /etc/raddb/mods-enabled/utf8
  60. including configuration file /etc/raddb/mods-enabled/ldap
  61. including configuration file /etc/raddb/mods-enabled/always
  62. including configuration file /etc/raddb/mods-enabled/attr_filter
  63. including configuration file /etc/raddb/mods-enabled/cache_eap
  64. including configuration file /etc/raddb/mods-enabled/chap
  65. including configuration file /etc/raddb/mods-enabled/detail
  66. including configuration file /etc/raddb/mods-enabled/detail.log
  67. including configuration file /etc/raddb/mods-enabled/dhcp
  68. including configuration file /etc/raddb/mods-enabled/digest
  69. including configuration file /etc/raddb/mods-enabled/dynamic_clients
  70. including configuration file /etc/raddb/mods-enabled/eap
  71. including configuration file /etc/raddb/mods-enabled/echo
  72. including configuration file /etc/raddb/mods-enabled/exec
  73. including configuration file /etc/raddb/mods-enabled/expiration
  74. including configuration file /etc/raddb/mods-enabled/expr
  75. including configuration file /etc/raddb/mods-enabled/files
  76. including configuration file /etc/raddb/mods-enabled/linelog
  77. including configuration file /etc/raddb/mods-enabled/ntlm_auth
  78. including configuration file /etc/raddb/mods-enabled/pap
  79. including configuration file /etc/raddb/mods-enabled/realm
  80. including configuration file /etc/raddb/mods-enabled/replicate
  81. including configuration file /etc/raddb/mods-enabled/sradutmp
  82. including configuration file /etc/raddb/mods-enabled/unpack
  83. including files in directory /etc/raddb/policy.d/
  84. including configuration file /etc/raddb/policy.d/abfab-tr
  85. including configuration file /etc/raddb/policy.d/accounting
  86. including configuration file /etc/raddb/policy.d/canonicalization
  87. including configuration file /etc/raddb/policy.d/control
  88. including configuration file /etc/raddb/policy.d/cui
  89. including configuration file /etc/raddb/policy.d/debug
  90. including configuration file /etc/raddb/policy.d/dhcp
  91. including configuration file /etc/raddb/policy.d/eap
  92. including configuration file /etc/raddb/policy.d/filter
  93. including configuration file /etc/raddb/policy.d/operator-name
  94. including files in directory /etc/raddb/sites-enabled/
  95. including configuration file /etc/raddb/sites-enabled/default
  96. including configuration file /etc/raddb/sites-enabled/inner-tunnel
  97. main {
  98. security {
  99. user = "radiusd"
  100. group = "radiusd"
  101. allow_core_dumps = no
  102. }
  103. name = "radiusd"
  104. prefix = "/usr"
  105. localstatedir = "/var"
  106. logdir = "/var/log/radius"
  107. run_dir = "/var/run/radiusd"
  108. }
  109. main {
  110. name = "radiusd"
  111. prefix = "/usr"
  112. localstatedir = "/var"
  113. sbindir = "/usr/sbin"
  114. logdir = "/var/log/radius"
  115. run_dir = "/var/run/radiusd"
  116. libdir = "/usr/lib64/freeradius"
  117. radacctdir = "/var/log/radius/radacct"
  118. hostname_lookups = no
  119. max_request_time = 30
  120. cleanup_delay = 5
  121. max_requests = 16384
  122. pidfile = "/var/run/radiusd/radiusd.pid"
  123. checkrad = "/usr/sbin/checkrad"
  124. debug_level = 0
  125. proxy_requests = yes
  126. log {
  127. stripped_names = no
  128. auth = no
  129. auth_badpass = no
  130. auth_goodpass = no
  131. colourise = yes
  132. msg_denied = "You are already logged in - access denied"
  133. }
  134. resources {
  135. }
  136. security {
  137. max_attributes = 200
  138. reject_delay = 1.000000
  139. status_server = yes
  140. }
  141. }
  142. radiusd: #### Loading Realms and Home Servers ####
  143. proxy server {
  144. retry_delay = 5
  145. retry_count = 3
  146. default_fallback = no
  147. dead_time = 120
  148. wake_all_if_all_dead = no
  149. }
  150. home_server localhost {
  151. ipaddr = 127.0.0.1
  152. port = 1812
  153. type = "auth"
  154. secret = <<< secret >>>
  155. response_window = 20.000000
  156. response_timeouts = 1
  157. max_outstanding = 65536
  158. zombie_period = 40
  159. status_check = "status-server"
  160. ping_interval = 30
  161. check_interval = 30
  162. check_timeout = 4
  163. num_answers_to_alive = 3
  164. revive_interval = 120
  165. limit {
  166. max_connections = 16
  167. max_requests = 0
  168. lifetime = 0
  169. idle_timeout = 0
  170. }
  171. coa {
  172. irt = 2
  173. mrt = 16
  174. mrc = 5
  175. mrd = 30
  176. }
  177. }
  178. home_server_pool my_auth_failover {
  179. type = fail-over
  180. home_server = localhost
  181. }
  182. realm example.com {
  183. auth_pool = my_auth_failover
  184. }
  185. realm LOCAL {
  186. }
  187. radiusd: #### Loading Clients ####
  188. client localhost {
  189. ipv4addr = 127.0.0.1
  190. require_message_authenticator = no
  191. secret = <<< secret >>>
  192. nas_type = "other"
  193. limit {
  194. max_connections = 16
  195. lifetime = 0
  196. idle_timeout = 30
  197. }
  198. }
  199. client 192.168.10.0/24 {
  200. ipv4addr = 192.168.10.0/24
  201. require_message_authenticator = no
  202. secret = <<< secret >>>
  203. shortname = "nyc-mgmt-network"
  204. limit {
  205. max_connections = 16
  206. lifetime = 0
  207. idle_timeout = 30
  208. }
  209. }
  210. client 10.120.8.0/24 {
  211. ipv4addr = 10.120.8.0/24
  212. require_message_authenticator = no
  213. secret = <<< secret >>>
  214. shortname = "da-oob-internal"
  215. limit {
  216. max_connections = 16
  217. lifetime = 0
  218. idle_timeout = 30
  219. }
  220. }
  221. client 10.120.225.0/24 {
  222. ipv4addr = 10.120.225.0/24
  223. require_message_authenticator = no
  224. secret = <<< secret >>>
  225. shortname = "da-mgmt-network"
  226. limit {
  227. max_connections = 16
  228. lifetime = 0
  229. idle_timeout = 30
  230. }
  231. }
  232. client 10.120.22.0/24 {
  233. ipv4addr = 10.120.22.0/24
  234. require_message_authenticator = no
  235. secret = <<< secret >>>
  236. shortname = "da3-int-transit-net"
  237. limit {
  238. max_connections = 16
  239. lifetime = 0
  240. idle_timeout = 30
  241. }
  242. }
  243. client 10.100.124.0/22 {
  244. ipv4addr = 10.100.124.0/22
  245. require_message_authenticator = no
  246. secret = <<< secret >>>
  247. shortname = "peer1-mgmt-network"
  248. limit {
  249. max_connections = 16
  250. lifetime = 0
  251. idle_timeout = 30
  252. }
  253. }
  254. client 10.8.0.0/24 {
  255. ipv4addr = 10.8.0.0/24
  256. require_message_authenticator = no
  257. secret = <<< secret >>>
  258. shortname = "nyc-hq"
  259. limit {
  260. max_connections = 16
  261. lifetime = 0
  262. idle_timeout = 30
  263. }
  264. }
  265. client 10.150.0.0/16 {
  266. ipv4addr = 10.150.0.0/16
  267. require_message_authenticator = no
  268. secret = <<< secret >>>
  269. shortname = "dublin-corp"
  270. limit {
  271. max_connections = 16
  272. lifetime = 0
  273. idle_timeout = 30
  274. }
  275. }
  276. client 10.126.0.0/16 {
  277. ipv4addr = 10.126.0.0/16
  278. require_message_authenticator = no
  279. secret = <<< secret >>>
  280. shortname = "portland-corp"
  281. limit {
  282. max_connections = 16
  283. lifetime = 0
  284. idle_timeout = 30
  285. }
  286. }
  287. client 10.100.0.0/24 {
  288. ipv4addr = 10.100.0.0/24
  289. require_message_authenticator = no
  290. secret = <<< secret >>>
  291. shortname = "peer1-loopbacks"
  292. limit {
  293. max_connections = 16
  294. lifetime = 0
  295. idle_timeout = 30
  296. }
  297. }
  298. client 10.120.0.0/24 {
  299. ipv4addr = 10.120.0.0/24
  300. require_message_authenticator = no
  301. secret = <<< secret >>>
  302. shortname = "dallas-loopbacks"
  303. limit {
  304. max_connections = 16
  305. lifetime = 0
  306. idle_timeout = 30
  307. }
  308. }
  309. client 10.100.72.100/32 {
  310. ipv4addr = 10.100.72.100
  311. require_message_authenticator = no
  312. secret = <<< secret >>>
  313. shortname = "peer1-wlc-master"
  314. limit {
  315. max_connections = 16
  316. lifetime = 0
  317. idle_timeout = 30
  318. }
  319. }
  320. client 192.168.1.68 {
  321. ipv4addr = 192.168.1.68
  322. require_message_authenticator = no
  323. secret = <<< secret >>>
  324. shortname = "admin01"
  325. limit {
  326. max_connections = 16
  327. lifetime = 0
  328. idle_timeout = 30
  329. }
  330. }
  331. client 192.168.1.8 {
  332. ipv4addr = 192.168.1.8
  333. require_message_authenticator = no
  334. secret = <<< secret >>>
  335. shortname = "admin08"
  336. limit {
  337. max_connections = 16
  338. lifetime = 0
  339. idle_timeout = 30
  340. }
  341. }
  342. Debugger not attached
  343. # Creating Auth-Type = PAP
  344. # Creating Auth-Type = CHAP
  345. # Creating Auth-Type = MS-CHAP
  346. # Creating Auth-Type = digest
  347. # Creating Auth-Type = eap
  348. radiusd: #### Instantiating modules ####
  349. modules {
  350. # Loaded module rlm_logintime
  351. # Loading module "logintime" from file /etc/raddb/mods-enabled/logintime
  352. logintime {
  353. minimum_timeout = 60
  354. }
  355. # Loaded module rlm_mschap
  356. # Loading module "mschap" from file /etc/raddb/mods-enabled/mschap
  357. mschap {
  358. use_mppe = yes
  359. require_encryption = no
  360. require_strong = no
  361. with_ntdomain_hack = yes
  362. passchange {
  363. }
  364. allow_retry = yes
  365. }
  366. # Loaded module rlm_passwd
  367. # Loading module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
  368. passwd etc_passwd {
  369. filename = "/etc/passwd"
  370. format = "*User-Name:Crypt-Password:"
  371. delimiter = ":"
  372. ignore_nislike = no
  373. ignore_empty = yes
  374. allow_multiple_keys = no
  375. hash_size = 100
  376. }
  377. # Loaded module rlm_preprocess
  378. # Loading module "preprocess" from file /etc/raddb/mods-enabled/preprocess
  379. preprocess {
  380. huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
  381. hints = "/etc/raddb/mods-config/preprocess/hints"
  382. with_ascend_hack = no
  383. ascend_channels_per_line = 23
  384. with_ntdomain_hack = no
  385. with_specialix_jetstream_hack = no
  386. with_cisco_vsa_hack = no
  387. with_alvarion_vsa_hack = no
  388. }
  389. # Loaded module rlm_radutmp
  390. # Loading module "radutmp" from file /etc/raddb/mods-enabled/radutmp
  391. radutmp {
  392. filename = "/var/log/radius/radutmp"
  393. username = "%{User-Name}"
  394. case_sensitive = yes
  395. check_with_nas = yes
  396. permissions = 384
  397. caller_id = yes
  398. }
  399. # Loaded module rlm_soh
  400. # Loading module "soh" from file /etc/raddb/mods-enabled/soh
  401. soh {
  402. dhcp = yes
  403. }
  404. # Loaded module rlm_unix
  405. # Loading module "unix" from file /etc/raddb/mods-enabled/unix
  406. unix {
  407. radwtmp = "/var/log/radius/radwtmp"
  408. }
  409. Creating attribute Unix-Group
  410. # Loaded module rlm_utf8
  411. # Loading module "utf8" from file /etc/raddb/mods-enabled/utf8
  412. # Loaded module rlm_ldap
  413. # Loading module "ldap" from file /etc/raddb/mods-enabled/ldap
  414. ldap {
  415. server = "ldap001.008.jfk.corp.squarespace.net"
  416. port = 636
  417. identity = "cn=directory manager"
  418. password = <<< secret >>>
  419. sasl {
  420. }
  421. user {
  422. scope = "sub"
  423. access_positive = yes
  424. sasl {
  425. }
  426. }
  427. group {
  428. filter = "(objectClass=GroupOfNames)"
  429. scope = "sub"
  430. name_attribute = "cn"
  431. membership_attribute = "memberOf"
  432. membership_filter = "(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
  433. cacheable_name = no
  434. cacheable_dn = no
  435. }
  436. client {
  437. filter = "(objectClass=frClient)"
  438. scope = "sub"
  439. base_dn = "dc=sq,dc=net"
  440. }
  441. profile {
  442. }
  443. options {
  444. ldap_debug = 40
  445. chase_referrals = yes
  446. rebind = yes
  447. net_timeout = 1
  448. res_timeout = 20
  449. srv_timelimit = 20
  450. idle = 60
  451. probes = 3
  452. interval = 3
  453. }
  454. tls {
  455. start_tls = no
  456. require_cert = "allow"
  457. }
  458. }
  459. Creating attribute LDAP-Group
  460. # Loaded module rlm_always
  461. # Loading module "reject" from file /etc/raddb/mods-enabled/always
  462. always reject {
  463. rcode = "reject"
  464. simulcount = 0
  465. mpp = no
  466. }
  467. # Loading module "fail" from file /etc/raddb/mods-enabled/always
  468. always fail {
  469. rcode = "fail"
  470. simulcount = 0
  471. mpp = no
  472. }
  473. # Loading module "ok" from file /etc/raddb/mods-enabled/always
  474. always ok {
  475. rcode = "ok"
  476. simulcount = 0
  477. mpp = no
  478. }
  479. # Loading module "handled" from file /etc/raddb/mods-enabled/always
  480. always handled {
  481. rcode = "handled"
  482. simulcount = 0
  483. mpp = no
  484. }
  485. # Loading module "invalid" from file /etc/raddb/mods-enabled/always
  486. always invalid {
  487. rcode = "invalid"
  488. simulcount = 0
  489. mpp = no
  490. }
  491. # Loading module "userlock" from file /etc/raddb/mods-enabled/always
  492. always userlock {
  493. rcode = "userlock"
  494. simulcount = 0
  495. mpp = no
  496. }
  497. # Loading module "notfound" from file /etc/raddb/mods-enabled/always
  498. always notfound {
  499. rcode = "notfound"
  500. simulcount = 0
  501. mpp = no
  502. }
  503. # Loading module "noop" from file /etc/raddb/mods-enabled/always
  504. always noop {
  505. rcode = "noop"
  506. simulcount = 0
  507. mpp = no
  508. }
  509. # Loading module "updated" from file /etc/raddb/mods-enabled/always
  510. always updated {
  511. rcode = "updated"
  512. simulcount = 0
  513. mpp = no
  514. }
  515. # Loaded module rlm_attr_filter
  516. # Loading module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
  517. attr_filter attr_filter.post-proxy {
  518. filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
  519. key = "%{Realm}"
  520. relaxed = no
  521. }
  522. # Loading module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
  523. attr_filter attr_filter.pre-proxy {
  524. filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
  525. key = "%{Realm}"
  526. relaxed = no
  527. }
  528. # Loading module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
  529. attr_filter attr_filter.access_reject {
  530. filename = "/etc/raddb/mods-config/attr_filter/access_reject"
  531. key = "%{User-Name}"
  532. relaxed = no
  533. }
  534. # Loading module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
  535. attr_filter attr_filter.access_challenge {
  536. filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
  537. key = "%{User-Name}"
  538. relaxed = no
  539. }
  540. # Loading module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
  541. attr_filter attr_filter.accounting_response {
  542. filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
  543. key = "%{User-Name}"
  544. relaxed = no
  545. }
  546. # Loaded module rlm_cache
  547. # Loading module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
  548. cache cache_eap {
  549. driver = "rlm_cache_rbtree"
  550. key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  551. ttl = 15
  552. max_entries = 0
  553. epoch = 0
  554. add_stats = no
  555. }
  556. # Loaded module rlm_chap
  557. # Loading module "chap" from file /etc/raddb/mods-enabled/chap
  558. # Loaded module rlm_detail
  559. # Loading module "detail" from file /etc/raddb/mods-enabled/detail
  560. detail {
  561. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  562. header = "%t"
  563. permissions = 384
  564. locking = no
  565. escape_filenames = no
  566. log_packet_header = no
  567. }
  568. # Loading module "auth_log" from file /etc/raddb/mods-enabled/detail.log
  569. detail auth_log {
  570. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  571. header = "%t"
  572. permissions = 384
  573. locking = no
  574. escape_filenames = no
  575. log_packet_header = no
  576. }
  577. # Loading module "reply_log" from file /etc/raddb/mods-enabled/detail.log
  578. detail reply_log {
  579. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  580. header = "%t"
  581. permissions = 384
  582. locking = no
  583. escape_filenames = no
  584. log_packet_header = no
  585. }
  586. # Loading module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
  587. detail pre_proxy_log {
  588. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  589. header = "%t"
  590. permissions = 384
  591. locking = no
  592. escape_filenames = no
  593. log_packet_header = no
  594. }
  595. # Loading module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
  596. detail post_proxy_log {
  597. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  598. header = "%t"
  599. permissions = 384
  600. locking = no
  601. escape_filenames = no
  602. log_packet_header = no
  603. }
  604. # Loaded module rlm_dhcp
  605. # Loading module "dhcp" from file /etc/raddb/mods-enabled/dhcp
  606. # Loaded module rlm_digest
  607. # Loading module "digest" from file /etc/raddb/mods-enabled/digest
  608. # Loaded module rlm_dynamic_clients
  609. # Loading module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients
  610. # Loaded module rlm_eap
  611. # Loading module "eap" from file /etc/raddb/mods-enabled/eap
  612. eap {
  613. default_eap_type = "peap"
  614. timer_expire = 60
  615. ignore_unknown_eap_types = no
  616. cisco_accounting_username_bug = no
  617. max_sessions = 16384
  618. }
  619. # Loaded module rlm_exec
  620. # Loading module "echo" from file /etc/raddb/mods-enabled/echo
  621. exec echo {
  622. wait = yes
  623. program = "/bin/echo %{User-Name}"
  624. input_pairs = "request"
  625. output_pairs = "reply"
  626. shell_escape = yes
  627. }
  628. # Loading module "exec" from file /etc/raddb/mods-enabled/exec
  629. exec {
  630. wait = no
  631. input_pairs = "request"
  632. shell_escape = yes
  633. timeout = 10
  634. }
  635. # Loaded module rlm_expiration
  636. # Loading module "expiration" from file /etc/raddb/mods-enabled/expiration
  637. # Loaded module rlm_expr
  638. # Loading module "expr" from file /etc/raddb/mods-enabled/expr
  639. expr {
  640. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  641. }
  642. # Loaded module rlm_files
  643. # Loading module "files" from file /etc/raddb/mods-enabled/files
  644. files {
  645. filename = "/etc/raddb/mods-config/files/authorize"
  646. acctusersfile = "/etc/raddb/mods-config/files/accounting"
  647. preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
  648. }
  649. # Loaded module rlm_linelog
  650. # Loading module "linelog" from file /etc/raddb/mods-enabled/linelog
  651. linelog {
  652. filename = "/var/log/radius/linelog"
  653. escape_filenames = no
  654. syslog_severity = "info"
  655. permissions = 384
  656. format = "This is a log message for %{User-Name}"
  657. reference = "messages.%{%{reply:Packet-Type}:-default}"
  658. }
  659. # Loading module "log_accounting" from file /etc/raddb/mods-enabled/linelog
  660. linelog log_accounting {
  661. filename = "/var/log/radius/linelog-accounting"
  662. escape_filenames = no
  663. syslog_severity = "info"
  664. permissions = 384
  665. format = ""
  666. reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  667. }
  668. # Loading module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
  669. exec ntlm_auth {
  670. wait = yes
  671. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  672. shell_escape = yes
  673. }
  674. # Loaded module rlm_pap
  675. # Loading module "pap" from file /etc/raddb/mods-enabled/pap
  676. pap {
  677. normalise = yes
  678. }
  679. # Loaded module rlm_realm
  680. # Loading module "IPASS" from file /etc/raddb/mods-enabled/realm
  681. realm IPASS {
  682. format = "prefix"
  683. delimiter = "/"
  684. ignore_default = no
  685. ignore_null = no
  686. }
  687. # Loading module "suffix" from file /etc/raddb/mods-enabled/realm
  688. realm suffix {
  689. format = "suffix"
  690. delimiter = "@"
  691. ignore_default = no
  692. ignore_null = no
  693. }
  694. # Loading module "realmpercent" from file /etc/raddb/mods-enabled/realm
  695. realm realmpercent {
  696. format = "suffix"
  697. delimiter = "%"
  698. ignore_default = no
  699. ignore_null = no
  700. }
  701. # Loading module "ntdomain" from file /etc/raddb/mods-enabled/realm
  702. realm ntdomain {
  703. format = "prefix"
  704. delimiter = "\\"
  705. ignore_default = no
  706. ignore_null = no
  707. }
  708. # Loaded module rlm_replicate
  709. # Loading module "replicate" from file /etc/raddb/mods-enabled/replicate
  710. # Loading module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
  711. radutmp sradutmp {
  712. filename = "/var/log/radius/sradutmp"
  713. username = "%{User-Name}"
  714. case_sensitive = yes
  715. check_with_nas = yes
  716. permissions = 420
  717. caller_id = no
  718. }
  719. # Loaded module rlm_unpack
  720. # Loading module "unpack" from file /etc/raddb/mods-enabled/unpack
  721. instantiate {
  722. }
  723. # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
  724. # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
  725. rlm_mschap (mschap): using internal authentication
  726. # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
  727. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  728. # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
  729. reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
  730. reading pairlist file /etc/raddb/mods-config/preprocess/hints
  731. # Instantiating module "ldap" from file /etc/raddb/mods-enabled/ldap
  732. rlm_ldap: libldap vendor: OpenLDAP, version: 20440
  733. accounting {
  734. reference = "%{tolower:type.%{Acct-Status-Type}}"
  735. }
  736. post-auth {
  737. reference = "."
  738. }
  739. rlm_ldap (ldap): Initialising connection pool
  740. pool {
  741. start = 5
  742. min = 4
  743. max = 32
  744. spare = 3
  745. uses = 0
  746. lifetime = 0
  747. cleanup_interval = 30
  748. idle_timeout = 60
  749. retry_delay = 1
  750. spread = no
  751. }
  752. rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
  753. rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
  754. TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
  755. rlm_ldap (ldap): Waiting for bind result...
  756. rlm_ldap (ldap): Bind successful
  757. rlm_ldap (ldap): Opening additional connection (1), 1 of 31 pending slots used
  758. rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
  759. TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
  760. rlm_ldap (ldap): Waiting for bind result...
  761. rlm_ldap (ldap): Bind successful
  762. rlm_ldap (ldap): Opening additional connection (2), 1 of 30 pending slots used
  763. rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
  764. TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
  765. rlm_ldap (ldap): Waiting for bind result...
  766. rlm_ldap (ldap): Bind successful
  767. rlm_ldap (ldap): Opening additional connection (3), 1 of 29 pending slots used
  768. rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
  769. TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
  770. rlm_ldap (ldap): Waiting for bind result...
  771. rlm_ldap (ldap): Bind successful
  772. rlm_ldap (ldap): Opening additional connection (4), 1 of 28 pending slots used
  773. rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
  774. TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
  775. rlm_ldap (ldap): Waiting for bind result...
  776. rlm_ldap (ldap): Bind successful
  777. # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
  778. # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
  779. # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
  780. # Instantiating module "handled" from file /etc/raddb/mods-enabled/always
  781. # Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
  782. # Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
  783. # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
  784. # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
  785. # Instantiating module "updated" from file /etc/raddb/mods-enabled/always
  786. # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
  787. reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
  788. # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
  789. reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
  790. # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
  791. reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
  792. [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
  793. [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
  794. # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
  795. reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
  796. # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
  797. reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
  798. # Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
  799. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  800. # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
  801. # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
  802. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  803. # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
  804. # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
  805. # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
  806. # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
  807. # Linked to sub-module rlm_eap_md5
  808. # Linked to sub-module rlm_eap_leap
  809. # Linked to sub-module rlm_eap_gtc
  810. gtc {
  811. challenge = "Password: "
  812. auth_type = "PAP"
  813. }
  814. # Linked to sub-module rlm_eap_tls
  815. tls {
  816. tls = "tls-common"
  817. }
  818. tls-config tls-common {
  819. verify_depth = 0
  820. ca_path = "/etc/raddb/certs"
  821. pem_file_type = yes
  822. private_key_file = "/etc/raddb/certs/server.pem"
  823. certificate_file = "/etc/raddb/certs/server.pem"
  824. ca_file = "/etc/raddb/certs/ca.pem"
  825. private_key_password = <<< secret >>>
  826. dh_file = "/etc/raddb/certs/dh"
  827. fragment_size = 1024
  828. include_length = yes
  829. auto_chain = yes
  830. check_crl = no
  831. check_all_crl = no
  832. cipher_list = "DEFAULT"
  833. ecdh_curve = "prime256v1"
  834. cache {
  835. enable = yes
  836. lifetime = 24
  837. name = "EAP module"
  838. max_entries = 255
  839. persist_dir = "/var/log/radius/tlscache"
  840. }
  841. verify {
  842. skip_if_ocsp_ok = no
  843. }
  844. ocsp {
  845. enable = no
  846. override_cert_url = yes
  847. url = "http://127.0.0.1/ocsp/"
  848. use_nonce = yes
  849. timeout = 0
  850. softfail = no
  851. }
  852. }
  853. # Linked to sub-module rlm_eap_ttls
  854. ttls {
  855. tls = "tls-common"
  856. default_eap_type = "md5"
  857. copy_request_to_tunnel = no
  858. use_tunneled_reply = no
  859. virtual_server = "inner-tunnel"
  860. include_length = yes
  861. require_client_cert = no
  862. }
  863. tls: Using cached TLS configuration from previous invocation
  864. # Linked to sub-module rlm_eap_peap
  865. peap {
  866. tls = "tls-common"
  867. default_eap_type = "gtc"
  868. copy_request_to_tunnel = yes
  869. use_tunneled_reply = yes
  870. proxy_tunneled_request_as_eap = yes
  871. virtual_server = "inner-tunnel"
  872. soh = no
  873. require_client_cert = no
  874. }
  875. tls: Using cached TLS configuration from previous invocation
  876. # Linked to sub-module rlm_eap_mschapv2
  877. mschapv2 {
  878. with_ntdomain_hack = no
  879. send_error = no
  880. }
  881. # Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration
  882. # Instantiating module "files" from file /etc/raddb/mods-enabled/files
  883. reading pairlist file /etc/raddb/mods-config/files/authorize
  884. reading pairlist file /etc/raddb/mods-config/files/accounting
  885. reading pairlist file /etc/raddb/mods-config/files/pre-proxy
  886. # Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
  887. # Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/linelog
  888. # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
  889. # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
  890. # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
  891. # Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm
  892. # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
  893. } # modules
  894. radiusd: #### Loading Virtual Servers ####
  895. server { # from file /etc/raddb/radiusd.conf
  896. } # server
  897. server default { # from file /etc/raddb/sites-enabled/default
  898. # Loading authenticate {...}
  899. # Loading authorize {...}
  900. Ignoring "sql" (see raddb/mods-available/README.rst)
  901. # Loading preacct {...}
  902. # Loading accounting {...}
  903. # Loading post-proxy {...}
  904. # Loading post-auth {...}
  905. } # server default
  906. server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
  907. # Loading authenticate {...}
  908. # Loading authorize {...}
  909. # Loading session {...}
  910. # Loading post-proxy {...}
  911. # Loading post-auth {...}
  912. } # server inner-tunnel
  913. radiusd: #### Opening IP addresses and Ports ####
  914. listen {
  915. type = "auth"
  916. ipaddr = *
  917. port = 0
  918. limit {
  919. max_connections = 16
  920. lifetime = 0
  921. idle_timeout = 30
  922. }
  923. }
  924. listen {
  925. type = "acct"
  926. ipaddr = *
  927. port = 0
  928. limit {
  929. max_connections = 16
  930. lifetime = 0
  931. idle_timeout = 30
  932. }
  933. }
  934. listen {
  935. type = "auth"
  936. ipv6addr = ::
  937. port = 0
  938. limit {
  939. max_connections = 16
  940. lifetime = 0
  941. idle_timeout = 30
  942. }
  943. }
  944. listen {
  945. type = "acct"
  946. ipv6addr = ::
  947. port = 0
  948. limit {
  949. max_connections = 16
  950. lifetime = 0
  951. idle_timeout = 30
  952. }
  953. }
  954. listen {
  955. type = "auth"
  956. ipaddr = 127.0.0.1
  957. port = 18120
  958. }
  959. Listening on auth address * port 1812 bound to server default
  960. Listening on acct address * port 1813 bound to server default
  961. Listening on auth address :: port 1812 bound to server default
  962. Listening on acct address :: port 1813 bound to server default
  963. Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
  964. Listening on proxy address * port 54354
  965. Listening on proxy address :: port 27487
  966. Ready to process requests
  967. (0) Received Access-Request Id 246 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  968. (0) User-Name = "vkratsberg"
  969. (0) NAS-Port = 358
  970. (0) EAP-Message = 0x0200000f01766b7261747362657267
  971. (0) Message-Authenticator = 0xb89efc2cc1abebf5ffd633797ff669bf
  972. (0) Acct-Session-Id = "8O2.1x81bb0d44000d7362"
  973. (0) NAS-Port-Id = "ge-3/0/6.0"
  974. (0) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  975. (0) Called-Station-Id = "ec-3e-f7-68-35-00"
  976. (0) NAS-IP-Address = 10.8.0.111
  977. (0) NAS-Identifier = "nyc-access-sw011"
  978. (0) NAS-Port-Type = Ethernet
  979. (0) # Executing section authorize from file /etc/raddb/sites-enabled/default
  980. (0) authorize {
  981. (0) policy filter_username {
  982. (0) if (&User-Name) {
  983. (0) if (&User-Name) -> TRUE
  984. (0) if (&User-Name) {
  985. (0) if (&User-Name =~ / /) {
  986. (0) if (&User-Name =~ / /) -> FALSE
  987. (0) if (&User-Name =~ /@[^@]*@/ ) {
  988. (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  989. (0) if (&User-Name =~ /\.\./ ) {
  990. (0) if (&User-Name =~ /\.\./ ) -> FALSE
  991. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  992. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  993. (0) if (&User-Name =~ /\.$/) {
  994. (0) if (&User-Name =~ /\.$/) -> FALSE
  995. (0) if (&User-Name =~ /@\./) {
  996. (0) if (&User-Name =~ /@\./) -> FALSE
  997. (0) } # if (&User-Name) = notfound
  998. (0) } # policy filter_username = notfound
  999. (0) [preprocess] = ok
  1000. (0) [chap] = noop
  1001. (0) [mschap] = noop
  1002. (0) [digest] = noop
  1003. (0) suffix: Checking for suffix after "@"
  1004. (0) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  1005. (0) suffix: No such realm "NULL"
  1006. (0) [suffix] = noop
  1007. (0) eap: Peer sent EAP Response (code 2) ID 0 length 15
  1008. (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  1009. (0) [eap] = ok
  1010. (0) } # authorize = ok
  1011. (0) Found Auth-Type = eap
  1012. (0) # Executing group from file /etc/raddb/sites-enabled/default
  1013. (0) authenticate {
  1014. (0) eap: Peer sent packet with method EAP Identity (1)
  1015. (0) eap: Calling submodule eap_peap to process data
  1016. (0) eap_peap: Initiating new EAP-TLS session
  1017. (0) eap_peap: Flushing SSL sessions (of #0)
  1018. (0) eap_peap: [eaptls start] = request
  1019. (0) eap: Sending EAP Request (code 1) ID 1 length 6
  1020. (0) eap: EAP session adding &reply:State = 0xe721f8dae720e117
  1021. (0) [eap] = handled
  1022. (0) } # authenticate = handled
  1023. (0) Using Post-Auth-Type Challenge
  1024. (0) Post-Auth-Type sub-section not found. Ignoring.
  1025. (0) # Executing group from file /etc/raddb/sites-enabled/default
  1026. (0) Sent Access-Challenge Id 246 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  1027. (0) EAP-Message = 0x010100061920
  1028. (0) Message-Authenticator = 0x00000000000000000000000000000000
  1029. (0) State = 0xe721f8dae720e1179a644c3cc02883a2
  1030. (0) Finished request
  1031. Waking up in 4.9 seconds.
  1032. (1) Received Access-Request Id 247 from 10.8.0.111:58432 to 10.8.64.155:1812 length 311
  1033. (1) User-Name = "vkratsberg"
  1034. (1) NAS-Port = 358
  1035. (1) State = 0xe721f8dae720e1179a644c3cc02883a2
  1036. (1) EAP-Message = 0x020100831980000000791603010074010000700301574f326b30922faf147cb949ddf0cbc1608f156910c4891daba2da78c0012f2500002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000
  1037. (1) Message-Authenticator = 0x92c928be321780c070953f067f2bcc5a
  1038. (1) Acct-Session-Id = "8O2.1x81bb0d44000d7362"
  1039. (1) NAS-Port-Id = "ge-3/0/6.0"
  1040. (1) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1041. (1) Called-Station-Id = "ec-3e-f7-68-35-00"
  1042. (1) NAS-IP-Address = 10.8.0.111
  1043. (1) NAS-Identifier = "nyc-access-sw011"
  1044. (1) NAS-Port-Type = Ethernet
  1045. (1) session-state: No cached attributes
  1046. (1) # Executing section authorize from file /etc/raddb/sites-enabled/default
  1047. (1) authorize {
  1048. (1) policy filter_username {
  1049. (1) if (&User-Name) {
  1050. (1) if (&User-Name) -> TRUE
  1051. (1) if (&User-Name) {
  1052. (1) if (&User-Name =~ / /) {
  1053. (1) if (&User-Name =~ / /) -> FALSE
  1054. (1) if (&User-Name =~ /@[^@]*@/ ) {
  1055. (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1056. (1) if (&User-Name =~ /\.\./ ) {
  1057. (1) if (&User-Name =~ /\.\./ ) -> FALSE
  1058. (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1059. (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1060. (1) if (&User-Name =~ /\.$/) {
  1061. (1) if (&User-Name =~ /\.$/) -> FALSE
  1062. (1) if (&User-Name =~ /@\./) {
  1063. (1) if (&User-Name =~ /@\./) -> FALSE
  1064. (1) } # if (&User-Name) = notfound
  1065. (1) } # policy filter_username = notfound
  1066. (1) [preprocess] = ok
  1067. (1) [chap] = noop
  1068. (1) [mschap] = noop
  1069. (1) [digest] = noop
  1070. (1) suffix: Checking for suffix after "@"
  1071. (1) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  1072. (1) suffix: No such realm "NULL"
  1073. (1) [suffix] = noop
  1074. (1) eap: Peer sent EAP Response (code 2) ID 1 length 131
  1075. (1) eap: Continuing tunnel setup
  1076. (1) [eap] = ok
  1077. (1) } # authorize = ok
  1078. (1) Found Auth-Type = eap
  1079. (1) # Executing group from file /etc/raddb/sites-enabled/default
  1080. (1) authenticate {
  1081. (1) eap: Expiring EAP session with state 0xe721f8dae720e117
  1082. (1) eap: Finished EAP session with state 0xe721f8dae720e117
  1083. (1) eap: Previous EAP request found for state 0xe721f8dae720e117, released from the list
  1084. (1) eap: Peer sent packet with method EAP PEAP (25)
  1085. (1) eap: Calling submodule eap_peap to process data
  1086. (1) eap_peap: Continuing EAP-TLS
  1087. (1) eap_peap: Peer indicated complete TLS record size will be 121 bytes
  1088. (1) eap_peap: Got complete TLS record (121 bytes)
  1089. (1) eap_peap: [eaptls verify] = length included
  1090. (1) eap_peap: (other): before/accept initialization
  1091. (1) eap_peap: TLS_accept: before/accept initialization
  1092. (1) eap_peap: <<< recv TLS 1.0 Handshake [length 0074], ClientHello
  1093. (1) eap_peap: TLS_accept: SSLv3 read client hello A
  1094. (1) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  1095. (1) eap_peap: TLS_accept: SSLv3 write server hello A
  1096. (1) eap_peap: >>> send TLS 1.0 Handshake [length 08d3], Certificate
  1097. (1) eap_peap: TLS_accept: SSLv3 write certificate A
  1098. (1) eap_peap: >>> send TLS 1.0 Handshake [length 014b], ServerKeyExchange
  1099. (1) eap_peap: TLS_accept: SSLv3 write key exchange A
  1100. (1) eap_peap: >>> send TLS 1.0 Handshake [length 0004], ServerHelloDone
  1101. (1) eap_peap: TLS_accept: SSLv3 write server done A
  1102. (1) eap_peap: TLS_accept: SSLv3 flush data
  1103. (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
  1104. (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
  1105. (1) eap_peap: In SSL Handshake Phase
  1106. (1) eap_peap: In SSL Accept mode
  1107. (1) eap_peap: [eaptls process] = handled
  1108. (1) eap: Sending EAP Request (code 1) ID 2 length 1004
  1109. (1) eap: EAP session adding &reply:State = 0xe721f8dae623e117
  1110. (1) [eap] = handled
  1111. (1) } # authenticate = handled
  1112. (1) Using Post-Auth-Type Challenge
  1113. (1) Post-Auth-Type sub-section not found. Ignoring.
  1114. (1) # Executing group from file /etc/raddb/sites-enabled/default
  1115. (1) Sent Access-Challenge Id 247 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  1116. (1) EAP-Message = 0x010203ec19c000000a8f1603010059020000550301574f326b5b8bdfe21962f4b15feab76dfff1608f4550d6c7ec711ba829fa39be2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b00040300010216030108d30b0008cf0008cc0003de
  1117. (1) Message-Authenticator = 0x00000000000000000000000000000000
  1118. (1) State = 0xe721f8dae623e1179a644c3cc02883a2
  1119. (1) Finished request
  1120. Waking up in 4.9 seconds.
  1121. (2) Received Access-Request Id 248 from 10.8.0.111:58432 to 10.8.64.155:1812 length 186
  1122. (2) User-Name = "vkratsberg"
  1123. (2) NAS-Port = 358
  1124. (2) State = 0xe721f8dae623e1179a644c3cc02883a2
  1125. (2) EAP-Message = 0x020200061900
  1126. (2) Message-Authenticator = 0x0f3eb5380fe7aad1791a9f9f12fe2599
  1127. (2) Acct-Session-Id = "8O2.1x81bb0d44000d7362"
  1128. (2) NAS-Port-Id = "ge-3/0/6.0"
  1129. (2) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1130. (2) Called-Station-Id = "ec-3e-f7-68-35-00"
  1131. (2) NAS-IP-Address = 10.8.0.111
  1132. (2) NAS-Identifier = "nyc-access-sw011"
  1133. (2) NAS-Port-Type = Ethernet
  1134. (2) session-state: No cached attributes
  1135. (2) # Executing section authorize from file /etc/raddb/sites-enabled/default
  1136. (2) authorize {
  1137. (2) policy filter_username {
  1138. (2) if (&User-Name) {
  1139. (2) if (&User-Name) -> TRUE
  1140. (2) if (&User-Name) {
  1141. (2) if (&User-Name =~ / /) {
  1142. (2) if (&User-Name =~ / /) -> FALSE
  1143. (2) if (&User-Name =~ /@[^@]*@/ ) {
  1144. (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1145. (2) if (&User-Name =~ /\.\./ ) {
  1146. (2) if (&User-Name =~ /\.\./ ) -> FALSE
  1147. (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1148. (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1149. (2) if (&User-Name =~ /\.$/) {
  1150. (2) if (&User-Name =~ /\.$/) -> FALSE
  1151. (2) if (&User-Name =~ /@\./) {
  1152. (2) if (&User-Name =~ /@\./) -> FALSE
  1153. (2) } # if (&User-Name) = notfound
  1154. (2) } # policy filter_username = notfound
  1155. (2) [preprocess] = ok
  1156. (2) [chap] = noop
  1157. (2) [mschap] = noop
  1158. (2) [digest] = noop
  1159. (2) suffix: Checking for suffix after "@"
  1160. (2) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  1161. (2) suffix: No such realm "NULL"
  1162. (2) [suffix] = noop
  1163. (2) eap: Peer sent EAP Response (code 2) ID 2 length 6
  1164. (2) eap: Continuing tunnel setup
  1165. (2) [eap] = ok
  1166. (2) } # authorize = ok
  1167. (2) Found Auth-Type = eap
  1168. (2) # Executing group from file /etc/raddb/sites-enabled/default
  1169. (2) authenticate {
  1170. (2) eap: Expiring EAP session with state 0xe721f8dae623e117
  1171. (2) eap: Finished EAP session with state 0xe721f8dae623e117
  1172. (2) eap: Previous EAP request found for state 0xe721f8dae623e117, released from the list
  1173. (2) eap: Peer sent packet with method EAP PEAP (25)
  1174. (2) eap: Calling submodule eap_peap to process data
  1175. (2) eap_peap: Continuing EAP-TLS
  1176. (2) eap_peap: Peer ACKed our handshake fragment
  1177. (2) eap_peap: [eaptls verify] = request
  1178. (2) eap_peap: [eaptls process] = handled
  1179. (2) eap: Sending EAP Request (code 1) ID 3 length 1000
  1180. (2) eap: EAP session adding &reply:State = 0xe721f8dae522e117
  1181. (2) [eap] = handled
  1182. (2) } # authenticate = handled
  1183. (2) Using Post-Auth-Type Challenge
  1184. (2) Post-Auth-Type sub-section not found. Ignoring.
  1185. (2) # Executing group from file /etc/raddb/sites-enabled/default
  1186. (2) Sent Access-Challenge Id 248 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  1187. (2) EAP-Message = 0x010303e8194071b3e01fba836beb308838d89bad205ba49eed992e3a4596342e22389d433838315b3c6acafe13be2310ff184f7b1592c03985a3eca0b8bd82f686b760386efb8c0043dc607c9614ccb808ce132b4a7e847d38c06156a9f284cc6abfafb474747db131a41870fc6e970004e8308204e430
  1188. (2) Message-Authenticator = 0x00000000000000000000000000000000
  1189. (2) State = 0xe721f8dae522e1179a644c3cc02883a2
  1190. (2) Finished request
  1191. Waking up in 4.9 seconds.
  1192. (3) Received Access-Request Id 249 from 10.8.0.111:58432 to 10.8.64.155:1812 length 186
  1193. (3) User-Name = "vkratsberg"
  1194. (3) NAS-Port = 358
  1195. (3) State = 0xe721f8dae522e1179a644c3cc02883a2
  1196. (3) EAP-Message = 0x020300061900
  1197. (3) Message-Authenticator = 0x7ccdf906b92ee738420697a4cb608339
  1198. (3) Acct-Session-Id = "8O2.1x81bb0d44000d7362"
  1199. (3) NAS-Port-Id = "ge-3/0/6.0"
  1200. (3) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1201. (3) Called-Station-Id = "ec-3e-f7-68-35-00"
  1202. (3) NAS-IP-Address = 10.8.0.111
  1203. (3) NAS-Identifier = "nyc-access-sw011"
  1204. (3) NAS-Port-Type = Ethernet
  1205. (3) session-state: No cached attributes
  1206. (3) # Executing section authorize from file /etc/raddb/sites-enabled/default
  1207. (3) authorize {
  1208. (3) policy filter_username {
  1209. (3) if (&User-Name) {
  1210. (3) if (&User-Name) -> TRUE
  1211. (3) if (&User-Name) {
  1212. (3) if (&User-Name =~ / /) {
  1213. (3) if (&User-Name =~ / /) -> FALSE
  1214. (3) if (&User-Name =~ /@[^@]*@/ ) {
  1215. (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1216. (3) if (&User-Name =~ /\.\./ ) {
  1217. (3) if (&User-Name =~ /\.\./ ) -> FALSE
  1218. (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1219. (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1220. (3) if (&User-Name =~ /\.$/) {
  1221. (3) if (&User-Name =~ /\.$/) -> FALSE
  1222. (3) if (&User-Name =~ /@\./) {
  1223. (3) if (&User-Name =~ /@\./) -> FALSE
  1224. (3) } # if (&User-Name) = notfound
  1225. (3) } # policy filter_username = notfound
  1226. (3) [preprocess] = ok
  1227. (3) [chap] = noop
  1228. (3) [mschap] = noop
  1229. (3) [digest] = noop
  1230. (3) suffix: Checking for suffix after "@"
  1231. (3) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  1232. (3) suffix: No such realm "NULL"
  1233. (3) [suffix] = noop
  1234. (3) eap: Peer sent EAP Response (code 2) ID 3 length 6
  1235. (3) eap: Continuing tunnel setup
  1236. (3) [eap] = ok
  1237. (3) } # authorize = ok
  1238. (3) Found Auth-Type = eap
  1239. (3) # Executing group from file /etc/raddb/sites-enabled/default
  1240. (3) authenticate {
  1241. (3) eap: Expiring EAP session with state 0xe721f8dae522e117
  1242. (3) eap: Finished EAP session with state 0xe721f8dae522e117
  1243. (3) eap: Previous EAP request found for state 0xe721f8dae522e117, released from the list
  1244. (3) eap: Peer sent packet with method EAP PEAP (25)
  1245. (3) eap: Calling submodule eap_peap to process data
  1246. (3) eap_peap: Continuing EAP-TLS
  1247. (3) eap_peap: Peer ACKed our handshake fragment
  1248. (3) eap_peap: [eaptls verify] = request
  1249. (3) eap_peap: [eaptls process] = handled
  1250. (3) eap: Sending EAP Request (code 1) ID 4 length 721
  1251. (3) eap: EAP session adding &reply:State = 0xe721f8dae425e117
  1252. (3) [eap] = handled
  1253. (3) } # authenticate = handled
  1254. (3) Using Post-Auth-Type Challenge
  1255. (3) Post-Auth-Type sub-section not found. Ignoring.
  1256. (3) # Executing group from file /etc/raddb/sites-enabled/default
  1257. (3) Sent Access-Challenge Id 249 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  1258. (3) EAP-Message = 0x010402d1190020417574686f72697479820900b4af48428be30b7f300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d010105050003820101
  1259. (3) Message-Authenticator = 0x00000000000000000000000000000000
  1260. (3) State = 0xe721f8dae425e1179a644c3cc02883a2
  1261. (3) Finished request
  1262. Waking up in 4.9 seconds.
  1263. (4) Received Access-Request Id 250 from 10.8.0.111:58432 to 10.8.64.155:1812 length 324
  1264. (4) User-Name = "vkratsberg"
  1265. (4) NAS-Port = 358
  1266. (4) State = 0xe721f8dae425e1179a644c3cc02883a2
  1267. (4) EAP-Message = 0x020400901980000000861603010046100000424104c1250c18eaf43a2b61ee83151279192b20c3ea7f39702cca42b5744691486f4ad54b31a264c9da016e4990df45488fc19c15fc1313ff60514e809aecff60012a14030100010116030100305a889b5b623e54e33410b9ab45da9e0e81b1163608e3d8
  1268. (4) Message-Authenticator = 0xaaac0b9d426ac3877cfbb79f8e162b8c
  1269. (4) Acct-Session-Id = "8O2.1x81bb0d44000d7362"
  1270. (4) NAS-Port-Id = "ge-3/0/6.0"
  1271. (4) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1272. (4) Called-Station-Id = "ec-3e-f7-68-35-00"
  1273. (4) NAS-IP-Address = 10.8.0.111
  1274. (4) NAS-Identifier = "nyc-access-sw011"
  1275. (4) NAS-Port-Type = Ethernet
  1276. (4) session-state: No cached attributes
  1277. (4) # Executing section authorize from file /etc/raddb/sites-enabled/default
  1278. (4) authorize {
  1279. (4) policy filter_username {
  1280. (4) if (&User-Name) {
  1281. (4) if (&User-Name) -> TRUE
  1282. (4) if (&User-Name) {
  1283. (4) if (&User-Name =~ / /) {
  1284. (4) if (&User-Name =~ / /) -> FALSE
  1285. (4) if (&User-Name =~ /@[^@]*@/ ) {
  1286. (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1287. (4) if (&User-Name =~ /\.\./ ) {
  1288. (4) if (&User-Name =~ /\.\./ ) -> FALSE
  1289. (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1290. (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1291. (4) if (&User-Name =~ /\.$/) {
  1292. (4) if (&User-Name =~ /\.$/) -> FALSE
  1293. (4) if (&User-Name =~ /@\./) {
  1294. (4) if (&User-Name =~ /@\./) -> FALSE
  1295. (4) } # if (&User-Name) = notfound
  1296. (4) } # policy filter_username = notfound
  1297. (4) [preprocess] = ok
  1298. (4) [chap] = noop
  1299. (4) [mschap] = noop
  1300. (4) [digest] = noop
  1301. (4) suffix: Checking for suffix after "@"
  1302. (4) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  1303. (4) suffix: No such realm "NULL"
  1304. (4) [suffix] = noop
  1305. (4) eap: Peer sent EAP Response (code 2) ID 4 length 144
  1306. (4) eap: Continuing tunnel setup
  1307. (4) [eap] = ok
  1308. (4) } # authorize = ok
  1309. (4) Found Auth-Type = eap
  1310. (4) # Executing group from file /etc/raddb/sites-enabled/default
  1311. (4) authenticate {
  1312. (4) eap: Expiring EAP session with state 0xe721f8dae425e117
  1313. (4) eap: Finished EAP session with state 0xe721f8dae425e117
  1314. (4) eap: Previous EAP request found for state 0xe721f8dae425e117, released from the list
  1315. (4) eap: Peer sent packet with method EAP PEAP (25)
  1316. (4) eap: Calling submodule eap_peap to process data
  1317. (4) eap_peap: Continuing EAP-TLS
  1318. (4) eap_peap: Peer indicated complete TLS record size will be 134 bytes
  1319. (4) eap_peap: Got complete TLS record (134 bytes)
  1320. (4) eap_peap: [eaptls verify] = length included
  1321. (4) eap_peap: <<< recv TLS 1.0 Handshake [length 0046], ClientKeyExchange
  1322. (4) eap_peap: TLS_accept: SSLv3 read client key exchange A
  1323. (4) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  1324. (4) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  1325. (4) eap_peap: TLS_accept: SSLv3 read finished A
  1326. (4) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  1327. (4) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  1328. (4) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  1329. (4) eap_peap: TLS_accept: SSLv3 write finished A
  1330. (4) eap_peap: TLS_accept: SSLv3 flush data
  1331. (4) eap_peap: Serialising session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a, and storing in cache
  1332. (4) eap_peap: WARNING: Wrote session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a to /var/log/radius/tlscache/99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a.asn1 (134 bytes)
  1333. (4) eap_peap: (other): SSL negotiation finished successfully
  1334. (4) eap_peap: SSL Connection Established
  1335. (4) eap_peap: [eaptls process] = handled
  1336. (4) eap: Sending EAP Request (code 1) ID 5 length 65
  1337. (4) eap: EAP session adding &reply:State = 0xe721f8dae324e117
  1338. (4) [eap] = handled
  1339. (4) } # authenticate = handled
  1340. (4) Using Post-Auth-Type Challenge
  1341. (4) Post-Auth-Type sub-section not found. Ignoring.
  1342. (4) # Executing group from file /etc/raddb/sites-enabled/default
  1343. (4) Sent Access-Challenge Id 250 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  1344. (4) EAP-Message = 0x0105004119001403010001011603010030ac3cbd3d597b1b6365d686d3d45870db33e14597cb7ea942183039828c7f8483ccf0dd81b9a0d7feb0e9f69ed34af2e9
  1345. (4) Message-Authenticator = 0x00000000000000000000000000000000
  1346. (4) State = 0xe721f8dae324e1179a644c3cc02883a2
  1347. (4) Finished request
  1348. Waking up in 4.9 seconds.
  1349. (5) Received Access-Request Id 251 from 10.8.0.111:58432 to 10.8.64.155:1812 length 186
  1350. (5) User-Name = "vkratsberg"
  1351. (5) NAS-Port = 358
  1352. (5) State = 0xe721f8dae324e1179a644c3cc02883a2
  1353. (5) EAP-Message = 0x020500061900
  1354. (5) Message-Authenticator = 0x724930df1cf0366b8de3bb2a09e1ff05
  1355. (5) Acct-Session-Id = "8O2.1x81bb0d44000d7362"
  1356. (5) NAS-Port-Id = "ge-3/0/6.0"
  1357. (5) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1358. (5) Called-Station-Id = "ec-3e-f7-68-35-00"
  1359. (5) NAS-IP-Address = 10.8.0.111
  1360. (5) NAS-Identifier = "nyc-access-sw011"
  1361. (5) NAS-Port-Type = Ethernet
  1362. (5) session-state: No cached attributes
  1363. (5) # Executing section authorize from file /etc/raddb/sites-enabled/default
  1364. (5) authorize {
  1365. (5) policy filter_username {
  1366. (5) if (&User-Name) {
  1367. (5) if (&User-Name) -> TRUE
  1368. (5) if (&User-Name) {
  1369. (5) if (&User-Name =~ / /) {
  1370. (5) if (&User-Name =~ / /) -> FALSE
  1371. (5) if (&User-Name =~ /@[^@]*@/ ) {
  1372. (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1373. (5) if (&User-Name =~ /\.\./ ) {
  1374. (5) if (&User-Name =~ /\.\./ ) -> FALSE
  1375. (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1376. (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1377. (5) if (&User-Name =~ /\.$/) {
  1378. (5) if (&User-Name =~ /\.$/) -> FALSE
  1379. (5) if (&User-Name =~ /@\./) {
  1380. (5) if (&User-Name =~ /@\./) -> FALSE
  1381. (5) } # if (&User-Name) = notfound
  1382. (5) } # policy filter_username = notfound
  1383. (5) [preprocess] = ok
  1384. (5) [chap] = noop
  1385. (5) [mschap] = noop
  1386. (5) [digest] = noop
  1387. (5) suffix: Checking for suffix after "@"
  1388. (5) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  1389. (5) suffix: No such realm "NULL"
  1390. (5) [suffix] = noop
  1391. (5) eap: Peer sent EAP Response (code 2) ID 5 length 6
  1392. (5) eap: Continuing tunnel setup
  1393. (5) [eap] = ok
  1394. (5) } # authorize = ok
  1395. (5) Found Auth-Type = eap
  1396. (5) # Executing group from file /etc/raddb/sites-enabled/default
  1397. (5) authenticate {
  1398. (5) eap: Expiring EAP session with state 0xe721f8dae324e117
  1399. (5) eap: Finished EAP session with state 0xe721f8dae324e117
  1400. (5) eap: Previous EAP request found for state 0xe721f8dae324e117, released from the list
  1401. (5) eap: Peer sent packet with method EAP PEAP (25)
  1402. (5) eap: Calling submodule eap_peap to process data
  1403. (5) eap_peap: Continuing EAP-TLS
  1404. (5) eap_peap: Peer ACKed our handshake fragment. handshake is finished
  1405. (5) eap_peap: [eaptls verify] = success
  1406. (5) eap_peap: [eaptls process] = success
  1407. (5) eap_peap: Session established. Decoding tunneled attributes
  1408. (5) eap_peap: PEAP state TUNNEL ESTABLISHED
  1409. (5) eap: Sending EAP Request (code 1) ID 6 length 43
  1410. (5) eap: EAP session adding &reply:State = 0xe721f8dae227e117
  1411. (5) [eap] = handled
  1412. (5) } # authenticate = handled
  1413. (5) Using Post-Auth-Type Challenge
  1414. (5) Post-Auth-Type sub-section not found. Ignoring.
  1415. (5) # Executing group from file /etc/raddb/sites-enabled/default
  1416. (5) Sent Access-Challenge Id 251 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  1417. (5) EAP-Message = 0x0106002b1900170301002056f567a54752822c0a583972ee87155b418f97bd51bb8b130316079b67a58623
  1418. (5) Message-Authenticator = 0x00000000000000000000000000000000
  1419. (5) State = 0xe721f8dae227e1179a644c3cc02883a2
  1420. (5) Finished request
  1421. Waking up in 4.9 seconds.
  1422. (6) Received Access-Request Id 252 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  1423. (6) User-Name = "vkratsberg"
  1424. (6) NAS-Port = 358
  1425. (6) State = 0xe721f8dae227e1179a644c3cc02883a2
  1426. (6) EAP-Message = 0x0206002b19001703010020ddb9728c27cf976fd0dc12a7fdc6a27b26b30f63ac10466da958a621d447399f
  1427. (6) Message-Authenticator = 0xfe1193072b7a947a71fac2d9c3f2875e
  1428. (6) Acct-Session-Id = "8O2.1x81bb0d44000d7362"
  1429. (6) NAS-Port-Id = "ge-3/0/6.0"
  1430. (6) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1431. (6) Called-Station-Id = "ec-3e-f7-68-35-00"
  1432. (6) NAS-IP-Address = 10.8.0.111
  1433. (6) NAS-Identifier = "nyc-access-sw011"
  1434. (6) NAS-Port-Type = Ethernet
  1435. (6) session-state: No cached attributes
  1436. (6) # Executing section authorize from file /etc/raddb/sites-enabled/default
  1437. (6) authorize {
  1438. (6) policy filter_username {
  1439. (6) if (&User-Name) {
  1440. (6) if (&User-Name) -> TRUE
  1441. (6) if (&User-Name) {
  1442. (6) if (&User-Name =~ / /) {
  1443. (6) if (&User-Name =~ / /) -> FALSE
  1444. (6) if (&User-Name =~ /@[^@]*@/ ) {
  1445. (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1446. (6) if (&User-Name =~ /\.\./ ) {
  1447. (6) if (&User-Name =~ /\.\./ ) -> FALSE
  1448. (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1449. (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1450. (6) if (&User-Name =~ /\.$/) {
  1451. (6) if (&User-Name =~ /\.$/) -> FALSE
  1452. (6) if (&User-Name =~ /@\./) {
  1453. (6) if (&User-Name =~ /@\./) -> FALSE
  1454. (6) } # if (&User-Name) = notfound
  1455. (6) } # policy filter_username = notfound
  1456. (6) [preprocess] = ok
  1457. (6) [chap] = noop
  1458. (6) [mschap] = noop
  1459. (6) [digest] = noop
  1460. (6) suffix: Checking for suffix after "@"
  1461. (6) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  1462. (6) suffix: No such realm "NULL"
  1463. (6) [suffix] = noop
  1464. (6) eap: Peer sent EAP Response (code 2) ID 6 length 43
  1465. (6) eap: Continuing tunnel setup
  1466. (6) [eap] = ok
  1467. (6) } # authorize = ok
  1468. (6) Found Auth-Type = eap
  1469. (6) # Executing group from file /etc/raddb/sites-enabled/default
  1470. (6) authenticate {
  1471. (6) eap: Expiring EAP session with state 0xe721f8dae227e117
  1472. (6) eap: Finished EAP session with state 0xe721f8dae227e117
  1473. (6) eap: Previous EAP request found for state 0xe721f8dae227e117, released from the list
  1474. (6) eap: Peer sent packet with method EAP PEAP (25)
  1475. (6) eap: Calling submodule eap_peap to process data
  1476. (6) eap_peap: Continuing EAP-TLS
  1477. (6) eap_peap: [eaptls verify] = ok
  1478. (6) eap_peap: Done initial handshake
  1479. (6) eap_peap: [eaptls process] = ok
  1480. (6) eap_peap: Session established. Decoding tunneled attributes
  1481. (6) eap_peap: PEAP state WAITING FOR INNER IDENTITY
  1482. (6) eap_peap: Identity - vkratsberg
  1483. (6) eap_peap: Got inner identity 'vkratsberg'
  1484. (6) eap_peap: Setting default EAP type for tunneled EAP session
  1485. (6) eap_peap: Got tunneled request
  1486. (6) eap_peap: EAP-Message = 0x0206000f01766b7261747362657267
  1487. (6) eap_peap: Setting User-Name to vkratsberg
  1488. (6) eap_peap: Sending tunneled request to inner-tunnel
  1489. (6) eap_peap: EAP-Message = 0x0206000f01766b7261747362657267
  1490. (6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
  1491. (6) eap_peap: User-Name = "vkratsberg"
  1492. (6) eap_peap: NAS-Port = 358
  1493. (6) eap_peap: Acct-Session-Id = "8O2.1x81bb0d44000d7362"
  1494. (6) eap_peap: NAS-Port-Id = "ge-3/0/6.0"
  1495. (6) eap_peap: Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1496. (6) eap_peap: Called-Station-Id = "ec-3e-f7-68-35-00"
  1497. (6) eap_peap: NAS-IP-Address = 10.8.0.111
  1498. (6) eap_peap: NAS-Identifier = "nyc-access-sw011"
  1499. (6) eap_peap: NAS-Port-Type = Ethernet
  1500. (6) eap_peap: Event-Timestamp = "Jun 1 2016 19:07:24 GMT"
  1501. (6) Virtual server inner-tunnel received request
  1502. (6) EAP-Message = 0x0206000f01766b7261747362657267
  1503. (6) FreeRADIUS-Proxied-To = 127.0.0.1
  1504. (6) User-Name = "vkratsberg"
  1505. (6) NAS-Port = 358
  1506. (6) Acct-Session-Id = "8O2.1x81bb0d44000d7362"
  1507. (6) NAS-Port-Id = "ge-3/0/6.0"
  1508. (6) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1509. (6) Called-Station-Id = "ec-3e-f7-68-35-00"
  1510. (6) NAS-IP-Address = 10.8.0.111
  1511. (6) NAS-Identifier = "nyc-access-sw011"
  1512. (6) NAS-Port-Type = Ethernet
  1513. (6) Event-Timestamp = "Jun 1 2016 19:07:24 GMT"
  1514. (6) WARNING: Outer and inner identities are the same. User privacy is compromised.
  1515. (6) server inner-tunnel {
  1516. (6) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
  1517. (6) authorize {
  1518. (6) policy filter_username {
  1519. (6) if (&User-Name) {
  1520. (6) if (&User-Name) -> TRUE
  1521. (6) if (&User-Name) {
  1522. (6) if (&User-Name =~ / /) {
  1523. (6) if (&User-Name =~ / /) -> FALSE
  1524. (6) if (&User-Name =~ /@[^@]*@/ ) {
  1525. (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1526. (6) if (&User-Name =~ /\.\./ ) {
  1527. (6) if (&User-Name =~ /\.\./ ) -> FALSE
  1528. (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1529. (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1530. (6) if (&User-Name =~ /\.$/) {
  1531. (6) if (&User-Name =~ /\.$/) -> FALSE
  1532. (6) if (&User-Name =~ /@\./) {
  1533. (6) if (&User-Name =~ /@\./) -> FALSE
  1534. (6) } # if (&User-Name) = notfound
  1535. (6) } # policy filter_username = notfound
  1536. (6) [chap] = noop
  1537. (6) [mschap] = noop
  1538. (6) suffix: Checking for suffix after "@"
  1539. (6) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  1540. (6) suffix: No such realm "NULL"
  1541. (6) [suffix] = noop
  1542. (6) update control {
  1543. (6) &Proxy-To-Realm := LOCAL
  1544. (6) } # update control = noop
  1545. (6) eap: Peer sent EAP Response (code 2) ID 6 length 15
  1546. (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  1547. (6) [eap] = ok
  1548. (6) } # authorize = ok
  1549. (6) Found Auth-Type = eap
  1550. (6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
  1551. (6) authenticate {
  1552. (6) eap: Peer sent packet with method EAP Identity (1)
  1553. (6) eap: Calling submodule eap_gtc to process data
  1554. (6) eap_gtc: EXPAND Password:
  1555. (6) eap_gtc: --> Password:
  1556. (6) eap: Sending EAP Request (code 1) ID 7 length 15
  1557. (6) eap: EAP session adding &reply:State = 0x87b0b2d287b7b427
  1558. (6) [eap] = handled
  1559. (6) } # authenticate = handled
  1560. (6) } # server inner-tunnel
  1561. (6) Virtual server sending reply
  1562. (6) EAP-Message = 0x0107000f0650617373776f72643a20
  1563. (6) Message-Authenticator = 0x00000000000000000000000000000000
  1564. (6) State = 0x87b0b2d287b7b4274c2169b0b4f0842a
  1565. (6) eap_peap: Got tunneled reply code 11
  1566. (6) eap_peap: EAP-Message = 0x0107000f0650617373776f72643a20
  1567. (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
  1568. (6) eap_peap: State = 0x87b0b2d287b7b4274c2169b0b4f0842a
  1569. (6) eap_peap: Got tunneled reply RADIUS code 11
  1570. (6) eap_peap: EAP-Message = 0x0107000f0650617373776f72643a20
  1571. (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
  1572. (6) eap_peap: State = 0x87b0b2d287b7b4274c2169b0b4f0842a
  1573. (6) eap_peap: Got tunneled Access-Challenge
  1574. (6) eap: Sending EAP Request (code 1) ID 7 length 43
  1575. (6) eap: EAP session adding &reply:State = 0xe721f8dae126e117
  1576. (6) [eap] = handled
  1577. (6) } # authenticate = handled
  1578. (6) Using Post-Auth-Type Challenge
  1579. (6) Post-Auth-Type sub-section not found. Ignoring.
  1580. (6) # Executing group from file /etc/raddb/sites-enabled/default
  1581. (6) Sent Access-Challenge Id 252 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  1582. (6) EAP-Message = 0x0107002b19001703010020873bc3876cff111054fe6fe985150bff6183a303583ab84619cf13812cabf36a
  1583. (6) Message-Authenticator = 0x00000000000000000000000000000000
  1584. (6) State = 0xe721f8dae126e1179a644c3cc02883a2
  1585. (6) Finished request
  1586. Waking up in 4.8 seconds.
  1587. (7) Received Access-Request Id 253 from 10.8.0.111:58432 to 10.8.64.155:1812 length 239
  1588. (7) User-Name = "vkratsberg"
  1589. (7) NAS-Port = 358
  1590. (7) State = 0xe721f8dae126e1179a644c3cc02883a2
  1591. (7) EAP-Message = 0x0207003b19001703010030fef5c11d287c93e1ce63d1ce6594bed3d1e37618dad69a62914e08b0083a649d96861476e5a8f5c57029fe6ec334866a
  1592. (7) Message-Authenticator = 0x604bda28407c5da700ab0335a6bb9dcd
  1593. (7) Acct-Session-Id = "8O2.1x81bb0d44000d7362"
  1594. (7) NAS-Port-Id = "ge-3/0/6.0"
  1595. (7) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1596. (7) Called-Station-Id = "ec-3e-f7-68-35-00"
  1597. (7) NAS-IP-Address = 10.8.0.111
  1598. (7) NAS-Identifier = "nyc-access-sw011"
  1599. (7) NAS-Port-Type = Ethernet
  1600. (7) session-state: No cached attributes
  1601. (7) # Executing section authorize from file /etc/raddb/sites-enabled/default
  1602. (7) authorize {
  1603. (7) policy filter_username {
  1604. (7) if (&User-Name) {
  1605. (7) if (&User-Name) -> TRUE
  1606. (7) if (&User-Name) {
  1607. (7) if (&User-Name =~ / /) {
  1608. (7) if (&User-Name =~ / /) -> FALSE
  1609. (7) if (&User-Name =~ /@[^@]*@/ ) {
  1610. (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1611. (7) if (&User-Name =~ /\.\./ ) {
  1612. (7) if (&User-Name =~ /\.\./ ) -> FALSE
  1613. (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1614. (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1615. (7) if (&User-Name =~ /\.$/) {
  1616. (7) if (&User-Name =~ /\.$/) -> FALSE
  1617. (7) if (&User-Name =~ /@\./) {
  1618. (7) if (&User-Name =~ /@\./) -> FALSE
  1619. (7) } # if (&User-Name) = notfound
  1620. (7) } # policy filter_username = notfound
  1621. (7) [preprocess] = ok
  1622. (7) [chap] = noop
  1623. (7) [mschap] = noop
  1624. (7) [digest] = noop
  1625. (7) suffix: Checking for suffix after "@"
  1626. (7) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  1627. (7) suffix: No such realm "NULL"
  1628. (7) [suffix] = noop
  1629. (7) eap: Peer sent EAP Response (code 2) ID 7 length 59
  1630. (7) eap: Continuing tunnel setup
  1631. (7) [eap] = ok
  1632. (7) } # authorize = ok
  1633. (7) Found Auth-Type = eap
  1634. (7) # Executing group from file /etc/raddb/sites-enabled/default
  1635. (7) authenticate {
  1636. (7) eap: Expiring EAP session with state 0x87b0b2d287b7b427
  1637. (7) eap: Finished EAP session with state 0xe721f8dae126e117
  1638. (7) eap: Previous EAP request found for state 0xe721f8dae126e117, released from the list
  1639. (7) eap: Peer sent packet with method EAP PEAP (25)
  1640. (7) eap: Calling submodule eap_peap to process data
  1641. (7) eap_peap: Continuing EAP-TLS
  1642. (7) eap_peap: [eaptls verify] = ok
  1643. (7) eap_peap: Done initial handshake
  1644. (7) eap_peap: [eaptls process] = ok
  1645. (7) eap_peap: Session established. Decoding tunneled attributes
  1646. (7) eap_peap: PEAP state phase2
  1647. (7) eap_peap: EAP method GTC (6)
  1648. (7) eap_peap: Got tunneled request
  1649. (7) eap_peap: EAP-Message = 0x02070010065b566b726174313938335d
  1650. (7) eap_peap: Setting User-Name to vkratsberg
  1651. (7) eap_peap: Sending tunneled request to inner-tunnel
  1652. (7) eap_peap: EAP-Message = 0x02070010065b566b726174313938335d
  1653. (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
  1654. (7) eap_peap: User-Name = "vkratsberg"
  1655. (7) eap_peap: State = 0x87b0b2d287b7b4274c2169b0b4f0842a
  1656. (7) eap_peap: NAS-Port = 358
  1657. (7) eap_peap: Acct-Session-Id = "8O2.1x81bb0d44000d7362"
  1658. (7) eap_peap: NAS-Port-Id = "ge-3/0/6.0"
  1659. (7) eap_peap: Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1660. (7) eap_peap: Called-Station-Id = "ec-3e-f7-68-35-00"
  1661. (7) eap_peap: NAS-IP-Address = 10.8.0.111
  1662. (7) eap_peap: NAS-Identifier = "nyc-access-sw011"
  1663. (7) eap_peap: NAS-Port-Type = Ethernet
  1664. (7) eap_peap: Event-Timestamp = "Jun 1 2016 19:07:24 GMT"
  1665. (7) Virtual server inner-tunnel received request
  1666. (7) EAP-Message = 0x02070010065b566b726174313938335d
  1667. (7) FreeRADIUS-Proxied-To = 127.0.0.1
  1668. (7) User-Name = "vkratsberg"
  1669. (7) State = 0x87b0b2d287b7b4274c2169b0b4f0842a
  1670. (7) NAS-Port = 358
  1671. (7) Acct-Session-Id = "8O2.1x81bb0d44000d7362"
  1672. (7) NAS-Port-Id = "ge-3/0/6.0"
  1673. (7) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1674. (7) Called-Station-Id = "ec-3e-f7-68-35-00"
  1675. (7) NAS-IP-Address = 10.8.0.111
  1676. (7) NAS-Identifier = "nyc-access-sw011"
  1677. (7) NAS-Port-Type = Ethernet
  1678. (7) Event-Timestamp = "Jun 1 2016 19:07:24 GMT"
  1679. (7) WARNING: Outer and inner identities are the same. User privacy is compromised.
  1680. (7) server inner-tunnel {
  1681. (7) session-state: No cached attributes
  1682. (7) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
  1683. (7) authorize {
  1684. (7) policy filter_username {
  1685. (7) if (&User-Name) {
  1686. (7) if (&User-Name) -> TRUE
  1687. (7) if (&User-Name) {
  1688. (7) if (&User-Name =~ / /) {
  1689. (7) if (&User-Name =~ / /) -> FALSE
  1690. (7) if (&User-Name =~ /@[^@]*@/ ) {
  1691. (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1692. (7) if (&User-Name =~ /\.\./ ) {
  1693. (7) if (&User-Name =~ /\.\./ ) -> FALSE
  1694. (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1695. (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1696. (7) if (&User-Name =~ /\.$/) {
  1697. (7) if (&User-Name =~ /\.$/) -> FALSE
  1698. (7) if (&User-Name =~ /@\./) {
  1699. (7) if (&User-Name =~ /@\./) -> FALSE
  1700. (7) } # if (&User-Name) = notfound
  1701. (7) } # policy filter_username = notfound
  1702. (7) [chap] = noop
  1703. (7) [mschap] = noop
  1704. (7) suffix: Checking for suffix after "@"
  1705. (7) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  1706. (7) suffix: No such realm "NULL"
  1707. (7) [suffix] = noop
  1708. (7) update control {
  1709. (7) &Proxy-To-Realm := LOCAL
  1710. (7) } # update control = noop
  1711. (7) eap: Peer sent EAP Response (code 2) ID 7 length 16
  1712. (7) eap: No EAP Start, assuming it's an on-going EAP conversation
  1713. (7) [eap] = updated
  1714. (7) files: Searching for user in group "juniper-admins"
  1715. rlm_ldap (ldap): Reserved connection (0)
  1716. (7) files: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
  1717. (7) files: --> (uid=vkratsberg)
  1718. (7) files: Performing search in "dc=sq,dc=net" with filter "(uid=vkratsberg)", scope "sub"
  1719. (7) files: Waiting for search result...
  1720. (7) files: User object found at DN "uid=vkratsberg,ou=people,dc=sq,dc=net"
  1721. (7) files: Checking for user in group objects
  1722. (7) files: EXPAND (&(cn=juniper-admins)(objectClass=GroupOfNames)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}})))
  1723. (7) files: --> (&(cn=juniper-admins)(objectClass=GroupOfNames)(|(member=uid\3dvkratsberg\2cou\3dpeople\2cdc\3dsq\2cdc\3dnet)(memberUid=vkratsberg)))
  1724. (7) files: Performing search in "dc=sq,dc=net" with filter "(&(cn=juniper-admins)(objectClass=GroupOfNames)(|(member=uid\3dvkratsberg\2cou\3dpeople\2cdc\3dsq\2cdc\3dnet)(memberUid=vkratsberg)))", scope "sub"
  1725. (7) files: Waiting for search result...
  1726. (7) files: User found in group object "dc=sq,dc=net"
  1727. rlm_ldap (ldap): Released connection (0)
  1728. (7) files: users: Matched entry DEFAULT at line 98
  1729. (7) [files] = ok
  1730. rlm_ldap (ldap): Reserved connection (1)
  1731. (7) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
  1732. (7) ldap: --> (uid=vkratsberg)
  1733. (7) ldap: Performing search in "dc=sq,dc=net" with filter "(uid=vkratsberg)", scope "sub"
  1734. (7) ldap: Waiting for search result...
  1735. (7) ldap: User object found at DN "uid=vkratsberg,ou=people,dc=sq,dc=net"
  1736. (7) ldap: Processing user attributes
  1737. (7) ldap: control:Password-With-Header += '{SSHA}Qen1MM87QS4nPktGhWkyE3ECTjucBhAp+Ce+Ug=='
  1738. rlm_ldap (ldap): Released connection (1)
  1739. (7) [ldap] = updated
  1740. (7) [expiration] = noop
  1741. (7) [logintime] = noop
  1742. (7) pap: Converted: Password-With-Header -> SSHA1-Password
  1743. (7) pap: Removing &control:Password-With-Header
  1744. (7) pap: Normalizing SSHA1-Password from base64 encoding, 40 bytes -> 28 bytes
  1745. (7) pap: WARNING: Auth-Type already set. Not setting to PAP
  1746. (7) [pap] = noop
  1747. (7) } # authorize = updated
  1748. (7) Found Auth-Type = eap
  1749. (7) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
  1750. (7) authenticate {
  1751. (7) eap: Expiring EAP session with state 0x87b0b2d287b7b427
  1752. (7) eap: Finished EAP session with state 0x87b0b2d287b7b427
  1753. (7) eap: Previous EAP request found for state 0x87b0b2d287b7b427, released from the list
  1754. (7) eap: Peer sent packet with method EAP GTC (6)
  1755. (7) eap: Calling submodule eap_gtc to process data
  1756. (7) eap_gtc: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
  1757. (7) eap_gtc: Auth-Type PAP {
  1758. (7) pap: Login attempt with password
  1759. (7) pap: Comparing with "known-good" SSHA-Password
  1760. (7) pap: User authenticated successfully
  1761. (7) [pap] = ok
  1762. (7) } # Auth-Type PAP = ok
  1763. (7) eap: Sending EAP Success (code 3) ID 7 length 4
  1764. (7) eap: Freeing handler
  1765. (7) [eap] = ok
  1766. (7) } # authenticate = ok
  1767. (7) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel
  1768. (7) post-auth { ... } # empty sub-section is ignored
  1769. (7) } # server inner-tunnel
  1770. (7) Virtual server sending reply
  1771. (7) Service-Type = Login-User
  1772. (7) Idle-Timeout = 600
  1773. (7) Juniper-Local-User-Name = "admin"
  1774. (7) Tunnel-Type = VLAN
  1775. (7) Tunnel-Medium-Type = IEEE-802
  1776. (7) Tunnel-Private-Group-Id = "810"
  1777. (7) EAP-Message = 0x03070004
  1778. (7) Message-Authenticator = 0x00000000000000000000000000000000
  1779. (7) User-Name = "vkratsberg"
  1780. (7) eap_peap: Got tunneled reply code 2
  1781. (7) eap_peap: Service-Type = Login-User
  1782. (7) eap_peap: Idle-Timeout = 600
  1783. (7) eap_peap: Juniper-Local-User-Name = "admin"
  1784. (7) eap_peap: Tunnel-Type = VLAN
  1785. (7) eap_peap: Tunnel-Medium-Type = IEEE-802
  1786. (7) eap_peap: Tunnel-Private-Group-Id = "810"
  1787. (7) eap_peap: EAP-Message = 0x03070004
  1788. (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
  1789. (7) eap_peap: User-Name = "vkratsberg"
  1790. (7) eap_peap: Got tunneled reply RADIUS code 2
  1791. (7) eap_peap: Service-Type = Login-User
  1792. (7) eap_peap: Idle-Timeout = 600
  1793. (7) eap_peap: Juniper-Local-User-Name = "admin"
  1794. (7) eap_peap: Tunnel-Type = VLAN
  1795. (7) eap_peap: Tunnel-Medium-Type = IEEE-802
  1796. (7) eap_peap: Tunnel-Private-Group-Id = "810"
  1797. (7) eap_peap: EAP-Message = 0x03070004
  1798. (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
  1799. (7) eap_peap: User-Name = "vkratsberg"
  1800. (7) eap_peap: Tunneled authentication was successful
  1801. (7) eap_peap: SUCCESS
  1802. (7) eap_peap: Saving tunneled attributes for later
  1803. (7) eap: Sending EAP Request (code 1) ID 8 length 43
  1804. (7) eap: EAP session adding &reply:State = 0xe721f8dae029e117
  1805. (7) [eap] = handled
  1806. (7) } # authenticate = handled
  1807. (7) Using Post-Auth-Type Challenge
  1808. (7) Post-Auth-Type sub-section not found. Ignoring.
  1809. (7) # Executing group from file /etc/raddb/sites-enabled/default
  1810. (7) Sent Access-Challenge Id 253 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  1811. (7) EAP-Message = 0x0108002b19001703010020025fedbb3790032cfa67fe09a2bab06883e023fe82f902bbcfcdefb9212dd17e
  1812. (7) Message-Authenticator = 0x00000000000000000000000000000000
  1813. (7) State = 0xe721f8dae029e1179a644c3cc02883a2
  1814. (7) Finished request
  1815. Waking up in 4.8 seconds.
  1816. (8) Received Access-Request Id 254 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  1817. (8) User-Name = "vkratsberg"
  1818. (8) NAS-Port = 358
  1819. (8) State = 0xe721f8dae029e1179a644c3cc02883a2
  1820. (8) EAP-Message = 0x0208002b19001703010020c9240fab3671ae74178e617b4f1f6314f87f24f2f60d7ab866c7f10839047e45
  1821. (8) Message-Authenticator = 0x6dfc9fd768d69c5339baff7e6d71b717
  1822. (8) Acct-Session-Id = "8O2.1x81bb0d44000d7362"
  1823. (8) NAS-Port-Id = "ge-3/0/6.0"
  1824. (8) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1825. (8) Called-Station-Id = "ec-3e-f7-68-35-00"
  1826. (8) NAS-IP-Address = 10.8.0.111
  1827. (8) NAS-Identifier = "nyc-access-sw011"
  1828. (8) NAS-Port-Type = Ethernet
  1829. (8) session-state: No cached attributes
  1830. (8) # Executing section authorize from file /etc/raddb/sites-enabled/default
  1831. (8) authorize {
  1832. (8) policy filter_username {
  1833. (8) if (&User-Name) {
  1834. (8) if (&User-Name) -> TRUE
  1835. (8) if (&User-Name) {
  1836. (8) if (&User-Name =~ / /) {
  1837. (8) if (&User-Name =~ / /) -> FALSE
  1838. (8) if (&User-Name =~ /@[^@]*@/ ) {
  1839. (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1840. (8) if (&User-Name =~ /\.\./ ) {
  1841. (8) if (&User-Name =~ /\.\./ ) -> FALSE
  1842. (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1843. (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1844. (8) if (&User-Name =~ /\.$/) {
  1845. (8) if (&User-Name =~ /\.$/) -> FALSE
  1846. (8) if (&User-Name =~ /@\./) {
  1847. (8) if (&User-Name =~ /@\./) -> FALSE
  1848. (8) } # if (&User-Name) = notfound
  1849. (8) } # policy filter_username = notfound
  1850. (8) [preprocess] = ok
  1851. (8) [chap] = noop
  1852. (8) [mschap] = noop
  1853. (8) [digest] = noop
  1854. (8) suffix: Checking for suffix after "@"
  1855. (8) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  1856. (8) suffix: No such realm "NULL"
  1857. (8) [suffix] = noop
  1858. (8) eap: Peer sent EAP Response (code 2) ID 8 length 43
  1859. (8) eap: Continuing tunnel setup
  1860. (8) [eap] = ok
  1861. (8) } # authorize = ok
  1862. (8) Found Auth-Type = eap
  1863. (8) # Executing group from file /etc/raddb/sites-enabled/default
  1864. (8) authenticate {
  1865. (8) eap: Expiring EAP session with state 0xe721f8dae029e117
  1866. (8) eap: Finished EAP session with state 0xe721f8dae029e117
  1867. (8) eap: Previous EAP request found for state 0xe721f8dae029e117, released from the list
  1868. (8) eap: Peer sent packet with method EAP PEAP (25)
  1869. (8) eap: Calling submodule eap_peap to process data
  1870. (8) eap_peap: Continuing EAP-TLS
  1871. (8) eap_peap: [eaptls verify] = ok
  1872. (8) eap_peap: Done initial handshake
  1873. (8) eap_peap: [eaptls process] = ok
  1874. (8) eap_peap: Session established. Decoding tunneled attributes
  1875. (8) eap_peap: PEAP state send tlv success
  1876. (8) eap_peap: Received EAP-TLV response
  1877. (8) eap_peap: Success
  1878. (8) eap_peap: Using saved attributes from the original Access-Accept
  1879. (8) eap_peap: Service-Type = Login-User
  1880. (8) eap_peap: Idle-Timeout = 600
  1881. (8) eap_peap: Juniper-Local-User-Name = "admin"
  1882. (8) eap_peap: Tunnel-Type = VLAN
  1883. (8) eap_peap: Tunnel-Medium-Type = IEEE-802
  1884. (8) eap_peap: Tunnel-Private-Group-Id = "810"
  1885. (8) eap_peap: User-Name = "vkratsberg"
  1886. (8) eap_peap: caching User-Name = "vkratsberg"
  1887. (8) eap_peap: Saving session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a in the disk cache
  1888. (8) eap: Sending EAP Success (code 3) ID 8 length 4
  1889. (8) eap: Freeing handler
  1890. (8) [eap] = ok
  1891. (8) } # authenticate = ok
  1892. (8) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  1893. (8) post-auth {
  1894. (8) update {
  1895. (8) No attributes updated
  1896. (8) } # update = noop
  1897. (8) [exec] = noop
  1898. (8) policy remove_reply_message_if_eap {
  1899. (8) if (&reply:EAP-Message && &reply:Reply-Message) {
  1900. (8) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  1901. (8) else {
  1902. (8) [noop] = noop
  1903. (8) } # else = noop
  1904. (8) } # policy remove_reply_message_if_eap = noop
  1905. (8) } # post-auth = noop
  1906. (8) Sent Access-Accept Id 254 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  1907. (8) Service-Type = Login-User
  1908. (8) Idle-Timeout = 600
  1909. (8) Juniper-Local-User-Name = "admin"
  1910. (8) Tunnel-Type = VLAN
  1911. (8) Tunnel-Medium-Type = IEEE-802
  1912. (8) Tunnel-Private-Group-Id = "810"
  1913. (8) User-Name = "vkratsberg"
  1914. (8) MS-MPPE-Recv-Key = 0x4407702097430f113d9d0b814d00e2c69bfba71e5f75c136ab61ec3630b50085
  1915. (8) MS-MPPE-Send-Key = 0x32ecd245ae2b1650df5e25493fea60185f21347cde19e913f161548bec10a863
  1916. (8) EAP-Message = 0x03080004
  1917. (8) Message-Authenticator = 0x00000000000000000000000000000000
  1918. (8) Finished request
  1919. Waking up in 4.8 seconds.
  1920. (9) Received Access-Request Id 255 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  1921. (9) User-Name = "vkratsberg"
  1922. (9) NAS-Port = 358
  1923. (9) EAP-Message = 0x0209000f01766b7261747362657267
  1924. (9) Message-Authenticator = 0xd831bac52483090c0d25ae02fa0763f6
  1925. (9) Acct-Session-Id = "8O2.1x81bb0d450002d013"
  1926. (9) NAS-Port-Id = "ge-3/0/6.0"
  1927. (9) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1928. (9) Called-Station-Id = "ec-3e-f7-68-35-00"
  1929. (9) NAS-IP-Address = 10.8.0.111
  1930. (9) NAS-Identifier = "nyc-access-sw011"
  1931. (9) NAS-Port-Type = Ethernet
  1932. (9) # Executing section authorize from file /etc/raddb/sites-enabled/default
  1933. (9) authorize {
  1934. (9) policy filter_username {
  1935. (9) if (&User-Name) {
  1936. (9) if (&User-Name) -> TRUE
  1937. (9) if (&User-Name) {
  1938. (9) if (&User-Name =~ / /) {
  1939. (9) if (&User-Name =~ / /) -> FALSE
  1940. (9) if (&User-Name =~ /@[^@]*@/ ) {
  1941. (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1942. (9) if (&User-Name =~ /\.\./ ) {
  1943. (9) if (&User-Name =~ /\.\./ ) -> FALSE
  1944. (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1945. (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1946. (9) if (&User-Name =~ /\.$/) {
  1947. (9) if (&User-Name =~ /\.$/) -> FALSE
  1948. (9) if (&User-Name =~ /@\./) {
  1949. (9) if (&User-Name =~ /@\./) -> FALSE
  1950. (9) } # if (&User-Name) = notfound
  1951. (9) } # policy filter_username = notfound
  1952. (9) [preprocess] = ok
  1953. (9) [chap] = noop
  1954. (9) [mschap] = noop
  1955. (9) [digest] = noop
  1956. (9) suffix: Checking for suffix after "@"
  1957. (9) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  1958. (9) suffix: No such realm "NULL"
  1959. (9) [suffix] = noop
  1960. (9) eap: Peer sent EAP Response (code 2) ID 9 length 15
  1961. (9) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  1962. (9) [eap] = ok
  1963. (9) } # authorize = ok
  1964. (9) Found Auth-Type = eap
  1965. (9) # Executing group from file /etc/raddb/sites-enabled/default
  1966. (9) authenticate {
  1967. (9) eap: Peer sent packet with method EAP Identity (1)
  1968. (9) eap: Calling submodule eap_peap to process data
  1969. (9) eap_peap: Initiating new EAP-TLS session
  1970. (9) eap_peap: [eaptls start] = request
  1971. (9) eap: Sending EAP Request (code 1) ID 10 length 6
  1972. (9) eap: EAP session adding &reply:State = 0xa33a74bda3306da1
  1973. (9) [eap] = handled
  1974. (9) } # authenticate = handled
  1975. (9) Using Post-Auth-Type Challenge
  1976. (9) Post-Auth-Type sub-section not found. Ignoring.
  1977. (9) # Executing group from file /etc/raddb/sites-enabled/default
  1978. (9) Sent Access-Challenge Id 255 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  1979. (9) EAP-Message = 0x010a00061920
  1980. (9) Message-Authenticator = 0x00000000000000000000000000000000
  1981. (9) State = 0xa33a74bda3306da1dff5d7e4439606fe
  1982. (9) Finished request
  1983. Waking up in 4.7 seconds.
  1984. (10) Received Access-Request Id 1 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  1985. (10) User-Name = "vkratsberg"
  1986. (10) NAS-Port = 358
  1987. (10) State = 0xa33a74bda3306da1dff5d7e4439606fe
  1988. (10) EAP-Message = 0x020a00a31980000000991603010094010000900301574f326c30365abeacad84468c67339e70e8f66e471287389dbdfc6e474c68f12099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  1989. (10) Message-Authenticator = 0xb0ad288b154b2794a4eef7c2e43b6ece
  1990. (10) Acct-Session-Id = "8O2.1x81bb0d450002d013"
  1991. (10) NAS-Port-Id = "ge-3/0/6.0"
  1992. (10) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  1993. (10) Called-Station-Id = "ec-3e-f7-68-35-00"
  1994. (10) NAS-IP-Address = 10.8.0.111
  1995. (10) NAS-Identifier = "nyc-access-sw011"
  1996. (10) NAS-Port-Type = Ethernet
  1997. (10) session-state: No cached attributes
  1998. (10) # Executing section authorize from file /etc/raddb/sites-enabled/default
  1999. (10) authorize {
  2000. (10) policy filter_username {
  2001. (10) if (&User-Name) {
  2002. (10) if (&User-Name) -> TRUE
  2003. (10) if (&User-Name) {
  2004. (10) if (&User-Name =~ / /) {
  2005. (10) if (&User-Name =~ / /) -> FALSE
  2006. (10) if (&User-Name =~ /@[^@]*@/ ) {
  2007. (10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  2008. (10) if (&User-Name =~ /\.\./ ) {
  2009. (10) if (&User-Name =~ /\.\./ ) -> FALSE
  2010. (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  2011. (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  2012. (10) if (&User-Name =~ /\.$/) {
  2013. (10) if (&User-Name =~ /\.$/) -> FALSE
  2014. (10) if (&User-Name =~ /@\./) {
  2015. (10) if (&User-Name =~ /@\./) -> FALSE
  2016. (10) } # if (&User-Name) = notfound
  2017. (10) } # policy filter_username = notfound
  2018. (10) [preprocess] = ok
  2019. (10) [chap] = noop
  2020. (10) [mschap] = noop
  2021. (10) [digest] = noop
  2022. (10) suffix: Checking for suffix after "@"
  2023. (10) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  2024. (10) suffix: No such realm "NULL"
  2025. (10) [suffix] = noop
  2026. (10) eap: Peer sent EAP Response (code 2) ID 10 length 163
  2027. (10) eap: Continuing tunnel setup
  2028. (10) [eap] = ok
  2029. (10) } # authorize = ok
  2030. (10) Found Auth-Type = eap
  2031. (10) # Executing group from file /etc/raddb/sites-enabled/default
  2032. (10) authenticate {
  2033. (10) eap: Expiring EAP session with state 0xa33a74bda3306da1
  2034. (10) eap: Finished EAP session with state 0xa33a74bda3306da1
  2035. (10) eap: Previous EAP request found for state 0xa33a74bda3306da1, released from the list
  2036. (10) eap: Peer sent packet with method EAP PEAP (25)
  2037. (10) eap: Calling submodule eap_peap to process data
  2038. (10) eap_peap: Continuing EAP-TLS
  2039. (10) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  2040. (10) eap_peap: Got complete TLS record (153 bytes)
  2041. (10) eap_peap: [eaptls verify] = length included
  2042. (10) eap_peap: (other): before/accept initialization
  2043. (10) eap_peap: TLS_accept: before/accept initialization
  2044. (10) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  2045. (10) eap_peap: TLS_accept: SSLv3 read client hello A
  2046. (10) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  2047. (10) eap_peap: TLS_accept: SSLv3 write server hello A
  2048. (10) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  2049. (10) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  2050. (10) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  2051. (10) eap_peap: TLS_accept: SSLv3 write finished A
  2052. (10) eap_peap: TLS_accept: SSLv3 flush data
  2053. (10) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  2054. (10) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  2055. (10) eap_peap: In SSL Handshake Phase
  2056. (10) eap_peap: In SSL Accept mode
  2057. (10) eap_peap: [eaptls process] = handled
  2058. (10) eap: Sending EAP Request (code 1) ID 11 length 159
  2059. (10) eap: EAP session adding &reply:State = 0xa33a74bda2316da1
  2060. (10) [eap] = handled
  2061. (10) } # authenticate = handled
  2062. (10) Using Post-Auth-Type Challenge
  2063. (10) Post-Auth-Type sub-section not found. Ignoring.
  2064. (10) # Executing group from file /etc/raddb/sites-enabled/default
  2065. (10) Sent Access-Challenge Id 1 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  2066. (10) EAP-Message = 0x010b009f19001603010059020000550301574f326ce812a7f012816d171f700cd8264471d9e844cb6c33652b96f96ecb8c2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b0004030001021403010001011603010030d370054b05724f00
  2067. (10) Message-Authenticator = 0x00000000000000000000000000000000
  2068. (10) State = 0xa33a74bda2316da1dff5d7e4439606fe
  2069. (10) Finished request
  2070. Waking up in 4.7 seconds.
  2071. (11) Received Access-Request Id 2 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  2072. (11) User-Name = "vkratsberg"
  2073. (11) NAS-Port = 358
  2074. (11) State = 0xa33a74bda2316da1dff5d7e4439606fe
  2075. (11) EAP-Message = 0x020b004519800000003b1403010001011603010030b20992043586ac11f69f14f058e2d316081fa71b44d992be784e5e1c6c073ab9211f62fc05375eccf5ff45f7c51d8652
  2076. (11) Message-Authenticator = 0x55422bb82a8a476c47e35cea3023a169
  2077. (11) Acct-Session-Id = "8O2.1x81bb0d450002d013"
  2078. (11) NAS-Port-Id = "ge-3/0/6.0"
  2079. (11) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  2080. (11) Called-Station-Id = "ec-3e-f7-68-35-00"
  2081. (11) NAS-IP-Address = 10.8.0.111
  2082. (11) NAS-Identifier = "nyc-access-sw011"
  2083. (11) NAS-Port-Type = Ethernet
  2084. (11) session-state: No cached attributes
  2085. (11) # Executing section authorize from file /etc/raddb/sites-enabled/default
  2086. (11) authorize {
  2087. (11) policy filter_username {
  2088. (11) if (&User-Name) {
  2089. (11) if (&User-Name) -> TRUE
  2090. (11) if (&User-Name) {
  2091. (11) if (&User-Name =~ / /) {
  2092. (11) if (&User-Name =~ / /) -> FALSE
  2093. (11) if (&User-Name =~ /@[^@]*@/ ) {
  2094. (11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  2095. (11) if (&User-Name =~ /\.\./ ) {
  2096. (11) if (&User-Name =~ /\.\./ ) -> FALSE
  2097. (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  2098. (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  2099. (11) if (&User-Name =~ /\.$/) {
  2100. (11) if (&User-Name =~ /\.$/) -> FALSE
  2101. (11) if (&User-Name =~ /@\./) {
  2102. (11) if (&User-Name =~ /@\./) -> FALSE
  2103. (11) } # if (&User-Name) = notfound
  2104. (11) } # policy filter_username = notfound
  2105. (11) [preprocess] = ok
  2106. (11) [chap] = noop
  2107. (11) [mschap] = noop
  2108. (11) [digest] = noop
  2109. (11) suffix: Checking for suffix after "@"
  2110. (11) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  2111. (11) suffix: No such realm "NULL"
  2112. (11) [suffix] = noop
  2113. (11) eap: Peer sent EAP Response (code 2) ID 11 length 69
  2114. (11) eap: Continuing tunnel setup
  2115. (11) [eap] = ok
  2116. (11) } # authorize = ok
  2117. (11) Found Auth-Type = eap
  2118. (11) # Executing group from file /etc/raddb/sites-enabled/default
  2119. (11) authenticate {
  2120. (11) eap: Expiring EAP session with state 0xa33a74bda2316da1
  2121. (11) eap: Finished EAP session with state 0xa33a74bda2316da1
  2122. (11) eap: Previous EAP request found for state 0xa33a74bda2316da1, released from the list
  2123. (11) eap: Peer sent packet with method EAP PEAP (25)
  2124. (11) eap: Calling submodule eap_peap to process data
  2125. (11) eap_peap: Continuing EAP-TLS
  2126. (11) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  2127. (11) eap_peap: Got complete TLS record (59 bytes)
  2128. (11) eap_peap: [eaptls verify] = length included
  2129. (11) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  2130. (11) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  2131. (11) eap_peap: TLS_accept: SSLv3 read finished A
  2132. (11) eap_peap: (other): SSL negotiation finished successfully
  2133. (11) eap_peap: SSL Connection Established
  2134. (11) eap_peap: SSL Application Data
  2135. (11) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  2136. (11) eap_peap: reply:User-Name = "vkratsberg"
  2137. (11) eap_peap: [eaptls process] = success
  2138. (11) eap_peap: Session established. Decoding tunneled attributes
  2139. (11) eap_peap: PEAP state TUNNEL ESTABLISHED
  2140. (11) eap_peap: Skipping Phase2 because of session resumption
  2141. (11) eap_peap: SUCCESS
  2142. (11) eap: Sending EAP Request (code 1) ID 12 length 43
  2143. (11) eap: EAP session adding &reply:State = 0xa33a74bda1366da1
  2144. (11) [eap] = handled
  2145. (11) } # authenticate = handled
  2146. (11) Using Post-Auth-Type Challenge
  2147. (11) Post-Auth-Type sub-section not found. Ignoring.
  2148. (11) # Executing group from file /etc/raddb/sites-enabled/default
  2149. (11) Sent Access-Challenge Id 2 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  2150. (11) User-Name = "vkratsberg"
  2151. (11) EAP-Message = 0x010c002b190017030100205c2915677db37e408f1414e59450886dd5bb6ed134179f311a340e3f190388c9
  2152. (11) Message-Authenticator = 0x00000000000000000000000000000000
  2153. (11) State = 0xa33a74bda1366da1dff5d7e4439606fe
  2154. (11) Finished request
  2155. Waking up in 4.6 seconds.
  2156. (12) Received Access-Request Id 3 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  2157. (12) User-Name = "vkratsberg"
  2158. (12) NAS-Port = 358
  2159. (12) State = 0xa33a74bda1366da1dff5d7e4439606fe
  2160. (12) EAP-Message = 0x020c002b190017030100209151e868e023925c541607eab1e820cfcb6d5bd11b0f57df3b15129577d73262
  2161. (12) Message-Authenticator = 0x77865c625fc4d52bb16a8b8fe154e2dc
  2162. (12) Acct-Session-Id = "8O2.1x81bb0d450002d013"
  2163. (12) NAS-Port-Id = "ge-3/0/6.0"
  2164. (12) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  2165. (12) Called-Station-Id = "ec-3e-f7-68-35-00"
  2166. (12) NAS-IP-Address = 10.8.0.111
  2167. (12) NAS-Identifier = "nyc-access-sw011"
  2168. (12) NAS-Port-Type = Ethernet
  2169. (12) session-state: No cached attributes
  2170. (12) # Executing section authorize from file /etc/raddb/sites-enabled/default
  2171. (12) authorize {
  2172. (12) policy filter_username {
  2173. (12) if (&User-Name) {
  2174. (12) if (&User-Name) -> TRUE
  2175. (12) if (&User-Name) {
  2176. (12) if (&User-Name =~ / /) {
  2177. (12) if (&User-Name =~ / /) -> FALSE
  2178. (12) if (&User-Name =~ /@[^@]*@/ ) {
  2179. (12) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  2180. (12) if (&User-Name =~ /\.\./ ) {
  2181. (12) if (&User-Name =~ /\.\./ ) -> FALSE
  2182. (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  2183. (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  2184. (12) if (&User-Name =~ /\.$/) {
  2185. (12) if (&User-Name =~ /\.$/) -> FALSE
  2186. (12) if (&User-Name =~ /@\./) {
  2187. (12) if (&User-Name =~ /@\./) -> FALSE
  2188. (12) } # if (&User-Name) = notfound
  2189. (12) } # policy filter_username = notfound
  2190. (12) [preprocess] = ok
  2191. (12) [chap] = noop
  2192. (12) [mschap] = noop
  2193. (12) [digest] = noop
  2194. (12) suffix: Checking for suffix after "@"
  2195. (12) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  2196. (12) suffix: No such realm "NULL"
  2197. (12) [suffix] = noop
  2198. (12) eap: Peer sent EAP Response (code 2) ID 12 length 43
  2199. (12) eap: Continuing tunnel setup
  2200. (12) [eap] = ok
  2201. (12) } # authorize = ok
  2202. (12) Found Auth-Type = eap
  2203. (12) # Executing group from file /etc/raddb/sites-enabled/default
  2204. (12) authenticate {
  2205. (12) eap: Expiring EAP session with state 0xa33a74bda1366da1
  2206. (12) eap: Finished EAP session with state 0xa33a74bda1366da1
  2207. (12) eap: Previous EAP request found for state 0xa33a74bda1366da1, released from the list
  2208. (12) eap: Peer sent packet with method EAP PEAP (25)
  2209. (12) eap: Calling submodule eap_peap to process data
  2210. (12) eap_peap: Continuing EAP-TLS
  2211. (12) eap_peap: [eaptls verify] = ok
  2212. (12) eap_peap: Done initial handshake
  2213. (12) eap_peap: [eaptls process] = ok
  2214. (12) eap_peap: Session established. Decoding tunneled attributes
  2215. (12) eap_peap: PEAP state send tlv success
  2216. (12) eap_peap: Received EAP-TLV response
  2217. (12) eap_peap: Success
  2218. (12) eap_peap: No saved attributes in the original Access-Accept
  2219. (12) eap: Sending EAP Success (code 3) ID 12 length 4
  2220. (12) eap: Freeing handler
  2221. (12) [eap] = ok
  2222. (12) } # authenticate = ok
  2223. (12) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  2224. (12) post-auth {
  2225. (12) update {
  2226. (12) No attributes updated
  2227. (12) } # update = noop
  2228. (12) [exec] = noop
  2229. (12) policy remove_reply_message_if_eap {
  2230. (12) if (&reply:EAP-Message && &reply:Reply-Message) {
  2231. (12) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  2232. (12) else {
  2233. (12) [noop] = noop
  2234. (12) } # else = noop
  2235. (12) } # policy remove_reply_message_if_eap = noop
  2236. (12) } # post-auth = noop
  2237. (12) Sent Access-Accept Id 3 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  2238. (12) MS-MPPE-Recv-Key = 0x70f1123cf3f625c98595aa20ca09cbc5ddb148866cbbe05d7dda9cfb9d9d1067
  2239. (12) MS-MPPE-Send-Key = 0x77ad48361f34a5f080d16af5ed8ba6faa06fd96eaefd262e86ecc8caebe2609e
  2240. (12) EAP-Message = 0x030c0004
  2241. (12) Message-Authenticator = 0x00000000000000000000000000000000
  2242. (12) User-Name = "vkratsberg"
  2243. (12) Finished request
  2244. Waking up in 4.6 seconds.
  2245. (13) Received Access-Request Id 4 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  2246. (13) User-Name = "vkratsberg"
  2247. (13) NAS-Port = 358
  2248. (13) EAP-Message = 0x020d000f01766b7261747362657267
  2249. (13) Message-Authenticator = 0x1922ee11ae9c1eaca6e26a21872dd08f
  2250. (13) Acct-Session-Id = "8O2.1x81bb0d460004464c"
  2251. (13) NAS-Port-Id = "ge-3/0/6.0"
  2252. (13) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  2253. (13) Called-Station-Id = "ec-3e-f7-68-35-00"
  2254. (13) NAS-IP-Address = 10.8.0.111
  2255. (13) NAS-Identifier = "nyc-access-sw011"
  2256. (13) NAS-Port-Type = Ethernet
  2257. (13) # Executing section authorize from file /etc/raddb/sites-enabled/default
  2258. (13) authorize {
  2259. (13) policy filter_username {
  2260. (13) if (&User-Name) {
  2261. (13) if (&User-Name) -> TRUE
  2262. (13) if (&User-Name) {
  2263. (13) if (&User-Name =~ / /) {
  2264. (13) if (&User-Name =~ / /) -> FALSE
  2265. (13) if (&User-Name =~ /@[^@]*@/ ) {
  2266. (13) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  2267. (13) if (&User-Name =~ /\.\./ ) {
  2268. (13) if (&User-Name =~ /\.\./ ) -> FALSE
  2269. (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  2270. (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  2271. (13) if (&User-Name =~ /\.$/) {
  2272. (13) if (&User-Name =~ /\.$/) -> FALSE
  2273. (13) if (&User-Name =~ /@\./) {
  2274. (13) if (&User-Name =~ /@\./) -> FALSE
  2275. (13) } # if (&User-Name) = notfound
  2276. (13) } # policy filter_username = notfound
  2277. (13) [preprocess] = ok
  2278. (13) [chap] = noop
  2279. (13) [mschap] = noop
  2280. (13) [digest] = noop
  2281. (13) suffix: Checking for suffix after "@"
  2282. (13) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  2283. (13) suffix: No such realm "NULL"
  2284. (13) [suffix] = noop
  2285. (13) eap: Peer sent EAP Response (code 2) ID 13 length 15
  2286. (13) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  2287. (13) [eap] = ok
  2288. (13) } # authorize = ok
  2289. (13) Found Auth-Type = eap
  2290. (13) # Executing group from file /etc/raddb/sites-enabled/default
  2291. (13) authenticate {
  2292. (13) eap: Peer sent packet with method EAP Identity (1)
  2293. (13) eap: Calling submodule eap_peap to process data
  2294. (13) eap_peap: Initiating new EAP-TLS session
  2295. (13) eap_peap: [eaptls start] = request
  2296. (13) eap: Sending EAP Request (code 1) ID 14 length 6
  2297. (13) eap: EAP session adding &reply:State = 0xfde6745dfde86d7e
  2298. (13) [eap] = handled
  2299. (13) } # authenticate = handled
  2300. (13) Using Post-Auth-Type Challenge
  2301. (13) Post-Auth-Type sub-section not found. Ignoring.
  2302. (13) # Executing group from file /etc/raddb/sites-enabled/default
  2303. (13) Sent Access-Challenge Id 4 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  2304. (13) EAP-Message = 0x010e00061920
  2305. (13) Message-Authenticator = 0x00000000000000000000000000000000
  2306. (13) State = 0xfde6745dfde86d7e6e19918736dd611b
  2307. (13) Finished request
  2308. Waking up in 4.6 seconds.
  2309. (14) Received Access-Request Id 5 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  2310. (14) User-Name = "vkratsberg"
  2311. (14) NAS-Port = 358
  2312. (14) State = 0xfde6745dfde86d7e6e19918736dd611b
  2313. (14) EAP-Message = 0x020e00a31980000000991603010094010000900301574f326c1df9e7c48acf9cf81f51f727ddbdc82b5f8f4f4b15d51969cb14be5d2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  2314. (14) Message-Authenticator = 0xac463993e42ea895ec771cd32be8f5fa
  2315. (14) Acct-Session-Id = "8O2.1x81bb0d460004464c"
  2316. (14) NAS-Port-Id = "ge-3/0/6.0"
  2317. (14) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  2318. (14) Called-Station-Id = "ec-3e-f7-68-35-00"
  2319. (14) NAS-IP-Address = 10.8.0.111
  2320. (14) NAS-Identifier = "nyc-access-sw011"
  2321. (14) NAS-Port-Type = Ethernet
  2322. (14) session-state: No cached attributes
  2323. (14) # Executing section authorize from file /etc/raddb/sites-enabled/default
  2324. (14) authorize {
  2325. (14) policy filter_username {
  2326. (14) if (&User-Name) {
  2327. (14) if (&User-Name) -> TRUE
  2328. (14) if (&User-Name) {
  2329. (14) if (&User-Name =~ / /) {
  2330. (14) if (&User-Name =~ / /) -> FALSE
  2331. (14) if (&User-Name =~ /@[^@]*@/ ) {
  2332. (14) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  2333. (14) if (&User-Name =~ /\.\./ ) {
  2334. (14) if (&User-Name =~ /\.\./ ) -> FALSE
  2335. (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  2336. (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  2337. (14) if (&User-Name =~ /\.$/) {
  2338. (14) if (&User-Name =~ /\.$/) -> FALSE
  2339. (14) if (&User-Name =~ /@\./) {
  2340. (14) if (&User-Name =~ /@\./) -> FALSE
  2341. (14) } # if (&User-Name) = notfound
  2342. (14) } # policy filter_username = notfound
  2343. (14) [preprocess] = ok
  2344. (14) [chap] = noop
  2345. (14) [mschap] = noop
  2346. (14) [digest] = noop
  2347. (14) suffix: Checking for suffix after "@"
  2348. (14) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  2349. (14) suffix: No such realm "NULL"
  2350. (14) [suffix] = noop
  2351. (14) eap: Peer sent EAP Response (code 2) ID 14 length 163
  2352. (14) eap: Continuing tunnel setup
  2353. (14) [eap] = ok
  2354. (14) } # authorize = ok
  2355. (14) Found Auth-Type = eap
  2356. (14) # Executing group from file /etc/raddb/sites-enabled/default
  2357. (14) authenticate {
  2358. (14) eap: Expiring EAP session with state 0xfde6745dfde86d7e
  2359. (14) eap: Finished EAP session with state 0xfde6745dfde86d7e
  2360. (14) eap: Previous EAP request found for state 0xfde6745dfde86d7e, released from the list
  2361. (14) eap: Peer sent packet with method EAP PEAP (25)
  2362. (14) eap: Calling submodule eap_peap to process data
  2363. (14) eap_peap: Continuing EAP-TLS
  2364. (14) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  2365. (14) eap_peap: Got complete TLS record (153 bytes)
  2366. (14) eap_peap: [eaptls verify] = length included
  2367. (14) eap_peap: (other): before/accept initialization
  2368. (14) eap_peap: TLS_accept: before/accept initialization
  2369. (14) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  2370. (14) eap_peap: TLS_accept: SSLv3 read client hello A
  2371. (14) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  2372. (14) eap_peap: TLS_accept: SSLv3 write server hello A
  2373. (14) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  2374. (14) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  2375. (14) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  2376. (14) eap_peap: TLS_accept: SSLv3 write finished A
  2377. (14) eap_peap: TLS_accept: SSLv3 flush data
  2378. (14) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  2379. (14) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  2380. (14) eap_peap: In SSL Handshake Phase
  2381. (14) eap_peap: In SSL Accept mode
  2382. (14) eap_peap: [eaptls process] = handled
  2383. (14) eap: Sending EAP Request (code 1) ID 15 length 159
  2384. (14) eap: EAP session adding &reply:State = 0xfde6745dfce96d7e
  2385. (14) [eap] = handled
  2386. (14) } # authenticate = handled
  2387. (14) Using Post-Auth-Type Challenge
  2388. (14) Post-Auth-Type sub-section not found. Ignoring.
  2389. (14) # Executing group from file /etc/raddb/sites-enabled/default
  2390. (14) Sent Access-Challenge Id 5 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  2391. (14) EAP-Message = 0x010f009f19001603010059020000550301574f326c3ff4b4cb4053c9a605c10918af76bb2db0706077fe5de5a58cd4961e2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b0004030001021403010001011603010030659008e3341f0746
  2392. (14) Message-Authenticator = 0x00000000000000000000000000000000
  2393. (14) State = 0xfde6745dfce96d7e6e19918736dd611b
  2394. (14) Finished request
  2395. Waking up in 4.6 seconds.
  2396. (15) Received Access-Request Id 6 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  2397. (15) User-Name = "vkratsberg"
  2398. (15) NAS-Port = 358
  2399. (15) State = 0xfde6745dfce96d7e6e19918736dd611b
  2400. (15) EAP-Message = 0x020f004519800000003b1403010001011603010030dd7eae50c3b92d1a76a3901251bfcfdf8aef65b964497971ff1b06884ed396cad68432b1a7e1900185216fff671936da
  2401. (15) Message-Authenticator = 0x9ac2ae88a6d2c721f8b27abc1349a9bb
  2402. (15) Acct-Session-Id = "8O2.1x81bb0d460004464c"
  2403. (15) NAS-Port-Id = "ge-3/0/6.0"
  2404. (15) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  2405. (15) Called-Station-Id = "ec-3e-f7-68-35-00"
  2406. (15) NAS-IP-Address = 10.8.0.111
  2407. (15) NAS-Identifier = "nyc-access-sw011"
  2408. (15) NAS-Port-Type = Ethernet
  2409. (15) session-state: No cached attributes
  2410. (15) # Executing section authorize from file /etc/raddb/sites-enabled/default
  2411. (15) authorize {
  2412. (15) policy filter_username {
  2413. (15) if (&User-Name) {
  2414. (15) if (&User-Name) -> TRUE
  2415. (15) if (&User-Name) {
  2416. (15) if (&User-Name =~ / /) {
  2417. (15) if (&User-Name =~ / /) -> FALSE
  2418. (15) if (&User-Name =~ /@[^@]*@/ ) {
  2419. (15) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  2420. (15) if (&User-Name =~ /\.\./ ) {
  2421. (15) if (&User-Name =~ /\.\./ ) -> FALSE
  2422. (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  2423. (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  2424. (15) if (&User-Name =~ /\.$/) {
  2425. (15) if (&User-Name =~ /\.$/) -> FALSE
  2426. (15) if (&User-Name =~ /@\./) {
  2427. (15) if (&User-Name =~ /@\./) -> FALSE
  2428. (15) } # if (&User-Name) = notfound
  2429. (15) } # policy filter_username = notfound
  2430. (15) [preprocess] = ok
  2431. (15) [chap] = noop
  2432. (15) [mschap] = noop
  2433. (15) [digest] = noop
  2434. (15) suffix: Checking for suffix after "@"
  2435. (15) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  2436. (15) suffix: No such realm "NULL"
  2437. (15) [suffix] = noop
  2438. (15) eap: Peer sent EAP Response (code 2) ID 15 length 69
  2439. (15) eap: Continuing tunnel setup
  2440. (15) [eap] = ok
  2441. (15) } # authorize = ok
  2442. (15) Found Auth-Type = eap
  2443. (15) # Executing group from file /etc/raddb/sites-enabled/default
  2444. (15) authenticate {
  2445. (15) eap: Expiring EAP session with state 0xfde6745dfce96d7e
  2446. (15) eap: Finished EAP session with state 0xfde6745dfce96d7e
  2447. (15) eap: Previous EAP request found for state 0xfde6745dfce96d7e, released from the list
  2448. (15) eap: Peer sent packet with method EAP PEAP (25)
  2449. (15) eap: Calling submodule eap_peap to process data
  2450. (15) eap_peap: Continuing EAP-TLS
  2451. (15) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  2452. (15) eap_peap: Got complete TLS record (59 bytes)
  2453. (15) eap_peap: [eaptls verify] = length included
  2454. (15) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  2455. (15) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  2456. (15) eap_peap: TLS_accept: SSLv3 read finished A
  2457. (15) eap_peap: (other): SSL negotiation finished successfully
  2458. (15) eap_peap: SSL Connection Established
  2459. (15) eap_peap: SSL Application Data
  2460. (15) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  2461. (15) eap_peap: reply:User-Name = "vkratsberg"
  2462. (15) eap_peap: [eaptls process] = success
  2463. (15) eap_peap: Session established. Decoding tunneled attributes
  2464. (15) eap_peap: PEAP state TUNNEL ESTABLISHED
  2465. (15) eap_peap: Skipping Phase2 because of session resumption
  2466. (15) eap_peap: SUCCESS
  2467. (15) eap: Sending EAP Request (code 1) ID 16 length 43
  2468. (15) eap: EAP session adding &reply:State = 0xfde6745dfff66d7e
  2469. (15) [eap] = handled
  2470. (15) } # authenticate = handled
  2471. (15) Using Post-Auth-Type Challenge
  2472. (15) Post-Auth-Type sub-section not found. Ignoring.
  2473. (15) # Executing group from file /etc/raddb/sites-enabled/default
  2474. (15) Sent Access-Challenge Id 6 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  2475. (15) User-Name = "vkratsberg"
  2476. (15) EAP-Message = 0x0110002b1900170301002050059b69f8578c9e321fea9fe7e47a2abc4d9c013b60af85a03c295994952060
  2477. (15) Message-Authenticator = 0x00000000000000000000000000000000
  2478. (15) State = 0xfde6745dfff66d7e6e19918736dd611b
  2479. (15) Finished request
  2480. Waking up in 4.6 seconds.
  2481. (16) Received Access-Request Id 7 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  2482. (16) User-Name = "vkratsberg"
  2483. (16) NAS-Port = 358
  2484. (16) State = 0xfde6745dfff66d7e6e19918736dd611b
  2485. (16) EAP-Message = 0x0210002b190017030100207c5bb7a16a448b263de5c14d22c3c52c5f98e7af7a3fab60fbc8768ee307741e
  2486. (16) Message-Authenticator = 0x0a2fdfd514eb5d9f7bbb7ad80f28ba16
  2487. (16) Acct-Session-Id = "8O2.1x81bb0d460004464c"
  2488. (16) NAS-Port-Id = "ge-3/0/6.0"
  2489. (16) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  2490. (16) Called-Station-Id = "ec-3e-f7-68-35-00"
  2491. (16) NAS-IP-Address = 10.8.0.111
  2492. (16) NAS-Identifier = "nyc-access-sw011"
  2493. (16) NAS-Port-Type = Ethernet
  2494. (16) session-state: No cached attributes
  2495. (16) # Executing section authorize from file /etc/raddb/sites-enabled/default
  2496. (16) authorize {
  2497. (16) policy filter_username {
  2498. (16) if (&User-Name) {
  2499. (16) if (&User-Name) -> TRUE
  2500. (16) if (&User-Name) {
  2501. (16) if (&User-Name =~ / /) {
  2502. (16) if (&User-Name =~ / /) -> FALSE
  2503. (16) if (&User-Name =~ /@[^@]*@/ ) {
  2504. (16) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  2505. (16) if (&User-Name =~ /\.\./ ) {
  2506. (16) if (&User-Name =~ /\.\./ ) -> FALSE
  2507. (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  2508. (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  2509. (16) if (&User-Name =~ /\.$/) {
  2510. (16) if (&User-Name =~ /\.$/) -> FALSE
  2511. (16) if (&User-Name =~ /@\./) {
  2512. (16) if (&User-Name =~ /@\./) -> FALSE
  2513. (16) } # if (&User-Name) = notfound
  2514. (16) } # policy filter_username = notfound
  2515. (16) [preprocess] = ok
  2516. (16) [chap] = noop
  2517. (16) [mschap] = noop
  2518. (16) [digest] = noop
  2519. (16) suffix: Checking for suffix after "@"
  2520. (16) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  2521. (16) suffix: No such realm "NULL"
  2522. (16) [suffix] = noop
  2523. (16) eap: Peer sent EAP Response (code 2) ID 16 length 43
  2524. (16) eap: Continuing tunnel setup
  2525. (16) [eap] = ok
  2526. (16) } # authorize = ok
  2527. (16) Found Auth-Type = eap
  2528. (16) # Executing group from file /etc/raddb/sites-enabled/default
  2529. (16) authenticate {
  2530. (16) eap: Expiring EAP session with state 0xfde6745dfff66d7e
  2531. (16) eap: Finished EAP session with state 0xfde6745dfff66d7e
  2532. (16) eap: Previous EAP request found for state 0xfde6745dfff66d7e, released from the list
  2533. (16) eap: Peer sent packet with method EAP PEAP (25)
  2534. (16) eap: Calling submodule eap_peap to process data
  2535. (16) eap_peap: Continuing EAP-TLS
  2536. (16) eap_peap: [eaptls verify] = ok
  2537. (16) eap_peap: Done initial handshake
  2538. (16) eap_peap: [eaptls process] = ok
  2539. (16) eap_peap: Session established. Decoding tunneled attributes
  2540. (16) eap_peap: PEAP state send tlv success
  2541. (16) eap_peap: Received EAP-TLV response
  2542. (16) eap_peap: Success
  2543. (16) eap_peap: No saved attributes in the original Access-Accept
  2544. (16) eap: Sending EAP Success (code 3) ID 16 length 4
  2545. (16) eap: Freeing handler
  2546. (16) [eap] = ok
  2547. (16) } # authenticate = ok
  2548. (16) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  2549. (16) post-auth {
  2550. (16) update {
  2551. (16) No attributes updated
  2552. (16) } # update = noop
  2553. (16) [exec] = noop
  2554. (16) policy remove_reply_message_if_eap {
  2555. (16) if (&reply:EAP-Message && &reply:Reply-Message) {
  2556. (16) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  2557. (16) else {
  2558. (16) [noop] = noop
  2559. (16) } # else = noop
  2560. (16) } # policy remove_reply_message_if_eap = noop
  2561. (16) } # post-auth = noop
  2562. (16) Sent Access-Accept Id 7 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  2563. (16) MS-MPPE-Recv-Key = 0xcd696be2e952af6bf5a7969e26ab5138e1b741ec2abeb7e6c9b21bc4ce1f9a83
  2564. (16) MS-MPPE-Send-Key = 0x0bef77c93be1a066cfe13b3a2dbf247e35622734ff8ba74a6519a94a7163ce5a
  2565. (16) EAP-Message = 0x03100004
  2566. (16) Message-Authenticator = 0x00000000000000000000000000000000
  2567. (16) User-Name = "vkratsberg"
  2568. (16) Finished request
  2569. Waking up in 4.6 seconds.
  2570. (17) Received Access-Request Id 8 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  2571. (17) User-Name = "vkratsberg"
  2572. (17) NAS-Port = 358
  2573. (17) EAP-Message = 0x0211000f01766b7261747362657267
  2574. (17) Message-Authenticator = 0x7ba9afce80fa83f49b043a0883817791
  2575. (17) Acct-Session-Id = "8O2.1x81bb0d470005f5b4"
  2576. (17) NAS-Port-Id = "ge-3/0/6.0"
  2577. (17) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  2578. (17) Called-Station-Id = "ec-3e-f7-68-35-00"
  2579. (17) NAS-IP-Address = 10.8.0.111
  2580. (17) NAS-Identifier = "nyc-access-sw011"
  2581. (17) NAS-Port-Type = Ethernet
  2582. (17) # Executing section authorize from file /etc/raddb/sites-enabled/default
  2583. (17) authorize {
  2584. (17) policy filter_username {
  2585. (17) if (&User-Name) {
  2586. (17) if (&User-Name) -> TRUE
  2587. (17) if (&User-Name) {
  2588. (17) if (&User-Name =~ / /) {
  2589. (17) if (&User-Name =~ / /) -> FALSE
  2590. (17) if (&User-Name =~ /@[^@]*@/ ) {
  2591. (17) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  2592. (17) if (&User-Name =~ /\.\./ ) {
  2593. (17) if (&User-Name =~ /\.\./ ) -> FALSE
  2594. (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  2595. (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  2596. (17) if (&User-Name =~ /\.$/) {
  2597. (17) if (&User-Name =~ /\.$/) -> FALSE
  2598. (17) if (&User-Name =~ /@\./) {
  2599. (17) if (&User-Name =~ /@\./) -> FALSE
  2600. (17) } # if (&User-Name) = notfound
  2601. (17) } # policy filter_username = notfound
  2602. (17) [preprocess] = ok
  2603. (17) [chap] = noop
  2604. (17) [mschap] = noop
  2605. (17) [digest] = noop
  2606. (17) suffix: Checking for suffix after "@"
  2607. (17) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  2608. (17) suffix: No such realm "NULL"
  2609. (17) [suffix] = noop
  2610. (17) eap: Peer sent EAP Response (code 2) ID 17 length 15
  2611. (17) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  2612. (17) [eap] = ok
  2613. (17) } # authorize = ok
  2614. (17) Found Auth-Type = eap
  2615. (17) # Executing group from file /etc/raddb/sites-enabled/default
  2616. (17) authenticate {
  2617. (17) eap: Peer sent packet with method EAP Identity (1)
  2618. (17) eap: Calling submodule eap_peap to process data
  2619. (17) eap_peap: Initiating new EAP-TLS session
  2620. (17) eap_peap: [eaptls start] = request
  2621. (17) eap: Sending EAP Request (code 1) ID 18 length 6
  2622. (17) eap: EAP session adding &reply:State = 0x44ca6f3a44d876e4
  2623. (17) [eap] = handled
  2624. (17) } # authenticate = handled
  2625. (17) Using Post-Auth-Type Challenge
  2626. (17) Post-Auth-Type sub-section not found. Ignoring.
  2627. (17) # Executing group from file /etc/raddb/sites-enabled/default
  2628. (17) Sent Access-Challenge Id 8 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  2629. (17) EAP-Message = 0x011200061920
  2630. (17) Message-Authenticator = 0x00000000000000000000000000000000
  2631. (17) State = 0x44ca6f3a44d876e4ff37eb6528393cac
  2632. (17) Finished request
  2633. Waking up in 4.5 seconds.
  2634. (18) Received Access-Request Id 9 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  2635. (18) User-Name = "vkratsberg"
  2636. (18) NAS-Port = 358
  2637. (18) State = 0x44ca6f3a44d876e4ff37eb6528393cac
  2638. (18) EAP-Message = 0x021200a31980000000991603010094010000900301574f326c3a0fc57a882c0d766ce7b473324e057718e062d031b42d918067ecab2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  2639. (18) Message-Authenticator = 0xf2d4c75a217e7f1bf48b52b46eb03ddd
  2640. (18) Acct-Session-Id = "8O2.1x81bb0d470005f5b4"
  2641. (18) NAS-Port-Id = "ge-3/0/6.0"
  2642. (18) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  2643. (18) Called-Station-Id = "ec-3e-f7-68-35-00"
  2644. (18) NAS-IP-Address = 10.8.0.111
  2645. (18) NAS-Identifier = "nyc-access-sw011"
  2646. (18) NAS-Port-Type = Ethernet
  2647. (18) session-state: No cached attributes
  2648. (18) # Executing section authorize from file /etc/raddb/sites-enabled/default
  2649. (18) authorize {
  2650. (18) policy filter_username {
  2651. (18) if (&User-Name) {
  2652. (18) if (&User-Name) -> TRUE
  2653. (18) if (&User-Name) {
  2654. (18) if (&User-Name =~ / /) {
  2655. (18) if (&User-Name =~ / /) -> FALSE
  2656. (18) if (&User-Name =~ /@[^@]*@/ ) {
  2657. (18) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  2658. (18) if (&User-Name =~ /\.\./ ) {
  2659. (18) if (&User-Name =~ /\.\./ ) -> FALSE
  2660. (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  2661. (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  2662. (18) if (&User-Name =~ /\.$/) {
  2663. (18) if (&User-Name =~ /\.$/) -> FALSE
  2664. (18) if (&User-Name =~ /@\./) {
  2665. (18) if (&User-Name =~ /@\./) -> FALSE
  2666. (18) } # if (&User-Name) = notfound
  2667. (18) } # policy filter_username = notfound
  2668. (18) [preprocess] = ok
  2669. (18) [chap] = noop
  2670. (18) [mschap] = noop
  2671. (18) [digest] = noop
  2672. (18) suffix: Checking for suffix after "@"
  2673. (18) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  2674. (18) suffix: No such realm "NULL"
  2675. (18) [suffix] = noop
  2676. (18) eap: Peer sent EAP Response (code 2) ID 18 length 163
  2677. (18) eap: Continuing tunnel setup
  2678. (18) [eap] = ok
  2679. (18) } # authorize = ok
  2680. (18) Found Auth-Type = eap
  2681. (18) # Executing group from file /etc/raddb/sites-enabled/default
  2682. (18) authenticate {
  2683. (18) eap: Expiring EAP session with state 0x44ca6f3a44d876e4
  2684. (18) eap: Finished EAP session with state 0x44ca6f3a44d876e4
  2685. (18) eap: Previous EAP request found for state 0x44ca6f3a44d876e4, released from the list
  2686. (18) eap: Peer sent packet with method EAP PEAP (25)
  2687. (18) eap: Calling submodule eap_peap to process data
  2688. (18) eap_peap: Continuing EAP-TLS
  2689. (18) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  2690. (18) eap_peap: Got complete TLS record (153 bytes)
  2691. (18) eap_peap: [eaptls verify] = length included
  2692. (18) eap_peap: (other): before/accept initialization
  2693. (18) eap_peap: TLS_accept: before/accept initialization
  2694. (18) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  2695. (18) eap_peap: TLS_accept: SSLv3 read client hello A
  2696. (18) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  2697. (18) eap_peap: TLS_accept: SSLv3 write server hello A
  2698. (18) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  2699. (18) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  2700. (18) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  2701. (18) eap_peap: TLS_accept: SSLv3 write finished A
  2702. (18) eap_peap: TLS_accept: SSLv3 flush data
  2703. (18) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  2704. (18) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  2705. (18) eap_peap: In SSL Handshake Phase
  2706. (18) eap_peap: In SSL Accept mode
  2707. (18) eap_peap: [eaptls process] = handled
  2708. (18) eap: Sending EAP Request (code 1) ID 19 length 159
  2709. (18) eap: EAP session adding &reply:State = 0x44ca6f3a45d976e4
  2710. (18) [eap] = handled
  2711. (18) } # authenticate = handled
  2712. (18) Using Post-Auth-Type Challenge
  2713. (18) Post-Auth-Type sub-section not found. Ignoring.
  2714. (18) # Executing group from file /etc/raddb/sites-enabled/default
  2715. (18) Sent Access-Challenge Id 9 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  2716. (18) EAP-Message = 0x0113009f19001603010059020000550301574f326ce091ddb07d9de9af704b68253bee4fd1fda1fffa2d1d267cd5cac8502099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b0004030001021403010001011603010030a2f7eff79d463f93
  2717. (18) Message-Authenticator = 0x00000000000000000000000000000000
  2718. (18) State = 0x44ca6f3a45d976e4ff37eb6528393cac
  2719. (18) Finished request
  2720. Waking up in 4.5 seconds.
  2721. (19) Received Access-Request Id 10 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  2722. (19) User-Name = "vkratsberg"
  2723. (19) NAS-Port = 358
  2724. (19) State = 0x44ca6f3a45d976e4ff37eb6528393cac
  2725. (19) EAP-Message = 0x0213004519800000003b1403010001011603010030184f7b64d1c63e0eb50e3b20beb53201044718c24bf0cb689a1758d489b51d537332b5cc068858e3c36b2c6b127c9505
  2726. (19) Message-Authenticator = 0x315f22fad7d7912a429d6ce8419c2746
  2727. (19) Acct-Session-Id = "8O2.1x81bb0d470005f5b4"
  2728. (19) NAS-Port-Id = "ge-3/0/6.0"
  2729. (19) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  2730. (19) Called-Station-Id = "ec-3e-f7-68-35-00"
  2731. (19) NAS-IP-Address = 10.8.0.111
  2732. (19) NAS-Identifier = "nyc-access-sw011"
  2733. (19) NAS-Port-Type = Ethernet
  2734. (19) session-state: No cached attributes
  2735. (19) # Executing section authorize from file /etc/raddb/sites-enabled/default
  2736. (19) authorize {
  2737. (19) policy filter_username {
  2738. (19) if (&User-Name) {
  2739. (19) if (&User-Name) -> TRUE
  2740. (19) if (&User-Name) {
  2741. (19) if (&User-Name =~ / /) {
  2742. (19) if (&User-Name =~ / /) -> FALSE
  2743. (19) if (&User-Name =~ /@[^@]*@/ ) {
  2744. (19) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  2745. (19) if (&User-Name =~ /\.\./ ) {
  2746. (19) if (&User-Name =~ /\.\./ ) -> FALSE
  2747. (19) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  2748. (19) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  2749. (19) if (&User-Name =~ /\.$/) {
  2750. (19) if (&User-Name =~ /\.$/) -> FALSE
  2751. (19) if (&User-Name =~ /@\./) {
  2752. (19) if (&User-Name =~ /@\./) -> FALSE
  2753. (19) } # if (&User-Name) = notfound
  2754. (19) } # policy filter_username = notfound
  2755. (19) [preprocess] = ok
  2756. (19) [chap] = noop
  2757. (19) [mschap] = noop
  2758. (19) [digest] = noop
  2759. (19) suffix: Checking for suffix after "@"
  2760. (19) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  2761. (19) suffix: No such realm "NULL"
  2762. (19) [suffix] = noop
  2763. (19) eap: Peer sent EAP Response (code 2) ID 19 length 69
  2764. (19) eap: Continuing tunnel setup
  2765. (19) [eap] = ok
  2766. (19) } # authorize = ok
  2767. (19) Found Auth-Type = eap
  2768. (19) # Executing group from file /etc/raddb/sites-enabled/default
  2769. (19) authenticate {
  2770. (19) eap: Expiring EAP session with state 0x44ca6f3a45d976e4
  2771. (19) eap: Finished EAP session with state 0x44ca6f3a45d976e4
  2772. (19) eap: Previous EAP request found for state 0x44ca6f3a45d976e4, released from the list
  2773. (19) eap: Peer sent packet with method EAP PEAP (25)
  2774. (19) eap: Calling submodule eap_peap to process data
  2775. (19) eap_peap: Continuing EAP-TLS
  2776. (19) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  2777. (19) eap_peap: Got complete TLS record (59 bytes)
  2778. (19) eap_peap: [eaptls verify] = length included
  2779. (19) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  2780. (19) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  2781. (19) eap_peap: TLS_accept: SSLv3 read finished A
  2782. (19) eap_peap: (other): SSL negotiation finished successfully
  2783. (19) eap_peap: SSL Connection Established
  2784. (19) eap_peap: SSL Application Data
  2785. (19) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  2786. (19) eap_peap: reply:User-Name = "vkratsberg"
  2787. (19) eap_peap: [eaptls process] = success
  2788. (19) eap_peap: Session established. Decoding tunneled attributes
  2789. (19) eap_peap: PEAP state TUNNEL ESTABLISHED
  2790. (19) eap_peap: Skipping Phase2 because of session resumption
  2791. (19) eap_peap: SUCCESS
  2792. (19) eap: Sending EAP Request (code 1) ID 20 length 43
  2793. (19) eap: EAP session adding &reply:State = 0x44ca6f3a46de76e4
  2794. (19) [eap] = handled
  2795. (19) } # authenticate = handled
  2796. (19) Using Post-Auth-Type Challenge
  2797. (19) Post-Auth-Type sub-section not found. Ignoring.
  2798. (19) # Executing group from file /etc/raddb/sites-enabled/default
  2799. (19) Sent Access-Challenge Id 10 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  2800. (19) User-Name = "vkratsberg"
  2801. (19) EAP-Message = 0x0114002b190017030100201bca8add14ecbe8ed176b28cc0b8e9f4c6e413fd85df1d1737dea39fc8d0a093
  2802. (19) Message-Authenticator = 0x00000000000000000000000000000000
  2803. (19) State = 0x44ca6f3a46de76e4ff37eb6528393cac
  2804. (19) Finished request
  2805. Waking up in 4.5 seconds.
  2806. (20) Received Access-Request Id 11 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  2807. (20) User-Name = "vkratsberg"
  2808. (20) NAS-Port = 358
  2809. (20) State = 0x44ca6f3a46de76e4ff37eb6528393cac
  2810. (20) EAP-Message = 0x0214002b19001703010020e214918046e10d5671bb71256abb3fbaee6760fbf6d866c08d16422a2bb1e01e
  2811. (20) Message-Authenticator = 0xeced8bdf37099cec4a7cd8aa86a9e45b
  2812. (20) Acct-Session-Id = "8O2.1x81bb0d470005f5b4"
  2813. (20) NAS-Port-Id = "ge-3/0/6.0"
  2814. (20) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  2815. (20) Called-Station-Id = "ec-3e-f7-68-35-00"
  2816. (20) NAS-IP-Address = 10.8.0.111
  2817. (20) NAS-Identifier = "nyc-access-sw011"
  2818. (20) NAS-Port-Type = Ethernet
  2819. (20) session-state: No cached attributes
  2820. (20) # Executing section authorize from file /etc/raddb/sites-enabled/default
  2821. (20) authorize {
  2822. (20) policy filter_username {
  2823. (20) if (&User-Name) {
  2824. (20) if (&User-Name) -> TRUE
  2825. (20) if (&User-Name) {
  2826. (20) if (&User-Name =~ / /) {
  2827. (20) if (&User-Name =~ / /) -> FALSE
  2828. (20) if (&User-Name =~ /@[^@]*@/ ) {
  2829. (20) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  2830. (20) if (&User-Name =~ /\.\./ ) {
  2831. (20) if (&User-Name =~ /\.\./ ) -> FALSE
  2832. (20) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  2833. (20) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  2834. (20) if (&User-Name =~ /\.$/) {
  2835. (20) if (&User-Name =~ /\.$/) -> FALSE
  2836. (20) if (&User-Name =~ /@\./) {
  2837. (20) if (&User-Name =~ /@\./) -> FALSE
  2838. (20) } # if (&User-Name) = notfound
  2839. (20) } # policy filter_username = notfound
  2840. (20) [preprocess] = ok
  2841. (20) [chap] = noop
  2842. (20) [mschap] = noop
  2843. (20) [digest] = noop
  2844. (20) suffix: Checking for suffix after "@"
  2845. (20) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  2846. (20) suffix: No such realm "NULL"
  2847. (20) [suffix] = noop
  2848. (20) eap: Peer sent EAP Response (code 2) ID 20 length 43
  2849. (20) eap: Continuing tunnel setup
  2850. (20) [eap] = ok
  2851. (20) } # authorize = ok
  2852. (20) Found Auth-Type = eap
  2853. (20) # Executing group from file /etc/raddb/sites-enabled/default
  2854. (20) authenticate {
  2855. (20) eap: Expiring EAP session with state 0x44ca6f3a46de76e4
  2856. (20) eap: Finished EAP session with state 0x44ca6f3a46de76e4
  2857. (20) eap: Previous EAP request found for state 0x44ca6f3a46de76e4, released from the list
  2858. (20) eap: Peer sent packet with method EAP PEAP (25)
  2859. (20) eap: Calling submodule eap_peap to process data
  2860. (20) eap_peap: Continuing EAP-TLS
  2861. (20) eap_peap: [eaptls verify] = ok
  2862. (20) eap_peap: Done initial handshake
  2863. (20) eap_peap: [eaptls process] = ok
  2864. (20) eap_peap: Session established. Decoding tunneled attributes
  2865. (20) eap_peap: PEAP state send tlv success
  2866. (20) eap_peap: Received EAP-TLV response
  2867. (20) eap_peap: Success
  2868. (20) eap_peap: No saved attributes in the original Access-Accept
  2869. (20) eap: Sending EAP Success (code 3) ID 20 length 4
  2870. (20) eap: Freeing handler
  2871. (20) [eap] = ok
  2872. (20) } # authenticate = ok
  2873. (20) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  2874. (20) post-auth {
  2875. (20) update {
  2876. (20) No attributes updated
  2877. (20) } # update = noop
  2878. (20) [exec] = noop
  2879. (20) policy remove_reply_message_if_eap {
  2880. (20) if (&reply:EAP-Message && &reply:Reply-Message) {
  2881. (20) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  2882. (20) else {
  2883. (20) [noop] = noop
  2884. (20) } # else = noop
  2885. (20) } # policy remove_reply_message_if_eap = noop
  2886. (20) } # post-auth = noop
  2887. (20) Sent Access-Accept Id 11 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  2888. (20) MS-MPPE-Recv-Key = 0x0fef644301abcfd1f5d25e302ba472c53538853ed6d23bc8ae73ff5f348abcf0
  2889. (20) MS-MPPE-Send-Key = 0xa1e7ea71dda36df797dfb804fb3636d248b09bf2c8b77bfbc9498c2b69997ffd
  2890. (20) EAP-Message = 0x03140004
  2891. (20) Message-Authenticator = 0x00000000000000000000000000000000
  2892. (20) User-Name = "vkratsberg"
  2893. (20) Finished request
  2894. Waking up in 4.5 seconds.
  2895. (21) Received Access-Request Id 12 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  2896. (21) User-Name = "vkratsberg"
  2897. (21) NAS-Port = 358
  2898. (21) EAP-Message = 0x0215000f01766b7261747362657267
  2899. (21) Message-Authenticator = 0x0e186cd18887d3cdccba628ba59377ba
  2900. (21) Acct-Session-Id = "8O2.1x81bb0d4800078a7b"
  2901. (21) NAS-Port-Id = "ge-3/0/6.0"
  2902. (21) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  2903. (21) Called-Station-Id = "ec-3e-f7-68-35-00"
  2904. (21) NAS-IP-Address = 10.8.0.111
  2905. (21) NAS-Identifier = "nyc-access-sw011"
  2906. (21) NAS-Port-Type = Ethernet
  2907. (21) # Executing section authorize from file /etc/raddb/sites-enabled/default
  2908. (21) authorize {
  2909. (21) policy filter_username {
  2910. (21) if (&User-Name) {
  2911. (21) if (&User-Name) -> TRUE
  2912. (21) if (&User-Name) {
  2913. (21) if (&User-Name =~ / /) {
  2914. (21) if (&User-Name =~ / /) -> FALSE
  2915. (21) if (&User-Name =~ /@[^@]*@/ ) {
  2916. (21) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  2917. (21) if (&User-Name =~ /\.\./ ) {
  2918. (21) if (&User-Name =~ /\.\./ ) -> FALSE
  2919. (21) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  2920. (21) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  2921. (21) if (&User-Name =~ /\.$/) {
  2922. (21) if (&User-Name =~ /\.$/) -> FALSE
  2923. (21) if (&User-Name =~ /@\./) {
  2924. (21) if (&User-Name =~ /@\./) -> FALSE
  2925. (21) } # if (&User-Name) = notfound
  2926. (21) } # policy filter_username = notfound
  2927. (21) [preprocess] = ok
  2928. (21) [chap] = noop
  2929. (21) [mschap] = noop
  2930. (21) [digest] = noop
  2931. (21) suffix: Checking for suffix after "@"
  2932. (21) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  2933. (21) suffix: No such realm "NULL"
  2934. (21) [suffix] = noop
  2935. (21) eap: Peer sent EAP Response (code 2) ID 21 length 15
  2936. (21) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  2937. (21) [eap] = ok
  2938. (21) } # authorize = ok
  2939. (21) Found Auth-Type = eap
  2940. (21) # Executing group from file /etc/raddb/sites-enabled/default
  2941. (21) authenticate {
  2942. (21) eap: Peer sent packet with method EAP Identity (1)
  2943. (21) eap: Calling submodule eap_peap to process data
  2944. (21) eap_peap: Initiating new EAP-TLS session
  2945. (21) eap_peap: [eaptls start] = request
  2946. (21) eap: Sending EAP Request (code 1) ID 22 length 6
  2947. (21) eap: EAP session adding &reply:State = 0xf0e6d560f0f0cc2a
  2948. (21) [eap] = handled
  2949. (21) } # authenticate = handled
  2950. (21) Using Post-Auth-Type Challenge
  2951. (21) Post-Auth-Type sub-section not found. Ignoring.
  2952. (21) # Executing group from file /etc/raddb/sites-enabled/default
  2953. (21) Sent Access-Challenge Id 12 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  2954. (21) EAP-Message = 0x011600061920
  2955. (21) Message-Authenticator = 0x00000000000000000000000000000000
  2956. (21) State = 0xf0e6d560f0f0cc2aab89e5d26fcde553
  2957. (21) Finished request
  2958. Waking up in 4.4 seconds.
  2959. (22) Received Access-Request Id 13 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  2960. (22) User-Name = "vkratsberg"
  2961. (22) NAS-Port = 358
  2962. (22) State = 0xf0e6d560f0f0cc2aab89e5d26fcde553
  2963. (22) EAP-Message = 0x021600a31980000000991603010094010000900301574f326c23a31c7fa0c3b8889c71fc0d559408959ad0c953ae51e33cc81fcc472099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  2964. (22) Message-Authenticator = 0x96f0865eda84745bf69712f26e0972bb
  2965. (22) Acct-Session-Id = "8O2.1x81bb0d4800078a7b"
  2966. (22) NAS-Port-Id = "ge-3/0/6.0"
  2967. (22) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  2968. (22) Called-Station-Id = "ec-3e-f7-68-35-00"
  2969. (22) NAS-IP-Address = 10.8.0.111
  2970. (22) NAS-Identifier = "nyc-access-sw011"
  2971. (22) NAS-Port-Type = Ethernet
  2972. (22) session-state: No cached attributes
  2973. (22) # Executing section authorize from file /etc/raddb/sites-enabled/default
  2974. (22) authorize {
  2975. (22) policy filter_username {
  2976. (22) if (&User-Name) {
  2977. (22) if (&User-Name) -> TRUE
  2978. (22) if (&User-Name) {
  2979. (22) if (&User-Name =~ / /) {
  2980. (22) if (&User-Name =~ / /) -> FALSE
  2981. (22) if (&User-Name =~ /@[^@]*@/ ) {
  2982. (22) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  2983. (22) if (&User-Name =~ /\.\./ ) {
  2984. (22) if (&User-Name =~ /\.\./ ) -> FALSE
  2985. (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  2986. (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  2987. (22) if (&User-Name =~ /\.$/) {
  2988. (22) if (&User-Name =~ /\.$/) -> FALSE
  2989. (22) if (&User-Name =~ /@\./) {
  2990. (22) if (&User-Name =~ /@\./) -> FALSE
  2991. (22) } # if (&User-Name) = notfound
  2992. (22) } # policy filter_username = notfound
  2993. (22) [preprocess] = ok
  2994. (22) [chap] = noop
  2995. (22) [mschap] = noop
  2996. (22) [digest] = noop
  2997. (22) suffix: Checking for suffix after "@"
  2998. (22) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  2999. (22) suffix: No such realm "NULL"
  3000. (22) [suffix] = noop
  3001. (22) eap: Peer sent EAP Response (code 2) ID 22 length 163
  3002. (22) eap: Continuing tunnel setup
  3003. (22) [eap] = ok
  3004. (22) } # authorize = ok
  3005. (22) Found Auth-Type = eap
  3006. (22) # Executing group from file /etc/raddb/sites-enabled/default
  3007. (22) authenticate {
  3008. (22) eap: Expiring EAP session with state 0xf0e6d560f0f0cc2a
  3009. (22) eap: Finished EAP session with state 0xf0e6d560f0f0cc2a
  3010. (22) eap: Previous EAP request found for state 0xf0e6d560f0f0cc2a, released from the list
  3011. (22) eap: Peer sent packet with method EAP PEAP (25)
  3012. (22) eap: Calling submodule eap_peap to process data
  3013. (22) eap_peap: Continuing EAP-TLS
  3014. (22) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  3015. (22) eap_peap: Got complete TLS record (153 bytes)
  3016. (22) eap_peap: [eaptls verify] = length included
  3017. (22) eap_peap: (other): before/accept initialization
  3018. (22) eap_peap: TLS_accept: before/accept initialization
  3019. (22) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  3020. (22) eap_peap: TLS_accept: SSLv3 read client hello A
  3021. (22) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  3022. (22) eap_peap: TLS_accept: SSLv3 write server hello A
  3023. (22) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  3024. (22) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  3025. (22) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  3026. (22) eap_peap: TLS_accept: SSLv3 write finished A
  3027. (22) eap_peap: TLS_accept: SSLv3 flush data
  3028. (22) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  3029. (22) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  3030. (22) eap_peap: In SSL Handshake Phase
  3031. (22) eap_peap: In SSL Accept mode
  3032. (22) eap_peap: [eaptls process] = handled
  3033. (22) eap: Sending EAP Request (code 1) ID 23 length 159
  3034. (22) eap: EAP session adding &reply:State = 0xf0e6d560f1f1cc2a
  3035. (22) [eap] = handled
  3036. (22) } # authenticate = handled
  3037. (22) Using Post-Auth-Type Challenge
  3038. (22) Post-Auth-Type sub-section not found. Ignoring.
  3039. (22) # Executing group from file /etc/raddb/sites-enabled/default
  3040. (22) Sent Access-Challenge Id 13 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  3041. (22) EAP-Message = 0x0117009f19001603010059020000550301574f326cd8a52106c33e43945915f8827e666f09f099dfa2edec34269ddac0a32099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b000403000102140301000101160301003003d8cb3570f0d397
  3042. (22) Message-Authenticator = 0x00000000000000000000000000000000
  3043. (22) State = 0xf0e6d560f1f1cc2aab89e5d26fcde553
  3044. (22) Finished request
  3045. Waking up in 4.4 seconds.
  3046. (23) Received Access-Request Id 14 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  3047. (23) User-Name = "vkratsberg"
  3048. (23) NAS-Port = 358
  3049. (23) State = 0xf0e6d560f1f1cc2aab89e5d26fcde553
  3050. (23) EAP-Message = 0x0217004519800000003b1403010001011603010030243211fe368d140c419f1c4247297510b1fa01f51522dfdf7071758ae998ea4d53a2c3eaa9978cb4083186280f4ac13e
  3051. (23) Message-Authenticator = 0xc1a55ed96d331ff9472851af6e96e2ca
  3052. (23) Acct-Session-Id = "8O2.1x81bb0d4800078a7b"
  3053. (23) NAS-Port-Id = "ge-3/0/6.0"
  3054. (23) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  3055. (23) Called-Station-Id = "ec-3e-f7-68-35-00"
  3056. (23) NAS-IP-Address = 10.8.0.111
  3057. (23) NAS-Identifier = "nyc-access-sw011"
  3058. (23) NAS-Port-Type = Ethernet
  3059. (23) session-state: No cached attributes
  3060. (23) # Executing section authorize from file /etc/raddb/sites-enabled/default
  3061. (23) authorize {
  3062. (23) policy filter_username {
  3063. (23) if (&User-Name) {
  3064. (23) if (&User-Name) -> TRUE
  3065. (23) if (&User-Name) {
  3066. (23) if (&User-Name =~ / /) {
  3067. (23) if (&User-Name =~ / /) -> FALSE
  3068. (23) if (&User-Name =~ /@[^@]*@/ ) {
  3069. (23) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  3070. (23) if (&User-Name =~ /\.\./ ) {
  3071. (23) if (&User-Name =~ /\.\./ ) -> FALSE
  3072. (23) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  3073. (23) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  3074. (23) if (&User-Name =~ /\.$/) {
  3075. (23) if (&User-Name =~ /\.$/) -> FALSE
  3076. (23) if (&User-Name =~ /@\./) {
  3077. (23) if (&User-Name =~ /@\./) -> FALSE
  3078. (23) } # if (&User-Name) = notfound
  3079. (23) } # policy filter_username = notfound
  3080. (23) [preprocess] = ok
  3081. (23) [chap] = noop
  3082. (23) [mschap] = noop
  3083. (23) [digest] = noop
  3084. (23) suffix: Checking for suffix after "@"
  3085. (23) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  3086. (23) suffix: No such realm "NULL"
  3087. (23) [suffix] = noop
  3088. (23) eap: Peer sent EAP Response (code 2) ID 23 length 69
  3089. (23) eap: Continuing tunnel setup
  3090. (23) [eap] = ok
  3091. (23) } # authorize = ok
  3092. (23) Found Auth-Type = eap
  3093. (23) # Executing group from file /etc/raddb/sites-enabled/default
  3094. (23) authenticate {
  3095. (23) eap: Expiring EAP session with state 0xf0e6d560f1f1cc2a
  3096. (23) eap: Finished EAP session with state 0xf0e6d560f1f1cc2a
  3097. (23) eap: Previous EAP request found for state 0xf0e6d560f1f1cc2a, released from the list
  3098. (23) eap: Peer sent packet with method EAP PEAP (25)
  3099. (23) eap: Calling submodule eap_peap to process data
  3100. (23) eap_peap: Continuing EAP-TLS
  3101. (23) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  3102. (23) eap_peap: Got complete TLS record (59 bytes)
  3103. (23) eap_peap: [eaptls verify] = length included
  3104. (23) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  3105. (23) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  3106. (23) eap_peap: TLS_accept: SSLv3 read finished A
  3107. (23) eap_peap: (other): SSL negotiation finished successfully
  3108. (23) eap_peap: SSL Connection Established
  3109. (23) eap_peap: SSL Application Data
  3110. (23) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  3111. (23) eap_peap: reply:User-Name = "vkratsberg"
  3112. (23) eap_peap: [eaptls process] = success
  3113. (23) eap_peap: Session established. Decoding tunneled attributes
  3114. (23) eap_peap: PEAP state TUNNEL ESTABLISHED
  3115. (23) eap_peap: Skipping Phase2 because of session resumption
  3116. (23) eap_peap: SUCCESS
  3117. (23) eap: Sending EAP Request (code 1) ID 24 length 43
  3118. (23) eap: EAP session adding &reply:State = 0xf0e6d560f2fecc2a
  3119. (23) [eap] = handled
  3120. (23) } # authenticate = handled
  3121. (23) Using Post-Auth-Type Challenge
  3122. (23) Post-Auth-Type sub-section not found. Ignoring.
  3123. (23) # Executing group from file /etc/raddb/sites-enabled/default
  3124. (23) Sent Access-Challenge Id 14 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  3125. (23) User-Name = "vkratsberg"
  3126. (23) EAP-Message = 0x0118002b19001703010020837c09c73efe941cd36e97c0a8a8e8ca8a56fe274a4397030b70ceab33622718
  3127. (23) Message-Authenticator = 0x00000000000000000000000000000000
  3128. (23) State = 0xf0e6d560f2fecc2aab89e5d26fcde553
  3129. (23) Finished request
  3130. Waking up in 4.4 seconds.
  3131. (24) Received Access-Request Id 15 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  3132. (24) User-Name = "vkratsberg"
  3133. (24) NAS-Port = 358
  3134. (24) State = 0xf0e6d560f2fecc2aab89e5d26fcde553
  3135. (24) EAP-Message = 0x0218002b190017030100200c38a3612331e3250a2f86958b80162d4344ef2a5e53501dc1eecae5c4c865f9
  3136. (24) Message-Authenticator = 0x57c231efe11834bf4264622dfa814040
  3137. (24) Acct-Session-Id = "8O2.1x81bb0d4800078a7b"
  3138. (24) NAS-Port-Id = "ge-3/0/6.0"
  3139. (24) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  3140. (24) Called-Station-Id = "ec-3e-f7-68-35-00"
  3141. (24) NAS-IP-Address = 10.8.0.111
  3142. (24) NAS-Identifier = "nyc-access-sw011"
  3143. (24) NAS-Port-Type = Ethernet
  3144. (24) session-state: No cached attributes
  3145. (24) # Executing section authorize from file /etc/raddb/sites-enabled/default
  3146. (24) authorize {
  3147. (24) policy filter_username {
  3148. (24) if (&User-Name) {
  3149. (24) if (&User-Name) -> TRUE
  3150. (24) if (&User-Name) {
  3151. (24) if (&User-Name =~ / /) {
  3152. (24) if (&User-Name =~ / /) -> FALSE
  3153. (24) if (&User-Name =~ /@[^@]*@/ ) {
  3154. (24) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  3155. (24) if (&User-Name =~ /\.\./ ) {
  3156. (24) if (&User-Name =~ /\.\./ ) -> FALSE
  3157. (24) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  3158. (24) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  3159. (24) if (&User-Name =~ /\.$/) {
  3160. (24) if (&User-Name =~ /\.$/) -> FALSE
  3161. (24) if (&User-Name =~ /@\./) {
  3162. (24) if (&User-Name =~ /@\./) -> FALSE
  3163. (24) } # if (&User-Name) = notfound
  3164. (24) } # policy filter_username = notfound
  3165. (24) [preprocess] = ok
  3166. (24) [chap] = noop
  3167. (24) [mschap] = noop
  3168. (24) [digest] = noop
  3169. (24) suffix: Checking for suffix after "@"
  3170. (24) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  3171. (24) suffix: No such realm "NULL"
  3172. (24) [suffix] = noop
  3173. (24) eap: Peer sent EAP Response (code 2) ID 24 length 43
  3174. (24) eap: Continuing tunnel setup
  3175. (24) [eap] = ok
  3176. (24) } # authorize = ok
  3177. (24) Found Auth-Type = eap
  3178. (24) # Executing group from file /etc/raddb/sites-enabled/default
  3179. (24) authenticate {
  3180. (24) eap: Expiring EAP session with state 0xf0e6d560f2fecc2a
  3181. (24) eap: Finished EAP session with state 0xf0e6d560f2fecc2a
  3182. (24) eap: Previous EAP request found for state 0xf0e6d560f2fecc2a, released from the list
  3183. (24) eap: Peer sent packet with method EAP PEAP (25)
  3184. (24) eap: Calling submodule eap_peap to process data
  3185. (24) eap_peap: Continuing EAP-TLS
  3186. (24) eap_peap: [eaptls verify] = ok
  3187. (24) eap_peap: Done initial handshake
  3188. (24) eap_peap: [eaptls process] = ok
  3189. (24) eap_peap: Session established. Decoding tunneled attributes
  3190. (24) eap_peap: PEAP state send tlv success
  3191. (24) eap_peap: Received EAP-TLV response
  3192. (24) eap_peap: Success
  3193. (24) eap_peap: No saved attributes in the original Access-Accept
  3194. (24) eap: Sending EAP Success (code 3) ID 24 length 4
  3195. (24) eap: Freeing handler
  3196. (24) [eap] = ok
  3197. (24) } # authenticate = ok
  3198. (24) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  3199. (24) post-auth {
  3200. (24) update {
  3201. (24) No attributes updated
  3202. (24) } # update = noop
  3203. (24) [exec] = noop
  3204. (24) policy remove_reply_message_if_eap {
  3205. (24) if (&reply:EAP-Message && &reply:Reply-Message) {
  3206. (24) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  3207. (24) else {
  3208. (24) [noop] = noop
  3209. (24) } # else = noop
  3210. (24) } # policy remove_reply_message_if_eap = noop
  3211. (24) } # post-auth = noop
  3212. (24) Sent Access-Accept Id 15 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  3213. (24) MS-MPPE-Recv-Key = 0xb524f3a5887dfd9882390fd9d17a26b3975a335e86451a5f3318598be804b97a
  3214. (24) MS-MPPE-Send-Key = 0x2b49f04d9622ae5c8985f6aee66e497d276d90b52119c52f7c426b87cad5e8cf
  3215. (24) EAP-Message = 0x03180004
  3216. (24) Message-Authenticator = 0x00000000000000000000000000000000
  3217. (24) User-Name = "vkratsberg"
  3218. (24) Finished request
  3219. Waking up in 4.4 seconds.
  3220. (25) Received Access-Request Id 16 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  3221. (25) User-Name = "vkratsberg"
  3222. (25) NAS-Port = 358
  3223. (25) EAP-Message = 0x0219000f01766b7261747362657267
  3224. (25) Message-Authenticator = 0x9a5b4d6a48d4aa930319d5250983ba50
  3225. (25) Acct-Session-Id = "8O2.1x81bb0d49000928ce"
  3226. (25) NAS-Port-Id = "ge-3/0/6.0"
  3227. (25) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  3228. (25) Called-Station-Id = "ec-3e-f7-68-35-00"
  3229. (25) NAS-IP-Address = 10.8.0.111
  3230. (25) NAS-Identifier = "nyc-access-sw011"
  3231. (25) NAS-Port-Type = Ethernet
  3232. (25) # Executing section authorize from file /etc/raddb/sites-enabled/default
  3233. (25) authorize {
  3234. (25) policy filter_username {
  3235. (25) if (&User-Name) {
  3236. (25) if (&User-Name) -> TRUE
  3237. (25) if (&User-Name) {
  3238. (25) if (&User-Name =~ / /) {
  3239. (25) if (&User-Name =~ / /) -> FALSE
  3240. (25) if (&User-Name =~ /@[^@]*@/ ) {
  3241. (25) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  3242. (25) if (&User-Name =~ /\.\./ ) {
  3243. (25) if (&User-Name =~ /\.\./ ) -> FALSE
  3244. (25) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  3245. (25) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  3246. (25) if (&User-Name =~ /\.$/) {
  3247. (25) if (&User-Name =~ /\.$/) -> FALSE
  3248. (25) if (&User-Name =~ /@\./) {
  3249. (25) if (&User-Name =~ /@\./) -> FALSE
  3250. (25) } # if (&User-Name) = notfound
  3251. (25) } # policy filter_username = notfound
  3252. (25) [preprocess] = ok
  3253. (25) [chap] = noop
  3254. (25) [mschap] = noop
  3255. (25) [digest] = noop
  3256. (25) suffix: Checking for suffix after "@"
  3257. (25) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  3258. (25) suffix: No such realm "NULL"
  3259. (25) [suffix] = noop
  3260. (25) eap: Peer sent EAP Response (code 2) ID 25 length 15
  3261. (25) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  3262. (25) [eap] = ok
  3263. (25) } # authorize = ok
  3264. (25) Found Auth-Type = eap
  3265. (25) # Executing group from file /etc/raddb/sites-enabled/default
  3266. (25) authenticate {
  3267. (25) eap: Peer sent packet with method EAP Identity (1)
  3268. (25) eap: Calling submodule eap_peap to process data
  3269. (25) eap_peap: Initiating new EAP-TLS session
  3270. (25) eap_peap: [eaptls start] = request
  3271. (25) eap: Sending EAP Request (code 1) ID 26 length 6
  3272. (25) eap: EAP session adding &reply:State = 0x110c79271116602f
  3273. (25) [eap] = handled
  3274. (25) } # authenticate = handled
  3275. (25) Using Post-Auth-Type Challenge
  3276. (25) Post-Auth-Type sub-section not found. Ignoring.
  3277. (25) # Executing group from file /etc/raddb/sites-enabled/default
  3278. (25) Sent Access-Challenge Id 16 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  3279. (25) EAP-Message = 0x011a00061920
  3280. (25) Message-Authenticator = 0x00000000000000000000000000000000
  3281. (25) State = 0x110c79271116602ff7adbfea110bff9a
  3282. (25) Finished request
  3283. Waking up in 4.3 seconds.
  3284. (26) Received Access-Request Id 17 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  3285. (26) User-Name = "vkratsberg"
  3286. (26) NAS-Port = 358
  3287. (26) State = 0x110c79271116602ff7adbfea110bff9a
  3288. (26) EAP-Message = 0x021a00a31980000000991603010094010000900301574f326ca714e609b45a642cdda0285df1e458b2b1304a195d83c13b6a0b4ec82099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  3289. (26) Message-Authenticator = 0xc0f45e01a6b25657839320191922ce9c
  3290. (26) Acct-Session-Id = "8O2.1x81bb0d49000928ce"
  3291. (26) NAS-Port-Id = "ge-3/0/6.0"
  3292. (26) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  3293. (26) Called-Station-Id = "ec-3e-f7-68-35-00"
  3294. (26) NAS-IP-Address = 10.8.0.111
  3295. (26) NAS-Identifier = "nyc-access-sw011"
  3296. (26) NAS-Port-Type = Ethernet
  3297. (26) session-state: No cached attributes
  3298. (26) # Executing section authorize from file /etc/raddb/sites-enabled/default
  3299. (26) authorize {
  3300. (26) policy filter_username {
  3301. (26) if (&User-Name) {
  3302. (26) if (&User-Name) -> TRUE
  3303. (26) if (&User-Name) {
  3304. (26) if (&User-Name =~ / /) {
  3305. (26) if (&User-Name =~ / /) -> FALSE
  3306. (26) if (&User-Name =~ /@[^@]*@/ ) {
  3307. (26) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  3308. (26) if (&User-Name =~ /\.\./ ) {
  3309. (26) if (&User-Name =~ /\.\./ ) -> FALSE
  3310. (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  3311. (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  3312. (26) if (&User-Name =~ /\.$/) {
  3313. (26) if (&User-Name =~ /\.$/) -> FALSE
  3314. (26) if (&User-Name =~ /@\./) {
  3315. (26) if (&User-Name =~ /@\./) -> FALSE
  3316. (26) } # if (&User-Name) = notfound
  3317. (26) } # policy filter_username = notfound
  3318. (26) [preprocess] = ok
  3319. (26) [chap] = noop
  3320. (26) [mschap] = noop
  3321. (26) [digest] = noop
  3322. (26) suffix: Checking for suffix after "@"
  3323. (26) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  3324. (26) suffix: No such realm "NULL"
  3325. (26) [suffix] = noop
  3326. (26) eap: Peer sent EAP Response (code 2) ID 26 length 163
  3327. (26) eap: Continuing tunnel setup
  3328. (26) [eap] = ok
  3329. (26) } # authorize = ok
  3330. (26) Found Auth-Type = eap
  3331. (26) # Executing group from file /etc/raddb/sites-enabled/default
  3332. (26) authenticate {
  3333. (26) eap: Expiring EAP session with state 0x110c79271116602f
  3334. (26) eap: Finished EAP session with state 0x110c79271116602f
  3335. (26) eap: Previous EAP request found for state 0x110c79271116602f, released from the list
  3336. (26) eap: Peer sent packet with method EAP PEAP (25)
  3337. (26) eap: Calling submodule eap_peap to process data
  3338. (26) eap_peap: Continuing EAP-TLS
  3339. (26) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  3340. (26) eap_peap: Got complete TLS record (153 bytes)
  3341. (26) eap_peap: [eaptls verify] = length included
  3342. (26) eap_peap: (other): before/accept initialization
  3343. (26) eap_peap: TLS_accept: before/accept initialization
  3344. (26) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  3345. (26) eap_peap: TLS_accept: SSLv3 read client hello A
  3346. (26) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  3347. (26) eap_peap: TLS_accept: SSLv3 write server hello A
  3348. (26) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  3349. (26) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  3350. (26) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  3351. (26) eap_peap: TLS_accept: SSLv3 write finished A
  3352. (26) eap_peap: TLS_accept: SSLv3 flush data
  3353. (26) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  3354. (26) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  3355. (26) eap_peap: In SSL Handshake Phase
  3356. (26) eap_peap: In SSL Accept mode
  3357. (26) eap_peap: [eaptls process] = handled
  3358. (26) eap: Sending EAP Request (code 1) ID 27 length 159
  3359. (26) eap: EAP session adding &reply:State = 0x110c79271017602f
  3360. (26) [eap] = handled
  3361. (26) } # authenticate = handled
  3362. (26) Using Post-Auth-Type Challenge
  3363. (26) Post-Auth-Type sub-section not found. Ignoring.
  3364. (26) # Executing group from file /etc/raddb/sites-enabled/default
  3365. (26) Sent Access-Challenge Id 17 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  3366. (26) EAP-Message = 0x011b009f19001603010059020000550301574f326c8e75f12e505168fb938361d9141c3fd76c763496dec34ec3d9ca8fc22099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b0004030001021403010001011603010030f597c73cc4c1d6ff
  3367. (26) Message-Authenticator = 0x00000000000000000000000000000000
  3368. (26) State = 0x110c79271017602ff7adbfea110bff9a
  3369. (26) Finished request
  3370. Waking up in 4.3 seconds.
  3371. (27) Received Access-Request Id 18 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  3372. (27) User-Name = "vkratsberg"
  3373. (27) NAS-Port = 358
  3374. (27) State = 0x110c79271017602ff7adbfea110bff9a
  3375. (27) EAP-Message = 0x021b004519800000003b1403010001011603010030618446dc99b641aa96929373b2fa66a2658c660ebc7a336a4e4581cf7c3037b4a9d98bdf7cf1daab3767556d771c7758
  3376. (27) Message-Authenticator = 0xa8e2f9026cd9ee34312224279ccc6689
  3377. (27) Acct-Session-Id = "8O2.1x81bb0d49000928ce"
  3378. (27) NAS-Port-Id = "ge-3/0/6.0"
  3379. (27) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  3380. (27) Called-Station-Id = "ec-3e-f7-68-35-00"
  3381. (27) NAS-IP-Address = 10.8.0.111
  3382. (27) NAS-Identifier = "nyc-access-sw011"
  3383. (27) NAS-Port-Type = Ethernet
  3384. (27) session-state: No cached attributes
  3385. (27) # Executing section authorize from file /etc/raddb/sites-enabled/default
  3386. (27) authorize {
  3387. (27) policy filter_username {
  3388. (27) if (&User-Name) {
  3389. (27) if (&User-Name) -> TRUE
  3390. (27) if (&User-Name) {
  3391. (27) if (&User-Name =~ / /) {
  3392. (27) if (&User-Name =~ / /) -> FALSE
  3393. (27) if (&User-Name =~ /@[^@]*@/ ) {
  3394. (27) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  3395. (27) if (&User-Name =~ /\.\./ ) {
  3396. (27) if (&User-Name =~ /\.\./ ) -> FALSE
  3397. (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  3398. (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  3399. (27) if (&User-Name =~ /\.$/) {
  3400. (27) if (&User-Name =~ /\.$/) -> FALSE
  3401. (27) if (&User-Name =~ /@\./) {
  3402. (27) if (&User-Name =~ /@\./) -> FALSE
  3403. (27) } # if (&User-Name) = notfound
  3404. (27) } # policy filter_username = notfound
  3405. (27) [preprocess] = ok
  3406. (27) [chap] = noop
  3407. (27) [mschap] = noop
  3408. (27) [digest] = noop
  3409. (27) suffix: Checking for suffix after "@"
  3410. (27) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  3411. (27) suffix: No such realm "NULL"
  3412. (27) [suffix] = noop
  3413. (27) eap: Peer sent EAP Response (code 2) ID 27 length 69
  3414. (27) eap: Continuing tunnel setup
  3415. (27) [eap] = ok
  3416. (27) } # authorize = ok
  3417. (27) Found Auth-Type = eap
  3418. (27) # Executing group from file /etc/raddb/sites-enabled/default
  3419. (27) authenticate {
  3420. (27) eap: Expiring EAP session with state 0x110c79271017602f
  3421. (27) eap: Finished EAP session with state 0x110c79271017602f
  3422. (27) eap: Previous EAP request found for state 0x110c79271017602f, released from the list
  3423. (27) eap: Peer sent packet with method EAP PEAP (25)
  3424. (27) eap: Calling submodule eap_peap to process data
  3425. (27) eap_peap: Continuing EAP-TLS
  3426. (27) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  3427. (27) eap_peap: Got complete TLS record (59 bytes)
  3428. (27) eap_peap: [eaptls verify] = length included
  3429. (27) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  3430. (27) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  3431. (27) eap_peap: TLS_accept: SSLv3 read finished A
  3432. (27) eap_peap: (other): SSL negotiation finished successfully
  3433. (27) eap_peap: SSL Connection Established
  3434. (27) eap_peap: SSL Application Data
  3435. (27) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  3436. (27) eap_peap: reply:User-Name = "vkratsberg"
  3437. (27) eap_peap: [eaptls process] = success
  3438. (27) eap_peap: Session established. Decoding tunneled attributes
  3439. (27) eap_peap: PEAP state TUNNEL ESTABLISHED
  3440. (27) eap_peap: Skipping Phase2 because of session resumption
  3441. (27) eap_peap: SUCCESS
  3442. (27) eap: Sending EAP Request (code 1) ID 28 length 43
  3443. (27) eap: EAP session adding &reply:State = 0x110c79271310602f
  3444. (27) [eap] = handled
  3445. (27) } # authenticate = handled
  3446. (27) Using Post-Auth-Type Challenge
  3447. (27) Post-Auth-Type sub-section not found. Ignoring.
  3448. (27) # Executing group from file /etc/raddb/sites-enabled/default
  3449. (27) Sent Access-Challenge Id 18 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  3450. (27) User-Name = "vkratsberg"
  3451. (27) EAP-Message = 0x011c002b1900170301002058e79b37eedb1665968e76e967e0f13315c6e1a420f0a2aeabf9ec7e19c57ad9
  3452. (27) Message-Authenticator = 0x00000000000000000000000000000000
  3453. (27) State = 0x110c79271310602ff7adbfea110bff9a
  3454. (27) Finished request
  3455. Waking up in 4.3 seconds.
  3456. (28) Received Access-Request Id 19 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  3457. (28) User-Name = "vkratsberg"
  3458. (28) NAS-Port = 358
  3459. (28) State = 0x110c79271310602ff7adbfea110bff9a
  3460. (28) EAP-Message = 0x021c002b19001703010020bb379d67f269c5cc50afd816b36604d9322c41e706fd2d6b47766946042e9a11
  3461. (28) Message-Authenticator = 0x9f32e1d54db007cdee32171678d08e1e
  3462. (28) Acct-Session-Id = "8O2.1x81bb0d49000928ce"
  3463. (28) NAS-Port-Id = "ge-3/0/6.0"
  3464. (28) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  3465. (28) Called-Station-Id = "ec-3e-f7-68-35-00"
  3466. (28) NAS-IP-Address = 10.8.0.111
  3467. (28) NAS-Identifier = "nyc-access-sw011"
  3468. (28) NAS-Port-Type = Ethernet
  3469. (28) session-state: No cached attributes
  3470. (28) # Executing section authorize from file /etc/raddb/sites-enabled/default
  3471. (28) authorize {
  3472. (28) policy filter_username {
  3473. (28) if (&User-Name) {
  3474. (28) if (&User-Name) -> TRUE
  3475. (28) if (&User-Name) {
  3476. (28) if (&User-Name =~ / /) {
  3477. (28) if (&User-Name =~ / /) -> FALSE
  3478. (28) if (&User-Name =~ /@[^@]*@/ ) {
  3479. (28) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  3480. (28) if (&User-Name =~ /\.\./ ) {
  3481. (28) if (&User-Name =~ /\.\./ ) -> FALSE
  3482. (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  3483. (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  3484. (28) if (&User-Name =~ /\.$/) {
  3485. (28) if (&User-Name =~ /\.$/) -> FALSE
  3486. (28) if (&User-Name =~ /@\./) {
  3487. (28) if (&User-Name =~ /@\./) -> FALSE
  3488. (28) } # if (&User-Name) = notfound
  3489. (28) } # policy filter_username = notfound
  3490. (28) [preprocess] = ok
  3491. (28) [chap] = noop
  3492. (28) [mschap] = noop
  3493. (28) [digest] = noop
  3494. (28) suffix: Checking for suffix after "@"
  3495. (28) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  3496. (28) suffix: No such realm "NULL"
  3497. (28) [suffix] = noop
  3498. (28) eap: Peer sent EAP Response (code 2) ID 28 length 43
  3499. (28) eap: Continuing tunnel setup
  3500. (28) [eap] = ok
  3501. (28) } # authorize = ok
  3502. (28) Found Auth-Type = eap
  3503. (28) # Executing group from file /etc/raddb/sites-enabled/default
  3504. (28) authenticate {
  3505. (28) eap: Expiring EAP session with state 0x110c79271310602f
  3506. (28) eap: Finished EAP session with state 0x110c79271310602f
  3507. (28) eap: Previous EAP request found for state 0x110c79271310602f, released from the list
  3508. (28) eap: Peer sent packet with method EAP PEAP (25)
  3509. (28) eap: Calling submodule eap_peap to process data
  3510. (28) eap_peap: Continuing EAP-TLS
  3511. (28) eap_peap: [eaptls verify] = ok
  3512. (28) eap_peap: Done initial handshake
  3513. (28) eap_peap: [eaptls process] = ok
  3514. (28) eap_peap: Session established. Decoding tunneled attributes
  3515. (28) eap_peap: PEAP state send tlv success
  3516. (28) eap_peap: Received EAP-TLV response
  3517. (28) eap_peap: Success
  3518. (28) eap_peap: No saved attributes in the original Access-Accept
  3519. (28) eap: Sending EAP Success (code 3) ID 28 length 4
  3520. (28) eap: Freeing handler
  3521. (28) [eap] = ok
  3522. (28) } # authenticate = ok
  3523. (28) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  3524. (28) post-auth {
  3525. (28) update {
  3526. (28) No attributes updated
  3527. (28) } # update = noop
  3528. (28) [exec] = noop
  3529. (28) policy remove_reply_message_if_eap {
  3530. (28) if (&reply:EAP-Message && &reply:Reply-Message) {
  3531. (28) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  3532. (28) else {
  3533. (28) [noop] = noop
  3534. (28) } # else = noop
  3535. (28) } # policy remove_reply_message_if_eap = noop
  3536. (28) } # post-auth = noop
  3537. (28) Sent Access-Accept Id 19 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  3538. (28) MS-MPPE-Recv-Key = 0x3621273efbdd3aed9912b0bc07adfca7c5fd80c0ee515e2c9f6852f05084c4b4
  3539. (28) MS-MPPE-Send-Key = 0x44d681bc2ee43475fc8b476541c24187c617074acadf12f1b58fb19f4630b68f
  3540. (28) EAP-Message = 0x031c0004
  3541. (28) Message-Authenticator = 0x00000000000000000000000000000000
  3542. (28) User-Name = "vkratsberg"
  3543. (28) Finished request
  3544. Waking up in 4.3 seconds.
  3545. (29) Received Access-Request Id 20 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  3546. (29) User-Name = "vkratsberg"
  3547. (29) NAS-Port = 358
  3548. (29) EAP-Message = 0x021d000f01766b7261747362657267
  3549. (29) Message-Authenticator = 0x0bf718a22310a58701b6d72a0765de3a
  3550. (29) Acct-Session-Id = "8O2.1x81bb0d4a000ac6a9"
  3551. (29) NAS-Port-Id = "ge-3/0/6.0"
  3552. (29) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  3553. (29) Called-Station-Id = "ec-3e-f7-68-35-00"
  3554. (29) NAS-IP-Address = 10.8.0.111
  3555. (29) NAS-Identifier = "nyc-access-sw011"
  3556. (29) NAS-Port-Type = Ethernet
  3557. (29) # Executing section authorize from file /etc/raddb/sites-enabled/default
  3558. (29) authorize {
  3559. (29) policy filter_username {
  3560. (29) if (&User-Name) {
  3561. (29) if (&User-Name) -> TRUE
  3562. (29) if (&User-Name) {
  3563. (29) if (&User-Name =~ / /) {
  3564. (29) if (&User-Name =~ / /) -> FALSE
  3565. (29) if (&User-Name =~ /@[^@]*@/ ) {
  3566. (29) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  3567. (29) if (&User-Name =~ /\.\./ ) {
  3568. (29) if (&User-Name =~ /\.\./ ) -> FALSE
  3569. (29) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  3570. (29) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  3571. (29) if (&User-Name =~ /\.$/) {
  3572. (29) if (&User-Name =~ /\.$/) -> FALSE
  3573. (29) if (&User-Name =~ /@\./) {
  3574. (29) if (&User-Name =~ /@\./) -> FALSE
  3575. (29) } # if (&User-Name) = notfound
  3576. (29) } # policy filter_username = notfound
  3577. (29) [preprocess] = ok
  3578. (29) [chap] = noop
  3579. (29) [mschap] = noop
  3580. (29) [digest] = noop
  3581. (29) suffix: Checking for suffix after "@"
  3582. (29) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  3583. (29) suffix: No such realm "NULL"
  3584. (29) [suffix] = noop
  3585. (29) eap: Peer sent EAP Response (code 2) ID 29 length 15
  3586. (29) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  3587. (29) [eap] = ok
  3588. (29) } # authorize = ok
  3589. (29) Found Auth-Type = eap
  3590. (29) # Executing group from file /etc/raddb/sites-enabled/default
  3591. (29) authenticate {
  3592. (29) eap: Peer sent packet with method EAP Identity (1)
  3593. (29) eap: Calling submodule eap_peap to process data
  3594. (29) eap_peap: Initiating new EAP-TLS session
  3595. (29) eap_peap: [eaptls start] = request
  3596. (29) eap: Sending EAP Request (code 1) ID 30 length 6
  3597. (29) eap: EAP session adding &reply:State = 0xd2885a52d2964376
  3598. (29) [eap] = handled
  3599. (29) } # authenticate = handled
  3600. (29) Using Post-Auth-Type Challenge
  3601. (29) Post-Auth-Type sub-section not found. Ignoring.
  3602. (29) # Executing group from file /etc/raddb/sites-enabled/default
  3603. (29) Sent Access-Challenge Id 20 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  3604. (29) EAP-Message = 0x011e00061920
  3605. (29) Message-Authenticator = 0x00000000000000000000000000000000
  3606. (29) State = 0xd2885a52d2964376545752d93dc397a8
  3607. (29) Finished request
  3608. Waking up in 4.2 seconds.
  3609. (30) Received Access-Request Id 21 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  3610. (30) User-Name = "vkratsberg"
  3611. (30) NAS-Port = 358
  3612. (30) State = 0xd2885a52d2964376545752d93dc397a8
  3613. (30) EAP-Message = 0x021e00a31980000000991603010094010000900301574f326cd4ca59c5429f1dc1c5de1bd7e1d9c368d9b887b5e2290513111db3a12099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  3614. (30) Message-Authenticator = 0xf3ed116a7066a8395bc9e2d2cc7507bd
  3615. (30) Acct-Session-Id = "8O2.1x81bb0d4a000ac6a9"
  3616. (30) NAS-Port-Id = "ge-3/0/6.0"
  3617. (30) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  3618. (30) Called-Station-Id = "ec-3e-f7-68-35-00"
  3619. (30) NAS-IP-Address = 10.8.0.111
  3620. (30) NAS-Identifier = "nyc-access-sw011"
  3621. (30) NAS-Port-Type = Ethernet
  3622. (30) session-state: No cached attributes
  3623. (30) # Executing section authorize from file /etc/raddb/sites-enabled/default
  3624. (30) authorize {
  3625. (30) policy filter_username {
  3626. (30) if (&User-Name) {
  3627. (30) if (&User-Name) -> TRUE
  3628. (30) if (&User-Name) {
  3629. (30) if (&User-Name =~ / /) {
  3630. (30) if (&User-Name =~ / /) -> FALSE
  3631. (30) if (&User-Name =~ /@[^@]*@/ ) {
  3632. (30) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  3633. (30) if (&User-Name =~ /\.\./ ) {
  3634. (30) if (&User-Name =~ /\.\./ ) -> FALSE
  3635. (30) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  3636. (30) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  3637. (30) if (&User-Name =~ /\.$/) {
  3638. (30) if (&User-Name =~ /\.$/) -> FALSE
  3639. (30) if (&User-Name =~ /@\./) {
  3640. (30) if (&User-Name =~ /@\./) -> FALSE
  3641. (30) } # if (&User-Name) = notfound
  3642. (30) } # policy filter_username = notfound
  3643. (30) [preprocess] = ok
  3644. (30) [chap] = noop
  3645. (30) [mschap] = noop
  3646. (30) [digest] = noop
  3647. (30) suffix: Checking for suffix after "@"
  3648. (30) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  3649. (30) suffix: No such realm "NULL"
  3650. (30) [suffix] = noop
  3651. (30) eap: Peer sent EAP Response (code 2) ID 30 length 163
  3652. (30) eap: Continuing tunnel setup
  3653. (30) [eap] = ok
  3654. (30) } # authorize = ok
  3655. (30) Found Auth-Type = eap
  3656. (30) # Executing group from file /etc/raddb/sites-enabled/default
  3657. (30) authenticate {
  3658. (30) eap: Expiring EAP session with state 0xd2885a52d2964376
  3659. (30) eap: Finished EAP session with state 0xd2885a52d2964376
  3660. (30) eap: Previous EAP request found for state 0xd2885a52d2964376, released from the list
  3661. (30) eap: Peer sent packet with method EAP PEAP (25)
  3662. (30) eap: Calling submodule eap_peap to process data
  3663. (30) eap_peap: Continuing EAP-TLS
  3664. (30) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  3665. (30) eap_peap: Got complete TLS record (153 bytes)
  3666. (30) eap_peap: [eaptls verify] = length included
  3667. (30) eap_peap: (other): before/accept initialization
  3668. (30) eap_peap: TLS_accept: before/accept initialization
  3669. (30) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  3670. (30) eap_peap: TLS_accept: SSLv3 read client hello A
  3671. (30) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  3672. (30) eap_peap: TLS_accept: SSLv3 write server hello A
  3673. (30) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  3674. (30) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  3675. (30) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  3676. (30) eap_peap: TLS_accept: SSLv3 write finished A
  3677. (30) eap_peap: TLS_accept: SSLv3 flush data
  3678. (30) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  3679. (30) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  3680. (30) eap_peap: In SSL Handshake Phase
  3681. (30) eap_peap: In SSL Accept mode
  3682. (30) eap_peap: [eaptls process] = handled
  3683. (30) eap: Sending EAP Request (code 1) ID 31 length 159
  3684. (30) eap: EAP session adding &reply:State = 0xd2885a52d3974376
  3685. (30) [eap] = handled
  3686. (30) } # authenticate = handled
  3687. (30) Using Post-Auth-Type Challenge
  3688. (30) Post-Auth-Type sub-section not found. Ignoring.
  3689. (30) # Executing group from file /etc/raddb/sites-enabled/default
  3690. (30) Sent Access-Challenge Id 21 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  3691. (30) EAP-Message = 0x011f009f19001603010059020000550301574f326cda3867bcd795f50a86b04be846291829096d281f5f2ef4b709ce5f7d2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b0004030001021403010001011603010030dfd361cbc37a1f90
  3692. (30) Message-Authenticator = 0x00000000000000000000000000000000
  3693. (30) State = 0xd2885a52d3974376545752d93dc397a8
  3694. (30) Finished request
  3695. Waking up in 4.2 seconds.
  3696. (31) Received Access-Request Id 22 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  3697. (31) User-Name = "vkratsberg"
  3698. (31) NAS-Port = 358
  3699. (31) State = 0xd2885a52d3974376545752d93dc397a8
  3700. (31) EAP-Message = 0x021f004519800000003b1403010001011603010030b972837fc92c5754aa92d4f9c3a9d183fe149e704182dd6d574d222dc752b3bc94e9e66b28be9fc3e4bc1e1dacd7f266
  3701. (31) Message-Authenticator = 0x3b07473a2361b0abe0a91d2016b0c6eb
  3702. (31) Acct-Session-Id = "8O2.1x81bb0d4a000ac6a9"
  3703. (31) NAS-Port-Id = "ge-3/0/6.0"
  3704. (31) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  3705. (31) Called-Station-Id = "ec-3e-f7-68-35-00"
  3706. (31) NAS-IP-Address = 10.8.0.111
  3707. (31) NAS-Identifier = "nyc-access-sw011"
  3708. (31) NAS-Port-Type = Ethernet
  3709. (31) session-state: No cached attributes
  3710. (31) # Executing section authorize from file /etc/raddb/sites-enabled/default
  3711. (31) authorize {
  3712. (31) policy filter_username {
  3713. (31) if (&User-Name) {
  3714. (31) if (&User-Name) -> TRUE
  3715. (31) if (&User-Name) {
  3716. (31) if (&User-Name =~ / /) {
  3717. (31) if (&User-Name =~ / /) -> FALSE
  3718. (31) if (&User-Name =~ /@[^@]*@/ ) {
  3719. (31) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  3720. (31) if (&User-Name =~ /\.\./ ) {
  3721. (31) if (&User-Name =~ /\.\./ ) -> FALSE
  3722. (31) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  3723. (31) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  3724. (31) if (&User-Name =~ /\.$/) {
  3725. (31) if (&User-Name =~ /\.$/) -> FALSE
  3726. (31) if (&User-Name =~ /@\./) {
  3727. (31) if (&User-Name =~ /@\./) -> FALSE
  3728. (31) } # if (&User-Name) = notfound
  3729. (31) } # policy filter_username = notfound
  3730. (31) [preprocess] = ok
  3731. (31) [chap] = noop
  3732. (31) [mschap] = noop
  3733. (31) [digest] = noop
  3734. (31) suffix: Checking for suffix after "@"
  3735. (31) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  3736. (31) suffix: No such realm "NULL"
  3737. (31) [suffix] = noop
  3738. (31) eap: Peer sent EAP Response (code 2) ID 31 length 69
  3739. (31) eap: Continuing tunnel setup
  3740. (31) [eap] = ok
  3741. (31) } # authorize = ok
  3742. (31) Found Auth-Type = eap
  3743. (31) # Executing group from file /etc/raddb/sites-enabled/default
  3744. (31) authenticate {
  3745. (31) eap: Expiring EAP session with state 0xd2885a52d3974376
  3746. (31) eap: Finished EAP session with state 0xd2885a52d3974376
  3747. (31) eap: Previous EAP request found for state 0xd2885a52d3974376, released from the list
  3748. (31) eap: Peer sent packet with method EAP PEAP (25)
  3749. (31) eap: Calling submodule eap_peap to process data
  3750. (31) eap_peap: Continuing EAP-TLS
  3751. (31) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  3752. (31) eap_peap: Got complete TLS record (59 bytes)
  3753. (31) eap_peap: [eaptls verify] = length included
  3754. (31) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  3755. (31) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  3756. (31) eap_peap: TLS_accept: SSLv3 read finished A
  3757. (31) eap_peap: (other): SSL negotiation finished successfully
  3758. (31) eap_peap: SSL Connection Established
  3759. (31) eap_peap: SSL Application Data
  3760. (31) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  3761. (31) eap_peap: reply:User-Name = "vkratsberg"
  3762. (31) eap_peap: [eaptls process] = success
  3763. (31) eap_peap: Session established. Decoding tunneled attributes
  3764. (31) eap_peap: PEAP state TUNNEL ESTABLISHED
  3765. (31) eap_peap: Skipping Phase2 because of session resumption
  3766. (31) eap_peap: SUCCESS
  3767. (31) eap: Sending EAP Request (code 1) ID 32 length 43
  3768. (31) eap: EAP session adding &reply:State = 0xd2885a52d0a84376
  3769. (31) [eap] = handled
  3770. (31) } # authenticate = handled
  3771. (31) Using Post-Auth-Type Challenge
  3772. (31) Post-Auth-Type sub-section not found. Ignoring.
  3773. (31) # Executing group from file /etc/raddb/sites-enabled/default
  3774. (31) Sent Access-Challenge Id 22 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  3775. (31) User-Name = "vkratsberg"
  3776. (31) EAP-Message = 0x0120002b19001703010020dd5e6e61ca4379e57614c0501f9f596212e31b3a860e1ef395b3ea474f2d2b67
  3777. (31) Message-Authenticator = 0x00000000000000000000000000000000
  3778. (31) State = 0xd2885a52d0a84376545752d93dc397a8
  3779. (31) Finished request
  3780. Waking up in 4.1 seconds.
  3781. (32) Received Access-Request Id 23 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  3782. (32) User-Name = "vkratsberg"
  3783. (32) NAS-Port = 358
  3784. (32) State = 0xd2885a52d0a84376545752d93dc397a8
  3785. (32) EAP-Message = 0x0220002b19001703010020fb4681f677a704daf9123b7e062c4b772bf97872b00c3531b327df02e8b5f9fa
  3786. (32) Message-Authenticator = 0xa57af92b0dd0ab1122ffce6df8d4e166
  3787. (32) Acct-Session-Id = "8O2.1x81bb0d4a000ac6a9"
  3788. (32) NAS-Port-Id = "ge-3/0/6.0"
  3789. (32) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  3790. (32) Called-Station-Id = "ec-3e-f7-68-35-00"
  3791. (32) NAS-IP-Address = 10.8.0.111
  3792. (32) NAS-Identifier = "nyc-access-sw011"
  3793. (32) NAS-Port-Type = Ethernet
  3794. (32) session-state: No cached attributes
  3795. (32) # Executing section authorize from file /etc/raddb/sites-enabled/default
  3796. (32) authorize {
  3797. (32) policy filter_username {
  3798. (32) if (&User-Name) {
  3799. (32) if (&User-Name) -> TRUE
  3800. (32) if (&User-Name) {
  3801. (32) if (&User-Name =~ / /) {
  3802. (32) if (&User-Name =~ / /) -> FALSE
  3803. (32) if (&User-Name =~ /@[^@]*@/ ) {
  3804. (32) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  3805. (32) if (&User-Name =~ /\.\./ ) {
  3806. (32) if (&User-Name =~ /\.\./ ) -> FALSE
  3807. (32) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  3808. (32) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  3809. (32) if (&User-Name =~ /\.$/) {
  3810. (32) if (&User-Name =~ /\.$/) -> FALSE
  3811. (32) if (&User-Name =~ /@\./) {
  3812. (32) if (&User-Name =~ /@\./) -> FALSE
  3813. (32) } # if (&User-Name) = notfound
  3814. (32) } # policy filter_username = notfound
  3815. (32) [preprocess] = ok
  3816. (32) [chap] = noop
  3817. (32) [mschap] = noop
  3818. (32) [digest] = noop
  3819. (32) suffix: Checking for suffix after "@"
  3820. (32) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  3821. (32) suffix: No such realm "NULL"
  3822. (32) [suffix] = noop
  3823. (32) eap: Peer sent EAP Response (code 2) ID 32 length 43
  3824. (32) eap: Continuing tunnel setup
  3825. (32) [eap] = ok
  3826. (32) } # authorize = ok
  3827. (32) Found Auth-Type = eap
  3828. (32) # Executing group from file /etc/raddb/sites-enabled/default
  3829. (32) authenticate {
  3830. (32) eap: Expiring EAP session with state 0xd2885a52d0a84376
  3831. (32) eap: Finished EAP session with state 0xd2885a52d0a84376
  3832. (32) eap: Previous EAP request found for state 0xd2885a52d0a84376, released from the list
  3833. (32) eap: Peer sent packet with method EAP PEAP (25)
  3834. (32) eap: Calling submodule eap_peap to process data
  3835. (32) eap_peap: Continuing EAP-TLS
  3836. (32) eap_peap: [eaptls verify] = ok
  3837. (32) eap_peap: Done initial handshake
  3838. (32) eap_peap: [eaptls process] = ok
  3839. (32) eap_peap: Session established. Decoding tunneled attributes
  3840. (32) eap_peap: PEAP state send tlv success
  3841. (32) eap_peap: Received EAP-TLV response
  3842. (32) eap_peap: Success
  3843. (32) eap_peap: No saved attributes in the original Access-Accept
  3844. (32) eap: Sending EAP Success (code 3) ID 32 length 4
  3845. (32) eap: Freeing handler
  3846. (32) [eap] = ok
  3847. (32) } # authenticate = ok
  3848. (32) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  3849. (32) post-auth {
  3850. (32) update {
  3851. (32) No attributes updated
  3852. (32) } # update = noop
  3853. (32) [exec] = noop
  3854. (32) policy remove_reply_message_if_eap {
  3855. (32) if (&reply:EAP-Message && &reply:Reply-Message) {
  3856. (32) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  3857. (32) else {
  3858. (32) [noop] = noop
  3859. (32) } # else = noop
  3860. (32) } # policy remove_reply_message_if_eap = noop
  3861. (32) } # post-auth = noop
  3862. (32) Sent Access-Accept Id 23 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  3863. (32) MS-MPPE-Recv-Key = 0xb2ed765cf6de9d9b34f2feb2399638c5b75e43cb2a2581e37f5ccd53e14d5a98
  3864. (32) MS-MPPE-Send-Key = 0xf534950e5ea84cfb54047852d28dca3a52b19019096ab82ea346c87b06a8d391
  3865. (32) EAP-Message = 0x03200004
  3866. (32) Message-Authenticator = 0x00000000000000000000000000000000
  3867. (32) User-Name = "vkratsberg"
  3868. (32) Finished request
  3869. Waking up in 4.1 seconds.
  3870. (33) Received Access-Request Id 24 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  3871. (33) User-Name = "vkratsberg"
  3872. (33) NAS-Port = 358
  3873. (33) EAP-Message = 0x0221000f01766b7261747362657267
  3874. (33) Message-Authenticator = 0xb4931dcf6df7b5d16dd721eeea119428
  3875. (33) Acct-Session-Id = "8O2.1x81bb0d4b000c65b7"
  3876. (33) NAS-Port-Id = "ge-3/0/6.0"
  3877. (33) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  3878. (33) Called-Station-Id = "ec-3e-f7-68-35-00"
  3879. (33) NAS-IP-Address = 10.8.0.111
  3880. (33) NAS-Identifier = "nyc-access-sw011"
  3881. (33) NAS-Port-Type = Ethernet
  3882. (33) # Executing section authorize from file /etc/raddb/sites-enabled/default
  3883. (33) authorize {
  3884. (33) policy filter_username {
  3885. (33) if (&User-Name) {
  3886. (33) if (&User-Name) -> TRUE
  3887. (33) if (&User-Name) {
  3888. (33) if (&User-Name =~ / /) {
  3889. (33) if (&User-Name =~ / /) -> FALSE
  3890. (33) if (&User-Name =~ /@[^@]*@/ ) {
  3891. (33) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  3892. (33) if (&User-Name =~ /\.\./ ) {
  3893. (33) if (&User-Name =~ /\.\./ ) -> FALSE
  3894. (33) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  3895. (33) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  3896. (33) if (&User-Name =~ /\.$/) {
  3897. (33) if (&User-Name =~ /\.$/) -> FALSE
  3898. (33) if (&User-Name =~ /@\./) {
  3899. (33) if (&User-Name =~ /@\./) -> FALSE
  3900. (33) } # if (&User-Name) = notfound
  3901. (33) } # policy filter_username = notfound
  3902. (33) [preprocess] = ok
  3903. (33) [chap] = noop
  3904. (33) [mschap] = noop
  3905. (33) [digest] = noop
  3906. (33) suffix: Checking for suffix after "@"
  3907. (33) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  3908. (33) suffix: No such realm "NULL"
  3909. (33) [suffix] = noop
  3910. (33) eap: Peer sent EAP Response (code 2) ID 33 length 15
  3911. (33) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  3912. (33) [eap] = ok
  3913. (33) } # authorize = ok
  3914. (33) Found Auth-Type = eap
  3915. (33) # Executing group from file /etc/raddb/sites-enabled/default
  3916. (33) authenticate {
  3917. (33) eap: Peer sent packet with method EAP Identity (1)
  3918. (33) eap: Calling submodule eap_peap to process data
  3919. (33) eap_peap: Initiating new EAP-TLS session
  3920. (33) eap_peap: [eaptls start] = request
  3921. (33) eap: Sending EAP Request (code 1) ID 34 length 6
  3922. (33) eap: EAP session adding &reply:State = 0x095ceadf097ef362
  3923. (33) [eap] = handled
  3924. (33) } # authenticate = handled
  3925. (33) Using Post-Auth-Type Challenge
  3926. (33) Post-Auth-Type sub-section not found. Ignoring.
  3927. (33) # Executing group from file /etc/raddb/sites-enabled/default
  3928. (33) Sent Access-Challenge Id 24 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  3929. (33) EAP-Message = 0x012200061920
  3930. (33) Message-Authenticator = 0x00000000000000000000000000000000
  3931. (33) State = 0x095ceadf097ef362810f8898caf11f54
  3932. (33) Finished request
  3933. Waking up in 4.1 seconds.
  3934. (34) Received Access-Request Id 25 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  3935. (34) User-Name = "vkratsberg"
  3936. (34) NAS-Port = 358
  3937. (34) State = 0x095ceadf097ef362810f8898caf11f54
  3938. (34) EAP-Message = 0x022200a31980000000991603010094010000900301574f326cf0f20df0830ea738d811eb9fa16e4c902846ac23fa80d0fdb639e3812099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  3939. (34) Message-Authenticator = 0xc863fd55fdb0704a51aa92fc7d5effff
  3940. (34) Acct-Session-Id = "8O2.1x81bb0d4b000c65b7"
  3941. (34) NAS-Port-Id = "ge-3/0/6.0"
  3942. (34) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  3943. (34) Called-Station-Id = "ec-3e-f7-68-35-00"
  3944. (34) NAS-IP-Address = 10.8.0.111
  3945. (34) NAS-Identifier = "nyc-access-sw011"
  3946. (34) NAS-Port-Type = Ethernet
  3947. (34) session-state: No cached attributes
  3948. (34) # Executing section authorize from file /etc/raddb/sites-enabled/default
  3949. (34) authorize {
  3950. (34) policy filter_username {
  3951. (34) if (&User-Name) {
  3952. (34) if (&User-Name) -> TRUE
  3953. (34) if (&User-Name) {
  3954. (34) if (&User-Name =~ / /) {
  3955. (34) if (&User-Name =~ / /) -> FALSE
  3956. (34) if (&User-Name =~ /@[^@]*@/ ) {
  3957. (34) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  3958. (34) if (&User-Name =~ /\.\./ ) {
  3959. (34) if (&User-Name =~ /\.\./ ) -> FALSE
  3960. (34) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  3961. (34) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  3962. (34) if (&User-Name =~ /\.$/) {
  3963. (34) if (&User-Name =~ /\.$/) -> FALSE
  3964. (34) if (&User-Name =~ /@\./) {
  3965. (34) if (&User-Name =~ /@\./) -> FALSE
  3966. (34) } # if (&User-Name) = notfound
  3967. (34) } # policy filter_username = notfound
  3968. (34) [preprocess] = ok
  3969. (34) [chap] = noop
  3970. (34) [mschap] = noop
  3971. (34) [digest] = noop
  3972. (34) suffix: Checking for suffix after "@"
  3973. (34) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  3974. (34) suffix: No such realm "NULL"
  3975. (34) [suffix] = noop
  3976. (34) eap: Peer sent EAP Response (code 2) ID 34 length 163
  3977. (34) eap: Continuing tunnel setup
  3978. (34) [eap] = ok
  3979. (34) } # authorize = ok
  3980. (34) Found Auth-Type = eap
  3981. (34) # Executing group from file /etc/raddb/sites-enabled/default
  3982. (34) authenticate {
  3983. (34) eap: Expiring EAP session with state 0x095ceadf097ef362
  3984. (34) eap: Finished EAP session with state 0x095ceadf097ef362
  3985. (34) eap: Previous EAP request found for state 0x095ceadf097ef362, released from the list
  3986. (34) eap: Peer sent packet with method EAP PEAP (25)
  3987. (34) eap: Calling submodule eap_peap to process data
  3988. (34) eap_peap: Continuing EAP-TLS
  3989. (34) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  3990. (34) eap_peap: Got complete TLS record (153 bytes)
  3991. (34) eap_peap: [eaptls verify] = length included
  3992. (34) eap_peap: (other): before/accept initialization
  3993. (34) eap_peap: TLS_accept: before/accept initialization
  3994. (34) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  3995. (34) eap_peap: TLS_accept: SSLv3 read client hello A
  3996. (34) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  3997. (34) eap_peap: TLS_accept: SSLv3 write server hello A
  3998. (34) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  3999. (34) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  4000. (34) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  4001. (34) eap_peap: TLS_accept: SSLv3 write finished A
  4002. (34) eap_peap: TLS_accept: SSLv3 flush data
  4003. (34) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  4004. (34) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  4005. (34) eap_peap: In SSL Handshake Phase
  4006. (34) eap_peap: In SSL Accept mode
  4007. (34) eap_peap: [eaptls process] = handled
  4008. (34) eap: Sending EAP Request (code 1) ID 35 length 159
  4009. (34) eap: EAP session adding &reply:State = 0x095ceadf087ff362
  4010. (34) [eap] = handled
  4011. (34) } # authenticate = handled
  4012. (34) Using Post-Auth-Type Challenge
  4013. (34) Post-Auth-Type sub-section not found. Ignoring.
  4014. (34) # Executing group from file /etc/raddb/sites-enabled/default
  4015. (34) Sent Access-Challenge Id 25 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  4016. (34) EAP-Message = 0x0123009f19001603010059020000550301574f326c82eec841c6007702ae4fb34bc0f5260c4f8f4d5a02a081ac8deb1ecc2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b00040300010214030100010116030100307d983a49ea00147a
  4017. (34) Message-Authenticator = 0x00000000000000000000000000000000
  4018. (34) State = 0x095ceadf087ff362810f8898caf11f54
  4019. (34) Finished request
  4020. Waking up in 4.1 seconds.
  4021. (35) Received Access-Request Id 26 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  4022. (35) User-Name = "vkratsberg"
  4023. (35) NAS-Port = 358
  4024. (35) State = 0x095ceadf087ff362810f8898caf11f54
  4025. (35) EAP-Message = 0x0223004519800000003b1403010001011603010030e3d84e94cae7801ff16d738e05b6beb397e59280577b80ad6ceb6b074f9dc2271fd5b3b8da5905d225e100742e732158
  4026. (35) Message-Authenticator = 0x1fdd52c7103a1da71df74d8577e48ba8
  4027. (35) Acct-Session-Id = "8O2.1x81bb0d4b000c65b7"
  4028. (35) NAS-Port-Id = "ge-3/0/6.0"
  4029. (35) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  4030. (35) Called-Station-Id = "ec-3e-f7-68-35-00"
  4031. (35) NAS-IP-Address = 10.8.0.111
  4032. (35) NAS-Identifier = "nyc-access-sw011"
  4033. (35) NAS-Port-Type = Ethernet
  4034. (35) session-state: No cached attributes
  4035. (35) # Executing section authorize from file /etc/raddb/sites-enabled/default
  4036. (35) authorize {
  4037. (35) policy filter_username {
  4038. (35) if (&User-Name) {
  4039. (35) if (&User-Name) -> TRUE
  4040. (35) if (&User-Name) {
  4041. (35) if (&User-Name =~ / /) {
  4042. (35) if (&User-Name =~ / /) -> FALSE
  4043. (35) if (&User-Name =~ /@[^@]*@/ ) {
  4044. (35) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  4045. (35) if (&User-Name =~ /\.\./ ) {
  4046. (35) if (&User-Name =~ /\.\./ ) -> FALSE
  4047. (35) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  4048. (35) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  4049. (35) if (&User-Name =~ /\.$/) {
  4050. (35) if (&User-Name =~ /\.$/) -> FALSE
  4051. (35) if (&User-Name =~ /@\./) {
  4052. (35) if (&User-Name =~ /@\./) -> FALSE
  4053. (35) } # if (&User-Name) = notfound
  4054. (35) } # policy filter_username = notfound
  4055. (35) [preprocess] = ok
  4056. (35) [chap] = noop
  4057. (35) [mschap] = noop
  4058. (35) [digest] = noop
  4059. (35) suffix: Checking for suffix after "@"
  4060. (35) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  4061. (35) suffix: No such realm "NULL"
  4062. (35) [suffix] = noop
  4063. (35) eap: Peer sent EAP Response (code 2) ID 35 length 69
  4064. (35) eap: Continuing tunnel setup
  4065. (35) [eap] = ok
  4066. (35) } # authorize = ok
  4067. (35) Found Auth-Type = eap
  4068. (35) # Executing group from file /etc/raddb/sites-enabled/default
  4069. (35) authenticate {
  4070. (35) eap: Expiring EAP session with state 0x095ceadf087ff362
  4071. (35) eap: Finished EAP session with state 0x095ceadf087ff362
  4072. (35) eap: Previous EAP request found for state 0x095ceadf087ff362, released from the list
  4073. (35) eap: Peer sent packet with method EAP PEAP (25)
  4074. (35) eap: Calling submodule eap_peap to process data
  4075. (35) eap_peap: Continuing EAP-TLS
  4076. (35) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  4077. (35) eap_peap: Got complete TLS record (59 bytes)
  4078. (35) eap_peap: [eaptls verify] = length included
  4079. (35) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  4080. (35) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  4081. (35) eap_peap: TLS_accept: SSLv3 read finished A
  4082. (35) eap_peap: (other): SSL negotiation finished successfully
  4083. (35) eap_peap: SSL Connection Established
  4084. (35) eap_peap: SSL Application Data
  4085. (35) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  4086. (35) eap_peap: reply:User-Name = "vkratsberg"
  4087. (35) eap_peap: [eaptls process] = success
  4088. (35) eap_peap: Session established. Decoding tunneled attributes
  4089. (35) eap_peap: PEAP state TUNNEL ESTABLISHED
  4090. (35) eap_peap: Skipping Phase2 because of session resumption
  4091. (35) eap_peap: SUCCESS
  4092. (35) eap: Sending EAP Request (code 1) ID 36 length 43
  4093. (35) eap: EAP session adding &reply:State = 0x095ceadf0b78f362
  4094. (35) [eap] = handled
  4095. (35) } # authenticate = handled
  4096. (35) Using Post-Auth-Type Challenge
  4097. (35) Post-Auth-Type sub-section not found. Ignoring.
  4098. (35) # Executing group from file /etc/raddb/sites-enabled/default
  4099. (35) Sent Access-Challenge Id 26 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  4100. (35) User-Name = "vkratsberg"
  4101. (35) EAP-Message = 0x0124002b1900170301002093edbfae278625a51c3774e1e2c271033a3f8258c9e6767cab4461b187faacfd
  4102. (35) Message-Authenticator = 0x00000000000000000000000000000000
  4103. (35) State = 0x095ceadf0b78f362810f8898caf11f54
  4104. (35) Finished request
  4105. Waking up in 4.0 seconds.
  4106. (36) Received Access-Request Id 27 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  4107. (36) User-Name = "vkratsberg"
  4108. (36) NAS-Port = 358
  4109. (36) State = 0x095ceadf0b78f362810f8898caf11f54
  4110. (36) EAP-Message = 0x0224002b1900170301002099f69b23615978362a67fb47eb1a0b0e3d8d4c1fde05b6d5dcc71c2866354fe7
  4111. (36) Message-Authenticator = 0xed2e5494b58c5e3105a9cf322d667380
  4112. (36) Acct-Session-Id = "8O2.1x81bb0d4b000c65b7"
  4113. (36) NAS-Port-Id = "ge-3/0/6.0"
  4114. (36) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  4115. (36) Called-Station-Id = "ec-3e-f7-68-35-00"
  4116. (36) NAS-IP-Address = 10.8.0.111
  4117. (36) NAS-Identifier = "nyc-access-sw011"
  4118. (36) NAS-Port-Type = Ethernet
  4119. (36) session-state: No cached attributes
  4120. (36) # Executing section authorize from file /etc/raddb/sites-enabled/default
  4121. (36) authorize {
  4122. (36) policy filter_username {
  4123. (36) if (&User-Name) {
  4124. (36) if (&User-Name) -> TRUE
  4125. (36) if (&User-Name) {
  4126. (36) if (&User-Name =~ / /) {
  4127. (36) if (&User-Name =~ / /) -> FALSE
  4128. (36) if (&User-Name =~ /@[^@]*@/ ) {
  4129. (36) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  4130. (36) if (&User-Name =~ /\.\./ ) {
  4131. (36) if (&User-Name =~ /\.\./ ) -> FALSE
  4132. (36) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  4133. (36) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  4134. (36) if (&User-Name =~ /\.$/) {
  4135. (36) if (&User-Name =~ /\.$/) -> FALSE
  4136. (36) if (&User-Name =~ /@\./) {
  4137. (36) if (&User-Name =~ /@\./) -> FALSE
  4138. (36) } # if (&User-Name) = notfound
  4139. (36) } # policy filter_username = notfound
  4140. (36) [preprocess] = ok
  4141. (36) [chap] = noop
  4142. (36) [mschap] = noop
  4143. (36) [digest] = noop
  4144. (36) suffix: Checking for suffix after "@"
  4145. (36) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  4146. (36) suffix: No such realm "NULL"
  4147. (36) [suffix] = noop
  4148. (36) eap: Peer sent EAP Response (code 2) ID 36 length 43
  4149. (36) eap: Continuing tunnel setup
  4150. (36) [eap] = ok
  4151. (36) } # authorize = ok
  4152. (36) Found Auth-Type = eap
  4153. (36) # Executing group from file /etc/raddb/sites-enabled/default
  4154. (36) authenticate {
  4155. (36) eap: Expiring EAP session with state 0x095ceadf0b78f362
  4156. (36) eap: Finished EAP session with state 0x095ceadf0b78f362
  4157. (36) eap: Previous EAP request found for state 0x095ceadf0b78f362, released from the list
  4158. (36) eap: Peer sent packet with method EAP PEAP (25)
  4159. (36) eap: Calling submodule eap_peap to process data
  4160. (36) eap_peap: Continuing EAP-TLS
  4161. (36) eap_peap: [eaptls verify] = ok
  4162. (36) eap_peap: Done initial handshake
  4163. (36) eap_peap: [eaptls process] = ok
  4164. (36) eap_peap: Session established. Decoding tunneled attributes
  4165. (36) eap_peap: PEAP state send tlv success
  4166. (36) eap_peap: Received EAP-TLV response
  4167. (36) eap_peap: Success
  4168. (36) eap_peap: No saved attributes in the original Access-Accept
  4169. (36) eap: Sending EAP Success (code 3) ID 36 length 4
  4170. (36) eap: Freeing handler
  4171. (36) [eap] = ok
  4172. (36) } # authenticate = ok
  4173. (36) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  4174. (36) post-auth {
  4175. (36) update {
  4176. (36) No attributes updated
  4177. (36) } # update = noop
  4178. (36) [exec] = noop
  4179. (36) policy remove_reply_message_if_eap {
  4180. (36) if (&reply:EAP-Message && &reply:Reply-Message) {
  4181. (36) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  4182. (36) else {
  4183. (36) [noop] = noop
  4184. (36) } # else = noop
  4185. (36) } # policy remove_reply_message_if_eap = noop
  4186. (36) } # post-auth = noop
  4187. (36) Sent Access-Accept Id 27 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  4188. (36) MS-MPPE-Recv-Key = 0xf60289063c10983063604ae7fa7376db61446b5c5cc785f0c5b665a3170969ed
  4189. (36) MS-MPPE-Send-Key = 0xbb14a8f4d446cd2601f080dbc2ba08e6c36ca4aa1380b44af13465bad4ff26f2
  4190. (36) EAP-Message = 0x03240004
  4191. (36) Message-Authenticator = 0x00000000000000000000000000000000
  4192. (36) User-Name = "vkratsberg"
  4193. (36) Finished request
  4194. Waking up in 4.0 seconds.
  4195. (37) Received Access-Request Id 28 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  4196. (37) User-Name = "vkratsberg"
  4197. (37) NAS-Port = 358
  4198. (37) EAP-Message = 0x0225000f01766b7261747362657267
  4199. (37) Message-Authenticator = 0x136217906f8656aab1ef54ce63813e54
  4200. (37) Acct-Session-Id = "8O2.1x81bb0d4c000e01e3"
  4201. (37) NAS-Port-Id = "ge-3/0/6.0"
  4202. (37) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  4203. (37) Called-Station-Id = "ec-3e-f7-68-35-00"
  4204. (37) NAS-IP-Address = 10.8.0.111
  4205. (37) NAS-Identifier = "nyc-access-sw011"
  4206. (37) NAS-Port-Type = Ethernet
  4207. (37) # Executing section authorize from file /etc/raddb/sites-enabled/default
  4208. (37) authorize {
  4209. (37) policy filter_username {
  4210. (37) if (&User-Name) {
  4211. (37) if (&User-Name) -> TRUE
  4212. (37) if (&User-Name) {
  4213. (37) if (&User-Name =~ / /) {
  4214. (37) if (&User-Name =~ / /) -> FALSE
  4215. (37) if (&User-Name =~ /@[^@]*@/ ) {
  4216. (37) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  4217. (37) if (&User-Name =~ /\.\./ ) {
  4218. (37) if (&User-Name =~ /\.\./ ) -> FALSE
  4219. (37) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  4220. (37) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  4221. (37) if (&User-Name =~ /\.$/) {
  4222. (37) if (&User-Name =~ /\.$/) -> FALSE
  4223. (37) if (&User-Name =~ /@\./) {
  4224. (37) if (&User-Name =~ /@\./) -> FALSE
  4225. (37) } # if (&User-Name) = notfound
  4226. (37) } # policy filter_username = notfound
  4227. (37) [preprocess] = ok
  4228. (37) [chap] = noop
  4229. (37) [mschap] = noop
  4230. (37) [digest] = noop
  4231. (37) suffix: Checking for suffix after "@"
  4232. (37) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  4233. (37) suffix: No such realm "NULL"
  4234. (37) [suffix] = noop
  4235. (37) eap: Peer sent EAP Response (code 2) ID 37 length 15
  4236. (37) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  4237. (37) [eap] = ok
  4238. (37) } # authorize = ok
  4239. (37) Found Auth-Type = eap
  4240. (37) # Executing group from file /etc/raddb/sites-enabled/default
  4241. (37) authenticate {
  4242. (37) eap: Peer sent packet with method EAP Identity (1)
  4243. (37) eap: Calling submodule eap_peap to process data
  4244. (37) eap_peap: Initiating new EAP-TLS session
  4245. (37) eap_peap: [eaptls start] = request
  4246. (37) eap: Sending EAP Request (code 1) ID 38 length 6
  4247. (37) eap: EAP session adding &reply:State = 0x79d0a5d979f6bcc3
  4248. (37) [eap] = handled
  4249. (37) } # authenticate = handled
  4250. (37) Using Post-Auth-Type Challenge
  4251. (37) Post-Auth-Type sub-section not found. Ignoring.
  4252. (37) # Executing group from file /etc/raddb/sites-enabled/default
  4253. (37) Sent Access-Challenge Id 28 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  4254. (37) EAP-Message = 0x012600061920
  4255. (37) Message-Authenticator = 0x00000000000000000000000000000000
  4256. (37) State = 0x79d0a5d979f6bcc3769e604cf21419ad
  4257. (37) Finished request
  4258. Waking up in 4.0 seconds.
  4259. (38) Received Access-Request Id 29 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  4260. (38) User-Name = "vkratsberg"
  4261. (38) NAS-Port = 358
  4262. (38) State = 0x79d0a5d979f6bcc3769e604cf21419ad
  4263. (38) EAP-Message = 0x022600a31980000000991603010094010000900301574f326c6c0f1a682cc822a8003c8c74ad90247feacedf4a61d479953ea526062099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  4264. (38) Message-Authenticator = 0x357680eede82660d722334287064b813
  4265. (38) Acct-Session-Id = "8O2.1x81bb0d4c000e01e3"
  4266. (38) NAS-Port-Id = "ge-3/0/6.0"
  4267. (38) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  4268. (38) Called-Station-Id = "ec-3e-f7-68-35-00"
  4269. (38) NAS-IP-Address = 10.8.0.111
  4270. (38) NAS-Identifier = "nyc-access-sw011"
  4271. (38) NAS-Port-Type = Ethernet
  4272. (38) session-state: No cached attributes
  4273. (38) # Executing section authorize from file /etc/raddb/sites-enabled/default
  4274. (38) authorize {
  4275. (38) policy filter_username {
  4276. (38) if (&User-Name) {
  4277. (38) if (&User-Name) -> TRUE
  4278. (38) if (&User-Name) {
  4279. (38) if (&User-Name =~ / /) {
  4280. (38) if (&User-Name =~ / /) -> FALSE
  4281. (38) if (&User-Name =~ /@[^@]*@/ ) {
  4282. (38) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  4283. (38) if (&User-Name =~ /\.\./ ) {
  4284. (38) if (&User-Name =~ /\.\./ ) -> FALSE
  4285. (38) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  4286. (38) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  4287. (38) if (&User-Name =~ /\.$/) {
  4288. (38) if (&User-Name =~ /\.$/) -> FALSE
  4289. (38) if (&User-Name =~ /@\./) {
  4290. (38) if (&User-Name =~ /@\./) -> FALSE
  4291. (38) } # if (&User-Name) = notfound
  4292. (38) } # policy filter_username = notfound
  4293. (38) [preprocess] = ok
  4294. (38) [chap] = noop
  4295. (38) [mschap] = noop
  4296. (38) [digest] = noop
  4297. (38) suffix: Checking for suffix after "@"
  4298. (38) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  4299. (38) suffix: No such realm "NULL"
  4300. (38) [suffix] = noop
  4301. (38) eap: Peer sent EAP Response (code 2) ID 38 length 163
  4302. (38) eap: Continuing tunnel setup
  4303. (38) [eap] = ok
  4304. (38) } # authorize = ok
  4305. (38) Found Auth-Type = eap
  4306. (38) # Executing group from file /etc/raddb/sites-enabled/default
  4307. (38) authenticate {
  4308. (38) eap: Expiring EAP session with state 0x79d0a5d979f6bcc3
  4309. (38) eap: Finished EAP session with state 0x79d0a5d979f6bcc3
  4310. (38) eap: Previous EAP request found for state 0x79d0a5d979f6bcc3, released from the list
  4311. (38) eap: Peer sent packet with method EAP PEAP (25)
  4312. (38) eap: Calling submodule eap_peap to process data
  4313. (38) eap_peap: Continuing EAP-TLS
  4314. (38) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  4315. (38) eap_peap: Got complete TLS record (153 bytes)
  4316. (38) eap_peap: [eaptls verify] = length included
  4317. (38) eap_peap: (other): before/accept initialization
  4318. (38) eap_peap: TLS_accept: before/accept initialization
  4319. (38) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  4320. (38) eap_peap: TLS_accept: SSLv3 read client hello A
  4321. (38) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  4322. (38) eap_peap: TLS_accept: SSLv3 write server hello A
  4323. (38) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  4324. (38) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  4325. (38) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  4326. (38) eap_peap: TLS_accept: SSLv3 write finished A
  4327. (38) eap_peap: TLS_accept: SSLv3 flush data
  4328. (38) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  4329. (38) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  4330. (38) eap_peap: In SSL Handshake Phase
  4331. (38) eap_peap: In SSL Accept mode
  4332. (38) eap_peap: [eaptls process] = handled
  4333. (38) eap: Sending EAP Request (code 1) ID 39 length 159
  4334. (38) eap: EAP session adding &reply:State = 0x79d0a5d978f7bcc3
  4335. (38) [eap] = handled
  4336. (38) } # authenticate = handled
  4337. (38) Using Post-Auth-Type Challenge
  4338. (38) Post-Auth-Type sub-section not found. Ignoring.
  4339. (38) # Executing group from file /etc/raddb/sites-enabled/default
  4340. (38) Sent Access-Challenge Id 29 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  4341. (38) EAP-Message = 0x0127009f19001603010059020000550301574f326c61949196d1437eca9556a53a1b649fd474f80d70f1edab64d73688202099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b00040300010214030100010116030100308b35fdb75d53bfc5
  4342. (38) Message-Authenticator = 0x00000000000000000000000000000000
  4343. (38) State = 0x79d0a5d978f7bcc3769e604cf21419ad
  4344. (38) Finished request
  4345. Waking up in 4.0 seconds.
  4346. (39) Received Access-Request Id 30 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  4347. (39) User-Name = "vkratsberg"
  4348. (39) NAS-Port = 358
  4349. (39) State = 0x79d0a5d978f7bcc3769e604cf21419ad
  4350. (39) EAP-Message = 0x0227004519800000003b14030100010116030100302875202cb964174f39321d936418fdf06e537693a67d65b08115b5b97eb9d8831547e36cd0321a4a24c9d2703a9dcca5
  4351. (39) Message-Authenticator = 0x791a6e4fa3b5040cff6cbb2d5190d4a3
  4352. (39) Acct-Session-Id = "8O2.1x81bb0d4c000e01e3"
  4353. (39) NAS-Port-Id = "ge-3/0/6.0"
  4354. (39) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  4355. (39) Called-Station-Id = "ec-3e-f7-68-35-00"
  4356. (39) NAS-IP-Address = 10.8.0.111
  4357. (39) NAS-Identifier = "nyc-access-sw011"
  4358. (39) NAS-Port-Type = Ethernet
  4359. (39) session-state: No cached attributes
  4360. (39) # Executing section authorize from file /etc/raddb/sites-enabled/default
  4361. (39) authorize {
  4362. (39) policy filter_username {
  4363. (39) if (&User-Name) {
  4364. (39) if (&User-Name) -> TRUE
  4365. (39) if (&User-Name) {
  4366. (39) if (&User-Name =~ / /) {
  4367. (39) if (&User-Name =~ / /) -> FALSE
  4368. (39) if (&User-Name =~ /@[^@]*@/ ) {
  4369. (39) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  4370. (39) if (&User-Name =~ /\.\./ ) {
  4371. (39) if (&User-Name =~ /\.\./ ) -> FALSE
  4372. (39) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  4373. (39) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  4374. (39) if (&User-Name =~ /\.$/) {
  4375. (39) if (&User-Name =~ /\.$/) -> FALSE
  4376. (39) if (&User-Name =~ /@\./) {
  4377. (39) if (&User-Name =~ /@\./) -> FALSE
  4378. (39) } # if (&User-Name) = notfound
  4379. (39) } # policy filter_username = notfound
  4380. (39) [preprocess] = ok
  4381. (39) [chap] = noop
  4382. (39) [mschap] = noop
  4383. (39) [digest] = noop
  4384. (39) suffix: Checking for suffix after "@"
  4385. (39) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  4386. (39) suffix: No such realm "NULL"
  4387. (39) [suffix] = noop
  4388. (39) eap: Peer sent EAP Response (code 2) ID 39 length 69
  4389. (39) eap: Continuing tunnel setup
  4390. (39) [eap] = ok
  4391. (39) } # authorize = ok
  4392. (39) Found Auth-Type = eap
  4393. (39) # Executing group from file /etc/raddb/sites-enabled/default
  4394. (39) authenticate {
  4395. (39) eap: Expiring EAP session with state 0x79d0a5d978f7bcc3
  4396. (39) eap: Finished EAP session with state 0x79d0a5d978f7bcc3
  4397. (39) eap: Previous EAP request found for state 0x79d0a5d978f7bcc3, released from the list
  4398. (39) eap: Peer sent packet with method EAP PEAP (25)
  4399. (39) eap: Calling submodule eap_peap to process data
  4400. (39) eap_peap: Continuing EAP-TLS
  4401. (39) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  4402. (39) eap_peap: Got complete TLS record (59 bytes)
  4403. (39) eap_peap: [eaptls verify] = length included
  4404. (39) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  4405. (39) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  4406. (39) eap_peap: TLS_accept: SSLv3 read finished A
  4407. (39) eap_peap: (other): SSL negotiation finished successfully
  4408. (39) eap_peap: SSL Connection Established
  4409. (39) eap_peap: SSL Application Data
  4410. (39) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  4411. (39) eap_peap: reply:User-Name = "vkratsberg"
  4412. (39) eap_peap: [eaptls process] = success
  4413. (39) eap_peap: Session established. Decoding tunneled attributes
  4414. (39) eap_peap: PEAP state TUNNEL ESTABLISHED
  4415. (39) eap_peap: Skipping Phase2 because of session resumption
  4416. (39) eap_peap: SUCCESS
  4417. (39) eap: Sending EAP Request (code 1) ID 40 length 43
  4418. (39) eap: EAP session adding &reply:State = 0x79d0a5d97bf8bcc3
  4419. (39) [eap] = handled
  4420. (39) } # authenticate = handled
  4421. (39) Using Post-Auth-Type Challenge
  4422. (39) Post-Auth-Type sub-section not found. Ignoring.
  4423. (39) # Executing group from file /etc/raddb/sites-enabled/default
  4424. (39) Sent Access-Challenge Id 30 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  4425. (39) User-Name = "vkratsberg"
  4426. (39) EAP-Message = 0x0128002b1900170301002097569bbd462b03cfcbc792fe81b6149dddc67571fe5018d7463652cf0b51f885
  4427. (39) Message-Authenticator = 0x00000000000000000000000000000000
  4428. (39) State = 0x79d0a5d97bf8bcc3769e604cf21419ad
  4429. (39) Finished request
  4430. Waking up in 3.9 seconds.
  4431. (40) Received Access-Request Id 31 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  4432. (40) User-Name = "vkratsberg"
  4433. (40) NAS-Port = 358
  4434. (40) State = 0x79d0a5d97bf8bcc3769e604cf21419ad
  4435. (40) EAP-Message = 0x0228002b19001703010020a0733e6098d3f481b13c5bb7b8472c123dc0d777d071a2bf46662fc6d2819317
  4436. (40) Message-Authenticator = 0x174f98792551e5c2e015a1f31cb82d68
  4437. (40) Acct-Session-Id = "8O2.1x81bb0d4c000e01e3"
  4438. (40) NAS-Port-Id = "ge-3/0/6.0"
  4439. (40) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  4440. (40) Called-Station-Id = "ec-3e-f7-68-35-00"
  4441. (40) NAS-IP-Address = 10.8.0.111
  4442. (40) NAS-Identifier = "nyc-access-sw011"
  4443. (40) NAS-Port-Type = Ethernet
  4444. (40) session-state: No cached attributes
  4445. (40) # Executing section authorize from file /etc/raddb/sites-enabled/default
  4446. (40) authorize {
  4447. (40) policy filter_username {
  4448. (40) if (&User-Name) {
  4449. (40) if (&User-Name) -> TRUE
  4450. (40) if (&User-Name) {
  4451. (40) if (&User-Name =~ / /) {
  4452. (40) if (&User-Name =~ / /) -> FALSE
  4453. (40) if (&User-Name =~ /@[^@]*@/ ) {
  4454. (40) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  4455. (40) if (&User-Name =~ /\.\./ ) {
  4456. (40) if (&User-Name =~ /\.\./ ) -> FALSE
  4457. (40) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  4458. (40) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  4459. (40) if (&User-Name =~ /\.$/) {
  4460. (40) if (&User-Name =~ /\.$/) -> FALSE
  4461. (40) if (&User-Name =~ /@\./) {
  4462. (40) if (&User-Name =~ /@\./) -> FALSE
  4463. (40) } # if (&User-Name) = notfound
  4464. (40) } # policy filter_username = notfound
  4465. (40) [preprocess] = ok
  4466. (40) [chap] = noop
  4467. (40) [mschap] = noop
  4468. (40) [digest] = noop
  4469. (40) suffix: Checking for suffix after "@"
  4470. (40) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  4471. (40) suffix: No such realm "NULL"
  4472. (40) [suffix] = noop
  4473. (40) eap: Peer sent EAP Response (code 2) ID 40 length 43
  4474. (40) eap: Continuing tunnel setup
  4475. (40) [eap] = ok
  4476. (40) } # authorize = ok
  4477. (40) Found Auth-Type = eap
  4478. (40) # Executing group from file /etc/raddb/sites-enabled/default
  4479. (40) authenticate {
  4480. (40) eap: Expiring EAP session with state 0x79d0a5d97bf8bcc3
  4481. (40) eap: Finished EAP session with state 0x79d0a5d97bf8bcc3
  4482. (40) eap: Previous EAP request found for state 0x79d0a5d97bf8bcc3, released from the list
  4483. (40) eap: Peer sent packet with method EAP PEAP (25)
  4484. (40) eap: Calling submodule eap_peap to process data
  4485. (40) eap_peap: Continuing EAP-TLS
  4486. (40) eap_peap: [eaptls verify] = ok
  4487. (40) eap_peap: Done initial handshake
  4488. (40) eap_peap: [eaptls process] = ok
  4489. (40) eap_peap: Session established. Decoding tunneled attributes
  4490. (40) eap_peap: PEAP state send tlv success
  4491. (40) eap_peap: Received EAP-TLV response
  4492. (40) eap_peap: Success
  4493. (40) eap_peap: No saved attributes in the original Access-Accept
  4494. (40) eap: Sending EAP Success (code 3) ID 40 length 4
  4495. (40) eap: Freeing handler
  4496. (40) [eap] = ok
  4497. (40) } # authenticate = ok
  4498. (40) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  4499. (40) post-auth {
  4500. (40) update {
  4501. (40) No attributes updated
  4502. (40) } # update = noop
  4503. (40) [exec] = noop
  4504. (40) policy remove_reply_message_if_eap {
  4505. (40) if (&reply:EAP-Message && &reply:Reply-Message) {
  4506. (40) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  4507. (40) else {
  4508. (40) [noop] = noop
  4509. (40) } # else = noop
  4510. (40) } # policy remove_reply_message_if_eap = noop
  4511. (40) } # post-auth = noop
  4512. (40) Sent Access-Accept Id 31 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  4513. (40) MS-MPPE-Recv-Key = 0x6c0f5d00cda3bf5ea32042cc0932f2d486d3b357caf747a3be7bd1a13071d568
  4514. (40) MS-MPPE-Send-Key = 0x1f4b7cd5e090534cc7461ef79d4420bbb1f4debd11f77b95720e978cdf4a533c
  4515. (40) EAP-Message = 0x03280004
  4516. (40) Message-Authenticator = 0x00000000000000000000000000000000
  4517. (40) User-Name = "vkratsberg"
  4518. (40) Finished request
  4519. Waking up in 3.9 seconds.
  4520. (41) Received Access-Request Id 32 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  4521. (41) User-Name = "vkratsberg"
  4522. (41) NAS-Port = 358
  4523. (41) EAP-Message = 0x0229000f01766b7261747362657267
  4524. (41) Message-Authenticator = 0x8d40fa57f6a725fa0cb4f95e274b930e
  4525. (41) Acct-Session-Id = "8O2.1x81bb0d4d000057d6"
  4526. (41) NAS-Port-Id = "ge-3/0/6.0"
  4527. (41) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  4528. (41) Called-Station-Id = "ec-3e-f7-68-35-00"
  4529. (41) NAS-IP-Address = 10.8.0.111
  4530. (41) NAS-Identifier = "nyc-access-sw011"
  4531. (41) NAS-Port-Type = Ethernet
  4532. (41) # Executing section authorize from file /etc/raddb/sites-enabled/default
  4533. (41) authorize {
  4534. (41) policy filter_username {
  4535. (41) if (&User-Name) {
  4536. (41) if (&User-Name) -> TRUE
  4537. (41) if (&User-Name) {
  4538. (41) if (&User-Name =~ / /) {
  4539. (41) if (&User-Name =~ / /) -> FALSE
  4540. (41) if (&User-Name =~ /@[^@]*@/ ) {
  4541. (41) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  4542. (41) if (&User-Name =~ /\.\./ ) {
  4543. (41) if (&User-Name =~ /\.\./ ) -> FALSE
  4544. (41) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  4545. (41) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  4546. (41) if (&User-Name =~ /\.$/) {
  4547. (41) if (&User-Name =~ /\.$/) -> FALSE
  4548. (41) if (&User-Name =~ /@\./) {
  4549. (41) if (&User-Name =~ /@\./) -> FALSE
  4550. (41) } # if (&User-Name) = notfound
  4551. (41) } # policy filter_username = notfound
  4552. (41) [preprocess] = ok
  4553. (41) [chap] = noop
  4554. (41) [mschap] = noop
  4555. (41) [digest] = noop
  4556. (41) suffix: Checking for suffix after "@"
  4557. (41) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  4558. (41) suffix: No such realm "NULL"
  4559. (41) [suffix] = noop
  4560. (41) eap: Peer sent EAP Response (code 2) ID 41 length 15
  4561. (41) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  4562. (41) [eap] = ok
  4563. (41) } # authorize = ok
  4564. (41) Found Auth-Type = eap
  4565. (41) # Executing group from file /etc/raddb/sites-enabled/default
  4566. (41) authenticate {
  4567. (41) eap: Peer sent packet with method EAP Identity (1)
  4568. (41) eap: Calling submodule eap_peap to process data
  4569. (41) eap_peap: Initiating new EAP-TLS session
  4570. (41) eap_peap: [eaptls start] = request
  4571. (41) eap: Sending EAP Request (code 1) ID 42 length 6
  4572. (41) eap: EAP session adding &reply:State = 0xe096d129e0bcc8ee
  4573. (41) [eap] = handled
  4574. (41) } # authenticate = handled
  4575. (41) Using Post-Auth-Type Challenge
  4576. (41) Post-Auth-Type sub-section not found. Ignoring.
  4577. (41) # Executing group from file /etc/raddb/sites-enabled/default
  4578. (41) Sent Access-Challenge Id 32 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  4579. (41) EAP-Message = 0x012a00061920
  4580. (41) Message-Authenticator = 0x00000000000000000000000000000000
  4581. (41) State = 0xe096d129e0bcc8eef5c532e15d409219
  4582. (41) Finished request
  4583. Waking up in 3.9 seconds.
  4584. (42) Received Access-Request Id 33 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  4585. (42) User-Name = "vkratsberg"
  4586. (42) NAS-Port = 358
  4587. (42) State = 0xe096d129e0bcc8eef5c532e15d409219
  4588. (42) EAP-Message = 0x022a00a31980000000991603010094010000900301574f326d4fb9106762b446d26f045f81d7fc7b8b1724111a6c4044b3bc59a7ef2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  4589. (42) Message-Authenticator = 0x9c35dd441c6de34809a84d97c5bb5f13
  4590. (42) Acct-Session-Id = "8O2.1x81bb0d4d000057d6"
  4591. (42) NAS-Port-Id = "ge-3/0/6.0"
  4592. (42) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  4593. (42) Called-Station-Id = "ec-3e-f7-68-35-00"
  4594. (42) NAS-IP-Address = 10.8.0.111
  4595. (42) NAS-Identifier = "nyc-access-sw011"
  4596. (42) NAS-Port-Type = Ethernet
  4597. (42) session-state: No cached attributes
  4598. (42) # Executing section authorize from file /etc/raddb/sites-enabled/default
  4599. (42) authorize {
  4600. (42) policy filter_username {
  4601. (42) if (&User-Name) {
  4602. (42) if (&User-Name) -> TRUE
  4603. (42) if (&User-Name) {
  4604. (42) if (&User-Name =~ / /) {
  4605. (42) if (&User-Name =~ / /) -> FALSE
  4606. (42) if (&User-Name =~ /@[^@]*@/ ) {
  4607. (42) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  4608. (42) if (&User-Name =~ /\.\./ ) {
  4609. (42) if (&User-Name =~ /\.\./ ) -> FALSE
  4610. (42) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  4611. (42) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  4612. (42) if (&User-Name =~ /\.$/) {
  4613. (42) if (&User-Name =~ /\.$/) -> FALSE
  4614. (42) if (&User-Name =~ /@\./) {
  4615. (42) if (&User-Name =~ /@\./) -> FALSE
  4616. (42) } # if (&User-Name) = notfound
  4617. (42) } # policy filter_username = notfound
  4618. (42) [preprocess] = ok
  4619. (42) [chap] = noop
  4620. (42) [mschap] = noop
  4621. (42) [digest] = noop
  4622. (42) suffix: Checking for suffix after "@"
  4623. (42) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  4624. (42) suffix: No such realm "NULL"
  4625. (42) [suffix] = noop
  4626. (42) eap: Peer sent EAP Response (code 2) ID 42 length 163
  4627. (42) eap: Continuing tunnel setup
  4628. (42) [eap] = ok
  4629. (42) } # authorize = ok
  4630. (42) Found Auth-Type = eap
  4631. (42) # Executing group from file /etc/raddb/sites-enabled/default
  4632. (42) authenticate {
  4633. (42) eap: Expiring EAP session with state 0xe096d129e0bcc8ee
  4634. (42) eap: Finished EAP session with state 0xe096d129e0bcc8ee
  4635. (42) eap: Previous EAP request found for state 0xe096d129e0bcc8ee, released from the list
  4636. (42) eap: Peer sent packet with method EAP PEAP (25)
  4637. (42) eap: Calling submodule eap_peap to process data
  4638. (42) eap_peap: Continuing EAP-TLS
  4639. (42) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  4640. (42) eap_peap: Got complete TLS record (153 bytes)
  4641. (42) eap_peap: [eaptls verify] = length included
  4642. (42) eap_peap: (other): before/accept initialization
  4643. (42) eap_peap: TLS_accept: before/accept initialization
  4644. (42) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  4645. (42) eap_peap: TLS_accept: SSLv3 read client hello A
  4646. (42) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  4647. (42) eap_peap: TLS_accept: SSLv3 write server hello A
  4648. (42) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  4649. (42) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  4650. (42) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  4651. (42) eap_peap: TLS_accept: SSLv3 write finished A
  4652. (42) eap_peap: TLS_accept: SSLv3 flush data
  4653. (42) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  4654. (42) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  4655. (42) eap_peap: In SSL Handshake Phase
  4656. (42) eap_peap: In SSL Accept mode
  4657. (42) eap_peap: [eaptls process] = handled
  4658. (42) eap: Sending EAP Request (code 1) ID 43 length 159
  4659. (42) eap: EAP session adding &reply:State = 0xe096d129e1bdc8ee
  4660. (42) [eap] = handled
  4661. (42) } # authenticate = handled
  4662. (42) Using Post-Auth-Type Challenge
  4663. (42) Post-Auth-Type sub-section not found. Ignoring.
  4664. (42) # Executing group from file /etc/raddb/sites-enabled/default
  4665. (42) Sent Access-Challenge Id 33 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  4666. (42) EAP-Message = 0x012b009f19001603010059020000550301574f326dddd5ee40085648581169894c7de8a8de09b0322c842ed4773f318b9f2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b0004030001021403010001011603010030c94edb4dbf1baf6b
  4667. (42) Message-Authenticator = 0x00000000000000000000000000000000
  4668. (42) State = 0xe096d129e1bdc8eef5c532e15d409219
  4669. (42) Finished request
  4670. Waking up in 3.9 seconds.
  4671. (43) Received Access-Request Id 34 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  4672. (43) User-Name = "vkratsberg"
  4673. (43) NAS-Port = 358
  4674. (43) State = 0xe096d129e1bdc8eef5c532e15d409219
  4675. (43) EAP-Message = 0x022b004519800000003b1403010001011603010030802813146e895f712cc357be5a4a44bc5038e7999468c3b9739bbf630ac95b568e51c58864e8ef1e6b837c917e0ae134
  4676. (43) Message-Authenticator = 0xb9c7827980640823db4a91855bde8e71
  4677. (43) Acct-Session-Id = "8O2.1x81bb0d4d000057d6"
  4678. (43) NAS-Port-Id = "ge-3/0/6.0"
  4679. (43) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  4680. (43) Called-Station-Id = "ec-3e-f7-68-35-00"
  4681. (43) NAS-IP-Address = 10.8.0.111
  4682. (43) NAS-Identifier = "nyc-access-sw011"
  4683. (43) NAS-Port-Type = Ethernet
  4684. (43) session-state: No cached attributes
  4685. (43) # Executing section authorize from file /etc/raddb/sites-enabled/default
  4686. (43) authorize {
  4687. (43) policy filter_username {
  4688. (43) if (&User-Name) {
  4689. (43) if (&User-Name) -> TRUE
  4690. (43) if (&User-Name) {
  4691. (43) if (&User-Name =~ / /) {
  4692. (43) if (&User-Name =~ / /) -> FALSE
  4693. (43) if (&User-Name =~ /@[^@]*@/ ) {
  4694. (43) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  4695. (43) if (&User-Name =~ /\.\./ ) {
  4696. (43) if (&User-Name =~ /\.\./ ) -> FALSE
  4697. (43) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  4698. (43) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  4699. (43) if (&User-Name =~ /\.$/) {
  4700. (43) if (&User-Name =~ /\.$/) -> FALSE
  4701. (43) if (&User-Name =~ /@\./) {
  4702. (43) if (&User-Name =~ /@\./) -> FALSE
  4703. (43) } # if (&User-Name) = notfound
  4704. (43) } # policy filter_username = notfound
  4705. (43) [preprocess] = ok
  4706. (43) [chap] = noop
  4707. (43) [mschap] = noop
  4708. (43) [digest] = noop
  4709. (43) suffix: Checking for suffix after "@"
  4710. (43) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  4711. (43) suffix: No such realm "NULL"
  4712. (43) [suffix] = noop
  4713. (43) eap: Peer sent EAP Response (code 2) ID 43 length 69
  4714. (43) eap: Continuing tunnel setup
  4715. (43) [eap] = ok
  4716. (43) } # authorize = ok
  4717. (43) Found Auth-Type = eap
  4718. (43) # Executing group from file /etc/raddb/sites-enabled/default
  4719. (43) authenticate {
  4720. (43) eap: Expiring EAP session with state 0xe096d129e1bdc8ee
  4721. (43) eap: Finished EAP session with state 0xe096d129e1bdc8ee
  4722. (43) eap: Previous EAP request found for state 0xe096d129e1bdc8ee, released from the list
  4723. (43) eap: Peer sent packet with method EAP PEAP (25)
  4724. (43) eap: Calling submodule eap_peap to process data
  4725. (43) eap_peap: Continuing EAP-TLS
  4726. (43) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  4727. (43) eap_peap: Got complete TLS record (59 bytes)
  4728. (43) eap_peap: [eaptls verify] = length included
  4729. (43) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  4730. (43) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  4731. (43) eap_peap: TLS_accept: SSLv3 read finished A
  4732. (43) eap_peap: (other): SSL negotiation finished successfully
  4733. (43) eap_peap: SSL Connection Established
  4734. (43) eap_peap: SSL Application Data
  4735. (43) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  4736. (43) eap_peap: reply:User-Name = "vkratsberg"
  4737. (43) eap_peap: [eaptls process] = success
  4738. (43) eap_peap: Session established. Decoding tunneled attributes
  4739. (43) eap_peap: PEAP state TUNNEL ESTABLISHED
  4740. (43) eap_peap: Skipping Phase2 because of session resumption
  4741. (43) eap_peap: SUCCESS
  4742. (43) eap: Sending EAP Request (code 1) ID 44 length 43
  4743. (43) eap: EAP session adding &reply:State = 0xe096d129e2bac8ee
  4744. (43) [eap] = handled
  4745. (43) } # authenticate = handled
  4746. (43) Using Post-Auth-Type Challenge
  4747. (43) Post-Auth-Type sub-section not found. Ignoring.
  4748. (43) # Executing group from file /etc/raddb/sites-enabled/default
  4749. (43) Sent Access-Challenge Id 34 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  4750. (43) User-Name = "vkratsberg"
  4751. (43) EAP-Message = 0x012c002b190017030100202d3175bd6f30bf51474b134c95a19b3a431b238d739dbf0da70f09fd1b88a41e
  4752. (43) Message-Authenticator = 0x00000000000000000000000000000000
  4753. (43) State = 0xe096d129e2bac8eef5c532e15d409219
  4754. (43) Finished request
  4755. Waking up in 3.8 seconds.
  4756. (44) Received Access-Request Id 35 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  4757. (44) User-Name = "vkratsberg"
  4758. (44) NAS-Port = 358
  4759. (44) State = 0xe096d129e2bac8eef5c532e15d409219
  4760. (44) EAP-Message = 0x022c002b19001703010020741228bcbf7c38839f7d0a6af041af1c7eb525cc4c3e77013ad6c2907ec9f2ee
  4761. (44) Message-Authenticator = 0x9753f3c218dd66347017ae0ded257afc
  4762. (44) Acct-Session-Id = "8O2.1x81bb0d4d000057d6"
  4763. (44) NAS-Port-Id = "ge-3/0/6.0"
  4764. (44) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  4765. (44) Called-Station-Id = "ec-3e-f7-68-35-00"
  4766. (44) NAS-IP-Address = 10.8.0.111
  4767. (44) NAS-Identifier = "nyc-access-sw011"
  4768. (44) NAS-Port-Type = Ethernet
  4769. (44) session-state: No cached attributes
  4770. (44) # Executing section authorize from file /etc/raddb/sites-enabled/default
  4771. (44) authorize {
  4772. (44) policy filter_username {
  4773. (44) if (&User-Name) {
  4774. (44) if (&User-Name) -> TRUE
  4775. (44) if (&User-Name) {
  4776. (44) if (&User-Name =~ / /) {
  4777. (44) if (&User-Name =~ / /) -> FALSE
  4778. (44) if (&User-Name =~ /@[^@]*@/ ) {
  4779. (44) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  4780. (44) if (&User-Name =~ /\.\./ ) {
  4781. (44) if (&User-Name =~ /\.\./ ) -> FALSE
  4782. (44) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  4783. (44) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  4784. (44) if (&User-Name =~ /\.$/) {
  4785. (44) if (&User-Name =~ /\.$/) -> FALSE
  4786. (44) if (&User-Name =~ /@\./) {
  4787. (44) if (&User-Name =~ /@\./) -> FALSE
  4788. (44) } # if (&User-Name) = notfound
  4789. (44) } # policy filter_username = notfound
  4790. (44) [preprocess] = ok
  4791. (44) [chap] = noop
  4792. (44) [mschap] = noop
  4793. (44) [digest] = noop
  4794. (44) suffix: Checking for suffix after "@"
  4795. (44) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  4796. (44) suffix: No such realm "NULL"
  4797. (44) [suffix] = noop
  4798. (44) eap: Peer sent EAP Response (code 2) ID 44 length 43
  4799. (44) eap: Continuing tunnel setup
  4800. (44) [eap] = ok
  4801. (44) } # authorize = ok
  4802. (44) Found Auth-Type = eap
  4803. (44) # Executing group from file /etc/raddb/sites-enabled/default
  4804. (44) authenticate {
  4805. (44) eap: Expiring EAP session with state 0xe096d129e2bac8ee
  4806. (44) eap: Finished EAP session with state 0xe096d129e2bac8ee
  4807. (44) eap: Previous EAP request found for state 0xe096d129e2bac8ee, released from the list
  4808. (44) eap: Peer sent packet with method EAP PEAP (25)
  4809. (44) eap: Calling submodule eap_peap to process data
  4810. (44) eap_peap: Continuing EAP-TLS
  4811. (44) eap_peap: [eaptls verify] = ok
  4812. (44) eap_peap: Done initial handshake
  4813. (44) eap_peap: [eaptls process] = ok
  4814. (44) eap_peap: Session established. Decoding tunneled attributes
  4815. (44) eap_peap: PEAP state send tlv success
  4816. (44) eap_peap: Received EAP-TLV response
  4817. (44) eap_peap: Success
  4818. (44) eap_peap: No saved attributes in the original Access-Accept
  4819. (44) eap: Sending EAP Success (code 3) ID 44 length 4
  4820. (44) eap: Freeing handler
  4821. (44) [eap] = ok
  4822. (44) } # authenticate = ok
  4823. (44) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  4824. (44) post-auth {
  4825. (44) update {
  4826. (44) No attributes updated
  4827. (44) } # update = noop
  4828. (44) [exec] = noop
  4829. (44) policy remove_reply_message_if_eap {
  4830. (44) if (&reply:EAP-Message && &reply:Reply-Message) {
  4831. (44) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  4832. (44) else {
  4833. (44) [noop] = noop
  4834. (44) } # else = noop
  4835. (44) } # policy remove_reply_message_if_eap = noop
  4836. (44) } # post-auth = noop
  4837. (44) Sent Access-Accept Id 35 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  4838. (44) MS-MPPE-Recv-Key = 0x86af294eff1feb0b17d14bdf679a1854d36cb36dc18ff961842dd3bd7df8b2b7
  4839. (44) MS-MPPE-Send-Key = 0xc781165b35f9d842f89d9370c25ab5d1fe73552f835dc0894faa311f54345669
  4840. (44) EAP-Message = 0x032c0004
  4841. (44) Message-Authenticator = 0x00000000000000000000000000000000
  4842. (44) User-Name = "vkratsberg"
  4843. (44) Finished request
  4844. Waking up in 3.8 seconds.
  4845. (45) Received Access-Request Id 36 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  4846. (45) User-Name = "vkratsberg"
  4847. (45) NAS-Port = 358
  4848. (45) EAP-Message = 0x022d000f01766b7261747362657267
  4849. (45) Message-Authenticator = 0x133aa25966b0bea5a9b01b952927d700
  4850. (45) Acct-Session-Id = "8O2.1x81bb0d4e0001f90b"
  4851. (45) NAS-Port-Id = "ge-3/0/6.0"
  4852. (45) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  4853. (45) Called-Station-Id = "ec-3e-f7-68-35-00"
  4854. (45) NAS-IP-Address = 10.8.0.111
  4855. (45) NAS-Identifier = "nyc-access-sw011"
  4856. (45) NAS-Port-Type = Ethernet
  4857. (45) # Executing section authorize from file /etc/raddb/sites-enabled/default
  4858. (45) authorize {
  4859. (45) policy filter_username {
  4860. (45) if (&User-Name) {
  4861. (45) if (&User-Name) -> TRUE
  4862. (45) if (&User-Name) {
  4863. (45) if (&User-Name =~ / /) {
  4864. (45) if (&User-Name =~ / /) -> FALSE
  4865. (45) if (&User-Name =~ /@[^@]*@/ ) {
  4866. (45) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  4867. (45) if (&User-Name =~ /\.\./ ) {
  4868. (45) if (&User-Name =~ /\.\./ ) -> FALSE
  4869. (45) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  4870. (45) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  4871. (45) if (&User-Name =~ /\.$/) {
  4872. (45) if (&User-Name =~ /\.$/) -> FALSE
  4873. (45) if (&User-Name =~ /@\./) {
  4874. (45) if (&User-Name =~ /@\./) -> FALSE
  4875. (45) } # if (&User-Name) = notfound
  4876. (45) } # policy filter_username = notfound
  4877. (45) [preprocess] = ok
  4878. (45) [chap] = noop
  4879. (45) [mschap] = noop
  4880. (45) [digest] = noop
  4881. (45) suffix: Checking for suffix after "@"
  4882. (45) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  4883. (45) suffix: No such realm "NULL"
  4884. (45) [suffix] = noop
  4885. (45) eap: Peer sent EAP Response (code 2) ID 45 length 15
  4886. (45) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  4887. (45) [eap] = ok
  4888. (45) } # authorize = ok
  4889. (45) Found Auth-Type = eap
  4890. (45) # Executing group from file /etc/raddb/sites-enabled/default
  4891. (45) authenticate {
  4892. (45) eap: Peer sent packet with method EAP Identity (1)
  4893. (45) eap: Calling submodule eap_peap to process data
  4894. (45) eap_peap: Initiating new EAP-TLS session
  4895. (45) eap_peap: [eaptls start] = request
  4896. (45) eap: Sending EAP Request (code 1) ID 46 length 6
  4897. (45) eap: EAP session adding &reply:State = 0xbb22d88bbb0cc1ec
  4898. (45) [eap] = handled
  4899. (45) } # authenticate = handled
  4900. (45) Using Post-Auth-Type Challenge
  4901. (45) Post-Auth-Type sub-section not found. Ignoring.
  4902. (45) # Executing group from file /etc/raddb/sites-enabled/default
  4903. (45) Sent Access-Challenge Id 36 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  4904. (45) EAP-Message = 0x012e00061920
  4905. (45) Message-Authenticator = 0x00000000000000000000000000000000
  4906. (45) State = 0xbb22d88bbb0cc1ec0daea853d9277695
  4907. (45) Finished request
  4908. Waking up in 3.8 seconds.
  4909. (46) Received Access-Request Id 37 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  4910. (46) User-Name = "vkratsberg"
  4911. (46) NAS-Port = 358
  4912. (46) State = 0xbb22d88bbb0cc1ec0daea853d9277695
  4913. (46) EAP-Message = 0x022e00a31980000000991603010094010000900301574f326d833216bed987cc0d9db82d841b27f02780c0aa8272402bc9fdc5fef52099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  4914. (46) Message-Authenticator = 0xe0315dac47990763d3dfa9a956edab6f
  4915. (46) Acct-Session-Id = "8O2.1x81bb0d4e0001f90b"
  4916. (46) NAS-Port-Id = "ge-3/0/6.0"
  4917. (46) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  4918. (46) Called-Station-Id = "ec-3e-f7-68-35-00"
  4919. (46) NAS-IP-Address = 10.8.0.111
  4920. (46) NAS-Identifier = "nyc-access-sw011"
  4921. (46) NAS-Port-Type = Ethernet
  4922. (46) session-state: No cached attributes
  4923. (46) # Executing section authorize from file /etc/raddb/sites-enabled/default
  4924. (46) authorize {
  4925. (46) policy filter_username {
  4926. (46) if (&User-Name) {
  4927. (46) if (&User-Name) -> TRUE
  4928. (46) if (&User-Name) {
  4929. (46) if (&User-Name =~ / /) {
  4930. (46) if (&User-Name =~ / /) -> FALSE
  4931. (46) if (&User-Name =~ /@[^@]*@/ ) {
  4932. (46) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  4933. (46) if (&User-Name =~ /\.\./ ) {
  4934. (46) if (&User-Name =~ /\.\./ ) -> FALSE
  4935. (46) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  4936. (46) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  4937. (46) if (&User-Name =~ /\.$/) {
  4938. (46) if (&User-Name =~ /\.$/) -> FALSE
  4939. (46) if (&User-Name =~ /@\./) {
  4940. (46) if (&User-Name =~ /@\./) -> FALSE
  4941. (46) } # if (&User-Name) = notfound
  4942. (46) } # policy filter_username = notfound
  4943. (46) [preprocess] = ok
  4944. (46) [chap] = noop
  4945. (46) [mschap] = noop
  4946. (46) [digest] = noop
  4947. (46) suffix: Checking for suffix after "@"
  4948. (46) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  4949. (46) suffix: No such realm "NULL"
  4950. (46) [suffix] = noop
  4951. (46) eap: Peer sent EAP Response (code 2) ID 46 length 163
  4952. (46) eap: Continuing tunnel setup
  4953. (46) [eap] = ok
  4954. (46) } # authorize = ok
  4955. (46) Found Auth-Type = eap
  4956. (46) # Executing group from file /etc/raddb/sites-enabled/default
  4957. (46) authenticate {
  4958. (46) eap: Expiring EAP session with state 0xbb22d88bbb0cc1ec
  4959. (46) eap: Finished EAP session with state 0xbb22d88bbb0cc1ec
  4960. (46) eap: Previous EAP request found for state 0xbb22d88bbb0cc1ec, released from the list
  4961. (46) eap: Peer sent packet with method EAP PEAP (25)
  4962. (46) eap: Calling submodule eap_peap to process data
  4963. (46) eap_peap: Continuing EAP-TLS
  4964. (46) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  4965. (46) eap_peap: Got complete TLS record (153 bytes)
  4966. (46) eap_peap: [eaptls verify] = length included
  4967. (46) eap_peap: (other): before/accept initialization
  4968. (46) eap_peap: TLS_accept: before/accept initialization
  4969. (46) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  4970. (46) eap_peap: TLS_accept: SSLv3 read client hello A
  4971. (46) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  4972. (46) eap_peap: TLS_accept: SSLv3 write server hello A
  4973. (46) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  4974. (46) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  4975. (46) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  4976. (46) eap_peap: TLS_accept: SSLv3 write finished A
  4977. (46) eap_peap: TLS_accept: SSLv3 flush data
  4978. (46) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  4979. (46) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  4980. (46) eap_peap: In SSL Handshake Phase
  4981. (46) eap_peap: In SSL Accept mode
  4982. (46) eap_peap: [eaptls process] = handled
  4983. (46) eap: Sending EAP Request (code 1) ID 47 length 159
  4984. (46) eap: EAP session adding &reply:State = 0xbb22d88bba0dc1ec
  4985. (46) [eap] = handled
  4986. (46) } # authenticate = handled
  4987. (46) Using Post-Auth-Type Challenge
  4988. (46) Post-Auth-Type sub-section not found. Ignoring.
  4989. (46) # Executing group from file /etc/raddb/sites-enabled/default
  4990. (46) Sent Access-Challenge Id 37 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  4991. (46) EAP-Message = 0x012f009f19001603010059020000550301574f326d4c2e696a34f8fe4cf21f937d89bf70b900f714d1cdf8960972dc98702099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b0004030001021403010001011603010030a57d903b53eca507
  4992. (46) Message-Authenticator = 0x00000000000000000000000000000000
  4993. (46) State = 0xbb22d88bba0dc1ec0daea853d9277695
  4994. (46) Finished request
  4995. Waking up in 3.8 seconds.
  4996. (47) Received Access-Request Id 38 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  4997. (47) User-Name = "vkratsberg"
  4998. (47) NAS-Port = 358
  4999. (47) State = 0xbb22d88bba0dc1ec0daea853d9277695
  5000. (47) EAP-Message = 0x022f004519800000003b140301000101160301003031098749c2e4ab9c453ad07d77c36b1065c82ba467b5fba5987e6afc47d049640829519003e35b03218af72e0f61bd08
  5001. (47) Message-Authenticator = 0x62810a312b2d68e2889e2e19998fccab
  5002. (47) Acct-Session-Id = "8O2.1x81bb0d4e0001f90b"
  5003. (47) NAS-Port-Id = "ge-3/0/6.0"
  5004. (47) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  5005. (47) Called-Station-Id = "ec-3e-f7-68-35-00"
  5006. (47) NAS-IP-Address = 10.8.0.111
  5007. (47) NAS-Identifier = "nyc-access-sw011"
  5008. (47) NAS-Port-Type = Ethernet
  5009. (47) session-state: No cached attributes
  5010. (47) # Executing section authorize from file /etc/raddb/sites-enabled/default
  5011. (47) authorize {
  5012. (47) policy filter_username {
  5013. (47) if (&User-Name) {
  5014. (47) if (&User-Name) -> TRUE
  5015. (47) if (&User-Name) {
  5016. (47) if (&User-Name =~ / /) {
  5017. (47) if (&User-Name =~ / /) -> FALSE
  5018. (47) if (&User-Name =~ /@[^@]*@/ ) {
  5019. (47) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  5020. (47) if (&User-Name =~ /\.\./ ) {
  5021. (47) if (&User-Name =~ /\.\./ ) -> FALSE
  5022. (47) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  5023. (47) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  5024. (47) if (&User-Name =~ /\.$/) {
  5025. (47) if (&User-Name =~ /\.$/) -> FALSE
  5026. (47) if (&User-Name =~ /@\./) {
  5027. (47) if (&User-Name =~ /@\./) -> FALSE
  5028. (47) } # if (&User-Name) = notfound
  5029. (47) } # policy filter_username = notfound
  5030. (47) [preprocess] = ok
  5031. (47) [chap] = noop
  5032. (47) [mschap] = noop
  5033. (47) [digest] = noop
  5034. (47) suffix: Checking for suffix after "@"
  5035. (47) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  5036. (47) suffix: No such realm "NULL"
  5037. (47) [suffix] = noop
  5038. (47) eap: Peer sent EAP Response (code 2) ID 47 length 69
  5039. (47) eap: Continuing tunnel setup
  5040. (47) [eap] = ok
  5041. (47) } # authorize = ok
  5042. (47) Found Auth-Type = eap
  5043. (47) # Executing group from file /etc/raddb/sites-enabled/default
  5044. (47) authenticate {
  5045. (47) eap: Expiring EAP session with state 0xbb22d88bba0dc1ec
  5046. (47) eap: Finished EAP session with state 0xbb22d88bba0dc1ec
  5047. (47) eap: Previous EAP request found for state 0xbb22d88bba0dc1ec, released from the list
  5048. (47) eap: Peer sent packet with method EAP PEAP (25)
  5049. (47) eap: Calling submodule eap_peap to process data
  5050. (47) eap_peap: Continuing EAP-TLS
  5051. (47) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  5052. (47) eap_peap: Got complete TLS record (59 bytes)
  5053. (47) eap_peap: [eaptls verify] = length included
  5054. (47) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  5055. (47) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  5056. (47) eap_peap: TLS_accept: SSLv3 read finished A
  5057. (47) eap_peap: (other): SSL negotiation finished successfully
  5058. (47) eap_peap: SSL Connection Established
  5059. (47) eap_peap: SSL Application Data
  5060. (47) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  5061. (47) eap_peap: reply:User-Name = "vkratsberg"
  5062. (47) eap_peap: [eaptls process] = success
  5063. (47) eap_peap: Session established. Decoding tunneled attributes
  5064. (47) eap_peap: PEAP state TUNNEL ESTABLISHED
  5065. (47) eap_peap: Skipping Phase2 because of session resumption
  5066. (47) eap_peap: SUCCESS
  5067. (47) eap: Sending EAP Request (code 1) ID 48 length 43
  5068. (47) eap: EAP session adding &reply:State = 0xbb22d88bb912c1ec
  5069. (47) [eap] = handled
  5070. (47) } # authenticate = handled
  5071. (47) Using Post-Auth-Type Challenge
  5072. (47) Post-Auth-Type sub-section not found. Ignoring.
  5073. (47) # Executing group from file /etc/raddb/sites-enabled/default
  5074. (47) Sent Access-Challenge Id 38 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  5075. (47) User-Name = "vkratsberg"
  5076. (47) EAP-Message = 0x0130002b19001703010020c589507085af18d8812e7fed915a49787ca00f77f9ef1048e730b86aacb0944c
  5077. (47) Message-Authenticator = 0x00000000000000000000000000000000
  5078. (47) State = 0xbb22d88bb912c1ec0daea853d9277695
  5079. (47) Finished request
  5080. Waking up in 3.7 seconds.
  5081. (48) Received Access-Request Id 39 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  5082. (48) User-Name = "vkratsberg"
  5083. (48) NAS-Port = 358
  5084. (48) State = 0xbb22d88bb912c1ec0daea853d9277695
  5085. (48) EAP-Message = 0x0230002b19001703010020680d9bf581ea552b159f38479c6836999194cbc71d1e44dfa395748209fbf94f
  5086. (48) Message-Authenticator = 0x53013f799e0f827a5b33eb185c284019
  5087. (48) Acct-Session-Id = "8O2.1x81bb0d4e0001f90b"
  5088. (48) NAS-Port-Id = "ge-3/0/6.0"
  5089. (48) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  5090. (48) Called-Station-Id = "ec-3e-f7-68-35-00"
  5091. (48) NAS-IP-Address = 10.8.0.111
  5092. (48) NAS-Identifier = "nyc-access-sw011"
  5093. (48) NAS-Port-Type = Ethernet
  5094. (48) session-state: No cached attributes
  5095. (48) # Executing section authorize from file /etc/raddb/sites-enabled/default
  5096. (48) authorize {
  5097. (48) policy filter_username {
  5098. (48) if (&User-Name) {
  5099. (48) if (&User-Name) -> TRUE
  5100. (48) if (&User-Name) {
  5101. (48) if (&User-Name =~ / /) {
  5102. (48) if (&User-Name =~ / /) -> FALSE
  5103. (48) if (&User-Name =~ /@[^@]*@/ ) {
  5104. (48) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  5105. (48) if (&User-Name =~ /\.\./ ) {
  5106. (48) if (&User-Name =~ /\.\./ ) -> FALSE
  5107. (48) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  5108. (48) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  5109. (48) if (&User-Name =~ /\.$/) {
  5110. (48) if (&User-Name =~ /\.$/) -> FALSE
  5111. (48) if (&User-Name =~ /@\./) {
  5112. (48) if (&User-Name =~ /@\./) -> FALSE
  5113. (48) } # if (&User-Name) = notfound
  5114. (48) } # policy filter_username = notfound
  5115. (48) [preprocess] = ok
  5116. (48) [chap] = noop
  5117. (48) [mschap] = noop
  5118. (48) [digest] = noop
  5119. (48) suffix: Checking for suffix after "@"
  5120. (48) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  5121. (48) suffix: No such realm "NULL"
  5122. (48) [suffix] = noop
  5123. (48) eap: Peer sent EAP Response (code 2) ID 48 length 43
  5124. (48) eap: Continuing tunnel setup
  5125. (48) [eap] = ok
  5126. (48) } # authorize = ok
  5127. (48) Found Auth-Type = eap
  5128. (48) # Executing group from file /etc/raddb/sites-enabled/default
  5129. (48) authenticate {
  5130. (48) eap: Expiring EAP session with state 0xbb22d88bb912c1ec
  5131. (48) eap: Finished EAP session with state 0xbb22d88bb912c1ec
  5132. (48) eap: Previous EAP request found for state 0xbb22d88bb912c1ec, released from the list
  5133. (48) eap: Peer sent packet with method EAP PEAP (25)
  5134. (48) eap: Calling submodule eap_peap to process data
  5135. (48) eap_peap: Continuing EAP-TLS
  5136. (48) eap_peap: [eaptls verify] = ok
  5137. (48) eap_peap: Done initial handshake
  5138. (48) eap_peap: [eaptls process] = ok
  5139. (48) eap_peap: Session established. Decoding tunneled attributes
  5140. (48) eap_peap: PEAP state send tlv success
  5141. (48) eap_peap: Received EAP-TLV response
  5142. (48) eap_peap: Success
  5143. (48) eap_peap: No saved attributes in the original Access-Accept
  5144. (48) eap: Sending EAP Success (code 3) ID 48 length 4
  5145. (48) eap: Freeing handler
  5146. (48) [eap] = ok
  5147. (48) } # authenticate = ok
  5148. (48) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  5149. (48) post-auth {
  5150. (48) update {
  5151. (48) No attributes updated
  5152. (48) } # update = noop
  5153. (48) [exec] = noop
  5154. (48) policy remove_reply_message_if_eap {
  5155. (48) if (&reply:EAP-Message && &reply:Reply-Message) {
  5156. (48) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  5157. (48) else {
  5158. (48) [noop] = noop
  5159. (48) } # else = noop
  5160. (48) } # policy remove_reply_message_if_eap = noop
  5161. (48) } # post-auth = noop
  5162. (48) Sent Access-Accept Id 39 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  5163. (48) MS-MPPE-Recv-Key = 0xa3b469b6dec5ad90e9201fa1de5f62ce9f993145af5d4df2507ea35b3c125ede
  5164. (48) MS-MPPE-Send-Key = 0xad5999c5609a511f84da92420a4648e6c34b61a7ff2fc0158134a1cbd8c09272
  5165. (48) EAP-Message = 0x03300004
  5166. (48) Message-Authenticator = 0x00000000000000000000000000000000
  5167. (48) User-Name = "vkratsberg"
  5168. (48) Finished request
  5169. Waking up in 3.7 seconds.
  5170. (49) Received Access-Request Id 40 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  5171. (49) User-Name = "vkratsberg"
  5172. (49) NAS-Port = 358
  5173. (49) EAP-Message = 0x0231000f01766b7261747362657267
  5174. (49) Message-Authenticator = 0x0ea42681b52823ee1548d995b2b5edfe
  5175. (49) Acct-Session-Id = "8O2.1x81bb0d4f0003957f"
  5176. (49) NAS-Port-Id = "ge-3/0/6.0"
  5177. (49) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  5178. (49) Called-Station-Id = "ec-3e-f7-68-35-00"
  5179. (49) NAS-IP-Address = 10.8.0.111
  5180. (49) NAS-Identifier = "nyc-access-sw011"
  5181. (49) NAS-Port-Type = Ethernet
  5182. (49) # Executing section authorize from file /etc/raddb/sites-enabled/default
  5183. (49) authorize {
  5184. (49) policy filter_username {
  5185. (49) if (&User-Name) {
  5186. (49) if (&User-Name) -> TRUE
  5187. (49) if (&User-Name) {
  5188. (49) if (&User-Name =~ / /) {
  5189. (49) if (&User-Name =~ / /) -> FALSE
  5190. (49) if (&User-Name =~ /@[^@]*@/ ) {
  5191. (49) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  5192. (49) if (&User-Name =~ /\.\./ ) {
  5193. (49) if (&User-Name =~ /\.\./ ) -> FALSE
  5194. (49) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  5195. (49) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  5196. (49) if (&User-Name =~ /\.$/) {
  5197. (49) if (&User-Name =~ /\.$/) -> FALSE
  5198. (49) if (&User-Name =~ /@\./) {
  5199. (49) if (&User-Name =~ /@\./) -> FALSE
  5200. (49) } # if (&User-Name) = notfound
  5201. (49) } # policy filter_username = notfound
  5202. (49) [preprocess] = ok
  5203. (49) [chap] = noop
  5204. (49) [mschap] = noop
  5205. (49) [digest] = noop
  5206. (49) suffix: Checking for suffix after "@"
  5207. (49) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  5208. (49) suffix: No such realm "NULL"
  5209. (49) [suffix] = noop
  5210. (49) eap: Peer sent EAP Response (code 2) ID 49 length 15
  5211. (49) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  5212. (49) [eap] = ok
  5213. (49) } # authorize = ok
  5214. (49) Found Auth-Type = eap
  5215. (49) # Executing group from file /etc/raddb/sites-enabled/default
  5216. (49) authenticate {
  5217. (49) eap: Peer sent packet with method EAP Identity (1)
  5218. (49) eap: Calling submodule eap_peap to process data
  5219. (49) eap_peap: Initiating new EAP-TLS session
  5220. (49) eap_peap: [eaptls start] = request
  5221. (49) eap: Sending EAP Request (code 1) ID 50 length 6
  5222. (49) eap: EAP session adding &reply:State = 0x76c5d8c076f7c13b
  5223. (49) [eap] = handled
  5224. (49) } # authenticate = handled
  5225. (49) Using Post-Auth-Type Challenge
  5226. (49) Post-Auth-Type sub-section not found. Ignoring.
  5227. (49) # Executing group from file /etc/raddb/sites-enabled/default
  5228. (49) Sent Access-Challenge Id 40 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  5229. (49) EAP-Message = 0x013200061920
  5230. (49) Message-Authenticator = 0x00000000000000000000000000000000
  5231. (49) State = 0x76c5d8c076f7c13ba0c7a7eb35cfa4bf
  5232. (49) Finished request
  5233. Waking up in 3.7 seconds.
  5234. (50) Received Access-Request Id 41 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  5235. (50) User-Name = "vkratsberg"
  5236. (50) NAS-Port = 358
  5237. (50) State = 0x76c5d8c076f7c13ba0c7a7eb35cfa4bf
  5238. (50) EAP-Message = 0x023200a31980000000991603010094010000900301574f326d85a91e2953e271f7e069fe6193c4d2324f32b57fbaeaaeb56c1bd6a32099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  5239. (50) Message-Authenticator = 0xa95681efa726c6d19795f757a9c989d1
  5240. (50) Acct-Session-Id = "8O2.1x81bb0d4f0003957f"
  5241. (50) NAS-Port-Id = "ge-3/0/6.0"
  5242. (50) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  5243. (50) Called-Station-Id = "ec-3e-f7-68-35-00"
  5244. (50) NAS-IP-Address = 10.8.0.111
  5245. (50) NAS-Identifier = "nyc-access-sw011"
  5246. (50) NAS-Port-Type = Ethernet
  5247. (50) session-state: No cached attributes
  5248. (50) # Executing section authorize from file /etc/raddb/sites-enabled/default
  5249. (50) authorize {
  5250. (50) policy filter_username {
  5251. (50) if (&User-Name) {
  5252. (50) if (&User-Name) -> TRUE
  5253. (50) if (&User-Name) {
  5254. (50) if (&User-Name =~ / /) {
  5255. (50) if (&User-Name =~ / /) -> FALSE
  5256. (50) if (&User-Name =~ /@[^@]*@/ ) {
  5257. (50) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  5258. (50) if (&User-Name =~ /\.\./ ) {
  5259. (50) if (&User-Name =~ /\.\./ ) -> FALSE
  5260. (50) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  5261. (50) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  5262. (50) if (&User-Name =~ /\.$/) {
  5263. (50) if (&User-Name =~ /\.$/) -> FALSE
  5264. (50) if (&User-Name =~ /@\./) {
  5265. (50) if (&User-Name =~ /@\./) -> FALSE
  5266. (50) } # if (&User-Name) = notfound
  5267. (50) } # policy filter_username = notfound
  5268. (50) [preprocess] = ok
  5269. (50) [chap] = noop
  5270. (50) [mschap] = noop
  5271. (50) [digest] = noop
  5272. (50) suffix: Checking for suffix after "@"
  5273. (50) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  5274. (50) suffix: No such realm "NULL"
  5275. (50) [suffix] = noop
  5276. (50) eap: Peer sent EAP Response (code 2) ID 50 length 163
  5277. (50) eap: Continuing tunnel setup
  5278. (50) [eap] = ok
  5279. (50) } # authorize = ok
  5280. (50) Found Auth-Type = eap
  5281. (50) # Executing group from file /etc/raddb/sites-enabled/default
  5282. (50) authenticate {
  5283. (50) eap: Expiring EAP session with state 0x76c5d8c076f7c13b
  5284. (50) eap: Finished EAP session with state 0x76c5d8c076f7c13b
  5285. (50) eap: Previous EAP request found for state 0x76c5d8c076f7c13b, released from the list
  5286. (50) eap: Peer sent packet with method EAP PEAP (25)
  5287. (50) eap: Calling submodule eap_peap to process data
  5288. (50) eap_peap: Continuing EAP-TLS
  5289. (50) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  5290. (50) eap_peap: Got complete TLS record (153 bytes)
  5291. (50) eap_peap: [eaptls verify] = length included
  5292. (50) eap_peap: (other): before/accept initialization
  5293. (50) eap_peap: TLS_accept: before/accept initialization
  5294. (50) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  5295. (50) eap_peap: TLS_accept: SSLv3 read client hello A
  5296. (50) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  5297. (50) eap_peap: TLS_accept: SSLv3 write server hello A
  5298. (50) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  5299. (50) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  5300. (50) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  5301. (50) eap_peap: TLS_accept: SSLv3 write finished A
  5302. (50) eap_peap: TLS_accept: SSLv3 flush data
  5303. (50) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  5304. (50) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  5305. (50) eap_peap: In SSL Handshake Phase
  5306. (50) eap_peap: In SSL Accept mode
  5307. (50) eap_peap: [eaptls process] = handled
  5308. (50) eap: Sending EAP Request (code 1) ID 51 length 159
  5309. (50) eap: EAP session adding &reply:State = 0x76c5d8c077f6c13b
  5310. (50) [eap] = handled
  5311. (50) } # authenticate = handled
  5312. (50) Using Post-Auth-Type Challenge
  5313. (50) Post-Auth-Type sub-section not found. Ignoring.
  5314. (50) # Executing group from file /etc/raddb/sites-enabled/default
  5315. (50) Sent Access-Challenge Id 41 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  5316. (50) EAP-Message = 0x0133009f19001603010059020000550301574f326ddd003b1a03ccc09b83d371749b21d4a1d3be09cef6363de198ad97622099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b0004030001021403010001011603010030c36917198e7b2557
  5317. (50) Message-Authenticator = 0x00000000000000000000000000000000
  5318. (50) State = 0x76c5d8c077f6c13ba0c7a7eb35cfa4bf
  5319. (50) Finished request
  5320. Waking up in 3.6 seconds.
  5321. (51) Received Access-Request Id 42 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  5322. (51) User-Name = "vkratsberg"
  5323. (51) NAS-Port = 358
  5324. (51) State = 0x76c5d8c077f6c13ba0c7a7eb35cfa4bf
  5325. (51) EAP-Message = 0x0233004519800000003b14030100010116030100302e82b56b9a9508d0ce7073a7a04e19bf66a1f2821da3854488d0da09d8c8ed830ebce48cdbfb1cb621f3dd0f1218c6e5
  5326. (51) Message-Authenticator = 0x81914a4e69201577bbd491cb4512b6df
  5327. (51) Acct-Session-Id = "8O2.1x81bb0d4f0003957f"
  5328. (51) NAS-Port-Id = "ge-3/0/6.0"
  5329. (51) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  5330. (51) Called-Station-Id = "ec-3e-f7-68-35-00"
  5331. (51) NAS-IP-Address = 10.8.0.111
  5332. (51) NAS-Identifier = "nyc-access-sw011"
  5333. (51) NAS-Port-Type = Ethernet
  5334. (51) session-state: No cached attributes
  5335. (51) # Executing section authorize from file /etc/raddb/sites-enabled/default
  5336. (51) authorize {
  5337. (51) policy filter_username {
  5338. (51) if (&User-Name) {
  5339. (51) if (&User-Name) -> TRUE
  5340. (51) if (&User-Name) {
  5341. (51) if (&User-Name =~ / /) {
  5342. (51) if (&User-Name =~ / /) -> FALSE
  5343. (51) if (&User-Name =~ /@[^@]*@/ ) {
  5344. (51) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  5345. (51) if (&User-Name =~ /\.\./ ) {
  5346. (51) if (&User-Name =~ /\.\./ ) -> FALSE
  5347. (51) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  5348. (51) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  5349. (51) if (&User-Name =~ /\.$/) {
  5350. (51) if (&User-Name =~ /\.$/) -> FALSE
  5351. (51) if (&User-Name =~ /@\./) {
  5352. (51) if (&User-Name =~ /@\./) -> FALSE
  5353. (51) } # if (&User-Name) = notfound
  5354. (51) } # policy filter_username = notfound
  5355. (51) [preprocess] = ok
  5356. (51) [chap] = noop
  5357. (51) [mschap] = noop
  5358. (51) [digest] = noop
  5359. (51) suffix: Checking for suffix after "@"
  5360. (51) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  5361. (51) suffix: No such realm "NULL"
  5362. (51) [suffix] = noop
  5363. (51) eap: Peer sent EAP Response (code 2) ID 51 length 69
  5364. (51) eap: Continuing tunnel setup
  5365. (51) [eap] = ok
  5366. (51) } # authorize = ok
  5367. (51) Found Auth-Type = eap
  5368. (51) # Executing group from file /etc/raddb/sites-enabled/default
  5369. (51) authenticate {
  5370. (51) eap: Expiring EAP session with state 0x76c5d8c077f6c13b
  5371. (51) eap: Finished EAP session with state 0x76c5d8c077f6c13b
  5372. (51) eap: Previous EAP request found for state 0x76c5d8c077f6c13b, released from the list
  5373. (51) eap: Peer sent packet with method EAP PEAP (25)
  5374. (51) eap: Calling submodule eap_peap to process data
  5375. (51) eap_peap: Continuing EAP-TLS
  5376. (51) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  5377. (51) eap_peap: Got complete TLS record (59 bytes)
  5378. (51) eap_peap: [eaptls verify] = length included
  5379. (51) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  5380. (51) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  5381. (51) eap_peap: TLS_accept: SSLv3 read finished A
  5382. (51) eap_peap: (other): SSL negotiation finished successfully
  5383. (51) eap_peap: SSL Connection Established
  5384. (51) eap_peap: SSL Application Data
  5385. (51) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  5386. (51) eap_peap: reply:User-Name = "vkratsberg"
  5387. (51) eap_peap: [eaptls process] = success
  5388. (51) eap_peap: Session established. Decoding tunneled attributes
  5389. (51) eap_peap: PEAP state TUNNEL ESTABLISHED
  5390. (51) eap_peap: Skipping Phase2 because of session resumption
  5391. (51) eap_peap: SUCCESS
  5392. (51) eap: Sending EAP Request (code 1) ID 52 length 43
  5393. (51) eap: EAP session adding &reply:State = 0x76c5d8c074f1c13b
  5394. (51) [eap] = handled
  5395. (51) } # authenticate = handled
  5396. (51) Using Post-Auth-Type Challenge
  5397. (51) Post-Auth-Type sub-section not found. Ignoring.
  5398. (51) # Executing group from file /etc/raddb/sites-enabled/default
  5399. (51) Sent Access-Challenge Id 42 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  5400. (51) User-Name = "vkratsberg"
  5401. (51) EAP-Message = 0x0134002b19001703010020623b84f659bea3f26d1d1a8ce08d484249a4474dc4fe2e0cd9215793c3a339b0
  5402. (51) Message-Authenticator = 0x00000000000000000000000000000000
  5403. (51) State = 0x76c5d8c074f1c13ba0c7a7eb35cfa4bf
  5404. (51) Finished request
  5405. Waking up in 3.6 seconds.
  5406. (52) Received Access-Request Id 43 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  5407. (52) User-Name = "vkratsberg"
  5408. (52) NAS-Port = 358
  5409. (52) State = 0x76c5d8c074f1c13ba0c7a7eb35cfa4bf
  5410. (52) EAP-Message = 0x0234002b19001703010020db4c97cff98404dd6e175fae3b3eccc694c1695d4ea44ae9b22527f64072c57b
  5411. (52) Message-Authenticator = 0x55b4345e947d1ef8ae6a18cc63504c5b
  5412. (52) Acct-Session-Id = "8O2.1x81bb0d4f0003957f"
  5413. (52) NAS-Port-Id = "ge-3/0/6.0"
  5414. (52) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  5415. (52) Called-Station-Id = "ec-3e-f7-68-35-00"
  5416. (52) NAS-IP-Address = 10.8.0.111
  5417. (52) NAS-Identifier = "nyc-access-sw011"
  5418. (52) NAS-Port-Type = Ethernet
  5419. (52) session-state: No cached attributes
  5420. (52) # Executing section authorize from file /etc/raddb/sites-enabled/default
  5421. (52) authorize {
  5422. (52) policy filter_username {
  5423. (52) if (&User-Name) {
  5424. (52) if (&User-Name) -> TRUE
  5425. (52) if (&User-Name) {
  5426. (52) if (&User-Name =~ / /) {
  5427. (52) if (&User-Name =~ / /) -> FALSE
  5428. (52) if (&User-Name =~ /@[^@]*@/ ) {
  5429. (52) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  5430. (52) if (&User-Name =~ /\.\./ ) {
  5431. (52) if (&User-Name =~ /\.\./ ) -> FALSE
  5432. (52) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  5433. (52) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  5434. (52) if (&User-Name =~ /\.$/) {
  5435. (52) if (&User-Name =~ /\.$/) -> FALSE
  5436. (52) if (&User-Name =~ /@\./) {
  5437. (52) if (&User-Name =~ /@\./) -> FALSE
  5438. (52) } # if (&User-Name) = notfound
  5439. (52) } # policy filter_username = notfound
  5440. (52) [preprocess] = ok
  5441. (52) [chap] = noop
  5442. (52) [mschap] = noop
  5443. (52) [digest] = noop
  5444. (52) suffix: Checking for suffix after "@"
  5445. (52) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  5446. (52) suffix: No such realm "NULL"
  5447. (52) [suffix] = noop
  5448. (52) eap: Peer sent EAP Response (code 2) ID 52 length 43
  5449. (52) eap: Continuing tunnel setup
  5450. (52) [eap] = ok
  5451. (52) } # authorize = ok
  5452. (52) Found Auth-Type = eap
  5453. (52) # Executing group from file /etc/raddb/sites-enabled/default
  5454. (52) authenticate {
  5455. (52) eap: Expiring EAP session with state 0x76c5d8c074f1c13b
  5456. (52) eap: Finished EAP session with state 0x76c5d8c074f1c13b
  5457. (52) eap: Previous EAP request found for state 0x76c5d8c074f1c13b, released from the list
  5458. (52) eap: Peer sent packet with method EAP PEAP (25)
  5459. (52) eap: Calling submodule eap_peap to process data
  5460. (52) eap_peap: Continuing EAP-TLS
  5461. (52) eap_peap: [eaptls verify] = ok
  5462. (52) eap_peap: Done initial handshake
  5463. (52) eap_peap: [eaptls process] = ok
  5464. (52) eap_peap: Session established. Decoding tunneled attributes
  5465. (52) eap_peap: PEAP state send tlv success
  5466. (52) eap_peap: Received EAP-TLV response
  5467. (52) eap_peap: Success
  5468. (52) eap_peap: No saved attributes in the original Access-Accept
  5469. (52) eap: Sending EAP Success (code 3) ID 52 length 4
  5470. (52) eap: Freeing handler
  5471. (52) [eap] = ok
  5472. (52) } # authenticate = ok
  5473. (52) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  5474. (52) post-auth {
  5475. (52) update {
  5476. (52) No attributes updated
  5477. (52) } # update = noop
  5478. (52) [exec] = noop
  5479. (52) policy remove_reply_message_if_eap {
  5480. (52) if (&reply:EAP-Message && &reply:Reply-Message) {
  5481. (52) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  5482. (52) else {
  5483. (52) [noop] = noop
  5484. (52) } # else = noop
  5485. (52) } # policy remove_reply_message_if_eap = noop
  5486. (52) } # post-auth = noop
  5487. (52) Sent Access-Accept Id 43 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  5488. (52) MS-MPPE-Recv-Key = 0x932285bcd7c58c20db855c39b4c0f277fbe43462a9452f42fa040dc75ed84ef7
  5489. (52) MS-MPPE-Send-Key = 0x55416a6fea0c16d7a423b7705fa000617569c20f80efeb51b0b89fbf454cfda7
  5490. (52) EAP-Message = 0x03340004
  5491. (52) Message-Authenticator = 0x00000000000000000000000000000000
  5492. (52) User-Name = "vkratsberg"
  5493. (52) Finished request
  5494. Waking up in 3.6 seconds.
  5495. (53) Received Access-Request Id 44 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  5496. (53) User-Name = "vkratsberg"
  5497. (53) NAS-Port = 358
  5498. (53) EAP-Message = 0x0235000f01766b7261747362657267
  5499. (53) Message-Authenticator = 0x82736aa78dc0a8fad373a25c355d9d44
  5500. (53) Acct-Session-Id = "8O2.1x81bb0d5000053f2e"
  5501. (53) NAS-Port-Id = "ge-3/0/6.0"
  5502. (53) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  5503. (53) Called-Station-Id = "ec-3e-f7-68-35-00"
  5504. (53) NAS-IP-Address = 10.8.0.111
  5505. (53) NAS-Identifier = "nyc-access-sw011"
  5506. (53) NAS-Port-Type = Ethernet
  5507. (53) # Executing section authorize from file /etc/raddb/sites-enabled/default
  5508. (53) authorize {
  5509. (53) policy filter_username {
  5510. (53) if (&User-Name) {
  5511. (53) if (&User-Name) -> TRUE
  5512. (53) if (&User-Name) {
  5513. (53) if (&User-Name =~ / /) {
  5514. (53) if (&User-Name =~ / /) -> FALSE
  5515. (53) if (&User-Name =~ /@[^@]*@/ ) {
  5516. (53) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  5517. (53) if (&User-Name =~ /\.\./ ) {
  5518. (53) if (&User-Name =~ /\.\./ ) -> FALSE
  5519. (53) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  5520. (53) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  5521. (53) if (&User-Name =~ /\.$/) {
  5522. (53) if (&User-Name =~ /\.$/) -> FALSE
  5523. (53) if (&User-Name =~ /@\./) {
  5524. (53) if (&User-Name =~ /@\./) -> FALSE
  5525. (53) } # if (&User-Name) = notfound
  5526. (53) } # policy filter_username = notfound
  5527. (53) [preprocess] = ok
  5528. (53) [chap] = noop
  5529. (53) [mschap] = noop
  5530. (53) [digest] = noop
  5531. (53) suffix: Checking for suffix after "@"
  5532. (53) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  5533. (53) suffix: No such realm "NULL"
  5534. (53) [suffix] = noop
  5535. (53) eap: Peer sent EAP Response (code 2) ID 53 length 15
  5536. (53) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  5537. (53) [eap] = ok
  5538. (53) } # authorize = ok
  5539. (53) Found Auth-Type = eap
  5540. (53) # Executing group from file /etc/raddb/sites-enabled/default
  5541. (53) authenticate {
  5542. (53) eap: Peer sent packet with method EAP Identity (1)
  5543. (53) eap: Calling submodule eap_peap to process data
  5544. (53) eap_peap: Initiating new EAP-TLS session
  5545. (53) eap_peap: [eaptls start] = request
  5546. (53) eap: Sending EAP Request (code 1) ID 54 length 6
  5547. (53) eap: EAP session adding &reply:State = 0xe38f814ee3b99824
  5548. (53) [eap] = handled
  5549. (53) } # authenticate = handled
  5550. (53) Using Post-Auth-Type Challenge
  5551. (53) Post-Auth-Type sub-section not found. Ignoring.
  5552. (53) # Executing group from file /etc/raddb/sites-enabled/default
  5553. (53) Sent Access-Challenge Id 44 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  5554. (53) EAP-Message = 0x013600061920
  5555. (53) Message-Authenticator = 0x00000000000000000000000000000000
  5556. (53) State = 0xe38f814ee3b99824453889093340d24c
  5557. (53) Finished request
  5558. Waking up in 3.5 seconds.
  5559. (54) Received Access-Request Id 45 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  5560. (54) User-Name = "vkratsberg"
  5561. (54) NAS-Port = 358
  5562. (54) State = 0xe38f814ee3b99824453889093340d24c
  5563. (54) EAP-Message = 0x023600a31980000000991603010094010000900301574f326de9676a029041169797ecebbd3d23c4a6c1d0c26db0c3e4b685ddf5682099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  5564. (54) Message-Authenticator = 0xb8a75001f187872f2db8fd1581d32f8a
  5565. (54) Acct-Session-Id = "8O2.1x81bb0d5000053f2e"
  5566. (54) NAS-Port-Id = "ge-3/0/6.0"
  5567. (54) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  5568. (54) Called-Station-Id = "ec-3e-f7-68-35-00"
  5569. (54) NAS-IP-Address = 10.8.0.111
  5570. (54) NAS-Identifier = "nyc-access-sw011"
  5571. (54) NAS-Port-Type = Ethernet
  5572. (54) session-state: No cached attributes
  5573. (54) # Executing section authorize from file /etc/raddb/sites-enabled/default
  5574. (54) authorize {
  5575. (54) policy filter_username {
  5576. (54) if (&User-Name) {
  5577. (54) if (&User-Name) -> TRUE
  5578. (54) if (&User-Name) {
  5579. (54) if (&User-Name =~ / /) {
  5580. (54) if (&User-Name =~ / /) -> FALSE
  5581. (54) if (&User-Name =~ /@[^@]*@/ ) {
  5582. (54) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  5583. (54) if (&User-Name =~ /\.\./ ) {
  5584. (54) if (&User-Name =~ /\.\./ ) -> FALSE
  5585. (54) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  5586. (54) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  5587. (54) if (&User-Name =~ /\.$/) {
  5588. (54) if (&User-Name =~ /\.$/) -> FALSE
  5589. (54) if (&User-Name =~ /@\./) {
  5590. (54) if (&User-Name =~ /@\./) -> FALSE
  5591. (54) } # if (&User-Name) = notfound
  5592. (54) } # policy filter_username = notfound
  5593. (54) [preprocess] = ok
  5594. (54) [chap] = noop
  5595. (54) [mschap] = noop
  5596. (54) [digest] = noop
  5597. (54) suffix: Checking for suffix after "@"
  5598. (54) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  5599. (54) suffix: No such realm "NULL"
  5600. (54) [suffix] = noop
  5601. (54) eap: Peer sent EAP Response (code 2) ID 54 length 163
  5602. (54) eap: Continuing tunnel setup
  5603. (54) [eap] = ok
  5604. (54) } # authorize = ok
  5605. (54) Found Auth-Type = eap
  5606. (54) # Executing group from file /etc/raddb/sites-enabled/default
  5607. (54) authenticate {
  5608. (54) eap: Expiring EAP session with state 0xe38f814ee3b99824
  5609. (54) eap: Finished EAP session with state 0xe38f814ee3b99824
  5610. (54) eap: Previous EAP request found for state 0xe38f814ee3b99824, released from the list
  5611. (54) eap: Peer sent packet with method EAP PEAP (25)
  5612. (54) eap: Calling submodule eap_peap to process data
  5613. (54) eap_peap: Continuing EAP-TLS
  5614. (54) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  5615. (54) eap_peap: Got complete TLS record (153 bytes)
  5616. (54) eap_peap: [eaptls verify] = length included
  5617. (54) eap_peap: (other): before/accept initialization
  5618. (54) eap_peap: TLS_accept: before/accept initialization
  5619. (54) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  5620. (54) eap_peap: TLS_accept: SSLv3 read client hello A
  5621. (54) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  5622. (54) eap_peap: TLS_accept: SSLv3 write server hello A
  5623. (54) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  5624. (54) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  5625. (54) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  5626. (54) eap_peap: TLS_accept: SSLv3 write finished A
  5627. (54) eap_peap: TLS_accept: SSLv3 flush data
  5628. (54) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  5629. (54) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  5630. (54) eap_peap: In SSL Handshake Phase
  5631. (54) eap_peap: In SSL Accept mode
  5632. (54) eap_peap: [eaptls process] = handled
  5633. (54) eap: Sending EAP Request (code 1) ID 55 length 159
  5634. (54) eap: EAP session adding &reply:State = 0xe38f814ee2b89824
  5635. (54) [eap] = handled
  5636. (54) } # authenticate = handled
  5637. (54) Using Post-Auth-Type Challenge
  5638. (54) Post-Auth-Type sub-section not found. Ignoring.
  5639. (54) # Executing group from file /etc/raddb/sites-enabled/default
  5640. (54) Sent Access-Challenge Id 45 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  5641. (54) EAP-Message = 0x0137009f19001603010059020000550301574f326d77af95cae2cfe695f7a1dec76af5b0ba0e92b87621bb4c38c349e5982099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b000403000102140301000101160301003063b007accca03a6f
  5642. (54) Message-Authenticator = 0x00000000000000000000000000000000
  5643. (54) State = 0xe38f814ee2b89824453889093340d24c
  5644. (54) Finished request
  5645. Waking up in 3.5 seconds.
  5646. (55) Received Access-Request Id 46 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  5647. (55) User-Name = "vkratsberg"
  5648. (55) NAS-Port = 358
  5649. (55) State = 0xe38f814ee2b89824453889093340d24c
  5650. (55) EAP-Message = 0x0237004519800000003b140301000101160301003077eff6e5a57f4e7c60aa6c5b4d7d0e9ff792a6803875e3c4232f03107292f5338d1d062a8453936e03de39a951a29898
  5651. (55) Message-Authenticator = 0x4a5a00fbab06cdf41a2655b297a12782
  5652. (55) Acct-Session-Id = "8O2.1x81bb0d5000053f2e"
  5653. (55) NAS-Port-Id = "ge-3/0/6.0"
  5654. (55) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  5655. (55) Called-Station-Id = "ec-3e-f7-68-35-00"
  5656. (55) NAS-IP-Address = 10.8.0.111
  5657. (55) NAS-Identifier = "nyc-access-sw011"
  5658. (55) NAS-Port-Type = Ethernet
  5659. (55) session-state: No cached attributes
  5660. (55) # Executing section authorize from file /etc/raddb/sites-enabled/default
  5661. (55) authorize {
  5662. (55) policy filter_username {
  5663. (55) if (&User-Name) {
  5664. (55) if (&User-Name) -> TRUE
  5665. (55) if (&User-Name) {
  5666. (55) if (&User-Name =~ / /) {
  5667. (55) if (&User-Name =~ / /) -> FALSE
  5668. (55) if (&User-Name =~ /@[^@]*@/ ) {
  5669. (55) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  5670. (55) if (&User-Name =~ /\.\./ ) {
  5671. (55) if (&User-Name =~ /\.\./ ) -> FALSE
  5672. (55) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  5673. (55) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  5674. (55) if (&User-Name =~ /\.$/) {
  5675. (55) if (&User-Name =~ /\.$/) -> FALSE
  5676. (55) if (&User-Name =~ /@\./) {
  5677. (55) if (&User-Name =~ /@\./) -> FALSE
  5678. (55) } # if (&User-Name) = notfound
  5679. (55) } # policy filter_username = notfound
  5680. (55) [preprocess] = ok
  5681. (55) [chap] = noop
  5682. (55) [mschap] = noop
  5683. (55) [digest] = noop
  5684. (55) suffix: Checking for suffix after "@"
  5685. (55) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  5686. (55) suffix: No such realm "NULL"
  5687. (55) [suffix] = noop
  5688. (55) eap: Peer sent EAP Response (code 2) ID 55 length 69
  5689. (55) eap: Continuing tunnel setup
  5690. (55) [eap] = ok
  5691. (55) } # authorize = ok
  5692. (55) Found Auth-Type = eap
  5693. (55) # Executing group from file /etc/raddb/sites-enabled/default
  5694. (55) authenticate {
  5695. (55) eap: Expiring EAP session with state 0xe38f814ee2b89824
  5696. (55) eap: Finished EAP session with state 0xe38f814ee2b89824
  5697. (55) eap: Previous EAP request found for state 0xe38f814ee2b89824, released from the list
  5698. (55) eap: Peer sent packet with method EAP PEAP (25)
  5699. (55) eap: Calling submodule eap_peap to process data
  5700. (55) eap_peap: Continuing EAP-TLS
  5701. (55) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  5702. (55) eap_peap: Got complete TLS record (59 bytes)
  5703. (55) eap_peap: [eaptls verify] = length included
  5704. (55) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  5705. (55) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  5706. (55) eap_peap: TLS_accept: SSLv3 read finished A
  5707. (55) eap_peap: (other): SSL negotiation finished successfully
  5708. (55) eap_peap: SSL Connection Established
  5709. (55) eap_peap: SSL Application Data
  5710. (55) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  5711. (55) eap_peap: reply:User-Name = "vkratsberg"
  5712. (55) eap_peap: [eaptls process] = success
  5713. (55) eap_peap: Session established. Decoding tunneled attributes
  5714. (55) eap_peap: PEAP state TUNNEL ESTABLISHED
  5715. (55) eap_peap: Skipping Phase2 because of session resumption
  5716. (55) eap_peap: SUCCESS
  5717. (55) eap: Sending EAP Request (code 1) ID 56 length 43
  5718. (55) eap: EAP session adding &reply:State = 0xe38f814ee1b79824
  5719. (55) [eap] = handled
  5720. (55) } # authenticate = handled
  5721. (55) Using Post-Auth-Type Challenge
  5722. (55) Post-Auth-Type sub-section not found. Ignoring.
  5723. (55) # Executing group from file /etc/raddb/sites-enabled/default
  5724. (55) Sent Access-Challenge Id 46 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  5725. (55) User-Name = "vkratsberg"
  5726. (55) EAP-Message = 0x0138002b19001703010020c5f054c28065478d68f06579a936e1b0221804d798db8dc9fabead925b5eda82
  5727. (55) Message-Authenticator = 0x00000000000000000000000000000000
  5728. (55) State = 0xe38f814ee1b79824453889093340d24c
  5729. (55) Finished request
  5730. Waking up in 3.5 seconds.
  5731. (56) Received Access-Request Id 47 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  5732. (56) User-Name = "vkratsberg"
  5733. (56) NAS-Port = 358
  5734. (56) State = 0xe38f814ee1b79824453889093340d24c
  5735. (56) EAP-Message = 0x0238002b190017030100207fdc47e69c28e6238989f44a055e1ff09833558f1814aa4cdd7fef3db9635cf4
  5736. (56) Message-Authenticator = 0x6b48a41014b7acbe96038ad4cda36478
  5737. (56) Acct-Session-Id = "8O2.1x81bb0d5000053f2e"
  5738. (56) NAS-Port-Id = "ge-3/0/6.0"
  5739. (56) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  5740. (56) Called-Station-Id = "ec-3e-f7-68-35-00"
  5741. (56) NAS-IP-Address = 10.8.0.111
  5742. (56) NAS-Identifier = "nyc-access-sw011"
  5743. (56) NAS-Port-Type = Ethernet
  5744. (56) session-state: No cached attributes
  5745. (56) # Executing section authorize from file /etc/raddb/sites-enabled/default
  5746. (56) authorize {
  5747. (56) policy filter_username {
  5748. (56) if (&User-Name) {
  5749. (56) if (&User-Name) -> TRUE
  5750. (56) if (&User-Name) {
  5751. (56) if (&User-Name =~ / /) {
  5752. (56) if (&User-Name =~ / /) -> FALSE
  5753. (56) if (&User-Name =~ /@[^@]*@/ ) {
  5754. (56) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  5755. (56) if (&User-Name =~ /\.\./ ) {
  5756. (56) if (&User-Name =~ /\.\./ ) -> FALSE
  5757. (56) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  5758. (56) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  5759. (56) if (&User-Name =~ /\.$/) {
  5760. (56) if (&User-Name =~ /\.$/) -> FALSE
  5761. (56) if (&User-Name =~ /@\./) {
  5762. (56) if (&User-Name =~ /@\./) -> FALSE
  5763. (56) } # if (&User-Name) = notfound
  5764. (56) } # policy filter_username = notfound
  5765. (56) [preprocess] = ok
  5766. (56) [chap] = noop
  5767. (56) [mschap] = noop
  5768. (56) [digest] = noop
  5769. (56) suffix: Checking for suffix after "@"
  5770. (56) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  5771. (56) suffix: No such realm "NULL"
  5772. (56) [suffix] = noop
  5773. (56) eap: Peer sent EAP Response (code 2) ID 56 length 43
  5774. (56) eap: Continuing tunnel setup
  5775. (56) [eap] = ok
  5776. (56) } # authorize = ok
  5777. (56) Found Auth-Type = eap
  5778. (56) # Executing group from file /etc/raddb/sites-enabled/default
  5779. (56) authenticate {
  5780. (56) eap: Expiring EAP session with state 0xe38f814ee1b79824
  5781. (56) eap: Finished EAP session with state 0xe38f814ee1b79824
  5782. (56) eap: Previous EAP request found for state 0xe38f814ee1b79824, released from the list
  5783. (56) eap: Peer sent packet with method EAP PEAP (25)
  5784. (56) eap: Calling submodule eap_peap to process data
  5785. (56) eap_peap: Continuing EAP-TLS
  5786. (56) eap_peap: [eaptls verify] = ok
  5787. (56) eap_peap: Done initial handshake
  5788. (56) eap_peap: [eaptls process] = ok
  5789. (56) eap_peap: Session established. Decoding tunneled attributes
  5790. (56) eap_peap: PEAP state send tlv success
  5791. (56) eap_peap: Received EAP-TLV response
  5792. (56) eap_peap: Success
  5793. (56) eap_peap: No saved attributes in the original Access-Accept
  5794. (56) eap: Sending EAP Success (code 3) ID 56 length 4
  5795. (56) eap: Freeing handler
  5796. (56) [eap] = ok
  5797. (56) } # authenticate = ok
  5798. (56) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  5799. (56) post-auth {
  5800. (56) update {
  5801. (56) No attributes updated
  5802. (56) } # update = noop
  5803. (56) [exec] = noop
  5804. (56) policy remove_reply_message_if_eap {
  5805. (56) if (&reply:EAP-Message && &reply:Reply-Message) {
  5806. (56) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  5807. (56) else {
  5808. (56) [noop] = noop
  5809. (56) } # else = noop
  5810. (56) } # policy remove_reply_message_if_eap = noop
  5811. (56) } # post-auth = noop
  5812. (56) Sent Access-Accept Id 47 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  5813. (56) MS-MPPE-Recv-Key = 0x18c5f71f2fd4c934d01d6ee707ac7168290e85f5092e420111e4c5db8f83bbc3
  5814. (56) MS-MPPE-Send-Key = 0x6eea8aa3442f6533ee471373c90f5c198a3a7879b45eb8315ceb2058d6e04b56
  5815. (56) EAP-Message = 0x03380004
  5816. (56) Message-Authenticator = 0x00000000000000000000000000000000
  5817. (56) User-Name = "vkratsberg"
  5818. (56) Finished request
  5819. Waking up in 3.5 seconds.
  5820. (57) Received Access-Request Id 48 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  5821. (57) User-Name = "vkratsberg"
  5822. (57) NAS-Port = 358
  5823. (57) EAP-Message = 0x0239000f01766b7261747362657267
  5824. (57) Message-Authenticator = 0x793172938258d0381ef68f45181fadb9
  5825. (57) Acct-Session-Id = "8O2.1x81bb0d510006dc2d"
  5826. (57) NAS-Port-Id = "ge-3/0/6.0"
  5827. (57) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  5828. (57) Called-Station-Id = "ec-3e-f7-68-35-00"
  5829. (57) NAS-IP-Address = 10.8.0.111
  5830. (57) NAS-Identifier = "nyc-access-sw011"
  5831. (57) NAS-Port-Type = Ethernet
  5832. (57) # Executing section authorize from file /etc/raddb/sites-enabled/default
  5833. (57) authorize {
  5834. (57) policy filter_username {
  5835. (57) if (&User-Name) {
  5836. (57) if (&User-Name) -> TRUE
  5837. (57) if (&User-Name) {
  5838. (57) if (&User-Name =~ / /) {
  5839. (57) if (&User-Name =~ / /) -> FALSE
  5840. (57) if (&User-Name =~ /@[^@]*@/ ) {
  5841. (57) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  5842. (57) if (&User-Name =~ /\.\./ ) {
  5843. (57) if (&User-Name =~ /\.\./ ) -> FALSE
  5844. (57) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  5845. (57) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  5846. (57) if (&User-Name =~ /\.$/) {
  5847. (57) if (&User-Name =~ /\.$/) -> FALSE
  5848. (57) if (&User-Name =~ /@\./) {
  5849. (57) if (&User-Name =~ /@\./) -> FALSE
  5850. (57) } # if (&User-Name) = notfound
  5851. (57) } # policy filter_username = notfound
  5852. (57) [preprocess] = ok
  5853. (57) [chap] = noop
  5854. (57) [mschap] = noop
  5855. (57) [digest] = noop
  5856. (57) suffix: Checking for suffix after "@"
  5857. (57) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  5858. (57) suffix: No such realm "NULL"
  5859. (57) [suffix] = noop
  5860. (57) eap: Peer sent EAP Response (code 2) ID 57 length 15
  5861. (57) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  5862. (57) [eap] = ok
  5863. (57) } # authorize = ok
  5864. (57) Found Auth-Type = eap
  5865. (57) # Executing group from file /etc/raddb/sites-enabled/default
  5866. (57) authenticate {
  5867. (57) eap: Peer sent packet with method EAP Identity (1)
  5868. (57) eap: Calling submodule eap_peap to process data
  5869. (57) eap_peap: Initiating new EAP-TLS session
  5870. (57) eap_peap: [eaptls start] = request
  5871. (57) eap: Sending EAP Request (code 1) ID 58 length 6
  5872. (57) eap: EAP session adding &reply:State = 0x6f6bbe6e6f51a7e1
  5873. (57) [eap] = handled
  5874. (57) } # authenticate = handled
  5875. (57) Using Post-Auth-Type Challenge
  5876. (57) Post-Auth-Type sub-section not found. Ignoring.
  5877. (57) # Executing group from file /etc/raddb/sites-enabled/default
  5878. (57) Sent Access-Challenge Id 48 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  5879. (57) EAP-Message = 0x013a00061920
  5880. (57) Message-Authenticator = 0x00000000000000000000000000000000
  5881. (57) State = 0x6f6bbe6e6f51a7e11f767033cd338cbf
  5882. (57) Finished request
  5883. Waking up in 3.4 seconds.
  5884. (58) Received Access-Request Id 49 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  5885. (58) User-Name = "vkratsberg"
  5886. (58) NAS-Port = 358
  5887. (58) State = 0x6f6bbe6e6f51a7e11f767033cd338cbf
  5888. (58) EAP-Message = 0x023a00a31980000000991603010094010000900301574f326d93e95ede32a12eb54bd97ef966ff8fe469eee5ed2934ca2bd308a84f2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  5889. (58) Message-Authenticator = 0x07089c7bfbd0f172ed729f93bf03e0dc
  5890. (58) Acct-Session-Id = "8O2.1x81bb0d510006dc2d"
  5891. (58) NAS-Port-Id = "ge-3/0/6.0"
  5892. (58) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  5893. (58) Called-Station-Id = "ec-3e-f7-68-35-00"
  5894. (58) NAS-IP-Address = 10.8.0.111
  5895. (58) NAS-Identifier = "nyc-access-sw011"
  5896. (58) NAS-Port-Type = Ethernet
  5897. (58) session-state: No cached attributes
  5898. (58) # Executing section authorize from file /etc/raddb/sites-enabled/default
  5899. (58) authorize {
  5900. (58) policy filter_username {
  5901. (58) if (&User-Name) {
  5902. (58) if (&User-Name) -> TRUE
  5903. (58) if (&User-Name) {
  5904. (58) if (&User-Name =~ / /) {
  5905. (58) if (&User-Name =~ / /) -> FALSE
  5906. (58) if (&User-Name =~ /@[^@]*@/ ) {
  5907. (58) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  5908. (58) if (&User-Name =~ /\.\./ ) {
  5909. (58) if (&User-Name =~ /\.\./ ) -> FALSE
  5910. (58) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  5911. (58) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  5912. (58) if (&User-Name =~ /\.$/) {
  5913. (58) if (&User-Name =~ /\.$/) -> FALSE
  5914. (58) if (&User-Name =~ /@\./) {
  5915. (58) if (&User-Name =~ /@\./) -> FALSE
  5916. (58) } # if (&User-Name) = notfound
  5917. (58) } # policy filter_username = notfound
  5918. (58) [preprocess] = ok
  5919. (58) [chap] = noop
  5920. (58) [mschap] = noop
  5921. (58) [digest] = noop
  5922. (58) suffix: Checking for suffix after "@"
  5923. (58) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  5924. (58) suffix: No such realm "NULL"
  5925. (58) [suffix] = noop
  5926. (58) eap: Peer sent EAP Response (code 2) ID 58 length 163
  5927. (58) eap: Continuing tunnel setup
  5928. (58) [eap] = ok
  5929. (58) } # authorize = ok
  5930. (58) Found Auth-Type = eap
  5931. (58) # Executing group from file /etc/raddb/sites-enabled/default
  5932. (58) authenticate {
  5933. (58) eap: Expiring EAP session with state 0x6f6bbe6e6f51a7e1
  5934. (58) eap: Finished EAP session with state 0x6f6bbe6e6f51a7e1
  5935. (58) eap: Previous EAP request found for state 0x6f6bbe6e6f51a7e1, released from the list
  5936. (58) eap: Peer sent packet with method EAP PEAP (25)
  5937. (58) eap: Calling submodule eap_peap to process data
  5938. (58) eap_peap: Continuing EAP-TLS
  5939. (58) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  5940. (58) eap_peap: Got complete TLS record (153 bytes)
  5941. (58) eap_peap: [eaptls verify] = length included
  5942. (58) eap_peap: (other): before/accept initialization
  5943. (58) eap_peap: TLS_accept: before/accept initialization
  5944. (58) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  5945. (58) eap_peap: TLS_accept: SSLv3 read client hello A
  5946. (58) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  5947. (58) eap_peap: TLS_accept: SSLv3 write server hello A
  5948. (58) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  5949. (58) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  5950. (58) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  5951. (58) eap_peap: TLS_accept: SSLv3 write finished A
  5952. (58) eap_peap: TLS_accept: SSLv3 flush data
  5953. (58) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  5954. (58) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  5955. (58) eap_peap: In SSL Handshake Phase
  5956. (58) eap_peap: In SSL Accept mode
  5957. (58) eap_peap: [eaptls process] = handled
  5958. (58) eap: Sending EAP Request (code 1) ID 59 length 159
  5959. (58) eap: EAP session adding &reply:State = 0x6f6bbe6e6e50a7e1
  5960. (58) [eap] = handled
  5961. (58) } # authenticate = handled
  5962. (58) Using Post-Auth-Type Challenge
  5963. (58) Post-Auth-Type sub-section not found. Ignoring.
  5964. (58) # Executing group from file /etc/raddb/sites-enabled/default
  5965. (58) Sent Access-Challenge Id 49 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  5966. (58) EAP-Message = 0x013b009f19001603010059020000550301574f326da57bbe3214cf519003758eb78380553275bb42de20da982fef55e0662099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b0004030001021403010001011603010030a9d478404417e277
  5967. (58) Message-Authenticator = 0x00000000000000000000000000000000
  5968. (58) State = 0x6f6bbe6e6e50a7e11f767033cd338cbf
  5969. (58) Finished request
  5970. Waking up in 3.4 seconds.
  5971. (59) Received Access-Request Id 50 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  5972. (59) User-Name = "vkratsberg"
  5973. (59) NAS-Port = 358
  5974. (59) State = 0x6f6bbe6e6e50a7e11f767033cd338cbf
  5975. (59) EAP-Message = 0x023b004519800000003b1403010001011603010030e5f46bae78ccde594c32ac2ff16a47a1524cd99f86fbb62713a68b30175969303923fe46becc9ffb439d325a502c1f19
  5976. (59) Message-Authenticator = 0x7bde304a0da52068173eeed1f40be504
  5977. (59) Acct-Session-Id = "8O2.1x81bb0d510006dc2d"
  5978. (59) NAS-Port-Id = "ge-3/0/6.0"
  5979. (59) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  5980. (59) Called-Station-Id = "ec-3e-f7-68-35-00"
  5981. (59) NAS-IP-Address = 10.8.0.111
  5982. (59) NAS-Identifier = "nyc-access-sw011"
  5983. (59) NAS-Port-Type = Ethernet
  5984. (59) session-state: No cached attributes
  5985. (59) # Executing section authorize from file /etc/raddb/sites-enabled/default
  5986. (59) authorize {
  5987. (59) policy filter_username {
  5988. (59) if (&User-Name) {
  5989. (59) if (&User-Name) -> TRUE
  5990. (59) if (&User-Name) {
  5991. (59) if (&User-Name =~ / /) {
  5992. (59) if (&User-Name =~ / /) -> FALSE
  5993. (59) if (&User-Name =~ /@[^@]*@/ ) {
  5994. (59) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  5995. (59) if (&User-Name =~ /\.\./ ) {
  5996. (59) if (&User-Name =~ /\.\./ ) -> FALSE
  5997. (59) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  5998. (59) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  5999. (59) if (&User-Name =~ /\.$/) {
  6000. (59) if (&User-Name =~ /\.$/) -> FALSE
  6001. (59) if (&User-Name =~ /@\./) {
  6002. (59) if (&User-Name =~ /@\./) -> FALSE
  6003. (59) } # if (&User-Name) = notfound
  6004. (59) } # policy filter_username = notfound
  6005. (59) [preprocess] = ok
  6006. (59) [chap] = noop
  6007. (59) [mschap] = noop
  6008. (59) [digest] = noop
  6009. (59) suffix: Checking for suffix after "@"
  6010. (59) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  6011. (59) suffix: No such realm "NULL"
  6012. (59) [suffix] = noop
  6013. (59) eap: Peer sent EAP Response (code 2) ID 59 length 69
  6014. (59) eap: Continuing tunnel setup
  6015. (59) [eap] = ok
  6016. (59) } # authorize = ok
  6017. (59) Found Auth-Type = eap
  6018. (59) # Executing group from file /etc/raddb/sites-enabled/default
  6019. (59) authenticate {
  6020. (59) eap: Expiring EAP session with state 0x6f6bbe6e6e50a7e1
  6021. (59) eap: Finished EAP session with state 0x6f6bbe6e6e50a7e1
  6022. (59) eap: Previous EAP request found for state 0x6f6bbe6e6e50a7e1, released from the list
  6023. (59) eap: Peer sent packet with method EAP PEAP (25)
  6024. (59) eap: Calling submodule eap_peap to process data
  6025. (59) eap_peap: Continuing EAP-TLS
  6026. (59) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  6027. (59) eap_peap: Got complete TLS record (59 bytes)
  6028. (59) eap_peap: [eaptls verify] = length included
  6029. (59) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  6030. (59) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  6031. (59) eap_peap: TLS_accept: SSLv3 read finished A
  6032. (59) eap_peap: (other): SSL negotiation finished successfully
  6033. (59) eap_peap: SSL Connection Established
  6034. (59) eap_peap: SSL Application Data
  6035. (59) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  6036. (59) eap_peap: reply:User-Name = "vkratsberg"
  6037. (59) eap_peap: [eaptls process] = success
  6038. (59) eap_peap: Session established. Decoding tunneled attributes
  6039. (59) eap_peap: PEAP state TUNNEL ESTABLISHED
  6040. (59) eap_peap: Skipping Phase2 because of session resumption
  6041. (59) eap_peap: SUCCESS
  6042. (59) eap: Sending EAP Request (code 1) ID 60 length 43
  6043. (59) eap: EAP session adding &reply:State = 0x6f6bbe6e6d57a7e1
  6044. (59) [eap] = handled
  6045. (59) } # authenticate = handled
  6046. (59) Using Post-Auth-Type Challenge
  6047. (59) Post-Auth-Type sub-section not found. Ignoring.
  6048. (59) # Executing group from file /etc/raddb/sites-enabled/default
  6049. (59) Sent Access-Challenge Id 50 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  6050. (59) User-Name = "vkratsberg"
  6051. (59) EAP-Message = 0x013c002b19001703010020b9d85a2549efc11658af8aae756154dc444a1e69d1660fe1eb3e50804b780bb3
  6052. (59) Message-Authenticator = 0x00000000000000000000000000000000
  6053. (59) State = 0x6f6bbe6e6d57a7e11f767033cd338cbf
  6054. (59) Finished request
  6055. Waking up in 3.4 seconds.
  6056. (60) Received Access-Request Id 51 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  6057. (60) User-Name = "vkratsberg"
  6058. (60) NAS-Port = 358
  6059. (60) State = 0x6f6bbe6e6d57a7e11f767033cd338cbf
  6060. (60) EAP-Message = 0x023c002b1900170301002049ea7fd7e0621d700842b08289b3dfa95607b9e48bbb5765fd262dbe7d5bb8b1
  6061. (60) Message-Authenticator = 0x2a9795feeffcca20844d49ee52fc66ba
  6062. (60) Acct-Session-Id = "8O2.1x81bb0d510006dc2d"
  6063. (60) NAS-Port-Id = "ge-3/0/6.0"
  6064. (60) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  6065. (60) Called-Station-Id = "ec-3e-f7-68-35-00"
  6066. (60) NAS-IP-Address = 10.8.0.111
  6067. (60) NAS-Identifier = "nyc-access-sw011"
  6068. (60) NAS-Port-Type = Ethernet
  6069. (60) session-state: No cached attributes
  6070. (60) # Executing section authorize from file /etc/raddb/sites-enabled/default
  6071. (60) authorize {
  6072. (60) policy filter_username {
  6073. (60) if (&User-Name) {
  6074. (60) if (&User-Name) -> TRUE
  6075. (60) if (&User-Name) {
  6076. (60) if (&User-Name =~ / /) {
  6077. (60) if (&User-Name =~ / /) -> FALSE
  6078. (60) if (&User-Name =~ /@[^@]*@/ ) {
  6079. (60) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  6080. (60) if (&User-Name =~ /\.\./ ) {
  6081. (60) if (&User-Name =~ /\.\./ ) -> FALSE
  6082. (60) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  6083. (60) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  6084. (60) if (&User-Name =~ /\.$/) {
  6085. (60) if (&User-Name =~ /\.$/) -> FALSE
  6086. (60) if (&User-Name =~ /@\./) {
  6087. (60) if (&User-Name =~ /@\./) -> FALSE
  6088. (60) } # if (&User-Name) = notfound
  6089. (60) } # policy filter_username = notfound
  6090. (60) [preprocess] = ok
  6091. (60) [chap] = noop
  6092. (60) [mschap] = noop
  6093. (60) [digest] = noop
  6094. (60) suffix: Checking for suffix after "@"
  6095. (60) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  6096. (60) suffix: No such realm "NULL"
  6097. (60) [suffix] = noop
  6098. (60) eap: Peer sent EAP Response (code 2) ID 60 length 43
  6099. (60) eap: Continuing tunnel setup
  6100. (60) [eap] = ok
  6101. (60) } # authorize = ok
  6102. (60) Found Auth-Type = eap
  6103. (60) # Executing group from file /etc/raddb/sites-enabled/default
  6104. (60) authenticate {
  6105. (60) eap: Expiring EAP session with state 0x6f6bbe6e6d57a7e1
  6106. (60) eap: Finished EAP session with state 0x6f6bbe6e6d57a7e1
  6107. (60) eap: Previous EAP request found for state 0x6f6bbe6e6d57a7e1, released from the list
  6108. (60) eap: Peer sent packet with method EAP PEAP (25)
  6109. (60) eap: Calling submodule eap_peap to process data
  6110. (60) eap_peap: Continuing EAP-TLS
  6111. (60) eap_peap: [eaptls verify] = ok
  6112. (60) eap_peap: Done initial handshake
  6113. (60) eap_peap: [eaptls process] = ok
  6114. (60) eap_peap: Session established. Decoding tunneled attributes
  6115. (60) eap_peap: PEAP state send tlv success
  6116. (60) eap_peap: Received EAP-TLV response
  6117. (60) eap_peap: Success
  6118. (60) eap_peap: No saved attributes in the original Access-Accept
  6119. (60) eap: Sending EAP Success (code 3) ID 60 length 4
  6120. (60) eap: Freeing handler
  6121. (60) [eap] = ok
  6122. (60) } # authenticate = ok
  6123. (60) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  6124. (60) post-auth {
  6125. (60) update {
  6126. (60) No attributes updated
  6127. (60) } # update = noop
  6128. (60) [exec] = noop
  6129. (60) policy remove_reply_message_if_eap {
  6130. (60) if (&reply:EAP-Message && &reply:Reply-Message) {
  6131. (60) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  6132. (60) else {
  6133. (60) [noop] = noop
  6134. (60) } # else = noop
  6135. (60) } # policy remove_reply_message_if_eap = noop
  6136. (60) } # post-auth = noop
  6137. (60) Sent Access-Accept Id 51 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  6138. (60) MS-MPPE-Recv-Key = 0x8aa7347baf67f97f0da852d10fa36092f272af0bac8a6ac712bb3904d5d7dced
  6139. (60) MS-MPPE-Send-Key = 0x5262aac3db1264ff69063b091a171ae42b433480dff128b2bb93673caa860566
  6140. (60) EAP-Message = 0x033c0004
  6141. (60) Message-Authenticator = 0x00000000000000000000000000000000
  6142. (60) User-Name = "vkratsberg"
  6143. (60) Finished request
  6144. Waking up in 3.4 seconds.
  6145. (61) Received Access-Request Id 52 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  6146. (61) User-Name = "vkratsberg"
  6147. (61) NAS-Port = 358
  6148. (61) EAP-Message = 0x023d000f01766b7261747362657267
  6149. (61) Message-Authenticator = 0x34be0adc2459cb807c96c2a7eb6a2ab5
  6150. (61) Acct-Session-Id = "8O2.1x81bb0d5200087afa"
  6151. (61) NAS-Port-Id = "ge-3/0/6.0"
  6152. (61) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  6153. (61) Called-Station-Id = "ec-3e-f7-68-35-00"
  6154. (61) NAS-IP-Address = 10.8.0.111
  6155. (61) NAS-Identifier = "nyc-access-sw011"
  6156. (61) NAS-Port-Type = Ethernet
  6157. (61) # Executing section authorize from file /etc/raddb/sites-enabled/default
  6158. (61) authorize {
  6159. (61) policy filter_username {
  6160. (61) if (&User-Name) {
  6161. (61) if (&User-Name) -> TRUE
  6162. (61) if (&User-Name) {
  6163. (61) if (&User-Name =~ / /) {
  6164. (61) if (&User-Name =~ / /) -> FALSE
  6165. (61) if (&User-Name =~ /@[^@]*@/ ) {
  6166. (61) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  6167. (61) if (&User-Name =~ /\.\./ ) {
  6168. (61) if (&User-Name =~ /\.\./ ) -> FALSE
  6169. (61) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  6170. (61) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  6171. (61) if (&User-Name =~ /\.$/) {
  6172. (61) if (&User-Name =~ /\.$/) -> FALSE
  6173. (61) if (&User-Name =~ /@\./) {
  6174. (61) if (&User-Name =~ /@\./) -> FALSE
  6175. (61) } # if (&User-Name) = notfound
  6176. (61) } # policy filter_username = notfound
  6177. (61) [preprocess] = ok
  6178. (61) [chap] = noop
  6179. (61) [mschap] = noop
  6180. (61) [digest] = noop
  6181. (61) suffix: Checking for suffix after "@"
  6182. (61) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  6183. (61) suffix: No such realm "NULL"
  6184. (61) [suffix] = noop
  6185. (61) eap: Peer sent EAP Response (code 2) ID 61 length 15
  6186. (61) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  6187. (61) [eap] = ok
  6188. (61) } # authorize = ok
  6189. (61) Found Auth-Type = eap
  6190. (61) # Executing group from file /etc/raddb/sites-enabled/default
  6191. (61) authenticate {
  6192. (61) eap: Peer sent packet with method EAP Identity (1)
  6193. (61) eap: Calling submodule eap_peap to process data
  6194. (61) eap_peap: Initiating new EAP-TLS session
  6195. (61) eap_peap: [eaptls start] = request
  6196. (61) eap: Sending EAP Request (code 1) ID 62 length 6
  6197. (61) eap: EAP session adding &reply:State = 0x57aceeaa5792f7b7
  6198. (61) [eap] = handled
  6199. (61) } # authenticate = handled
  6200. (61) Using Post-Auth-Type Challenge
  6201. (61) Post-Auth-Type sub-section not found. Ignoring.
  6202. (61) # Executing group from file /etc/raddb/sites-enabled/default
  6203. (61) Sent Access-Challenge Id 52 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  6204. (61) EAP-Message = 0x013e00061920
  6205. (61) Message-Authenticator = 0x00000000000000000000000000000000
  6206. (61) State = 0x57aceeaa5792f7b7b72270d892469f43
  6207. (61) Finished request
  6208. Waking up in 3.3 seconds.
  6209. (62) Received Access-Request Id 53 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  6210. (62) User-Name = "vkratsberg"
  6211. (62) NAS-Port = 358
  6212. (62) State = 0x57aceeaa5792f7b7b72270d892469f43
  6213. (62) EAP-Message = 0x023e00a31980000000991603010094010000900301574f326dcd167c61aa83ad91d3a8839285b93e02ca8ae70e21739124f0c18ec32099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  6214. (62) Message-Authenticator = 0x0c3b16905d46c6376a737398808d1087
  6215. (62) Acct-Session-Id = "8O2.1x81bb0d5200087afa"
  6216. (62) NAS-Port-Id = "ge-3/0/6.0"
  6217. (62) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  6218. (62) Called-Station-Id = "ec-3e-f7-68-35-00"
  6219. (62) NAS-IP-Address = 10.8.0.111
  6220. (62) NAS-Identifier = "nyc-access-sw011"
  6221. (62) NAS-Port-Type = Ethernet
  6222. (62) session-state: No cached attributes
  6223. (62) # Executing section authorize from file /etc/raddb/sites-enabled/default
  6224. (62) authorize {
  6225. (62) policy filter_username {
  6226. (62) if (&User-Name) {
  6227. (62) if (&User-Name) -> TRUE
  6228. (62) if (&User-Name) {
  6229. (62) if (&User-Name =~ / /) {
  6230. (62) if (&User-Name =~ / /) -> FALSE
  6231. (62) if (&User-Name =~ /@[^@]*@/ ) {
  6232. (62) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  6233. (62) if (&User-Name =~ /\.\./ ) {
  6234. (62) if (&User-Name =~ /\.\./ ) -> FALSE
  6235. (62) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  6236. (62) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  6237. (62) if (&User-Name =~ /\.$/) {
  6238. (62) if (&User-Name =~ /\.$/) -> FALSE
  6239. (62) if (&User-Name =~ /@\./) {
  6240. (62) if (&User-Name =~ /@\./) -> FALSE
  6241. (62) } # if (&User-Name) = notfound
  6242. (62) } # policy filter_username = notfound
  6243. (62) [preprocess] = ok
  6244. (62) [chap] = noop
  6245. (62) [mschap] = noop
  6246. (62) [digest] = noop
  6247. (62) suffix: Checking for suffix after "@"
  6248. (62) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  6249. (62) suffix: No such realm "NULL"
  6250. (62) [suffix] = noop
  6251. (62) eap: Peer sent EAP Response (code 2) ID 62 length 163
  6252. (62) eap: Continuing tunnel setup
  6253. (62) [eap] = ok
  6254. (62) } # authorize = ok
  6255. (62) Found Auth-Type = eap
  6256. (62) # Executing group from file /etc/raddb/sites-enabled/default
  6257. (62) authenticate {
  6258. (62) eap: Expiring EAP session with state 0x57aceeaa5792f7b7
  6259. (62) eap: Finished EAP session with state 0x57aceeaa5792f7b7
  6260. (62) eap: Previous EAP request found for state 0x57aceeaa5792f7b7, released from the list
  6261. (62) eap: Peer sent packet with method EAP PEAP (25)
  6262. (62) eap: Calling submodule eap_peap to process data
  6263. (62) eap_peap: Continuing EAP-TLS
  6264. (62) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  6265. (62) eap_peap: Got complete TLS record (153 bytes)
  6266. (62) eap_peap: [eaptls verify] = length included
  6267. (62) eap_peap: (other): before/accept initialization
  6268. (62) eap_peap: TLS_accept: before/accept initialization
  6269. (62) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  6270. (62) eap_peap: TLS_accept: SSLv3 read client hello A
  6271. (62) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  6272. (62) eap_peap: TLS_accept: SSLv3 write server hello A
  6273. (62) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  6274. (62) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  6275. (62) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  6276. (62) eap_peap: TLS_accept: SSLv3 write finished A
  6277. (62) eap_peap: TLS_accept: SSLv3 flush data
  6278. (62) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  6279. (62) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  6280. (62) eap_peap: In SSL Handshake Phase
  6281. (62) eap_peap: In SSL Accept mode
  6282. (62) eap_peap: [eaptls process] = handled
  6283. (62) eap: Sending EAP Request (code 1) ID 63 length 159
  6284. (62) eap: EAP session adding &reply:State = 0x57aceeaa5693f7b7
  6285. (62) [eap] = handled
  6286. (62) } # authenticate = handled
  6287. (62) Using Post-Auth-Type Challenge
  6288. (62) Post-Auth-Type sub-section not found. Ignoring.
  6289. (62) # Executing group from file /etc/raddb/sites-enabled/default
  6290. (62) Sent Access-Challenge Id 53 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  6291. (62) EAP-Message = 0x013f009f19001603010059020000550301574f326dec67cc224630c134aa89a546995cde634350f15b16df70948e2cf8102099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b0004030001021403010001011603010030d0609dd353ade661
  6292. (62) Message-Authenticator = 0x00000000000000000000000000000000
  6293. (62) State = 0x57aceeaa5693f7b7b72270d892469f43
  6294. (62) Finished request
  6295. Waking up in 3.3 seconds.
  6296. (63) Received Access-Request Id 54 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  6297. (63) User-Name = "vkratsberg"
  6298. (63) NAS-Port = 358
  6299. (63) State = 0x57aceeaa5693f7b7b72270d892469f43
  6300. (63) EAP-Message = 0x023f004519800000003b1403010001011603010030ce0a73a05747bd9d2a1ea739d9c1834f305452f97ca0f478d2c43f9f776e4e29ac52af77d4b75f45c3459a55117c0374
  6301. (63) Message-Authenticator = 0xdd3c67f031b12608ebb19009d1a6b099
  6302. (63) Acct-Session-Id = "8O2.1x81bb0d5200087afa"
  6303. (63) NAS-Port-Id = "ge-3/0/6.0"
  6304. (63) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  6305. (63) Called-Station-Id = "ec-3e-f7-68-35-00"
  6306. (63) NAS-IP-Address = 10.8.0.111
  6307. (63) NAS-Identifier = "nyc-access-sw011"
  6308. (63) NAS-Port-Type = Ethernet
  6309. (63) session-state: No cached attributes
  6310. (63) # Executing section authorize from file /etc/raddb/sites-enabled/default
  6311. (63) authorize {
  6312. (63) policy filter_username {
  6313. (63) if (&User-Name) {
  6314. (63) if (&User-Name) -> TRUE
  6315. (63) if (&User-Name) {
  6316. (63) if (&User-Name =~ / /) {
  6317. (63) if (&User-Name =~ / /) -> FALSE
  6318. (63) if (&User-Name =~ /@[^@]*@/ ) {
  6319. (63) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  6320. (63) if (&User-Name =~ /\.\./ ) {
  6321. (63) if (&User-Name =~ /\.\./ ) -> FALSE
  6322. (63) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  6323. (63) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  6324. (63) if (&User-Name =~ /\.$/) {
  6325. (63) if (&User-Name =~ /\.$/) -> FALSE
  6326. (63) if (&User-Name =~ /@\./) {
  6327. (63) if (&User-Name =~ /@\./) -> FALSE
  6328. (63) } # if (&User-Name) = notfound
  6329. (63) } # policy filter_username = notfound
  6330. (63) [preprocess] = ok
  6331. (63) [chap] = noop
  6332. (63) [mschap] = noop
  6333. (63) [digest] = noop
  6334. (63) suffix: Checking for suffix after "@"
  6335. (63) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  6336. (63) suffix: No such realm "NULL"
  6337. (63) [suffix] = noop
  6338. (63) eap: Peer sent EAP Response (code 2) ID 63 length 69
  6339. (63) eap: Continuing tunnel setup
  6340. (63) [eap] = ok
  6341. (63) } # authorize = ok
  6342. (63) Found Auth-Type = eap
  6343. (63) # Executing group from file /etc/raddb/sites-enabled/default
  6344. (63) authenticate {
  6345. (63) eap: Expiring EAP session with state 0x57aceeaa5693f7b7
  6346. (63) eap: Finished EAP session with state 0x57aceeaa5693f7b7
  6347. (63) eap: Previous EAP request found for state 0x57aceeaa5693f7b7, released from the list
  6348. (63) eap: Peer sent packet with method EAP PEAP (25)
  6349. (63) eap: Calling submodule eap_peap to process data
  6350. (63) eap_peap: Continuing EAP-TLS
  6351. (63) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  6352. (63) eap_peap: Got complete TLS record (59 bytes)
  6353. (63) eap_peap: [eaptls verify] = length included
  6354. (63) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  6355. (63) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  6356. (63) eap_peap: TLS_accept: SSLv3 read finished A
  6357. (63) eap_peap: (other): SSL negotiation finished successfully
  6358. (63) eap_peap: SSL Connection Established
  6359. (63) eap_peap: SSL Application Data
  6360. (63) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  6361. (63) eap_peap: reply:User-Name = "vkratsberg"
  6362. (63) eap_peap: [eaptls process] = success
  6363. (63) eap_peap: Session established. Decoding tunneled attributes
  6364. (63) eap_peap: PEAP state TUNNEL ESTABLISHED
  6365. (63) eap_peap: Skipping Phase2 because of session resumption
  6366. (63) eap_peap: SUCCESS
  6367. (63) eap: Sending EAP Request (code 1) ID 64 length 43
  6368. (63) eap: EAP session adding &reply:State = 0x57aceeaa55ecf7b7
  6369. (63) [eap] = handled
  6370. (63) } # authenticate = handled
  6371. (63) Using Post-Auth-Type Challenge
  6372. (63) Post-Auth-Type sub-section not found. Ignoring.
  6373. (63) # Executing group from file /etc/raddb/sites-enabled/default
  6374. (63) Sent Access-Challenge Id 54 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  6375. (63) User-Name = "vkratsberg"
  6376. (63) EAP-Message = 0x0140002b190017030100205e5e2a713a1f39ebfda45b0f0addd50a0e23be968a2afe5b4a5670812df60658
  6377. (63) Message-Authenticator = 0x00000000000000000000000000000000
  6378. (63) State = 0x57aceeaa55ecf7b7b72270d892469f43
  6379. (63) Finished request
  6380. Waking up in 3.3 seconds.
  6381. (64) Received Access-Request Id 55 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  6382. (64) User-Name = "vkratsberg"
  6383. (64) NAS-Port = 358
  6384. (64) State = 0x57aceeaa55ecf7b7b72270d892469f43
  6385. (64) EAP-Message = 0x0240002b19001703010020cb3a13240986fb1b832afd3ff8ebbc219ee1c59b9f7972026d432f530c946aa4
  6386. (64) Message-Authenticator = 0xc1e23fb71c890025575bbe8902722cd8
  6387. (64) Acct-Session-Id = "8O2.1x81bb0d5200087afa"
  6388. (64) NAS-Port-Id = "ge-3/0/6.0"
  6389. (64) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  6390. (64) Called-Station-Id = "ec-3e-f7-68-35-00"
  6391. (64) NAS-IP-Address = 10.8.0.111
  6392. (64) NAS-Identifier = "nyc-access-sw011"
  6393. (64) NAS-Port-Type = Ethernet
  6394. (64) session-state: No cached attributes
  6395. (64) # Executing section authorize from file /etc/raddb/sites-enabled/default
  6396. (64) authorize {
  6397. (64) policy filter_username {
  6398. (64) if (&User-Name) {
  6399. (64) if (&User-Name) -> TRUE
  6400. (64) if (&User-Name) {
  6401. (64) if (&User-Name =~ / /) {
  6402. (64) if (&User-Name =~ / /) -> FALSE
  6403. (64) if (&User-Name =~ /@[^@]*@/ ) {
  6404. (64) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  6405. (64) if (&User-Name =~ /\.\./ ) {
  6406. (64) if (&User-Name =~ /\.\./ ) -> FALSE
  6407. (64) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  6408. (64) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  6409. (64) if (&User-Name =~ /\.$/) {
  6410. (64) if (&User-Name =~ /\.$/) -> FALSE
  6411. (64) if (&User-Name =~ /@\./) {
  6412. (64) if (&User-Name =~ /@\./) -> FALSE
  6413. (64) } # if (&User-Name) = notfound
  6414. (64) } # policy filter_username = notfound
  6415. (64) [preprocess] = ok
  6416. (64) [chap] = noop
  6417. (64) [mschap] = noop
  6418. (64) [digest] = noop
  6419. (64) suffix: Checking for suffix after "@"
  6420. (64) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  6421. (64) suffix: No such realm "NULL"
  6422. (64) [suffix] = noop
  6423. (64) eap: Peer sent EAP Response (code 2) ID 64 length 43
  6424. (64) eap: Continuing tunnel setup
  6425. (64) [eap] = ok
  6426. (64) } # authorize = ok
  6427. (64) Found Auth-Type = eap
  6428. (64) # Executing group from file /etc/raddb/sites-enabled/default
  6429. (64) authenticate {
  6430. (64) eap: Expiring EAP session with state 0x57aceeaa55ecf7b7
  6431. (64) eap: Finished EAP session with state 0x57aceeaa55ecf7b7
  6432. (64) eap: Previous EAP request found for state 0x57aceeaa55ecf7b7, released from the list
  6433. (64) eap: Peer sent packet with method EAP PEAP (25)
  6434. (64) eap: Calling submodule eap_peap to process data
  6435. (64) eap_peap: Continuing EAP-TLS
  6436. (64) eap_peap: [eaptls verify] = ok
  6437. (64) eap_peap: Done initial handshake
  6438. (64) eap_peap: [eaptls process] = ok
  6439. (64) eap_peap: Session established. Decoding tunneled attributes
  6440. (64) eap_peap: PEAP state send tlv success
  6441. (64) eap_peap: Received EAP-TLV response
  6442. (64) eap_peap: Success
  6443. (64) eap_peap: No saved attributes in the original Access-Accept
  6444. (64) eap: Sending EAP Success (code 3) ID 64 length 4
  6445. (64) eap: Freeing handler
  6446. (64) [eap] = ok
  6447. (64) } # authenticate = ok
  6448. (64) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  6449. (64) post-auth {
  6450. (64) update {
  6451. (64) No attributes updated
  6452. (64) } # update = noop
  6453. (64) [exec] = noop
  6454. (64) policy remove_reply_message_if_eap {
  6455. (64) if (&reply:EAP-Message && &reply:Reply-Message) {
  6456. (64) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  6457. (64) else {
  6458. (64) [noop] = noop
  6459. (64) } # else = noop
  6460. (64) } # policy remove_reply_message_if_eap = noop
  6461. (64) } # post-auth = noop
  6462. (64) Sent Access-Accept Id 55 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  6463. (64) MS-MPPE-Recv-Key = 0x6fa79b0136c08897beb9fe648b56ebc65929548529cc1b983cc5cb6b03326799
  6464. (64) MS-MPPE-Send-Key = 0x1c896d04e161423acb8144331b442c8630f0ea25f1322295f06c1cef699762f2
  6465. (64) EAP-Message = 0x03400004
  6466. (64) Message-Authenticator = 0x00000000000000000000000000000000
  6467. (64) User-Name = "vkratsberg"
  6468. (64) Finished request
  6469. Waking up in 3.3 seconds.
  6470. (65) Received Access-Request Id 56 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  6471. (65) User-Name = "vkratsberg"
  6472. (65) NAS-Port = 358
  6473. (65) EAP-Message = 0x0241000f01766b7261747362657267
  6474. (65) Message-Authenticator = 0x3cc29f14a29b137bfb8cfaf58d4c4653
  6475. (65) Acct-Session-Id = "8O2.1x81bb0d53000a1377"
  6476. (65) NAS-Port-Id = "ge-3/0/6.0"
  6477. (65) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  6478. (65) Called-Station-Id = "ec-3e-f7-68-35-00"
  6479. (65) NAS-IP-Address = 10.8.0.111
  6480. (65) NAS-Identifier = "nyc-access-sw011"
  6481. (65) NAS-Port-Type = Ethernet
  6482. (65) # Executing section authorize from file /etc/raddb/sites-enabled/default
  6483. (65) authorize {
  6484. (65) policy filter_username {
  6485. (65) if (&User-Name) {
  6486. (65) if (&User-Name) -> TRUE
  6487. (65) if (&User-Name) {
  6488. (65) if (&User-Name =~ / /) {
  6489. (65) if (&User-Name =~ / /) -> FALSE
  6490. (65) if (&User-Name =~ /@[^@]*@/ ) {
  6491. (65) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  6492. (65) if (&User-Name =~ /\.\./ ) {
  6493. (65) if (&User-Name =~ /\.\./ ) -> FALSE
  6494. (65) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  6495. (65) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  6496. (65) if (&User-Name =~ /\.$/) {
  6497. (65) if (&User-Name =~ /\.$/) -> FALSE
  6498. (65) if (&User-Name =~ /@\./) {
  6499. (65) if (&User-Name =~ /@\./) -> FALSE
  6500. (65) } # if (&User-Name) = notfound
  6501. (65) } # policy filter_username = notfound
  6502. (65) [preprocess] = ok
  6503. (65) [chap] = noop
  6504. (65) [mschap] = noop
  6505. (65) [digest] = noop
  6506. (65) suffix: Checking for suffix after "@"
  6507. (65) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  6508. (65) suffix: No such realm "NULL"
  6509. (65) [suffix] = noop
  6510. (65) eap: Peer sent EAP Response (code 2) ID 65 length 15
  6511. (65) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  6512. (65) [eap] = ok
  6513. (65) } # authorize = ok
  6514. (65) Found Auth-Type = eap
  6515. (65) # Executing group from file /etc/raddb/sites-enabled/default
  6516. (65) authenticate {
  6517. (65) eap: Peer sent packet with method EAP Identity (1)
  6518. (65) eap: Calling submodule eap_peap to process data
  6519. (65) eap_peap: Initiating new EAP-TLS session
  6520. (65) eap_peap: [eaptls start] = request
  6521. (65) eap: Sending EAP Request (code 1) ID 66 length 6
  6522. (65) eap: EAP session adding &reply:State = 0xfe8dafbafecfb65a
  6523. (65) [eap] = handled
  6524. (65) } # authenticate = handled
  6525. (65) Using Post-Auth-Type Challenge
  6526. (65) Post-Auth-Type sub-section not found. Ignoring.
  6527. (65) # Executing group from file /etc/raddb/sites-enabled/default
  6528. (65) Sent Access-Challenge Id 56 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  6529. (65) EAP-Message = 0x014200061920
  6530. (65) Message-Authenticator = 0x00000000000000000000000000000000
  6531. (65) State = 0xfe8dafbafecfb65ac77a79af0b8d9b3d
  6532. (65) Finished request
  6533. Waking up in 3.2 seconds.
  6534. (66) Received Access-Request Id 57 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  6535. (66) User-Name = "vkratsberg"
  6536. (66) NAS-Port = 358
  6537. (66) State = 0xfe8dafbafecfb65ac77a79af0b8d9b3d
  6538. (66) EAP-Message = 0x024200a31980000000991603010094010000900301574f326d5e00408d94a19321b8db9b8d3a28abc60b818d6e534139293e63b74f2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  6539. (66) Message-Authenticator = 0x9ff8671234776fde53c90fa64a9de80b
  6540. (66) Acct-Session-Id = "8O2.1x81bb0d53000a1377"
  6541. (66) NAS-Port-Id = "ge-3/0/6.0"
  6542. (66) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  6543. (66) Called-Station-Id = "ec-3e-f7-68-35-00"
  6544. (66) NAS-IP-Address = 10.8.0.111
  6545. (66) NAS-Identifier = "nyc-access-sw011"
  6546. (66) NAS-Port-Type = Ethernet
  6547. (66) session-state: No cached attributes
  6548. (66) # Executing section authorize from file /etc/raddb/sites-enabled/default
  6549. (66) authorize {
  6550. (66) policy filter_username {
  6551. (66) if (&User-Name) {
  6552. (66) if (&User-Name) -> TRUE
  6553. (66) if (&User-Name) {
  6554. (66) if (&User-Name =~ / /) {
  6555. (66) if (&User-Name =~ / /) -> FALSE
  6556. (66) if (&User-Name =~ /@[^@]*@/ ) {
  6557. (66) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  6558. (66) if (&User-Name =~ /\.\./ ) {
  6559. (66) if (&User-Name =~ /\.\./ ) -> FALSE
  6560. (66) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  6561. (66) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  6562. (66) if (&User-Name =~ /\.$/) {
  6563. (66) if (&User-Name =~ /\.$/) -> FALSE
  6564. (66) if (&User-Name =~ /@\./) {
  6565. (66) if (&User-Name =~ /@\./) -> FALSE
  6566. (66) } # if (&User-Name) = notfound
  6567. (66) } # policy filter_username = notfound
  6568. (66) [preprocess] = ok
  6569. (66) [chap] = noop
  6570. (66) [mschap] = noop
  6571. (66) [digest] = noop
  6572. (66) suffix: Checking for suffix after "@"
  6573. (66) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  6574. (66) suffix: No such realm "NULL"
  6575. (66) [suffix] = noop
  6576. (66) eap: Peer sent EAP Response (code 2) ID 66 length 163
  6577. (66) eap: Continuing tunnel setup
  6578. (66) [eap] = ok
  6579. (66) } # authorize = ok
  6580. (66) Found Auth-Type = eap
  6581. (66) # Executing group from file /etc/raddb/sites-enabled/default
  6582. (66) authenticate {
  6583. (66) eap: Expiring EAP session with state 0xfe8dafbafecfb65a
  6584. (66) eap: Finished EAP session with state 0xfe8dafbafecfb65a
  6585. (66) eap: Previous EAP request found for state 0xfe8dafbafecfb65a, released from the list
  6586. (66) eap: Peer sent packet with method EAP PEAP (25)
  6587. (66) eap: Calling submodule eap_peap to process data
  6588. (66) eap_peap: Continuing EAP-TLS
  6589. (66) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  6590. (66) eap_peap: Got complete TLS record (153 bytes)
  6591. (66) eap_peap: [eaptls verify] = length included
  6592. (66) eap_peap: (other): before/accept initialization
  6593. (66) eap_peap: TLS_accept: before/accept initialization
  6594. (66) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  6595. (66) eap_peap: TLS_accept: SSLv3 read client hello A
  6596. (66) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  6597. (66) eap_peap: TLS_accept: SSLv3 write server hello A
  6598. (66) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  6599. (66) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  6600. (66) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  6601. (66) eap_peap: TLS_accept: SSLv3 write finished A
  6602. (66) eap_peap: TLS_accept: SSLv3 flush data
  6603. (66) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  6604. (66) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  6605. (66) eap_peap: In SSL Handshake Phase
  6606. (66) eap_peap: In SSL Accept mode
  6607. (66) eap_peap: [eaptls process] = handled
  6608. (66) eap: Sending EAP Request (code 1) ID 67 length 159
  6609. (66) eap: EAP session adding &reply:State = 0xfe8dafbaffceb65a
  6610. (66) [eap] = handled
  6611. (66) } # authenticate = handled
  6612. (66) Using Post-Auth-Type Challenge
  6613. (66) Post-Auth-Type sub-section not found. Ignoring.
  6614. (66) # Executing group from file /etc/raddb/sites-enabled/default
  6615. (66) Sent Access-Challenge Id 57 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  6616. (66) EAP-Message = 0x0143009f19001603010059020000550301574f326d464750283d9b4e99580965692c2bd1a3e47ce939f76472189e9543b82099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b00040300010214030100010116030100300c0c255b678a7037
  6617. (66) Message-Authenticator = 0x00000000000000000000000000000000
  6618. (66) State = 0xfe8dafbaffceb65ac77a79af0b8d9b3d
  6619. (66) Finished request
  6620. Waking up in 3.2 seconds.
  6621. (67) Received Access-Request Id 58 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  6622. (67) User-Name = "vkratsberg"
  6623. (67) NAS-Port = 358
  6624. (67) State = 0xfe8dafbaffceb65ac77a79af0b8d9b3d
  6625. (67) EAP-Message = 0x0243004519800000003b14030100010116030100304bfcf850b7e4a93fc76b318dd6aa0d4a45a99a3dbac0313f103447c231c60834a1ad97c5ae7dd91bdb0ce1ee73b00443
  6626. (67) Message-Authenticator = 0x6e4e81982e17d9ea70a348f77b8e34f8
  6627. (67) Acct-Session-Id = "8O2.1x81bb0d53000a1377"
  6628. (67) NAS-Port-Id = "ge-3/0/6.0"
  6629. (67) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  6630. (67) Called-Station-Id = "ec-3e-f7-68-35-00"
  6631. (67) NAS-IP-Address = 10.8.0.111
  6632. (67) NAS-Identifier = "nyc-access-sw011"
  6633. (67) NAS-Port-Type = Ethernet
  6634. (67) session-state: No cached attributes
  6635. (67) # Executing section authorize from file /etc/raddb/sites-enabled/default
  6636. (67) authorize {
  6637. (67) policy filter_username {
  6638. (67) if (&User-Name) {
  6639. (67) if (&User-Name) -> TRUE
  6640. (67) if (&User-Name) {
  6641. (67) if (&User-Name =~ / /) {
  6642. (67) if (&User-Name =~ / /) -> FALSE
  6643. (67) if (&User-Name =~ /@[^@]*@/ ) {
  6644. (67) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  6645. (67) if (&User-Name =~ /\.\./ ) {
  6646. (67) if (&User-Name =~ /\.\./ ) -> FALSE
  6647. (67) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  6648. (67) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  6649. (67) if (&User-Name =~ /\.$/) {
  6650. (67) if (&User-Name =~ /\.$/) -> FALSE
  6651. (67) if (&User-Name =~ /@\./) {
  6652. (67) if (&User-Name =~ /@\./) -> FALSE
  6653. (67) } # if (&User-Name) = notfound
  6654. (67) } # policy filter_username = notfound
  6655. (67) [preprocess] = ok
  6656. (67) [chap] = noop
  6657. (67) [mschap] = noop
  6658. (67) [digest] = noop
  6659. (67) suffix: Checking for suffix after "@"
  6660. (67) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  6661. (67) suffix: No such realm "NULL"
  6662. (67) [suffix] = noop
  6663. (67) eap: Peer sent EAP Response (code 2) ID 67 length 69
  6664. (67) eap: Continuing tunnel setup
  6665. (67) [eap] = ok
  6666. (67) } # authorize = ok
  6667. (67) Found Auth-Type = eap
  6668. (67) # Executing group from file /etc/raddb/sites-enabled/default
  6669. (67) authenticate {
  6670. (67) eap: Expiring EAP session with state 0xfe8dafbaffceb65a
  6671. (67) eap: Finished EAP session with state 0xfe8dafbaffceb65a
  6672. (67) eap: Previous EAP request found for state 0xfe8dafbaffceb65a, released from the list
  6673. (67) eap: Peer sent packet with method EAP PEAP (25)
  6674. (67) eap: Calling submodule eap_peap to process data
  6675. (67) eap_peap: Continuing EAP-TLS
  6676. (67) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  6677. (67) eap_peap: Got complete TLS record (59 bytes)
  6678. (67) eap_peap: [eaptls verify] = length included
  6679. (67) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  6680. (67) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  6681. (67) eap_peap: TLS_accept: SSLv3 read finished A
  6682. (67) eap_peap: (other): SSL negotiation finished successfully
  6683. (67) eap_peap: SSL Connection Established
  6684. (67) eap_peap: SSL Application Data
  6685. (67) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  6686. (67) eap_peap: reply:User-Name = "vkratsberg"
  6687. (67) eap_peap: [eaptls process] = success
  6688. (67) eap_peap: Session established. Decoding tunneled attributes
  6689. (67) eap_peap: PEAP state TUNNEL ESTABLISHED
  6690. (67) eap_peap: Skipping Phase2 because of session resumption
  6691. (67) eap_peap: SUCCESS
  6692. (67) eap: Sending EAP Request (code 1) ID 68 length 43
  6693. (67) eap: EAP session adding &reply:State = 0xfe8dafbafcc9b65a
  6694. (67) [eap] = handled
  6695. (67) } # authenticate = handled
  6696. (67) Using Post-Auth-Type Challenge
  6697. (67) Post-Auth-Type sub-section not found. Ignoring.
  6698. (67) # Executing group from file /etc/raddb/sites-enabled/default
  6699. (67) Sent Access-Challenge Id 58 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  6700. (67) User-Name = "vkratsberg"
  6701. (67) EAP-Message = 0x0144002b1900170301002032d12755e2a63e11975f128c4bdd15d6e6382290c9110d8ed89f08de949a6ab5
  6702. (67) Message-Authenticator = 0x00000000000000000000000000000000
  6703. (67) State = 0xfe8dafbafcc9b65ac77a79af0b8d9b3d
  6704. (67) Finished request
  6705. Waking up in 3.2 seconds.
  6706. (68) Received Access-Request Id 59 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  6707. (68) User-Name = "vkratsberg"
  6708. (68) NAS-Port = 358
  6709. (68) State = 0xfe8dafbafcc9b65ac77a79af0b8d9b3d
  6710. (68) EAP-Message = 0x0244002b1900170301002049db1e969d180f72c9c064c59ac9dfbdaec30eb93fd6ae4e12d26c477fe5c77c
  6711. (68) Message-Authenticator = 0x40a728bea5f40a11c540c21b72f2382b
  6712. (68) Acct-Session-Id = "8O2.1x81bb0d53000a1377"
  6713. (68) NAS-Port-Id = "ge-3/0/6.0"
  6714. (68) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  6715. (68) Called-Station-Id = "ec-3e-f7-68-35-00"
  6716. (68) NAS-IP-Address = 10.8.0.111
  6717. (68) NAS-Identifier = "nyc-access-sw011"
  6718. (68) NAS-Port-Type = Ethernet
  6719. (68) session-state: No cached attributes
  6720. (68) # Executing section authorize from file /etc/raddb/sites-enabled/default
  6721. (68) authorize {
  6722. (68) policy filter_username {
  6723. (68) if (&User-Name) {
  6724. (68) if (&User-Name) -> TRUE
  6725. (68) if (&User-Name) {
  6726. (68) if (&User-Name =~ / /) {
  6727. (68) if (&User-Name =~ / /) -> FALSE
  6728. (68) if (&User-Name =~ /@[^@]*@/ ) {
  6729. (68) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  6730. (68) if (&User-Name =~ /\.\./ ) {
  6731. (68) if (&User-Name =~ /\.\./ ) -> FALSE
  6732. (68) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  6733. (68) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  6734. (68) if (&User-Name =~ /\.$/) {
  6735. (68) if (&User-Name =~ /\.$/) -> FALSE
  6736. (68) if (&User-Name =~ /@\./) {
  6737. (68) if (&User-Name =~ /@\./) -> FALSE
  6738. (68) } # if (&User-Name) = notfound
  6739. (68) } # policy filter_username = notfound
  6740. (68) [preprocess] = ok
  6741. (68) [chap] = noop
  6742. (68) [mschap] = noop
  6743. (68) [digest] = noop
  6744. (68) suffix: Checking for suffix after "@"
  6745. (68) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  6746. (68) suffix: No such realm "NULL"
  6747. (68) [suffix] = noop
  6748. (68) eap: Peer sent EAP Response (code 2) ID 68 length 43
  6749. (68) eap: Continuing tunnel setup
  6750. (68) [eap] = ok
  6751. (68) } # authorize = ok
  6752. (68) Found Auth-Type = eap
  6753. (68) # Executing group from file /etc/raddb/sites-enabled/default
  6754. (68) authenticate {
  6755. (68) eap: Expiring EAP session with state 0xfe8dafbafcc9b65a
  6756. (68) eap: Finished EAP session with state 0xfe8dafbafcc9b65a
  6757. (68) eap: Previous EAP request found for state 0xfe8dafbafcc9b65a, released from the list
  6758. (68) eap: Peer sent packet with method EAP PEAP (25)
  6759. (68) eap: Calling submodule eap_peap to process data
  6760. (68) eap_peap: Continuing EAP-TLS
  6761. (68) eap_peap: [eaptls verify] = ok
  6762. (68) eap_peap: Done initial handshake
  6763. (68) eap_peap: [eaptls process] = ok
  6764. (68) eap_peap: Session established. Decoding tunneled attributes
  6765. (68) eap_peap: PEAP state send tlv success
  6766. (68) eap_peap: Received EAP-TLV response
  6767. (68) eap_peap: Success
  6768. (68) eap_peap: No saved attributes in the original Access-Accept
  6769. (68) eap: Sending EAP Success (code 3) ID 68 length 4
  6770. (68) eap: Freeing handler
  6771. (68) [eap] = ok
  6772. (68) } # authenticate = ok
  6773. (68) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  6774. (68) post-auth {
  6775. (68) update {
  6776. (68) No attributes updated
  6777. (68) } # update = noop
  6778. (68) [exec] = noop
  6779. (68) policy remove_reply_message_if_eap {
  6780. (68) if (&reply:EAP-Message && &reply:Reply-Message) {
  6781. (68) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  6782. (68) else {
  6783. (68) [noop] = noop
  6784. (68) } # else = noop
  6785. (68) } # policy remove_reply_message_if_eap = noop
  6786. (68) } # post-auth = noop
  6787. (68) Sent Access-Accept Id 59 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  6788. (68) MS-MPPE-Recv-Key = 0xa1eee8bd2421fb9ea02e144b267609db07f970bdf59e415bf150d7a2c4252de0
  6789. (68) MS-MPPE-Send-Key = 0x15200fbbbee699b046cea7ce7f1727453e7f5755ffb6d0c6a25d003058ce9e37
  6790. (68) EAP-Message = 0x03440004
  6791. (68) Message-Authenticator = 0x00000000000000000000000000000000
  6792. (68) User-Name = "vkratsberg"
  6793. (68) Finished request
  6794. Waking up in 3.2 seconds.
  6795. (69) Received Access-Request Id 60 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  6796. (69) User-Name = "vkratsberg"
  6797. (69) NAS-Port = 358
  6798. (69) EAP-Message = 0x0245000f01766b7261747362657267
  6799. (69) Message-Authenticator = 0xc5c45fb74c6fdb77b6fea0c5b8baf3a4
  6800. (69) Acct-Session-Id = "8O2.1x81bb0d54000bb4f9"
  6801. (69) NAS-Port-Id = "ge-3/0/6.0"
  6802. (69) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  6803. (69) Called-Station-Id = "ec-3e-f7-68-35-00"
  6804. (69) NAS-IP-Address = 10.8.0.111
  6805. (69) NAS-Identifier = "nyc-access-sw011"
  6806. (69) NAS-Port-Type = Ethernet
  6807. (69) # Executing section authorize from file /etc/raddb/sites-enabled/default
  6808. (69) authorize {
  6809. (69) policy filter_username {
  6810. (69) if (&User-Name) {
  6811. (69) if (&User-Name) -> TRUE
  6812. (69) if (&User-Name) {
  6813. (69) if (&User-Name =~ / /) {
  6814. (69) if (&User-Name =~ / /) -> FALSE
  6815. (69) if (&User-Name =~ /@[^@]*@/ ) {
  6816. (69) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  6817. (69) if (&User-Name =~ /\.\./ ) {
  6818. (69) if (&User-Name =~ /\.\./ ) -> FALSE
  6819. (69) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  6820. (69) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  6821. (69) if (&User-Name =~ /\.$/) {
  6822. (69) if (&User-Name =~ /\.$/) -> FALSE
  6823. (69) if (&User-Name =~ /@\./) {
  6824. (69) if (&User-Name =~ /@\./) -> FALSE
  6825. (69) } # if (&User-Name) = notfound
  6826. (69) } # policy filter_username = notfound
  6827. (69) [preprocess] = ok
  6828. (69) [chap] = noop
  6829. (69) [mschap] = noop
  6830. (69) [digest] = noop
  6831. (69) suffix: Checking for suffix after "@"
  6832. (69) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  6833. (69) suffix: No such realm "NULL"
  6834. (69) [suffix] = noop
  6835. (69) eap: Peer sent EAP Response (code 2) ID 69 length 15
  6836. (69) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  6837. (69) [eap] = ok
  6838. (69) } # authorize = ok
  6839. (69) Found Auth-Type = eap
  6840. (69) # Executing group from file /etc/raddb/sites-enabled/default
  6841. (69) authenticate {
  6842. (69) eap: Peer sent packet with method EAP Identity (1)
  6843. (69) eap: Calling submodule eap_peap to process data
  6844. (69) eap_peap: Initiating new EAP-TLS session
  6845. (69) eap_peap: [eaptls start] = request
  6846. (69) eap: Sending EAP Request (code 1) ID 70 length 6
  6847. (69) eap: EAP session adding &reply:State = 0x16405a97160643cb
  6848. (69) [eap] = handled
  6849. (69) } # authenticate = handled
  6850. (69) Using Post-Auth-Type Challenge
  6851. (69) Post-Auth-Type sub-section not found. Ignoring.
  6852. (69) # Executing group from file /etc/raddb/sites-enabled/default
  6853. (69) Sent Access-Challenge Id 60 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  6854. (69) EAP-Message = 0x014600061920
  6855. (69) Message-Authenticator = 0x00000000000000000000000000000000
  6856. (69) State = 0x16405a97160643cbdc52d8e6ea59e6f3
  6857. (69) Finished request
  6858. Waking up in 3.1 seconds.
  6859. (70) Received Access-Request Id 61 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  6860. (70) User-Name = "vkratsberg"
  6861. (70) NAS-Port = 358
  6862. (70) State = 0x16405a97160643cbdc52d8e6ea59e6f3
  6863. (70) EAP-Message = 0x024600a31980000000991603010094010000900301574f326ded0373c50f31519b62b833dc782497e6e335239bce48a0b9610b934f2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  6864. (70) Message-Authenticator = 0xedcc55e235d015f4d3329e99ad60a8cf
  6865. (70) Acct-Session-Id = "8O2.1x81bb0d54000bb4f9"
  6866. (70) NAS-Port-Id = "ge-3/0/6.0"
  6867. (70) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  6868. (70) Called-Station-Id = "ec-3e-f7-68-35-00"
  6869. (70) NAS-IP-Address = 10.8.0.111
  6870. (70) NAS-Identifier = "nyc-access-sw011"
  6871. (70) NAS-Port-Type = Ethernet
  6872. (70) session-state: No cached attributes
  6873. (70) # Executing section authorize from file /etc/raddb/sites-enabled/default
  6874. (70) authorize {
  6875. (70) policy filter_username {
  6876. (70) if (&User-Name) {
  6877. (70) if (&User-Name) -> TRUE
  6878. (70) if (&User-Name) {
  6879. (70) if (&User-Name =~ / /) {
  6880. (70) if (&User-Name =~ / /) -> FALSE
  6881. (70) if (&User-Name =~ /@[^@]*@/ ) {
  6882. (70) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  6883. (70) if (&User-Name =~ /\.\./ ) {
  6884. (70) if (&User-Name =~ /\.\./ ) -> FALSE
  6885. (70) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  6886. (70) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  6887. (70) if (&User-Name =~ /\.$/) {
  6888. (70) if (&User-Name =~ /\.$/) -> FALSE
  6889. (70) if (&User-Name =~ /@\./) {
  6890. (70) if (&User-Name =~ /@\./) -> FALSE
  6891. (70) } # if (&User-Name) = notfound
  6892. (70) } # policy filter_username = notfound
  6893. (70) [preprocess] = ok
  6894. (70) [chap] = noop
  6895. (70) [mschap] = noop
  6896. (70) [digest] = noop
  6897. (70) suffix: Checking for suffix after "@"
  6898. (70) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  6899. (70) suffix: No such realm "NULL"
  6900. (70) [suffix] = noop
  6901. (70) eap: Peer sent EAP Response (code 2) ID 70 length 163
  6902. (70) eap: Continuing tunnel setup
  6903. (70) [eap] = ok
  6904. (70) } # authorize = ok
  6905. (70) Found Auth-Type = eap
  6906. (70) # Executing group from file /etc/raddb/sites-enabled/default
  6907. (70) authenticate {
  6908. (70) eap: Expiring EAP session with state 0x16405a97160643cb
  6909. (70) eap: Finished EAP session with state 0x16405a97160643cb
  6910. (70) eap: Previous EAP request found for state 0x16405a97160643cb, released from the list
  6911. (70) eap: Peer sent packet with method EAP PEAP (25)
  6912. (70) eap: Calling submodule eap_peap to process data
  6913. (70) eap_peap: Continuing EAP-TLS
  6914. (70) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  6915. (70) eap_peap: Got complete TLS record (153 bytes)
  6916. (70) eap_peap: [eaptls verify] = length included
  6917. (70) eap_peap: (other): before/accept initialization
  6918. (70) eap_peap: TLS_accept: before/accept initialization
  6919. (70) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  6920. (70) eap_peap: TLS_accept: SSLv3 read client hello A
  6921. (70) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  6922. (70) eap_peap: TLS_accept: SSLv3 write server hello A
  6923. (70) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  6924. (70) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  6925. (70) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  6926. (70) eap_peap: TLS_accept: SSLv3 write finished A
  6927. (70) eap_peap: TLS_accept: SSLv3 flush data
  6928. (70) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  6929. (70) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  6930. (70) eap_peap: In SSL Handshake Phase
  6931. (70) eap_peap: In SSL Accept mode
  6932. (70) eap_peap: [eaptls process] = handled
  6933. (70) eap: Sending EAP Request (code 1) ID 71 length 159
  6934. (70) eap: EAP session adding &reply:State = 0x16405a97170743cb
  6935. (70) [eap] = handled
  6936. (70) } # authenticate = handled
  6937. (70) Using Post-Auth-Type Challenge
  6938. (70) Post-Auth-Type sub-section not found. Ignoring.
  6939. (70) # Executing group from file /etc/raddb/sites-enabled/default
  6940. (70) Sent Access-Challenge Id 61 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  6941. (70) EAP-Message = 0x0147009f19001603010059020000550301574f326dde250a6c3dadd39b4c4b8405c3d40823a7eff19e6ed78200488e1b342099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b00040300010214030100010116030100302599c3d9fb0c60e4
  6942. (70) Message-Authenticator = 0x00000000000000000000000000000000
  6943. (70) State = 0x16405a97170743cbdc52d8e6ea59e6f3
  6944. (70) Finished request
  6945. Waking up in 3.1 seconds.
  6946. (71) Received Access-Request Id 62 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  6947. (71) User-Name = "vkratsberg"
  6948. (71) NAS-Port = 358
  6949. (71) State = 0x16405a97170743cbdc52d8e6ea59e6f3
  6950. (71) EAP-Message = 0x0247004519800000003b140301000101160301003053ce23d79329179a745e5a5f89e3cdb0d4fc6a5a70ac7f0465419c5b17a153e295b98f0628c3ec1458fdd8f66f228244
  6951. (71) Message-Authenticator = 0x197686627b0b75c27d3aa7e19a66a401
  6952. (71) Acct-Session-Id = "8O2.1x81bb0d54000bb4f9"
  6953. (71) NAS-Port-Id = "ge-3/0/6.0"
  6954. (71) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  6955. (71) Called-Station-Id = "ec-3e-f7-68-35-00"
  6956. (71) NAS-IP-Address = 10.8.0.111
  6957. (71) NAS-Identifier = "nyc-access-sw011"
  6958. (71) NAS-Port-Type = Ethernet
  6959. (71) session-state: No cached attributes
  6960. (71) # Executing section authorize from file /etc/raddb/sites-enabled/default
  6961. (71) authorize {
  6962. (71) policy filter_username {
  6963. (71) if (&User-Name) {
  6964. (71) if (&User-Name) -> TRUE
  6965. (71) if (&User-Name) {
  6966. (71) if (&User-Name =~ / /) {
  6967. (71) if (&User-Name =~ / /) -> FALSE
  6968. (71) if (&User-Name =~ /@[^@]*@/ ) {
  6969. (71) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  6970. (71) if (&User-Name =~ /\.\./ ) {
  6971. (71) if (&User-Name =~ /\.\./ ) -> FALSE
  6972. (71) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  6973. (71) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  6974. (71) if (&User-Name =~ /\.$/) {
  6975. (71) if (&User-Name =~ /\.$/) -> FALSE
  6976. (71) if (&User-Name =~ /@\./) {
  6977. (71) if (&User-Name =~ /@\./) -> FALSE
  6978. (71) } # if (&User-Name) = notfound
  6979. (71) } # policy filter_username = notfound
  6980. (71) [preprocess] = ok
  6981. (71) [chap] = noop
  6982. (71) [mschap] = noop
  6983. (71) [digest] = noop
  6984. (71) suffix: Checking for suffix after "@"
  6985. (71) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  6986. (71) suffix: No such realm "NULL"
  6987. (71) [suffix] = noop
  6988. (71) eap: Peer sent EAP Response (code 2) ID 71 length 69
  6989. (71) eap: Continuing tunnel setup
  6990. (71) [eap] = ok
  6991. (71) } # authorize = ok
  6992. (71) Found Auth-Type = eap
  6993. (71) # Executing group from file /etc/raddb/sites-enabled/default
  6994. (71) authenticate {
  6995. (71) eap: Expiring EAP session with state 0x16405a97170743cb
  6996. (71) eap: Finished EAP session with state 0x16405a97170743cb
  6997. (71) eap: Previous EAP request found for state 0x16405a97170743cb, released from the list
  6998. (71) eap: Peer sent packet with method EAP PEAP (25)
  6999. (71) eap: Calling submodule eap_peap to process data
  7000. (71) eap_peap: Continuing EAP-TLS
  7001. (71) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  7002. (71) eap_peap: Got complete TLS record (59 bytes)
  7003. (71) eap_peap: [eaptls verify] = length included
  7004. (71) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  7005. (71) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  7006. (71) eap_peap: TLS_accept: SSLv3 read finished A
  7007. (71) eap_peap: (other): SSL negotiation finished successfully
  7008. (71) eap_peap: SSL Connection Established
  7009. (71) eap_peap: SSL Application Data
  7010. (71) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  7011. (71) eap_peap: reply:User-Name = "vkratsberg"
  7012. (71) eap_peap: [eaptls process] = success
  7013. (71) eap_peap: Session established. Decoding tunneled attributes
  7014. (71) eap_peap: PEAP state TUNNEL ESTABLISHED
  7015. (71) eap_peap: Skipping Phase2 because of session resumption
  7016. (71) eap_peap: SUCCESS
  7017. (71) eap: Sending EAP Request (code 1) ID 72 length 43
  7018. (71) eap: EAP session adding &reply:State = 0x16405a97140843cb
  7019. (71) [eap] = handled
  7020. (71) } # authenticate = handled
  7021. (71) Using Post-Auth-Type Challenge
  7022. (71) Post-Auth-Type sub-section not found. Ignoring.
  7023. (71) # Executing group from file /etc/raddb/sites-enabled/default
  7024. (71) Sent Access-Challenge Id 62 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  7025. (71) User-Name = "vkratsberg"
  7026. (71) EAP-Message = 0x0148002b19001703010020f949f9f785dea51bc4bfee9778ecc01d478805fc4bdd5d7e6374d138ad033042
  7027. (71) Message-Authenticator = 0x00000000000000000000000000000000
  7028. (71) State = 0x16405a97140843cbdc52d8e6ea59e6f3
  7029. (71) Finished request
  7030. Waking up in 3.1 seconds.
  7031. (72) Received Access-Request Id 63 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  7032. (72) User-Name = "vkratsberg"
  7033. (72) NAS-Port = 358
  7034. (72) State = 0x16405a97140843cbdc52d8e6ea59e6f3
  7035. (72) EAP-Message = 0x0248002b1900170301002045c27b88880839b5902f8f416d9118e9a3076d2947582bce0413783daf673c5d
  7036. (72) Message-Authenticator = 0x44038631d8ffb2f32211ac82d5a7acfe
  7037. (72) Acct-Session-Id = "8O2.1x81bb0d54000bb4f9"
  7038. (72) NAS-Port-Id = "ge-3/0/6.0"
  7039. (72) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  7040. (72) Called-Station-Id = "ec-3e-f7-68-35-00"
  7041. (72) NAS-IP-Address = 10.8.0.111
  7042. (72) NAS-Identifier = "nyc-access-sw011"
  7043. (72) NAS-Port-Type = Ethernet
  7044. (72) session-state: No cached attributes
  7045. (72) # Executing section authorize from file /etc/raddb/sites-enabled/default
  7046. (72) authorize {
  7047. (72) policy filter_username {
  7048. (72) if (&User-Name) {
  7049. (72) if (&User-Name) -> TRUE
  7050. (72) if (&User-Name) {
  7051. (72) if (&User-Name =~ / /) {
  7052. (72) if (&User-Name =~ / /) -> FALSE
  7053. (72) if (&User-Name =~ /@[^@]*@/ ) {
  7054. (72) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  7055. (72) if (&User-Name =~ /\.\./ ) {
  7056. (72) if (&User-Name =~ /\.\./ ) -> FALSE
  7057. (72) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  7058. (72) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  7059. (72) if (&User-Name =~ /\.$/) {
  7060. (72) if (&User-Name =~ /\.$/) -> FALSE
  7061. (72) if (&User-Name =~ /@\./) {
  7062. (72) if (&User-Name =~ /@\./) -> FALSE
  7063. (72) } # if (&User-Name) = notfound
  7064. (72) } # policy filter_username = notfound
  7065. (72) [preprocess] = ok
  7066. (72) [chap] = noop
  7067. (72) [mschap] = noop
  7068. (72) [digest] = noop
  7069. (72) suffix: Checking for suffix after "@"
  7070. (72) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  7071. (72) suffix: No such realm "NULL"
  7072. (72) [suffix] = noop
  7073. (72) eap: Peer sent EAP Response (code 2) ID 72 length 43
  7074. (72) eap: Continuing tunnel setup
  7075. (72) [eap] = ok
  7076. (72) } # authorize = ok
  7077. (72) Found Auth-Type = eap
  7078. (72) # Executing group from file /etc/raddb/sites-enabled/default
  7079. (72) authenticate {
  7080. (72) eap: Expiring EAP session with state 0x16405a97140843cb
  7081. (72) eap: Finished EAP session with state 0x16405a97140843cb
  7082. (72) eap: Previous EAP request found for state 0x16405a97140843cb, released from the list
  7083. (72) eap: Peer sent packet with method EAP PEAP (25)
  7084. (72) eap: Calling submodule eap_peap to process data
  7085. (72) eap_peap: Continuing EAP-TLS
  7086. (72) eap_peap: [eaptls verify] = ok
  7087. (72) eap_peap: Done initial handshake
  7088. (72) eap_peap: [eaptls process] = ok
  7089. (72) eap_peap: Session established. Decoding tunneled attributes
  7090. (72) eap_peap: PEAP state send tlv success
  7091. (72) eap_peap: Received EAP-TLV response
  7092. (72) eap_peap: Success
  7093. (72) eap_peap: No saved attributes in the original Access-Accept
  7094. (72) eap: Sending EAP Success (code 3) ID 72 length 4
  7095. (72) eap: Freeing handler
  7096. (72) [eap] = ok
  7097. (72) } # authenticate = ok
  7098. (72) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  7099. (72) post-auth {
  7100. (72) update {
  7101. (72) No attributes updated
  7102. (72) } # update = noop
  7103. (72) [exec] = noop
  7104. (72) policy remove_reply_message_if_eap {
  7105. (72) if (&reply:EAP-Message && &reply:Reply-Message) {
  7106. (72) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  7107. (72) else {
  7108. (72) [noop] = noop
  7109. (72) } # else = noop
  7110. (72) } # policy remove_reply_message_if_eap = noop
  7111. (72) } # post-auth = noop
  7112. (72) Sent Access-Accept Id 63 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  7113. (72) MS-MPPE-Recv-Key = 0xfc87a9e6fce856350ec4eff5d60c88fc2e2daa0cea16b4d7036b426eb843c1e4
  7114. (72) MS-MPPE-Send-Key = 0x335471765b3e8f65d2ab2e29c0c3700a80bdc86a2885cfb541e213b1cdee169b
  7115. (72) EAP-Message = 0x03480004
  7116. (72) Message-Authenticator = 0x00000000000000000000000000000000
  7117. (72) User-Name = "vkratsberg"
  7118. (72) Finished request
  7119. Waking up in 3.1 seconds.
  7120. (73) Received Access-Request Id 64 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  7121. (73) User-Name = "vkratsberg"
  7122. (73) NAS-Port = 358
  7123. (73) EAP-Message = 0x0249000f01766b7261747362657267
  7124. (73) Message-Authenticator = 0xf769434e3b5dfaf788271676346ce18c
  7125. (73) Acct-Session-Id = "8O2.1x81bb0d55000d4fce"
  7126. (73) NAS-Port-Id = "ge-3/0/6.0"
  7127. (73) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  7128. (73) Called-Station-Id = "ec-3e-f7-68-35-00"
  7129. (73) NAS-IP-Address = 10.8.0.111
  7130. (73) NAS-Identifier = "nyc-access-sw011"
  7131. (73) NAS-Port-Type = Ethernet
  7132. (73) # Executing section authorize from file /etc/raddb/sites-enabled/default
  7133. (73) authorize {
  7134. (73) policy filter_username {
  7135. (73) if (&User-Name) {
  7136. (73) if (&User-Name) -> TRUE
  7137. (73) if (&User-Name) {
  7138. (73) if (&User-Name =~ / /) {
  7139. (73) if (&User-Name =~ / /) -> FALSE
  7140. (73) if (&User-Name =~ /@[^@]*@/ ) {
  7141. (73) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  7142. (73) if (&User-Name =~ /\.\./ ) {
  7143. (73) if (&User-Name =~ /\.\./ ) -> FALSE
  7144. (73) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  7145. (73) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  7146. (73) if (&User-Name =~ /\.$/) {
  7147. (73) if (&User-Name =~ /\.$/) -> FALSE
  7148. (73) if (&User-Name =~ /@\./) {
  7149. (73) if (&User-Name =~ /@\./) -> FALSE
  7150. (73) } # if (&User-Name) = notfound
  7151. (73) } # policy filter_username = notfound
  7152. (73) [preprocess] = ok
  7153. (73) [chap] = noop
  7154. (73) [mschap] = noop
  7155. (73) [digest] = noop
  7156. (73) suffix: Checking for suffix after "@"
  7157. (73) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  7158. (73) suffix: No such realm "NULL"
  7159. (73) [suffix] = noop
  7160. (73) eap: Peer sent EAP Response (code 2) ID 73 length 15
  7161. (73) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  7162. (73) [eap] = ok
  7163. (73) } # authorize = ok
  7164. (73) Found Auth-Type = eap
  7165. (73) # Executing group from file /etc/raddb/sites-enabled/default
  7166. (73) authenticate {
  7167. (73) eap: Peer sent packet with method EAP Identity (1)
  7168. (73) eap: Calling submodule eap_peap to process data
  7169. (73) eap_peap: Initiating new EAP-TLS session
  7170. (73) eap_peap: [eaptls start] = request
  7171. (73) eap: Sending EAP Request (code 1) ID 74 length 6
  7172. (73) eap: EAP session adding &reply:State = 0xd167dc94d12dc57b
  7173. (73) [eap] = handled
  7174. (73) } # authenticate = handled
  7175. (73) Using Post-Auth-Type Challenge
  7176. (73) Post-Auth-Type sub-section not found. Ignoring.
  7177. (73) # Executing group from file /etc/raddb/sites-enabled/default
  7178. (73) Sent Access-Challenge Id 64 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  7179. (73) EAP-Message = 0x014a00061920
  7180. (73) Message-Authenticator = 0x00000000000000000000000000000000
  7181. (73) State = 0xd167dc94d12dc57b201aa40f01521d06
  7182. (73) Finished request
  7183. Waking up in 3.0 seconds.
  7184. (74) Received Access-Request Id 65 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  7185. (74) User-Name = "vkratsberg"
  7186. (74) NAS-Port = 358
  7187. (74) State = 0xd167dc94d12dc57b201aa40f01521d06
  7188. (74) EAP-Message = 0x024a00a31980000000991603010094010000900301574f326dc129da943ec5a688b13705238bd023f1802d55948634bf2e369421c22099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  7189. (74) Message-Authenticator = 0x03a182b876853449e208a64aa8b7971a
  7190. (74) Acct-Session-Id = "8O2.1x81bb0d55000d4fce"
  7191. (74) NAS-Port-Id = "ge-3/0/6.0"
  7192. (74) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  7193. (74) Called-Station-Id = "ec-3e-f7-68-35-00"
  7194. (74) NAS-IP-Address = 10.8.0.111
  7195. (74) NAS-Identifier = "nyc-access-sw011"
  7196. (74) NAS-Port-Type = Ethernet
  7197. (74) session-state: No cached attributes
  7198. (74) # Executing section authorize from file /etc/raddb/sites-enabled/default
  7199. (74) authorize {
  7200. (74) policy filter_username {
  7201. (74) if (&User-Name) {
  7202. (74) if (&User-Name) -> TRUE
  7203. (74) if (&User-Name) {
  7204. (74) if (&User-Name =~ / /) {
  7205. (74) if (&User-Name =~ / /) -> FALSE
  7206. (74) if (&User-Name =~ /@[^@]*@/ ) {
  7207. (74) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  7208. (74) if (&User-Name =~ /\.\./ ) {
  7209. (74) if (&User-Name =~ /\.\./ ) -> FALSE
  7210. (74) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  7211. (74) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  7212. (74) if (&User-Name =~ /\.$/) {
  7213. (74) if (&User-Name =~ /\.$/) -> FALSE
  7214. (74) if (&User-Name =~ /@\./) {
  7215. (74) if (&User-Name =~ /@\./) -> FALSE
  7216. (74) } # if (&User-Name) = notfound
  7217. (74) } # policy filter_username = notfound
  7218. (74) [preprocess] = ok
  7219. (74) [chap] = noop
  7220. (74) [mschap] = noop
  7221. (74) [digest] = noop
  7222. (74) suffix: Checking for suffix after "@"
  7223. (74) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  7224. (74) suffix: No such realm "NULL"
  7225. (74) [suffix] = noop
  7226. (74) eap: Peer sent EAP Response (code 2) ID 74 length 163
  7227. (74) eap: Continuing tunnel setup
  7228. (74) [eap] = ok
  7229. (74) } # authorize = ok
  7230. (74) Found Auth-Type = eap
  7231. (74) # Executing group from file /etc/raddb/sites-enabled/default
  7232. (74) authenticate {
  7233. (74) eap: Expiring EAP session with state 0xd167dc94d12dc57b
  7234. (74) eap: Finished EAP session with state 0xd167dc94d12dc57b
  7235. (74) eap: Previous EAP request found for state 0xd167dc94d12dc57b, released from the list
  7236. (74) eap: Peer sent packet with method EAP PEAP (25)
  7237. (74) eap: Calling submodule eap_peap to process data
  7238. (74) eap_peap: Continuing EAP-TLS
  7239. (74) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  7240. (74) eap_peap: Got complete TLS record (153 bytes)
  7241. (74) eap_peap: [eaptls verify] = length included
  7242. (74) eap_peap: (other): before/accept initialization
  7243. (74) eap_peap: TLS_accept: before/accept initialization
  7244. (74) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  7245. (74) eap_peap: TLS_accept: SSLv3 read client hello A
  7246. (74) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  7247. (74) eap_peap: TLS_accept: SSLv3 write server hello A
  7248. (74) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  7249. (74) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  7250. (74) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  7251. (74) eap_peap: TLS_accept: SSLv3 write finished A
  7252. (74) eap_peap: TLS_accept: SSLv3 flush data
  7253. (74) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  7254. (74) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  7255. (74) eap_peap: In SSL Handshake Phase
  7256. (74) eap_peap: In SSL Accept mode
  7257. (74) eap_peap: [eaptls process] = handled
  7258. (74) eap: Sending EAP Request (code 1) ID 75 length 159
  7259. (74) eap: EAP session adding &reply:State = 0xd167dc94d02cc57b
  7260. (74) [eap] = handled
  7261. (74) } # authenticate = handled
  7262. (74) Using Post-Auth-Type Challenge
  7263. (74) Post-Auth-Type sub-section not found. Ignoring.
  7264. (74) # Executing group from file /etc/raddb/sites-enabled/default
  7265. (74) Sent Access-Challenge Id 65 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  7266. (74) EAP-Message = 0x014b009f19001603010059020000550301574f326d73cd9c4714d41794459ee50564792d13f9e9b0bb06bc40a015f99a102099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b000403000102140301000101160301003002c08e0d285ecd7c
  7267. (74) Message-Authenticator = 0x00000000000000000000000000000000
  7268. (74) State = 0xd167dc94d02cc57b201aa40f01521d06
  7269. (74) Finished request
  7270. Waking up in 3.0 seconds.
  7271. (75) Received Access-Request Id 66 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  7272. (75) User-Name = "vkratsberg"
  7273. (75) NAS-Port = 358
  7274. (75) State = 0xd167dc94d02cc57b201aa40f01521d06
  7275. (75) EAP-Message = 0x024b004519800000003b14030100010116030100303f65d3f5297ea7929718915349d699b59fd357133e945969553b61042cfaa01eee3726ddb21c92f6fd735c7c2554d770
  7276. (75) Message-Authenticator = 0x4e887e4c5b841e92ffab2aebc717f30f
  7277. (75) Acct-Session-Id = "8O2.1x81bb0d55000d4fce"
  7278. (75) NAS-Port-Id = "ge-3/0/6.0"
  7279. (75) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  7280. (75) Called-Station-Id = "ec-3e-f7-68-35-00"
  7281. (75) NAS-IP-Address = 10.8.0.111
  7282. (75) NAS-Identifier = "nyc-access-sw011"
  7283. (75) NAS-Port-Type = Ethernet
  7284. (75) session-state: No cached attributes
  7285. (75) # Executing section authorize from file /etc/raddb/sites-enabled/default
  7286. (75) authorize {
  7287. (75) policy filter_username {
  7288. (75) if (&User-Name) {
  7289. (75) if (&User-Name) -> TRUE
  7290. (75) if (&User-Name) {
  7291. (75) if (&User-Name =~ / /) {
  7292. (75) if (&User-Name =~ / /) -> FALSE
  7293. (75) if (&User-Name =~ /@[^@]*@/ ) {
  7294. (75) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  7295. (75) if (&User-Name =~ /\.\./ ) {
  7296. (75) if (&User-Name =~ /\.\./ ) -> FALSE
  7297. (75) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  7298. (75) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  7299. (75) if (&User-Name =~ /\.$/) {
  7300. (75) if (&User-Name =~ /\.$/) -> FALSE
  7301. (75) if (&User-Name =~ /@\./) {
  7302. (75) if (&User-Name =~ /@\./) -> FALSE
  7303. (75) } # if (&User-Name) = notfound
  7304. (75) } # policy filter_username = notfound
  7305. (75) [preprocess] = ok
  7306. (75) [chap] = noop
  7307. (75) [mschap] = noop
  7308. (75) [digest] = noop
  7309. (75) suffix: Checking for suffix after "@"
  7310. (75) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  7311. (75) suffix: No such realm "NULL"
  7312. (75) [suffix] = noop
  7313. (75) eap: Peer sent EAP Response (code 2) ID 75 length 69
  7314. (75) eap: Continuing tunnel setup
  7315. (75) [eap] = ok
  7316. (75) } # authorize = ok
  7317. (75) Found Auth-Type = eap
  7318. (75) # Executing group from file /etc/raddb/sites-enabled/default
  7319. (75) authenticate {
  7320. (75) eap: Expiring EAP session with state 0xd167dc94d02cc57b
  7321. (75) eap: Finished EAP session with state 0xd167dc94d02cc57b
  7322. (75) eap: Previous EAP request found for state 0xd167dc94d02cc57b, released from the list
  7323. (75) eap: Peer sent packet with method EAP PEAP (25)
  7324. (75) eap: Calling submodule eap_peap to process data
  7325. (75) eap_peap: Continuing EAP-TLS
  7326. (75) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  7327. (75) eap_peap: Got complete TLS record (59 bytes)
  7328. (75) eap_peap: [eaptls verify] = length included
  7329. (75) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  7330. (75) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  7331. (75) eap_peap: TLS_accept: SSLv3 read finished A
  7332. (75) eap_peap: (other): SSL negotiation finished successfully
  7333. (75) eap_peap: SSL Connection Established
  7334. (75) eap_peap: SSL Application Data
  7335. (75) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  7336. (75) eap_peap: reply:User-Name = "vkratsberg"
  7337. (75) eap_peap: [eaptls process] = success
  7338. (75) eap_peap: Session established. Decoding tunneled attributes
  7339. (75) eap_peap: PEAP state TUNNEL ESTABLISHED
  7340. (75) eap_peap: Skipping Phase2 because of session resumption
  7341. (75) eap_peap: SUCCESS
  7342. (75) eap: Sending EAP Request (code 1) ID 76 length 43
  7343. (75) eap: EAP session adding &reply:State = 0xd167dc94d32bc57b
  7344. (75) [eap] = handled
  7345. (75) } # authenticate = handled
  7346. (75) Using Post-Auth-Type Challenge
  7347. (75) Post-Auth-Type sub-section not found. Ignoring.
  7348. (75) # Executing group from file /etc/raddb/sites-enabled/default
  7349. (75) Sent Access-Challenge Id 66 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  7350. (75) User-Name = "vkratsberg"
  7351. (75) EAP-Message = 0x014c002b19001703010020d7c984c0b472031cd46b6c01ad780ece118abf5c8ca60e1be938e2f956cf4339
  7352. (75) Message-Authenticator = 0x00000000000000000000000000000000
  7353. (75) State = 0xd167dc94d32bc57b201aa40f01521d06
  7354. (75) Finished request
  7355. Waking up in 3.0 seconds.
  7356. (76) Received Access-Request Id 67 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  7357. (76) User-Name = "vkratsberg"
  7358. (76) NAS-Port = 358
  7359. (76) State = 0xd167dc94d32bc57b201aa40f01521d06
  7360. (76) EAP-Message = 0x024c002b1900170301002007a475d010c4a839a6eb20c348e707d50fb68fed47e7eaa94cda48929b3331cd
  7361. (76) Message-Authenticator = 0xd1280f1f0114e3d0bf8510113f0f183a
  7362. (76) Acct-Session-Id = "8O2.1x81bb0d55000d4fce"
  7363. (76) NAS-Port-Id = "ge-3/0/6.0"
  7364. (76) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  7365. (76) Called-Station-Id = "ec-3e-f7-68-35-00"
  7366. (76) NAS-IP-Address = 10.8.0.111
  7367. (76) NAS-Identifier = "nyc-access-sw011"
  7368. (76) NAS-Port-Type = Ethernet
  7369. (76) session-state: No cached attributes
  7370. (76) # Executing section authorize from file /etc/raddb/sites-enabled/default
  7371. (76) authorize {
  7372. (76) policy filter_username {
  7373. (76) if (&User-Name) {
  7374. (76) if (&User-Name) -> TRUE
  7375. (76) if (&User-Name) {
  7376. (76) if (&User-Name =~ / /) {
  7377. (76) if (&User-Name =~ / /) -> FALSE
  7378. (76) if (&User-Name =~ /@[^@]*@/ ) {
  7379. (76) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  7380. (76) if (&User-Name =~ /\.\./ ) {
  7381. (76) if (&User-Name =~ /\.\./ ) -> FALSE
  7382. (76) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  7383. (76) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  7384. (76) if (&User-Name =~ /\.$/) {
  7385. (76) if (&User-Name =~ /\.$/) -> FALSE
  7386. (76) if (&User-Name =~ /@\./) {
  7387. (76) if (&User-Name =~ /@\./) -> FALSE
  7388. (76) } # if (&User-Name) = notfound
  7389. (76) } # policy filter_username = notfound
  7390. (76) [preprocess] = ok
  7391. (76) [chap] = noop
  7392. (76) [mschap] = noop
  7393. (76) [digest] = noop
  7394. (76) suffix: Checking for suffix after "@"
  7395. (76) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  7396. (76) suffix: No such realm "NULL"
  7397. (76) [suffix] = noop
  7398. (76) eap: Peer sent EAP Response (code 2) ID 76 length 43
  7399. (76) eap: Continuing tunnel setup
  7400. (76) [eap] = ok
  7401. (76) } # authorize = ok
  7402. (76) Found Auth-Type = eap
  7403. (76) # Executing group from file /etc/raddb/sites-enabled/default
  7404. (76) authenticate {
  7405. (76) eap: Expiring EAP session with state 0xd167dc94d32bc57b
  7406. (76) eap: Finished EAP session with state 0xd167dc94d32bc57b
  7407. (76) eap: Previous EAP request found for state 0xd167dc94d32bc57b, released from the list
  7408. (76) eap: Peer sent packet with method EAP PEAP (25)
  7409. (76) eap: Calling submodule eap_peap to process data
  7410. (76) eap_peap: Continuing EAP-TLS
  7411. (76) eap_peap: [eaptls verify] = ok
  7412. (76) eap_peap: Done initial handshake
  7413. (76) eap_peap: [eaptls process] = ok
  7414. (76) eap_peap: Session established. Decoding tunneled attributes
  7415. (76) eap_peap: PEAP state send tlv success
  7416. (76) eap_peap: Received EAP-TLV response
  7417. (76) eap_peap: Success
  7418. (76) eap_peap: No saved attributes in the original Access-Accept
  7419. (76) eap: Sending EAP Success (code 3) ID 76 length 4
  7420. (76) eap: Freeing handler
  7421. (76) [eap] = ok
  7422. (76) } # authenticate = ok
  7423. (76) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  7424. (76) post-auth {
  7425. (76) update {
  7426. (76) No attributes updated
  7427. (76) } # update = noop
  7428. (76) [exec] = noop
  7429. (76) policy remove_reply_message_if_eap {
  7430. (76) if (&reply:EAP-Message && &reply:Reply-Message) {
  7431. (76) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  7432. (76) else {
  7433. (76) [noop] = noop
  7434. (76) } # else = noop
  7435. (76) } # policy remove_reply_message_if_eap = noop
  7436. (76) } # post-auth = noop
  7437. (76) Sent Access-Accept Id 67 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  7438. (76) MS-MPPE-Recv-Key = 0xdfe1a99c21727d8927ff9e0291b520c9f78344a806594516afc42989765e0b04
  7439. (76) MS-MPPE-Send-Key = 0xc352ab3a6c3d054e841afd3fa09e45e1f78d7ac84fad183bfb87681f6e6a68e0
  7440. (76) EAP-Message = 0x034c0004
  7441. (76) Message-Authenticator = 0x00000000000000000000000000000000
  7442. (76) User-Name = "vkratsberg"
  7443. (76) Finished request
  7444. Waking up in 3.0 seconds.
  7445. (77) Received Access-Request Id 68 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  7446. (77) User-Name = "vkratsberg"
  7447. (77) NAS-Port = 358
  7448. (77) EAP-Message = 0x024d000f01766b7261747362657267
  7449. (77) Message-Authenticator = 0x8c1650ca7e5cead1046b69bdb31df31f
  7450. (77) Acct-Session-Id = "8O2.1x81bb0d56000eecd3"
  7451. (77) NAS-Port-Id = "ge-3/0/6.0"
  7452. (77) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  7453. (77) Called-Station-Id = "ec-3e-f7-68-35-00"
  7454. (77) NAS-IP-Address = 10.8.0.111
  7455. (77) NAS-Identifier = "nyc-access-sw011"
  7456. (77) NAS-Port-Type = Ethernet
  7457. (77) # Executing section authorize from file /etc/raddb/sites-enabled/default
  7458. (77) authorize {
  7459. (77) policy filter_username {
  7460. (77) if (&User-Name) {
  7461. (77) if (&User-Name) -> TRUE
  7462. (77) if (&User-Name) {
  7463. (77) if (&User-Name =~ / /) {
  7464. (77) if (&User-Name =~ / /) -> FALSE
  7465. (77) if (&User-Name =~ /@[^@]*@/ ) {
  7466. (77) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  7467. (77) if (&User-Name =~ /\.\./ ) {
  7468. (77) if (&User-Name =~ /\.\./ ) -> FALSE
  7469. (77) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  7470. (77) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  7471. (77) if (&User-Name =~ /\.$/) {
  7472. (77) if (&User-Name =~ /\.$/) -> FALSE
  7473. (77) if (&User-Name =~ /@\./) {
  7474. (77) if (&User-Name =~ /@\./) -> FALSE
  7475. (77) } # if (&User-Name) = notfound
  7476. (77) } # policy filter_username = notfound
  7477. (77) [preprocess] = ok
  7478. (77) [chap] = noop
  7479. (77) [mschap] = noop
  7480. (77) [digest] = noop
  7481. (77) suffix: Checking for suffix after "@"
  7482. (77) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  7483. (77) suffix: No such realm "NULL"
  7484. (77) [suffix] = noop
  7485. (77) eap: Peer sent EAP Response (code 2) ID 77 length 15
  7486. (77) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  7487. (77) [eap] = ok
  7488. (77) } # authorize = ok
  7489. (77) Found Auth-Type = eap
  7490. (77) # Executing group from file /etc/raddb/sites-enabled/default
  7491. (77) authenticate {
  7492. (77) eap: Peer sent packet with method EAP Identity (1)
  7493. (77) eap: Calling submodule eap_peap to process data
  7494. (77) eap_peap: Initiating new EAP-TLS session
  7495. (77) eap_peap: [eaptls start] = request
  7496. (77) eap: Sending EAP Request (code 1) ID 78 length 6
  7497. (77) eap: EAP session adding &reply:State = 0xaebd2e8daef33777
  7498. (77) [eap] = handled
  7499. (77) } # authenticate = handled
  7500. (77) Using Post-Auth-Type Challenge
  7501. (77) Post-Auth-Type sub-section not found. Ignoring.
  7502. (77) # Executing group from file /etc/raddb/sites-enabled/default
  7503. (77) Sent Access-Challenge Id 68 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  7504. (77) EAP-Message = 0x014e00061920
  7505. (77) Message-Authenticator = 0x00000000000000000000000000000000
  7506. (77) State = 0xaebd2e8daef33777c82fafda3078c602
  7507. (77) Finished request
  7508. Waking up in 2.9 seconds.
  7509. (78) Received Access-Request Id 69 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  7510. (78) User-Name = "vkratsberg"
  7511. (78) NAS-Port = 358
  7512. (78) State = 0xaebd2e8daef33777c82fafda3078c602
  7513. (78) EAP-Message = 0x024e00a31980000000991603010094010000900301574f326d65cbbca47b72f0c7de01e347d5ababcb8979ed44d92ea1c37679d91a2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  7514. (78) Message-Authenticator = 0x4e64d995b9e9b42e3cd839bb72e04105
  7515. (78) Acct-Session-Id = "8O2.1x81bb0d56000eecd3"
  7516. (78) NAS-Port-Id = "ge-3/0/6.0"
  7517. (78) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  7518. (78) Called-Station-Id = "ec-3e-f7-68-35-00"
  7519. (78) NAS-IP-Address = 10.8.0.111
  7520. (78) NAS-Identifier = "nyc-access-sw011"
  7521. (78) NAS-Port-Type = Ethernet
  7522. (78) session-state: No cached attributes
  7523. (78) # Executing section authorize from file /etc/raddb/sites-enabled/default
  7524. (78) authorize {
  7525. (78) policy filter_username {
  7526. (78) if (&User-Name) {
  7527. (78) if (&User-Name) -> TRUE
  7528. (78) if (&User-Name) {
  7529. (78) if (&User-Name =~ / /) {
  7530. (78) if (&User-Name =~ / /) -> FALSE
  7531. (78) if (&User-Name =~ /@[^@]*@/ ) {
  7532. (78) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  7533. (78) if (&User-Name =~ /\.\./ ) {
  7534. (78) if (&User-Name =~ /\.\./ ) -> FALSE
  7535. (78) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  7536. (78) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  7537. (78) if (&User-Name =~ /\.$/) {
  7538. (78) if (&User-Name =~ /\.$/) -> FALSE
  7539. (78) if (&User-Name =~ /@\./) {
  7540. (78) if (&User-Name =~ /@\./) -> FALSE
  7541. (78) } # if (&User-Name) = notfound
  7542. (78) } # policy filter_username = notfound
  7543. (78) [preprocess] = ok
  7544. (78) [chap] = noop
  7545. (78) [mschap] = noop
  7546. (78) [digest] = noop
  7547. (78) suffix: Checking for suffix after "@"
  7548. (78) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  7549. (78) suffix: No such realm "NULL"
  7550. (78) [suffix] = noop
  7551. (78) eap: Peer sent EAP Response (code 2) ID 78 length 163
  7552. (78) eap: Continuing tunnel setup
  7553. (78) [eap] = ok
  7554. (78) } # authorize = ok
  7555. (78) Found Auth-Type = eap
  7556. (78) # Executing group from file /etc/raddb/sites-enabled/default
  7557. (78) authenticate {
  7558. (78) eap: Expiring EAP session with state 0xaebd2e8daef33777
  7559. (78) eap: Finished EAP session with state 0xaebd2e8daef33777
  7560. (78) eap: Previous EAP request found for state 0xaebd2e8daef33777, released from the list
  7561. (78) eap: Peer sent packet with method EAP PEAP (25)
  7562. (78) eap: Calling submodule eap_peap to process data
  7563. (78) eap_peap: Continuing EAP-TLS
  7564. (78) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  7565. (78) eap_peap: Got complete TLS record (153 bytes)
  7566. (78) eap_peap: [eaptls verify] = length included
  7567. (78) eap_peap: (other): before/accept initialization
  7568. (78) eap_peap: TLS_accept: before/accept initialization
  7569. (78) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  7570. (78) eap_peap: TLS_accept: SSLv3 read client hello A
  7571. (78) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  7572. (78) eap_peap: TLS_accept: SSLv3 write server hello A
  7573. (78) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  7574. (78) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  7575. (78) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  7576. (78) eap_peap: TLS_accept: SSLv3 write finished A
  7577. (78) eap_peap: TLS_accept: SSLv3 flush data
  7578. (78) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  7579. (78) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  7580. (78) eap_peap: In SSL Handshake Phase
  7581. (78) eap_peap: In SSL Accept mode
  7582. (78) eap_peap: [eaptls process] = handled
  7583. (78) eap: Sending EAP Request (code 1) ID 79 length 159
  7584. (78) eap: EAP session adding &reply:State = 0xaebd2e8daff23777
  7585. (78) [eap] = handled
  7586. (78) } # authenticate = handled
  7587. (78) Using Post-Auth-Type Challenge
  7588. (78) Post-Auth-Type sub-section not found. Ignoring.
  7589. (78) # Executing group from file /etc/raddb/sites-enabled/default
  7590. (78) Sent Access-Challenge Id 69 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  7591. (78) EAP-Message = 0x014f009f19001603010059020000550301574f326d36d43e1e9ec8a25bd29cb3502606900058a0a33278ef5244ed531cf82099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b000403000102140301000101160301003016a989c8b30c1dea
  7592. (78) Message-Authenticator = 0x00000000000000000000000000000000
  7593. (78) State = 0xaebd2e8daff23777c82fafda3078c602
  7594. (78) Finished request
  7595. Waking up in 2.9 seconds.
  7596. (79) Received Access-Request Id 70 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  7597. (79) User-Name = "vkratsberg"
  7598. (79) NAS-Port = 358
  7599. (79) State = 0xaebd2e8daff23777c82fafda3078c602
  7600. (79) EAP-Message = 0x024f004519800000003b14030100010116030100308c067a64707f0a1e860d7c32e0af036b79e422b46dd1fccf6760aaf229a61012e25d50cc92550146fd66146d7c13a984
  7601. (79) Message-Authenticator = 0xc8b35552c160107bae742dc0d390bac8
  7602. (79) Acct-Session-Id = "8O2.1x81bb0d56000eecd3"
  7603. (79) NAS-Port-Id = "ge-3/0/6.0"
  7604. (79) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  7605. (79) Called-Station-Id = "ec-3e-f7-68-35-00"
  7606. (79) NAS-IP-Address = 10.8.0.111
  7607. (79) NAS-Identifier = "nyc-access-sw011"
  7608. (79) NAS-Port-Type = Ethernet
  7609. (79) session-state: No cached attributes
  7610. (79) # Executing section authorize from file /etc/raddb/sites-enabled/default
  7611. (79) authorize {
  7612. (79) policy filter_username {
  7613. (79) if (&User-Name) {
  7614. (79) if (&User-Name) -> TRUE
  7615. (79) if (&User-Name) {
  7616. (79) if (&User-Name =~ / /) {
  7617. (79) if (&User-Name =~ / /) -> FALSE
  7618. (79) if (&User-Name =~ /@[^@]*@/ ) {
  7619. (79) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  7620. (79) if (&User-Name =~ /\.\./ ) {
  7621. (79) if (&User-Name =~ /\.\./ ) -> FALSE
  7622. (79) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  7623. (79) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  7624. (79) if (&User-Name =~ /\.$/) {
  7625. (79) if (&User-Name =~ /\.$/) -> FALSE
  7626. (79) if (&User-Name =~ /@\./) {
  7627. (79) if (&User-Name =~ /@\./) -> FALSE
  7628. (79) } # if (&User-Name) = notfound
  7629. (79) } # policy filter_username = notfound
  7630. (79) [preprocess] = ok
  7631. (79) [chap] = noop
  7632. (79) [mschap] = noop
  7633. (79) [digest] = noop
  7634. (79) suffix: Checking for suffix after "@"
  7635. (79) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  7636. (79) suffix: No such realm "NULL"
  7637. (79) [suffix] = noop
  7638. (79) eap: Peer sent EAP Response (code 2) ID 79 length 69
  7639. (79) eap: Continuing tunnel setup
  7640. (79) [eap] = ok
  7641. (79) } # authorize = ok
  7642. (79) Found Auth-Type = eap
  7643. (79) # Executing group from file /etc/raddb/sites-enabled/default
  7644. (79) authenticate {
  7645. (79) eap: Expiring EAP session with state 0xaebd2e8daff23777
  7646. (79) eap: Finished EAP session with state 0xaebd2e8daff23777
  7647. (79) eap: Previous EAP request found for state 0xaebd2e8daff23777, released from the list
  7648. (79) eap: Peer sent packet with method EAP PEAP (25)
  7649. (79) eap: Calling submodule eap_peap to process data
  7650. (79) eap_peap: Continuing EAP-TLS
  7651. (79) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  7652. (79) eap_peap: Got complete TLS record (59 bytes)
  7653. (79) eap_peap: [eaptls verify] = length included
  7654. (79) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  7655. (79) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  7656. (79) eap_peap: TLS_accept: SSLv3 read finished A
  7657. (79) eap_peap: (other): SSL negotiation finished successfully
  7658. (79) eap_peap: SSL Connection Established
  7659. (79) eap_peap: SSL Application Data
  7660. (79) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  7661. (79) eap_peap: reply:User-Name = "vkratsberg"
  7662. (79) eap_peap: [eaptls process] = success
  7663. (79) eap_peap: Session established. Decoding tunneled attributes
  7664. (79) eap_peap: PEAP state TUNNEL ESTABLISHED
  7665. (79) eap_peap: Skipping Phase2 because of session resumption
  7666. (79) eap_peap: SUCCESS
  7667. (79) eap: Sending EAP Request (code 1) ID 80 length 43
  7668. (79) eap: EAP session adding &reply:State = 0xaebd2e8daced3777
  7669. (79) [eap] = handled
  7670. (79) } # authenticate = handled
  7671. (79) Using Post-Auth-Type Challenge
  7672. (79) Post-Auth-Type sub-section not found. Ignoring.
  7673. (79) # Executing group from file /etc/raddb/sites-enabled/default
  7674. (79) Sent Access-Challenge Id 70 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  7675. (79) User-Name = "vkratsberg"
  7676. (79) EAP-Message = 0x0150002b1900170301002099dbc1c60a2c0aebe44889209395d21d3be3f1348ecf6d1c30f40c0d43024167
  7677. (79) Message-Authenticator = 0x00000000000000000000000000000000
  7678. (79) State = 0xaebd2e8daced3777c82fafda3078c602
  7679. (79) Finished request
  7680. Waking up in 2.9 seconds.
  7681. (80) Received Access-Request Id 71 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  7682. (80) User-Name = "vkratsberg"
  7683. (80) NAS-Port = 358
  7684. (80) State = 0xaebd2e8daced3777c82fafda3078c602
  7685. (80) EAP-Message = 0x0250002b1900170301002027f86ad4dd415419dd2fa2b5d70205ff063e836bca320e9203647e21619fc81f
  7686. (80) Message-Authenticator = 0x8f04ac87e244f54b5e0e778b50d64b5b
  7687. (80) Acct-Session-Id = "8O2.1x81bb0d56000eecd3"
  7688. (80) NAS-Port-Id = "ge-3/0/6.0"
  7689. (80) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  7690. (80) Called-Station-Id = "ec-3e-f7-68-35-00"
  7691. (80) NAS-IP-Address = 10.8.0.111
  7692. (80) NAS-Identifier = "nyc-access-sw011"
  7693. (80) NAS-Port-Type = Ethernet
  7694. (80) session-state: No cached attributes
  7695. (80) # Executing section authorize from file /etc/raddb/sites-enabled/default
  7696. (80) authorize {
  7697. (80) policy filter_username {
  7698. (80) if (&User-Name) {
  7699. (80) if (&User-Name) -> TRUE
  7700. (80) if (&User-Name) {
  7701. (80) if (&User-Name =~ / /) {
  7702. (80) if (&User-Name =~ / /) -> FALSE
  7703. (80) if (&User-Name =~ /@[^@]*@/ ) {
  7704. (80) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  7705. (80) if (&User-Name =~ /\.\./ ) {
  7706. (80) if (&User-Name =~ /\.\./ ) -> FALSE
  7707. (80) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  7708. (80) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  7709. (80) if (&User-Name =~ /\.$/) {
  7710. (80) if (&User-Name =~ /\.$/) -> FALSE
  7711. (80) if (&User-Name =~ /@\./) {
  7712. (80) if (&User-Name =~ /@\./) -> FALSE
  7713. (80) } # if (&User-Name) = notfound
  7714. (80) } # policy filter_username = notfound
  7715. (80) [preprocess] = ok
  7716. (80) [chap] = noop
  7717. (80) [mschap] = noop
  7718. (80) [digest] = noop
  7719. (80) suffix: Checking for suffix after "@"
  7720. (80) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  7721. (80) suffix: No such realm "NULL"
  7722. (80) [suffix] = noop
  7723. (80) eap: Peer sent EAP Response (code 2) ID 80 length 43
  7724. (80) eap: Continuing tunnel setup
  7725. (80) [eap] = ok
  7726. (80) } # authorize = ok
  7727. (80) Found Auth-Type = eap
  7728. (80) # Executing group from file /etc/raddb/sites-enabled/default
  7729. (80) authenticate {
  7730. (80) eap: Expiring EAP session with state 0xaebd2e8daced3777
  7731. (80) eap: Finished EAP session with state 0xaebd2e8daced3777
  7732. (80) eap: Previous EAP request found for state 0xaebd2e8daced3777, released from the list
  7733. (80) eap: Peer sent packet with method EAP PEAP (25)
  7734. (80) eap: Calling submodule eap_peap to process data
  7735. (80) eap_peap: Continuing EAP-TLS
  7736. (80) eap_peap: [eaptls verify] = ok
  7737. (80) eap_peap: Done initial handshake
  7738. (80) eap_peap: [eaptls process] = ok
  7739. (80) eap_peap: Session established. Decoding tunneled attributes
  7740. (80) eap_peap: PEAP state send tlv success
  7741. (80) eap_peap: Received EAP-TLV response
  7742. (80) eap_peap: Success
  7743. (80) eap_peap: No saved attributes in the original Access-Accept
  7744. (80) eap: Sending EAP Success (code 3) ID 80 length 4
  7745. (80) eap: Freeing handler
  7746. (80) [eap] = ok
  7747. (80) } # authenticate = ok
  7748. (80) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  7749. (80) post-auth {
  7750. (80) update {
  7751. (80) No attributes updated
  7752. (80) } # update = noop
  7753. (80) [exec] = noop
  7754. (80) policy remove_reply_message_if_eap {
  7755. (80) if (&reply:EAP-Message && &reply:Reply-Message) {
  7756. (80) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  7757. (80) else {
  7758. (80) [noop] = noop
  7759. (80) } # else = noop
  7760. (80) } # policy remove_reply_message_if_eap = noop
  7761. (80) } # post-auth = noop
  7762. (80) Sent Access-Accept Id 71 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  7763. (80) MS-MPPE-Recv-Key = 0x36e345f209ed0d0b9d81969dca9540331af6b48c91a0482b6e3fe9090bfc295a
  7764. (80) MS-MPPE-Send-Key = 0xaa1cf11f4a3c219412a9747e1fb5dfa6150559372bc6386d3b727a3d7889dc12
  7765. (80) EAP-Message = 0x03500004
  7766. (80) Message-Authenticator = 0x00000000000000000000000000000000
  7767. (80) User-Name = "vkratsberg"
  7768. (80) Finished request
  7769. Waking up in 2.9 seconds.
  7770. (81) Received Access-Request Id 72 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  7771. (81) User-Name = "vkratsberg"
  7772. (81) NAS-Port = 358
  7773. (81) EAP-Message = 0x0251000f01766b7261747362657267
  7774. (81) Message-Authenticator = 0x6a48641a1875f3e8c97554e620e2f36b
  7775. (81) Acct-Session-Id = "8O2.1x81bb0d5700014886"
  7776. (81) NAS-Port-Id = "ge-3/0/6.0"
  7777. (81) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  7778. (81) Called-Station-Id = "ec-3e-f7-68-35-00"
  7779. (81) NAS-IP-Address = 10.8.0.111
  7780. (81) NAS-Identifier = "nyc-access-sw011"
  7781. (81) NAS-Port-Type = Ethernet
  7782. (81) # Executing section authorize from file /etc/raddb/sites-enabled/default
  7783. (81) authorize {
  7784. (81) policy filter_username {
  7785. (81) if (&User-Name) {
  7786. (81) if (&User-Name) -> TRUE
  7787. (81) if (&User-Name) {
  7788. (81) if (&User-Name =~ / /) {
  7789. (81) if (&User-Name =~ / /) -> FALSE
  7790. (81) if (&User-Name =~ /@[^@]*@/ ) {
  7791. (81) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  7792. (81) if (&User-Name =~ /\.\./ ) {
  7793. (81) if (&User-Name =~ /\.\./ ) -> FALSE
  7794. (81) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  7795. (81) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  7796. (81) if (&User-Name =~ /\.$/) {
  7797. (81) if (&User-Name =~ /\.$/) -> FALSE
  7798. (81) if (&User-Name =~ /@\./) {
  7799. (81) if (&User-Name =~ /@\./) -> FALSE
  7800. (81) } # if (&User-Name) = notfound
  7801. (81) } # policy filter_username = notfound
  7802. (81) [preprocess] = ok
  7803. (81) [chap] = noop
  7804. (81) [mschap] = noop
  7805. (81) [digest] = noop
  7806. (81) suffix: Checking for suffix after "@"
  7807. (81) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  7808. (81) suffix: No such realm "NULL"
  7809. (81) [suffix] = noop
  7810. (81) eap: Peer sent EAP Response (code 2) ID 81 length 15
  7811. (81) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  7812. (81) [eap] = ok
  7813. (81) } # authorize = ok
  7814. (81) Found Auth-Type = eap
  7815. (81) # Executing group from file /etc/raddb/sites-enabled/default
  7816. (81) authenticate {
  7817. (81) eap: Peer sent packet with method EAP Identity (1)
  7818. (81) eap: Calling submodule eap_peap to process data
  7819. (81) eap_peap: Initiating new EAP-TLS session
  7820. (81) eap_peap: [eaptls start] = request
  7821. (81) eap: Sending EAP Request (code 1) ID 82 length 6
  7822. (81) eap: EAP session adding &reply:State = 0x124efabc121ce35a
  7823. (81) [eap] = handled
  7824. (81) } # authenticate = handled
  7825. (81) Using Post-Auth-Type Challenge
  7826. (81) Post-Auth-Type sub-section not found. Ignoring.
  7827. (81) # Executing group from file /etc/raddb/sites-enabled/default
  7828. (81) Sent Access-Challenge Id 72 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  7829. (81) EAP-Message = 0x015200061920
  7830. (81) Message-Authenticator = 0x00000000000000000000000000000000
  7831. (81) State = 0x124efabc121ce35a4b02bb1ea15ca589
  7832. (81) Finished request
  7833. Waking up in 2.8 seconds.
  7834. (82) Received Access-Request Id 73 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  7835. (82) User-Name = "vkratsberg"
  7836. (82) NAS-Port = 358
  7837. (82) State = 0x124efabc121ce35a4b02bb1ea15ca589
  7838. (82) EAP-Message = 0x025200a31980000000991603010094010000900301574f326eca09ecd960bd936e43c28961340daa426ca757911bc9acd549f29ebd2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  7839. (82) Message-Authenticator = 0x5ec3578728b5a525bb4613cd7db52902
  7840. (82) Acct-Session-Id = "8O2.1x81bb0d5700014886"
  7841. (82) NAS-Port-Id = "ge-3/0/6.0"
  7842. (82) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  7843. (82) Called-Station-Id = "ec-3e-f7-68-35-00"
  7844. (82) NAS-IP-Address = 10.8.0.111
  7845. (82) NAS-Identifier = "nyc-access-sw011"
  7846. (82) NAS-Port-Type = Ethernet
  7847. (82) session-state: No cached attributes
  7848. (82) # Executing section authorize from file /etc/raddb/sites-enabled/default
  7849. (82) authorize {
  7850. (82) policy filter_username {
  7851. (82) if (&User-Name) {
  7852. (82) if (&User-Name) -> TRUE
  7853. (82) if (&User-Name) {
  7854. (82) if (&User-Name =~ / /) {
  7855. (82) if (&User-Name =~ / /) -> FALSE
  7856. (82) if (&User-Name =~ /@[^@]*@/ ) {
  7857. (82) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  7858. (82) if (&User-Name =~ /\.\./ ) {
  7859. (82) if (&User-Name =~ /\.\./ ) -> FALSE
  7860. (82) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  7861. (82) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  7862. (82) if (&User-Name =~ /\.$/) {
  7863. (82) if (&User-Name =~ /\.$/) -> FALSE
  7864. (82) if (&User-Name =~ /@\./) {
  7865. (82) if (&User-Name =~ /@\./) -> FALSE
  7866. (82) } # if (&User-Name) = notfound
  7867. (82) } # policy filter_username = notfound
  7868. (82) [preprocess] = ok
  7869. (82) [chap] = noop
  7870. (82) [mschap] = noop
  7871. (82) [digest] = noop
  7872. (82) suffix: Checking for suffix after "@"
  7873. (82) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  7874. (82) suffix: No such realm "NULL"
  7875. (82) [suffix] = noop
  7876. (82) eap: Peer sent EAP Response (code 2) ID 82 length 163
  7877. (82) eap: Continuing tunnel setup
  7878. (82) [eap] = ok
  7879. (82) } # authorize = ok
  7880. (82) Found Auth-Type = eap
  7881. (82) # Executing group from file /etc/raddb/sites-enabled/default
  7882. (82) authenticate {
  7883. (82) eap: Expiring EAP session with state 0x124efabc121ce35a
  7884. (82) eap: Finished EAP session with state 0x124efabc121ce35a
  7885. (82) eap: Previous EAP request found for state 0x124efabc121ce35a, released from the list
  7886. (82) eap: Peer sent packet with method EAP PEAP (25)
  7887. (82) eap: Calling submodule eap_peap to process data
  7888. (82) eap_peap: Continuing EAP-TLS
  7889. (82) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  7890. (82) eap_peap: Got complete TLS record (153 bytes)
  7891. (82) eap_peap: [eaptls verify] = length included
  7892. (82) eap_peap: (other): before/accept initialization
  7893. (82) eap_peap: TLS_accept: before/accept initialization
  7894. (82) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  7895. (82) eap_peap: TLS_accept: SSLv3 read client hello A
  7896. (82) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  7897. (82) eap_peap: TLS_accept: SSLv3 write server hello A
  7898. (82) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  7899. (82) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  7900. (82) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  7901. (82) eap_peap: TLS_accept: SSLv3 write finished A
  7902. (82) eap_peap: TLS_accept: SSLv3 flush data
  7903. (82) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  7904. (82) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  7905. (82) eap_peap: In SSL Handshake Phase
  7906. (82) eap_peap: In SSL Accept mode
  7907. (82) eap_peap: [eaptls process] = handled
  7908. (82) eap: Sending EAP Request (code 1) ID 83 length 159
  7909. (82) eap: EAP session adding &reply:State = 0x124efabc131de35a
  7910. (82) [eap] = handled
  7911. (82) } # authenticate = handled
  7912. (82) Using Post-Auth-Type Challenge
  7913. (82) Post-Auth-Type sub-section not found. Ignoring.
  7914. (82) # Executing group from file /etc/raddb/sites-enabled/default
  7915. (82) Sent Access-Challenge Id 73 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  7916. (82) EAP-Message = 0x0153009f19001603010059020000550301574f326e9251ffdf531d9e84e3b385da20583ec8cdd7c56ca39f91c6293f97a62099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b000403000102140301000101160301003078fb5e573a2c9413
  7917. (82) Message-Authenticator = 0x00000000000000000000000000000000
  7918. (82) State = 0x124efabc131de35a4b02bb1ea15ca589
  7919. (82) Finished request
  7920. Waking up in 2.8 seconds.
  7921. (83) Received Access-Request Id 74 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  7922. (83) User-Name = "vkratsberg"
  7923. (83) NAS-Port = 358
  7924. (83) State = 0x124efabc131de35a4b02bb1ea15ca589
  7925. (83) EAP-Message = 0x0253004519800000003b14030100010116030100301266e300ac421ba5d9e19f00ec51a61703c20fd932962ba25b22db8c55eec694fa229c39ab030858b40bbe4f9e6e9881
  7926. (83) Message-Authenticator = 0xb615c1b8c117553d8244549e0c2c07e6
  7927. (83) Acct-Session-Id = "8O2.1x81bb0d5700014886"
  7928. (83) NAS-Port-Id = "ge-3/0/6.0"
  7929. (83) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  7930. (83) Called-Station-Id = "ec-3e-f7-68-35-00"
  7931. (83) NAS-IP-Address = 10.8.0.111
  7932. (83) NAS-Identifier = "nyc-access-sw011"
  7933. (83) NAS-Port-Type = Ethernet
  7934. (83) session-state: No cached attributes
  7935. (83) # Executing section authorize from file /etc/raddb/sites-enabled/default
  7936. (83) authorize {
  7937. (83) policy filter_username {
  7938. (83) if (&User-Name) {
  7939. (83) if (&User-Name) -> TRUE
  7940. (83) if (&User-Name) {
  7941. (83) if (&User-Name =~ / /) {
  7942. (83) if (&User-Name =~ / /) -> FALSE
  7943. (83) if (&User-Name =~ /@[^@]*@/ ) {
  7944. (83) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  7945. (83) if (&User-Name =~ /\.\./ ) {
  7946. (83) if (&User-Name =~ /\.\./ ) -> FALSE
  7947. (83) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  7948. (83) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  7949. (83) if (&User-Name =~ /\.$/) {
  7950. (83) if (&User-Name =~ /\.$/) -> FALSE
  7951. (83) if (&User-Name =~ /@\./) {
  7952. (83) if (&User-Name =~ /@\./) -> FALSE
  7953. (83) } # if (&User-Name) = notfound
  7954. (83) } # policy filter_username = notfound
  7955. (83) [preprocess] = ok
  7956. (83) [chap] = noop
  7957. (83) [mschap] = noop
  7958. (83) [digest] = noop
  7959. (83) suffix: Checking for suffix after "@"
  7960. (83) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  7961. (83) suffix: No such realm "NULL"
  7962. (83) [suffix] = noop
  7963. (83) eap: Peer sent EAP Response (code 2) ID 83 length 69
  7964. (83) eap: Continuing tunnel setup
  7965. (83) [eap] = ok
  7966. (83) } # authorize = ok
  7967. (83) Found Auth-Type = eap
  7968. (83) # Executing group from file /etc/raddb/sites-enabled/default
  7969. (83) authenticate {
  7970. (83) eap: Expiring EAP session with state 0x124efabc131de35a
  7971. (83) eap: Finished EAP session with state 0x124efabc131de35a
  7972. (83) eap: Previous EAP request found for state 0x124efabc131de35a, released from the list
  7973. (83) eap: Peer sent packet with method EAP PEAP (25)
  7974. (83) eap: Calling submodule eap_peap to process data
  7975. (83) eap_peap: Continuing EAP-TLS
  7976. (83) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  7977. (83) eap_peap: Got complete TLS record (59 bytes)
  7978. (83) eap_peap: [eaptls verify] = length included
  7979. (83) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  7980. (83) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  7981. (83) eap_peap: TLS_accept: SSLv3 read finished A
  7982. (83) eap_peap: (other): SSL negotiation finished successfully
  7983. (83) eap_peap: SSL Connection Established
  7984. (83) eap_peap: SSL Application Data
  7985. (83) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  7986. (83) eap_peap: reply:User-Name = "vkratsberg"
  7987. (83) eap_peap: [eaptls process] = success
  7988. (83) eap_peap: Session established. Decoding tunneled attributes
  7989. (83) eap_peap: PEAP state TUNNEL ESTABLISHED
  7990. (83) eap_peap: Skipping Phase2 because of session resumption
  7991. (83) eap_peap: SUCCESS
  7992. (83) eap: Sending EAP Request (code 1) ID 84 length 43
  7993. (83) eap: EAP session adding &reply:State = 0x124efabc101ae35a
  7994. (83) [eap] = handled
  7995. (83) } # authenticate = handled
  7996. (83) Using Post-Auth-Type Challenge
  7997. (83) Post-Auth-Type sub-section not found. Ignoring.
  7998. (83) # Executing group from file /etc/raddb/sites-enabled/default
  7999. (83) Sent Access-Challenge Id 74 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  8000. (83) User-Name = "vkratsberg"
  8001. (83) EAP-Message = 0x0154002b190017030100207b833fb5009016b0056ddd1aafdda3ea598d45ea09e646aa38054068a1d5b1a2
  8002. (83) Message-Authenticator = 0x00000000000000000000000000000000
  8003. (83) State = 0x124efabc101ae35a4b02bb1ea15ca589
  8004. (83) Finished request
  8005. Waking up in 2.8 seconds.
  8006. (84) Received Access-Request Id 75 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  8007. (84) User-Name = "vkratsberg"
  8008. (84) NAS-Port = 358
  8009. (84) State = 0x124efabc101ae35a4b02bb1ea15ca589
  8010. (84) EAP-Message = 0x0254002b190017030100202e05bdd2b88e459668fa905c963fa8a23afa03d182f74c67de436ef6baeb4f7c
  8011. (84) Message-Authenticator = 0xb74eb98025e64f3a7658bf29279ac41d
  8012. (84) Acct-Session-Id = "8O2.1x81bb0d5700014886"
  8013. (84) NAS-Port-Id = "ge-3/0/6.0"
  8014. (84) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  8015. (84) Called-Station-Id = "ec-3e-f7-68-35-00"
  8016. (84) NAS-IP-Address = 10.8.0.111
  8017. (84) NAS-Identifier = "nyc-access-sw011"
  8018. (84) NAS-Port-Type = Ethernet
  8019. (84) session-state: No cached attributes
  8020. (84) # Executing section authorize from file /etc/raddb/sites-enabled/default
  8021. (84) authorize {
  8022. (84) policy filter_username {
  8023. (84) if (&User-Name) {
  8024. (84) if (&User-Name) -> TRUE
  8025. (84) if (&User-Name) {
  8026. (84) if (&User-Name =~ / /) {
  8027. (84) if (&User-Name =~ / /) -> FALSE
  8028. (84) if (&User-Name =~ /@[^@]*@/ ) {
  8029. (84) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  8030. (84) if (&User-Name =~ /\.\./ ) {
  8031. (84) if (&User-Name =~ /\.\./ ) -> FALSE
  8032. (84) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  8033. (84) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  8034. (84) if (&User-Name =~ /\.$/) {
  8035. (84) if (&User-Name =~ /\.$/) -> FALSE
  8036. (84) if (&User-Name =~ /@\./) {
  8037. (84) if (&User-Name =~ /@\./) -> FALSE
  8038. (84) } # if (&User-Name) = notfound
  8039. (84) } # policy filter_username = notfound
  8040. (84) [preprocess] = ok
  8041. (84) [chap] = noop
  8042. (84) [mschap] = noop
  8043. (84) [digest] = noop
  8044. (84) suffix: Checking for suffix after "@"
  8045. (84) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  8046. (84) suffix: No such realm "NULL"
  8047. (84) [suffix] = noop
  8048. (84) eap: Peer sent EAP Response (code 2) ID 84 length 43
  8049. (84) eap: Continuing tunnel setup
  8050. (84) [eap] = ok
  8051. (84) } # authorize = ok
  8052. (84) Found Auth-Type = eap
  8053. (84) # Executing group from file /etc/raddb/sites-enabled/default
  8054. (84) authenticate {
  8055. (84) eap: Expiring EAP session with state 0x124efabc101ae35a
  8056. (84) eap: Finished EAP session with state 0x124efabc101ae35a
  8057. (84) eap: Previous EAP request found for state 0x124efabc101ae35a, released from the list
  8058. (84) eap: Peer sent packet with method EAP PEAP (25)
  8059. (84) eap: Calling submodule eap_peap to process data
  8060. (84) eap_peap: Continuing EAP-TLS
  8061. (84) eap_peap: [eaptls verify] = ok
  8062. (84) eap_peap: Done initial handshake
  8063. (84) eap_peap: [eaptls process] = ok
  8064. (84) eap_peap: Session established. Decoding tunneled attributes
  8065. (84) eap_peap: PEAP state send tlv success
  8066. (84) eap_peap: Received EAP-TLV response
  8067. (84) eap_peap: Success
  8068. (84) eap_peap: No saved attributes in the original Access-Accept
  8069. (84) eap: Sending EAP Success (code 3) ID 84 length 4
  8070. (84) eap: Freeing handler
  8071. (84) [eap] = ok
  8072. (84) } # authenticate = ok
  8073. (84) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  8074. (84) post-auth {
  8075. (84) update {
  8076. (84) No attributes updated
  8077. (84) } # update = noop
  8078. (84) [exec] = noop
  8079. (84) policy remove_reply_message_if_eap {
  8080. (84) if (&reply:EAP-Message && &reply:Reply-Message) {
  8081. (84) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  8082. (84) else {
  8083. (84) [noop] = noop
  8084. (84) } # else = noop
  8085. (84) } # policy remove_reply_message_if_eap = noop
  8086. (84) } # post-auth = noop
  8087. (84) Sent Access-Accept Id 75 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  8088. (84) MS-MPPE-Recv-Key = 0x9bc1b246fb71c4fe201e17ba2ebdcd0a4734b8b6e015516f3657923999dde66d
  8089. (84) MS-MPPE-Send-Key = 0x8d49b1716e06afc30d789984faee36f7b40fb8e8271ab87cd3ca03b0255920ae
  8090. (84) EAP-Message = 0x03540004
  8091. (84) Message-Authenticator = 0x00000000000000000000000000000000
  8092. (84) User-Name = "vkratsberg"
  8093. (84) Finished request
  8094. Waking up in 2.8 seconds.
  8095. (85) Received Access-Request Id 76 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  8096. (85) User-Name = "vkratsberg"
  8097. (85) NAS-Port = 358
  8098. (85) EAP-Message = 0x0255000f01766b7261747362657267
  8099. (85) Message-Authenticator = 0x0ac312fd287d347f488511266471d76f
  8100. (85) Acct-Session-Id = "8O2.1x81bb0d580002eae1"
  8101. (85) NAS-Port-Id = "ge-3/0/6.0"
  8102. (85) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  8103. (85) Called-Station-Id = "ec-3e-f7-68-35-00"
  8104. (85) NAS-IP-Address = 10.8.0.111
  8105. (85) NAS-Identifier = "nyc-access-sw011"
  8106. (85) NAS-Port-Type = Ethernet
  8107. (85) # Executing section authorize from file /etc/raddb/sites-enabled/default
  8108. (85) authorize {
  8109. (85) policy filter_username {
  8110. (85) if (&User-Name) {
  8111. (85) if (&User-Name) -> TRUE
  8112. (85) if (&User-Name) {
  8113. (85) if (&User-Name =~ / /) {
  8114. (85) if (&User-Name =~ / /) -> FALSE
  8115. (85) if (&User-Name =~ /@[^@]*@/ ) {
  8116. (85) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  8117. (85) if (&User-Name =~ /\.\./ ) {
  8118. (85) if (&User-Name =~ /\.\./ ) -> FALSE
  8119. (85) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  8120. (85) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  8121. (85) if (&User-Name =~ /\.$/) {
  8122. (85) if (&User-Name =~ /\.$/) -> FALSE
  8123. (85) if (&User-Name =~ /@\./) {
  8124. (85) if (&User-Name =~ /@\./) -> FALSE
  8125. (85) } # if (&User-Name) = notfound
  8126. (85) } # policy filter_username = notfound
  8127. (85) [preprocess] = ok
  8128. (85) [chap] = noop
  8129. (85) [mschap] = noop
  8130. (85) [digest] = noop
  8131. (85) suffix: Checking for suffix after "@"
  8132. (85) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  8133. (85) suffix: No such realm "NULL"
  8134. (85) [suffix] = noop
  8135. (85) eap: Peer sent EAP Response (code 2) ID 85 length 15
  8136. (85) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  8137. (85) [eap] = ok
  8138. (85) } # authorize = ok
  8139. (85) Found Auth-Type = eap
  8140. (85) # Executing group from file /etc/raddb/sites-enabled/default
  8141. (85) authenticate {
  8142. (85) eap: Peer sent packet with method EAP Identity (1)
  8143. (85) eap: Calling submodule eap_peap to process data
  8144. (85) eap_peap: Initiating new EAP-TLS session
  8145. (85) eap_peap: [eaptls start] = request
  8146. (85) eap: Sending EAP Request (code 1) ID 86 length 6
  8147. (85) eap: EAP session adding &reply:State = 0x3b7152a53b274b41
  8148. (85) [eap] = handled
  8149. (85) } # authenticate = handled
  8150. (85) Using Post-Auth-Type Challenge
  8151. (85) Post-Auth-Type sub-section not found. Ignoring.
  8152. (85) # Executing group from file /etc/raddb/sites-enabled/default
  8153. (85) Sent Access-Challenge Id 76 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  8154. (85) EAP-Message = 0x015600061920
  8155. (85) Message-Authenticator = 0x00000000000000000000000000000000
  8156. (85) State = 0x3b7152a53b274b416fcd4be241112892
  8157. (85) Finished request
  8158. Waking up in 2.7 seconds.
  8159. (86) Received Access-Request Id 77 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  8160. (86) User-Name = "vkratsberg"
  8161. (86) NAS-Port = 358
  8162. (86) State = 0x3b7152a53b274b416fcd4be241112892
  8163. (86) EAP-Message = 0x025600a31980000000991603010094010000900301574f326ebb91bcf6cb8ace947cffb47307e3e9b83d2f27807b7aa1dbcd0762f62099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  8164. (86) Message-Authenticator = 0x706d3f53ca731570a55ab25374759a48
  8165. (86) Acct-Session-Id = "8O2.1x81bb0d580002eae1"
  8166. (86) NAS-Port-Id = "ge-3/0/6.0"
  8167. (86) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  8168. (86) Called-Station-Id = "ec-3e-f7-68-35-00"
  8169. (86) NAS-IP-Address = 10.8.0.111
  8170. (86) NAS-Identifier = "nyc-access-sw011"
  8171. (86) NAS-Port-Type = Ethernet
  8172. (86) session-state: No cached attributes
  8173. (86) # Executing section authorize from file /etc/raddb/sites-enabled/default
  8174. (86) authorize {
  8175. (86) policy filter_username {
  8176. (86) if (&User-Name) {
  8177. (86) if (&User-Name) -> TRUE
  8178. (86) if (&User-Name) {
  8179. (86) if (&User-Name =~ / /) {
  8180. (86) if (&User-Name =~ / /) -> FALSE
  8181. (86) if (&User-Name =~ /@[^@]*@/ ) {
  8182. (86) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  8183. (86) if (&User-Name =~ /\.\./ ) {
  8184. (86) if (&User-Name =~ /\.\./ ) -> FALSE
  8185. (86) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  8186. (86) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  8187. (86) if (&User-Name =~ /\.$/) {
  8188. (86) if (&User-Name =~ /\.$/) -> FALSE
  8189. (86) if (&User-Name =~ /@\./) {
  8190. (86) if (&User-Name =~ /@\./) -> FALSE
  8191. (86) } # if (&User-Name) = notfound
  8192. (86) } # policy filter_username = notfound
  8193. (86) [preprocess] = ok
  8194. (86) [chap] = noop
  8195. (86) [mschap] = noop
  8196. (86) [digest] = noop
  8197. (86) suffix: Checking for suffix after "@"
  8198. (86) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  8199. (86) suffix: No such realm "NULL"
  8200. (86) [suffix] = noop
  8201. (86) eap: Peer sent EAP Response (code 2) ID 86 length 163
  8202. (86) eap: Continuing tunnel setup
  8203. (86) [eap] = ok
  8204. (86) } # authorize = ok
  8205. (86) Found Auth-Type = eap
  8206. (86) # Executing group from file /etc/raddb/sites-enabled/default
  8207. (86) authenticate {
  8208. (86) eap: Expiring EAP session with state 0x3b7152a53b274b41
  8209. (86) eap: Finished EAP session with state 0x3b7152a53b274b41
  8210. (86) eap: Previous EAP request found for state 0x3b7152a53b274b41, released from the list
  8211. (86) eap: Peer sent packet with method EAP PEAP (25)
  8212. (86) eap: Calling submodule eap_peap to process data
  8213. (86) eap_peap: Continuing EAP-TLS
  8214. (86) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  8215. (86) eap_peap: Got complete TLS record (153 bytes)
  8216. (86) eap_peap: [eaptls verify] = length included
  8217. (86) eap_peap: (other): before/accept initialization
  8218. (86) eap_peap: TLS_accept: before/accept initialization
  8219. (86) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  8220. (86) eap_peap: TLS_accept: SSLv3 read client hello A
  8221. (86) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  8222. (86) eap_peap: TLS_accept: SSLv3 write server hello A
  8223. (86) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  8224. (86) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  8225. (86) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  8226. (86) eap_peap: TLS_accept: SSLv3 write finished A
  8227. (86) eap_peap: TLS_accept: SSLv3 flush data
  8228. (86) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  8229. (86) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  8230. (86) eap_peap: In SSL Handshake Phase
  8231. (86) eap_peap: In SSL Accept mode
  8232. (86) eap_peap: [eaptls process] = handled
  8233. (86) eap: Sending EAP Request (code 1) ID 87 length 159
  8234. (86) eap: EAP session adding &reply:State = 0x3b7152a53a264b41
  8235. (86) [eap] = handled
  8236. (86) } # authenticate = handled
  8237. (86) Using Post-Auth-Type Challenge
  8238. (86) Post-Auth-Type sub-section not found. Ignoring.
  8239. (86) # Executing group from file /etc/raddb/sites-enabled/default
  8240. (86) Sent Access-Challenge Id 77 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  8241. (86) EAP-Message = 0x0157009f19001603010059020000550301574f326e23599f5a8f9ecc24f0407fd25fb73626febbe9feb50ecff65a0a670f2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b0004030001021403010001011603010030b2a30d96e7fa6513
  8242. (86) Message-Authenticator = 0x00000000000000000000000000000000
  8243. (86) State = 0x3b7152a53a264b416fcd4be241112892
  8244. (86) Finished request
  8245. Waking up in 2.7 seconds.
  8246. (87) Received Access-Request Id 78 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  8247. (87) User-Name = "vkratsberg"
  8248. (87) NAS-Port = 358
  8249. (87) State = 0x3b7152a53a264b416fcd4be241112892
  8250. (87) EAP-Message = 0x0257004519800000003b1403010001011603010030c576be4b2fc9ec7cbd9612c1b29bf931ef0bd9ee31bd2e5f474ba2b5d2e7c5403be1764d4a3f546b53eb45fad068590d
  8251. (87) Message-Authenticator = 0x68e3cb2677fb8d8a7a46022cf5b55354
  8252. (87) Acct-Session-Id = "8O2.1x81bb0d580002eae1"
  8253. (87) NAS-Port-Id = "ge-3/0/6.0"
  8254. (87) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  8255. (87) Called-Station-Id = "ec-3e-f7-68-35-00"
  8256. (87) NAS-IP-Address = 10.8.0.111
  8257. (87) NAS-Identifier = "nyc-access-sw011"
  8258. (87) NAS-Port-Type = Ethernet
  8259. (87) session-state: No cached attributes
  8260. (87) # Executing section authorize from file /etc/raddb/sites-enabled/default
  8261. (87) authorize {
  8262. (87) policy filter_username {
  8263. (87) if (&User-Name) {
  8264. (87) if (&User-Name) -> TRUE
  8265. (87) if (&User-Name) {
  8266. (87) if (&User-Name =~ / /) {
  8267. (87) if (&User-Name =~ / /) -> FALSE
  8268. (87) if (&User-Name =~ /@[^@]*@/ ) {
  8269. (87) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  8270. (87) if (&User-Name =~ /\.\./ ) {
  8271. (87) if (&User-Name =~ /\.\./ ) -> FALSE
  8272. (87) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  8273. (87) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  8274. (87) if (&User-Name =~ /\.$/) {
  8275. (87) if (&User-Name =~ /\.$/) -> FALSE
  8276. (87) if (&User-Name =~ /@\./) {
  8277. (87) if (&User-Name =~ /@\./) -> FALSE
  8278. (87) } # if (&User-Name) = notfound
  8279. (87) } # policy filter_username = notfound
  8280. (87) [preprocess] = ok
  8281. (87) [chap] = noop
  8282. (87) [mschap] = noop
  8283. (87) [digest] = noop
  8284. (87) suffix: Checking for suffix after "@"
  8285. (87) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  8286. (87) suffix: No such realm "NULL"
  8287. (87) [suffix] = noop
  8288. (87) eap: Peer sent EAP Response (code 2) ID 87 length 69
  8289. (87) eap: Continuing tunnel setup
  8290. (87) [eap] = ok
  8291. (87) } # authorize = ok
  8292. (87) Found Auth-Type = eap
  8293. (87) # Executing group from file /etc/raddb/sites-enabled/default
  8294. (87) authenticate {
  8295. (87) eap: Expiring EAP session with state 0x3b7152a53a264b41
  8296. (87) eap: Finished EAP session with state 0x3b7152a53a264b41
  8297. (87) eap: Previous EAP request found for state 0x3b7152a53a264b41, released from the list
  8298. (87) eap: Peer sent packet with method EAP PEAP (25)
  8299. (87) eap: Calling submodule eap_peap to process data
  8300. (87) eap_peap: Continuing EAP-TLS
  8301. (87) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  8302. (87) eap_peap: Got complete TLS record (59 bytes)
  8303. (87) eap_peap: [eaptls verify] = length included
  8304. (87) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  8305. (87) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  8306. (87) eap_peap: TLS_accept: SSLv3 read finished A
  8307. (87) eap_peap: (other): SSL negotiation finished successfully
  8308. (87) eap_peap: SSL Connection Established
  8309. (87) eap_peap: SSL Application Data
  8310. (87) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  8311. (87) eap_peap: reply:User-Name = "vkratsberg"
  8312. (87) eap_peap: [eaptls process] = success
  8313. (87) eap_peap: Session established. Decoding tunneled attributes
  8314. (87) eap_peap: PEAP state TUNNEL ESTABLISHED
  8315. (87) eap_peap: Skipping Phase2 because of session resumption
  8316. (87) eap_peap: SUCCESS
  8317. (87) eap: Sending EAP Request (code 1) ID 88 length 43
  8318. (87) eap: EAP session adding &reply:State = 0x3b7152a539294b41
  8319. (87) [eap] = handled
  8320. (87) } # authenticate = handled
  8321. (87) Using Post-Auth-Type Challenge
  8322. (87) Post-Auth-Type sub-section not found. Ignoring.
  8323. (87) # Executing group from file /etc/raddb/sites-enabled/default
  8324. (87) Sent Access-Challenge Id 78 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  8325. (87) User-Name = "vkratsberg"
  8326. (87) EAP-Message = 0x0158002b19001703010020a4a5da500e5e980a9e690dd27c048e0d36f2362c1e0110ef24494bcfe6adec53
  8327. (87) Message-Authenticator = 0x00000000000000000000000000000000
  8328. (87) State = 0x3b7152a539294b416fcd4be241112892
  8329. (87) Finished request
  8330. Waking up in 2.7 seconds.
  8331. (88) Received Access-Request Id 79 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  8332. (88) User-Name = "vkratsberg"
  8333. (88) NAS-Port = 358
  8334. (88) State = 0x3b7152a539294b416fcd4be241112892
  8335. (88) EAP-Message = 0x0258002b1900170301002026834beaea1c74d4d0925321c266ddc7cab8faa172c0a087aea18306bb70e34d
  8336. (88) Message-Authenticator = 0xa1dfa2afac327a3168c21a689fce866c
  8337. (88) Acct-Session-Id = "8O2.1x81bb0d580002eae1"
  8338. (88) NAS-Port-Id = "ge-3/0/6.0"
  8339. (88) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  8340. (88) Called-Station-Id = "ec-3e-f7-68-35-00"
  8341. (88) NAS-IP-Address = 10.8.0.111
  8342. (88) NAS-Identifier = "nyc-access-sw011"
  8343. (88) NAS-Port-Type = Ethernet
  8344. (88) session-state: No cached attributes
  8345. (88) # Executing section authorize from file /etc/raddb/sites-enabled/default
  8346. (88) authorize {
  8347. (88) policy filter_username {
  8348. (88) if (&User-Name) {
  8349. (88) if (&User-Name) -> TRUE
  8350. (88) if (&User-Name) {
  8351. (88) if (&User-Name =~ / /) {
  8352. (88) if (&User-Name =~ / /) -> FALSE
  8353. (88) if (&User-Name =~ /@[^@]*@/ ) {
  8354. (88) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  8355. (88) if (&User-Name =~ /\.\./ ) {
  8356. (88) if (&User-Name =~ /\.\./ ) -> FALSE
  8357. (88) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  8358. (88) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  8359. (88) if (&User-Name =~ /\.$/) {
  8360. (88) if (&User-Name =~ /\.$/) -> FALSE
  8361. (88) if (&User-Name =~ /@\./) {
  8362. (88) if (&User-Name =~ /@\./) -> FALSE
  8363. (88) } # if (&User-Name) = notfound
  8364. (88) } # policy filter_username = notfound
  8365. (88) [preprocess] = ok
  8366. (88) [chap] = noop
  8367. (88) [mschap] = noop
  8368. (88) [digest] = noop
  8369. (88) suffix: Checking for suffix after "@"
  8370. (88) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  8371. (88) suffix: No such realm "NULL"
  8372. (88) [suffix] = noop
  8373. (88) eap: Peer sent EAP Response (code 2) ID 88 length 43
  8374. (88) eap: Continuing tunnel setup
  8375. (88) [eap] = ok
  8376. (88) } # authorize = ok
  8377. (88) Found Auth-Type = eap
  8378. (88) # Executing group from file /etc/raddb/sites-enabled/default
  8379. (88) authenticate {
  8380. (88) eap: Expiring EAP session with state 0x3b7152a539294b41
  8381. (88) eap: Finished EAP session with state 0x3b7152a539294b41
  8382. (88) eap: Previous EAP request found for state 0x3b7152a539294b41, released from the list
  8383. (88) eap: Peer sent packet with method EAP PEAP (25)
  8384. (88) eap: Calling submodule eap_peap to process data
  8385. (88) eap_peap: Continuing EAP-TLS
  8386. (88) eap_peap: [eaptls verify] = ok
  8387. (88) eap_peap: Done initial handshake
  8388. (88) eap_peap: [eaptls process] = ok
  8389. (88) eap_peap: Session established. Decoding tunneled attributes
  8390. (88) eap_peap: PEAP state send tlv success
  8391. (88) eap_peap: Received EAP-TLV response
  8392. (88) eap_peap: Success
  8393. (88) eap_peap: No saved attributes in the original Access-Accept
  8394. (88) eap: Sending EAP Success (code 3) ID 88 length 4
  8395. (88) eap: Freeing handler
  8396. (88) [eap] = ok
  8397. (88) } # authenticate = ok
  8398. (88) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  8399. (88) post-auth {
  8400. (88) update {
  8401. (88) No attributes updated
  8402. (88) } # update = noop
  8403. (88) [exec] = noop
  8404. (88) policy remove_reply_message_if_eap {
  8405. (88) if (&reply:EAP-Message && &reply:Reply-Message) {
  8406. (88) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  8407. (88) else {
  8408. (88) [noop] = noop
  8409. (88) } # else = noop
  8410. (88) } # policy remove_reply_message_if_eap = noop
  8411. (88) } # post-auth = noop
  8412. (88) Sent Access-Accept Id 79 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  8413. (88) MS-MPPE-Recv-Key = 0xe291261f2cc017d702e2dbdbaeabf9dd716cc62de3562da313f86c3e50e72749
  8414. (88) MS-MPPE-Send-Key = 0x1c295f7506a85a11a19879d3ff8b6409796bbb1de7cdd94462b1ab2ebfc3766e
  8415. (88) EAP-Message = 0x03580004
  8416. (88) Message-Authenticator = 0x00000000000000000000000000000000
  8417. (88) User-Name = "vkratsberg"
  8418. (88) Finished request
  8419. Waking up in 2.7 seconds.
  8420. (89) Received Access-Request Id 80 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  8421. (89) User-Name = "vkratsberg"
  8422. (89) NAS-Port = 358
  8423. (89) EAP-Message = 0x0259000f01766b7261747362657267
  8424. (89) Message-Authenticator = 0xbc0cbf1be3e746a67eb893c132ce3e79
  8425. (89) Acct-Session-Id = "8O2.1x81bb0d5900048a0b"
  8426. (89) NAS-Port-Id = "ge-3/0/6.0"
  8427. (89) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  8428. (89) Called-Station-Id = "ec-3e-f7-68-35-00"
  8429. (89) NAS-IP-Address = 10.8.0.111
  8430. (89) NAS-Identifier = "nyc-access-sw011"
  8431. (89) NAS-Port-Type = Ethernet
  8432. (89) # Executing section authorize from file /etc/raddb/sites-enabled/default
  8433. (89) authorize {
  8434. (89) policy filter_username {
  8435. (89) if (&User-Name) {
  8436. (89) if (&User-Name) -> TRUE
  8437. (89) if (&User-Name) {
  8438. (89) if (&User-Name =~ / /) {
  8439. (89) if (&User-Name =~ / /) -> FALSE
  8440. (89) if (&User-Name =~ /@[^@]*@/ ) {
  8441. (89) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  8442. (89) if (&User-Name =~ /\.\./ ) {
  8443. (89) if (&User-Name =~ /\.\./ ) -> FALSE
  8444. (89) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  8445. (89) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  8446. (89) if (&User-Name =~ /\.$/) {
  8447. (89) if (&User-Name =~ /\.$/) -> FALSE
  8448. (89) if (&User-Name =~ /@\./) {
  8449. (89) if (&User-Name =~ /@\./) -> FALSE
  8450. (89) } # if (&User-Name) = notfound
  8451. (89) } # policy filter_username = notfound
  8452. (89) [preprocess] = ok
  8453. (89) [chap] = noop
  8454. (89) [mschap] = noop
  8455. (89) [digest] = noop
  8456. (89) suffix: Checking for suffix after "@"
  8457. (89) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  8458. (89) suffix: No such realm "NULL"
  8459. (89) [suffix] = noop
  8460. (89) eap: Peer sent EAP Response (code 2) ID 89 length 15
  8461. (89) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  8462. (89) [eap] = ok
  8463. (89) } # authorize = ok
  8464. (89) Found Auth-Type = eap
  8465. (89) # Executing group from file /etc/raddb/sites-enabled/default
  8466. (89) authenticate {
  8467. (89) eap: Peer sent packet with method EAP Identity (1)
  8468. (89) eap: Calling submodule eap_peap to process data
  8469. (89) eap_peap: Initiating new EAP-TLS session
  8470. (89) eap_peap: [eaptls start] = request
  8471. (89) eap: Sending EAP Request (code 1) ID 90 length 6
  8472. (89) eap: EAP session adding &reply:State = 0x336ec4043334dd13
  8473. (89) [eap] = handled
  8474. (89) } # authenticate = handled
  8475. (89) Using Post-Auth-Type Challenge
  8476. (89) Post-Auth-Type sub-section not found. Ignoring.
  8477. (89) # Executing group from file /etc/raddb/sites-enabled/default
  8478. (89) Sent Access-Challenge Id 80 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  8479. (89) EAP-Message = 0x015a00061920
  8480. (89) Message-Authenticator = 0x00000000000000000000000000000000
  8481. (89) State = 0x336ec4043334dd13a800f7ee07e427da
  8482. (89) Finished request
  8483. Waking up in 2.6 seconds.
  8484. (90) Received Access-Request Id 81 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  8485. (90) User-Name = "vkratsberg"
  8486. (90) NAS-Port = 358
  8487. (90) State = 0x336ec4043334dd13a800f7ee07e427da
  8488. (90) EAP-Message = 0x025a00a31980000000991603010094010000900301574f326e301b7acd2ce94776019cbef3ea78f63e72a20feb2bdc424e59ff36892099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  8489. (90) Message-Authenticator = 0xb1e174adad134e4ffd4e4c2f9e65ca7d
  8490. (90) Acct-Session-Id = "8O2.1x81bb0d5900048a0b"
  8491. (90) NAS-Port-Id = "ge-3/0/6.0"
  8492. (90) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  8493. (90) Called-Station-Id = "ec-3e-f7-68-35-00"
  8494. (90) NAS-IP-Address = 10.8.0.111
  8495. (90) NAS-Identifier = "nyc-access-sw011"
  8496. (90) NAS-Port-Type = Ethernet
  8497. (90) session-state: No cached attributes
  8498. (90) # Executing section authorize from file /etc/raddb/sites-enabled/default
  8499. (90) authorize {
  8500. (90) policy filter_username {
  8501. (90) if (&User-Name) {
  8502. (90) if (&User-Name) -> TRUE
  8503. (90) if (&User-Name) {
  8504. (90) if (&User-Name =~ / /) {
  8505. (90) if (&User-Name =~ / /) -> FALSE
  8506. (90) if (&User-Name =~ /@[^@]*@/ ) {
  8507. (90) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  8508. (90) if (&User-Name =~ /\.\./ ) {
  8509. (90) if (&User-Name =~ /\.\./ ) -> FALSE
  8510. (90) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  8511. (90) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  8512. (90) if (&User-Name =~ /\.$/) {
  8513. (90) if (&User-Name =~ /\.$/) -> FALSE
  8514. (90) if (&User-Name =~ /@\./) {
  8515. (90) if (&User-Name =~ /@\./) -> FALSE
  8516. (90) } # if (&User-Name) = notfound
  8517. (90) } # policy filter_username = notfound
  8518. (90) [preprocess] = ok
  8519. (90) [chap] = noop
  8520. (90) [mschap] = noop
  8521. (90) [digest] = noop
  8522. (90) suffix: Checking for suffix after "@"
  8523. (90) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  8524. (90) suffix: No such realm "NULL"
  8525. (90) [suffix] = noop
  8526. (90) eap: Peer sent EAP Response (code 2) ID 90 length 163
  8527. (90) eap: Continuing tunnel setup
  8528. (90) [eap] = ok
  8529. (90) } # authorize = ok
  8530. (90) Found Auth-Type = eap
  8531. (90) # Executing group from file /etc/raddb/sites-enabled/default
  8532. (90) authenticate {
  8533. (90) eap: Expiring EAP session with state 0x336ec4043334dd13
  8534. (90) eap: Finished EAP session with state 0x336ec4043334dd13
  8535. (90) eap: Previous EAP request found for state 0x336ec4043334dd13, released from the list
  8536. (90) eap: Peer sent packet with method EAP PEAP (25)
  8537. (90) eap: Calling submodule eap_peap to process data
  8538. (90) eap_peap: Continuing EAP-TLS
  8539. (90) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  8540. (90) eap_peap: Got complete TLS record (153 bytes)
  8541. (90) eap_peap: [eaptls verify] = length included
  8542. (90) eap_peap: (other): before/accept initialization
  8543. (90) eap_peap: TLS_accept: before/accept initialization
  8544. (90) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  8545. (90) eap_peap: TLS_accept: SSLv3 read client hello A
  8546. (90) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  8547. (90) eap_peap: TLS_accept: SSLv3 write server hello A
  8548. (90) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  8549. (90) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  8550. (90) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  8551. (90) eap_peap: TLS_accept: SSLv3 write finished A
  8552. (90) eap_peap: TLS_accept: SSLv3 flush data
  8553. (90) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  8554. (90) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  8555. (90) eap_peap: In SSL Handshake Phase
  8556. (90) eap_peap: In SSL Accept mode
  8557. (90) eap_peap: [eaptls process] = handled
  8558. (90) eap: Sending EAP Request (code 1) ID 91 length 159
  8559. (90) eap: EAP session adding &reply:State = 0x336ec4043235dd13
  8560. (90) [eap] = handled
  8561. (90) } # authenticate = handled
  8562. (90) Using Post-Auth-Type Challenge
  8563. (90) Post-Auth-Type sub-section not found. Ignoring.
  8564. (90) # Executing group from file /etc/raddb/sites-enabled/default
  8565. (90) Sent Access-Challenge Id 81 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  8566. (90) EAP-Message = 0x015b009f19001603010059020000550301574f326e5fac314cffe0bff4b2c9e50cafda3dfdc76f110b56b0adac324f7e382099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b00040300010214030100010116030100307b70bd88c1b729d5
  8567. (90) Message-Authenticator = 0x00000000000000000000000000000000
  8568. (90) State = 0x336ec4043235dd13a800f7ee07e427da
  8569. (90) Finished request
  8570. Waking up in 2.6 seconds.
  8571. (91) Received Access-Request Id 82 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  8572. (91) User-Name = "vkratsberg"
  8573. (91) NAS-Port = 358
  8574. (91) State = 0x336ec4043235dd13a800f7ee07e427da
  8575. (91) EAP-Message = 0x025b004519800000003b1403010001011603010030328179d00b4bffb8809784521fffdf920abc0bb8d7648ee02efc97cc2cc201989c478644da62dc2a9a0f8eac4c335e9d
  8576. (91) Message-Authenticator = 0x16402ff5cd57e2ad1be37d9d11149e42
  8577. (91) Acct-Session-Id = "8O2.1x81bb0d5900048a0b"
  8578. (91) NAS-Port-Id = "ge-3/0/6.0"
  8579. (91) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  8580. (91) Called-Station-Id = "ec-3e-f7-68-35-00"
  8581. (91) NAS-IP-Address = 10.8.0.111
  8582. (91) NAS-Identifier = "nyc-access-sw011"
  8583. (91) NAS-Port-Type = Ethernet
  8584. (91) session-state: No cached attributes
  8585. (91) # Executing section authorize from file /etc/raddb/sites-enabled/default
  8586. (91) authorize {
  8587. (91) policy filter_username {
  8588. (91) if (&User-Name) {
  8589. (91) if (&User-Name) -> TRUE
  8590. (91) if (&User-Name) {
  8591. (91) if (&User-Name =~ / /) {
  8592. (91) if (&User-Name =~ / /) -> FALSE
  8593. (91) if (&User-Name =~ /@[^@]*@/ ) {
  8594. (91) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  8595. (91) if (&User-Name =~ /\.\./ ) {
  8596. (91) if (&User-Name =~ /\.\./ ) -> FALSE
  8597. (91) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  8598. (91) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  8599. (91) if (&User-Name =~ /\.$/) {
  8600. (91) if (&User-Name =~ /\.$/) -> FALSE
  8601. (91) if (&User-Name =~ /@\./) {
  8602. (91) if (&User-Name =~ /@\./) -> FALSE
  8603. (91) } # if (&User-Name) = notfound
  8604. (91) } # policy filter_username = notfound
  8605. (91) [preprocess] = ok
  8606. (91) [chap] = noop
  8607. (91) [mschap] = noop
  8608. (91) [digest] = noop
  8609. (91) suffix: Checking for suffix after "@"
  8610. (91) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  8611. (91) suffix: No such realm "NULL"
  8612. (91) [suffix] = noop
  8613. (91) eap: Peer sent EAP Response (code 2) ID 91 length 69
  8614. (91) eap: Continuing tunnel setup
  8615. (91) [eap] = ok
  8616. (91) } # authorize = ok
  8617. (91) Found Auth-Type = eap
  8618. (91) # Executing group from file /etc/raddb/sites-enabled/default
  8619. (91) authenticate {
  8620. (91) eap: Expiring EAP session with state 0x336ec4043235dd13
  8621. (91) eap: Finished EAP session with state 0x336ec4043235dd13
  8622. (91) eap: Previous EAP request found for state 0x336ec4043235dd13, released from the list
  8623. (91) eap: Peer sent packet with method EAP PEAP (25)
  8624. (91) eap: Calling submodule eap_peap to process data
  8625. (91) eap_peap: Continuing EAP-TLS
  8626. (91) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  8627. (91) eap_peap: Got complete TLS record (59 bytes)
  8628. (91) eap_peap: [eaptls verify] = length included
  8629. (91) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  8630. (91) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  8631. (91) eap_peap: TLS_accept: SSLv3 read finished A
  8632. (91) eap_peap: (other): SSL negotiation finished successfully
  8633. (91) eap_peap: SSL Connection Established
  8634. (91) eap_peap: SSL Application Data
  8635. (91) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  8636. (91) eap_peap: reply:User-Name = "vkratsberg"
  8637. (91) eap_peap: [eaptls process] = success
  8638. (91) eap_peap: Session established. Decoding tunneled attributes
  8639. (91) eap_peap: PEAP state TUNNEL ESTABLISHED
  8640. (91) eap_peap: Skipping Phase2 because of session resumption
  8641. (91) eap_peap: SUCCESS
  8642. (91) eap: Sending EAP Request (code 1) ID 92 length 43
  8643. (91) eap: EAP session adding &reply:State = 0x336ec4043132dd13
  8644. (91) [eap] = handled
  8645. (91) } # authenticate = handled
  8646. (91) Using Post-Auth-Type Challenge
  8647. (91) Post-Auth-Type sub-section not found. Ignoring.
  8648. (91) # Executing group from file /etc/raddb/sites-enabled/default
  8649. (91) Sent Access-Challenge Id 82 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  8650. (91) User-Name = "vkratsberg"
  8651. (91) EAP-Message = 0x015c002b19001703010020f4b12f91d521c5412014b1d166d8d372f18d1e5ba22c985ee577732d24bf4945
  8652. (91) Message-Authenticator = 0x00000000000000000000000000000000
  8653. (91) State = 0x336ec4043132dd13a800f7ee07e427da
  8654. (91) Finished request
  8655. Waking up in 2.6 seconds.
  8656. (92) Received Access-Request Id 83 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  8657. (92) User-Name = "vkratsberg"
  8658. (92) NAS-Port = 358
  8659. (92) State = 0x336ec4043132dd13a800f7ee07e427da
  8660. (92) EAP-Message = 0x025c002b1900170301002085166d1d0b2d033d584aaaa25e3a332d752c4a744bfbf208973cc3d1c779be7d
  8661. (92) Message-Authenticator = 0x8b4e507143f60fe7de2af0b3127673e7
  8662. (92) Acct-Session-Id = "8O2.1x81bb0d5900048a0b"
  8663. (92) NAS-Port-Id = "ge-3/0/6.0"
  8664. (92) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  8665. (92) Called-Station-Id = "ec-3e-f7-68-35-00"
  8666. (92) NAS-IP-Address = 10.8.0.111
  8667. (92) NAS-Identifier = "nyc-access-sw011"
  8668. (92) NAS-Port-Type = Ethernet
  8669. (92) session-state: No cached attributes
  8670. (92) # Executing section authorize from file /etc/raddb/sites-enabled/default
  8671. (92) authorize {
  8672. (92) policy filter_username {
  8673. (92) if (&User-Name) {
  8674. (92) if (&User-Name) -> TRUE
  8675. (92) if (&User-Name) {
  8676. (92) if (&User-Name =~ / /) {
  8677. (92) if (&User-Name =~ / /) -> FALSE
  8678. (92) if (&User-Name =~ /@[^@]*@/ ) {
  8679. (92) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  8680. (92) if (&User-Name =~ /\.\./ ) {
  8681. (92) if (&User-Name =~ /\.\./ ) -> FALSE
  8682. (92) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  8683. (92) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  8684. (92) if (&User-Name =~ /\.$/) {
  8685. (92) if (&User-Name =~ /\.$/) -> FALSE
  8686. (92) if (&User-Name =~ /@\./) {
  8687. (92) if (&User-Name =~ /@\./) -> FALSE
  8688. (92) } # if (&User-Name) = notfound
  8689. (92) } # policy filter_username = notfound
  8690. (92) [preprocess] = ok
  8691. (92) [chap] = noop
  8692. (92) [mschap] = noop
  8693. (92) [digest] = noop
  8694. (92) suffix: Checking for suffix after "@"
  8695. (92) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  8696. (92) suffix: No such realm "NULL"
  8697. (92) [suffix] = noop
  8698. (92) eap: Peer sent EAP Response (code 2) ID 92 length 43
  8699. (92) eap: Continuing tunnel setup
  8700. (92) [eap] = ok
  8701. (92) } # authorize = ok
  8702. (92) Found Auth-Type = eap
  8703. (92) # Executing group from file /etc/raddb/sites-enabled/default
  8704. (92) authenticate {
  8705. (92) eap: Expiring EAP session with state 0x336ec4043132dd13
  8706. (92) eap: Finished EAP session with state 0x336ec4043132dd13
  8707. (92) eap: Previous EAP request found for state 0x336ec4043132dd13, released from the list
  8708. (92) eap: Peer sent packet with method EAP PEAP (25)
  8709. (92) eap: Calling submodule eap_peap to process data
  8710. (92) eap_peap: Continuing EAP-TLS
  8711. (92) eap_peap: [eaptls verify] = ok
  8712. (92) eap_peap: Done initial handshake
  8713. (92) eap_peap: [eaptls process] = ok
  8714. (92) eap_peap: Session established. Decoding tunneled attributes
  8715. (92) eap_peap: PEAP state send tlv success
  8716. (92) eap_peap: Received EAP-TLV response
  8717. (92) eap_peap: Success
  8718. (92) eap_peap: No saved attributes in the original Access-Accept
  8719. (92) eap: Sending EAP Success (code 3) ID 92 length 4
  8720. (92) eap: Freeing handler
  8721. (92) [eap] = ok
  8722. (92) } # authenticate = ok
  8723. (92) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  8724. (92) post-auth {
  8725. (92) update {
  8726. (92) No attributes updated
  8727. (92) } # update = noop
  8728. (92) [exec] = noop
  8729. (92) policy remove_reply_message_if_eap {
  8730. (92) if (&reply:EAP-Message && &reply:Reply-Message) {
  8731. (92) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  8732. (92) else {
  8733. (92) [noop] = noop
  8734. (92) } # else = noop
  8735. (92) } # policy remove_reply_message_if_eap = noop
  8736. (92) } # post-auth = noop
  8737. (92) Sent Access-Accept Id 83 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  8738. (92) MS-MPPE-Recv-Key = 0xa6c546db07d18af2288bd6691d05d4a1f1798da0b652bf4e4a113e7b7c461613
  8739. (92) MS-MPPE-Send-Key = 0xaf825fea97a6fb2b713387cc79e066a68f23b744d0979dfcac0e125383d48ce5
  8740. (92) EAP-Message = 0x035c0004
  8741. (92) Message-Authenticator = 0x00000000000000000000000000000000
  8742. (92) User-Name = "vkratsberg"
  8743. (92) Finished request
  8744. Waking up in 2.6 seconds.
  8745. (93) Received Access-Request Id 84 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  8746. (93) User-Name = "vkratsberg"
  8747. (93) NAS-Port = 358
  8748. (93) EAP-Message = 0x025d000f01766b7261747362657267
  8749. (93) Message-Authenticator = 0xa447ac15cae1920618175e1b93ff058f
  8750. (93) Acct-Session-Id = "8O2.1x81bb0d5a000623a8"
  8751. (93) NAS-Port-Id = "ge-3/0/6.0"
  8752. (93) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  8753. (93) Called-Station-Id = "ec-3e-f7-68-35-00"
  8754. (93) NAS-IP-Address = 10.8.0.111
  8755. (93) NAS-Identifier = "nyc-access-sw011"
  8756. (93) NAS-Port-Type = Ethernet
  8757. (93) # Executing section authorize from file /etc/raddb/sites-enabled/default
  8758. (93) authorize {
  8759. (93) policy filter_username {
  8760. (93) if (&User-Name) {
  8761. (93) if (&User-Name) -> TRUE
  8762. (93) if (&User-Name) {
  8763. (93) if (&User-Name =~ / /) {
  8764. (93) if (&User-Name =~ / /) -> FALSE
  8765. (93) if (&User-Name =~ /@[^@]*@/ ) {
  8766. (93) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  8767. (93) if (&User-Name =~ /\.\./ ) {
  8768. (93) if (&User-Name =~ /\.\./ ) -> FALSE
  8769. (93) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  8770. (93) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  8771. (93) if (&User-Name =~ /\.$/) {
  8772. (93) if (&User-Name =~ /\.$/) -> FALSE
  8773. (93) if (&User-Name =~ /@\./) {
  8774. (93) if (&User-Name =~ /@\./) -> FALSE
  8775. (93) } # if (&User-Name) = notfound
  8776. (93) } # policy filter_username = notfound
  8777. (93) [preprocess] = ok
  8778. (93) [chap] = noop
  8779. (93) [mschap] = noop
  8780. (93) [digest] = noop
  8781. (93) suffix: Checking for suffix after "@"
  8782. (93) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  8783. (93) suffix: No such realm "NULL"
  8784. (93) [suffix] = noop
  8785. (93) eap: Peer sent EAP Response (code 2) ID 93 length 15
  8786. (93) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  8787. (93) [eap] = ok
  8788. (93) } # authorize = ok
  8789. (93) Found Auth-Type = eap
  8790. (93) # Executing group from file /etc/raddb/sites-enabled/default
  8791. (93) authenticate {
  8792. (93) eap: Peer sent packet with method EAP Identity (1)
  8793. (93) eap: Calling submodule eap_peap to process data
  8794. (93) eap_peap: Initiating new EAP-TLS session
  8795. (93) eap_peap: [eaptls start] = request
  8796. (93) eap: Sending EAP Request (code 1) ID 94 length 6
  8797. (93) eap: EAP session adding &reply:State = 0xbde7cbbabdb9d2df
  8798. (93) [eap] = handled
  8799. (93) } # authenticate = handled
  8800. (93) Using Post-Auth-Type Challenge
  8801. (93) Post-Auth-Type sub-section not found. Ignoring.
  8802. (93) # Executing group from file /etc/raddb/sites-enabled/default
  8803. (93) Sent Access-Challenge Id 84 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  8804. (93) EAP-Message = 0x015e00061920
  8805. (93) Message-Authenticator = 0x00000000000000000000000000000000
  8806. (93) State = 0xbde7cbbabdb9d2dfcbde6dec7edd0188
  8807. (93) Finished request
  8808. Waking up in 2.5 seconds.
  8809. (94) Received Access-Request Id 85 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  8810. (94) User-Name = "vkratsberg"
  8811. (94) NAS-Port = 358
  8812. (94) State = 0xbde7cbbabdb9d2dfcbde6dec7edd0188
  8813. (94) EAP-Message = 0x025e00a31980000000991603010094010000900301574f326e31adece178e9f81b036048de99aae537052b8338ca2f377a738112842099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  8814. (94) Message-Authenticator = 0xdf7f65231a5d12e351ad18d9a59f8b54
  8815. (94) Acct-Session-Id = "8O2.1x81bb0d5a000623a8"
  8816. (94) NAS-Port-Id = "ge-3/0/6.0"
  8817. (94) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  8818. (94) Called-Station-Id = "ec-3e-f7-68-35-00"
  8819. (94) NAS-IP-Address = 10.8.0.111
  8820. (94) NAS-Identifier = "nyc-access-sw011"
  8821. (94) NAS-Port-Type = Ethernet
  8822. (94) session-state: No cached attributes
  8823. (94) # Executing section authorize from file /etc/raddb/sites-enabled/default
  8824. (94) authorize {
  8825. (94) policy filter_username {
  8826. (94) if (&User-Name) {
  8827. (94) if (&User-Name) -> TRUE
  8828. (94) if (&User-Name) {
  8829. (94) if (&User-Name =~ / /) {
  8830. (94) if (&User-Name =~ / /) -> FALSE
  8831. (94) if (&User-Name =~ /@[^@]*@/ ) {
  8832. (94) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  8833. (94) if (&User-Name =~ /\.\./ ) {
  8834. (94) if (&User-Name =~ /\.\./ ) -> FALSE
  8835. (94) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  8836. (94) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  8837. (94) if (&User-Name =~ /\.$/) {
  8838. (94) if (&User-Name =~ /\.$/) -> FALSE
  8839. (94) if (&User-Name =~ /@\./) {
  8840. (94) if (&User-Name =~ /@\./) -> FALSE
  8841. (94) } # if (&User-Name) = notfound
  8842. (94) } # policy filter_username = notfound
  8843. (94) [preprocess] = ok
  8844. (94) [chap] = noop
  8845. (94) [mschap] = noop
  8846. (94) [digest] = noop
  8847. (94) suffix: Checking for suffix after "@"
  8848. (94) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  8849. (94) suffix: No such realm "NULL"
  8850. (94) [suffix] = noop
  8851. (94) eap: Peer sent EAP Response (code 2) ID 94 length 163
  8852. (94) eap: Continuing tunnel setup
  8853. (94) [eap] = ok
  8854. (94) } # authorize = ok
  8855. (94) Found Auth-Type = eap
  8856. (94) # Executing group from file /etc/raddb/sites-enabled/default
  8857. (94) authenticate {
  8858. (94) eap: Expiring EAP session with state 0xbde7cbbabdb9d2df
  8859. (94) eap: Finished EAP session with state 0xbde7cbbabdb9d2df
  8860. (94) eap: Previous EAP request found for state 0xbde7cbbabdb9d2df, released from the list
  8861. (94) eap: Peer sent packet with method EAP PEAP (25)
  8862. (94) eap: Calling submodule eap_peap to process data
  8863. (94) eap_peap: Continuing EAP-TLS
  8864. (94) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  8865. (94) eap_peap: Got complete TLS record (153 bytes)
  8866. (94) eap_peap: [eaptls verify] = length included
  8867. (94) eap_peap: (other): before/accept initialization
  8868. (94) eap_peap: TLS_accept: before/accept initialization
  8869. (94) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  8870. (94) eap_peap: TLS_accept: SSLv3 read client hello A
  8871. (94) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  8872. (94) eap_peap: TLS_accept: SSLv3 write server hello A
  8873. (94) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  8874. (94) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  8875. (94) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  8876. (94) eap_peap: TLS_accept: SSLv3 write finished A
  8877. (94) eap_peap: TLS_accept: SSLv3 flush data
  8878. (94) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  8879. (94) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  8880. (94) eap_peap: In SSL Handshake Phase
  8881. (94) eap_peap: In SSL Accept mode
  8882. (94) eap_peap: [eaptls process] = handled
  8883. (94) eap: Sending EAP Request (code 1) ID 95 length 159
  8884. (94) eap: EAP session adding &reply:State = 0xbde7cbbabcb8d2df
  8885. (94) [eap] = handled
  8886. (94) } # authenticate = handled
  8887. (94) Using Post-Auth-Type Challenge
  8888. (94) Post-Auth-Type sub-section not found. Ignoring.
  8889. (94) # Executing group from file /etc/raddb/sites-enabled/default
  8890. (94) Sent Access-Challenge Id 85 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  8891. (94) EAP-Message = 0x015f009f19001603010059020000550301574f326e468c8ac247994e2e76c3cc38dbf0d90c6873b7d0e2835ddd82ea5a7f2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b00040300010214030100010116030100305adac9899fe87003
  8892. (94) Message-Authenticator = 0x00000000000000000000000000000000
  8893. (94) State = 0xbde7cbbabcb8d2dfcbde6dec7edd0188
  8894. (94) Finished request
  8895. Waking up in 2.5 seconds.
  8896. (95) Received Access-Request Id 86 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  8897. (95) User-Name = "vkratsberg"
  8898. (95) NAS-Port = 358
  8899. (95) State = 0xbde7cbbabcb8d2dfcbde6dec7edd0188
  8900. (95) EAP-Message = 0x025f004519800000003b14030100010116030100304fc2be6e26c19290d607cb6697e79b75d227c1652977c3c0494f9dadff32f2cc4136a62c97de18992a33c1a8df5e7b86
  8901. (95) Message-Authenticator = 0x2bdfaebf7e7df10392ac31e52df42582
  8902. (95) Acct-Session-Id = "8O2.1x81bb0d5a000623a8"
  8903. (95) NAS-Port-Id = "ge-3/0/6.0"
  8904. (95) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  8905. (95) Called-Station-Id = "ec-3e-f7-68-35-00"
  8906. (95) NAS-IP-Address = 10.8.0.111
  8907. (95) NAS-Identifier = "nyc-access-sw011"
  8908. (95) NAS-Port-Type = Ethernet
  8909. (95) session-state: No cached attributes
  8910. (95) # Executing section authorize from file /etc/raddb/sites-enabled/default
  8911. (95) authorize {
  8912. (95) policy filter_username {
  8913. (95) if (&User-Name) {
  8914. (95) if (&User-Name) -> TRUE
  8915. (95) if (&User-Name) {
  8916. (95) if (&User-Name =~ / /) {
  8917. (95) if (&User-Name =~ / /) -> FALSE
  8918. (95) if (&User-Name =~ /@[^@]*@/ ) {
  8919. (95) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  8920. (95) if (&User-Name =~ /\.\./ ) {
  8921. (95) if (&User-Name =~ /\.\./ ) -> FALSE
  8922. (95) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  8923. (95) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  8924. (95) if (&User-Name =~ /\.$/) {
  8925. (95) if (&User-Name =~ /\.$/) -> FALSE
  8926. (95) if (&User-Name =~ /@\./) {
  8927. (95) if (&User-Name =~ /@\./) -> FALSE
  8928. (95) } # if (&User-Name) = notfound
  8929. (95) } # policy filter_username = notfound
  8930. (95) [preprocess] = ok
  8931. (95) [chap] = noop
  8932. (95) [mschap] = noop
  8933. (95) [digest] = noop
  8934. (95) suffix: Checking for suffix after "@"
  8935. (95) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  8936. (95) suffix: No such realm "NULL"
  8937. (95) [suffix] = noop
  8938. (95) eap: Peer sent EAP Response (code 2) ID 95 length 69
  8939. (95) eap: Continuing tunnel setup
  8940. (95) [eap] = ok
  8941. (95) } # authorize = ok
  8942. (95) Found Auth-Type = eap
  8943. (95) # Executing group from file /etc/raddb/sites-enabled/default
  8944. (95) authenticate {
  8945. (95) eap: Expiring EAP session with state 0xbde7cbbabcb8d2df
  8946. (95) eap: Finished EAP session with state 0xbde7cbbabcb8d2df
  8947. (95) eap: Previous EAP request found for state 0xbde7cbbabcb8d2df, released from the list
  8948. (95) eap: Peer sent packet with method EAP PEAP (25)
  8949. (95) eap: Calling submodule eap_peap to process data
  8950. (95) eap_peap: Continuing EAP-TLS
  8951. (95) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  8952. (95) eap_peap: Got complete TLS record (59 bytes)
  8953. (95) eap_peap: [eaptls verify] = length included
  8954. (95) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  8955. (95) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  8956. (95) eap_peap: TLS_accept: SSLv3 read finished A
  8957. (95) eap_peap: (other): SSL negotiation finished successfully
  8958. (95) eap_peap: SSL Connection Established
  8959. (95) eap_peap: SSL Application Data
  8960. (95) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  8961. (95) eap_peap: reply:User-Name = "vkratsberg"
  8962. (95) eap_peap: [eaptls process] = success
  8963. (95) eap_peap: Session established. Decoding tunneled attributes
  8964. (95) eap_peap: PEAP state TUNNEL ESTABLISHED
  8965. (95) eap_peap: Skipping Phase2 because of session resumption
  8966. (95) eap_peap: SUCCESS
  8967. (95) eap: Sending EAP Request (code 1) ID 96 length 43
  8968. (95) eap: EAP session adding &reply:State = 0xbde7cbbabf87d2df
  8969. (95) [eap] = handled
  8970. (95) } # authenticate = handled
  8971. (95) Using Post-Auth-Type Challenge
  8972. (95) Post-Auth-Type sub-section not found. Ignoring.
  8973. (95) # Executing group from file /etc/raddb/sites-enabled/default
  8974. (95) Sent Access-Challenge Id 86 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  8975. (95) User-Name = "vkratsberg"
  8976. (95) EAP-Message = 0x0160002b1900170301002086aba8532d1f05c1a8d8559ed59a514f743470bff573c2b7a9696a7d10753e49
  8977. (95) Message-Authenticator = 0x00000000000000000000000000000000
  8978. (95) State = 0xbde7cbbabf87d2dfcbde6dec7edd0188
  8979. (95) Finished request
  8980. Waking up in 2.4 seconds.
  8981. (96) Received Access-Request Id 87 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  8982. (96) User-Name = "vkratsberg"
  8983. (96) NAS-Port = 358
  8984. (96) State = 0xbde7cbbabf87d2dfcbde6dec7edd0188
  8985. (96) EAP-Message = 0x0260002b190017030100209554142422bffaccc262c6dd19cfe3b6bc799dd79d3bd7d45ccb295234e6a71b
  8986. (96) Message-Authenticator = 0x9276ff3b8e01eb61e56bd79b626c908e
  8987. (96) Acct-Session-Id = "8O2.1x81bb0d5a000623a8"
  8988. (96) NAS-Port-Id = "ge-3/0/6.0"
  8989. (96) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  8990. (96) Called-Station-Id = "ec-3e-f7-68-35-00"
  8991. (96) NAS-IP-Address = 10.8.0.111
  8992. (96) NAS-Identifier = "nyc-access-sw011"
  8993. (96) NAS-Port-Type = Ethernet
  8994. (96) session-state: No cached attributes
  8995. (96) # Executing section authorize from file /etc/raddb/sites-enabled/default
  8996. (96) authorize {
  8997. (96) policy filter_username {
  8998. (96) if (&User-Name) {
  8999. (96) if (&User-Name) -> TRUE
  9000. (96) if (&User-Name) {
  9001. (96) if (&User-Name =~ / /) {
  9002. (96) if (&User-Name =~ / /) -> FALSE
  9003. (96) if (&User-Name =~ /@[^@]*@/ ) {
  9004. (96) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  9005. (96) if (&User-Name =~ /\.\./ ) {
  9006. (96) if (&User-Name =~ /\.\./ ) -> FALSE
  9007. (96) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  9008. (96) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  9009. (96) if (&User-Name =~ /\.$/) {
  9010. (96) if (&User-Name =~ /\.$/) -> FALSE
  9011. (96) if (&User-Name =~ /@\./) {
  9012. (96) if (&User-Name =~ /@\./) -> FALSE
  9013. (96) } # if (&User-Name) = notfound
  9014. (96) } # policy filter_username = notfound
  9015. (96) [preprocess] = ok
  9016. (96) [chap] = noop
  9017. (96) [mschap] = noop
  9018. (96) [digest] = noop
  9019. (96) suffix: Checking for suffix after "@"
  9020. (96) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  9021. (96) suffix: No such realm "NULL"
  9022. (96) [suffix] = noop
  9023. (96) eap: Peer sent EAP Response (code 2) ID 96 length 43
  9024. (96) eap: Continuing tunnel setup
  9025. (96) [eap] = ok
  9026. (96) } # authorize = ok
  9027. (96) Found Auth-Type = eap
  9028. (96) # Executing group from file /etc/raddb/sites-enabled/default
  9029. (96) authenticate {
  9030. (96) eap: Expiring EAP session with state 0xbde7cbbabf87d2df
  9031. (96) eap: Finished EAP session with state 0xbde7cbbabf87d2df
  9032. (96) eap: Previous EAP request found for state 0xbde7cbbabf87d2df, released from the list
  9033. (96) eap: Peer sent packet with method EAP PEAP (25)
  9034. (96) eap: Calling submodule eap_peap to process data
  9035. (96) eap_peap: Continuing EAP-TLS
  9036. (96) eap_peap: [eaptls verify] = ok
  9037. (96) eap_peap: Done initial handshake
  9038. (96) eap_peap: [eaptls process] = ok
  9039. (96) eap_peap: Session established. Decoding tunneled attributes
  9040. (96) eap_peap: PEAP state send tlv success
  9041. (96) eap_peap: Received EAP-TLV response
  9042. (96) eap_peap: Success
  9043. (96) eap_peap: No saved attributes in the original Access-Accept
  9044. (96) eap: Sending EAP Success (code 3) ID 96 length 4
  9045. (96) eap: Freeing handler
  9046. (96) [eap] = ok
  9047. (96) } # authenticate = ok
  9048. (96) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  9049. (96) post-auth {
  9050. (96) update {
  9051. (96) No attributes updated
  9052. (96) } # update = noop
  9053. (96) [exec] = noop
  9054. (96) policy remove_reply_message_if_eap {
  9055. (96) if (&reply:EAP-Message && &reply:Reply-Message) {
  9056. (96) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  9057. (96) else {
  9058. (96) [noop] = noop
  9059. (96) } # else = noop
  9060. (96) } # policy remove_reply_message_if_eap = noop
  9061. (96) } # post-auth = noop
  9062. (96) Sent Access-Accept Id 87 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  9063. (96) MS-MPPE-Recv-Key = 0x7786c306b27af0b6a4cf9f7a3b663489f45f8e041dbac40682f4d79184b550cb
  9064. (96) MS-MPPE-Send-Key = 0x5f9e02a9ba8aaa1dee69ee69c2e9fd0360d8ab777eff50d1b276e7409bec99ce
  9065. (96) EAP-Message = 0x03600004
  9066. (96) Message-Authenticator = 0x00000000000000000000000000000000
  9067. (96) User-Name = "vkratsberg"
  9068. (96) Finished request
  9069. Waking up in 2.4 seconds.
  9070. (97) Received Access-Request Id 88 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  9071. (97) User-Name = "vkratsberg"
  9072. (97) NAS-Port = 358
  9073. (97) EAP-Message = 0x0261000f01766b7261747362657267
  9074. (97) Message-Authenticator = 0x58f388e0a9ff67b468bc5978073f1637
  9075. (97) Acct-Session-Id = "8O2.1x81bb0d5b0007d8cd"
  9076. (97) NAS-Port-Id = "ge-3/0/6.0"
  9077. (97) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  9078. (97) Called-Station-Id = "ec-3e-f7-68-35-00"
  9079. (97) NAS-IP-Address = 10.8.0.111
  9080. (97) NAS-Identifier = "nyc-access-sw011"
  9081. (97) NAS-Port-Type = Ethernet
  9082. (97) # Executing section authorize from file /etc/raddb/sites-enabled/default
  9083. (97) authorize {
  9084. (97) policy filter_username {
  9085. (97) if (&User-Name) {
  9086. (97) if (&User-Name) -> TRUE
  9087. (97) if (&User-Name) {
  9088. (97) if (&User-Name =~ / /) {
  9089. (97) if (&User-Name =~ / /) -> FALSE
  9090. (97) if (&User-Name =~ /@[^@]*@/ ) {
  9091. (97) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  9092. (97) if (&User-Name =~ /\.\./ ) {
  9093. (97) if (&User-Name =~ /\.\./ ) -> FALSE
  9094. (97) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  9095. (97) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  9096. (97) if (&User-Name =~ /\.$/) {
  9097. (97) if (&User-Name =~ /\.$/) -> FALSE
  9098. (97) if (&User-Name =~ /@\./) {
  9099. (97) if (&User-Name =~ /@\./) -> FALSE
  9100. (97) } # if (&User-Name) = notfound
  9101. (97) } # policy filter_username = notfound
  9102. (97) [preprocess] = ok
  9103. (97) [chap] = noop
  9104. (97) [mschap] = noop
  9105. (97) [digest] = noop
  9106. (97) suffix: Checking for suffix after "@"
  9107. (97) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  9108. (97) suffix: No such realm "NULL"
  9109. (97) [suffix] = noop
  9110. (97) eap: Peer sent EAP Response (code 2) ID 97 length 15
  9111. (97) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  9112. (97) [eap] = ok
  9113. (97) } # authorize = ok
  9114. (97) Found Auth-Type = eap
  9115. (97) # Executing group from file /etc/raddb/sites-enabled/default
  9116. (97) authenticate {
  9117. (97) eap: Peer sent packet with method EAP Identity (1)
  9118. (97) eap: Calling submodule eap_peap to process data
  9119. (97) eap_peap: Initiating new EAP-TLS session
  9120. (97) eap_peap: [eaptls start] = request
  9121. (97) eap: Sending EAP Request (code 1) ID 98 length 6
  9122. (97) eap: EAP session adding &reply:State = 0x0ef775070e956ce1
  9123. (97) [eap] = handled
  9124. (97) } # authenticate = handled
  9125. (97) Using Post-Auth-Type Challenge
  9126. (97) Post-Auth-Type sub-section not found. Ignoring.
  9127. (97) # Executing group from file /etc/raddb/sites-enabled/default
  9128. (97) Sent Access-Challenge Id 88 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  9129. (97) EAP-Message = 0x016200061920
  9130. (97) Message-Authenticator = 0x00000000000000000000000000000000
  9131. (97) State = 0x0ef775070e956ce179117bd9194657b5
  9132. (97) Finished request
  9133. Waking up in 2.4 seconds.
  9134. (98) Received Access-Request Id 89 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  9135. (98) User-Name = "vkratsberg"
  9136. (98) NAS-Port = 358
  9137. (98) State = 0x0ef775070e956ce179117bd9194657b5
  9138. (98) EAP-Message = 0x026200a31980000000991603010094010000900301574f326efccec6e5ecc7accdda8722cc9baa8f4f994b7a6696dec9ccbf7648582099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  9139. (98) Message-Authenticator = 0x176d64340a988c8d1a489ea869509897
  9140. (98) Acct-Session-Id = "8O2.1x81bb0d5b0007d8cd"
  9141. (98) NAS-Port-Id = "ge-3/0/6.0"
  9142. (98) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  9143. (98) Called-Station-Id = "ec-3e-f7-68-35-00"
  9144. (98) NAS-IP-Address = 10.8.0.111
  9145. (98) NAS-Identifier = "nyc-access-sw011"
  9146. (98) NAS-Port-Type = Ethernet
  9147. (98) session-state: No cached attributes
  9148. (98) # Executing section authorize from file /etc/raddb/sites-enabled/default
  9149. (98) authorize {
  9150. (98) policy filter_username {
  9151. (98) if (&User-Name) {
  9152. (98) if (&User-Name) -> TRUE
  9153. (98) if (&User-Name) {
  9154. (98) if (&User-Name =~ / /) {
  9155. (98) if (&User-Name =~ / /) -> FALSE
  9156. (98) if (&User-Name =~ /@[^@]*@/ ) {
  9157. (98) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  9158. (98) if (&User-Name =~ /\.\./ ) {
  9159. (98) if (&User-Name =~ /\.\./ ) -> FALSE
  9160. (98) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  9161. (98) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  9162. (98) if (&User-Name =~ /\.$/) {
  9163. (98) if (&User-Name =~ /\.$/) -> FALSE
  9164. (98) if (&User-Name =~ /@\./) {
  9165. (98) if (&User-Name =~ /@\./) -> FALSE
  9166. (98) } # if (&User-Name) = notfound
  9167. (98) } # policy filter_username = notfound
  9168. (98) [preprocess] = ok
  9169. (98) [chap] = noop
  9170. (98) [mschap] = noop
  9171. (98) [digest] = noop
  9172. (98) suffix: Checking for suffix after "@"
  9173. (98) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  9174. (98) suffix: No such realm "NULL"
  9175. (98) [suffix] = noop
  9176. (98) eap: Peer sent EAP Response (code 2) ID 98 length 163
  9177. (98) eap: Continuing tunnel setup
  9178. (98) [eap] = ok
  9179. (98) } # authorize = ok
  9180. (98) Found Auth-Type = eap
  9181. (98) # Executing group from file /etc/raddb/sites-enabled/default
  9182. (98) authenticate {
  9183. (98) eap: Expiring EAP session with state 0x0ef775070e956ce1
  9184. (98) eap: Finished EAP session with state 0x0ef775070e956ce1
  9185. (98) eap: Previous EAP request found for state 0x0ef775070e956ce1, released from the list
  9186. (98) eap: Peer sent packet with method EAP PEAP (25)
  9187. (98) eap: Calling submodule eap_peap to process data
  9188. (98) eap_peap: Continuing EAP-TLS
  9189. (98) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  9190. (98) eap_peap: Got complete TLS record (153 bytes)
  9191. (98) eap_peap: [eaptls verify] = length included
  9192. (98) eap_peap: (other): before/accept initialization
  9193. (98) eap_peap: TLS_accept: before/accept initialization
  9194. (98) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  9195. (98) eap_peap: TLS_accept: SSLv3 read client hello A
  9196. (98) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  9197. (98) eap_peap: TLS_accept: SSLv3 write server hello A
  9198. (98) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  9199. (98) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  9200. (98) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  9201. (98) eap_peap: TLS_accept: SSLv3 write finished A
  9202. (98) eap_peap: TLS_accept: SSLv3 flush data
  9203. (98) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  9204. (98) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  9205. (98) eap_peap: In SSL Handshake Phase
  9206. (98) eap_peap: In SSL Accept mode
  9207. (98) eap_peap: [eaptls process] = handled
  9208. (98) eap: Sending EAP Request (code 1) ID 99 length 159
  9209. (98) eap: EAP session adding &reply:State = 0x0ef775070f946ce1
  9210. (98) [eap] = handled
  9211. (98) } # authenticate = handled
  9212. (98) Using Post-Auth-Type Challenge
  9213. (98) Post-Auth-Type sub-section not found. Ignoring.
  9214. (98) # Executing group from file /etc/raddb/sites-enabled/default
  9215. (98) Sent Access-Challenge Id 89 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  9216. (98) EAP-Message = 0x0163009f19001603010059020000550301574f326ed954ca27583241712982c85cf3220ae8265ea439252e32c53b234b042099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b000403000102140301000101160301003083ffd139b7bb092b
  9217. (98) Message-Authenticator = 0x00000000000000000000000000000000
  9218. (98) State = 0x0ef775070f946ce179117bd9194657b5
  9219. (98) Finished request
  9220. Waking up in 2.4 seconds.
  9221. (99) Received Access-Request Id 90 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  9222. (99) User-Name = "vkratsberg"
  9223. (99) NAS-Port = 358
  9224. (99) State = 0x0ef775070f946ce179117bd9194657b5
  9225. (99) EAP-Message = 0x0263004519800000003b1403010001011603010030ab5a05b483bb91ce2958d2ee445f19e3205d6817ae0bc60bf4fba4b2870b1794dba04b1ea01228947a3c6c8e5438464e
  9226. (99) Message-Authenticator = 0x847833302e1716efbc3d9682c5151cc3
  9227. (99) Acct-Session-Id = "8O2.1x81bb0d5b0007d8cd"
  9228. (99) NAS-Port-Id = "ge-3/0/6.0"
  9229. (99) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  9230. (99) Called-Station-Id = "ec-3e-f7-68-35-00"
  9231. (99) NAS-IP-Address = 10.8.0.111
  9232. (99) NAS-Identifier = "nyc-access-sw011"
  9233. (99) NAS-Port-Type = Ethernet
  9234. (99) session-state: No cached attributes
  9235. (99) # Executing section authorize from file /etc/raddb/sites-enabled/default
  9236. (99) authorize {
  9237. (99) policy filter_username {
  9238. (99) if (&User-Name) {
  9239. (99) if (&User-Name) -> TRUE
  9240. (99) if (&User-Name) {
  9241. (99) if (&User-Name =~ / /) {
  9242. (99) if (&User-Name =~ / /) -> FALSE
  9243. (99) if (&User-Name =~ /@[^@]*@/ ) {
  9244. (99) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  9245. (99) if (&User-Name =~ /\.\./ ) {
  9246. (99) if (&User-Name =~ /\.\./ ) -> FALSE
  9247. (99) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  9248. (99) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  9249. (99) if (&User-Name =~ /\.$/) {
  9250. (99) if (&User-Name =~ /\.$/) -> FALSE
  9251. (99) if (&User-Name =~ /@\./) {
  9252. (99) if (&User-Name =~ /@\./) -> FALSE
  9253. (99) } # if (&User-Name) = notfound
  9254. (99) } # policy filter_username = notfound
  9255. (99) [preprocess] = ok
  9256. (99) [chap] = noop
  9257. (99) [mschap] = noop
  9258. (99) [digest] = noop
  9259. (99) suffix: Checking for suffix after "@"
  9260. (99) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  9261. (99) suffix: No such realm "NULL"
  9262. (99) [suffix] = noop
  9263. (99) eap: Peer sent EAP Response (code 2) ID 99 length 69
  9264. (99) eap: Continuing tunnel setup
  9265. (99) [eap] = ok
  9266. (99) } # authorize = ok
  9267. (99) Found Auth-Type = eap
  9268. (99) # Executing group from file /etc/raddb/sites-enabled/default
  9269. (99) authenticate {
  9270. (99) eap: Expiring EAP session with state 0x0ef775070f946ce1
  9271. (99) eap: Finished EAP session with state 0x0ef775070f946ce1
  9272. (99) eap: Previous EAP request found for state 0x0ef775070f946ce1, released from the list
  9273. (99) eap: Peer sent packet with method EAP PEAP (25)
  9274. (99) eap: Calling submodule eap_peap to process data
  9275. (99) eap_peap: Continuing EAP-TLS
  9276. (99) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  9277. (99) eap_peap: Got complete TLS record (59 bytes)
  9278. (99) eap_peap: [eaptls verify] = length included
  9279. (99) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  9280. (99) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  9281. (99) eap_peap: TLS_accept: SSLv3 read finished A
  9282. (99) eap_peap: (other): SSL negotiation finished successfully
  9283. (99) eap_peap: SSL Connection Established
  9284. (99) eap_peap: SSL Application Data
  9285. (99) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  9286. (99) eap_peap: reply:User-Name = "vkratsberg"
  9287. (99) eap_peap: [eaptls process] = success
  9288. (99) eap_peap: Session established. Decoding tunneled attributes
  9289. (99) eap_peap: PEAP state TUNNEL ESTABLISHED
  9290. (99) eap_peap: Skipping Phase2 because of session resumption
  9291. (99) eap_peap: SUCCESS
  9292. (99) eap: Sending EAP Request (code 1) ID 100 length 43
  9293. (99) eap: EAP session adding &reply:State = 0x0ef775070c936ce1
  9294. (99) [eap] = handled
  9295. (99) } # authenticate = handled
  9296. (99) Using Post-Auth-Type Challenge
  9297. (99) Post-Auth-Type sub-section not found. Ignoring.
  9298. (99) # Executing group from file /etc/raddb/sites-enabled/default
  9299. (99) Sent Access-Challenge Id 90 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  9300. (99) User-Name = "vkratsberg"
  9301. (99) EAP-Message = 0x0164002b19001703010020fdbd2971cc86eb2ed52776050528515568931f6214381da5065d9c3cb87c3fc7
  9302. (99) Message-Authenticator = 0x00000000000000000000000000000000
  9303. (99) State = 0x0ef775070c936ce179117bd9194657b5
  9304. (99) Finished request
  9305. Waking up in 2.3 seconds.
  9306. (100) Received Access-Request Id 91 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  9307. (100) User-Name = "vkratsberg"
  9308. (100) NAS-Port = 358
  9309. (100) State = 0x0ef775070c936ce179117bd9194657b5
  9310. (100) EAP-Message = 0x0264002b190017030100202a1330019d7788a6ac825321045878c0faa5f26c678518d57bdcbf8e06a4ab19
  9311. (100) Message-Authenticator = 0x7c961d21efea8831fb499ba2ad73074d
  9312. (100) Acct-Session-Id = "8O2.1x81bb0d5b0007d8cd"
  9313. (100) NAS-Port-Id = "ge-3/0/6.0"
  9314. (100) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  9315. (100) Called-Station-Id = "ec-3e-f7-68-35-00"
  9316. (100) NAS-IP-Address = 10.8.0.111
  9317. (100) NAS-Identifier = "nyc-access-sw011"
  9318. (100) NAS-Port-Type = Ethernet
  9319. (100) session-state: No cached attributes
  9320. (100) # Executing section authorize from file /etc/raddb/sites-enabled/default
  9321. (100) authorize {
  9322. (100) policy filter_username {
  9323. (100) if (&User-Name) {
  9324. (100) if (&User-Name) -> TRUE
  9325. (100) if (&User-Name) {
  9326. (100) if (&User-Name =~ / /) {
  9327. (100) if (&User-Name =~ / /) -> FALSE
  9328. (100) if (&User-Name =~ /@[^@]*@/ ) {
  9329. (100) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  9330. (100) if (&User-Name =~ /\.\./ ) {
  9331. (100) if (&User-Name =~ /\.\./ ) -> FALSE
  9332. (100) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  9333. (100) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  9334. (100) if (&User-Name =~ /\.$/) {
  9335. (100) if (&User-Name =~ /\.$/) -> FALSE
  9336. (100) if (&User-Name =~ /@\./) {
  9337. (100) if (&User-Name =~ /@\./) -> FALSE
  9338. (100) } # if (&User-Name) = notfound
  9339. (100) } # policy filter_username = notfound
  9340. (100) [preprocess] = ok
  9341. (100) [chap] = noop
  9342. (100) [mschap] = noop
  9343. (100) [digest] = noop
  9344. (100) suffix: Checking for suffix after "@"
  9345. (100) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  9346. (100) suffix: No such realm "NULL"
  9347. (100) [suffix] = noop
  9348. (100) eap: Peer sent EAP Response (code 2) ID 100 length 43
  9349. (100) eap: Continuing tunnel setup
  9350. (100) [eap] = ok
  9351. (100) } # authorize = ok
  9352. (100) Found Auth-Type = eap
  9353. (100) # Executing group from file /etc/raddb/sites-enabled/default
  9354. (100) authenticate {
  9355. (100) eap: Expiring EAP session with state 0x0ef775070c936ce1
  9356. (100) eap: Finished EAP session with state 0x0ef775070c936ce1
  9357. (100) eap: Previous EAP request found for state 0x0ef775070c936ce1, released from the list
  9358. (100) eap: Peer sent packet with method EAP PEAP (25)
  9359. (100) eap: Calling submodule eap_peap to process data
  9360. (100) eap_peap: Continuing EAP-TLS
  9361. (100) eap_peap: [eaptls verify] = ok
  9362. (100) eap_peap: Done initial handshake
  9363. (100) eap_peap: [eaptls process] = ok
  9364. (100) eap_peap: Session established. Decoding tunneled attributes
  9365. (100) eap_peap: PEAP state send tlv success
  9366. (100) eap_peap: Received EAP-TLV response
  9367. (100) eap_peap: Success
  9368. (100) eap_peap: No saved attributes in the original Access-Accept
  9369. (100) eap: Sending EAP Success (code 3) ID 100 length 4
  9370. (100) eap: Freeing handler
  9371. (100) [eap] = ok
  9372. (100) } # authenticate = ok
  9373. (100) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  9374. (100) post-auth {
  9375. (100) update {
  9376. (100) No attributes updated
  9377. (100) } # update = noop
  9378. (100) [exec] = noop
  9379. (100) policy remove_reply_message_if_eap {
  9380. (100) if (&reply:EAP-Message && &reply:Reply-Message) {
  9381. (100) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  9382. (100) else {
  9383. (100) [noop] = noop
  9384. (100) } # else = noop
  9385. (100) } # policy remove_reply_message_if_eap = noop
  9386. (100) } # post-auth = noop
  9387. (100) Sent Access-Accept Id 91 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  9388. (100) MS-MPPE-Recv-Key = 0xa9a2f5da55800301aa5bd198852e5710834f05b4bf7826cca0b25cdd76350a2e
  9389. (100) MS-MPPE-Send-Key = 0x24705b05c593045b88eeea8aa8f984876f0c3d9cdcb5aec1eebebee5c460e39c
  9390. (100) EAP-Message = 0x03640004
  9391. (100) Message-Authenticator = 0x00000000000000000000000000000000
  9392. (100) User-Name = "vkratsberg"
  9393. (100) Finished request
  9394. Waking up in 2.3 seconds.
  9395. (101) Received Access-Request Id 92 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  9396. (101) User-Name = "vkratsberg"
  9397. (101) NAS-Port = 358
  9398. (101) EAP-Message = 0x0265000f01766b7261747362657267
  9399. (101) Message-Authenticator = 0x486e33a95d8bb1f999f6d312074008bb
  9400. (101) Acct-Session-Id = "8O2.1x81bb0d5c0009723b"
  9401. (101) NAS-Port-Id = "ge-3/0/6.0"
  9402. (101) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  9403. (101) Called-Station-Id = "ec-3e-f7-68-35-00"
  9404. (101) NAS-IP-Address = 10.8.0.111
  9405. (101) NAS-Identifier = "nyc-access-sw011"
  9406. (101) NAS-Port-Type = Ethernet
  9407. (101) # Executing section authorize from file /etc/raddb/sites-enabled/default
  9408. (101) authorize {
  9409. (101) policy filter_username {
  9410. (101) if (&User-Name) {
  9411. (101) if (&User-Name) -> TRUE
  9412. (101) if (&User-Name) {
  9413. (101) if (&User-Name =~ / /) {
  9414. (101) if (&User-Name =~ / /) -> FALSE
  9415. (101) if (&User-Name =~ /@[^@]*@/ ) {
  9416. (101) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  9417. (101) if (&User-Name =~ /\.\./ ) {
  9418. (101) if (&User-Name =~ /\.\./ ) -> FALSE
  9419. (101) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  9420. (101) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  9421. (101) if (&User-Name =~ /\.$/) {
  9422. (101) if (&User-Name =~ /\.$/) -> FALSE
  9423. (101) if (&User-Name =~ /@\./) {
  9424. (101) if (&User-Name =~ /@\./) -> FALSE
  9425. (101) } # if (&User-Name) = notfound
  9426. (101) } # policy filter_username = notfound
  9427. (101) [preprocess] = ok
  9428. (101) [chap] = noop
  9429. (101) [mschap] = noop
  9430. (101) [digest] = noop
  9431. (101) suffix: Checking for suffix after "@"
  9432. (101) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  9433. (101) suffix: No such realm "NULL"
  9434. (101) [suffix] = noop
  9435. (101) eap: Peer sent EAP Response (code 2) ID 101 length 15
  9436. (101) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  9437. (101) [eap] = ok
  9438. (101) } # authorize = ok
  9439. (101) Found Auth-Type = eap
  9440. (101) # Executing group from file /etc/raddb/sites-enabled/default
  9441. (101) authenticate {
  9442. (101) eap: Peer sent packet with method EAP Identity (1)
  9443. (101) eap: Calling submodule eap_peap to process data
  9444. (101) eap_peap: Initiating new EAP-TLS session
  9445. (101) eap_peap: [eaptls start] = request
  9446. (101) eap: Sending EAP Request (code 1) ID 102 length 6
  9447. (101) eap: EAP session adding &reply:State = 0xa1e59412a1838dae
  9448. (101) [eap] = handled
  9449. (101) } # authenticate = handled
  9450. (101) Using Post-Auth-Type Challenge
  9451. (101) Post-Auth-Type sub-section not found. Ignoring.
  9452. (101) # Executing group from file /etc/raddb/sites-enabled/default
  9453. (101) Sent Access-Challenge Id 92 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  9454. (101) EAP-Message = 0x016600061920
  9455. (101) Message-Authenticator = 0x00000000000000000000000000000000
  9456. (101) State = 0xa1e59412a1838dae5011ab286212f0a2
  9457. (101) Finished request
  9458. Waking up in 2.3 seconds.
  9459. (102) Received Access-Request Id 93 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  9460. (102) User-Name = "vkratsberg"
  9461. (102) NAS-Port = 358
  9462. (102) State = 0xa1e59412a1838dae5011ab286212f0a2
  9463. (102) EAP-Message = 0x026600a31980000000991603010094010000900301574f326eac32b7debef89e995985814720ea4d87baa473871947c863e66a96162099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  9464. (102) Message-Authenticator = 0x9b02fce92b23f40b7bb5261ae21d47bb
  9465. (102) Acct-Session-Id = "8O2.1x81bb0d5c0009723b"
  9466. (102) NAS-Port-Id = "ge-3/0/6.0"
  9467. (102) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  9468. (102) Called-Station-Id = "ec-3e-f7-68-35-00"
  9469. (102) NAS-IP-Address = 10.8.0.111
  9470. (102) NAS-Identifier = "nyc-access-sw011"
  9471. (102) NAS-Port-Type = Ethernet
  9472. (102) session-state: No cached attributes
  9473. (102) # Executing section authorize from file /etc/raddb/sites-enabled/default
  9474. (102) authorize {
  9475. (102) policy filter_username {
  9476. (102) if (&User-Name) {
  9477. (102) if (&User-Name) -> TRUE
  9478. (102) if (&User-Name) {
  9479. (102) if (&User-Name =~ / /) {
  9480. (102) if (&User-Name =~ / /) -> FALSE
  9481. (102) if (&User-Name =~ /@[^@]*@/ ) {
  9482. (102) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  9483. (102) if (&User-Name =~ /\.\./ ) {
  9484. (102) if (&User-Name =~ /\.\./ ) -> FALSE
  9485. (102) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  9486. (102) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  9487. (102) if (&User-Name =~ /\.$/) {
  9488. (102) if (&User-Name =~ /\.$/) -> FALSE
  9489. (102) if (&User-Name =~ /@\./) {
  9490. (102) if (&User-Name =~ /@\./) -> FALSE
  9491. (102) } # if (&User-Name) = notfound
  9492. (102) } # policy filter_username = notfound
  9493. (102) [preprocess] = ok
  9494. (102) [chap] = noop
  9495. (102) [mschap] = noop
  9496. (102) [digest] = noop
  9497. (102) suffix: Checking for suffix after "@"
  9498. (102) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  9499. (102) suffix: No such realm "NULL"
  9500. (102) [suffix] = noop
  9501. (102) eap: Peer sent EAP Response (code 2) ID 102 length 163
  9502. (102) eap: Continuing tunnel setup
  9503. (102) [eap] = ok
  9504. (102) } # authorize = ok
  9505. (102) Found Auth-Type = eap
  9506. (102) # Executing group from file /etc/raddb/sites-enabled/default
  9507. (102) authenticate {
  9508. (102) eap: Expiring EAP session with state 0xa1e59412a1838dae
  9509. (102) eap: Finished EAP session with state 0xa1e59412a1838dae
  9510. (102) eap: Previous EAP request found for state 0xa1e59412a1838dae, released from the list
  9511. (102) eap: Peer sent packet with method EAP PEAP (25)
  9512. (102) eap: Calling submodule eap_peap to process data
  9513. (102) eap_peap: Continuing EAP-TLS
  9514. (102) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  9515. (102) eap_peap: Got complete TLS record (153 bytes)
  9516. (102) eap_peap: [eaptls verify] = length included
  9517. (102) eap_peap: (other): before/accept initialization
  9518. (102) eap_peap: TLS_accept: before/accept initialization
  9519. (102) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  9520. (102) eap_peap: TLS_accept: SSLv3 read client hello A
  9521. (102) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  9522. (102) eap_peap: TLS_accept: SSLv3 write server hello A
  9523. (102) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  9524. (102) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  9525. (102) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  9526. (102) eap_peap: TLS_accept: SSLv3 write finished A
  9527. (102) eap_peap: TLS_accept: SSLv3 flush data
  9528. (102) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  9529. (102) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  9530. (102) eap_peap: In SSL Handshake Phase
  9531. (102) eap_peap: In SSL Accept mode
  9532. (102) eap_peap: [eaptls process] = handled
  9533. (102) eap: Sending EAP Request (code 1) ID 103 length 159
  9534. (102) eap: EAP session adding &reply:State = 0xa1e59412a0828dae
  9535. (102) [eap] = handled
  9536. (102) } # authenticate = handled
  9537. (102) Using Post-Auth-Type Challenge
  9538. (102) Post-Auth-Type sub-section not found. Ignoring.
  9539. (102) # Executing group from file /etc/raddb/sites-enabled/default
  9540. (102) Sent Access-Challenge Id 93 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  9541. (102) EAP-Message = 0x0167009f19001603010059020000550301574f326e01708a5c29913d826436e0989220e833d953b690baf34b3193622e652099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b000403000102140301000101160301003006bd6ee9fc76ffbe
  9542. (102) Message-Authenticator = 0x00000000000000000000000000000000
  9543. (102) State = 0xa1e59412a0828dae5011ab286212f0a2
  9544. (102) Finished request
  9545. Waking up in 2.3 seconds.
  9546. (103) Received Access-Request Id 94 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  9547. (103) User-Name = "vkratsberg"
  9548. (103) NAS-Port = 358
  9549. (103) State = 0xa1e59412a0828dae5011ab286212f0a2
  9550. (103) EAP-Message = 0x0267004519800000003b1403010001011603010030c2245712f0d815e694e7e736f2e061e9382833358e6ac91744b71236b1e9239198614b7e410897a36df53e2d37e50770
  9551. (103) Message-Authenticator = 0x5e01bf7d934b2cead813dcaa2438f9dc
  9552. (103) Acct-Session-Id = "8O2.1x81bb0d5c0009723b"
  9553. (103) NAS-Port-Id = "ge-3/0/6.0"
  9554. (103) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  9555. (103) Called-Station-Id = "ec-3e-f7-68-35-00"
  9556. (103) NAS-IP-Address = 10.8.0.111
  9557. (103) NAS-Identifier = "nyc-access-sw011"
  9558. (103) NAS-Port-Type = Ethernet
  9559. (103) session-state: No cached attributes
  9560. (103) # Executing section authorize from file /etc/raddb/sites-enabled/default
  9561. (103) authorize {
  9562. (103) policy filter_username {
  9563. (103) if (&User-Name) {
  9564. (103) if (&User-Name) -> TRUE
  9565. (103) if (&User-Name) {
  9566. (103) if (&User-Name =~ / /) {
  9567. (103) if (&User-Name =~ / /) -> FALSE
  9568. (103) if (&User-Name =~ /@[^@]*@/ ) {
  9569. (103) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  9570. (103) if (&User-Name =~ /\.\./ ) {
  9571. (103) if (&User-Name =~ /\.\./ ) -> FALSE
  9572. (103) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  9573. (103) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  9574. (103) if (&User-Name =~ /\.$/) {
  9575. (103) if (&User-Name =~ /\.$/) -> FALSE
  9576. (103) if (&User-Name =~ /@\./) {
  9577. (103) if (&User-Name =~ /@\./) -> FALSE
  9578. (103) } # if (&User-Name) = notfound
  9579. (103) } # policy filter_username = notfound
  9580. (103) [preprocess] = ok
  9581. (103) [chap] = noop
  9582. (103) [mschap] = noop
  9583. (103) [digest] = noop
  9584. (103) suffix: Checking for suffix after "@"
  9585. (103) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  9586. (103) suffix: No such realm "NULL"
  9587. (103) [suffix] = noop
  9588. (103) eap: Peer sent EAP Response (code 2) ID 103 length 69
  9589. (103) eap: Continuing tunnel setup
  9590. (103) [eap] = ok
  9591. (103) } # authorize = ok
  9592. (103) Found Auth-Type = eap
  9593. (103) # Executing group from file /etc/raddb/sites-enabled/default
  9594. (103) authenticate {
  9595. (103) eap: Expiring EAP session with state 0xa1e59412a0828dae
  9596. (103) eap: Finished EAP session with state 0xa1e59412a0828dae
  9597. (103) eap: Previous EAP request found for state 0xa1e59412a0828dae, released from the list
  9598. (103) eap: Peer sent packet with method EAP PEAP (25)
  9599. (103) eap: Calling submodule eap_peap to process data
  9600. (103) eap_peap: Continuing EAP-TLS
  9601. (103) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  9602. (103) eap_peap: Got complete TLS record (59 bytes)
  9603. (103) eap_peap: [eaptls verify] = length included
  9604. (103) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  9605. (103) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  9606. (103) eap_peap: TLS_accept: SSLv3 read finished A
  9607. (103) eap_peap: (other): SSL negotiation finished successfully
  9608. (103) eap_peap: SSL Connection Established
  9609. (103) eap_peap: SSL Application Data
  9610. (103) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  9611. (103) eap_peap: reply:User-Name = "vkratsberg"
  9612. (103) eap_peap: [eaptls process] = success
  9613. (103) eap_peap: Session established. Decoding tunneled attributes
  9614. (103) eap_peap: PEAP state TUNNEL ESTABLISHED
  9615. (103) eap_peap: Skipping Phase2 because of session resumption
  9616. (103) eap_peap: SUCCESS
  9617. (103) eap: Sending EAP Request (code 1) ID 104 length 43
  9618. (103) eap: EAP session adding &reply:State = 0xa1e59412a38d8dae
  9619. (103) [eap] = handled
  9620. (103) } # authenticate = handled
  9621. (103) Using Post-Auth-Type Challenge
  9622. (103) Post-Auth-Type sub-section not found. Ignoring.
  9623. (103) # Executing group from file /etc/raddb/sites-enabled/default
  9624. (103) Sent Access-Challenge Id 94 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  9625. (103) User-Name = "vkratsberg"
  9626. (103) EAP-Message = 0x0168002b19001703010020749306659d50f1aadbc0be6e20f8d64d90d7eb203d8d95f19ca675e4c16b869b
  9627. (103) Message-Authenticator = 0x00000000000000000000000000000000
  9628. (103) State = 0xa1e59412a38d8dae5011ab286212f0a2
  9629. (103) Finished request
  9630. Waking up in 2.2 seconds.
  9631. (104) Received Access-Request Id 95 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  9632. (104) User-Name = "vkratsberg"
  9633. (104) NAS-Port = 358
  9634. (104) State = 0xa1e59412a38d8dae5011ab286212f0a2
  9635. (104) EAP-Message = 0x0268002b190017030100204d3fded86529396af2f51b5fd7a162f34faa3c7a2cbc76bf633e6099d950e8e2
  9636. (104) Message-Authenticator = 0x8f877d90a1d855fe8ae15cea6f14dd4a
  9637. (104) Acct-Session-Id = "8O2.1x81bb0d5c0009723b"
  9638. (104) NAS-Port-Id = "ge-3/0/6.0"
  9639. (104) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  9640. (104) Called-Station-Id = "ec-3e-f7-68-35-00"
  9641. (104) NAS-IP-Address = 10.8.0.111
  9642. (104) NAS-Identifier = "nyc-access-sw011"
  9643. (104) NAS-Port-Type = Ethernet
  9644. (104) session-state: No cached attributes
  9645. (104) # Executing section authorize from file /etc/raddb/sites-enabled/default
  9646. (104) authorize {
  9647. (104) policy filter_username {
  9648. (104) if (&User-Name) {
  9649. (104) if (&User-Name) -> TRUE
  9650. (104) if (&User-Name) {
  9651. (104) if (&User-Name =~ / /) {
  9652. (104) if (&User-Name =~ / /) -> FALSE
  9653. (104) if (&User-Name =~ /@[^@]*@/ ) {
  9654. (104) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  9655. (104) if (&User-Name =~ /\.\./ ) {
  9656. (104) if (&User-Name =~ /\.\./ ) -> FALSE
  9657. (104) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  9658. (104) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  9659. (104) if (&User-Name =~ /\.$/) {
  9660. (104) if (&User-Name =~ /\.$/) -> FALSE
  9661. (104) if (&User-Name =~ /@\./) {
  9662. (104) if (&User-Name =~ /@\./) -> FALSE
  9663. (104) } # if (&User-Name) = notfound
  9664. (104) } # policy filter_username = notfound
  9665. (104) [preprocess] = ok
  9666. (104) [chap] = noop
  9667. (104) [mschap] = noop
  9668. (104) [digest] = noop
  9669. (104) suffix: Checking for suffix after "@"
  9670. (104) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  9671. (104) suffix: No such realm "NULL"
  9672. (104) [suffix] = noop
  9673. (104) eap: Peer sent EAP Response (code 2) ID 104 length 43
  9674. (104) eap: Continuing tunnel setup
  9675. (104) [eap] = ok
  9676. (104) } # authorize = ok
  9677. (104) Found Auth-Type = eap
  9678. (104) # Executing group from file /etc/raddb/sites-enabled/default
  9679. (104) authenticate {
  9680. (104) eap: Expiring EAP session with state 0xa1e59412a38d8dae
  9681. (104) eap: Finished EAP session with state 0xa1e59412a38d8dae
  9682. (104) eap: Previous EAP request found for state 0xa1e59412a38d8dae, released from the list
  9683. (104) eap: Peer sent packet with method EAP PEAP (25)
  9684. (104) eap: Calling submodule eap_peap to process data
  9685. (104) eap_peap: Continuing EAP-TLS
  9686. (104) eap_peap: [eaptls verify] = ok
  9687. (104) eap_peap: Done initial handshake
  9688. (104) eap_peap: [eaptls process] = ok
  9689. (104) eap_peap: Session established. Decoding tunneled attributes
  9690. (104) eap_peap: PEAP state send tlv success
  9691. (104) eap_peap: Received EAP-TLV response
  9692. (104) eap_peap: Success
  9693. (104) eap_peap: No saved attributes in the original Access-Accept
  9694. (104) eap: Sending EAP Success (code 3) ID 104 length 4
  9695. (104) eap: Freeing handler
  9696. (104) [eap] = ok
  9697. (104) } # authenticate = ok
  9698. (104) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  9699. (104) post-auth {
  9700. (104) update {
  9701. (104) No attributes updated
  9702. (104) } # update = noop
  9703. (104) [exec] = noop
  9704. (104) policy remove_reply_message_if_eap {
  9705. (104) if (&reply:EAP-Message && &reply:Reply-Message) {
  9706. (104) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  9707. (104) else {
  9708. (104) [noop] = noop
  9709. (104) } # else = noop
  9710. (104) } # policy remove_reply_message_if_eap = noop
  9711. (104) } # post-auth = noop
  9712. (104) Sent Access-Accept Id 95 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  9713. (104) MS-MPPE-Recv-Key = 0x2d7647d76f9bb8bc57b82f57c1b66403eccf38b4815b587108e8ce63342f99ae
  9714. (104) MS-MPPE-Send-Key = 0x9a1e062a4cb178aba8bb4c4265eecfce402448473dd9f45a0c5a5c5eb830655f
  9715. (104) EAP-Message = 0x03680004
  9716. (104) Message-Authenticator = 0x00000000000000000000000000000000
  9717. (104) User-Name = "vkratsberg"
  9718. (104) Finished request
  9719. Waking up in 2.2 seconds.
  9720. (105) Received Access-Request Id 96 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  9721. (105) User-Name = "vkratsberg"
  9722. (105) NAS-Port = 358
  9723. (105) EAP-Message = 0x0269000f01766b7261747362657267
  9724. (105) Message-Authenticator = 0xbbd349d455832827451036c0ba9fb2c3
  9725. (105) Acct-Session-Id = "8O2.1x81bb0d5d000b119a"
  9726. (105) NAS-Port-Id = "ge-3/0/6.0"
  9727. (105) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  9728. (105) Called-Station-Id = "ec-3e-f7-68-35-00"
  9729. (105) NAS-IP-Address = 10.8.0.111
  9730. (105) NAS-Identifier = "nyc-access-sw011"
  9731. (105) NAS-Port-Type = Ethernet
  9732. (105) # Executing section authorize from file /etc/raddb/sites-enabled/default
  9733. (105) authorize {
  9734. (105) policy filter_username {
  9735. (105) if (&User-Name) {
  9736. (105) if (&User-Name) -> TRUE
  9737. (105) if (&User-Name) {
  9738. (105) if (&User-Name =~ / /) {
  9739. (105) if (&User-Name =~ / /) -> FALSE
  9740. (105) if (&User-Name =~ /@[^@]*@/ ) {
  9741. (105) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  9742. (105) if (&User-Name =~ /\.\./ ) {
  9743. (105) if (&User-Name =~ /\.\./ ) -> FALSE
  9744. (105) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  9745. (105) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  9746. (105) if (&User-Name =~ /\.$/) {
  9747. (105) if (&User-Name =~ /\.$/) -> FALSE
  9748. (105) if (&User-Name =~ /@\./) {
  9749. (105) if (&User-Name =~ /@\./) -> FALSE
  9750. (105) } # if (&User-Name) = notfound
  9751. (105) } # policy filter_username = notfound
  9752. (105) [preprocess] = ok
  9753. (105) [chap] = noop
  9754. (105) [mschap] = noop
  9755. (105) [digest] = noop
  9756. (105) suffix: Checking for suffix after "@"
  9757. (105) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  9758. (105) suffix: No such realm "NULL"
  9759. (105) [suffix] = noop
  9760. (105) eap: Peer sent EAP Response (code 2) ID 105 length 15
  9761. (105) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  9762. (105) [eap] = ok
  9763. (105) } # authorize = ok
  9764. (105) Found Auth-Type = eap
  9765. (105) # Executing group from file /etc/raddb/sites-enabled/default
  9766. (105) authenticate {
  9767. (105) eap: Peer sent packet with method EAP Identity (1)
  9768. (105) eap: Calling submodule eap_peap to process data
  9769. (105) eap_peap: Initiating new EAP-TLS session
  9770. (105) eap_peap: [eaptls start] = request
  9771. (105) eap: Sending EAP Request (code 1) ID 106 length 6
  9772. (105) eap: EAP session adding &reply:State = 0xbe2c9d7bbe4684c3
  9773. (105) [eap] = handled
  9774. (105) } # authenticate = handled
  9775. (105) Using Post-Auth-Type Challenge
  9776. (105) Post-Auth-Type sub-section not found. Ignoring.
  9777. (105) # Executing group from file /etc/raddb/sites-enabled/default
  9778. (105) Sent Access-Challenge Id 96 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  9779. (105) EAP-Message = 0x016a00061920
  9780. (105) Message-Authenticator = 0x00000000000000000000000000000000
  9781. (105) State = 0xbe2c9d7bbe4684c3edab30e85aa3aae0
  9782. (105) Finished request
  9783. Waking up in 2.2 seconds.
  9784. (106) Received Access-Request Id 97 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  9785. (106) User-Name = "vkratsberg"
  9786. (106) NAS-Port = 358
  9787. (106) State = 0xbe2c9d7bbe4684c3edab30e85aa3aae0
  9788. (106) EAP-Message = 0x026a00a31980000000991603010094010000900301574f326ed57b42f061f883816ff54156ae2a4abe066a78de60fd57c2d7cae8d82099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  9789. (106) Message-Authenticator = 0xd31acc721f0b3d821538c9b4bd3ae397
  9790. (106) Acct-Session-Id = "8O2.1x81bb0d5d000b119a"
  9791. (106) NAS-Port-Id = "ge-3/0/6.0"
  9792. (106) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  9793. (106) Called-Station-Id = "ec-3e-f7-68-35-00"
  9794. (106) NAS-IP-Address = 10.8.0.111
  9795. (106) NAS-Identifier = "nyc-access-sw011"
  9796. (106) NAS-Port-Type = Ethernet
  9797. (106) session-state: No cached attributes
  9798. (106) # Executing section authorize from file /etc/raddb/sites-enabled/default
  9799. (106) authorize {
  9800. (106) policy filter_username {
  9801. (106) if (&User-Name) {
  9802. (106) if (&User-Name) -> TRUE
  9803. (106) if (&User-Name) {
  9804. (106) if (&User-Name =~ / /) {
  9805. (106) if (&User-Name =~ / /) -> FALSE
  9806. (106) if (&User-Name =~ /@[^@]*@/ ) {
  9807. (106) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  9808. (106) if (&User-Name =~ /\.\./ ) {
  9809. (106) if (&User-Name =~ /\.\./ ) -> FALSE
  9810. (106) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  9811. (106) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  9812. (106) if (&User-Name =~ /\.$/) {
  9813. (106) if (&User-Name =~ /\.$/) -> FALSE
  9814. (106) if (&User-Name =~ /@\./) {
  9815. (106) if (&User-Name =~ /@\./) -> FALSE
  9816. (106) } # if (&User-Name) = notfound
  9817. (106) } # policy filter_username = notfound
  9818. (106) [preprocess] = ok
  9819. (106) [chap] = noop
  9820. (106) [mschap] = noop
  9821. (106) [digest] = noop
  9822. (106) suffix: Checking for suffix after "@"
  9823. (106) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  9824. (106) suffix: No such realm "NULL"
  9825. (106) [suffix] = noop
  9826. (106) eap: Peer sent EAP Response (code 2) ID 106 length 163
  9827. (106) eap: Continuing tunnel setup
  9828. (106) [eap] = ok
  9829. (106) } # authorize = ok
  9830. (106) Found Auth-Type = eap
  9831. (106) # Executing group from file /etc/raddb/sites-enabled/default
  9832. (106) authenticate {
  9833. (106) eap: Expiring EAP session with state 0xbe2c9d7bbe4684c3
  9834. (106) eap: Finished EAP session with state 0xbe2c9d7bbe4684c3
  9835. (106) eap: Previous EAP request found for state 0xbe2c9d7bbe4684c3, released from the list
  9836. (106) eap: Peer sent packet with method EAP PEAP (25)
  9837. (106) eap: Calling submodule eap_peap to process data
  9838. (106) eap_peap: Continuing EAP-TLS
  9839. (106) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  9840. (106) eap_peap: Got complete TLS record (153 bytes)
  9841. (106) eap_peap: [eaptls verify] = length included
  9842. (106) eap_peap: (other): before/accept initialization
  9843. (106) eap_peap: TLS_accept: before/accept initialization
  9844. (106) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  9845. (106) eap_peap: TLS_accept: SSLv3 read client hello A
  9846. (106) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  9847. (106) eap_peap: TLS_accept: SSLv3 write server hello A
  9848. (106) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  9849. (106) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  9850. (106) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  9851. (106) eap_peap: TLS_accept: SSLv3 write finished A
  9852. (106) eap_peap: TLS_accept: SSLv3 flush data
  9853. (106) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  9854. (106) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  9855. (106) eap_peap: In SSL Handshake Phase
  9856. (106) eap_peap: In SSL Accept mode
  9857. (106) eap_peap: [eaptls process] = handled
  9858. (106) eap: Sending EAP Request (code 1) ID 107 length 159
  9859. (106) eap: EAP session adding &reply:State = 0xbe2c9d7bbf4784c3
  9860. (106) [eap] = handled
  9861. (106) } # authenticate = handled
  9862. (106) Using Post-Auth-Type Challenge
  9863. (106) Post-Auth-Type sub-section not found. Ignoring.
  9864. (106) # Executing group from file /etc/raddb/sites-enabled/default
  9865. (106) Sent Access-Challenge Id 97 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  9866. (106) EAP-Message = 0x016b009f19001603010059020000550301574f326e3a70b8d14c9901bb28824121a37f8f03730bb8b96e7aa4eb7489796a2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b0004030001021403010001011603010030cb986b66a3e8c62e
  9867. (106) Message-Authenticator = 0x00000000000000000000000000000000
  9868. (106) State = 0xbe2c9d7bbf4784c3edab30e85aa3aae0
  9869. (106) Finished request
  9870. Waking up in 2.1 seconds.
  9871. (107) Received Access-Request Id 98 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  9872. (107) User-Name = "vkratsberg"
  9873. (107) NAS-Port = 358
  9874. (107) State = 0xbe2c9d7bbf4784c3edab30e85aa3aae0
  9875. (107) EAP-Message = 0x026b004519800000003b14030100010116030100308a2c7a63ab68270add3a163b497d3deca6fb32eac2fe6377c5beb9083666e766e507008163ddba8a97eedd8903f95e76
  9876. (107) Message-Authenticator = 0x6add6c30cdd0c25d05756d793209dbf2
  9877. (107) Acct-Session-Id = "8O2.1x81bb0d5d000b119a"
  9878. (107) NAS-Port-Id = "ge-3/0/6.0"
  9879. (107) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  9880. (107) Called-Station-Id = "ec-3e-f7-68-35-00"
  9881. (107) NAS-IP-Address = 10.8.0.111
  9882. (107) NAS-Identifier = "nyc-access-sw011"
  9883. (107) NAS-Port-Type = Ethernet
  9884. (107) session-state: No cached attributes
  9885. (107) # Executing section authorize from file /etc/raddb/sites-enabled/default
  9886. (107) authorize {
  9887. (107) policy filter_username {
  9888. (107) if (&User-Name) {
  9889. (107) if (&User-Name) -> TRUE
  9890. (107) if (&User-Name) {
  9891. (107) if (&User-Name =~ / /) {
  9892. (107) if (&User-Name =~ / /) -> FALSE
  9893. (107) if (&User-Name =~ /@[^@]*@/ ) {
  9894. (107) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  9895. (107) if (&User-Name =~ /\.\./ ) {
  9896. (107) if (&User-Name =~ /\.\./ ) -> FALSE
  9897. (107) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  9898. (107) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  9899. (107) if (&User-Name =~ /\.$/) {
  9900. (107) if (&User-Name =~ /\.$/) -> FALSE
  9901. (107) if (&User-Name =~ /@\./) {
  9902. (107) if (&User-Name =~ /@\./) -> FALSE
  9903. (107) } # if (&User-Name) = notfound
  9904. (107) } # policy filter_username = notfound
  9905. (107) [preprocess] = ok
  9906. (107) [chap] = noop
  9907. (107) [mschap] = noop
  9908. (107) [digest] = noop
  9909. (107) suffix: Checking for suffix after "@"
  9910. (107) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  9911. (107) suffix: No such realm "NULL"
  9912. (107) [suffix] = noop
  9913. (107) eap: Peer sent EAP Response (code 2) ID 107 length 69
  9914. (107) eap: Continuing tunnel setup
  9915. (107) [eap] = ok
  9916. (107) } # authorize = ok
  9917. (107) Found Auth-Type = eap
  9918. (107) # Executing group from file /etc/raddb/sites-enabled/default
  9919. (107) authenticate {
  9920. (107) eap: Expiring EAP session with state 0xbe2c9d7bbf4784c3
  9921. (107) eap: Finished EAP session with state 0xbe2c9d7bbf4784c3
  9922. (107) eap: Previous EAP request found for state 0xbe2c9d7bbf4784c3, released from the list
  9923. (107) eap: Peer sent packet with method EAP PEAP (25)
  9924. (107) eap: Calling submodule eap_peap to process data
  9925. (107) eap_peap: Continuing EAP-TLS
  9926. (107) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  9927. (107) eap_peap: Got complete TLS record (59 bytes)
  9928. (107) eap_peap: [eaptls verify] = length included
  9929. (107) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  9930. (107) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  9931. (107) eap_peap: TLS_accept: SSLv3 read finished A
  9932. (107) eap_peap: (other): SSL negotiation finished successfully
  9933. (107) eap_peap: SSL Connection Established
  9934. (107) eap_peap: SSL Application Data
  9935. (107) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  9936. (107) eap_peap: reply:User-Name = "vkratsberg"
  9937. (107) eap_peap: [eaptls process] = success
  9938. (107) eap_peap: Session established. Decoding tunneled attributes
  9939. (107) eap_peap: PEAP state TUNNEL ESTABLISHED
  9940. (107) eap_peap: Skipping Phase2 because of session resumption
  9941. (107) eap_peap: SUCCESS
  9942. (107) eap: Sending EAP Request (code 1) ID 108 length 43
  9943. (107) eap: EAP session adding &reply:State = 0xbe2c9d7bbc4084c3
  9944. (107) [eap] = handled
  9945. (107) } # authenticate = handled
  9946. (107) Using Post-Auth-Type Challenge
  9947. (107) Post-Auth-Type sub-section not found. Ignoring.
  9948. (107) # Executing group from file /etc/raddb/sites-enabled/default
  9949. (107) Sent Access-Challenge Id 98 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  9950. (107) User-Name = "vkratsberg"
  9951. (107) EAP-Message = 0x016c002b19001703010020292c3dc345c56d6877988b12764fe82273c760d99c0453618d4184c7b2f38019
  9952. (107) Message-Authenticator = 0x00000000000000000000000000000000
  9953. (107) State = 0xbe2c9d7bbc4084c3edab30e85aa3aae0
  9954. (107) Finished request
  9955. Waking up in 2.1 seconds.
  9956. (108) Received Access-Request Id 99 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  9957. (108) User-Name = "vkratsberg"
  9958. (108) NAS-Port = 358
  9959. (108) State = 0xbe2c9d7bbc4084c3edab30e85aa3aae0
  9960. (108) EAP-Message = 0x026c002b190017030100201914d6822257683c8cf3ee63fb8e9e140c805add2c15ff33e16b17f9020e13ba
  9961. (108) Message-Authenticator = 0x0e0504e472b9a934a3d870d52b29cbd2
  9962. (108) Acct-Session-Id = "8O2.1x81bb0d5d000b119a"
  9963. (108) NAS-Port-Id = "ge-3/0/6.0"
  9964. (108) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  9965. (108) Called-Station-Id = "ec-3e-f7-68-35-00"
  9966. (108) NAS-IP-Address = 10.8.0.111
  9967. (108) NAS-Identifier = "nyc-access-sw011"
  9968. (108) NAS-Port-Type = Ethernet
  9969. (108) session-state: No cached attributes
  9970. (108) # Executing section authorize from file /etc/raddb/sites-enabled/default
  9971. (108) authorize {
  9972. (108) policy filter_username {
  9973. (108) if (&User-Name) {
  9974. (108) if (&User-Name) -> TRUE
  9975. (108) if (&User-Name) {
  9976. (108) if (&User-Name =~ / /) {
  9977. (108) if (&User-Name =~ / /) -> FALSE
  9978. (108) if (&User-Name =~ /@[^@]*@/ ) {
  9979. (108) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  9980. (108) if (&User-Name =~ /\.\./ ) {
  9981. (108) if (&User-Name =~ /\.\./ ) -> FALSE
  9982. (108) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  9983. (108) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  9984. (108) if (&User-Name =~ /\.$/) {
  9985. (108) if (&User-Name =~ /\.$/) -> FALSE
  9986. (108) if (&User-Name =~ /@\./) {
  9987. (108) if (&User-Name =~ /@\./) -> FALSE
  9988. (108) } # if (&User-Name) = notfound
  9989. (108) } # policy filter_username = notfound
  9990. (108) [preprocess] = ok
  9991. (108) [chap] = noop
  9992. (108) [mschap] = noop
  9993. (108) [digest] = noop
  9994. (108) suffix: Checking for suffix after "@"
  9995. (108) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  9996. (108) suffix: No such realm "NULL"
  9997. (108) [suffix] = noop
  9998. (108) eap: Peer sent EAP Response (code 2) ID 108 length 43
  9999. (108) eap: Continuing tunnel setup
  10000. (108) [eap] = ok
  10001. (108) } # authorize = ok
  10002. (108) Found Auth-Type = eap
  10003. (108) # Executing group from file /etc/raddb/sites-enabled/default
  10004. (108) authenticate {
  10005. (108) eap: Expiring EAP session with state 0xbe2c9d7bbc4084c3
  10006. (108) eap: Finished EAP session with state 0xbe2c9d7bbc4084c3
  10007. (108) eap: Previous EAP request found for state 0xbe2c9d7bbc4084c3, released from the list
  10008. (108) eap: Peer sent packet with method EAP PEAP (25)
  10009. (108) eap: Calling submodule eap_peap to process data
  10010. (108) eap_peap: Continuing EAP-TLS
  10011. (108) eap_peap: [eaptls verify] = ok
  10012. (108) eap_peap: Done initial handshake
  10013. (108) eap_peap: [eaptls process] = ok
  10014. (108) eap_peap: Session established. Decoding tunneled attributes
  10015. (108) eap_peap: PEAP state send tlv success
  10016. (108) eap_peap: Received EAP-TLV response
  10017. (108) eap_peap: Success
  10018. (108) eap_peap: No saved attributes in the original Access-Accept
  10019. (108) eap: Sending EAP Success (code 3) ID 108 length 4
  10020. (108) eap: Freeing handler
  10021. (108) [eap] = ok
  10022. (108) } # authenticate = ok
  10023. (108) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  10024. (108) post-auth {
  10025. (108) update {
  10026. (108) No attributes updated
  10027. (108) } # update = noop
  10028. (108) [exec] = noop
  10029. (108) policy remove_reply_message_if_eap {
  10030. (108) if (&reply:EAP-Message && &reply:Reply-Message) {
  10031. (108) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  10032. (108) else {
  10033. (108) [noop] = noop
  10034. (108) } # else = noop
  10035. (108) } # policy remove_reply_message_if_eap = noop
  10036. (108) } # post-auth = noop
  10037. (108) Sent Access-Accept Id 99 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  10038. (108) MS-MPPE-Recv-Key = 0x2b4fd37c9f9467d3da56115d2ef543ff3e2bf58a53dbcf85f4183f3357193bf1
  10039. (108) MS-MPPE-Send-Key = 0xbdc8077c1f36c4075fccbd480de338e95828a16b455b62df765772729fc2db4d
  10040. (108) EAP-Message = 0x036c0004
  10041. (108) Message-Authenticator = 0x00000000000000000000000000000000
  10042. (108) User-Name = "vkratsberg"
  10043. (108) Finished request
  10044. Waking up in 2.1 seconds.
  10045. (109) Received Access-Request Id 100 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
  10046. (109) User-Name = "vkratsberg"
  10047. (109) NAS-Port = 358
  10048. (109) EAP-Message = 0x026d000f01766b7261747362657267
  10049. (109) Message-Authenticator = 0x376548682ddb200c31a8e9cccfecca2d
  10050. (109) Acct-Session-Id = "8O2.1x81bb0d5e000cc9c0"
  10051. (109) NAS-Port-Id = "ge-3/0/6.0"
  10052. (109) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  10053. (109) Called-Station-Id = "ec-3e-f7-68-35-00"
  10054. (109) NAS-IP-Address = 10.8.0.111
  10055. (109) NAS-Identifier = "nyc-access-sw011"
  10056. (109) NAS-Port-Type = Ethernet
  10057. (109) # Executing section authorize from file /etc/raddb/sites-enabled/default
  10058. (109) authorize {
  10059. (109) policy filter_username {
  10060. (109) if (&User-Name) {
  10061. (109) if (&User-Name) -> TRUE
  10062. (109) if (&User-Name) {
  10063. (109) if (&User-Name =~ / /) {
  10064. (109) if (&User-Name =~ / /) -> FALSE
  10065. (109) if (&User-Name =~ /@[^@]*@/ ) {
  10066. (109) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  10067. (109) if (&User-Name =~ /\.\./ ) {
  10068. (109) if (&User-Name =~ /\.\./ ) -> FALSE
  10069. (109) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  10070. (109) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  10071. (109) if (&User-Name =~ /\.$/) {
  10072. (109) if (&User-Name =~ /\.$/) -> FALSE
  10073. (109) if (&User-Name =~ /@\./) {
  10074. (109) if (&User-Name =~ /@\./) -> FALSE
  10075. (109) } # if (&User-Name) = notfound
  10076. (109) } # policy filter_username = notfound
  10077. (109) [preprocess] = ok
  10078. (109) [chap] = noop
  10079. (109) [mschap] = noop
  10080. (109) [digest] = noop
  10081. (109) suffix: Checking for suffix after "@"
  10082. (109) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  10083. (109) suffix: No such realm "NULL"
  10084. (109) [suffix] = noop
  10085. (109) eap: Peer sent EAP Response (code 2) ID 109 length 15
  10086. (109) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  10087. (109) [eap] = ok
  10088. (109) } # authorize = ok
  10089. (109) Found Auth-Type = eap
  10090. (109) # Executing group from file /etc/raddb/sites-enabled/default
  10091. (109) authenticate {
  10092. (109) eap: Peer sent packet with method EAP Identity (1)
  10093. (109) eap: Calling submodule eap_peap to process data
  10094. (109) eap_peap: Initiating new EAP-TLS session
  10095. (109) eap_peap: [eaptls start] = request
  10096. (109) eap: Sending EAP Request (code 1) ID 110 length 6
  10097. (109) eap: EAP session adding &reply:State = 0xaada5d64aab4445c
  10098. (109) [eap] = handled
  10099. (109) } # authenticate = handled
  10100. (109) Using Post-Auth-Type Challenge
  10101. (109) Post-Auth-Type sub-section not found. Ignoring.
  10102. (109) # Executing group from file /etc/raddb/sites-enabled/default
  10103. (109) Sent Access-Challenge Id 100 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  10104. (109) EAP-Message = 0x016e00061920
  10105. (109) Message-Authenticator = 0x00000000000000000000000000000000
  10106. (109) State = 0xaada5d64aab4445c0e4dab1d815af132
  10107. (109) Finished request
  10108. Waking up in 2.1 seconds.
  10109. (110) Received Access-Request Id 101 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
  10110. (110) User-Name = "vkratsberg"
  10111. (110) NAS-Port = 358
  10112. (110) State = 0xaada5d64aab4445c0e4dab1d815af132
  10113. (110) EAP-Message = 0x026e00a31980000000991603010094010000900301574f326e0e52a97a84863cda1cc24800bdd252d34bc47ec5e9f77760a0263df92099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
  10114. (110) Message-Authenticator = 0xf667ce39f57ab3c70e5626a55a18bbb3
  10115. (110) Acct-Session-Id = "8O2.1x81bb0d5e000cc9c0"
  10116. (110) NAS-Port-Id = "ge-3/0/6.0"
  10117. (110) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  10118. (110) Called-Station-Id = "ec-3e-f7-68-35-00"
  10119. (110) NAS-IP-Address = 10.8.0.111
  10120. (110) NAS-Identifier = "nyc-access-sw011"
  10121. (110) NAS-Port-Type = Ethernet
  10122. (110) session-state: No cached attributes
  10123. (110) # Executing section authorize from file /etc/raddb/sites-enabled/default
  10124. (110) authorize {
  10125. (110) policy filter_username {
  10126. (110) if (&User-Name) {
  10127. (110) if (&User-Name) -> TRUE
  10128. (110) if (&User-Name) {
  10129. (110) if (&User-Name =~ / /) {
  10130. (110) if (&User-Name =~ / /) -> FALSE
  10131. (110) if (&User-Name =~ /@[^@]*@/ ) {
  10132. (110) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  10133. (110) if (&User-Name =~ /\.\./ ) {
  10134. (110) if (&User-Name =~ /\.\./ ) -> FALSE
  10135. (110) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  10136. (110) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  10137. (110) if (&User-Name =~ /\.$/) {
  10138. (110) if (&User-Name =~ /\.$/) -> FALSE
  10139. (110) if (&User-Name =~ /@\./) {
  10140. (110) if (&User-Name =~ /@\./) -> FALSE
  10141. (110) } # if (&User-Name) = notfound
  10142. (110) } # policy filter_username = notfound
  10143. (110) [preprocess] = ok
  10144. (110) [chap] = noop
  10145. (110) [mschap] = noop
  10146. (110) [digest] = noop
  10147. (110) suffix: Checking for suffix after "@"
  10148. (110) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  10149. (110) suffix: No such realm "NULL"
  10150. (110) [suffix] = noop
  10151. (110) eap: Peer sent EAP Response (code 2) ID 110 length 163
  10152. (110) eap: Continuing tunnel setup
  10153. (110) [eap] = ok
  10154. (110) } # authorize = ok
  10155. (110) Found Auth-Type = eap
  10156. (110) # Executing group from file /etc/raddb/sites-enabled/default
  10157. (110) authenticate {
  10158. (110) eap: Expiring EAP session with state 0xaada5d64aab4445c
  10159. (110) eap: Finished EAP session with state 0xaada5d64aab4445c
  10160. (110) eap: Previous EAP request found for state 0xaada5d64aab4445c, released from the list
  10161. (110) eap: Peer sent packet with method EAP PEAP (25)
  10162. (110) eap: Calling submodule eap_peap to process data
  10163. (110) eap_peap: Continuing EAP-TLS
  10164. (110) eap_peap: Peer indicated complete TLS record size will be 153 bytes
  10165. (110) eap_peap: Got complete TLS record (153 bytes)
  10166. (110) eap_peap: [eaptls verify] = length included
  10167. (110) eap_peap: (other): before/accept initialization
  10168. (110) eap_peap: TLS_accept: before/accept initialization
  10169. (110) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
  10170. (110) eap_peap: TLS_accept: SSLv3 read client hello A
  10171. (110) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
  10172. (110) eap_peap: TLS_accept: SSLv3 write server hello A
  10173. (110) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
  10174. (110) eap_peap: TLS_accept: SSLv3 write change cipher spec A
  10175. (110) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
  10176. (110) eap_peap: TLS_accept: SSLv3 write finished A
  10177. (110) eap_peap: TLS_accept: SSLv3 flush data
  10178. (110) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  10179. (110) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
  10180. (110) eap_peap: In SSL Handshake Phase
  10181. (110) eap_peap: In SSL Accept mode
  10182. (110) eap_peap: [eaptls process] = handled
  10183. (110) eap: Sending EAP Request (code 1) ID 111 length 159
  10184. (110) eap: EAP session adding &reply:State = 0xaada5d64abb5445c
  10185. (110) [eap] = handled
  10186. (110) } # authenticate = handled
  10187. (110) Using Post-Auth-Type Challenge
  10188. (110) Post-Auth-Type sub-section not found. Ignoring.
  10189. (110) # Executing group from file /etc/raddb/sites-enabled/default
  10190. (110) Sent Access-Challenge Id 101 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  10191. (110) EAP-Message = 0x016f009f19001603010059020000550301574f326edf3149e245e6d1de6fa8ed3d66c2f7917e8e3f7f02939dd27740488d2099fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74ac01400000dff01000100000b000403000102140301000101160301003079a924797a39a905
  10192. (110) Message-Authenticator = 0x00000000000000000000000000000000
  10193. (110) State = 0xaada5d64abb5445c0e4dab1d815af132
  10194. (110) Finished request
  10195. Waking up in 2.0 seconds.
  10196. (111) Received Access-Request Id 102 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
  10197. (111) User-Name = "vkratsberg"
  10198. (111) NAS-Port = 358
  10199. (111) State = 0xaada5d64abb5445c0e4dab1d815af132
  10200. (111) EAP-Message = 0x026f004519800000003b1403010001011603010030fbc592ee25968942d0f1cf73d69287b0a88cd5d9424669649ee2a9784f53bd0967b09269193b3e5179614972b5342b27
  10201. (111) Message-Authenticator = 0x36931fedd998bf65803938596a090ff8
  10202. (111) Acct-Session-Id = "8O2.1x81bb0d5e000cc9c0"
  10203. (111) NAS-Port-Id = "ge-3/0/6.0"
  10204. (111) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  10205. (111) Called-Station-Id = "ec-3e-f7-68-35-00"
  10206. (111) NAS-IP-Address = 10.8.0.111
  10207. (111) NAS-Identifier = "nyc-access-sw011"
  10208. (111) NAS-Port-Type = Ethernet
  10209. (111) session-state: No cached attributes
  10210. (111) # Executing section authorize from file /etc/raddb/sites-enabled/default
  10211. (111) authorize {
  10212. (111) policy filter_username {
  10213. (111) if (&User-Name) {
  10214. (111) if (&User-Name) -> TRUE
  10215. (111) if (&User-Name) {
  10216. (111) if (&User-Name =~ / /) {
  10217. (111) if (&User-Name =~ / /) -> FALSE
  10218. (111) if (&User-Name =~ /@[^@]*@/ ) {
  10219. (111) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  10220. (111) if (&User-Name =~ /\.\./ ) {
  10221. (111) if (&User-Name =~ /\.\./ ) -> FALSE
  10222. (111) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  10223. (111) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  10224. (111) if (&User-Name =~ /\.$/) {
  10225. (111) if (&User-Name =~ /\.$/) -> FALSE
  10226. (111) if (&User-Name =~ /@\./) {
  10227. (111) if (&User-Name =~ /@\./) -> FALSE
  10228. (111) } # if (&User-Name) = notfound
  10229. (111) } # policy filter_username = notfound
  10230. (111) [preprocess] = ok
  10231. (111) [chap] = noop
  10232. (111) [mschap] = noop
  10233. (111) [digest] = noop
  10234. (111) suffix: Checking for suffix after "@"
  10235. (111) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  10236. (111) suffix: No such realm "NULL"
  10237. (111) [suffix] = noop
  10238. (111) eap: Peer sent EAP Response (code 2) ID 111 length 69
  10239. (111) eap: Continuing tunnel setup
  10240. (111) [eap] = ok
  10241. (111) } # authorize = ok
  10242. (111) Found Auth-Type = eap
  10243. (111) # Executing group from file /etc/raddb/sites-enabled/default
  10244. (111) authenticate {
  10245. (111) eap: Expiring EAP session with state 0xaada5d64abb5445c
  10246. (111) eap: Finished EAP session with state 0xaada5d64abb5445c
  10247. (111) eap: Previous EAP request found for state 0xaada5d64abb5445c, released from the list
  10248. (111) eap: Peer sent packet with method EAP PEAP (25)
  10249. (111) eap: Calling submodule eap_peap to process data
  10250. (111) eap_peap: Continuing EAP-TLS
  10251. (111) eap_peap: Peer indicated complete TLS record size will be 59 bytes
  10252. (111) eap_peap: Got complete TLS record (59 bytes)
  10253. (111) eap_peap: [eaptls verify] = length included
  10254. (111) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
  10255. (111) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
  10256. (111) eap_peap: TLS_accept: SSLv3 read finished A
  10257. (111) eap_peap: (other): SSL negotiation finished successfully
  10258. (111) eap_peap: SSL Connection Established
  10259. (111) eap_peap: SSL Application Data
  10260. (111) eap_peap: Adding cached attributes from session 99fa3eb5d7d108e8e1047f8c78273aadc1bd2aa26caa1810320d84ad7442e74a
  10261. (111) eap_peap: reply:User-Name = "vkratsberg"
  10262. (111) eap_peap: [eaptls process] = success
  10263. (111) eap_peap: Session established. Decoding tunneled attributes
  10264. (111) eap_peap: PEAP state TUNNEL ESTABLISHED
  10265. (111) eap_peap: Skipping Phase2 because of session resumption
  10266. (111) eap_peap: SUCCESS
  10267. (111) eap: Sending EAP Request (code 1) ID 112 length 43
  10268. (111) eap: EAP session adding &reply:State = 0xaada5d64a8aa445c
  10269. (111) [eap] = handled
  10270. (111) } # authenticate = handled
  10271. (111) Using Post-Auth-Type Challenge
  10272. (111) Post-Auth-Type sub-section not found. Ignoring.
  10273. (111) # Executing group from file /etc/raddb/sites-enabled/default
  10274. (111) Sent Access-Challenge Id 102 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  10275. (111) User-Name = "vkratsberg"
  10276. (111) EAP-Message = 0x0170002b19001703010020d52e2542c8168cee9986dd8c8470ed0c45db69a757078086e817c62f37245fc8
  10277. (111) Message-Authenticator = 0x00000000000000000000000000000000
  10278. (111) State = 0xaada5d64a8aa445c0e4dab1d815af132
  10279. (111) Finished request
  10280. Waking up in 2.0 seconds.
  10281. (112) Received Access-Request Id 103 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
  10282. (112) User-Name = "vkratsberg"
  10283. (112) NAS-Port = 358
  10284. (112) State = 0xaada5d64a8aa445c0e4dab1d815af132
  10285. (112) EAP-Message = 0x0270002b190017030100204c0678760c0c21cbc259d8dd695f63f8f3f2fe90cdc2b720ba253f47330f774a
  10286. (112) Message-Authenticator = 0x6dda5137a7dd1cc16b60aaed6a6eb686
  10287. (112) Acct-Session-Id = "8O2.1x81bb0d5e000cc9c0"
  10288. (112) NAS-Port-Id = "ge-3/0/6.0"
  10289. (112) Calling-Station-Id = "00-e0-4c-b8-16-4d"
  10290. (112) Called-Station-Id = "ec-3e-f7-68-35-00"
  10291. (112) NAS-IP-Address = 10.8.0.111
  10292. (112) NAS-Identifier = "nyc-access-sw011"
  10293. (112) NAS-Port-Type = Ethernet
  10294. (112) session-state: No cached attributes
  10295. (112) # Executing section authorize from file /etc/raddb/sites-enabled/default
  10296. (112) authorize {
  10297. (112) policy filter_username {
  10298. (112) if (&User-Name) {
  10299. (112) if (&User-Name) -> TRUE
  10300. (112) if (&User-Name) {
  10301. (112) if (&User-Name =~ / /) {
  10302. (112) if (&User-Name =~ / /) -> FALSE
  10303. (112) if (&User-Name =~ /@[^@]*@/ ) {
  10304. (112) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  10305. (112) if (&User-Name =~ /\.\./ ) {
  10306. (112) if (&User-Name =~ /\.\./ ) -> FALSE
  10307. (112) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  10308. (112) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  10309. (112) if (&User-Name =~ /\.$/) {
  10310. (112) if (&User-Name =~ /\.$/) -> FALSE
  10311. (112) if (&User-Name =~ /@\./) {
  10312. (112) if (&User-Name =~ /@\./) -> FALSE
  10313. (112) } # if (&User-Name) = notfound
  10314. (112) } # policy filter_username = notfound
  10315. (112) [preprocess] = ok
  10316. (112) [chap] = noop
  10317. (112) [mschap] = noop
  10318. (112) [digest] = noop
  10319. (112) suffix: Checking for suffix after "@"
  10320. (112) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
  10321. (112) suffix: No such realm "NULL"
  10322. (112) [suffix] = noop
  10323. (112) eap: Peer sent EAP Response (code 2) ID 112 length 43
  10324. (112) eap: Continuing tunnel setup
  10325. (112) [eap] = ok
  10326. (112) } # authorize = ok
  10327. (112) Found Auth-Type = eap
  10328. (112) # Executing group from file /etc/raddb/sites-enabled/default
  10329. (112) authenticate {
  10330. (112) eap: Expiring EAP session with state 0xaada5d64a8aa445c
  10331. (112) eap: Finished EAP session with state 0xaada5d64a8aa445c
  10332. (112) eap: Previous EAP request found for state 0xaada5d64a8aa445c, released from the list
  10333. (112) eap: Peer sent packet with method EAP PEAP (25)
  10334. (112) eap: Calling submodule eap_peap to process data
  10335. (112) eap_peap: Continuing EAP-TLS
  10336. (112) eap_peap: [eaptls verify] = ok
  10337. (112) eap_peap: Done initial handshake
  10338. (112) eap_peap: [eaptls process] = ok
  10339. (112) eap_peap: Session established. Decoding tunneled attributes
  10340. (112) eap_peap: PEAP state send tlv success
  10341. (112) eap_peap: Received EAP-TLV response
  10342. (112) eap_peap: Success
  10343. (112) eap_peap: No saved attributes in the original Access-Accept
  10344. (112) eap: Sending EAP Success (code 3) ID 112 length 4
  10345. (112) eap: Freeing handler
  10346. (112) [eap] = ok
  10347. (112) } # authenticate = ok
  10348. (112) # Executing section post-auth from file /etc/raddb/sites-enabled/default
  10349. (112) post-auth {
  10350. (112) update {
  10351. (112) No attributes updated
  10352. (112) } # update = noop
  10353. (112) [exec] = noop
  10354. (112) policy remove_reply_message_if_eap {
  10355. (112) if (&reply:EAP-Message && &reply:Reply-Message) {
  10356. (112) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  10357. (112) else {
  10358. (112) [noop] = noop
  10359. (112) } # else = noop
  10360. (112) } # policy remove_reply_message_if_eap = noop
  10361. (112) } # post-auth = noop
  10362. (112) Sent Access-Accept Id 103 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
  10363. (112) MS-MPPE-Recv-Key = 0x1da126c07ca0725ca7117902c3a61b8351f1f05faec418d818bb047ee2da11e5
  10364. (112) MS-MPPE-Send-Key = 0x51632040239711bfa36327a2c3ca94f029f409ac5f83941227f44c9224c6f99e
  10365. (112) EAP-Message = 0x03700004
  10366. (112) Message-Authenticator = 0x00000000000000000000000000000000
  10367. (112) User-Name = "vkratsberg"
  10368. (112) Finished request
  10369. Waking up in 2.0 seconds.
  10370. (0) Cleaning up request packet ID 246 with timestamp +6
  10371. (1) Cleaning up request packet ID 247 with timestamp +6
  10372. (2) Cleaning up request packet ID 248 with timestamp +6
  10373. (3) Cleaning up request packet ID 249 with timestamp +6
  10374. (4) Cleaning up request packet ID 250 with timestamp +7
  10375. (5) Cleaning up request packet ID 251 with timestamp +7
  10376. (6) Cleaning up request packet ID 252 with timestamp +7
  10377. (7) Cleaning up request packet ID 253 with timestamp +7
  10378. (8) Cleaning up request packet ID 254 with timestamp +7
  10379. Waking up in 0.1 seconds.
  10380. (9) Cleaning up request packet ID 255 with timestamp +7
  10381. (10) Cleaning up request packet ID 1 with timestamp +7
  10382. (11) Cleaning up request packet ID 2 with timestamp +7
  10383. (12) Cleaning up request packet ID 3 with timestamp +7
  10384. (13) Cleaning up request packet ID 4 with timestamp +7
  10385. (14) Cleaning up request packet ID 5 with timestamp +7
  10386. (15) Cleaning up request packet ID 6 with timestamp +7
  10387. (16) Cleaning up request packet ID 7 with timestamp +7
  10388. (17) Cleaning up request packet ID 8 with timestamp +7
  10389. (18) Cleaning up request packet ID 9 with timestamp +7
  10390. (19) Cleaning up request packet ID 10 with timestamp +7
  10391. (20) Cleaning up request packet ID 11 with timestamp +7
  10392. (21) Cleaning up request packet ID 12 with timestamp +7
  10393. (22) Cleaning up request packet ID 13 with timestamp +7
  10394. (23) Cleaning up request packet ID 14 with timestamp +7
  10395. (24) Cleaning up request packet ID 15 with timestamp +7
  10396. (25) Cleaning up request packet ID 16 with timestamp +7
  10397. (26) Cleaning up request packet ID 17 with timestamp +7
  10398. (27) Cleaning up request packet ID 18 with timestamp +7
  10399. (28) Cleaning up request packet ID 19 with timestamp +7
  10400. (29) Cleaning up request packet ID 20 with timestamp +7
  10401. (30) Cleaning up request packet ID 21 with timestamp +7
  10402. (31) Cleaning up request packet ID 22 with timestamp +7
  10403. (32) Cleaning up request packet ID 23 with timestamp +7
  10404. (33) Cleaning up request packet ID 24 with timestamp +7
  10405. (34) Cleaning up request packet ID 25 with timestamp +7
  10406. (35) Cleaning up request packet ID 26 with timestamp +7
  10407. (36) Cleaning up request packet ID 27 with timestamp +7
  10408. (37) Cleaning up request packet ID 28 with timestamp +7
  10409. (38) Cleaning up request packet ID 29 with timestamp +7
  10410. (39) Cleaning up request packet ID 30 with timestamp +7
  10411. (40) Cleaning up request packet ID 31 with timestamp +7
  10412. (41) Cleaning up request packet ID 32 with timestamp +8
  10413. (42) Cleaning up request packet ID 33 with timestamp +8
  10414. (43) Cleaning up request packet ID 34 with timestamp +8
  10415. (44) Cleaning up request packet ID 35 with timestamp +8
  10416. (45) Cleaning up request packet ID 36 with timestamp +8
  10417. (46) Cleaning up request packet ID 37 with timestamp +8
  10418. (47) Cleaning up request packet ID 38 with timestamp +8
  10419. (48) Cleaning up request packet ID 39 with timestamp +8
  10420. (49) Cleaning up request packet ID 40 with timestamp +8
  10421. (50) Cleaning up request packet ID 41 with timestamp +8
  10422. (51) Cleaning up request packet ID 42 with timestamp +8
  10423. (52) Cleaning up request packet ID 43 with timestamp +8
  10424. (53) Cleaning up request packet ID 44 with timestamp +8
  10425. (54) Cleaning up request packet ID 45 with timestamp +8
  10426. (55) Cleaning up request packet ID 46 with timestamp +8
  10427. (56) Cleaning up request packet ID 47 with timestamp +8
  10428. (57) Cleaning up request packet ID 48 with timestamp +8
  10429. (58) Cleaning up request packet ID 49 with timestamp +8
  10430. (59) Cleaning up request packet ID 50 with timestamp +8
  10431. (60) Cleaning up request packet ID 51 with timestamp +8
  10432. (61) Cleaning up request packet ID 52 with timestamp +8
  10433. (62) Cleaning up request packet ID 53 with timestamp +8
  10434. (63) Cleaning up request packet ID 54 with timestamp +8
  10435. (64) Cleaning up request packet ID 55 with timestamp +8
  10436. (65) Cleaning up request packet ID 56 with timestamp +8
  10437. (66) Cleaning up request packet ID 57 with timestamp +8
  10438. (67) Cleaning up request packet ID 58 with timestamp +8
  10439. (68) Cleaning up request packet ID 59 with timestamp +8
  10440. (69) Cleaning up request packet ID 60 with timestamp +8
  10441. (70) Cleaning up request packet ID 61 with timestamp +8
  10442. (71) Cleaning up request packet ID 62 with timestamp +8
  10443. (72) Cleaning up request packet ID 63 with timestamp +8
  10444. (73) Cleaning up request packet ID 64 with timestamp +8
  10445. (74) Cleaning up request packet ID 65 with timestamp +8
  10446. (75) Cleaning up request packet ID 66 with timestamp +8
  10447. (76) Cleaning up request packet ID 67 with timestamp +8
  10448. (77) Cleaning up request packet ID 68 with timestamp +8
  10449. (78) Cleaning up request packet ID 69 with timestamp +8
  10450. (79) Cleaning up request packet ID 70 with timestamp +9
  10451. (80) Cleaning up request packet ID 71 with timestamp +9
  10452. (81) Cleaning up request packet ID 72 with timestamp +9
  10453. (82) Cleaning up request packet ID 73 with timestamp +9
  10454. (83) Cleaning up request packet ID 74 with timestamp +9
  10455. (84) Cleaning up request packet ID 75 with timestamp +9
  10456. (85) Cleaning up request packet ID 76 with timestamp +9
  10457. (86) Cleaning up request packet ID 77 with timestamp +9
  10458. (87) Cleaning up request packet ID 78 with timestamp +9
  10459. (88) Cleaning up request packet ID 79 with timestamp +9
  10460. (89) Cleaning up request packet ID 80 with timestamp +9
  10461. (90) Cleaning up request packet ID 81 with timestamp +9
  10462. (91) Cleaning up request packet ID 82 with timestamp +9
  10463. (92) Cleaning up request packet ID 83 with timestamp +9
  10464. (93) Cleaning up request packet ID 84 with timestamp +9
  10465. (94) Cleaning up request packet ID 85 with timestamp +9
  10466. (95) Cleaning up request packet ID 86 with timestamp +9
  10467. (96) Cleaning up request packet ID 87 with timestamp +9
  10468. (97) Cleaning up request packet ID 88 with timestamp +9
  10469. (98) Cleaning up request packet ID 89 with timestamp +9
  10470. (99) Cleaning up request packet ID 90 with timestamp +9
  10471. (100) Cleaning up request packet ID 91 with timestamp +9
  10472. (101) Cleaning up request packet ID 92 with timestamp +9
  10473. (102) Cleaning up request packet ID 93 with timestamp +9
  10474. (103) Cleaning up request packet ID 94 with timestamp +9
  10475. (104) Cleaning up request packet ID 95 with timestamp +9
  10476. (105) Cleaning up request packet ID 96 with timestamp +9
  10477. (106) Cleaning up request packet ID 97 with timestamp +9
  10478. (107) Cleaning up request packet ID 98 with timestamp +9
  10479. (108) Cleaning up request packet ID 99 with timestamp +9
  10480. (109) Cleaning up request packet ID 100 with timestamp +9
  10481. (110) Cleaning up request packet ID 101 with timestamp +9
  10482. (111) Cleaning up request packet ID 102 with timestamp +9
  10483. (112) Cleaning up request packet ID 103 with timestamp +9
  10484. Ready to process requests
Add Comment
Please, Sign In to add comment