freeradius debug

1. root@radius001 vkratsberg]# radiusd -X
2. Server was built with:
3. accounting : yes
4. authentication : yes
5. ascend-binary-attributes : yes
6. coa : yes
7. control-socket : yes
8. detail : yes
9. dhcp : yes
10. dynamic-clients : yes
11. osfc2 : no
12. proxy : yes
13. regex-pcre : yes
14. regex-posix : no
15. regex-posix-extended : no
16. session-management : yes
17. stats : yes
18. tcp : yes
19. threads : yes
20. tls : yes
21. unlang : yes
22. vmps : yes
23. developer : no
24. Server core libs:
25. freeradius-server : 3.0.11
26. talloc : 2.0.*
27. ssl : 1.0.1e release
28. pcre : 8.32 2012-11-30
29. Endianness:
30. little
31. Compilation flags:
32. cppflags :
33. cflags : -I/root/rpmbuild/BUILD/freeradius-server-3.0.11 -I/root/rpmbuild/BUILD/freeradius-server-3.0.11/src -include /root/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/autoconf.h -include /root/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/build.h -include /root/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/features.h -include /root/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/radpaths.h -fno-strict-aliasing -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wall -std=c99 -D_GNU_SOURCE -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -DNDEBUG -DIS_MODULE=1
34. ldflags : -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
35. libs : -lcrypto -lssl -ltalloc -lpcre -lnsl -lresolv -ldl -lpthread -lreadline
36.  
37. Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
38. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
39. PARTICULAR PURPOSE
40. You may redistribute copies of FreeRADIUS under the terms of the
41. GNU General Public License
42. For more information about these matters, see the file named COPYRIGHT
43. Starting - reading configuration files ...
44. including dictionary file /usr/share/freeradius/dictionary
45. including dictionary file /usr/share/freeradius/dictionary.dhcp
46. including dictionary file /usr/share/freeradius/dictionary.vqp
47. including dictionary file /etc/raddb/dictionary
48. including configuration file /etc/raddb/radiusd.conf
49. including configuration file /etc/raddb/proxy.conf
50. including configuration file /etc/raddb/clients.conf
51. including files in directory /etc/raddb/mods-enabled/
52. including configuration file /etc/raddb/mods-enabled/logintime
53. including configuration file /etc/raddb/mods-enabled/mschap
54. including configuration file /etc/raddb/mods-enabled/passwd
55. including configuration file /etc/raddb/mods-enabled/preprocess
56. including configuration file /etc/raddb/mods-enabled/radutmp
57. including configuration file /etc/raddb/mods-enabled/soh
58. including configuration file /etc/raddb/mods-enabled/unix
59. including configuration file /etc/raddb/mods-enabled/utf8
60. including configuration file /etc/raddb/mods-enabled/ldap
61. including configuration file /etc/raddb/mods-enabled/always
62. including configuration file /etc/raddb/mods-enabled/attr_filter
63. including configuration file /etc/raddb/mods-enabled/cache_eap
64. including configuration file /etc/raddb/mods-enabled/chap
65. including configuration file /etc/raddb/mods-enabled/detail
66. including configuration file /etc/raddb/mods-enabled/detail.log
67. including configuration file /etc/raddb/mods-enabled/dhcp
68. including configuration file /etc/raddb/mods-enabled/digest
69. including configuration file /etc/raddb/mods-enabled/dynamic_clients
70. including configuration file /etc/raddb/mods-enabled/eap
71. including configuration file /etc/raddb/mods-enabled/echo
72. including configuration file /etc/raddb/mods-enabled/exec
73. including configuration file /etc/raddb/mods-enabled/expiration
74. including configuration file /etc/raddb/mods-enabled/expr
75. including configuration file /etc/raddb/mods-enabled/files
76. including configuration file /etc/raddb/mods-enabled/linelog
77. including configuration file /etc/raddb/mods-enabled/ntlm_auth
78. including configuration file /etc/raddb/mods-enabled/pap
79. including configuration file /etc/raddb/mods-enabled/realm
80. including configuration file /etc/raddb/mods-enabled/replicate
81. including configuration file /etc/raddb/mods-enabled/sradutmp
82. including configuration file /etc/raddb/mods-enabled/unpack
83. including files in directory /etc/raddb/policy.d/
84. including configuration file /etc/raddb/policy.d/abfab-tr
85. including configuration file /etc/raddb/policy.d/accounting
86. including configuration file /etc/raddb/policy.d/canonicalization
87. including configuration file /etc/raddb/policy.d/control
88. including configuration file /etc/raddb/policy.d/cui
89. including configuration file /etc/raddb/policy.d/debug
90. including configuration file /etc/raddb/policy.d/dhcp
91. including configuration file /etc/raddb/policy.d/eap
92. including configuration file /etc/raddb/policy.d/filter
93. including configuration file /etc/raddb/policy.d/operator-name
94. including files in directory /etc/raddb/sites-enabled/
95. including configuration file /etc/raddb/sites-enabled/default
96. including configuration file /etc/raddb/sites-enabled/inner-tunnel
97. main {
98. security {
99. user = "radiusd"
100. group = "radiusd"
101. allow_core_dumps = no
102. }
103. name = "radiusd"
104. prefix = "/usr"
105. localstatedir = "/var"
106. logdir = "/var/log/radius"
107. run_dir = "/var/run/radiusd"
108. }
109. main {
110. name = "radiusd"
111. prefix = "/usr"
112. localstatedir = "/var"
113. sbindir = "/usr/sbin"
114. logdir = "/var/log/radius"
115. run_dir = "/var/run/radiusd"
116. libdir = "/usr/lib64/freeradius"
117. radacctdir = "/var/log/radius/radacct"
118. hostname_lookups = no
119. max_request_time = 30
120. cleanup_delay = 5
121. max_requests = 16384
122. pidfile = "/var/run/radiusd/radiusd.pid"
123. checkrad = "/usr/sbin/checkrad"
124. debug_level = 0
125. proxy_requests = yes
126. log {
127. stripped_names = no
128. auth = no
129. auth_badpass = no
130. auth_goodpass = no
131. colourise = yes
132. msg_denied = "You are already logged in - access denied"
133. }
134. resources {
135. }
136. security {
137. max_attributes = 200
138. reject_delay = 1.000000
139. status_server = yes
140. }
141. }
142. radiusd: #### Loading Realms and Home Servers ####
143. proxy server {
144. retry_delay = 5
145. retry_count = 3
146. default_fallback = no
147. dead_time = 120
148. wake_all_if_all_dead = no
149. }
150. home_server localhost {
151. ipaddr = 127.0.0.1
152. port = 1812
153. type = "auth"
154. secret = <<< secret >>>
155. response_window = 20.000000
156. response_timeouts = 1
157. max_outstanding = 65536
158. zombie_period = 40
159. status_check = "status-server"
160. ping_interval = 30
161. check_interval = 30
162. check_timeout = 4
163. num_answers_to_alive = 3
164. revive_interval = 120
165. limit {
166. max_connections = 16
167. max_requests = 0
168. lifetime = 0
169. idle_timeout = 0
170. }
171. coa {
172. irt = 2
173. mrt = 16
174. mrc = 5
175. mrd = 30
176. }
177. }
178. home_server_pool my_auth_failover {
179. type = fail-over
180. home_server = localhost
181. }
182. realm example.com {
183. auth_pool = my_auth_failover
184. }
185. realm LOCAL {
186. }
187. radiusd: #### Loading Clients ####
188. client localhost {
189. ipv4addr = 127.0.0.1
190. require_message_authenticator = no
191. secret = <<< secret >>>
192. nas_type = "other"
193. limit {
194. max_connections = 16
195. lifetime = 0
196. idle_timeout = 30
197. }
198. }
199. client 192.168.10.0/24 {
200. ipv4addr = 192.168.10.0/24
201. require_message_authenticator = no
202. secret = <<< secret >>>
203. shortname = "nyc-mgmt-network"
204. limit {
205. max_connections = 16
206. lifetime = 0
207. idle_timeout = 30
208. }
209. }
210. client 10.120.8.0/24 {
211. ipv4addr = 10.120.8.0/24
212. require_message_authenticator = no
213. secret = <<< secret >>>
214. shortname = "da-oob-internal"
215. limit {
216. max_connections = 16
217. lifetime = 0
218. idle_timeout = 30
219. }
220. }
221. client 10.120.225.0/24 {
222. ipv4addr = 10.120.225.0/24
223. require_message_authenticator = no
224. secret = <<< secret >>>
225. shortname = "da-mgmt-network"
226. limit {
227. max_connections = 16
228. lifetime = 0
229. idle_timeout = 30
230. }
231. }
232. client 10.120.22.0/24 {
233. ipv4addr = 10.120.22.0/24
234. require_message_authenticator = no
235. secret = <<< secret >>>
236. shortname = "da3-int-transit-net"
237. limit {
238. max_connections = 16
239. lifetime = 0
240. idle_timeout = 30
241. }
242. }
243. client 10.100.124.0/22 {
244. ipv4addr = 10.100.124.0/22
245. require_message_authenticator = no
246. secret = <<< secret >>>
247. shortname = "peer1-mgmt-network"
248. limit {
249. max_connections = 16
250. lifetime = 0
251. idle_timeout = 30
252. }
253. }
254. client 10.8.0.0/24 {
255. ipv4addr = 10.8.0.0/24
256. require_message_authenticator = no
257. secret = <<< secret >>>
258. shortname = "nyc-hq"
259. limit {
260. max_connections = 16
261. lifetime = 0
262. idle_timeout = 30
263. }
264. }
265. client 10.150.0.0/16 {
266. ipv4addr = 10.150.0.0/16
267. require_message_authenticator = no
268. secret = <<< secret >>>
269. shortname = "dublin-corp"
270. limit {
271. max_connections = 16
272. lifetime = 0
273. idle_timeout = 30
274. }
275. }
276. client 10.126.0.0/16 {
277. ipv4addr = 10.126.0.0/16
278. require_message_authenticator = no
279. secret = <<< secret >>>
280. shortname = "portland-corp"
281. limit {
282. max_connections = 16
283. lifetime = 0
284. idle_timeout = 30
285. }
286. }
287. client 10.100.0.0/24 {
288. ipv4addr = 10.100.0.0/24
289. require_message_authenticator = no
290. secret = <<< secret >>>
291. shortname = "peer1-loopbacks"
292. limit {
293. max_connections = 16
294. lifetime = 0
295. idle_timeout = 30
296. }
297. }
298. client 10.120.0.0/24 {
299. ipv4addr = 10.120.0.0/24
300. require_message_authenticator = no
301. secret = <<< secret >>>
302. shortname = "dallas-loopbacks"
303. limit {
304. max_connections = 16
305. lifetime = 0
306. idle_timeout = 30
307. }
308. }
309. client 10.100.72.100/32 {
310. ipv4addr = 10.100.72.100
311. require_message_authenticator = no
312. secret = <<< secret >>>
313. shortname = "peer1-wlc-master"
314. limit {
315. max_connections = 16
316. lifetime = 0
317. idle_timeout = 30
318. }
319. }
320. client 192.168.1.68 {
321. ipv4addr = 192.168.1.68
322. require_message_authenticator = no
323. secret = <<< secret >>>
324. shortname = "admin01"
325. limit {
326. max_connections = 16
327. lifetime = 0
328. idle_timeout = 30
329. }
330. }
331. client 192.168.1.8 {
332. ipv4addr = 192.168.1.8
333. require_message_authenticator = no
334. secret = <<< secret >>>
335. shortname = "admin08"
336. limit {
337. max_connections = 16
338. lifetime = 0
339. idle_timeout = 30
340. }
341. }
342. Debugger not attached
343. # Creating Auth-Type = PAP
344. # Creating Auth-Type = CHAP
345. # Creating Auth-Type = MS-CHAP
346. # Creating Auth-Type = digest
347. # Creating Auth-Type = eap
348. radiusd: #### Instantiating modules ####
349. modules {
350. # Loaded module rlm_logintime
351. # Loading module "logintime" from file /etc/raddb/mods-enabled/logintime
352. logintime {
353. minimum_timeout = 60
354. }
355. # Loaded module rlm_mschap
356. # Loading module "mschap" from file /etc/raddb/mods-enabled/mschap
357. mschap {
358. use_mppe = yes
359. require_encryption = no
360. require_strong = no
361. with_ntdomain_hack = yes
362. passchange {
363. }
364. allow_retry = yes
365. }
366. # Loaded module rlm_passwd
367. # Loading module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
368. passwd etc_passwd {
369. filename = "/etc/passwd"
370. format = "*User-Name:Crypt-Password:"
371. delimiter = ":"
372. ignore_nislike = no
373. ignore_empty = yes
374. allow_multiple_keys = no
375. hash_size = 100
376. }
377. # Loaded module rlm_preprocess
378. # Loading module "preprocess" from file /etc/raddb/mods-enabled/preprocess
379. preprocess {
380. huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
381. hints = "/etc/raddb/mods-config/preprocess/hints"
382. with_ascend_hack = no
383. ascend_channels_per_line = 23
384. with_ntdomain_hack = no
385. with_specialix_jetstream_hack = no
386. with_cisco_vsa_hack = no
387. with_alvarion_vsa_hack = no
388. }
389. # Loaded module rlm_radutmp
390. # Loading module "radutmp" from file /etc/raddb/mods-enabled/radutmp
391. radutmp {
392. filename = "/var/log/radius/radutmp"
393. username = "%{User-Name}"
394. case_sensitive = yes
395. check_with_nas = yes
396. permissions = 384
397. caller_id = yes
398. }
399. # Loaded module rlm_soh
400. # Loading module "soh" from file /etc/raddb/mods-enabled/soh
401. soh {
402. dhcp = yes
403. }
404. # Loaded module rlm_unix
405. # Loading module "unix" from file /etc/raddb/mods-enabled/unix
406. unix {
407. radwtmp = "/var/log/radius/radwtmp"
408. }
409. Creating attribute Unix-Group
410. # Loaded module rlm_utf8
411. # Loading module "utf8" from file /etc/raddb/mods-enabled/utf8
412. # Loaded module rlm_ldap
413. # Loading module "ldap" from file /etc/raddb/mods-enabled/ldap
414. ldap {
415. server = "ldap001.008.jfk.corp.squarespace.net"
416. port = 636
417. identity = "cn=directory manager"
418. password = <<< secret >>>
419. sasl {
420. }
421. user {
422. scope = "sub"
423. access_positive = yes
424. sasl {
425. }
426. }
427. group {
428. filter = "(objectClass=GroupOfNames)"
429. scope = "sub"
430. name_attribute = "cn"
431. membership_attribute = "memberOf"
432. membership_filter = "(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
433. cacheable_name = no
434. cacheable_dn = no
435. }
436. client {
437. filter = "(objectClass=frClient)"
438. scope = "sub"
439. base_dn = "dc=sq,dc=net"
440. }
441. profile {
442. }
443. options {
444. ldap_debug = 40
445. chase_referrals = yes
446. rebind = yes
447. net_timeout = 1
448. res_timeout = 20
449. srv_timelimit = 20
450. idle = 60
451. probes = 3
452. interval = 3
453. }
454. tls {
455. start_tls = no
456. require_cert = "allow"
457. }
458. }
459. Creating attribute LDAP-Group
460. # Loaded module rlm_always
461. # Loading module "reject" from file /etc/raddb/mods-enabled/always
462. always reject {
463. rcode = "reject"
464. simulcount = 0
465. mpp = no
466. }
467. # Loading module "fail" from file /etc/raddb/mods-enabled/always
468. always fail {
469. rcode = "fail"
470. simulcount = 0
471. mpp = no
472. }
473. # Loading module "ok" from file /etc/raddb/mods-enabled/always
474. always ok {
475. rcode = "ok"
476. simulcount = 0
477. mpp = no
478. }
479. # Loading module "handled" from file /etc/raddb/mods-enabled/always
480. always handled {
481. rcode = "handled"
482. simulcount = 0
483. mpp = no
484. }
485. # Loading module "invalid" from file /etc/raddb/mods-enabled/always
486. always invalid {
487. rcode = "invalid"
488. simulcount = 0
489. mpp = no
490. }
491. # Loading module "userlock" from file /etc/raddb/mods-enabled/always
492. always userlock {
493. rcode = "userlock"
494. simulcount = 0
495. mpp = no
496. }
497. # Loading module "notfound" from file /etc/raddb/mods-enabled/always
498. always notfound {
499. rcode = "notfound"
500. simulcount = 0
501. mpp = no
502. }
503. # Loading module "noop" from file /etc/raddb/mods-enabled/always
504. always noop {
505. rcode = "noop"
506. simulcount = 0
507. mpp = no
508. }
509. # Loading module "updated" from file /etc/raddb/mods-enabled/always
510. always updated {
511. rcode = "updated"
512. simulcount = 0
513. mpp = no
514. }
515. # Loaded module rlm_attr_filter
516. # Loading module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
517. attr_filter attr_filter.post-proxy {
518. filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
519. key = "%{Realm}"
520. relaxed = no
521. }
522. # Loading module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
523. attr_filter attr_filter.pre-proxy {
524. filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
525. key = "%{Realm}"
526. relaxed = no
527. }
528. # Loading module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
529. attr_filter attr_filter.access_reject {
530. filename = "/etc/raddb/mods-config/attr_filter/access_reject"
531. key = "%{User-Name}"
532. relaxed = no
533. }
534. # Loading module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
535. attr_filter attr_filter.access_challenge {
536. filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
537. key = "%{User-Name}"
538. relaxed = no
539. }
540. # Loading module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
541. attr_filter attr_filter.accounting_response {
542. filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
543. key = "%{User-Name}"
544. relaxed = no
545. }
546. # Loaded module rlm_cache
547. # Loading module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
548. cache cache_eap {
549. driver = "rlm_cache_rbtree"
550. key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
551. ttl = 15
552. max_entries = 0
553. epoch = 0
554. add_stats = no
555. }
556. # Loaded module rlm_chap
557. # Loading module "chap" from file /etc/raddb/mods-enabled/chap
558. # Loaded module rlm_detail
559. # Loading module "detail" from file /etc/raddb/mods-enabled/detail
560. detail {
561. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
562. header = "%t"
563. permissions = 384
564. locking = no
565. escape_filenames = no
566. log_packet_header = no
567. }
568. # Loading module "auth_log" from file /etc/raddb/mods-enabled/detail.log
569. detail auth_log {
570. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
571. header = "%t"
572. permissions = 384
573. locking = no
574. escape_filenames = no
575. log_packet_header = no
576. }
577. # Loading module "reply_log" from file /etc/raddb/mods-enabled/detail.log
578. detail reply_log {
579. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
580. header = "%t"
581. permissions = 384
582. locking = no
583. escape_filenames = no
584. log_packet_header = no
585. }
586. # Loading module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
587. detail pre_proxy_log {
588. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
589. header = "%t"
590. permissions = 384
591. locking = no
592. escape_filenames = no
593. log_packet_header = no
594. }
595. # Loading module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
596. detail post_proxy_log {
597. filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
598. header = "%t"
599. permissions = 384
600. locking = no
601. escape_filenames = no
602. log_packet_header = no
603. }
604. # Loaded module rlm_dhcp
605. # Loading module "dhcp" from file /etc/raddb/mods-enabled/dhcp
606. # Loaded module rlm_digest
607. # Loading module "digest" from file /etc/raddb/mods-enabled/digest
608. # Loaded module rlm_dynamic_clients
609. # Loading module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients
610. # Loaded module rlm_eap
611. # Loading module "eap" from file /etc/raddb/mods-enabled/eap
612. eap {
613. default_eap_type = "peap"
614. timer_expire = 60
615. ignore_unknown_eap_types = no
616. cisco_accounting_username_bug = no
617. max_sessions = 16384
618. }
619. # Loaded module rlm_exec
620. # Loading module "echo" from file /etc/raddb/mods-enabled/echo
621. exec echo {
622. wait = yes
623. program = "/bin/echo %{User-Name}"
624. input_pairs = "request"
625. output_pairs = "reply"
626. shell_escape = yes
627. }
628. # Loading module "exec" from file /etc/raddb/mods-enabled/exec
629. exec {
630. wait = no
631. input_pairs = "request"
632. shell_escape = yes
633. timeout = 10
634. }
635. # Loaded module rlm_expiration
636. # Loading module "expiration" from file /etc/raddb/mods-enabled/expiration
637. # Loaded module rlm_expr
638. # Loading module "expr" from file /etc/raddb/mods-enabled/expr
639. expr {
640. safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
641. }
642. # Loaded module rlm_files
643. # Loading module "files" from file /etc/raddb/mods-enabled/files
644. files {
645. filename = "/etc/raddb/mods-config/files/authorize"
646. acctusersfile = "/etc/raddb/mods-config/files/accounting"
647. preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
648. }
649. # Loaded module rlm_linelog
650. # Loading module "linelog" from file /etc/raddb/mods-enabled/linelog
651. linelog {
652. filename = "/var/log/radius/linelog"
653. escape_filenames = no
654. syslog_severity = "info"
655. permissions = 384
656. format = "This is a log message for %{User-Name}"
657. reference = "messages.%{%{reply:Packet-Type}:-default}"
658. }
659. # Loading module "log_accounting" from file /etc/raddb/mods-enabled/linelog
660. linelog log_accounting {
661. filename = "/var/log/radius/linelog-accounting"
662. escape_filenames = no
663. syslog_severity = "info"
664. permissions = 384
665. format = ""
666. reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
667. }
668. # Loading module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
669. exec ntlm_auth {
670. wait = yes
671. program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
672. shell_escape = yes
673. }
674. # Loaded module rlm_pap
675. # Loading module "pap" from file /etc/raddb/mods-enabled/pap
676. pap {
677. normalise = yes
678. }
679. # Loaded module rlm_realm
680. # Loading module "IPASS" from file /etc/raddb/mods-enabled/realm
681. realm IPASS {
682. format = "prefix"
683. delimiter = "/"
684. ignore_default = no
685. ignore_null = no
686. }
687. # Loading module "suffix" from file /etc/raddb/mods-enabled/realm
688. realm suffix {
689. format = "suffix"
690. delimiter = "@"
691. ignore_default = no
692. ignore_null = no
693. }
694. # Loading module "realmpercent" from file /etc/raddb/mods-enabled/realm
695. realm realmpercent {
696. format = "suffix"
697. delimiter = "%"
698. ignore_default = no
699. ignore_null = no
700. }
701. # Loading module "ntdomain" from file /etc/raddb/mods-enabled/realm
702. realm ntdomain {
703. format = "prefix"
704. delimiter = "\\"
705. ignore_default = no
706. ignore_null = no
707. }
708. # Loaded module rlm_replicate
709. # Loading module "replicate" from file /etc/raddb/mods-enabled/replicate
710. # Loading module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
711. radutmp sradutmp {
712. filename = "/var/log/radius/sradutmp"
713. username = "%{User-Name}"
714. case_sensitive = yes
715. check_with_nas = yes
716. permissions = 420
717. caller_id = no
718. }
719. # Loaded module rlm_unpack
720. # Loading module "unpack" from file /etc/raddb/mods-enabled/unpack
721. instantiate {
722. }
723. # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
724. # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
725. rlm_mschap (mschap): using internal authentication
726. # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
727. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
728. # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
729. reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
730. reading pairlist file /etc/raddb/mods-config/preprocess/hints
731. # Instantiating module "ldap" from file /etc/raddb/mods-enabled/ldap
732. rlm_ldap: libldap vendor: OpenLDAP, version: 20440
733. accounting {
734. reference = "%{tolower:type.%{Acct-Status-Type}}"
735. }
736. post-auth {
737. reference = "."
738. }
739. rlm_ldap (ldap): Initialising connection pool
740. pool {
741. start = 5
742. min = 4
743. max = 32
744. spare = 3
745. uses = 0
746. lifetime = 0
747. cleanup_interval = 30
748. idle_timeout = 60
749. retry_delay = 1
750. spread = no
751. }
752. rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
753. rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
754. TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
755. rlm_ldap (ldap): Waiting for bind result...
756. rlm_ldap (ldap): Bind successful
757. rlm_ldap (ldap): Opening additional connection (1), 1 of 31 pending slots used
758. rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
759. TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
760. rlm_ldap (ldap): Waiting for bind result...
761. rlm_ldap (ldap): Bind successful
762. rlm_ldap (ldap): Opening additional connection (2), 1 of 30 pending slots used
763. rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
764. TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
765. rlm_ldap (ldap): Waiting for bind result...
766. rlm_ldap (ldap): Bind successful
767. rlm_ldap (ldap): Opening additional connection (3), 1 of 29 pending slots used
768. rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
769. TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
770. rlm_ldap (ldap): Waiting for bind result...
771. rlm_ldap (ldap): Bind successful
772. rlm_ldap (ldap): Opening additional connection (4), 1 of 28 pending slots used
773. rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
774. TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
775. rlm_ldap (ldap): Waiting for bind result...
776. rlm_ldap (ldap): Bind successful
777. # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
778. # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
779. # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
780. # Instantiating module "handled" from file /etc/raddb/mods-enabled/always
781. # Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
782. # Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
783. # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
784. # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
785. # Instantiating module "updated" from file /etc/raddb/mods-enabled/always
786. # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
787. reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
788. # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
789. reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
790. # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
791. reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
792. [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
793. [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
794. # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
795. reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
796. # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
797. reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
798. # Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
799. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
800. # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
801. # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
802. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
803. # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
804. # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
805. # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
806. # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
807. # Linked to sub-module rlm_eap_md5
808. # Linked to sub-module rlm_eap_leap
809. # Linked to sub-module rlm_eap_gtc
810. gtc {
811. challenge = "Password: "
812. auth_type = "PAP"
813. }
814. # Linked to sub-module rlm_eap_tls
815. tls {
816. tls = "tls-common"
817. }
818. tls-config tls-common {
819. verify_depth = 0
820. ca_path = "/etc/raddb/certs"
821. pem_file_type = yes
822. private_key_file = "/etc/raddb/certs/server.pem"
823. certificate_file = "/etc/raddb/certs/server.pem"
824. ca_file = "/etc/raddb/certs/ca.pem"
825. private_key_password = <<< secret >>>
826. dh_file = "/etc/raddb/certs/dh"
827. fragment_size = 1024
828. include_length = yes
829. auto_chain = yes
830. check_crl = no
831. check_all_crl = no
832. cipher_list = "DEFAULT"
833. ecdh_curve = "prime256v1"
834. cache {
835. enable = yes
836. lifetime = 24
837. max_entries = 255
838. }
839. verify {
840. skip_if_ocsp_ok = no
841. }
842. ocsp {
843. enable = no
844. override_cert_url = yes
845. url = "http://127.0.0.1/ocsp/"
846. use_nonce = yes
847. timeout = 0
848. softfail = no
849. }
850. }
851. # Linked to sub-module rlm_eap_ttls
852. ttls {
853. tls = "tls-common"
854. default_eap_type = "md5"
855. copy_request_to_tunnel = no
856. use_tunneled_reply = no
857. virtual_server = "inner-tunnel"
858. include_length = yes
859. require_client_cert = no
860. }
861. tls: Using cached TLS configuration from previous invocation
862. # Linked to sub-module rlm_eap_peap
863. peap {
864. tls = "tls-common"
865. default_eap_type = "gtc"
866. copy_request_to_tunnel = no
867. use_tunneled_reply = yes
868. proxy_tunneled_request_as_eap = yes
869. virtual_server = "inner-tunnel"
870. soh = no
871. require_client_cert = no
872. }
873. tls: Using cached TLS configuration from previous invocation
874. # Linked to sub-module rlm_eap_mschapv2
875. mschapv2 {
876. with_ntdomain_hack = no
877. send_error = no
878. }
879. # Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration
880. # Instantiating module "files" from file /etc/raddb/mods-enabled/files
881. reading pairlist file /etc/raddb/mods-config/files/authorize
882. reading pairlist file /etc/raddb/mods-config/files/accounting
883. reading pairlist file /etc/raddb/mods-config/files/pre-proxy
884. # Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
885. # Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/linelog
886. # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
887. # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
888. # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
889. # Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm
890. # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
891. } # modules
892. radiusd: #### Loading Virtual Servers ####
893. server { # from file /etc/raddb/radiusd.conf
894. } # server
895. server default { # from file /etc/raddb/sites-enabled/default
896. # Loading authenticate {...}
897. # Loading authorize {...}
898. Ignoring "sql" (see raddb/mods-available/README.rst)
899. # Loading preacct {...}
900. # Loading accounting {...}
901. # Loading post-proxy {...}
902. # Loading post-auth {...}
903. } # server default
904. server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
905. # Loading authenticate {...}
906. # Loading authorize {...}
907. # Loading session {...}
908. # Loading post-proxy {...}
909. # Loading post-auth {...}
910. } # server inner-tunnel
911. radiusd: #### Opening IP addresses and Ports ####
912. listen {
913. type = "auth"
914. ipaddr = *
915. port = 0
916. limit {
917. max_connections = 16
918. lifetime = 0
919. idle_timeout = 30
920. }
921. }
922. listen {
923. type = "acct"
924. ipaddr = *
925. port = 0
926. limit {
927. max_connections = 16
928. lifetime = 0
929. idle_timeout = 30
930. }
931. }
932. listen {
933. type = "auth"
934. ipv6addr = ::
935. port = 0
936. limit {
937. max_connections = 16
938. lifetime = 0
939. idle_timeout = 30
940. }
941. }
942. listen {
943. type = "acct"
944. ipv6addr = ::
945. port = 0
946. limit {
947. max_connections = 16
948. lifetime = 0
949. idle_timeout = 30
950. }
951. }
952. listen {
953. type = "auth"
954. ipaddr = 127.0.0.1
955. port = 18120
956. }
957. Listening on auth address * port 1812 bound to server default
958. Listening on acct address * port 1813 bound to server default
959. Listening on auth address :: port 1812 bound to server default
960. Listening on acct address :: port 1813 bound to server default
961. Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
962. Listening on proxy address * port 63185
963. Listening on proxy address :: port 29887
964. Ready to process requests
965. (0) Received Access-Request Id 24 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
966. (0) User-Name = "vkratsberg"
967. (0) NAS-Port = 358
968. (0) EAP-Message = 0x0200000f01766b7261747362657267
969. (0) Message-Authenticator = 0x60649b18e279081ac5a6aa44f9c609f2
970. (0) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
971. (0) NAS-Port-Id = "ge-3/0/6.0"
972. (0) Calling-Station-Id = "00-e0-4c-b8-16-4d"
973. (0) Called-Station-Id = "ec-3e-f7-68-35-00"
974. (0) NAS-IP-Address = 10.8.0.111
975. (0) NAS-Identifier = "nyc-access-sw011"
976. (0) NAS-Port-Type = Ethernet
977. (0) # Executing section authorize from file /etc/raddb/sites-enabled/default
978. (0) authorize {
979. (0) policy filter_username {
980. (0) if (&User-Name) {
981. (0) if (&User-Name) -> TRUE
982. (0) if (&User-Name) {
983. (0) if (&User-Name =~ / /) {
984. (0) if (&User-Name =~ / /) -> FALSE
985. (0) if (&User-Name =~ /@[^@]*@/ ) {
986. (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
987. (0) if (&User-Name =~ /\.\./ ) {
988. (0) if (&User-Name =~ /\.\./ ) -> FALSE
989. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
990. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
991. (0) if (&User-Name =~ /\.$/) {
992. (0) if (&User-Name =~ /\.$/) -> FALSE
993. (0) if (&User-Name =~ /@\./) {
994. (0) if (&User-Name =~ /@\./) -> FALSE
995. (0) } # if (&User-Name) = notfound
996. (0) } # policy filter_username = notfound
997. (0) [preprocess] = ok
998. (0) [chap] = noop
999. (0) [mschap] = noop
1000. (0) [digest] = noop
1001. (0) suffix: Checking for suffix after "@"
1002. (0) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
1003. (0) suffix: No such realm "NULL"
1004. (0) [suffix] = noop
1005. (0) eap: Peer sent EAP Response (code 2) ID 0 length 15
1006. (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
1007. (0) [eap] = ok
1008. (0) } # authorize = ok
1009. (0) Found Auth-Type = eap
1010. (0) # Executing group from file /etc/raddb/sites-enabled/default
1011. (0) authenticate {
1012. (0) eap: Peer sent packet with method EAP Identity (1)
1013. (0) eap: Calling submodule eap_peap to process data
1014. (0) eap_peap: Initiating new EAP-TLS session
1015. (0) eap_peap: Flushing SSL sessions (of #0)
1016. (0) eap_peap: [eaptls start] = request
1017. (0) eap: Sending EAP Request (code 1) ID 1 length 6
1018. (0) eap: EAP session adding &reply:State = 0xb9041651b9050f15
1019. (0) [eap] = handled
1020. (0) } # authenticate = handled
1021. (0) Using Post-Auth-Type Challenge
1022. (0) Post-Auth-Type sub-section not found. Ignoring.
1023. (0) # Executing group from file /etc/raddb/sites-enabled/default
1024. (0) Sent Access-Challenge Id 24 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
1025. (0) EAP-Message = 0x010100061920
1026. (0) Message-Authenticator = 0x00000000000000000000000000000000
1027. (0) State = 0xb9041651b9050f15b0b9e469d234e6ed
1028. (0) Finished request
1029. Waking up in 4.9 seconds.
1030. (1) Received Access-Request Id 25 from 10.8.0.111:58432 to 10.8.64.155:1812 length 311
1031. (1) User-Name = "vkratsberg"
1032. (1) NAS-Port = 358
1033. (1) State = 0xb9041651b9050f15b0b9e469d234e6ed
1034. (1) EAP-Message = 0x020100831980000000791603010074010000700301573f503bd022f2b2c0f1149fbe96a1ed4acba3579c41c80a1a637a10de4d3e3300002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000
1035. (1) Message-Authenticator = 0xe8fbb8ba46b97e4443842af9b6254a49
1036. (1) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
1037. (1) NAS-Port-Id = "ge-3/0/6.0"
1038. (1) Calling-Station-Id = "00-e0-4c-b8-16-4d"
1039. (1) Called-Station-Id = "ec-3e-f7-68-35-00"
1040. (1) NAS-IP-Address = 10.8.0.111
1041. (1) NAS-Identifier = "nyc-access-sw011"
1042. (1) NAS-Port-Type = Ethernet
1043. (1) session-state: No cached attributes
1044. (1) # Executing section authorize from file /etc/raddb/sites-enabled/default
1045. (1) authorize {
1046. (1) policy filter_username {
1047. (1) if (&User-Name) {
1048. (1) if (&User-Name) -> TRUE
1049. (1) if (&User-Name) {
1050. (1) if (&User-Name =~ / /) {
1051. (1) if (&User-Name =~ / /) -> FALSE
1052. (1) if (&User-Name =~ /@[^@]*@/ ) {
1053. (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1054. (1) if (&User-Name =~ /\.\./ ) {
1055. (1) if (&User-Name =~ /\.\./ ) -> FALSE
1056. (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1057. (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1058. (1) if (&User-Name =~ /\.$/) {
1059. (1) if (&User-Name =~ /\.$/) -> FALSE
1060. (1) if (&User-Name =~ /@\./) {
1061. (1) if (&User-Name =~ /@\./) -> FALSE
1062. (1) } # if (&User-Name) = notfound
1063. (1) } # policy filter_username = notfound
1064. (1) [preprocess] = ok
1065. (1) [chap] = noop
1066. (1) [mschap] = noop
1067. (1) [digest] = noop
1068. (1) suffix: Checking for suffix after "@"
1069. (1) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
1070. (1) suffix: No such realm "NULL"
1071. (1) [suffix] = noop
1072. (1) eap: Peer sent EAP Response (code 2) ID 1 length 131
1073. (1) eap: Continuing tunnel setup
1074. (1) [eap] = ok
1075. (1) } # authorize = ok
1076. (1) Found Auth-Type = eap
1077. (1) # Executing group from file /etc/raddb/sites-enabled/default
1078. (1) authenticate {
1079. (1) eap: Expiring EAP session with state 0xb9041651b9050f15
1080. (1) eap: Finished EAP session with state 0xb9041651b9050f15
1081. (1) eap: Previous EAP request found for state 0xb9041651b9050f15, released from the list
1082. (1) eap: Peer sent packet with method EAP PEAP (25)
1083. (1) eap: Calling submodule eap_peap to process data
1084. (1) eap_peap: Continuing EAP-TLS
1085. (1) eap_peap: Peer indicated complete TLS record size will be 121 bytes
1086. (1) eap_peap: Got complete TLS record (121 bytes)
1087. (1) eap_peap: [eaptls verify] = length included
1088. (1) eap_peap: (other): before/accept initialization
1089. (1) eap_peap: TLS_accept: before/accept initialization
1090. (1) eap_peap: <<< recv TLS 1.0 Handshake [length 0074], ClientHello
1091. (1) eap_peap: TLS_accept: SSLv3 read client hello A
1092. (1) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
1093. (1) eap_peap: TLS_accept: SSLv3 write server hello A
1094. (1) eap_peap: >>> send TLS 1.0 Handshake [length 08d3], Certificate
1095. (1) eap_peap: TLS_accept: SSLv3 write certificate A
1096. (1) eap_peap: >>> send TLS 1.0 Handshake [length 014b], ServerKeyExchange
1097. (1) eap_peap: TLS_accept: SSLv3 write key exchange A
1098. (1) eap_peap: >>> send TLS 1.0 Handshake [length 0004], ServerHelloDone
1099. (1) eap_peap: TLS_accept: SSLv3 write server done A
1100. (1) eap_peap: TLS_accept: SSLv3 flush data
1101. (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
1102. (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
1103. (1) eap_peap: In SSL Handshake Phase
1104. (1) eap_peap: In SSL Accept mode
1105. (1) eap_peap: [eaptls process] = handled
1106. (1) eap: Sending EAP Request (code 1) ID 2 length 1004
1107. (1) eap: EAP session adding &reply:State = 0xb9041651b8060f15
1108. (1) [eap] = handled
1109. (1) } # authenticate = handled
1110. (1) Using Post-Auth-Type Challenge
1111. (1) Post-Auth-Type sub-section not found. Ignoring.
1112. (1) # Executing group from file /etc/raddb/sites-enabled/default
1113. (1) Sent Access-Challenge Id 25 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
1114. (1) EAP-Message = 0x010203ec19c000000a8f1603010059020000550301573f503b4a3c99b261de0c3b530248997a538a91b875c00b95582ec6bc7be2a820274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010216030108d30b0008cf0008cc0003de
1115. (1) Message-Authenticator = 0x00000000000000000000000000000000
1116. (1) State = 0xb9041651b8060f15b0b9e469d234e6ed
1117. (1) Finished request
1118. Waking up in 4.9 seconds.
1119. (2) Received Access-Request Id 26 from 10.8.0.111:58432 to 10.8.64.155:1812 length 186
1120. (2) User-Name = "vkratsberg"
1121. (2) NAS-Port = 358
1122. (2) State = 0xb9041651b8060f15b0b9e469d234e6ed
1123. (2) EAP-Message = 0x020200061900
1124. (2) Message-Authenticator = 0x8dd88815e5cabf4677cca39b37e0fe28
1125. (2) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
1126. (2) NAS-Port-Id = "ge-3/0/6.0"
1127. (2) Calling-Station-Id = "00-e0-4c-b8-16-4d"
1128. (2) Called-Station-Id = "ec-3e-f7-68-35-00"
1129. (2) NAS-IP-Address = 10.8.0.111
1130. (2) NAS-Identifier = "nyc-access-sw011"
1131. (2) NAS-Port-Type = Ethernet
1132. (2) session-state: No cached attributes
1133. (2) # Executing section authorize from file /etc/raddb/sites-enabled/default
1134. (2) authorize {
1135. (2) policy filter_username {
1136. (2) if (&User-Name) {
1137. (2) if (&User-Name) -> TRUE
1138. (2) if (&User-Name) {
1139. (2) if (&User-Name =~ / /) {
1140. (2) if (&User-Name =~ / /) -> FALSE
1141. (2) if (&User-Name =~ /@[^@]*@/ ) {
1142. (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1143. (2) if (&User-Name =~ /\.\./ ) {
1144. (2) if (&User-Name =~ /\.\./ ) -> FALSE
1145. (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1146. (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1147. (2) if (&User-Name =~ /\.$/) {
1148. (2) if (&User-Name =~ /\.$/) -> FALSE
1149. (2) if (&User-Name =~ /@\./) {
1150. (2) if (&User-Name =~ /@\./) -> FALSE
1151. (2) } # if (&User-Name) = notfound
1152. (2) } # policy filter_username = notfound
1153. (2) [preprocess] = ok
1154. (2) [chap] = noop
1155. (2) [mschap] = noop
1156. (2) [digest] = noop
1157. (2) suffix: Checking for suffix after "@"
1158. (2) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
1159. (2) suffix: No such realm "NULL"
1160. (2) [suffix] = noop
1161. (2) eap: Peer sent EAP Response (code 2) ID 2 length 6
1162. (2) eap: Continuing tunnel setup
1163. (2) [eap] = ok
1164. (2) } # authorize = ok
1165. (2) Found Auth-Type = eap
1166. (2) # Executing group from file /etc/raddb/sites-enabled/default
1167. (2) authenticate {
1168. (2) eap: Expiring EAP session with state 0xb9041651b8060f15
1169. (2) eap: Finished EAP session with state 0xb9041651b8060f15
1170. (2) eap: Previous EAP request found for state 0xb9041651b8060f15, released from the list
1171. (2) eap: Peer sent packet with method EAP PEAP (25)
1172. (2) eap: Calling submodule eap_peap to process data
1173. (2) eap_peap: Continuing EAP-TLS
1174. (2) eap_peap: Peer ACKed our handshake fragment
1175. (2) eap_peap: [eaptls verify] = request
1176. (2) eap_peap: [eaptls process] = handled
1177. (2) eap: Sending EAP Request (code 1) ID 3 length 1000
1178. (2) eap: EAP session adding &reply:State = 0xb9041651bb070f15
1179. (2) [eap] = handled
1180. (2) } # authenticate = handled
1181. (2) Using Post-Auth-Type Challenge
1182. (2) Post-Auth-Type sub-section not found. Ignoring.
1183. (2) # Executing group from file /etc/raddb/sites-enabled/default
1184. (2) Sent Access-Challenge Id 26 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
1185. (2) EAP-Message = 0x010303e81940a985a92e8776b026aa0ca6454d39c8092f1777cb7717bafde9e0586c2db6953cbc1d0dc6dc89a54698f1474daa14ed35c2d76278209bed31b5b6f844db7500fb233337267f13341548de9a5a3219a57eaa7be8fbdc5048ac8060c257cf4e7bb8b599e15e02700609010004e8308204e430
1186. (2) Message-Authenticator = 0x00000000000000000000000000000000
1187. (2) State = 0xb9041651bb070f15b0b9e469d234e6ed
1188. (2) Finished request
1189. Waking up in 4.9 seconds.
1190. (3) Received Access-Request Id 27 from 10.8.0.111:58432 to 10.8.64.155:1812 length 186
1191. (3) User-Name = "vkratsberg"
1192. (3) NAS-Port = 358
1193. (3) State = 0xb9041651bb070f15b0b9e469d234e6ed
1194. (3) EAP-Message = 0x020300061900
1195. (3) Message-Authenticator = 0x6da673ba849096875be1aa2516e90e74
1196. (3) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
1197. (3) NAS-Port-Id = "ge-3/0/6.0"
1198. (3) Calling-Station-Id = "00-e0-4c-b8-16-4d"
1199. (3) Called-Station-Id = "ec-3e-f7-68-35-00"
1200. (3) NAS-IP-Address = 10.8.0.111
1201. (3) NAS-Identifier = "nyc-access-sw011"
1202. (3) NAS-Port-Type = Ethernet
1203. (3) session-state: No cached attributes
1204. (3) # Executing section authorize from file /etc/raddb/sites-enabled/default
1205. (3) authorize {
1206. (3) policy filter_username {
1207. (3) if (&User-Name) {
1208. (3) if (&User-Name) -> TRUE
1209. (3) if (&User-Name) {
1210. (3) if (&User-Name =~ / /) {
1211. (3) if (&User-Name =~ / /) -> FALSE
1212. (3) if (&User-Name =~ /@[^@]*@/ ) {
1213. (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1214. (3) if (&User-Name =~ /\.\./ ) {
1215. (3) if (&User-Name =~ /\.\./ ) -> FALSE
1216. (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1217. (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1218. (3) if (&User-Name =~ /\.$/) {
1219. (3) if (&User-Name =~ /\.$/) -> FALSE
1220. (3) if (&User-Name =~ /@\./) {
1221. (3) if (&User-Name =~ /@\./) -> FALSE
1222. (3) } # if (&User-Name) = notfound
1223. (3) } # policy filter_username = notfound
1224. (3) [preprocess] = ok
1225. (3) [chap] = noop
1226. (3) [mschap] = noop
1227. (3) [digest] = noop
1228. (3) suffix: Checking for suffix after "@"
1229. (3) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
1230. (3) suffix: No such realm "NULL"
1231. (3) [suffix] = noop
1232. (3) eap: Peer sent EAP Response (code 2) ID 3 length 6
1233. (3) eap: Continuing tunnel setup
1234. (3) [eap] = ok
1235. (3) } # authorize = ok
1236. (3) Found Auth-Type = eap
1237. (3) # Executing group from file /etc/raddb/sites-enabled/default
1238. (3) authenticate {
1239. (3) eap: Expiring EAP session with state 0xb9041651bb070f15
1240. (3) eap: Finished EAP session with state 0xb9041651bb070f15
1241. (3) eap: Previous EAP request found for state 0xb9041651bb070f15, released from the list
1242. (3) eap: Peer sent packet with method EAP PEAP (25)
1243. (3) eap: Calling submodule eap_peap to process data
1244. (3) eap_peap: Continuing EAP-TLS
1245. (3) eap_peap: Peer ACKed our handshake fragment
1246. (3) eap_peap: [eaptls verify] = request
1247. (3) eap_peap: [eaptls process] = handled
1248. (3) eap: Sending EAP Request (code 1) ID 4 length 721
1249. (3) eap: EAP session adding &reply:State = 0xb9041651ba000f15
1250. (3) [eap] = handled
1251. (3) } # authenticate = handled
1252. (3) Using Post-Auth-Type Challenge
1253. (3) Post-Auth-Type sub-section not found. Ignoring.
1254. (3) # Executing group from file /etc/raddb/sites-enabled/default
1255. (3) Sent Access-Challenge Id 27 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
1256. (3) EAP-Message = 0x010402d1190020417574686f72697479820900cd92931e3c4b4509300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d010105050003820101
1257. (3) Message-Authenticator = 0x00000000000000000000000000000000
1258. (3) State = 0xb9041651ba000f15b0b9e469d234e6ed
1259. (3) Finished request
1260. Waking up in 4.9 seconds.
1261. (4) Received Access-Request Id 28 from 10.8.0.111:58432 to 10.8.64.155:1812 length 324
1262. (4) User-Name = "vkratsberg"
1263. (4) NAS-Port = 358
1264. (4) State = 0xb9041651ba000f15b0b9e469d234e6ed
1265. (4) EAP-Message = 0x02040090198000000086160301004610000042410448897e7642f1644d763c2bb885dfe6f05a1d953996d5a90be25cc5b3f760b5798ec1688b7b914da811b274b3645d9285f95e8f5a5baa17ab29a7385d7e7028ea1403010001011603010030e13525f115b0852e945fbaaf3a6c2ea13677b780bac905
1266. (4) Message-Authenticator = 0xe3b29d9b9fc6607f54d4d06e5c8fc56c
1267. (4) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
1268. (4) NAS-Port-Id = "ge-3/0/6.0"
1269. (4) Calling-Station-Id = "00-e0-4c-b8-16-4d"
1270. (4) Called-Station-Id = "ec-3e-f7-68-35-00"
1271. (4) NAS-IP-Address = 10.8.0.111
1272. (4) NAS-Identifier = "nyc-access-sw011"
1273. (4) NAS-Port-Type = Ethernet
1274. (4) session-state: No cached attributes
1275. (4) # Executing section authorize from file /etc/raddb/sites-enabled/default
1276. (4) authorize {
1277. (4) policy filter_username {
1278. (4) if (&User-Name) {
1279. (4) if (&User-Name) -> TRUE
1280. (4) if (&User-Name) {
1281. (4) if (&User-Name =~ / /) {
1282. (4) if (&User-Name =~ / /) -> FALSE
1283. (4) if (&User-Name =~ /@[^@]*@/ ) {
1284. (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1285. (4) if (&User-Name =~ /\.\./ ) {
1286. (4) if (&User-Name =~ /\.\./ ) -> FALSE
1287. (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1288. (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1289. (4) if (&User-Name =~ /\.$/) {
1290. (4) if (&User-Name =~ /\.$/) -> FALSE
1291. (4) if (&User-Name =~ /@\./) {
1292. (4) if (&User-Name =~ /@\./) -> FALSE
1293. (4) } # if (&User-Name) = notfound
1294. (4) } # policy filter_username = notfound
1295. (4) [preprocess] = ok
1296. (4) [chap] = noop
1297. (4) [mschap] = noop
1298. (4) [digest] = noop
1299. (4) suffix: Checking for suffix after "@"
1300. (4) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
1301. (4) suffix: No such realm "NULL"
1302. (4) [suffix] = noop
1303. (4) eap: Peer sent EAP Response (code 2) ID 4 length 144
1304. (4) eap: Continuing tunnel setup
1305. (4) [eap] = ok
1306. (4) } # authorize = ok
1307. (4) Found Auth-Type = eap
1308. (4) # Executing group from file /etc/raddb/sites-enabled/default
1309. (4) authenticate {
1310. (4) eap: Expiring EAP session with state 0xb9041651ba000f15
1311. (4) eap: Finished EAP session with state 0xb9041651ba000f15
1312. (4) eap: Previous EAP request found for state 0xb9041651ba000f15, released from the list
1313. (4) eap: Peer sent packet with method EAP PEAP (25)
1314. (4) eap: Calling submodule eap_peap to process data
1315. (4) eap_peap: Continuing EAP-TLS
1316. (4) eap_peap: Peer indicated complete TLS record size will be 134 bytes
1317. (4) eap_peap: Got complete TLS record (134 bytes)
1318. (4) eap_peap: [eaptls verify] = length included
1319. (4) eap_peap: <<< recv TLS 1.0 Handshake [length 0046], ClientKeyExchange
1320. (4) eap_peap: TLS_accept: SSLv3 read client key exchange A
1321. (4) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
1322. (4) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
1323. (4) eap_peap: TLS_accept: SSLv3 read finished A
1324. (4) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
1325. (4) eap_peap: TLS_accept: SSLv3 write change cipher spec A
1326. (4) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
1327. (4) eap_peap: TLS_accept: SSLv3 write finished A
1328. (4) eap_peap: TLS_accept: SSLv3 flush data
1329. (4) eap_peap: (other): SSL negotiation finished successfully
1330. (4) eap_peap: SSL Connection Established
1331. (4) eap_peap: [eaptls process] = handled
1332. (4) eap: Sending EAP Request (code 1) ID 5 length 65
1333. (4) eap: EAP session adding &reply:State = 0xb9041651bd010f15
1334. (4) [eap] = handled
1335. (4) } # authenticate = handled
1336. (4) Using Post-Auth-Type Challenge
1337. (4) Post-Auth-Type sub-section not found. Ignoring.
1338. (4) # Executing group from file /etc/raddb/sites-enabled/default
1339. (4) Sent Access-Challenge Id 28 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
1340. (4) EAP-Message = 0x010500411900140301000101160301003007dfe89ea77d86953224e0877d2c748f775a851cf76eabba1381fe15c7a6a5c517a9d16735ace23d52f1bc2bc48d8752
1341. (4) Message-Authenticator = 0x00000000000000000000000000000000
1342. (4) State = 0xb9041651bd010f15b0b9e469d234e6ed
1343. (4) Finished request
1344. Waking up in 4.9 seconds.
1345. (5) Received Access-Request Id 29 from 10.8.0.111:58432 to 10.8.64.155:1812 length 186
1346. (5) User-Name = "vkratsberg"
1347. (5) NAS-Port = 358
1348. (5) State = 0xb9041651bd010f15b0b9e469d234e6ed
1349. (5) EAP-Message = 0x020500061900
1350. (5) Message-Authenticator = 0xe2d87d0e9d3dc23c9ce035b566ea0ab2
1351. (5) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
1352. (5) NAS-Port-Id = "ge-3/0/6.0"
1353. (5) Calling-Station-Id = "00-e0-4c-b8-16-4d"
1354. (5) Called-Station-Id = "ec-3e-f7-68-35-00"
1355. (5) NAS-IP-Address = 10.8.0.111
1356. (5) NAS-Identifier = "nyc-access-sw011"
1357. (5) NAS-Port-Type = Ethernet
1358. (5) session-state: No cached attributes
1359. (5) # Executing section authorize from file /etc/raddb/sites-enabled/default
1360. (5) authorize {
1361. (5) policy filter_username {
1362. (5) if (&User-Name) {
1363. (5) if (&User-Name) -> TRUE
1364. (5) if (&User-Name) {
1365. (5) if (&User-Name =~ / /) {
1366. (5) if (&User-Name =~ / /) -> FALSE
1367. (5) if (&User-Name =~ /@[^@]*@/ ) {
1368. (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1369. (5) if (&User-Name =~ /\.\./ ) {
1370. (5) if (&User-Name =~ /\.\./ ) -> FALSE
1371. (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1372. (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1373. (5) if (&User-Name =~ /\.$/) {
1374. (5) if (&User-Name =~ /\.$/) -> FALSE
1375. (5) if (&User-Name =~ /@\./) {
1376. (5) if (&User-Name =~ /@\./) -> FALSE
1377. (5) } # if (&User-Name) = notfound
1378. (5) } # policy filter_username = notfound
1379. (5) [preprocess] = ok
1380. (5) [chap] = noop
1381. (5) [mschap] = noop
1382. (5) [digest] = noop
1383. (5) suffix: Checking for suffix after "@"
1384. (5) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
1385. (5) suffix: No such realm "NULL"
1386. (5) [suffix] = noop
1387. (5) eap: Peer sent EAP Response (code 2) ID 5 length 6
1388. (5) eap: Continuing tunnel setup
1389. (5) [eap] = ok
1390. (5) } # authorize = ok
1391. (5) Found Auth-Type = eap
1392. (5) # Executing group from file /etc/raddb/sites-enabled/default
1393. (5) authenticate {
1394. (5) eap: Expiring EAP session with state 0xb9041651bd010f15
1395. (5) eap: Finished EAP session with state 0xb9041651bd010f15
1396. (5) eap: Previous EAP request found for state 0xb9041651bd010f15, released from the list
1397. (5) eap: Peer sent packet with method EAP PEAP (25)
1398. (5) eap: Calling submodule eap_peap to process data
1399. (5) eap_peap: Continuing EAP-TLS
1400. (5) eap_peap: Peer ACKed our handshake fragment. handshake is finished
1401. (5) eap_peap: [eaptls verify] = success
1402. (5) eap_peap: [eaptls process] = success
1403. (5) eap_peap: Session established. Decoding tunneled attributes
1404. (5) eap_peap: PEAP state TUNNEL ESTABLISHED
1405. (5) eap: Sending EAP Request (code 1) ID 6 length 43
1406. (5) eap: EAP session adding &reply:State = 0xb9041651bc020f15
1407. (5) [eap] = handled
1408. (5) } # authenticate = handled
1409. (5) Using Post-Auth-Type Challenge
1410. (5) Post-Auth-Type sub-section not found. Ignoring.
1411. (5) # Executing group from file /etc/raddb/sites-enabled/default
1412. (5) Sent Access-Challenge Id 29 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
1413. (5) EAP-Message = 0x0106002b19001703010020d295762b26d1993b1a516aed02ecefc6a6d13a058c9dcbaa900d5c425ef2c883
1414. (5) Message-Authenticator = 0x00000000000000000000000000000000
1415. (5) State = 0xb9041651bc020f15b0b9e469d234e6ed
1416. (5) Finished request
1417. Waking up in 4.9 seconds.
1418. (6) Received Access-Request Id 30 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
1419. (6) User-Name = "vkratsberg"
1420. (6) NAS-Port = 358
1421. (6) State = 0xb9041651bc020f15b0b9e469d234e6ed
1422. (6) EAP-Message = 0x0206002b1900170301002014a960f83904b749376ba61b736f03fdf4aae0d830cb68cd137f87066d3d5e4c
1423. (6) Message-Authenticator = 0x9407ec5edbeba29f46f46b3cd8b2fde6
1424. (6) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
1425. (6) NAS-Port-Id = "ge-3/0/6.0"
1426. (6) Calling-Station-Id = "00-e0-4c-b8-16-4d"
1427. (6) Called-Station-Id = "ec-3e-f7-68-35-00"
1428. (6) NAS-IP-Address = 10.8.0.111
1429. (6) NAS-Identifier = "nyc-access-sw011"
1430. (6) NAS-Port-Type = Ethernet
1431. (6) session-state: No cached attributes
1432. (6) # Executing section authorize from file /etc/raddb/sites-enabled/default
1433. (6) authorize {
1434. (6) policy filter_username {
1435. (6) if (&User-Name) {
1436. (6) if (&User-Name) -> TRUE
1437. (6) if (&User-Name) {
1438. (6) if (&User-Name =~ / /) {
1439. (6) if (&User-Name =~ / /) -> FALSE
1440. (6) if (&User-Name =~ /@[^@]*@/ ) {
1441. (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1442. (6) if (&User-Name =~ /\.\./ ) {
1443. (6) if (&User-Name =~ /\.\./ ) -> FALSE
1444. (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1445. (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1446. (6) if (&User-Name =~ /\.$/) {
1447. (6) if (&User-Name =~ /\.$/) -> FALSE
1448. (6) if (&User-Name =~ /@\./) {
1449. (6) if (&User-Name =~ /@\./) -> FALSE
1450. (6) } # if (&User-Name) = notfound
1451. (6) } # policy filter_username = notfound
1452. (6) [preprocess] = ok
1453. (6) [chap] = noop
1454. (6) [mschap] = noop
1455. (6) [digest] = noop
1456. (6) suffix: Checking for suffix after "@"
1457. (6) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
1458. (6) suffix: No such realm "NULL"
1459. (6) [suffix] = noop
1460. (6) eap: Peer sent EAP Response (code 2) ID 6 length 43
1461. (6) eap: Continuing tunnel setup
1462. (6) [eap] = ok
1463. (6) } # authorize = ok
1464. (6) Found Auth-Type = eap
1465. (6) # Executing group from file /etc/raddb/sites-enabled/default
1466. (6) authenticate {
1467. (6) eap: Expiring EAP session with state 0xb9041651bc020f15
1468. (6) eap: Finished EAP session with state 0xb9041651bc020f15
1469. (6) eap: Previous EAP request found for state 0xb9041651bc020f15, released from the list
1470. (6) eap: Peer sent packet with method EAP PEAP (25)
1471. (6) eap: Calling submodule eap_peap to process data
1472. (6) eap_peap: Continuing EAP-TLS
1473. (6) eap_peap: [eaptls verify] = ok
1474. (6) eap_peap: Done initial handshake
1475. (6) eap_peap: [eaptls process] = ok
1476. (6) eap_peap: Session established. Decoding tunneled attributes
1477. (6) eap_peap: PEAP state WAITING FOR INNER IDENTITY
1478. (6) eap_peap: Identity - vkratsberg
1479. (6) eap_peap: Got inner identity 'vkratsberg'
1480. (6) eap_peap: Setting default EAP type for tunneled EAP session
1481. (6) eap_peap: Got tunneled request
1482. (6) eap_peap: EAP-Message = 0x0206000f01766b7261747362657267
1483. (6) eap_peap: Setting User-Name to vkratsberg
1484. (6) eap_peap: Sending tunneled request to inner-tunnel
1485. (6) eap_peap: EAP-Message = 0x0206000f01766b7261747362657267
1486. (6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
1487. (6) eap_peap: User-Name = "vkratsberg"
1488. (6) Virtual server inner-tunnel received request
1489. (6) EAP-Message = 0x0206000f01766b7261747362657267
1490. (6) FreeRADIUS-Proxied-To = 127.0.0.1
1491. (6) User-Name = "vkratsberg"
1492. (6) WARNING: Outer and inner identities are the same. User privacy is compromised.
1493. (6) server inner-tunnel {
1494. (6) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
1495. (6) authorize {
1496. (6) policy filter_username {
1497. (6) if (&User-Name) {
1498. (6) if (&User-Name) -> TRUE
1499. (6) if (&User-Name) {
1500. (6) if (&User-Name =~ / /) {
1501. (6) if (&User-Name =~ / /) -> FALSE
1502. (6) if (&User-Name =~ /@[^@]*@/ ) {
1503. (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1504. (6) if (&User-Name =~ /\.\./ ) {
1505. (6) if (&User-Name =~ /\.\./ ) -> FALSE
1506. (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1507. (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1508. (6) if (&User-Name =~ /\.$/) {
1509. (6) if (&User-Name =~ /\.$/) -> FALSE
1510. (6) if (&User-Name =~ /@\./) {
1511. (6) if (&User-Name =~ /@\./) -> FALSE
1512. (6) } # if (&User-Name) = notfound
1513. (6) } # policy filter_username = notfound
1514. (6) [chap] = noop
1515. (6) [mschap] = noop
1516. (6) suffix: Checking for suffix after "@"
1517. (6) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
1518. (6) suffix: No such realm "NULL"
1519. (6) [suffix] = noop
1520. (6) update control {
1521. (6) &Proxy-To-Realm := LOCAL
1522. (6) } # update control = noop
1523. (6) eap: Peer sent EAP Response (code 2) ID 6 length 15
1524. (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
1525. (6) [eap] = ok
1526. (6) } # authorize = ok
1527. (6) Found Auth-Type = eap
1528. (6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
1529. (6) authenticate {
1530. (6) eap: Peer sent packet with method EAP Identity (1)
1531. (6) eap: Calling submodule eap_gtc to process data
1532. (6) eap_gtc: EXPAND Password:
1533. (6) eap_gtc: --> Password:
1534. (6) eap: Sending EAP Request (code 1) ID 7 length 15
1535. (6) eap: EAP session adding &reply:State = 0x4021293440262fa5
1536. (6) [eap] = handled
1537. (6) } # authenticate = handled
1538. (6) } # server inner-tunnel
1539. (6) Virtual server sending reply
1540. (6) EAP-Message = 0x0107000f0650617373776f72643a20
1541. (6) Message-Authenticator = 0x00000000000000000000000000000000
1542. (6) State = 0x4021293440262fa575ce0d9af5368585
1543. (6) eap_peap: Got tunneled reply code 11
1544. (6) eap_peap: EAP-Message = 0x0107000f0650617373776f72643a20
1545. (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
1546. (6) eap_peap: State = 0x4021293440262fa575ce0d9af5368585
1547. (6) eap_peap: Got tunneled reply RADIUS code 11
1548. (6) eap_peap: EAP-Message = 0x0107000f0650617373776f72643a20
1549. (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
1550. (6) eap_peap: State = 0x4021293440262fa575ce0d9af5368585
1551. (6) eap_peap: Got tunneled Access-Challenge
1552. (6) eap: Sending EAP Request (code 1) ID 7 length 43
1553. (6) eap: EAP session adding &reply:State = 0xb9041651bf030f15
1554. (6) [eap] = handled
1555. (6) } # authenticate = handled
1556. (6) Using Post-Auth-Type Challenge
1557. (6) Post-Auth-Type sub-section not found. Ignoring.
1558. (6) # Executing group from file /etc/raddb/sites-enabled/default
1559. (6) Sent Access-Challenge Id 30 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
1560. (6) EAP-Message = 0x0107002b19001703010020a735a7e3c4d3f78965bb47f10393ae945007d1973e98cf8e06058803bf844924
1561. (6) Message-Authenticator = 0x00000000000000000000000000000000
1562. (6) State = 0xb9041651bf030f15b0b9e469d234e6ed
1563. (6) Finished request
1564. Waking up in 4.9 seconds.
1565. (7) Received Access-Request Id 31 from 10.8.0.111:58432 to 10.8.64.155:1812 length 239
1566. (7) User-Name = "vkratsberg"
1567. (7) NAS-Port = 358
1568. (7) State = 0xb9041651bf030f15b0b9e469d234e6ed
1569. (7) EAP-Message = 0x0207003b190017030100307bf478d4cf8a905a85d2e15969788a8e789c1529e3bd2a8b14016a8b2d73c96b899857e2c5a3113e4597ddd06e5c5aba
1570. (7) Message-Authenticator = 0xfb41a29e3d6a768ff1f4c492afa7ce55
1571. (7) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
1572. (7) NAS-Port-Id = "ge-3/0/6.0"
1573. (7) Calling-Station-Id = "00-e0-4c-b8-16-4d"
1574. (7) Called-Station-Id = "ec-3e-f7-68-35-00"
1575. (7) NAS-IP-Address = 10.8.0.111
1576. (7) NAS-Identifier = "nyc-access-sw011"
1577. (7) NAS-Port-Type = Ethernet
1578. (7) session-state: No cached attributes
1579. (7) # Executing section authorize from file /etc/raddb/sites-enabled/default
1580. (7) authorize {
1581. (7) policy filter_username {
1582. (7) if (&User-Name) {
1583. (7) if (&User-Name) -> TRUE
1584. (7) if (&User-Name) {
1585. (7) if (&User-Name =~ / /) {
1586. (7) if (&User-Name =~ / /) -> FALSE
1587. (7) if (&User-Name =~ /@[^@]*@/ ) {
1588. (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1589. (7) if (&User-Name =~ /\.\./ ) {
1590. (7) if (&User-Name =~ /\.\./ ) -> FALSE
1591. (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1592. (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1593. (7) if (&User-Name =~ /\.$/) {
1594. (7) if (&User-Name =~ /\.$/) -> FALSE
1595. (7) if (&User-Name =~ /@\./) {
1596. (7) if (&User-Name =~ /@\./) -> FALSE
1597. (7) } # if (&User-Name) = notfound
1598. (7) } # policy filter_username = notfound
1599. (7) [preprocess] = ok
1600. (7) [chap] = noop
1601. (7) [mschap] = noop
1602. (7) [digest] = noop
1603. (7) suffix: Checking for suffix after "@"
1604. (7) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
1605. (7) suffix: No such realm "NULL"
1606. (7) [suffix] = noop
1607. (7) eap: Peer sent EAP Response (code 2) ID 7 length 59
1608. (7) eap: Continuing tunnel setup
1609. (7) [eap] = ok
1610. (7) } # authorize = ok
1611. (7) Found Auth-Type = eap
1612. (7) # Executing group from file /etc/raddb/sites-enabled/default
1613. (7) authenticate {
1614. (7) eap: Expiring EAP session with state 0x4021293440262fa5
1615. (7) eap: Finished EAP session with state 0xb9041651bf030f15
1616. (7) eap: Previous EAP request found for state 0xb9041651bf030f15, released from the list
1617. (7) eap: Peer sent packet with method EAP PEAP (25)
1618. (7) eap: Calling submodule eap_peap to process data
1619. (7) eap_peap: Continuing EAP-TLS
1620. (7) eap_peap: [eaptls verify] = ok
1621. (7) eap_peap: Done initial handshake
1622. (7) eap_peap: [eaptls process] = ok
1623. (7) eap_peap: Session established. Decoding tunneled attributes
1624. (7) eap_peap: PEAP state phase2
1625. (7) eap_peap: EAP method GTC (6)
1626. (7) eap_peap: Got tunneled request
1627. (7) eap_peap: EAP-Message = 0x02070010065b566b726174313938335d
1628. (7) eap_peap: Setting User-Name to vkratsberg
1629. (7) eap_peap: Sending tunneled request to inner-tunnel
1630. (7) eap_peap: EAP-Message = 0x02070010065b566b726174313938335d
1631. (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
1632. (7) eap_peap: User-Name = "vkratsberg"
1633. (7) eap_peap: State = 0x4021293440262fa575ce0d9af5368585
1634. (7) Virtual server inner-tunnel received request
1635. (7) EAP-Message = 0x02070010065b566b726174313938335d
1636. (7) FreeRADIUS-Proxied-To = 127.0.0.1
1637. (7) User-Name = "vkratsberg"
1638. (7) State = 0x4021293440262fa575ce0d9af5368585
1639. (7) WARNING: Outer and inner identities are the same. User privacy is compromised.
1640. (7) server inner-tunnel {
1641. (7) session-state: No cached attributes
1642. (7) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
1643. (7) authorize {
1644. (7) policy filter_username {
1645. (7) if (&User-Name) {
1646. (7) if (&User-Name) -> TRUE
1647. (7) if (&User-Name) {
1648. (7) if (&User-Name =~ / /) {
1649. (7) if (&User-Name =~ / /) -> FALSE
1650. (7) if (&User-Name =~ /@[^@]*@/ ) {
1651. (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1652. (7) if (&User-Name =~ /\.\./ ) {
1653. (7) if (&User-Name =~ /\.\./ ) -> FALSE
1654. (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1655. (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1656. (7) if (&User-Name =~ /\.$/) {
1657. (7) if (&User-Name =~ /\.$/) -> FALSE
1658. (7) if (&User-Name =~ /@\./) {
1659. (7) if (&User-Name =~ /@\./) -> FALSE
1660. (7) } # if (&User-Name) = notfound
1661. (7) } # policy filter_username = notfound
1662. (7) [chap] = noop
1663. (7) [mschap] = noop
1664. (7) suffix: Checking for suffix after "@"
1665. (7) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
1666. (7) suffix: No such realm "NULL"
1667. (7) [suffix] = noop
1668. (7) update control {
1669. (7) &Proxy-To-Realm := LOCAL
1670. (7) } # update control = noop
1671. (7) eap: Peer sent EAP Response (code 2) ID 7 length 16
1672. (7) eap: No EAP Start, assuming it's an on-going EAP conversation
1673. (7) [eap] = updated
1674. (7) files: Searching for user in group "juniper-admins"
1675. rlm_ldap (ldap): Reserved connection (0)
1676. (7) files: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
1677. (7) files: --> (uid=vkratsberg)
1678. (7) files: Performing search in "dc=sq,dc=net" with filter "(uid=vkratsberg)", scope "sub"
1679. (7) files: Waiting for search result...
1680. (7) files: User object found at DN "uid=vkratsberg,ou=people,dc=sq,dc=net"
1681. (7) files: Checking for user in group objects
1682. (7) files: EXPAND (&(cn=juniper-admins)(objectClass=GroupOfNames)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}})))
1683. (7) files: --> (&(cn=juniper-admins)(objectClass=GroupOfNames)(|(member=uid\3dvkratsberg\2cou\3dpeople\2cdc\3dsq\2cdc\3dnet)(memberUid=vkratsberg)))
1684. (7) files: Performing search in "dc=sq,dc=net" with filter "(&(cn=juniper-admins)(objectClass=GroupOfNames)(|(member=uid\3dvkratsberg\2cou\3dpeople\2cdc\3dsq\2cdc\3dnet)(memberUid=vkratsberg)))", scope "sub"
1685. (7) files: Waiting for search result...
1686. (7) files: User found in group object "dc=sq,dc=net"
1687. rlm_ldap (ldap): Released connection (0)
1688. (7) files: users: Matched entry DEFAULT at line 98
1689. (7) [files] = ok
1690. rlm_ldap (ldap): Reserved connection (1)
1691. (7) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
1692. (7) ldap: --> (uid=vkratsberg)
1693. (7) ldap: Performing search in "dc=sq,dc=net" with filter "(uid=vkratsberg)", scope "sub"
1694. (7) ldap: Waiting for search result...
1695. (7) ldap: User object found at DN "uid=vkratsberg,ou=people,dc=sq,dc=net"
1696. (7) ldap: Processing user attributes
1697. (7) ldap: control:Password-With-Header += '{SSHA}Qen1MM87QS4nPktGhWkyE3ECTjucBhAp+Ce+Ug=='
1698. rlm_ldap (ldap): Released connection (1)
1699. (7) [ldap] = updated
1700. (7) [expiration] = noop
1701. (7) [logintime] = noop
1702. (7) pap: Converted: Password-With-Header -> SSHA1-Password
1703. (7) pap: Removing &control:Password-With-Header
1704. (7) pap: Normalizing SSHA1-Password from base64 encoding, 40 bytes -> 28 bytes
1705. (7) pap: WARNING: Auth-Type already set. Not setting to PAP
1706. (7) [pap] = noop
1707. (7) } # authorize = updated
1708. (7) Found Auth-Type = eap
1709. (7) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
1710. (7) authenticate {
1711. (7) eap: Expiring EAP session with state 0x4021293440262fa5
1712. (7) eap: Finished EAP session with state 0x4021293440262fa5
1713. (7) eap: Previous EAP request found for state 0x4021293440262fa5, released from the list
1714. (7) eap: Peer sent packet with method EAP GTC (6)
1715. (7) eap: Calling submodule eap_gtc to process data
1716. (7) eap_gtc: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
1717. (7) eap_gtc: Auth-Type PAP {
1718. (7) pap: Login attempt with password
1719. (7) pap: Comparing with "known-good" SSHA-Password
1720. (7) pap: User authenticated successfully
1721. (7) [pap] = ok
1722. (7) } # Auth-Type PAP = ok
1723. (7) eap: Sending EAP Success (code 3) ID 7 length 4
1724. (7) eap: Freeing handler
1725. (7) [eap] = ok
1726. (7) } # authenticate = ok
1727. (7) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel
1728. (7) post-auth { ... } # empty sub-section is ignored
1729. (7) } # server inner-tunnel
1730. (7) Virtual server sending reply
1731. (7) Service-Type = Login-User
1732. (7) Idle-Timeout = 600
1733. (7) Juniper-Local-User-Name = "admin"
1734. (7) Tunnel-Type = VLAN
1735. (7) Tunnel-Medium-Type = IEEE-802
1736. (7) Tunnel-Private-Group-Id = "810"
1737. (7) EAP-Message = 0x03070004
1738. (7) Message-Authenticator = 0x00000000000000000000000000000000
1739. (7) User-Name = "vkratsberg"
1740. (7) eap_peap: Got tunneled reply code 2
1741. (7) eap_peap: Service-Type = Login-User
1742. (7) eap_peap: Idle-Timeout = 600
1743. (7) eap_peap: Juniper-Local-User-Name = "admin"
1744. (7) eap_peap: Tunnel-Type = VLAN
1745. (7) eap_peap: Tunnel-Medium-Type = IEEE-802
1746. (7) eap_peap: Tunnel-Private-Group-Id = "810"
1747. (7) eap_peap: EAP-Message = 0x03070004
1748. (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
1749. (7) eap_peap: User-Name = "vkratsberg"
1750. (7) eap_peap: Got tunneled reply RADIUS code 2
1751. (7) eap_peap: Service-Type = Login-User
1752. (7) eap_peap: Idle-Timeout = 600
1753. (7) eap_peap: Juniper-Local-User-Name = "admin"
1754. (7) eap_peap: Tunnel-Type = VLAN
1755. (7) eap_peap: Tunnel-Medium-Type = IEEE-802
1756. (7) eap_peap: Tunnel-Private-Group-Id = "810"
1757. (7) eap_peap: EAP-Message = 0x03070004
1758. (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
1759. (7) eap_peap: User-Name = "vkratsberg"
1760. (7) eap_peap: Tunneled authentication was successful
1761. (7) eap_peap: SUCCESS
1762. (7) eap_peap: Saving tunneled attributes for later
1763. (7) eap: Sending EAP Request (code 1) ID 8 length 43
1764. (7) eap: EAP session adding &reply:State = 0xb9041651be0c0f15
1765. (7) [eap] = handled
1766. (7) } # authenticate = handled
1767. (7) Using Post-Auth-Type Challenge
1768. (7) Post-Auth-Type sub-section not found. Ignoring.
1769. (7) # Executing group from file /etc/raddb/sites-enabled/default
1770. (7) Sent Access-Challenge Id 31 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
1771. (7) EAP-Message = 0x0108002b190017030100208d9e8cf4997e690544834b789122167ecbd2baa34f322db60a9deb702379c0d1
1772. (7) Message-Authenticator = 0x00000000000000000000000000000000
1773. (7) State = 0xb9041651be0c0f15b0b9e469d234e6ed
1774. (7) Finished request
1775. Waking up in 4.8 seconds.
1776. (8) Received Access-Request Id 32 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
1777. (8) User-Name = "vkratsberg"
1778. (8) NAS-Port = 358
1779. (8) State = 0xb9041651be0c0f15b0b9e469d234e6ed
1780. (8) EAP-Message = 0x0208002b1900170301002078e5d6bbe3b2444ea043c5198c26ce62d4d3f1ad174ff00d696da1f343e34c4f
1781. (8) Message-Authenticator = 0x73a9ec2baa0371f4ef359ae867f629af
1782. (8) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
1783. (8) NAS-Port-Id = "ge-3/0/6.0"
1784. (8) Calling-Station-Id = "00-e0-4c-b8-16-4d"
1785. (8) Called-Station-Id = "ec-3e-f7-68-35-00"
1786. (8) NAS-IP-Address = 10.8.0.111
1787. (8) NAS-Identifier = "nyc-access-sw011"
1788. (8) NAS-Port-Type = Ethernet
1789. (8) session-state: No cached attributes
1790. (8) # Executing section authorize from file /etc/raddb/sites-enabled/default
1791. (8) authorize {
1792. (8) policy filter_username {
1793. (8) if (&User-Name) {
1794. (8) if (&User-Name) -> TRUE
1795. (8) if (&User-Name) {
1796. (8) if (&User-Name =~ / /) {
1797. (8) if (&User-Name =~ / /) -> FALSE
1798. (8) if (&User-Name =~ /@[^@]*@/ ) {
1799. (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1800. (8) if (&User-Name =~ /\.\./ ) {
1801. (8) if (&User-Name =~ /\.\./ ) -> FALSE
1802. (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1803. (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1804. (8) if (&User-Name =~ /\.$/) {
1805. (8) if (&User-Name =~ /\.$/) -> FALSE
1806. (8) if (&User-Name =~ /@\./) {
1807. (8) if (&User-Name =~ /@\./) -> FALSE
1808. (8) } # if (&User-Name) = notfound
1809. (8) } # policy filter_username = notfound
1810. (8) [preprocess] = ok
1811. (8) [chap] = noop
1812. (8) [mschap] = noop
1813. (8) [digest] = noop
1814. (8) suffix: Checking for suffix after "@"
1815. (8) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
1816. (8) suffix: No such realm "NULL"
1817. (8) [suffix] = noop
1818. (8) eap: Peer sent EAP Response (code 2) ID 8 length 43
1819. (8) eap: Continuing tunnel setup
1820. (8) [eap] = ok
1821. (8) } # authorize = ok
1822. (8) Found Auth-Type = eap
1823. (8) # Executing group from file /etc/raddb/sites-enabled/default
1824. (8) authenticate {
1825. (8) eap: Expiring EAP session with state 0xb9041651be0c0f15
1826. (8) eap: Finished EAP session with state 0xb9041651be0c0f15
1827. (8) eap: Previous EAP request found for state 0xb9041651be0c0f15, released from the list
1828. (8) eap: Peer sent packet with method EAP PEAP (25)
1829. (8) eap: Calling submodule eap_peap to process data
1830. (8) eap_peap: Continuing EAP-TLS
1831. (8) eap_peap: [eaptls verify] = ok
1832. (8) eap_peap: Done initial handshake
1833. (8) eap_peap: [eaptls process] = ok
1834. (8) eap_peap: Session established. Decoding tunneled attributes
1835. (8) eap_peap: PEAP state send tlv success
1836. (8) eap_peap: Received EAP-TLV response
1837. (8) eap_peap: Success
1838. (8) eap_peap: Using saved attributes from the original Access-Accept
1839. (8) eap_peap: Service-Type = Login-User
1840. (8) eap_peap: Idle-Timeout = 600
1841. (8) eap_peap: Juniper-Local-User-Name = "admin"
1842. (8) eap_peap: Tunnel-Type = VLAN
1843. (8) eap_peap: Tunnel-Medium-Type = IEEE-802
1844. (8) eap_peap: Tunnel-Private-Group-Id = "810"
1845. (8) eap_peap: User-Name = "vkratsberg"
1846. (8) eap_peap: caching User-Name = "vkratsberg"
1847. (8) eap_peap: Failed to find 'persist_dir' in TLS configuration. Session will not be cached on disk.
1848. (8) eap: Sending EAP Success (code 3) ID 8 length 4
1849. (8) eap: Freeing handler
1850. (8) [eap] = ok
1851. (8) } # authenticate = ok
1852. (8) # Executing section post-auth from file /etc/raddb/sites-enabled/default
1853. (8) post-auth {
1854. (8) update {
1855. (8) No attributes updated
1856. (8) } # update = noop
1857. (8) [exec] = noop
1858. (8) policy remove_reply_message_if_eap {
1859. (8) if (&reply:EAP-Message && &reply:Reply-Message) {
1860. (8) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
1861. (8) else {
1862. (8) [noop] = noop
1863. (8) } # else = noop
1864. (8) } # policy remove_reply_message_if_eap = noop
1865. (8) } # post-auth = noop
1866. (8) Sent Access-Accept Id 32 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
1867. (8) Service-Type = Login-User
1868. (8) Idle-Timeout = 600
1869. (8) Juniper-Local-User-Name = "admin"
1870. (8) Tunnel-Type = VLAN
1871. (8) Tunnel-Medium-Type = IEEE-802
1872. (8) Tunnel-Private-Group-Id = "810"
1873. (8) User-Name = "vkratsberg"
1874. (8) MS-MPPE-Recv-Key = 0xb08333bdbf2e0e070c28c461de742ce54d8617a5503a5e375f780488db142a66
1875. (8) MS-MPPE-Send-Key = 0x32c4e6897ab123084e0d95f456035e5e8f9ab424a23fc754fc0c5a3a413a089c
1876. (8) EAP-Message = 0x03080004
1877. (8) Message-Authenticator = 0x00000000000000000000000000000000
1878. (8) Finished request
1879. Waking up in 4.8 seconds.
1880. (9) Received Access-Request Id 33 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
1881. (9) User-Name = "vkratsberg"
1882. (9) NAS-Port = 358
1883. (9) EAP-Message = 0x0209000f01766b7261747362657267
1884. (9) Message-Authenticator = 0xed5f7fe804b0e7f1e379cb60a6b07264
1885. (9) Acct-Session-Id = "8O2.1x81bb0834000d463c"
1886. (9) NAS-Port-Id = "ge-3/0/6.0"
1887. (9) Calling-Station-Id = "00-e0-4c-b8-16-4d"
1888. (9) Called-Station-Id = "ec-3e-f7-68-35-00"
1889. (9) NAS-IP-Address = 10.8.0.111
1890. (9) NAS-Identifier = "nyc-access-sw011"
1891. (9) NAS-Port-Type = Ethernet
1892. (9) # Executing section authorize from file /etc/raddb/sites-enabled/default
1893. (9) authorize {
1894. (9) policy filter_username {
1895. (9) if (&User-Name) {
1896. (9) if (&User-Name) -> TRUE
1897. (9) if (&User-Name) {
1898. (9) if (&User-Name =~ / /) {
1899. (9) if (&User-Name =~ / /) -> FALSE
1900. (9) if (&User-Name =~ /@[^@]*@/ ) {
1901. (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1902. (9) if (&User-Name =~ /\.\./ ) {
1903. (9) if (&User-Name =~ /\.\./ ) -> FALSE
1904. (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1905. (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1906. (9) if (&User-Name =~ /\.$/) {
1907. (9) if (&User-Name =~ /\.$/) -> FALSE
1908. (9) if (&User-Name =~ /@\./) {
1909. (9) if (&User-Name =~ /@\./) -> FALSE
1910. (9) } # if (&User-Name) = notfound
1911. (9) } # policy filter_username = notfound
1912. (9) [preprocess] = ok
1913. (9) [chap] = noop
1914. (9) [mschap] = noop
1915. (9) [digest] = noop
1916. (9) suffix: Checking for suffix after "@"
1917. (9) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
1918. (9) suffix: No such realm "NULL"
1919. (9) [suffix] = noop
1920. (9) eap: Peer sent EAP Response (code 2) ID 9 length 15
1921. (9) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
1922. (9) [eap] = ok
1923. (9) } # authorize = ok
1924. (9) Found Auth-Type = eap
1925. (9) # Executing group from file /etc/raddb/sites-enabled/default
1926. (9) authenticate {
1927. (9) eap: Peer sent packet with method EAP Identity (1)
1928. (9) eap: Calling submodule eap_peap to process data
1929. (9) eap_peap: Initiating new EAP-TLS session
1930. (9) eap_peap: [eaptls start] = request
1931. (9) eap: Sending EAP Request (code 1) ID 10 length 6
1932. (9) eap: EAP session adding &reply:State = 0xff5eb7daff54ae48
1933. (9) [eap] = handled
1934. (9) } # authenticate = handled
1935. (9) Using Post-Auth-Type Challenge
1936. (9) Post-Auth-Type sub-section not found. Ignoring.
1937. (9) # Executing group from file /etc/raddb/sites-enabled/default
1938. (9) Sent Access-Challenge Id 33 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
1939. (9) EAP-Message = 0x010a00061920
1940. (9) Message-Authenticator = 0x00000000000000000000000000000000
1941. (9) State = 0xff5eb7daff54ae487301379a9ca9be22
1942. (9) Finished request
1943. Waking up in 4.7 seconds.
1944. (10) Received Access-Request Id 34 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
1945. (10) User-Name = "vkratsberg"
1946. (10) NAS-Port = 358
1947. (10) State = 0xff5eb7daff54ae487301379a9ca9be22
1948. (10) EAP-Message = 0x020a00a31980000000991603010094010000900301573f503b1eb09f57ba58936d7c2d066dfd54daf58da7abcc42f31117d2b89f3120274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
1949. (10) Message-Authenticator = 0xf839e84cc12da85d092c83ac9ccad37b
1950. (10) Acct-Session-Id = "8O2.1x81bb0834000d463c"
1951. (10) NAS-Port-Id = "ge-3/0/6.0"
1952. (10) Calling-Station-Id = "00-e0-4c-b8-16-4d"
1953. (10) Called-Station-Id = "ec-3e-f7-68-35-00"
1954. (10) NAS-IP-Address = 10.8.0.111
1955. (10) NAS-Identifier = "nyc-access-sw011"
1956. (10) NAS-Port-Type = Ethernet
1957. (10) session-state: No cached attributes
1958. (10) # Executing section authorize from file /etc/raddb/sites-enabled/default
1959. (10) authorize {
1960. (10) policy filter_username {
1961. (10) if (&User-Name) {
1962. (10) if (&User-Name) -> TRUE
1963. (10) if (&User-Name) {
1964. (10) if (&User-Name =~ / /) {
1965. (10) if (&User-Name =~ / /) -> FALSE
1966. (10) if (&User-Name =~ /@[^@]*@/ ) {
1967. (10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1968. (10) if (&User-Name =~ /\.\./ ) {
1969. (10) if (&User-Name =~ /\.\./ ) -> FALSE
1970. (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1971. (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1972. (10) if (&User-Name =~ /\.$/) {
1973. (10) if (&User-Name =~ /\.$/) -> FALSE
1974. (10) if (&User-Name =~ /@\./) {
1975. (10) if (&User-Name =~ /@\./) -> FALSE
1976. (10) } # if (&User-Name) = notfound
1977. (10) } # policy filter_username = notfound
1978. (10) [preprocess] = ok
1979. (10) [chap] = noop
1980. (10) [mschap] = noop
1981. (10) [digest] = noop
1982. (10) suffix: Checking for suffix after "@"
1983. (10) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
1984. (10) suffix: No such realm "NULL"
1985. (10) [suffix] = noop
1986. (10) eap: Peer sent EAP Response (code 2) ID 10 length 163
1987. (10) eap: Continuing tunnel setup
1988. (10) [eap] = ok
1989. (10) } # authorize = ok
1990. (10) Found Auth-Type = eap
1991. (10) # Executing group from file /etc/raddb/sites-enabled/default
1992. (10) authenticate {
1993. (10) eap: Expiring EAP session with state 0xff5eb7daff54ae48
1994. (10) eap: Finished EAP session with state 0xff5eb7daff54ae48
1995. (10) eap: Previous EAP request found for state 0xff5eb7daff54ae48, released from the list
1996. (10) eap: Peer sent packet with method EAP PEAP (25)
1997. (10) eap: Calling submodule eap_peap to process data
1998. (10) eap_peap: Continuing EAP-TLS
1999. (10) eap_peap: Peer indicated complete TLS record size will be 153 bytes
2000. (10) eap_peap: Got complete TLS record (153 bytes)
2001. (10) eap_peap: [eaptls verify] = length included
2002. (10) eap_peap: (other): before/accept initialization
2003. (10) eap_peap: TLS_accept: before/accept initialization
2004. (10) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
2005. (10) eap_peap: TLS_accept: SSLv3 read client hello A
2006. (10) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
2007. (10) eap_peap: TLS_accept: SSLv3 write server hello A
2008. (10) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
2009. (10) eap_peap: TLS_accept: SSLv3 write change cipher spec A
2010. (10) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
2011. (10) eap_peap: TLS_accept: SSLv3 write finished A
2012. (10) eap_peap: TLS_accept: SSLv3 flush data
2013. (10) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
2014. (10) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
2015. (10) eap_peap: In SSL Handshake Phase
2016. (10) eap_peap: In SSL Accept mode
2017. (10) eap_peap: [eaptls process] = handled
2018. (10) eap: Sending EAP Request (code 1) ID 11 length 159
2019. (10) eap: EAP session adding &reply:State = 0xff5eb7dafe55ae48
2020. (10) [eap] = handled
2021. (10) } # authenticate = handled
2022. (10) Using Post-Auth-Type Challenge
2023. (10) Post-Auth-Type sub-section not found. Ignoring.
2024. (10) # Executing group from file /etc/raddb/sites-enabled/default
2025. (10) Sent Access-Challenge Id 34 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
2026. (10) EAP-Message = 0x010b009f19001603010059020000550301573f503b4304379685ec6099653b0068f74d8a8ccf090a7e1f14238d8758bc4620274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b000403000102140301000101160301003032cc0c1b82dc0810
2027. (10) Message-Authenticator = 0x00000000000000000000000000000000
2028. (10) State = 0xff5eb7dafe55ae487301379a9ca9be22
2029. (10) Finished request
2030. Waking up in 4.7 seconds.
2031. (11) Received Access-Request Id 35 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
2032. (11) User-Name = "vkratsberg"
2033. (11) NAS-Port = 358
2034. (11) State = 0xff5eb7dafe55ae487301379a9ca9be22
2035. (11) EAP-Message = 0x020b004519800000003b1403010001011603010030eb15c7acac13fe51813143c0d06547c696329b7bd0000b2b3df2b0a1f49e18ebea0c39e574781241429e229d4eb2cd14
2036. (11) Message-Authenticator = 0x574afcd7bce6663a8af2084dc679d3be
2037. (11) Acct-Session-Id = "8O2.1x81bb0834000d463c"
2038. (11) NAS-Port-Id = "ge-3/0/6.0"
2039. (11) Calling-Station-Id = "00-e0-4c-b8-16-4d"
2040. (11) Called-Station-Id = "ec-3e-f7-68-35-00"
2041. (11) NAS-IP-Address = 10.8.0.111
2042. (11) NAS-Identifier = "nyc-access-sw011"
2043. (11) NAS-Port-Type = Ethernet
2044. (11) session-state: No cached attributes
2045. (11) # Executing section authorize from file /etc/raddb/sites-enabled/default
2046. (11) authorize {
2047. (11) policy filter_username {
2048. (11) if (&User-Name) {
2049. (11) if (&User-Name) -> TRUE
2050. (11) if (&User-Name) {
2051. (11) if (&User-Name =~ / /) {
2052. (11) if (&User-Name =~ / /) -> FALSE
2053. (11) if (&User-Name =~ /@[^@]*@/ ) {
2054. (11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
2055. (11) if (&User-Name =~ /\.\./ ) {
2056. (11) if (&User-Name =~ /\.\./ ) -> FALSE
2057. (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
2058. (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
2059. (11) if (&User-Name =~ /\.$/) {
2060. (11) if (&User-Name =~ /\.$/) -> FALSE
2061. (11) if (&User-Name =~ /@\./) {
2062. (11) if (&User-Name =~ /@\./) -> FALSE
2063. (11) } # if (&User-Name) = notfound
2064. (11) } # policy filter_username = notfound
2065. (11) [preprocess] = ok
2066. (11) [chap] = noop
2067. (11) [mschap] = noop
2068. (11) [digest] = noop
2069. (11) suffix: Checking for suffix after "@"
2070. (11) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
2071. (11) suffix: No such realm "NULL"
2072. (11) [suffix] = noop
2073. (11) eap: Peer sent EAP Response (code 2) ID 11 length 69
2074. (11) eap: Continuing tunnel setup
2075. (11) [eap] = ok
2076. (11) } # authorize = ok
2077. (11) Found Auth-Type = eap
2078. (11) # Executing group from file /etc/raddb/sites-enabled/default
2079. (11) authenticate {
2080. (11) eap: Expiring EAP session with state 0xff5eb7dafe55ae48
2081. (11) eap: Finished EAP session with state 0xff5eb7dafe55ae48
2082. (11) eap: Previous EAP request found for state 0xff5eb7dafe55ae48, released from the list
2083. (11) eap: Peer sent packet with method EAP PEAP (25)
2084. (11) eap: Calling submodule eap_peap to process data
2085. (11) eap_peap: Continuing EAP-TLS
2086. (11) eap_peap: Peer indicated complete TLS record size will be 59 bytes
2087. (11) eap_peap: Got complete TLS record (59 bytes)
2088. (11) eap_peap: [eaptls verify] = length included
2089. (11) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
2090. (11) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
2091. (11) eap_peap: TLS_accept: SSLv3 read finished A
2092. (11) eap_peap: (other): SSL negotiation finished successfully
2093. (11) eap_peap: SSL Connection Established
2094. (11) eap_peap: SSL Application Data
2095. (11) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
2096. (11) eap_peap: reply:User-Name = "vkratsberg"
2097. (11) eap_peap: [eaptls process] = success
2098. (11) eap_peap: Session established. Decoding tunneled attributes
2099. (11) eap_peap: PEAP state TUNNEL ESTABLISHED
2100. (11) eap_peap: Skipping Phase2 because of session resumption
2101. (11) eap_peap: SUCCESS
2102. (11) eap: Sending EAP Request (code 1) ID 12 length 43
2103. (11) eap: EAP session adding &reply:State = 0xff5eb7dafd52ae48
2104. (11) [eap] = handled
2105. (11) } # authenticate = handled
2106. (11) Using Post-Auth-Type Challenge
2107. (11) Post-Auth-Type sub-section not found. Ignoring.
2108. (11) # Executing group from file /etc/raddb/sites-enabled/default
2109. (11) Sent Access-Challenge Id 35 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
2110. (11) User-Name = "vkratsberg"
2111. (11) EAP-Message = 0x010c002b190017030100207e0b9d902dcbd5c2d54bb24b929ac75fe36d2378beedeb91a0d3371bf4c67032
2112. (11) Message-Authenticator = 0x00000000000000000000000000000000
2113. (11) State = 0xff5eb7dafd52ae487301379a9ca9be22
2114. (11) Finished request
2115. Waking up in 4.6 seconds.
2116. (12) Received Access-Request Id 36 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
2117. (12) User-Name = "vkratsberg"
2118. (12) NAS-Port = 358
2119. (12) State = 0xff5eb7dafd52ae487301379a9ca9be22
2120. (12) EAP-Message = 0x020c002b1900170301002022289c2a460245f89da5aa39b27b2f59b2c4ac3c304fba7d2281a4ed8fb3f53a
2121. (12) Message-Authenticator = 0xc57affe6c10d62293699a9dfc84906aa
2122. (12) Acct-Session-Id = "8O2.1x81bb0834000d463c"
2123. (12) NAS-Port-Id = "ge-3/0/6.0"
2124. (12) Calling-Station-Id = "00-e0-4c-b8-16-4d"
2125. (12) Called-Station-Id = "ec-3e-f7-68-35-00"
2126. (12) NAS-IP-Address = 10.8.0.111
2127. (12) NAS-Identifier = "nyc-access-sw011"
2128. (12) NAS-Port-Type = Ethernet
2129. (12) session-state: No cached attributes
2130. (12) # Executing section authorize from file /etc/raddb/sites-enabled/default
2131. (12) authorize {
2132. (12) policy filter_username {
2133. (12) if (&User-Name) {
2134. (12) if (&User-Name) -> TRUE
2135. (12) if (&User-Name) {
2136. (12) if (&User-Name =~ / /) {
2137. (12) if (&User-Name =~ / /) -> FALSE
2138. (12) if (&User-Name =~ /@[^@]*@/ ) {
2139. (12) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
2140. (12) if (&User-Name =~ /\.\./ ) {
2141. (12) if (&User-Name =~ /\.\./ ) -> FALSE
2142. (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
2143. (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
2144. (12) if (&User-Name =~ /\.$/) {
2145. (12) if (&User-Name =~ /\.$/) -> FALSE
2146. (12) if (&User-Name =~ /@\./) {
2147. (12) if (&User-Name =~ /@\./) -> FALSE
2148. (12) } # if (&User-Name) = notfound
2149. (12) } # policy filter_username = notfound
2150. (12) [preprocess] = ok
2151. (12) [chap] = noop
2152. (12) [mschap] = noop
2153. (12) [digest] = noop
2154. (12) suffix: Checking for suffix after "@"
2155. (12) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
2156. (12) suffix: No such realm "NULL"
2157. (12) [suffix] = noop
2158. (12) eap: Peer sent EAP Response (code 2) ID 12 length 43
2159. (12) eap: Continuing tunnel setup
2160. (12) [eap] = ok
2161. (12) } # authorize = ok
2162. (12) Found Auth-Type = eap
2163. (12) # Executing group from file /etc/raddb/sites-enabled/default
2164. (12) authenticate {
2165. (12) eap: Expiring EAP session with state 0xff5eb7dafd52ae48
2166. (12) eap: Finished EAP session with state 0xff5eb7dafd52ae48
2167. (12) eap: Previous EAP request found for state 0xff5eb7dafd52ae48, released from the list
2168. (12) eap: Peer sent packet with method EAP PEAP (25)
2169. (12) eap: Calling submodule eap_peap to process data
2170. (12) eap_peap: Continuing EAP-TLS
2171. (12) eap_peap: [eaptls verify] = ok
2172. (12) eap_peap: Done initial handshake
2173. (12) eap_peap: [eaptls process] = ok
2174. (12) eap_peap: Session established. Decoding tunneled attributes
2175. (12) eap_peap: PEAP state send tlv success
2176. (12) eap_peap: Received EAP-TLV response
2177. (12) eap_peap: Success
2178. (12) eap_peap: No saved attributes in the original Access-Accept
2179. (12) eap: Sending EAP Success (code 3) ID 12 length 4
2180. (12) eap: Freeing handler
2181. (12) [eap] = ok
2182. (12) } # authenticate = ok
2183. (12) # Executing section post-auth from file /etc/raddb/sites-enabled/default
2184. (12) post-auth {
2185. (12) update {
2186. (12) No attributes updated
2187. (12) } # update = noop
2188. (12) [exec] = noop
2189. (12) policy remove_reply_message_if_eap {
2190. (12) if (&reply:EAP-Message && &reply:Reply-Message) {
2191. (12) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
2192. (12) else {
2193. (12) [noop] = noop
2194. (12) } # else = noop
2195. (12) } # policy remove_reply_message_if_eap = noop
2196. (12) } # post-auth = noop
2197. (12) Sent Access-Accept Id 36 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
2198. (12) MS-MPPE-Recv-Key = 0xacea6d652ae6a84bf5c12d64a594fd493472fe569b12c00d6866bcd5b6b90a31
2199. (12) MS-MPPE-Send-Key = 0x8ea78e81155b6829c61a1f300248920712afca62a0495e8e34d536e3a02b0220
2200. (12) EAP-Message = 0x030c0004
2201. (12) Message-Authenticator = 0x00000000000000000000000000000000
2202. (12) User-Name = "vkratsberg"
2203. (12) Finished request
2204. Waking up in 4.6 seconds.
2205. (13) Received Access-Request Id 37 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
2206. (13) User-Name = "vkratsberg"
2207. (13) NAS-Port = 358
2208. (13) EAP-Message = 0x020d000f01766b7261747362657267
2209. (13) Message-Authenticator = 0x952734527243cfbd6546a561adf96273
2210. (13) Acct-Session-Id = "8O2.1x81bb0835000f11d9"
2211. (13) NAS-Port-Id = "ge-3/0/6.0"
2212. (13) Calling-Station-Id = "00-e0-4c-b8-16-4d"
2213. (13) Called-Station-Id = "ec-3e-f7-68-35-00"
2214. (13) NAS-IP-Address = 10.8.0.111
2215. (13) NAS-Identifier = "nyc-access-sw011"
2216. (13) NAS-Port-Type = Ethernet
2217. (13) # Executing section authorize from file /etc/raddb/sites-enabled/default
2218. (13) authorize {
2219. (13) policy filter_username {
2220. (13) if (&User-Name) {
2221. (13) if (&User-Name) -> TRUE
2222. (13) if (&User-Name) {
2223. (13) if (&User-Name =~ / /) {
2224. (13) if (&User-Name =~ / /) -> FALSE
2225. (13) if (&User-Name =~ /@[^@]*@/ ) {
2226. (13) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
2227. (13) if (&User-Name =~ /\.\./ ) {
2228. (13) if (&User-Name =~ /\.\./ ) -> FALSE
2229. (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
2230. (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
2231. (13) if (&User-Name =~ /\.$/) {
2232. (13) if (&User-Name =~ /\.$/) -> FALSE
2233. (13) if (&User-Name =~ /@\./) {
2234. (13) if (&User-Name =~ /@\./) -> FALSE
2235. (13) } # if (&User-Name) = notfound
2236. (13) } # policy filter_username = notfound
2237. (13) [preprocess] = ok
2238. (13) [chap] = noop
2239. (13) [mschap] = noop
2240. (13) [digest] = noop
2241. (13) suffix: Checking for suffix after "@"
2242. (13) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
2243. (13) suffix: No such realm "NULL"
2244. (13) [suffix] = noop
2245. (13) eap: Peer sent EAP Response (code 2) ID 13 length 15
2246. (13) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
2247. (13) [eap] = ok
2248. (13) } # authorize = ok
2249. (13) Found Auth-Type = eap
2250. (13) # Executing group from file /etc/raddb/sites-enabled/default
2251. (13) authenticate {
2252. (13) eap: Peer sent packet with method EAP Identity (1)
2253. (13) eap: Calling submodule eap_peap to process data
2254. (13) eap_peap: Initiating new EAP-TLS session
2255. (13) eap_peap: [eaptls start] = request
2256. (13) eap: Sending EAP Request (code 1) ID 14 length 6
2257. (13) eap: EAP session adding &reply:State = 0x26618bcd266f9235
2258. (13) [eap] = handled
2259. (13) } # authenticate = handled
2260. (13) Using Post-Auth-Type Challenge
2261. (13) Post-Auth-Type sub-section not found. Ignoring.
2262. (13) # Executing group from file /etc/raddb/sites-enabled/default
2263. (13) Sent Access-Challenge Id 37 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
2264. (13) EAP-Message = 0x010e00061920
2265. (13) Message-Authenticator = 0x00000000000000000000000000000000
2266. (13) State = 0x26618bcd266f923516605d9f3eeea377
2267. (13) Finished request
2268. Waking up in 4.6 seconds.
2269. (14) Received Access-Request Id 38 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
2270. (14) User-Name = "vkratsberg"
2271. (14) NAS-Port = 358
2272. (14) State = 0x26618bcd266f923516605d9f3eeea377
2273. (14) EAP-Message = 0x020e00a31980000000991603010094010000900301573f503b75dcbdf5e8407b14b446ebd12493f4ab32d92109beebe64bd32ee4eb20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
2274. (14) Message-Authenticator = 0xe606b2d206d25f79c88b89db22310750
2275. (14) Acct-Session-Id = "8O2.1x81bb0835000f11d9"
2276. (14) NAS-Port-Id = "ge-3/0/6.0"
2277. (14) Calling-Station-Id = "00-e0-4c-b8-16-4d"
2278. (14) Called-Station-Id = "ec-3e-f7-68-35-00"
2279. (14) NAS-IP-Address = 10.8.0.111
2280. (14) NAS-Identifier = "nyc-access-sw011"
2281. (14) NAS-Port-Type = Ethernet
2282. (14) session-state: No cached attributes
2283. (14) # Executing section authorize from file /etc/raddb/sites-enabled/default
2284. (14) authorize {
2285. (14) policy filter_username {
2286. (14) if (&User-Name) {
2287. (14) if (&User-Name) -> TRUE
2288. (14) if (&User-Name) {
2289. (14) if (&User-Name =~ / /) {
2290. (14) if (&User-Name =~ / /) -> FALSE
2291. (14) if (&User-Name =~ /@[^@]*@/ ) {
2292. (14) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
2293. (14) if (&User-Name =~ /\.\./ ) {
2294. (14) if (&User-Name =~ /\.\./ ) -> FALSE
2295. (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
2296. (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
2297. (14) if (&User-Name =~ /\.$/) {
2298. (14) if (&User-Name =~ /\.$/) -> FALSE
2299. (14) if (&User-Name =~ /@\./) {
2300. (14) if (&User-Name =~ /@\./) -> FALSE
2301. (14) } # if (&User-Name) = notfound
2302. (14) } # policy filter_username = notfound
2303. (14) [preprocess] = ok
2304. (14) [chap] = noop
2305. (14) [mschap] = noop
2306. (14) [digest] = noop
2307. (14) suffix: Checking for suffix after "@"
2308. (14) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
2309. (14) suffix: No such realm "NULL"
2310. (14) [suffix] = noop
2311. (14) eap: Peer sent EAP Response (code 2) ID 14 length 163
2312. (14) eap: Continuing tunnel setup
2313. (14) [eap] = ok
2314. (14) } # authorize = ok
2315. (14) Found Auth-Type = eap
2316. (14) # Executing group from file /etc/raddb/sites-enabled/default
2317. (14) authenticate {
2318. (14) eap: Expiring EAP session with state 0x26618bcd266f9235
2319. (14) eap: Finished EAP session with state 0x26618bcd266f9235
2320. (14) eap: Previous EAP request found for state 0x26618bcd266f9235, released from the list
2321. (14) eap: Peer sent packet with method EAP PEAP (25)
2322. (14) eap: Calling submodule eap_peap to process data
2323. (14) eap_peap: Continuing EAP-TLS
2324. (14) eap_peap: Peer indicated complete TLS record size will be 153 bytes
2325. (14) eap_peap: Got complete TLS record (153 bytes)
2326. (14) eap_peap: [eaptls verify] = length included
2327. (14) eap_peap: (other): before/accept initialization
2328. (14) eap_peap: TLS_accept: before/accept initialization
2329. (14) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
2330. (14) eap_peap: TLS_accept: SSLv3 read client hello A
2331. (14) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
2332. (14) eap_peap: TLS_accept: SSLv3 write server hello A
2333. (14) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
2334. (14) eap_peap: TLS_accept: SSLv3 write change cipher spec A
2335. (14) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
2336. (14) eap_peap: TLS_accept: SSLv3 write finished A
2337. (14) eap_peap: TLS_accept: SSLv3 flush data
2338. (14) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
2339. (14) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
2340. (14) eap_peap: In SSL Handshake Phase
2341. (14) eap_peap: In SSL Accept mode
2342. (14) eap_peap: [eaptls process] = handled
2343. (14) eap: Sending EAP Request (code 1) ID 15 length 159
2344. (14) eap: EAP session adding &reply:State = 0x26618bcd276e9235
2345. (14) [eap] = handled
2346. (14) } # authenticate = handled
2347. (14) Using Post-Auth-Type Challenge
2348. (14) Post-Auth-Type sub-section not found. Ignoring.
2349. (14) # Executing group from file /etc/raddb/sites-enabled/default
2350. (14) Sent Access-Challenge Id 38 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
2351. (14) EAP-Message = 0x010f009f19001603010059020000550301573f503c9136e92fc3f9e43ee6162c8bf9f3d4e10be4cb374b970f93b1b435dd20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100301fde45bd5326ef35
2352. (14) Message-Authenticator = 0x00000000000000000000000000000000
2353. (14) State = 0x26618bcd276e923516605d9f3eeea377
2354. (14) Finished request
2355. Waking up in 4.6 seconds.
2356. (15) Received Access-Request Id 39 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
2357. (15) User-Name = "vkratsberg"
2358. (15) NAS-Port = 358
2359. (15) State = 0x26618bcd276e923516605d9f3eeea377
2360. (15) EAP-Message = 0x020f004519800000003b1403010001011603010030b7ae8fe61689b77b4a3658c0afd82f4323fda71104ccc22d51d6ac8b98c31b90f40c21d9ea07abaf3e211effcb54f23c
2361. (15) Message-Authenticator = 0x372a774207028f49541dbd1a39239f93
2362. (15) Acct-Session-Id = "8O2.1x81bb0835000f11d9"
2363. (15) NAS-Port-Id = "ge-3/0/6.0"
2364. (15) Calling-Station-Id = "00-e0-4c-b8-16-4d"
2365. (15) Called-Station-Id = "ec-3e-f7-68-35-00"
2366. (15) NAS-IP-Address = 10.8.0.111
2367. (15) NAS-Identifier = "nyc-access-sw011"
2368. (15) NAS-Port-Type = Ethernet
2369. (15) session-state: No cached attributes
2370. (15) # Executing section authorize from file /etc/raddb/sites-enabled/default
2371. (15) authorize {
2372. (15) policy filter_username {
2373. (15) if (&User-Name) {
2374. (15) if (&User-Name) -> TRUE
2375. (15) if (&User-Name) {
2376. (15) if (&User-Name =~ / /) {
2377. (15) if (&User-Name =~ / /) -> FALSE
2378. (15) if (&User-Name =~ /@[^@]*@/ ) {
2379. (15) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
2380. (15) if (&User-Name =~ /\.\./ ) {
2381. (15) if (&User-Name =~ /\.\./ ) -> FALSE
2382. (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
2383. (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
2384. (15) if (&User-Name =~ /\.$/) {
2385. (15) if (&User-Name =~ /\.$/) -> FALSE
2386. (15) if (&User-Name =~ /@\./) {
2387. (15) if (&User-Name =~ /@\./) -> FALSE
2388. (15) } # if (&User-Name) = notfound
2389. (15) } # policy filter_username = notfound
2390. (15) [preprocess] = ok
2391. (15) [chap] = noop
2392. (15) [mschap] = noop
2393. (15) [digest] = noop
2394. (15) suffix: Checking for suffix after "@"
2395. (15) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
2396. (15) suffix: No such realm "NULL"
2397. (15) [suffix] = noop
2398. (15) eap: Peer sent EAP Response (code 2) ID 15 length 69
2399. (15) eap: Continuing tunnel setup
2400. (15) [eap] = ok
2401. (15) } # authorize = ok
2402. (15) Found Auth-Type = eap
2403. (15) # Executing group from file /etc/raddb/sites-enabled/default
2404. (15) authenticate {
2405. (15) eap: Expiring EAP session with state 0x26618bcd276e9235
2406. (15) eap: Finished EAP session with state 0x26618bcd276e9235
2407. (15) eap: Previous EAP request found for state 0x26618bcd276e9235, released from the list
2408. (15) eap: Peer sent packet with method EAP PEAP (25)
2409. (15) eap: Calling submodule eap_peap to process data
2410. (15) eap_peap: Continuing EAP-TLS
2411. (15) eap_peap: Peer indicated complete TLS record size will be 59 bytes
2412. (15) eap_peap: Got complete TLS record (59 bytes)
2413. (15) eap_peap: [eaptls verify] = length included
2414. (15) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
2415. (15) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
2416. (15) eap_peap: TLS_accept: SSLv3 read finished A
2417. (15) eap_peap: (other): SSL negotiation finished successfully
2418. (15) eap_peap: SSL Connection Established
2419. (15) eap_peap: SSL Application Data
2420. (15) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
2421. (15) eap_peap: reply:User-Name = "vkratsberg"
2422. (15) eap_peap: [eaptls process] = success
2423. (15) eap_peap: Session established. Decoding tunneled attributes
2424. (15) eap_peap: PEAP state TUNNEL ESTABLISHED
2425. (15) eap_peap: Skipping Phase2 because of session resumption
2426. (15) eap_peap: SUCCESS
2427. (15) eap: Sending EAP Request (code 1) ID 16 length 43
2428. (15) eap: EAP session adding &reply:State = 0x26618bcd24719235
2429. (15) [eap] = handled
2430. (15) } # authenticate = handled
2431. (15) Using Post-Auth-Type Challenge
2432. (15) Post-Auth-Type sub-section not found. Ignoring.
2433. (15) # Executing group from file /etc/raddb/sites-enabled/default
2434. (15) Sent Access-Challenge Id 39 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
2435. (15) User-Name = "vkratsberg"
2436. (15) EAP-Message = 0x0110002b1900170301002085dbffa366f779588005dd4b7d201b68d8d89de6801d916d5f5b5c405d83cfb0
2437. (15) Message-Authenticator = 0x00000000000000000000000000000000
2438. (15) State = 0x26618bcd2471923516605d9f3eeea377
2439. (15) Finished request
2440. Waking up in 4.6 seconds.
2441. (16) Received Access-Request Id 40 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
2442. (16) User-Name = "vkratsberg"
2443. (16) NAS-Port = 358
2444. (16) State = 0x26618bcd2471923516605d9f3eeea377
2445. (16) EAP-Message = 0x0210002b19001703010020e2ff6a74247bba6af9a2fed43f2b4cb2cd826d60445189d46df228c2cfcc0aad
2446. (16) Message-Authenticator = 0xf43b7ee5c1648a87e1a1dbe1419b42f4
2447. (16) Acct-Session-Id = "8O2.1x81bb0835000f11d9"
2448. (16) NAS-Port-Id = "ge-3/0/6.0"
2449. (16) Calling-Station-Id = "00-e0-4c-b8-16-4d"
2450. (16) Called-Station-Id = "ec-3e-f7-68-35-00"
2451. (16) NAS-IP-Address = 10.8.0.111
2452. (16) NAS-Identifier = "nyc-access-sw011"
2453. (16) NAS-Port-Type = Ethernet
2454. (16) session-state: No cached attributes
2455. (16) # Executing section authorize from file /etc/raddb/sites-enabled/default
2456. (16) authorize {
2457. (16) policy filter_username {
2458. (16) if (&User-Name) {
2459. (16) if (&User-Name) -> TRUE
2460. (16) if (&User-Name) {
2461. (16) if (&User-Name =~ / /) {
2462. (16) if (&User-Name =~ / /) -> FALSE
2463. (16) if (&User-Name =~ /@[^@]*@/ ) {
2464. (16) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
2465. (16) if (&User-Name =~ /\.\./ ) {
2466. (16) if (&User-Name =~ /\.\./ ) -> FALSE
2467. (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
2468. (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
2469. (16) if (&User-Name =~ /\.$/) {
2470. (16) if (&User-Name =~ /\.$/) -> FALSE
2471. (16) if (&User-Name =~ /@\./) {
2472. (16) if (&User-Name =~ /@\./) -> FALSE
2473. (16) } # if (&User-Name) = notfound
2474. (16) } # policy filter_username = notfound
2475. (16) [preprocess] = ok
2476. (16) [chap] = noop
2477. (16) [mschap] = noop
2478. (16) [digest] = noop
2479. (16) suffix: Checking for suffix after "@"
2480. (16) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
2481. (16) suffix: No such realm "NULL"
2482. (16) [suffix] = noop
2483. (16) eap: Peer sent EAP Response (code 2) ID 16 length 43
2484. (16) eap: Continuing tunnel setup
2485. (16) [eap] = ok
2486. (16) } # authorize = ok
2487. (16) Found Auth-Type = eap
2488. (16) # Executing group from file /etc/raddb/sites-enabled/default
2489. (16) authenticate {
2490. (16) eap: Expiring EAP session with state 0x26618bcd24719235
2491. (16) eap: Finished EAP session with state 0x26618bcd24719235
2492. (16) eap: Previous EAP request found for state 0x26618bcd24719235, released from the list
2493. (16) eap: Peer sent packet with method EAP PEAP (25)
2494. (16) eap: Calling submodule eap_peap to process data
2495. (16) eap_peap: Continuing EAP-TLS
2496. (16) eap_peap: [eaptls verify] = ok
2497. (16) eap_peap: Done initial handshake
2498. (16) eap_peap: [eaptls process] = ok
2499. (16) eap_peap: Session established. Decoding tunneled attributes
2500. (16) eap_peap: PEAP state send tlv success
2501. (16) eap_peap: Received EAP-TLV response
2502. (16) eap_peap: Success
2503. (16) eap_peap: No saved attributes in the original Access-Accept
2504. (16) eap: Sending EAP Success (code 3) ID 16 length 4
2505. (16) eap: Freeing handler
2506. (16) [eap] = ok
2507. (16) } # authenticate = ok
2508. (16) # Executing section post-auth from file /etc/raddb/sites-enabled/default
2509. (16) post-auth {
2510. (16) update {
2511. (16) No attributes updated
2512. (16) } # update = noop
2513. (16) [exec] = noop
2514. (16) policy remove_reply_message_if_eap {
2515. (16) if (&reply:EAP-Message && &reply:Reply-Message) {
2516. (16) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
2517. (16) else {
2518. (16) [noop] = noop
2519. (16) } # else = noop
2520. (16) } # policy remove_reply_message_if_eap = noop
2521. (16) } # post-auth = noop
2522. (16) Sent Access-Accept Id 40 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
2523. (16) MS-MPPE-Recv-Key = 0xb37843922152b87f0e914541087625b93dcd5e5740689f9682179b71b002ff18
2524. (16) MS-MPPE-Send-Key = 0xfc3e3438cec67720d650c4c50a0c4d9af364f139f94b0656b23101d08792e000
2525. (16) EAP-Message = 0x03100004
2526. (16) Message-Authenticator = 0x00000000000000000000000000000000
2527. (16) User-Name = "vkratsberg"
2528. (16) Finished request
2529. Waking up in 4.5 seconds.
2530. (17) Received Access-Request Id 41 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
2531. (17) User-Name = "vkratsberg"
2532. (17) NAS-Port = 358
2533. (17) EAP-Message = 0x0211000f01766b7261747362657267
2534. (17) Message-Authenticator = 0xaf47ff61070316122f178c7d57309b01
2535. (17) Acct-Session-Id = "8O2.1x81bb083600016d65"
2536. (17) NAS-Port-Id = "ge-3/0/6.0"
2537. (17) Calling-Station-Id = "00-e0-4c-b8-16-4d"
2538. (17) Called-Station-Id = "ec-3e-f7-68-35-00"
2539. (17) NAS-IP-Address = 10.8.0.111
2540. (17) NAS-Identifier = "nyc-access-sw011"
2541. (17) NAS-Port-Type = Ethernet
2542. (17) # Executing section authorize from file /etc/raddb/sites-enabled/default
2543. (17) authorize {
2544. (17) policy filter_username {
2545. (17) if (&User-Name) {
2546. (17) if (&User-Name) -> TRUE
2547. (17) if (&User-Name) {
2548. (17) if (&User-Name =~ / /) {
2549. (17) if (&User-Name =~ / /) -> FALSE
2550. (17) if (&User-Name =~ /@[^@]*@/ ) {
2551. (17) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
2552. (17) if (&User-Name =~ /\.\./ ) {
2553. (17) if (&User-Name =~ /\.\./ ) -> FALSE
2554. (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
2555. (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
2556. (17) if (&User-Name =~ /\.$/) {
2557. (17) if (&User-Name =~ /\.$/) -> FALSE
2558. (17) if (&User-Name =~ /@\./) {
2559. (17) if (&User-Name =~ /@\./) -> FALSE
2560. (17) } # if (&User-Name) = notfound
2561. (17) } # policy filter_username = notfound
2562. (17) [preprocess] = ok
2563. (17) [chap] = noop
2564. (17) [mschap] = noop
2565. (17) [digest] = noop
2566. (17) suffix: Checking for suffix after "@"
2567. (17) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
2568. (17) suffix: No such realm "NULL"
2569. (17) [suffix] = noop
2570. (17) eap: Peer sent EAP Response (code 2) ID 17 length 15
2571. (17) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
2572. (17) [eap] = ok
2573. (17) } # authorize = ok
2574. (17) Found Auth-Type = eap
2575. (17) # Executing group from file /etc/raddb/sites-enabled/default
2576. (17) authenticate {
2577. (17) eap: Peer sent packet with method EAP Identity (1)
2578. (17) eap: Calling submodule eap_peap to process data
2579. (17) eap_peap: Initiating new EAP-TLS session
2580. (17) eap_peap: [eaptls start] = request
2581. (17) eap: Sending EAP Request (code 1) ID 18 length 6
2582. (17) eap: EAP session adding &reply:State = 0xb39207a0b3801e2a
2583. (17) [eap] = handled
2584. (17) } # authenticate = handled
2585. (17) Using Post-Auth-Type Challenge
2586. (17) Post-Auth-Type sub-section not found. Ignoring.
2587. (17) # Executing group from file /etc/raddb/sites-enabled/default
2588. (17) Sent Access-Challenge Id 41 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
2589. (17) EAP-Message = 0x011200061920
2590. (17) Message-Authenticator = 0x00000000000000000000000000000000
2591. (17) State = 0xb39207a0b3801e2a011379ad3521b636
2592. (17) Finished request
2593. Waking up in 4.5 seconds.
2594. (18) Received Access-Request Id 42 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
2595. (18) User-Name = "vkratsberg"
2596. (18) NAS-Port = 358
2597. (18) State = 0xb39207a0b3801e2a011379ad3521b636
2598. (18) EAP-Message = 0x021200a31980000000991603010094010000900301573f503cbbd8a0ee36cd04f3db966e474e1c5f78547edde60d426dd74043300220274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
2599. (18) Message-Authenticator = 0xa0e2b848c94a0d8e82752b359d4b89cc
2600. (18) Acct-Session-Id = "8O2.1x81bb083600016d65"
2601. (18) NAS-Port-Id = "ge-3/0/6.0"
2602. (18) Calling-Station-Id = "00-e0-4c-b8-16-4d"
2603. (18) Called-Station-Id = "ec-3e-f7-68-35-00"
2604. (18) NAS-IP-Address = 10.8.0.111
2605. (18) NAS-Identifier = "nyc-access-sw011"
2606. (18) NAS-Port-Type = Ethernet
2607. (18) session-state: No cached attributes
2608. (18) # Executing section authorize from file /etc/raddb/sites-enabled/default
2609. (18) authorize {
2610. (18) policy filter_username {
2611. (18) if (&User-Name) {
2612. (18) if (&User-Name) -> TRUE
2613. (18) if (&User-Name) {
2614. (18) if (&User-Name =~ / /) {
2615. (18) if (&User-Name =~ / /) -> FALSE
2616. (18) if (&User-Name =~ /@[^@]*@/ ) {
2617. (18) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
2618. (18) if (&User-Name =~ /\.\./ ) {
2619. (18) if (&User-Name =~ /\.\./ ) -> FALSE
2620. (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
2621. (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
2622. (18) if (&User-Name =~ /\.$/) {
2623. (18) if (&User-Name =~ /\.$/) -> FALSE
2624. (18) if (&User-Name =~ /@\./) {
2625. (18) if (&User-Name =~ /@\./) -> FALSE
2626. (18) } # if (&User-Name) = notfound
2627. (18) } # policy filter_username = notfound
2628. (18) [preprocess] = ok
2629. (18) [chap] = noop
2630. (18) [mschap] = noop
2631. (18) [digest] = noop
2632. (18) suffix: Checking for suffix after "@"
2633. (18) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
2634. (18) suffix: No such realm "NULL"
2635. (18) [suffix] = noop
2636. (18) eap: Peer sent EAP Response (code 2) ID 18 length 163
2637. (18) eap: Continuing tunnel setup
2638. (18) [eap] = ok
2639. (18) } # authorize = ok
2640. (18) Found Auth-Type = eap
2641. (18) # Executing group from file /etc/raddb/sites-enabled/default
2642. (18) authenticate {
2643. (18) eap: Expiring EAP session with state 0xb39207a0b3801e2a
2644. (18) eap: Finished EAP session with state 0xb39207a0b3801e2a
2645. (18) eap: Previous EAP request found for state 0xb39207a0b3801e2a, released from the list
2646. (18) eap: Peer sent packet with method EAP PEAP (25)
2647. (18) eap: Calling submodule eap_peap to process data
2648. (18) eap_peap: Continuing EAP-TLS
2649. (18) eap_peap: Peer indicated complete TLS record size will be 153 bytes
2650. (18) eap_peap: Got complete TLS record (153 bytes)
2651. (18) eap_peap: [eaptls verify] = length included
2652. (18) eap_peap: (other): before/accept initialization
2653. (18) eap_peap: TLS_accept: before/accept initialization
2654. (18) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
2655. (18) eap_peap: TLS_accept: SSLv3 read client hello A
2656. (18) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
2657. (18) eap_peap: TLS_accept: SSLv3 write server hello A
2658. (18) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
2659. (18) eap_peap: TLS_accept: SSLv3 write change cipher spec A
2660. (18) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
2661. (18) eap_peap: TLS_accept: SSLv3 write finished A
2662. (18) eap_peap: TLS_accept: SSLv3 flush data
2663. (18) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
2664. (18) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
2665. (18) eap_peap: In SSL Handshake Phase
2666. (18) eap_peap: In SSL Accept mode
2667. (18) eap_peap: [eaptls process] = handled
2668. (18) eap: Sending EAP Request (code 1) ID 19 length 159
2669. (18) eap: EAP session adding &reply:State = 0xb39207a0b2811e2a
2670. (18) [eap] = handled
2671. (18) } # authenticate = handled
2672. (18) Using Post-Auth-Type Challenge
2673. (18) Post-Auth-Type sub-section not found. Ignoring.
2674. (18) # Executing group from file /etc/raddb/sites-enabled/default
2675. (18) Sent Access-Challenge Id 42 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
2676. (18) EAP-Message = 0x0113009f19001603010059020000550301573f503c2f02924b0bbafcca7da7cd7645f6884ea9f384a121d218c64059e21d20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100302e877ea111677204
2677. (18) Message-Authenticator = 0x00000000000000000000000000000000
2678. (18) State = 0xb39207a0b2811e2a011379ad3521b636
2679. (18) Finished request
2680. Waking up in 4.5 seconds.
2681. (19) Received Access-Request Id 43 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
2682. (19) User-Name = "vkratsberg"
2683. (19) NAS-Port = 358
2684. (19) State = 0xb39207a0b2811e2a011379ad3521b636
2685. (19) EAP-Message = 0x0213004519800000003b1403010001011603010030a0d1d68d735b6441f2e4c188ec0c6b4b314fa067016b07386f6f4d18f7162551ebc9fbf72229672dab036f01af615d15
2686. (19) Message-Authenticator = 0xd3dfac0d9295676c54e513b79ed46806
2687. (19) Acct-Session-Id = "8O2.1x81bb083600016d65"
2688. (19) NAS-Port-Id = "ge-3/0/6.0"
2689. (19) Calling-Station-Id = "00-e0-4c-b8-16-4d"
2690. (19) Called-Station-Id = "ec-3e-f7-68-35-00"
2691. (19) NAS-IP-Address = 10.8.0.111
2692. (19) NAS-Identifier = "nyc-access-sw011"
2693. (19) NAS-Port-Type = Ethernet
2694. (19) session-state: No cached attributes
2695. (19) # Executing section authorize from file /etc/raddb/sites-enabled/default
2696. (19) authorize {
2697. (19) policy filter_username {
2698. (19) if (&User-Name) {
2699. (19) if (&User-Name) -> TRUE
2700. (19) if (&User-Name) {
2701. (19) if (&User-Name =~ / /) {
2702. (19) if (&User-Name =~ / /) -> FALSE
2703. (19) if (&User-Name =~ /@[^@]*@/ ) {
2704. (19) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
2705. (19) if (&User-Name =~ /\.\./ ) {
2706. (19) if (&User-Name =~ /\.\./ ) -> FALSE
2707. (19) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
2708. (19) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
2709. (19) if (&User-Name =~ /\.$/) {
2710. (19) if (&User-Name =~ /\.$/) -> FALSE
2711. (19) if (&User-Name =~ /@\./) {
2712. (19) if (&User-Name =~ /@\./) -> FALSE
2713. (19) } # if (&User-Name) = notfound
2714. (19) } # policy filter_username = notfound
2715. (19) [preprocess] = ok
2716. (19) [chap] = noop
2717. (19) [mschap] = noop
2718. (19) [digest] = noop
2719. (19) suffix: Checking for suffix after "@"
2720. (19) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
2721. (19) suffix: No such realm "NULL"
2722. (19) [suffix] = noop
2723. (19) eap: Peer sent EAP Response (code 2) ID 19 length 69
2724. (19) eap: Continuing tunnel setup
2725. (19) [eap] = ok
2726. (19) } # authorize = ok
2727. (19) Found Auth-Type = eap
2728. (19) # Executing group from file /etc/raddb/sites-enabled/default
2729. (19) authenticate {
2730. (19) eap: Expiring EAP session with state 0xb39207a0b2811e2a
2731. (19) eap: Finished EAP session with state 0xb39207a0b2811e2a
2732. (19) eap: Previous EAP request found for state 0xb39207a0b2811e2a, released from the list
2733. (19) eap: Peer sent packet with method EAP PEAP (25)
2734. (19) eap: Calling submodule eap_peap to process data
2735. (19) eap_peap: Continuing EAP-TLS
2736. (19) eap_peap: Peer indicated complete TLS record size will be 59 bytes
2737. (19) eap_peap: Got complete TLS record (59 bytes)
2738. (19) eap_peap: [eaptls verify] = length included
2739. (19) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
2740. (19) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
2741. (19) eap_peap: TLS_accept: SSLv3 read finished A
2742. (19) eap_peap: (other): SSL negotiation finished successfully
2743. (19) eap_peap: SSL Connection Established
2744. (19) eap_peap: SSL Application Data
2745. (19) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
2746. (19) eap_peap: reply:User-Name = "vkratsberg"
2747. (19) eap_peap: [eaptls process] = success
2748. (19) eap_peap: Session established. Decoding tunneled attributes
2749. (19) eap_peap: PEAP state TUNNEL ESTABLISHED
2750. (19) eap_peap: Skipping Phase2 because of session resumption
2751. (19) eap_peap: SUCCESS
2752. (19) eap: Sending EAP Request (code 1) ID 20 length 43
2753. (19) eap: EAP session adding &reply:State = 0xb39207a0b1861e2a
2754. (19) [eap] = handled
2755. (19) } # authenticate = handled
2756. (19) Using Post-Auth-Type Challenge
2757. (19) Post-Auth-Type sub-section not found. Ignoring.
2758. (19) # Executing group from file /etc/raddb/sites-enabled/default
2759. (19) Sent Access-Challenge Id 43 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
2760. (19) User-Name = "vkratsberg"
2761. (19) EAP-Message = 0x0114002b19001703010020f77150dc6e96abc919b834ce5570211eea57fd1a6c2202dc1fe0c6ec63911e53
2762. (19) Message-Authenticator = 0x00000000000000000000000000000000
2763. (19) State = 0xb39207a0b1861e2a011379ad3521b636
2764. (19) Finished request
2765. Waking up in 4.5 seconds.
2766. (20) Received Access-Request Id 44 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
2767. (20) User-Name = "vkratsberg"
2768. (20) NAS-Port = 358
2769. (20) State = 0xb39207a0b1861e2a011379ad3521b636
2770. (20) EAP-Message = 0x0214002b19001703010020e060b4e4405d6a1d0a6bb11d2eb2a3b7f953faecf3f9a1f9da5a20c8a76cbab3
2771. (20) Message-Authenticator = 0x544f4a0fd071a8db891b947df6126280
2772. (20) Acct-Session-Id = "8O2.1x81bb083600016d65"
2773. (20) NAS-Port-Id = "ge-3/0/6.0"
2774. (20) Calling-Station-Id = "00-e0-4c-b8-16-4d"
2775. (20) Called-Station-Id = "ec-3e-f7-68-35-00"
2776. (20) NAS-IP-Address = 10.8.0.111
2777. (20) NAS-Identifier = "nyc-access-sw011"
2778. (20) NAS-Port-Type = Ethernet
2779. (20) session-state: No cached attributes
2780. (20) # Executing section authorize from file /etc/raddb/sites-enabled/default
2781. (20) authorize {
2782. (20) policy filter_username {
2783. (20) if (&User-Name) {
2784. (20) if (&User-Name) -> TRUE
2785. (20) if (&User-Name) {
2786. (20) if (&User-Name =~ / /) {
2787. (20) if (&User-Name =~ / /) -> FALSE
2788. (20) if (&User-Name =~ /@[^@]*@/ ) {
2789. (20) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
2790. (20) if (&User-Name =~ /\.\./ ) {
2791. (20) if (&User-Name =~ /\.\./ ) -> FALSE
2792. (20) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
2793. (20) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
2794. (20) if (&User-Name =~ /\.$/) {
2795. (20) if (&User-Name =~ /\.$/) -> FALSE
2796. (20) if (&User-Name =~ /@\./) {
2797. (20) if (&User-Name =~ /@\./) -> FALSE
2798. (20) } # if (&User-Name) = notfound
2799. (20) } # policy filter_username = notfound
2800. (20) [preprocess] = ok
2801. (20) [chap] = noop
2802. (20) [mschap] = noop
2803. (20) [digest] = noop
2804. (20) suffix: Checking for suffix after "@"
2805. (20) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
2806. (20) suffix: No such realm "NULL"
2807. (20) [suffix] = noop
2808. (20) eap: Peer sent EAP Response (code 2) ID 20 length 43
2809. (20) eap: Continuing tunnel setup
2810. (20) [eap] = ok
2811. (20) } # authorize = ok
2812. (20) Found Auth-Type = eap
2813. (20) # Executing group from file /etc/raddb/sites-enabled/default
2814. (20) authenticate {
2815. (20) eap: Expiring EAP session with state 0xb39207a0b1861e2a
2816. (20) eap: Finished EAP session with state 0xb39207a0b1861e2a
2817. (20) eap: Previous EAP request found for state 0xb39207a0b1861e2a, released from the list
2818. (20) eap: Peer sent packet with method EAP PEAP (25)
2819. (20) eap: Calling submodule eap_peap to process data
2820. (20) eap_peap: Continuing EAP-TLS
2821. (20) eap_peap: [eaptls verify] = ok
2822. (20) eap_peap: Done initial handshake
2823. (20) eap_peap: [eaptls process] = ok
2824. (20) eap_peap: Session established. Decoding tunneled attributes
2825. (20) eap_peap: PEAP state send tlv success
2826. (20) eap_peap: Received EAP-TLV response
2827. (20) eap_peap: Success
2828. (20) eap_peap: No saved attributes in the original Access-Accept
2829. (20) eap: Sending EAP Success (code 3) ID 20 length 4
2830. (20) eap: Freeing handler
2831. (20) [eap] = ok
2832. (20) } # authenticate = ok
2833. (20) # Executing section post-auth from file /etc/raddb/sites-enabled/default
2834. (20) post-auth {
2835. (20) update {
2836. (20) No attributes updated
2837. (20) } # update = noop
2838. (20) [exec] = noop
2839. (20) policy remove_reply_message_if_eap {
2840. (20) if (&reply:EAP-Message && &reply:Reply-Message) {
2841. (20) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
2842. (20) else {
2843. (20) [noop] = noop
2844. (20) } # else = noop
2845. (20) } # policy remove_reply_message_if_eap = noop
2846. (20) } # post-auth = noop
2847. (20) Sent Access-Accept Id 44 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
2848. (20) MS-MPPE-Recv-Key = 0x7801e06f0d7cc38ceaca44a5656faa113d30a756f7a520d8496045735333cfaf
2849. (20) MS-MPPE-Send-Key = 0x903c3dec90ad820c5df923606382ea30e0126f5a4a60c4d8a21784287489a313
2850. (20) EAP-Message = 0x03140004
2851. (20) Message-Authenticator = 0x00000000000000000000000000000000
2852. (20) User-Name = "vkratsberg"
2853. (20) Finished request
2854. Waking up in 4.5 seconds.
2855. (21) Received Access-Request Id 45 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
2856. (21) User-Name = "vkratsberg"
2857. (21) NAS-Port = 358
2858. (21) EAP-Message = 0x0215000f01766b7261747362657267
2859. (21) Message-Authenticator = 0x4d85d22f70c3d57308e0d09c00c96d6e
2860. (21) Acct-Session-Id = "8O2.1x81bb083700030d56"
2861. (21) NAS-Port-Id = "ge-3/0/6.0"
2862. (21) Calling-Station-Id = "00-e0-4c-b8-16-4d"
2863. (21) Called-Station-Id = "ec-3e-f7-68-35-00"
2864. (21) NAS-IP-Address = 10.8.0.111
2865. (21) NAS-Identifier = "nyc-access-sw011"
2866. (21) NAS-Port-Type = Ethernet
2867. (21) # Executing section authorize from file /etc/raddb/sites-enabled/default
2868. (21) authorize {
2869. (21) policy filter_username {
2870. (21) if (&User-Name) {
2871. (21) if (&User-Name) -> TRUE
2872. (21) if (&User-Name) {
2873. (21) if (&User-Name =~ / /) {
2874. (21) if (&User-Name =~ / /) -> FALSE
2875. (21) if (&User-Name =~ /@[^@]*@/ ) {
2876. (21) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
2877. (21) if (&User-Name =~ /\.\./ ) {
2878. (21) if (&User-Name =~ /\.\./ ) -> FALSE
2879. (21) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
2880. (21) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
2881. (21) if (&User-Name =~ /\.$/) {
2882. (21) if (&User-Name =~ /\.$/) -> FALSE
2883. (21) if (&User-Name =~ /@\./) {
2884. (21) if (&User-Name =~ /@\./) -> FALSE
2885. (21) } # if (&User-Name) = notfound
2886. (21) } # policy filter_username = notfound
2887. (21) [preprocess] = ok
2888. (21) [chap] = noop
2889. (21) [mschap] = noop
2890. (21) [digest] = noop
2891. (21) suffix: Checking for suffix after "@"
2892. (21) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
2893. (21) suffix: No such realm "NULL"
2894. (21) [suffix] = noop
2895. (21) eap: Peer sent EAP Response (code 2) ID 21 length 15
2896. (21) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
2897. (21) [eap] = ok
2898. (21) } # authorize = ok
2899. (21) Found Auth-Type = eap
2900. (21) # Executing group from file /etc/raddb/sites-enabled/default
2901. (21) authenticate {
2902. (21) eap: Peer sent packet with method EAP Identity (1)
2903. (21) eap: Calling submodule eap_peap to process data
2904. (21) eap_peap: Initiating new EAP-TLS session
2905. (21) eap_peap: [eaptls start] = request
2906. (21) eap: Sending EAP Request (code 1) ID 22 length 6
2907. (21) eap: EAP session adding &reply:State = 0x2012cb732004d292
2908. (21) [eap] = handled
2909. (21) } # authenticate = handled
2910. (21) Using Post-Auth-Type Challenge
2911. (21) Post-Auth-Type sub-section not found. Ignoring.
2912. (21) # Executing group from file /etc/raddb/sites-enabled/default
2913. (21) Sent Access-Challenge Id 45 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
2914. (21) EAP-Message = 0x011600061920
2915. (21) Message-Authenticator = 0x00000000000000000000000000000000
2916. (21) State = 0x2012cb732004d2927e836bead5e0c8c4
2917. (21) Finished request
2918. Waking up in 4.4 seconds.
2919. (22) Received Access-Request Id 46 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
2920. (22) User-Name = "vkratsberg"
2921. (22) NAS-Port = 358
2922. (22) State = 0x2012cb732004d2927e836bead5e0c8c4
2923. (22) EAP-Message = 0x021600a31980000000991603010094010000900301573f503c4b7d60335d93869a9b4670ebe85b598fa9f9cd8e7197fd0ad859674720274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
2924. (22) Message-Authenticator = 0xbedbeaefcb335fdb0249ba64615c83f9
2925. (22) Acct-Session-Id = "8O2.1x81bb083700030d56"
2926. (22) NAS-Port-Id = "ge-3/0/6.0"
2927. (22) Calling-Station-Id = "00-e0-4c-b8-16-4d"
2928. (22) Called-Station-Id = "ec-3e-f7-68-35-00"
2929. (22) NAS-IP-Address = 10.8.0.111
2930. (22) NAS-Identifier = "nyc-access-sw011"
2931. (22) NAS-Port-Type = Ethernet
2932. (22) session-state: No cached attributes
2933. (22) # Executing section authorize from file /etc/raddb/sites-enabled/default
2934. (22) authorize {
2935. (22) policy filter_username {
2936. (22) if (&User-Name) {
2937. (22) if (&User-Name) -> TRUE
2938. (22) if (&User-Name) {
2939. (22) if (&User-Name =~ / /) {
2940. (22) if (&User-Name =~ / /) -> FALSE
2941. (22) if (&User-Name =~ /@[^@]*@/ ) {
2942. (22) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
2943. (22) if (&User-Name =~ /\.\./ ) {
2944. (22) if (&User-Name =~ /\.\./ ) -> FALSE
2945. (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
2946. (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
2947. (22) if (&User-Name =~ /\.$/) {
2948. (22) if (&User-Name =~ /\.$/) -> FALSE
2949. (22) if (&User-Name =~ /@\./) {
2950. (22) if (&User-Name =~ /@\./) -> FALSE
2951. (22) } # if (&User-Name) = notfound
2952. (22) } # policy filter_username = notfound
2953. (22) [preprocess] = ok
2954. (22) [chap] = noop
2955. (22) [mschap] = noop
2956. (22) [digest] = noop
2957. (22) suffix: Checking for suffix after "@"
2958. (22) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
2959. (22) suffix: No such realm "NULL"
2960. (22) [suffix] = noop
2961. (22) eap: Peer sent EAP Response (code 2) ID 22 length 163
2962. (22) eap: Continuing tunnel setup
2963. (22) [eap] = ok
2964. (22) } # authorize = ok
2965. (22) Found Auth-Type = eap
2966. (22) # Executing group from file /etc/raddb/sites-enabled/default
2967. (22) authenticate {
2968. (22) eap: Expiring EAP session with state 0x2012cb732004d292
2969. (22) eap: Finished EAP session with state 0x2012cb732004d292
2970. (22) eap: Previous EAP request found for state 0x2012cb732004d292, released from the list
2971. (22) eap: Peer sent packet with method EAP PEAP (25)
2972. (22) eap: Calling submodule eap_peap to process data
2973. (22) eap_peap: Continuing EAP-TLS
2974. (22) eap_peap: Peer indicated complete TLS record size will be 153 bytes
2975. (22) eap_peap: Got complete TLS record (153 bytes)
2976. (22) eap_peap: [eaptls verify] = length included
2977. (22) eap_peap: (other): before/accept initialization
2978. (22) eap_peap: TLS_accept: before/accept initialization
2979. (22) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
2980. (22) eap_peap: TLS_accept: SSLv3 read client hello A
2981. (22) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
2982. (22) eap_peap: TLS_accept: SSLv3 write server hello A
2983. (22) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
2984. (22) eap_peap: TLS_accept: SSLv3 write change cipher spec A
2985. (22) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
2986. (22) eap_peap: TLS_accept: SSLv3 write finished A
2987. (22) eap_peap: TLS_accept: SSLv3 flush data
2988. (22) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
2989. (22) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
2990. (22) eap_peap: In SSL Handshake Phase
2991. (22) eap_peap: In SSL Accept mode
2992. (22) eap_peap: [eaptls process] = handled
2993. (22) eap: Sending EAP Request (code 1) ID 23 length 159
2994. (22) eap: EAP session adding &reply:State = 0x2012cb732105d292
2995. (22) [eap] = handled
2996. (22) } # authenticate = handled
2997. (22) Using Post-Auth-Type Challenge
2998. (22) Post-Auth-Type sub-section not found. Ignoring.
2999. (22) # Executing group from file /etc/raddb/sites-enabled/default
3000. (22) Sent Access-Challenge Id 46 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
3001. (22) EAP-Message = 0x0117009f19001603010059020000550301573f503cf400ef23bf4b215717b6651caf0d958b1ebc3c58314af15abd2c2d0d20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b000403000102140301000101160301003066bc2566f634095d
3002. (22) Message-Authenticator = 0x00000000000000000000000000000000
3003. (22) State = 0x2012cb732105d2927e836bead5e0c8c4
3004. (22) Finished request
3005. Waking up in 4.4 seconds.
3006. (23) Received Access-Request Id 47 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
3007. (23) User-Name = "vkratsberg"
3008. (23) NAS-Port = 358
3009. (23) State = 0x2012cb732105d2927e836bead5e0c8c4
3010. (23) EAP-Message = 0x0217004519800000003b1403010001011603010030f893d1847c1685bccedb8ca82dd6e43481f0d3fbe044738308e314b3f08f38b69babba329df2954c1d4f723ebcc94d7d
3011. (23) Message-Authenticator = 0xfbc7cb255718d831adacd500785e91f9
3012. (23) Acct-Session-Id = "8O2.1x81bb083700030d56"
3013. (23) NAS-Port-Id = "ge-3/0/6.0"
3014. (23) Calling-Station-Id = "00-e0-4c-b8-16-4d"
3015. (23) Called-Station-Id = "ec-3e-f7-68-35-00"
3016. (23) NAS-IP-Address = 10.8.0.111
3017. (23) NAS-Identifier = "nyc-access-sw011"
3018. (23) NAS-Port-Type = Ethernet
3019. (23) session-state: No cached attributes
3020. (23) # Executing section authorize from file /etc/raddb/sites-enabled/default
3021. (23) authorize {
3022. (23) policy filter_username {
3023. (23) if (&User-Name) {
3024. (23) if (&User-Name) -> TRUE
3025. (23) if (&User-Name) {
3026. (23) if (&User-Name =~ / /) {
3027. (23) if (&User-Name =~ / /) -> FALSE
3028. (23) if (&User-Name =~ /@[^@]*@/ ) {
3029. (23) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
3030. (23) if (&User-Name =~ /\.\./ ) {
3031. (23) if (&User-Name =~ /\.\./ ) -> FALSE
3032. (23) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
3033. (23) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
3034. (23) if (&User-Name =~ /\.$/) {
3035. (23) if (&User-Name =~ /\.$/) -> FALSE
3036. (23) if (&User-Name =~ /@\./) {
3037. (23) if (&User-Name =~ /@\./) -> FALSE
3038. (23) } # if (&User-Name) = notfound
3039. (23) } # policy filter_username = notfound
3040. (23) [preprocess] = ok
3041. (23) [chap] = noop
3042. (23) [mschap] = noop
3043. (23) [digest] = noop
3044. (23) suffix: Checking for suffix after "@"
3045. (23) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
3046. (23) suffix: No such realm "NULL"
3047. (23) [suffix] = noop
3048. (23) eap: Peer sent EAP Response (code 2) ID 23 length 69
3049. (23) eap: Continuing tunnel setup
3050. (23) [eap] = ok
3051. (23) } # authorize = ok
3052. (23) Found Auth-Type = eap
3053. (23) # Executing group from file /etc/raddb/sites-enabled/default
3054. (23) authenticate {
3055. (23) eap: Expiring EAP session with state 0x2012cb732105d292
3056. (23) eap: Finished EAP session with state 0x2012cb732105d292
3057. (23) eap: Previous EAP request found for state 0x2012cb732105d292, released from the list
3058. (23) eap: Peer sent packet with method EAP PEAP (25)
3059. (23) eap: Calling submodule eap_peap to process data
3060. (23) eap_peap: Continuing EAP-TLS
3061. (23) eap_peap: Peer indicated complete TLS record size will be 59 bytes
3062. (23) eap_peap: Got complete TLS record (59 bytes)
3063. (23) eap_peap: [eaptls verify] = length included
3064. (23) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
3065. (23) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
3066. (23) eap_peap: TLS_accept: SSLv3 read finished A
3067. (23) eap_peap: (other): SSL negotiation finished successfully
3068. (23) eap_peap: SSL Connection Established
3069. (23) eap_peap: SSL Application Data
3070. (23) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
3071. (23) eap_peap: reply:User-Name = "vkratsberg"
3072. (23) eap_peap: [eaptls process] = success
3073. (23) eap_peap: Session established. Decoding tunneled attributes
3074. (23) eap_peap: PEAP state TUNNEL ESTABLISHED
3075. (23) eap_peap: Skipping Phase2 because of session resumption
3076. (23) eap_peap: SUCCESS
3077. (23) eap: Sending EAP Request (code 1) ID 24 length 43
3078. (23) eap: EAP session adding &reply:State = 0x2012cb73220ad292
3079. (23) [eap] = handled
3080. (23) } # authenticate = handled
3081. (23) Using Post-Auth-Type Challenge
3082. (23) Post-Auth-Type sub-section not found. Ignoring.
3083. (23) # Executing group from file /etc/raddb/sites-enabled/default
3084. (23) Sent Access-Challenge Id 47 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
3085. (23) User-Name = "vkratsberg"
3086. (23) EAP-Message = 0x0118002b19001703010020f262c4073c7ab9286300128b95df917341657b07d69cf8fb5bfe518f8625cc77
3087. (23) Message-Authenticator = 0x00000000000000000000000000000000
3088. (23) State = 0x2012cb73220ad2927e836bead5e0c8c4
3089. (23) Finished request
3090. Waking up in 4.4 seconds.
3091. (24) Received Access-Request Id 48 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
3092. (24) User-Name = "vkratsberg"
3093. (24) NAS-Port = 358
3094. (24) State = 0x2012cb73220ad2927e836bead5e0c8c4
3095. (24) EAP-Message = 0x0218002b19001703010020722c1b71428e39e81322b12a0833635c95c0b553f0dde8c212668148fc61252a
3096. (24) Message-Authenticator = 0xa410cb7e19aa9dd7efdb98ffc6faa653
3097. (24) Acct-Session-Id = "8O2.1x81bb083700030d56"
3098. (24) NAS-Port-Id = "ge-3/0/6.0"
3099. (24) Calling-Station-Id = "00-e0-4c-b8-16-4d"
3100. (24) Called-Station-Id = "ec-3e-f7-68-35-00"
3101. (24) NAS-IP-Address = 10.8.0.111
3102. (24) NAS-Identifier = "nyc-access-sw011"
3103. (24) NAS-Port-Type = Ethernet
3104. (24) session-state: No cached attributes
3105. (24) # Executing section authorize from file /etc/raddb/sites-enabled/default
3106. (24) authorize {
3107. (24) policy filter_username {
3108. (24) if (&User-Name) {
3109. (24) if (&User-Name) -> TRUE
3110. (24) if (&User-Name) {
3111. (24) if (&User-Name =~ / /) {
3112. (24) if (&User-Name =~ / /) -> FALSE
3113. (24) if (&User-Name =~ /@[^@]*@/ ) {
3114. (24) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
3115. (24) if (&User-Name =~ /\.\./ ) {
3116. (24) if (&User-Name =~ /\.\./ ) -> FALSE
3117. (24) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
3118. (24) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
3119. (24) if (&User-Name =~ /\.$/) {
3120. (24) if (&User-Name =~ /\.$/) -> FALSE
3121. (24) if (&User-Name =~ /@\./) {
3122. (24) if (&User-Name =~ /@\./) -> FALSE
3123. (24) } # if (&User-Name) = notfound
3124. (24) } # policy filter_username = notfound
3125. (24) [preprocess] = ok
3126. (24) [chap] = noop
3127. (24) [mschap] = noop
3128. (24) [digest] = noop
3129. (24) suffix: Checking for suffix after "@"
3130. (24) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
3131. (24) suffix: No such realm "NULL"
3132. (24) [suffix] = noop
3133. (24) eap: Peer sent EAP Response (code 2) ID 24 length 43
3134. (24) eap: Continuing tunnel setup
3135. (24) [eap] = ok
3136. (24) } # authorize = ok
3137. (24) Found Auth-Type = eap
3138. (24) # Executing group from file /etc/raddb/sites-enabled/default
3139. (24) authenticate {
3140. (24) eap: Expiring EAP session with state 0x2012cb73220ad292
3141. (24) eap: Finished EAP session with state 0x2012cb73220ad292
3142. (24) eap: Previous EAP request found for state 0x2012cb73220ad292, released from the list
3143. (24) eap: Peer sent packet with method EAP PEAP (25)
3144. (24) eap: Calling submodule eap_peap to process data
3145. (24) eap_peap: Continuing EAP-TLS
3146. (24) eap_peap: [eaptls verify] = ok
3147. (24) eap_peap: Done initial handshake
3148. (24) eap_peap: [eaptls process] = ok
3149. (24) eap_peap: Session established. Decoding tunneled attributes
3150. (24) eap_peap: PEAP state send tlv success
3151. (24) eap_peap: Received EAP-TLV response
3152. (24) eap_peap: Success
3153. (24) eap_peap: No saved attributes in the original Access-Accept
3154. (24) eap: Sending EAP Success (code 3) ID 24 length 4
3155. (24) eap: Freeing handler
3156. (24) [eap] = ok
3157. (24) } # authenticate = ok
3158. (24) # Executing section post-auth from file /etc/raddb/sites-enabled/default
3159. (24) post-auth {
3160. (24) update {
3161. (24) No attributes updated
3162. (24) } # update = noop
3163. (24) [exec] = noop
3164. (24) policy remove_reply_message_if_eap {
3165. (24) if (&reply:EAP-Message && &reply:Reply-Message) {
3166. (24) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
3167. (24) else {
3168. (24) [noop] = noop
3169. (24) } # else = noop
3170. (24) } # policy remove_reply_message_if_eap = noop
3171. (24) } # post-auth = noop
3172. (24) Sent Access-Accept Id 48 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
3173. (24) MS-MPPE-Recv-Key = 0x3c9726d8b1f36aa9914aec6112d5c261ff95ccdbc9f26475e7083165221d6338
3174. (24) MS-MPPE-Send-Key = 0x00f006c24ca5c86b83697519373282d89f43d179a7adbfada268f75b0e199586
3175. (24) EAP-Message = 0x03180004
3176. (24) Message-Authenticator = 0x00000000000000000000000000000000
3177. (24) User-Name = "vkratsberg"
3178. (24) Finished request
3179. Waking up in 4.3 seconds.
3180. (25) Received Access-Request Id 49 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
3181. (25) User-Name = "vkratsberg"
3182. (25) NAS-Port = 358
3183. (25) EAP-Message = 0x0219000f01766b7261747362657267
3184. (25) Message-Authenticator = 0x6cf1623d5c27bffc920fa432d8daa44a
3185. (25) Acct-Session-Id = "8O2.1x81bb083800049ec0"
3186. (25) NAS-Port-Id = "ge-3/0/6.0"
3187. (25) Calling-Station-Id = "00-e0-4c-b8-16-4d"
3188. (25) Called-Station-Id = "ec-3e-f7-68-35-00"
3189. (25) NAS-IP-Address = 10.8.0.111
3190. (25) NAS-Identifier = "nyc-access-sw011"
3191. (25) NAS-Port-Type = Ethernet
3192. (25) # Executing section authorize from file /etc/raddb/sites-enabled/default
3193. (25) authorize {
3194. (25) policy filter_username {
3195. (25) if (&User-Name) {
3196. (25) if (&User-Name) -> TRUE
3197. (25) if (&User-Name) {
3198. (25) if (&User-Name =~ / /) {
3199. (25) if (&User-Name =~ / /) -> FALSE
3200. (25) if (&User-Name =~ /@[^@]*@/ ) {
3201. (25) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
3202. (25) if (&User-Name =~ /\.\./ ) {
3203. (25) if (&User-Name =~ /\.\./ ) -> FALSE
3204. (25) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
3205. (25) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
3206. (25) if (&User-Name =~ /\.$/) {
3207. (25) if (&User-Name =~ /\.$/) -> FALSE
3208. (25) if (&User-Name =~ /@\./) {
3209. (25) if (&User-Name =~ /@\./) -> FALSE
3210. (25) } # if (&User-Name) = notfound
3211. (25) } # policy filter_username = notfound
3212. (25) [preprocess] = ok
3213. (25) [chap] = noop
3214. (25) [mschap] = noop
3215. (25) [digest] = noop
3216. (25) suffix: Checking for suffix after "@"
3217. (25) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
3218. (25) suffix: No such realm "NULL"
3219. (25) [suffix] = noop
3220. (25) eap: Peer sent EAP Response (code 2) ID 25 length 15
3221. (25) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
3222. (25) [eap] = ok
3223. (25) } # authorize = ok
3224. (25) Found Auth-Type = eap
3225. (25) # Executing group from file /etc/raddb/sites-enabled/default
3226. (25) authenticate {
3227. (25) eap: Peer sent packet with method EAP Identity (1)
3228. (25) eap: Calling submodule eap_peap to process data
3229. (25) eap_peap: Initiating new EAP-TLS session
3230. (25) eap_peap: [eaptls start] = request
3231. (25) eap: Sending EAP Request (code 1) ID 26 length 6
3232. (25) eap: EAP session adding &reply:State = 0xdf582aeedf4233a5
3233. (25) [eap] = handled
3234. (25) } # authenticate = handled
3235. (25) Using Post-Auth-Type Challenge
3236. (25) Post-Auth-Type sub-section not found. Ignoring.
3237. (25) # Executing group from file /etc/raddb/sites-enabled/default
3238. (25) Sent Access-Challenge Id 49 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
3239. (25) EAP-Message = 0x011a00061920
3240. (25) Message-Authenticator = 0x00000000000000000000000000000000
3241. (25) State = 0xdf582aeedf4233a5d2549a8995860547
3242. (25) Finished request
3243. Waking up in 4.3 seconds.
3244. (26) Received Access-Request Id 50 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
3245. (26) User-Name = "vkratsberg"
3246. (26) NAS-Port = 358
3247. (26) State = 0xdf582aeedf4233a5d2549a8995860547
3248. (26) EAP-Message = 0x021a00a31980000000991603010094010000900301573f503c179fa037e9f44d018baa08634543e1f6fa6fac5b9338c926c822d56020274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
3249. (26) Message-Authenticator = 0x8d962082d71212851b6ff9ee4571337a
3250. (26) Acct-Session-Id = "8O2.1x81bb083800049ec0"
3251. (26) NAS-Port-Id = "ge-3/0/6.0"
3252. (26) Calling-Station-Id = "00-e0-4c-b8-16-4d"
3253. (26) Called-Station-Id = "ec-3e-f7-68-35-00"
3254. (26) NAS-IP-Address = 10.8.0.111
3255. (26) NAS-Identifier = "nyc-access-sw011"
3256. (26) NAS-Port-Type = Ethernet
3257. (26) session-state: No cached attributes
3258. (26) # Executing section authorize from file /etc/raddb/sites-enabled/default
3259. (26) authorize {
3260. (26) policy filter_username {
3261. (26) if (&User-Name) {
3262. (26) if (&User-Name) -> TRUE
3263. (26) if (&User-Name) {
3264. (26) if (&User-Name =~ / /) {
3265. (26) if (&User-Name =~ / /) -> FALSE
3266. (26) if (&User-Name =~ /@[^@]*@/ ) {
3267. (26) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
3268. (26) if (&User-Name =~ /\.\./ ) {
3269. (26) if (&User-Name =~ /\.\./ ) -> FALSE
3270. (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
3271. (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
3272. (26) if (&User-Name =~ /\.$/) {
3273. (26) if (&User-Name =~ /\.$/) -> FALSE
3274. (26) if (&User-Name =~ /@\./) {
3275. (26) if (&User-Name =~ /@\./) -> FALSE
3276. (26) } # if (&User-Name) = notfound
3277. (26) } # policy filter_username = notfound
3278. (26) [preprocess] = ok
3279. (26) [chap] = noop
3280. (26) [mschap] = noop
3281. (26) [digest] = noop
3282. (26) suffix: Checking for suffix after "@"
3283. (26) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
3284. (26) suffix: No such realm "NULL"
3285. (26) [suffix] = noop
3286. (26) eap: Peer sent EAP Response (code 2) ID 26 length 163
3287. (26) eap: Continuing tunnel setup
3288. (26) [eap] = ok
3289. (26) } # authorize = ok
3290. (26) Found Auth-Type = eap
3291. (26) # Executing group from file /etc/raddb/sites-enabled/default
3292. (26) authenticate {
3293. (26) eap: Expiring EAP session with state 0xdf582aeedf4233a5
3294. (26) eap: Finished EAP session with state 0xdf582aeedf4233a5
3295. (26) eap: Previous EAP request found for state 0xdf582aeedf4233a5, released from the list
3296. (26) eap: Peer sent packet with method EAP PEAP (25)
3297. (26) eap: Calling submodule eap_peap to process data
3298. (26) eap_peap: Continuing EAP-TLS
3299. (26) eap_peap: Peer indicated complete TLS record size will be 153 bytes
3300. (26) eap_peap: Got complete TLS record (153 bytes)
3301. (26) eap_peap: [eaptls verify] = length included
3302. (26) eap_peap: (other): before/accept initialization
3303. (26) eap_peap: TLS_accept: before/accept initialization
3304. (26) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
3305. (26) eap_peap: TLS_accept: SSLv3 read client hello A
3306. (26) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
3307. (26) eap_peap: TLS_accept: SSLv3 write server hello A
3308. (26) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
3309. (26) eap_peap: TLS_accept: SSLv3 write change cipher spec A
3310. (26) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
3311. (26) eap_peap: TLS_accept: SSLv3 write finished A
3312. (26) eap_peap: TLS_accept: SSLv3 flush data
3313. (26) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
3314. (26) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
3315. (26) eap_peap: In SSL Handshake Phase
3316. (26) eap_peap: In SSL Accept mode
3317. (26) eap_peap: [eaptls process] = handled
3318. (26) eap: Sending EAP Request (code 1) ID 27 length 159
3319. (26) eap: EAP session adding &reply:State = 0xdf582aeede4333a5
3320. (26) [eap] = handled
3321. (26) } # authenticate = handled
3322. (26) Using Post-Auth-Type Challenge
3323. (26) Post-Auth-Type sub-section not found. Ignoring.
3324. (26) # Executing group from file /etc/raddb/sites-enabled/default
3325. (26) Sent Access-Challenge Id 50 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
3326. (26) EAP-Message = 0x011b009f19001603010059020000550301573f503c05741ffbd03dd9d2ffa414ba4dde6197fdf057fa7d320b3ea8c55cec20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030ecc6211c71b4b352
3327. (26) Message-Authenticator = 0x00000000000000000000000000000000
3328. (26) State = 0xdf582aeede4333a5d2549a8995860547
3329. (26) Finished request
3330. Waking up in 4.3 seconds.
3331. (27) Received Access-Request Id 51 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
3332. (27) User-Name = "vkratsberg"
3333. (27) NAS-Port = 358
3334. (27) State = 0xdf582aeede4333a5d2549a8995860547
3335. (27) EAP-Message = 0x021b004519800000003b1403010001011603010030157fbdb3af4c0dd27adf94142cc9751109393c5350a72d9230da105941bb5c946c487040cb149be79c37d8394d145f97
3336. (27) Message-Authenticator = 0xe1a8e46a6d7c8bc5a3dda1b2c34bf6dd
3337. (27) Acct-Session-Id = "8O2.1x81bb083800049ec0"
3338. (27) NAS-Port-Id = "ge-3/0/6.0"
3339. (27) Calling-Station-Id = "00-e0-4c-b8-16-4d"
3340. (27) Called-Station-Id = "ec-3e-f7-68-35-00"
3341. (27) NAS-IP-Address = 10.8.0.111
3342. (27) NAS-Identifier = "nyc-access-sw011"
3343. (27) NAS-Port-Type = Ethernet
3344. (27) session-state: No cached attributes
3345. (27) # Executing section authorize from file /etc/raddb/sites-enabled/default
3346. (27) authorize {
3347. (27) policy filter_username {
3348. (27) if (&User-Name) {
3349. (27) if (&User-Name) -> TRUE
3350. (27) if (&User-Name) {
3351. (27) if (&User-Name =~ / /) {
3352. (27) if (&User-Name =~ / /) -> FALSE
3353. (27) if (&User-Name =~ /@[^@]*@/ ) {
3354. (27) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
3355. (27) if (&User-Name =~ /\.\./ ) {
3356. (27) if (&User-Name =~ /\.\./ ) -> FALSE
3357. (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
3358. (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
3359. (27) if (&User-Name =~ /\.$/) {
3360. (27) if (&User-Name =~ /\.$/) -> FALSE
3361. (27) if (&User-Name =~ /@\./) {
3362. (27) if (&User-Name =~ /@\./) -> FALSE
3363. (27) } # if (&User-Name) = notfound
3364. (27) } # policy filter_username = notfound
3365. (27) [preprocess] = ok
3366. (27) [chap] = noop
3367. (27) [mschap] = noop
3368. (27) [digest] = noop
3369. (27) suffix: Checking for suffix after "@"
3370. (27) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
3371. (27) suffix: No such realm "NULL"
3372. (27) [suffix] = noop
3373. (27) eap: Peer sent EAP Response (code 2) ID 27 length 69
3374. (27) eap: Continuing tunnel setup
3375. (27) [eap] = ok
3376. (27) } # authorize = ok
3377. (27) Found Auth-Type = eap
3378. (27) # Executing group from file /etc/raddb/sites-enabled/default
3379. (27) authenticate {
3380. (27) eap: Expiring EAP session with state 0xdf582aeede4333a5
3381. (27) eap: Finished EAP session with state 0xdf582aeede4333a5
3382. (27) eap: Previous EAP request found for state 0xdf582aeede4333a5, released from the list
3383. (27) eap: Peer sent packet with method EAP PEAP (25)
3384. (27) eap: Calling submodule eap_peap to process data
3385. (27) eap_peap: Continuing EAP-TLS
3386. (27) eap_peap: Peer indicated complete TLS record size will be 59 bytes
3387. (27) eap_peap: Got complete TLS record (59 bytes)
3388. (27) eap_peap: [eaptls verify] = length included
3389. (27) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
3390. (27) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
3391. (27) eap_peap: TLS_accept: SSLv3 read finished A
3392. (27) eap_peap: (other): SSL negotiation finished successfully
3393. (27) eap_peap: SSL Connection Established
3394. (27) eap_peap: SSL Application Data
3395. (27) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
3396. (27) eap_peap: reply:User-Name = "vkratsberg"
3397. (27) eap_peap: [eaptls process] = success
3398. (27) eap_peap: Session established. Decoding tunneled attributes
3399. (27) eap_peap: PEAP state TUNNEL ESTABLISHED
3400. (27) eap_peap: Skipping Phase2 because of session resumption
3401. (27) eap_peap: SUCCESS
3402. (27) eap: Sending EAP Request (code 1) ID 28 length 43
3403. (27) eap: EAP session adding &reply:State = 0xdf582aeedd4433a5
3404. (27) [eap] = handled
3405. (27) } # authenticate = handled
3406. (27) Using Post-Auth-Type Challenge
3407. (27) Post-Auth-Type sub-section not found. Ignoring.
3408. (27) # Executing group from file /etc/raddb/sites-enabled/default
3409. (27) Sent Access-Challenge Id 51 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
3410. (27) User-Name = "vkratsberg"
3411. (27) EAP-Message = 0x011c002b19001703010020d88a2ff2cbae04597eba04d72f77b999ae1de64df9ad27dfc7e4294329c185f2
3412. (27) Message-Authenticator = 0x00000000000000000000000000000000
3413. (27) State = 0xdf582aeedd4433a5d2549a8995860547
3414. (27) Finished request
3415. Waking up in 4.3 seconds.
3416. (28) Received Access-Request Id 52 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
3417. (28) User-Name = "vkratsberg"
3418. (28) NAS-Port = 358
3419. (28) State = 0xdf582aeedd4433a5d2549a8995860547
3420. (28) EAP-Message = 0x021c002b1900170301002011b501ccd7c2fbe82d08b50e59e78239d996145cb13b3c9b08a13e37636ebf1e
3421. (28) Message-Authenticator = 0x35adfe5ca9d30c4c05d7e26c8b9ee71a
3422. (28) Acct-Session-Id = "8O2.1x81bb083800049ec0"
3423. (28) NAS-Port-Id = "ge-3/0/6.0"
3424. (28) Calling-Station-Id = "00-e0-4c-b8-16-4d"
3425. (28) Called-Station-Id = "ec-3e-f7-68-35-00"
3426. (28) NAS-IP-Address = 10.8.0.111
3427. (28) NAS-Identifier = "nyc-access-sw011"
3428. (28) NAS-Port-Type = Ethernet
3429. (28) session-state: No cached attributes
3430. (28) # Executing section authorize from file /etc/raddb/sites-enabled/default
3431. (28) authorize {
3432. (28) policy filter_username {
3433. (28) if (&User-Name) {
3434. (28) if (&User-Name) -> TRUE
3435. (28) if (&User-Name) {
3436. (28) if (&User-Name =~ / /) {
3437. (28) if (&User-Name =~ / /) -> FALSE
3438. (28) if (&User-Name =~ /@[^@]*@/ ) {
3439. (28) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
3440. (28) if (&User-Name =~ /\.\./ ) {
3441. (28) if (&User-Name =~ /\.\./ ) -> FALSE
3442. (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
3443. (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
3444. (28) if (&User-Name =~ /\.$/) {
3445. (28) if (&User-Name =~ /\.$/) -> FALSE
3446. (28) if (&User-Name =~ /@\./) {
3447. (28) if (&User-Name =~ /@\./) -> FALSE
3448. (28) } # if (&User-Name) = notfound
3449. (28) } # policy filter_username = notfound
3450. (28) [preprocess] = ok
3451. (28) [chap] = noop
3452. (28) [mschap] = noop
3453. (28) [digest] = noop
3454. (28) suffix: Checking for suffix after "@"
3455. (28) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
3456. (28) suffix: No such realm "NULL"
3457. (28) [suffix] = noop
3458. (28) eap: Peer sent EAP Response (code 2) ID 28 length 43
3459. (28) eap: Continuing tunnel setup
3460. (28) [eap] = ok
3461. (28) } # authorize = ok
3462. (28) Found Auth-Type = eap
3463. (28) # Executing group from file /etc/raddb/sites-enabled/default
3464. (28) authenticate {
3465. (28) eap: Expiring EAP session with state 0xdf582aeedd4433a5
3466. (28) eap: Finished EAP session with state 0xdf582aeedd4433a5
3467. (28) eap: Previous EAP request found for state 0xdf582aeedd4433a5, released from the list
3468. (28) eap: Peer sent packet with method EAP PEAP (25)
3469. (28) eap: Calling submodule eap_peap to process data
3470. (28) eap_peap: Continuing EAP-TLS
3471. (28) eap_peap: [eaptls verify] = ok
3472. (28) eap_peap: Done initial handshake
3473. (28) eap_peap: [eaptls process] = ok
3474. (28) eap_peap: Session established. Decoding tunneled attributes
3475. (28) eap_peap: PEAP state send tlv success
3476. (28) eap_peap: Received EAP-TLV response
3477. (28) eap_peap: Success
3478. (28) eap_peap: No saved attributes in the original Access-Accept
3479. (28) eap: Sending EAP Success (code 3) ID 28 length 4
3480. (28) eap: Freeing handler
3481. (28) [eap] = ok
3482. (28) } # authenticate = ok
3483. (28) # Executing section post-auth from file /etc/raddb/sites-enabled/default
3484. (28) post-auth {
3485. (28) update {
3486. (28) No attributes updated
3487. (28) } # update = noop
3488. (28) [exec] = noop
3489. (28) policy remove_reply_message_if_eap {
3490. (28) if (&reply:EAP-Message && &reply:Reply-Message) {
3491. (28) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
3492. (28) else {
3493. (28) [noop] = noop
3494. (28) } # else = noop
3495. (28) } # policy remove_reply_message_if_eap = noop
3496. (28) } # post-auth = noop
3497. (28) Sent Access-Accept Id 52 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
3498. (28) MS-MPPE-Recv-Key = 0x51c07c8df9c0d937912e501065a71b59adef994113651ba091830556df158738
3499. (28) MS-MPPE-Send-Key = 0xfcafce900bec64051b371622a80dce4f5cb0360a8b6341aee92789a4e4a5af26
3500. (28) EAP-Message = 0x031c0004
3501. (28) Message-Authenticator = 0x00000000000000000000000000000000
3502. (28) User-Name = "vkratsberg"
3503. (28) Finished request
3504. Waking up in 4.2 seconds.
3505. (29) Received Access-Request Id 53 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
3506. (29) User-Name = "vkratsberg"
3507. (29) NAS-Port = 358
3508. (29) EAP-Message = 0x021d000f01766b7261747362657267
3509. (29) Message-Authenticator = 0x15d037fdc3728e6333de1dfc96cf50c8
3510. (29) Acct-Session-Id = "8O2.1x81bb083900063bc6"
3511. (29) NAS-Port-Id = "ge-3/0/6.0"
3512. (29) Calling-Station-Id = "00-e0-4c-b8-16-4d"
3513. (29) Called-Station-Id = "ec-3e-f7-68-35-00"
3514. (29) NAS-IP-Address = 10.8.0.111
3515. (29) NAS-Identifier = "nyc-access-sw011"
3516. (29) NAS-Port-Type = Ethernet
3517. (29) # Executing section authorize from file /etc/raddb/sites-enabled/default
3518. (29) authorize {
3519. (29) policy filter_username {
3520. (29) if (&User-Name) {
3521. (29) if (&User-Name) -> TRUE
3522. (29) if (&User-Name) {
3523. (29) if (&User-Name =~ / /) {
3524. (29) if (&User-Name =~ / /) -> FALSE
3525. (29) if (&User-Name =~ /@[^@]*@/ ) {
3526. (29) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
3527. (29) if (&User-Name =~ /\.\./ ) {
3528. (29) if (&User-Name =~ /\.\./ ) -> FALSE
3529. (29) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
3530. (29) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
3531. (29) if (&User-Name =~ /\.$/) {
3532. (29) if (&User-Name =~ /\.$/) -> FALSE
3533. (29) if (&User-Name =~ /@\./) {
3534. (29) if (&User-Name =~ /@\./) -> FALSE
3535. (29) } # if (&User-Name) = notfound
3536. (29) } # policy filter_username = notfound
3537. (29) [preprocess] = ok
3538. (29) [chap] = noop
3539. (29) [mschap] = noop
3540. (29) [digest] = noop
3541. (29) suffix: Checking for suffix after "@"
3542. (29) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
3543. (29) suffix: No such realm "NULL"
3544. (29) [suffix] = noop
3545. (29) eap: Peer sent EAP Response (code 2) ID 29 length 15
3546. (29) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
3547. (29) [eap] = ok
3548. (29) } # authorize = ok
3549. (29) Found Auth-Type = eap
3550. (29) # Executing group from file /etc/raddb/sites-enabled/default
3551. (29) authenticate {
3552. (29) eap: Peer sent packet with method EAP Identity (1)
3553. (29) eap: Calling submodule eap_peap to process data
3554. (29) eap_peap: Initiating new EAP-TLS session
3555. (29) eap_peap: [eaptls start] = request
3556. (29) eap: Sending EAP Request (code 1) ID 30 length 6
3557. (29) eap: EAP session adding &reply:State = 0xc39a7c0ac384655a
3558. (29) [eap] = handled
3559. (29) } # authenticate = handled
3560. (29) Using Post-Auth-Type Challenge
3561. (29) Post-Auth-Type sub-section not found. Ignoring.
3562. (29) # Executing group from file /etc/raddb/sites-enabled/default
3563. (29) Sent Access-Challenge Id 53 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
3564. (29) EAP-Message = 0x011e00061920
3565. (29) Message-Authenticator = 0x00000000000000000000000000000000
3566. (29) State = 0xc39a7c0ac384655aae08a8ade31ffcdd
3567. (29) Finished request
3568. Waking up in 4.2 seconds.
3569. (30) Received Access-Request Id 54 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
3570. (30) User-Name = "vkratsberg"
3571. (30) NAS-Port = 358
3572. (30) State = 0xc39a7c0ac384655aae08a8ade31ffcdd
3573. (30) EAP-Message = 0x021e00a31980000000991603010094010000900301573f503c992f7f49148e6477c38f9fc73df0a3154770488f6c62e2ef0d46822320274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
3574. (30) Message-Authenticator = 0x069ee289394b6f18833edc99128f0a04
3575. (30) Acct-Session-Id = "8O2.1x81bb083900063bc6"
3576. (30) NAS-Port-Id = "ge-3/0/6.0"
3577. (30) Calling-Station-Id = "00-e0-4c-b8-16-4d"
3578. (30) Called-Station-Id = "ec-3e-f7-68-35-00"
3579. (30) NAS-IP-Address = 10.8.0.111
3580. (30) NAS-Identifier = "nyc-access-sw011"
3581. (30) NAS-Port-Type = Ethernet
3582. (30) session-state: No cached attributes
3583. (30) # Executing section authorize from file /etc/raddb/sites-enabled/default
3584. (30) authorize {
3585. (30) policy filter_username {
3586. (30) if (&User-Name) {
3587. (30) if (&User-Name) -> TRUE
3588. (30) if (&User-Name) {
3589. (30) if (&User-Name =~ / /) {
3590. (30) if (&User-Name =~ / /) -> FALSE
3591. (30) if (&User-Name =~ /@[^@]*@/ ) {
3592. (30) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
3593. (30) if (&User-Name =~ /\.\./ ) {
3594. (30) if (&User-Name =~ /\.\./ ) -> FALSE
3595. (30) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
3596. (30) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
3597. (30) if (&User-Name =~ /\.$/) {
3598. (30) if (&User-Name =~ /\.$/) -> FALSE
3599. (30) if (&User-Name =~ /@\./) {
3600. (30) if (&User-Name =~ /@\./) -> FALSE
3601. (30) } # if (&User-Name) = notfound
3602. (30) } # policy filter_username = notfound
3603. (30) [preprocess] = ok
3604. (30) [chap] = noop
3605. (30) [mschap] = noop
3606. (30) [digest] = noop
3607. (30) suffix: Checking for suffix after "@"
3608. (30) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
3609. (30) suffix: No such realm "NULL"
3610. (30) [suffix] = noop
3611. (30) eap: Peer sent EAP Response (code 2) ID 30 length 163
3612. (30) eap: Continuing tunnel setup
3613. (30) [eap] = ok
3614. (30) } # authorize = ok
3615. (30) Found Auth-Type = eap
3616. (30) # Executing group from file /etc/raddb/sites-enabled/default
3617. (30) authenticate {
3618. (30) eap: Expiring EAP session with state 0xc39a7c0ac384655a
3619. (30) eap: Finished EAP session with state 0xc39a7c0ac384655a
3620. (30) eap: Previous EAP request found for state 0xc39a7c0ac384655a, released from the list
3621. (30) eap: Peer sent packet with method EAP PEAP (25)
3622. (30) eap: Calling submodule eap_peap to process data
3623. (30) eap_peap: Continuing EAP-TLS
3624. (30) eap_peap: Peer indicated complete TLS record size will be 153 bytes
3625. (30) eap_peap: Got complete TLS record (153 bytes)
3626. (30) eap_peap: [eaptls verify] = length included
3627. (30) eap_peap: (other): before/accept initialization
3628. (30) eap_peap: TLS_accept: before/accept initialization
3629. (30) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
3630. (30) eap_peap: TLS_accept: SSLv3 read client hello A
3631. (30) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
3632. (30) eap_peap: TLS_accept: SSLv3 write server hello A
3633. (30) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
3634. (30) eap_peap: TLS_accept: SSLv3 write change cipher spec A
3635. (30) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
3636. (30) eap_peap: TLS_accept: SSLv3 write finished A
3637. (30) eap_peap: TLS_accept: SSLv3 flush data
3638. (30) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
3639. (30) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
3640. (30) eap_peap: In SSL Handshake Phase
3641. (30) eap_peap: In SSL Accept mode
3642. (30) eap_peap: [eaptls process] = handled
3643. (30) eap: Sending EAP Request (code 1) ID 31 length 159
3644. (30) eap: EAP session adding &reply:State = 0xc39a7c0ac285655a
3645. (30) [eap] = handled
3646. (30) } # authenticate = handled
3647. (30) Using Post-Auth-Type Challenge
3648. (30) Post-Auth-Type sub-section not found. Ignoring.
3649. (30) # Executing group from file /etc/raddb/sites-enabled/default
3650. (30) Sent Access-Challenge Id 54 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
3651. (30) EAP-Message = 0x011f009f19001603010059020000550301573f503c807117e34faba847da580e233e020cac4f0fbfdc0b60bcc2e66eebf620274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b000403000102140301000101160301003088a20a49f4c78b57
3652. (30) Message-Authenticator = 0x00000000000000000000000000000000
3653. (30) State = 0xc39a7c0ac285655aae08a8ade31ffcdd
3654. (30) Finished request
3655. Waking up in 4.2 seconds.
3656. (31) Received Access-Request Id 55 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
3657. (31) User-Name = "vkratsberg"
3658. (31) NAS-Port = 358
3659. (31) State = 0xc39a7c0ac285655aae08a8ade31ffcdd
3660. (31) EAP-Message = 0x021f004519800000003b1403010001011603010030f254c2ca77cca1d252ca6259afd898fb3fdcb7f577b0968a6692a0f54271234f9f747b8c29c14698a765147c08d1f97c
3661. (31) Message-Authenticator = 0x29f01e8fa4501f315e6a04d69c4b2274
3662. (31) Acct-Session-Id = "8O2.1x81bb083900063bc6"
3663. (31) NAS-Port-Id = "ge-3/0/6.0"
3664. (31) Calling-Station-Id = "00-e0-4c-b8-16-4d"
3665. (31) Called-Station-Id = "ec-3e-f7-68-35-00"
3666. (31) NAS-IP-Address = 10.8.0.111
3667. (31) NAS-Identifier = "nyc-access-sw011"
3668. (31) NAS-Port-Type = Ethernet
3669. (31) session-state: No cached attributes
3670. (31) # Executing section authorize from file /etc/raddb/sites-enabled/default
3671. (31) authorize {
3672. (31) policy filter_username {
3673. (31) if (&User-Name) {
3674. (31) if (&User-Name) -> TRUE
3675. (31) if (&User-Name) {
3676. (31) if (&User-Name =~ / /) {
3677. (31) if (&User-Name =~ / /) -> FALSE
3678. (31) if (&User-Name =~ /@[^@]*@/ ) {
3679. (31) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
3680. (31) if (&User-Name =~ /\.\./ ) {
3681. (31) if (&User-Name =~ /\.\./ ) -> FALSE
3682. (31) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
3683. (31) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
3684. (31) if (&User-Name =~ /\.$/) {
3685. (31) if (&User-Name =~ /\.$/) -> FALSE
3686. (31) if (&User-Name =~ /@\./) {
3687. (31) if (&User-Name =~ /@\./) -> FALSE
3688. (31) } # if (&User-Name) = notfound
3689. (31) } # policy filter_username = notfound
3690. (31) [preprocess] = ok
3691. (31) [chap] = noop
3692. (31) [mschap] = noop
3693. (31) [digest] = noop
3694. (31) suffix: Checking for suffix after "@"
3695. (31) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
3696. (31) suffix: No such realm "NULL"
3697. (31) [suffix] = noop
3698. (31) eap: Peer sent EAP Response (code 2) ID 31 length 69
3699. (31) eap: Continuing tunnel setup
3700. (31) [eap] = ok
3701. (31) } # authorize = ok
3702. (31) Found Auth-Type = eap
3703. (31) # Executing group from file /etc/raddb/sites-enabled/default
3704. (31) authenticate {
3705. (31) eap: Expiring EAP session with state 0xc39a7c0ac285655a
3706. (31) eap: Finished EAP session with state 0xc39a7c0ac285655a
3707. (31) eap: Previous EAP request found for state 0xc39a7c0ac285655a, released from the list
3708. (31) eap: Peer sent packet with method EAP PEAP (25)
3709. (31) eap: Calling submodule eap_peap to process data
3710. (31) eap_peap: Continuing EAP-TLS
3711. (31) eap_peap: Peer indicated complete TLS record size will be 59 bytes
3712. (31) eap_peap: Got complete TLS record (59 bytes)
3713. (31) eap_peap: [eaptls verify] = length included
3714. (31) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
3715. (31) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
3716. (31) eap_peap: TLS_accept: SSLv3 read finished A
3717. (31) eap_peap: (other): SSL negotiation finished successfully
3718. (31) eap_peap: SSL Connection Established
3719. (31) eap_peap: SSL Application Data
3720. (31) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
3721. (31) eap_peap: reply:User-Name = "vkratsberg"
3722. (31) eap_peap: [eaptls process] = success
3723. (31) eap_peap: Session established. Decoding tunneled attributes
3724. (31) eap_peap: PEAP state TUNNEL ESTABLISHED
3725. (31) eap_peap: Skipping Phase2 because of session resumption
3726. (31) eap_peap: SUCCESS
3727. (31) eap: Sending EAP Request (code 1) ID 32 length 43
3728. (31) eap: EAP session adding &reply:State = 0xc39a7c0ac1ba655a
3729. (31) [eap] = handled
3730. (31) } # authenticate = handled
3731. (31) Using Post-Auth-Type Challenge
3732. (31) Post-Auth-Type sub-section not found. Ignoring.
3733. (31) # Executing group from file /etc/raddb/sites-enabled/default
3734. (31) Sent Access-Challenge Id 55 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
3735. (31) User-Name = "vkratsberg"
3736. (31) EAP-Message = 0x0120002b19001703010020591b6404e9f6eda8113716cccfbbc3d1d50a19a5d9c3afe923f9b9ca3bc1f440
3737. (31) Message-Authenticator = 0x00000000000000000000000000000000
3738. (31) State = 0xc39a7c0ac1ba655aae08a8ade31ffcdd
3739. (31) Finished request
3740. Waking up in 4.1 seconds.
3741. (32) Received Access-Request Id 56 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
3742. (32) User-Name = "vkratsberg"
3743. (32) NAS-Port = 358
3744. (32) State = 0xc39a7c0ac1ba655aae08a8ade31ffcdd
3745. (32) EAP-Message = 0x0220002b19001703010020f9d8463166b2cfdd7330b8acc2804277ca1520bc593b37d06afe9018b5e340a6
3746. (32) Message-Authenticator = 0x717246cff3f5f1487fc4fcfc6c367096
3747. (32) Acct-Session-Id = "8O2.1x81bb083900063bc6"
3748. (32) NAS-Port-Id = "ge-3/0/6.0"
3749. (32) Calling-Station-Id = "00-e0-4c-b8-16-4d"
3750. (32) Called-Station-Id = "ec-3e-f7-68-35-00"
3751. (32) NAS-IP-Address = 10.8.0.111
3752. (32) NAS-Identifier = "nyc-access-sw011"
3753. (32) NAS-Port-Type = Ethernet
3754. (32) session-state: No cached attributes
3755. (32) # Executing section authorize from file /etc/raddb/sites-enabled/default
3756. (32) authorize {
3757. (32) policy filter_username {
3758. (32) if (&User-Name) {
3759. (32) if (&User-Name) -> TRUE
3760. (32) if (&User-Name) {
3761. (32) if (&User-Name =~ / /) {
3762. (32) if (&User-Name =~ / /) -> FALSE
3763. (32) if (&User-Name =~ /@[^@]*@/ ) {
3764. (32) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
3765. (32) if (&User-Name =~ /\.\./ ) {
3766. (32) if (&User-Name =~ /\.\./ ) -> FALSE
3767. (32) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
3768. (32) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
3769. (32) if (&User-Name =~ /\.$/) {
3770. (32) if (&User-Name =~ /\.$/) -> FALSE
3771. (32) if (&User-Name =~ /@\./) {
3772. (32) if (&User-Name =~ /@\./) -> FALSE
3773. (32) } # if (&User-Name) = notfound
3774. (32) } # policy filter_username = notfound
3775. (32) [preprocess] = ok
3776. (32) [chap] = noop
3777. (32) [mschap] = noop
3778. (32) [digest] = noop
3779. (32) suffix: Checking for suffix after "@"
3780. (32) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
3781. (32) suffix: No such realm "NULL"
3782. (32) [suffix] = noop
3783. (32) eap: Peer sent EAP Response (code 2) ID 32 length 43
3784. (32) eap: Continuing tunnel setup
3785. (32) [eap] = ok
3786. (32) } # authorize = ok
3787. (32) Found Auth-Type = eap
3788. (32) # Executing group from file /etc/raddb/sites-enabled/default
3789. (32) authenticate {
3790. (32) eap: Expiring EAP session with state 0xc39a7c0ac1ba655a
3791. (32) eap: Finished EAP session with state 0xc39a7c0ac1ba655a
3792. (32) eap: Previous EAP request found for state 0xc39a7c0ac1ba655a, released from the list
3793. (32) eap: Peer sent packet with method EAP PEAP (25)
3794. (32) eap: Calling submodule eap_peap to process data
3795. (32) eap_peap: Continuing EAP-TLS
3796. (32) eap_peap: [eaptls verify] = ok
3797. (32) eap_peap: Done initial handshake
3798. (32) eap_peap: [eaptls process] = ok
3799. (32) eap_peap: Session established. Decoding tunneled attributes
3800. (32) eap_peap: PEAP state send tlv success
3801. (32) eap_peap: Received EAP-TLV response
3802. (32) eap_peap: Success
3803. (32) eap_peap: No saved attributes in the original Access-Accept
3804. (32) eap: Sending EAP Success (code 3) ID 32 length 4
3805. (32) eap: Freeing handler
3806. (32) [eap] = ok
3807. (32) } # authenticate = ok
3808. (32) # Executing section post-auth from file /etc/raddb/sites-enabled/default
3809. (32) post-auth {
3810. (32) update {
3811. (32) No attributes updated
3812. (32) } # update = noop
3813. (32) [exec] = noop
3814. (32) policy remove_reply_message_if_eap {
3815. (32) if (&reply:EAP-Message && &reply:Reply-Message) {
3816. (32) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
3817. (32) else {
3818. (32) [noop] = noop
3819. (32) } # else = noop
3820. (32) } # policy remove_reply_message_if_eap = noop
3821. (32) } # post-auth = noop
3822. (32) Sent Access-Accept Id 56 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
3823. (32) MS-MPPE-Recv-Key = 0x823b5c191097bd32c98f9cd25d1c94cd57b866065152025d711f980960a91cef
3824. (32) MS-MPPE-Send-Key = 0x8968a9badd5e939fa8d7aa06cf0a959a565869f1c0be3e3f10076e607b0f520c
3825. (32) EAP-Message = 0x03200004
3826. (32) Message-Authenticator = 0x00000000000000000000000000000000
3827. (32) User-Name = "vkratsberg"
3828. (32) Finished request
3829. Waking up in 4.1 seconds.
3830. (33) Received Access-Request Id 57 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
3831. (33) User-Name = "vkratsberg"
3832. (33) NAS-Port = 358
3833. (33) EAP-Message = 0x0221000f01766b7261747362657267
3834. (33) Message-Authenticator = 0x1cbcc17438a07d51975da5d62ca33b72
3835. (33) Acct-Session-Id = "8O2.1x81bb083a0007d818"
3836. (33) NAS-Port-Id = "ge-3/0/6.0"
3837. (33) Calling-Station-Id = "00-e0-4c-b8-16-4d"
3838. (33) Called-Station-Id = "ec-3e-f7-68-35-00"
3839. (33) NAS-IP-Address = 10.8.0.111
3840. (33) NAS-Identifier = "nyc-access-sw011"
3841. (33) NAS-Port-Type = Ethernet
3842. (33) # Executing section authorize from file /etc/raddb/sites-enabled/default
3843. (33) authorize {
3844. (33) policy filter_username {
3845. (33) if (&User-Name) {
3846. (33) if (&User-Name) -> TRUE
3847. (33) if (&User-Name) {
3848. (33) if (&User-Name =~ / /) {
3849. (33) if (&User-Name =~ / /) -> FALSE
3850. (33) if (&User-Name =~ /@[^@]*@/ ) {
3851. (33) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
3852. (33) if (&User-Name =~ /\.\./ ) {
3853. (33) if (&User-Name =~ /\.\./ ) -> FALSE
3854. (33) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
3855. (33) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
3856. (33) if (&User-Name =~ /\.$/) {
3857. (33) if (&User-Name =~ /\.$/) -> FALSE
3858. (33) if (&User-Name =~ /@\./) {
3859. (33) if (&User-Name =~ /@\./) -> FALSE
3860. (33) } # if (&User-Name) = notfound
3861. (33) } # policy filter_username = notfound
3862. (33) [preprocess] = ok
3863. (33) [chap] = noop
3864. (33) [mschap] = noop
3865. (33) [digest] = noop
3866. (33) suffix: Checking for suffix after "@"
3867. (33) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
3868. (33) suffix: No such realm "NULL"
3869. (33) [suffix] = noop
3870. (33) eap: Peer sent EAP Response (code 2) ID 33 length 15
3871. (33) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
3872. (33) [eap] = ok
3873. (33) } # authorize = ok
3874. (33) Found Auth-Type = eap
3875. (33) # Executing group from file /etc/raddb/sites-enabled/default
3876. (33) authenticate {
3877. (33) eap: Peer sent packet with method EAP Identity (1)
3878. (33) eap: Calling submodule eap_peap to process data
3879. (33) eap_peap: Initiating new EAP-TLS session
3880. (33) eap_peap: [eaptls start] = request
3881. (33) eap: Sending EAP Request (code 1) ID 34 length 6
3882. (33) eap: EAP session adding &reply:State = 0x3047744330656d50
3883. (33) [eap] = handled
3884. (33) } # authenticate = handled
3885. (33) Using Post-Auth-Type Challenge
3886. (33) Post-Auth-Type sub-section not found. Ignoring.
3887. (33) # Executing group from file /etc/raddb/sites-enabled/default
3888. (33) Sent Access-Challenge Id 57 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
3889. (33) EAP-Message = 0x012200061920
3890. (33) Message-Authenticator = 0x00000000000000000000000000000000
3891. (33) State = 0x3047744330656d50a34e26ba48d907fd
3892. (33) Finished request
3893. Waking up in 4.1 seconds.
3894. (34) Received Access-Request Id 58 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
3895. (34) User-Name = "vkratsberg"
3896. (34) NAS-Port = 358
3897. (34) State = 0x3047744330656d50a34e26ba48d907fd
3898. (34) EAP-Message = 0x022200a31980000000991603010094010000900301573f503c16fb2519d732dbe3429a9d6812d983de04563c3bf7953ba8fd0980c620274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
3899. (34) Message-Authenticator = 0x9f35bd95805602817898e592716daeac
3900. (34) Acct-Session-Id = "8O2.1x81bb083a0007d818"
3901. (34) NAS-Port-Id = "ge-3/0/6.0"
3902. (34) Calling-Station-Id = "00-e0-4c-b8-16-4d"
3903. (34) Called-Station-Id = "ec-3e-f7-68-35-00"
3904. (34) NAS-IP-Address = 10.8.0.111
3905. (34) NAS-Identifier = "nyc-access-sw011"
3906. (34) NAS-Port-Type = Ethernet
3907. (34) session-state: No cached attributes
3908. (34) # Executing section authorize from file /etc/raddb/sites-enabled/default
3909. (34) authorize {
3910. (34) policy filter_username {
3911. (34) if (&User-Name) {
3912. (34) if (&User-Name) -> TRUE
3913. (34) if (&User-Name) {
3914. (34) if (&User-Name =~ / /) {
3915. (34) if (&User-Name =~ / /) -> FALSE
3916. (34) if (&User-Name =~ /@[^@]*@/ ) {
3917. (34) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
3918. (34) if (&User-Name =~ /\.\./ ) {
3919. (34) if (&User-Name =~ /\.\./ ) -> FALSE
3920. (34) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
3921. (34) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
3922. (34) if (&User-Name =~ /\.$/) {
3923. (34) if (&User-Name =~ /\.$/) -> FALSE
3924. (34) if (&User-Name =~ /@\./) {
3925. (34) if (&User-Name =~ /@\./) -> FALSE
3926. (34) } # if (&User-Name) = notfound
3927. (34) } # policy filter_username = notfound
3928. (34) [preprocess] = ok
3929. (34) [chap] = noop
3930. (34) [mschap] = noop
3931. (34) [digest] = noop
3932. (34) suffix: Checking for suffix after "@"
3933. (34) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
3934. (34) suffix: No such realm "NULL"
3935. (34) [suffix] = noop
3936. (34) eap: Peer sent EAP Response (code 2) ID 34 length 163
3937. (34) eap: Continuing tunnel setup
3938. (34) [eap] = ok
3939. (34) } # authorize = ok
3940. (34) Found Auth-Type = eap
3941. (34) # Executing group from file /etc/raddb/sites-enabled/default
3942. (34) authenticate {
3943. (34) eap: Expiring EAP session with state 0x3047744330656d50
3944. (34) eap: Finished EAP session with state 0x3047744330656d50
3945. (34) eap: Previous EAP request found for state 0x3047744330656d50, released from the list
3946. (34) eap: Peer sent packet with method EAP PEAP (25)
3947. (34) eap: Calling submodule eap_peap to process data
3948. (34) eap_peap: Continuing EAP-TLS
3949. (34) eap_peap: Peer indicated complete TLS record size will be 153 bytes
3950. (34) eap_peap: Got complete TLS record (153 bytes)
3951. (34) eap_peap: [eaptls verify] = length included
3952. (34) eap_peap: (other): before/accept initialization
3953. (34) eap_peap: TLS_accept: before/accept initialization
3954. (34) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
3955. (34) eap_peap: TLS_accept: SSLv3 read client hello A
3956. (34) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
3957. (34) eap_peap: TLS_accept: SSLv3 write server hello A
3958. (34) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
3959. (34) eap_peap: TLS_accept: SSLv3 write change cipher spec A
3960. (34) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
3961. (34) eap_peap: TLS_accept: SSLv3 write finished A
3962. (34) eap_peap: TLS_accept: SSLv3 flush data
3963. (34) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
3964. (34) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
3965. (34) eap_peap: In SSL Handshake Phase
3966. (34) eap_peap: In SSL Accept mode
3967. (34) eap_peap: [eaptls process] = handled
3968. (34) eap: Sending EAP Request (code 1) ID 35 length 159
3969. (34) eap: EAP session adding &reply:State = 0x3047744331646d50
3970. (34) [eap] = handled
3971. (34) } # authenticate = handled
3972. (34) Using Post-Auth-Type Challenge
3973. (34) Post-Auth-Type sub-section not found. Ignoring.
3974. (34) # Executing group from file /etc/raddb/sites-enabled/default
3975. (34) Sent Access-Challenge Id 58 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
3976. (34) EAP-Message = 0x0123009f19001603010059020000550301573f503c11e1ad207174a141c8acf4f1db1157873db9dd62676ed0b07c618f6120274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100300b96d69cf1334906
3977. (34) Message-Authenticator = 0x00000000000000000000000000000000
3978. (34) State = 0x3047744331646d50a34e26ba48d907fd
3979. (34) Finished request
3980. Waking up in 4.1 seconds.
3981. (35) Received Access-Request Id 59 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
3982. (35) User-Name = "vkratsberg"
3983. (35) NAS-Port = 358
3984. (35) State = 0x3047744331646d50a34e26ba48d907fd
3985. (35) EAP-Message = 0x0223004519800000003b1403010001011603010030d90f3cc354893d779966ca4127fccd52a69927041a0a4db1484be816c6ca14552845a026716e7503dd917975f8dd8f07
3986. (35) Message-Authenticator = 0x4cdc739cca326cfb91801a2fd97be794
3987. (35) Acct-Session-Id = "8O2.1x81bb083a0007d818"
3988. (35) NAS-Port-Id = "ge-3/0/6.0"
3989. (35) Calling-Station-Id = "00-e0-4c-b8-16-4d"
3990. (35) Called-Station-Id = "ec-3e-f7-68-35-00"
3991. (35) NAS-IP-Address = 10.8.0.111
3992. (35) NAS-Identifier = "nyc-access-sw011"
3993. (35) NAS-Port-Type = Ethernet
3994. (35) session-state: No cached attributes
3995. (35) # Executing section authorize from file /etc/raddb/sites-enabled/default
3996. (35) authorize {
3997. (35) policy filter_username {
3998. (35) if (&User-Name) {
3999. (35) if (&User-Name) -> TRUE
4000. (35) if (&User-Name) {
4001. (35) if (&User-Name =~ / /) {
4002. (35) if (&User-Name =~ / /) -> FALSE
4003. (35) if (&User-Name =~ /@[^@]*@/ ) {
4004. (35) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
4005. (35) if (&User-Name =~ /\.\./ ) {
4006. (35) if (&User-Name =~ /\.\./ ) -> FALSE
4007. (35) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
4008. (35) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
4009. (35) if (&User-Name =~ /\.$/) {
4010. (35) if (&User-Name =~ /\.$/) -> FALSE
4011. (35) if (&User-Name =~ /@\./) {
4012. (35) if (&User-Name =~ /@\./) -> FALSE
4013. (35) } # if (&User-Name) = notfound
4014. (35) } # policy filter_username = notfound
4015. (35) [preprocess] = ok
4016. (35) [chap] = noop
4017. (35) [mschap] = noop
4018. (35) [digest] = noop
4019. (35) suffix: Checking for suffix after "@"
4020. (35) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
4021. (35) suffix: No such realm "NULL"
4022. (35) [suffix] = noop
4023. (35) eap: Peer sent EAP Response (code 2) ID 35 length 69
4024. (35) eap: Continuing tunnel setup
4025. (35) [eap] = ok
4026. (35) } # authorize = ok
4027. (35) Found Auth-Type = eap
4028. (35) # Executing group from file /etc/raddb/sites-enabled/default
4029. (35) authenticate {
4030. (35) eap: Expiring EAP session with state 0x3047744331646d50
4031. (35) eap: Finished EAP session with state 0x3047744331646d50
4032. (35) eap: Previous EAP request found for state 0x3047744331646d50, released from the list
4033. (35) eap: Peer sent packet with method EAP PEAP (25)
4034. (35) eap: Calling submodule eap_peap to process data
4035. (35) eap_peap: Continuing EAP-TLS
4036. (35) eap_peap: Peer indicated complete TLS record size will be 59 bytes
4037. (35) eap_peap: Got complete TLS record (59 bytes)
4038. (35) eap_peap: [eaptls verify] = length included
4039. (35) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
4040. (35) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
4041. (35) eap_peap: TLS_accept: SSLv3 read finished A
4042. (35) eap_peap: (other): SSL negotiation finished successfully
4043. (35) eap_peap: SSL Connection Established
4044. (35) eap_peap: SSL Application Data
4045. (35) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
4046. (35) eap_peap: reply:User-Name = "vkratsberg"
4047. (35) eap_peap: [eaptls process] = success
4048. (35) eap_peap: Session established. Decoding tunneled attributes
4049. (35) eap_peap: PEAP state TUNNEL ESTABLISHED
4050. (35) eap_peap: Skipping Phase2 because of session resumption
4051. (35) eap_peap: SUCCESS
4052. (35) eap: Sending EAP Request (code 1) ID 36 length 43
4053. (35) eap: EAP session adding &reply:State = 0x3047744332636d50
4054. (35) [eap] = handled
4055. (35) } # authenticate = handled
4056. (35) Using Post-Auth-Type Challenge
4057. (35) Post-Auth-Type sub-section not found. Ignoring.
4058. (35) # Executing group from file /etc/raddb/sites-enabled/default
4059. (35) Sent Access-Challenge Id 59 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
4060. (35) User-Name = "vkratsberg"
4061. (35) EAP-Message = 0x0124002b19001703010020bddb4c8236b23c2d416db2b96f7d06c7691c597f4263c17f1c9f7c43d047cdb1
4062. (35) Message-Authenticator = 0x00000000000000000000000000000000
4063. (35) State = 0x3047744332636d50a34e26ba48d907fd
4064. (35) Finished request
4065. Waking up in 4.0 seconds.
4066. (36) Received Access-Request Id 60 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
4067. (36) User-Name = "vkratsberg"
4068. (36) NAS-Port = 358
4069. (36) State = 0x3047744332636d50a34e26ba48d907fd
4070. (36) EAP-Message = 0x0224002b19001703010020d3257c3437b1cec6d630bca1ade9291c5583927c4757fb25f571900e8a0905ed
4071. (36) Message-Authenticator = 0x628d3c17f254ba92eaa78e018e447393
4072. (36) Acct-Session-Id = "8O2.1x81bb083a0007d818"
4073. (36) NAS-Port-Id = "ge-3/0/6.0"
4074. (36) Calling-Station-Id = "00-e0-4c-b8-16-4d"
4075. (36) Called-Station-Id = "ec-3e-f7-68-35-00"
4076. (36) NAS-IP-Address = 10.8.0.111
4077. (36) NAS-Identifier = "nyc-access-sw011"
4078. (36) NAS-Port-Type = Ethernet
4079. (36) session-state: No cached attributes
4080. (36) # Executing section authorize from file /etc/raddb/sites-enabled/default
4081. (36) authorize {
4082. (36) policy filter_username {
4083. (36) if (&User-Name) {
4084. (36) if (&User-Name) -> TRUE
4085. (36) if (&User-Name) {
4086. (36) if (&User-Name =~ / /) {
4087. (36) if (&User-Name =~ / /) -> FALSE
4088. (36) if (&User-Name =~ /@[^@]*@/ ) {
4089. (36) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
4090. (36) if (&User-Name =~ /\.\./ ) {
4091. (36) if (&User-Name =~ /\.\./ ) -> FALSE
4092. (36) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
4093. (36) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
4094. (36) if (&User-Name =~ /\.$/) {
4095. (36) if (&User-Name =~ /\.$/) -> FALSE
4096. (36) if (&User-Name =~ /@\./) {
4097. (36) if (&User-Name =~ /@\./) -> FALSE
4098. (36) } # if (&User-Name) = notfound
4099. (36) } # policy filter_username = notfound
4100. (36) [preprocess] = ok
4101. (36) [chap] = noop
4102. (36) [mschap] = noop
4103. (36) [digest] = noop
4104. (36) suffix: Checking for suffix after "@"
4105. (36) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
4106. (36) suffix: No such realm "NULL"
4107. (36) [suffix] = noop
4108. (36) eap: Peer sent EAP Response (code 2) ID 36 length 43
4109. (36) eap: Continuing tunnel setup
4110. (36) [eap] = ok
4111. (36) } # authorize = ok
4112. (36) Found Auth-Type = eap
4113. (36) # Executing group from file /etc/raddb/sites-enabled/default
4114. (36) authenticate {
4115. (36) eap: Expiring EAP session with state 0x3047744332636d50
4116. (36) eap: Finished EAP session with state 0x3047744332636d50
4117. (36) eap: Previous EAP request found for state 0x3047744332636d50, released from the list
4118. (36) eap: Peer sent packet with method EAP PEAP (25)
4119. (36) eap: Calling submodule eap_peap to process data
4120. (36) eap_peap: Continuing EAP-TLS
4121. (36) eap_peap: [eaptls verify] = ok
4122. (36) eap_peap: Done initial handshake
4123. (36) eap_peap: [eaptls process] = ok
4124. (36) eap_peap: Session established. Decoding tunneled attributes
4125. (36) eap_peap: PEAP state send tlv success
4126. (36) eap_peap: Received EAP-TLV response
4127. (36) eap_peap: Success
4128. (36) eap_peap: No saved attributes in the original Access-Accept
4129. (36) eap: Sending EAP Success (code 3) ID 36 length 4
4130. (36) eap: Freeing handler
4131. (36) [eap] = ok
4132. (36) } # authenticate = ok
4133. (36) # Executing section post-auth from file /etc/raddb/sites-enabled/default
4134. (36) post-auth {
4135. (36) update {
4136. (36) No attributes updated
4137. (36) } # update = noop
4138. (36) [exec] = noop
4139. (36) policy remove_reply_message_if_eap {
4140. (36) if (&reply:EAP-Message && &reply:Reply-Message) {
4141. (36) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
4142. (36) else {
4143. (36) [noop] = noop
4144. (36) } # else = noop
4145. (36) } # policy remove_reply_message_if_eap = noop
4146. (36) } # post-auth = noop
4147. (36) Sent Access-Accept Id 60 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
4148. (36) MS-MPPE-Recv-Key = 0xf2648f95b1639c7630eea20ee70662fd4a5e9d2e471ec3e9ad5f3c839b3cdd6d
4149. (36) MS-MPPE-Send-Key = 0xf0cd0ab826d17f4ecccb9b16840c6040a74af2416432fcaadeabeff190de562a
4150. (36) EAP-Message = 0x03240004
4151. (36) Message-Authenticator = 0x00000000000000000000000000000000
4152. (36) User-Name = "vkratsberg"
4153. (36) Finished request
4154. Waking up in 4.0 seconds.
4155. (37) Received Access-Request Id 61 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
4156. (37) User-Name = "vkratsberg"
4157. (37) NAS-Port = 358
4158. (37) EAP-Message = 0x0225000f01766b7261747362657267
4159. (37) Message-Authenticator = 0x3fb5eb5529937dac1d4b398d48593847
4160. (37) Acct-Session-Id = "8O2.1x81bb083b00097270"
4161. (37) NAS-Port-Id = "ge-3/0/6.0"
4162. (37) Calling-Station-Id = "00-e0-4c-b8-16-4d"
4163. (37) Called-Station-Id = "ec-3e-f7-68-35-00"
4164. (37) NAS-IP-Address = 10.8.0.111
4165. (37) NAS-Identifier = "nyc-access-sw011"
4166. (37) NAS-Port-Type = Ethernet
4167. (37) # Executing section authorize from file /etc/raddb/sites-enabled/default
4168. (37) authorize {
4169. (37) policy filter_username {
4170. (37) if (&User-Name) {
4171. (37) if (&User-Name) -> TRUE
4172. (37) if (&User-Name) {
4173. (37) if (&User-Name =~ / /) {
4174. (37) if (&User-Name =~ / /) -> FALSE
4175. (37) if (&User-Name =~ /@[^@]*@/ ) {
4176. (37) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
4177. (37) if (&User-Name =~ /\.\./ ) {
4178. (37) if (&User-Name =~ /\.\./ ) -> FALSE
4179. (37) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
4180. (37) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
4181. (37) if (&User-Name =~ /\.$/) {
4182. (37) if (&User-Name =~ /\.$/) -> FALSE
4183. (37) if (&User-Name =~ /@\./) {
4184. (37) if (&User-Name =~ /@\./) -> FALSE
4185. (37) } # if (&User-Name) = notfound
4186. (37) } # policy filter_username = notfound
4187. (37) [preprocess] = ok
4188. (37) [chap] = noop
4189. (37) [mschap] = noop
4190. (37) [digest] = noop
4191. (37) suffix: Checking for suffix after "@"
4192. (37) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
4193. (37) suffix: No such realm "NULL"
4194. (37) [suffix] = noop
4195. (37) eap: Peer sent EAP Response (code 2) ID 37 length 15
4196. (37) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
4197. (37) [eap] = ok
4198. (37) } # authorize = ok
4199. (37) Found Auth-Type = eap
4200. (37) # Executing group from file /etc/raddb/sites-enabled/default
4201. (37) authenticate {
4202. (37) eap: Peer sent packet with method EAP Identity (1)
4203. (37) eap: Calling submodule eap_peap to process data
4204. (37) eap_peap: Initiating new EAP-TLS session
4205. (37) eap_peap: [eaptls start] = request
4206. (37) eap: Sending EAP Request (code 1) ID 38 length 6
4207. (37) eap: EAP session adding &reply:State = 0xd94a21ebd96c3880
4208. (37) [eap] = handled
4209. (37) } # authenticate = handled
4210. (37) Using Post-Auth-Type Challenge
4211. (37) Post-Auth-Type sub-section not found. Ignoring.
4212. (37) # Executing group from file /etc/raddb/sites-enabled/default
4213. (37) Sent Access-Challenge Id 61 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
4214. (37) EAP-Message = 0x012600061920
4215. (37) Message-Authenticator = 0x00000000000000000000000000000000
4216. (37) State = 0xd94a21ebd96c38803fe1fad5c137f9e3
4217. (37) Finished request
4218. Waking up in 4.0 seconds.
4219. (38) Received Access-Request Id 62 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
4220. (38) User-Name = "vkratsberg"
4221. (38) NAS-Port = 358
4222. (38) State = 0xd94a21ebd96c38803fe1fad5c137f9e3
4223. (38) EAP-Message = 0x022600a31980000000991603010094010000900301573f503c110ac457f1e051694c93a0aabdad7f8ef9354f20ee099699f25f2aeb20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
4224. (38) Message-Authenticator = 0xa1ac66fc408f91c25b9ab3e05f7efcbb
4225. (38) Acct-Session-Id = "8O2.1x81bb083b00097270"
4226. (38) NAS-Port-Id = "ge-3/0/6.0"
4227. (38) Calling-Station-Id = "00-e0-4c-b8-16-4d"
4228. (38) Called-Station-Id = "ec-3e-f7-68-35-00"
4229. (38) NAS-IP-Address = 10.8.0.111
4230. (38) NAS-Identifier = "nyc-access-sw011"
4231. (38) NAS-Port-Type = Ethernet
4232. (38) session-state: No cached attributes
4233. (38) # Executing section authorize from file /etc/raddb/sites-enabled/default
4234. (38) authorize {
4235. (38) policy filter_username {
4236. (38) if (&User-Name) {
4237. (38) if (&User-Name) -> TRUE
4238. (38) if (&User-Name) {
4239. (38) if (&User-Name =~ / /) {
4240. (38) if (&User-Name =~ / /) -> FALSE
4241. (38) if (&User-Name =~ /@[^@]*@/ ) {
4242. (38) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
4243. (38) if (&User-Name =~ /\.\./ ) {
4244. (38) if (&User-Name =~ /\.\./ ) -> FALSE
4245. (38) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
4246. (38) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
4247. (38) if (&User-Name =~ /\.$/) {
4248. (38) if (&User-Name =~ /\.$/) -> FALSE
4249. (38) if (&User-Name =~ /@\./) {
4250. (38) if (&User-Name =~ /@\./) -> FALSE
4251. (38) } # if (&User-Name) = notfound
4252. (38) } # policy filter_username = notfound
4253. (38) [preprocess] = ok
4254. (38) [chap] = noop
4255. (38) [mschap] = noop
4256. (38) [digest] = noop
4257. (38) suffix: Checking for suffix after "@"
4258. (38) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
4259. (38) suffix: No such realm "NULL"
4260. (38) [suffix] = noop
4261. (38) eap: Peer sent EAP Response (code 2) ID 38 length 163
4262. (38) eap: Continuing tunnel setup
4263. (38) [eap] = ok
4264. (38) } # authorize = ok
4265. (38) Found Auth-Type = eap
4266. (38) # Executing group from file /etc/raddb/sites-enabled/default
4267. (38) authenticate {
4268. (38) eap: Expiring EAP session with state 0xd94a21ebd96c3880
4269. (38) eap: Finished EAP session with state 0xd94a21ebd96c3880
4270. (38) eap: Previous EAP request found for state 0xd94a21ebd96c3880, released from the list
4271. (38) eap: Peer sent packet with method EAP PEAP (25)
4272. (38) eap: Calling submodule eap_peap to process data
4273. (38) eap_peap: Continuing EAP-TLS
4274. (38) eap_peap: Peer indicated complete TLS record size will be 153 bytes
4275. (38) eap_peap: Got complete TLS record (153 bytes)
4276. (38) eap_peap: [eaptls verify] = length included
4277. (38) eap_peap: (other): before/accept initialization
4278. (38) eap_peap: TLS_accept: before/accept initialization
4279. (38) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
4280. (38) eap_peap: TLS_accept: SSLv3 read client hello A
4281. (38) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
4282. (38) eap_peap: TLS_accept: SSLv3 write server hello A
4283. (38) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
4284. (38) eap_peap: TLS_accept: SSLv3 write change cipher spec A
4285. (38) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
4286. (38) eap_peap: TLS_accept: SSLv3 write finished A
4287. (38) eap_peap: TLS_accept: SSLv3 flush data
4288. (38) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
4289. (38) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
4290. (38) eap_peap: In SSL Handshake Phase
4291. (38) eap_peap: In SSL Accept mode
4292. (38) eap_peap: [eaptls process] = handled
4293. (38) eap: Sending EAP Request (code 1) ID 39 length 159
4294. (38) eap: EAP session adding &reply:State = 0xd94a21ebd86d3880
4295. (38) [eap] = handled
4296. (38) } # authenticate = handled
4297. (38) Using Post-Auth-Type Challenge
4298. (38) Post-Auth-Type sub-section not found. Ignoring.
4299. (38) # Executing group from file /etc/raddb/sites-enabled/default
4300. (38) Sent Access-Challenge Id 62 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
4301. (38) EAP-Message = 0x0127009f19001603010059020000550301573f503cdf77a1aaea5660d58409de1bbab0710e18961ba74cfa9088395b5f9120274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100307c698e84b79a0182
4302. (38) Message-Authenticator = 0x00000000000000000000000000000000
4303. (38) State = 0xd94a21ebd86d38803fe1fad5c137f9e3
4304. (38) Finished request
4305. Waking up in 4.0 seconds.
4306. (39) Received Access-Request Id 63 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
4307. (39) User-Name = "vkratsberg"
4308. (39) NAS-Port = 358
4309. (39) State = 0xd94a21ebd86d38803fe1fad5c137f9e3
4310. (39) EAP-Message = 0x0227004519800000003b1403010001011603010030f3bb162a04aed5ec6336f8dcbaa292dd2d63a061682669f346c4ef403597f6260149e4b543f37010e3d405dcd369e7a3
4311. (39) Message-Authenticator = 0x31478a1853e5ef74c1d8c579f34c7768
4312. (39) Acct-Session-Id = "8O2.1x81bb083b00097270"
4313. (39) NAS-Port-Id = "ge-3/0/6.0"
4314. (39) Calling-Station-Id = "00-e0-4c-b8-16-4d"
4315. (39) Called-Station-Id = "ec-3e-f7-68-35-00"
4316. (39) NAS-IP-Address = 10.8.0.111
4317. (39) NAS-Identifier = "nyc-access-sw011"
4318. (39) NAS-Port-Type = Ethernet
4319. (39) session-state: No cached attributes
4320. (39) # Executing section authorize from file /etc/raddb/sites-enabled/default
4321. (39) authorize {
4322. (39) policy filter_username {
4323. (39) if (&User-Name) {
4324. (39) if (&User-Name) -> TRUE
4325. (39) if (&User-Name) {
4326. (39) if (&User-Name =~ / /) {
4327. (39) if (&User-Name =~ / /) -> FALSE
4328. (39) if (&User-Name =~ /@[^@]*@/ ) {
4329. (39) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
4330. (39) if (&User-Name =~ /\.\./ ) {
4331. (39) if (&User-Name =~ /\.\./ ) -> FALSE
4332. (39) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
4333. (39) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
4334. (39) if (&User-Name =~ /\.$/) {
4335. (39) if (&User-Name =~ /\.$/) -> FALSE
4336. (39) if (&User-Name =~ /@\./) {
4337. (39) if (&User-Name =~ /@\./) -> FALSE
4338. (39) } # if (&User-Name) = notfound
4339. (39) } # policy filter_username = notfound
4340. (39) [preprocess] = ok
4341. (39) [chap] = noop
4342. (39) [mschap] = noop
4343. (39) [digest] = noop
4344. (39) suffix: Checking for suffix after "@"
4345. (39) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
4346. (39) suffix: No such realm "NULL"
4347. (39) [suffix] = noop
4348. (39) eap: Peer sent EAP Response (code 2) ID 39 length 69
4349. (39) eap: Continuing tunnel setup
4350. (39) [eap] = ok
4351. (39) } # authorize = ok
4352. (39) Found Auth-Type = eap
4353. (39) # Executing group from file /etc/raddb/sites-enabled/default
4354. (39) authenticate {
4355. (39) eap: Expiring EAP session with state 0xd94a21ebd86d3880
4356. (39) eap: Finished EAP session with state 0xd94a21ebd86d3880
4357. (39) eap: Previous EAP request found for state 0xd94a21ebd86d3880, released from the list
4358. (39) eap: Peer sent packet with method EAP PEAP (25)
4359. (39) eap: Calling submodule eap_peap to process data
4360. (39) eap_peap: Continuing EAP-TLS
4361. (39) eap_peap: Peer indicated complete TLS record size will be 59 bytes
4362. (39) eap_peap: Got complete TLS record (59 bytes)
4363. (39) eap_peap: [eaptls verify] = length included
4364. (39) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
4365. (39) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
4366. (39) eap_peap: TLS_accept: SSLv3 read finished A
4367. (39) eap_peap: (other): SSL negotiation finished successfully
4368. (39) eap_peap: SSL Connection Established
4369. (39) eap_peap: SSL Application Data
4370. (39) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
4371. (39) eap_peap: reply:User-Name = "vkratsberg"
4372. (39) eap_peap: [eaptls process] = success
4373. (39) eap_peap: Session established. Decoding tunneled attributes
4374. (39) eap_peap: PEAP state TUNNEL ESTABLISHED
4375. (39) eap_peap: Skipping Phase2 because of session resumption
4376. (39) eap_peap: SUCCESS
4377. (39) eap: Sending EAP Request (code 1) ID 40 length 43
4378. (39) eap: EAP session adding &reply:State = 0xd94a21ebdb623880
4379. (39) [eap] = handled
4380. (39) } # authenticate = handled
4381. (39) Using Post-Auth-Type Challenge
4382. (39) Post-Auth-Type sub-section not found. Ignoring.
4383. (39) # Executing group from file /etc/raddb/sites-enabled/default
4384. (39) Sent Access-Challenge Id 63 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
4385. (39) User-Name = "vkratsberg"
4386. (39) EAP-Message = 0x0128002b1900170301002082d40282b37f9cb415d5629f4126a8541ad0421467aa2de8c6f4641e28a313a6
4387. (39) Message-Authenticator = 0x00000000000000000000000000000000
4388. (39) State = 0xd94a21ebdb6238803fe1fad5c137f9e3
4389. (39) Finished request
4390. Waking up in 3.9 seconds.
4391. (40) Received Access-Request Id 64 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
4392. (40) User-Name = "vkratsberg"
4393. (40) NAS-Port = 358
4394. (40) State = 0xd94a21ebdb6238803fe1fad5c137f9e3
4395. (40) EAP-Message = 0x0228002b19001703010020773cc9805b18798fe3de00c196f3a700b45134a4355e7ae3f69bf268e29f8b50
4396. (40) Message-Authenticator = 0xef262f4afadf5b754535fd912df96c42
4397. (40) Acct-Session-Id = "8O2.1x81bb083b00097270"
4398. (40) NAS-Port-Id = "ge-3/0/6.0"
4399. (40) Calling-Station-Id = "00-e0-4c-b8-16-4d"
4400. (40) Called-Station-Id = "ec-3e-f7-68-35-00"
4401. (40) NAS-IP-Address = 10.8.0.111
4402. (40) NAS-Identifier = "nyc-access-sw011"
4403. (40) NAS-Port-Type = Ethernet
4404. (40) session-state: No cached attributes
4405. (40) # Executing section authorize from file /etc/raddb/sites-enabled/default
4406. (40) authorize {
4407. (40) policy filter_username {
4408. (40) if (&User-Name) {
4409. (40) if (&User-Name) -> TRUE
4410. (40) if (&User-Name) {
4411. (40) if (&User-Name =~ / /) {
4412. (40) if (&User-Name =~ / /) -> FALSE
4413. (40) if (&User-Name =~ /@[^@]*@/ ) {
4414. (40) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
4415. (40) if (&User-Name =~ /\.\./ ) {
4416. (40) if (&User-Name =~ /\.\./ ) -> FALSE
4417. (40) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
4418. (40) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
4419. (40) if (&User-Name =~ /\.$/) {
4420. (40) if (&User-Name =~ /\.$/) -> FALSE
4421. (40) if (&User-Name =~ /@\./) {
4422. (40) if (&User-Name =~ /@\./) -> FALSE
4423. (40) } # if (&User-Name) = notfound
4424. (40) } # policy filter_username = notfound
4425. (40) [preprocess] = ok
4426. (40) [chap] = noop
4427. (40) [mschap] = noop
4428. (40) [digest] = noop
4429. (40) suffix: Checking for suffix after "@"
4430. (40) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
4431. (40) suffix: No such realm "NULL"
4432. (40) [suffix] = noop
4433. (40) eap: Peer sent EAP Response (code 2) ID 40 length 43
4434. (40) eap: Continuing tunnel setup
4435. (40) [eap] = ok
4436. (40) } # authorize = ok
4437. (40) Found Auth-Type = eap
4438. (40) # Executing group from file /etc/raddb/sites-enabled/default
4439. (40) authenticate {
4440. (40) eap: Expiring EAP session with state 0xd94a21ebdb623880
4441. (40) eap: Finished EAP session with state 0xd94a21ebdb623880
4442. (40) eap: Previous EAP request found for state 0xd94a21ebdb623880, released from the list
4443. (40) eap: Peer sent packet with method EAP PEAP (25)
4444. (40) eap: Calling submodule eap_peap to process data
4445. (40) eap_peap: Continuing EAP-TLS
4446. (40) eap_peap: [eaptls verify] = ok
4447. (40) eap_peap: Done initial handshake
4448. (40) eap_peap: [eaptls process] = ok
4449. (40) eap_peap: Session established. Decoding tunneled attributes
4450. (40) eap_peap: PEAP state send tlv success
4451. (40) eap_peap: Received EAP-TLV response
4452. (40) eap_peap: Success
4453. (40) eap_peap: No saved attributes in the original Access-Accept
4454. (40) eap: Sending EAP Success (code 3) ID 40 length 4
4455. (40) eap: Freeing handler
4456. (40) [eap] = ok
4457. (40) } # authenticate = ok
4458. (40) # Executing section post-auth from file /etc/raddb/sites-enabled/default
4459. (40) post-auth {
4460. (40) update {
4461. (40) No attributes updated
4462. (40) } # update = noop
4463. (40) [exec] = noop
4464. (40) policy remove_reply_message_if_eap {
4465. (40) if (&reply:EAP-Message && &reply:Reply-Message) {
4466. (40) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
4467. (40) else {
4468. (40) [noop] = noop
4469. (40) } # else = noop
4470. (40) } # policy remove_reply_message_if_eap = noop
4471. (40) } # post-auth = noop
4472. (40) Sent Access-Accept Id 64 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
4473. (40) MS-MPPE-Recv-Key = 0x8ba8be7239870a948090e1d4fe2dfc015812a70499aad70beb78b44035ea4c71
4474. (40) MS-MPPE-Send-Key = 0x782a5adfc0c19ef22e5859561e975f1cce0b9660d6f8e7d99ef39211195b10fe
4475. (40) EAP-Message = 0x03280004
4476. (40) Message-Authenticator = 0x00000000000000000000000000000000
4477. (40) User-Name = "vkratsberg"
4478. (40) Finished request
4479. Waking up in 3.9 seconds.
4480. (41) Received Access-Request Id 65 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
4481. (41) User-Name = "vkratsberg"
4482. (41) NAS-Port = 358
4483. (41) EAP-Message = 0x0229000f01766b7261747362657267
4484. (41) Message-Authenticator = 0x982eddbf2c06a631fd431d25ef55f2e4
4485. (41) Acct-Session-Id = "8O2.1x81bb083c000b19ff"
4486. (41) NAS-Port-Id = "ge-3/0/6.0"
4487. (41) Calling-Station-Id = "00-e0-4c-b8-16-4d"
4488. (41) Called-Station-Id = "ec-3e-f7-68-35-00"
4489. (41) NAS-IP-Address = 10.8.0.111
4490. (41) NAS-Identifier = "nyc-access-sw011"
4491. (41) NAS-Port-Type = Ethernet
4492. (41) # Executing section authorize from file /etc/raddb/sites-enabled/default
4493. (41) authorize {
4494. (41) policy filter_username {
4495. (41) if (&User-Name) {
4496. (41) if (&User-Name) -> TRUE
4497. (41) if (&User-Name) {
4498. (41) if (&User-Name =~ / /) {
4499. (41) if (&User-Name =~ / /) -> FALSE
4500. (41) if (&User-Name =~ /@[^@]*@/ ) {
4501. (41) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
4502. (41) if (&User-Name =~ /\.\./ ) {
4503. (41) if (&User-Name =~ /\.\./ ) -> FALSE
4504. (41) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
4505. (41) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
4506. (41) if (&User-Name =~ /\.$/) {
4507. (41) if (&User-Name =~ /\.$/) -> FALSE
4508. (41) if (&User-Name =~ /@\./) {
4509. (41) if (&User-Name =~ /@\./) -> FALSE
4510. (41) } # if (&User-Name) = notfound
4511. (41) } # policy filter_username = notfound
4512. (41) [preprocess] = ok
4513. (41) [chap] = noop
4514. (41) [mschap] = noop
4515. (41) [digest] = noop
4516. (41) suffix: Checking for suffix after "@"
4517. (41) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
4518. (41) suffix: No such realm "NULL"
4519. (41) [suffix] = noop
4520. (41) eap: Peer sent EAP Response (code 2) ID 41 length 15
4521. (41) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
4522. (41) [eap] = ok
4523. (41) } # authorize = ok
4524. (41) Found Auth-Type = eap
4525. (41) # Executing group from file /etc/raddb/sites-enabled/default
4526. (41) authenticate {
4527. (41) eap: Peer sent packet with method EAP Identity (1)
4528. (41) eap: Calling submodule eap_peap to process data
4529. (41) eap_peap: Initiating new EAP-TLS session
4530. (41) eap_peap: [eaptls start] = request
4531. (41) eap: Sending EAP Request (code 1) ID 42 length 6
4532. (41) eap: EAP session adding &reply:State = 0x28f6c84028dcd184
4533. (41) [eap] = handled
4534. (41) } # authenticate = handled
4535. (41) Using Post-Auth-Type Challenge
4536. (41) Post-Auth-Type sub-section not found. Ignoring.
4537. (41) # Executing group from file /etc/raddb/sites-enabled/default
4538. (41) Sent Access-Challenge Id 65 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
4539. (41) EAP-Message = 0x012a00061920
4540. (41) Message-Authenticator = 0x00000000000000000000000000000000
4541. (41) State = 0x28f6c84028dcd18478d8424bff74335c
4542. (41) Finished request
4543. Waking up in 3.9 seconds.
4544. (42) Received Access-Request Id 66 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
4545. (42) User-Name = "vkratsberg"
4546. (42) NAS-Port = 358
4547. (42) State = 0x28f6c84028dcd18478d8424bff74335c
4548. (42) EAP-Message = 0x022a00a31980000000991603010094010000900301573f503ca9da0f4f63ae81042fc7ff9561e4e4fcf1e4fef49ac13443146f75a920274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
4549. (42) Message-Authenticator = 0x1e764b9a0b6c28174f2d473a36dbc8ee
4550. (42) Acct-Session-Id = "8O2.1x81bb083c000b19ff"
4551. (42) NAS-Port-Id = "ge-3/0/6.0"
4552. (42) Calling-Station-Id = "00-e0-4c-b8-16-4d"
4553. (42) Called-Station-Id = "ec-3e-f7-68-35-00"
4554. (42) NAS-IP-Address = 10.8.0.111
4555. (42) NAS-Identifier = "nyc-access-sw011"
4556. (42) NAS-Port-Type = Ethernet
4557. (42) session-state: No cached attributes
4558. (42) # Executing section authorize from file /etc/raddb/sites-enabled/default
4559. (42) authorize {
4560. (42) policy filter_username {
4561. (42) if (&User-Name) {
4562. (42) if (&User-Name) -> TRUE
4563. (42) if (&User-Name) {
4564. (42) if (&User-Name =~ / /) {
4565. (42) if (&User-Name =~ / /) -> FALSE
4566. (42) if (&User-Name =~ /@[^@]*@/ ) {
4567. (42) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
4568. (42) if (&User-Name =~ /\.\./ ) {
4569. (42) if (&User-Name =~ /\.\./ ) -> FALSE
4570. (42) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
4571. (42) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
4572. (42) if (&User-Name =~ /\.$/) {
4573. (42) if (&User-Name =~ /\.$/) -> FALSE
4574. (42) if (&User-Name =~ /@\./) {
4575. (42) if (&User-Name =~ /@\./) -> FALSE
4576. (42) } # if (&User-Name) = notfound
4577. (42) } # policy filter_username = notfound
4578. (42) [preprocess] = ok
4579. (42) [chap] = noop
4580. (42) [mschap] = noop
4581. (42) [digest] = noop
4582. (42) suffix: Checking for suffix after "@"
4583. (42) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
4584. (42) suffix: No such realm "NULL"
4585. (42) [suffix] = noop
4586. (42) eap: Peer sent EAP Response (code 2) ID 42 length 163
4587. (42) eap: Continuing tunnel setup
4588. (42) [eap] = ok
4589. (42) } # authorize = ok
4590. (42) Found Auth-Type = eap
4591. (42) # Executing group from file /etc/raddb/sites-enabled/default
4592. (42) authenticate {
4593. (42) eap: Expiring EAP session with state 0x28f6c84028dcd184
4594. (42) eap: Finished EAP session with state 0x28f6c84028dcd184
4595. (42) eap: Previous EAP request found for state 0x28f6c84028dcd184, released from the list
4596. (42) eap: Peer sent packet with method EAP PEAP (25)
4597. (42) eap: Calling submodule eap_peap to process data
4598. (42) eap_peap: Continuing EAP-TLS
4599. (42) eap_peap: Peer indicated complete TLS record size will be 153 bytes
4600. (42) eap_peap: Got complete TLS record (153 bytes)
4601. (42) eap_peap: [eaptls verify] = length included
4602. (42) eap_peap: (other): before/accept initialization
4603. (42) eap_peap: TLS_accept: before/accept initialization
4604. (42) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
4605. (42) eap_peap: TLS_accept: SSLv3 read client hello A
4606. (42) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
4607. (42) eap_peap: TLS_accept: SSLv3 write server hello A
4608. (42) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
4609. (42) eap_peap: TLS_accept: SSLv3 write change cipher spec A
4610. (42) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
4611. (42) eap_peap: TLS_accept: SSLv3 write finished A
4612. (42) eap_peap: TLS_accept: SSLv3 flush data
4613. (42) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
4614. (42) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
4615. (42) eap_peap: In SSL Handshake Phase
4616. (42) eap_peap: In SSL Accept mode
4617. (42) eap_peap: [eaptls process] = handled
4618. (42) eap: Sending EAP Request (code 1) ID 43 length 159
4619. (42) eap: EAP session adding &reply:State = 0x28f6c84029ddd184
4620. (42) [eap] = handled
4621. (42) } # authenticate = handled
4622. (42) Using Post-Auth-Type Challenge
4623. (42) Post-Auth-Type sub-section not found. Ignoring.
4624. (42) # Executing group from file /etc/raddb/sites-enabled/default
4625. (42) Sent Access-Challenge Id 66 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
4626. (42) EAP-Message = 0x012b009f19001603010059020000550301573f503ca79299873855e6d654097db8cfa04372c8f3815b929974d973c29a1b20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030f9e67d83a81cd6c9
4627. (42) Message-Authenticator = 0x00000000000000000000000000000000
4628. (42) State = 0x28f6c84029ddd18478d8424bff74335c
4629. (42) Finished request
4630. Waking up in 3.8 seconds.
4631. (43) Received Access-Request Id 67 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
4632. (43) User-Name = "vkratsberg"
4633. (43) NAS-Port = 358
4634. (43) State = 0x28f6c84029ddd18478d8424bff74335c
4635. (43) EAP-Message = 0x022b004519800000003b14030100010116030100304bfc6b34724ac03a73bbc846e7046d9fe4de548a27d56abf28d5a4e4080f2981927ae891be76c44b71e32bebb82524a0
4636. (43) Message-Authenticator = 0x119d734eabeec4f55f2a22a4a1f9af00
4637. (43) Acct-Session-Id = "8O2.1x81bb083c000b19ff"
4638. (43) NAS-Port-Id = "ge-3/0/6.0"
4639. (43) Calling-Station-Id = "00-e0-4c-b8-16-4d"
4640. (43) Called-Station-Id = "ec-3e-f7-68-35-00"
4641. (43) NAS-IP-Address = 10.8.0.111
4642. (43) NAS-Identifier = "nyc-access-sw011"
4643. (43) NAS-Port-Type = Ethernet
4644. (43) session-state: No cached attributes
4645. (43) # Executing section authorize from file /etc/raddb/sites-enabled/default
4646. (43) authorize {
4647. (43) policy filter_username {
4648. (43) if (&User-Name) {
4649. (43) if (&User-Name) -> TRUE
4650. (43) if (&User-Name) {
4651. (43) if (&User-Name =~ / /) {
4652. (43) if (&User-Name =~ / /) -> FALSE
4653. (43) if (&User-Name =~ /@[^@]*@/ ) {
4654. (43) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
4655. (43) if (&User-Name =~ /\.\./ ) {
4656. (43) if (&User-Name =~ /\.\./ ) -> FALSE
4657. (43) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
4658. (43) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
4659. (43) if (&User-Name =~ /\.$/) {
4660. (43) if (&User-Name =~ /\.$/) -> FALSE
4661. (43) if (&User-Name =~ /@\./) {
4662. (43) if (&User-Name =~ /@\./) -> FALSE
4663. (43) } # if (&User-Name) = notfound
4664. (43) } # policy filter_username = notfound
4665. (43) [preprocess] = ok
4666. (43) [chap] = noop
4667. (43) [mschap] = noop
4668. (43) [digest] = noop
4669. (43) suffix: Checking for suffix after "@"
4670. (43) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
4671. (43) suffix: No such realm "NULL"
4672. (43) [suffix] = noop
4673. (43) eap: Peer sent EAP Response (code 2) ID 43 length 69
4674. (43) eap: Continuing tunnel setup
4675. (43) [eap] = ok
4676. (43) } # authorize = ok
4677. (43) Found Auth-Type = eap
4678. (43) # Executing group from file /etc/raddb/sites-enabled/default
4679. (43) authenticate {
4680. (43) eap: Expiring EAP session with state 0x28f6c84029ddd184
4681. (43) eap: Finished EAP session with state 0x28f6c84029ddd184
4682. (43) eap: Previous EAP request found for state 0x28f6c84029ddd184, released from the list
4683. (43) eap: Peer sent packet with method EAP PEAP (25)
4684. (43) eap: Calling submodule eap_peap to process data
4685. (43) eap_peap: Continuing EAP-TLS
4686. (43) eap_peap: Peer indicated complete TLS record size will be 59 bytes
4687. (43) eap_peap: Got complete TLS record (59 bytes)
4688. (43) eap_peap: [eaptls verify] = length included
4689. (43) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
4690. (43) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
4691. (43) eap_peap: TLS_accept: SSLv3 read finished A
4692. (43) eap_peap: (other): SSL negotiation finished successfully
4693. (43) eap_peap: SSL Connection Established
4694. (43) eap_peap: SSL Application Data
4695. (43) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
4696. (43) eap_peap: reply:User-Name = "vkratsberg"
4697. (43) eap_peap: [eaptls process] = success
4698. (43) eap_peap: Session established. Decoding tunneled attributes
4699. (43) eap_peap: PEAP state TUNNEL ESTABLISHED
4700. (43) eap_peap: Skipping Phase2 because of session resumption
4701. (43) eap_peap: SUCCESS
4702. (43) eap: Sending EAP Request (code 1) ID 44 length 43
4703. (43) eap: EAP session adding &reply:State = 0x28f6c8402adad184
4704. (43) [eap] = handled
4705. (43) } # authenticate = handled
4706. (43) Using Post-Auth-Type Challenge
4707. (43) Post-Auth-Type sub-section not found. Ignoring.
4708. (43) # Executing group from file /etc/raddb/sites-enabled/default
4709. (43) Sent Access-Challenge Id 67 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
4710. (43) User-Name = "vkratsberg"
4711. (43) EAP-Message = 0x012c002b1900170301002048ecf6f58e06020286b2623fa722454a1644bcf4f0e9eacadce21082f5883c3a
4712. (43) Message-Authenticator = 0x00000000000000000000000000000000
4713. (43) State = 0x28f6c8402adad18478d8424bff74335c
4714. (43) Finished request
4715. Waking up in 3.8 seconds.
4716. (44) Received Access-Request Id 68 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
4717. (44) User-Name = "vkratsberg"
4718. (44) NAS-Port = 358
4719. (44) State = 0x28f6c8402adad18478d8424bff74335c
4720. (44) EAP-Message = 0x022c002b1900170301002028709ee949af9b9063878c3048d7a090fb626e6b6ff73a2cef1eb075de052a35
4721. (44) Message-Authenticator = 0xbd8d03c29db9d7e1a2bf94ddf7ad17e9
4722. (44) Acct-Session-Id = "8O2.1x81bb083c000b19ff"
4723. (44) NAS-Port-Id = "ge-3/0/6.0"
4724. (44) Calling-Station-Id = "00-e0-4c-b8-16-4d"
4725. (44) Called-Station-Id = "ec-3e-f7-68-35-00"
4726. (44) NAS-IP-Address = 10.8.0.111
4727. (44) NAS-Identifier = "nyc-access-sw011"
4728. (44) NAS-Port-Type = Ethernet
4729. (44) session-state: No cached attributes
4730. (44) # Executing section authorize from file /etc/raddb/sites-enabled/default
4731. (44) authorize {
4732. (44) policy filter_username {
4733. (44) if (&User-Name) {
4734. (44) if (&User-Name) -> TRUE
4735. (44) if (&User-Name) {
4736. (44) if (&User-Name =~ / /) {
4737. (44) if (&User-Name =~ / /) -> FALSE
4738. (44) if (&User-Name =~ /@[^@]*@/ ) {
4739. (44) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
4740. (44) if (&User-Name =~ /\.\./ ) {
4741. (44) if (&User-Name =~ /\.\./ ) -> FALSE
4742. (44) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
4743. (44) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
4744. (44) if (&User-Name =~ /\.$/) {
4745. (44) if (&User-Name =~ /\.$/) -> FALSE
4746. (44) if (&User-Name =~ /@\./) {
4747. (44) if (&User-Name =~ /@\./) -> FALSE
4748. (44) } # if (&User-Name) = notfound
4749. (44) } # policy filter_username = notfound
4750. (44) [preprocess] = ok
4751. (44) [chap] = noop
4752. (44) [mschap] = noop
4753. (44) [digest] = noop
4754. (44) suffix: Checking for suffix after "@"
4755. (44) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
4756. (44) suffix: No such realm "NULL"
4757. (44) [suffix] = noop
4758. (44) eap: Peer sent EAP Response (code 2) ID 44 length 43
4759. (44) eap: Continuing tunnel setup
4760. (44) [eap] = ok
4761. (44) } # authorize = ok
4762. (44) Found Auth-Type = eap
4763. (44) # Executing group from file /etc/raddb/sites-enabled/default
4764. (44) authenticate {
4765. (44) eap: Expiring EAP session with state 0x28f6c8402adad184
4766. (44) eap: Finished EAP session with state 0x28f6c8402adad184
4767. (44) eap: Previous EAP request found for state 0x28f6c8402adad184, released from the list
4768. (44) eap: Peer sent packet with method EAP PEAP (25)
4769. (44) eap: Calling submodule eap_peap to process data
4770. (44) eap_peap: Continuing EAP-TLS
4771. (44) eap_peap: [eaptls verify] = ok
4772. (44) eap_peap: Done initial handshake
4773. (44) eap_peap: [eaptls process] = ok
4774. (44) eap_peap: Session established. Decoding tunneled attributes
4775. (44) eap_peap: PEAP state send tlv success
4776. (44) eap_peap: Received EAP-TLV response
4777. (44) eap_peap: Success
4778. (44) eap_peap: No saved attributes in the original Access-Accept
4779. (44) eap: Sending EAP Success (code 3) ID 44 length 4
4780. (44) eap: Freeing handler
4781. (44) [eap] = ok
4782. (44) } # authenticate = ok
4783. (44) # Executing section post-auth from file /etc/raddb/sites-enabled/default
4784. (44) post-auth {
4785. (44) update {
4786. (44) No attributes updated
4787. (44) } # update = noop
4788. (44) [exec] = noop
4789. (44) policy remove_reply_message_if_eap {
4790. (44) if (&reply:EAP-Message && &reply:Reply-Message) {
4791. (44) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
4792. (44) else {
4793. (44) [noop] = noop
4794. (44) } # else = noop
4795. (44) } # policy remove_reply_message_if_eap = noop
4796. (44) } # post-auth = noop
4797. (44) Sent Access-Accept Id 68 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
4798. (44) MS-MPPE-Recv-Key = 0x8b48fbeec5aae61ac123a735851f443710b8fd9637f0a202345d6f914104f9a9
4799. (44) MS-MPPE-Send-Key = 0xae3b1b79acbe204acae5e2b4352209681417f5a0f1715e3cf5cee9d668015dd0
4800. (44) EAP-Message = 0x032c0004
4801. (44) Message-Authenticator = 0x00000000000000000000000000000000
4802. (44) User-Name = "vkratsberg"
4803. (44) Finished request
4804. Waking up in 3.8 seconds.
4805. (45) Received Access-Request Id 69 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
4806. (45) User-Name = "vkratsberg"
4807. (45) NAS-Port = 358
4808. (45) EAP-Message = 0x022d000f01766b7261747362657267
4809. (45) Message-Authenticator = 0x8fcea9c4b8db459435a50a35b687a6c6
4810. (45) Acct-Session-Id = "8O2.1x81bb083d000cb970"
4811. (45) NAS-Port-Id = "ge-3/0/6.0"
4812. (45) Calling-Station-Id = "00-e0-4c-b8-16-4d"
4813. (45) Called-Station-Id = "ec-3e-f7-68-35-00"
4814. (45) NAS-IP-Address = 10.8.0.111
4815. (45) NAS-Identifier = "nyc-access-sw011"
4816. (45) NAS-Port-Type = Ethernet
4817. (45) # Executing section authorize from file /etc/raddb/sites-enabled/default
4818. (45) authorize {
4819. (45) policy filter_username {
4820. (45) if (&User-Name) {
4821. (45) if (&User-Name) -> TRUE
4822. (45) if (&User-Name) {
4823. (45) if (&User-Name =~ / /) {
4824. (45) if (&User-Name =~ / /) -> FALSE
4825. (45) if (&User-Name =~ /@[^@]*@/ ) {
4826. (45) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
4827. (45) if (&User-Name =~ /\.\./ ) {
4828. (45) if (&User-Name =~ /\.\./ ) -> FALSE
4829. (45) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
4830. (45) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
4831. (45) if (&User-Name =~ /\.$/) {
4832. (45) if (&User-Name =~ /\.$/) -> FALSE
4833. (45) if (&User-Name =~ /@\./) {
4834. (45) if (&User-Name =~ /@\./) -> FALSE
4835. (45) } # if (&User-Name) = notfound
4836. (45) } # policy filter_username = notfound
4837. (45) [preprocess] = ok
4838. (45) [chap] = noop
4839. (45) [mschap] = noop
4840. (45) [digest] = noop
4841. (45) suffix: Checking for suffix after "@"
4842. (45) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
4843. (45) suffix: No such realm "NULL"
4844. (45) [suffix] = noop
4845. (45) eap: Peer sent EAP Response (code 2) ID 45 length 15
4846. (45) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
4847. (45) [eap] = ok
4848. (45) } # authorize = ok
4849. (45) Found Auth-Type = eap
4850. (45) # Executing group from file /etc/raddb/sites-enabled/default
4851. (45) authenticate {
4852. (45) eap: Peer sent packet with method EAP Identity (1)
4853. (45) eap: Calling submodule eap_peap to process data
4854. (45) eap_peap: Initiating new EAP-TLS session
4855. (45) eap_peap: [eaptls start] = request
4856. (45) eap: Sending EAP Request (code 1) ID 46 length 6
4857. (45) eap: EAP session adding &reply:State = 0x69e7c57269c9dc73
4858. (45) [eap] = handled
4859. (45) } # authenticate = handled
4860. (45) Using Post-Auth-Type Challenge
4861. (45) Post-Auth-Type sub-section not found. Ignoring.
4862. (45) # Executing group from file /etc/raddb/sites-enabled/default
4863. (45) Sent Access-Challenge Id 69 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
4864. (45) EAP-Message = 0x012e00061920
4865. (45) Message-Authenticator = 0x00000000000000000000000000000000
4866. (45) State = 0x69e7c57269c9dc735a60f4e51e72f69e
4867. (45) Finished request
4868. Waking up in 3.7 seconds.
4869. (46) Received Access-Request Id 70 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
4870. (46) User-Name = "vkratsberg"
4871. (46) NAS-Port = 358
4872. (46) State = 0x69e7c57269c9dc735a60f4e51e72f69e
4873. (46) EAP-Message = 0x022e00a31980000000991603010094010000900301573f503c113a97f0901dacc6010fd744944e7b4bbd6c2c34db737b39faeae3f920274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
4874. (46) Message-Authenticator = 0xe9a284e74cb375a00b41089d3b790a04
4875. (46) Acct-Session-Id = "8O2.1x81bb083d000cb970"
4876. (46) NAS-Port-Id = "ge-3/0/6.0"
4877. (46) Calling-Station-Id = "00-e0-4c-b8-16-4d"
4878. (46) Called-Station-Id = "ec-3e-f7-68-35-00"
4879. (46) NAS-IP-Address = 10.8.0.111
4880. (46) NAS-Identifier = "nyc-access-sw011"
4881. (46) NAS-Port-Type = Ethernet
4882. (46) session-state: No cached attributes
4883. (46) # Executing section authorize from file /etc/raddb/sites-enabled/default
4884. (46) authorize {
4885. (46) policy filter_username {
4886. (46) if (&User-Name) {
4887. (46) if (&User-Name) -> TRUE
4888. (46) if (&User-Name) {
4889. (46) if (&User-Name =~ / /) {
4890. (46) if (&User-Name =~ / /) -> FALSE
4891. (46) if (&User-Name =~ /@[^@]*@/ ) {
4892. (46) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
4893. (46) if (&User-Name =~ /\.\./ ) {
4894. (46) if (&User-Name =~ /\.\./ ) -> FALSE
4895. (46) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
4896. (46) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
4897. (46) if (&User-Name =~ /\.$/) {
4898. (46) if (&User-Name =~ /\.$/) -> FALSE
4899. (46) if (&User-Name =~ /@\./) {
4900. (46) if (&User-Name =~ /@\./) -> FALSE
4901. (46) } # if (&User-Name) = notfound
4902. (46) } # policy filter_username = notfound
4903. (46) [preprocess] = ok
4904. (46) [chap] = noop
4905. (46) [mschap] = noop
4906. (46) [digest] = noop
4907. (46) suffix: Checking for suffix after "@"
4908. (46) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
4909. (46) suffix: No such realm "NULL"
4910. (46) [suffix] = noop
4911. (46) eap: Peer sent EAP Response (code 2) ID 46 length 163
4912. (46) eap: Continuing tunnel setup
4913. (46) [eap] = ok
4914. (46) } # authorize = ok
4915. (46) Found Auth-Type = eap
4916. (46) # Executing group from file /etc/raddb/sites-enabled/default
4917. (46) authenticate {
4918. (46) eap: Expiring EAP session with state 0x69e7c57269c9dc73
4919. (46) eap: Finished EAP session with state 0x69e7c57269c9dc73
4920. (46) eap: Previous EAP request found for state 0x69e7c57269c9dc73, released from the list
4921. (46) eap: Peer sent packet with method EAP PEAP (25)
4922. (46) eap: Calling submodule eap_peap to process data
4923. (46) eap_peap: Continuing EAP-TLS
4924. (46) eap_peap: Peer indicated complete TLS record size will be 153 bytes
4925. (46) eap_peap: Got complete TLS record (153 bytes)
4926. (46) eap_peap: [eaptls verify] = length included
4927. (46) eap_peap: (other): before/accept initialization
4928. (46) eap_peap: TLS_accept: before/accept initialization
4929. (46) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
4930. (46) eap_peap: TLS_accept: SSLv3 read client hello A
4931. (46) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
4932. (46) eap_peap: TLS_accept: SSLv3 write server hello A
4933. (46) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
4934. (46) eap_peap: TLS_accept: SSLv3 write change cipher spec A
4935. (46) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
4936. (46) eap_peap: TLS_accept: SSLv3 write finished A
4937. (46) eap_peap: TLS_accept: SSLv3 flush data
4938. (46) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
4939. (46) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
4940. (46) eap_peap: In SSL Handshake Phase
4941. (46) eap_peap: In SSL Accept mode
4942. (46) eap_peap: [eaptls process] = handled
4943. (46) eap: Sending EAP Request (code 1) ID 47 length 159
4944. (46) eap: EAP session adding &reply:State = 0x69e7c57268c8dc73
4945. (46) [eap] = handled
4946. (46) } # authenticate = handled
4947. (46) Using Post-Auth-Type Challenge
4948. (46) Post-Auth-Type sub-section not found. Ignoring.
4949. (46) # Executing group from file /etc/raddb/sites-enabled/default
4950. (46) Sent Access-Challenge Id 70 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
4951. (46) EAP-Message = 0x012f009f19001603010059020000550301573f503c569b425e4b92c1aa3a74f2a3f111c5c11944c210d0a727fd011dc70d20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030f2057e6d738dd2c3
4952. (46) Message-Authenticator = 0x00000000000000000000000000000000
4953. (46) State = 0x69e7c57268c8dc735a60f4e51e72f69e
4954. (46) Finished request
4955. Waking up in 3.7 seconds.
4956. (47) Received Access-Request Id 71 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
4957. (47) User-Name = "vkratsberg"
4958. (47) NAS-Port = 358
4959. (47) State = 0x69e7c57268c8dc735a60f4e51e72f69e
4960. (47) EAP-Message = 0x022f004519800000003b140301000101160301003028374707ab6cb4ca6a8caac62f916c21ff0e36f92590eff947364aa1bc7d1c382542a71a5a3f1ce5398012940467d8d2
4961. (47) Message-Authenticator = 0x5dfc3f303d950cb2fa177128f40b767d
4962. (47) Acct-Session-Id = "8O2.1x81bb083d000cb970"
4963. (47) NAS-Port-Id = "ge-3/0/6.0"
4964. (47) Calling-Station-Id = "00-e0-4c-b8-16-4d"
4965. (47) Called-Station-Id = "ec-3e-f7-68-35-00"
4966. (47) NAS-IP-Address = 10.8.0.111
4967. (47) NAS-Identifier = "nyc-access-sw011"
4968. (47) NAS-Port-Type = Ethernet
4969. (47) session-state: No cached attributes
4970. (47) # Executing section authorize from file /etc/raddb/sites-enabled/default
4971. (47) authorize {
4972. (47) policy filter_username {
4973. (47) if (&User-Name) {
4974. (47) if (&User-Name) -> TRUE
4975. (47) if (&User-Name) {
4976. (47) if (&User-Name =~ / /) {
4977. (47) if (&User-Name =~ / /) -> FALSE
4978. (47) if (&User-Name =~ /@[^@]*@/ ) {
4979. (47) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
4980. (47) if (&User-Name =~ /\.\./ ) {
4981. (47) if (&User-Name =~ /\.\./ ) -> FALSE
4982. (47) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
4983. (47) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
4984. (47) if (&User-Name =~ /\.$/) {
4985. (47) if (&User-Name =~ /\.$/) -> FALSE
4986. (47) if (&User-Name =~ /@\./) {
4987. (47) if (&User-Name =~ /@\./) -> FALSE
4988. (47) } # if (&User-Name) = notfound
4989. (47) } # policy filter_username = notfound
4990. (47) [preprocess] = ok
4991. (47) [chap] = noop
4992. (47) [mschap] = noop
4993. (47) [digest] = noop
4994. (47) suffix: Checking for suffix after "@"
4995. (47) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
4996. (47) suffix: No such realm "NULL"
4997. (47) [suffix] = noop
4998. (47) eap: Peer sent EAP Response (code 2) ID 47 length 69
4999. (47) eap: Continuing tunnel setup
5000. (47) [eap] = ok
5001. (47) } # authorize = ok
5002. (47) Found Auth-Type = eap
5003. (47) # Executing group from file /etc/raddb/sites-enabled/default
5004. (47) authenticate {
5005. (47) eap: Expiring EAP session with state 0x69e7c57268c8dc73
5006. (47) eap: Finished EAP session with state 0x69e7c57268c8dc73
5007. (47) eap: Previous EAP request found for state 0x69e7c57268c8dc73, released from the list
5008. (47) eap: Peer sent packet with method EAP PEAP (25)
5009. (47) eap: Calling submodule eap_peap to process data
5010. (47) eap_peap: Continuing EAP-TLS
5011. (47) eap_peap: Peer indicated complete TLS record size will be 59 bytes
5012. (47) eap_peap: Got complete TLS record (59 bytes)
5013. (47) eap_peap: [eaptls verify] = length included
5014. (47) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
5015. (47) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
5016. (47) eap_peap: TLS_accept: SSLv3 read finished A
5017. (47) eap_peap: (other): SSL negotiation finished successfully
5018. (47) eap_peap: SSL Connection Established
5019. (47) eap_peap: SSL Application Data
5020. (47) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
5021. (47) eap_peap: reply:User-Name = "vkratsberg"
5022. (47) eap_peap: [eaptls process] = success
5023. (47) eap_peap: Session established. Decoding tunneled attributes
5024. (47) eap_peap: PEAP state TUNNEL ESTABLISHED
5025. (47) eap_peap: Skipping Phase2 because of session resumption
5026. (47) eap_peap: SUCCESS
5027. (47) eap: Sending EAP Request (code 1) ID 48 length 43
5028. (47) eap: EAP session adding &reply:State = 0x69e7c5726bd7dc73
5029. (47) [eap] = handled
5030. (47) } # authenticate = handled
5031. (47) Using Post-Auth-Type Challenge
5032. (47) Post-Auth-Type sub-section not found. Ignoring.
5033. (47) # Executing group from file /etc/raddb/sites-enabled/default
5034. (47) Sent Access-Challenge Id 71 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
5035. (47) User-Name = "vkratsberg"
5036. (47) EAP-Message = 0x0130002b1900170301002054deb532970d49cd887e7121556130766081448a9519e38ef64fda758587c40b
5037. (47) Message-Authenticator = 0x00000000000000000000000000000000
5038. (47) State = 0x69e7c5726bd7dc735a60f4e51e72f69e
5039. (47) Finished request
5040. Waking up in 3.7 seconds.
5041. (48) Received Access-Request Id 72 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
5042. (48) User-Name = "vkratsberg"
5043. (48) NAS-Port = 358
5044. (48) State = 0x69e7c5726bd7dc735a60f4e51e72f69e
5045. (48) EAP-Message = 0x0230002b19001703010020bad22967f18ed2b651ec95c5d1b223f5ffe3afcc607273204faa6319a3b8b829
5046. (48) Message-Authenticator = 0x828a7d6815f2297b499909ad42776c2c
5047. (48) Acct-Session-Id = "8O2.1x81bb083d000cb970"
5048. (48) NAS-Port-Id = "ge-3/0/6.0"
5049. (48) Calling-Station-Id = "00-e0-4c-b8-16-4d"
5050. (48) Called-Station-Id = "ec-3e-f7-68-35-00"
5051. (48) NAS-IP-Address = 10.8.0.111
5052. (48) NAS-Identifier = "nyc-access-sw011"
5053. (48) NAS-Port-Type = Ethernet
5054. (48) session-state: No cached attributes
5055. (48) # Executing section authorize from file /etc/raddb/sites-enabled/default
5056. (48) authorize {
5057. (48) policy filter_username {
5058. (48) if (&User-Name) {
5059. (48) if (&User-Name) -> TRUE
5060. (48) if (&User-Name) {
5061. (48) if (&User-Name =~ / /) {
5062. (48) if (&User-Name =~ / /) -> FALSE
5063. (48) if (&User-Name =~ /@[^@]*@/ ) {
5064. (48) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
5065. (48) if (&User-Name =~ /\.\./ ) {
5066. (48) if (&User-Name =~ /\.\./ ) -> FALSE
5067. (48) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
5068. (48) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
5069. (48) if (&User-Name =~ /\.$/) {
5070. (48) if (&User-Name =~ /\.$/) -> FALSE
5071. (48) if (&User-Name =~ /@\./) {
5072. (48) if (&User-Name =~ /@\./) -> FALSE
5073. (48) } # if (&User-Name) = notfound
5074. (48) } # policy filter_username = notfound
5075. (48) [preprocess] = ok
5076. (48) [chap] = noop
5077. (48) [mschap] = noop
5078. (48) [digest] = noop
5079. (48) suffix: Checking for suffix after "@"
5080. (48) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
5081. (48) suffix: No such realm "NULL"
5082. (48) [suffix] = noop
5083. (48) eap: Peer sent EAP Response (code 2) ID 48 length 43
5084. (48) eap: Continuing tunnel setup
5085. (48) [eap] = ok
5086. (48) } # authorize = ok
5087. (48) Found Auth-Type = eap
5088. (48) # Executing group from file /etc/raddb/sites-enabled/default
5089. (48) authenticate {
5090. (48) eap: Expiring EAP session with state 0x69e7c5726bd7dc73
5091. (48) eap: Finished EAP session with state 0x69e7c5726bd7dc73
5092. (48) eap: Previous EAP request found for state 0x69e7c5726bd7dc73, released from the list
5093. (48) eap: Peer sent packet with method EAP PEAP (25)
5094. (48) eap: Calling submodule eap_peap to process data
5095. (48) eap_peap: Continuing EAP-TLS
5096. (48) eap_peap: [eaptls verify] = ok
5097. (48) eap_peap: Done initial handshake
5098. (48) eap_peap: [eaptls process] = ok
5099. (48) eap_peap: Session established. Decoding tunneled attributes
5100. (48) eap_peap: PEAP state send tlv success
5101. (48) eap_peap: Received EAP-TLV response
5102. (48) eap_peap: Success
5103. (48) eap_peap: No saved attributes in the original Access-Accept
5104. (48) eap: Sending EAP Success (code 3) ID 48 length 4
5105. (48) eap: Freeing handler
5106. (48) [eap] = ok
5107. (48) } # authenticate = ok
5108. (48) # Executing section post-auth from file /etc/raddb/sites-enabled/default
5109. (48) post-auth {
5110. (48) update {
5111. (48) No attributes updated
5112. (48) } # update = noop
5113. (48) [exec] = noop
5114. (48) policy remove_reply_message_if_eap {
5115. (48) if (&reply:EAP-Message && &reply:Reply-Message) {
5116. (48) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
5117. (48) else {
5118. (48) [noop] = noop
5119. (48) } # else = noop
5120. (48) } # policy remove_reply_message_if_eap = noop
5121. (48) } # post-auth = noop
5122. (48) Sent Access-Accept Id 72 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
5123. (48) MS-MPPE-Recv-Key = 0x36422e597c51c2e827562d5030f7bf2c74b9bf085f2c41b742b8751e9076f7da
5124. (48) MS-MPPE-Send-Key = 0x1897a9264730b5a18f82ef7e64cbf74f0e8ed6fe0fa3260b4b7d91f8f211b79d
5125. (48) EAP-Message = 0x03300004
5126. (48) Message-Authenticator = 0x00000000000000000000000000000000
5127. (48) User-Name = "vkratsberg"
5128. (48) Finished request
5129. Waking up in 3.7 seconds.
5130. (49) Received Access-Request Id 73 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
5131. (49) User-Name = "vkratsberg"
5132. (49) NAS-Port = 358
5133. (49) EAP-Message = 0x0231000f01766b7261747362657267
5134. (49) Message-Authenticator = 0x3fc590004fe05da7f8b1b055170fd49d
5135. (49) Acct-Session-Id = "8O2.1x81bb083e000e5717"
5136. (49) NAS-Port-Id = "ge-3/0/6.0"
5137. (49) Calling-Station-Id = "00-e0-4c-b8-16-4d"
5138. (49) Called-Station-Id = "ec-3e-f7-68-35-00"
5139. (49) NAS-IP-Address = 10.8.0.111
5140. (49) NAS-Identifier = "nyc-access-sw011"
5141. (49) NAS-Port-Type = Ethernet
5142. (49) # Executing section authorize from file /etc/raddb/sites-enabled/default
5143. (49) authorize {
5144. (49) policy filter_username {
5145. (49) if (&User-Name) {
5146. (49) if (&User-Name) -> TRUE
5147. (49) if (&User-Name) {
5148. (49) if (&User-Name =~ / /) {
5149. (49) if (&User-Name =~ / /) -> FALSE
5150. (49) if (&User-Name =~ /@[^@]*@/ ) {
5151. (49) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
5152. (49) if (&User-Name =~ /\.\./ ) {
5153. (49) if (&User-Name =~ /\.\./ ) -> FALSE
5154. (49) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
5155. (49) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
5156. (49) if (&User-Name =~ /\.$/) {
5157. (49) if (&User-Name =~ /\.$/) -> FALSE
5158. (49) if (&User-Name =~ /@\./) {
5159. (49) if (&User-Name =~ /@\./) -> FALSE
5160. (49) } # if (&User-Name) = notfound
5161. (49) } # policy filter_username = notfound
5162. (49) [preprocess] = ok
5163. (49) [chap] = noop
5164. (49) [mschap] = noop
5165. (49) [digest] = noop
5166. (49) suffix: Checking for suffix after "@"
5167. (49) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
5168. (49) suffix: No such realm "NULL"
5169. (49) [suffix] = noop
5170. (49) eap: Peer sent EAP Response (code 2) ID 49 length 15
5171. (49) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
5172. (49) [eap] = ok
5173. (49) } # authorize = ok
5174. (49) Found Auth-Type = eap
5175. (49) # Executing group from file /etc/raddb/sites-enabled/default
5176. (49) authenticate {
5177. (49) eap: Peer sent packet with method EAP Identity (1)
5178. (49) eap: Calling submodule eap_peap to process data
5179. (49) eap_peap: Initiating new EAP-TLS session
5180. (49) eap_peap: [eaptls start] = request
5181. (49) eap: Sending EAP Request (code 1) ID 50 length 6
5182. (49) eap: EAP session adding &reply:State = 0x6f633e7e6f5127f5
5183. (49) [eap] = handled
5184. (49) } # authenticate = handled
5185. (49) Using Post-Auth-Type Challenge
5186. (49) Post-Auth-Type sub-section not found. Ignoring.
5187. (49) # Executing group from file /etc/raddb/sites-enabled/default
5188. (49) Sent Access-Challenge Id 73 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
5189. (49) EAP-Message = 0x013200061920
5190. (49) Message-Authenticator = 0x00000000000000000000000000000000
5191. (49) State = 0x6f633e7e6f5127f595e342c54cee8c47
5192. (49) Finished request
5193. Waking up in 3.6 seconds.
5194. (50) Received Access-Request Id 74 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
5195. (50) User-Name = "vkratsberg"
5196. (50) NAS-Port = 358
5197. (50) State = 0x6f633e7e6f5127f595e342c54cee8c47
5198. (50) EAP-Message = 0x023200a31980000000991603010094010000900301573f503ca951f80977707e19bf407a2d1f7e3c3f212cf0891ea75e55c17ca59f20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
5199. (50) Message-Authenticator = 0xd031c2d7efd7d75fddc12aee0a297659
5200. (50) Acct-Session-Id = "8O2.1x81bb083e000e5717"
5201. (50) NAS-Port-Id = "ge-3/0/6.0"
5202. (50) Calling-Station-Id = "00-e0-4c-b8-16-4d"
5203. (50) Called-Station-Id = "ec-3e-f7-68-35-00"
5204. (50) NAS-IP-Address = 10.8.0.111
5205. (50) NAS-Identifier = "nyc-access-sw011"
5206. (50) NAS-Port-Type = Ethernet
5207. (50) session-state: No cached attributes
5208. (50) # Executing section authorize from file /etc/raddb/sites-enabled/default
5209. (50) authorize {
5210. (50) policy filter_username {
5211. (50) if (&User-Name) {
5212. (50) if (&User-Name) -> TRUE
5213. (50) if (&User-Name) {
5214. (50) if (&User-Name =~ / /) {
5215. (50) if (&User-Name =~ / /) -> FALSE
5216. (50) if (&User-Name =~ /@[^@]*@/ ) {
5217. (50) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
5218. (50) if (&User-Name =~ /\.\./ ) {
5219. (50) if (&User-Name =~ /\.\./ ) -> FALSE
5220. (50) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
5221. (50) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
5222. (50) if (&User-Name =~ /\.$/) {
5223. (50) if (&User-Name =~ /\.$/) -> FALSE
5224. (50) if (&User-Name =~ /@\./) {
5225. (50) if (&User-Name =~ /@\./) -> FALSE
5226. (50) } # if (&User-Name) = notfound
5227. (50) } # policy filter_username = notfound
5228. (50) [preprocess] = ok
5229. (50) [chap] = noop
5230. (50) [mschap] = noop
5231. (50) [digest] = noop
5232. (50) suffix: Checking for suffix after "@"
5233. (50) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
5234. (50) suffix: No such realm "NULL"
5235. (50) [suffix] = noop
5236. (50) eap: Peer sent EAP Response (code 2) ID 50 length 163
5237. (50) eap: Continuing tunnel setup
5238. (50) [eap] = ok
5239. (50) } # authorize = ok
5240. (50) Found Auth-Type = eap
5241. (50) # Executing group from file /etc/raddb/sites-enabled/default
5242. (50) authenticate {
5243. (50) eap: Expiring EAP session with state 0x6f633e7e6f5127f5
5244. (50) eap: Finished EAP session with state 0x6f633e7e6f5127f5
5245. (50) eap: Previous EAP request found for state 0x6f633e7e6f5127f5, released from the list
5246. (50) eap: Peer sent packet with method EAP PEAP (25)
5247. (50) eap: Calling submodule eap_peap to process data
5248. (50) eap_peap: Continuing EAP-TLS
5249. (50) eap_peap: Peer indicated complete TLS record size will be 153 bytes
5250. (50) eap_peap: Got complete TLS record (153 bytes)
5251. (50) eap_peap: [eaptls verify] = length included
5252. (50) eap_peap: (other): before/accept initialization
5253. (50) eap_peap: TLS_accept: before/accept initialization
5254. (50) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
5255. (50) eap_peap: TLS_accept: SSLv3 read client hello A
5256. (50) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
5257. (50) eap_peap: TLS_accept: SSLv3 write server hello A
5258. (50) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
5259. (50) eap_peap: TLS_accept: SSLv3 write change cipher spec A
5260. (50) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
5261. (50) eap_peap: TLS_accept: SSLv3 write finished A
5262. (50) eap_peap: TLS_accept: SSLv3 flush data
5263. (50) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
5264. (50) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
5265. (50) eap_peap: In SSL Handshake Phase
5266. (50) eap_peap: In SSL Accept mode
5267. (50) eap_peap: [eaptls process] = handled
5268. (50) eap: Sending EAP Request (code 1) ID 51 length 159
5269. (50) eap: EAP session adding &reply:State = 0x6f633e7e6e5027f5
5270. (50) [eap] = handled
5271. (50) } # authenticate = handled
5272. (50) Using Post-Auth-Type Challenge
5273. (50) Post-Auth-Type sub-section not found. Ignoring.
5274. (50) # Executing group from file /etc/raddb/sites-enabled/default
5275. (50) Sent Access-Challenge Id 74 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
5276. (50) EAP-Message = 0x0133009f19001603010059020000550301573f503ced64496d6c3b684c7b6467dee4e8f5c067bd10710c531b357bee311920274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100308872d4d390cea5bd
5277. (50) Message-Authenticator = 0x00000000000000000000000000000000
5278. (50) State = 0x6f633e7e6e5027f595e342c54cee8c47
5279. (50) Finished request
5280. Waking up in 3.6 seconds.
5281. (51) Received Access-Request Id 75 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
5282. (51) User-Name = "vkratsberg"
5283. (51) NAS-Port = 358
5284. (51) State = 0x6f633e7e6e5027f595e342c54cee8c47
5285. (51) EAP-Message = 0x0233004519800000003b140301000101160301003008b5b597201ec8f231a594e0f2cdc5faddbd9d6b70f6ebc72efc260f91ad22391342684e1deedb7aba115f87c3c76540
5286. (51) Message-Authenticator = 0x0bb103b691b1aaa2147849c7ae6fc2b2
5287. (51) Acct-Session-Id = "8O2.1x81bb083e000e5717"
5288. (51) NAS-Port-Id = "ge-3/0/6.0"
5289. (51) Calling-Station-Id = "00-e0-4c-b8-16-4d"
5290. (51) Called-Station-Id = "ec-3e-f7-68-35-00"
5291. (51) NAS-IP-Address = 10.8.0.111
5292. (51) NAS-Identifier = "nyc-access-sw011"
5293. (51) NAS-Port-Type = Ethernet
5294. (51) session-state: No cached attributes
5295. (51) # Executing section authorize from file /etc/raddb/sites-enabled/default
5296. (51) authorize {
5297. (51) policy filter_username {
5298. (51) if (&User-Name) {
5299. (51) if (&User-Name) -> TRUE
5300. (51) if (&User-Name) {
5301. (51) if (&User-Name =~ / /) {
5302. (51) if (&User-Name =~ / /) -> FALSE
5303. (51) if (&User-Name =~ /@[^@]*@/ ) {
5304. (51) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
5305. (51) if (&User-Name =~ /\.\./ ) {
5306. (51) if (&User-Name =~ /\.\./ ) -> FALSE
5307. (51) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
5308. (51) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
5309. (51) if (&User-Name =~ /\.$/) {
5310. (51) if (&User-Name =~ /\.$/) -> FALSE
5311. (51) if (&User-Name =~ /@\./) {
5312. (51) if (&User-Name =~ /@\./) -> FALSE
5313. (51) } # if (&User-Name) = notfound
5314. (51) } # policy filter_username = notfound
5315. (51) [preprocess] = ok
5316. (51) [chap] = noop
5317. (51) [mschap] = noop
5318. (51) [digest] = noop
5319. (51) suffix: Checking for suffix after "@"
5320. (51) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
5321. (51) suffix: No such realm "NULL"
5322. (51) [suffix] = noop
5323. (51) eap: Peer sent EAP Response (code 2) ID 51 length 69
5324. (51) eap: Continuing tunnel setup
5325. (51) [eap] = ok
5326. (51) } # authorize = ok
5327. (51) Found Auth-Type = eap
5328. (51) # Executing group from file /etc/raddb/sites-enabled/default
5329. (51) authenticate {
5330. (51) eap: Expiring EAP session with state 0x6f633e7e6e5027f5
5331. (51) eap: Finished EAP session with state 0x6f633e7e6e5027f5
5332. (51) eap: Previous EAP request found for state 0x6f633e7e6e5027f5, released from the list
5333. (51) eap: Peer sent packet with method EAP PEAP (25)
5334. (51) eap: Calling submodule eap_peap to process data
5335. (51) eap_peap: Continuing EAP-TLS
5336. (51) eap_peap: Peer indicated complete TLS record size will be 59 bytes
5337. (51) eap_peap: Got complete TLS record (59 bytes)
5338. (51) eap_peap: [eaptls verify] = length included
5339. (51) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
5340. (51) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
5341. (51) eap_peap: TLS_accept: SSLv3 read finished A
5342. (51) eap_peap: (other): SSL negotiation finished successfully
5343. (51) eap_peap: SSL Connection Established
5344. (51) eap_peap: SSL Application Data
5345. (51) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
5346. (51) eap_peap: reply:User-Name = "vkratsberg"
5347. (51) eap_peap: [eaptls process] = success
5348. (51) eap_peap: Session established. Decoding tunneled attributes
5349. (51) eap_peap: PEAP state TUNNEL ESTABLISHED
5350. (51) eap_peap: Skipping Phase2 because of session resumption
5351. (51) eap_peap: SUCCESS
5352. (51) eap: Sending EAP Request (code 1) ID 52 length 43
5353. (51) eap: EAP session adding &reply:State = 0x6f633e7e6d5727f5
5354. (51) [eap] = handled
5355. (51) } # authenticate = handled
5356. (51) Using Post-Auth-Type Challenge
5357. (51) Post-Auth-Type sub-section not found. Ignoring.
5358. (51) # Executing group from file /etc/raddb/sites-enabled/default
5359. (51) Sent Access-Challenge Id 75 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
5360. (51) User-Name = "vkratsberg"
5361. (51) EAP-Message = 0x0134002b190017030100203003bbdf9e9548583ef6549dc21ed0b8afeddd74cd271b01393fb2bad11c19cb
5362. (51) Message-Authenticator = 0x00000000000000000000000000000000
5363. (51) State = 0x6f633e7e6d5727f595e342c54cee8c47
5364. (51) Finished request
5365. Waking up in 3.6 seconds.
5366. (52) Received Access-Request Id 76 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
5367. (52) User-Name = "vkratsberg"
5368. (52) NAS-Port = 358
5369. (52) State = 0x6f633e7e6d5727f595e342c54cee8c47
5370. (52) EAP-Message = 0x0234002b190017030100204d3a9ae0bf63d397c57f589a58e6831fe34b1f72436f372ee8a8e3ab174d2d93
5371. (52) Message-Authenticator = 0xdbaf34cd0d88c70adb9ba893d922c2e2
5372. (52) Acct-Session-Id = "8O2.1x81bb083e000e5717"
5373. (52) NAS-Port-Id = "ge-3/0/6.0"
5374. (52) Calling-Station-Id = "00-e0-4c-b8-16-4d"
5375. (52) Called-Station-Id = "ec-3e-f7-68-35-00"
5376. (52) NAS-IP-Address = 10.8.0.111
5377. (52) NAS-Identifier = "nyc-access-sw011"
5378. (52) NAS-Port-Type = Ethernet
5379. (52) session-state: No cached attributes
5380. (52) # Executing section authorize from file /etc/raddb/sites-enabled/default
5381. (52) authorize {
5382. (52) policy filter_username {
5383. (52) if (&User-Name) {
5384. (52) if (&User-Name) -> TRUE
5385. (52) if (&User-Name) {
5386. (52) if (&User-Name =~ / /) {
5387. (52) if (&User-Name =~ / /) -> FALSE
5388. (52) if (&User-Name =~ /@[^@]*@/ ) {
5389. (52) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
5390. (52) if (&User-Name =~ /\.\./ ) {
5391. (52) if (&User-Name =~ /\.\./ ) -> FALSE
5392. (52) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
5393. (52) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
5394. (52) if (&User-Name =~ /\.$/) {
5395. (52) if (&User-Name =~ /\.$/) -> FALSE
5396. (52) if (&User-Name =~ /@\./) {
5397. (52) if (&User-Name =~ /@\./) -> FALSE
5398. (52) } # if (&User-Name) = notfound
5399. (52) } # policy filter_username = notfound
5400. (52) [preprocess] = ok
5401. (52) [chap] = noop
5402. (52) [mschap] = noop
5403. (52) [digest] = noop
5404. (52) suffix: Checking for suffix after "@"
5405. (52) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
5406. (52) suffix: No such realm "NULL"
5407. (52) [suffix] = noop
5408. (52) eap: Peer sent EAP Response (code 2) ID 52 length 43
5409. (52) eap: Continuing tunnel setup
5410. (52) [eap] = ok
5411. (52) } # authorize = ok
5412. (52) Found Auth-Type = eap
5413. (52) # Executing group from file /etc/raddb/sites-enabled/default
5414. (52) authenticate {
5415. (52) eap: Expiring EAP session with state 0x6f633e7e6d5727f5
5416. (52) eap: Finished EAP session with state 0x6f633e7e6d5727f5
5417. (52) eap: Previous EAP request found for state 0x6f633e7e6d5727f5, released from the list
5418. (52) eap: Peer sent packet with method EAP PEAP (25)
5419. (52) eap: Calling submodule eap_peap to process data
5420. (52) eap_peap: Continuing EAP-TLS
5421. (52) eap_peap: [eaptls verify] = ok
5422. (52) eap_peap: Done initial handshake
5423. (52) eap_peap: [eaptls process] = ok
5424. (52) eap_peap: Session established. Decoding tunneled attributes
5425. (52) eap_peap: PEAP state send tlv success
5426. (52) eap_peap: Received EAP-TLV response
5427. (52) eap_peap: Success
5428. (52) eap_peap: No saved attributes in the original Access-Accept
5429. (52) eap: Sending EAP Success (code 3) ID 52 length 4
5430. (52) eap: Freeing handler
5431. (52) [eap] = ok
5432. (52) } # authenticate = ok
5433. (52) # Executing section post-auth from file /etc/raddb/sites-enabled/default
5434. (52) post-auth {
5435. (52) update {
5436. (52) No attributes updated
5437. (52) } # update = noop
5438. (52) [exec] = noop
5439. (52) policy remove_reply_message_if_eap {
5440. (52) if (&reply:EAP-Message && &reply:Reply-Message) {
5441. (52) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
5442. (52) else {
5443. (52) [noop] = noop
5444. (52) } # else = noop
5445. (52) } # policy remove_reply_message_if_eap = noop
5446. (52) } # post-auth = noop
5447. (52) Sent Access-Accept Id 76 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
5448. (52) MS-MPPE-Recv-Key = 0x96502c4d1fa9adb2ac01f677ee787c0b9d14fee0a255f2e15e8f1f17dde7e6d1
5449. (52) MS-MPPE-Send-Key = 0xc0212b9a0cbdfa375c17a2a0fe4922fe15695d2e62709c1b130003f8a2943bb4
5450. (52) EAP-Message = 0x03340004
5451. (52) Message-Authenticator = 0x00000000000000000000000000000000
5452. (52) User-Name = "vkratsberg"
5453. (52) Finished request
5454. Waking up in 3.6 seconds.
5455. (53) Received Access-Request Id 77 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
5456. (53) User-Name = "vkratsberg"
5457. (53) NAS-Port = 358
5458. (53) EAP-Message = 0x0235000f01766b7261747362657267
5459. (53) Message-Authenticator = 0x3f615512b1b95cbbc81f2c3e7f04b356
5460. (53) Acct-Session-Id = "8O2.1x81bb083f00011066"
5461. (53) NAS-Port-Id = "ge-3/0/6.0"
5462. (53) Calling-Station-Id = "00-e0-4c-b8-16-4d"
5463. (53) Called-Station-Id = "ec-3e-f7-68-35-00"
5464. (53) NAS-IP-Address = 10.8.0.111
5465. (53) NAS-Identifier = "nyc-access-sw011"
5466. (53) NAS-Port-Type = Ethernet
5467. (53) # Executing section authorize from file /etc/raddb/sites-enabled/default
5468. (53) authorize {
5469. (53) policy filter_username {
5470. (53) if (&User-Name) {
5471. (53) if (&User-Name) -> TRUE
5472. (53) if (&User-Name) {
5473. (53) if (&User-Name =~ / /) {
5474. (53) if (&User-Name =~ / /) -> FALSE
5475. (53) if (&User-Name =~ /@[^@]*@/ ) {
5476. (53) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
5477. (53) if (&User-Name =~ /\.\./ ) {
5478. (53) if (&User-Name =~ /\.\./ ) -> FALSE
5479. (53) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
5480. (53) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
5481. (53) if (&User-Name =~ /\.$/) {
5482. (53) if (&User-Name =~ /\.$/) -> FALSE
5483. (53) if (&User-Name =~ /@\./) {
5484. (53) if (&User-Name =~ /@\./) -> FALSE
5485. (53) } # if (&User-Name) = notfound
5486. (53) } # policy filter_username = notfound
5487. (53) [preprocess] = ok
5488. (53) [chap] = noop
5489. (53) [mschap] = noop
5490. (53) [digest] = noop
5491. (53) suffix: Checking for suffix after "@"
5492. (53) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
5493. (53) suffix: No such realm "NULL"
5494. (53) [suffix] = noop
5495. (53) eap: Peer sent EAP Response (code 2) ID 53 length 15
5496. (53) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
5497. (53) [eap] = ok
5498. (53) } # authorize = ok
5499. (53) Found Auth-Type = eap
5500. (53) # Executing group from file /etc/raddb/sites-enabled/default
5501. (53) authenticate {
5502. (53) eap: Peer sent packet with method EAP Identity (1)
5503. (53) eap: Calling submodule eap_peap to process data
5504. (53) eap_peap: Initiating new EAP-TLS session
5505. (53) eap_peap: [eaptls start] = request
5506. (53) eap: Sending EAP Request (code 1) ID 54 length 6
5507. (53) eap: EAP session adding &reply:State = 0xc51bd490c52dcdbe
5508. (53) [eap] = handled
5509. (53) } # authenticate = handled
5510. (53) Using Post-Auth-Type Challenge
5511. (53) Post-Auth-Type sub-section not found. Ignoring.
5512. (53) # Executing group from file /etc/raddb/sites-enabled/default
5513. (53) Sent Access-Challenge Id 77 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
5514. (53) EAP-Message = 0x013600061920
5515. (53) Message-Authenticator = 0x00000000000000000000000000000000
5516. (53) State = 0xc51bd490c52dcdbe742de350fd288f5d
5517. (53) Finished request
5518. Waking up in 3.5 seconds.
5519. (54) Received Access-Request Id 78 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
5520. (54) User-Name = "vkratsberg"
5521. (54) NAS-Port = 358
5522. (54) State = 0xc51bd490c52dcdbe742de350fd288f5d
5523. (54) EAP-Message = 0x023600a31980000000991603010094010000900301573f503c89fb06a7118bcc7586796931656be836abcc8ecd7fdb8b161bf37ad020274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
5524. (54) Message-Authenticator = 0x5ebb063d4cbf758dd686c5753a938f81
5525. (54) Acct-Session-Id = "8O2.1x81bb083f00011066"
5526. (54) NAS-Port-Id = "ge-3/0/6.0"
5527. (54) Calling-Station-Id = "00-e0-4c-b8-16-4d"
5528. (54) Called-Station-Id = "ec-3e-f7-68-35-00"
5529. (54) NAS-IP-Address = 10.8.0.111
5530. (54) NAS-Identifier = "nyc-access-sw011"
5531. (54) NAS-Port-Type = Ethernet
5532. (54) session-state: No cached attributes
5533. (54) # Executing section authorize from file /etc/raddb/sites-enabled/default
5534. (54) authorize {
5535. (54) policy filter_username {
5536. (54) if (&User-Name) {
5537. (54) if (&User-Name) -> TRUE
5538. (54) if (&User-Name) {
5539. (54) if (&User-Name =~ / /) {
5540. (54) if (&User-Name =~ / /) -> FALSE
5541. (54) if (&User-Name =~ /@[^@]*@/ ) {
5542. (54) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
5543. (54) if (&User-Name =~ /\.\./ ) {
5544. (54) if (&User-Name =~ /\.\./ ) -> FALSE
5545. (54) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
5546. (54) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
5547. (54) if (&User-Name =~ /\.$/) {
5548. (54) if (&User-Name =~ /\.$/) -> FALSE
5549. (54) if (&User-Name =~ /@\./) {
5550. (54) if (&User-Name =~ /@\./) -> FALSE
5551. (54) } # if (&User-Name) = notfound
5552. (54) } # policy filter_username = notfound
5553. (54) [preprocess] = ok
5554. (54) [chap] = noop
5555. (54) [mschap] = noop
5556. (54) [digest] = noop
5557. (54) suffix: Checking for suffix after "@"
5558. (54) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
5559. (54) suffix: No such realm "NULL"
5560. (54) [suffix] = noop
5561. (54) eap: Peer sent EAP Response (code 2) ID 54 length 163
5562. (54) eap: Continuing tunnel setup
5563. (54) [eap] = ok
5564. (54) } # authorize = ok
5565. (54) Found Auth-Type = eap
5566. (54) # Executing group from file /etc/raddb/sites-enabled/default
5567. (54) authenticate {
5568. (54) eap: Expiring EAP session with state 0xc51bd490c52dcdbe
5569. (54) eap: Finished EAP session with state 0xc51bd490c52dcdbe
5570. (54) eap: Previous EAP request found for state 0xc51bd490c52dcdbe, released from the list
5571. (54) eap: Peer sent packet with method EAP PEAP (25)
5572. (54) eap: Calling submodule eap_peap to process data
5573. (54) eap_peap: Continuing EAP-TLS
5574. (54) eap_peap: Peer indicated complete TLS record size will be 153 bytes
5575. (54) eap_peap: Got complete TLS record (153 bytes)
5576. (54) eap_peap: [eaptls verify] = length included
5577. (54) eap_peap: (other): before/accept initialization
5578. (54) eap_peap: TLS_accept: before/accept initialization
5579. (54) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
5580. (54) eap_peap: TLS_accept: SSLv3 read client hello A
5581. (54) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
5582. (54) eap_peap: TLS_accept: SSLv3 write server hello A
5583. (54) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
5584. (54) eap_peap: TLS_accept: SSLv3 write change cipher spec A
5585. (54) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
5586. (54) eap_peap: TLS_accept: SSLv3 write finished A
5587. (54) eap_peap: TLS_accept: SSLv3 flush data
5588. (54) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
5589. (54) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
5590. (54) eap_peap: In SSL Handshake Phase
5591. (54) eap_peap: In SSL Accept mode
5592. (54) eap_peap: [eaptls process] = handled
5593. (54) eap: Sending EAP Request (code 1) ID 55 length 159
5594. (54) eap: EAP session adding &reply:State = 0xc51bd490c42ccdbe
5595. (54) [eap] = handled
5596. (54) } # authenticate = handled
5597. (54) Using Post-Auth-Type Challenge
5598. (54) Post-Auth-Type sub-section not found. Ignoring.
5599. (54) # Executing group from file /etc/raddb/sites-enabled/default
5600. (54) Sent Access-Challenge Id 78 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
5601. (54) EAP-Message = 0x0137009f19001603010059020000550301573f503dd67ee604be7a8e5c204b8890c0d4fa508b1756881e17b61add9dd86a20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b000403000102140301000101160301003010d584d97f38e401
5602. (54) Message-Authenticator = 0x00000000000000000000000000000000
5603. (54) State = 0xc51bd490c42ccdbe742de350fd288f5d
5604. (54) Finished request
5605. Waking up in 3.5 seconds.
5606. (55) Received Access-Request Id 79 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
5607. (55) User-Name = "vkratsberg"
5608. (55) NAS-Port = 358
5609. (55) State = 0xc51bd490c42ccdbe742de350fd288f5d
5610. (55) EAP-Message = 0x0237004519800000003b1403010001011603010030bdeaee86741324210f5400334e827acf8c353462d81f9a690f254b873015a4c908d935e790973e4e3f374931914730e8
5611. (55) Message-Authenticator = 0x17d35da9a5b9467bddcc06a48ccdf764
5612. (55) Acct-Session-Id = "8O2.1x81bb083f00011066"
5613. (55) NAS-Port-Id = "ge-3/0/6.0"
5614. (55) Calling-Station-Id = "00-e0-4c-b8-16-4d"
5615. (55) Called-Station-Id = "ec-3e-f7-68-35-00"
5616. (55) NAS-IP-Address = 10.8.0.111
5617. (55) NAS-Identifier = "nyc-access-sw011"
5618. (55) NAS-Port-Type = Ethernet
5619. (55) session-state: No cached attributes
5620. (55) # Executing section authorize from file /etc/raddb/sites-enabled/default
5621. (55) authorize {
5622. (55) policy filter_username {
5623. (55) if (&User-Name) {
5624. (55) if (&User-Name) -> TRUE
5625. (55) if (&User-Name) {
5626. (55) if (&User-Name =~ / /) {
5627. (55) if (&User-Name =~ / /) -> FALSE
5628. (55) if (&User-Name =~ /@[^@]*@/ ) {
5629. (55) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
5630. (55) if (&User-Name =~ /\.\./ ) {
5631. (55) if (&User-Name =~ /\.\./ ) -> FALSE
5632. (55) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
5633. (55) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
5634. (55) if (&User-Name =~ /\.$/) {
5635. (55) if (&User-Name =~ /\.$/) -> FALSE
5636. (55) if (&User-Name =~ /@\./) {
5637. (55) if (&User-Name =~ /@\./) -> FALSE
5638. (55) } # if (&User-Name) = notfound
5639. (55) } # policy filter_username = notfound
5640. (55) [preprocess] = ok
5641. (55) [chap] = noop
5642. (55) [mschap] = noop
5643. (55) [digest] = noop
5644. (55) suffix: Checking for suffix after "@"
5645. (55) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
5646. (55) suffix: No such realm "NULL"
5647. (55) [suffix] = noop
5648. (55) eap: Peer sent EAP Response (code 2) ID 55 length 69
5649. (55) eap: Continuing tunnel setup
5650. (55) [eap] = ok
5651. (55) } # authorize = ok
5652. (55) Found Auth-Type = eap
5653. (55) # Executing group from file /etc/raddb/sites-enabled/default
5654. (55) authenticate {
5655. (55) eap: Expiring EAP session with state 0xc51bd490c42ccdbe
5656. (55) eap: Finished EAP session with state 0xc51bd490c42ccdbe
5657. (55) eap: Previous EAP request found for state 0xc51bd490c42ccdbe, released from the list
5658. (55) eap: Peer sent packet with method EAP PEAP (25)
5659. (55) eap: Calling submodule eap_peap to process data
5660. (55) eap_peap: Continuing EAP-TLS
5661. (55) eap_peap: Peer indicated complete TLS record size will be 59 bytes
5662. (55) eap_peap: Got complete TLS record (59 bytes)
5663. (55) eap_peap: [eaptls verify] = length included
5664. (55) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
5665. (55) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
5666. (55) eap_peap: TLS_accept: SSLv3 read finished A
5667. (55) eap_peap: (other): SSL negotiation finished successfully
5668. (55) eap_peap: SSL Connection Established
5669. (55) eap_peap: SSL Application Data
5670. (55) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
5671. (55) eap_peap: reply:User-Name = "vkratsberg"
5672. (55) eap_peap: [eaptls process] = success
5673. (55) eap_peap: Session established. Decoding tunneled attributes
5674. (55) eap_peap: PEAP state TUNNEL ESTABLISHED
5675. (55) eap_peap: Skipping Phase2 because of session resumption
5676. (55) eap_peap: SUCCESS
5677. (55) eap: Sending EAP Request (code 1) ID 56 length 43
5678. (55) eap: EAP session adding &reply:State = 0xc51bd490c723cdbe
5679. (55) [eap] = handled
5680. (55) } # authenticate = handled
5681. (55) Using Post-Auth-Type Challenge
5682. (55) Post-Auth-Type sub-section not found. Ignoring.
5683. (55) # Executing group from file /etc/raddb/sites-enabled/default
5684. (55) Sent Access-Challenge Id 79 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
5685. (55) User-Name = "vkratsberg"
5686. (55) EAP-Message = 0x0138002b19001703010020ec6b99411e3f274e0c0fd0e780fe93586f0b4b9e589048caf7a8abb8ce52899f
5687. (55) Message-Authenticator = 0x00000000000000000000000000000000
5688. (55) State = 0xc51bd490c723cdbe742de350fd288f5d
5689. (55) Finished request
5690. Waking up in 3.5 seconds.
5691. (56) Received Access-Request Id 80 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
5692. (56) User-Name = "vkratsberg"
5693. (56) NAS-Port = 358
5694. (56) State = 0xc51bd490c723cdbe742de350fd288f5d
5695. (56) EAP-Message = 0x0238002b19001703010020a962fcfed2f7f2e766ec709c6d61071ae811afd81c051ffeaed32392d1b84475
5696. (56) Message-Authenticator = 0xfc7060085e0936c85c7a672bf7d8a8c0
5697. (56) Acct-Session-Id = "8O2.1x81bb083f00011066"
5698. (56) NAS-Port-Id = "ge-3/0/6.0"
5699. (56) Calling-Station-Id = "00-e0-4c-b8-16-4d"
5700. (56) Called-Station-Id = "ec-3e-f7-68-35-00"
5701. (56) NAS-IP-Address = 10.8.0.111
5702. (56) NAS-Identifier = "nyc-access-sw011"
5703. (56) NAS-Port-Type = Ethernet
5704. (56) session-state: No cached attributes
5705. (56) # Executing section authorize from file /etc/raddb/sites-enabled/default
5706. (56) authorize {
5707. (56) policy filter_username {
5708. (56) if (&User-Name) {
5709. (56) if (&User-Name) -> TRUE
5710. (56) if (&User-Name) {
5711. (56) if (&User-Name =~ / /) {
5712. (56) if (&User-Name =~ / /) -> FALSE
5713. (56) if (&User-Name =~ /@[^@]*@/ ) {
5714. (56) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
5715. (56) if (&User-Name =~ /\.\./ ) {
5716. (56) if (&User-Name =~ /\.\./ ) -> FALSE
5717. (56) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
5718. (56) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
5719. (56) if (&User-Name =~ /\.$/) {
5720. (56) if (&User-Name =~ /\.$/) -> FALSE
5721. (56) if (&User-Name =~ /@\./) {
5722. (56) if (&User-Name =~ /@\./) -> FALSE
5723. (56) } # if (&User-Name) = notfound
5724. (56) } # policy filter_username = notfound
5725. (56) [preprocess] = ok
5726. (56) [chap] = noop
5727. (56) [mschap] = noop
5728. (56) [digest] = noop
5729. (56) suffix: Checking for suffix after "@"
5730. (56) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
5731. (56) suffix: No such realm "NULL"
5732. (56) [suffix] = noop
5733. (56) eap: Peer sent EAP Response (code 2) ID 56 length 43
5734. (56) eap: Continuing tunnel setup
5735. (56) [eap] = ok
5736. (56) } # authorize = ok
5737. (56) Found Auth-Type = eap
5738. (56) # Executing group from file /etc/raddb/sites-enabled/default
5739. (56) authenticate {
5740. (56) eap: Expiring EAP session with state 0xc51bd490c723cdbe
5741. (56) eap: Finished EAP session with state 0xc51bd490c723cdbe
5742. (56) eap: Previous EAP request found for state 0xc51bd490c723cdbe, released from the list
5743. (56) eap: Peer sent packet with method EAP PEAP (25)
5744. (56) eap: Calling submodule eap_peap to process data
5745. (56) eap_peap: Continuing EAP-TLS
5746. (56) eap_peap: [eaptls verify] = ok
5747. (56) eap_peap: Done initial handshake
5748. (56) eap_peap: [eaptls process] = ok
5749. (56) eap_peap: Session established. Decoding tunneled attributes
5750. (56) eap_peap: PEAP state send tlv success
5751. (56) eap_peap: Received EAP-TLV response
5752. (56) eap_peap: Success
5753. (56) eap_peap: No saved attributes in the original Access-Accept
5754. (56) eap: Sending EAP Success (code 3) ID 56 length 4
5755. (56) eap: Freeing handler
5756. (56) [eap] = ok
5757. (56) } # authenticate = ok
5758. (56) # Executing section post-auth from file /etc/raddb/sites-enabled/default
5759. (56) post-auth {
5760. (56) update {
5761. (56) No attributes updated
5762. (56) } # update = noop
5763. (56) [exec] = noop
5764. (56) policy remove_reply_message_if_eap {
5765. (56) if (&reply:EAP-Message && &reply:Reply-Message) {
5766. (56) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
5767. (56) else {
5768. (56) [noop] = noop
5769. (56) } # else = noop
5770. (56) } # policy remove_reply_message_if_eap = noop
5771. (56) } # post-auth = noop
5772. (56) Sent Access-Accept Id 80 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
5773. (56) MS-MPPE-Recv-Key = 0x7e6fbeed3c8f51318751a8aa672fbd026467951fb3ab5b1a49eb82435316df95
5774. (56) MS-MPPE-Send-Key = 0x683737a5283d4ef6a79e158296bb6cd0ddb0d703a3683514635d577cca10902d
5775. (56) EAP-Message = 0x03380004
5776. (56) Message-Authenticator = 0x00000000000000000000000000000000
5777. (56) User-Name = "vkratsberg"
5778. (56) Finished request
5779. Waking up in 3.5 seconds.
5780. (57) Received Access-Request Id 81 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
5781. (57) User-Name = "vkratsberg"
5782. (57) NAS-Port = 358
5783. (57) EAP-Message = 0x0239000f01766b7261747362657267
5784. (57) Message-Authenticator = 0x55600a55a1d7bdc1cd260f60f842482b
5785. (57) Acct-Session-Id = "8O2.1x81bb08400002ad41"
5786. (57) NAS-Port-Id = "ge-3/0/6.0"
5787. (57) Calling-Station-Id = "00-e0-4c-b8-16-4d"
5788. (57) Called-Station-Id = "ec-3e-f7-68-35-00"
5789. (57) NAS-IP-Address = 10.8.0.111
5790. (57) NAS-Identifier = "nyc-access-sw011"
5791. (57) NAS-Port-Type = Ethernet
5792. (57) # Executing section authorize from file /etc/raddb/sites-enabled/default
5793. (57) authorize {
5794. (57) policy filter_username {
5795. (57) if (&User-Name) {
5796. (57) if (&User-Name) -> TRUE
5797. (57) if (&User-Name) {
5798. (57) if (&User-Name =~ / /) {
5799. (57) if (&User-Name =~ / /) -> FALSE
5800. (57) if (&User-Name =~ /@[^@]*@/ ) {
5801. (57) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
5802. (57) if (&User-Name =~ /\.\./ ) {
5803. (57) if (&User-Name =~ /\.\./ ) -> FALSE
5804. (57) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
5805. (57) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
5806. (57) if (&User-Name =~ /\.$/) {
5807. (57) if (&User-Name =~ /\.$/) -> FALSE
5808. (57) if (&User-Name =~ /@\./) {
5809. (57) if (&User-Name =~ /@\./) -> FALSE
5810. (57) } # if (&User-Name) = notfound
5811. (57) } # policy filter_username = notfound
5812. (57) [preprocess] = ok
5813. (57) [chap] = noop
5814. (57) [mschap] = noop
5815. (57) [digest] = noop
5816. (57) suffix: Checking for suffix after "@"
5817. (57) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
5818. (57) suffix: No such realm "NULL"
5819. (57) [suffix] = noop
5820. (57) eap: Peer sent EAP Response (code 2) ID 57 length 15
5821. (57) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
5822. (57) [eap] = ok
5823. (57) } # authorize = ok
5824. (57) Found Auth-Type = eap
5825. (57) # Executing group from file /etc/raddb/sites-enabled/default
5826. (57) authenticate {
5827. (57) eap: Peer sent packet with method EAP Identity (1)
5828. (57) eap: Calling submodule eap_peap to process data
5829. (57) eap_peap: Initiating new EAP-TLS session
5830. (57) eap_peap: [eaptls start] = request
5831. (57) eap: Sending EAP Request (code 1) ID 58 length 6
5832. (57) eap: EAP session adding &reply:State = 0x1e9117831eab0ec6
5833. (57) [eap] = handled
5834. (57) } # authenticate = handled
5835. (57) Using Post-Auth-Type Challenge
5836. (57) Post-Auth-Type sub-section not found. Ignoring.
5837. (57) # Executing group from file /etc/raddb/sites-enabled/default
5838. (57) Sent Access-Challenge Id 81 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
5839. (57) EAP-Message = 0x013a00061920
5840. (57) Message-Authenticator = 0x00000000000000000000000000000000
5841. (57) State = 0x1e9117831eab0ec64abc8cf4d3ca3402
5842. (57) Finished request
5843. Waking up in 3.4 seconds.
5844. (58) Received Access-Request Id 82 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
5845. (58) User-Name = "vkratsberg"
5846. (58) NAS-Port = 358
5847. (58) State = 0x1e9117831eab0ec64abc8cf4d3ca3402
5848. (58) EAP-Message = 0x023a00a31980000000991603010094010000900301573f503dd5c6f41042f3ec67ee28949b4182006fddf0758ae8fba17a2693cf2920274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
5849. (58) Message-Authenticator = 0x2f61244bc0b841f5f4b3357081ca44ef
5850. (58) Acct-Session-Id = "8O2.1x81bb08400002ad41"
5851. (58) NAS-Port-Id = "ge-3/0/6.0"
5852. (58) Calling-Station-Id = "00-e0-4c-b8-16-4d"
5853. (58) Called-Station-Id = "ec-3e-f7-68-35-00"
5854. (58) NAS-IP-Address = 10.8.0.111
5855. (58) NAS-Identifier = "nyc-access-sw011"
5856. (58) NAS-Port-Type = Ethernet
5857. (58) session-state: No cached attributes
5858. (58) # Executing section authorize from file /etc/raddb/sites-enabled/default
5859. (58) authorize {
5860. (58) policy filter_username {
5861. (58) if (&User-Name) {
5862. (58) if (&User-Name) -> TRUE
5863. (58) if (&User-Name) {
5864. (58) if (&User-Name =~ / /) {
5865. (58) if (&User-Name =~ / /) -> FALSE
5866. (58) if (&User-Name =~ /@[^@]*@/ ) {
5867. (58) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
5868. (58) if (&User-Name =~ /\.\./ ) {
5869. (58) if (&User-Name =~ /\.\./ ) -> FALSE
5870. (58) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
5871. (58) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
5872. (58) if (&User-Name =~ /\.$/) {
5873. (58) if (&User-Name =~ /\.$/) -> FALSE
5874. (58) if (&User-Name =~ /@\./) {
5875. (58) if (&User-Name =~ /@\./) -> FALSE
5876. (58) } # if (&User-Name) = notfound
5877. (58) } # policy filter_username = notfound
5878. (58) [preprocess] = ok
5879. (58) [chap] = noop
5880. (58) [mschap] = noop
5881. (58) [digest] = noop
5882. (58) suffix: Checking for suffix after "@"
5883. (58) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
5884. (58) suffix: No such realm "NULL"
5885. (58) [suffix] = noop
5886. (58) eap: Peer sent EAP Response (code 2) ID 58 length 163
5887. (58) eap: Continuing tunnel setup
5888. (58) [eap] = ok
5889. (58) } # authorize = ok
5890. (58) Found Auth-Type = eap
5891. (58) # Executing group from file /etc/raddb/sites-enabled/default
5892. (58) authenticate {
5893. (58) eap: Expiring EAP session with state 0x1e9117831eab0ec6
5894. (58) eap: Finished EAP session with state 0x1e9117831eab0ec6
5895. (58) eap: Previous EAP request found for state 0x1e9117831eab0ec6, released from the list
5896. (58) eap: Peer sent packet with method EAP PEAP (25)
5897. (58) eap: Calling submodule eap_peap to process data
5898. (58) eap_peap: Continuing EAP-TLS
5899. (58) eap_peap: Peer indicated complete TLS record size will be 153 bytes
5900. (58) eap_peap: Got complete TLS record (153 bytes)
5901. (58) eap_peap: [eaptls verify] = length included
5902. (58) eap_peap: (other): before/accept initialization
5903. (58) eap_peap: TLS_accept: before/accept initialization
5904. (58) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
5905. (58) eap_peap: TLS_accept: SSLv3 read client hello A
5906. (58) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
5907. (58) eap_peap: TLS_accept: SSLv3 write server hello A
5908. (58) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
5909. (58) eap_peap: TLS_accept: SSLv3 write change cipher spec A
5910. (58) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
5911. (58) eap_peap: TLS_accept: SSLv3 write finished A
5912. (58) eap_peap: TLS_accept: SSLv3 flush data
5913. (58) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
5914. (58) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
5915. (58) eap_peap: In SSL Handshake Phase
5916. (58) eap_peap: In SSL Accept mode
5917. (58) eap_peap: [eaptls process] = handled
5918. (58) eap: Sending EAP Request (code 1) ID 59 length 159
5919. (58) eap: EAP session adding &reply:State = 0x1e9117831faa0ec6
5920. (58) [eap] = handled
5921. (58) } # authenticate = handled
5922. (58) Using Post-Auth-Type Challenge
5923. (58) Post-Auth-Type sub-section not found. Ignoring.
5924. (58) # Executing group from file /etc/raddb/sites-enabled/default
5925. (58) Sent Access-Challenge Id 82 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
5926. (58) EAP-Message = 0x013b009f19001603010059020000550301573f503dfb895c68474565166c3a87e7bb219d2c26a5dc6de3f2d529859a547120274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100307ab74b4604628b7b
5927. (58) Message-Authenticator = 0x00000000000000000000000000000000
5928. (58) State = 0x1e9117831faa0ec64abc8cf4d3ca3402
5929. (58) Finished request
5930. Waking up in 3.4 seconds.
5931. (59) Received Access-Request Id 83 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
5932. (59) User-Name = "vkratsberg"
5933. (59) NAS-Port = 358
5934. (59) State = 0x1e9117831faa0ec64abc8cf4d3ca3402
5935. (59) EAP-Message = 0x023b004519800000003b14030100010116030100301d1aeb17d29de1636a4d2b0ef9892604d3e2715b60dd3944f8c1057d9756fa88c28117100ca5ceb7985fde5e3abb0e06
5936. (59) Message-Authenticator = 0x40dcff1745d90a416d003e4f1b70371f
5937. (59) Acct-Session-Id = "8O2.1x81bb08400002ad41"
5938. (59) NAS-Port-Id = "ge-3/0/6.0"
5939. (59) Calling-Station-Id = "00-e0-4c-b8-16-4d"
5940. (59) Called-Station-Id = "ec-3e-f7-68-35-00"
5941. (59) NAS-IP-Address = 10.8.0.111
5942. (59) NAS-Identifier = "nyc-access-sw011"
5943. (59) NAS-Port-Type = Ethernet
5944. (59) session-state: No cached attributes
5945. (59) # Executing section authorize from file /etc/raddb/sites-enabled/default
5946. (59) authorize {
5947. (59) policy filter_username {
5948. (59) if (&User-Name) {
5949. (59) if (&User-Name) -> TRUE
5950. (59) if (&User-Name) {
5951. (59) if (&User-Name =~ / /) {
5952. (59) if (&User-Name =~ / /) -> FALSE
5953. (59) if (&User-Name =~ /@[^@]*@/ ) {
5954. (59) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
5955. (59) if (&User-Name =~ /\.\./ ) {
5956. (59) if (&User-Name =~ /\.\./ ) -> FALSE
5957. (59) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
5958. (59) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
5959. (59) if (&User-Name =~ /\.$/) {
5960. (59) if (&User-Name =~ /\.$/) -> FALSE
5961. (59) if (&User-Name =~ /@\./) {
5962. (59) if (&User-Name =~ /@\./) -> FALSE
5963. (59) } # if (&User-Name) = notfound
5964. (59) } # policy filter_username = notfound
5965. (59) [preprocess] = ok
5966. (59) [chap] = noop
5967. (59) [mschap] = noop
5968. (59) [digest] = noop
5969. (59) suffix: Checking for suffix after "@"
5970. (59) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
5971. (59) suffix: No such realm "NULL"
5972. (59) [suffix] = noop
5973. (59) eap: Peer sent EAP Response (code 2) ID 59 length 69
5974. (59) eap: Continuing tunnel setup
5975. (59) [eap] = ok
5976. (59) } # authorize = ok
5977. (59) Found Auth-Type = eap
5978. (59) # Executing group from file /etc/raddb/sites-enabled/default
5979. (59) authenticate {
5980. (59) eap: Expiring EAP session with state 0x1e9117831faa0ec6
5981. (59) eap: Finished EAP session with state 0x1e9117831faa0ec6
5982. (59) eap: Previous EAP request found for state 0x1e9117831faa0ec6, released from the list
5983. (59) eap: Peer sent packet with method EAP PEAP (25)
5984. (59) eap: Calling submodule eap_peap to process data
5985. (59) eap_peap: Continuing EAP-TLS
5986. (59) eap_peap: Peer indicated complete TLS record size will be 59 bytes
5987. (59) eap_peap: Got complete TLS record (59 bytes)
5988. (59) eap_peap: [eaptls verify] = length included
5989. (59) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
5990. (59) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
5991. (59) eap_peap: TLS_accept: SSLv3 read finished A
5992. (59) eap_peap: (other): SSL negotiation finished successfully
5993. (59) eap_peap: SSL Connection Established
5994. (59) eap_peap: SSL Application Data
5995. (59) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
5996. (59) eap_peap: reply:User-Name = "vkratsberg"
5997. (59) eap_peap: [eaptls process] = success
5998. (59) eap_peap: Session established. Decoding tunneled attributes
5999. (59) eap_peap: PEAP state TUNNEL ESTABLISHED
6000. (59) eap_peap: Skipping Phase2 because of session resumption
6001. (59) eap_peap: SUCCESS
6002. (59) eap: Sending EAP Request (code 1) ID 60 length 43
6003. (59) eap: EAP session adding &reply:State = 0x1e9117831cad0ec6
6004. (59) [eap] = handled
6005. (59) } # authenticate = handled
6006. (59) Using Post-Auth-Type Challenge
6007. (59) Post-Auth-Type sub-section not found. Ignoring.
6008. (59) # Executing group from file /etc/raddb/sites-enabled/default
6009. (59) Sent Access-Challenge Id 83 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
6010. (59) User-Name = "vkratsberg"
6011. (59) EAP-Message = 0x013c002b190017030100205ed60778c0290aa0d9492ff05f4a817ac4225514db3c3311de74e9fc0a0c2efa
6012. (59) Message-Authenticator = 0x00000000000000000000000000000000
6013. (59) State = 0x1e9117831cad0ec64abc8cf4d3ca3402
6014. (59) Finished request
6015. Waking up in 3.4 seconds.
6016. (60) Received Access-Request Id 84 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
6017. (60) User-Name = "vkratsberg"
6018. (60) NAS-Port = 358
6019. (60) State = 0x1e9117831cad0ec64abc8cf4d3ca3402
6020. (60) EAP-Message = 0x023c002b19001703010020a2f70b144c65bb8d19641a3e8f029c4ce36c58b4abfc8b5f3d029304e64c4923
6021. (60) Message-Authenticator = 0x27b7d97ce26014682b3936201d8210d4
6022. (60) Acct-Session-Id = "8O2.1x81bb08400002ad41"
6023. (60) NAS-Port-Id = "ge-3/0/6.0"
6024. (60) Calling-Station-Id = "00-e0-4c-b8-16-4d"
6025. (60) Called-Station-Id = "ec-3e-f7-68-35-00"
6026. (60) NAS-IP-Address = 10.8.0.111
6027. (60) NAS-Identifier = "nyc-access-sw011"
6028. (60) NAS-Port-Type = Ethernet
6029. (60) session-state: No cached attributes
6030. (60) # Executing section authorize from file /etc/raddb/sites-enabled/default
6031. (60) authorize {
6032. (60) policy filter_username {
6033. (60) if (&User-Name) {
6034. (60) if (&User-Name) -> TRUE
6035. (60) if (&User-Name) {
6036. (60) if (&User-Name =~ / /) {
6037. (60) if (&User-Name =~ / /) -> FALSE
6038. (60) if (&User-Name =~ /@[^@]*@/ ) {
6039. (60) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
6040. (60) if (&User-Name =~ /\.\./ ) {
6041. (60) if (&User-Name =~ /\.\./ ) -> FALSE
6042. (60) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
6043. (60) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
6044. (60) if (&User-Name =~ /\.$/) {
6045. (60) if (&User-Name =~ /\.$/) -> FALSE
6046. (60) if (&User-Name =~ /@\./) {
6047. (60) if (&User-Name =~ /@\./) -> FALSE
6048. (60) } # if (&User-Name) = notfound
6049. (60) } # policy filter_username = notfound
6050. (60) [preprocess] = ok
6051. (60) [chap] = noop
6052. (60) [mschap] = noop
6053. (60) [digest] = noop
6054. (60) suffix: Checking for suffix after "@"
6055. (60) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
6056. (60) suffix: No such realm "NULL"
6057. (60) [suffix] = noop
6058. (60) eap: Peer sent EAP Response (code 2) ID 60 length 43
6059. (60) eap: Continuing tunnel setup
6060. (60) [eap] = ok
6061. (60) } # authorize = ok
6062. (60) Found Auth-Type = eap
6063. (60) # Executing group from file /etc/raddb/sites-enabled/default
6064. (60) authenticate {
6065. (60) eap: Expiring EAP session with state 0x1e9117831cad0ec6
6066. (60) eap: Finished EAP session with state 0x1e9117831cad0ec6
6067. (60) eap: Previous EAP request found for state 0x1e9117831cad0ec6, released from the list
6068. (60) eap: Peer sent packet with method EAP PEAP (25)
6069. (60) eap: Calling submodule eap_peap to process data
6070. (60) eap_peap: Continuing EAP-TLS
6071. (60) eap_peap: [eaptls verify] = ok
6072. (60) eap_peap: Done initial handshake
6073. (60) eap_peap: [eaptls process] = ok
6074. (60) eap_peap: Session established. Decoding tunneled attributes
6075. (60) eap_peap: PEAP state send tlv success
6076. (60) eap_peap: Received EAP-TLV response
6077. (60) eap_peap: Success
6078. (60) eap_peap: No saved attributes in the original Access-Accept
6079. (60) eap: Sending EAP Success (code 3) ID 60 length 4
6080. (60) eap: Freeing handler
6081. (60) [eap] = ok
6082. (60) } # authenticate = ok
6083. (60) # Executing section post-auth from file /etc/raddb/sites-enabled/default
6084. (60) post-auth {
6085. (60) update {
6086. (60) No attributes updated
6087. (60) } # update = noop
6088. (60) [exec] = noop
6089. (60) policy remove_reply_message_if_eap {
6090. (60) if (&reply:EAP-Message && &reply:Reply-Message) {
6091. (60) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
6092. (60) else {
6093. (60) [noop] = noop
6094. (60) } # else = noop
6095. (60) } # policy remove_reply_message_if_eap = noop
6096. (60) } # post-auth = noop
6097. (60) Sent Access-Accept Id 84 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
6098. (60) MS-MPPE-Recv-Key = 0x42acb2f4eab27fc2ec0a775bf41e9e84b59a9d8147857fe2c68b8f1ea20dab57
6099. (60) MS-MPPE-Send-Key = 0x4040c58418cce98db0cf2d7c425f56f1445c1ea9a6806c93c466ff9987307a8e
6100. (60) EAP-Message = 0x033c0004
6101. (60) Message-Authenticator = 0x00000000000000000000000000000000
6102. (60) User-Name = "vkratsberg"
6103. (60) Finished request
6104. Waking up in 3.4 seconds.
6105. (61) Received Access-Request Id 85 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
6106. (61) User-Name = "vkratsberg"
6107. (61) NAS-Port = 358
6108. (61) EAP-Message = 0x023d000f01766b7261747362657267
6109. (61) Message-Authenticator = 0xbb73bf378271a2efa003679327a58a04
6110. (61) Acct-Session-Id = "8O2.1x81bb0841000445cd"
6111. (61) NAS-Port-Id = "ge-3/0/6.0"
6112. (61) Calling-Station-Id = "00-e0-4c-b8-16-4d"
6113. (61) Called-Station-Id = "ec-3e-f7-68-35-00"
6114. (61) NAS-IP-Address = 10.8.0.111
6115. (61) NAS-Identifier = "nyc-access-sw011"
6116. (61) NAS-Port-Type = Ethernet
6117. (61) # Executing section authorize from file /etc/raddb/sites-enabled/default
6118. (61) authorize {
6119. (61) policy filter_username {
6120. (61) if (&User-Name) {
6121. (61) if (&User-Name) -> TRUE
6122. (61) if (&User-Name) {
6123. (61) if (&User-Name =~ / /) {
6124. (61) if (&User-Name =~ / /) -> FALSE
6125. (61) if (&User-Name =~ /@[^@]*@/ ) {
6126. (61) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
6127. (61) if (&User-Name =~ /\.\./ ) {
6128. (61) if (&User-Name =~ /\.\./ ) -> FALSE
6129. (61) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
6130. (61) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
6131. (61) if (&User-Name =~ /\.$/) {
6132. (61) if (&User-Name =~ /\.$/) -> FALSE
6133. (61) if (&User-Name =~ /@\./) {
6134. (61) if (&User-Name =~ /@\./) -> FALSE
6135. (61) } # if (&User-Name) = notfound
6136. (61) } # policy filter_username = notfound
6137. (61) [preprocess] = ok
6138. (61) [chap] = noop
6139. (61) [mschap] = noop
6140. (61) [digest] = noop
6141. (61) suffix: Checking for suffix after "@"
6142. (61) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
6143. (61) suffix: No such realm "NULL"
6144. (61) [suffix] = noop
6145. (61) eap: Peer sent EAP Response (code 2) ID 61 length 15
6146. (61) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
6147. (61) [eap] = ok
6148. (61) } # authorize = ok
6149. (61) Found Auth-Type = eap
6150. (61) # Executing group from file /etc/raddb/sites-enabled/default
6151. (61) authenticate {
6152. (61) eap: Peer sent packet with method EAP Identity (1)
6153. (61) eap: Calling submodule eap_peap to process data
6154. (61) eap_peap: Initiating new EAP-TLS session
6155. (61) eap_peap: [eaptls start] = request
6156. (61) eap: Sending EAP Request (code 1) ID 62 length 6
6157. (61) eap: EAP session adding &reply:State = 0xb4555843b46b4104
6158. (61) [eap] = handled
6159. (61) } # authenticate = handled
6160. (61) Using Post-Auth-Type Challenge
6161. (61) Post-Auth-Type sub-section not found. Ignoring.
6162. (61) # Executing group from file /etc/raddb/sites-enabled/default
6163. (61) Sent Access-Challenge Id 85 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
6164. (61) EAP-Message = 0x013e00061920
6165. (61) Message-Authenticator = 0x00000000000000000000000000000000
6166. (61) State = 0xb4555843b46b41043f7580f54a3ad06c
6167. (61) Finished request
6168. Waking up in 3.3 seconds.
6169. (62) Received Access-Request Id 86 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
6170. (62) User-Name = "vkratsberg"
6171. (62) NAS-Port = 358
6172. (62) State = 0xb4555843b46b41043f7580f54a3ad06c
6173. (62) EAP-Message = 0x023e00a31980000000991603010094010000900301573f503d92080572df4c1ba4182a18782167727f45187ab57ab30e1ee6b317b120274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
6174. (62) Message-Authenticator = 0x0bc5339872f55524084b19d9551bcc17
6175. (62) Acct-Session-Id = "8O2.1x81bb0841000445cd"
6176. (62) NAS-Port-Id = "ge-3/0/6.0"
6177. (62) Calling-Station-Id = "00-e0-4c-b8-16-4d"
6178. (62) Called-Station-Id = "ec-3e-f7-68-35-00"
6179. (62) NAS-IP-Address = 10.8.0.111
6180. (62) NAS-Identifier = "nyc-access-sw011"
6181. (62) NAS-Port-Type = Ethernet
6182. (62) session-state: No cached attributes
6183. (62) # Executing section authorize from file /etc/raddb/sites-enabled/default
6184. (62) authorize {
6185. (62) policy filter_username {
6186. (62) if (&User-Name) {
6187. (62) if (&User-Name) -> TRUE
6188. (62) if (&User-Name) {
6189. (62) if (&User-Name =~ / /) {
6190. (62) if (&User-Name =~ / /) -> FALSE
6191. (62) if (&User-Name =~ /@[^@]*@/ ) {
6192. (62) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
6193. (62) if (&User-Name =~ /\.\./ ) {
6194. (62) if (&User-Name =~ /\.\./ ) -> FALSE
6195. (62) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
6196. (62) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
6197. (62) if (&User-Name =~ /\.$/) {
6198. (62) if (&User-Name =~ /\.$/) -> FALSE
6199. (62) if (&User-Name =~ /@\./) {
6200. (62) if (&User-Name =~ /@\./) -> FALSE
6201. (62) } # if (&User-Name) = notfound
6202. (62) } # policy filter_username = notfound
6203. (62) [preprocess] = ok
6204. (62) [chap] = noop
6205. (62) [mschap] = noop
6206. (62) [digest] = noop
6207. (62) suffix: Checking for suffix after "@"
6208. (62) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
6209. (62) suffix: No such realm "NULL"
6210. (62) [suffix] = noop
6211. (62) eap: Peer sent EAP Response (code 2) ID 62 length 163
6212. (62) eap: Continuing tunnel setup
6213. (62) [eap] = ok
6214. (62) } # authorize = ok
6215. (62) Found Auth-Type = eap
6216. (62) # Executing group from file /etc/raddb/sites-enabled/default
6217. (62) authenticate {
6218. (62) eap: Expiring EAP session with state 0xb4555843b46b4104
6219. (62) eap: Finished EAP session with state 0xb4555843b46b4104
6220. (62) eap: Previous EAP request found for state 0xb4555843b46b4104, released from the list
6221. (62) eap: Peer sent packet with method EAP PEAP (25)
6222. (62) eap: Calling submodule eap_peap to process data
6223. (62) eap_peap: Continuing EAP-TLS
6224. (62) eap_peap: Peer indicated complete TLS record size will be 153 bytes
6225. (62) eap_peap: Got complete TLS record (153 bytes)
6226. (62) eap_peap: [eaptls verify] = length included
6227. (62) eap_peap: (other): before/accept initialization
6228. (62) eap_peap: TLS_accept: before/accept initialization
6229. (62) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
6230. (62) eap_peap: TLS_accept: SSLv3 read client hello A
6231. (62) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
6232. (62) eap_peap: TLS_accept: SSLv3 write server hello A
6233. (62) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
6234. (62) eap_peap: TLS_accept: SSLv3 write change cipher spec A
6235. (62) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
6236. (62) eap_peap: TLS_accept: SSLv3 write finished A
6237. (62) eap_peap: TLS_accept: SSLv3 flush data
6238. (62) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
6239. (62) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
6240. (62) eap_peap: In SSL Handshake Phase
6241. (62) eap_peap: In SSL Accept mode
6242. (62) eap_peap: [eaptls process] = handled
6243. (62) eap: Sending EAP Request (code 1) ID 63 length 159
6244. (62) eap: EAP session adding &reply:State = 0xb4555843b56a4104
6245. (62) [eap] = handled
6246. (62) } # authenticate = handled
6247. (62) Using Post-Auth-Type Challenge
6248. (62) Post-Auth-Type sub-section not found. Ignoring.
6249. (62) # Executing group from file /etc/raddb/sites-enabled/default
6250. (62) Sent Access-Challenge Id 86 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
6251. (62) EAP-Message = 0x013f009f19001603010059020000550301573f503d9a7e6b405d053067d5c1396240521cae525b185aa54df38a6452bb1420274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030bfeaedfa7b4abc4d
6252. (62) Message-Authenticator = 0x00000000000000000000000000000000
6253. (62) State = 0xb4555843b56a41043f7580f54a3ad06c
6254. (62) Finished request
6255. Waking up in 3.3 seconds.
6256. (63) Received Access-Request Id 87 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
6257. (63) User-Name = "vkratsberg"
6258. (63) NAS-Port = 358
6259. (63) State = 0xb4555843b56a41043f7580f54a3ad06c
6260. (63) EAP-Message = 0x023f004519800000003b1403010001011603010030069811a2de8b76301bf368b79716a64ef2e13fb3dd537404996b319bc8c6b2b874287eb2af232360ff38349b1286bd78
6261. (63) Message-Authenticator = 0xc625ce0eb3c4af4ea599f2b1cc184f37
6262. (63) Acct-Session-Id = "8O2.1x81bb0841000445cd"
6263. (63) NAS-Port-Id = "ge-3/0/6.0"
6264. (63) Calling-Station-Id = "00-e0-4c-b8-16-4d"
6265. (63) Called-Station-Id = "ec-3e-f7-68-35-00"
6266. (63) NAS-IP-Address = 10.8.0.111
6267. (63) NAS-Identifier = "nyc-access-sw011"
6268. (63) NAS-Port-Type = Ethernet
6269. (63) session-state: No cached attributes
6270. (63) # Executing section authorize from file /etc/raddb/sites-enabled/default
6271. (63) authorize {
6272. (63) policy filter_username {
6273. (63) if (&User-Name) {
6274. (63) if (&User-Name) -> TRUE
6275. (63) if (&User-Name) {
6276. (63) if (&User-Name =~ / /) {
6277. (63) if (&User-Name =~ / /) -> FALSE
6278. (63) if (&User-Name =~ /@[^@]*@/ ) {
6279. (63) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
6280. (63) if (&User-Name =~ /\.\./ ) {
6281. (63) if (&User-Name =~ /\.\./ ) -> FALSE
6282. (63) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
6283. (63) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
6284. (63) if (&User-Name =~ /\.$/) {
6285. (63) if (&User-Name =~ /\.$/) -> FALSE
6286. (63) if (&User-Name =~ /@\./) {
6287. (63) if (&User-Name =~ /@\./) -> FALSE
6288. (63) } # if (&User-Name) = notfound
6289. (63) } # policy filter_username = notfound
6290. (63) [preprocess] = ok
6291. (63) [chap] = noop
6292. (63) [mschap] = noop
6293. (63) [digest] = noop
6294. (63) suffix: Checking for suffix after "@"
6295. (63) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
6296. (63) suffix: No such realm "NULL"
6297. (63) [suffix] = noop
6298. (63) eap: Peer sent EAP Response (code 2) ID 63 length 69
6299. (63) eap: Continuing tunnel setup
6300. (63) [eap] = ok
6301. (63) } # authorize = ok
6302. (63) Found Auth-Type = eap
6303. (63) # Executing group from file /etc/raddb/sites-enabled/default
6304. (63) authenticate {
6305. (63) eap: Expiring EAP session with state 0xb4555843b56a4104
6306. (63) eap: Finished EAP session with state 0xb4555843b56a4104
6307. (63) eap: Previous EAP request found for state 0xb4555843b56a4104, released from the list
6308. (63) eap: Peer sent packet with method EAP PEAP (25)
6309. (63) eap: Calling submodule eap_peap to process data
6310. (63) eap_peap: Continuing EAP-TLS
6311. (63) eap_peap: Peer indicated complete TLS record size will be 59 bytes
6312. (63) eap_peap: Got complete TLS record (59 bytes)
6313. (63) eap_peap: [eaptls verify] = length included
6314. (63) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
6315. (63) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
6316. (63) eap_peap: TLS_accept: SSLv3 read finished A
6317. (63) eap_peap: (other): SSL negotiation finished successfully
6318. (63) eap_peap: SSL Connection Established
6319. (63) eap_peap: SSL Application Data
6320. (63) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
6321. (63) eap_peap: reply:User-Name = "vkratsberg"
6322. (63) eap_peap: [eaptls process] = success
6323. (63) eap_peap: Session established. Decoding tunneled attributes
6324. (63) eap_peap: PEAP state TUNNEL ESTABLISHED
6325. (63) eap_peap: Skipping Phase2 because of session resumption
6326. (63) eap_peap: SUCCESS
6327. (63) eap: Sending EAP Request (code 1) ID 64 length 43
6328. (63) eap: EAP session adding &reply:State = 0xb4555843b6154104
6329. (63) [eap] = handled
6330. (63) } # authenticate = handled
6331. (63) Using Post-Auth-Type Challenge
6332. (63) Post-Auth-Type sub-section not found. Ignoring.
6333. (63) # Executing group from file /etc/raddb/sites-enabled/default
6334. (63) Sent Access-Challenge Id 87 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
6335. (63) User-Name = "vkratsberg"
6336. (63) EAP-Message = 0x0140002b190017030100203cfd7b41463f1ce0586bba11d6c5ccd5f2265af1d3cb2d57700c8e81137dddbb
6337. (63) Message-Authenticator = 0x00000000000000000000000000000000
6338. (63) State = 0xb4555843b61541043f7580f54a3ad06c
6339. (63) Finished request
6340. Waking up in 3.3 seconds.
6341. (64) Received Access-Request Id 88 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
6342. (64) User-Name = "vkratsberg"
6343. (64) NAS-Port = 358
6344. (64) State = 0xb4555843b61541043f7580f54a3ad06c
6345. (64) EAP-Message = 0x0240002b190017030100202475cf86a000566ec2dd8dfd641f4c2ea05dc420b990155d31b2386578e067e4
6346. (64) Message-Authenticator = 0xd74fe9a57f6254d5ac55542948aefb36
6347. (64) Acct-Session-Id = "8O2.1x81bb0841000445cd"
6348. (64) NAS-Port-Id = "ge-3/0/6.0"
6349. (64) Calling-Station-Id = "00-e0-4c-b8-16-4d"
6350. (64) Called-Station-Id = "ec-3e-f7-68-35-00"
6351. (64) NAS-IP-Address = 10.8.0.111
6352. (64) NAS-Identifier = "nyc-access-sw011"
6353. (64) NAS-Port-Type = Ethernet
6354. (64) session-state: No cached attributes
6355. (64) # Executing section authorize from file /etc/raddb/sites-enabled/default
6356. (64) authorize {
6357. (64) policy filter_username {
6358. (64) if (&User-Name) {
6359. (64) if (&User-Name) -> TRUE
6360. (64) if (&User-Name) {
6361. (64) if (&User-Name =~ / /) {
6362. (64) if (&User-Name =~ / /) -> FALSE
6363. (64) if (&User-Name =~ /@[^@]*@/ ) {
6364. (64) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
6365. (64) if (&User-Name =~ /\.\./ ) {
6366. (64) if (&User-Name =~ /\.\./ ) -> FALSE
6367. (64) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
6368. (64) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
6369. (64) if (&User-Name =~ /\.$/) {
6370. (64) if (&User-Name =~ /\.$/) -> FALSE
6371. (64) if (&User-Name =~ /@\./) {
6372. (64) if (&User-Name =~ /@\./) -> FALSE
6373. (64) } # if (&User-Name) = notfound
6374. (64) } # policy filter_username = notfound
6375. (64) [preprocess] = ok
6376. (64) [chap] = noop
6377. (64) [mschap] = noop
6378. (64) [digest] = noop
6379. (64) suffix: Checking for suffix after "@"
6380. (64) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
6381. (64) suffix: No such realm "NULL"
6382. (64) [suffix] = noop
6383. (64) eap: Peer sent EAP Response (code 2) ID 64 length 43
6384. (64) eap: Continuing tunnel setup
6385. (64) [eap] = ok
6386. (64) } # authorize = ok
6387. (64) Found Auth-Type = eap
6388. (64) # Executing group from file /etc/raddb/sites-enabled/default
6389. (64) authenticate {
6390. (64) eap: Expiring EAP session with state 0xb4555843b6154104
6391. (64) eap: Finished EAP session with state 0xb4555843b6154104
6392. (64) eap: Previous EAP request found for state 0xb4555843b6154104, released from the list
6393. (64) eap: Peer sent packet with method EAP PEAP (25)
6394. (64) eap: Calling submodule eap_peap to process data
6395. (64) eap_peap: Continuing EAP-TLS
6396. (64) eap_peap: [eaptls verify] = ok
6397. (64) eap_peap: Done initial handshake
6398. (64) eap_peap: [eaptls process] = ok
6399. (64) eap_peap: Session established. Decoding tunneled attributes
6400. (64) eap_peap: PEAP state send tlv success
6401. (64) eap_peap: Received EAP-TLV response
6402. (64) eap_peap: Success
6403. (64) eap_peap: No saved attributes in the original Access-Accept
6404. (64) eap: Sending EAP Success (code 3) ID 64 length 4
6405. (64) eap: Freeing handler
6406. (64) [eap] = ok
6407. (64) } # authenticate = ok
6408. (64) # Executing section post-auth from file /etc/raddb/sites-enabled/default
6409. (64) post-auth {
6410. (64) update {
6411. (64) No attributes updated
6412. (64) } # update = noop
6413. (64) [exec] = noop
6414. (64) policy remove_reply_message_if_eap {
6415. (64) if (&reply:EAP-Message && &reply:Reply-Message) {
6416. (64) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
6417. (64) else {
6418. (64) [noop] = noop
6419. (64) } # else = noop
6420. (64) } # policy remove_reply_message_if_eap = noop
6421. (64) } # post-auth = noop
6422. (64) Sent Access-Accept Id 88 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
6423. (64) MS-MPPE-Recv-Key = 0x134207be9e348f1e176a8ac3d9a4d383b7dcf4bd87981a3376c4486e77458c34
6424. (64) MS-MPPE-Send-Key = 0x3ac508be6f2e2850789ea5966ac331f227a52adf504a13b48deb47ba6f9d2fd5
6425. (64) EAP-Message = 0x03400004
6426. (64) Message-Authenticator = 0x00000000000000000000000000000000
6427. (64) User-Name = "vkratsberg"
6428. (64) Finished request
6429. Waking up in 3.3 seconds.
6430. (65) Received Access-Request Id 89 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
6431. (65) User-Name = "vkratsberg"
6432. (65) NAS-Port = 358
6433. (65) EAP-Message = 0x0241000f01766b7261747362657267
6434. (65) Message-Authenticator = 0xa2c7aacfa4cbdf3da805c2c157397400
6435. (65) Acct-Session-Id = "8O2.1x81bb08420005e2af"
6436. (65) NAS-Port-Id = "ge-3/0/6.0"
6437. (65) Calling-Station-Id = "00-e0-4c-b8-16-4d"
6438. (65) Called-Station-Id = "ec-3e-f7-68-35-00"
6439. (65) NAS-IP-Address = 10.8.0.111
6440. (65) NAS-Identifier = "nyc-access-sw011"
6441. (65) NAS-Port-Type = Ethernet
6442. (65) # Executing section authorize from file /etc/raddb/sites-enabled/default
6443. (65) authorize {
6444. (65) policy filter_username {
6445. (65) if (&User-Name) {
6446. (65) if (&User-Name) -> TRUE
6447. (65) if (&User-Name) {
6448. (65) if (&User-Name =~ / /) {
6449. (65) if (&User-Name =~ / /) -> FALSE
6450. (65) if (&User-Name =~ /@[^@]*@/ ) {
6451. (65) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
6452. (65) if (&User-Name =~ /\.\./ ) {
6453. (65) if (&User-Name =~ /\.\./ ) -> FALSE
6454. (65) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
6455. (65) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
6456. (65) if (&User-Name =~ /\.$/) {
6457. (65) if (&User-Name =~ /\.$/) -> FALSE
6458. (65) if (&User-Name =~ /@\./) {
6459. (65) if (&User-Name =~ /@\./) -> FALSE
6460. (65) } # if (&User-Name) = notfound
6461. (65) } # policy filter_username = notfound
6462. (65) [preprocess] = ok
6463. (65) [chap] = noop
6464. (65) [mschap] = noop
6465. (65) [digest] = noop
6466. (65) suffix: Checking for suffix after "@"
6467. (65) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
6468. (65) suffix: No such realm "NULL"
6469. (65) [suffix] = noop
6470. (65) eap: Peer sent EAP Response (code 2) ID 65 length 15
6471. (65) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
6472. (65) [eap] = ok
6473. (65) } # authorize = ok
6474. (65) Found Auth-Type = eap
6475. (65) # Executing group from file /etc/raddb/sites-enabled/default
6476. (65) authenticate {
6477. (65) eap: Peer sent packet with method EAP Identity (1)
6478. (65) eap: Calling submodule eap_peap to process data
6479. (65) eap_peap: Initiating new EAP-TLS session
6480. (65) eap_peap: [eaptls start] = request
6481. (65) eap: Sending EAP Request (code 1) ID 66 length 6
6482. (65) eap: EAP session adding &reply:State = 0x84760f5e843416ab
6483. (65) [eap] = handled
6484. (65) } # authenticate = handled
6485. (65) Using Post-Auth-Type Challenge
6486. (65) Post-Auth-Type sub-section not found. Ignoring.
6487. (65) # Executing group from file /etc/raddb/sites-enabled/default
6488. (65) Sent Access-Challenge Id 89 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
6489. (65) EAP-Message = 0x014200061920
6490. (65) Message-Authenticator = 0x00000000000000000000000000000000
6491. (65) State = 0x84760f5e843416ab000ba36a1076ac07
6492. (65) Finished request
6493. Waking up in 3.2 seconds.
6494. (66) Received Access-Request Id 90 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
6495. (66) User-Name = "vkratsberg"
6496. (66) NAS-Port = 358
6497. (66) State = 0x84760f5e843416ab000ba36a1076ac07
6498. (66) EAP-Message = 0x024200a31980000000991603010094010000900301573f503dc067a22d42e31ff4c10e8617332701ce7575f951158623c1f5e89cb620274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
6499. (66) Message-Authenticator = 0xd070acaf41f912547921e713dce20212
6500. (66) Acct-Session-Id = "8O2.1x81bb08420005e2af"
6501. (66) NAS-Port-Id = "ge-3/0/6.0"
6502. (66) Calling-Station-Id = "00-e0-4c-b8-16-4d"
6503. (66) Called-Station-Id = "ec-3e-f7-68-35-00"
6504. (66) NAS-IP-Address = 10.8.0.111
6505. (66) NAS-Identifier = "nyc-access-sw011"
6506. (66) NAS-Port-Type = Ethernet
6507. (66) session-state: No cached attributes
6508. (66) # Executing section authorize from file /etc/raddb/sites-enabled/default
6509. (66) authorize {
6510. (66) policy filter_username {
6511. (66) if (&User-Name) {
6512. (66) if (&User-Name) -> TRUE
6513. (66) if (&User-Name) {
6514. (66) if (&User-Name =~ / /) {
6515. (66) if (&User-Name =~ / /) -> FALSE
6516. (66) if (&User-Name =~ /@[^@]*@/ ) {
6517. (66) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
6518. (66) if (&User-Name =~ /\.\./ ) {
6519. (66) if (&User-Name =~ /\.\./ ) -> FALSE
6520. (66) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
6521. (66) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
6522. (66) if (&User-Name =~ /\.$/) {
6523. (66) if (&User-Name =~ /\.$/) -> FALSE
6524. (66) if (&User-Name =~ /@\./) {
6525. (66) if (&User-Name =~ /@\./) -> FALSE
6526. (66) } # if (&User-Name) = notfound
6527. (66) } # policy filter_username = notfound
6528. (66) [preprocess] = ok
6529. (66) [chap] = noop
6530. (66) [mschap] = noop
6531. (66) [digest] = noop
6532. (66) suffix: Checking for suffix after "@"
6533. (66) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
6534. (66) suffix: No such realm "NULL"
6535. (66) [suffix] = noop
6536. (66) eap: Peer sent EAP Response (code 2) ID 66 length 163
6537. (66) eap: Continuing tunnel setup
6538. (66) [eap] = ok
6539. (66) } # authorize = ok
6540. (66) Found Auth-Type = eap
6541. (66) # Executing group from file /etc/raddb/sites-enabled/default
6542. (66) authenticate {
6543. (66) eap: Expiring EAP session with state 0x84760f5e843416ab
6544. (66) eap: Finished EAP session with state 0x84760f5e843416ab
6545. (66) eap: Previous EAP request found for state 0x84760f5e843416ab, released from the list
6546. (66) eap: Peer sent packet with method EAP PEAP (25)
6547. (66) eap: Calling submodule eap_peap to process data
6548. (66) eap_peap: Continuing EAP-TLS
6549. (66) eap_peap: Peer indicated complete TLS record size will be 153 bytes
6550. (66) eap_peap: Got complete TLS record (153 bytes)
6551. (66) eap_peap: [eaptls verify] = length included
6552. (66) eap_peap: (other): before/accept initialization
6553. (66) eap_peap: TLS_accept: before/accept initialization
6554. (66) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
6555. (66) eap_peap: TLS_accept: SSLv3 read client hello A
6556. (66) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
6557. (66) eap_peap: TLS_accept: SSLv3 write server hello A
6558. (66) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
6559. (66) eap_peap: TLS_accept: SSLv3 write change cipher spec A
6560. (66) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
6561. (66) eap_peap: TLS_accept: SSLv3 write finished A
6562. (66) eap_peap: TLS_accept: SSLv3 flush data
6563. (66) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
6564. (66) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
6565. (66) eap_peap: In SSL Handshake Phase
6566. (66) eap_peap: In SSL Accept mode
6567. (66) eap_peap: [eaptls process] = handled
6568. (66) eap: Sending EAP Request (code 1) ID 67 length 159
6569. (66) eap: EAP session adding &reply:State = 0x84760f5e853516ab
6570. (66) [eap] = handled
6571. (66) } # authenticate = handled
6572. (66) Using Post-Auth-Type Challenge
6573. (66) Post-Auth-Type sub-section not found. Ignoring.
6574. (66) # Executing group from file /etc/raddb/sites-enabled/default
6575. (66) Sent Access-Challenge Id 90 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
6576. (66) EAP-Message = 0x0143009f19001603010059020000550301573f503ddf51fdeb6c70eabd8a349c0430af0cfb0b2c24138784ca6d738eeb6720274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100306bc4a150a7e604f5
6577. (66) Message-Authenticator = 0x00000000000000000000000000000000
6578. (66) State = 0x84760f5e853516ab000ba36a1076ac07
6579. (66) Finished request
6580. Waking up in 3.2 seconds.
6581. (67) Received Access-Request Id 91 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
6582. (67) User-Name = "vkratsberg"
6583. (67) NAS-Port = 358
6584. (67) State = 0x84760f5e853516ab000ba36a1076ac07
6585. (67) EAP-Message = 0x0243004519800000003b140301000101160301003014feb3129fe88a6f974ed24dfec617ded3c3f8437a68b69974d4b4ed96fa7d7ce95e2cb34f9927d536b9c2859515f8a6
6586. (67) Message-Authenticator = 0x1d1a6eeed1090b34ef97e14d34e71d48
6587. (67) Acct-Session-Id = "8O2.1x81bb08420005e2af"
6588. (67) NAS-Port-Id = "ge-3/0/6.0"
6589. (67) Calling-Station-Id = "00-e0-4c-b8-16-4d"
6590. (67) Called-Station-Id = "ec-3e-f7-68-35-00"
6591. (67) NAS-IP-Address = 10.8.0.111
6592. (67) NAS-Identifier = "nyc-access-sw011"
6593. (67) NAS-Port-Type = Ethernet
6594. (67) session-state: No cached attributes
6595. (67) # Executing section authorize from file /etc/raddb/sites-enabled/default
6596. (67) authorize {
6597. (67) policy filter_username {
6598. (67) if (&User-Name) {
6599. (67) if (&User-Name) -> TRUE
6600. (67) if (&User-Name) {
6601. (67) if (&User-Name =~ / /) {
6602. (67) if (&User-Name =~ / /) -> FALSE
6603. (67) if (&User-Name =~ /@[^@]*@/ ) {
6604. (67) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
6605. (67) if (&User-Name =~ /\.\./ ) {
6606. (67) if (&User-Name =~ /\.\./ ) -> FALSE
6607. (67) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
6608. (67) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
6609. (67) if (&User-Name =~ /\.$/) {
6610. (67) if (&User-Name =~ /\.$/) -> FALSE
6611. (67) if (&User-Name =~ /@\./) {
6612. (67) if (&User-Name =~ /@\./) -> FALSE
6613. (67) } # if (&User-Name) = notfound
6614. (67) } # policy filter_username = notfound
6615. (67) [preprocess] = ok
6616. (67) [chap] = noop
6617. (67) [mschap] = noop
6618. (67) [digest] = noop
6619. (67) suffix: Checking for suffix after "@"
6620. (67) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
6621. (67) suffix: No such realm "NULL"
6622. (67) [suffix] = noop
6623. (67) eap: Peer sent EAP Response (code 2) ID 67 length 69
6624. (67) eap: Continuing tunnel setup
6625. (67) [eap] = ok
6626. (67) } # authorize = ok
6627. (67) Found Auth-Type = eap
6628. (67) # Executing group from file /etc/raddb/sites-enabled/default
6629. (67) authenticate {
6630. (67) eap: Expiring EAP session with state 0x84760f5e853516ab
6631. (67) eap: Finished EAP session with state 0x84760f5e853516ab
6632. (67) eap: Previous EAP request found for state 0x84760f5e853516ab, released from the list
6633. (67) eap: Peer sent packet with method EAP PEAP (25)
6634. (67) eap: Calling submodule eap_peap to process data
6635. (67) eap_peap: Continuing EAP-TLS
6636. (67) eap_peap: Peer indicated complete TLS record size will be 59 bytes
6637. (67) eap_peap: Got complete TLS record (59 bytes)
6638. (67) eap_peap: [eaptls verify] = length included
6639. (67) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
6640. (67) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
6641. (67) eap_peap: TLS_accept: SSLv3 read finished A
6642. (67) eap_peap: (other): SSL negotiation finished successfully
6643. (67) eap_peap: SSL Connection Established
6644. (67) eap_peap: SSL Application Data
6645. (67) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
6646. (67) eap_peap: reply:User-Name = "vkratsberg"
6647. (67) eap_peap: [eaptls process] = success
6648. (67) eap_peap: Session established. Decoding tunneled attributes
6649. (67) eap_peap: PEAP state TUNNEL ESTABLISHED
6650. (67) eap_peap: Skipping Phase2 because of session resumption
6651. (67) eap_peap: SUCCESS
6652. (67) eap: Sending EAP Request (code 1) ID 68 length 43
6653. (67) eap: EAP session adding &reply:State = 0x84760f5e863216ab
6654. (67) [eap] = handled
6655. (67) } # authenticate = handled
6656. (67) Using Post-Auth-Type Challenge
6657. (67) Post-Auth-Type sub-section not found. Ignoring.
6658. (67) # Executing group from file /etc/raddb/sites-enabled/default
6659. (67) Sent Access-Challenge Id 91 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
6660. (67) User-Name = "vkratsberg"
6661. (67) EAP-Message = 0x0144002b19001703010020be1cf2432fe4a9dfd5fc68e6cbc30c19312b1f3f79bd5c4a84b46d32095c6927
6662. (67) Message-Authenticator = 0x00000000000000000000000000000000
6663. (67) State = 0x84760f5e863216ab000ba36a1076ac07
6664. (67) Finished request
6665. Waking up in 3.2 seconds.
6666. (68) Received Access-Request Id 92 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
6667. (68) User-Name = "vkratsberg"
6668. (68) NAS-Port = 358
6669. (68) State = 0x84760f5e863216ab000ba36a1076ac07
6670. (68) EAP-Message = 0x0244002b19001703010020d1f18b0baf761392f539c1e4bd979b49ea7196f106cfac2b48901499dfc46eed
6671. (68) Message-Authenticator = 0xd8094b300a8024007b2ccc8a418cbff8
6672. (68) Acct-Session-Id = "8O2.1x81bb08420005e2af"
6673. (68) NAS-Port-Id = "ge-3/0/6.0"
6674. (68) Calling-Station-Id = "00-e0-4c-b8-16-4d"
6675. (68) Called-Station-Id = "ec-3e-f7-68-35-00"
6676. (68) NAS-IP-Address = 10.8.0.111
6677. (68) NAS-Identifier = "nyc-access-sw011"
6678. (68) NAS-Port-Type = Ethernet
6679. (68) session-state: No cached attributes
6680. (68) # Executing section authorize from file /etc/raddb/sites-enabled/default
6681. (68) authorize {
6682. (68) policy filter_username {
6683. (68) if (&User-Name) {
6684. (68) if (&User-Name) -> TRUE
6685. (68) if (&User-Name) {
6686. (68) if (&User-Name =~ / /) {
6687. (68) if (&User-Name =~ / /) -> FALSE
6688. (68) if (&User-Name =~ /@[^@]*@/ ) {
6689. (68) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
6690. (68) if (&User-Name =~ /\.\./ ) {
6691. (68) if (&User-Name =~ /\.\./ ) -> FALSE
6692. (68) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
6693. (68) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
6694. (68) if (&User-Name =~ /\.$/) {
6695. (68) if (&User-Name =~ /\.$/) -> FALSE
6696. (68) if (&User-Name =~ /@\./) {
6697. (68) if (&User-Name =~ /@\./) -> FALSE
6698. (68) } # if (&User-Name) = notfound
6699. (68) } # policy filter_username = notfound
6700. (68) [preprocess] = ok
6701. (68) [chap] = noop
6702. (68) [mschap] = noop
6703. (68) [digest] = noop
6704. (68) suffix: Checking for suffix after "@"
6705. (68) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
6706. (68) suffix: No such realm "NULL"
6707. (68) [suffix] = noop
6708. (68) eap: Peer sent EAP Response (code 2) ID 68 length 43
6709. (68) eap: Continuing tunnel setup
6710. (68) [eap] = ok
6711. (68) } # authorize = ok
6712. (68) Found Auth-Type = eap
6713. (68) # Executing group from file /etc/raddb/sites-enabled/default
6714. (68) authenticate {
6715. (68) eap: Expiring EAP session with state 0x84760f5e863216ab
6716. (68) eap: Finished EAP session with state 0x84760f5e863216ab
6717. (68) eap: Previous EAP request found for state 0x84760f5e863216ab, released from the list
6718. (68) eap: Peer sent packet with method EAP PEAP (25)
6719. (68) eap: Calling submodule eap_peap to process data
6720. (68) eap_peap: Continuing EAP-TLS
6721. (68) eap_peap: [eaptls verify] = ok
6722. (68) eap_peap: Done initial handshake
6723. (68) eap_peap: [eaptls process] = ok
6724. (68) eap_peap: Session established. Decoding tunneled attributes
6725. (68) eap_peap: PEAP state send tlv success
6726. (68) eap_peap: Received EAP-TLV response
6727. (68) eap_peap: Success
6728. (68) eap_peap: No saved attributes in the original Access-Accept
6729. (68) eap: Sending EAP Success (code 3) ID 68 length 4
6730. (68) eap: Freeing handler
6731. (68) [eap] = ok
6732. (68) } # authenticate = ok
6733. (68) # Executing section post-auth from file /etc/raddb/sites-enabled/default
6734. (68) post-auth {
6735. (68) update {
6736. (68) No attributes updated
6737. (68) } # update = noop
6738. (68) [exec] = noop
6739. (68) policy remove_reply_message_if_eap {
6740. (68) if (&reply:EAP-Message && &reply:Reply-Message) {
6741. (68) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
6742. (68) else {
6743. (68) [noop] = noop
6744. (68) } # else = noop
6745. (68) } # policy remove_reply_message_if_eap = noop
6746. (68) } # post-auth = noop
6747. (68) Sent Access-Accept Id 92 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
6748. (68) MS-MPPE-Recv-Key = 0xa581953fcc75642a942419f2e8be4af9e87008913b9d96aebe21e1fa8dc3987d
6749. (68) MS-MPPE-Send-Key = 0xb992d27b70e598743d37aa07892874adc77d17759ebdec1d6dd7d0aac59e90b1
6750. (68) EAP-Message = 0x03440004
6751. (68) Message-Authenticator = 0x00000000000000000000000000000000
6752. (68) User-Name = "vkratsberg"
6753. (68) Finished request
6754. Waking up in 3.2 seconds.
6755. (69) Received Access-Request Id 93 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
6756. (69) User-Name = "vkratsberg"
6757. (69) NAS-Port = 358
6758. (69) EAP-Message = 0x0245000f01766b7261747362657267
6759. (69) Message-Authenticator = 0xdb4ab78dd7aa129fe76bad90de37511d
6760. (69) Acct-Session-Id = "8O2.1x81bb084300078073"
6761. (69) NAS-Port-Id = "ge-3/0/6.0"
6762. (69) Calling-Station-Id = "00-e0-4c-b8-16-4d"
6763. (69) Called-Station-Id = "ec-3e-f7-68-35-00"
6764. (69) NAS-IP-Address = 10.8.0.111
6765. (69) NAS-Identifier = "nyc-access-sw011"
6766. (69) NAS-Port-Type = Ethernet
6767. (69) # Executing section authorize from file /etc/raddb/sites-enabled/default
6768. (69) authorize {
6769. (69) policy filter_username {
6770. (69) if (&User-Name) {
6771. (69) if (&User-Name) -> TRUE
6772. (69) if (&User-Name) {
6773. (69) if (&User-Name =~ / /) {
6774. (69) if (&User-Name =~ / /) -> FALSE
6775. (69) if (&User-Name =~ /@[^@]*@/ ) {
6776. (69) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
6777. (69) if (&User-Name =~ /\.\./ ) {
6778. (69) if (&User-Name =~ /\.\./ ) -> FALSE
6779. (69) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
6780. (69) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
6781. (69) if (&User-Name =~ /\.$/) {
6782. (69) if (&User-Name =~ /\.$/) -> FALSE
6783. (69) if (&User-Name =~ /@\./) {
6784. (69) if (&User-Name =~ /@\./) -> FALSE
6785. (69) } # if (&User-Name) = notfound
6786. (69) } # policy filter_username = notfound
6787. (69) [preprocess] = ok
6788. (69) [chap] = noop
6789. (69) [mschap] = noop
6790. (69) [digest] = noop
6791. (69) suffix: Checking for suffix after "@"
6792. (69) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
6793. (69) suffix: No such realm "NULL"
6794. (69) [suffix] = noop
6795. (69) eap: Peer sent EAP Response (code 2) ID 69 length 15
6796. (69) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
6797. (69) [eap] = ok
6798. (69) } # authorize = ok
6799. (69) Found Auth-Type = eap
6800. (69) # Executing group from file /etc/raddb/sites-enabled/default
6801. (69) authenticate {
6802. (69) eap: Peer sent packet with method EAP Identity (1)
6803. (69) eap: Calling submodule eap_peap to process data
6804. (69) eap_peap: Initiating new EAP-TLS session
6805. (69) eap_peap: [eaptls start] = request
6806. (69) eap: Sending EAP Request (code 1) ID 70 length 6
6807. (69) eap: EAP session adding &reply:State = 0xf214d99cf252c0aa
6808. (69) [eap] = handled
6809. (69) } # authenticate = handled
6810. (69) Using Post-Auth-Type Challenge
6811. (69) Post-Auth-Type sub-section not found. Ignoring.
6812. (69) # Executing group from file /etc/raddb/sites-enabled/default
6813. (69) Sent Access-Challenge Id 93 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
6814. (69) EAP-Message = 0x014600061920
6815. (69) Message-Authenticator = 0x00000000000000000000000000000000
6816. (69) State = 0xf214d99cf252c0aab36cabc7e26f3f6c
6817. (69) Finished request
6818. Waking up in 3.1 seconds.
6819. (70) Received Access-Request Id 94 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
6820. (70) User-Name = "vkratsberg"
6821. (70) NAS-Port = 358
6822. (70) State = 0xf214d99cf252c0aab36cabc7e26f3f6c
6823. (70) EAP-Message = 0x024600a31980000000991603010094010000900301573f503dc226f7f2a3f871de057f854b703d45fa28a4c6816d6d1ab7c71815db20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
6824. (70) Message-Authenticator = 0xcd0f356be9e0aff865572228e3802ea6
6825. (70) Acct-Session-Id = "8O2.1x81bb084300078073"
6826. (70) NAS-Port-Id = "ge-3/0/6.0"
6827. (70) Calling-Station-Id = "00-e0-4c-b8-16-4d"
6828. (70) Called-Station-Id = "ec-3e-f7-68-35-00"
6829. (70) NAS-IP-Address = 10.8.0.111
6830. (70) NAS-Identifier = "nyc-access-sw011"
6831. (70) NAS-Port-Type = Ethernet
6832. (70) session-state: No cached attributes
6833. (70) # Executing section authorize from file /etc/raddb/sites-enabled/default
6834. (70) authorize {
6835. (70) policy filter_username {
6836. (70) if (&User-Name) {
6837. (70) if (&User-Name) -> TRUE
6838. (70) if (&User-Name) {
6839. (70) if (&User-Name =~ / /) {
6840. (70) if (&User-Name =~ / /) -> FALSE
6841. (70) if (&User-Name =~ /@[^@]*@/ ) {
6842. (70) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
6843. (70) if (&User-Name =~ /\.\./ ) {
6844. (70) if (&User-Name =~ /\.\./ ) -> FALSE
6845. (70) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
6846. (70) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
6847. (70) if (&User-Name =~ /\.$/) {
6848. (70) if (&User-Name =~ /\.$/) -> FALSE
6849. (70) if (&User-Name =~ /@\./) {
6850. (70) if (&User-Name =~ /@\./) -> FALSE
6851. (70) } # if (&User-Name) = notfound
6852. (70) } # policy filter_username = notfound
6853. (70) [preprocess] = ok
6854. (70) [chap] = noop
6855. (70) [mschap] = noop
6856. (70) [digest] = noop
6857. (70) suffix: Checking for suffix after "@"
6858. (70) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
6859. (70) suffix: No such realm "NULL"
6860. (70) [suffix] = noop
6861. (70) eap: Peer sent EAP Response (code 2) ID 70 length 163
6862. (70) eap: Continuing tunnel setup
6863. (70) [eap] = ok
6864. (70) } # authorize = ok
6865. (70) Found Auth-Type = eap
6866. (70) # Executing group from file /etc/raddb/sites-enabled/default
6867. (70) authenticate {
6868. (70) eap: Expiring EAP session with state 0xf214d99cf252c0aa
6869. (70) eap: Finished EAP session with state 0xf214d99cf252c0aa
6870. (70) eap: Previous EAP request found for state 0xf214d99cf252c0aa, released from the list
6871. (70) eap: Peer sent packet with method EAP PEAP (25)
6872. (70) eap: Calling submodule eap_peap to process data
6873. (70) eap_peap: Continuing EAP-TLS
6874. (70) eap_peap: Peer indicated complete TLS record size will be 153 bytes
6875. (70) eap_peap: Got complete TLS record (153 bytes)
6876. (70) eap_peap: [eaptls verify] = length included
6877. (70) eap_peap: (other): before/accept initialization
6878. (70) eap_peap: TLS_accept: before/accept initialization
6879. (70) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
6880. (70) eap_peap: TLS_accept: SSLv3 read client hello A
6881. (70) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
6882. (70) eap_peap: TLS_accept: SSLv3 write server hello A
6883. (70) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
6884. (70) eap_peap: TLS_accept: SSLv3 write change cipher spec A
6885. (70) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
6886. (70) eap_peap: TLS_accept: SSLv3 write finished A
6887. (70) eap_peap: TLS_accept: SSLv3 flush data
6888. (70) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
6889. (70) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
6890. (70) eap_peap: In SSL Handshake Phase
6891. (70) eap_peap: In SSL Accept mode
6892. (70) eap_peap: [eaptls process] = handled
6893. (70) eap: Sending EAP Request (code 1) ID 71 length 159
6894. (70) eap: EAP session adding &reply:State = 0xf214d99cf353c0aa
6895. (70) [eap] = handled
6896. (70) } # authenticate = handled
6897. (70) Using Post-Auth-Type Challenge
6898. (70) Post-Auth-Type sub-section not found. Ignoring.
6899. (70) # Executing group from file /etc/raddb/sites-enabled/default
6900. (70) Sent Access-Challenge Id 94 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
6901. (70) EAP-Message = 0x0147009f19001603010059020000550301573f503dd43b1ce347d9fabdda9d004c5ad5fad10f24d16628dbc3d4811c97c020274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030e44758b93e873cba
6902. (70) Message-Authenticator = 0x00000000000000000000000000000000
6903. (70) State = 0xf214d99cf353c0aab36cabc7e26f3f6c
6904. (70) Finished request
6905. Waking up in 3.1 seconds.
6906. (71) Received Access-Request Id 95 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
6907. (71) User-Name = "vkratsberg"
6908. (71) NAS-Port = 358
6909. (71) State = 0xf214d99cf353c0aab36cabc7e26f3f6c
6910. (71) EAP-Message = 0x0247004519800000003b14030100010116030100309bc5424354d4b327ac9fb10bfa50e7db04c5f052ce2b1a15c73d3b6956f54d9bb34647a5f49b8165508f04e46bf98b74
6911. (71) Message-Authenticator = 0xcebd077a1c92f15e4c84929c44aa9014
6912. (71) Acct-Session-Id = "8O2.1x81bb084300078073"
6913. (71) NAS-Port-Id = "ge-3/0/6.0"
6914. (71) Calling-Station-Id = "00-e0-4c-b8-16-4d"
6915. (71) Called-Station-Id = "ec-3e-f7-68-35-00"
6916. (71) NAS-IP-Address = 10.8.0.111
6917. (71) NAS-Identifier = "nyc-access-sw011"
6918. (71) NAS-Port-Type = Ethernet
6919. (71) session-state: No cached attributes
6920. (71) # Executing section authorize from file /etc/raddb/sites-enabled/default
6921. (71) authorize {
6922. (71) policy filter_username {
6923. (71) if (&User-Name) {
6924. (71) if (&User-Name) -> TRUE
6925. (71) if (&User-Name) {
6926. (71) if (&User-Name =~ / /) {
6927. (71) if (&User-Name =~ / /) -> FALSE
6928. (71) if (&User-Name =~ /@[^@]*@/ ) {
6929. (71) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
6930. (71) if (&User-Name =~ /\.\./ ) {
6931. (71) if (&User-Name =~ /\.\./ ) -> FALSE
6932. (71) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
6933. (71) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
6934. (71) if (&User-Name =~ /\.$/) {
6935. (71) if (&User-Name =~ /\.$/) -> FALSE
6936. (71) if (&User-Name =~ /@\./) {
6937. (71) if (&User-Name =~ /@\./) -> FALSE
6938. (71) } # if (&User-Name) = notfound
6939. (71) } # policy filter_username = notfound
6940. (71) [preprocess] = ok
6941. (71) [chap] = noop
6942. (71) [mschap] = noop
6943. (71) [digest] = noop
6944. (71) suffix: Checking for suffix after "@"
6945. (71) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
6946. (71) suffix: No such realm "NULL"
6947. (71) [suffix] = noop
6948. (71) eap: Peer sent EAP Response (code 2) ID 71 length 69
6949. (71) eap: Continuing tunnel setup
6950. (71) [eap] = ok
6951. (71) } # authorize = ok
6952. (71) Found Auth-Type = eap
6953. (71) # Executing group from file /etc/raddb/sites-enabled/default
6954. (71) authenticate {
6955. (71) eap: Expiring EAP session with state 0xf214d99cf353c0aa
6956. (71) eap: Finished EAP session with state 0xf214d99cf353c0aa
6957. (71) eap: Previous EAP request found for state 0xf214d99cf353c0aa, released from the list
6958. (71) eap: Peer sent packet with method EAP PEAP (25)
6959. (71) eap: Calling submodule eap_peap to process data
6960. (71) eap_peap: Continuing EAP-TLS
6961. (71) eap_peap: Peer indicated complete TLS record size will be 59 bytes
6962. (71) eap_peap: Got complete TLS record (59 bytes)
6963. (71) eap_peap: [eaptls verify] = length included
6964. (71) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
6965. (71) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
6966. (71) eap_peap: TLS_accept: SSLv3 read finished A
6967. (71) eap_peap: (other): SSL negotiation finished successfully
6968. (71) eap_peap: SSL Connection Established
6969. (71) eap_peap: SSL Application Data
6970. (71) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
6971. (71) eap_peap: reply:User-Name = "vkratsberg"
6972. (71) eap_peap: [eaptls process] = success
6973. (71) eap_peap: Session established. Decoding tunneled attributes
6974. (71) eap_peap: PEAP state TUNNEL ESTABLISHED
6975. (71) eap_peap: Skipping Phase2 because of session resumption
6976. (71) eap_peap: SUCCESS
6977. (71) eap: Sending EAP Request (code 1) ID 72 length 43
6978. (71) eap: EAP session adding &reply:State = 0xf214d99cf05cc0aa
6979. (71) [eap] = handled
6980. (71) } # authenticate = handled
6981. (71) Using Post-Auth-Type Challenge
6982. (71) Post-Auth-Type sub-section not found. Ignoring.
6983. (71) # Executing group from file /etc/raddb/sites-enabled/default
6984. (71) Sent Access-Challenge Id 95 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
6985. (71) User-Name = "vkratsberg"
6986. (71) EAP-Message = 0x0148002b190017030100203ba2b8edfe2acf0242a9522d715ddbbe6562b8924b450804bedaafd34fde6ddb
6987. (71) Message-Authenticator = 0x00000000000000000000000000000000
6988. (71) State = 0xf214d99cf05cc0aab36cabc7e26f3f6c
6989. (71) Finished request
6990. Waking up in 3.1 seconds.
6991. (72) Received Access-Request Id 96 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
6992. (72) User-Name = "vkratsberg"
6993. (72) NAS-Port = 358
6994. (72) State = 0xf214d99cf05cc0aab36cabc7e26f3f6c
6995. (72) EAP-Message = 0x0248002b190017030100206462fd5ad5c05e17fa7cd663751415ffb668e6f0da0c7df59b42faffcc3843c5
6996. (72) Message-Authenticator = 0xba25873bbdeac95346dd65ad3fbdaf90
6997. (72) Acct-Session-Id = "8O2.1x81bb084300078073"
6998. (72) NAS-Port-Id = "ge-3/0/6.0"
6999. (72) Calling-Station-Id = "00-e0-4c-b8-16-4d"
7000. (72) Called-Station-Id = "ec-3e-f7-68-35-00"
7001. (72) NAS-IP-Address = 10.8.0.111
7002. (72) NAS-Identifier = "nyc-access-sw011"
7003. (72) NAS-Port-Type = Ethernet
7004. (72) session-state: No cached attributes
7005. (72) # Executing section authorize from file /etc/raddb/sites-enabled/default
7006. (72) authorize {
7007. (72) policy filter_username {
7008. (72) if (&User-Name) {
7009. (72) if (&User-Name) -> TRUE
7010. (72) if (&User-Name) {
7011. (72) if (&User-Name =~ / /) {
7012. (72) if (&User-Name =~ / /) -> FALSE
7013. (72) if (&User-Name =~ /@[^@]*@/ ) {
7014. (72) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
7015. (72) if (&User-Name =~ /\.\./ ) {
7016. (72) if (&User-Name =~ /\.\./ ) -> FALSE
7017. (72) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
7018. (72) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
7019. (72) if (&User-Name =~ /\.$/) {
7020. (72) if (&User-Name =~ /\.$/) -> FALSE
7021. (72) if (&User-Name =~ /@\./) {
7022. (72) if (&User-Name =~ /@\./) -> FALSE
7023. (72) } # if (&User-Name) = notfound
7024. (72) } # policy filter_username = notfound
7025. (72) [preprocess] = ok
7026. (72) [chap] = noop
7027. (72) [mschap] = noop
7028. (72) [digest] = noop
7029. (72) suffix: Checking for suffix after "@"
7030. (72) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
7031. (72) suffix: No such realm "NULL"
7032. (72) [suffix] = noop
7033. (72) eap: Peer sent EAP Response (code 2) ID 72 length 43
7034. (72) eap: Continuing tunnel setup
7035. (72) [eap] = ok
7036. (72) } # authorize = ok
7037. (72) Found Auth-Type = eap
7038. (72) # Executing group from file /etc/raddb/sites-enabled/default
7039. (72) authenticate {
7040. (72) eap: Expiring EAP session with state 0xf214d99cf05cc0aa
7041. (72) eap: Finished EAP session with state 0xf214d99cf05cc0aa
7042. (72) eap: Previous EAP request found for state 0xf214d99cf05cc0aa, released from the list
7043. (72) eap: Peer sent packet with method EAP PEAP (25)
7044. (72) eap: Calling submodule eap_peap to process data
7045. (72) eap_peap: Continuing EAP-TLS
7046. (72) eap_peap: [eaptls verify] = ok
7047. (72) eap_peap: Done initial handshake
7048. (72) eap_peap: [eaptls process] = ok
7049. (72) eap_peap: Session established. Decoding tunneled attributes
7050. (72) eap_peap: PEAP state send tlv success
7051. (72) eap_peap: Received EAP-TLV response
7052. (72) eap_peap: Success
7053. (72) eap_peap: No saved attributes in the original Access-Accept
7054. (72) eap: Sending EAP Success (code 3) ID 72 length 4
7055. (72) eap: Freeing handler
7056. (72) [eap] = ok
7057. (72) } # authenticate = ok
7058. (72) # Executing section post-auth from file /etc/raddb/sites-enabled/default
7059. (72) post-auth {
7060. (72) update {
7061. (72) No attributes updated
7062. (72) } # update = noop
7063. (72) [exec] = noop
7064. (72) policy remove_reply_message_if_eap {
7065. (72) if (&reply:EAP-Message && &reply:Reply-Message) {
7066. (72) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
7067. (72) else {
7068. (72) [noop] = noop
7069. (72) } # else = noop
7070. (72) } # policy remove_reply_message_if_eap = noop
7071. (72) } # post-auth = noop
7072. (72) Sent Access-Accept Id 96 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
7073. (72) MS-MPPE-Recv-Key = 0x4829c9d05e3d9d8823348fdac50209e2796642250b6bdc7e8c8ab5d550b00469
7074. (72) MS-MPPE-Send-Key = 0x8a8fc4cdbdd3e2d7ec392ba17e986a12377389bc5d4991f4fa648802740a3c07
7075. (72) EAP-Message = 0x03480004
7076. (72) Message-Authenticator = 0x00000000000000000000000000000000
7077. (72) User-Name = "vkratsberg"
7078. (72) Finished request
7079. Waking up in 3.1 seconds.
7080. (73) Received Access-Request Id 97 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
7081. (73) User-Name = "vkratsberg"
7082. (73) NAS-Port = 358
7083. (73) EAP-Message = 0x0249000f01766b7261747362657267
7084. (73) Message-Authenticator = 0xe6e5e5ebe9d18107e9633e3f4241e0d2
7085. (73) Acct-Session-Id = "8O2.1x81bb084400092155"
7086. (73) NAS-Port-Id = "ge-3/0/6.0"
7087. (73) Calling-Station-Id = "00-e0-4c-b8-16-4d"
7088. (73) Called-Station-Id = "ec-3e-f7-68-35-00"
7089. (73) NAS-IP-Address = 10.8.0.111
7090. (73) NAS-Identifier = "nyc-access-sw011"
7091. (73) NAS-Port-Type = Ethernet
7092. (73) # Executing section authorize from file /etc/raddb/sites-enabled/default
7093. (73) authorize {
7094. (73) policy filter_username {
7095. (73) if (&User-Name) {
7096. (73) if (&User-Name) -> TRUE
7097. (73) if (&User-Name) {
7098. (73) if (&User-Name =~ / /) {
7099. (73) if (&User-Name =~ / /) -> FALSE
7100. (73) if (&User-Name =~ /@[^@]*@/ ) {
7101. (73) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
7102. (73) if (&User-Name =~ /\.\./ ) {
7103. (73) if (&User-Name =~ /\.\./ ) -> FALSE
7104. (73) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
7105. (73) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
7106. (73) if (&User-Name =~ /\.$/) {
7107. (73) if (&User-Name =~ /\.$/) -> FALSE
7108. (73) if (&User-Name =~ /@\./) {
7109. (73) if (&User-Name =~ /@\./) -> FALSE
7110. (73) } # if (&User-Name) = notfound
7111. (73) } # policy filter_username = notfound
7112. (73) [preprocess] = ok
7113. (73) [chap] = noop
7114. (73) [mschap] = noop
7115. (73) [digest] = noop
7116. (73) suffix: Checking for suffix after "@"
7117. (73) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
7118. (73) suffix: No such realm "NULL"
7119. (73) [suffix] = noop
7120. (73) eap: Peer sent EAP Response (code 2) ID 73 length 15
7121. (73) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
7122. (73) [eap] = ok
7123. (73) } # authorize = ok
7124. (73) Found Auth-Type = eap
7125. (73) # Executing group from file /etc/raddb/sites-enabled/default
7126. (73) authenticate {
7127. (73) eap: Peer sent packet with method EAP Identity (1)
7128. (73) eap: Calling submodule eap_peap to process data
7129. (73) eap_peap: Initiating new EAP-TLS session
7130. (73) eap_peap: [eaptls start] = request
7131. (73) eap: Sending EAP Request (code 1) ID 74 length 6
7132. (73) eap: EAP session adding &reply:State = 0x6ff5c6136fbfdf22
7133. (73) [eap] = handled
7134. (73) } # authenticate = handled
7135. (73) Using Post-Auth-Type Challenge
7136. (73) Post-Auth-Type sub-section not found. Ignoring.
7137. (73) # Executing group from file /etc/raddb/sites-enabled/default
7138. (73) Sent Access-Challenge Id 97 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
7139. (73) EAP-Message = 0x014a00061920
7140. (73) Message-Authenticator = 0x00000000000000000000000000000000
7141. (73) State = 0x6ff5c6136fbfdf2224c60e2fa9818bab
7142. (73) Finished request
7143. Waking up in 3.0 seconds.
7144. (74) Received Access-Request Id 98 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
7145. (74) User-Name = "vkratsberg"
7146. (74) NAS-Port = 358
7147. (74) State = 0x6ff5c6136fbfdf2224c60e2fa9818bab
7148. (74) EAP-Message = 0x024a00a31980000000991603010094010000900301573f503d4e2d8599be307519ae6a7c03a515deaacccc5665da82774931b16b9420274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
7149. (74) Message-Authenticator = 0x35f69a144a3e377429d62cfb4ccd069f
7150. (74) Acct-Session-Id = "8O2.1x81bb084400092155"
7151. (74) NAS-Port-Id = "ge-3/0/6.0"
7152. (74) Calling-Station-Id = "00-e0-4c-b8-16-4d"
7153. (74) Called-Station-Id = "ec-3e-f7-68-35-00"
7154. (74) NAS-IP-Address = 10.8.0.111
7155. (74) NAS-Identifier = "nyc-access-sw011"
7156. (74) NAS-Port-Type = Ethernet
7157. (74) session-state: No cached attributes
7158. (74) # Executing section authorize from file /etc/raddb/sites-enabled/default
7159. (74) authorize {
7160. (74) policy filter_username {
7161. (74) if (&User-Name) {
7162. (74) if (&User-Name) -> TRUE
7163. (74) if (&User-Name) {
7164. (74) if (&User-Name =~ / /) {
7165. (74) if (&User-Name =~ / /) -> FALSE
7166. (74) if (&User-Name =~ /@[^@]*@/ ) {
7167. (74) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
7168. (74) if (&User-Name =~ /\.\./ ) {
7169. (74) if (&User-Name =~ /\.\./ ) -> FALSE
7170. (74) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
7171. (74) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
7172. (74) if (&User-Name =~ /\.$/) {
7173. (74) if (&User-Name =~ /\.$/) -> FALSE
7174. (74) if (&User-Name =~ /@\./) {
7175. (74) if (&User-Name =~ /@\./) -> FALSE
7176. (74) } # if (&User-Name) = notfound
7177. (74) } # policy filter_username = notfound
7178. (74) [preprocess] = ok
7179. (74) [chap] = noop
7180. (74) [mschap] = noop
7181. (74) [digest] = noop
7182. (74) suffix: Checking for suffix after "@"
7183. (74) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
7184. (74) suffix: No such realm "NULL"
7185. (74) [suffix] = noop
7186. (74) eap: Peer sent EAP Response (code 2) ID 74 length 163
7187. (74) eap: Continuing tunnel setup
7188. (74) [eap] = ok
7189. (74) } # authorize = ok
7190. (74) Found Auth-Type = eap
7191. (74) # Executing group from file /etc/raddb/sites-enabled/default
7192. (74) authenticate {
7193. (74) eap: Expiring EAP session with state 0x6ff5c6136fbfdf22
7194. (74) eap: Finished EAP session with state 0x6ff5c6136fbfdf22
7195. (74) eap: Previous EAP request found for state 0x6ff5c6136fbfdf22, released from the list
7196. (74) eap: Peer sent packet with method EAP PEAP (25)
7197. (74) eap: Calling submodule eap_peap to process data
7198. (74) eap_peap: Continuing EAP-TLS
7199. (74) eap_peap: Peer indicated complete TLS record size will be 153 bytes
7200. (74) eap_peap: Got complete TLS record (153 bytes)
7201. (74) eap_peap: [eaptls verify] = length included
7202. (74) eap_peap: (other): before/accept initialization
7203. (74) eap_peap: TLS_accept: before/accept initialization
7204. (74) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
7205. (74) eap_peap: TLS_accept: SSLv3 read client hello A
7206. (74) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
7207. (74) eap_peap: TLS_accept: SSLv3 write server hello A
7208. (74) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
7209. (74) eap_peap: TLS_accept: SSLv3 write change cipher spec A
7210. (74) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
7211. (74) eap_peap: TLS_accept: SSLv3 write finished A
7212. (74) eap_peap: TLS_accept: SSLv3 flush data
7213. (74) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
7214. (74) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
7215. (74) eap_peap: In SSL Handshake Phase
7216. (74) eap_peap: In SSL Accept mode
7217. (74) eap_peap: [eaptls process] = handled
7218. (74) eap: Sending EAP Request (code 1) ID 75 length 159
7219. (74) eap: EAP session adding &reply:State = 0x6ff5c6136ebedf22
7220. (74) [eap] = handled
7221. (74) } # authenticate = handled
7222. (74) Using Post-Auth-Type Challenge
7223. (74) Post-Auth-Type sub-section not found. Ignoring.
7224. (74) # Executing group from file /etc/raddb/sites-enabled/default
7225. (74) Sent Access-Challenge Id 98 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
7226. (74) EAP-Message = 0x014b009f19001603010059020000550301573f503d450f739bad5cfeac5bad7d625a25635036db2b6c6b929de957e3196420274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030951d3c3f01e60821
7227. (74) Message-Authenticator = 0x00000000000000000000000000000000
7228. (74) State = 0x6ff5c6136ebedf2224c60e2fa9818bab
7229. (74) Finished request
7230. Waking up in 3.0 seconds.
7231. (75) Received Access-Request Id 99 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
7232. (75) User-Name = "vkratsberg"
7233. (75) NAS-Port = 358
7234. (75) State = 0x6ff5c6136ebedf2224c60e2fa9818bab
7235. (75) EAP-Message = 0x024b004519800000003b1403010001011603010030a7ff85503f032b05d89dfab321a00a7c10d916ee0ba0d297a846f4e01b0b33ac52a1bd08a1b56c41c787e7c8d65ae843
7236. (75) Message-Authenticator = 0xcb284154e3e693517d4fe6463192ffe4
7237. (75) Acct-Session-Id = "8O2.1x81bb084400092155"
7238. (75) NAS-Port-Id = "ge-3/0/6.0"
7239. (75) Calling-Station-Id = "00-e0-4c-b8-16-4d"
7240. (75) Called-Station-Id = "ec-3e-f7-68-35-00"
7241. (75) NAS-IP-Address = 10.8.0.111
7242. (75) NAS-Identifier = "nyc-access-sw011"
7243. (75) NAS-Port-Type = Ethernet
7244. (75) session-state: No cached attributes
7245. (75) # Executing section authorize from file /etc/raddb/sites-enabled/default
7246. (75) authorize {
7247. (75) policy filter_username {
7248. (75) if (&User-Name) {
7249. (75) if (&User-Name) -> TRUE
7250. (75) if (&User-Name) {
7251. (75) if (&User-Name =~ / /) {
7252. (75) if (&User-Name =~ / /) -> FALSE
7253. (75) if (&User-Name =~ /@[^@]*@/ ) {
7254. (75) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
7255. (75) if (&User-Name =~ /\.\./ ) {
7256. (75) if (&User-Name =~ /\.\./ ) -> FALSE
7257. (75) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
7258. (75) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
7259. (75) if (&User-Name =~ /\.$/) {
7260. (75) if (&User-Name =~ /\.$/) -> FALSE
7261. (75) if (&User-Name =~ /@\./) {
7262. (75) if (&User-Name =~ /@\./) -> FALSE
7263. (75) } # if (&User-Name) = notfound
7264. (75) } # policy filter_username = notfound
7265. (75) [preprocess] = ok
7266. (75) [chap] = noop
7267. (75) [mschap] = noop
7268. (75) [digest] = noop
7269. (75) suffix: Checking for suffix after "@"
7270. (75) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
7271. (75) suffix: No such realm "NULL"
7272. (75) [suffix] = noop
7273. (75) eap: Peer sent EAP Response (code 2) ID 75 length 69
7274. (75) eap: Continuing tunnel setup
7275. (75) [eap] = ok
7276. (75) } # authorize = ok
7277. (75) Found Auth-Type = eap
7278. (75) # Executing group from file /etc/raddb/sites-enabled/default
7279. (75) authenticate {
7280. (75) eap: Expiring EAP session with state 0x6ff5c6136ebedf22
7281. (75) eap: Finished EAP session with state 0x6ff5c6136ebedf22
7282. (75) eap: Previous EAP request found for state 0x6ff5c6136ebedf22, released from the list
7283. (75) eap: Peer sent packet with method EAP PEAP (25)
7284. (75) eap: Calling submodule eap_peap to process data
7285. (75) eap_peap: Continuing EAP-TLS
7286. (75) eap_peap: Peer indicated complete TLS record size will be 59 bytes
7287. (75) eap_peap: Got complete TLS record (59 bytes)
7288. (75) eap_peap: [eaptls verify] = length included
7289. (75) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
7290. (75) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
7291. (75) eap_peap: TLS_accept: SSLv3 read finished A
7292. (75) eap_peap: (other): SSL negotiation finished successfully
7293. (75) eap_peap: SSL Connection Established
7294. (75) eap_peap: SSL Application Data
7295. (75) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
7296. (75) eap_peap: reply:User-Name = "vkratsberg"
7297. (75) eap_peap: [eaptls process] = success
7298. (75) eap_peap: Session established. Decoding tunneled attributes
7299. (75) eap_peap: PEAP state TUNNEL ESTABLISHED
7300. (75) eap_peap: Skipping Phase2 because of session resumption
7301. (75) eap_peap: SUCCESS
7302. (75) eap: Sending EAP Request (code 1) ID 76 length 43
7303. (75) eap: EAP session adding &reply:State = 0x6ff5c6136db9df22
7304. (75) [eap] = handled
7305. (75) } # authenticate = handled
7306. (75) Using Post-Auth-Type Challenge
7307. (75) Post-Auth-Type sub-section not found. Ignoring.
7308. (75) # Executing group from file /etc/raddb/sites-enabled/default
7309. (75) Sent Access-Challenge Id 99 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
7310. (75) User-Name = "vkratsberg"
7311. (75) EAP-Message = 0x014c002b19001703010020a41f6798586a9fb9a166fe67ddc40ae0c16b02ba5e4de00d8504d751c50ee8df
7312. (75) Message-Authenticator = 0x00000000000000000000000000000000
7313. (75) State = 0x6ff5c6136db9df2224c60e2fa9818bab
7314. (75) Finished request
7315. Waking up in 3.0 seconds.
7316. (76) Received Access-Request Id 100 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
7317. (76) User-Name = "vkratsberg"
7318. (76) NAS-Port = 358
7319. (76) State = 0x6ff5c6136db9df2224c60e2fa9818bab
7320. (76) EAP-Message = 0x024c002b190017030100205ff39399c2b2616d1c51778ae5ccf847eb76ef10c3bf2c125468cac05430ef57
7321. (76) Message-Authenticator = 0xedae445c754ae369d8ca81f698aeec60
7322. (76) Acct-Session-Id = "8O2.1x81bb084400092155"
7323. (76) NAS-Port-Id = "ge-3/0/6.0"
7324. (76) Calling-Station-Id = "00-e0-4c-b8-16-4d"
7325. (76) Called-Station-Id = "ec-3e-f7-68-35-00"
7326. (76) NAS-IP-Address = 10.8.0.111
7327. (76) NAS-Identifier = "nyc-access-sw011"
7328. (76) NAS-Port-Type = Ethernet
7329. (76) session-state: No cached attributes
7330. (76) # Executing section authorize from file /etc/raddb/sites-enabled/default
7331. (76) authorize {
7332. (76) policy filter_username {
7333. (76) if (&User-Name) {
7334. (76) if (&User-Name) -> TRUE
7335. (76) if (&User-Name) {
7336. (76) if (&User-Name =~ / /) {
7337. (76) if (&User-Name =~ / /) -> FALSE
7338. (76) if (&User-Name =~ /@[^@]*@/ ) {
7339. (76) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
7340. (76) if (&User-Name =~ /\.\./ ) {
7341. (76) if (&User-Name =~ /\.\./ ) -> FALSE
7342. (76) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
7343. (76) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
7344. (76) if (&User-Name =~ /\.$/) {
7345. (76) if (&User-Name =~ /\.$/) -> FALSE
7346. (76) if (&User-Name =~ /@\./) {
7347. (76) if (&User-Name =~ /@\./) -> FALSE
7348. (76) } # if (&User-Name) = notfound
7349. (76) } # policy filter_username = notfound
7350. (76) [preprocess] = ok
7351. (76) [chap] = noop
7352. (76) [mschap] = noop
7353. (76) [digest] = noop
7354. (76) suffix: Checking for suffix after "@"
7355. (76) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
7356. (76) suffix: No such realm "NULL"
7357. (76) [suffix] = noop
7358. (76) eap: Peer sent EAP Response (code 2) ID 76 length 43
7359. (76) eap: Continuing tunnel setup
7360. (76) [eap] = ok
7361. (76) } # authorize = ok
7362. (76) Found Auth-Type = eap
7363. (76) # Executing group from file /etc/raddb/sites-enabled/default
7364. (76) authenticate {
7365. (76) eap: Expiring EAP session with state 0x6ff5c6136db9df22
7366. (76) eap: Finished EAP session with state 0x6ff5c6136db9df22
7367. (76) eap: Previous EAP request found for state 0x6ff5c6136db9df22, released from the list
7368. (76) eap: Peer sent packet with method EAP PEAP (25)
7369. (76) eap: Calling submodule eap_peap to process data
7370. (76) eap_peap: Continuing EAP-TLS
7371. (76) eap_peap: [eaptls verify] = ok
7372. (76) eap_peap: Done initial handshake
7373. (76) eap_peap: [eaptls process] = ok
7374. (76) eap_peap: Session established. Decoding tunneled attributes
7375. (76) eap_peap: PEAP state send tlv success
7376. (76) eap_peap: Received EAP-TLV response
7377. (76) eap_peap: Success
7378. (76) eap_peap: No saved attributes in the original Access-Accept
7379. (76) eap: Sending EAP Success (code 3) ID 76 length 4
7380. (76) eap: Freeing handler
7381. (76) [eap] = ok
7382. (76) } # authenticate = ok
7383. (76) # Executing section post-auth from file /etc/raddb/sites-enabled/default
7384. (76) post-auth {
7385. (76) update {
7386. (76) No attributes updated
7387. (76) } # update = noop
7388. (76) [exec] = noop
7389. (76) policy remove_reply_message_if_eap {
7390. (76) if (&reply:EAP-Message && &reply:Reply-Message) {
7391. (76) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
7392. (76) else {
7393. (76) [noop] = noop
7394. (76) } # else = noop
7395. (76) } # policy remove_reply_message_if_eap = noop
7396. (76) } # post-auth = noop
7397. (76) Sent Access-Accept Id 100 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
7398. (76) MS-MPPE-Recv-Key = 0xe35cd467c0b073d0be5c2bb8de580b901a90b5d399b6b82278b7988073c96ec2
7399. (76) MS-MPPE-Send-Key = 0x19baeadd9b27d9de769a625a8cf679729a33b5fd6980cd108df7f37871182435
7400. (76) EAP-Message = 0x034c0004
7401. (76) Message-Authenticator = 0x00000000000000000000000000000000
7402. (76) User-Name = "vkratsberg"
7403. (76) Finished request
7404. Waking up in 2.9 seconds.
7405. (77) Received Access-Request Id 101 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
7406. (77) User-Name = "vkratsberg"
7407. (77) NAS-Port = 358
7408. (77) EAP-Message = 0x024d000f01766b7261747362657267
7409. (77) Message-Authenticator = 0x917339b5952cb37484d11309b6bcf60f
7410. (77) Acct-Session-Id = "8O2.1x81bb0845000abeb9"
7411. (77) NAS-Port-Id = "ge-3/0/6.0"
7412. (77) Calling-Station-Id = "00-e0-4c-b8-16-4d"
7413. (77) Called-Station-Id = "ec-3e-f7-68-35-00"
7414. (77) NAS-IP-Address = 10.8.0.111
7415. (77) NAS-Identifier = "nyc-access-sw011"
7416. (77) NAS-Port-Type = Ethernet
7417. (77) # Executing section authorize from file /etc/raddb/sites-enabled/default
7418. (77) authorize {
7419. (77) policy filter_username {
7420. (77) if (&User-Name) {
7421. (77) if (&User-Name) -> TRUE
7422. (77) if (&User-Name) {
7423. (77) if (&User-Name =~ / /) {
7424. (77) if (&User-Name =~ / /) -> FALSE
7425. (77) if (&User-Name =~ /@[^@]*@/ ) {
7426. (77) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
7427. (77) if (&User-Name =~ /\.\./ ) {
7428. (77) if (&User-Name =~ /\.\./ ) -> FALSE
7429. (77) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
7430. (77) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
7431. (77) if (&User-Name =~ /\.$/) {
7432. (77) if (&User-Name =~ /\.$/) -> FALSE
7433. (77) if (&User-Name =~ /@\./) {
7434. (77) if (&User-Name =~ /@\./) -> FALSE
7435. (77) } # if (&User-Name) = notfound
7436. (77) } # policy filter_username = notfound
7437. (77) [preprocess] = ok
7438. (77) [chap] = noop
7439. (77) [mschap] = noop
7440. (77) [digest] = noop
7441. (77) suffix: Checking for suffix after "@"
7442. (77) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
7443. (77) suffix: No such realm "NULL"
7444. (77) [suffix] = noop
7445. (77) eap: Peer sent EAP Response (code 2) ID 77 length 15
7446. (77) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
7447. (77) [eap] = ok
7448. (77) } # authorize = ok
7449. (77) Found Auth-Type = eap
7450. (77) # Executing group from file /etc/raddb/sites-enabled/default
7451. (77) authenticate {
7452. (77) eap: Peer sent packet with method EAP Identity (1)
7453. (77) eap: Calling submodule eap_peap to process data
7454. (77) eap_peap: Initiating new EAP-TLS session
7455. (77) eap_peap: [eaptls start] = request
7456. (77) eap: Sending EAP Request (code 1) ID 78 length 6
7457. (77) eap: EAP session adding &reply:State = 0x9d0d5abc9d434358
7458. (77) [eap] = handled
7459. (77) } # authenticate = handled
7460. (77) Using Post-Auth-Type Challenge
7461. (77) Post-Auth-Type sub-section not found. Ignoring.
7462. (77) # Executing group from file /etc/raddb/sites-enabled/default
7463. (77) Sent Access-Challenge Id 101 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
7464. (77) EAP-Message = 0x014e00061920
7465. (77) Message-Authenticator = 0x00000000000000000000000000000000
7466. (77) State = 0x9d0d5abc9d434358cd2e63b54f3ee4cc
7467. (77) Finished request
7468. Waking up in 2.9 seconds.
7469. (78) Received Access-Request Id 102 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
7470. (78) User-Name = "vkratsberg"
7471. (78) NAS-Port = 358
7472. (78) State = 0x9d0d5abc9d434358cd2e63b54f3ee4cc
7473. (78) EAP-Message = 0x024e00a31980000000991603010094010000900301573f503dd3bfffc516c33b4bf9a240a5a68a11ddd7dbade47adffd88284d98d320274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
7474. (78) Message-Authenticator = 0x5b2c13fb79c5fac00ebd06a0b082f7b6
7475. (78) Acct-Session-Id = "8O2.1x81bb0845000abeb9"
7476. (78) NAS-Port-Id = "ge-3/0/6.0"
7477. (78) Calling-Station-Id = "00-e0-4c-b8-16-4d"
7478. (78) Called-Station-Id = "ec-3e-f7-68-35-00"
7479. (78) NAS-IP-Address = 10.8.0.111
7480. (78) NAS-Identifier = "nyc-access-sw011"
7481. (78) NAS-Port-Type = Ethernet
7482. (78) session-state: No cached attributes
7483. (78) # Executing section authorize from file /etc/raddb/sites-enabled/default
7484. (78) authorize {
7485. (78) policy filter_username {
7486. (78) if (&User-Name) {
7487. (78) if (&User-Name) -> TRUE
7488. (78) if (&User-Name) {
7489. (78) if (&User-Name =~ / /) {
7490. (78) if (&User-Name =~ / /) -> FALSE
7491. (78) if (&User-Name =~ /@[^@]*@/ ) {
7492. (78) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
7493. (78) if (&User-Name =~ /\.\./ ) {
7494. (78) if (&User-Name =~ /\.\./ ) -> FALSE
7495. (78) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
7496. (78) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
7497. (78) if (&User-Name =~ /\.$/) {
7498. (78) if (&User-Name =~ /\.$/) -> FALSE
7499. (78) if (&User-Name =~ /@\./) {
7500. (78) if (&User-Name =~ /@\./) -> FALSE
7501. (78) } # if (&User-Name) = notfound
7502. (78) } # policy filter_username = notfound
7503. (78) [preprocess] = ok
7504. (78) [chap] = noop
7505. (78) [mschap] = noop
7506. (78) [digest] = noop
7507. (78) suffix: Checking for suffix after "@"
7508. (78) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
7509. (78) suffix: No such realm "NULL"
7510. (78) [suffix] = noop
7511. (78) eap: Peer sent EAP Response (code 2) ID 78 length 163
7512. (78) eap: Continuing tunnel setup
7513. (78) [eap] = ok
7514. (78) } # authorize = ok
7515. (78) Found Auth-Type = eap
7516. (78) # Executing group from file /etc/raddb/sites-enabled/default
7517. (78) authenticate {
7518. (78) eap: Expiring EAP session with state 0x9d0d5abc9d434358
7519. (78) eap: Finished EAP session with state 0x9d0d5abc9d434358
7520. (78) eap: Previous EAP request found for state 0x9d0d5abc9d434358, released from the list
7521. (78) eap: Peer sent packet with method EAP PEAP (25)
7522. (78) eap: Calling submodule eap_peap to process data
7523. (78) eap_peap: Continuing EAP-TLS
7524. (78) eap_peap: Peer indicated complete TLS record size will be 153 bytes
7525. (78) eap_peap: Got complete TLS record (153 bytes)
7526. (78) eap_peap: [eaptls verify] = length included
7527. (78) eap_peap: (other): before/accept initialization
7528. (78) eap_peap: TLS_accept: before/accept initialization
7529. (78) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
7530. (78) eap_peap: TLS_accept: SSLv3 read client hello A
7531. (78) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
7532. (78) eap_peap: TLS_accept: SSLv3 write server hello A
7533. (78) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
7534. (78) eap_peap: TLS_accept: SSLv3 write change cipher spec A
7535. (78) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
7536. (78) eap_peap: TLS_accept: SSLv3 write finished A
7537. (78) eap_peap: TLS_accept: SSLv3 flush data
7538. (78) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
7539. (78) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
7540. (78) eap_peap: In SSL Handshake Phase
7541. (78) eap_peap: In SSL Accept mode
7542. (78) eap_peap: [eaptls process] = handled
7543. (78) eap: Sending EAP Request (code 1) ID 79 length 159
7544. (78) eap: EAP session adding &reply:State = 0x9d0d5abc9c424358
7545. (78) [eap] = handled
7546. (78) } # authenticate = handled
7547. (78) Using Post-Auth-Type Challenge
7548. (78) Post-Auth-Type sub-section not found. Ignoring.
7549. (78) # Executing group from file /etc/raddb/sites-enabled/default
7550. (78) Sent Access-Challenge Id 102 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
7551. (78) EAP-Message = 0x014f009f19001603010059020000550301573f503db286ec47660e71553344b40d34f0b294b0796a4b2ed87ab6cc75c2f620274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030a686efa8a970c9ea
7552. (78) Message-Authenticator = 0x00000000000000000000000000000000
7553. (78) State = 0x9d0d5abc9c424358cd2e63b54f3ee4cc
7554. (78) Finished request
7555. Waking up in 2.9 seconds.
7556. (79) Received Access-Request Id 103 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
7557. (79) User-Name = "vkratsberg"
7558. (79) NAS-Port = 358
7559. (79) State = 0x9d0d5abc9c424358cd2e63b54f3ee4cc
7560. (79) EAP-Message = 0x024f004519800000003b14030100010116030100306a4a5769d7db1466e9210d86694b61d41fd881b90b67e85d38d56c54f99ca263cb4502b290c402c43fbe1ce9b29ffde7
7561. (79) Message-Authenticator = 0xcdd15a2fbc0c7b5abcce444d6c41201a
7562. (79) Acct-Session-Id = "8O2.1x81bb0845000abeb9"
7563. (79) NAS-Port-Id = "ge-3/0/6.0"
7564. (79) Calling-Station-Id = "00-e0-4c-b8-16-4d"
7565. (79) Called-Station-Id = "ec-3e-f7-68-35-00"
7566. (79) NAS-IP-Address = 10.8.0.111
7567. (79) NAS-Identifier = "nyc-access-sw011"
7568. (79) NAS-Port-Type = Ethernet
7569. (79) session-state: No cached attributes
7570. (79) # Executing section authorize from file /etc/raddb/sites-enabled/default
7571. (79) authorize {
7572. (79) policy filter_username {
7573. (79) if (&User-Name) {
7574. (79) if (&User-Name) -> TRUE
7575. (79) if (&User-Name) {
7576. (79) if (&User-Name =~ / /) {
7577. (79) if (&User-Name =~ / /) -> FALSE
7578. (79) if (&User-Name =~ /@[^@]*@/ ) {
7579. (79) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
7580. (79) if (&User-Name =~ /\.\./ ) {
7581. (79) if (&User-Name =~ /\.\./ ) -> FALSE
7582. (79) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
7583. (79) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
7584. (79) if (&User-Name =~ /\.$/) {
7585. (79) if (&User-Name =~ /\.$/) -> FALSE
7586. (79) if (&User-Name =~ /@\./) {
7587. (79) if (&User-Name =~ /@\./) -> FALSE
7588. (79) } # if (&User-Name) = notfound
7589. (79) } # policy filter_username = notfound
7590. (79) [preprocess] = ok
7591. (79) [chap] = noop
7592. (79) [mschap] = noop
7593. (79) [digest] = noop
7594. (79) suffix: Checking for suffix after "@"
7595. (79) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
7596. (79) suffix: No such realm "NULL"
7597. (79) [suffix] = noop
7598. (79) eap: Peer sent EAP Response (code 2) ID 79 length 69
7599. (79) eap: Continuing tunnel setup
7600. (79) [eap] = ok
7601. (79) } # authorize = ok
7602. (79) Found Auth-Type = eap
7603. (79) # Executing group from file /etc/raddb/sites-enabled/default
7604. (79) authenticate {
7605. (79) eap: Expiring EAP session with state 0x9d0d5abc9c424358
7606. (79) eap: Finished EAP session with state 0x9d0d5abc9c424358
7607. (79) eap: Previous EAP request found for state 0x9d0d5abc9c424358, released from the list
7608. (79) eap: Peer sent packet with method EAP PEAP (25)
7609. (79) eap: Calling submodule eap_peap to process data
7610. (79) eap_peap: Continuing EAP-TLS
7611. (79) eap_peap: Peer indicated complete TLS record size will be 59 bytes
7612. (79) eap_peap: Got complete TLS record (59 bytes)
7613. (79) eap_peap: [eaptls verify] = length included
7614. (79) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
7615. (79) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
7616. (79) eap_peap: TLS_accept: SSLv3 read finished A
7617. (79) eap_peap: (other): SSL negotiation finished successfully
7618. (79) eap_peap: SSL Connection Established
7619. (79) eap_peap: SSL Application Data
7620. (79) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
7621. (79) eap_peap: reply:User-Name = "vkratsberg"
7622. (79) eap_peap: [eaptls process] = success
7623. (79) eap_peap: Session established. Decoding tunneled attributes
7624. (79) eap_peap: PEAP state TUNNEL ESTABLISHED
7625. (79) eap_peap: Skipping Phase2 because of session resumption
7626. (79) eap_peap: SUCCESS
7627. (79) eap: Sending EAP Request (code 1) ID 80 length 43
7628. (79) eap: EAP session adding &reply:State = 0x9d0d5abc9f5d4358
7629. (79) [eap] = handled
7630. (79) } # authenticate = handled
7631. (79) Using Post-Auth-Type Challenge
7632. (79) Post-Auth-Type sub-section not found. Ignoring.
7633. (79) # Executing group from file /etc/raddb/sites-enabled/default
7634. (79) Sent Access-Challenge Id 103 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
7635. (79) User-Name = "vkratsberg"
7636. (79) EAP-Message = 0x0150002b19001703010020f4e28daf8b9f063a2127510ec847285a61754e5f5c3350a30c8a17db36dec795
7637. (79) Message-Authenticator = 0x00000000000000000000000000000000
7638. (79) State = 0x9d0d5abc9f5d4358cd2e63b54f3ee4cc
7639. (79) Finished request
7640. Waking up in 2.8 seconds.
7641. (80) Received Access-Request Id 104 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
7642. (80) User-Name = "vkratsberg"
7643. (80) NAS-Port = 358
7644. (80) State = 0x9d0d5abc9f5d4358cd2e63b54f3ee4cc
7645. (80) EAP-Message = 0x0250002b1900170301002065922aa1e6d0ae9310267c6aaeeaa755f85f233a3cde4f905341e11251d84f44
7646. (80) Message-Authenticator = 0xeac9283b96e07a540d0a28f5e2a65562
7647. (80) Acct-Session-Id = "8O2.1x81bb0845000abeb9"
7648. (80) NAS-Port-Id = "ge-3/0/6.0"
7649. (80) Calling-Station-Id = "00-e0-4c-b8-16-4d"
7650. (80) Called-Station-Id = "ec-3e-f7-68-35-00"
7651. (80) NAS-IP-Address = 10.8.0.111
7652. (80) NAS-Identifier = "nyc-access-sw011"
7653. (80) NAS-Port-Type = Ethernet
7654. (80) session-state: No cached attributes
7655. (80) # Executing section authorize from file /etc/raddb/sites-enabled/default
7656. (80) authorize {
7657. (80) policy filter_username {
7658. (80) if (&User-Name) {
7659. (80) if (&User-Name) -> TRUE
7660. (80) if (&User-Name) {
7661. (80) if (&User-Name =~ / /) {
7662. (80) if (&User-Name =~ / /) -> FALSE
7663. (80) if (&User-Name =~ /@[^@]*@/ ) {
7664. (80) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
7665. (80) if (&User-Name =~ /\.\./ ) {
7666. (80) if (&User-Name =~ /\.\./ ) -> FALSE
7667. (80) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
7668. (80) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
7669. (80) if (&User-Name =~ /\.$/) {
7670. (80) if (&User-Name =~ /\.$/) -> FALSE
7671. (80) if (&User-Name =~ /@\./) {
7672. (80) if (&User-Name =~ /@\./) -> FALSE
7673. (80) } # if (&User-Name) = notfound
7674. (80) } # policy filter_username = notfound
7675. (80) [preprocess] = ok
7676. (80) [chap] = noop
7677. (80) [mschap] = noop
7678. (80) [digest] = noop
7679. (80) suffix: Checking for suffix after "@"
7680. (80) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
7681. (80) suffix: No such realm "NULL"
7682. (80) [suffix] = noop
7683. (80) eap: Peer sent EAP Response (code 2) ID 80 length 43
7684. (80) eap: Continuing tunnel setup
7685. (80) [eap] = ok
7686. (80) } # authorize = ok
7687. (80) Found Auth-Type = eap
7688. (80) # Executing group from file /etc/raddb/sites-enabled/default
7689. (80) authenticate {
7690. (80) eap: Expiring EAP session with state 0x9d0d5abc9f5d4358
7691. (80) eap: Finished EAP session with state 0x9d0d5abc9f5d4358
7692. (80) eap: Previous EAP request found for state 0x9d0d5abc9f5d4358, released from the list
7693. (80) eap: Peer sent packet with method EAP PEAP (25)
7694. (80) eap: Calling submodule eap_peap to process data
7695. (80) eap_peap: Continuing EAP-TLS
7696. (80) eap_peap: [eaptls verify] = ok
7697. (80) eap_peap: Done initial handshake
7698. (80) eap_peap: [eaptls process] = ok
7699. (80) eap_peap: Session established. Decoding tunneled attributes
7700. (80) eap_peap: PEAP state send tlv success
7701. (80) eap_peap: Received EAP-TLV response
7702. (80) eap_peap: Success
7703. (80) eap_peap: No saved attributes in the original Access-Accept
7704. (80) eap: Sending EAP Success (code 3) ID 80 length 4
7705. (80) eap: Freeing handler
7706. (80) [eap] = ok
7707. (80) } # authenticate = ok
7708. (80) # Executing section post-auth from file /etc/raddb/sites-enabled/default
7709. (80) post-auth {
7710. (80) update {
7711. (80) No attributes updated
7712. (80) } # update = noop
7713. (80) [exec] = noop
7714. (80) policy remove_reply_message_if_eap {
7715. (80) if (&reply:EAP-Message && &reply:Reply-Message) {
7716. (80) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
7717. (80) else {
7718. (80) [noop] = noop
7719. (80) } # else = noop
7720. (80) } # policy remove_reply_message_if_eap = noop
7721. (80) } # post-auth = noop
7722. (80) Sent Access-Accept Id 104 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
7723. (80) MS-MPPE-Recv-Key = 0x0ef2363f1eeaa3122fc5618284ab88ce9ba41a636c39034c0ea58a7f06bd8243
7724. (80) MS-MPPE-Send-Key = 0x1a05bb1691a91e4033d78ec6c50886b4a77075e84442d0adde448607c83016b9
7725. (80) EAP-Message = 0x03500004
7726. (80) Message-Authenticator = 0x00000000000000000000000000000000
7727. (80) User-Name = "vkratsberg"
7728. (80) Finished request
7729. Waking up in 2.8 seconds.
7730. (81) Received Access-Request Id 105 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
7731. (81) User-Name = "vkratsberg"
7732. (81) NAS-Port = 358
7733. (81) EAP-Message = 0x0251000f01766b7261747362657267
7734. (81) Message-Authenticator = 0x20209c723b05045c5639d53cd4ca27da
7735. (81) Acct-Session-Id = "8O2.1x81bb0846000c5c3d"
7736. (81) NAS-Port-Id = "ge-3/0/6.0"
7737. (81) Calling-Station-Id = "00-e0-4c-b8-16-4d"
7738. (81) Called-Station-Id = "ec-3e-f7-68-35-00"
7739. (81) NAS-IP-Address = 10.8.0.111
7740. (81) NAS-Identifier = "nyc-access-sw011"
7741. (81) NAS-Port-Type = Ethernet
7742. (81) # Executing section authorize from file /etc/raddb/sites-enabled/default
7743. (81) authorize {
7744. (81) policy filter_username {
7745. (81) if (&User-Name) {
7746. (81) if (&User-Name) -> TRUE
7747. (81) if (&User-Name) {
7748. (81) if (&User-Name =~ / /) {
7749. (81) if (&User-Name =~ / /) -> FALSE
7750. (81) if (&User-Name =~ /@[^@]*@/ ) {
7751. (81) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
7752. (81) if (&User-Name =~ /\.\./ ) {
7753. (81) if (&User-Name =~ /\.\./ ) -> FALSE
7754. (81) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
7755. (81) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
7756. (81) if (&User-Name =~ /\.$/) {
7757. (81) if (&User-Name =~ /\.$/) -> FALSE
7758. (81) if (&User-Name =~ /@\./) {
7759. (81) if (&User-Name =~ /@\./) -> FALSE
7760. (81) } # if (&User-Name) = notfound
7761. (81) } # policy filter_username = notfound
7762. (81) [preprocess] = ok
7763. (81) [chap] = noop
7764. (81) [mschap] = noop
7765. (81) [digest] = noop
7766. (81) suffix: Checking for suffix after "@"
7767. (81) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
7768. (81) suffix: No such realm "NULL"
7769. (81) [suffix] = noop
7770. (81) eap: Peer sent EAP Response (code 2) ID 81 length 15
7771. (81) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
7772. (81) [eap] = ok
7773. (81) } # authorize = ok
7774. (81) Found Auth-Type = eap
7775. (81) # Executing group from file /etc/raddb/sites-enabled/default
7776. (81) authenticate {
7777. (81) eap: Peer sent packet with method EAP Identity (1)
7778. (81) eap: Calling submodule eap_peap to process data
7779. (81) eap_peap: Initiating new EAP-TLS session
7780. (81) eap_peap: [eaptls start] = request
7781. (81) eap: Sending EAP Request (code 1) ID 82 length 6
7782. (81) eap: EAP session adding &reply:State = 0x1282b3c712d0aa5d
7783. (81) [eap] = handled
7784. (81) } # authenticate = handled
7785. (81) Using Post-Auth-Type Challenge
7786. (81) Post-Auth-Type sub-section not found. Ignoring.
7787. (81) # Executing group from file /etc/raddb/sites-enabled/default
7788. (81) Sent Access-Challenge Id 105 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
7789. (81) EAP-Message = 0x015200061920
7790. (81) Message-Authenticator = 0x00000000000000000000000000000000
7791. (81) State = 0x1282b3c712d0aa5d9311ce8743c8961a
7792. (81) Finished request
7793. Waking up in 2.8 seconds.
7794. (82) Received Access-Request Id 106 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
7795. (82) User-Name = "vkratsberg"
7796. (82) NAS-Port = 358
7797. (82) State = 0x1282b3c712d0aa5d9311ce8743c8961a
7798. (82) EAP-Message = 0x025200a31980000000991603010094010000900301573f503ddbcca494dbfda341c06134d196d9ea918fe79ba1721e431bafe74d4020274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
7799. (82) Message-Authenticator = 0x8fa59f5e56408ed702ea0aef1861ccf1
7800. (82) Acct-Session-Id = "8O2.1x81bb0846000c5c3d"
7801. (82) NAS-Port-Id = "ge-3/0/6.0"
7802. (82) Calling-Station-Id = "00-e0-4c-b8-16-4d"
7803. (82) Called-Station-Id = "ec-3e-f7-68-35-00"
7804. (82) NAS-IP-Address = 10.8.0.111
7805. (82) NAS-Identifier = "nyc-access-sw011"
7806. (82) NAS-Port-Type = Ethernet
7807. (82) session-state: No cached attributes
7808. (82) # Executing section authorize from file /etc/raddb/sites-enabled/default
7809. (82) authorize {
7810. (82) policy filter_username {
7811. (82) if (&User-Name) {
7812. (82) if (&User-Name) -> TRUE
7813. (82) if (&User-Name) {
7814. (82) if (&User-Name =~ / /) {
7815. (82) if (&User-Name =~ / /) -> FALSE
7816. (82) if (&User-Name =~ /@[^@]*@/ ) {
7817. (82) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
7818. (82) if (&User-Name =~ /\.\./ ) {
7819. (82) if (&User-Name =~ /\.\./ ) -> FALSE
7820. (82) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
7821. (82) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
7822. (82) if (&User-Name =~ /\.$/) {
7823. (82) if (&User-Name =~ /\.$/) -> FALSE
7824. (82) if (&User-Name =~ /@\./) {
7825. (82) if (&User-Name =~ /@\./) -> FALSE
7826. (82) } # if (&User-Name) = notfound
7827. (82) } # policy filter_username = notfound
7828. (82) [preprocess] = ok
7829. (82) [chap] = noop
7830. (82) [mschap] = noop
7831. (82) [digest] = noop
7832. (82) suffix: Checking for suffix after "@"
7833. (82) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
7834. (82) suffix: No such realm "NULL"
7835. (82) [suffix] = noop
7836. (82) eap: Peer sent EAP Response (code 2) ID 82 length 163
7837. (82) eap: Continuing tunnel setup
7838. (82) [eap] = ok
7839. (82) } # authorize = ok
7840. (82) Found Auth-Type = eap
7841. (82) # Executing group from file /etc/raddb/sites-enabled/default
7842. (82) authenticate {
7843. (82) eap: Expiring EAP session with state 0x1282b3c712d0aa5d
7844. (82) eap: Finished EAP session with state 0x1282b3c712d0aa5d
7845. (82) eap: Previous EAP request found for state 0x1282b3c712d0aa5d, released from the list
7846. (82) eap: Peer sent packet with method EAP PEAP (25)
7847. (82) eap: Calling submodule eap_peap to process data
7848. (82) eap_peap: Continuing EAP-TLS
7849. (82) eap_peap: Peer indicated complete TLS record size will be 153 bytes
7850. (82) eap_peap: Got complete TLS record (153 bytes)
7851. (82) eap_peap: [eaptls verify] = length included
7852. (82) eap_peap: (other): before/accept initialization
7853. (82) eap_peap: TLS_accept: before/accept initialization
7854. (82) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
7855. (82) eap_peap: TLS_accept: SSLv3 read client hello A
7856. (82) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
7857. (82) eap_peap: TLS_accept: SSLv3 write server hello A
7858. (82) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
7859. (82) eap_peap: TLS_accept: SSLv3 write change cipher spec A
7860. (82) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
7861. (82) eap_peap: TLS_accept: SSLv3 write finished A
7862. (82) eap_peap: TLS_accept: SSLv3 flush data
7863. (82) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
7864. (82) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
7865. (82) eap_peap: In SSL Handshake Phase
7866. (82) eap_peap: In SSL Accept mode
7867. (82) eap_peap: [eaptls process] = handled
7868. (82) eap: Sending EAP Request (code 1) ID 83 length 159
7869. (82) eap: EAP session adding &reply:State = 0x1282b3c713d1aa5d
7870. (82) [eap] = handled
7871. (82) } # authenticate = handled
7872. (82) Using Post-Auth-Type Challenge
7873. (82) Post-Auth-Type sub-section not found. Ignoring.
7874. (82) # Executing group from file /etc/raddb/sites-enabled/default
7875. (82) Sent Access-Challenge Id 106 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
7876. (82) EAP-Message = 0x0153009f19001603010059020000550301573f503d1f9020ebd5bec3f0c4e3bbb72ba272fb9c3a445fcb088a352f90c46f20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100304653fb878a1c1e1e
7877. (82) Message-Authenticator = 0x00000000000000000000000000000000
7878. (82) State = 0x1282b3c713d1aa5d9311ce8743c8961a
7879. (82) Finished request
7880. Waking up in 2.8 seconds.
7881. (83) Received Access-Request Id 107 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
7882. (83) User-Name = "vkratsberg"
7883. (83) NAS-Port = 358
7884. (83) State = 0x1282b3c713d1aa5d9311ce8743c8961a
7885. (83) EAP-Message = 0x0253004519800000003b1403010001011603010030ff212521112c4f3a26673934c18da442cb6d941f8994c070edd1b995c6f00dd2d110b09a837c38049a21051fa36cee68
7886. (83) Message-Authenticator = 0x82aef3808eaaf7933e6d1bf775edba21
7887. (83) Acct-Session-Id = "8O2.1x81bb0846000c5c3d"
7888. (83) NAS-Port-Id = "ge-3/0/6.0"
7889. (83) Calling-Station-Id = "00-e0-4c-b8-16-4d"
7890. (83) Called-Station-Id = "ec-3e-f7-68-35-00"
7891. (83) NAS-IP-Address = 10.8.0.111
7892. (83) NAS-Identifier = "nyc-access-sw011"
7893. (83) NAS-Port-Type = Ethernet
7894. (83) session-state: No cached attributes
7895. (83) # Executing section authorize from file /etc/raddb/sites-enabled/default
7896. (83) authorize {
7897. (83) policy filter_username {
7898. (83) if (&User-Name) {
7899. (83) if (&User-Name) -> TRUE
7900. (83) if (&User-Name) {
7901. (83) if (&User-Name =~ / /) {
7902. (83) if (&User-Name =~ / /) -> FALSE
7903. (83) if (&User-Name =~ /@[^@]*@/ ) {
7904. (83) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
7905. (83) if (&User-Name =~ /\.\./ ) {
7906. (83) if (&User-Name =~ /\.\./ ) -> FALSE
7907. (83) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
7908. (83) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
7909. (83) if (&User-Name =~ /\.$/) {
7910. (83) if (&User-Name =~ /\.$/) -> FALSE
7911. (83) if (&User-Name =~ /@\./) {
7912. (83) if (&User-Name =~ /@\./) -> FALSE
7913. (83) } # if (&User-Name) = notfound
7914. (83) } # policy filter_username = notfound
7915. (83) [preprocess] = ok
7916. (83) [chap] = noop
7917. (83) [mschap] = noop
7918. (83) [digest] = noop
7919. (83) suffix: Checking for suffix after "@"
7920. (83) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
7921. (83) suffix: No such realm "NULL"
7922. (83) [suffix] = noop
7923. (83) eap: Peer sent EAP Response (code 2) ID 83 length 69
7924. (83) eap: Continuing tunnel setup
7925. (83) [eap] = ok
7926. (83) } # authorize = ok
7927. (83) Found Auth-Type = eap
7928. (83) # Executing group from file /etc/raddb/sites-enabled/default
7929. (83) authenticate {
7930. (83) eap: Expiring EAP session with state 0x1282b3c713d1aa5d
7931. (83) eap: Finished EAP session with state 0x1282b3c713d1aa5d
7932. (83) eap: Previous EAP request found for state 0x1282b3c713d1aa5d, released from the list
7933. (83) eap: Peer sent packet with method EAP PEAP (25)
7934. (83) eap: Calling submodule eap_peap to process data
7935. (83) eap_peap: Continuing EAP-TLS
7936. (83) eap_peap: Peer indicated complete TLS record size will be 59 bytes
7937. (83) eap_peap: Got complete TLS record (59 bytes)
7938. (83) eap_peap: [eaptls verify] = length included
7939. (83) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
7940. (83) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
7941. (83) eap_peap: TLS_accept: SSLv3 read finished A
7942. (83) eap_peap: (other): SSL negotiation finished successfully
7943. (83) eap_peap: SSL Connection Established
7944. (83) eap_peap: SSL Application Data
7945. (83) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
7946. (83) eap_peap: reply:User-Name = "vkratsberg"
7947. (83) eap_peap: [eaptls process] = success
7948. (83) eap_peap: Session established. Decoding tunneled attributes
7949. (83) eap_peap: PEAP state TUNNEL ESTABLISHED
7950. (83) eap_peap: Skipping Phase2 because of session resumption
7951. (83) eap_peap: SUCCESS
7952. (83) eap: Sending EAP Request (code 1) ID 84 length 43
7953. (83) eap: EAP session adding &reply:State = 0x1282b3c710d6aa5d
7954. (83) [eap] = handled
7955. (83) } # authenticate = handled
7956. (83) Using Post-Auth-Type Challenge
7957. (83) Post-Auth-Type sub-section not found. Ignoring.
7958. (83) # Executing group from file /etc/raddb/sites-enabled/default
7959. (83) Sent Access-Challenge Id 107 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
7960. (83) User-Name = "vkratsberg"
7961. (83) EAP-Message = 0x0154002b190017030100209760ac1bb8b53623fc06d5bfbd3a22638047620429e21deb8cba4dffd44e3640
7962. (83) Message-Authenticator = 0x00000000000000000000000000000000
7963. (83) State = 0x1282b3c710d6aa5d9311ce8743c8961a
7964. (83) Finished request
7965. Waking up in 2.7 seconds.
7966. (84) Received Access-Request Id 108 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
7967. (84) User-Name = "vkratsberg"
7968. (84) NAS-Port = 358
7969. (84) State = 0x1282b3c710d6aa5d9311ce8743c8961a
7970. (84) EAP-Message = 0x0254002b190017030100203fec3b7a034a0bd45ed51028351b10ea990311363a5d631bf4dcc1ffe7ae84fa
7971. (84) Message-Authenticator = 0xab37877a07f117ef12051f64c01b4eb6
7972. (84) Acct-Session-Id = "8O2.1x81bb0846000c5c3d"
7973. (84) NAS-Port-Id = "ge-3/0/6.0"
7974. (84) Calling-Station-Id = "00-e0-4c-b8-16-4d"
7975. (84) Called-Station-Id = "ec-3e-f7-68-35-00"
7976. (84) NAS-IP-Address = 10.8.0.111
7977. (84) NAS-Identifier = "nyc-access-sw011"
7978. (84) NAS-Port-Type = Ethernet
7979. (84) session-state: No cached attributes
7980. (84) # Executing section authorize from file /etc/raddb/sites-enabled/default
7981. (84) authorize {
7982. (84) policy filter_username {
7983. (84) if (&User-Name) {
7984. (84) if (&User-Name) -> TRUE
7985. (84) if (&User-Name) {
7986. (84) if (&User-Name =~ / /) {
7987. (84) if (&User-Name =~ / /) -> FALSE
7988. (84) if (&User-Name =~ /@[^@]*@/ ) {
7989. (84) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
7990. (84) if (&User-Name =~ /\.\./ ) {
7991. (84) if (&User-Name =~ /\.\./ ) -> FALSE
7992. (84) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
7993. (84) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
7994. (84) if (&User-Name =~ /\.$/) {
7995. (84) if (&User-Name =~ /\.$/) -> FALSE
7996. (84) if (&User-Name =~ /@\./) {
7997. (84) if (&User-Name =~ /@\./) -> FALSE
7998. (84) } # if (&User-Name) = notfound
7999. (84) } # policy filter_username = notfound
8000. (84) [preprocess] = ok
8001. (84) [chap] = noop
8002. (84) [mschap] = noop
8003. (84) [digest] = noop
8004. (84) suffix: Checking for suffix after "@"
8005. (84) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
8006. (84) suffix: No such realm "NULL"
8007. (84) [suffix] = noop
8008. (84) eap: Peer sent EAP Response (code 2) ID 84 length 43
8009. (84) eap: Continuing tunnel setup
8010. (84) [eap] = ok
8011. (84) } # authorize = ok
8012. (84) Found Auth-Type = eap
8013. (84) # Executing group from file /etc/raddb/sites-enabled/default
8014. (84) authenticate {
8015. (84) eap: Expiring EAP session with state 0x1282b3c710d6aa5d
8016. (84) eap: Finished EAP session with state 0x1282b3c710d6aa5d
8017. (84) eap: Previous EAP request found for state 0x1282b3c710d6aa5d, released from the list
8018. (84) eap: Peer sent packet with method EAP PEAP (25)
8019. (84) eap: Calling submodule eap_peap to process data
8020. (84) eap_peap: Continuing EAP-TLS
8021. (84) eap_peap: [eaptls verify] = ok
8022. (84) eap_peap: Done initial handshake
8023. (84) eap_peap: [eaptls process] = ok
8024. (84) eap_peap: Session established. Decoding tunneled attributes
8025. (84) eap_peap: PEAP state send tlv success
8026. (84) eap_peap: Received EAP-TLV response
8027. (84) eap_peap: Success
8028. (84) eap_peap: No saved attributes in the original Access-Accept
8029. (84) eap: Sending EAP Success (code 3) ID 84 length 4
8030. (84) eap: Freeing handler
8031. (84) [eap] = ok
8032. (84) } # authenticate = ok
8033. (84) # Executing section post-auth from file /etc/raddb/sites-enabled/default
8034. (84) post-auth {
8035. (84) update {
8036. (84) No attributes updated
8037. (84) } # update = noop
8038. (84) [exec] = noop
8039. (84) policy remove_reply_message_if_eap {
8040. (84) if (&reply:EAP-Message && &reply:Reply-Message) {
8041. (84) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
8042. (84) else {
8043. (84) [noop] = noop
8044. (84) } # else = noop
8045. (84) } # policy remove_reply_message_if_eap = noop
8046. (84) } # post-auth = noop
8047. (84) Sent Access-Accept Id 108 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
8048. (84) MS-MPPE-Recv-Key = 0xfaf701d3b3c4a4a1b5baaa25f05b810dc9c394ff78206175d7a2270d8d7a6343
8049. (84) MS-MPPE-Send-Key = 0xb65276371fa9e39891f65d28875dd3d5524a673ac1c3fb40e9722e67363d231b
8050. (84) EAP-Message = 0x03540004
8051. (84) Message-Authenticator = 0x00000000000000000000000000000000
8052. (84) User-Name = "vkratsberg"
8053. (84) Finished request
8054. Waking up in 2.7 seconds.
8055. (85) Received Access-Request Id 109 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
8056. (85) User-Name = "vkratsberg"
8057. (85) NAS-Port = 358
8058. (85) EAP-Message = 0x0255000f01766b7261747362657267
8059. (85) Message-Authenticator = 0xbace1550b527da4c69dfac6d3431f8c1
8060. (85) Acct-Session-Id = "8O2.1x81bb0847000dfbd9"
8061. (85) NAS-Port-Id = "ge-3/0/6.0"
8062. (85) Calling-Station-Id = "00-e0-4c-b8-16-4d"
8063. (85) Called-Station-Id = "ec-3e-f7-68-35-00"
8064. (85) NAS-IP-Address = 10.8.0.111
8065. (85) NAS-Identifier = "nyc-access-sw011"
8066. (85) NAS-Port-Type = Ethernet
8067. (85) # Executing section authorize from file /etc/raddb/sites-enabled/default
8068. (85) authorize {
8069. (85) policy filter_username {
8070. (85) if (&User-Name) {
8071. (85) if (&User-Name) -> TRUE
8072. (85) if (&User-Name) {
8073. (85) if (&User-Name =~ / /) {
8074. (85) if (&User-Name =~ / /) -> FALSE
8075. (85) if (&User-Name =~ /@[^@]*@/ ) {
8076. (85) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
8077. (85) if (&User-Name =~ /\.\./ ) {
8078. (85) if (&User-Name =~ /\.\./ ) -> FALSE
8079. (85) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
8080. (85) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
8081. (85) if (&User-Name =~ /\.$/) {
8082. (85) if (&User-Name =~ /\.$/) -> FALSE
8083. (85) if (&User-Name =~ /@\./) {
8084. (85) if (&User-Name =~ /@\./) -> FALSE
8085. (85) } # if (&User-Name) = notfound
8086. (85) } # policy filter_username = notfound
8087. (85) [preprocess] = ok
8088. (85) [chap] = noop
8089. (85) [mschap] = noop
8090. (85) [digest] = noop
8091. (85) suffix: Checking for suffix after "@"
8092. (85) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
8093. (85) suffix: No such realm "NULL"
8094. (85) [suffix] = noop
8095. (85) eap: Peer sent EAP Response (code 2) ID 85 length 15
8096. (85) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
8097. (85) [eap] = ok
8098. (85) } # authorize = ok
8099. (85) Found Auth-Type = eap
8100. (85) # Executing group from file /etc/raddb/sites-enabled/default
8101. (85) authenticate {
8102. (85) eap: Peer sent packet with method EAP Identity (1)
8103. (85) eap: Calling submodule eap_peap to process data
8104. (85) eap_peap: Initiating new EAP-TLS session
8105. (85) eap_peap: [eaptls start] = request
8106. (85) eap: Sending EAP Request (code 1) ID 86 length 6
8107. (85) eap: EAP session adding &reply:State = 0xddec9c40ddba8583
8108. (85) [eap] = handled
8109. (85) } # authenticate = handled
8110. (85) Using Post-Auth-Type Challenge
8111. (85) Post-Auth-Type sub-section not found. Ignoring.
8112. (85) # Executing group from file /etc/raddb/sites-enabled/default
8113. (85) Sent Access-Challenge Id 109 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
8114. (85) EAP-Message = 0x015600061920
8115. (85) Message-Authenticator = 0x00000000000000000000000000000000
8116. (85) State = 0xddec9c40ddba858300be6bd519d98106
8117. (85) Finished request
8118. Waking up in 2.7 seconds.
8119. (86) Received Access-Request Id 110 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
8120. (86) User-Name = "vkratsberg"
8121. (86) NAS-Port = 358
8122. (86) State = 0xddec9c40ddba858300be6bd519d98106
8123. (86) EAP-Message = 0x025600a31980000000991603010094010000900301573f503d130cb7c1a5d4ec02e96f0c1405ebbd488879e308a234f386b1532f0a20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
8124. (86) Message-Authenticator = 0x532c2a83495a7f390cc7db7d385841a2
8125. (86) Acct-Session-Id = "8O2.1x81bb0847000dfbd9"
8126. (86) NAS-Port-Id = "ge-3/0/6.0"
8127. (86) Calling-Station-Id = "00-e0-4c-b8-16-4d"
8128. (86) Called-Station-Id = "ec-3e-f7-68-35-00"
8129. (86) NAS-IP-Address = 10.8.0.111
8130. (86) NAS-Identifier = "nyc-access-sw011"
8131. (86) NAS-Port-Type = Ethernet
8132. (86) session-state: No cached attributes
8133. (86) # Executing section authorize from file /etc/raddb/sites-enabled/default
8134. (86) authorize {
8135. (86) policy filter_username {
8136. (86) if (&User-Name) {
8137. (86) if (&User-Name) -> TRUE
8138. (86) if (&User-Name) {
8139. (86) if (&User-Name =~ / /) {
8140. (86) if (&User-Name =~ / /) -> FALSE
8141. (86) if (&User-Name =~ /@[^@]*@/ ) {
8142. (86) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
8143. (86) if (&User-Name =~ /\.\./ ) {
8144. (86) if (&User-Name =~ /\.\./ ) -> FALSE
8145. (86) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
8146. (86) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
8147. (86) if (&User-Name =~ /\.$/) {
8148. (86) if (&User-Name =~ /\.$/) -> FALSE
8149. (86) if (&User-Name =~ /@\./) {
8150. (86) if (&User-Name =~ /@\./) -> FALSE
8151. (86) } # if (&User-Name) = notfound
8152. (86) } # policy filter_username = notfound
8153. (86) [preprocess] = ok
8154. (86) [chap] = noop
8155. (86) [mschap] = noop
8156. (86) [digest] = noop
8157. (86) suffix: Checking for suffix after "@"
8158. (86) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
8159. (86) suffix: No such realm "NULL"
8160. (86) [suffix] = noop
8161. (86) eap: Peer sent EAP Response (code 2) ID 86 length 163
8162. (86) eap: Continuing tunnel setup
8163. (86) [eap] = ok
8164. (86) } # authorize = ok
8165. (86) Found Auth-Type = eap
8166. (86) # Executing group from file /etc/raddb/sites-enabled/default
8167. (86) authenticate {
8168. (86) eap: Expiring EAP session with state 0xddec9c40ddba8583
8169. (86) eap: Finished EAP session with state 0xddec9c40ddba8583
8170. (86) eap: Previous EAP request found for state 0xddec9c40ddba8583, released from the list
8171. (86) eap: Peer sent packet with method EAP PEAP (25)
8172. (86) eap: Calling submodule eap_peap to process data
8173. (86) eap_peap: Continuing EAP-TLS
8174. (86) eap_peap: Peer indicated complete TLS record size will be 153 bytes
8175. (86) eap_peap: Got complete TLS record (153 bytes)
8176. (86) eap_peap: [eaptls verify] = length included
8177. (86) eap_peap: (other): before/accept initialization
8178. (86) eap_peap: TLS_accept: before/accept initialization
8179. (86) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
8180. (86) eap_peap: TLS_accept: SSLv3 read client hello A
8181. (86) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
8182. (86) eap_peap: TLS_accept: SSLv3 write server hello A
8183. (86) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
8184. (86) eap_peap: TLS_accept: SSLv3 write change cipher spec A
8185. (86) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
8186. (86) eap_peap: TLS_accept: SSLv3 write finished A
8187. (86) eap_peap: TLS_accept: SSLv3 flush data
8188. (86) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
8189. (86) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
8190. (86) eap_peap: In SSL Handshake Phase
8191. (86) eap_peap: In SSL Accept mode
8192. (86) eap_peap: [eaptls process] = handled
8193. (86) eap: Sending EAP Request (code 1) ID 87 length 159
8194. (86) eap: EAP session adding &reply:State = 0xddec9c40dcbb8583
8195. (86) [eap] = handled
8196. (86) } # authenticate = handled
8197. (86) Using Post-Auth-Type Challenge
8198. (86) Post-Auth-Type sub-section not found. Ignoring.
8199. (86) # Executing group from file /etc/raddb/sites-enabled/default
8200. (86) Sent Access-Challenge Id 110 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
8201. (86) EAP-Message = 0x0157009f19001603010059020000550301573f503db3daf59fd6e962d784b026bfd5e646876db59f77d2d794aba48780c020274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030b45c38a34a724f64
8202. (86) Message-Authenticator = 0x00000000000000000000000000000000
8203. (86) State = 0xddec9c40dcbb858300be6bd519d98106
8204. (86) Finished request
8205. Waking up in 2.7 seconds.
8206. (87) Received Access-Request Id 111 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
8207. (87) User-Name = "vkratsberg"
8208. (87) NAS-Port = 358
8209. (87) State = 0xddec9c40dcbb858300be6bd519d98106
8210. (87) EAP-Message = 0x0257004519800000003b1403010001011603010030821c78fe635699a956117ba34228dcce1f37a15e0e31c46d0deaa6ab40fbb69e7d7334d901b8b68c965abf9ef3e5057b
8211. (87) Message-Authenticator = 0xb10d8d5294e3a1c9a8781a1a835a1226
8212. (87) Acct-Session-Id = "8O2.1x81bb0847000dfbd9"
8213. (87) NAS-Port-Id = "ge-3/0/6.0"
8214. (87) Calling-Station-Id = "00-e0-4c-b8-16-4d"
8215. (87) Called-Station-Id = "ec-3e-f7-68-35-00"
8216. (87) NAS-IP-Address = 10.8.0.111
8217. (87) NAS-Identifier = "nyc-access-sw011"
8218. (87) NAS-Port-Type = Ethernet
8219. (87) session-state: No cached attributes
8220. (87) # Executing section authorize from file /etc/raddb/sites-enabled/default
8221. (87) authorize {
8222. (87) policy filter_username {
8223. (87) if (&User-Name) {
8224. (87) if (&User-Name) -> TRUE
8225. (87) if (&User-Name) {
8226. (87) if (&User-Name =~ / /) {
8227. (87) if (&User-Name =~ / /) -> FALSE
8228. (87) if (&User-Name =~ /@[^@]*@/ ) {
8229. (87) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
8230. (87) if (&User-Name =~ /\.\./ ) {
8231. (87) if (&User-Name =~ /\.\./ ) -> FALSE
8232. (87) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
8233. (87) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
8234. (87) if (&User-Name =~ /\.$/) {
8235. (87) if (&User-Name =~ /\.$/) -> FALSE
8236. (87) if (&User-Name =~ /@\./) {
8237. (87) if (&User-Name =~ /@\./) -> FALSE
8238. (87) } # if (&User-Name) = notfound
8239. (87) } # policy filter_username = notfound
8240. (87) [preprocess] = ok
8241. (87) [chap] = noop
8242. (87) [mschap] = noop
8243. (87) [digest] = noop
8244. (87) suffix: Checking for suffix after "@"
8245. (87) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
8246. (87) suffix: No such realm "NULL"
8247. (87) [suffix] = noop
8248. (87) eap: Peer sent EAP Response (code 2) ID 87 length 69
8249. (87) eap: Continuing tunnel setup
8250. (87) [eap] = ok
8251. (87) } # authorize = ok
8252. (87) Found Auth-Type = eap
8253. (87) # Executing group from file /etc/raddb/sites-enabled/default
8254. (87) authenticate {
8255. (87) eap: Expiring EAP session with state 0xddec9c40dcbb8583
8256. (87) eap: Finished EAP session with state 0xddec9c40dcbb8583
8257. (87) eap: Previous EAP request found for state 0xddec9c40dcbb8583, released from the list
8258. (87) eap: Peer sent packet with method EAP PEAP (25)
8259. (87) eap: Calling submodule eap_peap to process data
8260. (87) eap_peap: Continuing EAP-TLS
8261. (87) eap_peap: Peer indicated complete TLS record size will be 59 bytes
8262. (87) eap_peap: Got complete TLS record (59 bytes)
8263. (87) eap_peap: [eaptls verify] = length included
8264. (87) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
8265. (87) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
8266. (87) eap_peap: TLS_accept: SSLv3 read finished A
8267. (87) eap_peap: (other): SSL negotiation finished successfully
8268. (87) eap_peap: SSL Connection Established
8269. (87) eap_peap: SSL Application Data
8270. (87) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
8271. (87) eap_peap: reply:User-Name = "vkratsberg"
8272. (87) eap_peap: [eaptls process] = success
8273. (87) eap_peap: Session established. Decoding tunneled attributes
8274. (87) eap_peap: PEAP state TUNNEL ESTABLISHED
8275. (87) eap_peap: Skipping Phase2 because of session resumption
8276. (87) eap_peap: SUCCESS
8277. (87) eap: Sending EAP Request (code 1) ID 88 length 43
8278. (87) eap: EAP session adding &reply:State = 0xddec9c40dfb48583
8279. (87) [eap] = handled
8280. (87) } # authenticate = handled
8281. (87) Using Post-Auth-Type Challenge
8282. (87) Post-Auth-Type sub-section not found. Ignoring.
8283. (87) # Executing group from file /etc/raddb/sites-enabled/default
8284. (87) Sent Access-Challenge Id 111 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
8285. (87) User-Name = "vkratsberg"
8286. (87) EAP-Message = 0x0158002b19001703010020236a8e9914576a8fb73ab10a1d9bd999efece7d3f01eff7af1db015a9315a528
8287. (87) Message-Authenticator = 0x00000000000000000000000000000000
8288. (87) State = 0xddec9c40dfb4858300be6bd519d98106
8289. (87) Finished request
8290. Waking up in 2.6 seconds.
8291. (88) Received Access-Request Id 112 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
8292. (88) User-Name = "vkratsberg"
8293. (88) NAS-Port = 358
8294. (88) State = 0xddec9c40dfb4858300be6bd519d98106
8295. (88) EAP-Message = 0x0258002b19001703010020b29786f7f066ea1680060048c979bcf814b77d2a5f1583934e86ef7f1bb4c63d
8296. (88) Message-Authenticator = 0x94638561a1f2065aff01b636fa88e45e
8297. (88) Acct-Session-Id = "8O2.1x81bb0847000dfbd9"
8298. (88) NAS-Port-Id = "ge-3/0/6.0"
8299. (88) Calling-Station-Id = "00-e0-4c-b8-16-4d"
8300. (88) Called-Station-Id = "ec-3e-f7-68-35-00"
8301. (88) NAS-IP-Address = 10.8.0.111
8302. (88) NAS-Identifier = "nyc-access-sw011"
8303. (88) NAS-Port-Type = Ethernet
8304. (88) session-state: No cached attributes
8305. (88) # Executing section authorize from file /etc/raddb/sites-enabled/default
8306. (88) authorize {
8307. (88) policy filter_username {
8308. (88) if (&User-Name) {
8309. (88) if (&User-Name) -> TRUE
8310. (88) if (&User-Name) {
8311. (88) if (&User-Name =~ / /) {
8312. (88) if (&User-Name =~ / /) -> FALSE
8313. (88) if (&User-Name =~ /@[^@]*@/ ) {
8314. (88) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
8315. (88) if (&User-Name =~ /\.\./ ) {
8316. (88) if (&User-Name =~ /\.\./ ) -> FALSE
8317. (88) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
8318. (88) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
8319. (88) if (&User-Name =~ /\.$/) {
8320. (88) if (&User-Name =~ /\.$/) -> FALSE
8321. (88) if (&User-Name =~ /@\./) {
8322. (88) if (&User-Name =~ /@\./) -> FALSE
8323. (88) } # if (&User-Name) = notfound
8324. (88) } # policy filter_username = notfound
8325. (88) [preprocess] = ok
8326. (88) [chap] = noop
8327. (88) [mschap] = noop
8328. (88) [digest] = noop
8329. (88) suffix: Checking for suffix after "@"
8330. (88) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
8331. (88) suffix: No such realm "NULL"
8332. (88) [suffix] = noop
8333. (88) eap: Peer sent EAP Response (code 2) ID 88 length 43
8334. (88) eap: Continuing tunnel setup
8335. (88) [eap] = ok
8336. (88) } # authorize = ok
8337. (88) Found Auth-Type = eap
8338. (88) # Executing group from file /etc/raddb/sites-enabled/default
8339. (88) authenticate {
8340. (88) eap: Expiring EAP session with state 0xddec9c40dfb48583
8341. (88) eap: Finished EAP session with state 0xddec9c40dfb48583
8342. (88) eap: Previous EAP request found for state 0xddec9c40dfb48583, released from the list
8343. (88) eap: Peer sent packet with method EAP PEAP (25)
8344. (88) eap: Calling submodule eap_peap to process data
8345. (88) eap_peap: Continuing EAP-TLS
8346. (88) eap_peap: [eaptls verify] = ok
8347. (88) eap_peap: Done initial handshake
8348. (88) eap_peap: [eaptls process] = ok
8349. (88) eap_peap: Session established. Decoding tunneled attributes
8350. (88) eap_peap: PEAP state send tlv success
8351. (88) eap_peap: Received EAP-TLV response
8352. (88) eap_peap: Success
8353. (88) eap_peap: No saved attributes in the original Access-Accept
8354. (88) eap: Sending EAP Success (code 3) ID 88 length 4
8355. (88) eap: Freeing handler
8356. (88) [eap] = ok
8357. (88) } # authenticate = ok
8358. (88) # Executing section post-auth from file /etc/raddb/sites-enabled/default
8359. (88) post-auth {
8360. (88) update {
8361. (88) No attributes updated
8362. (88) } # update = noop
8363. (88) [exec] = noop
8364. (88) policy remove_reply_message_if_eap {
8365. (88) if (&reply:EAP-Message && &reply:Reply-Message) {
8366. (88) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
8367. (88) else {
8368. (88) [noop] = noop
8369. (88) } # else = noop
8370. (88) } # policy remove_reply_message_if_eap = noop
8371. (88) } # post-auth = noop
8372. (88) Sent Access-Accept Id 112 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
8373. (88) MS-MPPE-Recv-Key = 0x2ff6398cf2f496353df975ccf79389006a081af821406dae6f3b9a11d66d4ecc
8374. (88) MS-MPPE-Send-Key = 0x22bc82dfd8c9654140f97e436b7cbdbe7eee38bad1356412412895e8d536068a
8375. (88) EAP-Message = 0x03580004
8376. (88) Message-Authenticator = 0x00000000000000000000000000000000
8377. (88) User-Name = "vkratsberg"
8378. (88) Finished request
8379. Waking up in 2.6 seconds.
8380. (89) Received Access-Request Id 113 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
8381. (89) User-Name = "vkratsberg"
8382. (89) NAS-Port = 358
8383. (89) EAP-Message = 0x0259000f01766b7261747362657267
8384. (89) Message-Authenticator = 0xfb3b7fd821d0c3ddc23c94ad1753cb70
8385. (89) Acct-Session-Id = "8O2.1x81bb08480000b884"
8386. (89) NAS-Port-Id = "ge-3/0/6.0"
8387. (89) Calling-Station-Id = "00-e0-4c-b8-16-4d"
8388. (89) Called-Station-Id = "ec-3e-f7-68-35-00"
8389. (89) NAS-IP-Address = 10.8.0.111
8390. (89) NAS-Identifier = "nyc-access-sw011"
8391. (89) NAS-Port-Type = Ethernet
8392. (89) # Executing section authorize from file /etc/raddb/sites-enabled/default
8393. (89) authorize {
8394. (89) policy filter_username {
8395. (89) if (&User-Name) {
8396. (89) if (&User-Name) -> TRUE
8397. (89) if (&User-Name) {
8398. (89) if (&User-Name =~ / /) {
8399. (89) if (&User-Name =~ / /) -> FALSE
8400. (89) if (&User-Name =~ /@[^@]*@/ ) {
8401. (89) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
8402. (89) if (&User-Name =~ /\.\./ ) {
8403. (89) if (&User-Name =~ /\.\./ ) -> FALSE
8404. (89) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
8405. (89) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
8406. (89) if (&User-Name =~ /\.$/) {
8407. (89) if (&User-Name =~ /\.$/) -> FALSE
8408. (89) if (&User-Name =~ /@\./) {
8409. (89) if (&User-Name =~ /@\./) -> FALSE
8410. (89) } # if (&User-Name) = notfound
8411. (89) } # policy filter_username = notfound
8412. (89) [preprocess] = ok
8413. (89) [chap] = noop
8414. (89) [mschap] = noop
8415. (89) [digest] = noop
8416. (89) suffix: Checking for suffix after "@"
8417. (89) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
8418. (89) suffix: No such realm "NULL"
8419. (89) [suffix] = noop
8420. (89) eap: Peer sent EAP Response (code 2) ID 89 length 15
8421. (89) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
8422. (89) [eap] = ok
8423. (89) } # authorize = ok
8424. (89) Found Auth-Type = eap
8425. (89) # Executing group from file /etc/raddb/sites-enabled/default
8426. (89) authenticate {
8427. (89) eap: Peer sent packet with method EAP Identity (1)
8428. (89) eap: Calling submodule eap_peap to process data
8429. (89) eap_peap: Initiating new EAP-TLS session
8430. (89) eap_peap: [eaptls start] = request
8431. (89) eap: Sending EAP Request (code 1) ID 90 length 6
8432. (89) eap: EAP session adding &reply:State = 0xf3f65797f3ac4e62
8433. (89) [eap] = handled
8434. (89) } # authenticate = handled
8435. (89) Using Post-Auth-Type Challenge
8436. (89) Post-Auth-Type sub-section not found. Ignoring.
8437. (89) # Executing group from file /etc/raddb/sites-enabled/default
8438. (89) Sent Access-Challenge Id 113 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
8439. (89) EAP-Message = 0x015a00061920
8440. (89) Message-Authenticator = 0x00000000000000000000000000000000
8441. (89) State = 0xf3f65797f3ac4e621ec30b7aa01bd58c
8442. (89) Finished request
8443. Waking up in 2.5 seconds.
8444. (90) Received Access-Request Id 114 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
8445. (90) User-Name = "vkratsberg"
8446. (90) NAS-Port = 358
8447. (90) State = 0xf3f65797f3ac4e621ec30b7aa01bd58c
8448. (90) EAP-Message = 0x025a00a31980000000991603010094010000900301573f503de945eae0f695404299c8048b7cc35ee097d42e3587c8b7a0ec03333520274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
8449. (90) Message-Authenticator = 0xc50b216c98bd5c9fa6e8553cd4b8296c
8450. (90) Acct-Session-Id = "8O2.1x81bb08480000b884"
8451. (90) NAS-Port-Id = "ge-3/0/6.0"
8452. (90) Calling-Station-Id = "00-e0-4c-b8-16-4d"
8453. (90) Called-Station-Id = "ec-3e-f7-68-35-00"
8454. (90) NAS-IP-Address = 10.8.0.111
8455. (90) NAS-Identifier = "nyc-access-sw011"
8456. (90) NAS-Port-Type = Ethernet
8457. (90) session-state: No cached attributes
8458. (90) # Executing section authorize from file /etc/raddb/sites-enabled/default
8459. (90) authorize {
8460. (90) policy filter_username {
8461. (90) if (&User-Name) {
8462. (90) if (&User-Name) -> TRUE
8463. (90) if (&User-Name) {
8464. (90) if (&User-Name =~ / /) {
8465. (90) if (&User-Name =~ / /) -> FALSE
8466. (90) if (&User-Name =~ /@[^@]*@/ ) {
8467. (90) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
8468. (90) if (&User-Name =~ /\.\./ ) {
8469. (90) if (&User-Name =~ /\.\./ ) -> FALSE
8470. (90) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
8471. (90) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
8472. (90) if (&User-Name =~ /\.$/) {
8473. (90) if (&User-Name =~ /\.$/) -> FALSE
8474. (90) if (&User-Name =~ /@\./) {
8475. (90) if (&User-Name =~ /@\./) -> FALSE
8476. (90) } # if (&User-Name) = notfound
8477. (90) } # policy filter_username = notfound
8478. (90) [preprocess] = ok
8479. (90) [chap] = noop
8480. (90) [mschap] = noop
8481. (90) [digest] = noop
8482. (90) suffix: Checking for suffix after "@"
8483. (90) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
8484. (90) suffix: No such realm "NULL"
8485. (90) [suffix] = noop
8486. (90) eap: Peer sent EAP Response (code 2) ID 90 length 163
8487. (90) eap: Continuing tunnel setup
8488. (90) [eap] = ok
8489. (90) } # authorize = ok
8490. (90) Found Auth-Type = eap
8491. (90) # Executing group from file /etc/raddb/sites-enabled/default
8492. (90) authenticate {
8493. (90) eap: Expiring EAP session with state 0xf3f65797f3ac4e62
8494. (90) eap: Finished EAP session with state 0xf3f65797f3ac4e62
8495. (90) eap: Previous EAP request found for state 0xf3f65797f3ac4e62, released from the list
8496. (90) eap: Peer sent packet with method EAP PEAP (25)
8497. (90) eap: Calling submodule eap_peap to process data
8498. (90) eap_peap: Continuing EAP-TLS
8499. (90) eap_peap: Peer indicated complete TLS record size will be 153 bytes
8500. (90) eap_peap: Got complete TLS record (153 bytes)
8501. (90) eap_peap: [eaptls verify] = length included
8502. (90) eap_peap: (other): before/accept initialization
8503. (90) eap_peap: TLS_accept: before/accept initialization
8504. (90) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
8505. (90) eap_peap: TLS_accept: SSLv3 read client hello A
8506. (90) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
8507. (90) eap_peap: TLS_accept: SSLv3 write server hello A
8508. (90) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
8509. (90) eap_peap: TLS_accept: SSLv3 write change cipher spec A
8510. (90) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
8511. (90) eap_peap: TLS_accept: SSLv3 write finished A
8512. (90) eap_peap: TLS_accept: SSLv3 flush data
8513. (90) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
8514. (90) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
8515. (90) eap_peap: In SSL Handshake Phase
8516. (90) eap_peap: In SSL Accept mode
8517. (90) eap_peap: [eaptls process] = handled
8518. (90) eap: Sending EAP Request (code 1) ID 91 length 159
8519. (90) eap: EAP session adding &reply:State = 0xf3f65797f2ad4e62
8520. (90) [eap] = handled
8521. (90) } # authenticate = handled
8522. (90) Using Post-Auth-Type Challenge
8523. (90) Post-Auth-Type sub-section not found. Ignoring.
8524. (90) # Executing group from file /etc/raddb/sites-enabled/default
8525. (90) Sent Access-Challenge Id 114 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
8526. (90) EAP-Message = 0x015b009f19001603010059020000550301573f503ef26e8e9df3cee6a22df14125582356c78bc5a6ecc374a7a093d0290320274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030b74d19eb1117d774
8527. (90) Message-Authenticator = 0x00000000000000000000000000000000
8528. (90) State = 0xf3f65797f2ad4e621ec30b7aa01bd58c
8529. (90) Finished request
8530. Waking up in 2.5 seconds.
8531. (91) Received Access-Request Id 115 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
8532. (91) User-Name = "vkratsberg"
8533. (91) NAS-Port = 358
8534. (91) State = 0xf3f65797f2ad4e621ec30b7aa01bd58c
8535. (91) EAP-Message = 0x025b004519800000003b1403010001011603010030a22d00938647e55ec45ac542861fad0659c62d86eaa7037ba5fcc484057660325f730585150fd9b093fe1498881a069b
8536. (91) Message-Authenticator = 0xe35322a1f4968f7f065e42e1c88f2fd2
8537. (91) Acct-Session-Id = "8O2.1x81bb08480000b884"
8538. (91) NAS-Port-Id = "ge-3/0/6.0"
8539. (91) Calling-Station-Id = "00-e0-4c-b8-16-4d"
8540. (91) Called-Station-Id = "ec-3e-f7-68-35-00"
8541. (91) NAS-IP-Address = 10.8.0.111
8542. (91) NAS-Identifier = "nyc-access-sw011"
8543. (91) NAS-Port-Type = Ethernet
8544. (91) session-state: No cached attributes
8545. (91) # Executing section authorize from file /etc/raddb/sites-enabled/default
8546. (91) authorize {
8547. (91) policy filter_username {
8548. (91) if (&User-Name) {
8549. (91) if (&User-Name) -> TRUE
8550. (91) if (&User-Name) {
8551. (91) if (&User-Name =~ / /) {
8552. (91) if (&User-Name =~ / /) -> FALSE
8553. (91) if (&User-Name =~ /@[^@]*@/ ) {
8554. (91) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
8555. (91) if (&User-Name =~ /\.\./ ) {
8556. (91) if (&User-Name =~ /\.\./ ) -> FALSE
8557. (91) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
8558. (91) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
8559. (91) if (&User-Name =~ /\.$/) {
8560. (91) if (&User-Name =~ /\.$/) -> FALSE
8561. (91) if (&User-Name =~ /@\./) {
8562. (91) if (&User-Name =~ /@\./) -> FALSE
8563. (91) } # if (&User-Name) = notfound
8564. (91) } # policy filter_username = notfound
8565. (91) [preprocess] = ok
8566. (91) [chap] = noop
8567. (91) [mschap] = noop
8568. (91) [digest] = noop
8569. (91) suffix: Checking for suffix after "@"
8570. (91) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
8571. (91) suffix: No such realm "NULL"
8572. (91) [suffix] = noop
8573. (91) eap: Peer sent EAP Response (code 2) ID 91 length 69
8574. (91) eap: Continuing tunnel setup
8575. (91) [eap] = ok
8576. (91) } # authorize = ok
8577. (91) Found Auth-Type = eap
8578. (91) # Executing group from file /etc/raddb/sites-enabled/default
8579. (91) authenticate {
8580. (91) eap: Expiring EAP session with state 0xf3f65797f2ad4e62
8581. (91) eap: Finished EAP session with state 0xf3f65797f2ad4e62
8582. (91) eap: Previous EAP request found for state 0xf3f65797f2ad4e62, released from the list
8583. (91) eap: Peer sent packet with method EAP PEAP (25)
8584. (91) eap: Calling submodule eap_peap to process data
8585. (91) eap_peap: Continuing EAP-TLS
8586. (91) eap_peap: Peer indicated complete TLS record size will be 59 bytes
8587. (91) eap_peap: Got complete TLS record (59 bytes)
8588. (91) eap_peap: [eaptls verify] = length included
8589. (91) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
8590. (91) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
8591. (91) eap_peap: TLS_accept: SSLv3 read finished A
8592. (91) eap_peap: (other): SSL negotiation finished successfully
8593. (91) eap_peap: SSL Connection Established
8594. (91) eap_peap: SSL Application Data
8595. (91) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
8596. (91) eap_peap: reply:User-Name = "vkratsberg"
8597. (91) eap_peap: [eaptls process] = success
8598. (91) eap_peap: Session established. Decoding tunneled attributes
8599. (91) eap_peap: PEAP state TUNNEL ESTABLISHED
8600. (91) eap_peap: Skipping Phase2 because of session resumption
8601. (91) eap_peap: SUCCESS
8602. (91) eap: Sending EAP Request (code 1) ID 92 length 43
8603. (91) eap: EAP session adding &reply:State = 0xf3f65797f1aa4e62
8604. (91) [eap] = handled
8605. (91) } # authenticate = handled
8606. (91) Using Post-Auth-Type Challenge
8607. (91) Post-Auth-Type sub-section not found. Ignoring.
8608. (91) # Executing group from file /etc/raddb/sites-enabled/default
8609. (91) Sent Access-Challenge Id 115 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
8610. (91) User-Name = "vkratsberg"
8611. (91) EAP-Message = 0x015c002b19001703010020d00e70e0f06682b9de92dbd0a58072cf53f13947ce29bfeb86b82afe17bc357f
8612. (91) Message-Authenticator = 0x00000000000000000000000000000000
8613. (91) State = 0xf3f65797f1aa4e621ec30b7aa01bd58c
8614. (91) Finished request
8615. Waking up in 2.5 seconds.
8616. (92) Received Access-Request Id 116 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
8617. (92) User-Name = "vkratsberg"
8618. (92) NAS-Port = 358
8619. (92) State = 0xf3f65797f1aa4e621ec30b7aa01bd58c
8620. (92) EAP-Message = 0x025c002b1900170301002011d9934e017c2f0071007889c6c4266921935be4652719dc64ecd25c0df64166
8621. (92) Message-Authenticator = 0xd7c01ec7a6a4eef0f297c1b36585105a
8622. (92) Acct-Session-Id = "8O2.1x81bb08480000b884"
8623. (92) NAS-Port-Id = "ge-3/0/6.0"
8624. (92) Calling-Station-Id = "00-e0-4c-b8-16-4d"
8625. (92) Called-Station-Id = "ec-3e-f7-68-35-00"
8626. (92) NAS-IP-Address = 10.8.0.111
8627. (92) NAS-Identifier = "nyc-access-sw011"
8628. (92) NAS-Port-Type = Ethernet
8629. (92) session-state: No cached attributes
8630. (92) # Executing section authorize from file /etc/raddb/sites-enabled/default
8631. (92) authorize {
8632. (92) policy filter_username {
8633. (92) if (&User-Name) {
8634. (92) if (&User-Name) -> TRUE
8635. (92) if (&User-Name) {
8636. (92) if (&User-Name =~ / /) {
8637. (92) if (&User-Name =~ / /) -> FALSE
8638. (92) if (&User-Name =~ /@[^@]*@/ ) {
8639. (92) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
8640. (92) if (&User-Name =~ /\.\./ ) {
8641. (92) if (&User-Name =~ /\.\./ ) -> FALSE
8642. (92) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
8643. (92) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
8644. (92) if (&User-Name =~ /\.$/) {
8645. (92) if (&User-Name =~ /\.$/) -> FALSE
8646. (92) if (&User-Name =~ /@\./) {
8647. (92) if (&User-Name =~ /@\./) -> FALSE
8648. (92) } # if (&User-Name) = notfound
8649. (92) } # policy filter_username = notfound
8650. (92) [preprocess] = ok
8651. (92) [chap] = noop
8652. (92) [mschap] = noop
8653. (92) [digest] = noop
8654. (92) suffix: Checking for suffix after "@"
8655. (92) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
8656. (92) suffix: No such realm "NULL"
8657. (92) [suffix] = noop
8658. (92) eap: Peer sent EAP Response (code 2) ID 92 length 43
8659. (92) eap: Continuing tunnel setup
8660. (92) [eap] = ok
8661. (92) } # authorize = ok
8662. (92) Found Auth-Type = eap
8663. (92) # Executing group from file /etc/raddb/sites-enabled/default
8664. (92) authenticate {
8665. (92) eap: Expiring EAP session with state 0xf3f65797f1aa4e62
8666. (92) eap: Finished EAP session with state 0xf3f65797f1aa4e62
8667. (92) eap: Previous EAP request found for state 0xf3f65797f1aa4e62, released from the list
8668. (92) eap: Peer sent packet with method EAP PEAP (25)
8669. (92) eap: Calling submodule eap_peap to process data
8670. (92) eap_peap: Continuing EAP-TLS
8671. (92) eap_peap: [eaptls verify] = ok
8672. (92) eap_peap: Done initial handshake
8673. (92) eap_peap: [eaptls process] = ok
8674. (92) eap_peap: Session established. Decoding tunneled attributes
8675. (92) eap_peap: PEAP state send tlv success
8676. (92) eap_peap: Received EAP-TLV response
8677. (92) eap_peap: Success
8678. (92) eap_peap: No saved attributes in the original Access-Accept
8679. (92) eap: Sending EAP Success (code 3) ID 92 length 4
8680. (92) eap: Freeing handler
8681. (92) [eap] = ok
8682. (92) } # authenticate = ok
8683. (92) # Executing section post-auth from file /etc/raddb/sites-enabled/default
8684. (92) post-auth {
8685. (92) update {
8686. (92) No attributes updated
8687. (92) } # update = noop
8688. (92) [exec] = noop
8689. (92) policy remove_reply_message_if_eap {
8690. (92) if (&reply:EAP-Message && &reply:Reply-Message) {
8691. (92) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
8692. (92) else {
8693. (92) [noop] = noop
8694. (92) } # else = noop
8695. (92) } # policy remove_reply_message_if_eap = noop
8696. (92) } # post-auth = noop
8697. (92) Sent Access-Accept Id 116 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
8698. (92) MS-MPPE-Recv-Key = 0xf716988c33cbb8a7316d859a82454f9591af327132d56035581075ded4667631
8699. (92) MS-MPPE-Send-Key = 0xc9190767d184d55bf3c786833c56a85649dffb57b3a2d0c85257b68b25c736c1
8700. (92) EAP-Message = 0x035c0004
8701. (92) Message-Authenticator = 0x00000000000000000000000000000000
8702. (92) User-Name = "vkratsberg"
8703. (92) Finished request
8704. Waking up in 2.5 seconds.
8705. (93) Received Access-Request Id 117 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
8706. (93) User-Name = "vkratsberg"
8707. (93) NAS-Port = 358
8708. (93) EAP-Message = 0x025d000f01766b7261747362657267
8709. (93) Message-Authenticator = 0x13b404179d1a5e728643973224aadf56
8710. (93) Acct-Session-Id = "8O2.1x81bb084900024eea"
8711. (93) NAS-Port-Id = "ge-3/0/6.0"
8712. (93) Calling-Station-Id = "00-e0-4c-b8-16-4d"
8713. (93) Called-Station-Id = "ec-3e-f7-68-35-00"
8714. (93) NAS-IP-Address = 10.8.0.111
8715. (93) NAS-Identifier = "nyc-access-sw011"
8716. (93) NAS-Port-Type = Ethernet
8717. (93) # Executing section authorize from file /etc/raddb/sites-enabled/default
8718. (93) authorize {
8719. (93) policy filter_username {
8720. (93) if (&User-Name) {
8721. (93) if (&User-Name) -> TRUE
8722. (93) if (&User-Name) {
8723. (93) if (&User-Name =~ / /) {
8724. (93) if (&User-Name =~ / /) -> FALSE
8725. (93) if (&User-Name =~ /@[^@]*@/ ) {
8726. (93) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
8727. (93) if (&User-Name =~ /\.\./ ) {
8728. (93) if (&User-Name =~ /\.\./ ) -> FALSE
8729. (93) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
8730. (93) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
8731. (93) if (&User-Name =~ /\.$/) {
8732. (93) if (&User-Name =~ /\.$/) -> FALSE
8733. (93) if (&User-Name =~ /@\./) {
8734. (93) if (&User-Name =~ /@\./) -> FALSE
8735. (93) } # if (&User-Name) = notfound
8736. (93) } # policy filter_username = notfound
8737. (93) [preprocess] = ok
8738. (93) [chap] = noop
8739. (93) [mschap] = noop
8740. (93) [digest] = noop
8741. (93) suffix: Checking for suffix after "@"
8742. (93) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
8743. (93) suffix: No such realm "NULL"
8744. (93) [suffix] = noop
8745. (93) eap: Peer sent EAP Response (code 2) ID 93 length 15
8746. (93) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
8747. (93) [eap] = ok
8748. (93) } # authorize = ok
8749. (93) Found Auth-Type = eap
8750. (93) # Executing group from file /etc/raddb/sites-enabled/default
8751. (93) authenticate {
8752. (93) eap: Peer sent packet with method EAP Identity (1)
8753. (93) eap: Calling submodule eap_peap to process data
8754. (93) eap_peap: Initiating new EAP-TLS session
8755. (93) eap_peap: [eaptls start] = request
8756. (93) eap: Sending EAP Request (code 1) ID 94 length 6
8757. (93) eap: EAP session adding &reply:State = 0xed4ec92ded10d02a
8758. (93) [eap] = handled
8759. (93) } # authenticate = handled
8760. (93) Using Post-Auth-Type Challenge
8761. (93) Post-Auth-Type sub-section not found. Ignoring.
8762. (93) # Executing group from file /etc/raddb/sites-enabled/default
8763. (93) Sent Access-Challenge Id 117 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
8764. (93) EAP-Message = 0x015e00061920
8765. (93) Message-Authenticator = 0x00000000000000000000000000000000
8766. (93) State = 0xed4ec92ded10d02ae7c6af9c4ae0a2b2
8767. (93) Finished request
8768. Waking up in 2.4 seconds.
8769. (94) Received Access-Request Id 118 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
8770. (94) User-Name = "vkratsberg"
8771. (94) NAS-Port = 358
8772. (94) State = 0xed4ec92ded10d02ae7c6af9c4ae0a2b2
8773. (94) EAP-Message = 0x025e00a31980000000991603010094010000900301573f503ec6462b8123d22a0abeaa8d81f7ec7daa9d18645b120a106bf52c301720274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
8774. (94) Message-Authenticator = 0xbbd84676ec17fced47d7b0a8785feaee
8775. (94) Acct-Session-Id = "8O2.1x81bb084900024eea"
8776. (94) NAS-Port-Id = "ge-3/0/6.0"
8777. (94) Calling-Station-Id = "00-e0-4c-b8-16-4d"
8778. (94) Called-Station-Id = "ec-3e-f7-68-35-00"
8779. (94) NAS-IP-Address = 10.8.0.111
8780. (94) NAS-Identifier = "nyc-access-sw011"
8781. (94) NAS-Port-Type = Ethernet
8782. (94) session-state: No cached attributes
8783. (94) # Executing section authorize from file /etc/raddb/sites-enabled/default
8784. (94) authorize {
8785. (94) policy filter_username {
8786. (94) if (&User-Name) {
8787. (94) if (&User-Name) -> TRUE
8788. (94) if (&User-Name) {
8789. (94) if (&User-Name =~ / /) {
8790. (94) if (&User-Name =~ / /) -> FALSE
8791. (94) if (&User-Name =~ /@[^@]*@/ ) {
8792. (94) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
8793. (94) if (&User-Name =~ /\.\./ ) {
8794. (94) if (&User-Name =~ /\.\./ ) -> FALSE
8795. (94) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
8796. (94) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
8797. (94) if (&User-Name =~ /\.$/) {
8798. (94) if (&User-Name =~ /\.$/) -> FALSE
8799. (94) if (&User-Name =~ /@\./) {
8800. (94) if (&User-Name =~ /@\./) -> FALSE
8801. (94) } # if (&User-Name) = notfound
8802. (94) } # policy filter_username = notfound
8803. (94) [preprocess] = ok
8804. (94) [chap] = noop
8805. (94) [mschap] = noop
8806. (94) [digest] = noop
8807. (94) suffix: Checking for suffix after "@"
8808. (94) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
8809. (94) suffix: No such realm "NULL"
8810. (94) [suffix] = noop
8811. (94) eap: Peer sent EAP Response (code 2) ID 94 length 163
8812. (94) eap: Continuing tunnel setup
8813. (94) [eap] = ok
8814. (94) } # authorize = ok
8815. (94) Found Auth-Type = eap
8816. (94) # Executing group from file /etc/raddb/sites-enabled/default
8817. (94) authenticate {
8818. (94) eap: Expiring EAP session with state 0xed4ec92ded10d02a
8819. (94) eap: Finished EAP session with state 0xed4ec92ded10d02a
8820. (94) eap: Previous EAP request found for state 0xed4ec92ded10d02a, released from the list
8821. (94) eap: Peer sent packet with method EAP PEAP (25)
8822. (94) eap: Calling submodule eap_peap to process data
8823. (94) eap_peap: Continuing EAP-TLS
8824. (94) eap_peap: Peer indicated complete TLS record size will be 153 bytes
8825. (94) eap_peap: Got complete TLS record (153 bytes)
8826. (94) eap_peap: [eaptls verify] = length included
8827. (94) eap_peap: (other): before/accept initialization
8828. (94) eap_peap: TLS_accept: before/accept initialization
8829. (94) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
8830. (94) eap_peap: TLS_accept: SSLv3 read client hello A
8831. (94) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
8832. (94) eap_peap: TLS_accept: SSLv3 write server hello A
8833. (94) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
8834. (94) eap_peap: TLS_accept: SSLv3 write change cipher spec A
8835. (94) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
8836. (94) eap_peap: TLS_accept: SSLv3 write finished A
8837. (94) eap_peap: TLS_accept: SSLv3 flush data
8838. (94) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
8839. (94) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
8840. (94) eap_peap: In SSL Handshake Phase
8841. (94) eap_peap: In SSL Accept mode
8842. (94) eap_peap: [eaptls process] = handled
8843. (94) eap: Sending EAP Request (code 1) ID 95 length 159
8844. (94) eap: EAP session adding &reply:State = 0xed4ec92dec11d02a
8845. (94) [eap] = handled
8846. (94) } # authenticate = handled
8847. (94) Using Post-Auth-Type Challenge
8848. (94) Post-Auth-Type sub-section not found. Ignoring.
8849. (94) # Executing group from file /etc/raddb/sites-enabled/default
8850. (94) Sent Access-Challenge Id 118 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
8851. (94) EAP-Message = 0x015f009f19001603010059020000550301573f503eaaf5785ac4d488f7c13d1bbbddc772c5169346ee4d954936abdafcf820274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100303a4b5486e6cfa0d1
8852. (94) Message-Authenticator = 0x00000000000000000000000000000000
8853. (94) State = 0xed4ec92dec11d02ae7c6af9c4ae0a2b2
8854. (94) Finished request
8855. Waking up in 2.4 seconds.
8856. (95) Received Access-Request Id 119 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
8857. (95) User-Name = "vkratsberg"
8858. (95) NAS-Port = 358
8859. (95) State = 0xed4ec92dec11d02ae7c6af9c4ae0a2b2
8860. (95) EAP-Message = 0x025f004519800000003b140301000101160301003039acef79d1dd1d9b7e3239c5068c3ad277547338529d265b4cc984fd7de888be4e2553780bdd0b4b68649120d2abea38
8861. (95) Message-Authenticator = 0xa7115a38582e0248ed4ee153f4117748
8862. (95) Acct-Session-Id = "8O2.1x81bb084900024eea"
8863. (95) NAS-Port-Id = "ge-3/0/6.0"
8864. (95) Calling-Station-Id = "00-e0-4c-b8-16-4d"
8865. (95) Called-Station-Id = "ec-3e-f7-68-35-00"
8866. (95) NAS-IP-Address = 10.8.0.111
8867. (95) NAS-Identifier = "nyc-access-sw011"
8868. (95) NAS-Port-Type = Ethernet
8869. (95) session-state: No cached attributes
8870. (95) # Executing section authorize from file /etc/raddb/sites-enabled/default
8871. (95) authorize {
8872. (95) policy filter_username {
8873. (95) if (&User-Name) {
8874. (95) if (&User-Name) -> TRUE
8875. (95) if (&User-Name) {
8876. (95) if (&User-Name =~ / /) {
8877. (95) if (&User-Name =~ / /) -> FALSE
8878. (95) if (&User-Name =~ /@[^@]*@/ ) {
8879. (95) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
8880. (95) if (&User-Name =~ /\.\./ ) {
8881. (95) if (&User-Name =~ /\.\./ ) -> FALSE
8882. (95) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
8883. (95) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
8884. (95) if (&User-Name =~ /\.$/) {
8885. (95) if (&User-Name =~ /\.$/) -> FALSE
8886. (95) if (&User-Name =~ /@\./) {
8887. (95) if (&User-Name =~ /@\./) -> FALSE
8888. (95) } # if (&User-Name) = notfound
8889. (95) } # policy filter_username = notfound
8890. (95) [preprocess] = ok
8891. (95) [chap] = noop
8892. (95) [mschap] = noop
8893. (95) [digest] = noop
8894. (95) suffix: Checking for suffix after "@"
8895. (95) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
8896. (95) suffix: No such realm "NULL"
8897. (95) [suffix] = noop
8898. (95) eap: Peer sent EAP Response (code 2) ID 95 length 69
8899. (95) eap: Continuing tunnel setup
8900. (95) [eap] = ok
8901. (95) } # authorize = ok
8902. (95) Found Auth-Type = eap
8903. (95) # Executing group from file /etc/raddb/sites-enabled/default
8904. (95) authenticate {
8905. (95) eap: Expiring EAP session with state 0xed4ec92dec11d02a
8906. (95) eap: Finished EAP session with state 0xed4ec92dec11d02a
8907. (95) eap: Previous EAP request found for state 0xed4ec92dec11d02a, released from the list
8908. (95) eap: Peer sent packet with method EAP PEAP (25)
8909. (95) eap: Calling submodule eap_peap to process data
8910. (95) eap_peap: Continuing EAP-TLS
8911. (95) eap_peap: Peer indicated complete TLS record size will be 59 bytes
8912. (95) eap_peap: Got complete TLS record (59 bytes)
8913. (95) eap_peap: [eaptls verify] = length included
8914. (95) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
8915. (95) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
8916. (95) eap_peap: TLS_accept: SSLv3 read finished A
8917. (95) eap_peap: (other): SSL negotiation finished successfully
8918. (95) eap_peap: SSL Connection Established
8919. (95) eap_peap: SSL Application Data
8920. (95) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
8921. (95) eap_peap: reply:User-Name = "vkratsberg"
8922. (95) eap_peap: [eaptls process] = success
8923. (95) eap_peap: Session established. Decoding tunneled attributes
8924. (95) eap_peap: PEAP state TUNNEL ESTABLISHED
8925. (95) eap_peap: Skipping Phase2 because of session resumption
8926. (95) eap_peap: SUCCESS
8927. (95) eap: Sending EAP Request (code 1) ID 96 length 43
8928. (95) eap: EAP session adding &reply:State = 0xed4ec92def2ed02a
8929. (95) [eap] = handled
8930. (95) } # authenticate = handled
8931. (95) Using Post-Auth-Type Challenge
8932. (95) Post-Auth-Type sub-section not found. Ignoring.
8933. (95) # Executing group from file /etc/raddb/sites-enabled/default
8934. (95) Sent Access-Challenge Id 119 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
8935. (95) User-Name = "vkratsberg"
8936. (95) EAP-Message = 0x0160002b19001703010020dda7c68a4cdd1a8cbc59a6adabdeaaca357d79db85612ab9ef1658d2ba4d664a
8937. (95) Message-Authenticator = 0x00000000000000000000000000000000
8938. (95) State = 0xed4ec92def2ed02ae7c6af9c4ae0a2b2
8939. (95) Finished request
8940. Waking up in 2.4 seconds.
8941. (96) Received Access-Request Id 120 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
8942. (96) User-Name = "vkratsberg"
8943. (96) NAS-Port = 358
8944. (96) State = 0xed4ec92def2ed02ae7c6af9c4ae0a2b2
8945. (96) EAP-Message = 0x0260002b19001703010020859f63006c63f6dbab44b6fdd64847e070b5b55706bcbd2e9412e7ccbcf0b368
8946. (96) Message-Authenticator = 0x290f5f5338d3938e4ed7a511b110ea45
8947. (96) Acct-Session-Id = "8O2.1x81bb084900024eea"
8948. (96) NAS-Port-Id = "ge-3/0/6.0"
8949. (96) Calling-Station-Id = "00-e0-4c-b8-16-4d"
8950. (96) Called-Station-Id = "ec-3e-f7-68-35-00"
8951. (96) NAS-IP-Address = 10.8.0.111
8952. (96) NAS-Identifier = "nyc-access-sw011"
8953. (96) NAS-Port-Type = Ethernet
8954. (96) session-state: No cached attributes
8955. (96) # Executing section authorize from file /etc/raddb/sites-enabled/default
8956. (96) authorize {
8957. (96) policy filter_username {
8958. (96) if (&User-Name) {
8959. (96) if (&User-Name) -> TRUE
8960. (96) if (&User-Name) {
8961. (96) if (&User-Name =~ / /) {
8962. (96) if (&User-Name =~ / /) -> FALSE
8963. (96) if (&User-Name =~ /@[^@]*@/ ) {
8964. (96) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
8965. (96) if (&User-Name =~ /\.\./ ) {
8966. (96) if (&User-Name =~ /\.\./ ) -> FALSE
8967. (96) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
8968. (96) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
8969. (96) if (&User-Name =~ /\.$/) {
8970. (96) if (&User-Name =~ /\.$/) -> FALSE
8971. (96) if (&User-Name =~ /@\./) {
8972. (96) if (&User-Name =~ /@\./) -> FALSE
8973. (96) } # if (&User-Name) = notfound
8974. (96) } # policy filter_username = notfound
8975. (96) [preprocess] = ok
8976. (96) [chap] = noop
8977. (96) [mschap] = noop
8978. (96) [digest] = noop
8979. (96) suffix: Checking for suffix after "@"
8980. (96) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
8981. (96) suffix: No such realm "NULL"
8982. (96) [suffix] = noop
8983. (96) eap: Peer sent EAP Response (code 2) ID 96 length 43
8984. (96) eap: Continuing tunnel setup
8985. (96) [eap] = ok
8986. (96) } # authorize = ok
8987. (96) Found Auth-Type = eap
8988. (96) # Executing group from file /etc/raddb/sites-enabled/default
8989. (96) authenticate {
8990. (96) eap: Expiring EAP session with state 0xed4ec92def2ed02a
8991. (96) eap: Finished EAP session with state 0xed4ec92def2ed02a
8992. (96) eap: Previous EAP request found for state 0xed4ec92def2ed02a, released from the list
8993. (96) eap: Peer sent packet with method EAP PEAP (25)
8994. (96) eap: Calling submodule eap_peap to process data
8995. (96) eap_peap: Continuing EAP-TLS
8996. (96) eap_peap: [eaptls verify] = ok
8997. (96) eap_peap: Done initial handshake
8998. (96) eap_peap: [eaptls process] = ok
8999. (96) eap_peap: Session established. Decoding tunneled attributes
9000. (96) eap_peap: PEAP state send tlv success
9001. (96) eap_peap: Received EAP-TLV response
9002. (96) eap_peap: Success
9003. (96) eap_peap: No saved attributes in the original Access-Accept
9004. (96) eap: Sending EAP Success (code 3) ID 96 length 4
9005. (96) eap: Freeing handler
9006. (96) [eap] = ok
9007. (96) } # authenticate = ok
9008. (96) # Executing section post-auth from file /etc/raddb/sites-enabled/default
9009. (96) post-auth {
9010. (96) update {
9011. (96) No attributes updated
9012. (96) } # update = noop
9013. (96) [exec] = noop
9014. (96) policy remove_reply_message_if_eap {
9015. (96) if (&reply:EAP-Message && &reply:Reply-Message) {
9016. (96) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
9017. (96) else {
9018. (96) [noop] = noop
9019. (96) } # else = noop
9020. (96) } # policy remove_reply_message_if_eap = noop
9021. (96) } # post-auth = noop
9022. (96) Sent Access-Accept Id 120 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
9023. (96) MS-MPPE-Recv-Key = 0x1ac0f3837aee3709bc6b4114125148e4c8285ae9e9b2839c1cc20856409eed53
9024. (96) MS-MPPE-Send-Key = 0xf94bc2e2e13f916d2b6dec6cd343480cb50945b27a34c0d6cf068b9fd37425fb
9025. (96) EAP-Message = 0x03600004
9026. (96) Message-Authenticator = 0x00000000000000000000000000000000
9027. (96) User-Name = "vkratsberg"
9028. (96) Finished request
9029. Waking up in 2.4 seconds.
9030. (97) Received Access-Request Id 121 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
9031. (97) User-Name = "vkratsberg"
9032. (97) NAS-Port = 358
9033. (97) EAP-Message = 0x0261000f01766b7261747362657267
9034. (97) Message-Authenticator = 0x9bc9a9b3aa84d15dd1cb114189331eb8
9035. (97) Acct-Session-Id = "8O2.1x81bb084a0003e8e0"
9036. (97) NAS-Port-Id = "ge-3/0/6.0"
9037. (97) Calling-Station-Id = "00-e0-4c-b8-16-4d"
9038. (97) Called-Station-Id = "ec-3e-f7-68-35-00"
9039. (97) NAS-IP-Address = 10.8.0.111
9040. (97) NAS-Identifier = "nyc-access-sw011"
9041. (97) NAS-Port-Type = Ethernet
9042. (97) # Executing section authorize from file /etc/raddb/sites-enabled/default
9043. (97) authorize {
9044. (97) policy filter_username {
9045. (97) if (&User-Name) {
9046. (97) if (&User-Name) -> TRUE
9047. (97) if (&User-Name) {
9048. (97) if (&User-Name =~ / /) {
9049. (97) if (&User-Name =~ / /) -> FALSE
9050. (97) if (&User-Name =~ /@[^@]*@/ ) {
9051. (97) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
9052. (97) if (&User-Name =~ /\.\./ ) {
9053. (97) if (&User-Name =~ /\.\./ ) -> FALSE
9054. (97) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
9055. (97) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
9056. (97) if (&User-Name =~ /\.$/) {
9057. (97) if (&User-Name =~ /\.$/) -> FALSE
9058. (97) if (&User-Name =~ /@\./) {
9059. (97) if (&User-Name =~ /@\./) -> FALSE
9060. (97) } # if (&User-Name) = notfound
9061. (97) } # policy filter_username = notfound
9062. (97) [preprocess] = ok
9063. (97) [chap] = noop
9064. (97) [mschap] = noop
9065. (97) [digest] = noop
9066. (97) suffix: Checking for suffix after "@"
9067. (97) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
9068. (97) suffix: No such realm "NULL"
9069. (97) [suffix] = noop
9070. (97) eap: Peer sent EAP Response (code 2) ID 97 length 15
9071. (97) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
9072. (97) [eap] = ok
9073. (97) } # authorize = ok
9074. (97) Found Auth-Type = eap
9075. (97) # Executing group from file /etc/raddb/sites-enabled/default
9076. (97) authenticate {
9077. (97) eap: Peer sent packet with method EAP Identity (1)
9078. (97) eap: Calling submodule eap_peap to process data
9079. (97) eap_peap: Initiating new EAP-TLS session
9080. (97) eap_peap: [eaptls start] = request
9081. (97) eap: Sending EAP Request (code 1) ID 98 length 6
9082. (97) eap: EAP session adding &reply:State = 0x2c1c17b42c7e0e3c
9083. (97) [eap] = handled
9084. (97) } # authenticate = handled
9085. (97) Using Post-Auth-Type Challenge
9086. (97) Post-Auth-Type sub-section not found. Ignoring.
9087. (97) # Executing group from file /etc/raddb/sites-enabled/default
9088. (97) Sent Access-Challenge Id 121 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
9089. (97) EAP-Message = 0x016200061920
9090. (97) Message-Authenticator = 0x00000000000000000000000000000000
9091. (97) State = 0x2c1c17b42c7e0e3c9f7f86997a0aed31
9092. (97) Finished request
9093. Waking up in 2.3 seconds.
9094. (98) Received Access-Request Id 122 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
9095. (98) User-Name = "vkratsberg"
9096. (98) NAS-Port = 358
9097. (98) State = 0x2c1c17b42c7e0e3c9f7f86997a0aed31
9098. (98) EAP-Message = 0x026200a31980000000991603010094010000900301573f503e83fd035df2ff5dd1350d8e81638b8df3f11185f7bdbd9598601fcb3f20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
9099. (98) Message-Authenticator = 0xef092ef77306f124c11e3d45b144abf9
9100. (98) Acct-Session-Id = "8O2.1x81bb084a0003e8e0"
9101. (98) NAS-Port-Id = "ge-3/0/6.0"
9102. (98) Calling-Station-Id = "00-e0-4c-b8-16-4d"
9103. (98) Called-Station-Id = "ec-3e-f7-68-35-00"
9104. (98) NAS-IP-Address = 10.8.0.111
9105. (98) NAS-Identifier = "nyc-access-sw011"
9106. (98) NAS-Port-Type = Ethernet
9107. (98) session-state: No cached attributes
9108. (98) # Executing section authorize from file /etc/raddb/sites-enabled/default
9109. (98) authorize {
9110. (98) policy filter_username {
9111. (98) if (&User-Name) {
9112. (98) if (&User-Name) -> TRUE
9113. (98) if (&User-Name) {
9114. (98) if (&User-Name =~ / /) {
9115. (98) if (&User-Name =~ / /) -> FALSE
9116. (98) if (&User-Name =~ /@[^@]*@/ ) {
9117. (98) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
9118. (98) if (&User-Name =~ /\.\./ ) {
9119. (98) if (&User-Name =~ /\.\./ ) -> FALSE
9120. (98) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
9121. (98) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
9122. (98) if (&User-Name =~ /\.$/) {
9123. (98) if (&User-Name =~ /\.$/) -> FALSE
9124. (98) if (&User-Name =~ /@\./) {
9125. (98) if (&User-Name =~ /@\./) -> FALSE
9126. (98) } # if (&User-Name) = notfound
9127. (98) } # policy filter_username = notfound
9128. (98) [preprocess] = ok
9129. (98) [chap] = noop
9130. (98) [mschap] = noop
9131. (98) [digest] = noop
9132. (98) suffix: Checking for suffix after "@"
9133. (98) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
9134. (98) suffix: No such realm "NULL"
9135. (98) [suffix] = noop
9136. (98) eap: Peer sent EAP Response (code 2) ID 98 length 163
9137. (98) eap: Continuing tunnel setup
9138. (98) [eap] = ok
9139. (98) } # authorize = ok
9140. (98) Found Auth-Type = eap
9141. (98) # Executing group from file /etc/raddb/sites-enabled/default
9142. (98) authenticate {
9143. (98) eap: Expiring EAP session with state 0x2c1c17b42c7e0e3c
9144. (98) eap: Finished EAP session with state 0x2c1c17b42c7e0e3c
9145. (98) eap: Previous EAP request found for state 0x2c1c17b42c7e0e3c, released from the list
9146. (98) eap: Peer sent packet with method EAP PEAP (25)
9147. (98) eap: Calling submodule eap_peap to process data
9148. (98) eap_peap: Continuing EAP-TLS
9149. (98) eap_peap: Peer indicated complete TLS record size will be 153 bytes
9150. (98) eap_peap: Got complete TLS record (153 bytes)
9151. (98) eap_peap: [eaptls verify] = length included
9152. (98) eap_peap: (other): before/accept initialization
9153. (98) eap_peap: TLS_accept: before/accept initialization
9154. (98) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
9155. (98) eap_peap: TLS_accept: SSLv3 read client hello A
9156. (98) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
9157. (98) eap_peap: TLS_accept: SSLv3 write server hello A
9158. (98) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
9159. (98) eap_peap: TLS_accept: SSLv3 write change cipher spec A
9160. (98) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
9161. (98) eap_peap: TLS_accept: SSLv3 write finished A
9162. (98) eap_peap: TLS_accept: SSLv3 flush data
9163. (98) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
9164. (98) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
9165. (98) eap_peap: In SSL Handshake Phase
9166. (98) eap_peap: In SSL Accept mode
9167. (98) eap_peap: [eaptls process] = handled
9168. (98) eap: Sending EAP Request (code 1) ID 99 length 159
9169. (98) eap: EAP session adding &reply:State = 0x2c1c17b42d7f0e3c
9170. (98) [eap] = handled
9171. (98) } # authenticate = handled
9172. (98) Using Post-Auth-Type Challenge
9173. (98) Post-Auth-Type sub-section not found. Ignoring.
9174. (98) # Executing group from file /etc/raddb/sites-enabled/default
9175. (98) Sent Access-Challenge Id 122 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
9176. (98) EAP-Message = 0x0163009f19001603010059020000550301573f503ed0837d391103fb378bdd8d2a6de0737b22cd7f632d8359d980ce9c9020274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030c2f3d07044b64546
9177. (98) Message-Authenticator = 0x00000000000000000000000000000000
9178. (98) State = 0x2c1c17b42d7f0e3c9f7f86997a0aed31
9179. (98) Finished request
9180. Waking up in 2.3 seconds.
9181. (99) Received Access-Request Id 123 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
9182. (99) User-Name = "vkratsberg"
9183. (99) NAS-Port = 358
9184. (99) State = 0x2c1c17b42d7f0e3c9f7f86997a0aed31
9185. (99) EAP-Message = 0x0263004519800000003b1403010001011603010030991dc152ca1ad3238f263a379cda4409facb6b529366c0d843e9d768cc2c7360701d5c9ea37dc7e3a38d6d2cbb34225c
9186. (99) Message-Authenticator = 0xd17b4dddc0460a9ea2a87245426d7e7f
9187. (99) Acct-Session-Id = "8O2.1x81bb084a0003e8e0"
9188. (99) NAS-Port-Id = "ge-3/0/6.0"
9189. (99) Calling-Station-Id = "00-e0-4c-b8-16-4d"
9190. (99) Called-Station-Id = "ec-3e-f7-68-35-00"
9191. (99) NAS-IP-Address = 10.8.0.111
9192. (99) NAS-Identifier = "nyc-access-sw011"
9193. (99) NAS-Port-Type = Ethernet
9194. (99) session-state: No cached attributes
9195. (99) # Executing section authorize from file /etc/raddb/sites-enabled/default
9196. (99) authorize {
9197. (99) policy filter_username {
9198. (99) if (&User-Name) {
9199. (99) if (&User-Name) -> TRUE
9200. (99) if (&User-Name) {
9201. (99) if (&User-Name =~ / /) {
9202. (99) if (&User-Name =~ / /) -> FALSE
9203. (99) if (&User-Name =~ /@[^@]*@/ ) {
9204. (99) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
9205. (99) if (&User-Name =~ /\.\./ ) {
9206. (99) if (&User-Name =~ /\.\./ ) -> FALSE
9207. (99) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
9208. (99) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
9209. (99) if (&User-Name =~ /\.$/) {
9210. (99) if (&User-Name =~ /\.$/) -> FALSE
9211. (99) if (&User-Name =~ /@\./) {
9212. (99) if (&User-Name =~ /@\./) -> FALSE
9213. (99) } # if (&User-Name) = notfound
9214. (99) } # policy filter_username = notfound
9215. (99) [preprocess] = ok
9216. (99) [chap] = noop
9217. (99) [mschap] = noop
9218. (99) [digest] = noop
9219. (99) suffix: Checking for suffix after "@"
9220. (99) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
9221. (99) suffix: No such realm "NULL"
9222. (99) [suffix] = noop
9223. (99) eap: Peer sent EAP Response (code 2) ID 99 length 69
9224. (99) eap: Continuing tunnel setup
9225. (99) [eap] = ok
9226. (99) } # authorize = ok
9227. (99) Found Auth-Type = eap
9228. (99) # Executing group from file /etc/raddb/sites-enabled/default
9229. (99) authenticate {
9230. (99) eap: Expiring EAP session with state 0x2c1c17b42d7f0e3c
9231. (99) eap: Finished EAP session with state 0x2c1c17b42d7f0e3c
9232. (99) eap: Previous EAP request found for state 0x2c1c17b42d7f0e3c, released from the list
9233. (99) eap: Peer sent packet with method EAP PEAP (25)
9234. (99) eap: Calling submodule eap_peap to process data
9235. (99) eap_peap: Continuing EAP-TLS
9236. (99) eap_peap: Peer indicated complete TLS record size will be 59 bytes
9237. (99) eap_peap: Got complete TLS record (59 bytes)
9238. (99) eap_peap: [eaptls verify] = length included
9239. (99) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
9240. (99) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
9241. (99) eap_peap: TLS_accept: SSLv3 read finished A
9242. (99) eap_peap: (other): SSL negotiation finished successfully
9243. (99) eap_peap: SSL Connection Established
9244. (99) eap_peap: SSL Application Data
9245. (99) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
9246. (99) eap_peap: reply:User-Name = "vkratsberg"
9247. (99) eap_peap: [eaptls process] = success
9248. (99) eap_peap: Session established. Decoding tunneled attributes
9249. (99) eap_peap: PEAP state TUNNEL ESTABLISHED
9250. (99) eap_peap: Skipping Phase2 because of session resumption
9251. (99) eap_peap: SUCCESS
9252. (99) eap: Sending EAP Request (code 1) ID 100 length 43
9253. (99) eap: EAP session adding &reply:State = 0x2c1c17b42e780e3c
9254. (99) [eap] = handled
9255. (99) } # authenticate = handled
9256. (99) Using Post-Auth-Type Challenge
9257. (99) Post-Auth-Type sub-section not found. Ignoring.
9258. (99) # Executing group from file /etc/raddb/sites-enabled/default
9259. (99) Sent Access-Challenge Id 123 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
9260. (99) User-Name = "vkratsberg"
9261. (99) EAP-Message = 0x0164002b190017030100205e43efacac3b2c03d39faabf34e18424d7db7c016b7993b299576d9bdecf7289
9262. (99) Message-Authenticator = 0x00000000000000000000000000000000
9263. (99) State = 0x2c1c17b42e780e3c9f7f86997a0aed31
9264. (99) Finished request
9265. Waking up in 2.3 seconds.
9266. (100) Received Access-Request Id 124 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
9267. (100) User-Name = "vkratsberg"
9268. (100) NAS-Port = 358
9269. (100) State = 0x2c1c17b42e780e3c9f7f86997a0aed31
9270. (100) EAP-Message = 0x0264002b19001703010020532f4070ed29a7969a4776572c709ec686f494278a16321227b4d41265fa1562
9271. (100) Message-Authenticator = 0x54ad459699cdd67acaa88786184df8cc
9272. (100) Acct-Session-Id = "8O2.1x81bb084a0003e8e0"
9273. (100) NAS-Port-Id = "ge-3/0/6.0"
9274. (100) Calling-Station-Id = "00-e0-4c-b8-16-4d"
9275. (100) Called-Station-Id = "ec-3e-f7-68-35-00"
9276. (100) NAS-IP-Address = 10.8.0.111
9277. (100) NAS-Identifier = "nyc-access-sw011"
9278. (100) NAS-Port-Type = Ethernet
9279. (100) session-state: No cached attributes
9280. (100) # Executing section authorize from file /etc/raddb/sites-enabled/default
9281. (100) authorize {
9282. (100) policy filter_username {
9283. (100) if (&User-Name) {
9284. (100) if (&User-Name) -> TRUE
9285. (100) if (&User-Name) {
9286. (100) if (&User-Name =~ / /) {
9287. (100) if (&User-Name =~ / /) -> FALSE
9288. (100) if (&User-Name =~ /@[^@]*@/ ) {
9289. (100) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
9290. (100) if (&User-Name =~ /\.\./ ) {
9291. (100) if (&User-Name =~ /\.\./ ) -> FALSE
9292. (100) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
9293. (100) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
9294. (100) if (&User-Name =~ /\.$/) {
9295. (100) if (&User-Name =~ /\.$/) -> FALSE
9296. (100) if (&User-Name =~ /@\./) {
9297. (100) if (&User-Name =~ /@\./) -> FALSE
9298. (100) } # if (&User-Name) = notfound
9299. (100) } # policy filter_username = notfound
9300. (100) [preprocess] = ok
9301. (100) [chap] = noop
9302. (100) [mschap] = noop
9303. (100) [digest] = noop
9304. (100) suffix: Checking for suffix after "@"
9305. (100) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
9306. (100) suffix: No such realm "NULL"
9307. (100) [suffix] = noop
9308. (100) eap: Peer sent EAP Response (code 2) ID 100 length 43
9309. (100) eap: Continuing tunnel setup
9310. (100) [eap] = ok
9311. (100) } # authorize = ok
9312. (100) Found Auth-Type = eap
9313. (100) # Executing group from file /etc/raddb/sites-enabled/default
9314. (100) authenticate {
9315. (100) eap: Expiring EAP session with state 0x2c1c17b42e780e3c
9316. (100) eap: Finished EAP session with state 0x2c1c17b42e780e3c
9317. (100) eap: Previous EAP request found for state 0x2c1c17b42e780e3c, released from the list
9318. (100) eap: Peer sent packet with method EAP PEAP (25)
9319. (100) eap: Calling submodule eap_peap to process data
9320. (100) eap_peap: Continuing EAP-TLS
9321. (100) eap_peap: [eaptls verify] = ok
9322. (100) eap_peap: Done initial handshake
9323. (100) eap_peap: [eaptls process] = ok
9324. (100) eap_peap: Session established. Decoding tunneled attributes
9325. (100) eap_peap: PEAP state send tlv success
9326. (100) eap_peap: Received EAP-TLV response
9327. (100) eap_peap: Success
9328. (100) eap_peap: No saved attributes in the original Access-Accept
9329. (100) eap: Sending EAP Success (code 3) ID 100 length 4
9330. (100) eap: Freeing handler
9331. (100) [eap] = ok
9332. (100) } # authenticate = ok
9333. (100) # Executing section post-auth from file /etc/raddb/sites-enabled/default
9334. (100) post-auth {
9335. (100) update {
9336. (100) No attributes updated
9337. (100) } # update = noop
9338. (100) [exec] = noop
9339. (100) policy remove_reply_message_if_eap {
9340. (100) if (&reply:EAP-Message && &reply:Reply-Message) {
9341. (100) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
9342. (100) else {
9343. (100) [noop] = noop
9344. (100) } # else = noop
9345. (100) } # policy remove_reply_message_if_eap = noop
9346. (100) } # post-auth = noop
9347. (100) Sent Access-Accept Id 124 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
9348. (100) MS-MPPE-Recv-Key = 0x98a19e084b1eb1999a4ffcec23251d54be4f668d264b0f9540487ff3e7265e26
9349. (100) MS-MPPE-Send-Key = 0x92799a3e159a30ef72f75c855b0011c79291a042e0425dc9bdd423a855698ff5
9350. (100) EAP-Message = 0x03640004
9351. (100) Message-Authenticator = 0x00000000000000000000000000000000
9352. (100) User-Name = "vkratsberg"
9353. (100) Finished request
9354. Waking up in 2.3 seconds.
9355. (101) Received Access-Request Id 125 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
9356. (101) User-Name = "vkratsberg"
9357. (101) NAS-Port = 358
9358. (101) EAP-Message = 0x0265000f01766b7261747362657267
9359. (101) Message-Authenticator = 0x4fb9ee30edfa3bc1eceac62705a5fa84
9360. (101) Acct-Session-Id = "8O2.1x81bb084b0005868c"
9361. (101) NAS-Port-Id = "ge-3/0/6.0"
9362. (101) Calling-Station-Id = "00-e0-4c-b8-16-4d"
9363. (101) Called-Station-Id = "ec-3e-f7-68-35-00"
9364. (101) NAS-IP-Address = 10.8.0.111
9365. (101) NAS-Identifier = "nyc-access-sw011"
9366. (101) NAS-Port-Type = Ethernet
9367. (101) # Executing section authorize from file /etc/raddb/sites-enabled/default
9368. (101) authorize {
9369. (101) policy filter_username {
9370. (101) if (&User-Name) {
9371. (101) if (&User-Name) -> TRUE
9372. (101) if (&User-Name) {
9373. (101) if (&User-Name =~ / /) {
9374. (101) if (&User-Name =~ / /) -> FALSE
9375. (101) if (&User-Name =~ /@[^@]*@/ ) {
9376. (101) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
9377. (101) if (&User-Name =~ /\.\./ ) {
9378. (101) if (&User-Name =~ /\.\./ ) -> FALSE
9379. (101) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
9380. (101) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
9381. (101) if (&User-Name =~ /\.$/) {
9382. (101) if (&User-Name =~ /\.$/) -> FALSE
9383. (101) if (&User-Name =~ /@\./) {
9384. (101) if (&User-Name =~ /@\./) -> FALSE
9385. (101) } # if (&User-Name) = notfound
9386. (101) } # policy filter_username = notfound
9387. (101) [preprocess] = ok
9388. (101) [chap] = noop
9389. (101) [mschap] = noop
9390. (101) [digest] = noop
9391. (101) suffix: Checking for suffix after "@"
9392. (101) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
9393. (101) suffix: No such realm "NULL"
9394. (101) [suffix] = noop
9395. (101) eap: Peer sent EAP Response (code 2) ID 101 length 15
9396. (101) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
9397. (101) [eap] = ok
9398. (101) } # authorize = ok
9399. (101) Found Auth-Type = eap
9400. (101) # Executing group from file /etc/raddb/sites-enabled/default
9401. (101) authenticate {
9402. (101) eap: Peer sent packet with method EAP Identity (1)
9403. (101) eap: Calling submodule eap_peap to process data
9404. (101) eap_peap: Initiating new EAP-TLS session
9405. (101) eap_peap: [eaptls start] = request
9406. (101) eap: Sending EAP Request (code 1) ID 102 length 6
9407. (101) eap: EAP session adding &reply:State = 0x24a608c024c0111d
9408. (101) [eap] = handled
9409. (101) } # authenticate = handled
9410. (101) Using Post-Auth-Type Challenge
9411. (101) Post-Auth-Type sub-section not found. Ignoring.
9412. (101) # Executing group from file /etc/raddb/sites-enabled/default
9413. (101) Sent Access-Challenge Id 125 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
9414. (101) EAP-Message = 0x016600061920
9415. (101) Message-Authenticator = 0x00000000000000000000000000000000
9416. (101) State = 0x24a608c024c0111d81e437b9b4015e18
9417. (101) Finished request
9418. Waking up in 2.2 seconds.
9419. (102) Received Access-Request Id 126 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
9420. (102) User-Name = "vkratsberg"
9421. (102) NAS-Port = 358
9422. (102) State = 0x24a608c024c0111d81e437b9b4015e18
9423. (102) EAP-Message = 0x026600a31980000000991603010094010000900301573f503ed56ab4645d349533e56680459dfebbb1ab64b08c40551a599191a12e20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
9424. (102) Message-Authenticator = 0xa197e84cef07d4a14303722cab1c8b37
9425. (102) Acct-Session-Id = "8O2.1x81bb084b0005868c"
9426. (102) NAS-Port-Id = "ge-3/0/6.0"
9427. (102) Calling-Station-Id = "00-e0-4c-b8-16-4d"
9428. (102) Called-Station-Id = "ec-3e-f7-68-35-00"
9429. (102) NAS-IP-Address = 10.8.0.111
9430. (102) NAS-Identifier = "nyc-access-sw011"
9431. (102) NAS-Port-Type = Ethernet
9432. (102) session-state: No cached attributes
9433. (102) # Executing section authorize from file /etc/raddb/sites-enabled/default
9434. (102) authorize {
9435. (102) policy filter_username {
9436. (102) if (&User-Name) {
9437. (102) if (&User-Name) -> TRUE
9438. (102) if (&User-Name) {
9439. (102) if (&User-Name =~ / /) {
9440. (102) if (&User-Name =~ / /) -> FALSE
9441. (102) if (&User-Name =~ /@[^@]*@/ ) {
9442. (102) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
9443. (102) if (&User-Name =~ /\.\./ ) {
9444. (102) if (&User-Name =~ /\.\./ ) -> FALSE
9445. (102) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
9446. (102) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
9447. (102) if (&User-Name =~ /\.$/) {
9448. (102) if (&User-Name =~ /\.$/) -> FALSE
9449. (102) if (&User-Name =~ /@\./) {
9450. (102) if (&User-Name =~ /@\./) -> FALSE
9451. (102) } # if (&User-Name) = notfound
9452. (102) } # policy filter_username = notfound
9453. (102) [preprocess] = ok
9454. (102) [chap] = noop
9455. (102) [mschap] = noop
9456. (102) [digest] = noop
9457. (102) suffix: Checking for suffix after "@"
9458. (102) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
9459. (102) suffix: No such realm "NULL"
9460. (102) [suffix] = noop
9461. (102) eap: Peer sent EAP Response (code 2) ID 102 length 163
9462. (102) eap: Continuing tunnel setup
9463. (102) [eap] = ok
9464. (102) } # authorize = ok
9465. (102) Found Auth-Type = eap
9466. (102) # Executing group from file /etc/raddb/sites-enabled/default
9467. (102) authenticate {
9468. (102) eap: Expiring EAP session with state 0x24a608c024c0111d
9469. (102) eap: Finished EAP session with state 0x24a608c024c0111d
9470. (102) eap: Previous EAP request found for state 0x24a608c024c0111d, released from the list
9471. (102) eap: Peer sent packet with method EAP PEAP (25)
9472. (102) eap: Calling submodule eap_peap to process data
9473. (102) eap_peap: Continuing EAP-TLS
9474. (102) eap_peap: Peer indicated complete TLS record size will be 153 bytes
9475. (102) eap_peap: Got complete TLS record (153 bytes)
9476. (102) eap_peap: [eaptls verify] = length included
9477. (102) eap_peap: (other): before/accept initialization
9478. (102) eap_peap: TLS_accept: before/accept initialization
9479. (102) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
9480. (102) eap_peap: TLS_accept: SSLv3 read client hello A
9481. (102) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
9482. (102) eap_peap: TLS_accept: SSLv3 write server hello A
9483. (102) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
9484. (102) eap_peap: TLS_accept: SSLv3 write change cipher spec A
9485. (102) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
9486. (102) eap_peap: TLS_accept: SSLv3 write finished A
9487. (102) eap_peap: TLS_accept: SSLv3 flush data
9488. (102) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
9489. (102) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
9490. (102) eap_peap: In SSL Handshake Phase
9491. (102) eap_peap: In SSL Accept mode
9492. (102) eap_peap: [eaptls process] = handled
9493. (102) eap: Sending EAP Request (code 1) ID 103 length 159
9494. (102) eap: EAP session adding &reply:State = 0x24a608c025c1111d
9495. (102) [eap] = handled
9496. (102) } # authenticate = handled
9497. (102) Using Post-Auth-Type Challenge
9498. (102) Post-Auth-Type sub-section not found. Ignoring.
9499. (102) # Executing group from file /etc/raddb/sites-enabled/default
9500. (102) Sent Access-Challenge Id 126 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
9501. (102) EAP-Message = 0x0167009f19001603010059020000550301573f503e72facb0c583779b3179aedb0ddf4a966de439d4bd7e0cb8e91237cd920274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b000403000102140301000101160301003083b18f8cc835cd24
9502. (102) Message-Authenticator = 0x00000000000000000000000000000000
9503. (102) State = 0x24a608c025c1111d81e437b9b4015e18
9504. (102) Finished request
9505. Waking up in 2.2 seconds.
9506. (103) Received Access-Request Id 127 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
9507. (103) User-Name = "vkratsberg"
9508. (103) NAS-Port = 358
9509. (103) State = 0x24a608c025c1111d81e437b9b4015e18
9510. (103) EAP-Message = 0x0267004519800000003b1403010001011603010030e90138e5b4ce00ca45eed9d71b48d9fc7814ed133faacc9bf0489a142cb59553cb3293d383592723db7c4794dd6ca5c4
9511. (103) Message-Authenticator = 0x09c12b3bd8aa51cd64bbfe7e424efec9
9512. (103) Acct-Session-Id = "8O2.1x81bb084b0005868c"
9513. (103) NAS-Port-Id = "ge-3/0/6.0"
9514. (103) Calling-Station-Id = "00-e0-4c-b8-16-4d"
9515. (103) Called-Station-Id = "ec-3e-f7-68-35-00"
9516. (103) NAS-IP-Address = 10.8.0.111
9517. (103) NAS-Identifier = "nyc-access-sw011"
9518. (103) NAS-Port-Type = Ethernet
9519. (103) session-state: No cached attributes
9520. (103) # Executing section authorize from file /etc/raddb/sites-enabled/default
9521. (103) authorize {
9522. (103) policy filter_username {
9523. (103) if (&User-Name) {
9524. (103) if (&User-Name) -> TRUE
9525. (103) if (&User-Name) {
9526. (103) if (&User-Name =~ / /) {
9527. (103) if (&User-Name =~ / /) -> FALSE
9528. (103) if (&User-Name =~ /@[^@]*@/ ) {
9529. (103) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
9530. (103) if (&User-Name =~ /\.\./ ) {
9531. (103) if (&User-Name =~ /\.\./ ) -> FALSE
9532. (103) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
9533. (103) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
9534. (103) if (&User-Name =~ /\.$/) {
9535. (103) if (&User-Name =~ /\.$/) -> FALSE
9536. (103) if (&User-Name =~ /@\./) {
9537. (103) if (&User-Name =~ /@\./) -> FALSE
9538. (103) } # if (&User-Name) = notfound
9539. (103) } # policy filter_username = notfound
9540. (103) [preprocess] = ok
9541. (103) [chap] = noop
9542. (103) [mschap] = noop
9543. (103) [digest] = noop
9544. (103) suffix: Checking for suffix after "@"
9545. (103) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
9546. (103) suffix: No such realm "NULL"
9547. (103) [suffix] = noop
9548. (103) eap: Peer sent EAP Response (code 2) ID 103 length 69
9549. (103) eap: Continuing tunnel setup
9550. (103) [eap] = ok
9551. (103) } # authorize = ok
9552. (103) Found Auth-Type = eap
9553. (103) # Executing group from file /etc/raddb/sites-enabled/default
9554. (103) authenticate {
9555. (103) eap: Expiring EAP session with state 0x24a608c025c1111d
9556. (103) eap: Finished EAP session with state 0x24a608c025c1111d
9557. (103) eap: Previous EAP request found for state 0x24a608c025c1111d, released from the list
9558. (103) eap: Peer sent packet with method EAP PEAP (25)
9559. (103) eap: Calling submodule eap_peap to process data
9560. (103) eap_peap: Continuing EAP-TLS
9561. (103) eap_peap: Peer indicated complete TLS record size will be 59 bytes
9562. (103) eap_peap: Got complete TLS record (59 bytes)
9563. (103) eap_peap: [eaptls verify] = length included
9564. (103) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
9565. (103) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
9566. (103) eap_peap: TLS_accept: SSLv3 read finished A
9567. (103) eap_peap: (other): SSL negotiation finished successfully
9568. (103) eap_peap: SSL Connection Established
9569. (103) eap_peap: SSL Application Data
9570. (103) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
9571. (103) eap_peap: reply:User-Name = "vkratsberg"
9572. (103) eap_peap: [eaptls process] = success
9573. (103) eap_peap: Session established. Decoding tunneled attributes
9574. (103) eap_peap: PEAP state TUNNEL ESTABLISHED
9575. (103) eap_peap: Skipping Phase2 because of session resumption
9576. (103) eap_peap: SUCCESS
9577. (103) eap: Sending EAP Request (code 1) ID 104 length 43
9578. (103) eap: EAP session adding &reply:State = 0x24a608c026ce111d
9579. (103) [eap] = handled
9580. (103) } # authenticate = handled
9581. (103) Using Post-Auth-Type Challenge
9582. (103) Post-Auth-Type sub-section not found. Ignoring.
9583. (103) # Executing group from file /etc/raddb/sites-enabled/default
9584. (103) Sent Access-Challenge Id 127 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
9585. (103) User-Name = "vkratsberg"
9586. (103) EAP-Message = 0x0168002b190017030100204cf3f2b354d96fe2a59b44d7199a6f52e3200520e62e7304e073c2d25a1ea45a
9587. (103) Message-Authenticator = 0x00000000000000000000000000000000
9588. (103) State = 0x24a608c026ce111d81e437b9b4015e18
9589. (103) Finished request
9590. Waking up in 2.2 seconds.
9591. (104) Received Access-Request Id 128 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
9592. (104) User-Name = "vkratsberg"
9593. (104) NAS-Port = 358
9594. (104) State = 0x24a608c026ce111d81e437b9b4015e18
9595. (104) EAP-Message = 0x0268002b190017030100209f8d22eed960e85d4b2b80e2ae0f628a148651baff16d38cdf0ab1fbbe21a953
9596. (104) Message-Authenticator = 0x6784b214786030cb9526d336b0b049f3
9597. (104) Acct-Session-Id = "8O2.1x81bb084b0005868c"
9598. (104) NAS-Port-Id = "ge-3/0/6.0"
9599. (104) Calling-Station-Id = "00-e0-4c-b8-16-4d"
9600. (104) Called-Station-Id = "ec-3e-f7-68-35-00"
9601. (104) NAS-IP-Address = 10.8.0.111
9602. (104) NAS-Identifier = "nyc-access-sw011"
9603. (104) NAS-Port-Type = Ethernet
9604. (104) session-state: No cached attributes
9605. (104) # Executing section authorize from file /etc/raddb/sites-enabled/default
9606. (104) authorize {
9607. (104) policy filter_username {
9608. (104) if (&User-Name) {
9609. (104) if (&User-Name) -> TRUE
9610. (104) if (&User-Name) {
9611. (104) if (&User-Name =~ / /) {
9612. (104) if (&User-Name =~ / /) -> FALSE
9613. (104) if (&User-Name =~ /@[^@]*@/ ) {
9614. (104) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
9615. (104) if (&User-Name =~ /\.\./ ) {
9616. (104) if (&User-Name =~ /\.\./ ) -> FALSE
9617. (104) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
9618. (104) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
9619. (104) if (&User-Name =~ /\.$/) {
9620. (104) if (&User-Name =~ /\.$/) -> FALSE
9621. (104) if (&User-Name =~ /@\./) {
9622. (104) if (&User-Name =~ /@\./) -> FALSE
9623. (104) } # if (&User-Name) = notfound
9624. (104) } # policy filter_username = notfound
9625. (104) [preprocess] = ok
9626. (104) [chap] = noop
9627. (104) [mschap] = noop
9628. (104) [digest] = noop
9629. (104) suffix: Checking for suffix after "@"
9630. (104) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
9631. (104) suffix: No such realm "NULL"
9632. (104) [suffix] = noop
9633. (104) eap: Peer sent EAP Response (code 2) ID 104 length 43
9634. (104) eap: Continuing tunnel setup
9635. (104) [eap] = ok
9636. (104) } # authorize = ok
9637. (104) Found Auth-Type = eap
9638. (104) # Executing group from file /etc/raddb/sites-enabled/default
9639. (104) authenticate {
9640. (104) eap: Expiring EAP session with state 0x24a608c026ce111d
9641. (104) eap: Finished EAP session with state 0x24a608c026ce111d
9642. (104) eap: Previous EAP request found for state 0x24a608c026ce111d, released from the list
9643. (104) eap: Peer sent packet with method EAP PEAP (25)
9644. (104) eap: Calling submodule eap_peap to process data
9645. (104) eap_peap: Continuing EAP-TLS
9646. (104) eap_peap: [eaptls verify] = ok
9647. (104) eap_peap: Done initial handshake
9648. (104) eap_peap: [eaptls process] = ok
9649. (104) eap_peap: Session established. Decoding tunneled attributes
9650. (104) eap_peap: PEAP state send tlv success
9651. (104) eap_peap: Received EAP-TLV response
9652. (104) eap_peap: Success
9653. (104) eap_peap: No saved attributes in the original Access-Accept
9654. (104) eap: Sending EAP Success (code 3) ID 104 length 4
9655. (104) eap: Freeing handler
9656. (104) [eap] = ok
9657. (104) } # authenticate = ok
9658. (104) # Executing section post-auth from file /etc/raddb/sites-enabled/default
9659. (104) post-auth {
9660. (104) update {
9661. (104) No attributes updated
9662. (104) } # update = noop
9663. (104) [exec] = noop
9664. (104) policy remove_reply_message_if_eap {
9665. (104) if (&reply:EAP-Message && &reply:Reply-Message) {
9666. (104) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
9667. (104) else {
9668. (104) [noop] = noop
9669. (104) } # else = noop
9670. (104) } # policy remove_reply_message_if_eap = noop
9671. (104) } # post-auth = noop
9672. (104) Sent Access-Accept Id 128 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
9673. (104) MS-MPPE-Recv-Key = 0xc2d72280488203e380e06836087c1be2130b17b891ac39cea8cca0cb6013368f
9674. (104) MS-MPPE-Send-Key = 0x2aef80403bb6b5faae9f0d031fa01f616330b19d89744b617c0d7f7493ed3dd2
9675. (104) EAP-Message = 0x03680004
9676. (104) Message-Authenticator = 0x00000000000000000000000000000000
9677. (104) User-Name = "vkratsberg"
9678. (104) Finished request
9679. Waking up in 2.2 seconds.
9680. (105) Received Access-Request Id 129 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
9681. (105) User-Name = "vkratsberg"
9682. (105) NAS-Port = 358
9683. (105) EAP-Message = 0x0269000f01766b7261747362657267
9684. (105) Message-Authenticator = 0x3d7755516c30867e401a0fb94e1177db
9685. (105) Acct-Session-Id = "8O2.1x81bb084c00071fd5"
9686. (105) NAS-Port-Id = "ge-3/0/6.0"
9687. (105) Calling-Station-Id = "00-e0-4c-b8-16-4d"
9688. (105) Called-Station-Id = "ec-3e-f7-68-35-00"
9689. (105) NAS-IP-Address = 10.8.0.111
9690. (105) NAS-Identifier = "nyc-access-sw011"
9691. (105) NAS-Port-Type = Ethernet
9692. (105) # Executing section authorize from file /etc/raddb/sites-enabled/default
9693. (105) authorize {
9694. (105) policy filter_username {
9695. (105) if (&User-Name) {
9696. (105) if (&User-Name) -> TRUE
9697. (105) if (&User-Name) {
9698. (105) if (&User-Name =~ / /) {
9699. (105) if (&User-Name =~ / /) -> FALSE
9700. (105) if (&User-Name =~ /@[^@]*@/ ) {
9701. (105) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
9702. (105) if (&User-Name =~ /\.\./ ) {
9703. (105) if (&User-Name =~ /\.\./ ) -> FALSE
9704. (105) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
9705. (105) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
9706. (105) if (&User-Name =~ /\.$/) {
9707. (105) if (&User-Name =~ /\.$/) -> FALSE
9708. (105) if (&User-Name =~ /@\./) {
9709. (105) if (&User-Name =~ /@\./) -> FALSE
9710. (105) } # if (&User-Name) = notfound
9711. (105) } # policy filter_username = notfound
9712. (105) [preprocess] = ok
9713. (105) [chap] = noop
9714. (105) [mschap] = noop
9715. (105) [digest] = noop
9716. (105) suffix: Checking for suffix after "@"
9717. (105) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
9718. (105) suffix: No such realm "NULL"
9719. (105) [suffix] = noop
9720. (105) eap: Peer sent EAP Response (code 2) ID 105 length 15
9721. (105) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
9722. (105) [eap] = ok
9723. (105) } # authorize = ok
9724. (105) Found Auth-Type = eap
9725. (105) # Executing group from file /etc/raddb/sites-enabled/default
9726. (105) authenticate {
9727. (105) eap: Peer sent packet with method EAP Identity (1)
9728. (105) eap: Calling submodule eap_peap to process data
9729. (105) eap_peap: Initiating new EAP-TLS session
9730. (105) eap_peap: [eaptls start] = request
9731. (105) eap: Sending EAP Request (code 1) ID 106 length 6
9732. (105) eap: EAP session adding &reply:State = 0x1d99cdfb1df3d417
9733. (105) [eap] = handled
9734. (105) } # authenticate = handled
9735. (105) Using Post-Auth-Type Challenge
9736. (105) Post-Auth-Type sub-section not found. Ignoring.
9737. (105) # Executing group from file /etc/raddb/sites-enabled/default
9738. (105) Sent Access-Challenge Id 129 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
9739. (105) EAP-Message = 0x016a00061920
9740. (105) Message-Authenticator = 0x00000000000000000000000000000000
9741. (105) State = 0x1d99cdfb1df3d4170bd1ad507d2b4f7b
9742. (105) Finished request
9743. Waking up in 2.1 seconds.
9744. (106) Received Access-Request Id 130 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
9745. (106) User-Name = "vkratsberg"
9746. (106) NAS-Port = 358
9747. (106) State = 0x1d99cdfb1df3d4170bd1ad507d2b4f7b
9748. (106) EAP-Message = 0x026a00a31980000000991603010094010000900301573f503e067c72ab0dead435de8cdf5db7aa389b78d598c5ad21c045cd77256320274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
9749. (106) Message-Authenticator = 0x2204e47e278393256fc5ce0e9fca46c3
9750. (106) Acct-Session-Id = "8O2.1x81bb084c00071fd5"
9751. (106) NAS-Port-Id = "ge-3/0/6.0"
9752. (106) Calling-Station-Id = "00-e0-4c-b8-16-4d"
9753. (106) Called-Station-Id = "ec-3e-f7-68-35-00"
9754. (106) NAS-IP-Address = 10.8.0.111
9755. (106) NAS-Identifier = "nyc-access-sw011"
9756. (106) NAS-Port-Type = Ethernet
9757. (106) session-state: No cached attributes
9758. (106) # Executing section authorize from file /etc/raddb/sites-enabled/default
9759. (106) authorize {
9760. (106) policy filter_username {
9761. (106) if (&User-Name) {
9762. (106) if (&User-Name) -> TRUE
9763. (106) if (&User-Name) {
9764. (106) if (&User-Name =~ / /) {
9765. (106) if (&User-Name =~ / /) -> FALSE
9766. (106) if (&User-Name =~ /@[^@]*@/ ) {
9767. (106) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
9768. (106) if (&User-Name =~ /\.\./ ) {
9769. (106) if (&User-Name =~ /\.\./ ) -> FALSE
9770. (106) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
9771. (106) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
9772. (106) if (&User-Name =~ /\.$/) {
9773. (106) if (&User-Name =~ /\.$/) -> FALSE
9774. (106) if (&User-Name =~ /@\./) {
9775. (106) if (&User-Name =~ /@\./) -> FALSE
9776. (106) } # if (&User-Name) = notfound
9777. (106) } # policy filter_username = notfound
9778. (106) [preprocess] = ok
9779. (106) [chap] = noop
9780. (106) [mschap] = noop
9781. (106) [digest] = noop
9782. (106) suffix: Checking for suffix after "@"
9783. (106) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
9784. (106) suffix: No such realm "NULL"
9785. (106) [suffix] = noop
9786. (106) eap: Peer sent EAP Response (code 2) ID 106 length 163
9787. (106) eap: Continuing tunnel setup
9788. (106) [eap] = ok
9789. (106) } # authorize = ok
9790. (106) Found Auth-Type = eap
9791. (106) # Executing group from file /etc/raddb/sites-enabled/default
9792. (106) authenticate {
9793. (106) eap: Expiring EAP session with state 0x1d99cdfb1df3d417
9794. (106) eap: Finished EAP session with state 0x1d99cdfb1df3d417
9795. (106) eap: Previous EAP request found for state 0x1d99cdfb1df3d417, released from the list
9796. (106) eap: Peer sent packet with method EAP PEAP (25)
9797. (106) eap: Calling submodule eap_peap to process data
9798. (106) eap_peap: Continuing EAP-TLS
9799. (106) eap_peap: Peer indicated complete TLS record size will be 153 bytes
9800. (106) eap_peap: Got complete TLS record (153 bytes)
9801. (106) eap_peap: [eaptls verify] = length included
9802. (106) eap_peap: (other): before/accept initialization
9803. (106) eap_peap: TLS_accept: before/accept initialization
9804. (106) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
9805. (106) eap_peap: TLS_accept: SSLv3 read client hello A
9806. (106) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
9807. (106) eap_peap: TLS_accept: SSLv3 write server hello A
9808. (106) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
9809. (106) eap_peap: TLS_accept: SSLv3 write change cipher spec A
9810. (106) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
9811. (106) eap_peap: TLS_accept: SSLv3 write finished A
9812. (106) eap_peap: TLS_accept: SSLv3 flush data
9813. (106) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
9814. (106) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
9815. (106) eap_peap: In SSL Handshake Phase
9816. (106) eap_peap: In SSL Accept mode
9817. (106) eap_peap: [eaptls process] = handled
9818. (106) eap: Sending EAP Request (code 1) ID 107 length 159
9819. (106) eap: EAP session adding &reply:State = 0x1d99cdfb1cf2d417
9820. (106) [eap] = handled
9821. (106) } # authenticate = handled
9822. (106) Using Post-Auth-Type Challenge
9823. (106) Post-Auth-Type sub-section not found. Ignoring.
9824. (106) # Executing group from file /etc/raddb/sites-enabled/default
9825. (106) Sent Access-Challenge Id 130 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
9826. (106) EAP-Message = 0x016b009f19001603010059020000550301573f503e1bc3d040156caa8a5eae67b2639d18dafcedf462a8ee4ecd358817de20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030884a5ec9d690f5f9
9827. (106) Message-Authenticator = 0x00000000000000000000000000000000
9828. (106) State = 0x1d99cdfb1cf2d4170bd1ad507d2b4f7b
9829. (106) Finished request
9830. Waking up in 2.1 seconds.
9831. (107) Received Access-Request Id 131 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
9832. (107) User-Name = "vkratsberg"
9833. (107) NAS-Port = 358
9834. (107) State = 0x1d99cdfb1cf2d4170bd1ad507d2b4f7b
9835. (107) EAP-Message = 0x026b004519800000003b1403010001011603010030c936eb08b7bb1fc1daadb789aed1303be1814a8fe2b0f5f93fe1cd7df2e951546f0b92a87c993e4528b6f4749cc33f72
9836. (107) Message-Authenticator = 0x3d8216be085c941af434341f2eff0d2e
9837. (107) Acct-Session-Id = "8O2.1x81bb084c00071fd5"
9838. (107) NAS-Port-Id = "ge-3/0/6.0"
9839. (107) Calling-Station-Id = "00-e0-4c-b8-16-4d"
9840. (107) Called-Station-Id = "ec-3e-f7-68-35-00"
9841. (107) NAS-IP-Address = 10.8.0.111
9842. (107) NAS-Identifier = "nyc-access-sw011"
9843. (107) NAS-Port-Type = Ethernet
9844. (107) session-state: No cached attributes
9845. (107) # Executing section authorize from file /etc/raddb/sites-enabled/default
9846. (107) authorize {
9847. (107) policy filter_username {
9848. (107) if (&User-Name) {
9849. (107) if (&User-Name) -> TRUE
9850. (107) if (&User-Name) {
9851. (107) if (&User-Name =~ / /) {
9852. (107) if (&User-Name =~ / /) -> FALSE
9853. (107) if (&User-Name =~ /@[^@]*@/ ) {
9854. (107) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
9855. (107) if (&User-Name =~ /\.\./ ) {
9856. (107) if (&User-Name =~ /\.\./ ) -> FALSE
9857. (107) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
9858. (107) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
9859. (107) if (&User-Name =~ /\.$/) {
9860. (107) if (&User-Name =~ /\.$/) -> FALSE
9861. (107) if (&User-Name =~ /@\./) {
9862. (107) if (&User-Name =~ /@\./) -> FALSE
9863. (107) } # if (&User-Name) = notfound
9864. (107) } # policy filter_username = notfound
9865. (107) [preprocess] = ok
9866. (107) [chap] = noop
9867. (107) [mschap] = noop
9868. (107) [digest] = noop
9869. (107) suffix: Checking for suffix after "@"
9870. (107) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
9871. (107) suffix: No such realm "NULL"
9872. (107) [suffix] = noop
9873. (107) eap: Peer sent EAP Response (code 2) ID 107 length 69
9874. (107) eap: Continuing tunnel setup
9875. (107) [eap] = ok
9876. (107) } # authorize = ok
9877. (107) Found Auth-Type = eap
9878. (107) # Executing group from file /etc/raddb/sites-enabled/default
9879. (107) authenticate {
9880. (107) eap: Expiring EAP session with state 0x1d99cdfb1cf2d417
9881. (107) eap: Finished EAP session with state 0x1d99cdfb1cf2d417
9882. (107) eap: Previous EAP request found for state 0x1d99cdfb1cf2d417, released from the list
9883. (107) eap: Peer sent packet with method EAP PEAP (25)
9884. (107) eap: Calling submodule eap_peap to process data
9885. (107) eap_peap: Continuing EAP-TLS
9886. (107) eap_peap: Peer indicated complete TLS record size will be 59 bytes
9887. (107) eap_peap: Got complete TLS record (59 bytes)
9888. (107) eap_peap: [eaptls verify] = length included
9889. (107) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
9890. (107) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
9891. (107) eap_peap: TLS_accept: SSLv3 read finished A
9892. (107) eap_peap: (other): SSL negotiation finished successfully
9893. (107) eap_peap: SSL Connection Established
9894. (107) eap_peap: SSL Application Data
9895. (107) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
9896. (107) eap_peap: reply:User-Name = "vkratsberg"
9897. (107) eap_peap: [eaptls process] = success
9898. (107) eap_peap: Session established. Decoding tunneled attributes
9899. (107) eap_peap: PEAP state TUNNEL ESTABLISHED
9900. (107) eap_peap: Skipping Phase2 because of session resumption
9901. (107) eap_peap: SUCCESS
9902. (107) eap: Sending EAP Request (code 1) ID 108 length 43
9903. (107) eap: EAP session adding &reply:State = 0x1d99cdfb1ff5d417
9904. (107) [eap] = handled
9905. (107) } # authenticate = handled
9906. (107) Using Post-Auth-Type Challenge
9907. (107) Post-Auth-Type sub-section not found. Ignoring.
9908. (107) # Executing group from file /etc/raddb/sites-enabled/default
9909. (107) Sent Access-Challenge Id 131 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
9910. (107) User-Name = "vkratsberg"
9911. (107) EAP-Message = 0x016c002b190017030100200d4ddd02206209834e2064ec16746ec90c88250f726c286409514b27ec5957c2
9912. (107) Message-Authenticator = 0x00000000000000000000000000000000
9913. (107) State = 0x1d99cdfb1ff5d4170bd1ad507d2b4f7b
9914. (107) Finished request
9915. Waking up in 2.1 seconds.
9916. (108) Received Access-Request Id 132 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
9917. (108) User-Name = "vkratsberg"
9918. (108) NAS-Port = 358
9919. (108) State = 0x1d99cdfb1ff5d4170bd1ad507d2b4f7b
9920. (108) EAP-Message = 0x026c002b190017030100200ce3d21a1382eb22fb48436cd1458fd11b330aff627731f9d3f083babf2ccfd0
9921. (108) Message-Authenticator = 0x0ad4a8e93fb7cc8581ff7b74b64c2060
9922. (108) Acct-Session-Id = "8O2.1x81bb084c00071fd5"
9923. (108) NAS-Port-Id = "ge-3/0/6.0"
9924. (108) Calling-Station-Id = "00-e0-4c-b8-16-4d"
9925. (108) Called-Station-Id = "ec-3e-f7-68-35-00"
9926. (108) NAS-IP-Address = 10.8.0.111
9927. (108) NAS-Identifier = "nyc-access-sw011"
9928. (108) NAS-Port-Type = Ethernet
9929. (108) session-state: No cached attributes
9930. (108) # Executing section authorize from file /etc/raddb/sites-enabled/default
9931. (108) authorize {
9932. (108) policy filter_username {
9933. (108) if (&User-Name) {
9934. (108) if (&User-Name) -> TRUE
9935. (108) if (&User-Name) {
9936. (108) if (&User-Name =~ / /) {
9937. (108) if (&User-Name =~ / /) -> FALSE
9938. (108) if (&User-Name =~ /@[^@]*@/ ) {
9939. (108) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
9940. (108) if (&User-Name =~ /\.\./ ) {
9941. (108) if (&User-Name =~ /\.\./ ) -> FALSE
9942. (108) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
9943. (108) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
9944. (108) if (&User-Name =~ /\.$/) {
9945. (108) if (&User-Name =~ /\.$/) -> FALSE
9946. (108) if (&User-Name =~ /@\./) {
9947. (108) if (&User-Name =~ /@\./) -> FALSE
9948. (108) } # if (&User-Name) = notfound
9949. (108) } # policy filter_username = notfound
9950. (108) [preprocess] = ok
9951. (108) [chap] = noop
9952. (108) [mschap] = noop
9953. (108) [digest] = noop
9954. (108) suffix: Checking for suffix after "@"
9955. (108) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
9956. (108) suffix: No such realm "NULL"
9957. (108) [suffix] = noop
9958. (108) eap: Peer sent EAP Response (code 2) ID 108 length 43
9959. (108) eap: Continuing tunnel setup
9960. (108) [eap] = ok
9961. (108) } # authorize = ok
9962. (108) Found Auth-Type = eap
9963. (108) # Executing group from file /etc/raddb/sites-enabled/default
9964. (108) authenticate {
9965. (108) eap: Expiring EAP session with state 0x1d99cdfb1ff5d417
9966. (108) eap: Finished EAP session with state 0x1d99cdfb1ff5d417
9967. (108) eap: Previous EAP request found for state 0x1d99cdfb1ff5d417, released from the list
9968. (108) eap: Peer sent packet with method EAP PEAP (25)
9969. (108) eap: Calling submodule eap_peap to process data
9970. (108) eap_peap: Continuing EAP-TLS
9971. (108) eap_peap: [eaptls verify] = ok
9972. (108) eap_peap: Done initial handshake
9973. (108) eap_peap: [eaptls process] = ok
9974. (108) eap_peap: Session established. Decoding tunneled attributes
9975. (108) eap_peap: PEAP state send tlv success
9976. (108) eap_peap: Received EAP-TLV response
9977. (108) eap_peap: Success
9978. (108) eap_peap: No saved attributes in the original Access-Accept
9979. (108) eap: Sending EAP Success (code 3) ID 108 length 4
9980. (108) eap: Freeing handler
9981. (108) [eap] = ok
9982. (108) } # authenticate = ok
9983. (108) # Executing section post-auth from file /etc/raddb/sites-enabled/default
9984. (108) post-auth {
9985. (108) update {
9986. (108) No attributes updated
9987. (108) } # update = noop
9988. (108) [exec] = noop
9989. (108) policy remove_reply_message_if_eap {
9990. (108) if (&reply:EAP-Message && &reply:Reply-Message) {
9991. (108) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
9992. (108) else {
9993. (108) [noop] = noop
9994. (108) } # else = noop
9995. (108) } # policy remove_reply_message_if_eap = noop
9996. (108) } # post-auth = noop
9997. (108) Sent Access-Accept Id 132 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
9998. (108) MS-MPPE-Recv-Key = 0x3bb1a9f878b8c9cb83b0abd3aa05dff1d7e0ef0af382d7128efdd71f23018fdd
9999. (108) MS-MPPE-Send-Key = 0x31200eee66e51e31cda2deaed087641235748504e36d45ad0d54a23fbbfff780
10000. (108) EAP-Message = 0x036c0004
10001. (108) Message-Authenticator = 0x00000000000000000000000000000000
10002. (108) User-Name = "vkratsberg"
10003. (108) Finished request
10004. Waking up in 2.1 seconds.
10005. (0) Cleaning up request packet ID 24 with timestamp +6
10006. (1) Cleaning up request packet ID 25 with timestamp +6
10007. (2) Cleaning up request packet ID 26 with timestamp +6
10008. (3) Cleaning up request packet ID 27 with timestamp +6
10009. (4) Cleaning up request packet ID 28 with timestamp +6
10010. (5) Cleaning up request packet ID 29 with timestamp +6
10011. (6) Cleaning up request packet ID 30 with timestamp +6
10012. (7) Cleaning up request packet ID 31 with timestamp +6
10013. (8) Cleaning up request packet ID 32 with timestamp +6
10014. Waking up in 0.1 seconds.
10015. (9) Cleaning up request packet ID 33 with timestamp +6
10016. (10) Cleaning up request packet ID 34 with timestamp +6
10017. (11) Cleaning up request packet ID 35 with timestamp +6
10018. (12) Cleaning up request packet ID 36 with timestamp +6
10019. (13) Cleaning up request packet ID 37 with timestamp +6
10020. (14) Cleaning up request packet ID 38 with timestamp +7
10021. (15) Cleaning up request packet ID 39 with timestamp +7
10022. (16) Cleaning up request packet ID 40 with timestamp +7
10023. (17) Cleaning up request packet ID 41 with timestamp +7
10024. (18) Cleaning up request packet ID 42 with timestamp +7
10025. (19) Cleaning up request packet ID 43 with timestamp +7
10026. (20) Cleaning up request packet ID 44 with timestamp +7
10027. (21) Cleaning up request packet ID 45 with timestamp +7
10028. (22) Cleaning up request packet ID 46 with timestamp +7
10029. (23) Cleaning up request packet ID 47 with timestamp +7
10030. (24) Cleaning up request packet ID 48 with timestamp +7
10031. (25) Cleaning up request packet ID 49 with timestamp +7
10032. (26) Cleaning up request packet ID 50 with timestamp +7
10033. (27) Cleaning up request packet ID 51 with timestamp +7
10034. (28) Cleaning up request packet ID 52 with timestamp +7
10035. (29) Cleaning up request packet ID 53 with timestamp +7
10036. (30) Cleaning up request packet ID 54 with timestamp +7
10037. (31) Cleaning up request packet ID 55 with timestamp +7
10038. (32) Cleaning up request packet ID 56 with timestamp +7
10039. (33) Cleaning up request packet ID 57 with timestamp +7
10040. (34) Cleaning up request packet ID 58 with timestamp +7
10041. (35) Cleaning up request packet ID 59 with timestamp +7
10042. (36) Cleaning up request packet ID 60 with timestamp +7
10043. (37) Cleaning up request packet ID 61 with timestamp +7
10044. (38) Cleaning up request packet ID 62 with timestamp +7
10045. (39) Cleaning up request packet ID 63 with timestamp +7
10046. (40) Cleaning up request packet ID 64 with timestamp +7
10047. (41) Cleaning up request packet ID 65 with timestamp +7
10048. (42) Cleaning up request packet ID 66 with timestamp +7
10049. (43) Cleaning up request packet ID 67 with timestamp +7
10050. (44) Cleaning up request packet ID 68 with timestamp +7
10051. (45) Cleaning up request packet ID 69 with timestamp +7
10052. (46) Cleaning up request packet ID 70 with timestamp +7
10053. (47) Cleaning up request packet ID 71 with timestamp +7
10054. (48) Cleaning up request packet ID 72 with timestamp +7
10055. (49) Cleaning up request packet ID 73 with timestamp +7
10056. (50) Cleaning up request packet ID 74 with timestamp +7
10057. (51) Cleaning up request packet ID 75 with timestamp +7
10058. (52) Cleaning up request packet ID 76 with timestamp +7
10059. (53) Cleaning up request packet ID 77 with timestamp +8
10060. (54) Cleaning up request packet ID 78 with timestamp +8
10061. (55) Cleaning up request packet ID 79 with timestamp +8
10062. (56) Cleaning up request packet ID 80 with timestamp +8
10063. (57) Cleaning up request packet ID 81 with timestamp +8
10064. (58) Cleaning up request packet ID 82 with timestamp +8
10065. (59) Cleaning up request packet ID 83 with timestamp +8
10066. (60) Cleaning up request packet ID 84 with timestamp +8
10067. (61) Cleaning up request packet ID 85 with timestamp +8
10068. (62) Cleaning up request packet ID 86 with timestamp +8
10069. (63) Cleaning up request packet ID 87 with timestamp +8
10070. (64) Cleaning up request packet ID 88 with timestamp +8
10071. (65) Cleaning up request packet ID 89 with timestamp +8
10072. (66) Cleaning up request packet ID 90 with timestamp +8
10073. (67) Cleaning up request packet ID 91 with timestamp +8
10074. (68) Cleaning up request packet ID 92 with timestamp +8
10075. (69) Cleaning up request packet ID 93 with timestamp +8
10076. (70) Cleaning up request packet ID 94 with timestamp +8
10077. (71) Cleaning up request packet ID 95 with timestamp +8
10078. (72) Cleaning up request packet ID 96 with timestamp +8
10079. (73) Cleaning up request packet ID 97 with timestamp +8
10080. (74) Cleaning up request packet ID 98 with timestamp +8
10081. (75) Cleaning up request packet ID 99 with timestamp +8
10082. (76) Cleaning up request packet ID 100 with timestamp +8
10083. (77) Cleaning up request packet ID 101 with timestamp +8
10084. (78) Cleaning up request packet ID 102 with timestamp +8
10085. (79) Cleaning up request packet ID 103 with timestamp +8
10086. (80) Cleaning up request packet ID 104 with timestamp +8
10087. (81) Cleaning up request packet ID 105 with timestamp +8
10088. (82) Cleaning up request packet ID 106 with timestamp +8
10089. (83) Cleaning up request packet ID 107 with timestamp +8
10090. (84) Cleaning up request packet ID 108 with timestamp +8
10091. (85) Cleaning up request packet ID 109 with timestamp +8
10092. (86) Cleaning up request packet ID 110 with timestamp +8
10093. (87) Cleaning up request packet ID 111 with timestamp +8
10094. (88) Cleaning up request packet ID 112 with timestamp +8
10095. Waking up in 0.1 seconds.
10096. (89) Cleaning up request packet ID 113 with timestamp +9
10097. (90) Cleaning up request packet ID 114 with timestamp +9
10098. (91) Cleaning up request packet ID 115 with timestamp +9
10099. (92) Cleaning up request packet ID 116 with timestamp +9
10100. (93) Cleaning up request packet ID 117 with timestamp +9
10101. (94) Cleaning up request packet ID 118 with timestamp +9
10102. (95) Cleaning up request packet ID 119 with timestamp +9
10103. (96) Cleaning up request packet ID 120 with timestamp +9
10104. (97) Cleaning up request packet ID 121 with timestamp +9
10105. (98) Cleaning up request packet ID 122 with timestamp +9
10106. (99) Cleaning up request packet ID 123 with timestamp +9
10107. (100) Cleaning up request packet ID 124 with timestamp +9
10108. (101) Cleaning up request packet ID 125 with timestamp +9
10109. (102) Cleaning up request packet ID 126 with timestamp +9
10110. (103) Cleaning up request packet ID 127 with timestamp +9
10111. (104) Cleaning up request packet ID 128 with timestamp +9
10112. (105) Cleaning up request packet ID 129 with timestamp +9
10113. (106) Cleaning up request packet ID 130 with timestamp +9
10114. (107) Cleaning up request packet ID 131 with timestamp +9
10115. (108) Cleaning up request packet ID 132 with timestamp +9