Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- (0) Received Access-Request Id 20 from 172.22.33.33:65484 to 172.22.33.46:1812 length 163
- (0) User-Name = "bj"
- (0) NAS-IP-Address = 172.22.33.33
- (0) NAS-Port = 0
- (0) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (0) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (0) Framed-MTU = 1400
- (0) NAS-Port-Type = Wireless-802.11
- (0) Connect-Info = "CONNECT 0Mbps 802.11"
- (0) EAP-Message = 0x0295000701626a
- (0) Message-Authenticator = 0x9275b1a12f92cd949f7f787c0a9a9fdc
- (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (0) authorize {
- (0) policy filter_username {
- (0) if (&User-Name) {
- (0) if (&User-Name) -> TRUE
- (0) if (&User-Name) {
- (0) if (&User-Name =~ / /) {
- (0) if (&User-Name =~ / /) -> FALSE
- (0) if (&User-Name =~ /@[^@]*@/ ) {
- (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (0) if (&User-Name =~ /\.\./ ) {
- (0) if (&User-Name =~ /\.\./ ) -> FALSE
- (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (0) if (&User-Name =~ /\.$/) {
- (0) if (&User-Name =~ /\.$/) -> FALSE
- (0) if (&User-Name =~ /@\./) {
- (0) if (&User-Name =~ /@\./) -> FALSE
- (0) } # if (&User-Name) = notfound
- (0) } # policy filter_username = notfound
- (0) [preprocess] = ok
- (0) [chap] = noop
- (0) [mschap] = noop
- (0) [digest] = noop
- (0) suffix: Checking for suffix after "@"
- (0) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (0) suffix: No such realm "NULL"
- (0) [suffix] = noop
- (0) eap: Peer sent EAP Response (code 2) ID 149 length 7
- (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (0) [eap] = ok
- (0) } # authorize = ok
- (0) Found Auth-Type = eap
- (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (0) authenticate {
- (0) eap: Peer sent packet with method EAP Identity (1)
- (0) eap: Calling submodule eap_tls to process data
- (0) eap_tls: Initiating new EAP-TLS session
- (0) eap_tls: Flushing SSL sessions (of #0)
- (0) eap_tls: Setting verify mode to require certificate from client
- (0) eap_tls: [eaptls start] = request
- (0) eap: Sending EAP Request (code 1) ID 150 length 6
- (0) eap: EAP session adding &reply:State = 0x3401110c34971c71
- (0) [eap] = handled
- (0) } # authenticate = handled
- (0) Using Post-Auth-Type Challenge
- (0) Post-Auth-Type sub-section not found. Ignoring.
- (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (0) Sent Access-Challenge Id 20 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (0) EAP-Message = 0x019600060d20
- (0) Message-Authenticator = 0x00000000000000000000000000000000
- (0) State = 0x3401110c34971c7121133da265f33113
- (0) Finished request
- Waking up in 4.9 seconds.
- (1) Received Access-Request Id 21 from 172.22.33.33:65484 to 172.22.33.46:1812 length 182
- (1) User-Name = "bj"
- (1) NAS-IP-Address = 172.22.33.33
- (1) NAS-Port = 0
- (1) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (1) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (1) Framed-MTU = 1400
- (1) NAS-Port-Type = Wireless-802.11
- (1) Connect-Info = "CONNECT 0Mbps 802.11"
- (1) EAP-Message = 0x029600080319152b
- (1) State = 0x3401110c34971c7121133da265f33113
- (1) Message-Authenticator = 0xf29471f6a65217f85ed6229ad038cea3
- (1) session-state: No cached attributes
- (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (1) authorize {
- (1) policy filter_username {
- (1) if (&User-Name) {
- (1) if (&User-Name) -> TRUE
- (1) if (&User-Name) {
- (1) if (&User-Name =~ / /) {
- (1) if (&User-Name =~ / /) -> FALSE
- (1) if (&User-Name =~ /@[^@]*@/ ) {
- (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (1) if (&User-Name =~ /\.\./ ) {
- (1) if (&User-Name =~ /\.\./ ) -> FALSE
- (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (1) if (&User-Name =~ /\.$/) {
- (1) if (&User-Name =~ /\.$/) -> FALSE
- (1) if (&User-Name =~ /@\./) {
- (1) if (&User-Name =~ /@\./) -> FALSE
- (1) } # if (&User-Name) = notfound
- (1) } # policy filter_username = notfound
- (1) [preprocess] = ok
- (1) [chap] = noop
- (1) [mschap] = noop
- (1) [digest] = noop
- (1) suffix: Checking for suffix after "@"
- (1) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (1) suffix: No such realm "NULL"
- (1) [suffix] = noop
- (1) eap: Peer sent EAP Response (code 2) ID 150 length 8
- (1) eap: No EAP Start, assuming it's an on-going EAP conversation
- (1) [eap] = updated
- (1) files: Searching for user in group "wifi-cph"
- rlm_ldap (ldap): Reserved connection (0)
- (1) files: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
- (1) files: --> (uid=bj)
- (1) files: Performing search in "o=kontrapunkt,dc=example,dc=com" with filter "(uid=bj)", scope "sub"
- (1) files: Waiting for search result...
- (1) files: User object found at DN "uid=bj,ou=people,l=copenhagen,c=dk,o=kontrapunkt,dc=example,dc=com"
- (1) files: Checking for user in group objects
- (1) files: EXPAND (&(cn=wifi-cph)(objectClass=posixGroup)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Na)
- (1) files: --> (&(cn=wifi-cph)(objectClass=posixGroup)(|(member=uid\3dbj\2cou\3dpeople\2cl\3dcopenhagen\2cc\3ddk\2co\3)
- (1) files: Performing search in "dc=services,o=kontrapunkt,dc=example,dc=com" with filter "(&(cn=wifi-cph)(objectClas"
- (1) files: Waiting for search result...
- (1) files: User found in group object "dc=services,o=kontrapunkt,dc=example,dc=com"
- rlm_ldap (ldap): Released connection (0)
- rlm_ldap (ldap): Need 5 more connections to reach 10 spares
- rlm_ldap (ldap): Opening additional connection (5), 1 of 27 pending slots used
- rlm_ldap (ldap): Connecting to ldap://ldap.kontrapunkt.com:389
- rlm_ldap (ldap): Waiting for bind result...
- rlm_ldap (ldap): Bind successful
- (1) files: users: Matched entry DEFAULT at line 52
- (1) [files] = ok
- rlm_ldap (ldap): Reserved connection (1)
- (1) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
- (1) ldap: --> (uid=bj)
- (1) ldap: Performing search in "o=kontrapunkt,dc=example,dc=com" with filter "(uid=bj)", scope "sub"
- (1) ldap: Waiting for search result...
- (1) ldap: User object found at DN "uid=bj,ou=people,l=copenhagen,c=dk,o=kontrapunkt,dc=example,dc=com"
- (1) ldap: Processing user attributes
- (1) ldap: control:Password-With-Header += '{CRYPT}***'
- (1) ldap: control:NT-Password := 0x3437413634423334324442384133314330313831413644453134393237413931
- rlm_ldap (ldap): Released connection (1)
- (1) [ldap] = updated
- (1) [expiration] = noop
- (1) [logintime] = noop
- (1) pap: Converted: &control:Password-With-Header -> &control:Crypt-Password
- (1) pap: Removing &control:Password-With-Header
- (1) pap: Normalizing NT-Password from hex encoding, 32 bytes -> 16 bytes
- (1) pap: WARNING: Auth-Type already set. Not setting to PAP
- (1) [pap] = noop
- (1) } # authorize = updated
- (1) Found Auth-Type = eap
- (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (1) authenticate {
- (1) eap: Expiring EAP session with state 0x3401110c34971c71
- (1) eap: Finished EAP session with state 0x3401110c34971c71
- (1) eap: Previous EAP request found for state 0x3401110c34971c71, released from the list
- (1) eap: Peer sent packet with method EAP NAK (3)
- (1) eap: Found mutually acceptable type PEAP (25)
- (1) eap: Calling submodule eap_peap to process data
- (1) eap_peap: Initiating new EAP-TLS session
- (1) eap_peap: [eaptls start] = request
- (1) eap: Sending EAP Request (code 1) ID 151 length 6
- (1) eap: EAP session adding &reply:State = 0x3401110c35960871
- (1) [eap] = handled
- (1) } # authenticate = handled
- (1) Using Post-Auth-Type Challenge
- (1) Post-Auth-Type sub-section not found. Ignoring.
- (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (1) Sent Access-Challenge Id 21 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (1) Reply-Message = "OK, member of wifi-cph."
- (1) EAP-Message = 0x019700061920
- (1) Message-Authenticator = 0x00000000000000000000000000000000
- (1) State = 0x3401110c3596087121133da265f33113
- (1) Finished request
- Waking up in 4.8 seconds.
- (2) Received Access-Request Id 22 from 172.22.33.33:65484 to 172.22.33.46:1812 length 305
- (2) User-Name = "bj"
- (2) NAS-IP-Address = 172.22.33.33
- (2) NAS-Port = 0
- (2) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (2) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (2) Framed-MTU = 1400
- (2) NAS-Port-Type = Wireless-802.11
- (2) Connect-Info = "CONNECT 0Mbps 802.11"
- (2) EAP-Message = 0x0297008319800000007916030100740100007003015a27e784529352b1199bc836b887737dffef96f3ae24c9a00bc6df4076a0
- (2) State = 0x3401110c3596087121133da265f33113
- (2) Message-Authenticator = 0xac6765812621d0a88f0d68caa9ad20a8
- (2) session-state: No cached attributes
- (2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (2) authorize {
- (2) policy filter_username {
- (2) if (&User-Name) {
- (2) if (&User-Name) -> TRUE
- (2) if (&User-Name) {
- (2) if (&User-Name =~ / /) {
- (2) if (&User-Name =~ / /) -> FALSE
- (2) if (&User-Name =~ /@[^@]*@/ ) {
- (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (2) if (&User-Name =~ /\.\./ ) {
- (2) if (&User-Name =~ /\.\./ ) -> FALSE
- (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (2) if (&User-Name =~ /\.$/) {
- (2) if (&User-Name =~ /\.$/) -> FALSE
- (2) if (&User-Name =~ /@\./) {
- (2) if (&User-Name =~ /@\./) -> FALSE
- (2) } # if (&User-Name) = notfound
- (2) } # policy filter_username = notfound
- (2) [preprocess] = ok
- (2) [chap] = noop
- (2) [mschap] = noop
- (2) [digest] = noop
- (2) suffix: Checking for suffix after "@"
- (2) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (2) suffix: No such realm "NULL"
- (2) [suffix] = noop
- (2) eap: Peer sent EAP Response (code 2) ID 151 length 131
- (2) eap: Continuing tunnel setup
- (2) [eap] = ok
- (2) } # authorize = ok
- (2) Found Auth-Type = eap
- (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (2) authenticate {
- (2) eap: Expiring EAP session with state 0x3401110c35960871
- (2) eap: Finished EAP session with state 0x3401110c35960871
- (2) eap: Previous EAP request found for state 0x3401110c35960871, released from the list
- (2) eap: Peer sent packet with method EAP PEAP (25)
- (2) eap: Calling submodule eap_peap to process data
- (2) eap_peap: Continuing EAP-TLS
- (2) eap_peap: Peer indicated complete TLS record size will be 121 bytes
- (2) eap_peap: Got complete TLS record (121 bytes)
- (2) eap_peap: [eaptls verify] = length included
- (2) eap_peap: (other): before/accept initialization
- (2) eap_peap: TLS_accept: before/accept initialization
- (2) eap_peap: <<< recv TLS 1.0 Handshake [length 0074], ClientHello
- (2) eap_peap: TLS_accept: SSLv3 read client hello A
- (2) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (2) eap_peap: TLS_accept: SSLv3 write server hello A
- (2) eap_peap: >>> send TLS 1.0 Handshake [length 08d3], Certificate
- (2) eap_peap: TLS_accept: SSLv3 write certificate A
- (2) eap_peap: >>> send TLS 1.0 Handshake [length 014b], ServerKeyExchange
- (2) eap_peap: TLS_accept: SSLv3 write key exchange A
- (2) eap_peap: >>> send TLS 1.0 Handshake [length 0004], ServerHelloDone
- (2) eap_peap: TLS_accept: SSLv3 write server done A
- (2) eap_peap: TLS_accept: SSLv3 flush data
- (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
- (2) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
- (2) eap_peap: In SSL Handshake Phase
- (2) eap_peap: In SSL Accept mode
- (2) eap_peap: [eaptls process] = handled
- (2) eap: Sending EAP Request (code 1) ID 152 length 1004
- (2) eap: EAP session adding &reply:State = 0x3401110c36990871
- (2) [eap] = handled
- (2) } # authenticate = handled
- (2) Using Post-Auth-Type Challenge
- (2) Post-Auth-Type sub-section not found. Ignoring.
- (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (2) Sent Access-Challenge Id 22 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (2) EAP-Message = 0x019803ec19c000000a8f160301005902000055030120b167b1ad7daef8f07282bc88e293fe19a7b541368b295f38ec4975247e
- (2) Message-Authenticator = 0x00000000000000000000000000000000
- (2) State = 0x3401110c3699087121133da265f33113
- (2) Finished request
- Waking up in 4.8 seconds.
- (3) Received Access-Request Id 23 from 172.22.33.33:65484 to 172.22.33.46:1812 length 180
- (3) User-Name = "bj"
- (3) NAS-IP-Address = 172.22.33.33
- (3) NAS-Port = 0
- (3) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (3) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (3) Framed-MTU = 1400
- (3) NAS-Port-Type = Wireless-802.11
- (3) Connect-Info = "CONNECT 0Mbps 802.11"
- (3) EAP-Message = 0x029800061900
- (3) State = 0x3401110c3699087121133da265f33113
- (3) Message-Authenticator = 0x894c3fd16f2d78421341c01b56565ca1
- (3) session-state: No cached attributes
- (3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (3) authorize {
- (3) policy filter_username {
- (3) if (&User-Name) {
- (3) if (&User-Name) -> TRUE
- (3) if (&User-Name) {
- (3) if (&User-Name =~ / /) {
- (3) if (&User-Name =~ / /) -> FALSE
- (3) if (&User-Name =~ /@[^@]*@/ ) {
- (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (3) if (&User-Name =~ /\.\./ ) {
- (3) if (&User-Name =~ /\.\./ ) -> FALSE
- (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (3) if (&User-Name =~ /\.$/) {
- (3) if (&User-Name =~ /\.$/) -> FALSE
- (3) if (&User-Name =~ /@\./) {
- (3) if (&User-Name =~ /@\./) -> FALSE
- (3) } # if (&User-Name) = notfound
- (3) } # policy filter_username = notfound
- (3) [preprocess] = ok
- (3) [chap] = noop
- (3) [mschap] = noop
- (3) [digest] = noop
- (3) suffix: Checking for suffix after "@"
- (3) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (3) suffix: No such realm "NULL"
- (3) [suffix] = noop
- (3) eap: Peer sent EAP Response (code 2) ID 152 length 6
- (3) eap: Continuing tunnel setup
- (3) [eap] = ok
- (3) } # authorize = ok
- (3) Found Auth-Type = eap
- (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (3) authenticate {
- (3) eap: Expiring EAP session with state 0x3401110c36990871
- (3) eap: Finished EAP session with state 0x3401110c36990871
- (3) eap: Previous EAP request found for state 0x3401110c36990871, released from the list
- (3) eap: Peer sent packet with method EAP PEAP (25)
- (3) eap: Calling submodule eap_peap to process data
- (3) eap_peap: Continuing EAP-TLS
- (3) eap_peap: Peer ACKed our handshake fragment
- (3) eap_peap: [eaptls verify] = request
- (3) eap_peap: [eaptls process] = handled
- (3) eap: Sending EAP Request (code 1) ID 153 length 1000
- (3) eap: EAP session adding &reply:State = 0x3401110c37980871
- (3) [eap] = handled
- (3) } # authenticate = handled
- (3) Using Post-Auth-Type Challenge
- (3) Post-Auth-Type sub-section not found. Ignoring.
- (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (3) Sent Access-Challenge Id 23 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (3) EAP-Message = 0x019903e819400342020de654b2672fb5f02c9ae02856749a536eccc0352abc3da4c99ee4528f5d13fa97c8ba81e1c1ef856280
- (3) Message-Authenticator = 0x00000000000000000000000000000000
- (3) State = 0x3401110c3798087121133da265f33113
- (3) Finished request
- Waking up in 4.8 seconds.
- (4) Received Access-Request Id 24 from 172.22.33.33:65484 to 172.22.33.46:1812 length 180
- (4) User-Name = "bj"
- (4) NAS-IP-Address = 172.22.33.33
- (4) NAS-Port = 0
- (4) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (4) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (4) Framed-MTU = 1400
- (4) NAS-Port-Type = Wireless-802.11
- (4) Connect-Info = "CONNECT 0Mbps 802.11"
- (4) EAP-Message = 0x029900061900
- (4) State = 0x3401110c3798087121133da265f33113
- (4) Message-Authenticator = 0x812b5084b8806f1a9f240f21e7978125
- (4) session-state: No cached attributes
- (4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (4) authorize {
- (4) policy filter_username {
- (4) if (&User-Name) {
- (4) if (&User-Name) -> TRUE
- (4) if (&User-Name) {
- (4) if (&User-Name =~ / /) {
- (4) if (&User-Name =~ / /) -> FALSE
- (4) if (&User-Name =~ /@[^@]*@/ ) {
- (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (4) if (&User-Name =~ /\.\./ ) {
- (4) if (&User-Name =~ /\.\./ ) -> FALSE
- (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (4) if (&User-Name =~ /\.$/) {
- (4) if (&User-Name =~ /\.$/) -> FALSE
- (4) if (&User-Name =~ /@\./) {
- (4) if (&User-Name =~ /@\./) -> FALSE
- (4) } # if (&User-Name) = notfound
- (4) } # policy filter_username = notfound
- (4) [preprocess] = ok
- (4) [chap] = noop
- (4) [mschap] = noop
- (4) [digest] = noop
- (4) suffix: Checking for suffix after "@"
- (4) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (4) suffix: No such realm "NULL"
- (4) [suffix] = noop
- (4) eap: Peer sent EAP Response (code 2) ID 153 length 6
- (4) eap: Continuing tunnel setup
- (4) [eap] = ok
- (4) } # authorize = ok
- (4) Found Auth-Type = eap
- (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (4) authenticate {
- (4) eap: Expiring EAP session with state 0x3401110c37980871
- (4) eap: Finished EAP session with state 0x3401110c37980871
- (4) eap: Previous EAP request found for state 0x3401110c37980871, released from the list
- (4) eap: Peer sent packet with method EAP PEAP (25)
- (4) eap: Calling submodule eap_peap to process data
- (4) eap_peap: Continuing EAP-TLS
- (4) eap_peap: Peer ACKed our handshake fragment
- (4) eap_peap: [eaptls verify] = request
- (4) eap_peap: [eaptls process] = handled
- (4) eap: Sending EAP Request (code 1) ID 154 length 721
- (4) eap: EAP session adding &reply:State = 0x3401110c309b0871
- (4) [eap] = handled
- (4) } # authenticate = handled
- (4) Using Post-Auth-Type Challenge
- (4) Post-Auth-Type sub-section not found. Ignoring.
- (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (4) Sent Access-Challenge Id 24 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (4) EAP-Message = 0x019a02d1190020417574686f72697479820900c8b778d5cf225df1300f0603551d130101ff040530030101ff30360603551d11
- (4) Message-Authenticator = 0x00000000000000000000000000000000
- (4) State = 0x3401110c309b087121133da265f33113
- (4) Finished request
- Waking up in 4.8 seconds.
- (5) Received Access-Request Id 25 from 172.22.33.33:65484 to 172.22.33.46:1812 length 318
- (5) User-Name = "bj"
- (5) NAS-IP-Address = 172.22.33.33
- (5) NAS-Port = 0
- (5) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (5) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (5) Framed-MTU = 1400
- (5) NAS-Port-Type = Wireless-802.11
- (5) Connect-Info = "CONNECT 0Mbps 802.11"
- (5) EAP-Message = 0x029a00901980000000861603010046100000424104e550faab64dba4209c1e1e2a44b4cc057b7cc2d3b4d9d66b32c7f647ebb8
- (5) State = 0x3401110c309b087121133da265f33113
- (5) Message-Authenticator = 0xb9c5efe8dc2e9756e156580627ef69c6
- (5) session-state: No cached attributes
- (5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (5) authorize {
- (5) policy filter_username {
- (5) if (&User-Name) {
- (5) if (&User-Name) -> TRUE
- (5) if (&User-Name) {
- (5) if (&User-Name =~ / /) {
- (5) if (&User-Name =~ / /) -> FALSE
- (5) if (&User-Name =~ /@[^@]*@/ ) {
- (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (5) if (&User-Name =~ /\.\./ ) {
- (5) if (&User-Name =~ /\.\./ ) -> FALSE
- (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (5) if (&User-Name =~ /\.$/) {
- (5) if (&User-Name =~ /\.$/) -> FALSE
- (5) if (&User-Name =~ /@\./) {
- (5) if (&User-Name =~ /@\./) -> FALSE
- (5) } # if (&User-Name) = notfound
- (5) } # policy filter_username = notfound
- (5) [preprocess] = ok
- (5) [chap] = noop
- (5) [mschap] = noop
- (5) [digest] = noop
- (5) suffix: Checking for suffix after "@"
- (5) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (5) suffix: No such realm "NULL"
- (5) [suffix] = noop
- (5) eap: Peer sent EAP Response (code 2) ID 154 length 144
- (5) eap: Continuing tunnel setup
- (5) [eap] = ok
- (5) } # authorize = ok
- (5) Found Auth-Type = eap
- (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (5) authenticate {
- (5) eap: Expiring EAP session with state 0x3401110c309b0871
- (5) eap: Finished EAP session with state 0x3401110c309b0871
- (5) eap: Previous EAP request found for state 0x3401110c309b0871, released from the list
- (5) eap: Peer sent packet with method EAP PEAP (25)
- (5) eap: Calling submodule eap_peap to process data
- (5) eap_peap: Continuing EAP-TLS
- (5) eap_peap: Peer indicated complete TLS record size will be 134 bytes
- (5) eap_peap: Got complete TLS record (134 bytes)
- (5) eap_peap: [eaptls verify] = length included
- (5) eap_peap: <<< recv TLS 1.0 Handshake [length 0046], ClientKeyExchange
- (5) eap_peap: TLS_accept: SSLv3 read client key exchange A
- (5) eap_peap: TLS_accept: SSLv3 read certificate verify A
- (5) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (5) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (5) eap_peap: TLS_accept: SSLv3 read finished A
- (5) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (5) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (5) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (5) eap_peap: TLS_accept: SSLv3 write finished A
- (5) eap_peap: TLS_accept: SSLv3 flush data
- (5) eap_peap: (other): SSL negotiation finished successfully
- (5) eap_peap: SSL Connection Established
- (5) eap_peap: [eaptls process] = handled
- (5) eap: Sending EAP Request (code 1) ID 155 length 65
- (5) eap: EAP session adding &reply:State = 0x3401110c319a0871
- (5) [eap] = handled
- (5) } # authenticate = handled
- (5) Using Post-Auth-Type Challenge
- (5) Post-Auth-Type sub-section not found. Ignoring.
- (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (5) Sent Access-Challenge Id 25 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (5) EAP-Message = 0x019b00411900140301000101160301003041bc149a519ae634b74d6118db8f31cbd6c66998d7c9d59b6d16746c5d54d578a995
- (5) Message-Authenticator = 0x00000000000000000000000000000000
- (5) State = 0x3401110c319a087121133da265f33113
- (5) Finished request
- Waking up in 4.7 seconds.
- (6) Received Access-Request Id 26 from 172.22.33.33:65484 to 172.22.33.46:1812 length 180
- (6) User-Name = "bj"
- (6) NAS-IP-Address = 172.22.33.33
- (6) NAS-Port = 0
- (6) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (6) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (6) Framed-MTU = 1400
- (6) NAS-Port-Type = Wireless-802.11
- (6) Connect-Info = "CONNECT 0Mbps 802.11"
- (6) EAP-Message = 0x029b00061900
- (6) State = 0x3401110c319a087121133da265f33113
- (6) Message-Authenticator = 0xb018ef79ea50859523881b63c30ea3ed
- (6) session-state: No cached attributes
- (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (6) authorize {
- (6) policy filter_username {
- (6) if (&User-Name) {
- (6) if (&User-Name) -> TRUE
- (6) if (&User-Name) {
- (6) if (&User-Name =~ / /) {
- (6) if (&User-Name =~ / /) -> FALSE
- (6) if (&User-Name =~ /@[^@]*@/ ) {
- (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (6) if (&User-Name =~ /\.\./ ) {
- (6) if (&User-Name =~ /\.\./ ) -> FALSE
- (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (6) if (&User-Name =~ /\.$/) {
- (6) if (&User-Name =~ /\.$/) -> FALSE
- (6) if (&User-Name =~ /@\./) {
- (6) if (&User-Name =~ /@\./) -> FALSE
- (6) } # if (&User-Name) = notfound
- (6) } # policy filter_username = notfound
- (6) [preprocess] = ok
- (6) [chap] = noop
- (6) [mschap] = noop
- (6) [digest] = noop
- (6) suffix: Checking for suffix after "@"
- (6) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (6) suffix: No such realm "NULL"
- (6) [suffix] = noop
- (6) eap: Peer sent EAP Response (code 2) ID 155 length 6
- (6) eap: Continuing tunnel setup
- (6) [eap] = ok
- (6) } # authorize = ok
- (6) Found Auth-Type = eap
- (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (6) authenticate {
- (6) eap: Expiring EAP session with state 0x3401110c319a0871
- (6) eap: Finished EAP session with state 0x3401110c319a0871
- (6) eap: Previous EAP request found for state 0x3401110c319a0871, released from the list
- (6) eap: Peer sent packet with method EAP PEAP (25)
- (6) eap: Calling submodule eap_peap to process data
- (6) eap_peap: Continuing EAP-TLS
- (6) eap_peap: Peer ACKed our handshake fragment. handshake is finished
- (6) eap_peap: [eaptls verify] = success
- (6) eap_peap: [eaptls process] = success
- (6) eap_peap: Session established. Decoding tunneled attributes
- (6) eap_peap: PEAP state TUNNEL ESTABLISHED
- (6) eap: Sending EAP Request (code 1) ID 156 length 43
- (6) eap: EAP session adding &reply:State = 0x3401110c329d0871
- (6) [eap] = handled
- (6) } # authenticate = handled
- (6) Using Post-Auth-Type Challenge
- (6) Post-Auth-Type sub-section not found. Ignoring.
- (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (6) Sent Access-Challenge Id 26 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (6) EAP-Message = 0x019c002b190017030100209e8703ae3285d1979a77c92deddac005f638217fb7eca4cadd4045afae587ea5
- (6) Message-Authenticator = 0x00000000000000000000000000000000
- (6) State = 0x3401110c329d087121133da265f33113
- (6) Finished request
- Waking up in 4.7 seconds.
- (7) Received Access-Request Id 27 from 172.22.33.33:65484 to 172.22.33.46:1812 length 217
- (7) User-Name = "bj"
- (7) NAS-IP-Address = 172.22.33.33
- (7) NAS-Port = 0
- (7) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (7) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (7) Framed-MTU = 1400
- (7) NAS-Port-Type = Wireless-802.11
- (7) Connect-Info = "CONNECT 0Mbps 802.11"
- (7) EAP-Message = 0x029c002b19001703010020f8648c08529e403a5e206cff8b41881111b587df05bd924f4f09aa776210b873
- (7) State = 0x3401110c329d087121133da265f33113
- (7) Message-Authenticator = 0x8a81caaa4ce2638cbde5cce52af0624b
- (7) session-state: No cached attributes
- (7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (7) authorize {
- (7) policy filter_username {
- (7) if (&User-Name) {
- (7) if (&User-Name) -> TRUE
- (7) if (&User-Name) {
- (7) if (&User-Name =~ / /) {
- (7) if (&User-Name =~ / /) -> FALSE
- (7) if (&User-Name =~ /@[^@]*@/ ) {
- (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (7) if (&User-Name =~ /\.\./ ) {
- (7) if (&User-Name =~ /\.\./ ) -> FALSE
- (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (7) if (&User-Name =~ /\.$/) {
- (7) if (&User-Name =~ /\.$/) -> FALSE
- (7) if (&User-Name =~ /@\./) {
- (7) if (&User-Name =~ /@\./) -> FALSE
- (7) } # if (&User-Name) = notfound
- (7) } # policy filter_username = notfound
- (7) [preprocess] = ok
- (7) [chap] = noop
- (7) [mschap] = noop
- (7) [digest] = noop
- (7) suffix: Checking for suffix after "@"
- (7) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (7) suffix: No such realm "NULL"
- (7) [suffix] = noop
- (7) eap: Peer sent EAP Response (code 2) ID 156 length 43
- (7) eap: Continuing tunnel setup
- (7) [eap] = ok
- (7) } # authorize = ok
- (7) Found Auth-Type = eap
- (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (7) authenticate {
- (7) eap: Expiring EAP session with state 0x3401110c329d0871
- (7) eap: Finished EAP session with state 0x3401110c329d0871
- (7) eap: Previous EAP request found for state 0x3401110c329d0871, released from the list
- (7) eap: Peer sent packet with method EAP PEAP (25)
- (7) eap: Calling submodule eap_peap to process data
- (7) eap_peap: Continuing EAP-TLS
- (7) eap_peap: [eaptls verify] = ok
- (7) eap_peap: Done initial handshake
- (7) eap_peap: [eaptls process] = ok
- (7) eap_peap: Session established. Decoding tunneled attributes
- (7) eap_peap: PEAP state WAITING FOR INNER IDENTITY
- (7) eap_peap: Identity - bj
- (7) eap_peap: Got inner identity 'bj'
- (7) eap_peap: Setting default EAP type for tunneled EAP session
- (7) eap_peap: Got tunneled request
- (7) eap_peap: EAP-Message = 0x029c000701626a
- (7) eap_peap: Setting User-Name to bj
- (7) eap_peap: Sending tunneled request to inner-tunnel
- (7) eap_peap: EAP-Message = 0x029c000701626a
- (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
- (7) eap_peap: User-Name = "bj"
- (7) Virtual server inner-tunnel received request
- (7) EAP-Message = 0x029c000701626a
- (7) FreeRADIUS-Proxied-To = 127.0.0.1
- (7) User-Name = "bj"
- (7) WARNING: Outer and inner identities are the same. User privacy is compromised.
- (7) server inner-tunnel {
- (7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
- (7) authorize {
- (7) policy filter_username {
- (7) if (&User-Name) {
- (7) if (&User-Name) -> TRUE
- (7) if (&User-Name) {
- (7) if (&User-Name =~ / /) {
- (7) if (&User-Name =~ / /) -> FALSE
- (7) if (&User-Name =~ /@[^@]*@/ ) {
- (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (7) if (&User-Name =~ /\.\./ ) {
- (7) if (&User-Name =~ /\.\./ ) -> FALSE
- (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (7) if (&User-Name =~ /\.$/) {
- (7) if (&User-Name =~ /\.$/) -> FALSE
- (7) if (&User-Name =~ /@\./) {
- (7) if (&User-Name =~ /@\./) -> FALSE
- (7) } # if (&User-Name) = notfound
- (7) } # policy filter_username = notfound
- (7) [chap] = noop
- (7) [mschap] = noop
- (7) suffix: Checking for suffix after "@"
- (7) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (7) suffix: No such realm "NULL"
- (7) [suffix] = noop
- (7) update control {
- (7) &Proxy-To-Realm := LOCAL
- (7) } # update control = noop
- (7) eap: Peer sent EAP Response (code 2) ID 156 length 7
- (7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (7) [eap] = ok
- (7) } # authorize = ok
- (7) Found Auth-Type = eap
- (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
- (7) authenticate {
- (7) eap: Peer sent packet with method EAP Identity (1)
- (7) eap: Calling submodule eap_mschapv2 to process data
- (7) eap_mschapv2: Issuing Challenge
- (7) eap: Sending EAP Request (code 1) ID 157 length 43
- (7) eap: EAP session adding &reply:State = 0x47e8552047754f14
- (7) [eap] = handled
- (7) } # authenticate = handled
- (7) } # server inner-tunnel
- (7) Virtual server sending reply
- (7) EAP-Message = 0x019d002b1a019d0026101d18b1030e69587a18f609577d69742a667265657261646975732d332e302e3132
- (7) Message-Authenticator = 0x00000000000000000000000000000000
- (7) State = 0x47e8552047754f14ee644e5e18ae3e3e
- (7) eap_peap: Got tunneled reply code 11
- (7) eap_peap: EAP-Message = 0x019d002b1a019d0026101d18b1030e69587a18f609577d69742a667265657261646975732d332e302e3132
- (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
- (7) eap_peap: State = 0x47e8552047754f14ee644e5e18ae3e3e
- (7) eap_peap: Got tunneled reply RADIUS code 11
- (7) eap_peap: EAP-Message = 0x019d002b1a019d0026101d18b1030e69587a18f609577d69742a667265657261646975732d332e302e3132
- (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
- (7) eap_peap: State = 0x47e8552047754f14ee644e5e18ae3e3e
- (7) eap_peap: Got tunneled Access-Challenge
- (7) eap: Sending EAP Request (code 1) ID 157 length 75
- (7) eap: EAP session adding &reply:State = 0x3401110c339c0871
- (7) [eap] = handled
- (7) } # authenticate = handled
- (7) Using Post-Auth-Type Challenge
- (7) Post-Auth-Type sub-section not found. Ignoring.
- (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (7) Sent Access-Challenge Id 27 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (7) EAP-Message = 0x019d004b190017030100406b7f0cf4c4cff9137fef900bc6528cad097fb010e76e70f727f4a1f11e68347ba7f0e2c6d803bdd0
- (7) Message-Authenticator = 0x00000000000000000000000000000000
- (7) State = 0x3401110c339c087121133da265f33113
- (7) Finished request
- Waking up in 4.7 seconds.
- (8) Received Access-Request Id 28 from 172.22.33.33:65484 to 172.22.33.46:1812 length 265
- (8) User-Name = "bj"
- (8) NAS-IP-Address = 172.22.33.33
- (8) NAS-Port = 0
- (8) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (8) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (8) Framed-MTU = 1400
- (8) NAS-Port-Type = Wireless-802.11
- (8) Connect-Info = "CONNECT 0Mbps 802.11"
- (8) EAP-Message = 0x029d005b190017030100500d0b13415e54771b88e8a310b0e825947d00717a64627b11aa95cdb5cc198cff868cbb7b34454ff0
- (8) State = 0x3401110c339c087121133da265f33113
- (8) Message-Authenticator = 0xdd0d2a0ab3fdc7c30e788986d2abbcad
- (8) session-state: No cached attributes
- (8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (8) authorize {
- (8) policy filter_username {
- (8) if (&User-Name) {
- (8) if (&User-Name) -> TRUE
- (8) if (&User-Name) {
- (8) if (&User-Name =~ / /) {
- (8) if (&User-Name =~ / /) -> FALSE
- (8) if (&User-Name =~ /@[^@]*@/ ) {
- (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (8) if (&User-Name =~ /\.\./ ) {
- (8) if (&User-Name =~ /\.\./ ) -> FALSE
- (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (8) if (&User-Name =~ /\.$/) {
- (8) if (&User-Name =~ /\.$/) -> FALSE
- (8) if (&User-Name =~ /@\./) {
- (8) if (&User-Name =~ /@\./) -> FALSE
- (8) } # if (&User-Name) = notfound
- (8) } # policy filter_username = notfound
- (8) [preprocess] = ok
- (8) [chap] = noop
- (8) [mschap] = noop
- (8) [digest] = noop
- (8) suffix: Checking for suffix after "@"
- (8) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (8) suffix: No such realm "NULL"
- (8) [suffix] = noop
- (8) eap: Peer sent EAP Response (code 2) ID 157 length 91
- (8) eap: Continuing tunnel setup
- (8) [eap] = ok
- (8) } # authorize = ok
- (8) Found Auth-Type = eap
- (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (8) authenticate {
- (8) eap: Expiring EAP session with state 0x47e8552047754f14
- (8) eap: Finished EAP session with state 0x3401110c339c0871
- (8) eap: Previous EAP request found for state 0x3401110c339c0871, released from the list
- (8) eap: Peer sent packet with method EAP PEAP (25)
- (8) eap: Calling submodule eap_peap to process data
- (8) eap_peap: Continuing EAP-TLS
- (8) eap_peap: [eaptls verify] = ok
- (8) eap_peap: Done initial handshake
- (8) eap_peap: [eaptls process] = ok
- (8) eap_peap: Session established. Decoding tunneled attributes
- (8) eap_peap: PEAP state phase2
- (8) eap_peap: EAP method MSCHAPv2 (26)
- (8) eap_peap: Got tunneled request
- (8) eap_peap: EAP-Message = 0x029d003d1a029d003831f953b8c0502e3ae7a755c0f04339e73500000000000000007fbdd521c99351466110631a
- (8) eap_peap: Setting User-Name to bj
- (8) eap_peap: Sending tunneled request to inner-tunnel
- (8) eap_peap: EAP-Message = 0x029d003d1a029d003831f953b8c0502e3ae7a755c0f04339e73500000000000000007fbdd521c99351466110631a
- (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
- (8) eap_peap: User-Name = "bj"
- (8) eap_peap: State = 0x47e8552047754f14ee644e5e18ae3e3e
- (8) Virtual server inner-tunnel received request
- (8) EAP-Message = 0x029d003d1a029d003831f953b8c0502e3ae7a755c0f04339e73500000000000000007fbdd521c99351466110631b9a16b1e27a
- (8) FreeRADIUS-Proxied-To = 127.0.0.1
- (8) User-Name = "bj"
- (8) State = 0x47e8552047754f14ee644e5e18ae3e3e
- (8) WARNING: Outer and inner identities are the same. User privacy is compromised.
- (8) server inner-tunnel {
- (8) session-state: No cached attributes
- (8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
- (8) authorize {
- (8) policy filter_username {
- (8) if (&User-Name) {
- (8) if (&User-Name) -> TRUE
- (8) if (&User-Name) {
- (8) if (&User-Name =~ / /) {
- (8) if (&User-Name =~ / /) -> FALSE
- (8) if (&User-Name =~ /@[^@]*@/ ) {
- (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (8) if (&User-Name =~ /\.\./ ) {
- (8) if (&User-Name =~ /\.\./ ) -> FALSE
- (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (8) if (&User-Name =~ /\.$/) {
- (8) if (&User-Name =~ /\.$/) -> FALSE
- (8) if (&User-Name =~ /@\./) {
- (8) if (&User-Name =~ /@\./) -> FALSE
- (8) } # if (&User-Name) = notfound
- (8) } # policy filter_username = notfound
- (8) [chap] = noop
- (8) [mschap] = noop
- (8) suffix: Checking for suffix after "@"
- (8) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (8) suffix: No such realm "NULL"
- (8) [suffix] = noop
- (8) update control {
- (8) &Proxy-To-Realm := LOCAL
- (8) } # update control = noop
- (8) eap: Peer sent EAP Response (code 2) ID 157 length 61
- (8) eap: No EAP Start, assuming it's an on-going EAP conversation
- (8) [eap] = updated
- (8) files: Searching for user in group "wifi-cph"
- rlm_ldap (ldap): Reserved connection (2)
- (8) files: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
- (8) files: --> (uid=bj)
- (8) files: Performing search in "o=kontrapunkt,dc=example,dc=com" with filter "(uid=bj)", scope "sub"
- (8) files: Waiting for search result...
- (8) files: User object found at DN "uid=bj,ou=people,l=copenhagen,c=dk,o=kontrapunkt,dc=example,dc=com"
- (8) files: Checking for user in group objects
- (8) files: EXPAND (&(cn=wifi-cph)(objectClass=posixGroup)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Na)
- (8) files: --> (&(cn=wifi-cph)(objectClass=posixGroup)(|(member=uid\3dbj\2cou\3dpeople\2cl\3dcopenhagen\2cc\3ddk\2co\3)
- (8) files: Performing search in "dc=services,o=kontrapunkt,dc=example,dc=com" with filter "(&(cn=wifi-cph)(objectClas"
- (8) files: Waiting for search result...
- (8) files: User found in group object "dc=services,o=kontrapunkt,dc=example,dc=com"
- rlm_ldap (ldap): Released connection (2)
- (8) files: Searching for user in group "wifi-cph-guest"
- rlm_ldap (ldap): Reserved connection (3)
- (8) files: Using user DN from request "uid=bj,ou=people,l=copenhagen,c=dk,o=kontrapunkt,dc=example,dc=com"
- (8) files: Checking for user in group objects
- (8) files: EXPAND (&(cn=wifi-cph-guest)(objectClass=posixGroup)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-U)
- (8) files: --> (&(cn=wifi-cph-guest)(objectClass=posixGroup)(|(member=uid\3dbj\2cou\3dpeople\2cl\3dcopenhagen\2cc\3ddk)
- (8) files: Performing search in "dc=services,o=kontrapunkt,dc=example,dc=com" with filter "(&(cn=wifi-cph-guest)(obje"
- (8) files: Waiting for search result...
- (8) files: User found in group object "dc=services,o=kontrapunkt,dc=example,dc=com"
- rlm_ldap (ldap): Released connection (3)
- (8) files: Searching for user in group "kp-vpn-cph"
- rlm_ldap (ldap): Reserved connection (4)
- (8) files: Using user DN from request "uid=bj,ou=people,l=copenhagen,c=dk,o=kontrapunkt,dc=example,dc=com"
- (8) files: Checking for user in group objects
- (8) files: EXPAND (&(cn=kp-vpn-cph)(objectClass=posixGroup)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-)
- (8) files: --> (&(cn=kp-vpn-cph)(objectClass=posixGroup)(|(member=uid\3dbj\2cou\3dpeople\2cl\3dcopenhagen\2cc\3ddk\2co)
- (8) files: Performing search in "dc=services,o=kontrapunkt,dc=example,dc=com" with filter "(&(cn=kp-vpn-cph)(objectCl"
- (8) files: Waiting for search result...
- (8) files: User found in group object "dc=services,o=kontrapunkt,dc=example,dc=com"
- rlm_ldap (ldap): Released connection (4)
- (8) files: users: Matched entry DEFAULT at line 63
- (8) [files] = ok
- rlm_ldap (ldap): Reserved connection (0)
- (8) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
- (8) ldap: --> (uid=bj)
- (8) ldap: Performing search in "o=kontrapunkt,dc=example,dc=com" with filter "(uid=bj)", scope "sub"
- (8) ldap: Waiting for search result...
- (8) ldap: User object found at DN "uid=bj,ou=people,l=copenhagen,c=dk,o=kontrapunkt,dc=example,dc=com"
- (8) ldap: Processing user attributes
- (8) ldap: control:Password-With-Header += '{CRYPT}*****'
- (8) ldap: control:NT-Password := 0x3437413634423334324442384133314330313831413644453134393237413931
- rlm_ldap (ldap): Released connection (0)
- (8) [ldap] = updated
- (8) [expiration] = noop
- (8) [logintime] = noop
- (8) pap: Converted: &control:Password-With-Header -> &control:Crypt-Password
- (8) pap: Removing &control:Password-With-Header
- (8) pap: Normalizing NT-Password from hex encoding, 32 bytes -> 16 bytes
- (8) pap: WARNING: Auth-Type already set. Not setting to PAP
- (8) [pap] = noop
- (8) } # authorize = updated
- (8) Found Auth-Type = Reject
- (8) Auth-Type = Reject, rejecting user
- (8) Failed to authenticate the user
- (8) Using Post-Auth-Type Reject
- (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
- (8) Post-Auth-Type REJECT {
- (8) attr_filter.access_reject: EXPAND %{User-Name}
- (8) attr_filter.access_reject: --> bj
- (8) attr_filter.access_reject: Matched entry DEFAULT at line 11
- (8) [attr_filter.access_reject] = updated
- (8) update outer.session-state {
- (8) No attributes updated
- (8) } # update outer.session-state = noop
- (8) } # Post-Auth-Type REJECT = updated
- (8) } # server inner-tunnel
- (8) Virtual server sending reply
- (8) Reply-Message = "Sorry, no access for you."
- (8) eap_peap: Got tunneled reply code 3
- (8) eap_peap: Reply-Message = "Sorry, no access for you."
- (8) eap_peap: Got tunneled reply RADIUS code 3
- (8) eap_peap: Reply-Message = "Sorry, no access for you."
- (8) eap_peap: Tunneled authentication was rejected
- (8) eap_peap: FAILURE
- (8) eap: Sending EAP Request (code 1) ID 158 length 43
- (8) eap: EAP session adding &reply:State = 0x3401110c3c9f0871
- (8) [eap] = handled
- (8) } # authenticate = handled
- (8) Using Post-Auth-Type Challenge
- (8) Post-Auth-Type sub-section not found. Ignoring.
- (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (8) Sent Access-Challenge Id 28 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (8) EAP-Message = 0x019e002b1900170301002090ab5701441d17c3517bae3c720d4781b0c1eb7f88b5cddcd915261b68bf1715
- (8) Message-Authenticator = 0x00000000000000000000000000000000
- (8) State = 0x3401110c3c9f087121133da265f33113
- (8) Finished request
- Waking up in 4.6 seconds.
- (9) Received Access-Request Id 29 from 172.22.33.33:65484 to 172.22.33.46:1812 length 217
- (9) User-Name = "bj"
- (9) NAS-IP-Address = 172.22.33.33
- (9) NAS-Port = 0
- (9) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (9) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (9) Framed-MTU = 1400
- (9) NAS-Port-Type = Wireless-802.11
- (9) Connect-Info = "CONNECT 0Mbps 802.11"
- (9) EAP-Message = 0x029e002b19001703010020c8b6f76fb5c3b70348e9ba9caac8125914d96bc93e7d21ae4f06ed9f4414e73e
- (9) State = 0x3401110c3c9f087121133da265f33113
- (9) Message-Authenticator = 0xfb36d3701d7b773d3890f420afe5709c
- (9) session-state: No cached attributes
- (9) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (9) authorize {
- (9) policy filter_username {
- (9) if (&User-Name) {
- (9) if (&User-Name) -> TRUE
- (9) if (&User-Name) {
- (9) if (&User-Name =~ / /) {
- (9) if (&User-Name =~ / /) -> FALSE
- (9) if (&User-Name =~ /@[^@]*@/ ) {
- (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (9) if (&User-Name =~ /\.\./ ) {
- (9) if (&User-Name =~ /\.\./ ) -> FALSE
- (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (9) if (&User-Name =~ /\.$/) {
- (9) if (&User-Name =~ /\.$/) -> FALSE
- (9) if (&User-Name =~ /@\./) {
- (9) if (&User-Name =~ /@\./) -> FALSE
- (9) } # if (&User-Name) = notfound
- (9) } # policy filter_username = notfound
- (9) [preprocess] = ok
- (9) [chap] = noop
- (9) [mschap] = noop
- (9) [digest] = noop
- (9) suffix: Checking for suffix after "@"
- (9) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (9) suffix: No such realm "NULL"
- (9) [suffix] = noop
- (9) eap: Peer sent EAP Response (code 2) ID 158 length 43
- (9) eap: Continuing tunnel setup
- (9) [eap] = ok
- (9) } # authorize = ok
- (9) Found Auth-Type = eap
- (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (9) authenticate {
- (9) eap: Expiring EAP session with state 0x47e8552047754f14
- (9) eap: Finished EAP session with state 0x3401110c3c9f0871
- (9) eap: Previous EAP request found for state 0x3401110c3c9f0871, released from the list
- (9) eap: Peer sent packet with method EAP PEAP (25)
- (9) eap: Calling submodule eap_peap to process data
- (9) eap_peap: Continuing EAP-TLS
- (9) eap_peap: [eaptls verify] = ok
- (9) eap_peap: Done initial handshake
- (9) eap_peap: [eaptls process] = ok
- (9) eap_peap: Session established. Decoding tunneled attributes
- (9) eap_peap: PEAP state send tlv failure
- (9) eap_peap: Received EAP-TLV response
- (9) eap_peap: The users session was previously rejected: returning reject (again.)
- (9) eap_peap: This means you need to read the PREVIOUS messages in the debug output
- (9) eap_peap: to find out the reason why the user was rejected
- (9) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you
- (9) eap_peap: what went wrong, and how to fix the problem
- (9) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed
- (9) eap: Sending EAP Failure (code 4) ID 158 length 4
- (9) eap: Failed in EAP select
- (9) [eap] = invalid
- (9) } # authenticate = invalid
- (9) Failed to authenticate the user
- (9) Using Post-Auth-Type Reject
- (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (9) Post-Auth-Type REJECT {
- (9) attr_filter.access_reject: EXPAND %{User-Name}
- (9) attr_filter.access_reject: --> bj
- (9) attr_filter.access_reject: Matched entry DEFAULT at line 11
- (9) [attr_filter.access_reject] = updated
- (9) [eap] = noop
- (9) policy remove_reply_message_if_eap {
- (9) if (&reply:EAP-Message && &reply:Reply-Message) {
- (9) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (9) else {
- (9) [noop] = noop
- (9) } # else = noop
- (9) } # policy remove_reply_message_if_eap = noop
- (9) } # Post-Auth-Type REJECT = updated
- (9) Delaying response for 1.000000 seconds
- Waking up in 0.3 seconds.
- Waking up in 0.6 seconds.
- (9) Sending delayed response
- (9) Sent Access-Reject Id 29 from 172.22.33.46:1812 to 172.22.33.33:65484 length 44
- (9) EAP-Message = 0x049e0004
- (9) Message-Authenticator = 0x00000000000000000000000000000000
- Waking up in 3.6 seconds.
- (0) Cleaning up request packet ID 20 with timestamp +23
- Waking up in 0.1 seconds.
- (1) Cleaning up request packet ID 21 with timestamp +23
- (2) Cleaning up request packet ID 22 with timestamp +23
- (3) Cleaning up request packet ID 23 with timestamp +23
- (4) Cleaning up request packet ID 24 with timestamp +23
- (5) Cleaning up request packet ID 25 with timestamp +23
- (6) Cleaning up request packet ID 26 with timestamp +23
- (7) Cleaning up request packet ID 27 with timestamp +23
- (8) Cleaning up request packet ID 28 with timestamp +23
- (9) Cleaning up request packet ID 29 with timestamp +23
- Ready to process requests
- (10) Received Access-Request Id 30 from 172.22.33.33:65484 to 172.22.33.46:1812 length 163
- (10) User-Name = "bj"
- (10) NAS-IP-Address = 172.22.33.33
- (10) NAS-Port = 0
- (10) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (10) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (10) Framed-MTU = 1400
- (10) NAS-Port-Type = Wireless-802.11
- (10) Connect-Info = "CONNECT 0Mbps 802.11"
- (10) EAP-Message = 0x02aa000701626a
- (10) Message-Authenticator = 0x8aaf965a195987ac1e87d7663d086689
- (10) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (10) authorize {
- (10) policy filter_username {
- (10) if (&User-Name) {
- (10) if (&User-Name) -> TRUE
- (10) if (&User-Name) {
- (10) if (&User-Name =~ / /) {
- (10) if (&User-Name =~ / /) -> FALSE
- (10) if (&User-Name =~ /@[^@]*@/ ) {
- (10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (10) if (&User-Name =~ /\.\./ ) {
- (10) if (&User-Name =~ /\.\./ ) -> FALSE
- (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (10) if (&User-Name =~ /\.$/) {
- (10) if (&User-Name =~ /\.$/) -> FALSE
- (10) if (&User-Name =~ /@\./) {
- (10) if (&User-Name =~ /@\./) -> FALSE
- (10) } # if (&User-Name) = notfound
- (10) } # policy filter_username = notfound
- (10) [preprocess] = ok
- (10) [chap] = noop
- (10) [mschap] = noop
- (10) [digest] = noop
- (10) suffix: Checking for suffix after "@"
- (10) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (10) suffix: No such realm "NULL"
- (10) [suffix] = noop
- (10) eap: Peer sent EAP Response (code 2) ID 170 length 7
- (10) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (10) [eap] = ok
- (10) } # authorize = ok
- (10) Found Auth-Type = eap
- (10) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (10) authenticate {
- (10) eap: Peer sent packet with method EAP Identity (1)
- (10) eap: Calling submodule eap_tls to process data
- (10) eap_tls: Initiating new EAP-TLS session
- (10) eap_tls: Setting verify mode to require certificate from client
- (10) eap_tls: [eaptls start] = request
- (10) eap: Sending EAP Request (code 1) ID 171 length 6
- (10) eap: EAP session adding &reply:State = 0x2e588f9b2ef382e1
- (10) [eap] = handled
- (10) } # authenticate = handled
- (10) Using Post-Auth-Type Challenge
- (10) Post-Auth-Type sub-section not found. Ignoring.
- (10) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (10) Sent Access-Challenge Id 30 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (10) EAP-Message = 0x01ab00060d20
- (10) Message-Authenticator = 0x00000000000000000000000000000000
- (10) State = 0x2e588f9b2ef382e1accf0533cefa4486
- (10) Finished request
- Waking up in 4.9 seconds.
- (11) Received Access-Request Id 31 from 172.22.33.33:65484 to 172.22.33.46:1812 length 182
- (11) User-Name = "bj"
- (11) NAS-IP-Address = 172.22.33.33
- (11) NAS-Port = 0
- (11) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (11) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (11) Framed-MTU = 1400
- (11) NAS-Port-Type = Wireless-802.11
- (11) Connect-Info = "CONNECT 0Mbps 802.11"
- (11) EAP-Message = 0x02ab00080319152b
- (11) State = 0x2e588f9b2ef382e1accf0533cefa4486
- (11) Message-Authenticator = 0x583e84ebb1043695e3f0a8e4469735d6
- (11) session-state: No cached attributes
- (11) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (11) authorize {
- (11) policy filter_username {
- (11) if (&User-Name) {
- (11) if (&User-Name) -> TRUE
- (11) if (&User-Name) {
- (11) if (&User-Name =~ / /) {
- (11) if (&User-Name =~ / /) -> FALSE
- (11) if (&User-Name =~ /@[^@]*@/ ) {
- (11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (11) if (&User-Name =~ /\.\./ ) {
- (11) if (&User-Name =~ /\.\./ ) -> FALSE
- (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (11) if (&User-Name =~ /\.$/) {
- (11) if (&User-Name =~ /\.$/) -> FALSE
- (11) if (&User-Name =~ /@\./) {
- (11) if (&User-Name =~ /@\./) -> FALSE
- (11) } # if (&User-Name) = notfound
- (11) } # policy filter_username = notfound
- (11) [preprocess] = ok
- (11) [chap] = noop
- (11) [mschap] = noop
- (11) [digest] = noop
- (11) suffix: Checking for suffix after "@"
- (11) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (11) suffix: No such realm "NULL"
- (11) [suffix] = noop
- (11) eap: Peer sent EAP Response (code 2) ID 171 length 8
- (11) eap: No EAP Start, assuming it's an on-going EAP conversation
- (11) [eap] = updated
- (11) files: Searching for user in group "wifi-cph"
- rlm_ldap (ldap): Reserved connection (5)
- (11) files: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
- (11) files: --> (uid=bj)
- (11) files: Performing search in "o=kontrapunkt,dc=example,dc=com" with filter "(uid=bj)", scope "sub"
- (11) files: Waiting for search result...
- (11) files: User object found at DN "uid=bj,ou=people,l=copenhagen,c=dk,o=kontrapunkt,dc=example,dc=com"
- (11) files: Checking for user in group objects
- (11) files: EXPAND (&(cn=wifi-cph)(objectClass=posixGroup)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-N)
- (11) files: --> (&(cn=wifi-cph)(objectClass=posixGroup)(|(member=uid\3dbj\2cou\3dpeople\2cl\3dcopenhagen\2cc\3ddk\2co\)
- (11) files: Performing search in "dc=services,o=kontrapunkt,dc=example,dc=com" with filter "(&(cn=wifi-cph)(objectCla"
- (11) files: Waiting for search result...
- (11) files: User found in group object "dc=services,o=kontrapunkt,dc=example,dc=com"
- rlm_ldap (ldap): Released connection (5)
- rlm_ldap (ldap): Need 4 more connections to reach 10 spares
- rlm_ldap (ldap): Opening additional connection (6), 1 of 26 pending slots used
- rlm_ldap (ldap): Connecting to ldap://ldap.kontrapunkt.com:389
- rlm_ldap (ldap): Waiting for bind result...
- rlm_ldap (ldap): Bind successful
- (11) files: users: Matched entry DEFAULT at line 52
- (11) [files] = ok
- rlm_ldap (ldap): Reserved connection (1)
- (11) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
- (11) ldap: --> (uid=bj)
- (11) ldap: Performing search in "o=kontrapunkt,dc=example,dc=com" with filter "(uid=bj)", scope "sub"
- (11) ldap: Waiting for search result...
- (11) ldap: User object found at DN "uid=bj,ou=people,l=copenhagen,c=dk,o=kontrapunkt,dc=example,dc=com"
- (11) ldap: Processing user attributes
- (11) ldap: control:Password-With-Header += '{CRYPT}*****'
- (11) ldap: control:NT-Password := 0x3437413634423334324442384133314330313831413644453134393237413931
- rlm_ldap (ldap): Released connection (1)
- (11) [ldap] = updated
- (11) [expiration] = noop
- (11) [logintime] = noop
- (11) pap: Converted: &control:Password-With-Header -> &control:Crypt-Password
- (11) pap: Removing &control:Password-With-Header
- (11) pap: Normalizing NT-Password from hex encoding, 32 bytes -> 16 bytes
- (11) pap: WARNING: Auth-Type already set. Not setting to PAP
- (11) [pap] = noop
- (11) } # authorize = updated
- (11) Found Auth-Type = eap
- (11) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (11) authenticate {
- (11) eap: Expiring EAP session with state 0x47e8552047754f14
- (11) eap: Finished EAP session with state 0x2e588f9b2ef382e1
- (11) eap: Previous EAP request found for state 0x2e588f9b2ef382e1, released from the list
- (11) eap: Peer sent packet with method EAP NAK (3)
- (11) eap: Found mutually acceptable type PEAP (25)
- (11) eap: Calling submodule eap_peap to process data
- (11) eap_peap: Initiating new EAP-TLS session
- (11) eap_peap: [eaptls start] = request
- (11) eap: Sending EAP Request (code 1) ID 172 length 6
- (11) eap: EAP session adding &reply:State = 0x2e588f9b2ff496e1
- (11) [eap] = handled
- (11) } # authenticate = handled
- (11) Using Post-Auth-Type Challenge
- (11) Post-Auth-Type sub-section not found. Ignoring.
- (11) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (11) Sent Access-Challenge Id 31 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (11) Reply-Message = "OK, member of wifi-cph."
- (11) EAP-Message = 0x01ac00061920
- (11) Message-Authenticator = 0x00000000000000000000000000000000
- (11) State = 0x2e588f9b2ff496e1accf0533cefa4486
- (11) Finished request
- Waking up in 4.8 seconds.
- (12) Received Access-Request Id 32 from 172.22.33.33:65484 to 172.22.33.46:1812 length 337
- (12) User-Name = "bj"
- (12) NAS-IP-Address = 172.22.33.33
- (12) NAS-Port = 0
- (12) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (12) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (12) Framed-MTU = 1400
- (12) NAS-Port-Type = Wireless-802.11
- (12) Connect-Info = "CONNECT 0Mbps 802.11"
- (12) EAP-Message = 0x02ac00a319800000009916030100940100009003015a27e78afe4cea71b62a0bc8a33e788801a92d631ac70d59e9c1f127120
- (12) State = 0x2e588f9b2ff496e1accf0533cefa4486
- (12) Message-Authenticator = 0xbaeb9faeea2c755a412633322374241f
- (12) session-state: No cached attributes
- (12) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (12) authorize {
- (12) policy filter_username {
- (12) if (&User-Name) {
- (12) if (&User-Name) -> TRUE
- (12) if (&User-Name) {
- (12) if (&User-Name =~ / /) {
- (12) if (&User-Name =~ / /) -> FALSE
- (12) if (&User-Name =~ /@[^@]*@/ ) {
- (12) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (12) if (&User-Name =~ /\.\./ ) {
- (12) if (&User-Name =~ /\.\./ ) -> FALSE
- (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (12) if (&User-Name =~ /\.$/) {
- (12) if (&User-Name =~ /\.$/) -> FALSE
- (12) if (&User-Name =~ /@\./) {
- (12) if (&User-Name =~ /@\./) -> FALSE
- (12) } # if (&User-Name) = notfound
- (12) } # policy filter_username = notfound
- (12) [preprocess] = ok
- (12) [chap] = noop
- (12) [mschap] = noop
- (12) [digest] = noop
- (12) suffix: Checking for suffix after "@"
- (12) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (12) suffix: No such realm "NULL"
- (12) [suffix] = noop
- (12) eap: Peer sent EAP Response (code 2) ID 172 length 163
- (12) eap: Continuing tunnel setup
- (12) [eap] = ok
- (12) } # authorize = ok
- (12) Found Auth-Type = eap
- (12) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (12) authenticate {
- (12) eap: Expiring EAP session with state 0x47e8552047754f14
- (12) eap: Finished EAP session with state 0x2e588f9b2ff496e1
- (12) eap: Previous EAP request found for state 0x2e588f9b2ff496e1, released from the list
- (12) eap: Peer sent packet with method EAP PEAP (25)
- (12) eap: Calling submodule eap_peap to process data
- (12) eap_peap: Continuing EAP-TLS
- (12) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (12) eap_peap: Got complete TLS record (153 bytes)
- (12) eap_peap: [eaptls verify] = length included
- (12) eap_peap: (other): before/accept initialization
- (12) eap_peap: TLS_accept: before/accept initialization
- (12) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (12) eap_peap: TLS_accept: SSLv3 read client hello A
- (12) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (12) eap_peap: TLS_accept: SSLv3 write server hello A
- (12) eap_peap: >>> send TLS 1.0 Handshake [length 08d3], Certificate
- (12) eap_peap: TLS_accept: SSLv3 write certificate A
- (12) eap_peap: >>> send TLS 1.0 Handshake [length 014b], ServerKeyExchange
- (12) eap_peap: TLS_accept: SSLv3 write key exchange A
- (12) eap_peap: >>> send TLS 1.0 Handshake [length 0004], ServerHelloDone
- (12) eap_peap: TLS_accept: SSLv3 write server done A
- (12) eap_peap: TLS_accept: SSLv3 flush data
- (12) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
- (12) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
- (12) eap_peap: In SSL Handshake Phase
- (12) eap_peap: In SSL Accept mode
- (12) eap_peap: [eaptls process] = handled
- (12) eap: Sending EAP Request (code 1) ID 173 length 1004
- (12) eap: EAP session adding &reply:State = 0x2e588f9b2cf596e1
- (12) [eap] = handled
- (12) } # authenticate = handled
- (12) Using Post-Auth-Type Challenge
- (12) Post-Auth-Type sub-section not found. Ignoring.
- (12) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (12) Sent Access-Challenge Id 32 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (12) EAP-Message = 0x01ad03ec19c000000a8f16030100590200005503014748a904ab989ca04ea59792243053054cf3c7e805732d5c861e6f2ca5e
- (12) Message-Authenticator = 0x00000000000000000000000000000000
- (12) State = 0x2e588f9b2cf596e1accf0533cefa4486
- (12) Finished request
- Waking up in 4.8 seconds.
- (13) Received Access-Request Id 33 from 172.22.33.33:65484 to 172.22.33.46:1812 length 180
- (13) User-Name = "bj"
- (13) NAS-IP-Address = 172.22.33.33
- (13) NAS-Port = 0
- (13) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (13) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (13) Framed-MTU = 1400
- (13) NAS-Port-Type = Wireless-802.11
- (13) Connect-Info = "CONNECT 0Mbps 802.11"
- (13) EAP-Message = 0x02ad00061900
- (13) State = 0x2e588f9b2cf596e1accf0533cefa4486
- (13) Message-Authenticator = 0xed7ba18477904e37776fa8a5f09ba6aa
- (13) session-state: No cached attributes
- (13) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (13) authorize {
- (13) policy filter_username {
- (13) if (&User-Name) {
- (13) if (&User-Name) -> TRUE
- (13) if (&User-Name) {
- (13) if (&User-Name =~ / /) {
- (13) if (&User-Name =~ / /) -> FALSE
- (13) if (&User-Name =~ /@[^@]*@/ ) {
- (13) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (13) if (&User-Name =~ /\.\./ ) {
- (13) if (&User-Name =~ /\.\./ ) -> FALSE
- (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (13) if (&User-Name =~ /\.$/) {
- (13) if (&User-Name =~ /\.$/) -> FALSE
- (13) if (&User-Name =~ /@\./) {
- (13) if (&User-Name =~ /@\./) -> FALSE
- (13) } # if (&User-Name) = notfound
- (13) } # policy filter_username = notfound
- (13) [preprocess] = ok
- (13) [chap] = noop
- (13) [mschap] = noop
- (13) [digest] = noop
- (13) suffix: Checking for suffix after "@"
- (13) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (13) suffix: No such realm "NULL"
- (13) [suffix] = noop
- (13) eap: Peer sent EAP Response (code 2) ID 173 length 6
- (13) eap: Continuing tunnel setup
- (13) [eap] = ok
- (13) } # authorize = ok
- (13) Found Auth-Type = eap
- (13) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (13) authenticate {
- (13) eap: Expiring EAP session with state 0x47e8552047754f14
- (13) eap: Finished EAP session with state 0x2e588f9b2cf596e1
- (13) eap: Previous EAP request found for state 0x2e588f9b2cf596e1, released from the list
- (13) eap: Peer sent packet with method EAP PEAP (25)
- (13) eap: Calling submodule eap_peap to process data
- (13) eap_peap: Continuing EAP-TLS
- (13) eap_peap: Peer ACKed our handshake fragment
- (13) eap_peap: [eaptls verify] = request
- (13) eap_peap: [eaptls process] = handled
- (13) eap: Sending EAP Request (code 1) ID 174 length 1000
- (13) eap: EAP session adding &reply:State = 0x2e588f9b2df696e1
- (13) [eap] = handled
- (13) } # authenticate = handled
- (13) Using Post-Auth-Type Challenge
- (13) Post-Auth-Type sub-section not found. Ignoring.
- (13) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (13) Sent Access-Challenge Id 33 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (13) EAP-Message = 0x01ae03e819400342020de654b2672fb5f02c9ae02856749a536eccc0352abc3da4c99ee4528f5d13fa97c8ba81e1c1ef85620
- (13) Message-Authenticator = 0x00000000000000000000000000000000
- (13) State = 0x2e588f9b2df696e1accf0533cefa4486
- (13) Finished request
- Waking up in 4.8 seconds.
- (14) Received Access-Request Id 34 from 172.22.33.33:65484 to 172.22.33.46:1812 length 180
- (14) User-Name = "bj"
- (14) NAS-IP-Address = 172.22.33.33
- (14) NAS-Port = 0
- (14) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (14) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (14) Framed-MTU = 1400
- (14) NAS-Port-Type = Wireless-802.11
- (14) Connect-Info = "CONNECT 0Mbps 802.11"
- (14) EAP-Message = 0x02ae00061900
- (14) State = 0x2e588f9b2df696e1accf0533cefa4486
- (14) Message-Authenticator = 0xe0196afbc6745e3f940d3b1b6e9831ba
- (14) session-state: No cached attributes
- (14) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (14) authorize {
- (14) policy filter_username {
- (14) if (&User-Name) {
- (14) if (&User-Name) -> TRUE
- (14) if (&User-Name) {
- (14) if (&User-Name =~ / /) {
- (14) if (&User-Name =~ / /) -> FALSE
- (14) if (&User-Name =~ /@[^@]*@/ ) {
- (14) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (14) if (&User-Name =~ /\.\./ ) {
- (14) if (&User-Name =~ /\.\./ ) -> FALSE
- (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (14) if (&User-Name =~ /\.$/) {
- (14) if (&User-Name =~ /\.$/) -> FALSE
- (14) if (&User-Name =~ /@\./) {
- (14) if (&User-Name =~ /@\./) -> FALSE
- (14) } # if (&User-Name) = notfound
- (14) } # policy filter_username = notfound
- (14) [preprocess] = ok
- (14) [chap] = noop
- (14) [mschap] = noop
- (14) [digest] = noop
- (14) suffix: Checking for suffix after "@"
- (14) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (14) suffix: No such realm "NULL"
- (14) [suffix] = noop
- (14) eap: Peer sent EAP Response (code 2) ID 174 length 6
- (14) eap: Continuing tunnel setup
- (14) [eap] = ok
- (14) } # authorize = ok
- (14) Found Auth-Type = eap
- (14) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (14) authenticate {
- (14) eap: Expiring EAP session with state 0x47e8552047754f14
- (14) eap: Finished EAP session with state 0x2e588f9b2df696e1
- (14) eap: Previous EAP request found for state 0x2e588f9b2df696e1, released from the list
- (14) eap: Peer sent packet with method EAP PEAP (25)
- (14) eap: Calling submodule eap_peap to process data
- (14) eap_peap: Continuing EAP-TLS
- (14) eap_peap: Peer ACKed our handshake fragment
- (14) eap_peap: [eaptls verify] = request
- (14) eap_peap: [eaptls process] = handled
- (14) eap: Sending EAP Request (code 1) ID 175 length 721
- (14) eap: EAP session adding &reply:State = 0x2e588f9b2af796e1
- (14) [eap] = handled
- (14) } # authenticate = handled
- (14) Using Post-Auth-Type Challenge
- (14) Post-Auth-Type sub-section not found. Ignoring.
- (14) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (14) Sent Access-Challenge Id 34 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (14) EAP-Message = 0x01af02d1190020417574686f72697479820900c8b778d5cf225df1300f0603551d130101ff040530030101ff30360603551d1
- (14) Message-Authenticator = 0x00000000000000000000000000000000
- (14) State = 0x2e588f9b2af796e1accf0533cefa4486
- (14) Finished request
- Waking up in 4.8 seconds.
- (15) Received Access-Request Id 35 from 172.22.33.33:65484 to 172.22.33.46:1812 length 318
- (15) User-Name = "bj"
- (15) NAS-IP-Address = 172.22.33.33
- (15) NAS-Port = 0
- (15) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (15) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (15) Framed-MTU = 1400
- (15) NAS-Port-Type = Wireless-802.11
- (15) Connect-Info = "CONNECT 0Mbps 802.11"
- (15) EAP-Message = 0x02af009019800000008616030100461000004241042efd3b07344d272e9e1156e732965bb842814074601726eef26e659eb4c
- (15) State = 0x2e588f9b2af796e1accf0533cefa4486
- (15) Message-Authenticator = 0xdb4199eed8947d7766ed9eaf73e0f785
- (15) session-state: No cached attributes
- (15) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (15) authorize {
- (15) policy filter_username {
- (15) if (&User-Name) {
- (15) if (&User-Name) -> TRUE
- (15) if (&User-Name) {
- (15) if (&User-Name =~ / /) {
- (15) if (&User-Name =~ / /) -> FALSE
- (15) if (&User-Name =~ /@[^@]*@/ ) {
- (15) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (15) if (&User-Name =~ /\.\./ ) {
- (15) if (&User-Name =~ /\.\./ ) -> FALSE
- (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (15) if (&User-Name =~ /\.$/) {
- (15) if (&User-Name =~ /\.$/) -> FALSE
- (15) if (&User-Name =~ /@\./) {
- (15) if (&User-Name =~ /@\./) -> FALSE
- (15) } # if (&User-Name) = notfound
- (15) } # policy filter_username = notfound
- (15) [preprocess] = ok
- (15) [chap] = noop
- (15) [mschap] = noop
- (15) [digest] = noop
- (15) suffix: Checking for suffix after "@"
- (15) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (15) suffix: No such realm "NULL"
- (15) [suffix] = noop
- (15) eap: Peer sent EAP Response (code 2) ID 175 length 144
- (15) eap: Continuing tunnel setup
- (15) [eap] = ok
- (15) } # authorize = ok
- (15) Found Auth-Type = eap
- (15) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (15) authenticate {
- (15) eap: Expiring EAP session with state 0x47e8552047754f14
- (15) eap: Finished EAP session with state 0x2e588f9b2af796e1
- (15) eap: Previous EAP request found for state 0x2e588f9b2af796e1, released from the list
- (15) eap: Peer sent packet with method EAP PEAP (25)
- (15) eap: Calling submodule eap_peap to process data
- (15) eap_peap: Continuing EAP-TLS
- (15) eap_peap: Peer indicated complete TLS record size will be 134 bytes
- (15) eap_peap: Got complete TLS record (134 bytes)
- (15) eap_peap: [eaptls verify] = length included
- (15) eap_peap: <<< recv TLS 1.0 Handshake [length 0046], ClientKeyExchange
- (15) eap_peap: TLS_accept: SSLv3 read client key exchange A
- (15) eap_peap: TLS_accept: SSLv3 read certificate verify A
- (15) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (15) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (15) eap_peap: TLS_accept: SSLv3 read finished A
- (15) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (15) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (15) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (15) eap_peap: TLS_accept: SSLv3 write finished A
- (15) eap_peap: TLS_accept: SSLv3 flush data
- (15) eap_peap: (other): SSL negotiation finished successfully
- (15) eap_peap: SSL Connection Established
- (15) eap_peap: [eaptls process] = handled
- (15) eap: Sending EAP Request (code 1) ID 176 length 65
- (15) eap: EAP session adding &reply:State = 0x2e588f9b2be896e1
- (15) [eap] = handled
- (15) } # authenticate = handled
- (15) Using Post-Auth-Type Challenge
- (15) Post-Auth-Type sub-section not found. Ignoring.
- (15) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (15) Sent Access-Challenge Id 35 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (15) EAP-Message = 0x01b000411900140301000101160301003086cb780e044d689b6f93ce76c2747f5291a55411ac4542dd9fabf4db3da20d262b6
- (15) Message-Authenticator = 0x00000000000000000000000000000000
- (15) State = 0x2e588f9b2be896e1accf0533cefa4486
- (15) Finished request
- Waking up in 4.8 seconds.
- (16) Received Access-Request Id 36 from 172.22.33.33:65484 to 172.22.33.46:1812 length 180
- (16) User-Name = "bj"
- (16) NAS-IP-Address = 172.22.33.33
- (16) NAS-Port = 0
- (16) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (16) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (16) Framed-MTU = 1400
- (16) NAS-Port-Type = Wireless-802.11
- (16) Connect-Info = "CONNECT 0Mbps 802.11"
- (16) EAP-Message = 0x02b000061900
- (16) State = 0x2e588f9b2be896e1accf0533cefa4486
- (16) Message-Authenticator = 0x79cf51699b9db2e0e8eda469afb83fee
- (16) session-state: No cached attributes
- (16) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (16) authorize {
- (16) policy filter_username {
- (16) if (&User-Name) {
- (16) if (&User-Name) -> TRUE
- (16) if (&User-Name) {
- (16) if (&User-Name =~ / /) {
- (16) if (&User-Name =~ / /) -> FALSE
- (16) if (&User-Name =~ /@[^@]*@/ ) {
- (16) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (16) if (&User-Name =~ /\.\./ ) {
- (16) if (&User-Name =~ /\.\./ ) -> FALSE
- (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (16) if (&User-Name =~ /\.$/) {
- (16) if (&User-Name =~ /\.$/) -> FALSE
- (16) if (&User-Name =~ /@\./) {
- (16) if (&User-Name =~ /@\./) -> FALSE
- (16) } # if (&User-Name) = notfound
- (16) } # policy filter_username = notfound
- (16) [preprocess] = ok
- (16) [chap] = noop
- (16) [mschap] = noop
- (16) [digest] = noop
- (16) suffix: Checking for suffix after "@"
- (16) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (16) suffix: No such realm "NULL"
- (16) [suffix] = noop
- (16) eap: Peer sent EAP Response (code 2) ID 176 length 6
- (16) eap: Continuing tunnel setup
- (16) [eap] = ok
- (16) } # authorize = ok
- (16) Found Auth-Type = eap
- (16) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (16) authenticate {
- (16) eap: Expiring EAP session with state 0x47e8552047754f14
- (16) eap: Finished EAP session with state 0x2e588f9b2be896e1
- (16) eap: Previous EAP request found for state 0x2e588f9b2be896e1, released from the list
- (16) eap: Peer sent packet with method EAP PEAP (25)
- (16) eap: Calling submodule eap_peap to process data
- (16) eap_peap: Continuing EAP-TLS
- (16) eap_peap: Peer ACKed our handshake fragment. handshake is finished
- (16) eap_peap: [eaptls verify] = success
- (16) eap_peap: [eaptls process] = success
- (16) eap_peap: Session established. Decoding tunneled attributes
- (16) eap_peap: PEAP state TUNNEL ESTABLISHED
- (16) eap: Sending EAP Request (code 1) ID 177 length 43
- (16) eap: EAP session adding &reply:State = 0x2e588f9b28e996e1
- (16) [eap] = handled
- (16) } # authenticate = handled
- (16) Using Post-Auth-Type Challenge
- (16) Post-Auth-Type sub-section not found. Ignoring.
- (16) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (16) Sent Access-Challenge Id 36 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (16) EAP-Message = 0x01b1002b1900170301002041820bd542b4fdc03a7dbe11e04e4e329c418f4ebee14d4fbd906f4d90e610d8
- (16) Message-Authenticator = 0x00000000000000000000000000000000
- (16) State = 0x2e588f9b28e996e1accf0533cefa4486
- (16) Finished request
- Waking up in 4.8 seconds.
- (17) Received Access-Request Id 37 from 172.22.33.33:65484 to 172.22.33.46:1812 length 217
- (17) User-Name = "bj"
- (17) NAS-IP-Address = 172.22.33.33
- (17) NAS-Port = 0
- (17) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (17) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (17) Framed-MTU = 1400
- (17) NAS-Port-Type = Wireless-802.11
- (17) Connect-Info = "CONNECT 0Mbps 802.11"
- (17) EAP-Message = 0x02b1002b1900170301002091914282876324cc456d4fd9f80512ef05ce6de86c9c1ccdd04a78bddcb6c8d5
- (17) State = 0x2e588f9b28e996e1accf0533cefa4486
- (17) Message-Authenticator = 0x81d2c7bf28da575e3844d3d9e19aeab5
- (17) session-state: No cached attributes
- (17) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (17) authorize {
- (17) policy filter_username {
- (17) if (&User-Name) {
- (17) if (&User-Name) -> TRUE
- (17) if (&User-Name) {
- (17) if (&User-Name =~ / /) {
- (17) if (&User-Name =~ / /) -> FALSE
- (17) if (&User-Name =~ /@[^@]*@/ ) {
- (17) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (17) if (&User-Name =~ /\.\./ ) {
- (17) if (&User-Name =~ /\.\./ ) -> FALSE
- (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (17) if (&User-Name =~ /\.$/) {
- (17) if (&User-Name =~ /\.$/) -> FALSE
- (17) if (&User-Name =~ /@\./) {
- (17) if (&User-Name =~ /@\./) -> FALSE
- (17) } # if (&User-Name) = notfound
- (17) } # policy filter_username = notfound
- (17) [preprocess] = ok
- (17) [chap] = noop
- (17) [mschap] = noop
- (17) [digest] = noop
- (17) suffix: Checking for suffix after "@"
- (17) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (17) suffix: No such realm "NULL"
- (17) [suffix] = noop
- (17) eap: Peer sent EAP Response (code 2) ID 177 length 43
- (17) eap: Continuing tunnel setup
- (17) [eap] = ok
- (17) } # authorize = ok
- (17) Found Auth-Type = eap
- (17) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (17) authenticate {
- (17) eap: Expiring EAP session with state 0x47e8552047754f14
- (17) eap: Finished EAP session with state 0x2e588f9b28e996e1
- (17) eap: Previous EAP request found for state 0x2e588f9b28e996e1, released from the list
- (17) eap: Peer sent packet with method EAP PEAP (25)
- (17) eap: Calling submodule eap_peap to process data
- (17) eap_peap: Continuing EAP-TLS
- (17) eap_peap: [eaptls verify] = ok
- (17) eap_peap: Done initial handshake
- (17) eap_peap: [eaptls process] = ok
- (17) eap_peap: Session established. Decoding tunneled attributes
- (17) eap_peap: PEAP state WAITING FOR INNER IDENTITY
- (17) eap_peap: Identity - bj
- (17) eap_peap: Got inner identity 'bj'
- (17) eap_peap: Setting default EAP type for tunneled EAP session
- (17) eap_peap: Got tunneled request
- (17) eap_peap: EAP-Message = 0x02b1000701626a
- (17) eap_peap: Setting User-Name to bj
- (17) eap_peap: Sending tunneled request to inner-tunnel
- (17) eap_peap: EAP-Message = 0x02b1000701626a
- (17) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
- (17) eap_peap: User-Name = "bj"
- (17) Virtual server inner-tunnel received request
- (17) EAP-Message = 0x02b1000701626a
- (17) FreeRADIUS-Proxied-To = 127.0.0.1
- (17) User-Name = "bj"
- (17) WARNING: Outer and inner identities are the same. User privacy is compromised.
- (17) server inner-tunnel {
- (17) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
- (17) authorize {
- (17) policy filter_username {
- (17) if (&User-Name) {
- (17) if (&User-Name) -> TRUE
- (17) if (&User-Name) {
- (17) if (&User-Name =~ / /) {
- (17) if (&User-Name =~ / /) -> FALSE
- (17) if (&User-Name =~ /@[^@]*@/ ) {
- (17) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (17) if (&User-Name =~ /\.\./ ) {
- (17) if (&User-Name =~ /\.\./ ) -> FALSE
- (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (17) if (&User-Name =~ /\.$/) {
- (17) if (&User-Name =~ /\.$/) -> FALSE
- (17) if (&User-Name =~ /@\./) {
- (17) if (&User-Name =~ /@\./) -> FALSE
- (17) } # if (&User-Name) = notfound
- (17) } # policy filter_username = notfound
- (17) [chap] = noop
- (17) [mschap] = noop
- (17) suffix: Checking for suffix after "@"
- (17) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (17) suffix: No such realm "NULL"
- (17) [suffix] = noop
- (17) update control {
- (17) &Proxy-To-Realm := LOCAL
- (17) } # update control = noop
- (17) eap: Peer sent EAP Response (code 2) ID 177 length 7
- (17) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (17) [eap] = ok
- (17) } # authorize = ok
- (17) Found Auth-Type = eap
- (17) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
- (17) authenticate {
- (17) eap: Peer sent packet with method EAP Identity (1)
- (17) eap: Calling submodule eap_mschapv2 to process data
- (17) eap_mschapv2: Issuing Challenge
- (17) eap: Sending EAP Request (code 1) ID 178 length 43
- (17) eap: EAP session adding &reply:State = 0x0f6a1d280fd80790
- (17) [eap] = handled
- (17) } # authenticate = handled
- (17) } # server inner-tunnel
- (17) Virtual server sending reply
- (17) EAP-Message = 0x01b2002b1a01b2002610c1f8ba17670f78199771c5b727004329667265657261646975732d332e302e3132
- (17) Message-Authenticator = 0x00000000000000000000000000000000
- (17) State = 0x0f6a1d280fd807900966e73b14246f17
- (17) eap_peap: Got tunneled reply code 11
- (17) eap_peap: EAP-Message = 0x01b2002b1a01b2002610c1f8ba17670f78199771c5b727004329667265657261646975732d332e302e3132
- (17) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
- (17) eap_peap: State = 0x0f6a1d280fd807900966e73b14246f17
- (17) eap_peap: Got tunneled reply RADIUS code 11
- (17) eap_peap: EAP-Message = 0x01b2002b1a01b2002610c1f8ba17670f78199771c5b727004329667265657261646975732d332e302e3132
- (17) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
- (17) eap_peap: State = 0x0f6a1d280fd807900966e73b14246f17
- (17) eap_peap: Got tunneled Access-Challenge
- (17) eap: Sending EAP Request (code 1) ID 178 length 75
- (17) eap: EAP session adding &reply:State = 0x2e588f9b29ea96e1
- (17) [eap] = handled
- (17) } # authenticate = handled
- (17) Using Post-Auth-Type Challenge
- (17) Post-Auth-Type sub-section not found. Ignoring.
- (17) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (17) Sent Access-Challenge Id 37 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (17) EAP-Message = 0x01b2004b1900170301004003bb5d4e473fece9d4731ba68e1759d5e7b68a5694ba5ca2987f171d2bcec75e1c8a2657660e8b4
- (17) Message-Authenticator = 0x00000000000000000000000000000000
- (17) State = 0x2e588f9b29ea96e1accf0533cefa4486
- (17) Finished request
- Waking up in 4.8 seconds.
- (18) Received Access-Request Id 38 from 172.22.33.33:65484 to 172.22.33.46:1812 length 265
- (18) User-Name = "bj"
- (18) NAS-IP-Address = 172.22.33.33
- (18) NAS-Port = 0
- (18) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (18) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (18) Framed-MTU = 1400
- (18) NAS-Port-Type = Wireless-802.11
- (18) Connect-Info = "CONNECT 0Mbps 802.11"
- (18) EAP-Message = 0x02b2005b1900170301005023a1a04f03ea0a2af2d60a57f1014e56041afc5134d8d3b1543e428caed9376131aca0e29b4fbde
- (18) State = 0x2e588f9b29ea96e1accf0533cefa4486
- (18) Message-Authenticator = 0xd0f7c4742c39c7ed27b191fe639bec39
- (18) session-state: No cached attributes
- (18) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (18) authorize {
- (18) policy filter_username {
- (18) if (&User-Name) {
- (18) if (&User-Name) -> TRUE
- (18) if (&User-Name) {
- (18) if (&User-Name =~ / /) {
- (18) if (&User-Name =~ / /) -> FALSE
- (18) if (&User-Name =~ /@[^@]*@/ ) {
- (18) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (18) if (&User-Name =~ /\.\./ ) {
- (18) if (&User-Name =~ /\.\./ ) -> FALSE
- (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (18) if (&User-Name =~ /\.$/) {
- (18) if (&User-Name =~ /\.$/) -> FALSE
- (18) if (&User-Name =~ /@\./) {
- (18) if (&User-Name =~ /@\./) -> FALSE
- (18) } # if (&User-Name) = notfound
- (18) } # policy filter_username = notfound
- (18) [preprocess] = ok
- (18) [chap] = noop
- (18) [mschap] = noop
- (18) [digest] = noop
- (18) suffix: Checking for suffix after "@"
- (18) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (18) suffix: No such realm "NULL"
- (18) [suffix] = noop
- (18) eap: Peer sent EAP Response (code 2) ID 178 length 91
- (18) eap: Continuing tunnel setup
- (18) [eap] = ok
- (18) } # authorize = ok
- (18) Found Auth-Type = eap
- (18) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (18) authenticate {
- (18) eap: Expiring EAP session with state 0x47e8552047754f14
- (18) eap: Finished EAP session with state 0x2e588f9b29ea96e1
- (18) eap: Previous EAP request found for state 0x2e588f9b29ea96e1, released from the list
- (18) eap: Peer sent packet with method EAP PEAP (25)
- (18) eap: Calling submodule eap_peap to process data
- (18) eap_peap: Continuing EAP-TLS
- (18) eap_peap: [eaptls verify] = ok
- (18) eap_peap: Done initial handshake
- (18) eap_peap: [eaptls process] = ok
- (18) eap_peap: Session established. Decoding tunneled attributes
- (18) eap_peap: PEAP state phase2
- (18) eap_peap: EAP method MSCHAPv2 (26)
- (18) eap_peap: Got tunneled request
- (18) eap_peap: EAP-Message = 0x02b2003d1a02b20038316cba8e7b1f5a2edcd35569fcad68dcf100000000000000004456bed55668bb2bc5a86ca
- (18) eap_peap: Setting User-Name to bj
- (18) eap_peap: Sending tunneled request to inner-tunnel
- (18) eap_peap: EAP-Message = 0x02b2003d1a02b20038316cba8e7b1f5a2edcd35569fcad68dcf100000000000000004456bed55668bb2bc5a86ca
- (18) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
- (18) eap_peap: User-Name = "bj"
- (18) eap_peap: State = 0x0f6a1d280fd807900966e73b14246f17
- (18) Virtual server inner-tunnel received request
- (18) EAP-Message = 0x02b2003d1a02b20038316cba8e7b1f5a2edcd35569fcad68dcf100000000000000004456bed55668bb2bc5a86c82e9b061daa
- (18) FreeRADIUS-Proxied-To = 127.0.0.1
- (18) User-Name = "bj"
- (18) State = 0x0f6a1d280fd807900966e73b14246f17
- (18) WARNING: Outer and inner identities are the same. User privacy is compromised.
- (18) server inner-tunnel {
- (18) session-state: No cached attributes
- (18) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
- (18) authorize {
- (18) policy filter_username {
- (18) if (&User-Name) {
- (18) if (&User-Name) -> TRUE
- (18) if (&User-Name) {
- (18) if (&User-Name =~ / /) {
- (18) if (&User-Name =~ / /) -> FALSE
- (18) if (&User-Name =~ /@[^@]*@/ ) {
- (18) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (18) if (&User-Name =~ /\.\./ ) {
- (18) if (&User-Name =~ /\.\./ ) -> FALSE
- (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (18) if (&User-Name =~ /\.$/) {
- (18) if (&User-Name =~ /\.$/) -> FALSE
- (18) if (&User-Name =~ /@\./) {
- (18) if (&User-Name =~ /@\./) -> FALSE
- (18) } # if (&User-Name) = notfound
- (18) } # policy filter_username = notfound
- (18) [chap] = noop
- (18) [mschap] = noop
- (18) suffix: Checking for suffix after "@"
- (18) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (18) suffix: No such realm "NULL"
- (18) [suffix] = noop
- (18) update control {
- (18) &Proxy-To-Realm := LOCAL
- (18) } # update control = noop
- (18) eap: Peer sent EAP Response (code 2) ID 178 length 61
- (18) eap: No EAP Start, assuming it's an on-going EAP conversation
- (18) [eap] = updated
- (18) files: Searching for user in group "wifi-cph"
- rlm_ldap (ldap): Reserved connection (2)
- (18) files: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
- (18) files: --> (uid=bj)
- (18) files: Performing search in "o=kontrapunkt,dc=example,dc=com" with filter "(uid=bj)", scope "sub"
- (18) files: Waiting for search result...
- (18) files: User object found at DN "uid=bj,ou=people,l=copenhagen,c=dk,o=kontrapunkt,dc=example,dc=com"
- (18) files: Checking for user in group objects
- (18) files: EXPAND (&(cn=wifi-cph)(objectClass=posixGroup)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-N)
- (18) files: --> (&(cn=wifi-cph)(objectClass=posixGroup)(|(member=uid\3dbj\2cou\3dpeople\2cl\3dcopenhagen\2cc\3ddk\2co\)
- (18) files: Performing search in "dc=services,o=kontrapunkt,dc=example,dc=com" with filter "(&(cn=wifi-cph)(objectCla"
- (18) files: Waiting for search result...
- (18) files: User found in group object "dc=services,o=kontrapunkt,dc=example,dc=com"
- rlm_ldap (ldap): Released connection (2)
- rlm_ldap (ldap): Need 3 more connections to reach 10 spares
- rlm_ldap (ldap): Opening additional connection (7), 1 of 25 pending slots used
- rlm_ldap (ldap): Connecting to ldap://ldap.example.com:389
- rlm_ldap (ldap): Waiting for bind result...
- rlm_ldap (ldap): Bind successful
- (18) files: Searching for user in group "wifi-cph-guest"
- rlm_ldap (ldap): Reserved connection (3)
- (18) files: Using user DN from request "uid=bj,ou=people,l=copenhagen,c=dk,o=kontrapunkt,dc=example,dc=com"
- (18) files: Checking for user in group objects
- (18) files: EXPAND (&(cn=wifi-cph-guest)(objectClass=posixGroup)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-)
- (18) files: --> (&(cn=wifi-cph-guest)(objectClass=posixGroup)(|(member=uid\3dbj\2cou\3dpeople\2cl\3dcopenhagen\2cc\3dd)
- (18) files: Performing search in "dc=services,o=kontrapunkt,dc=example,dc=com" with filter "(&(cn=wifi-cph-guest)(obj"
- (18) files: Waiting for search result...
- (18) files: User found in group object "dc=services,o=kontrapunkt,dc=example,dc=com"
- rlm_ldap (ldap): Released connection (3)
- (18) files: Searching for user in group "kp-vpn-cph"
- rlm_ldap (ldap): Reserved connection (4)
- (18) files: Using user DN from request "uid=bj,ou=people,l=copenhagen,c=dk,o=kontrapunkt,dc=example,dc=com"
- (18) files: Checking for user in group objects
- (18) files: EXPAND (&(cn=kp-vpn-cph)(objectClass=posixGroup)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User)
- (18) files: --> (&(cn=kp-vpn-cph)(objectClass=posixGroup)(|(member=uid\3dbj\2cou\3dpeople\2cl\3dcopenhagen\2cc\3ddk\2c)
- (18) files: Performing search in "dc=services,o=kontrapunkt,dc=example,dc=com" with filter "(&(cn=kp-vpn-cph)(objectC"
- (18) files: Waiting for search result...
- (18) files: User found in group object "dc=services,o=kontrapunkt,dc=example,dc=com"
- rlm_ldap (ldap): Released connection (4)
- (18) files: users: Matched entry DEFAULT at line 63
- (18) [files] = ok
- rlm_ldap (ldap): Reserved connection (0)
- (18) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
- (18) ldap: --> (uid=bj)
- (18) ldap: Performing search in "o=kontrapunkt,dc=example,dc=com" with filter "(uid=bj)", scope "sub"
- (18) ldap: Waiting for search result...
- (18) ldap: User object found at DN "uid=bj,ou=people,l=copenhagen,c=dk,o=kontrapunkt,dc=example,dc=com"
- (18) ldap: Processing user attributes
- (18) ldap: control:Password-With-Header += '{CRYPT}$*****'
- (18) ldap: control:NT-Password := 0x3437413634423334324442384133314330313831413644453134393237413931
- rlm_ldap (ldap): Released connection (0)
- (18) [ldap] = updated
- (18) [expiration] = noop
- (18) [logintime] = noop
- (18) pap: Converted: &control:Password-With-Header -> &control:Crypt-Password
- (18) pap: Removing &control:Password-With-Header
- (18) pap: Normalizing NT-Password from hex encoding, 32 bytes -> 16 bytes
- (18) pap: WARNING: Auth-Type already set. Not setting to PAP
- (18) [pap] = noop
- (18) } # authorize = updated
- (18) Found Auth-Type = Reject
- (18) Auth-Type = Reject, rejecting user
- (18) Failed to authenticate the user
- (18) Using Post-Auth-Type Reject
- (18) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
- (18) Post-Auth-Type REJECT {
- (18) attr_filter.access_reject: EXPAND %{User-Name}
- (18) attr_filter.access_reject: --> bj
- (18) attr_filter.access_reject: Matched entry DEFAULT at line 11
- (18) [attr_filter.access_reject] = updated
- (18) update outer.session-state {
- (18) No attributes updated
- (18) } # update outer.session-state = noop
- (18) } # Post-Auth-Type REJECT = updated
- (18) } # server inner-tunnel
- (18) Virtual server sending reply
- (18) Reply-Message = "Sorry, no access for you."
- (18) eap_peap: Got tunneled reply code 3
- (18) eap_peap: Reply-Message = "Sorry, no access for you."
- (18) eap_peap: Got tunneled reply RADIUS code 3
- (18) eap_peap: Reply-Message = "Sorry, no access for you."
- (18) eap_peap: Tunneled authentication was rejected
- (18) eap_peap: FAILURE
- (18) eap: Sending EAP Request (code 1) ID 179 length 43
- (18) eap: EAP session adding &reply:State = 0x2e588f9b26eb96e1
- (18) [eap] = handled
- (18) } # authenticate = handled
- (18) Using Post-Auth-Type Challenge
- (18) Post-Auth-Type sub-section not found. Ignoring.
- (18) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (18) Sent Access-Challenge Id 38 from 172.22.33.46:1812 to 172.22.33.33:65484 length 0
- (18) EAP-Message = 0x01b3002b19001703010020bb865662c8c0ade89daa01bb1223572b64a05308870cf047662598148a86dfeb
- (18) Message-Authenticator = 0x00000000000000000000000000000000
- (18) State = 0x2e588f9b26eb96e1accf0533cefa4486
- (18) Finished request
- Waking up in 4.6 seconds.
- (19) Received Access-Request Id 39 from 172.22.33.33:65484 to 172.22.33.46:1812 length 217
- (19) User-Name = "bj"
- (19) NAS-IP-Address = 172.22.33.33
- (19) NAS-Port = 0
- (19) Called-Station-Id = "0C-51-01-E4-23-29:Kontrapunkt - NOT AVAILABLE"
- (19) Calling-Station-Id = "88-1F-A1-11-43-E2"
- (19) Framed-MTU = 1400
- (19) NAS-Port-Type = Wireless-802.11
- (19) Connect-Info = "CONNECT 0Mbps 802.11"
- (19) EAP-Message = 0x02b3002b19001703010020f36596ba20e3b3d80188943909feb4d24b80ec7a076b02e780343c839a639a82
- (19) State = 0x2e588f9b26eb96e1accf0533cefa4486
- (19) Message-Authenticator = 0x0e566abe9b398831b30e8530f35885a6
- (19) session-state: No cached attributes
- (19) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
- (19) authorize {
- (19) policy filter_username {
- (19) if (&User-Name) {
- (19) if (&User-Name) -> TRUE
- (19) if (&User-Name) {
- (19) if (&User-Name =~ / /) {
- (19) if (&User-Name =~ / /) -> FALSE
- (19) if (&User-Name =~ /@[^@]*@/ ) {
- (19) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (19) if (&User-Name =~ /\.\./ ) {
- (19) if (&User-Name =~ /\.\./ ) -> FALSE
- (19) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (19) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (19) if (&User-Name =~ /\.$/) {
- (19) if (&User-Name =~ /\.$/) -> FALSE
- (19) if (&User-Name =~ /@\./) {
- (19) if (&User-Name =~ /@\./) -> FALSE
- (19) } # if (&User-Name) = notfound
- (19) } # policy filter_username = notfound
- (19) [preprocess] = ok
- (19) [chap] = noop
- (19) [mschap] = noop
- (19) [digest] = noop
- (19) suffix: Checking for suffix after "@"
- (19) suffix: No '@' in User-Name = "bj", looking up realm NULL
- (19) suffix: No such realm "NULL"
- (19) [suffix] = noop
- (19) eap: Peer sent EAP Response (code 2) ID 179 length 43
- (19) eap: Continuing tunnel setup
- (19) [eap] = ok
- (19) } # authorize = ok
- (19) Found Auth-Type = eap
- (19) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (19) authenticate {
- (19) eap: Expiring EAP session with state 0x47e8552047754f14
- (19) eap: Finished EAP session with state 0x2e588f9b26eb96e1
- (19) eap: Previous EAP request found for state 0x2e588f9b26eb96e1, released from the list
- (19) eap: Peer sent packet with method EAP PEAP (25)
- (19) eap: Calling submodule eap_peap to process data
- (19) eap_peap: Continuing EAP-TLS
- (19) eap_peap: [eaptls verify] = ok
- (19) eap_peap: Done initial handshake
- (19) eap_peap: [eaptls process] = ok
- (19) eap_peap: Session established. Decoding tunneled attributes
- (19) eap_peap: PEAP state send tlv failure
- (19) eap_peap: Received EAP-TLV response
- (19) eap_peap: The users session was previously rejected: returning reject (again.)
- (19) eap_peap: This means you need to read the PREVIOUS messages in the debug output
- (19) eap_peap: to find out the reason why the user was rejected
- (19) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you
- (19) eap_peap: what went wrong, and how to fix the problem
- (19) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed
- (19) eap: Sending EAP Failure (code 4) ID 179 length 4
- (19) eap: Failed in EAP select
- (19) [eap] = invalid
- (19) } # authenticate = invalid
- (19) Failed to authenticate the user
- (19) Using Post-Auth-Type Reject
- (19) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
- (19) Post-Auth-Type REJECT {
- (19) attr_filter.access_reject: EXPAND %{User-Name}
- (19) attr_filter.access_reject: --> bj
- (19) attr_filter.access_reject: Matched entry DEFAULT at line 11
- (19) [attr_filter.access_reject] = updated
- (19) [eap] = noop
- (19) policy remove_reply_message_if_eap {
- (19) if (&reply:EAP-Message && &reply:Reply-Message) {
- (19) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (19) else {
- (19) [noop] = noop
- (19) } # else = noop
- (19) } # policy remove_reply_message_if_eap = noop
- (19) } # Post-Auth-Type REJECT = updated
- (19) Delaying response for 1.000000 seconds
- Waking up in 0.3 seconds.
- Waking up in 0.6 seconds.
- (19) Sending delayed response
- (19) Sent Access-Reject Id 39 from 172.22.33.46:1812 to 172.22.33.33:65484 length 44
- (19) EAP-Message = 0x04b30004
- (19) Message-Authenticator = 0x00000000000000000000000000000000
- Waking up in 3.5 seconds.
- (10) Cleaning up request packet ID 30 with timestamp +28
- Waking up in 0.1 seconds.
- (11) Cleaning up request packet ID 31 with timestamp +28
- (12) Cleaning up request packet ID 32 with timestamp +28
- (13) Cleaning up request packet ID 33 with timestamp +28
- (14) Cleaning up request packet ID 34 with timestamp +28
- (15) Cleaning up request packet ID 35 with timestamp +29
- (16) Cleaning up request packet ID 36 with timestamp +29
- (17) Cleaning up request packet ID 37 with timestamp +29
- Waking up in 0.1 seconds.
- (18) Cleaning up request packet ID 38 with timestamp +29
- (19) Cleaning up request packet ID 39 with timestamp +29
- Ready to process requests
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement