Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@radius001 vkratsberg]# radiusd -X
- Server was built with:
- accounting : yes
- authentication : yes
- ascend-binary-attributes : yes
- coa : yes
- control-socket : yes
- detail : yes
- dhcp : yes
- dynamic-clients : yes
- osfc2 : no
- proxy : yes
- regex-pcre : yes
- regex-posix : no
- regex-posix-extended : no
- session-management : yes
- stats : yes
- tcp : yes
- threads : yes
- tls : yes
- unlang : yes
- vmps : yes
- developer : no
- Server core libs:
- freeradius-server : 3.0.11
- talloc : 2.0.*
- ssl : 1.0.1e release
- pcre : 8.32 2012-11-30
- Endianness:
- little
- Compilation flags:
- cppflags :
- cflags : -I/root/rpmbuild/BUILD/freeradius-server-3.0.11 -I/root/rpmbuild/BUILD/freeradius-server-3.0.11/src -include /root/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/autoconf.h -include /root/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/build.h -include /root/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/features.h -include /root/rpmbuild/BUILD/freeradius-server-3.0.11/src/freeradius-devel/radpaths.h -fno-strict-aliasing -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -Wall -std=c99 -D_GNU_SOURCE -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -DNDEBUG -DIS_MODULE=1
- ldflags : -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
- libs : -lcrypto -lssl -ltalloc -lpcre -lnsl -lresolv -ldl -lpthread -lreadline
- Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
- There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
- PARTICULAR PURPOSE
- You may redistribute copies of FreeRADIUS under the terms of the
- GNU General Public License
- For more information about these matters, see the file named COPYRIGHT
- Starting - reading configuration files ...
- including dictionary file /usr/share/freeradius/dictionary
- including dictionary file /usr/share/freeradius/dictionary.dhcp
- including dictionary file /usr/share/freeradius/dictionary.vqp
- including dictionary file /etc/raddb/dictionary
- including configuration file /etc/raddb/radiusd.conf
- including configuration file /etc/raddb/proxy.conf
- including configuration file /etc/raddb/clients.conf
- including files in directory /etc/raddb/mods-enabled/
- including configuration file /etc/raddb/mods-enabled/logintime
- including configuration file /etc/raddb/mods-enabled/mschap
- including configuration file /etc/raddb/mods-enabled/passwd
- including configuration file /etc/raddb/mods-enabled/preprocess
- including configuration file /etc/raddb/mods-enabled/radutmp
- including configuration file /etc/raddb/mods-enabled/soh
- including configuration file /etc/raddb/mods-enabled/unix
- including configuration file /etc/raddb/mods-enabled/utf8
- including configuration file /etc/raddb/mods-enabled/ldap
- including configuration file /etc/raddb/mods-enabled/always
- including configuration file /etc/raddb/mods-enabled/attr_filter
- including configuration file /etc/raddb/mods-enabled/cache_eap
- including configuration file /etc/raddb/mods-enabled/chap
- including configuration file /etc/raddb/mods-enabled/detail
- including configuration file /etc/raddb/mods-enabled/detail.log
- including configuration file /etc/raddb/mods-enabled/dhcp
- including configuration file /etc/raddb/mods-enabled/digest
- including configuration file /etc/raddb/mods-enabled/dynamic_clients
- including configuration file /etc/raddb/mods-enabled/eap
- including configuration file /etc/raddb/mods-enabled/echo
- including configuration file /etc/raddb/mods-enabled/exec
- including configuration file /etc/raddb/mods-enabled/expiration
- including configuration file /etc/raddb/mods-enabled/expr
- including configuration file /etc/raddb/mods-enabled/files
- including configuration file /etc/raddb/mods-enabled/linelog
- including configuration file /etc/raddb/mods-enabled/ntlm_auth
- including configuration file /etc/raddb/mods-enabled/pap
- including configuration file /etc/raddb/mods-enabled/realm
- including configuration file /etc/raddb/mods-enabled/replicate
- including configuration file /etc/raddb/mods-enabled/sradutmp
- including configuration file /etc/raddb/mods-enabled/unpack
- including files in directory /etc/raddb/policy.d/
- including configuration file /etc/raddb/policy.d/abfab-tr
- including configuration file /etc/raddb/policy.d/accounting
- including configuration file /etc/raddb/policy.d/canonicalization
- including configuration file /etc/raddb/policy.d/control
- including configuration file /etc/raddb/policy.d/cui
- including configuration file /etc/raddb/policy.d/debug
- including configuration file /etc/raddb/policy.d/dhcp
- including configuration file /etc/raddb/policy.d/eap
- including configuration file /etc/raddb/policy.d/filter
- including configuration file /etc/raddb/policy.d/operator-name
- including files in directory /etc/raddb/sites-enabled/
- including configuration file /etc/raddb/sites-enabled/default
- including configuration file /etc/raddb/sites-enabled/inner-tunnel
- main {
- security {
- user = "radiusd"
- group = "radiusd"
- allow_core_dumps = no
- }
- name = "radiusd"
- prefix = "/usr"
- localstatedir = "/var"
- logdir = "/var/log/radius"
- run_dir = "/var/run/radiusd"
- }
- main {
- name = "radiusd"
- prefix = "/usr"
- localstatedir = "/var"
- sbindir = "/usr/sbin"
- logdir = "/var/log/radius"
- run_dir = "/var/run/radiusd"
- libdir = "/usr/lib64/freeradius"
- radacctdir = "/var/log/radius/radacct"
- hostname_lookups = no
- max_request_time = 30
- cleanup_delay = 5
- max_requests = 16384
- pidfile = "/var/run/radiusd/radiusd.pid"
- checkrad = "/usr/sbin/checkrad"
- debug_level = 0
- proxy_requests = yes
- log {
- stripped_names = no
- auth = no
- auth_badpass = no
- auth_goodpass = no
- colourise = yes
- msg_denied = "You are already logged in - access denied"
- }
- resources {
- }
- security {
- max_attributes = 200
- reject_delay = 1.000000
- status_server = yes
- }
- }
- radiusd: #### Loading Realms and Home Servers ####
- proxy server {
- retry_delay = 5
- retry_count = 3
- default_fallback = no
- dead_time = 120
- wake_all_if_all_dead = no
- }
- home_server localhost {
- ipaddr = 127.0.0.1
- port = 1812
- type = "auth"
- secret = <<< secret >>>
- response_window = 20.000000
- response_timeouts = 1
- max_outstanding = 65536
- zombie_period = 40
- status_check = "status-server"
- ping_interval = 30
- check_interval = 30
- check_timeout = 4
- num_answers_to_alive = 3
- revive_interval = 120
- limit {
- max_connections = 16
- max_requests = 0
- lifetime = 0
- idle_timeout = 0
- }
- coa {
- irt = 2
- mrt = 16
- mrc = 5
- mrd = 30
- }
- }
- home_server_pool my_auth_failover {
- type = fail-over
- home_server = localhost
- }
- realm example.com {
- auth_pool = my_auth_failover
- }
- realm LOCAL {
- }
- radiusd: #### Loading Clients ####
- client localhost {
- ipv4addr = 127.0.0.1
- require_message_authenticator = no
- secret = <<< secret >>>
- nas_type = "other"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client 192.168.10.0/24 {
- ipv4addr = 192.168.10.0/24
- require_message_authenticator = no
- secret = <<< secret >>>
- shortname = "nyc-mgmt-network"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client 10.120.8.0/24 {
- ipv4addr = 10.120.8.0/24
- require_message_authenticator = no
- secret = <<< secret >>>
- shortname = "da-oob-internal"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client 10.120.225.0/24 {
- ipv4addr = 10.120.225.0/24
- require_message_authenticator = no
- secret = <<< secret >>>
- shortname = "da-mgmt-network"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client 10.120.22.0/24 {
- ipv4addr = 10.120.22.0/24
- require_message_authenticator = no
- secret = <<< secret >>>
- shortname = "da3-int-transit-net"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client 10.100.124.0/22 {
- ipv4addr = 10.100.124.0/22
- require_message_authenticator = no
- secret = <<< secret >>>
- shortname = "peer1-mgmt-network"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client 10.8.0.0/24 {
- ipv4addr = 10.8.0.0/24
- require_message_authenticator = no
- secret = <<< secret >>>
- shortname = "nyc-hq"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client 10.150.0.0/16 {
- ipv4addr = 10.150.0.0/16
- require_message_authenticator = no
- secret = <<< secret >>>
- shortname = "dublin-corp"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client 10.126.0.0/16 {
- ipv4addr = 10.126.0.0/16
- require_message_authenticator = no
- secret = <<< secret >>>
- shortname = "portland-corp"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client 10.100.0.0/24 {
- ipv4addr = 10.100.0.0/24
- require_message_authenticator = no
- secret = <<< secret >>>
- shortname = "peer1-loopbacks"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client 10.120.0.0/24 {
- ipv4addr = 10.120.0.0/24
- require_message_authenticator = no
- secret = <<< secret >>>
- shortname = "dallas-loopbacks"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client 10.100.72.100/32 {
- ipv4addr = 10.100.72.100
- require_message_authenticator = no
- secret = <<< secret >>>
- shortname = "peer1-wlc-master"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client 192.168.1.68 {
- ipv4addr = 192.168.1.68
- require_message_authenticator = no
- secret = <<< secret >>>
- shortname = "admin01"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client 192.168.1.8 {
- ipv4addr = 192.168.1.8
- require_message_authenticator = no
- secret = <<< secret >>>
- shortname = "admin08"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- Debugger not attached
- # Creating Auth-Type = PAP
- # Creating Auth-Type = CHAP
- # Creating Auth-Type = MS-CHAP
- # Creating Auth-Type = digest
- # Creating Auth-Type = eap
- radiusd: #### Instantiating modules ####
- modules {
- # Loaded module rlm_logintime
- # Loading module "logintime" from file /etc/raddb/mods-enabled/logintime
- logintime {
- minimum_timeout = 60
- }
- # Loaded module rlm_mschap
- # Loading module "mschap" from file /etc/raddb/mods-enabled/mschap
- mschap {
- use_mppe = yes
- require_encryption = no
- require_strong = no
- with_ntdomain_hack = yes
- passchange {
- }
- allow_retry = yes
- }
- # Loaded module rlm_passwd
- # Loading module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
- passwd etc_passwd {
- filename = "/etc/passwd"
- format = "*User-Name:Crypt-Password:"
- delimiter = ":"
- ignore_nislike = no
- ignore_empty = yes
- allow_multiple_keys = no
- hash_size = 100
- }
- # Loaded module rlm_preprocess
- # Loading module "preprocess" from file /etc/raddb/mods-enabled/preprocess
- preprocess {
- huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
- hints = "/etc/raddb/mods-config/preprocess/hints"
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- with_alvarion_vsa_hack = no
- }
- # Loaded module rlm_radutmp
- # Loading module "radutmp" from file /etc/raddb/mods-enabled/radutmp
- radutmp {
- filename = "/var/log/radius/radutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- permissions = 384
- caller_id = yes
- }
- # Loaded module rlm_soh
- # Loading module "soh" from file /etc/raddb/mods-enabled/soh
- soh {
- dhcp = yes
- }
- # Loaded module rlm_unix
- # Loading module "unix" from file /etc/raddb/mods-enabled/unix
- unix {
- radwtmp = "/var/log/radius/radwtmp"
- }
- Creating attribute Unix-Group
- # Loaded module rlm_utf8
- # Loading module "utf8" from file /etc/raddb/mods-enabled/utf8
- # Loaded module rlm_ldap
- # Loading module "ldap" from file /etc/raddb/mods-enabled/ldap
- ldap {
- server = "ldap001.008.jfk.corp.squarespace.net"
- port = 636
- identity = "cn=directory manager"
- password = <<< secret >>>
- sasl {
- }
- user {
- scope = "sub"
- access_positive = yes
- sasl {
- }
- }
- group {
- filter = "(objectClass=GroupOfNames)"
- scope = "sub"
- name_attribute = "cn"
- membership_attribute = "memberOf"
- membership_filter = "(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
- cacheable_name = no
- cacheable_dn = no
- }
- client {
- filter = "(objectClass=frClient)"
- scope = "sub"
- base_dn = "dc=sq,dc=net"
- }
- profile {
- }
- options {
- ldap_debug = 40
- chase_referrals = yes
- rebind = yes
- net_timeout = 1
- res_timeout = 20
- srv_timelimit = 20
- idle = 60
- probes = 3
- interval = 3
- }
- tls {
- start_tls = no
- require_cert = "allow"
- }
- }
- Creating attribute LDAP-Group
- # Loaded module rlm_always
- # Loading module "reject" from file /etc/raddb/mods-enabled/always
- always reject {
- rcode = "reject"
- simulcount = 0
- mpp = no
- }
- # Loading module "fail" from file /etc/raddb/mods-enabled/always
- always fail {
- rcode = "fail"
- simulcount = 0
- mpp = no
- }
- # Loading module "ok" from file /etc/raddb/mods-enabled/always
- always ok {
- rcode = "ok"
- simulcount = 0
- mpp = no
- }
- # Loading module "handled" from file /etc/raddb/mods-enabled/always
- always handled {
- rcode = "handled"
- simulcount = 0
- mpp = no
- }
- # Loading module "invalid" from file /etc/raddb/mods-enabled/always
- always invalid {
- rcode = "invalid"
- simulcount = 0
- mpp = no
- }
- # Loading module "userlock" from file /etc/raddb/mods-enabled/always
- always userlock {
- rcode = "userlock"
- simulcount = 0
- mpp = no
- }
- # Loading module "notfound" from file /etc/raddb/mods-enabled/always
- always notfound {
- rcode = "notfound"
- simulcount = 0
- mpp = no
- }
- # Loading module "noop" from file /etc/raddb/mods-enabled/always
- always noop {
- rcode = "noop"
- simulcount = 0
- mpp = no
- }
- # Loading module "updated" from file /etc/raddb/mods-enabled/always
- always updated {
- rcode = "updated"
- simulcount = 0
- mpp = no
- }
- # Loaded module rlm_attr_filter
- # Loading module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
- attr_filter attr_filter.post-proxy {
- filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
- key = "%{Realm}"
- relaxed = no
- }
- # Loading module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
- attr_filter attr_filter.pre-proxy {
- filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
- key = "%{Realm}"
- relaxed = no
- }
- # Loading module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
- attr_filter attr_filter.access_reject {
- filename = "/etc/raddb/mods-config/attr_filter/access_reject"
- key = "%{User-Name}"
- relaxed = no
- }
- # Loading module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
- attr_filter attr_filter.access_challenge {
- filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
- key = "%{User-Name}"
- relaxed = no
- }
- # Loading module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
- attr_filter attr_filter.accounting_response {
- filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
- key = "%{User-Name}"
- relaxed = no
- }
- # Loaded module rlm_cache
- # Loading module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
- cache cache_eap {
- driver = "rlm_cache_rbtree"
- key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
- ttl = 15
- max_entries = 0
- epoch = 0
- add_stats = no
- }
- # Loaded module rlm_chap
- # Loading module "chap" from file /etc/raddb/mods-enabled/chap
- # Loaded module rlm_detail
- # Loading module "detail" from file /etc/raddb/mods-enabled/detail
- detail {
- filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
- header = "%t"
- permissions = 384
- locking = no
- escape_filenames = no
- log_packet_header = no
- }
- # Loading module "auth_log" from file /etc/raddb/mods-enabled/detail.log
- detail auth_log {
- filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
- header = "%t"
- permissions = 384
- locking = no
- escape_filenames = no
- log_packet_header = no
- }
- # Loading module "reply_log" from file /etc/raddb/mods-enabled/detail.log
- detail reply_log {
- filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
- header = "%t"
- permissions = 384
- locking = no
- escape_filenames = no
- log_packet_header = no
- }
- # Loading module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
- detail pre_proxy_log {
- filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
- header = "%t"
- permissions = 384
- locking = no
- escape_filenames = no
- log_packet_header = no
- }
- # Loading module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
- detail post_proxy_log {
- filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
- header = "%t"
- permissions = 384
- locking = no
- escape_filenames = no
- log_packet_header = no
- }
- # Loaded module rlm_dhcp
- # Loading module "dhcp" from file /etc/raddb/mods-enabled/dhcp
- # Loaded module rlm_digest
- # Loading module "digest" from file /etc/raddb/mods-enabled/digest
- # Loaded module rlm_dynamic_clients
- # Loading module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients
- # Loaded module rlm_eap
- # Loading module "eap" from file /etc/raddb/mods-enabled/eap
- eap {
- default_eap_type = "peap"
- timer_expire = 60
- ignore_unknown_eap_types = no
- cisco_accounting_username_bug = no
- max_sessions = 16384
- }
- # Loaded module rlm_exec
- # Loading module "echo" from file /etc/raddb/mods-enabled/echo
- exec echo {
- wait = yes
- program = "/bin/echo %{User-Name}"
- input_pairs = "request"
- output_pairs = "reply"
- shell_escape = yes
- }
- # Loading module "exec" from file /etc/raddb/mods-enabled/exec
- exec {
- wait = no
- input_pairs = "request"
- shell_escape = yes
- timeout = 10
- }
- # Loaded module rlm_expiration
- # Loading module "expiration" from file /etc/raddb/mods-enabled/expiration
- # Loaded module rlm_expr
- # Loading module "expr" from file /etc/raddb/mods-enabled/expr
- expr {
- safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
- }
- # Loaded module rlm_files
- # Loading module "files" from file /etc/raddb/mods-enabled/files
- files {
- filename = "/etc/raddb/mods-config/files/authorize"
- acctusersfile = "/etc/raddb/mods-config/files/accounting"
- preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
- }
- # Loaded module rlm_linelog
- # Loading module "linelog" from file /etc/raddb/mods-enabled/linelog
- linelog {
- filename = "/var/log/radius/linelog"
- escape_filenames = no
- syslog_severity = "info"
- permissions = 384
- format = "This is a log message for %{User-Name}"
- reference = "messages.%{%{reply:Packet-Type}:-default}"
- }
- # Loading module "log_accounting" from file /etc/raddb/mods-enabled/linelog
- linelog log_accounting {
- filename = "/var/log/radius/linelog-accounting"
- escape_filenames = no
- syslog_severity = "info"
- permissions = 384
- format = ""
- reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
- }
- # Loading module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
- exec ntlm_auth {
- wait = yes
- program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
- shell_escape = yes
- }
- # Loaded module rlm_pap
- # Loading module "pap" from file /etc/raddb/mods-enabled/pap
- pap {
- normalise = yes
- }
- # Loaded module rlm_realm
- # Loading module "IPASS" from file /etc/raddb/mods-enabled/realm
- realm IPASS {
- format = "prefix"
- delimiter = "/"
- ignore_default = no
- ignore_null = no
- }
- # Loading module "suffix" from file /etc/raddb/mods-enabled/realm
- realm suffix {
- format = "suffix"
- delimiter = "@"
- ignore_default = no
- ignore_null = no
- }
- # Loading module "realmpercent" from file /etc/raddb/mods-enabled/realm
- realm realmpercent {
- format = "suffix"
- delimiter = "%"
- ignore_default = no
- ignore_null = no
- }
- # Loading module "ntdomain" from file /etc/raddb/mods-enabled/realm
- realm ntdomain {
- format = "prefix"
- delimiter = "\\"
- ignore_default = no
- ignore_null = no
- }
- # Loaded module rlm_replicate
- # Loading module "replicate" from file /etc/raddb/mods-enabled/replicate
- # Loading module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
- radutmp sradutmp {
- filename = "/var/log/radius/sradutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- permissions = 420
- caller_id = no
- }
- # Loaded module rlm_unpack
- # Loading module "unpack" from file /etc/raddb/mods-enabled/unpack
- instantiate {
- }
- # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
- # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
- rlm_mschap (mschap): using internal authentication
- # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
- rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
- # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
- reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
- reading pairlist file /etc/raddb/mods-config/preprocess/hints
- # Instantiating module "ldap" from file /etc/raddb/mods-enabled/ldap
- rlm_ldap: libldap vendor: OpenLDAP, version: 20440
- accounting {
- reference = "%{tolower:type.%{Acct-Status-Type}}"
- }
- post-auth {
- reference = "."
- }
- rlm_ldap (ldap): Initialising connection pool
- pool {
- start = 5
- min = 4
- max = 32
- spare = 3
- uses = 0
- lifetime = 0
- cleanup_interval = 30
- idle_timeout = 60
- retry_delay = 1
- spread = no
- }
- rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
- rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
- TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
- rlm_ldap (ldap): Waiting for bind result...
- rlm_ldap (ldap): Bind successful
- rlm_ldap (ldap): Opening additional connection (1), 1 of 31 pending slots used
- rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
- TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
- rlm_ldap (ldap): Waiting for bind result...
- rlm_ldap (ldap): Bind successful
- rlm_ldap (ldap): Opening additional connection (2), 1 of 30 pending slots used
- rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
- TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
- rlm_ldap (ldap): Waiting for bind result...
- rlm_ldap (ldap): Bind successful
- rlm_ldap (ldap): Opening additional connection (3), 1 of 29 pending slots used
- rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
- TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
- rlm_ldap (ldap): Waiting for bind result...
- rlm_ldap (ldap): Bind successful
- rlm_ldap (ldap): Opening additional connection (4), 1 of 28 pending slots used
- rlm_ldap (ldap): Connecting to ldap://ldap001.008.jfk.corp.squarespace.net:636
- TLS: certificate [CN=sqnet CA,DC=sq,DC=net] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
- rlm_ldap (ldap): Waiting for bind result...
- rlm_ldap (ldap): Bind successful
- # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
- # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
- # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
- # Instantiating module "handled" from file /etc/raddb/mods-enabled/always
- # Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
- # Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
- # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
- # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
- # Instantiating module "updated" from file /etc/raddb/mods-enabled/always
- # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
- reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
- # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
- reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
- # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
- reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
- [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
- [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
- # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
- reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
- # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
- reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
- # Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
- rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
- # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
- # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
- rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
- # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
- # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
- # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
- # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
- # Linked to sub-module rlm_eap_md5
- # Linked to sub-module rlm_eap_leap
- # Linked to sub-module rlm_eap_gtc
- gtc {
- challenge = "Password: "
- auth_type = "PAP"
- }
- # Linked to sub-module rlm_eap_tls
- tls {
- tls = "tls-common"
- }
- tls-config tls-common {
- verify_depth = 0
- ca_path = "/etc/raddb/certs"
- pem_file_type = yes
- private_key_file = "/etc/raddb/certs/server.pem"
- certificate_file = "/etc/raddb/certs/server.pem"
- ca_file = "/etc/raddb/certs/ca.pem"
- private_key_password = <<< secret >>>
- dh_file = "/etc/raddb/certs/dh"
- fragment_size = 1024
- include_length = yes
- auto_chain = yes
- check_crl = no
- check_all_crl = no
- cipher_list = "DEFAULT"
- ecdh_curve = "prime256v1"
- cache {
- enable = yes
- lifetime = 24
- max_entries = 255
- }
- verify {
- skip_if_ocsp_ok = no
- }
- ocsp {
- enable = no
- override_cert_url = yes
- url = "http://127.0.0.1/ocsp/"
- use_nonce = yes
- timeout = 0
- softfail = no
- }
- }
- # Linked to sub-module rlm_eap_ttls
- ttls {
- tls = "tls-common"
- default_eap_type = "md5"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- virtual_server = "inner-tunnel"
- include_length = yes
- require_client_cert = no
- }
- tls: Using cached TLS configuration from previous invocation
- # Linked to sub-module rlm_eap_peap
- peap {
- tls = "tls-common"
- default_eap_type = "gtc"
- copy_request_to_tunnel = no
- use_tunneled_reply = yes
- proxy_tunneled_request_as_eap = yes
- virtual_server = "inner-tunnel"
- soh = no
- require_client_cert = no
- }
- tls: Using cached TLS configuration from previous invocation
- # Linked to sub-module rlm_eap_mschapv2
- mschapv2 {
- with_ntdomain_hack = no
- send_error = no
- }
- # Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration
- # Instantiating module "files" from file /etc/raddb/mods-enabled/files
- reading pairlist file /etc/raddb/mods-config/files/authorize
- reading pairlist file /etc/raddb/mods-config/files/accounting
- reading pairlist file /etc/raddb/mods-config/files/pre-proxy
- # Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
- # Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/linelog
- # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
- # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
- # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
- # Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm
- # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
- } # modules
- radiusd: #### Loading Virtual Servers ####
- server { # from file /etc/raddb/radiusd.conf
- } # server
- server default { # from file /etc/raddb/sites-enabled/default
- # Loading authenticate {...}
- # Loading authorize {...}
- Ignoring "sql" (see raddb/mods-available/README.rst)
- # Loading preacct {...}
- # Loading accounting {...}
- # Loading post-proxy {...}
- # Loading post-auth {...}
- } # server default
- server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
- # Loading authenticate {...}
- # Loading authorize {...}
- # Loading session {...}
- # Loading post-proxy {...}
- # Loading post-auth {...}
- } # server inner-tunnel
- radiusd: #### Opening IP addresses and Ports ####
- listen {
- type = "auth"
- ipaddr = *
- port = 0
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- listen {
- type = "auth"
- ipv6addr = ::
- port = 0
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- listen {
- type = "acct"
- ipv6addr = ::
- port = 0
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- listen {
- type = "auth"
- ipaddr = 127.0.0.1
- port = 18120
- }
- Listening on auth address * port 1812 bound to server default
- Listening on acct address * port 1813 bound to server default
- Listening on auth address :: port 1812 bound to server default
- Listening on acct address :: port 1813 bound to server default
- Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
- Listening on proxy address * port 63185
- Listening on proxy address :: port 29887
- Ready to process requests
- (0) Received Access-Request Id 24 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (0) User-Name = "vkratsberg"
- (0) NAS-Port = 358
- (0) EAP-Message = 0x0200000f01766b7261747362657267
- (0) Message-Authenticator = 0x60649b18e279081ac5a6aa44f9c609f2
- (0) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
- (0) NAS-Port-Id = "ge-3/0/6.0"
- (0) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (0) Called-Station-Id = "ec-3e-f7-68-35-00"
- (0) NAS-IP-Address = 10.8.0.111
- (0) NAS-Identifier = "nyc-access-sw011"
- (0) NAS-Port-Type = Ethernet
- (0) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (0) authorize {
- (0) policy filter_username {
- (0) if (&User-Name) {
- (0) if (&User-Name) -> TRUE
- (0) if (&User-Name) {
- (0) if (&User-Name =~ / /) {
- (0) if (&User-Name =~ / /) -> FALSE
- (0) if (&User-Name =~ /@[^@]*@/ ) {
- (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (0) if (&User-Name =~ /\.\./ ) {
- (0) if (&User-Name =~ /\.\./ ) -> FALSE
- (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (0) if (&User-Name =~ /\.$/) {
- (0) if (&User-Name =~ /\.$/) -> FALSE
- (0) if (&User-Name =~ /@\./) {
- (0) if (&User-Name =~ /@\./) -> FALSE
- (0) } # if (&User-Name) = notfound
- (0) } # policy filter_username = notfound
- (0) [preprocess] = ok
- (0) [chap] = noop
- (0) [mschap] = noop
- (0) [digest] = noop
- (0) suffix: Checking for suffix after "@"
- (0) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (0) suffix: No such realm "NULL"
- (0) [suffix] = noop
- (0) eap: Peer sent EAP Response (code 2) ID 0 length 15
- (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (0) [eap] = ok
- (0) } # authorize = ok
- (0) Found Auth-Type = eap
- (0) # Executing group from file /etc/raddb/sites-enabled/default
- (0) authenticate {
- (0) eap: Peer sent packet with method EAP Identity (1)
- (0) eap: Calling submodule eap_peap to process data
- (0) eap_peap: Initiating new EAP-TLS session
- (0) eap_peap: Flushing SSL sessions (of #0)
- (0) eap_peap: [eaptls start] = request
- (0) eap: Sending EAP Request (code 1) ID 1 length 6
- (0) eap: EAP session adding &reply:State = 0xb9041651b9050f15
- (0) [eap] = handled
- (0) } # authenticate = handled
- (0) Using Post-Auth-Type Challenge
- (0) Post-Auth-Type sub-section not found. Ignoring.
- (0) # Executing group from file /etc/raddb/sites-enabled/default
- (0) Sent Access-Challenge Id 24 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (0) EAP-Message = 0x010100061920
- (0) Message-Authenticator = 0x00000000000000000000000000000000
- (0) State = 0xb9041651b9050f15b0b9e469d234e6ed
- (0) Finished request
- Waking up in 4.9 seconds.
- (1) Received Access-Request Id 25 from 10.8.0.111:58432 to 10.8.64.155:1812 length 311
- (1) User-Name = "vkratsberg"
- (1) NAS-Port = 358
- (1) State = 0xb9041651b9050f15b0b9e469d234e6ed
- (1) EAP-Message = 0x020100831980000000791603010074010000700301573f503bd022f2b2c0f1149fbe96a1ed4acba3579c41c80a1a637a10de4d3e3300002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000
- (1) Message-Authenticator = 0xe8fbb8ba46b97e4443842af9b6254a49
- (1) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
- (1) NAS-Port-Id = "ge-3/0/6.0"
- (1) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (1) Called-Station-Id = "ec-3e-f7-68-35-00"
- (1) NAS-IP-Address = 10.8.0.111
- (1) NAS-Identifier = "nyc-access-sw011"
- (1) NAS-Port-Type = Ethernet
- (1) session-state: No cached attributes
- (1) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (1) authorize {
- (1) policy filter_username {
- (1) if (&User-Name) {
- (1) if (&User-Name) -> TRUE
- (1) if (&User-Name) {
- (1) if (&User-Name =~ / /) {
- (1) if (&User-Name =~ / /) -> FALSE
- (1) if (&User-Name =~ /@[^@]*@/ ) {
- (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (1) if (&User-Name =~ /\.\./ ) {
- (1) if (&User-Name =~ /\.\./ ) -> FALSE
- (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (1) if (&User-Name =~ /\.$/) {
- (1) if (&User-Name =~ /\.$/) -> FALSE
- (1) if (&User-Name =~ /@\./) {
- (1) if (&User-Name =~ /@\./) -> FALSE
- (1) } # if (&User-Name) = notfound
- (1) } # policy filter_username = notfound
- (1) [preprocess] = ok
- (1) [chap] = noop
- (1) [mschap] = noop
- (1) [digest] = noop
- (1) suffix: Checking for suffix after "@"
- (1) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (1) suffix: No such realm "NULL"
- (1) [suffix] = noop
- (1) eap: Peer sent EAP Response (code 2) ID 1 length 131
- (1) eap: Continuing tunnel setup
- (1) [eap] = ok
- (1) } # authorize = ok
- (1) Found Auth-Type = eap
- (1) # Executing group from file /etc/raddb/sites-enabled/default
- (1) authenticate {
- (1) eap: Expiring EAP session with state 0xb9041651b9050f15
- (1) eap: Finished EAP session with state 0xb9041651b9050f15
- (1) eap: Previous EAP request found for state 0xb9041651b9050f15, released from the list
- (1) eap: Peer sent packet with method EAP PEAP (25)
- (1) eap: Calling submodule eap_peap to process data
- (1) eap_peap: Continuing EAP-TLS
- (1) eap_peap: Peer indicated complete TLS record size will be 121 bytes
- (1) eap_peap: Got complete TLS record (121 bytes)
- (1) eap_peap: [eaptls verify] = length included
- (1) eap_peap: (other): before/accept initialization
- (1) eap_peap: TLS_accept: before/accept initialization
- (1) eap_peap: <<< recv TLS 1.0 Handshake [length 0074], ClientHello
- (1) eap_peap: TLS_accept: SSLv3 read client hello A
- (1) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (1) eap_peap: TLS_accept: SSLv3 write server hello A
- (1) eap_peap: >>> send TLS 1.0 Handshake [length 08d3], Certificate
- (1) eap_peap: TLS_accept: SSLv3 write certificate A
- (1) eap_peap: >>> send TLS 1.0 Handshake [length 014b], ServerKeyExchange
- (1) eap_peap: TLS_accept: SSLv3 write key exchange A
- (1) eap_peap: >>> send TLS 1.0 Handshake [length 0004], ServerHelloDone
- (1) eap_peap: TLS_accept: SSLv3 write server done A
- (1) eap_peap: TLS_accept: SSLv3 flush data
- (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
- (1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
- (1) eap_peap: In SSL Handshake Phase
- (1) eap_peap: In SSL Accept mode
- (1) eap_peap: [eaptls process] = handled
- (1) eap: Sending EAP Request (code 1) ID 2 length 1004
- (1) eap: EAP session adding &reply:State = 0xb9041651b8060f15
- (1) [eap] = handled
- (1) } # authenticate = handled
- (1) Using Post-Auth-Type Challenge
- (1) Post-Auth-Type sub-section not found. Ignoring.
- (1) # Executing group from file /etc/raddb/sites-enabled/default
- (1) Sent Access-Challenge Id 25 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (1) EAP-Message = 0x010203ec19c000000a8f1603010059020000550301573f503b4a3c99b261de0c3b530248997a538a91b875c00b95582ec6bc7be2a820274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010216030108d30b0008cf0008cc0003de
- (1) Message-Authenticator = 0x00000000000000000000000000000000
- (1) State = 0xb9041651b8060f15b0b9e469d234e6ed
- (1) Finished request
- Waking up in 4.9 seconds.
- (2) Received Access-Request Id 26 from 10.8.0.111:58432 to 10.8.64.155:1812 length 186
- (2) User-Name = "vkratsberg"
- (2) NAS-Port = 358
- (2) State = 0xb9041651b8060f15b0b9e469d234e6ed
- (2) EAP-Message = 0x020200061900
- (2) Message-Authenticator = 0x8dd88815e5cabf4677cca39b37e0fe28
- (2) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
- (2) NAS-Port-Id = "ge-3/0/6.0"
- (2) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (2) Called-Station-Id = "ec-3e-f7-68-35-00"
- (2) NAS-IP-Address = 10.8.0.111
- (2) NAS-Identifier = "nyc-access-sw011"
- (2) NAS-Port-Type = Ethernet
- (2) session-state: No cached attributes
- (2) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (2) authorize {
- (2) policy filter_username {
- (2) if (&User-Name) {
- (2) if (&User-Name) -> TRUE
- (2) if (&User-Name) {
- (2) if (&User-Name =~ / /) {
- (2) if (&User-Name =~ / /) -> FALSE
- (2) if (&User-Name =~ /@[^@]*@/ ) {
- (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (2) if (&User-Name =~ /\.\./ ) {
- (2) if (&User-Name =~ /\.\./ ) -> FALSE
- (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (2) if (&User-Name =~ /\.$/) {
- (2) if (&User-Name =~ /\.$/) -> FALSE
- (2) if (&User-Name =~ /@\./) {
- (2) if (&User-Name =~ /@\./) -> FALSE
- (2) } # if (&User-Name) = notfound
- (2) } # policy filter_username = notfound
- (2) [preprocess] = ok
- (2) [chap] = noop
- (2) [mschap] = noop
- (2) [digest] = noop
- (2) suffix: Checking for suffix after "@"
- (2) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (2) suffix: No such realm "NULL"
- (2) [suffix] = noop
- (2) eap: Peer sent EAP Response (code 2) ID 2 length 6
- (2) eap: Continuing tunnel setup
- (2) [eap] = ok
- (2) } # authorize = ok
- (2) Found Auth-Type = eap
- (2) # Executing group from file /etc/raddb/sites-enabled/default
- (2) authenticate {
- (2) eap: Expiring EAP session with state 0xb9041651b8060f15
- (2) eap: Finished EAP session with state 0xb9041651b8060f15
- (2) eap: Previous EAP request found for state 0xb9041651b8060f15, released from the list
- (2) eap: Peer sent packet with method EAP PEAP (25)
- (2) eap: Calling submodule eap_peap to process data
- (2) eap_peap: Continuing EAP-TLS
- (2) eap_peap: Peer ACKed our handshake fragment
- (2) eap_peap: [eaptls verify] = request
- (2) eap_peap: [eaptls process] = handled
- (2) eap: Sending EAP Request (code 1) ID 3 length 1000
- (2) eap: EAP session adding &reply:State = 0xb9041651bb070f15
- (2) [eap] = handled
- (2) } # authenticate = handled
- (2) Using Post-Auth-Type Challenge
- (2) Post-Auth-Type sub-section not found. Ignoring.
- (2) # Executing group from file /etc/raddb/sites-enabled/default
- (2) Sent Access-Challenge Id 26 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (2) EAP-Message = 0x010303e81940a985a92e8776b026aa0ca6454d39c8092f1777cb7717bafde9e0586c2db6953cbc1d0dc6dc89a54698f1474daa14ed35c2d76278209bed31b5b6f844db7500fb233337267f13341548de9a5a3219a57eaa7be8fbdc5048ac8060c257cf4e7bb8b599e15e02700609010004e8308204e430
- (2) Message-Authenticator = 0x00000000000000000000000000000000
- (2) State = 0xb9041651bb070f15b0b9e469d234e6ed
- (2) Finished request
- Waking up in 4.9 seconds.
- (3) Received Access-Request Id 27 from 10.8.0.111:58432 to 10.8.64.155:1812 length 186
- (3) User-Name = "vkratsberg"
- (3) NAS-Port = 358
- (3) State = 0xb9041651bb070f15b0b9e469d234e6ed
- (3) EAP-Message = 0x020300061900
- (3) Message-Authenticator = 0x6da673ba849096875be1aa2516e90e74
- (3) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
- (3) NAS-Port-Id = "ge-3/0/6.0"
- (3) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (3) Called-Station-Id = "ec-3e-f7-68-35-00"
- (3) NAS-IP-Address = 10.8.0.111
- (3) NAS-Identifier = "nyc-access-sw011"
- (3) NAS-Port-Type = Ethernet
- (3) session-state: No cached attributes
- (3) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (3) authorize {
- (3) policy filter_username {
- (3) if (&User-Name) {
- (3) if (&User-Name) -> TRUE
- (3) if (&User-Name) {
- (3) if (&User-Name =~ / /) {
- (3) if (&User-Name =~ / /) -> FALSE
- (3) if (&User-Name =~ /@[^@]*@/ ) {
- (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (3) if (&User-Name =~ /\.\./ ) {
- (3) if (&User-Name =~ /\.\./ ) -> FALSE
- (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (3) if (&User-Name =~ /\.$/) {
- (3) if (&User-Name =~ /\.$/) -> FALSE
- (3) if (&User-Name =~ /@\./) {
- (3) if (&User-Name =~ /@\./) -> FALSE
- (3) } # if (&User-Name) = notfound
- (3) } # policy filter_username = notfound
- (3) [preprocess] = ok
- (3) [chap] = noop
- (3) [mschap] = noop
- (3) [digest] = noop
- (3) suffix: Checking for suffix after "@"
- (3) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (3) suffix: No such realm "NULL"
- (3) [suffix] = noop
- (3) eap: Peer sent EAP Response (code 2) ID 3 length 6
- (3) eap: Continuing tunnel setup
- (3) [eap] = ok
- (3) } # authorize = ok
- (3) Found Auth-Type = eap
- (3) # Executing group from file /etc/raddb/sites-enabled/default
- (3) authenticate {
- (3) eap: Expiring EAP session with state 0xb9041651bb070f15
- (3) eap: Finished EAP session with state 0xb9041651bb070f15
- (3) eap: Previous EAP request found for state 0xb9041651bb070f15, released from the list
- (3) eap: Peer sent packet with method EAP PEAP (25)
- (3) eap: Calling submodule eap_peap to process data
- (3) eap_peap: Continuing EAP-TLS
- (3) eap_peap: Peer ACKed our handshake fragment
- (3) eap_peap: [eaptls verify] = request
- (3) eap_peap: [eaptls process] = handled
- (3) eap: Sending EAP Request (code 1) ID 4 length 721
- (3) eap: EAP session adding &reply:State = 0xb9041651ba000f15
- (3) [eap] = handled
- (3) } # authenticate = handled
- (3) Using Post-Auth-Type Challenge
- (3) Post-Auth-Type sub-section not found. Ignoring.
- (3) # Executing group from file /etc/raddb/sites-enabled/default
- (3) Sent Access-Challenge Id 27 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (3) EAP-Message = 0x010402d1190020417574686f72697479820900cd92931e3c4b4509300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d010105050003820101
- (3) Message-Authenticator = 0x00000000000000000000000000000000
- (3) State = 0xb9041651ba000f15b0b9e469d234e6ed
- (3) Finished request
- Waking up in 4.9 seconds.
- (4) Received Access-Request Id 28 from 10.8.0.111:58432 to 10.8.64.155:1812 length 324
- (4) User-Name = "vkratsberg"
- (4) NAS-Port = 358
- (4) State = 0xb9041651ba000f15b0b9e469d234e6ed
- (4) EAP-Message = 0x02040090198000000086160301004610000042410448897e7642f1644d763c2bb885dfe6f05a1d953996d5a90be25cc5b3f760b5798ec1688b7b914da811b274b3645d9285f95e8f5a5baa17ab29a7385d7e7028ea1403010001011603010030e13525f115b0852e945fbaaf3a6c2ea13677b780bac905
- (4) Message-Authenticator = 0xe3b29d9b9fc6607f54d4d06e5c8fc56c
- (4) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
- (4) NAS-Port-Id = "ge-3/0/6.0"
- (4) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (4) Called-Station-Id = "ec-3e-f7-68-35-00"
- (4) NAS-IP-Address = 10.8.0.111
- (4) NAS-Identifier = "nyc-access-sw011"
- (4) NAS-Port-Type = Ethernet
- (4) session-state: No cached attributes
- (4) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (4) authorize {
- (4) policy filter_username {
- (4) if (&User-Name) {
- (4) if (&User-Name) -> TRUE
- (4) if (&User-Name) {
- (4) if (&User-Name =~ / /) {
- (4) if (&User-Name =~ / /) -> FALSE
- (4) if (&User-Name =~ /@[^@]*@/ ) {
- (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (4) if (&User-Name =~ /\.\./ ) {
- (4) if (&User-Name =~ /\.\./ ) -> FALSE
- (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (4) if (&User-Name =~ /\.$/) {
- (4) if (&User-Name =~ /\.$/) -> FALSE
- (4) if (&User-Name =~ /@\./) {
- (4) if (&User-Name =~ /@\./) -> FALSE
- (4) } # if (&User-Name) = notfound
- (4) } # policy filter_username = notfound
- (4) [preprocess] = ok
- (4) [chap] = noop
- (4) [mschap] = noop
- (4) [digest] = noop
- (4) suffix: Checking for suffix after "@"
- (4) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (4) suffix: No such realm "NULL"
- (4) [suffix] = noop
- (4) eap: Peer sent EAP Response (code 2) ID 4 length 144
- (4) eap: Continuing tunnel setup
- (4) [eap] = ok
- (4) } # authorize = ok
- (4) Found Auth-Type = eap
- (4) # Executing group from file /etc/raddb/sites-enabled/default
- (4) authenticate {
- (4) eap: Expiring EAP session with state 0xb9041651ba000f15
- (4) eap: Finished EAP session with state 0xb9041651ba000f15
- (4) eap: Previous EAP request found for state 0xb9041651ba000f15, released from the list
- (4) eap: Peer sent packet with method EAP PEAP (25)
- (4) eap: Calling submodule eap_peap to process data
- (4) eap_peap: Continuing EAP-TLS
- (4) eap_peap: Peer indicated complete TLS record size will be 134 bytes
- (4) eap_peap: Got complete TLS record (134 bytes)
- (4) eap_peap: [eaptls verify] = length included
- (4) eap_peap: <<< recv TLS 1.0 Handshake [length 0046], ClientKeyExchange
- (4) eap_peap: TLS_accept: SSLv3 read client key exchange A
- (4) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (4) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (4) eap_peap: TLS_accept: SSLv3 read finished A
- (4) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (4) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (4) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (4) eap_peap: TLS_accept: SSLv3 write finished A
- (4) eap_peap: TLS_accept: SSLv3 flush data
- (4) eap_peap: (other): SSL negotiation finished successfully
- (4) eap_peap: SSL Connection Established
- (4) eap_peap: [eaptls process] = handled
- (4) eap: Sending EAP Request (code 1) ID 5 length 65
- (4) eap: EAP session adding &reply:State = 0xb9041651bd010f15
- (4) [eap] = handled
- (4) } # authenticate = handled
- (4) Using Post-Auth-Type Challenge
- (4) Post-Auth-Type sub-section not found. Ignoring.
- (4) # Executing group from file /etc/raddb/sites-enabled/default
- (4) Sent Access-Challenge Id 28 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (4) EAP-Message = 0x010500411900140301000101160301003007dfe89ea77d86953224e0877d2c748f775a851cf76eabba1381fe15c7a6a5c517a9d16735ace23d52f1bc2bc48d8752
- (4) Message-Authenticator = 0x00000000000000000000000000000000
- (4) State = 0xb9041651bd010f15b0b9e469d234e6ed
- (4) Finished request
- Waking up in 4.9 seconds.
- (5) Received Access-Request Id 29 from 10.8.0.111:58432 to 10.8.64.155:1812 length 186
- (5) User-Name = "vkratsberg"
- (5) NAS-Port = 358
- (5) State = 0xb9041651bd010f15b0b9e469d234e6ed
- (5) EAP-Message = 0x020500061900
- (5) Message-Authenticator = 0xe2d87d0e9d3dc23c9ce035b566ea0ab2
- (5) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
- (5) NAS-Port-Id = "ge-3/0/6.0"
- (5) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (5) Called-Station-Id = "ec-3e-f7-68-35-00"
- (5) NAS-IP-Address = 10.8.0.111
- (5) NAS-Identifier = "nyc-access-sw011"
- (5) NAS-Port-Type = Ethernet
- (5) session-state: No cached attributes
- (5) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (5) authorize {
- (5) policy filter_username {
- (5) if (&User-Name) {
- (5) if (&User-Name) -> TRUE
- (5) if (&User-Name) {
- (5) if (&User-Name =~ / /) {
- (5) if (&User-Name =~ / /) -> FALSE
- (5) if (&User-Name =~ /@[^@]*@/ ) {
- (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (5) if (&User-Name =~ /\.\./ ) {
- (5) if (&User-Name =~ /\.\./ ) -> FALSE
- (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (5) if (&User-Name =~ /\.$/) {
- (5) if (&User-Name =~ /\.$/) -> FALSE
- (5) if (&User-Name =~ /@\./) {
- (5) if (&User-Name =~ /@\./) -> FALSE
- (5) } # if (&User-Name) = notfound
- (5) } # policy filter_username = notfound
- (5) [preprocess] = ok
- (5) [chap] = noop
- (5) [mschap] = noop
- (5) [digest] = noop
- (5) suffix: Checking for suffix after "@"
- (5) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (5) suffix: No such realm "NULL"
- (5) [suffix] = noop
- (5) eap: Peer sent EAP Response (code 2) ID 5 length 6
- (5) eap: Continuing tunnel setup
- (5) [eap] = ok
- (5) } # authorize = ok
- (5) Found Auth-Type = eap
- (5) # Executing group from file /etc/raddb/sites-enabled/default
- (5) authenticate {
- (5) eap: Expiring EAP session with state 0xb9041651bd010f15
- (5) eap: Finished EAP session with state 0xb9041651bd010f15
- (5) eap: Previous EAP request found for state 0xb9041651bd010f15, released from the list
- (5) eap: Peer sent packet with method EAP PEAP (25)
- (5) eap: Calling submodule eap_peap to process data
- (5) eap_peap: Continuing EAP-TLS
- (5) eap_peap: Peer ACKed our handshake fragment. handshake is finished
- (5) eap_peap: [eaptls verify] = success
- (5) eap_peap: [eaptls process] = success
- (5) eap_peap: Session established. Decoding tunneled attributes
- (5) eap_peap: PEAP state TUNNEL ESTABLISHED
- (5) eap: Sending EAP Request (code 1) ID 6 length 43
- (5) eap: EAP session adding &reply:State = 0xb9041651bc020f15
- (5) [eap] = handled
- (5) } # authenticate = handled
- (5) Using Post-Auth-Type Challenge
- (5) Post-Auth-Type sub-section not found. Ignoring.
- (5) # Executing group from file /etc/raddb/sites-enabled/default
- (5) Sent Access-Challenge Id 29 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (5) EAP-Message = 0x0106002b19001703010020d295762b26d1993b1a516aed02ecefc6a6d13a058c9dcbaa900d5c425ef2c883
- (5) Message-Authenticator = 0x00000000000000000000000000000000
- (5) State = 0xb9041651bc020f15b0b9e469d234e6ed
- (5) Finished request
- Waking up in 4.9 seconds.
- (6) Received Access-Request Id 30 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (6) User-Name = "vkratsberg"
- (6) NAS-Port = 358
- (6) State = 0xb9041651bc020f15b0b9e469d234e6ed
- (6) EAP-Message = 0x0206002b1900170301002014a960f83904b749376ba61b736f03fdf4aae0d830cb68cd137f87066d3d5e4c
- (6) Message-Authenticator = 0x9407ec5edbeba29f46f46b3cd8b2fde6
- (6) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
- (6) NAS-Port-Id = "ge-3/0/6.0"
- (6) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (6) Called-Station-Id = "ec-3e-f7-68-35-00"
- (6) NAS-IP-Address = 10.8.0.111
- (6) NAS-Identifier = "nyc-access-sw011"
- (6) NAS-Port-Type = Ethernet
- (6) session-state: No cached attributes
- (6) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (6) authorize {
- (6) policy filter_username {
- (6) if (&User-Name) {
- (6) if (&User-Name) -> TRUE
- (6) if (&User-Name) {
- (6) if (&User-Name =~ / /) {
- (6) if (&User-Name =~ / /) -> FALSE
- (6) if (&User-Name =~ /@[^@]*@/ ) {
- (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (6) if (&User-Name =~ /\.\./ ) {
- (6) if (&User-Name =~ /\.\./ ) -> FALSE
- (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (6) if (&User-Name =~ /\.$/) {
- (6) if (&User-Name =~ /\.$/) -> FALSE
- (6) if (&User-Name =~ /@\./) {
- (6) if (&User-Name =~ /@\./) -> FALSE
- (6) } # if (&User-Name) = notfound
- (6) } # policy filter_username = notfound
- (6) [preprocess] = ok
- (6) [chap] = noop
- (6) [mschap] = noop
- (6) [digest] = noop
- (6) suffix: Checking for suffix after "@"
- (6) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (6) suffix: No such realm "NULL"
- (6) [suffix] = noop
- (6) eap: Peer sent EAP Response (code 2) ID 6 length 43
- (6) eap: Continuing tunnel setup
- (6) [eap] = ok
- (6) } # authorize = ok
- (6) Found Auth-Type = eap
- (6) # Executing group from file /etc/raddb/sites-enabled/default
- (6) authenticate {
- (6) eap: Expiring EAP session with state 0xb9041651bc020f15
- (6) eap: Finished EAP session with state 0xb9041651bc020f15
- (6) eap: Previous EAP request found for state 0xb9041651bc020f15, released from the list
- (6) eap: Peer sent packet with method EAP PEAP (25)
- (6) eap: Calling submodule eap_peap to process data
- (6) eap_peap: Continuing EAP-TLS
- (6) eap_peap: [eaptls verify] = ok
- (6) eap_peap: Done initial handshake
- (6) eap_peap: [eaptls process] = ok
- (6) eap_peap: Session established. Decoding tunneled attributes
- (6) eap_peap: PEAP state WAITING FOR INNER IDENTITY
- (6) eap_peap: Identity - vkratsberg
- (6) eap_peap: Got inner identity 'vkratsberg'
- (6) eap_peap: Setting default EAP type for tunneled EAP session
- (6) eap_peap: Got tunneled request
- (6) eap_peap: EAP-Message = 0x0206000f01766b7261747362657267
- (6) eap_peap: Setting User-Name to vkratsberg
- (6) eap_peap: Sending tunneled request to inner-tunnel
- (6) eap_peap: EAP-Message = 0x0206000f01766b7261747362657267
- (6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
- (6) eap_peap: User-Name = "vkratsberg"
- (6) Virtual server inner-tunnel received request
- (6) EAP-Message = 0x0206000f01766b7261747362657267
- (6) FreeRADIUS-Proxied-To = 127.0.0.1
- (6) User-Name = "vkratsberg"
- (6) WARNING: Outer and inner identities are the same. User privacy is compromised.
- (6) server inner-tunnel {
- (6) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
- (6) authorize {
- (6) policy filter_username {
- (6) if (&User-Name) {
- (6) if (&User-Name) -> TRUE
- (6) if (&User-Name) {
- (6) if (&User-Name =~ / /) {
- (6) if (&User-Name =~ / /) -> FALSE
- (6) if (&User-Name =~ /@[^@]*@/ ) {
- (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (6) if (&User-Name =~ /\.\./ ) {
- (6) if (&User-Name =~ /\.\./ ) -> FALSE
- (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (6) if (&User-Name =~ /\.$/) {
- (6) if (&User-Name =~ /\.$/) -> FALSE
- (6) if (&User-Name =~ /@\./) {
- (6) if (&User-Name =~ /@\./) -> FALSE
- (6) } # if (&User-Name) = notfound
- (6) } # policy filter_username = notfound
- (6) [chap] = noop
- (6) [mschap] = noop
- (6) suffix: Checking for suffix after "@"
- (6) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (6) suffix: No such realm "NULL"
- (6) [suffix] = noop
- (6) update control {
- (6) &Proxy-To-Realm := LOCAL
- (6) } # update control = noop
- (6) eap: Peer sent EAP Response (code 2) ID 6 length 15
- (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (6) [eap] = ok
- (6) } # authorize = ok
- (6) Found Auth-Type = eap
- (6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
- (6) authenticate {
- (6) eap: Peer sent packet with method EAP Identity (1)
- (6) eap: Calling submodule eap_gtc to process data
- (6) eap_gtc: EXPAND Password:
- (6) eap_gtc: --> Password:
- (6) eap: Sending EAP Request (code 1) ID 7 length 15
- (6) eap: EAP session adding &reply:State = 0x4021293440262fa5
- (6) [eap] = handled
- (6) } # authenticate = handled
- (6) } # server inner-tunnel
- (6) Virtual server sending reply
- (6) EAP-Message = 0x0107000f0650617373776f72643a20
- (6) Message-Authenticator = 0x00000000000000000000000000000000
- (6) State = 0x4021293440262fa575ce0d9af5368585
- (6) eap_peap: Got tunneled reply code 11
- (6) eap_peap: EAP-Message = 0x0107000f0650617373776f72643a20
- (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
- (6) eap_peap: State = 0x4021293440262fa575ce0d9af5368585
- (6) eap_peap: Got tunneled reply RADIUS code 11
- (6) eap_peap: EAP-Message = 0x0107000f0650617373776f72643a20
- (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
- (6) eap_peap: State = 0x4021293440262fa575ce0d9af5368585
- (6) eap_peap: Got tunneled Access-Challenge
- (6) eap: Sending EAP Request (code 1) ID 7 length 43
- (6) eap: EAP session adding &reply:State = 0xb9041651bf030f15
- (6) [eap] = handled
- (6) } # authenticate = handled
- (6) Using Post-Auth-Type Challenge
- (6) Post-Auth-Type sub-section not found. Ignoring.
- (6) # Executing group from file /etc/raddb/sites-enabled/default
- (6) Sent Access-Challenge Id 30 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (6) EAP-Message = 0x0107002b19001703010020a735a7e3c4d3f78965bb47f10393ae945007d1973e98cf8e06058803bf844924
- (6) Message-Authenticator = 0x00000000000000000000000000000000
- (6) State = 0xb9041651bf030f15b0b9e469d234e6ed
- (6) Finished request
- Waking up in 4.9 seconds.
- (7) Received Access-Request Id 31 from 10.8.0.111:58432 to 10.8.64.155:1812 length 239
- (7) User-Name = "vkratsberg"
- (7) NAS-Port = 358
- (7) State = 0xb9041651bf030f15b0b9e469d234e6ed
- (7) EAP-Message = 0x0207003b190017030100307bf478d4cf8a905a85d2e15969788a8e789c1529e3bd2a8b14016a8b2d73c96b899857e2c5a3113e4597ddd06e5c5aba
- (7) Message-Authenticator = 0xfb41a29e3d6a768ff1f4c492afa7ce55
- (7) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
- (7) NAS-Port-Id = "ge-3/0/6.0"
- (7) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (7) Called-Station-Id = "ec-3e-f7-68-35-00"
- (7) NAS-IP-Address = 10.8.0.111
- (7) NAS-Identifier = "nyc-access-sw011"
- (7) NAS-Port-Type = Ethernet
- (7) session-state: No cached attributes
- (7) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (7) authorize {
- (7) policy filter_username {
- (7) if (&User-Name) {
- (7) if (&User-Name) -> TRUE
- (7) if (&User-Name) {
- (7) if (&User-Name =~ / /) {
- (7) if (&User-Name =~ / /) -> FALSE
- (7) if (&User-Name =~ /@[^@]*@/ ) {
- (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (7) if (&User-Name =~ /\.\./ ) {
- (7) if (&User-Name =~ /\.\./ ) -> FALSE
- (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (7) if (&User-Name =~ /\.$/) {
- (7) if (&User-Name =~ /\.$/) -> FALSE
- (7) if (&User-Name =~ /@\./) {
- (7) if (&User-Name =~ /@\./) -> FALSE
- (7) } # if (&User-Name) = notfound
- (7) } # policy filter_username = notfound
- (7) [preprocess] = ok
- (7) [chap] = noop
- (7) [mschap] = noop
- (7) [digest] = noop
- (7) suffix: Checking for suffix after "@"
- (7) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (7) suffix: No such realm "NULL"
- (7) [suffix] = noop
- (7) eap: Peer sent EAP Response (code 2) ID 7 length 59
- (7) eap: Continuing tunnel setup
- (7) [eap] = ok
- (7) } # authorize = ok
- (7) Found Auth-Type = eap
- (7) # Executing group from file /etc/raddb/sites-enabled/default
- (7) authenticate {
- (7) eap: Expiring EAP session with state 0x4021293440262fa5
- (7) eap: Finished EAP session with state 0xb9041651bf030f15
- (7) eap: Previous EAP request found for state 0xb9041651bf030f15, released from the list
- (7) eap: Peer sent packet with method EAP PEAP (25)
- (7) eap: Calling submodule eap_peap to process data
- (7) eap_peap: Continuing EAP-TLS
- (7) eap_peap: [eaptls verify] = ok
- (7) eap_peap: Done initial handshake
- (7) eap_peap: [eaptls process] = ok
- (7) eap_peap: Session established. Decoding tunneled attributes
- (7) eap_peap: PEAP state phase2
- (7) eap_peap: EAP method GTC (6)
- (7) eap_peap: Got tunneled request
- (7) eap_peap: EAP-Message = 0x02070010065b566b726174313938335d
- (7) eap_peap: Setting User-Name to vkratsberg
- (7) eap_peap: Sending tunneled request to inner-tunnel
- (7) eap_peap: EAP-Message = 0x02070010065b566b726174313938335d
- (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
- (7) eap_peap: User-Name = "vkratsberg"
- (7) eap_peap: State = 0x4021293440262fa575ce0d9af5368585
- (7) Virtual server inner-tunnel received request
- (7) EAP-Message = 0x02070010065b566b726174313938335d
- (7) FreeRADIUS-Proxied-To = 127.0.0.1
- (7) User-Name = "vkratsberg"
- (7) State = 0x4021293440262fa575ce0d9af5368585
- (7) WARNING: Outer and inner identities are the same. User privacy is compromised.
- (7) server inner-tunnel {
- (7) session-state: No cached attributes
- (7) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
- (7) authorize {
- (7) policy filter_username {
- (7) if (&User-Name) {
- (7) if (&User-Name) -> TRUE
- (7) if (&User-Name) {
- (7) if (&User-Name =~ / /) {
- (7) if (&User-Name =~ / /) -> FALSE
- (7) if (&User-Name =~ /@[^@]*@/ ) {
- (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (7) if (&User-Name =~ /\.\./ ) {
- (7) if (&User-Name =~ /\.\./ ) -> FALSE
- (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (7) if (&User-Name =~ /\.$/) {
- (7) if (&User-Name =~ /\.$/) -> FALSE
- (7) if (&User-Name =~ /@\./) {
- (7) if (&User-Name =~ /@\./) -> FALSE
- (7) } # if (&User-Name) = notfound
- (7) } # policy filter_username = notfound
- (7) [chap] = noop
- (7) [mschap] = noop
- (7) suffix: Checking for suffix after "@"
- (7) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (7) suffix: No such realm "NULL"
- (7) [suffix] = noop
- (7) update control {
- (7) &Proxy-To-Realm := LOCAL
- (7) } # update control = noop
- (7) eap: Peer sent EAP Response (code 2) ID 7 length 16
- (7) eap: No EAP Start, assuming it's an on-going EAP conversation
- (7) [eap] = updated
- (7) files: Searching for user in group "juniper-admins"
- rlm_ldap (ldap): Reserved connection (0)
- (7) files: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
- (7) files: --> (uid=vkratsberg)
- (7) files: Performing search in "dc=sq,dc=net" with filter "(uid=vkratsberg)", scope "sub"
- (7) files: Waiting for search result...
- (7) files: User object found at DN "uid=vkratsberg,ou=people,dc=sq,dc=net"
- (7) files: Checking for user in group objects
- (7) files: EXPAND (&(cn=juniper-admins)(objectClass=GroupOfNames)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}})))
- (7) files: --> (&(cn=juniper-admins)(objectClass=GroupOfNames)(|(member=uid\3dvkratsberg\2cou\3dpeople\2cdc\3dsq\2cdc\3dnet)(memberUid=vkratsberg)))
- (7) files: Performing search in "dc=sq,dc=net" with filter "(&(cn=juniper-admins)(objectClass=GroupOfNames)(|(member=uid\3dvkratsberg\2cou\3dpeople\2cdc\3dsq\2cdc\3dnet)(memberUid=vkratsberg)))", scope "sub"
- (7) files: Waiting for search result...
- (7) files: User found in group object "dc=sq,dc=net"
- rlm_ldap (ldap): Released connection (0)
- (7) files: users: Matched entry DEFAULT at line 98
- (7) [files] = ok
- rlm_ldap (ldap): Reserved connection (1)
- (7) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
- (7) ldap: --> (uid=vkratsberg)
- (7) ldap: Performing search in "dc=sq,dc=net" with filter "(uid=vkratsberg)", scope "sub"
- (7) ldap: Waiting for search result...
- (7) ldap: User object found at DN "uid=vkratsberg,ou=people,dc=sq,dc=net"
- (7) ldap: Processing user attributes
- (7) ldap: control:Password-With-Header += '{SSHA}Qen1MM87QS4nPktGhWkyE3ECTjucBhAp+Ce+Ug=='
- rlm_ldap (ldap): Released connection (1)
- (7) [ldap] = updated
- (7) [expiration] = noop
- (7) [logintime] = noop
- (7) pap: Converted: Password-With-Header -> SSHA1-Password
- (7) pap: Removing &control:Password-With-Header
- (7) pap: Normalizing SSHA1-Password from base64 encoding, 40 bytes -> 28 bytes
- (7) pap: WARNING: Auth-Type already set. Not setting to PAP
- (7) [pap] = noop
- (7) } # authorize = updated
- (7) Found Auth-Type = eap
- (7) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
- (7) authenticate {
- (7) eap: Expiring EAP session with state 0x4021293440262fa5
- (7) eap: Finished EAP session with state 0x4021293440262fa5
- (7) eap: Previous EAP request found for state 0x4021293440262fa5, released from the list
- (7) eap: Peer sent packet with method EAP GTC (6)
- (7) eap: Calling submodule eap_gtc to process data
- (7) eap_gtc: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
- (7) eap_gtc: Auth-Type PAP {
- (7) pap: Login attempt with password
- (7) pap: Comparing with "known-good" SSHA-Password
- (7) pap: User authenticated successfully
- (7) [pap] = ok
- (7) } # Auth-Type PAP = ok
- (7) eap: Sending EAP Success (code 3) ID 7 length 4
- (7) eap: Freeing handler
- (7) [eap] = ok
- (7) } # authenticate = ok
- (7) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel
- (7) post-auth { ... } # empty sub-section is ignored
- (7) } # server inner-tunnel
- (7) Virtual server sending reply
- (7) Service-Type = Login-User
- (7) Idle-Timeout = 600
- (7) Juniper-Local-User-Name = "admin"
- (7) Tunnel-Type = VLAN
- (7) Tunnel-Medium-Type = IEEE-802
- (7) Tunnel-Private-Group-Id = "810"
- (7) EAP-Message = 0x03070004
- (7) Message-Authenticator = 0x00000000000000000000000000000000
- (7) User-Name = "vkratsberg"
- (7) eap_peap: Got tunneled reply code 2
- (7) eap_peap: Service-Type = Login-User
- (7) eap_peap: Idle-Timeout = 600
- (7) eap_peap: Juniper-Local-User-Name = "admin"
- (7) eap_peap: Tunnel-Type = VLAN
- (7) eap_peap: Tunnel-Medium-Type = IEEE-802
- (7) eap_peap: Tunnel-Private-Group-Id = "810"
- (7) eap_peap: EAP-Message = 0x03070004
- (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
- (7) eap_peap: User-Name = "vkratsberg"
- (7) eap_peap: Got tunneled reply RADIUS code 2
- (7) eap_peap: Service-Type = Login-User
- (7) eap_peap: Idle-Timeout = 600
- (7) eap_peap: Juniper-Local-User-Name = "admin"
- (7) eap_peap: Tunnel-Type = VLAN
- (7) eap_peap: Tunnel-Medium-Type = IEEE-802
- (7) eap_peap: Tunnel-Private-Group-Id = "810"
- (7) eap_peap: EAP-Message = 0x03070004
- (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
- (7) eap_peap: User-Name = "vkratsberg"
- (7) eap_peap: Tunneled authentication was successful
- (7) eap_peap: SUCCESS
- (7) eap_peap: Saving tunneled attributes for later
- (7) eap: Sending EAP Request (code 1) ID 8 length 43
- (7) eap: EAP session adding &reply:State = 0xb9041651be0c0f15
- (7) [eap] = handled
- (7) } # authenticate = handled
- (7) Using Post-Auth-Type Challenge
- (7) Post-Auth-Type sub-section not found. Ignoring.
- (7) # Executing group from file /etc/raddb/sites-enabled/default
- (7) Sent Access-Challenge Id 31 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (7) EAP-Message = 0x0108002b190017030100208d9e8cf4997e690544834b789122167ecbd2baa34f322db60a9deb702379c0d1
- (7) Message-Authenticator = 0x00000000000000000000000000000000
- (7) State = 0xb9041651be0c0f15b0b9e469d234e6ed
- (7) Finished request
- Waking up in 4.8 seconds.
- (8) Received Access-Request Id 32 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (8) User-Name = "vkratsberg"
- (8) NAS-Port = 358
- (8) State = 0xb9041651be0c0f15b0b9e469d234e6ed
- (8) EAP-Message = 0x0208002b1900170301002078e5d6bbe3b2444ea043c5198c26ce62d4d3f1ad174ff00d696da1f343e34c4f
- (8) Message-Authenticator = 0x73a9ec2baa0371f4ef359ae867f629af
- (8) Acct-Session-Id = "8O2.1x81bb08330008a8a9"
- (8) NAS-Port-Id = "ge-3/0/6.0"
- (8) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (8) Called-Station-Id = "ec-3e-f7-68-35-00"
- (8) NAS-IP-Address = 10.8.0.111
- (8) NAS-Identifier = "nyc-access-sw011"
- (8) NAS-Port-Type = Ethernet
- (8) session-state: No cached attributes
- (8) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (8) authorize {
- (8) policy filter_username {
- (8) if (&User-Name) {
- (8) if (&User-Name) -> TRUE
- (8) if (&User-Name) {
- (8) if (&User-Name =~ / /) {
- (8) if (&User-Name =~ / /) -> FALSE
- (8) if (&User-Name =~ /@[^@]*@/ ) {
- (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (8) if (&User-Name =~ /\.\./ ) {
- (8) if (&User-Name =~ /\.\./ ) -> FALSE
- (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (8) if (&User-Name =~ /\.$/) {
- (8) if (&User-Name =~ /\.$/) -> FALSE
- (8) if (&User-Name =~ /@\./) {
- (8) if (&User-Name =~ /@\./) -> FALSE
- (8) } # if (&User-Name) = notfound
- (8) } # policy filter_username = notfound
- (8) [preprocess] = ok
- (8) [chap] = noop
- (8) [mschap] = noop
- (8) [digest] = noop
- (8) suffix: Checking for suffix after "@"
- (8) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (8) suffix: No such realm "NULL"
- (8) [suffix] = noop
- (8) eap: Peer sent EAP Response (code 2) ID 8 length 43
- (8) eap: Continuing tunnel setup
- (8) [eap] = ok
- (8) } # authorize = ok
- (8) Found Auth-Type = eap
- (8) # Executing group from file /etc/raddb/sites-enabled/default
- (8) authenticate {
- (8) eap: Expiring EAP session with state 0xb9041651be0c0f15
- (8) eap: Finished EAP session with state 0xb9041651be0c0f15
- (8) eap: Previous EAP request found for state 0xb9041651be0c0f15, released from the list
- (8) eap: Peer sent packet with method EAP PEAP (25)
- (8) eap: Calling submodule eap_peap to process data
- (8) eap_peap: Continuing EAP-TLS
- (8) eap_peap: [eaptls verify] = ok
- (8) eap_peap: Done initial handshake
- (8) eap_peap: [eaptls process] = ok
- (8) eap_peap: Session established. Decoding tunneled attributes
- (8) eap_peap: PEAP state send tlv success
- (8) eap_peap: Received EAP-TLV response
- (8) eap_peap: Success
- (8) eap_peap: Using saved attributes from the original Access-Accept
- (8) eap_peap: Service-Type = Login-User
- (8) eap_peap: Idle-Timeout = 600
- (8) eap_peap: Juniper-Local-User-Name = "admin"
- (8) eap_peap: Tunnel-Type = VLAN
- (8) eap_peap: Tunnel-Medium-Type = IEEE-802
- (8) eap_peap: Tunnel-Private-Group-Id = "810"
- (8) eap_peap: User-Name = "vkratsberg"
- (8) eap_peap: caching User-Name = "vkratsberg"
- (8) eap_peap: Failed to find 'persist_dir' in TLS configuration. Session will not be cached on disk.
- (8) eap: Sending EAP Success (code 3) ID 8 length 4
- (8) eap: Freeing handler
- (8) [eap] = ok
- (8) } # authenticate = ok
- (8) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (8) post-auth {
- (8) update {
- (8) No attributes updated
- (8) } # update = noop
- (8) [exec] = noop
- (8) policy remove_reply_message_if_eap {
- (8) if (&reply:EAP-Message && &reply:Reply-Message) {
- (8) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (8) else {
- (8) [noop] = noop
- (8) } # else = noop
- (8) } # policy remove_reply_message_if_eap = noop
- (8) } # post-auth = noop
- (8) Sent Access-Accept Id 32 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (8) Service-Type = Login-User
- (8) Idle-Timeout = 600
- (8) Juniper-Local-User-Name = "admin"
- (8) Tunnel-Type = VLAN
- (8) Tunnel-Medium-Type = IEEE-802
- (8) Tunnel-Private-Group-Id = "810"
- (8) User-Name = "vkratsberg"
- (8) MS-MPPE-Recv-Key = 0xb08333bdbf2e0e070c28c461de742ce54d8617a5503a5e375f780488db142a66
- (8) MS-MPPE-Send-Key = 0x32c4e6897ab123084e0d95f456035e5e8f9ab424a23fc754fc0c5a3a413a089c
- (8) EAP-Message = 0x03080004
- (8) Message-Authenticator = 0x00000000000000000000000000000000
- (8) Finished request
- Waking up in 4.8 seconds.
- (9) Received Access-Request Id 33 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (9) User-Name = "vkratsberg"
- (9) NAS-Port = 358
- (9) EAP-Message = 0x0209000f01766b7261747362657267
- (9) Message-Authenticator = 0xed5f7fe804b0e7f1e379cb60a6b07264
- (9) Acct-Session-Id = "8O2.1x81bb0834000d463c"
- (9) NAS-Port-Id = "ge-3/0/6.0"
- (9) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (9) Called-Station-Id = "ec-3e-f7-68-35-00"
- (9) NAS-IP-Address = 10.8.0.111
- (9) NAS-Identifier = "nyc-access-sw011"
- (9) NAS-Port-Type = Ethernet
- (9) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (9) authorize {
- (9) policy filter_username {
- (9) if (&User-Name) {
- (9) if (&User-Name) -> TRUE
- (9) if (&User-Name) {
- (9) if (&User-Name =~ / /) {
- (9) if (&User-Name =~ / /) -> FALSE
- (9) if (&User-Name =~ /@[^@]*@/ ) {
- (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (9) if (&User-Name =~ /\.\./ ) {
- (9) if (&User-Name =~ /\.\./ ) -> FALSE
- (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (9) if (&User-Name =~ /\.$/) {
- (9) if (&User-Name =~ /\.$/) -> FALSE
- (9) if (&User-Name =~ /@\./) {
- (9) if (&User-Name =~ /@\./) -> FALSE
- (9) } # if (&User-Name) = notfound
- (9) } # policy filter_username = notfound
- (9) [preprocess] = ok
- (9) [chap] = noop
- (9) [mschap] = noop
- (9) [digest] = noop
- (9) suffix: Checking for suffix after "@"
- (9) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (9) suffix: No such realm "NULL"
- (9) [suffix] = noop
- (9) eap: Peer sent EAP Response (code 2) ID 9 length 15
- (9) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (9) [eap] = ok
- (9) } # authorize = ok
- (9) Found Auth-Type = eap
- (9) # Executing group from file /etc/raddb/sites-enabled/default
- (9) authenticate {
- (9) eap: Peer sent packet with method EAP Identity (1)
- (9) eap: Calling submodule eap_peap to process data
- (9) eap_peap: Initiating new EAP-TLS session
- (9) eap_peap: [eaptls start] = request
- (9) eap: Sending EAP Request (code 1) ID 10 length 6
- (9) eap: EAP session adding &reply:State = 0xff5eb7daff54ae48
- (9) [eap] = handled
- (9) } # authenticate = handled
- (9) Using Post-Auth-Type Challenge
- (9) Post-Auth-Type sub-section not found. Ignoring.
- (9) # Executing group from file /etc/raddb/sites-enabled/default
- (9) Sent Access-Challenge Id 33 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (9) EAP-Message = 0x010a00061920
- (9) Message-Authenticator = 0x00000000000000000000000000000000
- (9) State = 0xff5eb7daff54ae487301379a9ca9be22
- (9) Finished request
- Waking up in 4.7 seconds.
- (10) Received Access-Request Id 34 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (10) User-Name = "vkratsberg"
- (10) NAS-Port = 358
- (10) State = 0xff5eb7daff54ae487301379a9ca9be22
- (10) EAP-Message = 0x020a00a31980000000991603010094010000900301573f503b1eb09f57ba58936d7c2d066dfd54daf58da7abcc42f31117d2b89f3120274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (10) Message-Authenticator = 0xf839e84cc12da85d092c83ac9ccad37b
- (10) Acct-Session-Id = "8O2.1x81bb0834000d463c"
- (10) NAS-Port-Id = "ge-3/0/6.0"
- (10) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (10) Called-Station-Id = "ec-3e-f7-68-35-00"
- (10) NAS-IP-Address = 10.8.0.111
- (10) NAS-Identifier = "nyc-access-sw011"
- (10) NAS-Port-Type = Ethernet
- (10) session-state: No cached attributes
- (10) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (10) authorize {
- (10) policy filter_username {
- (10) if (&User-Name) {
- (10) if (&User-Name) -> TRUE
- (10) if (&User-Name) {
- (10) if (&User-Name =~ / /) {
- (10) if (&User-Name =~ / /) -> FALSE
- (10) if (&User-Name =~ /@[^@]*@/ ) {
- (10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (10) if (&User-Name =~ /\.\./ ) {
- (10) if (&User-Name =~ /\.\./ ) -> FALSE
- (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (10) if (&User-Name =~ /\.$/) {
- (10) if (&User-Name =~ /\.$/) -> FALSE
- (10) if (&User-Name =~ /@\./) {
- (10) if (&User-Name =~ /@\./) -> FALSE
- (10) } # if (&User-Name) = notfound
- (10) } # policy filter_username = notfound
- (10) [preprocess] = ok
- (10) [chap] = noop
- (10) [mschap] = noop
- (10) [digest] = noop
- (10) suffix: Checking for suffix after "@"
- (10) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (10) suffix: No such realm "NULL"
- (10) [suffix] = noop
- (10) eap: Peer sent EAP Response (code 2) ID 10 length 163
- (10) eap: Continuing tunnel setup
- (10) [eap] = ok
- (10) } # authorize = ok
- (10) Found Auth-Type = eap
- (10) # Executing group from file /etc/raddb/sites-enabled/default
- (10) authenticate {
- (10) eap: Expiring EAP session with state 0xff5eb7daff54ae48
- (10) eap: Finished EAP session with state 0xff5eb7daff54ae48
- (10) eap: Previous EAP request found for state 0xff5eb7daff54ae48, released from the list
- (10) eap: Peer sent packet with method EAP PEAP (25)
- (10) eap: Calling submodule eap_peap to process data
- (10) eap_peap: Continuing EAP-TLS
- (10) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (10) eap_peap: Got complete TLS record (153 bytes)
- (10) eap_peap: [eaptls verify] = length included
- (10) eap_peap: (other): before/accept initialization
- (10) eap_peap: TLS_accept: before/accept initialization
- (10) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (10) eap_peap: TLS_accept: SSLv3 read client hello A
- (10) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (10) eap_peap: TLS_accept: SSLv3 write server hello A
- (10) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (10) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (10) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (10) eap_peap: TLS_accept: SSLv3 write finished A
- (10) eap_peap: TLS_accept: SSLv3 flush data
- (10) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (10) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (10) eap_peap: In SSL Handshake Phase
- (10) eap_peap: In SSL Accept mode
- (10) eap_peap: [eaptls process] = handled
- (10) eap: Sending EAP Request (code 1) ID 11 length 159
- (10) eap: EAP session adding &reply:State = 0xff5eb7dafe55ae48
- (10) [eap] = handled
- (10) } # authenticate = handled
- (10) Using Post-Auth-Type Challenge
- (10) Post-Auth-Type sub-section not found. Ignoring.
- (10) # Executing group from file /etc/raddb/sites-enabled/default
- (10) Sent Access-Challenge Id 34 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (10) EAP-Message = 0x010b009f19001603010059020000550301573f503b4304379685ec6099653b0068f74d8a8ccf090a7e1f14238d8758bc4620274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b000403000102140301000101160301003032cc0c1b82dc0810
- (10) Message-Authenticator = 0x00000000000000000000000000000000
- (10) State = 0xff5eb7dafe55ae487301379a9ca9be22
- (10) Finished request
- Waking up in 4.7 seconds.
- (11) Received Access-Request Id 35 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (11) User-Name = "vkratsberg"
- (11) NAS-Port = 358
- (11) State = 0xff5eb7dafe55ae487301379a9ca9be22
- (11) EAP-Message = 0x020b004519800000003b1403010001011603010030eb15c7acac13fe51813143c0d06547c696329b7bd0000b2b3df2b0a1f49e18ebea0c39e574781241429e229d4eb2cd14
- (11) Message-Authenticator = 0x574afcd7bce6663a8af2084dc679d3be
- (11) Acct-Session-Id = "8O2.1x81bb0834000d463c"
- (11) NAS-Port-Id = "ge-3/0/6.0"
- (11) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (11) Called-Station-Id = "ec-3e-f7-68-35-00"
- (11) NAS-IP-Address = 10.8.0.111
- (11) NAS-Identifier = "nyc-access-sw011"
- (11) NAS-Port-Type = Ethernet
- (11) session-state: No cached attributes
- (11) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (11) authorize {
- (11) policy filter_username {
- (11) if (&User-Name) {
- (11) if (&User-Name) -> TRUE
- (11) if (&User-Name) {
- (11) if (&User-Name =~ / /) {
- (11) if (&User-Name =~ / /) -> FALSE
- (11) if (&User-Name =~ /@[^@]*@/ ) {
- (11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (11) if (&User-Name =~ /\.\./ ) {
- (11) if (&User-Name =~ /\.\./ ) -> FALSE
- (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (11) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (11) if (&User-Name =~ /\.$/) {
- (11) if (&User-Name =~ /\.$/) -> FALSE
- (11) if (&User-Name =~ /@\./) {
- (11) if (&User-Name =~ /@\./) -> FALSE
- (11) } # if (&User-Name) = notfound
- (11) } # policy filter_username = notfound
- (11) [preprocess] = ok
- (11) [chap] = noop
- (11) [mschap] = noop
- (11) [digest] = noop
- (11) suffix: Checking for suffix after "@"
- (11) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (11) suffix: No such realm "NULL"
- (11) [suffix] = noop
- (11) eap: Peer sent EAP Response (code 2) ID 11 length 69
- (11) eap: Continuing tunnel setup
- (11) [eap] = ok
- (11) } # authorize = ok
- (11) Found Auth-Type = eap
- (11) # Executing group from file /etc/raddb/sites-enabled/default
- (11) authenticate {
- (11) eap: Expiring EAP session with state 0xff5eb7dafe55ae48
- (11) eap: Finished EAP session with state 0xff5eb7dafe55ae48
- (11) eap: Previous EAP request found for state 0xff5eb7dafe55ae48, released from the list
- (11) eap: Peer sent packet with method EAP PEAP (25)
- (11) eap: Calling submodule eap_peap to process data
- (11) eap_peap: Continuing EAP-TLS
- (11) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (11) eap_peap: Got complete TLS record (59 bytes)
- (11) eap_peap: [eaptls verify] = length included
- (11) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (11) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (11) eap_peap: TLS_accept: SSLv3 read finished A
- (11) eap_peap: (other): SSL negotiation finished successfully
- (11) eap_peap: SSL Connection Established
- (11) eap_peap: SSL Application Data
- (11) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (11) eap_peap: reply:User-Name = "vkratsberg"
- (11) eap_peap: [eaptls process] = success
- (11) eap_peap: Session established. Decoding tunneled attributes
- (11) eap_peap: PEAP state TUNNEL ESTABLISHED
- (11) eap_peap: Skipping Phase2 because of session resumption
- (11) eap_peap: SUCCESS
- (11) eap: Sending EAP Request (code 1) ID 12 length 43
- (11) eap: EAP session adding &reply:State = 0xff5eb7dafd52ae48
- (11) [eap] = handled
- (11) } # authenticate = handled
- (11) Using Post-Auth-Type Challenge
- (11) Post-Auth-Type sub-section not found. Ignoring.
- (11) # Executing group from file /etc/raddb/sites-enabled/default
- (11) Sent Access-Challenge Id 35 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (11) User-Name = "vkratsberg"
- (11) EAP-Message = 0x010c002b190017030100207e0b9d902dcbd5c2d54bb24b929ac75fe36d2378beedeb91a0d3371bf4c67032
- (11) Message-Authenticator = 0x00000000000000000000000000000000
- (11) State = 0xff5eb7dafd52ae487301379a9ca9be22
- (11) Finished request
- Waking up in 4.6 seconds.
- (12) Received Access-Request Id 36 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (12) User-Name = "vkratsberg"
- (12) NAS-Port = 358
- (12) State = 0xff5eb7dafd52ae487301379a9ca9be22
- (12) EAP-Message = 0x020c002b1900170301002022289c2a460245f89da5aa39b27b2f59b2c4ac3c304fba7d2281a4ed8fb3f53a
- (12) Message-Authenticator = 0xc57affe6c10d62293699a9dfc84906aa
- (12) Acct-Session-Id = "8O2.1x81bb0834000d463c"
- (12) NAS-Port-Id = "ge-3/0/6.0"
- (12) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (12) Called-Station-Id = "ec-3e-f7-68-35-00"
- (12) NAS-IP-Address = 10.8.0.111
- (12) NAS-Identifier = "nyc-access-sw011"
- (12) NAS-Port-Type = Ethernet
- (12) session-state: No cached attributes
- (12) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (12) authorize {
- (12) policy filter_username {
- (12) if (&User-Name) {
- (12) if (&User-Name) -> TRUE
- (12) if (&User-Name) {
- (12) if (&User-Name =~ / /) {
- (12) if (&User-Name =~ / /) -> FALSE
- (12) if (&User-Name =~ /@[^@]*@/ ) {
- (12) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (12) if (&User-Name =~ /\.\./ ) {
- (12) if (&User-Name =~ /\.\./ ) -> FALSE
- (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (12) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (12) if (&User-Name =~ /\.$/) {
- (12) if (&User-Name =~ /\.$/) -> FALSE
- (12) if (&User-Name =~ /@\./) {
- (12) if (&User-Name =~ /@\./) -> FALSE
- (12) } # if (&User-Name) = notfound
- (12) } # policy filter_username = notfound
- (12) [preprocess] = ok
- (12) [chap] = noop
- (12) [mschap] = noop
- (12) [digest] = noop
- (12) suffix: Checking for suffix after "@"
- (12) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (12) suffix: No such realm "NULL"
- (12) [suffix] = noop
- (12) eap: Peer sent EAP Response (code 2) ID 12 length 43
- (12) eap: Continuing tunnel setup
- (12) [eap] = ok
- (12) } # authorize = ok
- (12) Found Auth-Type = eap
- (12) # Executing group from file /etc/raddb/sites-enabled/default
- (12) authenticate {
- (12) eap: Expiring EAP session with state 0xff5eb7dafd52ae48
- (12) eap: Finished EAP session with state 0xff5eb7dafd52ae48
- (12) eap: Previous EAP request found for state 0xff5eb7dafd52ae48, released from the list
- (12) eap: Peer sent packet with method EAP PEAP (25)
- (12) eap: Calling submodule eap_peap to process data
- (12) eap_peap: Continuing EAP-TLS
- (12) eap_peap: [eaptls verify] = ok
- (12) eap_peap: Done initial handshake
- (12) eap_peap: [eaptls process] = ok
- (12) eap_peap: Session established. Decoding tunneled attributes
- (12) eap_peap: PEAP state send tlv success
- (12) eap_peap: Received EAP-TLV response
- (12) eap_peap: Success
- (12) eap_peap: No saved attributes in the original Access-Accept
- (12) eap: Sending EAP Success (code 3) ID 12 length 4
- (12) eap: Freeing handler
- (12) [eap] = ok
- (12) } # authenticate = ok
- (12) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (12) post-auth {
- (12) update {
- (12) No attributes updated
- (12) } # update = noop
- (12) [exec] = noop
- (12) policy remove_reply_message_if_eap {
- (12) if (&reply:EAP-Message && &reply:Reply-Message) {
- (12) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (12) else {
- (12) [noop] = noop
- (12) } # else = noop
- (12) } # policy remove_reply_message_if_eap = noop
- (12) } # post-auth = noop
- (12) Sent Access-Accept Id 36 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (12) MS-MPPE-Recv-Key = 0xacea6d652ae6a84bf5c12d64a594fd493472fe569b12c00d6866bcd5b6b90a31
- (12) MS-MPPE-Send-Key = 0x8ea78e81155b6829c61a1f300248920712afca62a0495e8e34d536e3a02b0220
- (12) EAP-Message = 0x030c0004
- (12) Message-Authenticator = 0x00000000000000000000000000000000
- (12) User-Name = "vkratsberg"
- (12) Finished request
- Waking up in 4.6 seconds.
- (13) Received Access-Request Id 37 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (13) User-Name = "vkratsberg"
- (13) NAS-Port = 358
- (13) EAP-Message = 0x020d000f01766b7261747362657267
- (13) Message-Authenticator = 0x952734527243cfbd6546a561adf96273
- (13) Acct-Session-Id = "8O2.1x81bb0835000f11d9"
- (13) NAS-Port-Id = "ge-3/0/6.0"
- (13) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (13) Called-Station-Id = "ec-3e-f7-68-35-00"
- (13) NAS-IP-Address = 10.8.0.111
- (13) NAS-Identifier = "nyc-access-sw011"
- (13) NAS-Port-Type = Ethernet
- (13) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (13) authorize {
- (13) policy filter_username {
- (13) if (&User-Name) {
- (13) if (&User-Name) -> TRUE
- (13) if (&User-Name) {
- (13) if (&User-Name =~ / /) {
- (13) if (&User-Name =~ / /) -> FALSE
- (13) if (&User-Name =~ /@[^@]*@/ ) {
- (13) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (13) if (&User-Name =~ /\.\./ ) {
- (13) if (&User-Name =~ /\.\./ ) -> FALSE
- (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (13) if (&User-Name =~ /\.$/) {
- (13) if (&User-Name =~ /\.$/) -> FALSE
- (13) if (&User-Name =~ /@\./) {
- (13) if (&User-Name =~ /@\./) -> FALSE
- (13) } # if (&User-Name) = notfound
- (13) } # policy filter_username = notfound
- (13) [preprocess] = ok
- (13) [chap] = noop
- (13) [mschap] = noop
- (13) [digest] = noop
- (13) suffix: Checking for suffix after "@"
- (13) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (13) suffix: No such realm "NULL"
- (13) [suffix] = noop
- (13) eap: Peer sent EAP Response (code 2) ID 13 length 15
- (13) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (13) [eap] = ok
- (13) } # authorize = ok
- (13) Found Auth-Type = eap
- (13) # Executing group from file /etc/raddb/sites-enabled/default
- (13) authenticate {
- (13) eap: Peer sent packet with method EAP Identity (1)
- (13) eap: Calling submodule eap_peap to process data
- (13) eap_peap: Initiating new EAP-TLS session
- (13) eap_peap: [eaptls start] = request
- (13) eap: Sending EAP Request (code 1) ID 14 length 6
- (13) eap: EAP session adding &reply:State = 0x26618bcd266f9235
- (13) [eap] = handled
- (13) } # authenticate = handled
- (13) Using Post-Auth-Type Challenge
- (13) Post-Auth-Type sub-section not found. Ignoring.
- (13) # Executing group from file /etc/raddb/sites-enabled/default
- (13) Sent Access-Challenge Id 37 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (13) EAP-Message = 0x010e00061920
- (13) Message-Authenticator = 0x00000000000000000000000000000000
- (13) State = 0x26618bcd266f923516605d9f3eeea377
- (13) Finished request
- Waking up in 4.6 seconds.
- (14) Received Access-Request Id 38 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (14) User-Name = "vkratsberg"
- (14) NAS-Port = 358
- (14) State = 0x26618bcd266f923516605d9f3eeea377
- (14) EAP-Message = 0x020e00a31980000000991603010094010000900301573f503b75dcbdf5e8407b14b446ebd12493f4ab32d92109beebe64bd32ee4eb20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (14) Message-Authenticator = 0xe606b2d206d25f79c88b89db22310750
- (14) Acct-Session-Id = "8O2.1x81bb0835000f11d9"
- (14) NAS-Port-Id = "ge-3/0/6.0"
- (14) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (14) Called-Station-Id = "ec-3e-f7-68-35-00"
- (14) NAS-IP-Address = 10.8.0.111
- (14) NAS-Identifier = "nyc-access-sw011"
- (14) NAS-Port-Type = Ethernet
- (14) session-state: No cached attributes
- (14) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (14) authorize {
- (14) policy filter_username {
- (14) if (&User-Name) {
- (14) if (&User-Name) -> TRUE
- (14) if (&User-Name) {
- (14) if (&User-Name =~ / /) {
- (14) if (&User-Name =~ / /) -> FALSE
- (14) if (&User-Name =~ /@[^@]*@/ ) {
- (14) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (14) if (&User-Name =~ /\.\./ ) {
- (14) if (&User-Name =~ /\.\./ ) -> FALSE
- (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (14) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (14) if (&User-Name =~ /\.$/) {
- (14) if (&User-Name =~ /\.$/) -> FALSE
- (14) if (&User-Name =~ /@\./) {
- (14) if (&User-Name =~ /@\./) -> FALSE
- (14) } # if (&User-Name) = notfound
- (14) } # policy filter_username = notfound
- (14) [preprocess] = ok
- (14) [chap] = noop
- (14) [mschap] = noop
- (14) [digest] = noop
- (14) suffix: Checking for suffix after "@"
- (14) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (14) suffix: No such realm "NULL"
- (14) [suffix] = noop
- (14) eap: Peer sent EAP Response (code 2) ID 14 length 163
- (14) eap: Continuing tunnel setup
- (14) [eap] = ok
- (14) } # authorize = ok
- (14) Found Auth-Type = eap
- (14) # Executing group from file /etc/raddb/sites-enabled/default
- (14) authenticate {
- (14) eap: Expiring EAP session with state 0x26618bcd266f9235
- (14) eap: Finished EAP session with state 0x26618bcd266f9235
- (14) eap: Previous EAP request found for state 0x26618bcd266f9235, released from the list
- (14) eap: Peer sent packet with method EAP PEAP (25)
- (14) eap: Calling submodule eap_peap to process data
- (14) eap_peap: Continuing EAP-TLS
- (14) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (14) eap_peap: Got complete TLS record (153 bytes)
- (14) eap_peap: [eaptls verify] = length included
- (14) eap_peap: (other): before/accept initialization
- (14) eap_peap: TLS_accept: before/accept initialization
- (14) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (14) eap_peap: TLS_accept: SSLv3 read client hello A
- (14) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (14) eap_peap: TLS_accept: SSLv3 write server hello A
- (14) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (14) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (14) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (14) eap_peap: TLS_accept: SSLv3 write finished A
- (14) eap_peap: TLS_accept: SSLv3 flush data
- (14) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (14) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (14) eap_peap: In SSL Handshake Phase
- (14) eap_peap: In SSL Accept mode
- (14) eap_peap: [eaptls process] = handled
- (14) eap: Sending EAP Request (code 1) ID 15 length 159
- (14) eap: EAP session adding &reply:State = 0x26618bcd276e9235
- (14) [eap] = handled
- (14) } # authenticate = handled
- (14) Using Post-Auth-Type Challenge
- (14) Post-Auth-Type sub-section not found. Ignoring.
- (14) # Executing group from file /etc/raddb/sites-enabled/default
- (14) Sent Access-Challenge Id 38 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (14) EAP-Message = 0x010f009f19001603010059020000550301573f503c9136e92fc3f9e43ee6162c8bf9f3d4e10be4cb374b970f93b1b435dd20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100301fde45bd5326ef35
- (14) Message-Authenticator = 0x00000000000000000000000000000000
- (14) State = 0x26618bcd276e923516605d9f3eeea377
- (14) Finished request
- Waking up in 4.6 seconds.
- (15) Received Access-Request Id 39 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (15) User-Name = "vkratsberg"
- (15) NAS-Port = 358
- (15) State = 0x26618bcd276e923516605d9f3eeea377
- (15) EAP-Message = 0x020f004519800000003b1403010001011603010030b7ae8fe61689b77b4a3658c0afd82f4323fda71104ccc22d51d6ac8b98c31b90f40c21d9ea07abaf3e211effcb54f23c
- (15) Message-Authenticator = 0x372a774207028f49541dbd1a39239f93
- (15) Acct-Session-Id = "8O2.1x81bb0835000f11d9"
- (15) NAS-Port-Id = "ge-3/0/6.0"
- (15) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (15) Called-Station-Id = "ec-3e-f7-68-35-00"
- (15) NAS-IP-Address = 10.8.0.111
- (15) NAS-Identifier = "nyc-access-sw011"
- (15) NAS-Port-Type = Ethernet
- (15) session-state: No cached attributes
- (15) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (15) authorize {
- (15) policy filter_username {
- (15) if (&User-Name) {
- (15) if (&User-Name) -> TRUE
- (15) if (&User-Name) {
- (15) if (&User-Name =~ / /) {
- (15) if (&User-Name =~ / /) -> FALSE
- (15) if (&User-Name =~ /@[^@]*@/ ) {
- (15) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (15) if (&User-Name =~ /\.\./ ) {
- (15) if (&User-Name =~ /\.\./ ) -> FALSE
- (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (15) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (15) if (&User-Name =~ /\.$/) {
- (15) if (&User-Name =~ /\.$/) -> FALSE
- (15) if (&User-Name =~ /@\./) {
- (15) if (&User-Name =~ /@\./) -> FALSE
- (15) } # if (&User-Name) = notfound
- (15) } # policy filter_username = notfound
- (15) [preprocess] = ok
- (15) [chap] = noop
- (15) [mschap] = noop
- (15) [digest] = noop
- (15) suffix: Checking for suffix after "@"
- (15) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (15) suffix: No such realm "NULL"
- (15) [suffix] = noop
- (15) eap: Peer sent EAP Response (code 2) ID 15 length 69
- (15) eap: Continuing tunnel setup
- (15) [eap] = ok
- (15) } # authorize = ok
- (15) Found Auth-Type = eap
- (15) # Executing group from file /etc/raddb/sites-enabled/default
- (15) authenticate {
- (15) eap: Expiring EAP session with state 0x26618bcd276e9235
- (15) eap: Finished EAP session with state 0x26618bcd276e9235
- (15) eap: Previous EAP request found for state 0x26618bcd276e9235, released from the list
- (15) eap: Peer sent packet with method EAP PEAP (25)
- (15) eap: Calling submodule eap_peap to process data
- (15) eap_peap: Continuing EAP-TLS
- (15) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (15) eap_peap: Got complete TLS record (59 bytes)
- (15) eap_peap: [eaptls verify] = length included
- (15) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (15) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (15) eap_peap: TLS_accept: SSLv3 read finished A
- (15) eap_peap: (other): SSL negotiation finished successfully
- (15) eap_peap: SSL Connection Established
- (15) eap_peap: SSL Application Data
- (15) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (15) eap_peap: reply:User-Name = "vkratsberg"
- (15) eap_peap: [eaptls process] = success
- (15) eap_peap: Session established. Decoding tunneled attributes
- (15) eap_peap: PEAP state TUNNEL ESTABLISHED
- (15) eap_peap: Skipping Phase2 because of session resumption
- (15) eap_peap: SUCCESS
- (15) eap: Sending EAP Request (code 1) ID 16 length 43
- (15) eap: EAP session adding &reply:State = 0x26618bcd24719235
- (15) [eap] = handled
- (15) } # authenticate = handled
- (15) Using Post-Auth-Type Challenge
- (15) Post-Auth-Type sub-section not found. Ignoring.
- (15) # Executing group from file /etc/raddb/sites-enabled/default
- (15) Sent Access-Challenge Id 39 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (15) User-Name = "vkratsberg"
- (15) EAP-Message = 0x0110002b1900170301002085dbffa366f779588005dd4b7d201b68d8d89de6801d916d5f5b5c405d83cfb0
- (15) Message-Authenticator = 0x00000000000000000000000000000000
- (15) State = 0x26618bcd2471923516605d9f3eeea377
- (15) Finished request
- Waking up in 4.6 seconds.
- (16) Received Access-Request Id 40 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (16) User-Name = "vkratsberg"
- (16) NAS-Port = 358
- (16) State = 0x26618bcd2471923516605d9f3eeea377
- (16) EAP-Message = 0x0210002b19001703010020e2ff6a74247bba6af9a2fed43f2b4cb2cd826d60445189d46df228c2cfcc0aad
- (16) Message-Authenticator = 0xf43b7ee5c1648a87e1a1dbe1419b42f4
- (16) Acct-Session-Id = "8O2.1x81bb0835000f11d9"
- (16) NAS-Port-Id = "ge-3/0/6.0"
- (16) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (16) Called-Station-Id = "ec-3e-f7-68-35-00"
- (16) NAS-IP-Address = 10.8.0.111
- (16) NAS-Identifier = "nyc-access-sw011"
- (16) NAS-Port-Type = Ethernet
- (16) session-state: No cached attributes
- (16) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (16) authorize {
- (16) policy filter_username {
- (16) if (&User-Name) {
- (16) if (&User-Name) -> TRUE
- (16) if (&User-Name) {
- (16) if (&User-Name =~ / /) {
- (16) if (&User-Name =~ / /) -> FALSE
- (16) if (&User-Name =~ /@[^@]*@/ ) {
- (16) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (16) if (&User-Name =~ /\.\./ ) {
- (16) if (&User-Name =~ /\.\./ ) -> FALSE
- (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (16) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (16) if (&User-Name =~ /\.$/) {
- (16) if (&User-Name =~ /\.$/) -> FALSE
- (16) if (&User-Name =~ /@\./) {
- (16) if (&User-Name =~ /@\./) -> FALSE
- (16) } # if (&User-Name) = notfound
- (16) } # policy filter_username = notfound
- (16) [preprocess] = ok
- (16) [chap] = noop
- (16) [mschap] = noop
- (16) [digest] = noop
- (16) suffix: Checking for suffix after "@"
- (16) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (16) suffix: No such realm "NULL"
- (16) [suffix] = noop
- (16) eap: Peer sent EAP Response (code 2) ID 16 length 43
- (16) eap: Continuing tunnel setup
- (16) [eap] = ok
- (16) } # authorize = ok
- (16) Found Auth-Type = eap
- (16) # Executing group from file /etc/raddb/sites-enabled/default
- (16) authenticate {
- (16) eap: Expiring EAP session with state 0x26618bcd24719235
- (16) eap: Finished EAP session with state 0x26618bcd24719235
- (16) eap: Previous EAP request found for state 0x26618bcd24719235, released from the list
- (16) eap: Peer sent packet with method EAP PEAP (25)
- (16) eap: Calling submodule eap_peap to process data
- (16) eap_peap: Continuing EAP-TLS
- (16) eap_peap: [eaptls verify] = ok
- (16) eap_peap: Done initial handshake
- (16) eap_peap: [eaptls process] = ok
- (16) eap_peap: Session established. Decoding tunneled attributes
- (16) eap_peap: PEAP state send tlv success
- (16) eap_peap: Received EAP-TLV response
- (16) eap_peap: Success
- (16) eap_peap: No saved attributes in the original Access-Accept
- (16) eap: Sending EAP Success (code 3) ID 16 length 4
- (16) eap: Freeing handler
- (16) [eap] = ok
- (16) } # authenticate = ok
- (16) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (16) post-auth {
- (16) update {
- (16) No attributes updated
- (16) } # update = noop
- (16) [exec] = noop
- (16) policy remove_reply_message_if_eap {
- (16) if (&reply:EAP-Message && &reply:Reply-Message) {
- (16) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (16) else {
- (16) [noop] = noop
- (16) } # else = noop
- (16) } # policy remove_reply_message_if_eap = noop
- (16) } # post-auth = noop
- (16) Sent Access-Accept Id 40 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (16) MS-MPPE-Recv-Key = 0xb37843922152b87f0e914541087625b93dcd5e5740689f9682179b71b002ff18
- (16) MS-MPPE-Send-Key = 0xfc3e3438cec67720d650c4c50a0c4d9af364f139f94b0656b23101d08792e000
- (16) EAP-Message = 0x03100004
- (16) Message-Authenticator = 0x00000000000000000000000000000000
- (16) User-Name = "vkratsberg"
- (16) Finished request
- Waking up in 4.5 seconds.
- (17) Received Access-Request Id 41 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (17) User-Name = "vkratsberg"
- (17) NAS-Port = 358
- (17) EAP-Message = 0x0211000f01766b7261747362657267
- (17) Message-Authenticator = 0xaf47ff61070316122f178c7d57309b01
- (17) Acct-Session-Id = "8O2.1x81bb083600016d65"
- (17) NAS-Port-Id = "ge-3/0/6.0"
- (17) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (17) Called-Station-Id = "ec-3e-f7-68-35-00"
- (17) NAS-IP-Address = 10.8.0.111
- (17) NAS-Identifier = "nyc-access-sw011"
- (17) NAS-Port-Type = Ethernet
- (17) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (17) authorize {
- (17) policy filter_username {
- (17) if (&User-Name) {
- (17) if (&User-Name) -> TRUE
- (17) if (&User-Name) {
- (17) if (&User-Name =~ / /) {
- (17) if (&User-Name =~ / /) -> FALSE
- (17) if (&User-Name =~ /@[^@]*@/ ) {
- (17) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (17) if (&User-Name =~ /\.\./ ) {
- (17) if (&User-Name =~ /\.\./ ) -> FALSE
- (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (17) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (17) if (&User-Name =~ /\.$/) {
- (17) if (&User-Name =~ /\.$/) -> FALSE
- (17) if (&User-Name =~ /@\./) {
- (17) if (&User-Name =~ /@\./) -> FALSE
- (17) } # if (&User-Name) = notfound
- (17) } # policy filter_username = notfound
- (17) [preprocess] = ok
- (17) [chap] = noop
- (17) [mschap] = noop
- (17) [digest] = noop
- (17) suffix: Checking for suffix after "@"
- (17) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (17) suffix: No such realm "NULL"
- (17) [suffix] = noop
- (17) eap: Peer sent EAP Response (code 2) ID 17 length 15
- (17) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (17) [eap] = ok
- (17) } # authorize = ok
- (17) Found Auth-Type = eap
- (17) # Executing group from file /etc/raddb/sites-enabled/default
- (17) authenticate {
- (17) eap: Peer sent packet with method EAP Identity (1)
- (17) eap: Calling submodule eap_peap to process data
- (17) eap_peap: Initiating new EAP-TLS session
- (17) eap_peap: [eaptls start] = request
- (17) eap: Sending EAP Request (code 1) ID 18 length 6
- (17) eap: EAP session adding &reply:State = 0xb39207a0b3801e2a
- (17) [eap] = handled
- (17) } # authenticate = handled
- (17) Using Post-Auth-Type Challenge
- (17) Post-Auth-Type sub-section not found. Ignoring.
- (17) # Executing group from file /etc/raddb/sites-enabled/default
- (17) Sent Access-Challenge Id 41 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (17) EAP-Message = 0x011200061920
- (17) Message-Authenticator = 0x00000000000000000000000000000000
- (17) State = 0xb39207a0b3801e2a011379ad3521b636
- (17) Finished request
- Waking up in 4.5 seconds.
- (18) Received Access-Request Id 42 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (18) User-Name = "vkratsberg"
- (18) NAS-Port = 358
- (18) State = 0xb39207a0b3801e2a011379ad3521b636
- (18) EAP-Message = 0x021200a31980000000991603010094010000900301573f503cbbd8a0ee36cd04f3db966e474e1c5f78547edde60d426dd74043300220274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (18) Message-Authenticator = 0xa0e2b848c94a0d8e82752b359d4b89cc
- (18) Acct-Session-Id = "8O2.1x81bb083600016d65"
- (18) NAS-Port-Id = "ge-3/0/6.0"
- (18) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (18) Called-Station-Id = "ec-3e-f7-68-35-00"
- (18) NAS-IP-Address = 10.8.0.111
- (18) NAS-Identifier = "nyc-access-sw011"
- (18) NAS-Port-Type = Ethernet
- (18) session-state: No cached attributes
- (18) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (18) authorize {
- (18) policy filter_username {
- (18) if (&User-Name) {
- (18) if (&User-Name) -> TRUE
- (18) if (&User-Name) {
- (18) if (&User-Name =~ / /) {
- (18) if (&User-Name =~ / /) -> FALSE
- (18) if (&User-Name =~ /@[^@]*@/ ) {
- (18) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (18) if (&User-Name =~ /\.\./ ) {
- (18) if (&User-Name =~ /\.\./ ) -> FALSE
- (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (18) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (18) if (&User-Name =~ /\.$/) {
- (18) if (&User-Name =~ /\.$/) -> FALSE
- (18) if (&User-Name =~ /@\./) {
- (18) if (&User-Name =~ /@\./) -> FALSE
- (18) } # if (&User-Name) = notfound
- (18) } # policy filter_username = notfound
- (18) [preprocess] = ok
- (18) [chap] = noop
- (18) [mschap] = noop
- (18) [digest] = noop
- (18) suffix: Checking for suffix after "@"
- (18) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (18) suffix: No such realm "NULL"
- (18) [suffix] = noop
- (18) eap: Peer sent EAP Response (code 2) ID 18 length 163
- (18) eap: Continuing tunnel setup
- (18) [eap] = ok
- (18) } # authorize = ok
- (18) Found Auth-Type = eap
- (18) # Executing group from file /etc/raddb/sites-enabled/default
- (18) authenticate {
- (18) eap: Expiring EAP session with state 0xb39207a0b3801e2a
- (18) eap: Finished EAP session with state 0xb39207a0b3801e2a
- (18) eap: Previous EAP request found for state 0xb39207a0b3801e2a, released from the list
- (18) eap: Peer sent packet with method EAP PEAP (25)
- (18) eap: Calling submodule eap_peap to process data
- (18) eap_peap: Continuing EAP-TLS
- (18) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (18) eap_peap: Got complete TLS record (153 bytes)
- (18) eap_peap: [eaptls verify] = length included
- (18) eap_peap: (other): before/accept initialization
- (18) eap_peap: TLS_accept: before/accept initialization
- (18) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (18) eap_peap: TLS_accept: SSLv3 read client hello A
- (18) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (18) eap_peap: TLS_accept: SSLv3 write server hello A
- (18) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (18) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (18) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (18) eap_peap: TLS_accept: SSLv3 write finished A
- (18) eap_peap: TLS_accept: SSLv3 flush data
- (18) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (18) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (18) eap_peap: In SSL Handshake Phase
- (18) eap_peap: In SSL Accept mode
- (18) eap_peap: [eaptls process] = handled
- (18) eap: Sending EAP Request (code 1) ID 19 length 159
- (18) eap: EAP session adding &reply:State = 0xb39207a0b2811e2a
- (18) [eap] = handled
- (18) } # authenticate = handled
- (18) Using Post-Auth-Type Challenge
- (18) Post-Auth-Type sub-section not found. Ignoring.
- (18) # Executing group from file /etc/raddb/sites-enabled/default
- (18) Sent Access-Challenge Id 42 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (18) EAP-Message = 0x0113009f19001603010059020000550301573f503c2f02924b0bbafcca7da7cd7645f6884ea9f384a121d218c64059e21d20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100302e877ea111677204
- (18) Message-Authenticator = 0x00000000000000000000000000000000
- (18) State = 0xb39207a0b2811e2a011379ad3521b636
- (18) Finished request
- Waking up in 4.5 seconds.
- (19) Received Access-Request Id 43 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (19) User-Name = "vkratsberg"
- (19) NAS-Port = 358
- (19) State = 0xb39207a0b2811e2a011379ad3521b636
- (19) EAP-Message = 0x0213004519800000003b1403010001011603010030a0d1d68d735b6441f2e4c188ec0c6b4b314fa067016b07386f6f4d18f7162551ebc9fbf72229672dab036f01af615d15
- (19) Message-Authenticator = 0xd3dfac0d9295676c54e513b79ed46806
- (19) Acct-Session-Id = "8O2.1x81bb083600016d65"
- (19) NAS-Port-Id = "ge-3/0/6.0"
- (19) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (19) Called-Station-Id = "ec-3e-f7-68-35-00"
- (19) NAS-IP-Address = 10.8.0.111
- (19) NAS-Identifier = "nyc-access-sw011"
- (19) NAS-Port-Type = Ethernet
- (19) session-state: No cached attributes
- (19) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (19) authorize {
- (19) policy filter_username {
- (19) if (&User-Name) {
- (19) if (&User-Name) -> TRUE
- (19) if (&User-Name) {
- (19) if (&User-Name =~ / /) {
- (19) if (&User-Name =~ / /) -> FALSE
- (19) if (&User-Name =~ /@[^@]*@/ ) {
- (19) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (19) if (&User-Name =~ /\.\./ ) {
- (19) if (&User-Name =~ /\.\./ ) -> FALSE
- (19) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (19) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (19) if (&User-Name =~ /\.$/) {
- (19) if (&User-Name =~ /\.$/) -> FALSE
- (19) if (&User-Name =~ /@\./) {
- (19) if (&User-Name =~ /@\./) -> FALSE
- (19) } # if (&User-Name) = notfound
- (19) } # policy filter_username = notfound
- (19) [preprocess] = ok
- (19) [chap] = noop
- (19) [mschap] = noop
- (19) [digest] = noop
- (19) suffix: Checking for suffix after "@"
- (19) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (19) suffix: No such realm "NULL"
- (19) [suffix] = noop
- (19) eap: Peer sent EAP Response (code 2) ID 19 length 69
- (19) eap: Continuing tunnel setup
- (19) [eap] = ok
- (19) } # authorize = ok
- (19) Found Auth-Type = eap
- (19) # Executing group from file /etc/raddb/sites-enabled/default
- (19) authenticate {
- (19) eap: Expiring EAP session with state 0xb39207a0b2811e2a
- (19) eap: Finished EAP session with state 0xb39207a0b2811e2a
- (19) eap: Previous EAP request found for state 0xb39207a0b2811e2a, released from the list
- (19) eap: Peer sent packet with method EAP PEAP (25)
- (19) eap: Calling submodule eap_peap to process data
- (19) eap_peap: Continuing EAP-TLS
- (19) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (19) eap_peap: Got complete TLS record (59 bytes)
- (19) eap_peap: [eaptls verify] = length included
- (19) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (19) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (19) eap_peap: TLS_accept: SSLv3 read finished A
- (19) eap_peap: (other): SSL negotiation finished successfully
- (19) eap_peap: SSL Connection Established
- (19) eap_peap: SSL Application Data
- (19) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (19) eap_peap: reply:User-Name = "vkratsberg"
- (19) eap_peap: [eaptls process] = success
- (19) eap_peap: Session established. Decoding tunneled attributes
- (19) eap_peap: PEAP state TUNNEL ESTABLISHED
- (19) eap_peap: Skipping Phase2 because of session resumption
- (19) eap_peap: SUCCESS
- (19) eap: Sending EAP Request (code 1) ID 20 length 43
- (19) eap: EAP session adding &reply:State = 0xb39207a0b1861e2a
- (19) [eap] = handled
- (19) } # authenticate = handled
- (19) Using Post-Auth-Type Challenge
- (19) Post-Auth-Type sub-section not found. Ignoring.
- (19) # Executing group from file /etc/raddb/sites-enabled/default
- (19) Sent Access-Challenge Id 43 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (19) User-Name = "vkratsberg"
- (19) EAP-Message = 0x0114002b19001703010020f77150dc6e96abc919b834ce5570211eea57fd1a6c2202dc1fe0c6ec63911e53
- (19) Message-Authenticator = 0x00000000000000000000000000000000
- (19) State = 0xb39207a0b1861e2a011379ad3521b636
- (19) Finished request
- Waking up in 4.5 seconds.
- (20) Received Access-Request Id 44 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (20) User-Name = "vkratsberg"
- (20) NAS-Port = 358
- (20) State = 0xb39207a0b1861e2a011379ad3521b636
- (20) EAP-Message = 0x0214002b19001703010020e060b4e4405d6a1d0a6bb11d2eb2a3b7f953faecf3f9a1f9da5a20c8a76cbab3
- (20) Message-Authenticator = 0x544f4a0fd071a8db891b947df6126280
- (20) Acct-Session-Id = "8O2.1x81bb083600016d65"
- (20) NAS-Port-Id = "ge-3/0/6.0"
- (20) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (20) Called-Station-Id = "ec-3e-f7-68-35-00"
- (20) NAS-IP-Address = 10.8.0.111
- (20) NAS-Identifier = "nyc-access-sw011"
- (20) NAS-Port-Type = Ethernet
- (20) session-state: No cached attributes
- (20) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (20) authorize {
- (20) policy filter_username {
- (20) if (&User-Name) {
- (20) if (&User-Name) -> TRUE
- (20) if (&User-Name) {
- (20) if (&User-Name =~ / /) {
- (20) if (&User-Name =~ / /) -> FALSE
- (20) if (&User-Name =~ /@[^@]*@/ ) {
- (20) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (20) if (&User-Name =~ /\.\./ ) {
- (20) if (&User-Name =~ /\.\./ ) -> FALSE
- (20) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (20) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (20) if (&User-Name =~ /\.$/) {
- (20) if (&User-Name =~ /\.$/) -> FALSE
- (20) if (&User-Name =~ /@\./) {
- (20) if (&User-Name =~ /@\./) -> FALSE
- (20) } # if (&User-Name) = notfound
- (20) } # policy filter_username = notfound
- (20) [preprocess] = ok
- (20) [chap] = noop
- (20) [mschap] = noop
- (20) [digest] = noop
- (20) suffix: Checking for suffix after "@"
- (20) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (20) suffix: No such realm "NULL"
- (20) [suffix] = noop
- (20) eap: Peer sent EAP Response (code 2) ID 20 length 43
- (20) eap: Continuing tunnel setup
- (20) [eap] = ok
- (20) } # authorize = ok
- (20) Found Auth-Type = eap
- (20) # Executing group from file /etc/raddb/sites-enabled/default
- (20) authenticate {
- (20) eap: Expiring EAP session with state 0xb39207a0b1861e2a
- (20) eap: Finished EAP session with state 0xb39207a0b1861e2a
- (20) eap: Previous EAP request found for state 0xb39207a0b1861e2a, released from the list
- (20) eap: Peer sent packet with method EAP PEAP (25)
- (20) eap: Calling submodule eap_peap to process data
- (20) eap_peap: Continuing EAP-TLS
- (20) eap_peap: [eaptls verify] = ok
- (20) eap_peap: Done initial handshake
- (20) eap_peap: [eaptls process] = ok
- (20) eap_peap: Session established. Decoding tunneled attributes
- (20) eap_peap: PEAP state send tlv success
- (20) eap_peap: Received EAP-TLV response
- (20) eap_peap: Success
- (20) eap_peap: No saved attributes in the original Access-Accept
- (20) eap: Sending EAP Success (code 3) ID 20 length 4
- (20) eap: Freeing handler
- (20) [eap] = ok
- (20) } # authenticate = ok
- (20) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (20) post-auth {
- (20) update {
- (20) No attributes updated
- (20) } # update = noop
- (20) [exec] = noop
- (20) policy remove_reply_message_if_eap {
- (20) if (&reply:EAP-Message && &reply:Reply-Message) {
- (20) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (20) else {
- (20) [noop] = noop
- (20) } # else = noop
- (20) } # policy remove_reply_message_if_eap = noop
- (20) } # post-auth = noop
- (20) Sent Access-Accept Id 44 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (20) MS-MPPE-Recv-Key = 0x7801e06f0d7cc38ceaca44a5656faa113d30a756f7a520d8496045735333cfaf
- (20) MS-MPPE-Send-Key = 0x903c3dec90ad820c5df923606382ea30e0126f5a4a60c4d8a21784287489a313
- (20) EAP-Message = 0x03140004
- (20) Message-Authenticator = 0x00000000000000000000000000000000
- (20) User-Name = "vkratsberg"
- (20) Finished request
- Waking up in 4.5 seconds.
- (21) Received Access-Request Id 45 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (21) User-Name = "vkratsberg"
- (21) NAS-Port = 358
- (21) EAP-Message = 0x0215000f01766b7261747362657267
- (21) Message-Authenticator = 0x4d85d22f70c3d57308e0d09c00c96d6e
- (21) Acct-Session-Id = "8O2.1x81bb083700030d56"
- (21) NAS-Port-Id = "ge-3/0/6.0"
- (21) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (21) Called-Station-Id = "ec-3e-f7-68-35-00"
- (21) NAS-IP-Address = 10.8.0.111
- (21) NAS-Identifier = "nyc-access-sw011"
- (21) NAS-Port-Type = Ethernet
- (21) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (21) authorize {
- (21) policy filter_username {
- (21) if (&User-Name) {
- (21) if (&User-Name) -> TRUE
- (21) if (&User-Name) {
- (21) if (&User-Name =~ / /) {
- (21) if (&User-Name =~ / /) -> FALSE
- (21) if (&User-Name =~ /@[^@]*@/ ) {
- (21) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (21) if (&User-Name =~ /\.\./ ) {
- (21) if (&User-Name =~ /\.\./ ) -> FALSE
- (21) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (21) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (21) if (&User-Name =~ /\.$/) {
- (21) if (&User-Name =~ /\.$/) -> FALSE
- (21) if (&User-Name =~ /@\./) {
- (21) if (&User-Name =~ /@\./) -> FALSE
- (21) } # if (&User-Name) = notfound
- (21) } # policy filter_username = notfound
- (21) [preprocess] = ok
- (21) [chap] = noop
- (21) [mschap] = noop
- (21) [digest] = noop
- (21) suffix: Checking for suffix after "@"
- (21) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (21) suffix: No such realm "NULL"
- (21) [suffix] = noop
- (21) eap: Peer sent EAP Response (code 2) ID 21 length 15
- (21) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (21) [eap] = ok
- (21) } # authorize = ok
- (21) Found Auth-Type = eap
- (21) # Executing group from file /etc/raddb/sites-enabled/default
- (21) authenticate {
- (21) eap: Peer sent packet with method EAP Identity (1)
- (21) eap: Calling submodule eap_peap to process data
- (21) eap_peap: Initiating new EAP-TLS session
- (21) eap_peap: [eaptls start] = request
- (21) eap: Sending EAP Request (code 1) ID 22 length 6
- (21) eap: EAP session adding &reply:State = 0x2012cb732004d292
- (21) [eap] = handled
- (21) } # authenticate = handled
- (21) Using Post-Auth-Type Challenge
- (21) Post-Auth-Type sub-section not found. Ignoring.
- (21) # Executing group from file /etc/raddb/sites-enabled/default
- (21) Sent Access-Challenge Id 45 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (21) EAP-Message = 0x011600061920
- (21) Message-Authenticator = 0x00000000000000000000000000000000
- (21) State = 0x2012cb732004d2927e836bead5e0c8c4
- (21) Finished request
- Waking up in 4.4 seconds.
- (22) Received Access-Request Id 46 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (22) User-Name = "vkratsberg"
- (22) NAS-Port = 358
- (22) State = 0x2012cb732004d2927e836bead5e0c8c4
- (22) EAP-Message = 0x021600a31980000000991603010094010000900301573f503c4b7d60335d93869a9b4670ebe85b598fa9f9cd8e7197fd0ad859674720274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (22) Message-Authenticator = 0xbedbeaefcb335fdb0249ba64615c83f9
- (22) Acct-Session-Id = "8O2.1x81bb083700030d56"
- (22) NAS-Port-Id = "ge-3/0/6.0"
- (22) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (22) Called-Station-Id = "ec-3e-f7-68-35-00"
- (22) NAS-IP-Address = 10.8.0.111
- (22) NAS-Identifier = "nyc-access-sw011"
- (22) NAS-Port-Type = Ethernet
- (22) session-state: No cached attributes
- (22) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (22) authorize {
- (22) policy filter_username {
- (22) if (&User-Name) {
- (22) if (&User-Name) -> TRUE
- (22) if (&User-Name) {
- (22) if (&User-Name =~ / /) {
- (22) if (&User-Name =~ / /) -> FALSE
- (22) if (&User-Name =~ /@[^@]*@/ ) {
- (22) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (22) if (&User-Name =~ /\.\./ ) {
- (22) if (&User-Name =~ /\.\./ ) -> FALSE
- (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (22) if (&User-Name =~ /\.$/) {
- (22) if (&User-Name =~ /\.$/) -> FALSE
- (22) if (&User-Name =~ /@\./) {
- (22) if (&User-Name =~ /@\./) -> FALSE
- (22) } # if (&User-Name) = notfound
- (22) } # policy filter_username = notfound
- (22) [preprocess] = ok
- (22) [chap] = noop
- (22) [mschap] = noop
- (22) [digest] = noop
- (22) suffix: Checking for suffix after "@"
- (22) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (22) suffix: No such realm "NULL"
- (22) [suffix] = noop
- (22) eap: Peer sent EAP Response (code 2) ID 22 length 163
- (22) eap: Continuing tunnel setup
- (22) [eap] = ok
- (22) } # authorize = ok
- (22) Found Auth-Type = eap
- (22) # Executing group from file /etc/raddb/sites-enabled/default
- (22) authenticate {
- (22) eap: Expiring EAP session with state 0x2012cb732004d292
- (22) eap: Finished EAP session with state 0x2012cb732004d292
- (22) eap: Previous EAP request found for state 0x2012cb732004d292, released from the list
- (22) eap: Peer sent packet with method EAP PEAP (25)
- (22) eap: Calling submodule eap_peap to process data
- (22) eap_peap: Continuing EAP-TLS
- (22) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (22) eap_peap: Got complete TLS record (153 bytes)
- (22) eap_peap: [eaptls verify] = length included
- (22) eap_peap: (other): before/accept initialization
- (22) eap_peap: TLS_accept: before/accept initialization
- (22) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (22) eap_peap: TLS_accept: SSLv3 read client hello A
- (22) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (22) eap_peap: TLS_accept: SSLv3 write server hello A
- (22) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (22) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (22) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (22) eap_peap: TLS_accept: SSLv3 write finished A
- (22) eap_peap: TLS_accept: SSLv3 flush data
- (22) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (22) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (22) eap_peap: In SSL Handshake Phase
- (22) eap_peap: In SSL Accept mode
- (22) eap_peap: [eaptls process] = handled
- (22) eap: Sending EAP Request (code 1) ID 23 length 159
- (22) eap: EAP session adding &reply:State = 0x2012cb732105d292
- (22) [eap] = handled
- (22) } # authenticate = handled
- (22) Using Post-Auth-Type Challenge
- (22) Post-Auth-Type sub-section not found. Ignoring.
- (22) # Executing group from file /etc/raddb/sites-enabled/default
- (22) Sent Access-Challenge Id 46 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (22) EAP-Message = 0x0117009f19001603010059020000550301573f503cf400ef23bf4b215717b6651caf0d958b1ebc3c58314af15abd2c2d0d20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b000403000102140301000101160301003066bc2566f634095d
- (22) Message-Authenticator = 0x00000000000000000000000000000000
- (22) State = 0x2012cb732105d2927e836bead5e0c8c4
- (22) Finished request
- Waking up in 4.4 seconds.
- (23) Received Access-Request Id 47 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (23) User-Name = "vkratsberg"
- (23) NAS-Port = 358
- (23) State = 0x2012cb732105d2927e836bead5e0c8c4
- (23) EAP-Message = 0x0217004519800000003b1403010001011603010030f893d1847c1685bccedb8ca82dd6e43481f0d3fbe044738308e314b3f08f38b69babba329df2954c1d4f723ebcc94d7d
- (23) Message-Authenticator = 0xfbc7cb255718d831adacd500785e91f9
- (23) Acct-Session-Id = "8O2.1x81bb083700030d56"
- (23) NAS-Port-Id = "ge-3/0/6.0"
- (23) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (23) Called-Station-Id = "ec-3e-f7-68-35-00"
- (23) NAS-IP-Address = 10.8.0.111
- (23) NAS-Identifier = "nyc-access-sw011"
- (23) NAS-Port-Type = Ethernet
- (23) session-state: No cached attributes
- (23) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (23) authorize {
- (23) policy filter_username {
- (23) if (&User-Name) {
- (23) if (&User-Name) -> TRUE
- (23) if (&User-Name) {
- (23) if (&User-Name =~ / /) {
- (23) if (&User-Name =~ / /) -> FALSE
- (23) if (&User-Name =~ /@[^@]*@/ ) {
- (23) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (23) if (&User-Name =~ /\.\./ ) {
- (23) if (&User-Name =~ /\.\./ ) -> FALSE
- (23) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (23) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (23) if (&User-Name =~ /\.$/) {
- (23) if (&User-Name =~ /\.$/) -> FALSE
- (23) if (&User-Name =~ /@\./) {
- (23) if (&User-Name =~ /@\./) -> FALSE
- (23) } # if (&User-Name) = notfound
- (23) } # policy filter_username = notfound
- (23) [preprocess] = ok
- (23) [chap] = noop
- (23) [mschap] = noop
- (23) [digest] = noop
- (23) suffix: Checking for suffix after "@"
- (23) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (23) suffix: No such realm "NULL"
- (23) [suffix] = noop
- (23) eap: Peer sent EAP Response (code 2) ID 23 length 69
- (23) eap: Continuing tunnel setup
- (23) [eap] = ok
- (23) } # authorize = ok
- (23) Found Auth-Type = eap
- (23) # Executing group from file /etc/raddb/sites-enabled/default
- (23) authenticate {
- (23) eap: Expiring EAP session with state 0x2012cb732105d292
- (23) eap: Finished EAP session with state 0x2012cb732105d292
- (23) eap: Previous EAP request found for state 0x2012cb732105d292, released from the list
- (23) eap: Peer sent packet with method EAP PEAP (25)
- (23) eap: Calling submodule eap_peap to process data
- (23) eap_peap: Continuing EAP-TLS
- (23) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (23) eap_peap: Got complete TLS record (59 bytes)
- (23) eap_peap: [eaptls verify] = length included
- (23) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (23) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (23) eap_peap: TLS_accept: SSLv3 read finished A
- (23) eap_peap: (other): SSL negotiation finished successfully
- (23) eap_peap: SSL Connection Established
- (23) eap_peap: SSL Application Data
- (23) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (23) eap_peap: reply:User-Name = "vkratsberg"
- (23) eap_peap: [eaptls process] = success
- (23) eap_peap: Session established. Decoding tunneled attributes
- (23) eap_peap: PEAP state TUNNEL ESTABLISHED
- (23) eap_peap: Skipping Phase2 because of session resumption
- (23) eap_peap: SUCCESS
- (23) eap: Sending EAP Request (code 1) ID 24 length 43
- (23) eap: EAP session adding &reply:State = 0x2012cb73220ad292
- (23) [eap] = handled
- (23) } # authenticate = handled
- (23) Using Post-Auth-Type Challenge
- (23) Post-Auth-Type sub-section not found. Ignoring.
- (23) # Executing group from file /etc/raddb/sites-enabled/default
- (23) Sent Access-Challenge Id 47 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (23) User-Name = "vkratsberg"
- (23) EAP-Message = 0x0118002b19001703010020f262c4073c7ab9286300128b95df917341657b07d69cf8fb5bfe518f8625cc77
- (23) Message-Authenticator = 0x00000000000000000000000000000000
- (23) State = 0x2012cb73220ad2927e836bead5e0c8c4
- (23) Finished request
- Waking up in 4.4 seconds.
- (24) Received Access-Request Id 48 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (24) User-Name = "vkratsberg"
- (24) NAS-Port = 358
- (24) State = 0x2012cb73220ad2927e836bead5e0c8c4
- (24) EAP-Message = 0x0218002b19001703010020722c1b71428e39e81322b12a0833635c95c0b553f0dde8c212668148fc61252a
- (24) Message-Authenticator = 0xa410cb7e19aa9dd7efdb98ffc6faa653
- (24) Acct-Session-Id = "8O2.1x81bb083700030d56"
- (24) NAS-Port-Id = "ge-3/0/6.0"
- (24) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (24) Called-Station-Id = "ec-3e-f7-68-35-00"
- (24) NAS-IP-Address = 10.8.0.111
- (24) NAS-Identifier = "nyc-access-sw011"
- (24) NAS-Port-Type = Ethernet
- (24) session-state: No cached attributes
- (24) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (24) authorize {
- (24) policy filter_username {
- (24) if (&User-Name) {
- (24) if (&User-Name) -> TRUE
- (24) if (&User-Name) {
- (24) if (&User-Name =~ / /) {
- (24) if (&User-Name =~ / /) -> FALSE
- (24) if (&User-Name =~ /@[^@]*@/ ) {
- (24) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (24) if (&User-Name =~ /\.\./ ) {
- (24) if (&User-Name =~ /\.\./ ) -> FALSE
- (24) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (24) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (24) if (&User-Name =~ /\.$/) {
- (24) if (&User-Name =~ /\.$/) -> FALSE
- (24) if (&User-Name =~ /@\./) {
- (24) if (&User-Name =~ /@\./) -> FALSE
- (24) } # if (&User-Name) = notfound
- (24) } # policy filter_username = notfound
- (24) [preprocess] = ok
- (24) [chap] = noop
- (24) [mschap] = noop
- (24) [digest] = noop
- (24) suffix: Checking for suffix after "@"
- (24) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (24) suffix: No such realm "NULL"
- (24) [suffix] = noop
- (24) eap: Peer sent EAP Response (code 2) ID 24 length 43
- (24) eap: Continuing tunnel setup
- (24) [eap] = ok
- (24) } # authorize = ok
- (24) Found Auth-Type = eap
- (24) # Executing group from file /etc/raddb/sites-enabled/default
- (24) authenticate {
- (24) eap: Expiring EAP session with state 0x2012cb73220ad292
- (24) eap: Finished EAP session with state 0x2012cb73220ad292
- (24) eap: Previous EAP request found for state 0x2012cb73220ad292, released from the list
- (24) eap: Peer sent packet with method EAP PEAP (25)
- (24) eap: Calling submodule eap_peap to process data
- (24) eap_peap: Continuing EAP-TLS
- (24) eap_peap: [eaptls verify] = ok
- (24) eap_peap: Done initial handshake
- (24) eap_peap: [eaptls process] = ok
- (24) eap_peap: Session established. Decoding tunneled attributes
- (24) eap_peap: PEAP state send tlv success
- (24) eap_peap: Received EAP-TLV response
- (24) eap_peap: Success
- (24) eap_peap: No saved attributes in the original Access-Accept
- (24) eap: Sending EAP Success (code 3) ID 24 length 4
- (24) eap: Freeing handler
- (24) [eap] = ok
- (24) } # authenticate = ok
- (24) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (24) post-auth {
- (24) update {
- (24) No attributes updated
- (24) } # update = noop
- (24) [exec] = noop
- (24) policy remove_reply_message_if_eap {
- (24) if (&reply:EAP-Message && &reply:Reply-Message) {
- (24) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (24) else {
- (24) [noop] = noop
- (24) } # else = noop
- (24) } # policy remove_reply_message_if_eap = noop
- (24) } # post-auth = noop
- (24) Sent Access-Accept Id 48 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (24) MS-MPPE-Recv-Key = 0x3c9726d8b1f36aa9914aec6112d5c261ff95ccdbc9f26475e7083165221d6338
- (24) MS-MPPE-Send-Key = 0x00f006c24ca5c86b83697519373282d89f43d179a7adbfada268f75b0e199586
- (24) EAP-Message = 0x03180004
- (24) Message-Authenticator = 0x00000000000000000000000000000000
- (24) User-Name = "vkratsberg"
- (24) Finished request
- Waking up in 4.3 seconds.
- (25) Received Access-Request Id 49 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (25) User-Name = "vkratsberg"
- (25) NAS-Port = 358
- (25) EAP-Message = 0x0219000f01766b7261747362657267
- (25) Message-Authenticator = 0x6cf1623d5c27bffc920fa432d8daa44a
- (25) Acct-Session-Id = "8O2.1x81bb083800049ec0"
- (25) NAS-Port-Id = "ge-3/0/6.0"
- (25) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (25) Called-Station-Id = "ec-3e-f7-68-35-00"
- (25) NAS-IP-Address = 10.8.0.111
- (25) NAS-Identifier = "nyc-access-sw011"
- (25) NAS-Port-Type = Ethernet
- (25) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (25) authorize {
- (25) policy filter_username {
- (25) if (&User-Name) {
- (25) if (&User-Name) -> TRUE
- (25) if (&User-Name) {
- (25) if (&User-Name =~ / /) {
- (25) if (&User-Name =~ / /) -> FALSE
- (25) if (&User-Name =~ /@[^@]*@/ ) {
- (25) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (25) if (&User-Name =~ /\.\./ ) {
- (25) if (&User-Name =~ /\.\./ ) -> FALSE
- (25) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (25) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (25) if (&User-Name =~ /\.$/) {
- (25) if (&User-Name =~ /\.$/) -> FALSE
- (25) if (&User-Name =~ /@\./) {
- (25) if (&User-Name =~ /@\./) -> FALSE
- (25) } # if (&User-Name) = notfound
- (25) } # policy filter_username = notfound
- (25) [preprocess] = ok
- (25) [chap] = noop
- (25) [mschap] = noop
- (25) [digest] = noop
- (25) suffix: Checking for suffix after "@"
- (25) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (25) suffix: No such realm "NULL"
- (25) [suffix] = noop
- (25) eap: Peer sent EAP Response (code 2) ID 25 length 15
- (25) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (25) [eap] = ok
- (25) } # authorize = ok
- (25) Found Auth-Type = eap
- (25) # Executing group from file /etc/raddb/sites-enabled/default
- (25) authenticate {
- (25) eap: Peer sent packet with method EAP Identity (1)
- (25) eap: Calling submodule eap_peap to process data
- (25) eap_peap: Initiating new EAP-TLS session
- (25) eap_peap: [eaptls start] = request
- (25) eap: Sending EAP Request (code 1) ID 26 length 6
- (25) eap: EAP session adding &reply:State = 0xdf582aeedf4233a5
- (25) [eap] = handled
- (25) } # authenticate = handled
- (25) Using Post-Auth-Type Challenge
- (25) Post-Auth-Type sub-section not found. Ignoring.
- (25) # Executing group from file /etc/raddb/sites-enabled/default
- (25) Sent Access-Challenge Id 49 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (25) EAP-Message = 0x011a00061920
- (25) Message-Authenticator = 0x00000000000000000000000000000000
- (25) State = 0xdf582aeedf4233a5d2549a8995860547
- (25) Finished request
- Waking up in 4.3 seconds.
- (26) Received Access-Request Id 50 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (26) User-Name = "vkratsberg"
- (26) NAS-Port = 358
- (26) State = 0xdf582aeedf4233a5d2549a8995860547
- (26) EAP-Message = 0x021a00a31980000000991603010094010000900301573f503c179fa037e9f44d018baa08634543e1f6fa6fac5b9338c926c822d56020274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (26) Message-Authenticator = 0x8d962082d71212851b6ff9ee4571337a
- (26) Acct-Session-Id = "8O2.1x81bb083800049ec0"
- (26) NAS-Port-Id = "ge-3/0/6.0"
- (26) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (26) Called-Station-Id = "ec-3e-f7-68-35-00"
- (26) NAS-IP-Address = 10.8.0.111
- (26) NAS-Identifier = "nyc-access-sw011"
- (26) NAS-Port-Type = Ethernet
- (26) session-state: No cached attributes
- (26) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (26) authorize {
- (26) policy filter_username {
- (26) if (&User-Name) {
- (26) if (&User-Name) -> TRUE
- (26) if (&User-Name) {
- (26) if (&User-Name =~ / /) {
- (26) if (&User-Name =~ / /) -> FALSE
- (26) if (&User-Name =~ /@[^@]*@/ ) {
- (26) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (26) if (&User-Name =~ /\.\./ ) {
- (26) if (&User-Name =~ /\.\./ ) -> FALSE
- (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (26) if (&User-Name =~ /\.$/) {
- (26) if (&User-Name =~ /\.$/) -> FALSE
- (26) if (&User-Name =~ /@\./) {
- (26) if (&User-Name =~ /@\./) -> FALSE
- (26) } # if (&User-Name) = notfound
- (26) } # policy filter_username = notfound
- (26) [preprocess] = ok
- (26) [chap] = noop
- (26) [mschap] = noop
- (26) [digest] = noop
- (26) suffix: Checking for suffix after "@"
- (26) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (26) suffix: No such realm "NULL"
- (26) [suffix] = noop
- (26) eap: Peer sent EAP Response (code 2) ID 26 length 163
- (26) eap: Continuing tunnel setup
- (26) [eap] = ok
- (26) } # authorize = ok
- (26) Found Auth-Type = eap
- (26) # Executing group from file /etc/raddb/sites-enabled/default
- (26) authenticate {
- (26) eap: Expiring EAP session with state 0xdf582aeedf4233a5
- (26) eap: Finished EAP session with state 0xdf582aeedf4233a5
- (26) eap: Previous EAP request found for state 0xdf582aeedf4233a5, released from the list
- (26) eap: Peer sent packet with method EAP PEAP (25)
- (26) eap: Calling submodule eap_peap to process data
- (26) eap_peap: Continuing EAP-TLS
- (26) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (26) eap_peap: Got complete TLS record (153 bytes)
- (26) eap_peap: [eaptls verify] = length included
- (26) eap_peap: (other): before/accept initialization
- (26) eap_peap: TLS_accept: before/accept initialization
- (26) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (26) eap_peap: TLS_accept: SSLv3 read client hello A
- (26) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (26) eap_peap: TLS_accept: SSLv3 write server hello A
- (26) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (26) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (26) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (26) eap_peap: TLS_accept: SSLv3 write finished A
- (26) eap_peap: TLS_accept: SSLv3 flush data
- (26) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (26) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (26) eap_peap: In SSL Handshake Phase
- (26) eap_peap: In SSL Accept mode
- (26) eap_peap: [eaptls process] = handled
- (26) eap: Sending EAP Request (code 1) ID 27 length 159
- (26) eap: EAP session adding &reply:State = 0xdf582aeede4333a5
- (26) [eap] = handled
- (26) } # authenticate = handled
- (26) Using Post-Auth-Type Challenge
- (26) Post-Auth-Type sub-section not found. Ignoring.
- (26) # Executing group from file /etc/raddb/sites-enabled/default
- (26) Sent Access-Challenge Id 50 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (26) EAP-Message = 0x011b009f19001603010059020000550301573f503c05741ffbd03dd9d2ffa414ba4dde6197fdf057fa7d320b3ea8c55cec20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030ecc6211c71b4b352
- (26) Message-Authenticator = 0x00000000000000000000000000000000
- (26) State = 0xdf582aeede4333a5d2549a8995860547
- (26) Finished request
- Waking up in 4.3 seconds.
- (27) Received Access-Request Id 51 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (27) User-Name = "vkratsberg"
- (27) NAS-Port = 358
- (27) State = 0xdf582aeede4333a5d2549a8995860547
- (27) EAP-Message = 0x021b004519800000003b1403010001011603010030157fbdb3af4c0dd27adf94142cc9751109393c5350a72d9230da105941bb5c946c487040cb149be79c37d8394d145f97
- (27) Message-Authenticator = 0xe1a8e46a6d7c8bc5a3dda1b2c34bf6dd
- (27) Acct-Session-Id = "8O2.1x81bb083800049ec0"
- (27) NAS-Port-Id = "ge-3/0/6.0"
- (27) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (27) Called-Station-Id = "ec-3e-f7-68-35-00"
- (27) NAS-IP-Address = 10.8.0.111
- (27) NAS-Identifier = "nyc-access-sw011"
- (27) NAS-Port-Type = Ethernet
- (27) session-state: No cached attributes
- (27) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (27) authorize {
- (27) policy filter_username {
- (27) if (&User-Name) {
- (27) if (&User-Name) -> TRUE
- (27) if (&User-Name) {
- (27) if (&User-Name =~ / /) {
- (27) if (&User-Name =~ / /) -> FALSE
- (27) if (&User-Name =~ /@[^@]*@/ ) {
- (27) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (27) if (&User-Name =~ /\.\./ ) {
- (27) if (&User-Name =~ /\.\./ ) -> FALSE
- (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (27) if (&User-Name =~ /\.$/) {
- (27) if (&User-Name =~ /\.$/) -> FALSE
- (27) if (&User-Name =~ /@\./) {
- (27) if (&User-Name =~ /@\./) -> FALSE
- (27) } # if (&User-Name) = notfound
- (27) } # policy filter_username = notfound
- (27) [preprocess] = ok
- (27) [chap] = noop
- (27) [mschap] = noop
- (27) [digest] = noop
- (27) suffix: Checking for suffix after "@"
- (27) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (27) suffix: No such realm "NULL"
- (27) [suffix] = noop
- (27) eap: Peer sent EAP Response (code 2) ID 27 length 69
- (27) eap: Continuing tunnel setup
- (27) [eap] = ok
- (27) } # authorize = ok
- (27) Found Auth-Type = eap
- (27) # Executing group from file /etc/raddb/sites-enabled/default
- (27) authenticate {
- (27) eap: Expiring EAP session with state 0xdf582aeede4333a5
- (27) eap: Finished EAP session with state 0xdf582aeede4333a5
- (27) eap: Previous EAP request found for state 0xdf582aeede4333a5, released from the list
- (27) eap: Peer sent packet with method EAP PEAP (25)
- (27) eap: Calling submodule eap_peap to process data
- (27) eap_peap: Continuing EAP-TLS
- (27) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (27) eap_peap: Got complete TLS record (59 bytes)
- (27) eap_peap: [eaptls verify] = length included
- (27) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (27) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (27) eap_peap: TLS_accept: SSLv3 read finished A
- (27) eap_peap: (other): SSL negotiation finished successfully
- (27) eap_peap: SSL Connection Established
- (27) eap_peap: SSL Application Data
- (27) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (27) eap_peap: reply:User-Name = "vkratsberg"
- (27) eap_peap: [eaptls process] = success
- (27) eap_peap: Session established. Decoding tunneled attributes
- (27) eap_peap: PEAP state TUNNEL ESTABLISHED
- (27) eap_peap: Skipping Phase2 because of session resumption
- (27) eap_peap: SUCCESS
- (27) eap: Sending EAP Request (code 1) ID 28 length 43
- (27) eap: EAP session adding &reply:State = 0xdf582aeedd4433a5
- (27) [eap] = handled
- (27) } # authenticate = handled
- (27) Using Post-Auth-Type Challenge
- (27) Post-Auth-Type sub-section not found. Ignoring.
- (27) # Executing group from file /etc/raddb/sites-enabled/default
- (27) Sent Access-Challenge Id 51 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (27) User-Name = "vkratsberg"
- (27) EAP-Message = 0x011c002b19001703010020d88a2ff2cbae04597eba04d72f77b999ae1de64df9ad27dfc7e4294329c185f2
- (27) Message-Authenticator = 0x00000000000000000000000000000000
- (27) State = 0xdf582aeedd4433a5d2549a8995860547
- (27) Finished request
- Waking up in 4.3 seconds.
- (28) Received Access-Request Id 52 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (28) User-Name = "vkratsberg"
- (28) NAS-Port = 358
- (28) State = 0xdf582aeedd4433a5d2549a8995860547
- (28) EAP-Message = 0x021c002b1900170301002011b501ccd7c2fbe82d08b50e59e78239d996145cb13b3c9b08a13e37636ebf1e
- (28) Message-Authenticator = 0x35adfe5ca9d30c4c05d7e26c8b9ee71a
- (28) Acct-Session-Id = "8O2.1x81bb083800049ec0"
- (28) NAS-Port-Id = "ge-3/0/6.0"
- (28) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (28) Called-Station-Id = "ec-3e-f7-68-35-00"
- (28) NAS-IP-Address = 10.8.0.111
- (28) NAS-Identifier = "nyc-access-sw011"
- (28) NAS-Port-Type = Ethernet
- (28) session-state: No cached attributes
- (28) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (28) authorize {
- (28) policy filter_username {
- (28) if (&User-Name) {
- (28) if (&User-Name) -> TRUE
- (28) if (&User-Name) {
- (28) if (&User-Name =~ / /) {
- (28) if (&User-Name =~ / /) -> FALSE
- (28) if (&User-Name =~ /@[^@]*@/ ) {
- (28) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (28) if (&User-Name =~ /\.\./ ) {
- (28) if (&User-Name =~ /\.\./ ) -> FALSE
- (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (28) if (&User-Name =~ /\.$/) {
- (28) if (&User-Name =~ /\.$/) -> FALSE
- (28) if (&User-Name =~ /@\./) {
- (28) if (&User-Name =~ /@\./) -> FALSE
- (28) } # if (&User-Name) = notfound
- (28) } # policy filter_username = notfound
- (28) [preprocess] = ok
- (28) [chap] = noop
- (28) [mschap] = noop
- (28) [digest] = noop
- (28) suffix: Checking for suffix after "@"
- (28) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (28) suffix: No such realm "NULL"
- (28) [suffix] = noop
- (28) eap: Peer sent EAP Response (code 2) ID 28 length 43
- (28) eap: Continuing tunnel setup
- (28) [eap] = ok
- (28) } # authorize = ok
- (28) Found Auth-Type = eap
- (28) # Executing group from file /etc/raddb/sites-enabled/default
- (28) authenticate {
- (28) eap: Expiring EAP session with state 0xdf582aeedd4433a5
- (28) eap: Finished EAP session with state 0xdf582aeedd4433a5
- (28) eap: Previous EAP request found for state 0xdf582aeedd4433a5, released from the list
- (28) eap: Peer sent packet with method EAP PEAP (25)
- (28) eap: Calling submodule eap_peap to process data
- (28) eap_peap: Continuing EAP-TLS
- (28) eap_peap: [eaptls verify] = ok
- (28) eap_peap: Done initial handshake
- (28) eap_peap: [eaptls process] = ok
- (28) eap_peap: Session established. Decoding tunneled attributes
- (28) eap_peap: PEAP state send tlv success
- (28) eap_peap: Received EAP-TLV response
- (28) eap_peap: Success
- (28) eap_peap: No saved attributes in the original Access-Accept
- (28) eap: Sending EAP Success (code 3) ID 28 length 4
- (28) eap: Freeing handler
- (28) [eap] = ok
- (28) } # authenticate = ok
- (28) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (28) post-auth {
- (28) update {
- (28) No attributes updated
- (28) } # update = noop
- (28) [exec] = noop
- (28) policy remove_reply_message_if_eap {
- (28) if (&reply:EAP-Message && &reply:Reply-Message) {
- (28) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (28) else {
- (28) [noop] = noop
- (28) } # else = noop
- (28) } # policy remove_reply_message_if_eap = noop
- (28) } # post-auth = noop
- (28) Sent Access-Accept Id 52 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (28) MS-MPPE-Recv-Key = 0x51c07c8df9c0d937912e501065a71b59adef994113651ba091830556df158738
- (28) MS-MPPE-Send-Key = 0xfcafce900bec64051b371622a80dce4f5cb0360a8b6341aee92789a4e4a5af26
- (28) EAP-Message = 0x031c0004
- (28) Message-Authenticator = 0x00000000000000000000000000000000
- (28) User-Name = "vkratsberg"
- (28) Finished request
- Waking up in 4.2 seconds.
- (29) Received Access-Request Id 53 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (29) User-Name = "vkratsberg"
- (29) NAS-Port = 358
- (29) EAP-Message = 0x021d000f01766b7261747362657267
- (29) Message-Authenticator = 0x15d037fdc3728e6333de1dfc96cf50c8
- (29) Acct-Session-Id = "8O2.1x81bb083900063bc6"
- (29) NAS-Port-Id = "ge-3/0/6.0"
- (29) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (29) Called-Station-Id = "ec-3e-f7-68-35-00"
- (29) NAS-IP-Address = 10.8.0.111
- (29) NAS-Identifier = "nyc-access-sw011"
- (29) NAS-Port-Type = Ethernet
- (29) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (29) authorize {
- (29) policy filter_username {
- (29) if (&User-Name) {
- (29) if (&User-Name) -> TRUE
- (29) if (&User-Name) {
- (29) if (&User-Name =~ / /) {
- (29) if (&User-Name =~ / /) -> FALSE
- (29) if (&User-Name =~ /@[^@]*@/ ) {
- (29) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (29) if (&User-Name =~ /\.\./ ) {
- (29) if (&User-Name =~ /\.\./ ) -> FALSE
- (29) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (29) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (29) if (&User-Name =~ /\.$/) {
- (29) if (&User-Name =~ /\.$/) -> FALSE
- (29) if (&User-Name =~ /@\./) {
- (29) if (&User-Name =~ /@\./) -> FALSE
- (29) } # if (&User-Name) = notfound
- (29) } # policy filter_username = notfound
- (29) [preprocess] = ok
- (29) [chap] = noop
- (29) [mschap] = noop
- (29) [digest] = noop
- (29) suffix: Checking for suffix after "@"
- (29) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (29) suffix: No such realm "NULL"
- (29) [suffix] = noop
- (29) eap: Peer sent EAP Response (code 2) ID 29 length 15
- (29) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (29) [eap] = ok
- (29) } # authorize = ok
- (29) Found Auth-Type = eap
- (29) # Executing group from file /etc/raddb/sites-enabled/default
- (29) authenticate {
- (29) eap: Peer sent packet with method EAP Identity (1)
- (29) eap: Calling submodule eap_peap to process data
- (29) eap_peap: Initiating new EAP-TLS session
- (29) eap_peap: [eaptls start] = request
- (29) eap: Sending EAP Request (code 1) ID 30 length 6
- (29) eap: EAP session adding &reply:State = 0xc39a7c0ac384655a
- (29) [eap] = handled
- (29) } # authenticate = handled
- (29) Using Post-Auth-Type Challenge
- (29) Post-Auth-Type sub-section not found. Ignoring.
- (29) # Executing group from file /etc/raddb/sites-enabled/default
- (29) Sent Access-Challenge Id 53 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (29) EAP-Message = 0x011e00061920
- (29) Message-Authenticator = 0x00000000000000000000000000000000
- (29) State = 0xc39a7c0ac384655aae08a8ade31ffcdd
- (29) Finished request
- Waking up in 4.2 seconds.
- (30) Received Access-Request Id 54 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (30) User-Name = "vkratsberg"
- (30) NAS-Port = 358
- (30) State = 0xc39a7c0ac384655aae08a8ade31ffcdd
- (30) EAP-Message = 0x021e00a31980000000991603010094010000900301573f503c992f7f49148e6477c38f9fc73df0a3154770488f6c62e2ef0d46822320274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (30) Message-Authenticator = 0x069ee289394b6f18833edc99128f0a04
- (30) Acct-Session-Id = "8O2.1x81bb083900063bc6"
- (30) NAS-Port-Id = "ge-3/0/6.0"
- (30) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (30) Called-Station-Id = "ec-3e-f7-68-35-00"
- (30) NAS-IP-Address = 10.8.0.111
- (30) NAS-Identifier = "nyc-access-sw011"
- (30) NAS-Port-Type = Ethernet
- (30) session-state: No cached attributes
- (30) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (30) authorize {
- (30) policy filter_username {
- (30) if (&User-Name) {
- (30) if (&User-Name) -> TRUE
- (30) if (&User-Name) {
- (30) if (&User-Name =~ / /) {
- (30) if (&User-Name =~ / /) -> FALSE
- (30) if (&User-Name =~ /@[^@]*@/ ) {
- (30) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (30) if (&User-Name =~ /\.\./ ) {
- (30) if (&User-Name =~ /\.\./ ) -> FALSE
- (30) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (30) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (30) if (&User-Name =~ /\.$/) {
- (30) if (&User-Name =~ /\.$/) -> FALSE
- (30) if (&User-Name =~ /@\./) {
- (30) if (&User-Name =~ /@\./) -> FALSE
- (30) } # if (&User-Name) = notfound
- (30) } # policy filter_username = notfound
- (30) [preprocess] = ok
- (30) [chap] = noop
- (30) [mschap] = noop
- (30) [digest] = noop
- (30) suffix: Checking for suffix after "@"
- (30) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (30) suffix: No such realm "NULL"
- (30) [suffix] = noop
- (30) eap: Peer sent EAP Response (code 2) ID 30 length 163
- (30) eap: Continuing tunnel setup
- (30) [eap] = ok
- (30) } # authorize = ok
- (30) Found Auth-Type = eap
- (30) # Executing group from file /etc/raddb/sites-enabled/default
- (30) authenticate {
- (30) eap: Expiring EAP session with state 0xc39a7c0ac384655a
- (30) eap: Finished EAP session with state 0xc39a7c0ac384655a
- (30) eap: Previous EAP request found for state 0xc39a7c0ac384655a, released from the list
- (30) eap: Peer sent packet with method EAP PEAP (25)
- (30) eap: Calling submodule eap_peap to process data
- (30) eap_peap: Continuing EAP-TLS
- (30) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (30) eap_peap: Got complete TLS record (153 bytes)
- (30) eap_peap: [eaptls verify] = length included
- (30) eap_peap: (other): before/accept initialization
- (30) eap_peap: TLS_accept: before/accept initialization
- (30) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (30) eap_peap: TLS_accept: SSLv3 read client hello A
- (30) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (30) eap_peap: TLS_accept: SSLv3 write server hello A
- (30) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (30) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (30) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (30) eap_peap: TLS_accept: SSLv3 write finished A
- (30) eap_peap: TLS_accept: SSLv3 flush data
- (30) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (30) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (30) eap_peap: In SSL Handshake Phase
- (30) eap_peap: In SSL Accept mode
- (30) eap_peap: [eaptls process] = handled
- (30) eap: Sending EAP Request (code 1) ID 31 length 159
- (30) eap: EAP session adding &reply:State = 0xc39a7c0ac285655a
- (30) [eap] = handled
- (30) } # authenticate = handled
- (30) Using Post-Auth-Type Challenge
- (30) Post-Auth-Type sub-section not found. Ignoring.
- (30) # Executing group from file /etc/raddb/sites-enabled/default
- (30) Sent Access-Challenge Id 54 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (30) EAP-Message = 0x011f009f19001603010059020000550301573f503c807117e34faba847da580e233e020cac4f0fbfdc0b60bcc2e66eebf620274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b000403000102140301000101160301003088a20a49f4c78b57
- (30) Message-Authenticator = 0x00000000000000000000000000000000
- (30) State = 0xc39a7c0ac285655aae08a8ade31ffcdd
- (30) Finished request
- Waking up in 4.2 seconds.
- (31) Received Access-Request Id 55 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (31) User-Name = "vkratsberg"
- (31) NAS-Port = 358
- (31) State = 0xc39a7c0ac285655aae08a8ade31ffcdd
- (31) EAP-Message = 0x021f004519800000003b1403010001011603010030f254c2ca77cca1d252ca6259afd898fb3fdcb7f577b0968a6692a0f54271234f9f747b8c29c14698a765147c08d1f97c
- (31) Message-Authenticator = 0x29f01e8fa4501f315e6a04d69c4b2274
- (31) Acct-Session-Id = "8O2.1x81bb083900063bc6"
- (31) NAS-Port-Id = "ge-3/0/6.0"
- (31) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (31) Called-Station-Id = "ec-3e-f7-68-35-00"
- (31) NAS-IP-Address = 10.8.0.111
- (31) NAS-Identifier = "nyc-access-sw011"
- (31) NAS-Port-Type = Ethernet
- (31) session-state: No cached attributes
- (31) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (31) authorize {
- (31) policy filter_username {
- (31) if (&User-Name) {
- (31) if (&User-Name) -> TRUE
- (31) if (&User-Name) {
- (31) if (&User-Name =~ / /) {
- (31) if (&User-Name =~ / /) -> FALSE
- (31) if (&User-Name =~ /@[^@]*@/ ) {
- (31) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (31) if (&User-Name =~ /\.\./ ) {
- (31) if (&User-Name =~ /\.\./ ) -> FALSE
- (31) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (31) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (31) if (&User-Name =~ /\.$/) {
- (31) if (&User-Name =~ /\.$/) -> FALSE
- (31) if (&User-Name =~ /@\./) {
- (31) if (&User-Name =~ /@\./) -> FALSE
- (31) } # if (&User-Name) = notfound
- (31) } # policy filter_username = notfound
- (31) [preprocess] = ok
- (31) [chap] = noop
- (31) [mschap] = noop
- (31) [digest] = noop
- (31) suffix: Checking for suffix after "@"
- (31) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (31) suffix: No such realm "NULL"
- (31) [suffix] = noop
- (31) eap: Peer sent EAP Response (code 2) ID 31 length 69
- (31) eap: Continuing tunnel setup
- (31) [eap] = ok
- (31) } # authorize = ok
- (31) Found Auth-Type = eap
- (31) # Executing group from file /etc/raddb/sites-enabled/default
- (31) authenticate {
- (31) eap: Expiring EAP session with state 0xc39a7c0ac285655a
- (31) eap: Finished EAP session with state 0xc39a7c0ac285655a
- (31) eap: Previous EAP request found for state 0xc39a7c0ac285655a, released from the list
- (31) eap: Peer sent packet with method EAP PEAP (25)
- (31) eap: Calling submodule eap_peap to process data
- (31) eap_peap: Continuing EAP-TLS
- (31) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (31) eap_peap: Got complete TLS record (59 bytes)
- (31) eap_peap: [eaptls verify] = length included
- (31) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (31) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (31) eap_peap: TLS_accept: SSLv3 read finished A
- (31) eap_peap: (other): SSL negotiation finished successfully
- (31) eap_peap: SSL Connection Established
- (31) eap_peap: SSL Application Data
- (31) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (31) eap_peap: reply:User-Name = "vkratsberg"
- (31) eap_peap: [eaptls process] = success
- (31) eap_peap: Session established. Decoding tunneled attributes
- (31) eap_peap: PEAP state TUNNEL ESTABLISHED
- (31) eap_peap: Skipping Phase2 because of session resumption
- (31) eap_peap: SUCCESS
- (31) eap: Sending EAP Request (code 1) ID 32 length 43
- (31) eap: EAP session adding &reply:State = 0xc39a7c0ac1ba655a
- (31) [eap] = handled
- (31) } # authenticate = handled
- (31) Using Post-Auth-Type Challenge
- (31) Post-Auth-Type sub-section not found. Ignoring.
- (31) # Executing group from file /etc/raddb/sites-enabled/default
- (31) Sent Access-Challenge Id 55 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (31) User-Name = "vkratsberg"
- (31) EAP-Message = 0x0120002b19001703010020591b6404e9f6eda8113716cccfbbc3d1d50a19a5d9c3afe923f9b9ca3bc1f440
- (31) Message-Authenticator = 0x00000000000000000000000000000000
- (31) State = 0xc39a7c0ac1ba655aae08a8ade31ffcdd
- (31) Finished request
- Waking up in 4.1 seconds.
- (32) Received Access-Request Id 56 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (32) User-Name = "vkratsberg"
- (32) NAS-Port = 358
- (32) State = 0xc39a7c0ac1ba655aae08a8ade31ffcdd
- (32) EAP-Message = 0x0220002b19001703010020f9d8463166b2cfdd7330b8acc2804277ca1520bc593b37d06afe9018b5e340a6
- (32) Message-Authenticator = 0x717246cff3f5f1487fc4fcfc6c367096
- (32) Acct-Session-Id = "8O2.1x81bb083900063bc6"
- (32) NAS-Port-Id = "ge-3/0/6.0"
- (32) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (32) Called-Station-Id = "ec-3e-f7-68-35-00"
- (32) NAS-IP-Address = 10.8.0.111
- (32) NAS-Identifier = "nyc-access-sw011"
- (32) NAS-Port-Type = Ethernet
- (32) session-state: No cached attributes
- (32) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (32) authorize {
- (32) policy filter_username {
- (32) if (&User-Name) {
- (32) if (&User-Name) -> TRUE
- (32) if (&User-Name) {
- (32) if (&User-Name =~ / /) {
- (32) if (&User-Name =~ / /) -> FALSE
- (32) if (&User-Name =~ /@[^@]*@/ ) {
- (32) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (32) if (&User-Name =~ /\.\./ ) {
- (32) if (&User-Name =~ /\.\./ ) -> FALSE
- (32) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (32) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (32) if (&User-Name =~ /\.$/) {
- (32) if (&User-Name =~ /\.$/) -> FALSE
- (32) if (&User-Name =~ /@\./) {
- (32) if (&User-Name =~ /@\./) -> FALSE
- (32) } # if (&User-Name) = notfound
- (32) } # policy filter_username = notfound
- (32) [preprocess] = ok
- (32) [chap] = noop
- (32) [mschap] = noop
- (32) [digest] = noop
- (32) suffix: Checking for suffix after "@"
- (32) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (32) suffix: No such realm "NULL"
- (32) [suffix] = noop
- (32) eap: Peer sent EAP Response (code 2) ID 32 length 43
- (32) eap: Continuing tunnel setup
- (32) [eap] = ok
- (32) } # authorize = ok
- (32) Found Auth-Type = eap
- (32) # Executing group from file /etc/raddb/sites-enabled/default
- (32) authenticate {
- (32) eap: Expiring EAP session with state 0xc39a7c0ac1ba655a
- (32) eap: Finished EAP session with state 0xc39a7c0ac1ba655a
- (32) eap: Previous EAP request found for state 0xc39a7c0ac1ba655a, released from the list
- (32) eap: Peer sent packet with method EAP PEAP (25)
- (32) eap: Calling submodule eap_peap to process data
- (32) eap_peap: Continuing EAP-TLS
- (32) eap_peap: [eaptls verify] = ok
- (32) eap_peap: Done initial handshake
- (32) eap_peap: [eaptls process] = ok
- (32) eap_peap: Session established. Decoding tunneled attributes
- (32) eap_peap: PEAP state send tlv success
- (32) eap_peap: Received EAP-TLV response
- (32) eap_peap: Success
- (32) eap_peap: No saved attributes in the original Access-Accept
- (32) eap: Sending EAP Success (code 3) ID 32 length 4
- (32) eap: Freeing handler
- (32) [eap] = ok
- (32) } # authenticate = ok
- (32) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (32) post-auth {
- (32) update {
- (32) No attributes updated
- (32) } # update = noop
- (32) [exec] = noop
- (32) policy remove_reply_message_if_eap {
- (32) if (&reply:EAP-Message && &reply:Reply-Message) {
- (32) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (32) else {
- (32) [noop] = noop
- (32) } # else = noop
- (32) } # policy remove_reply_message_if_eap = noop
- (32) } # post-auth = noop
- (32) Sent Access-Accept Id 56 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (32) MS-MPPE-Recv-Key = 0x823b5c191097bd32c98f9cd25d1c94cd57b866065152025d711f980960a91cef
- (32) MS-MPPE-Send-Key = 0x8968a9badd5e939fa8d7aa06cf0a959a565869f1c0be3e3f10076e607b0f520c
- (32) EAP-Message = 0x03200004
- (32) Message-Authenticator = 0x00000000000000000000000000000000
- (32) User-Name = "vkratsberg"
- (32) Finished request
- Waking up in 4.1 seconds.
- (33) Received Access-Request Id 57 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (33) User-Name = "vkratsberg"
- (33) NAS-Port = 358
- (33) EAP-Message = 0x0221000f01766b7261747362657267
- (33) Message-Authenticator = 0x1cbcc17438a07d51975da5d62ca33b72
- (33) Acct-Session-Id = "8O2.1x81bb083a0007d818"
- (33) NAS-Port-Id = "ge-3/0/6.0"
- (33) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (33) Called-Station-Id = "ec-3e-f7-68-35-00"
- (33) NAS-IP-Address = 10.8.0.111
- (33) NAS-Identifier = "nyc-access-sw011"
- (33) NAS-Port-Type = Ethernet
- (33) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (33) authorize {
- (33) policy filter_username {
- (33) if (&User-Name) {
- (33) if (&User-Name) -> TRUE
- (33) if (&User-Name) {
- (33) if (&User-Name =~ / /) {
- (33) if (&User-Name =~ / /) -> FALSE
- (33) if (&User-Name =~ /@[^@]*@/ ) {
- (33) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (33) if (&User-Name =~ /\.\./ ) {
- (33) if (&User-Name =~ /\.\./ ) -> FALSE
- (33) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (33) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (33) if (&User-Name =~ /\.$/) {
- (33) if (&User-Name =~ /\.$/) -> FALSE
- (33) if (&User-Name =~ /@\./) {
- (33) if (&User-Name =~ /@\./) -> FALSE
- (33) } # if (&User-Name) = notfound
- (33) } # policy filter_username = notfound
- (33) [preprocess] = ok
- (33) [chap] = noop
- (33) [mschap] = noop
- (33) [digest] = noop
- (33) suffix: Checking for suffix after "@"
- (33) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (33) suffix: No such realm "NULL"
- (33) [suffix] = noop
- (33) eap: Peer sent EAP Response (code 2) ID 33 length 15
- (33) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (33) [eap] = ok
- (33) } # authorize = ok
- (33) Found Auth-Type = eap
- (33) # Executing group from file /etc/raddb/sites-enabled/default
- (33) authenticate {
- (33) eap: Peer sent packet with method EAP Identity (1)
- (33) eap: Calling submodule eap_peap to process data
- (33) eap_peap: Initiating new EAP-TLS session
- (33) eap_peap: [eaptls start] = request
- (33) eap: Sending EAP Request (code 1) ID 34 length 6
- (33) eap: EAP session adding &reply:State = 0x3047744330656d50
- (33) [eap] = handled
- (33) } # authenticate = handled
- (33) Using Post-Auth-Type Challenge
- (33) Post-Auth-Type sub-section not found. Ignoring.
- (33) # Executing group from file /etc/raddb/sites-enabled/default
- (33) Sent Access-Challenge Id 57 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (33) EAP-Message = 0x012200061920
- (33) Message-Authenticator = 0x00000000000000000000000000000000
- (33) State = 0x3047744330656d50a34e26ba48d907fd
- (33) Finished request
- Waking up in 4.1 seconds.
- (34) Received Access-Request Id 58 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (34) User-Name = "vkratsberg"
- (34) NAS-Port = 358
- (34) State = 0x3047744330656d50a34e26ba48d907fd
- (34) EAP-Message = 0x022200a31980000000991603010094010000900301573f503c16fb2519d732dbe3429a9d6812d983de04563c3bf7953ba8fd0980c620274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (34) Message-Authenticator = 0x9f35bd95805602817898e592716daeac
- (34) Acct-Session-Id = "8O2.1x81bb083a0007d818"
- (34) NAS-Port-Id = "ge-3/0/6.0"
- (34) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (34) Called-Station-Id = "ec-3e-f7-68-35-00"
- (34) NAS-IP-Address = 10.8.0.111
- (34) NAS-Identifier = "nyc-access-sw011"
- (34) NAS-Port-Type = Ethernet
- (34) session-state: No cached attributes
- (34) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (34) authorize {
- (34) policy filter_username {
- (34) if (&User-Name) {
- (34) if (&User-Name) -> TRUE
- (34) if (&User-Name) {
- (34) if (&User-Name =~ / /) {
- (34) if (&User-Name =~ / /) -> FALSE
- (34) if (&User-Name =~ /@[^@]*@/ ) {
- (34) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (34) if (&User-Name =~ /\.\./ ) {
- (34) if (&User-Name =~ /\.\./ ) -> FALSE
- (34) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (34) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (34) if (&User-Name =~ /\.$/) {
- (34) if (&User-Name =~ /\.$/) -> FALSE
- (34) if (&User-Name =~ /@\./) {
- (34) if (&User-Name =~ /@\./) -> FALSE
- (34) } # if (&User-Name) = notfound
- (34) } # policy filter_username = notfound
- (34) [preprocess] = ok
- (34) [chap] = noop
- (34) [mschap] = noop
- (34) [digest] = noop
- (34) suffix: Checking for suffix after "@"
- (34) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (34) suffix: No such realm "NULL"
- (34) [suffix] = noop
- (34) eap: Peer sent EAP Response (code 2) ID 34 length 163
- (34) eap: Continuing tunnel setup
- (34) [eap] = ok
- (34) } # authorize = ok
- (34) Found Auth-Type = eap
- (34) # Executing group from file /etc/raddb/sites-enabled/default
- (34) authenticate {
- (34) eap: Expiring EAP session with state 0x3047744330656d50
- (34) eap: Finished EAP session with state 0x3047744330656d50
- (34) eap: Previous EAP request found for state 0x3047744330656d50, released from the list
- (34) eap: Peer sent packet with method EAP PEAP (25)
- (34) eap: Calling submodule eap_peap to process data
- (34) eap_peap: Continuing EAP-TLS
- (34) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (34) eap_peap: Got complete TLS record (153 bytes)
- (34) eap_peap: [eaptls verify] = length included
- (34) eap_peap: (other): before/accept initialization
- (34) eap_peap: TLS_accept: before/accept initialization
- (34) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (34) eap_peap: TLS_accept: SSLv3 read client hello A
- (34) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (34) eap_peap: TLS_accept: SSLv3 write server hello A
- (34) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (34) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (34) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (34) eap_peap: TLS_accept: SSLv3 write finished A
- (34) eap_peap: TLS_accept: SSLv3 flush data
- (34) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (34) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (34) eap_peap: In SSL Handshake Phase
- (34) eap_peap: In SSL Accept mode
- (34) eap_peap: [eaptls process] = handled
- (34) eap: Sending EAP Request (code 1) ID 35 length 159
- (34) eap: EAP session adding &reply:State = 0x3047744331646d50
- (34) [eap] = handled
- (34) } # authenticate = handled
- (34) Using Post-Auth-Type Challenge
- (34) Post-Auth-Type sub-section not found. Ignoring.
- (34) # Executing group from file /etc/raddb/sites-enabled/default
- (34) Sent Access-Challenge Id 58 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (34) EAP-Message = 0x0123009f19001603010059020000550301573f503c11e1ad207174a141c8acf4f1db1157873db9dd62676ed0b07c618f6120274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100300b96d69cf1334906
- (34) Message-Authenticator = 0x00000000000000000000000000000000
- (34) State = 0x3047744331646d50a34e26ba48d907fd
- (34) Finished request
- Waking up in 4.1 seconds.
- (35) Received Access-Request Id 59 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (35) User-Name = "vkratsberg"
- (35) NAS-Port = 358
- (35) State = 0x3047744331646d50a34e26ba48d907fd
- (35) EAP-Message = 0x0223004519800000003b1403010001011603010030d90f3cc354893d779966ca4127fccd52a69927041a0a4db1484be816c6ca14552845a026716e7503dd917975f8dd8f07
- (35) Message-Authenticator = 0x4cdc739cca326cfb91801a2fd97be794
- (35) Acct-Session-Id = "8O2.1x81bb083a0007d818"
- (35) NAS-Port-Id = "ge-3/0/6.0"
- (35) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (35) Called-Station-Id = "ec-3e-f7-68-35-00"
- (35) NAS-IP-Address = 10.8.0.111
- (35) NAS-Identifier = "nyc-access-sw011"
- (35) NAS-Port-Type = Ethernet
- (35) session-state: No cached attributes
- (35) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (35) authorize {
- (35) policy filter_username {
- (35) if (&User-Name) {
- (35) if (&User-Name) -> TRUE
- (35) if (&User-Name) {
- (35) if (&User-Name =~ / /) {
- (35) if (&User-Name =~ / /) -> FALSE
- (35) if (&User-Name =~ /@[^@]*@/ ) {
- (35) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (35) if (&User-Name =~ /\.\./ ) {
- (35) if (&User-Name =~ /\.\./ ) -> FALSE
- (35) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (35) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (35) if (&User-Name =~ /\.$/) {
- (35) if (&User-Name =~ /\.$/) -> FALSE
- (35) if (&User-Name =~ /@\./) {
- (35) if (&User-Name =~ /@\./) -> FALSE
- (35) } # if (&User-Name) = notfound
- (35) } # policy filter_username = notfound
- (35) [preprocess] = ok
- (35) [chap] = noop
- (35) [mschap] = noop
- (35) [digest] = noop
- (35) suffix: Checking for suffix after "@"
- (35) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (35) suffix: No such realm "NULL"
- (35) [suffix] = noop
- (35) eap: Peer sent EAP Response (code 2) ID 35 length 69
- (35) eap: Continuing tunnel setup
- (35) [eap] = ok
- (35) } # authorize = ok
- (35) Found Auth-Type = eap
- (35) # Executing group from file /etc/raddb/sites-enabled/default
- (35) authenticate {
- (35) eap: Expiring EAP session with state 0x3047744331646d50
- (35) eap: Finished EAP session with state 0x3047744331646d50
- (35) eap: Previous EAP request found for state 0x3047744331646d50, released from the list
- (35) eap: Peer sent packet with method EAP PEAP (25)
- (35) eap: Calling submodule eap_peap to process data
- (35) eap_peap: Continuing EAP-TLS
- (35) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (35) eap_peap: Got complete TLS record (59 bytes)
- (35) eap_peap: [eaptls verify] = length included
- (35) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (35) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (35) eap_peap: TLS_accept: SSLv3 read finished A
- (35) eap_peap: (other): SSL negotiation finished successfully
- (35) eap_peap: SSL Connection Established
- (35) eap_peap: SSL Application Data
- (35) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (35) eap_peap: reply:User-Name = "vkratsberg"
- (35) eap_peap: [eaptls process] = success
- (35) eap_peap: Session established. Decoding tunneled attributes
- (35) eap_peap: PEAP state TUNNEL ESTABLISHED
- (35) eap_peap: Skipping Phase2 because of session resumption
- (35) eap_peap: SUCCESS
- (35) eap: Sending EAP Request (code 1) ID 36 length 43
- (35) eap: EAP session adding &reply:State = 0x3047744332636d50
- (35) [eap] = handled
- (35) } # authenticate = handled
- (35) Using Post-Auth-Type Challenge
- (35) Post-Auth-Type sub-section not found. Ignoring.
- (35) # Executing group from file /etc/raddb/sites-enabled/default
- (35) Sent Access-Challenge Id 59 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (35) User-Name = "vkratsberg"
- (35) EAP-Message = 0x0124002b19001703010020bddb4c8236b23c2d416db2b96f7d06c7691c597f4263c17f1c9f7c43d047cdb1
- (35) Message-Authenticator = 0x00000000000000000000000000000000
- (35) State = 0x3047744332636d50a34e26ba48d907fd
- (35) Finished request
- Waking up in 4.0 seconds.
- (36) Received Access-Request Id 60 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (36) User-Name = "vkratsberg"
- (36) NAS-Port = 358
- (36) State = 0x3047744332636d50a34e26ba48d907fd
- (36) EAP-Message = 0x0224002b19001703010020d3257c3437b1cec6d630bca1ade9291c5583927c4757fb25f571900e8a0905ed
- (36) Message-Authenticator = 0x628d3c17f254ba92eaa78e018e447393
- (36) Acct-Session-Id = "8O2.1x81bb083a0007d818"
- (36) NAS-Port-Id = "ge-3/0/6.0"
- (36) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (36) Called-Station-Id = "ec-3e-f7-68-35-00"
- (36) NAS-IP-Address = 10.8.0.111
- (36) NAS-Identifier = "nyc-access-sw011"
- (36) NAS-Port-Type = Ethernet
- (36) session-state: No cached attributes
- (36) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (36) authorize {
- (36) policy filter_username {
- (36) if (&User-Name) {
- (36) if (&User-Name) -> TRUE
- (36) if (&User-Name) {
- (36) if (&User-Name =~ / /) {
- (36) if (&User-Name =~ / /) -> FALSE
- (36) if (&User-Name =~ /@[^@]*@/ ) {
- (36) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (36) if (&User-Name =~ /\.\./ ) {
- (36) if (&User-Name =~ /\.\./ ) -> FALSE
- (36) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (36) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (36) if (&User-Name =~ /\.$/) {
- (36) if (&User-Name =~ /\.$/) -> FALSE
- (36) if (&User-Name =~ /@\./) {
- (36) if (&User-Name =~ /@\./) -> FALSE
- (36) } # if (&User-Name) = notfound
- (36) } # policy filter_username = notfound
- (36) [preprocess] = ok
- (36) [chap] = noop
- (36) [mschap] = noop
- (36) [digest] = noop
- (36) suffix: Checking for suffix after "@"
- (36) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (36) suffix: No such realm "NULL"
- (36) [suffix] = noop
- (36) eap: Peer sent EAP Response (code 2) ID 36 length 43
- (36) eap: Continuing tunnel setup
- (36) [eap] = ok
- (36) } # authorize = ok
- (36) Found Auth-Type = eap
- (36) # Executing group from file /etc/raddb/sites-enabled/default
- (36) authenticate {
- (36) eap: Expiring EAP session with state 0x3047744332636d50
- (36) eap: Finished EAP session with state 0x3047744332636d50
- (36) eap: Previous EAP request found for state 0x3047744332636d50, released from the list
- (36) eap: Peer sent packet with method EAP PEAP (25)
- (36) eap: Calling submodule eap_peap to process data
- (36) eap_peap: Continuing EAP-TLS
- (36) eap_peap: [eaptls verify] = ok
- (36) eap_peap: Done initial handshake
- (36) eap_peap: [eaptls process] = ok
- (36) eap_peap: Session established. Decoding tunneled attributes
- (36) eap_peap: PEAP state send tlv success
- (36) eap_peap: Received EAP-TLV response
- (36) eap_peap: Success
- (36) eap_peap: No saved attributes in the original Access-Accept
- (36) eap: Sending EAP Success (code 3) ID 36 length 4
- (36) eap: Freeing handler
- (36) [eap] = ok
- (36) } # authenticate = ok
- (36) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (36) post-auth {
- (36) update {
- (36) No attributes updated
- (36) } # update = noop
- (36) [exec] = noop
- (36) policy remove_reply_message_if_eap {
- (36) if (&reply:EAP-Message && &reply:Reply-Message) {
- (36) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (36) else {
- (36) [noop] = noop
- (36) } # else = noop
- (36) } # policy remove_reply_message_if_eap = noop
- (36) } # post-auth = noop
- (36) Sent Access-Accept Id 60 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (36) MS-MPPE-Recv-Key = 0xf2648f95b1639c7630eea20ee70662fd4a5e9d2e471ec3e9ad5f3c839b3cdd6d
- (36) MS-MPPE-Send-Key = 0xf0cd0ab826d17f4ecccb9b16840c6040a74af2416432fcaadeabeff190de562a
- (36) EAP-Message = 0x03240004
- (36) Message-Authenticator = 0x00000000000000000000000000000000
- (36) User-Name = "vkratsberg"
- (36) Finished request
- Waking up in 4.0 seconds.
- (37) Received Access-Request Id 61 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (37) User-Name = "vkratsberg"
- (37) NAS-Port = 358
- (37) EAP-Message = 0x0225000f01766b7261747362657267
- (37) Message-Authenticator = 0x3fb5eb5529937dac1d4b398d48593847
- (37) Acct-Session-Id = "8O2.1x81bb083b00097270"
- (37) NAS-Port-Id = "ge-3/0/6.0"
- (37) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (37) Called-Station-Id = "ec-3e-f7-68-35-00"
- (37) NAS-IP-Address = 10.8.0.111
- (37) NAS-Identifier = "nyc-access-sw011"
- (37) NAS-Port-Type = Ethernet
- (37) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (37) authorize {
- (37) policy filter_username {
- (37) if (&User-Name) {
- (37) if (&User-Name) -> TRUE
- (37) if (&User-Name) {
- (37) if (&User-Name =~ / /) {
- (37) if (&User-Name =~ / /) -> FALSE
- (37) if (&User-Name =~ /@[^@]*@/ ) {
- (37) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (37) if (&User-Name =~ /\.\./ ) {
- (37) if (&User-Name =~ /\.\./ ) -> FALSE
- (37) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (37) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (37) if (&User-Name =~ /\.$/) {
- (37) if (&User-Name =~ /\.$/) -> FALSE
- (37) if (&User-Name =~ /@\./) {
- (37) if (&User-Name =~ /@\./) -> FALSE
- (37) } # if (&User-Name) = notfound
- (37) } # policy filter_username = notfound
- (37) [preprocess] = ok
- (37) [chap] = noop
- (37) [mschap] = noop
- (37) [digest] = noop
- (37) suffix: Checking for suffix after "@"
- (37) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (37) suffix: No such realm "NULL"
- (37) [suffix] = noop
- (37) eap: Peer sent EAP Response (code 2) ID 37 length 15
- (37) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (37) [eap] = ok
- (37) } # authorize = ok
- (37) Found Auth-Type = eap
- (37) # Executing group from file /etc/raddb/sites-enabled/default
- (37) authenticate {
- (37) eap: Peer sent packet with method EAP Identity (1)
- (37) eap: Calling submodule eap_peap to process data
- (37) eap_peap: Initiating new EAP-TLS session
- (37) eap_peap: [eaptls start] = request
- (37) eap: Sending EAP Request (code 1) ID 38 length 6
- (37) eap: EAP session adding &reply:State = 0xd94a21ebd96c3880
- (37) [eap] = handled
- (37) } # authenticate = handled
- (37) Using Post-Auth-Type Challenge
- (37) Post-Auth-Type sub-section not found. Ignoring.
- (37) # Executing group from file /etc/raddb/sites-enabled/default
- (37) Sent Access-Challenge Id 61 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (37) EAP-Message = 0x012600061920
- (37) Message-Authenticator = 0x00000000000000000000000000000000
- (37) State = 0xd94a21ebd96c38803fe1fad5c137f9e3
- (37) Finished request
- Waking up in 4.0 seconds.
- (38) Received Access-Request Id 62 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (38) User-Name = "vkratsberg"
- (38) NAS-Port = 358
- (38) State = 0xd94a21ebd96c38803fe1fad5c137f9e3
- (38) EAP-Message = 0x022600a31980000000991603010094010000900301573f503c110ac457f1e051694c93a0aabdad7f8ef9354f20ee099699f25f2aeb20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (38) Message-Authenticator = 0xa1ac66fc408f91c25b9ab3e05f7efcbb
- (38) Acct-Session-Id = "8O2.1x81bb083b00097270"
- (38) NAS-Port-Id = "ge-3/0/6.0"
- (38) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (38) Called-Station-Id = "ec-3e-f7-68-35-00"
- (38) NAS-IP-Address = 10.8.0.111
- (38) NAS-Identifier = "nyc-access-sw011"
- (38) NAS-Port-Type = Ethernet
- (38) session-state: No cached attributes
- (38) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (38) authorize {
- (38) policy filter_username {
- (38) if (&User-Name) {
- (38) if (&User-Name) -> TRUE
- (38) if (&User-Name) {
- (38) if (&User-Name =~ / /) {
- (38) if (&User-Name =~ / /) -> FALSE
- (38) if (&User-Name =~ /@[^@]*@/ ) {
- (38) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (38) if (&User-Name =~ /\.\./ ) {
- (38) if (&User-Name =~ /\.\./ ) -> FALSE
- (38) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (38) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (38) if (&User-Name =~ /\.$/) {
- (38) if (&User-Name =~ /\.$/) -> FALSE
- (38) if (&User-Name =~ /@\./) {
- (38) if (&User-Name =~ /@\./) -> FALSE
- (38) } # if (&User-Name) = notfound
- (38) } # policy filter_username = notfound
- (38) [preprocess] = ok
- (38) [chap] = noop
- (38) [mschap] = noop
- (38) [digest] = noop
- (38) suffix: Checking for suffix after "@"
- (38) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (38) suffix: No such realm "NULL"
- (38) [suffix] = noop
- (38) eap: Peer sent EAP Response (code 2) ID 38 length 163
- (38) eap: Continuing tunnel setup
- (38) [eap] = ok
- (38) } # authorize = ok
- (38) Found Auth-Type = eap
- (38) # Executing group from file /etc/raddb/sites-enabled/default
- (38) authenticate {
- (38) eap: Expiring EAP session with state 0xd94a21ebd96c3880
- (38) eap: Finished EAP session with state 0xd94a21ebd96c3880
- (38) eap: Previous EAP request found for state 0xd94a21ebd96c3880, released from the list
- (38) eap: Peer sent packet with method EAP PEAP (25)
- (38) eap: Calling submodule eap_peap to process data
- (38) eap_peap: Continuing EAP-TLS
- (38) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (38) eap_peap: Got complete TLS record (153 bytes)
- (38) eap_peap: [eaptls verify] = length included
- (38) eap_peap: (other): before/accept initialization
- (38) eap_peap: TLS_accept: before/accept initialization
- (38) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (38) eap_peap: TLS_accept: SSLv3 read client hello A
- (38) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (38) eap_peap: TLS_accept: SSLv3 write server hello A
- (38) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (38) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (38) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (38) eap_peap: TLS_accept: SSLv3 write finished A
- (38) eap_peap: TLS_accept: SSLv3 flush data
- (38) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (38) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (38) eap_peap: In SSL Handshake Phase
- (38) eap_peap: In SSL Accept mode
- (38) eap_peap: [eaptls process] = handled
- (38) eap: Sending EAP Request (code 1) ID 39 length 159
- (38) eap: EAP session adding &reply:State = 0xd94a21ebd86d3880
- (38) [eap] = handled
- (38) } # authenticate = handled
- (38) Using Post-Auth-Type Challenge
- (38) Post-Auth-Type sub-section not found. Ignoring.
- (38) # Executing group from file /etc/raddb/sites-enabled/default
- (38) Sent Access-Challenge Id 62 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (38) EAP-Message = 0x0127009f19001603010059020000550301573f503cdf77a1aaea5660d58409de1bbab0710e18961ba74cfa9088395b5f9120274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100307c698e84b79a0182
- (38) Message-Authenticator = 0x00000000000000000000000000000000
- (38) State = 0xd94a21ebd86d38803fe1fad5c137f9e3
- (38) Finished request
- Waking up in 4.0 seconds.
- (39) Received Access-Request Id 63 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (39) User-Name = "vkratsberg"
- (39) NAS-Port = 358
- (39) State = 0xd94a21ebd86d38803fe1fad5c137f9e3
- (39) EAP-Message = 0x0227004519800000003b1403010001011603010030f3bb162a04aed5ec6336f8dcbaa292dd2d63a061682669f346c4ef403597f6260149e4b543f37010e3d405dcd369e7a3
- (39) Message-Authenticator = 0x31478a1853e5ef74c1d8c579f34c7768
- (39) Acct-Session-Id = "8O2.1x81bb083b00097270"
- (39) NAS-Port-Id = "ge-3/0/6.0"
- (39) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (39) Called-Station-Id = "ec-3e-f7-68-35-00"
- (39) NAS-IP-Address = 10.8.0.111
- (39) NAS-Identifier = "nyc-access-sw011"
- (39) NAS-Port-Type = Ethernet
- (39) session-state: No cached attributes
- (39) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (39) authorize {
- (39) policy filter_username {
- (39) if (&User-Name) {
- (39) if (&User-Name) -> TRUE
- (39) if (&User-Name) {
- (39) if (&User-Name =~ / /) {
- (39) if (&User-Name =~ / /) -> FALSE
- (39) if (&User-Name =~ /@[^@]*@/ ) {
- (39) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (39) if (&User-Name =~ /\.\./ ) {
- (39) if (&User-Name =~ /\.\./ ) -> FALSE
- (39) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (39) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (39) if (&User-Name =~ /\.$/) {
- (39) if (&User-Name =~ /\.$/) -> FALSE
- (39) if (&User-Name =~ /@\./) {
- (39) if (&User-Name =~ /@\./) -> FALSE
- (39) } # if (&User-Name) = notfound
- (39) } # policy filter_username = notfound
- (39) [preprocess] = ok
- (39) [chap] = noop
- (39) [mschap] = noop
- (39) [digest] = noop
- (39) suffix: Checking for suffix after "@"
- (39) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (39) suffix: No such realm "NULL"
- (39) [suffix] = noop
- (39) eap: Peer sent EAP Response (code 2) ID 39 length 69
- (39) eap: Continuing tunnel setup
- (39) [eap] = ok
- (39) } # authorize = ok
- (39) Found Auth-Type = eap
- (39) # Executing group from file /etc/raddb/sites-enabled/default
- (39) authenticate {
- (39) eap: Expiring EAP session with state 0xd94a21ebd86d3880
- (39) eap: Finished EAP session with state 0xd94a21ebd86d3880
- (39) eap: Previous EAP request found for state 0xd94a21ebd86d3880, released from the list
- (39) eap: Peer sent packet with method EAP PEAP (25)
- (39) eap: Calling submodule eap_peap to process data
- (39) eap_peap: Continuing EAP-TLS
- (39) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (39) eap_peap: Got complete TLS record (59 bytes)
- (39) eap_peap: [eaptls verify] = length included
- (39) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (39) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (39) eap_peap: TLS_accept: SSLv3 read finished A
- (39) eap_peap: (other): SSL negotiation finished successfully
- (39) eap_peap: SSL Connection Established
- (39) eap_peap: SSL Application Data
- (39) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (39) eap_peap: reply:User-Name = "vkratsberg"
- (39) eap_peap: [eaptls process] = success
- (39) eap_peap: Session established. Decoding tunneled attributes
- (39) eap_peap: PEAP state TUNNEL ESTABLISHED
- (39) eap_peap: Skipping Phase2 because of session resumption
- (39) eap_peap: SUCCESS
- (39) eap: Sending EAP Request (code 1) ID 40 length 43
- (39) eap: EAP session adding &reply:State = 0xd94a21ebdb623880
- (39) [eap] = handled
- (39) } # authenticate = handled
- (39) Using Post-Auth-Type Challenge
- (39) Post-Auth-Type sub-section not found. Ignoring.
- (39) # Executing group from file /etc/raddb/sites-enabled/default
- (39) Sent Access-Challenge Id 63 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (39) User-Name = "vkratsberg"
- (39) EAP-Message = 0x0128002b1900170301002082d40282b37f9cb415d5629f4126a8541ad0421467aa2de8c6f4641e28a313a6
- (39) Message-Authenticator = 0x00000000000000000000000000000000
- (39) State = 0xd94a21ebdb6238803fe1fad5c137f9e3
- (39) Finished request
- Waking up in 3.9 seconds.
- (40) Received Access-Request Id 64 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (40) User-Name = "vkratsberg"
- (40) NAS-Port = 358
- (40) State = 0xd94a21ebdb6238803fe1fad5c137f9e3
- (40) EAP-Message = 0x0228002b19001703010020773cc9805b18798fe3de00c196f3a700b45134a4355e7ae3f69bf268e29f8b50
- (40) Message-Authenticator = 0xef262f4afadf5b754535fd912df96c42
- (40) Acct-Session-Id = "8O2.1x81bb083b00097270"
- (40) NAS-Port-Id = "ge-3/0/6.0"
- (40) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (40) Called-Station-Id = "ec-3e-f7-68-35-00"
- (40) NAS-IP-Address = 10.8.0.111
- (40) NAS-Identifier = "nyc-access-sw011"
- (40) NAS-Port-Type = Ethernet
- (40) session-state: No cached attributes
- (40) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (40) authorize {
- (40) policy filter_username {
- (40) if (&User-Name) {
- (40) if (&User-Name) -> TRUE
- (40) if (&User-Name) {
- (40) if (&User-Name =~ / /) {
- (40) if (&User-Name =~ / /) -> FALSE
- (40) if (&User-Name =~ /@[^@]*@/ ) {
- (40) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (40) if (&User-Name =~ /\.\./ ) {
- (40) if (&User-Name =~ /\.\./ ) -> FALSE
- (40) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (40) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (40) if (&User-Name =~ /\.$/) {
- (40) if (&User-Name =~ /\.$/) -> FALSE
- (40) if (&User-Name =~ /@\./) {
- (40) if (&User-Name =~ /@\./) -> FALSE
- (40) } # if (&User-Name) = notfound
- (40) } # policy filter_username = notfound
- (40) [preprocess] = ok
- (40) [chap] = noop
- (40) [mschap] = noop
- (40) [digest] = noop
- (40) suffix: Checking for suffix after "@"
- (40) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (40) suffix: No such realm "NULL"
- (40) [suffix] = noop
- (40) eap: Peer sent EAP Response (code 2) ID 40 length 43
- (40) eap: Continuing tunnel setup
- (40) [eap] = ok
- (40) } # authorize = ok
- (40) Found Auth-Type = eap
- (40) # Executing group from file /etc/raddb/sites-enabled/default
- (40) authenticate {
- (40) eap: Expiring EAP session with state 0xd94a21ebdb623880
- (40) eap: Finished EAP session with state 0xd94a21ebdb623880
- (40) eap: Previous EAP request found for state 0xd94a21ebdb623880, released from the list
- (40) eap: Peer sent packet with method EAP PEAP (25)
- (40) eap: Calling submodule eap_peap to process data
- (40) eap_peap: Continuing EAP-TLS
- (40) eap_peap: [eaptls verify] = ok
- (40) eap_peap: Done initial handshake
- (40) eap_peap: [eaptls process] = ok
- (40) eap_peap: Session established. Decoding tunneled attributes
- (40) eap_peap: PEAP state send tlv success
- (40) eap_peap: Received EAP-TLV response
- (40) eap_peap: Success
- (40) eap_peap: No saved attributes in the original Access-Accept
- (40) eap: Sending EAP Success (code 3) ID 40 length 4
- (40) eap: Freeing handler
- (40) [eap] = ok
- (40) } # authenticate = ok
- (40) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (40) post-auth {
- (40) update {
- (40) No attributes updated
- (40) } # update = noop
- (40) [exec] = noop
- (40) policy remove_reply_message_if_eap {
- (40) if (&reply:EAP-Message && &reply:Reply-Message) {
- (40) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (40) else {
- (40) [noop] = noop
- (40) } # else = noop
- (40) } # policy remove_reply_message_if_eap = noop
- (40) } # post-auth = noop
- (40) Sent Access-Accept Id 64 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (40) MS-MPPE-Recv-Key = 0x8ba8be7239870a948090e1d4fe2dfc015812a70499aad70beb78b44035ea4c71
- (40) MS-MPPE-Send-Key = 0x782a5adfc0c19ef22e5859561e975f1cce0b9660d6f8e7d99ef39211195b10fe
- (40) EAP-Message = 0x03280004
- (40) Message-Authenticator = 0x00000000000000000000000000000000
- (40) User-Name = "vkratsberg"
- (40) Finished request
- Waking up in 3.9 seconds.
- (41) Received Access-Request Id 65 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (41) User-Name = "vkratsberg"
- (41) NAS-Port = 358
- (41) EAP-Message = 0x0229000f01766b7261747362657267
- (41) Message-Authenticator = 0x982eddbf2c06a631fd431d25ef55f2e4
- (41) Acct-Session-Id = "8O2.1x81bb083c000b19ff"
- (41) NAS-Port-Id = "ge-3/0/6.0"
- (41) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (41) Called-Station-Id = "ec-3e-f7-68-35-00"
- (41) NAS-IP-Address = 10.8.0.111
- (41) NAS-Identifier = "nyc-access-sw011"
- (41) NAS-Port-Type = Ethernet
- (41) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (41) authorize {
- (41) policy filter_username {
- (41) if (&User-Name) {
- (41) if (&User-Name) -> TRUE
- (41) if (&User-Name) {
- (41) if (&User-Name =~ / /) {
- (41) if (&User-Name =~ / /) -> FALSE
- (41) if (&User-Name =~ /@[^@]*@/ ) {
- (41) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (41) if (&User-Name =~ /\.\./ ) {
- (41) if (&User-Name =~ /\.\./ ) -> FALSE
- (41) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (41) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (41) if (&User-Name =~ /\.$/) {
- (41) if (&User-Name =~ /\.$/) -> FALSE
- (41) if (&User-Name =~ /@\./) {
- (41) if (&User-Name =~ /@\./) -> FALSE
- (41) } # if (&User-Name) = notfound
- (41) } # policy filter_username = notfound
- (41) [preprocess] = ok
- (41) [chap] = noop
- (41) [mschap] = noop
- (41) [digest] = noop
- (41) suffix: Checking for suffix after "@"
- (41) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (41) suffix: No such realm "NULL"
- (41) [suffix] = noop
- (41) eap: Peer sent EAP Response (code 2) ID 41 length 15
- (41) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (41) [eap] = ok
- (41) } # authorize = ok
- (41) Found Auth-Type = eap
- (41) # Executing group from file /etc/raddb/sites-enabled/default
- (41) authenticate {
- (41) eap: Peer sent packet with method EAP Identity (1)
- (41) eap: Calling submodule eap_peap to process data
- (41) eap_peap: Initiating new EAP-TLS session
- (41) eap_peap: [eaptls start] = request
- (41) eap: Sending EAP Request (code 1) ID 42 length 6
- (41) eap: EAP session adding &reply:State = 0x28f6c84028dcd184
- (41) [eap] = handled
- (41) } # authenticate = handled
- (41) Using Post-Auth-Type Challenge
- (41) Post-Auth-Type sub-section not found. Ignoring.
- (41) # Executing group from file /etc/raddb/sites-enabled/default
- (41) Sent Access-Challenge Id 65 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (41) EAP-Message = 0x012a00061920
- (41) Message-Authenticator = 0x00000000000000000000000000000000
- (41) State = 0x28f6c84028dcd18478d8424bff74335c
- (41) Finished request
- Waking up in 3.9 seconds.
- (42) Received Access-Request Id 66 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (42) User-Name = "vkratsberg"
- (42) NAS-Port = 358
- (42) State = 0x28f6c84028dcd18478d8424bff74335c
- (42) EAP-Message = 0x022a00a31980000000991603010094010000900301573f503ca9da0f4f63ae81042fc7ff9561e4e4fcf1e4fef49ac13443146f75a920274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (42) Message-Authenticator = 0x1e764b9a0b6c28174f2d473a36dbc8ee
- (42) Acct-Session-Id = "8O2.1x81bb083c000b19ff"
- (42) NAS-Port-Id = "ge-3/0/6.0"
- (42) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (42) Called-Station-Id = "ec-3e-f7-68-35-00"
- (42) NAS-IP-Address = 10.8.0.111
- (42) NAS-Identifier = "nyc-access-sw011"
- (42) NAS-Port-Type = Ethernet
- (42) session-state: No cached attributes
- (42) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (42) authorize {
- (42) policy filter_username {
- (42) if (&User-Name) {
- (42) if (&User-Name) -> TRUE
- (42) if (&User-Name) {
- (42) if (&User-Name =~ / /) {
- (42) if (&User-Name =~ / /) -> FALSE
- (42) if (&User-Name =~ /@[^@]*@/ ) {
- (42) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (42) if (&User-Name =~ /\.\./ ) {
- (42) if (&User-Name =~ /\.\./ ) -> FALSE
- (42) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (42) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (42) if (&User-Name =~ /\.$/) {
- (42) if (&User-Name =~ /\.$/) -> FALSE
- (42) if (&User-Name =~ /@\./) {
- (42) if (&User-Name =~ /@\./) -> FALSE
- (42) } # if (&User-Name) = notfound
- (42) } # policy filter_username = notfound
- (42) [preprocess] = ok
- (42) [chap] = noop
- (42) [mschap] = noop
- (42) [digest] = noop
- (42) suffix: Checking for suffix after "@"
- (42) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (42) suffix: No such realm "NULL"
- (42) [suffix] = noop
- (42) eap: Peer sent EAP Response (code 2) ID 42 length 163
- (42) eap: Continuing tunnel setup
- (42) [eap] = ok
- (42) } # authorize = ok
- (42) Found Auth-Type = eap
- (42) # Executing group from file /etc/raddb/sites-enabled/default
- (42) authenticate {
- (42) eap: Expiring EAP session with state 0x28f6c84028dcd184
- (42) eap: Finished EAP session with state 0x28f6c84028dcd184
- (42) eap: Previous EAP request found for state 0x28f6c84028dcd184, released from the list
- (42) eap: Peer sent packet with method EAP PEAP (25)
- (42) eap: Calling submodule eap_peap to process data
- (42) eap_peap: Continuing EAP-TLS
- (42) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (42) eap_peap: Got complete TLS record (153 bytes)
- (42) eap_peap: [eaptls verify] = length included
- (42) eap_peap: (other): before/accept initialization
- (42) eap_peap: TLS_accept: before/accept initialization
- (42) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (42) eap_peap: TLS_accept: SSLv3 read client hello A
- (42) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (42) eap_peap: TLS_accept: SSLv3 write server hello A
- (42) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (42) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (42) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (42) eap_peap: TLS_accept: SSLv3 write finished A
- (42) eap_peap: TLS_accept: SSLv3 flush data
- (42) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (42) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (42) eap_peap: In SSL Handshake Phase
- (42) eap_peap: In SSL Accept mode
- (42) eap_peap: [eaptls process] = handled
- (42) eap: Sending EAP Request (code 1) ID 43 length 159
- (42) eap: EAP session adding &reply:State = 0x28f6c84029ddd184
- (42) [eap] = handled
- (42) } # authenticate = handled
- (42) Using Post-Auth-Type Challenge
- (42) Post-Auth-Type sub-section not found. Ignoring.
- (42) # Executing group from file /etc/raddb/sites-enabled/default
- (42) Sent Access-Challenge Id 66 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (42) EAP-Message = 0x012b009f19001603010059020000550301573f503ca79299873855e6d654097db8cfa04372c8f3815b929974d973c29a1b20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030f9e67d83a81cd6c9
- (42) Message-Authenticator = 0x00000000000000000000000000000000
- (42) State = 0x28f6c84029ddd18478d8424bff74335c
- (42) Finished request
- Waking up in 3.8 seconds.
- (43) Received Access-Request Id 67 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (43) User-Name = "vkratsberg"
- (43) NAS-Port = 358
- (43) State = 0x28f6c84029ddd18478d8424bff74335c
- (43) EAP-Message = 0x022b004519800000003b14030100010116030100304bfc6b34724ac03a73bbc846e7046d9fe4de548a27d56abf28d5a4e4080f2981927ae891be76c44b71e32bebb82524a0
- (43) Message-Authenticator = 0x119d734eabeec4f55f2a22a4a1f9af00
- (43) Acct-Session-Id = "8O2.1x81bb083c000b19ff"
- (43) NAS-Port-Id = "ge-3/0/6.0"
- (43) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (43) Called-Station-Id = "ec-3e-f7-68-35-00"
- (43) NAS-IP-Address = 10.8.0.111
- (43) NAS-Identifier = "nyc-access-sw011"
- (43) NAS-Port-Type = Ethernet
- (43) session-state: No cached attributes
- (43) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (43) authorize {
- (43) policy filter_username {
- (43) if (&User-Name) {
- (43) if (&User-Name) -> TRUE
- (43) if (&User-Name) {
- (43) if (&User-Name =~ / /) {
- (43) if (&User-Name =~ / /) -> FALSE
- (43) if (&User-Name =~ /@[^@]*@/ ) {
- (43) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (43) if (&User-Name =~ /\.\./ ) {
- (43) if (&User-Name =~ /\.\./ ) -> FALSE
- (43) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (43) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (43) if (&User-Name =~ /\.$/) {
- (43) if (&User-Name =~ /\.$/) -> FALSE
- (43) if (&User-Name =~ /@\./) {
- (43) if (&User-Name =~ /@\./) -> FALSE
- (43) } # if (&User-Name) = notfound
- (43) } # policy filter_username = notfound
- (43) [preprocess] = ok
- (43) [chap] = noop
- (43) [mschap] = noop
- (43) [digest] = noop
- (43) suffix: Checking for suffix after "@"
- (43) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (43) suffix: No such realm "NULL"
- (43) [suffix] = noop
- (43) eap: Peer sent EAP Response (code 2) ID 43 length 69
- (43) eap: Continuing tunnel setup
- (43) [eap] = ok
- (43) } # authorize = ok
- (43) Found Auth-Type = eap
- (43) # Executing group from file /etc/raddb/sites-enabled/default
- (43) authenticate {
- (43) eap: Expiring EAP session with state 0x28f6c84029ddd184
- (43) eap: Finished EAP session with state 0x28f6c84029ddd184
- (43) eap: Previous EAP request found for state 0x28f6c84029ddd184, released from the list
- (43) eap: Peer sent packet with method EAP PEAP (25)
- (43) eap: Calling submodule eap_peap to process data
- (43) eap_peap: Continuing EAP-TLS
- (43) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (43) eap_peap: Got complete TLS record (59 bytes)
- (43) eap_peap: [eaptls verify] = length included
- (43) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (43) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (43) eap_peap: TLS_accept: SSLv3 read finished A
- (43) eap_peap: (other): SSL negotiation finished successfully
- (43) eap_peap: SSL Connection Established
- (43) eap_peap: SSL Application Data
- (43) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (43) eap_peap: reply:User-Name = "vkratsberg"
- (43) eap_peap: [eaptls process] = success
- (43) eap_peap: Session established. Decoding tunneled attributes
- (43) eap_peap: PEAP state TUNNEL ESTABLISHED
- (43) eap_peap: Skipping Phase2 because of session resumption
- (43) eap_peap: SUCCESS
- (43) eap: Sending EAP Request (code 1) ID 44 length 43
- (43) eap: EAP session adding &reply:State = 0x28f6c8402adad184
- (43) [eap] = handled
- (43) } # authenticate = handled
- (43) Using Post-Auth-Type Challenge
- (43) Post-Auth-Type sub-section not found. Ignoring.
- (43) # Executing group from file /etc/raddb/sites-enabled/default
- (43) Sent Access-Challenge Id 67 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (43) User-Name = "vkratsberg"
- (43) EAP-Message = 0x012c002b1900170301002048ecf6f58e06020286b2623fa722454a1644bcf4f0e9eacadce21082f5883c3a
- (43) Message-Authenticator = 0x00000000000000000000000000000000
- (43) State = 0x28f6c8402adad18478d8424bff74335c
- (43) Finished request
- Waking up in 3.8 seconds.
- (44) Received Access-Request Id 68 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (44) User-Name = "vkratsberg"
- (44) NAS-Port = 358
- (44) State = 0x28f6c8402adad18478d8424bff74335c
- (44) EAP-Message = 0x022c002b1900170301002028709ee949af9b9063878c3048d7a090fb626e6b6ff73a2cef1eb075de052a35
- (44) Message-Authenticator = 0xbd8d03c29db9d7e1a2bf94ddf7ad17e9
- (44) Acct-Session-Id = "8O2.1x81bb083c000b19ff"
- (44) NAS-Port-Id = "ge-3/0/6.0"
- (44) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (44) Called-Station-Id = "ec-3e-f7-68-35-00"
- (44) NAS-IP-Address = 10.8.0.111
- (44) NAS-Identifier = "nyc-access-sw011"
- (44) NAS-Port-Type = Ethernet
- (44) session-state: No cached attributes
- (44) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (44) authorize {
- (44) policy filter_username {
- (44) if (&User-Name) {
- (44) if (&User-Name) -> TRUE
- (44) if (&User-Name) {
- (44) if (&User-Name =~ / /) {
- (44) if (&User-Name =~ / /) -> FALSE
- (44) if (&User-Name =~ /@[^@]*@/ ) {
- (44) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (44) if (&User-Name =~ /\.\./ ) {
- (44) if (&User-Name =~ /\.\./ ) -> FALSE
- (44) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (44) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (44) if (&User-Name =~ /\.$/) {
- (44) if (&User-Name =~ /\.$/) -> FALSE
- (44) if (&User-Name =~ /@\./) {
- (44) if (&User-Name =~ /@\./) -> FALSE
- (44) } # if (&User-Name) = notfound
- (44) } # policy filter_username = notfound
- (44) [preprocess] = ok
- (44) [chap] = noop
- (44) [mschap] = noop
- (44) [digest] = noop
- (44) suffix: Checking for suffix after "@"
- (44) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (44) suffix: No such realm "NULL"
- (44) [suffix] = noop
- (44) eap: Peer sent EAP Response (code 2) ID 44 length 43
- (44) eap: Continuing tunnel setup
- (44) [eap] = ok
- (44) } # authorize = ok
- (44) Found Auth-Type = eap
- (44) # Executing group from file /etc/raddb/sites-enabled/default
- (44) authenticate {
- (44) eap: Expiring EAP session with state 0x28f6c8402adad184
- (44) eap: Finished EAP session with state 0x28f6c8402adad184
- (44) eap: Previous EAP request found for state 0x28f6c8402adad184, released from the list
- (44) eap: Peer sent packet with method EAP PEAP (25)
- (44) eap: Calling submodule eap_peap to process data
- (44) eap_peap: Continuing EAP-TLS
- (44) eap_peap: [eaptls verify] = ok
- (44) eap_peap: Done initial handshake
- (44) eap_peap: [eaptls process] = ok
- (44) eap_peap: Session established. Decoding tunneled attributes
- (44) eap_peap: PEAP state send tlv success
- (44) eap_peap: Received EAP-TLV response
- (44) eap_peap: Success
- (44) eap_peap: No saved attributes in the original Access-Accept
- (44) eap: Sending EAP Success (code 3) ID 44 length 4
- (44) eap: Freeing handler
- (44) [eap] = ok
- (44) } # authenticate = ok
- (44) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (44) post-auth {
- (44) update {
- (44) No attributes updated
- (44) } # update = noop
- (44) [exec] = noop
- (44) policy remove_reply_message_if_eap {
- (44) if (&reply:EAP-Message && &reply:Reply-Message) {
- (44) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (44) else {
- (44) [noop] = noop
- (44) } # else = noop
- (44) } # policy remove_reply_message_if_eap = noop
- (44) } # post-auth = noop
- (44) Sent Access-Accept Id 68 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (44) MS-MPPE-Recv-Key = 0x8b48fbeec5aae61ac123a735851f443710b8fd9637f0a202345d6f914104f9a9
- (44) MS-MPPE-Send-Key = 0xae3b1b79acbe204acae5e2b4352209681417f5a0f1715e3cf5cee9d668015dd0
- (44) EAP-Message = 0x032c0004
- (44) Message-Authenticator = 0x00000000000000000000000000000000
- (44) User-Name = "vkratsberg"
- (44) Finished request
- Waking up in 3.8 seconds.
- (45) Received Access-Request Id 69 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (45) User-Name = "vkratsberg"
- (45) NAS-Port = 358
- (45) EAP-Message = 0x022d000f01766b7261747362657267
- (45) Message-Authenticator = 0x8fcea9c4b8db459435a50a35b687a6c6
- (45) Acct-Session-Id = "8O2.1x81bb083d000cb970"
- (45) NAS-Port-Id = "ge-3/0/6.0"
- (45) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (45) Called-Station-Id = "ec-3e-f7-68-35-00"
- (45) NAS-IP-Address = 10.8.0.111
- (45) NAS-Identifier = "nyc-access-sw011"
- (45) NAS-Port-Type = Ethernet
- (45) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (45) authorize {
- (45) policy filter_username {
- (45) if (&User-Name) {
- (45) if (&User-Name) -> TRUE
- (45) if (&User-Name) {
- (45) if (&User-Name =~ / /) {
- (45) if (&User-Name =~ / /) -> FALSE
- (45) if (&User-Name =~ /@[^@]*@/ ) {
- (45) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (45) if (&User-Name =~ /\.\./ ) {
- (45) if (&User-Name =~ /\.\./ ) -> FALSE
- (45) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (45) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (45) if (&User-Name =~ /\.$/) {
- (45) if (&User-Name =~ /\.$/) -> FALSE
- (45) if (&User-Name =~ /@\./) {
- (45) if (&User-Name =~ /@\./) -> FALSE
- (45) } # if (&User-Name) = notfound
- (45) } # policy filter_username = notfound
- (45) [preprocess] = ok
- (45) [chap] = noop
- (45) [mschap] = noop
- (45) [digest] = noop
- (45) suffix: Checking for suffix after "@"
- (45) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (45) suffix: No such realm "NULL"
- (45) [suffix] = noop
- (45) eap: Peer sent EAP Response (code 2) ID 45 length 15
- (45) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (45) [eap] = ok
- (45) } # authorize = ok
- (45) Found Auth-Type = eap
- (45) # Executing group from file /etc/raddb/sites-enabled/default
- (45) authenticate {
- (45) eap: Peer sent packet with method EAP Identity (1)
- (45) eap: Calling submodule eap_peap to process data
- (45) eap_peap: Initiating new EAP-TLS session
- (45) eap_peap: [eaptls start] = request
- (45) eap: Sending EAP Request (code 1) ID 46 length 6
- (45) eap: EAP session adding &reply:State = 0x69e7c57269c9dc73
- (45) [eap] = handled
- (45) } # authenticate = handled
- (45) Using Post-Auth-Type Challenge
- (45) Post-Auth-Type sub-section not found. Ignoring.
- (45) # Executing group from file /etc/raddb/sites-enabled/default
- (45) Sent Access-Challenge Id 69 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (45) EAP-Message = 0x012e00061920
- (45) Message-Authenticator = 0x00000000000000000000000000000000
- (45) State = 0x69e7c57269c9dc735a60f4e51e72f69e
- (45) Finished request
- Waking up in 3.7 seconds.
- (46) Received Access-Request Id 70 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (46) User-Name = "vkratsberg"
- (46) NAS-Port = 358
- (46) State = 0x69e7c57269c9dc735a60f4e51e72f69e
- (46) EAP-Message = 0x022e00a31980000000991603010094010000900301573f503c113a97f0901dacc6010fd744944e7b4bbd6c2c34db737b39faeae3f920274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (46) Message-Authenticator = 0xe9a284e74cb375a00b41089d3b790a04
- (46) Acct-Session-Id = "8O2.1x81bb083d000cb970"
- (46) NAS-Port-Id = "ge-3/0/6.0"
- (46) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (46) Called-Station-Id = "ec-3e-f7-68-35-00"
- (46) NAS-IP-Address = 10.8.0.111
- (46) NAS-Identifier = "nyc-access-sw011"
- (46) NAS-Port-Type = Ethernet
- (46) session-state: No cached attributes
- (46) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (46) authorize {
- (46) policy filter_username {
- (46) if (&User-Name) {
- (46) if (&User-Name) -> TRUE
- (46) if (&User-Name) {
- (46) if (&User-Name =~ / /) {
- (46) if (&User-Name =~ / /) -> FALSE
- (46) if (&User-Name =~ /@[^@]*@/ ) {
- (46) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (46) if (&User-Name =~ /\.\./ ) {
- (46) if (&User-Name =~ /\.\./ ) -> FALSE
- (46) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (46) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (46) if (&User-Name =~ /\.$/) {
- (46) if (&User-Name =~ /\.$/) -> FALSE
- (46) if (&User-Name =~ /@\./) {
- (46) if (&User-Name =~ /@\./) -> FALSE
- (46) } # if (&User-Name) = notfound
- (46) } # policy filter_username = notfound
- (46) [preprocess] = ok
- (46) [chap] = noop
- (46) [mschap] = noop
- (46) [digest] = noop
- (46) suffix: Checking for suffix after "@"
- (46) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (46) suffix: No such realm "NULL"
- (46) [suffix] = noop
- (46) eap: Peer sent EAP Response (code 2) ID 46 length 163
- (46) eap: Continuing tunnel setup
- (46) [eap] = ok
- (46) } # authorize = ok
- (46) Found Auth-Type = eap
- (46) # Executing group from file /etc/raddb/sites-enabled/default
- (46) authenticate {
- (46) eap: Expiring EAP session with state 0x69e7c57269c9dc73
- (46) eap: Finished EAP session with state 0x69e7c57269c9dc73
- (46) eap: Previous EAP request found for state 0x69e7c57269c9dc73, released from the list
- (46) eap: Peer sent packet with method EAP PEAP (25)
- (46) eap: Calling submodule eap_peap to process data
- (46) eap_peap: Continuing EAP-TLS
- (46) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (46) eap_peap: Got complete TLS record (153 bytes)
- (46) eap_peap: [eaptls verify] = length included
- (46) eap_peap: (other): before/accept initialization
- (46) eap_peap: TLS_accept: before/accept initialization
- (46) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (46) eap_peap: TLS_accept: SSLv3 read client hello A
- (46) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (46) eap_peap: TLS_accept: SSLv3 write server hello A
- (46) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (46) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (46) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (46) eap_peap: TLS_accept: SSLv3 write finished A
- (46) eap_peap: TLS_accept: SSLv3 flush data
- (46) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (46) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (46) eap_peap: In SSL Handshake Phase
- (46) eap_peap: In SSL Accept mode
- (46) eap_peap: [eaptls process] = handled
- (46) eap: Sending EAP Request (code 1) ID 47 length 159
- (46) eap: EAP session adding &reply:State = 0x69e7c57268c8dc73
- (46) [eap] = handled
- (46) } # authenticate = handled
- (46) Using Post-Auth-Type Challenge
- (46) Post-Auth-Type sub-section not found. Ignoring.
- (46) # Executing group from file /etc/raddb/sites-enabled/default
- (46) Sent Access-Challenge Id 70 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (46) EAP-Message = 0x012f009f19001603010059020000550301573f503c569b425e4b92c1aa3a74f2a3f111c5c11944c210d0a727fd011dc70d20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030f2057e6d738dd2c3
- (46) Message-Authenticator = 0x00000000000000000000000000000000
- (46) State = 0x69e7c57268c8dc735a60f4e51e72f69e
- (46) Finished request
- Waking up in 3.7 seconds.
- (47) Received Access-Request Id 71 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (47) User-Name = "vkratsberg"
- (47) NAS-Port = 358
- (47) State = 0x69e7c57268c8dc735a60f4e51e72f69e
- (47) EAP-Message = 0x022f004519800000003b140301000101160301003028374707ab6cb4ca6a8caac62f916c21ff0e36f92590eff947364aa1bc7d1c382542a71a5a3f1ce5398012940467d8d2
- (47) Message-Authenticator = 0x5dfc3f303d950cb2fa177128f40b767d
- (47) Acct-Session-Id = "8O2.1x81bb083d000cb970"
- (47) NAS-Port-Id = "ge-3/0/6.0"
- (47) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (47) Called-Station-Id = "ec-3e-f7-68-35-00"
- (47) NAS-IP-Address = 10.8.0.111
- (47) NAS-Identifier = "nyc-access-sw011"
- (47) NAS-Port-Type = Ethernet
- (47) session-state: No cached attributes
- (47) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (47) authorize {
- (47) policy filter_username {
- (47) if (&User-Name) {
- (47) if (&User-Name) -> TRUE
- (47) if (&User-Name) {
- (47) if (&User-Name =~ / /) {
- (47) if (&User-Name =~ / /) -> FALSE
- (47) if (&User-Name =~ /@[^@]*@/ ) {
- (47) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (47) if (&User-Name =~ /\.\./ ) {
- (47) if (&User-Name =~ /\.\./ ) -> FALSE
- (47) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (47) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (47) if (&User-Name =~ /\.$/) {
- (47) if (&User-Name =~ /\.$/) -> FALSE
- (47) if (&User-Name =~ /@\./) {
- (47) if (&User-Name =~ /@\./) -> FALSE
- (47) } # if (&User-Name) = notfound
- (47) } # policy filter_username = notfound
- (47) [preprocess] = ok
- (47) [chap] = noop
- (47) [mschap] = noop
- (47) [digest] = noop
- (47) suffix: Checking for suffix after "@"
- (47) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (47) suffix: No such realm "NULL"
- (47) [suffix] = noop
- (47) eap: Peer sent EAP Response (code 2) ID 47 length 69
- (47) eap: Continuing tunnel setup
- (47) [eap] = ok
- (47) } # authorize = ok
- (47) Found Auth-Type = eap
- (47) # Executing group from file /etc/raddb/sites-enabled/default
- (47) authenticate {
- (47) eap: Expiring EAP session with state 0x69e7c57268c8dc73
- (47) eap: Finished EAP session with state 0x69e7c57268c8dc73
- (47) eap: Previous EAP request found for state 0x69e7c57268c8dc73, released from the list
- (47) eap: Peer sent packet with method EAP PEAP (25)
- (47) eap: Calling submodule eap_peap to process data
- (47) eap_peap: Continuing EAP-TLS
- (47) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (47) eap_peap: Got complete TLS record (59 bytes)
- (47) eap_peap: [eaptls verify] = length included
- (47) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (47) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (47) eap_peap: TLS_accept: SSLv3 read finished A
- (47) eap_peap: (other): SSL negotiation finished successfully
- (47) eap_peap: SSL Connection Established
- (47) eap_peap: SSL Application Data
- (47) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (47) eap_peap: reply:User-Name = "vkratsberg"
- (47) eap_peap: [eaptls process] = success
- (47) eap_peap: Session established. Decoding tunneled attributes
- (47) eap_peap: PEAP state TUNNEL ESTABLISHED
- (47) eap_peap: Skipping Phase2 because of session resumption
- (47) eap_peap: SUCCESS
- (47) eap: Sending EAP Request (code 1) ID 48 length 43
- (47) eap: EAP session adding &reply:State = 0x69e7c5726bd7dc73
- (47) [eap] = handled
- (47) } # authenticate = handled
- (47) Using Post-Auth-Type Challenge
- (47) Post-Auth-Type sub-section not found. Ignoring.
- (47) # Executing group from file /etc/raddb/sites-enabled/default
- (47) Sent Access-Challenge Id 71 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (47) User-Name = "vkratsberg"
- (47) EAP-Message = 0x0130002b1900170301002054deb532970d49cd887e7121556130766081448a9519e38ef64fda758587c40b
- (47) Message-Authenticator = 0x00000000000000000000000000000000
- (47) State = 0x69e7c5726bd7dc735a60f4e51e72f69e
- (47) Finished request
- Waking up in 3.7 seconds.
- (48) Received Access-Request Id 72 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (48) User-Name = "vkratsberg"
- (48) NAS-Port = 358
- (48) State = 0x69e7c5726bd7dc735a60f4e51e72f69e
- (48) EAP-Message = 0x0230002b19001703010020bad22967f18ed2b651ec95c5d1b223f5ffe3afcc607273204faa6319a3b8b829
- (48) Message-Authenticator = 0x828a7d6815f2297b499909ad42776c2c
- (48) Acct-Session-Id = "8O2.1x81bb083d000cb970"
- (48) NAS-Port-Id = "ge-3/0/6.0"
- (48) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (48) Called-Station-Id = "ec-3e-f7-68-35-00"
- (48) NAS-IP-Address = 10.8.0.111
- (48) NAS-Identifier = "nyc-access-sw011"
- (48) NAS-Port-Type = Ethernet
- (48) session-state: No cached attributes
- (48) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (48) authorize {
- (48) policy filter_username {
- (48) if (&User-Name) {
- (48) if (&User-Name) -> TRUE
- (48) if (&User-Name) {
- (48) if (&User-Name =~ / /) {
- (48) if (&User-Name =~ / /) -> FALSE
- (48) if (&User-Name =~ /@[^@]*@/ ) {
- (48) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (48) if (&User-Name =~ /\.\./ ) {
- (48) if (&User-Name =~ /\.\./ ) -> FALSE
- (48) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (48) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (48) if (&User-Name =~ /\.$/) {
- (48) if (&User-Name =~ /\.$/) -> FALSE
- (48) if (&User-Name =~ /@\./) {
- (48) if (&User-Name =~ /@\./) -> FALSE
- (48) } # if (&User-Name) = notfound
- (48) } # policy filter_username = notfound
- (48) [preprocess] = ok
- (48) [chap] = noop
- (48) [mschap] = noop
- (48) [digest] = noop
- (48) suffix: Checking for suffix after "@"
- (48) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (48) suffix: No such realm "NULL"
- (48) [suffix] = noop
- (48) eap: Peer sent EAP Response (code 2) ID 48 length 43
- (48) eap: Continuing tunnel setup
- (48) [eap] = ok
- (48) } # authorize = ok
- (48) Found Auth-Type = eap
- (48) # Executing group from file /etc/raddb/sites-enabled/default
- (48) authenticate {
- (48) eap: Expiring EAP session with state 0x69e7c5726bd7dc73
- (48) eap: Finished EAP session with state 0x69e7c5726bd7dc73
- (48) eap: Previous EAP request found for state 0x69e7c5726bd7dc73, released from the list
- (48) eap: Peer sent packet with method EAP PEAP (25)
- (48) eap: Calling submodule eap_peap to process data
- (48) eap_peap: Continuing EAP-TLS
- (48) eap_peap: [eaptls verify] = ok
- (48) eap_peap: Done initial handshake
- (48) eap_peap: [eaptls process] = ok
- (48) eap_peap: Session established. Decoding tunneled attributes
- (48) eap_peap: PEAP state send tlv success
- (48) eap_peap: Received EAP-TLV response
- (48) eap_peap: Success
- (48) eap_peap: No saved attributes in the original Access-Accept
- (48) eap: Sending EAP Success (code 3) ID 48 length 4
- (48) eap: Freeing handler
- (48) [eap] = ok
- (48) } # authenticate = ok
- (48) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (48) post-auth {
- (48) update {
- (48) No attributes updated
- (48) } # update = noop
- (48) [exec] = noop
- (48) policy remove_reply_message_if_eap {
- (48) if (&reply:EAP-Message && &reply:Reply-Message) {
- (48) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (48) else {
- (48) [noop] = noop
- (48) } # else = noop
- (48) } # policy remove_reply_message_if_eap = noop
- (48) } # post-auth = noop
- (48) Sent Access-Accept Id 72 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (48) MS-MPPE-Recv-Key = 0x36422e597c51c2e827562d5030f7bf2c74b9bf085f2c41b742b8751e9076f7da
- (48) MS-MPPE-Send-Key = 0x1897a9264730b5a18f82ef7e64cbf74f0e8ed6fe0fa3260b4b7d91f8f211b79d
- (48) EAP-Message = 0x03300004
- (48) Message-Authenticator = 0x00000000000000000000000000000000
- (48) User-Name = "vkratsberg"
- (48) Finished request
- Waking up in 3.7 seconds.
- (49) Received Access-Request Id 73 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (49) User-Name = "vkratsberg"
- (49) NAS-Port = 358
- (49) EAP-Message = 0x0231000f01766b7261747362657267
- (49) Message-Authenticator = 0x3fc590004fe05da7f8b1b055170fd49d
- (49) Acct-Session-Id = "8O2.1x81bb083e000e5717"
- (49) NAS-Port-Id = "ge-3/0/6.0"
- (49) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (49) Called-Station-Id = "ec-3e-f7-68-35-00"
- (49) NAS-IP-Address = 10.8.0.111
- (49) NAS-Identifier = "nyc-access-sw011"
- (49) NAS-Port-Type = Ethernet
- (49) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (49) authorize {
- (49) policy filter_username {
- (49) if (&User-Name) {
- (49) if (&User-Name) -> TRUE
- (49) if (&User-Name) {
- (49) if (&User-Name =~ / /) {
- (49) if (&User-Name =~ / /) -> FALSE
- (49) if (&User-Name =~ /@[^@]*@/ ) {
- (49) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (49) if (&User-Name =~ /\.\./ ) {
- (49) if (&User-Name =~ /\.\./ ) -> FALSE
- (49) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (49) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (49) if (&User-Name =~ /\.$/) {
- (49) if (&User-Name =~ /\.$/) -> FALSE
- (49) if (&User-Name =~ /@\./) {
- (49) if (&User-Name =~ /@\./) -> FALSE
- (49) } # if (&User-Name) = notfound
- (49) } # policy filter_username = notfound
- (49) [preprocess] = ok
- (49) [chap] = noop
- (49) [mschap] = noop
- (49) [digest] = noop
- (49) suffix: Checking for suffix after "@"
- (49) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (49) suffix: No such realm "NULL"
- (49) [suffix] = noop
- (49) eap: Peer sent EAP Response (code 2) ID 49 length 15
- (49) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (49) [eap] = ok
- (49) } # authorize = ok
- (49) Found Auth-Type = eap
- (49) # Executing group from file /etc/raddb/sites-enabled/default
- (49) authenticate {
- (49) eap: Peer sent packet with method EAP Identity (1)
- (49) eap: Calling submodule eap_peap to process data
- (49) eap_peap: Initiating new EAP-TLS session
- (49) eap_peap: [eaptls start] = request
- (49) eap: Sending EAP Request (code 1) ID 50 length 6
- (49) eap: EAP session adding &reply:State = 0x6f633e7e6f5127f5
- (49) [eap] = handled
- (49) } # authenticate = handled
- (49) Using Post-Auth-Type Challenge
- (49) Post-Auth-Type sub-section not found. Ignoring.
- (49) # Executing group from file /etc/raddb/sites-enabled/default
- (49) Sent Access-Challenge Id 73 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (49) EAP-Message = 0x013200061920
- (49) Message-Authenticator = 0x00000000000000000000000000000000
- (49) State = 0x6f633e7e6f5127f595e342c54cee8c47
- (49) Finished request
- Waking up in 3.6 seconds.
- (50) Received Access-Request Id 74 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (50) User-Name = "vkratsberg"
- (50) NAS-Port = 358
- (50) State = 0x6f633e7e6f5127f595e342c54cee8c47
- (50) EAP-Message = 0x023200a31980000000991603010094010000900301573f503ca951f80977707e19bf407a2d1f7e3c3f212cf0891ea75e55c17ca59f20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (50) Message-Authenticator = 0xd031c2d7efd7d75fddc12aee0a297659
- (50) Acct-Session-Id = "8O2.1x81bb083e000e5717"
- (50) NAS-Port-Id = "ge-3/0/6.0"
- (50) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (50) Called-Station-Id = "ec-3e-f7-68-35-00"
- (50) NAS-IP-Address = 10.8.0.111
- (50) NAS-Identifier = "nyc-access-sw011"
- (50) NAS-Port-Type = Ethernet
- (50) session-state: No cached attributes
- (50) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (50) authorize {
- (50) policy filter_username {
- (50) if (&User-Name) {
- (50) if (&User-Name) -> TRUE
- (50) if (&User-Name) {
- (50) if (&User-Name =~ / /) {
- (50) if (&User-Name =~ / /) -> FALSE
- (50) if (&User-Name =~ /@[^@]*@/ ) {
- (50) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (50) if (&User-Name =~ /\.\./ ) {
- (50) if (&User-Name =~ /\.\./ ) -> FALSE
- (50) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (50) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (50) if (&User-Name =~ /\.$/) {
- (50) if (&User-Name =~ /\.$/) -> FALSE
- (50) if (&User-Name =~ /@\./) {
- (50) if (&User-Name =~ /@\./) -> FALSE
- (50) } # if (&User-Name) = notfound
- (50) } # policy filter_username = notfound
- (50) [preprocess] = ok
- (50) [chap] = noop
- (50) [mschap] = noop
- (50) [digest] = noop
- (50) suffix: Checking for suffix after "@"
- (50) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (50) suffix: No such realm "NULL"
- (50) [suffix] = noop
- (50) eap: Peer sent EAP Response (code 2) ID 50 length 163
- (50) eap: Continuing tunnel setup
- (50) [eap] = ok
- (50) } # authorize = ok
- (50) Found Auth-Type = eap
- (50) # Executing group from file /etc/raddb/sites-enabled/default
- (50) authenticate {
- (50) eap: Expiring EAP session with state 0x6f633e7e6f5127f5
- (50) eap: Finished EAP session with state 0x6f633e7e6f5127f5
- (50) eap: Previous EAP request found for state 0x6f633e7e6f5127f5, released from the list
- (50) eap: Peer sent packet with method EAP PEAP (25)
- (50) eap: Calling submodule eap_peap to process data
- (50) eap_peap: Continuing EAP-TLS
- (50) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (50) eap_peap: Got complete TLS record (153 bytes)
- (50) eap_peap: [eaptls verify] = length included
- (50) eap_peap: (other): before/accept initialization
- (50) eap_peap: TLS_accept: before/accept initialization
- (50) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (50) eap_peap: TLS_accept: SSLv3 read client hello A
- (50) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (50) eap_peap: TLS_accept: SSLv3 write server hello A
- (50) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (50) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (50) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (50) eap_peap: TLS_accept: SSLv3 write finished A
- (50) eap_peap: TLS_accept: SSLv3 flush data
- (50) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (50) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (50) eap_peap: In SSL Handshake Phase
- (50) eap_peap: In SSL Accept mode
- (50) eap_peap: [eaptls process] = handled
- (50) eap: Sending EAP Request (code 1) ID 51 length 159
- (50) eap: EAP session adding &reply:State = 0x6f633e7e6e5027f5
- (50) [eap] = handled
- (50) } # authenticate = handled
- (50) Using Post-Auth-Type Challenge
- (50) Post-Auth-Type sub-section not found. Ignoring.
- (50) # Executing group from file /etc/raddb/sites-enabled/default
- (50) Sent Access-Challenge Id 74 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (50) EAP-Message = 0x0133009f19001603010059020000550301573f503ced64496d6c3b684c7b6467dee4e8f5c067bd10710c531b357bee311920274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100308872d4d390cea5bd
- (50) Message-Authenticator = 0x00000000000000000000000000000000
- (50) State = 0x6f633e7e6e5027f595e342c54cee8c47
- (50) Finished request
- Waking up in 3.6 seconds.
- (51) Received Access-Request Id 75 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (51) User-Name = "vkratsberg"
- (51) NAS-Port = 358
- (51) State = 0x6f633e7e6e5027f595e342c54cee8c47
- (51) EAP-Message = 0x0233004519800000003b140301000101160301003008b5b597201ec8f231a594e0f2cdc5faddbd9d6b70f6ebc72efc260f91ad22391342684e1deedb7aba115f87c3c76540
- (51) Message-Authenticator = 0x0bb103b691b1aaa2147849c7ae6fc2b2
- (51) Acct-Session-Id = "8O2.1x81bb083e000e5717"
- (51) NAS-Port-Id = "ge-3/0/6.0"
- (51) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (51) Called-Station-Id = "ec-3e-f7-68-35-00"
- (51) NAS-IP-Address = 10.8.0.111
- (51) NAS-Identifier = "nyc-access-sw011"
- (51) NAS-Port-Type = Ethernet
- (51) session-state: No cached attributes
- (51) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (51) authorize {
- (51) policy filter_username {
- (51) if (&User-Name) {
- (51) if (&User-Name) -> TRUE
- (51) if (&User-Name) {
- (51) if (&User-Name =~ / /) {
- (51) if (&User-Name =~ / /) -> FALSE
- (51) if (&User-Name =~ /@[^@]*@/ ) {
- (51) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (51) if (&User-Name =~ /\.\./ ) {
- (51) if (&User-Name =~ /\.\./ ) -> FALSE
- (51) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (51) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (51) if (&User-Name =~ /\.$/) {
- (51) if (&User-Name =~ /\.$/) -> FALSE
- (51) if (&User-Name =~ /@\./) {
- (51) if (&User-Name =~ /@\./) -> FALSE
- (51) } # if (&User-Name) = notfound
- (51) } # policy filter_username = notfound
- (51) [preprocess] = ok
- (51) [chap] = noop
- (51) [mschap] = noop
- (51) [digest] = noop
- (51) suffix: Checking for suffix after "@"
- (51) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (51) suffix: No such realm "NULL"
- (51) [suffix] = noop
- (51) eap: Peer sent EAP Response (code 2) ID 51 length 69
- (51) eap: Continuing tunnel setup
- (51) [eap] = ok
- (51) } # authorize = ok
- (51) Found Auth-Type = eap
- (51) # Executing group from file /etc/raddb/sites-enabled/default
- (51) authenticate {
- (51) eap: Expiring EAP session with state 0x6f633e7e6e5027f5
- (51) eap: Finished EAP session with state 0x6f633e7e6e5027f5
- (51) eap: Previous EAP request found for state 0x6f633e7e6e5027f5, released from the list
- (51) eap: Peer sent packet with method EAP PEAP (25)
- (51) eap: Calling submodule eap_peap to process data
- (51) eap_peap: Continuing EAP-TLS
- (51) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (51) eap_peap: Got complete TLS record (59 bytes)
- (51) eap_peap: [eaptls verify] = length included
- (51) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (51) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (51) eap_peap: TLS_accept: SSLv3 read finished A
- (51) eap_peap: (other): SSL negotiation finished successfully
- (51) eap_peap: SSL Connection Established
- (51) eap_peap: SSL Application Data
- (51) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (51) eap_peap: reply:User-Name = "vkratsberg"
- (51) eap_peap: [eaptls process] = success
- (51) eap_peap: Session established. Decoding tunneled attributes
- (51) eap_peap: PEAP state TUNNEL ESTABLISHED
- (51) eap_peap: Skipping Phase2 because of session resumption
- (51) eap_peap: SUCCESS
- (51) eap: Sending EAP Request (code 1) ID 52 length 43
- (51) eap: EAP session adding &reply:State = 0x6f633e7e6d5727f5
- (51) [eap] = handled
- (51) } # authenticate = handled
- (51) Using Post-Auth-Type Challenge
- (51) Post-Auth-Type sub-section not found. Ignoring.
- (51) # Executing group from file /etc/raddb/sites-enabled/default
- (51) Sent Access-Challenge Id 75 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (51) User-Name = "vkratsberg"
- (51) EAP-Message = 0x0134002b190017030100203003bbdf9e9548583ef6549dc21ed0b8afeddd74cd271b01393fb2bad11c19cb
- (51) Message-Authenticator = 0x00000000000000000000000000000000
- (51) State = 0x6f633e7e6d5727f595e342c54cee8c47
- (51) Finished request
- Waking up in 3.6 seconds.
- (52) Received Access-Request Id 76 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (52) User-Name = "vkratsberg"
- (52) NAS-Port = 358
- (52) State = 0x6f633e7e6d5727f595e342c54cee8c47
- (52) EAP-Message = 0x0234002b190017030100204d3a9ae0bf63d397c57f589a58e6831fe34b1f72436f372ee8a8e3ab174d2d93
- (52) Message-Authenticator = 0xdbaf34cd0d88c70adb9ba893d922c2e2
- (52) Acct-Session-Id = "8O2.1x81bb083e000e5717"
- (52) NAS-Port-Id = "ge-3/0/6.0"
- (52) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (52) Called-Station-Id = "ec-3e-f7-68-35-00"
- (52) NAS-IP-Address = 10.8.0.111
- (52) NAS-Identifier = "nyc-access-sw011"
- (52) NAS-Port-Type = Ethernet
- (52) session-state: No cached attributes
- (52) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (52) authorize {
- (52) policy filter_username {
- (52) if (&User-Name) {
- (52) if (&User-Name) -> TRUE
- (52) if (&User-Name) {
- (52) if (&User-Name =~ / /) {
- (52) if (&User-Name =~ / /) -> FALSE
- (52) if (&User-Name =~ /@[^@]*@/ ) {
- (52) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (52) if (&User-Name =~ /\.\./ ) {
- (52) if (&User-Name =~ /\.\./ ) -> FALSE
- (52) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (52) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (52) if (&User-Name =~ /\.$/) {
- (52) if (&User-Name =~ /\.$/) -> FALSE
- (52) if (&User-Name =~ /@\./) {
- (52) if (&User-Name =~ /@\./) -> FALSE
- (52) } # if (&User-Name) = notfound
- (52) } # policy filter_username = notfound
- (52) [preprocess] = ok
- (52) [chap] = noop
- (52) [mschap] = noop
- (52) [digest] = noop
- (52) suffix: Checking for suffix after "@"
- (52) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (52) suffix: No such realm "NULL"
- (52) [suffix] = noop
- (52) eap: Peer sent EAP Response (code 2) ID 52 length 43
- (52) eap: Continuing tunnel setup
- (52) [eap] = ok
- (52) } # authorize = ok
- (52) Found Auth-Type = eap
- (52) # Executing group from file /etc/raddb/sites-enabled/default
- (52) authenticate {
- (52) eap: Expiring EAP session with state 0x6f633e7e6d5727f5
- (52) eap: Finished EAP session with state 0x6f633e7e6d5727f5
- (52) eap: Previous EAP request found for state 0x6f633e7e6d5727f5, released from the list
- (52) eap: Peer sent packet with method EAP PEAP (25)
- (52) eap: Calling submodule eap_peap to process data
- (52) eap_peap: Continuing EAP-TLS
- (52) eap_peap: [eaptls verify] = ok
- (52) eap_peap: Done initial handshake
- (52) eap_peap: [eaptls process] = ok
- (52) eap_peap: Session established. Decoding tunneled attributes
- (52) eap_peap: PEAP state send tlv success
- (52) eap_peap: Received EAP-TLV response
- (52) eap_peap: Success
- (52) eap_peap: No saved attributes in the original Access-Accept
- (52) eap: Sending EAP Success (code 3) ID 52 length 4
- (52) eap: Freeing handler
- (52) [eap] = ok
- (52) } # authenticate = ok
- (52) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (52) post-auth {
- (52) update {
- (52) No attributes updated
- (52) } # update = noop
- (52) [exec] = noop
- (52) policy remove_reply_message_if_eap {
- (52) if (&reply:EAP-Message && &reply:Reply-Message) {
- (52) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (52) else {
- (52) [noop] = noop
- (52) } # else = noop
- (52) } # policy remove_reply_message_if_eap = noop
- (52) } # post-auth = noop
- (52) Sent Access-Accept Id 76 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (52) MS-MPPE-Recv-Key = 0x96502c4d1fa9adb2ac01f677ee787c0b9d14fee0a255f2e15e8f1f17dde7e6d1
- (52) MS-MPPE-Send-Key = 0xc0212b9a0cbdfa375c17a2a0fe4922fe15695d2e62709c1b130003f8a2943bb4
- (52) EAP-Message = 0x03340004
- (52) Message-Authenticator = 0x00000000000000000000000000000000
- (52) User-Name = "vkratsberg"
- (52) Finished request
- Waking up in 3.6 seconds.
- (53) Received Access-Request Id 77 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (53) User-Name = "vkratsberg"
- (53) NAS-Port = 358
- (53) EAP-Message = 0x0235000f01766b7261747362657267
- (53) Message-Authenticator = 0x3f615512b1b95cbbc81f2c3e7f04b356
- (53) Acct-Session-Id = "8O2.1x81bb083f00011066"
- (53) NAS-Port-Id = "ge-3/0/6.0"
- (53) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (53) Called-Station-Id = "ec-3e-f7-68-35-00"
- (53) NAS-IP-Address = 10.8.0.111
- (53) NAS-Identifier = "nyc-access-sw011"
- (53) NAS-Port-Type = Ethernet
- (53) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (53) authorize {
- (53) policy filter_username {
- (53) if (&User-Name) {
- (53) if (&User-Name) -> TRUE
- (53) if (&User-Name) {
- (53) if (&User-Name =~ / /) {
- (53) if (&User-Name =~ / /) -> FALSE
- (53) if (&User-Name =~ /@[^@]*@/ ) {
- (53) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (53) if (&User-Name =~ /\.\./ ) {
- (53) if (&User-Name =~ /\.\./ ) -> FALSE
- (53) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (53) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (53) if (&User-Name =~ /\.$/) {
- (53) if (&User-Name =~ /\.$/) -> FALSE
- (53) if (&User-Name =~ /@\./) {
- (53) if (&User-Name =~ /@\./) -> FALSE
- (53) } # if (&User-Name) = notfound
- (53) } # policy filter_username = notfound
- (53) [preprocess] = ok
- (53) [chap] = noop
- (53) [mschap] = noop
- (53) [digest] = noop
- (53) suffix: Checking for suffix after "@"
- (53) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (53) suffix: No such realm "NULL"
- (53) [suffix] = noop
- (53) eap: Peer sent EAP Response (code 2) ID 53 length 15
- (53) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (53) [eap] = ok
- (53) } # authorize = ok
- (53) Found Auth-Type = eap
- (53) # Executing group from file /etc/raddb/sites-enabled/default
- (53) authenticate {
- (53) eap: Peer sent packet with method EAP Identity (1)
- (53) eap: Calling submodule eap_peap to process data
- (53) eap_peap: Initiating new EAP-TLS session
- (53) eap_peap: [eaptls start] = request
- (53) eap: Sending EAP Request (code 1) ID 54 length 6
- (53) eap: EAP session adding &reply:State = 0xc51bd490c52dcdbe
- (53) [eap] = handled
- (53) } # authenticate = handled
- (53) Using Post-Auth-Type Challenge
- (53) Post-Auth-Type sub-section not found. Ignoring.
- (53) # Executing group from file /etc/raddb/sites-enabled/default
- (53) Sent Access-Challenge Id 77 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (53) EAP-Message = 0x013600061920
- (53) Message-Authenticator = 0x00000000000000000000000000000000
- (53) State = 0xc51bd490c52dcdbe742de350fd288f5d
- (53) Finished request
- Waking up in 3.5 seconds.
- (54) Received Access-Request Id 78 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (54) User-Name = "vkratsberg"
- (54) NAS-Port = 358
- (54) State = 0xc51bd490c52dcdbe742de350fd288f5d
- (54) EAP-Message = 0x023600a31980000000991603010094010000900301573f503c89fb06a7118bcc7586796931656be836abcc8ecd7fdb8b161bf37ad020274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (54) Message-Authenticator = 0x5ebb063d4cbf758dd686c5753a938f81
- (54) Acct-Session-Id = "8O2.1x81bb083f00011066"
- (54) NAS-Port-Id = "ge-3/0/6.0"
- (54) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (54) Called-Station-Id = "ec-3e-f7-68-35-00"
- (54) NAS-IP-Address = 10.8.0.111
- (54) NAS-Identifier = "nyc-access-sw011"
- (54) NAS-Port-Type = Ethernet
- (54) session-state: No cached attributes
- (54) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (54) authorize {
- (54) policy filter_username {
- (54) if (&User-Name) {
- (54) if (&User-Name) -> TRUE
- (54) if (&User-Name) {
- (54) if (&User-Name =~ / /) {
- (54) if (&User-Name =~ / /) -> FALSE
- (54) if (&User-Name =~ /@[^@]*@/ ) {
- (54) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (54) if (&User-Name =~ /\.\./ ) {
- (54) if (&User-Name =~ /\.\./ ) -> FALSE
- (54) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (54) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (54) if (&User-Name =~ /\.$/) {
- (54) if (&User-Name =~ /\.$/) -> FALSE
- (54) if (&User-Name =~ /@\./) {
- (54) if (&User-Name =~ /@\./) -> FALSE
- (54) } # if (&User-Name) = notfound
- (54) } # policy filter_username = notfound
- (54) [preprocess] = ok
- (54) [chap] = noop
- (54) [mschap] = noop
- (54) [digest] = noop
- (54) suffix: Checking for suffix after "@"
- (54) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (54) suffix: No such realm "NULL"
- (54) [suffix] = noop
- (54) eap: Peer sent EAP Response (code 2) ID 54 length 163
- (54) eap: Continuing tunnel setup
- (54) [eap] = ok
- (54) } # authorize = ok
- (54) Found Auth-Type = eap
- (54) # Executing group from file /etc/raddb/sites-enabled/default
- (54) authenticate {
- (54) eap: Expiring EAP session with state 0xc51bd490c52dcdbe
- (54) eap: Finished EAP session with state 0xc51bd490c52dcdbe
- (54) eap: Previous EAP request found for state 0xc51bd490c52dcdbe, released from the list
- (54) eap: Peer sent packet with method EAP PEAP (25)
- (54) eap: Calling submodule eap_peap to process data
- (54) eap_peap: Continuing EAP-TLS
- (54) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (54) eap_peap: Got complete TLS record (153 bytes)
- (54) eap_peap: [eaptls verify] = length included
- (54) eap_peap: (other): before/accept initialization
- (54) eap_peap: TLS_accept: before/accept initialization
- (54) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (54) eap_peap: TLS_accept: SSLv3 read client hello A
- (54) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (54) eap_peap: TLS_accept: SSLv3 write server hello A
- (54) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (54) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (54) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (54) eap_peap: TLS_accept: SSLv3 write finished A
- (54) eap_peap: TLS_accept: SSLv3 flush data
- (54) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (54) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (54) eap_peap: In SSL Handshake Phase
- (54) eap_peap: In SSL Accept mode
- (54) eap_peap: [eaptls process] = handled
- (54) eap: Sending EAP Request (code 1) ID 55 length 159
- (54) eap: EAP session adding &reply:State = 0xc51bd490c42ccdbe
- (54) [eap] = handled
- (54) } # authenticate = handled
- (54) Using Post-Auth-Type Challenge
- (54) Post-Auth-Type sub-section not found. Ignoring.
- (54) # Executing group from file /etc/raddb/sites-enabled/default
- (54) Sent Access-Challenge Id 78 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (54) EAP-Message = 0x0137009f19001603010059020000550301573f503dd67ee604be7a8e5c204b8890c0d4fa508b1756881e17b61add9dd86a20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b000403000102140301000101160301003010d584d97f38e401
- (54) Message-Authenticator = 0x00000000000000000000000000000000
- (54) State = 0xc51bd490c42ccdbe742de350fd288f5d
- (54) Finished request
- Waking up in 3.5 seconds.
- (55) Received Access-Request Id 79 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (55) User-Name = "vkratsberg"
- (55) NAS-Port = 358
- (55) State = 0xc51bd490c42ccdbe742de350fd288f5d
- (55) EAP-Message = 0x0237004519800000003b1403010001011603010030bdeaee86741324210f5400334e827acf8c353462d81f9a690f254b873015a4c908d935e790973e4e3f374931914730e8
- (55) Message-Authenticator = 0x17d35da9a5b9467bddcc06a48ccdf764
- (55) Acct-Session-Id = "8O2.1x81bb083f00011066"
- (55) NAS-Port-Id = "ge-3/0/6.0"
- (55) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (55) Called-Station-Id = "ec-3e-f7-68-35-00"
- (55) NAS-IP-Address = 10.8.0.111
- (55) NAS-Identifier = "nyc-access-sw011"
- (55) NAS-Port-Type = Ethernet
- (55) session-state: No cached attributes
- (55) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (55) authorize {
- (55) policy filter_username {
- (55) if (&User-Name) {
- (55) if (&User-Name) -> TRUE
- (55) if (&User-Name) {
- (55) if (&User-Name =~ / /) {
- (55) if (&User-Name =~ / /) -> FALSE
- (55) if (&User-Name =~ /@[^@]*@/ ) {
- (55) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (55) if (&User-Name =~ /\.\./ ) {
- (55) if (&User-Name =~ /\.\./ ) -> FALSE
- (55) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (55) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (55) if (&User-Name =~ /\.$/) {
- (55) if (&User-Name =~ /\.$/) -> FALSE
- (55) if (&User-Name =~ /@\./) {
- (55) if (&User-Name =~ /@\./) -> FALSE
- (55) } # if (&User-Name) = notfound
- (55) } # policy filter_username = notfound
- (55) [preprocess] = ok
- (55) [chap] = noop
- (55) [mschap] = noop
- (55) [digest] = noop
- (55) suffix: Checking for suffix after "@"
- (55) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (55) suffix: No such realm "NULL"
- (55) [suffix] = noop
- (55) eap: Peer sent EAP Response (code 2) ID 55 length 69
- (55) eap: Continuing tunnel setup
- (55) [eap] = ok
- (55) } # authorize = ok
- (55) Found Auth-Type = eap
- (55) # Executing group from file /etc/raddb/sites-enabled/default
- (55) authenticate {
- (55) eap: Expiring EAP session with state 0xc51bd490c42ccdbe
- (55) eap: Finished EAP session with state 0xc51bd490c42ccdbe
- (55) eap: Previous EAP request found for state 0xc51bd490c42ccdbe, released from the list
- (55) eap: Peer sent packet with method EAP PEAP (25)
- (55) eap: Calling submodule eap_peap to process data
- (55) eap_peap: Continuing EAP-TLS
- (55) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (55) eap_peap: Got complete TLS record (59 bytes)
- (55) eap_peap: [eaptls verify] = length included
- (55) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (55) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (55) eap_peap: TLS_accept: SSLv3 read finished A
- (55) eap_peap: (other): SSL negotiation finished successfully
- (55) eap_peap: SSL Connection Established
- (55) eap_peap: SSL Application Data
- (55) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (55) eap_peap: reply:User-Name = "vkratsberg"
- (55) eap_peap: [eaptls process] = success
- (55) eap_peap: Session established. Decoding tunneled attributes
- (55) eap_peap: PEAP state TUNNEL ESTABLISHED
- (55) eap_peap: Skipping Phase2 because of session resumption
- (55) eap_peap: SUCCESS
- (55) eap: Sending EAP Request (code 1) ID 56 length 43
- (55) eap: EAP session adding &reply:State = 0xc51bd490c723cdbe
- (55) [eap] = handled
- (55) } # authenticate = handled
- (55) Using Post-Auth-Type Challenge
- (55) Post-Auth-Type sub-section not found. Ignoring.
- (55) # Executing group from file /etc/raddb/sites-enabled/default
- (55) Sent Access-Challenge Id 79 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (55) User-Name = "vkratsberg"
- (55) EAP-Message = 0x0138002b19001703010020ec6b99411e3f274e0c0fd0e780fe93586f0b4b9e589048caf7a8abb8ce52899f
- (55) Message-Authenticator = 0x00000000000000000000000000000000
- (55) State = 0xc51bd490c723cdbe742de350fd288f5d
- (55) Finished request
- Waking up in 3.5 seconds.
- (56) Received Access-Request Id 80 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (56) User-Name = "vkratsberg"
- (56) NAS-Port = 358
- (56) State = 0xc51bd490c723cdbe742de350fd288f5d
- (56) EAP-Message = 0x0238002b19001703010020a962fcfed2f7f2e766ec709c6d61071ae811afd81c051ffeaed32392d1b84475
- (56) Message-Authenticator = 0xfc7060085e0936c85c7a672bf7d8a8c0
- (56) Acct-Session-Id = "8O2.1x81bb083f00011066"
- (56) NAS-Port-Id = "ge-3/0/6.0"
- (56) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (56) Called-Station-Id = "ec-3e-f7-68-35-00"
- (56) NAS-IP-Address = 10.8.0.111
- (56) NAS-Identifier = "nyc-access-sw011"
- (56) NAS-Port-Type = Ethernet
- (56) session-state: No cached attributes
- (56) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (56) authorize {
- (56) policy filter_username {
- (56) if (&User-Name) {
- (56) if (&User-Name) -> TRUE
- (56) if (&User-Name) {
- (56) if (&User-Name =~ / /) {
- (56) if (&User-Name =~ / /) -> FALSE
- (56) if (&User-Name =~ /@[^@]*@/ ) {
- (56) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (56) if (&User-Name =~ /\.\./ ) {
- (56) if (&User-Name =~ /\.\./ ) -> FALSE
- (56) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (56) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (56) if (&User-Name =~ /\.$/) {
- (56) if (&User-Name =~ /\.$/) -> FALSE
- (56) if (&User-Name =~ /@\./) {
- (56) if (&User-Name =~ /@\./) -> FALSE
- (56) } # if (&User-Name) = notfound
- (56) } # policy filter_username = notfound
- (56) [preprocess] = ok
- (56) [chap] = noop
- (56) [mschap] = noop
- (56) [digest] = noop
- (56) suffix: Checking for suffix after "@"
- (56) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (56) suffix: No such realm "NULL"
- (56) [suffix] = noop
- (56) eap: Peer sent EAP Response (code 2) ID 56 length 43
- (56) eap: Continuing tunnel setup
- (56) [eap] = ok
- (56) } # authorize = ok
- (56) Found Auth-Type = eap
- (56) # Executing group from file /etc/raddb/sites-enabled/default
- (56) authenticate {
- (56) eap: Expiring EAP session with state 0xc51bd490c723cdbe
- (56) eap: Finished EAP session with state 0xc51bd490c723cdbe
- (56) eap: Previous EAP request found for state 0xc51bd490c723cdbe, released from the list
- (56) eap: Peer sent packet with method EAP PEAP (25)
- (56) eap: Calling submodule eap_peap to process data
- (56) eap_peap: Continuing EAP-TLS
- (56) eap_peap: [eaptls verify] = ok
- (56) eap_peap: Done initial handshake
- (56) eap_peap: [eaptls process] = ok
- (56) eap_peap: Session established. Decoding tunneled attributes
- (56) eap_peap: PEAP state send tlv success
- (56) eap_peap: Received EAP-TLV response
- (56) eap_peap: Success
- (56) eap_peap: No saved attributes in the original Access-Accept
- (56) eap: Sending EAP Success (code 3) ID 56 length 4
- (56) eap: Freeing handler
- (56) [eap] = ok
- (56) } # authenticate = ok
- (56) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (56) post-auth {
- (56) update {
- (56) No attributes updated
- (56) } # update = noop
- (56) [exec] = noop
- (56) policy remove_reply_message_if_eap {
- (56) if (&reply:EAP-Message && &reply:Reply-Message) {
- (56) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (56) else {
- (56) [noop] = noop
- (56) } # else = noop
- (56) } # policy remove_reply_message_if_eap = noop
- (56) } # post-auth = noop
- (56) Sent Access-Accept Id 80 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (56) MS-MPPE-Recv-Key = 0x7e6fbeed3c8f51318751a8aa672fbd026467951fb3ab5b1a49eb82435316df95
- (56) MS-MPPE-Send-Key = 0x683737a5283d4ef6a79e158296bb6cd0ddb0d703a3683514635d577cca10902d
- (56) EAP-Message = 0x03380004
- (56) Message-Authenticator = 0x00000000000000000000000000000000
- (56) User-Name = "vkratsberg"
- (56) Finished request
- Waking up in 3.5 seconds.
- (57) Received Access-Request Id 81 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (57) User-Name = "vkratsberg"
- (57) NAS-Port = 358
- (57) EAP-Message = 0x0239000f01766b7261747362657267
- (57) Message-Authenticator = 0x55600a55a1d7bdc1cd260f60f842482b
- (57) Acct-Session-Id = "8O2.1x81bb08400002ad41"
- (57) NAS-Port-Id = "ge-3/0/6.0"
- (57) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (57) Called-Station-Id = "ec-3e-f7-68-35-00"
- (57) NAS-IP-Address = 10.8.0.111
- (57) NAS-Identifier = "nyc-access-sw011"
- (57) NAS-Port-Type = Ethernet
- (57) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (57) authorize {
- (57) policy filter_username {
- (57) if (&User-Name) {
- (57) if (&User-Name) -> TRUE
- (57) if (&User-Name) {
- (57) if (&User-Name =~ / /) {
- (57) if (&User-Name =~ / /) -> FALSE
- (57) if (&User-Name =~ /@[^@]*@/ ) {
- (57) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (57) if (&User-Name =~ /\.\./ ) {
- (57) if (&User-Name =~ /\.\./ ) -> FALSE
- (57) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (57) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (57) if (&User-Name =~ /\.$/) {
- (57) if (&User-Name =~ /\.$/) -> FALSE
- (57) if (&User-Name =~ /@\./) {
- (57) if (&User-Name =~ /@\./) -> FALSE
- (57) } # if (&User-Name) = notfound
- (57) } # policy filter_username = notfound
- (57) [preprocess] = ok
- (57) [chap] = noop
- (57) [mschap] = noop
- (57) [digest] = noop
- (57) suffix: Checking for suffix after "@"
- (57) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (57) suffix: No such realm "NULL"
- (57) [suffix] = noop
- (57) eap: Peer sent EAP Response (code 2) ID 57 length 15
- (57) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (57) [eap] = ok
- (57) } # authorize = ok
- (57) Found Auth-Type = eap
- (57) # Executing group from file /etc/raddb/sites-enabled/default
- (57) authenticate {
- (57) eap: Peer sent packet with method EAP Identity (1)
- (57) eap: Calling submodule eap_peap to process data
- (57) eap_peap: Initiating new EAP-TLS session
- (57) eap_peap: [eaptls start] = request
- (57) eap: Sending EAP Request (code 1) ID 58 length 6
- (57) eap: EAP session adding &reply:State = 0x1e9117831eab0ec6
- (57) [eap] = handled
- (57) } # authenticate = handled
- (57) Using Post-Auth-Type Challenge
- (57) Post-Auth-Type sub-section not found. Ignoring.
- (57) # Executing group from file /etc/raddb/sites-enabled/default
- (57) Sent Access-Challenge Id 81 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (57) EAP-Message = 0x013a00061920
- (57) Message-Authenticator = 0x00000000000000000000000000000000
- (57) State = 0x1e9117831eab0ec64abc8cf4d3ca3402
- (57) Finished request
- Waking up in 3.4 seconds.
- (58) Received Access-Request Id 82 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (58) User-Name = "vkratsberg"
- (58) NAS-Port = 358
- (58) State = 0x1e9117831eab0ec64abc8cf4d3ca3402
- (58) EAP-Message = 0x023a00a31980000000991603010094010000900301573f503dd5c6f41042f3ec67ee28949b4182006fddf0758ae8fba17a2693cf2920274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (58) Message-Authenticator = 0x2f61244bc0b841f5f4b3357081ca44ef
- (58) Acct-Session-Id = "8O2.1x81bb08400002ad41"
- (58) NAS-Port-Id = "ge-3/0/6.0"
- (58) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (58) Called-Station-Id = "ec-3e-f7-68-35-00"
- (58) NAS-IP-Address = 10.8.0.111
- (58) NAS-Identifier = "nyc-access-sw011"
- (58) NAS-Port-Type = Ethernet
- (58) session-state: No cached attributes
- (58) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (58) authorize {
- (58) policy filter_username {
- (58) if (&User-Name) {
- (58) if (&User-Name) -> TRUE
- (58) if (&User-Name) {
- (58) if (&User-Name =~ / /) {
- (58) if (&User-Name =~ / /) -> FALSE
- (58) if (&User-Name =~ /@[^@]*@/ ) {
- (58) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (58) if (&User-Name =~ /\.\./ ) {
- (58) if (&User-Name =~ /\.\./ ) -> FALSE
- (58) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (58) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (58) if (&User-Name =~ /\.$/) {
- (58) if (&User-Name =~ /\.$/) -> FALSE
- (58) if (&User-Name =~ /@\./) {
- (58) if (&User-Name =~ /@\./) -> FALSE
- (58) } # if (&User-Name) = notfound
- (58) } # policy filter_username = notfound
- (58) [preprocess] = ok
- (58) [chap] = noop
- (58) [mschap] = noop
- (58) [digest] = noop
- (58) suffix: Checking for suffix after "@"
- (58) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (58) suffix: No such realm "NULL"
- (58) [suffix] = noop
- (58) eap: Peer sent EAP Response (code 2) ID 58 length 163
- (58) eap: Continuing tunnel setup
- (58) [eap] = ok
- (58) } # authorize = ok
- (58) Found Auth-Type = eap
- (58) # Executing group from file /etc/raddb/sites-enabled/default
- (58) authenticate {
- (58) eap: Expiring EAP session with state 0x1e9117831eab0ec6
- (58) eap: Finished EAP session with state 0x1e9117831eab0ec6
- (58) eap: Previous EAP request found for state 0x1e9117831eab0ec6, released from the list
- (58) eap: Peer sent packet with method EAP PEAP (25)
- (58) eap: Calling submodule eap_peap to process data
- (58) eap_peap: Continuing EAP-TLS
- (58) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (58) eap_peap: Got complete TLS record (153 bytes)
- (58) eap_peap: [eaptls verify] = length included
- (58) eap_peap: (other): before/accept initialization
- (58) eap_peap: TLS_accept: before/accept initialization
- (58) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (58) eap_peap: TLS_accept: SSLv3 read client hello A
- (58) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (58) eap_peap: TLS_accept: SSLv3 write server hello A
- (58) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (58) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (58) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (58) eap_peap: TLS_accept: SSLv3 write finished A
- (58) eap_peap: TLS_accept: SSLv3 flush data
- (58) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (58) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (58) eap_peap: In SSL Handshake Phase
- (58) eap_peap: In SSL Accept mode
- (58) eap_peap: [eaptls process] = handled
- (58) eap: Sending EAP Request (code 1) ID 59 length 159
- (58) eap: EAP session adding &reply:State = 0x1e9117831faa0ec6
- (58) [eap] = handled
- (58) } # authenticate = handled
- (58) Using Post-Auth-Type Challenge
- (58) Post-Auth-Type sub-section not found. Ignoring.
- (58) # Executing group from file /etc/raddb/sites-enabled/default
- (58) Sent Access-Challenge Id 82 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (58) EAP-Message = 0x013b009f19001603010059020000550301573f503dfb895c68474565166c3a87e7bb219d2c26a5dc6de3f2d529859a547120274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100307ab74b4604628b7b
- (58) Message-Authenticator = 0x00000000000000000000000000000000
- (58) State = 0x1e9117831faa0ec64abc8cf4d3ca3402
- (58) Finished request
- Waking up in 3.4 seconds.
- (59) Received Access-Request Id 83 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (59) User-Name = "vkratsberg"
- (59) NAS-Port = 358
- (59) State = 0x1e9117831faa0ec64abc8cf4d3ca3402
- (59) EAP-Message = 0x023b004519800000003b14030100010116030100301d1aeb17d29de1636a4d2b0ef9892604d3e2715b60dd3944f8c1057d9756fa88c28117100ca5ceb7985fde5e3abb0e06
- (59) Message-Authenticator = 0x40dcff1745d90a416d003e4f1b70371f
- (59) Acct-Session-Id = "8O2.1x81bb08400002ad41"
- (59) NAS-Port-Id = "ge-3/0/6.0"
- (59) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (59) Called-Station-Id = "ec-3e-f7-68-35-00"
- (59) NAS-IP-Address = 10.8.0.111
- (59) NAS-Identifier = "nyc-access-sw011"
- (59) NAS-Port-Type = Ethernet
- (59) session-state: No cached attributes
- (59) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (59) authorize {
- (59) policy filter_username {
- (59) if (&User-Name) {
- (59) if (&User-Name) -> TRUE
- (59) if (&User-Name) {
- (59) if (&User-Name =~ / /) {
- (59) if (&User-Name =~ / /) -> FALSE
- (59) if (&User-Name =~ /@[^@]*@/ ) {
- (59) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (59) if (&User-Name =~ /\.\./ ) {
- (59) if (&User-Name =~ /\.\./ ) -> FALSE
- (59) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (59) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (59) if (&User-Name =~ /\.$/) {
- (59) if (&User-Name =~ /\.$/) -> FALSE
- (59) if (&User-Name =~ /@\./) {
- (59) if (&User-Name =~ /@\./) -> FALSE
- (59) } # if (&User-Name) = notfound
- (59) } # policy filter_username = notfound
- (59) [preprocess] = ok
- (59) [chap] = noop
- (59) [mschap] = noop
- (59) [digest] = noop
- (59) suffix: Checking for suffix after "@"
- (59) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (59) suffix: No such realm "NULL"
- (59) [suffix] = noop
- (59) eap: Peer sent EAP Response (code 2) ID 59 length 69
- (59) eap: Continuing tunnel setup
- (59) [eap] = ok
- (59) } # authorize = ok
- (59) Found Auth-Type = eap
- (59) # Executing group from file /etc/raddb/sites-enabled/default
- (59) authenticate {
- (59) eap: Expiring EAP session with state 0x1e9117831faa0ec6
- (59) eap: Finished EAP session with state 0x1e9117831faa0ec6
- (59) eap: Previous EAP request found for state 0x1e9117831faa0ec6, released from the list
- (59) eap: Peer sent packet with method EAP PEAP (25)
- (59) eap: Calling submodule eap_peap to process data
- (59) eap_peap: Continuing EAP-TLS
- (59) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (59) eap_peap: Got complete TLS record (59 bytes)
- (59) eap_peap: [eaptls verify] = length included
- (59) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (59) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (59) eap_peap: TLS_accept: SSLv3 read finished A
- (59) eap_peap: (other): SSL negotiation finished successfully
- (59) eap_peap: SSL Connection Established
- (59) eap_peap: SSL Application Data
- (59) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (59) eap_peap: reply:User-Name = "vkratsberg"
- (59) eap_peap: [eaptls process] = success
- (59) eap_peap: Session established. Decoding tunneled attributes
- (59) eap_peap: PEAP state TUNNEL ESTABLISHED
- (59) eap_peap: Skipping Phase2 because of session resumption
- (59) eap_peap: SUCCESS
- (59) eap: Sending EAP Request (code 1) ID 60 length 43
- (59) eap: EAP session adding &reply:State = 0x1e9117831cad0ec6
- (59) [eap] = handled
- (59) } # authenticate = handled
- (59) Using Post-Auth-Type Challenge
- (59) Post-Auth-Type sub-section not found. Ignoring.
- (59) # Executing group from file /etc/raddb/sites-enabled/default
- (59) Sent Access-Challenge Id 83 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (59) User-Name = "vkratsberg"
- (59) EAP-Message = 0x013c002b190017030100205ed60778c0290aa0d9492ff05f4a817ac4225514db3c3311de74e9fc0a0c2efa
- (59) Message-Authenticator = 0x00000000000000000000000000000000
- (59) State = 0x1e9117831cad0ec64abc8cf4d3ca3402
- (59) Finished request
- Waking up in 3.4 seconds.
- (60) Received Access-Request Id 84 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (60) User-Name = "vkratsberg"
- (60) NAS-Port = 358
- (60) State = 0x1e9117831cad0ec64abc8cf4d3ca3402
- (60) EAP-Message = 0x023c002b19001703010020a2f70b144c65bb8d19641a3e8f029c4ce36c58b4abfc8b5f3d029304e64c4923
- (60) Message-Authenticator = 0x27b7d97ce26014682b3936201d8210d4
- (60) Acct-Session-Id = "8O2.1x81bb08400002ad41"
- (60) NAS-Port-Id = "ge-3/0/6.0"
- (60) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (60) Called-Station-Id = "ec-3e-f7-68-35-00"
- (60) NAS-IP-Address = 10.8.0.111
- (60) NAS-Identifier = "nyc-access-sw011"
- (60) NAS-Port-Type = Ethernet
- (60) session-state: No cached attributes
- (60) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (60) authorize {
- (60) policy filter_username {
- (60) if (&User-Name) {
- (60) if (&User-Name) -> TRUE
- (60) if (&User-Name) {
- (60) if (&User-Name =~ / /) {
- (60) if (&User-Name =~ / /) -> FALSE
- (60) if (&User-Name =~ /@[^@]*@/ ) {
- (60) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (60) if (&User-Name =~ /\.\./ ) {
- (60) if (&User-Name =~ /\.\./ ) -> FALSE
- (60) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (60) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (60) if (&User-Name =~ /\.$/) {
- (60) if (&User-Name =~ /\.$/) -> FALSE
- (60) if (&User-Name =~ /@\./) {
- (60) if (&User-Name =~ /@\./) -> FALSE
- (60) } # if (&User-Name) = notfound
- (60) } # policy filter_username = notfound
- (60) [preprocess] = ok
- (60) [chap] = noop
- (60) [mschap] = noop
- (60) [digest] = noop
- (60) suffix: Checking for suffix after "@"
- (60) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (60) suffix: No such realm "NULL"
- (60) [suffix] = noop
- (60) eap: Peer sent EAP Response (code 2) ID 60 length 43
- (60) eap: Continuing tunnel setup
- (60) [eap] = ok
- (60) } # authorize = ok
- (60) Found Auth-Type = eap
- (60) # Executing group from file /etc/raddb/sites-enabled/default
- (60) authenticate {
- (60) eap: Expiring EAP session with state 0x1e9117831cad0ec6
- (60) eap: Finished EAP session with state 0x1e9117831cad0ec6
- (60) eap: Previous EAP request found for state 0x1e9117831cad0ec6, released from the list
- (60) eap: Peer sent packet with method EAP PEAP (25)
- (60) eap: Calling submodule eap_peap to process data
- (60) eap_peap: Continuing EAP-TLS
- (60) eap_peap: [eaptls verify] = ok
- (60) eap_peap: Done initial handshake
- (60) eap_peap: [eaptls process] = ok
- (60) eap_peap: Session established. Decoding tunneled attributes
- (60) eap_peap: PEAP state send tlv success
- (60) eap_peap: Received EAP-TLV response
- (60) eap_peap: Success
- (60) eap_peap: No saved attributes in the original Access-Accept
- (60) eap: Sending EAP Success (code 3) ID 60 length 4
- (60) eap: Freeing handler
- (60) [eap] = ok
- (60) } # authenticate = ok
- (60) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (60) post-auth {
- (60) update {
- (60) No attributes updated
- (60) } # update = noop
- (60) [exec] = noop
- (60) policy remove_reply_message_if_eap {
- (60) if (&reply:EAP-Message && &reply:Reply-Message) {
- (60) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (60) else {
- (60) [noop] = noop
- (60) } # else = noop
- (60) } # policy remove_reply_message_if_eap = noop
- (60) } # post-auth = noop
- (60) Sent Access-Accept Id 84 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (60) MS-MPPE-Recv-Key = 0x42acb2f4eab27fc2ec0a775bf41e9e84b59a9d8147857fe2c68b8f1ea20dab57
- (60) MS-MPPE-Send-Key = 0x4040c58418cce98db0cf2d7c425f56f1445c1ea9a6806c93c466ff9987307a8e
- (60) EAP-Message = 0x033c0004
- (60) Message-Authenticator = 0x00000000000000000000000000000000
- (60) User-Name = "vkratsberg"
- (60) Finished request
- Waking up in 3.4 seconds.
- (61) Received Access-Request Id 85 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (61) User-Name = "vkratsberg"
- (61) NAS-Port = 358
- (61) EAP-Message = 0x023d000f01766b7261747362657267
- (61) Message-Authenticator = 0xbb73bf378271a2efa003679327a58a04
- (61) Acct-Session-Id = "8O2.1x81bb0841000445cd"
- (61) NAS-Port-Id = "ge-3/0/6.0"
- (61) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (61) Called-Station-Id = "ec-3e-f7-68-35-00"
- (61) NAS-IP-Address = 10.8.0.111
- (61) NAS-Identifier = "nyc-access-sw011"
- (61) NAS-Port-Type = Ethernet
- (61) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (61) authorize {
- (61) policy filter_username {
- (61) if (&User-Name) {
- (61) if (&User-Name) -> TRUE
- (61) if (&User-Name) {
- (61) if (&User-Name =~ / /) {
- (61) if (&User-Name =~ / /) -> FALSE
- (61) if (&User-Name =~ /@[^@]*@/ ) {
- (61) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (61) if (&User-Name =~ /\.\./ ) {
- (61) if (&User-Name =~ /\.\./ ) -> FALSE
- (61) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (61) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (61) if (&User-Name =~ /\.$/) {
- (61) if (&User-Name =~ /\.$/) -> FALSE
- (61) if (&User-Name =~ /@\./) {
- (61) if (&User-Name =~ /@\./) -> FALSE
- (61) } # if (&User-Name) = notfound
- (61) } # policy filter_username = notfound
- (61) [preprocess] = ok
- (61) [chap] = noop
- (61) [mschap] = noop
- (61) [digest] = noop
- (61) suffix: Checking for suffix after "@"
- (61) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (61) suffix: No such realm "NULL"
- (61) [suffix] = noop
- (61) eap: Peer sent EAP Response (code 2) ID 61 length 15
- (61) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (61) [eap] = ok
- (61) } # authorize = ok
- (61) Found Auth-Type = eap
- (61) # Executing group from file /etc/raddb/sites-enabled/default
- (61) authenticate {
- (61) eap: Peer sent packet with method EAP Identity (1)
- (61) eap: Calling submodule eap_peap to process data
- (61) eap_peap: Initiating new EAP-TLS session
- (61) eap_peap: [eaptls start] = request
- (61) eap: Sending EAP Request (code 1) ID 62 length 6
- (61) eap: EAP session adding &reply:State = 0xb4555843b46b4104
- (61) [eap] = handled
- (61) } # authenticate = handled
- (61) Using Post-Auth-Type Challenge
- (61) Post-Auth-Type sub-section not found. Ignoring.
- (61) # Executing group from file /etc/raddb/sites-enabled/default
- (61) Sent Access-Challenge Id 85 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (61) EAP-Message = 0x013e00061920
- (61) Message-Authenticator = 0x00000000000000000000000000000000
- (61) State = 0xb4555843b46b41043f7580f54a3ad06c
- (61) Finished request
- Waking up in 3.3 seconds.
- (62) Received Access-Request Id 86 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (62) User-Name = "vkratsberg"
- (62) NAS-Port = 358
- (62) State = 0xb4555843b46b41043f7580f54a3ad06c
- (62) EAP-Message = 0x023e00a31980000000991603010094010000900301573f503d92080572df4c1ba4182a18782167727f45187ab57ab30e1ee6b317b120274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (62) Message-Authenticator = 0x0bc5339872f55524084b19d9551bcc17
- (62) Acct-Session-Id = "8O2.1x81bb0841000445cd"
- (62) NAS-Port-Id = "ge-3/0/6.0"
- (62) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (62) Called-Station-Id = "ec-3e-f7-68-35-00"
- (62) NAS-IP-Address = 10.8.0.111
- (62) NAS-Identifier = "nyc-access-sw011"
- (62) NAS-Port-Type = Ethernet
- (62) session-state: No cached attributes
- (62) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (62) authorize {
- (62) policy filter_username {
- (62) if (&User-Name) {
- (62) if (&User-Name) -> TRUE
- (62) if (&User-Name) {
- (62) if (&User-Name =~ / /) {
- (62) if (&User-Name =~ / /) -> FALSE
- (62) if (&User-Name =~ /@[^@]*@/ ) {
- (62) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (62) if (&User-Name =~ /\.\./ ) {
- (62) if (&User-Name =~ /\.\./ ) -> FALSE
- (62) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (62) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (62) if (&User-Name =~ /\.$/) {
- (62) if (&User-Name =~ /\.$/) -> FALSE
- (62) if (&User-Name =~ /@\./) {
- (62) if (&User-Name =~ /@\./) -> FALSE
- (62) } # if (&User-Name) = notfound
- (62) } # policy filter_username = notfound
- (62) [preprocess] = ok
- (62) [chap] = noop
- (62) [mschap] = noop
- (62) [digest] = noop
- (62) suffix: Checking for suffix after "@"
- (62) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (62) suffix: No such realm "NULL"
- (62) [suffix] = noop
- (62) eap: Peer sent EAP Response (code 2) ID 62 length 163
- (62) eap: Continuing tunnel setup
- (62) [eap] = ok
- (62) } # authorize = ok
- (62) Found Auth-Type = eap
- (62) # Executing group from file /etc/raddb/sites-enabled/default
- (62) authenticate {
- (62) eap: Expiring EAP session with state 0xb4555843b46b4104
- (62) eap: Finished EAP session with state 0xb4555843b46b4104
- (62) eap: Previous EAP request found for state 0xb4555843b46b4104, released from the list
- (62) eap: Peer sent packet with method EAP PEAP (25)
- (62) eap: Calling submodule eap_peap to process data
- (62) eap_peap: Continuing EAP-TLS
- (62) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (62) eap_peap: Got complete TLS record (153 bytes)
- (62) eap_peap: [eaptls verify] = length included
- (62) eap_peap: (other): before/accept initialization
- (62) eap_peap: TLS_accept: before/accept initialization
- (62) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (62) eap_peap: TLS_accept: SSLv3 read client hello A
- (62) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (62) eap_peap: TLS_accept: SSLv3 write server hello A
- (62) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (62) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (62) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (62) eap_peap: TLS_accept: SSLv3 write finished A
- (62) eap_peap: TLS_accept: SSLv3 flush data
- (62) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (62) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (62) eap_peap: In SSL Handshake Phase
- (62) eap_peap: In SSL Accept mode
- (62) eap_peap: [eaptls process] = handled
- (62) eap: Sending EAP Request (code 1) ID 63 length 159
- (62) eap: EAP session adding &reply:State = 0xb4555843b56a4104
- (62) [eap] = handled
- (62) } # authenticate = handled
- (62) Using Post-Auth-Type Challenge
- (62) Post-Auth-Type sub-section not found. Ignoring.
- (62) # Executing group from file /etc/raddb/sites-enabled/default
- (62) Sent Access-Challenge Id 86 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (62) EAP-Message = 0x013f009f19001603010059020000550301573f503d9a7e6b405d053067d5c1396240521cae525b185aa54df38a6452bb1420274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030bfeaedfa7b4abc4d
- (62) Message-Authenticator = 0x00000000000000000000000000000000
- (62) State = 0xb4555843b56a41043f7580f54a3ad06c
- (62) Finished request
- Waking up in 3.3 seconds.
- (63) Received Access-Request Id 87 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (63) User-Name = "vkratsberg"
- (63) NAS-Port = 358
- (63) State = 0xb4555843b56a41043f7580f54a3ad06c
- (63) EAP-Message = 0x023f004519800000003b1403010001011603010030069811a2de8b76301bf368b79716a64ef2e13fb3dd537404996b319bc8c6b2b874287eb2af232360ff38349b1286bd78
- (63) Message-Authenticator = 0xc625ce0eb3c4af4ea599f2b1cc184f37
- (63) Acct-Session-Id = "8O2.1x81bb0841000445cd"
- (63) NAS-Port-Id = "ge-3/0/6.0"
- (63) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (63) Called-Station-Id = "ec-3e-f7-68-35-00"
- (63) NAS-IP-Address = 10.8.0.111
- (63) NAS-Identifier = "nyc-access-sw011"
- (63) NAS-Port-Type = Ethernet
- (63) session-state: No cached attributes
- (63) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (63) authorize {
- (63) policy filter_username {
- (63) if (&User-Name) {
- (63) if (&User-Name) -> TRUE
- (63) if (&User-Name) {
- (63) if (&User-Name =~ / /) {
- (63) if (&User-Name =~ / /) -> FALSE
- (63) if (&User-Name =~ /@[^@]*@/ ) {
- (63) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (63) if (&User-Name =~ /\.\./ ) {
- (63) if (&User-Name =~ /\.\./ ) -> FALSE
- (63) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (63) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (63) if (&User-Name =~ /\.$/) {
- (63) if (&User-Name =~ /\.$/) -> FALSE
- (63) if (&User-Name =~ /@\./) {
- (63) if (&User-Name =~ /@\./) -> FALSE
- (63) } # if (&User-Name) = notfound
- (63) } # policy filter_username = notfound
- (63) [preprocess] = ok
- (63) [chap] = noop
- (63) [mschap] = noop
- (63) [digest] = noop
- (63) suffix: Checking for suffix after "@"
- (63) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (63) suffix: No such realm "NULL"
- (63) [suffix] = noop
- (63) eap: Peer sent EAP Response (code 2) ID 63 length 69
- (63) eap: Continuing tunnel setup
- (63) [eap] = ok
- (63) } # authorize = ok
- (63) Found Auth-Type = eap
- (63) # Executing group from file /etc/raddb/sites-enabled/default
- (63) authenticate {
- (63) eap: Expiring EAP session with state 0xb4555843b56a4104
- (63) eap: Finished EAP session with state 0xb4555843b56a4104
- (63) eap: Previous EAP request found for state 0xb4555843b56a4104, released from the list
- (63) eap: Peer sent packet with method EAP PEAP (25)
- (63) eap: Calling submodule eap_peap to process data
- (63) eap_peap: Continuing EAP-TLS
- (63) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (63) eap_peap: Got complete TLS record (59 bytes)
- (63) eap_peap: [eaptls verify] = length included
- (63) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (63) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (63) eap_peap: TLS_accept: SSLv3 read finished A
- (63) eap_peap: (other): SSL negotiation finished successfully
- (63) eap_peap: SSL Connection Established
- (63) eap_peap: SSL Application Data
- (63) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (63) eap_peap: reply:User-Name = "vkratsberg"
- (63) eap_peap: [eaptls process] = success
- (63) eap_peap: Session established. Decoding tunneled attributes
- (63) eap_peap: PEAP state TUNNEL ESTABLISHED
- (63) eap_peap: Skipping Phase2 because of session resumption
- (63) eap_peap: SUCCESS
- (63) eap: Sending EAP Request (code 1) ID 64 length 43
- (63) eap: EAP session adding &reply:State = 0xb4555843b6154104
- (63) [eap] = handled
- (63) } # authenticate = handled
- (63) Using Post-Auth-Type Challenge
- (63) Post-Auth-Type sub-section not found. Ignoring.
- (63) # Executing group from file /etc/raddb/sites-enabled/default
- (63) Sent Access-Challenge Id 87 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (63) User-Name = "vkratsberg"
- (63) EAP-Message = 0x0140002b190017030100203cfd7b41463f1ce0586bba11d6c5ccd5f2265af1d3cb2d57700c8e81137dddbb
- (63) Message-Authenticator = 0x00000000000000000000000000000000
- (63) State = 0xb4555843b61541043f7580f54a3ad06c
- (63) Finished request
- Waking up in 3.3 seconds.
- (64) Received Access-Request Id 88 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (64) User-Name = "vkratsberg"
- (64) NAS-Port = 358
- (64) State = 0xb4555843b61541043f7580f54a3ad06c
- (64) EAP-Message = 0x0240002b190017030100202475cf86a000566ec2dd8dfd641f4c2ea05dc420b990155d31b2386578e067e4
- (64) Message-Authenticator = 0xd74fe9a57f6254d5ac55542948aefb36
- (64) Acct-Session-Id = "8O2.1x81bb0841000445cd"
- (64) NAS-Port-Id = "ge-3/0/6.0"
- (64) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (64) Called-Station-Id = "ec-3e-f7-68-35-00"
- (64) NAS-IP-Address = 10.8.0.111
- (64) NAS-Identifier = "nyc-access-sw011"
- (64) NAS-Port-Type = Ethernet
- (64) session-state: No cached attributes
- (64) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (64) authorize {
- (64) policy filter_username {
- (64) if (&User-Name) {
- (64) if (&User-Name) -> TRUE
- (64) if (&User-Name) {
- (64) if (&User-Name =~ / /) {
- (64) if (&User-Name =~ / /) -> FALSE
- (64) if (&User-Name =~ /@[^@]*@/ ) {
- (64) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (64) if (&User-Name =~ /\.\./ ) {
- (64) if (&User-Name =~ /\.\./ ) -> FALSE
- (64) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (64) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (64) if (&User-Name =~ /\.$/) {
- (64) if (&User-Name =~ /\.$/) -> FALSE
- (64) if (&User-Name =~ /@\./) {
- (64) if (&User-Name =~ /@\./) -> FALSE
- (64) } # if (&User-Name) = notfound
- (64) } # policy filter_username = notfound
- (64) [preprocess] = ok
- (64) [chap] = noop
- (64) [mschap] = noop
- (64) [digest] = noop
- (64) suffix: Checking for suffix after "@"
- (64) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (64) suffix: No such realm "NULL"
- (64) [suffix] = noop
- (64) eap: Peer sent EAP Response (code 2) ID 64 length 43
- (64) eap: Continuing tunnel setup
- (64) [eap] = ok
- (64) } # authorize = ok
- (64) Found Auth-Type = eap
- (64) # Executing group from file /etc/raddb/sites-enabled/default
- (64) authenticate {
- (64) eap: Expiring EAP session with state 0xb4555843b6154104
- (64) eap: Finished EAP session with state 0xb4555843b6154104
- (64) eap: Previous EAP request found for state 0xb4555843b6154104, released from the list
- (64) eap: Peer sent packet with method EAP PEAP (25)
- (64) eap: Calling submodule eap_peap to process data
- (64) eap_peap: Continuing EAP-TLS
- (64) eap_peap: [eaptls verify] = ok
- (64) eap_peap: Done initial handshake
- (64) eap_peap: [eaptls process] = ok
- (64) eap_peap: Session established. Decoding tunneled attributes
- (64) eap_peap: PEAP state send tlv success
- (64) eap_peap: Received EAP-TLV response
- (64) eap_peap: Success
- (64) eap_peap: No saved attributes in the original Access-Accept
- (64) eap: Sending EAP Success (code 3) ID 64 length 4
- (64) eap: Freeing handler
- (64) [eap] = ok
- (64) } # authenticate = ok
- (64) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (64) post-auth {
- (64) update {
- (64) No attributes updated
- (64) } # update = noop
- (64) [exec] = noop
- (64) policy remove_reply_message_if_eap {
- (64) if (&reply:EAP-Message && &reply:Reply-Message) {
- (64) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (64) else {
- (64) [noop] = noop
- (64) } # else = noop
- (64) } # policy remove_reply_message_if_eap = noop
- (64) } # post-auth = noop
- (64) Sent Access-Accept Id 88 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (64) MS-MPPE-Recv-Key = 0x134207be9e348f1e176a8ac3d9a4d383b7dcf4bd87981a3376c4486e77458c34
- (64) MS-MPPE-Send-Key = 0x3ac508be6f2e2850789ea5966ac331f227a52adf504a13b48deb47ba6f9d2fd5
- (64) EAP-Message = 0x03400004
- (64) Message-Authenticator = 0x00000000000000000000000000000000
- (64) User-Name = "vkratsberg"
- (64) Finished request
- Waking up in 3.3 seconds.
- (65) Received Access-Request Id 89 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (65) User-Name = "vkratsberg"
- (65) NAS-Port = 358
- (65) EAP-Message = 0x0241000f01766b7261747362657267
- (65) Message-Authenticator = 0xa2c7aacfa4cbdf3da805c2c157397400
- (65) Acct-Session-Id = "8O2.1x81bb08420005e2af"
- (65) NAS-Port-Id = "ge-3/0/6.0"
- (65) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (65) Called-Station-Id = "ec-3e-f7-68-35-00"
- (65) NAS-IP-Address = 10.8.0.111
- (65) NAS-Identifier = "nyc-access-sw011"
- (65) NAS-Port-Type = Ethernet
- (65) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (65) authorize {
- (65) policy filter_username {
- (65) if (&User-Name) {
- (65) if (&User-Name) -> TRUE
- (65) if (&User-Name) {
- (65) if (&User-Name =~ / /) {
- (65) if (&User-Name =~ / /) -> FALSE
- (65) if (&User-Name =~ /@[^@]*@/ ) {
- (65) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (65) if (&User-Name =~ /\.\./ ) {
- (65) if (&User-Name =~ /\.\./ ) -> FALSE
- (65) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (65) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (65) if (&User-Name =~ /\.$/) {
- (65) if (&User-Name =~ /\.$/) -> FALSE
- (65) if (&User-Name =~ /@\./) {
- (65) if (&User-Name =~ /@\./) -> FALSE
- (65) } # if (&User-Name) = notfound
- (65) } # policy filter_username = notfound
- (65) [preprocess] = ok
- (65) [chap] = noop
- (65) [mschap] = noop
- (65) [digest] = noop
- (65) suffix: Checking for suffix after "@"
- (65) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (65) suffix: No such realm "NULL"
- (65) [suffix] = noop
- (65) eap: Peer sent EAP Response (code 2) ID 65 length 15
- (65) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (65) [eap] = ok
- (65) } # authorize = ok
- (65) Found Auth-Type = eap
- (65) # Executing group from file /etc/raddb/sites-enabled/default
- (65) authenticate {
- (65) eap: Peer sent packet with method EAP Identity (1)
- (65) eap: Calling submodule eap_peap to process data
- (65) eap_peap: Initiating new EAP-TLS session
- (65) eap_peap: [eaptls start] = request
- (65) eap: Sending EAP Request (code 1) ID 66 length 6
- (65) eap: EAP session adding &reply:State = 0x84760f5e843416ab
- (65) [eap] = handled
- (65) } # authenticate = handled
- (65) Using Post-Auth-Type Challenge
- (65) Post-Auth-Type sub-section not found. Ignoring.
- (65) # Executing group from file /etc/raddb/sites-enabled/default
- (65) Sent Access-Challenge Id 89 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (65) EAP-Message = 0x014200061920
- (65) Message-Authenticator = 0x00000000000000000000000000000000
- (65) State = 0x84760f5e843416ab000ba36a1076ac07
- (65) Finished request
- Waking up in 3.2 seconds.
- (66) Received Access-Request Id 90 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (66) User-Name = "vkratsberg"
- (66) NAS-Port = 358
- (66) State = 0x84760f5e843416ab000ba36a1076ac07
- (66) EAP-Message = 0x024200a31980000000991603010094010000900301573f503dc067a22d42e31ff4c10e8617332701ce7575f951158623c1f5e89cb620274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (66) Message-Authenticator = 0xd070acaf41f912547921e713dce20212
- (66) Acct-Session-Id = "8O2.1x81bb08420005e2af"
- (66) NAS-Port-Id = "ge-3/0/6.0"
- (66) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (66) Called-Station-Id = "ec-3e-f7-68-35-00"
- (66) NAS-IP-Address = 10.8.0.111
- (66) NAS-Identifier = "nyc-access-sw011"
- (66) NAS-Port-Type = Ethernet
- (66) session-state: No cached attributes
- (66) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (66) authorize {
- (66) policy filter_username {
- (66) if (&User-Name) {
- (66) if (&User-Name) -> TRUE
- (66) if (&User-Name) {
- (66) if (&User-Name =~ / /) {
- (66) if (&User-Name =~ / /) -> FALSE
- (66) if (&User-Name =~ /@[^@]*@/ ) {
- (66) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (66) if (&User-Name =~ /\.\./ ) {
- (66) if (&User-Name =~ /\.\./ ) -> FALSE
- (66) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (66) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (66) if (&User-Name =~ /\.$/) {
- (66) if (&User-Name =~ /\.$/) -> FALSE
- (66) if (&User-Name =~ /@\./) {
- (66) if (&User-Name =~ /@\./) -> FALSE
- (66) } # if (&User-Name) = notfound
- (66) } # policy filter_username = notfound
- (66) [preprocess] = ok
- (66) [chap] = noop
- (66) [mschap] = noop
- (66) [digest] = noop
- (66) suffix: Checking for suffix after "@"
- (66) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (66) suffix: No such realm "NULL"
- (66) [suffix] = noop
- (66) eap: Peer sent EAP Response (code 2) ID 66 length 163
- (66) eap: Continuing tunnel setup
- (66) [eap] = ok
- (66) } # authorize = ok
- (66) Found Auth-Type = eap
- (66) # Executing group from file /etc/raddb/sites-enabled/default
- (66) authenticate {
- (66) eap: Expiring EAP session with state 0x84760f5e843416ab
- (66) eap: Finished EAP session with state 0x84760f5e843416ab
- (66) eap: Previous EAP request found for state 0x84760f5e843416ab, released from the list
- (66) eap: Peer sent packet with method EAP PEAP (25)
- (66) eap: Calling submodule eap_peap to process data
- (66) eap_peap: Continuing EAP-TLS
- (66) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (66) eap_peap: Got complete TLS record (153 bytes)
- (66) eap_peap: [eaptls verify] = length included
- (66) eap_peap: (other): before/accept initialization
- (66) eap_peap: TLS_accept: before/accept initialization
- (66) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (66) eap_peap: TLS_accept: SSLv3 read client hello A
- (66) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (66) eap_peap: TLS_accept: SSLv3 write server hello A
- (66) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (66) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (66) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (66) eap_peap: TLS_accept: SSLv3 write finished A
- (66) eap_peap: TLS_accept: SSLv3 flush data
- (66) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (66) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (66) eap_peap: In SSL Handshake Phase
- (66) eap_peap: In SSL Accept mode
- (66) eap_peap: [eaptls process] = handled
- (66) eap: Sending EAP Request (code 1) ID 67 length 159
- (66) eap: EAP session adding &reply:State = 0x84760f5e853516ab
- (66) [eap] = handled
- (66) } # authenticate = handled
- (66) Using Post-Auth-Type Challenge
- (66) Post-Auth-Type sub-section not found. Ignoring.
- (66) # Executing group from file /etc/raddb/sites-enabled/default
- (66) Sent Access-Challenge Id 90 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (66) EAP-Message = 0x0143009f19001603010059020000550301573f503ddf51fdeb6c70eabd8a349c0430af0cfb0b2c24138784ca6d738eeb6720274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100306bc4a150a7e604f5
- (66) Message-Authenticator = 0x00000000000000000000000000000000
- (66) State = 0x84760f5e853516ab000ba36a1076ac07
- (66) Finished request
- Waking up in 3.2 seconds.
- (67) Received Access-Request Id 91 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (67) User-Name = "vkratsberg"
- (67) NAS-Port = 358
- (67) State = 0x84760f5e853516ab000ba36a1076ac07
- (67) EAP-Message = 0x0243004519800000003b140301000101160301003014feb3129fe88a6f974ed24dfec617ded3c3f8437a68b69974d4b4ed96fa7d7ce95e2cb34f9927d536b9c2859515f8a6
- (67) Message-Authenticator = 0x1d1a6eeed1090b34ef97e14d34e71d48
- (67) Acct-Session-Id = "8O2.1x81bb08420005e2af"
- (67) NAS-Port-Id = "ge-3/0/6.0"
- (67) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (67) Called-Station-Id = "ec-3e-f7-68-35-00"
- (67) NAS-IP-Address = 10.8.0.111
- (67) NAS-Identifier = "nyc-access-sw011"
- (67) NAS-Port-Type = Ethernet
- (67) session-state: No cached attributes
- (67) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (67) authorize {
- (67) policy filter_username {
- (67) if (&User-Name) {
- (67) if (&User-Name) -> TRUE
- (67) if (&User-Name) {
- (67) if (&User-Name =~ / /) {
- (67) if (&User-Name =~ / /) -> FALSE
- (67) if (&User-Name =~ /@[^@]*@/ ) {
- (67) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (67) if (&User-Name =~ /\.\./ ) {
- (67) if (&User-Name =~ /\.\./ ) -> FALSE
- (67) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (67) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (67) if (&User-Name =~ /\.$/) {
- (67) if (&User-Name =~ /\.$/) -> FALSE
- (67) if (&User-Name =~ /@\./) {
- (67) if (&User-Name =~ /@\./) -> FALSE
- (67) } # if (&User-Name) = notfound
- (67) } # policy filter_username = notfound
- (67) [preprocess] = ok
- (67) [chap] = noop
- (67) [mschap] = noop
- (67) [digest] = noop
- (67) suffix: Checking for suffix after "@"
- (67) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (67) suffix: No such realm "NULL"
- (67) [suffix] = noop
- (67) eap: Peer sent EAP Response (code 2) ID 67 length 69
- (67) eap: Continuing tunnel setup
- (67) [eap] = ok
- (67) } # authorize = ok
- (67) Found Auth-Type = eap
- (67) # Executing group from file /etc/raddb/sites-enabled/default
- (67) authenticate {
- (67) eap: Expiring EAP session with state 0x84760f5e853516ab
- (67) eap: Finished EAP session with state 0x84760f5e853516ab
- (67) eap: Previous EAP request found for state 0x84760f5e853516ab, released from the list
- (67) eap: Peer sent packet with method EAP PEAP (25)
- (67) eap: Calling submodule eap_peap to process data
- (67) eap_peap: Continuing EAP-TLS
- (67) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (67) eap_peap: Got complete TLS record (59 bytes)
- (67) eap_peap: [eaptls verify] = length included
- (67) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (67) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (67) eap_peap: TLS_accept: SSLv3 read finished A
- (67) eap_peap: (other): SSL negotiation finished successfully
- (67) eap_peap: SSL Connection Established
- (67) eap_peap: SSL Application Data
- (67) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (67) eap_peap: reply:User-Name = "vkratsberg"
- (67) eap_peap: [eaptls process] = success
- (67) eap_peap: Session established. Decoding tunneled attributes
- (67) eap_peap: PEAP state TUNNEL ESTABLISHED
- (67) eap_peap: Skipping Phase2 because of session resumption
- (67) eap_peap: SUCCESS
- (67) eap: Sending EAP Request (code 1) ID 68 length 43
- (67) eap: EAP session adding &reply:State = 0x84760f5e863216ab
- (67) [eap] = handled
- (67) } # authenticate = handled
- (67) Using Post-Auth-Type Challenge
- (67) Post-Auth-Type sub-section not found. Ignoring.
- (67) # Executing group from file /etc/raddb/sites-enabled/default
- (67) Sent Access-Challenge Id 91 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (67) User-Name = "vkratsberg"
- (67) EAP-Message = 0x0144002b19001703010020be1cf2432fe4a9dfd5fc68e6cbc30c19312b1f3f79bd5c4a84b46d32095c6927
- (67) Message-Authenticator = 0x00000000000000000000000000000000
- (67) State = 0x84760f5e863216ab000ba36a1076ac07
- (67) Finished request
- Waking up in 3.2 seconds.
- (68) Received Access-Request Id 92 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (68) User-Name = "vkratsberg"
- (68) NAS-Port = 358
- (68) State = 0x84760f5e863216ab000ba36a1076ac07
- (68) EAP-Message = 0x0244002b19001703010020d1f18b0baf761392f539c1e4bd979b49ea7196f106cfac2b48901499dfc46eed
- (68) Message-Authenticator = 0xd8094b300a8024007b2ccc8a418cbff8
- (68) Acct-Session-Id = "8O2.1x81bb08420005e2af"
- (68) NAS-Port-Id = "ge-3/0/6.0"
- (68) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (68) Called-Station-Id = "ec-3e-f7-68-35-00"
- (68) NAS-IP-Address = 10.8.0.111
- (68) NAS-Identifier = "nyc-access-sw011"
- (68) NAS-Port-Type = Ethernet
- (68) session-state: No cached attributes
- (68) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (68) authorize {
- (68) policy filter_username {
- (68) if (&User-Name) {
- (68) if (&User-Name) -> TRUE
- (68) if (&User-Name) {
- (68) if (&User-Name =~ / /) {
- (68) if (&User-Name =~ / /) -> FALSE
- (68) if (&User-Name =~ /@[^@]*@/ ) {
- (68) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (68) if (&User-Name =~ /\.\./ ) {
- (68) if (&User-Name =~ /\.\./ ) -> FALSE
- (68) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (68) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (68) if (&User-Name =~ /\.$/) {
- (68) if (&User-Name =~ /\.$/) -> FALSE
- (68) if (&User-Name =~ /@\./) {
- (68) if (&User-Name =~ /@\./) -> FALSE
- (68) } # if (&User-Name) = notfound
- (68) } # policy filter_username = notfound
- (68) [preprocess] = ok
- (68) [chap] = noop
- (68) [mschap] = noop
- (68) [digest] = noop
- (68) suffix: Checking for suffix after "@"
- (68) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (68) suffix: No such realm "NULL"
- (68) [suffix] = noop
- (68) eap: Peer sent EAP Response (code 2) ID 68 length 43
- (68) eap: Continuing tunnel setup
- (68) [eap] = ok
- (68) } # authorize = ok
- (68) Found Auth-Type = eap
- (68) # Executing group from file /etc/raddb/sites-enabled/default
- (68) authenticate {
- (68) eap: Expiring EAP session with state 0x84760f5e863216ab
- (68) eap: Finished EAP session with state 0x84760f5e863216ab
- (68) eap: Previous EAP request found for state 0x84760f5e863216ab, released from the list
- (68) eap: Peer sent packet with method EAP PEAP (25)
- (68) eap: Calling submodule eap_peap to process data
- (68) eap_peap: Continuing EAP-TLS
- (68) eap_peap: [eaptls verify] = ok
- (68) eap_peap: Done initial handshake
- (68) eap_peap: [eaptls process] = ok
- (68) eap_peap: Session established. Decoding tunneled attributes
- (68) eap_peap: PEAP state send tlv success
- (68) eap_peap: Received EAP-TLV response
- (68) eap_peap: Success
- (68) eap_peap: No saved attributes in the original Access-Accept
- (68) eap: Sending EAP Success (code 3) ID 68 length 4
- (68) eap: Freeing handler
- (68) [eap] = ok
- (68) } # authenticate = ok
- (68) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (68) post-auth {
- (68) update {
- (68) No attributes updated
- (68) } # update = noop
- (68) [exec] = noop
- (68) policy remove_reply_message_if_eap {
- (68) if (&reply:EAP-Message && &reply:Reply-Message) {
- (68) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (68) else {
- (68) [noop] = noop
- (68) } # else = noop
- (68) } # policy remove_reply_message_if_eap = noop
- (68) } # post-auth = noop
- (68) Sent Access-Accept Id 92 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (68) MS-MPPE-Recv-Key = 0xa581953fcc75642a942419f2e8be4af9e87008913b9d96aebe21e1fa8dc3987d
- (68) MS-MPPE-Send-Key = 0xb992d27b70e598743d37aa07892874adc77d17759ebdec1d6dd7d0aac59e90b1
- (68) EAP-Message = 0x03440004
- (68) Message-Authenticator = 0x00000000000000000000000000000000
- (68) User-Name = "vkratsberg"
- (68) Finished request
- Waking up in 3.2 seconds.
- (69) Received Access-Request Id 93 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (69) User-Name = "vkratsberg"
- (69) NAS-Port = 358
- (69) EAP-Message = 0x0245000f01766b7261747362657267
- (69) Message-Authenticator = 0xdb4ab78dd7aa129fe76bad90de37511d
- (69) Acct-Session-Id = "8O2.1x81bb084300078073"
- (69) NAS-Port-Id = "ge-3/0/6.0"
- (69) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (69) Called-Station-Id = "ec-3e-f7-68-35-00"
- (69) NAS-IP-Address = 10.8.0.111
- (69) NAS-Identifier = "nyc-access-sw011"
- (69) NAS-Port-Type = Ethernet
- (69) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (69) authorize {
- (69) policy filter_username {
- (69) if (&User-Name) {
- (69) if (&User-Name) -> TRUE
- (69) if (&User-Name) {
- (69) if (&User-Name =~ / /) {
- (69) if (&User-Name =~ / /) -> FALSE
- (69) if (&User-Name =~ /@[^@]*@/ ) {
- (69) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (69) if (&User-Name =~ /\.\./ ) {
- (69) if (&User-Name =~ /\.\./ ) -> FALSE
- (69) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (69) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (69) if (&User-Name =~ /\.$/) {
- (69) if (&User-Name =~ /\.$/) -> FALSE
- (69) if (&User-Name =~ /@\./) {
- (69) if (&User-Name =~ /@\./) -> FALSE
- (69) } # if (&User-Name) = notfound
- (69) } # policy filter_username = notfound
- (69) [preprocess] = ok
- (69) [chap] = noop
- (69) [mschap] = noop
- (69) [digest] = noop
- (69) suffix: Checking for suffix after "@"
- (69) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (69) suffix: No such realm "NULL"
- (69) [suffix] = noop
- (69) eap: Peer sent EAP Response (code 2) ID 69 length 15
- (69) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (69) [eap] = ok
- (69) } # authorize = ok
- (69) Found Auth-Type = eap
- (69) # Executing group from file /etc/raddb/sites-enabled/default
- (69) authenticate {
- (69) eap: Peer sent packet with method EAP Identity (1)
- (69) eap: Calling submodule eap_peap to process data
- (69) eap_peap: Initiating new EAP-TLS session
- (69) eap_peap: [eaptls start] = request
- (69) eap: Sending EAP Request (code 1) ID 70 length 6
- (69) eap: EAP session adding &reply:State = 0xf214d99cf252c0aa
- (69) [eap] = handled
- (69) } # authenticate = handled
- (69) Using Post-Auth-Type Challenge
- (69) Post-Auth-Type sub-section not found. Ignoring.
- (69) # Executing group from file /etc/raddb/sites-enabled/default
- (69) Sent Access-Challenge Id 93 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (69) EAP-Message = 0x014600061920
- (69) Message-Authenticator = 0x00000000000000000000000000000000
- (69) State = 0xf214d99cf252c0aab36cabc7e26f3f6c
- (69) Finished request
- Waking up in 3.1 seconds.
- (70) Received Access-Request Id 94 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (70) User-Name = "vkratsberg"
- (70) NAS-Port = 358
- (70) State = 0xf214d99cf252c0aab36cabc7e26f3f6c
- (70) EAP-Message = 0x024600a31980000000991603010094010000900301573f503dc226f7f2a3f871de057f854b703d45fa28a4c6816d6d1ab7c71815db20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (70) Message-Authenticator = 0xcd0f356be9e0aff865572228e3802ea6
- (70) Acct-Session-Id = "8O2.1x81bb084300078073"
- (70) NAS-Port-Id = "ge-3/0/6.0"
- (70) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (70) Called-Station-Id = "ec-3e-f7-68-35-00"
- (70) NAS-IP-Address = 10.8.0.111
- (70) NAS-Identifier = "nyc-access-sw011"
- (70) NAS-Port-Type = Ethernet
- (70) session-state: No cached attributes
- (70) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (70) authorize {
- (70) policy filter_username {
- (70) if (&User-Name) {
- (70) if (&User-Name) -> TRUE
- (70) if (&User-Name) {
- (70) if (&User-Name =~ / /) {
- (70) if (&User-Name =~ / /) -> FALSE
- (70) if (&User-Name =~ /@[^@]*@/ ) {
- (70) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (70) if (&User-Name =~ /\.\./ ) {
- (70) if (&User-Name =~ /\.\./ ) -> FALSE
- (70) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (70) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (70) if (&User-Name =~ /\.$/) {
- (70) if (&User-Name =~ /\.$/) -> FALSE
- (70) if (&User-Name =~ /@\./) {
- (70) if (&User-Name =~ /@\./) -> FALSE
- (70) } # if (&User-Name) = notfound
- (70) } # policy filter_username = notfound
- (70) [preprocess] = ok
- (70) [chap] = noop
- (70) [mschap] = noop
- (70) [digest] = noop
- (70) suffix: Checking for suffix after "@"
- (70) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (70) suffix: No such realm "NULL"
- (70) [suffix] = noop
- (70) eap: Peer sent EAP Response (code 2) ID 70 length 163
- (70) eap: Continuing tunnel setup
- (70) [eap] = ok
- (70) } # authorize = ok
- (70) Found Auth-Type = eap
- (70) # Executing group from file /etc/raddb/sites-enabled/default
- (70) authenticate {
- (70) eap: Expiring EAP session with state 0xf214d99cf252c0aa
- (70) eap: Finished EAP session with state 0xf214d99cf252c0aa
- (70) eap: Previous EAP request found for state 0xf214d99cf252c0aa, released from the list
- (70) eap: Peer sent packet with method EAP PEAP (25)
- (70) eap: Calling submodule eap_peap to process data
- (70) eap_peap: Continuing EAP-TLS
- (70) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (70) eap_peap: Got complete TLS record (153 bytes)
- (70) eap_peap: [eaptls verify] = length included
- (70) eap_peap: (other): before/accept initialization
- (70) eap_peap: TLS_accept: before/accept initialization
- (70) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (70) eap_peap: TLS_accept: SSLv3 read client hello A
- (70) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (70) eap_peap: TLS_accept: SSLv3 write server hello A
- (70) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (70) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (70) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (70) eap_peap: TLS_accept: SSLv3 write finished A
- (70) eap_peap: TLS_accept: SSLv3 flush data
- (70) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (70) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (70) eap_peap: In SSL Handshake Phase
- (70) eap_peap: In SSL Accept mode
- (70) eap_peap: [eaptls process] = handled
- (70) eap: Sending EAP Request (code 1) ID 71 length 159
- (70) eap: EAP session adding &reply:State = 0xf214d99cf353c0aa
- (70) [eap] = handled
- (70) } # authenticate = handled
- (70) Using Post-Auth-Type Challenge
- (70) Post-Auth-Type sub-section not found. Ignoring.
- (70) # Executing group from file /etc/raddb/sites-enabled/default
- (70) Sent Access-Challenge Id 94 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (70) EAP-Message = 0x0147009f19001603010059020000550301573f503dd43b1ce347d9fabdda9d004c5ad5fad10f24d16628dbc3d4811c97c020274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030e44758b93e873cba
- (70) Message-Authenticator = 0x00000000000000000000000000000000
- (70) State = 0xf214d99cf353c0aab36cabc7e26f3f6c
- (70) Finished request
- Waking up in 3.1 seconds.
- (71) Received Access-Request Id 95 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (71) User-Name = "vkratsberg"
- (71) NAS-Port = 358
- (71) State = 0xf214d99cf353c0aab36cabc7e26f3f6c
- (71) EAP-Message = 0x0247004519800000003b14030100010116030100309bc5424354d4b327ac9fb10bfa50e7db04c5f052ce2b1a15c73d3b6956f54d9bb34647a5f49b8165508f04e46bf98b74
- (71) Message-Authenticator = 0xcebd077a1c92f15e4c84929c44aa9014
- (71) Acct-Session-Id = "8O2.1x81bb084300078073"
- (71) NAS-Port-Id = "ge-3/0/6.0"
- (71) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (71) Called-Station-Id = "ec-3e-f7-68-35-00"
- (71) NAS-IP-Address = 10.8.0.111
- (71) NAS-Identifier = "nyc-access-sw011"
- (71) NAS-Port-Type = Ethernet
- (71) session-state: No cached attributes
- (71) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (71) authorize {
- (71) policy filter_username {
- (71) if (&User-Name) {
- (71) if (&User-Name) -> TRUE
- (71) if (&User-Name) {
- (71) if (&User-Name =~ / /) {
- (71) if (&User-Name =~ / /) -> FALSE
- (71) if (&User-Name =~ /@[^@]*@/ ) {
- (71) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (71) if (&User-Name =~ /\.\./ ) {
- (71) if (&User-Name =~ /\.\./ ) -> FALSE
- (71) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (71) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (71) if (&User-Name =~ /\.$/) {
- (71) if (&User-Name =~ /\.$/) -> FALSE
- (71) if (&User-Name =~ /@\./) {
- (71) if (&User-Name =~ /@\./) -> FALSE
- (71) } # if (&User-Name) = notfound
- (71) } # policy filter_username = notfound
- (71) [preprocess] = ok
- (71) [chap] = noop
- (71) [mschap] = noop
- (71) [digest] = noop
- (71) suffix: Checking for suffix after "@"
- (71) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (71) suffix: No such realm "NULL"
- (71) [suffix] = noop
- (71) eap: Peer sent EAP Response (code 2) ID 71 length 69
- (71) eap: Continuing tunnel setup
- (71) [eap] = ok
- (71) } # authorize = ok
- (71) Found Auth-Type = eap
- (71) # Executing group from file /etc/raddb/sites-enabled/default
- (71) authenticate {
- (71) eap: Expiring EAP session with state 0xf214d99cf353c0aa
- (71) eap: Finished EAP session with state 0xf214d99cf353c0aa
- (71) eap: Previous EAP request found for state 0xf214d99cf353c0aa, released from the list
- (71) eap: Peer sent packet with method EAP PEAP (25)
- (71) eap: Calling submodule eap_peap to process data
- (71) eap_peap: Continuing EAP-TLS
- (71) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (71) eap_peap: Got complete TLS record (59 bytes)
- (71) eap_peap: [eaptls verify] = length included
- (71) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (71) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (71) eap_peap: TLS_accept: SSLv3 read finished A
- (71) eap_peap: (other): SSL negotiation finished successfully
- (71) eap_peap: SSL Connection Established
- (71) eap_peap: SSL Application Data
- (71) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (71) eap_peap: reply:User-Name = "vkratsberg"
- (71) eap_peap: [eaptls process] = success
- (71) eap_peap: Session established. Decoding tunneled attributes
- (71) eap_peap: PEAP state TUNNEL ESTABLISHED
- (71) eap_peap: Skipping Phase2 because of session resumption
- (71) eap_peap: SUCCESS
- (71) eap: Sending EAP Request (code 1) ID 72 length 43
- (71) eap: EAP session adding &reply:State = 0xf214d99cf05cc0aa
- (71) [eap] = handled
- (71) } # authenticate = handled
- (71) Using Post-Auth-Type Challenge
- (71) Post-Auth-Type sub-section not found. Ignoring.
- (71) # Executing group from file /etc/raddb/sites-enabled/default
- (71) Sent Access-Challenge Id 95 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (71) User-Name = "vkratsberg"
- (71) EAP-Message = 0x0148002b190017030100203ba2b8edfe2acf0242a9522d715ddbbe6562b8924b450804bedaafd34fde6ddb
- (71) Message-Authenticator = 0x00000000000000000000000000000000
- (71) State = 0xf214d99cf05cc0aab36cabc7e26f3f6c
- (71) Finished request
- Waking up in 3.1 seconds.
- (72) Received Access-Request Id 96 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (72) User-Name = "vkratsberg"
- (72) NAS-Port = 358
- (72) State = 0xf214d99cf05cc0aab36cabc7e26f3f6c
- (72) EAP-Message = 0x0248002b190017030100206462fd5ad5c05e17fa7cd663751415ffb668e6f0da0c7df59b42faffcc3843c5
- (72) Message-Authenticator = 0xba25873bbdeac95346dd65ad3fbdaf90
- (72) Acct-Session-Id = "8O2.1x81bb084300078073"
- (72) NAS-Port-Id = "ge-3/0/6.0"
- (72) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (72) Called-Station-Id = "ec-3e-f7-68-35-00"
- (72) NAS-IP-Address = 10.8.0.111
- (72) NAS-Identifier = "nyc-access-sw011"
- (72) NAS-Port-Type = Ethernet
- (72) session-state: No cached attributes
- (72) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (72) authorize {
- (72) policy filter_username {
- (72) if (&User-Name) {
- (72) if (&User-Name) -> TRUE
- (72) if (&User-Name) {
- (72) if (&User-Name =~ / /) {
- (72) if (&User-Name =~ / /) -> FALSE
- (72) if (&User-Name =~ /@[^@]*@/ ) {
- (72) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (72) if (&User-Name =~ /\.\./ ) {
- (72) if (&User-Name =~ /\.\./ ) -> FALSE
- (72) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (72) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (72) if (&User-Name =~ /\.$/) {
- (72) if (&User-Name =~ /\.$/) -> FALSE
- (72) if (&User-Name =~ /@\./) {
- (72) if (&User-Name =~ /@\./) -> FALSE
- (72) } # if (&User-Name) = notfound
- (72) } # policy filter_username = notfound
- (72) [preprocess] = ok
- (72) [chap] = noop
- (72) [mschap] = noop
- (72) [digest] = noop
- (72) suffix: Checking for suffix after "@"
- (72) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (72) suffix: No such realm "NULL"
- (72) [suffix] = noop
- (72) eap: Peer sent EAP Response (code 2) ID 72 length 43
- (72) eap: Continuing tunnel setup
- (72) [eap] = ok
- (72) } # authorize = ok
- (72) Found Auth-Type = eap
- (72) # Executing group from file /etc/raddb/sites-enabled/default
- (72) authenticate {
- (72) eap: Expiring EAP session with state 0xf214d99cf05cc0aa
- (72) eap: Finished EAP session with state 0xf214d99cf05cc0aa
- (72) eap: Previous EAP request found for state 0xf214d99cf05cc0aa, released from the list
- (72) eap: Peer sent packet with method EAP PEAP (25)
- (72) eap: Calling submodule eap_peap to process data
- (72) eap_peap: Continuing EAP-TLS
- (72) eap_peap: [eaptls verify] = ok
- (72) eap_peap: Done initial handshake
- (72) eap_peap: [eaptls process] = ok
- (72) eap_peap: Session established. Decoding tunneled attributes
- (72) eap_peap: PEAP state send tlv success
- (72) eap_peap: Received EAP-TLV response
- (72) eap_peap: Success
- (72) eap_peap: No saved attributes in the original Access-Accept
- (72) eap: Sending EAP Success (code 3) ID 72 length 4
- (72) eap: Freeing handler
- (72) [eap] = ok
- (72) } # authenticate = ok
- (72) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (72) post-auth {
- (72) update {
- (72) No attributes updated
- (72) } # update = noop
- (72) [exec] = noop
- (72) policy remove_reply_message_if_eap {
- (72) if (&reply:EAP-Message && &reply:Reply-Message) {
- (72) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (72) else {
- (72) [noop] = noop
- (72) } # else = noop
- (72) } # policy remove_reply_message_if_eap = noop
- (72) } # post-auth = noop
- (72) Sent Access-Accept Id 96 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (72) MS-MPPE-Recv-Key = 0x4829c9d05e3d9d8823348fdac50209e2796642250b6bdc7e8c8ab5d550b00469
- (72) MS-MPPE-Send-Key = 0x8a8fc4cdbdd3e2d7ec392ba17e986a12377389bc5d4991f4fa648802740a3c07
- (72) EAP-Message = 0x03480004
- (72) Message-Authenticator = 0x00000000000000000000000000000000
- (72) User-Name = "vkratsberg"
- (72) Finished request
- Waking up in 3.1 seconds.
- (73) Received Access-Request Id 97 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (73) User-Name = "vkratsberg"
- (73) NAS-Port = 358
- (73) EAP-Message = 0x0249000f01766b7261747362657267
- (73) Message-Authenticator = 0xe6e5e5ebe9d18107e9633e3f4241e0d2
- (73) Acct-Session-Id = "8O2.1x81bb084400092155"
- (73) NAS-Port-Id = "ge-3/0/6.0"
- (73) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (73) Called-Station-Id = "ec-3e-f7-68-35-00"
- (73) NAS-IP-Address = 10.8.0.111
- (73) NAS-Identifier = "nyc-access-sw011"
- (73) NAS-Port-Type = Ethernet
- (73) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (73) authorize {
- (73) policy filter_username {
- (73) if (&User-Name) {
- (73) if (&User-Name) -> TRUE
- (73) if (&User-Name) {
- (73) if (&User-Name =~ / /) {
- (73) if (&User-Name =~ / /) -> FALSE
- (73) if (&User-Name =~ /@[^@]*@/ ) {
- (73) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (73) if (&User-Name =~ /\.\./ ) {
- (73) if (&User-Name =~ /\.\./ ) -> FALSE
- (73) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (73) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (73) if (&User-Name =~ /\.$/) {
- (73) if (&User-Name =~ /\.$/) -> FALSE
- (73) if (&User-Name =~ /@\./) {
- (73) if (&User-Name =~ /@\./) -> FALSE
- (73) } # if (&User-Name) = notfound
- (73) } # policy filter_username = notfound
- (73) [preprocess] = ok
- (73) [chap] = noop
- (73) [mschap] = noop
- (73) [digest] = noop
- (73) suffix: Checking for suffix after "@"
- (73) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (73) suffix: No such realm "NULL"
- (73) [suffix] = noop
- (73) eap: Peer sent EAP Response (code 2) ID 73 length 15
- (73) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (73) [eap] = ok
- (73) } # authorize = ok
- (73) Found Auth-Type = eap
- (73) # Executing group from file /etc/raddb/sites-enabled/default
- (73) authenticate {
- (73) eap: Peer sent packet with method EAP Identity (1)
- (73) eap: Calling submodule eap_peap to process data
- (73) eap_peap: Initiating new EAP-TLS session
- (73) eap_peap: [eaptls start] = request
- (73) eap: Sending EAP Request (code 1) ID 74 length 6
- (73) eap: EAP session adding &reply:State = 0x6ff5c6136fbfdf22
- (73) [eap] = handled
- (73) } # authenticate = handled
- (73) Using Post-Auth-Type Challenge
- (73) Post-Auth-Type sub-section not found. Ignoring.
- (73) # Executing group from file /etc/raddb/sites-enabled/default
- (73) Sent Access-Challenge Id 97 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (73) EAP-Message = 0x014a00061920
- (73) Message-Authenticator = 0x00000000000000000000000000000000
- (73) State = 0x6ff5c6136fbfdf2224c60e2fa9818bab
- (73) Finished request
- Waking up in 3.0 seconds.
- (74) Received Access-Request Id 98 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (74) User-Name = "vkratsberg"
- (74) NAS-Port = 358
- (74) State = 0x6ff5c6136fbfdf2224c60e2fa9818bab
- (74) EAP-Message = 0x024a00a31980000000991603010094010000900301573f503d4e2d8599be307519ae6a7c03a515deaacccc5665da82774931b16b9420274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (74) Message-Authenticator = 0x35f69a144a3e377429d62cfb4ccd069f
- (74) Acct-Session-Id = "8O2.1x81bb084400092155"
- (74) NAS-Port-Id = "ge-3/0/6.0"
- (74) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (74) Called-Station-Id = "ec-3e-f7-68-35-00"
- (74) NAS-IP-Address = 10.8.0.111
- (74) NAS-Identifier = "nyc-access-sw011"
- (74) NAS-Port-Type = Ethernet
- (74) session-state: No cached attributes
- (74) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (74) authorize {
- (74) policy filter_username {
- (74) if (&User-Name) {
- (74) if (&User-Name) -> TRUE
- (74) if (&User-Name) {
- (74) if (&User-Name =~ / /) {
- (74) if (&User-Name =~ / /) -> FALSE
- (74) if (&User-Name =~ /@[^@]*@/ ) {
- (74) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (74) if (&User-Name =~ /\.\./ ) {
- (74) if (&User-Name =~ /\.\./ ) -> FALSE
- (74) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (74) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (74) if (&User-Name =~ /\.$/) {
- (74) if (&User-Name =~ /\.$/) -> FALSE
- (74) if (&User-Name =~ /@\./) {
- (74) if (&User-Name =~ /@\./) -> FALSE
- (74) } # if (&User-Name) = notfound
- (74) } # policy filter_username = notfound
- (74) [preprocess] = ok
- (74) [chap] = noop
- (74) [mschap] = noop
- (74) [digest] = noop
- (74) suffix: Checking for suffix after "@"
- (74) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (74) suffix: No such realm "NULL"
- (74) [suffix] = noop
- (74) eap: Peer sent EAP Response (code 2) ID 74 length 163
- (74) eap: Continuing tunnel setup
- (74) [eap] = ok
- (74) } # authorize = ok
- (74) Found Auth-Type = eap
- (74) # Executing group from file /etc/raddb/sites-enabled/default
- (74) authenticate {
- (74) eap: Expiring EAP session with state 0x6ff5c6136fbfdf22
- (74) eap: Finished EAP session with state 0x6ff5c6136fbfdf22
- (74) eap: Previous EAP request found for state 0x6ff5c6136fbfdf22, released from the list
- (74) eap: Peer sent packet with method EAP PEAP (25)
- (74) eap: Calling submodule eap_peap to process data
- (74) eap_peap: Continuing EAP-TLS
- (74) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (74) eap_peap: Got complete TLS record (153 bytes)
- (74) eap_peap: [eaptls verify] = length included
- (74) eap_peap: (other): before/accept initialization
- (74) eap_peap: TLS_accept: before/accept initialization
- (74) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (74) eap_peap: TLS_accept: SSLv3 read client hello A
- (74) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (74) eap_peap: TLS_accept: SSLv3 write server hello A
- (74) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (74) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (74) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (74) eap_peap: TLS_accept: SSLv3 write finished A
- (74) eap_peap: TLS_accept: SSLv3 flush data
- (74) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (74) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (74) eap_peap: In SSL Handshake Phase
- (74) eap_peap: In SSL Accept mode
- (74) eap_peap: [eaptls process] = handled
- (74) eap: Sending EAP Request (code 1) ID 75 length 159
- (74) eap: EAP session adding &reply:State = 0x6ff5c6136ebedf22
- (74) [eap] = handled
- (74) } # authenticate = handled
- (74) Using Post-Auth-Type Challenge
- (74) Post-Auth-Type sub-section not found. Ignoring.
- (74) # Executing group from file /etc/raddb/sites-enabled/default
- (74) Sent Access-Challenge Id 98 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (74) EAP-Message = 0x014b009f19001603010059020000550301573f503d450f739bad5cfeac5bad7d625a25635036db2b6c6b929de957e3196420274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030951d3c3f01e60821
- (74) Message-Authenticator = 0x00000000000000000000000000000000
- (74) State = 0x6ff5c6136ebedf2224c60e2fa9818bab
- (74) Finished request
- Waking up in 3.0 seconds.
- (75) Received Access-Request Id 99 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (75) User-Name = "vkratsberg"
- (75) NAS-Port = 358
- (75) State = 0x6ff5c6136ebedf2224c60e2fa9818bab
- (75) EAP-Message = 0x024b004519800000003b1403010001011603010030a7ff85503f032b05d89dfab321a00a7c10d916ee0ba0d297a846f4e01b0b33ac52a1bd08a1b56c41c787e7c8d65ae843
- (75) Message-Authenticator = 0xcb284154e3e693517d4fe6463192ffe4
- (75) Acct-Session-Id = "8O2.1x81bb084400092155"
- (75) NAS-Port-Id = "ge-3/0/6.0"
- (75) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (75) Called-Station-Id = "ec-3e-f7-68-35-00"
- (75) NAS-IP-Address = 10.8.0.111
- (75) NAS-Identifier = "nyc-access-sw011"
- (75) NAS-Port-Type = Ethernet
- (75) session-state: No cached attributes
- (75) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (75) authorize {
- (75) policy filter_username {
- (75) if (&User-Name) {
- (75) if (&User-Name) -> TRUE
- (75) if (&User-Name) {
- (75) if (&User-Name =~ / /) {
- (75) if (&User-Name =~ / /) -> FALSE
- (75) if (&User-Name =~ /@[^@]*@/ ) {
- (75) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (75) if (&User-Name =~ /\.\./ ) {
- (75) if (&User-Name =~ /\.\./ ) -> FALSE
- (75) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (75) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (75) if (&User-Name =~ /\.$/) {
- (75) if (&User-Name =~ /\.$/) -> FALSE
- (75) if (&User-Name =~ /@\./) {
- (75) if (&User-Name =~ /@\./) -> FALSE
- (75) } # if (&User-Name) = notfound
- (75) } # policy filter_username = notfound
- (75) [preprocess] = ok
- (75) [chap] = noop
- (75) [mschap] = noop
- (75) [digest] = noop
- (75) suffix: Checking for suffix after "@"
- (75) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (75) suffix: No such realm "NULL"
- (75) [suffix] = noop
- (75) eap: Peer sent EAP Response (code 2) ID 75 length 69
- (75) eap: Continuing tunnel setup
- (75) [eap] = ok
- (75) } # authorize = ok
- (75) Found Auth-Type = eap
- (75) # Executing group from file /etc/raddb/sites-enabled/default
- (75) authenticate {
- (75) eap: Expiring EAP session with state 0x6ff5c6136ebedf22
- (75) eap: Finished EAP session with state 0x6ff5c6136ebedf22
- (75) eap: Previous EAP request found for state 0x6ff5c6136ebedf22, released from the list
- (75) eap: Peer sent packet with method EAP PEAP (25)
- (75) eap: Calling submodule eap_peap to process data
- (75) eap_peap: Continuing EAP-TLS
- (75) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (75) eap_peap: Got complete TLS record (59 bytes)
- (75) eap_peap: [eaptls verify] = length included
- (75) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (75) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (75) eap_peap: TLS_accept: SSLv3 read finished A
- (75) eap_peap: (other): SSL negotiation finished successfully
- (75) eap_peap: SSL Connection Established
- (75) eap_peap: SSL Application Data
- (75) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (75) eap_peap: reply:User-Name = "vkratsberg"
- (75) eap_peap: [eaptls process] = success
- (75) eap_peap: Session established. Decoding tunneled attributes
- (75) eap_peap: PEAP state TUNNEL ESTABLISHED
- (75) eap_peap: Skipping Phase2 because of session resumption
- (75) eap_peap: SUCCESS
- (75) eap: Sending EAP Request (code 1) ID 76 length 43
- (75) eap: EAP session adding &reply:State = 0x6ff5c6136db9df22
- (75) [eap] = handled
- (75) } # authenticate = handled
- (75) Using Post-Auth-Type Challenge
- (75) Post-Auth-Type sub-section not found. Ignoring.
- (75) # Executing group from file /etc/raddb/sites-enabled/default
- (75) Sent Access-Challenge Id 99 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (75) User-Name = "vkratsberg"
- (75) EAP-Message = 0x014c002b19001703010020a41f6798586a9fb9a166fe67ddc40ae0c16b02ba5e4de00d8504d751c50ee8df
- (75) Message-Authenticator = 0x00000000000000000000000000000000
- (75) State = 0x6ff5c6136db9df2224c60e2fa9818bab
- (75) Finished request
- Waking up in 3.0 seconds.
- (76) Received Access-Request Id 100 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (76) User-Name = "vkratsberg"
- (76) NAS-Port = 358
- (76) State = 0x6ff5c6136db9df2224c60e2fa9818bab
- (76) EAP-Message = 0x024c002b190017030100205ff39399c2b2616d1c51778ae5ccf847eb76ef10c3bf2c125468cac05430ef57
- (76) Message-Authenticator = 0xedae445c754ae369d8ca81f698aeec60
- (76) Acct-Session-Id = "8O2.1x81bb084400092155"
- (76) NAS-Port-Id = "ge-3/0/6.0"
- (76) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (76) Called-Station-Id = "ec-3e-f7-68-35-00"
- (76) NAS-IP-Address = 10.8.0.111
- (76) NAS-Identifier = "nyc-access-sw011"
- (76) NAS-Port-Type = Ethernet
- (76) session-state: No cached attributes
- (76) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (76) authorize {
- (76) policy filter_username {
- (76) if (&User-Name) {
- (76) if (&User-Name) -> TRUE
- (76) if (&User-Name) {
- (76) if (&User-Name =~ / /) {
- (76) if (&User-Name =~ / /) -> FALSE
- (76) if (&User-Name =~ /@[^@]*@/ ) {
- (76) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (76) if (&User-Name =~ /\.\./ ) {
- (76) if (&User-Name =~ /\.\./ ) -> FALSE
- (76) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (76) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (76) if (&User-Name =~ /\.$/) {
- (76) if (&User-Name =~ /\.$/) -> FALSE
- (76) if (&User-Name =~ /@\./) {
- (76) if (&User-Name =~ /@\./) -> FALSE
- (76) } # if (&User-Name) = notfound
- (76) } # policy filter_username = notfound
- (76) [preprocess] = ok
- (76) [chap] = noop
- (76) [mschap] = noop
- (76) [digest] = noop
- (76) suffix: Checking for suffix after "@"
- (76) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (76) suffix: No such realm "NULL"
- (76) [suffix] = noop
- (76) eap: Peer sent EAP Response (code 2) ID 76 length 43
- (76) eap: Continuing tunnel setup
- (76) [eap] = ok
- (76) } # authorize = ok
- (76) Found Auth-Type = eap
- (76) # Executing group from file /etc/raddb/sites-enabled/default
- (76) authenticate {
- (76) eap: Expiring EAP session with state 0x6ff5c6136db9df22
- (76) eap: Finished EAP session with state 0x6ff5c6136db9df22
- (76) eap: Previous EAP request found for state 0x6ff5c6136db9df22, released from the list
- (76) eap: Peer sent packet with method EAP PEAP (25)
- (76) eap: Calling submodule eap_peap to process data
- (76) eap_peap: Continuing EAP-TLS
- (76) eap_peap: [eaptls verify] = ok
- (76) eap_peap: Done initial handshake
- (76) eap_peap: [eaptls process] = ok
- (76) eap_peap: Session established. Decoding tunneled attributes
- (76) eap_peap: PEAP state send tlv success
- (76) eap_peap: Received EAP-TLV response
- (76) eap_peap: Success
- (76) eap_peap: No saved attributes in the original Access-Accept
- (76) eap: Sending EAP Success (code 3) ID 76 length 4
- (76) eap: Freeing handler
- (76) [eap] = ok
- (76) } # authenticate = ok
- (76) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (76) post-auth {
- (76) update {
- (76) No attributes updated
- (76) } # update = noop
- (76) [exec] = noop
- (76) policy remove_reply_message_if_eap {
- (76) if (&reply:EAP-Message && &reply:Reply-Message) {
- (76) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (76) else {
- (76) [noop] = noop
- (76) } # else = noop
- (76) } # policy remove_reply_message_if_eap = noop
- (76) } # post-auth = noop
- (76) Sent Access-Accept Id 100 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (76) MS-MPPE-Recv-Key = 0xe35cd467c0b073d0be5c2bb8de580b901a90b5d399b6b82278b7988073c96ec2
- (76) MS-MPPE-Send-Key = 0x19baeadd9b27d9de769a625a8cf679729a33b5fd6980cd108df7f37871182435
- (76) EAP-Message = 0x034c0004
- (76) Message-Authenticator = 0x00000000000000000000000000000000
- (76) User-Name = "vkratsberg"
- (76) Finished request
- Waking up in 2.9 seconds.
- (77) Received Access-Request Id 101 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (77) User-Name = "vkratsberg"
- (77) NAS-Port = 358
- (77) EAP-Message = 0x024d000f01766b7261747362657267
- (77) Message-Authenticator = 0x917339b5952cb37484d11309b6bcf60f
- (77) Acct-Session-Id = "8O2.1x81bb0845000abeb9"
- (77) NAS-Port-Id = "ge-3/0/6.0"
- (77) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (77) Called-Station-Id = "ec-3e-f7-68-35-00"
- (77) NAS-IP-Address = 10.8.0.111
- (77) NAS-Identifier = "nyc-access-sw011"
- (77) NAS-Port-Type = Ethernet
- (77) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (77) authorize {
- (77) policy filter_username {
- (77) if (&User-Name) {
- (77) if (&User-Name) -> TRUE
- (77) if (&User-Name) {
- (77) if (&User-Name =~ / /) {
- (77) if (&User-Name =~ / /) -> FALSE
- (77) if (&User-Name =~ /@[^@]*@/ ) {
- (77) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (77) if (&User-Name =~ /\.\./ ) {
- (77) if (&User-Name =~ /\.\./ ) -> FALSE
- (77) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (77) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (77) if (&User-Name =~ /\.$/) {
- (77) if (&User-Name =~ /\.$/) -> FALSE
- (77) if (&User-Name =~ /@\./) {
- (77) if (&User-Name =~ /@\./) -> FALSE
- (77) } # if (&User-Name) = notfound
- (77) } # policy filter_username = notfound
- (77) [preprocess] = ok
- (77) [chap] = noop
- (77) [mschap] = noop
- (77) [digest] = noop
- (77) suffix: Checking for suffix after "@"
- (77) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (77) suffix: No such realm "NULL"
- (77) [suffix] = noop
- (77) eap: Peer sent EAP Response (code 2) ID 77 length 15
- (77) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (77) [eap] = ok
- (77) } # authorize = ok
- (77) Found Auth-Type = eap
- (77) # Executing group from file /etc/raddb/sites-enabled/default
- (77) authenticate {
- (77) eap: Peer sent packet with method EAP Identity (1)
- (77) eap: Calling submodule eap_peap to process data
- (77) eap_peap: Initiating new EAP-TLS session
- (77) eap_peap: [eaptls start] = request
- (77) eap: Sending EAP Request (code 1) ID 78 length 6
- (77) eap: EAP session adding &reply:State = 0x9d0d5abc9d434358
- (77) [eap] = handled
- (77) } # authenticate = handled
- (77) Using Post-Auth-Type Challenge
- (77) Post-Auth-Type sub-section not found. Ignoring.
- (77) # Executing group from file /etc/raddb/sites-enabled/default
- (77) Sent Access-Challenge Id 101 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (77) EAP-Message = 0x014e00061920
- (77) Message-Authenticator = 0x00000000000000000000000000000000
- (77) State = 0x9d0d5abc9d434358cd2e63b54f3ee4cc
- (77) Finished request
- Waking up in 2.9 seconds.
- (78) Received Access-Request Id 102 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (78) User-Name = "vkratsberg"
- (78) NAS-Port = 358
- (78) State = 0x9d0d5abc9d434358cd2e63b54f3ee4cc
- (78) EAP-Message = 0x024e00a31980000000991603010094010000900301573f503dd3bfffc516c33b4bf9a240a5a68a11ddd7dbade47adffd88284d98d320274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (78) Message-Authenticator = 0x5b2c13fb79c5fac00ebd06a0b082f7b6
- (78) Acct-Session-Id = "8O2.1x81bb0845000abeb9"
- (78) NAS-Port-Id = "ge-3/0/6.0"
- (78) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (78) Called-Station-Id = "ec-3e-f7-68-35-00"
- (78) NAS-IP-Address = 10.8.0.111
- (78) NAS-Identifier = "nyc-access-sw011"
- (78) NAS-Port-Type = Ethernet
- (78) session-state: No cached attributes
- (78) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (78) authorize {
- (78) policy filter_username {
- (78) if (&User-Name) {
- (78) if (&User-Name) -> TRUE
- (78) if (&User-Name) {
- (78) if (&User-Name =~ / /) {
- (78) if (&User-Name =~ / /) -> FALSE
- (78) if (&User-Name =~ /@[^@]*@/ ) {
- (78) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (78) if (&User-Name =~ /\.\./ ) {
- (78) if (&User-Name =~ /\.\./ ) -> FALSE
- (78) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (78) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (78) if (&User-Name =~ /\.$/) {
- (78) if (&User-Name =~ /\.$/) -> FALSE
- (78) if (&User-Name =~ /@\./) {
- (78) if (&User-Name =~ /@\./) -> FALSE
- (78) } # if (&User-Name) = notfound
- (78) } # policy filter_username = notfound
- (78) [preprocess] = ok
- (78) [chap] = noop
- (78) [mschap] = noop
- (78) [digest] = noop
- (78) suffix: Checking for suffix after "@"
- (78) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (78) suffix: No such realm "NULL"
- (78) [suffix] = noop
- (78) eap: Peer sent EAP Response (code 2) ID 78 length 163
- (78) eap: Continuing tunnel setup
- (78) [eap] = ok
- (78) } # authorize = ok
- (78) Found Auth-Type = eap
- (78) # Executing group from file /etc/raddb/sites-enabled/default
- (78) authenticate {
- (78) eap: Expiring EAP session with state 0x9d0d5abc9d434358
- (78) eap: Finished EAP session with state 0x9d0d5abc9d434358
- (78) eap: Previous EAP request found for state 0x9d0d5abc9d434358, released from the list
- (78) eap: Peer sent packet with method EAP PEAP (25)
- (78) eap: Calling submodule eap_peap to process data
- (78) eap_peap: Continuing EAP-TLS
- (78) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (78) eap_peap: Got complete TLS record (153 bytes)
- (78) eap_peap: [eaptls verify] = length included
- (78) eap_peap: (other): before/accept initialization
- (78) eap_peap: TLS_accept: before/accept initialization
- (78) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (78) eap_peap: TLS_accept: SSLv3 read client hello A
- (78) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (78) eap_peap: TLS_accept: SSLv3 write server hello A
- (78) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (78) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (78) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (78) eap_peap: TLS_accept: SSLv3 write finished A
- (78) eap_peap: TLS_accept: SSLv3 flush data
- (78) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (78) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (78) eap_peap: In SSL Handshake Phase
- (78) eap_peap: In SSL Accept mode
- (78) eap_peap: [eaptls process] = handled
- (78) eap: Sending EAP Request (code 1) ID 79 length 159
- (78) eap: EAP session adding &reply:State = 0x9d0d5abc9c424358
- (78) [eap] = handled
- (78) } # authenticate = handled
- (78) Using Post-Auth-Type Challenge
- (78) Post-Auth-Type sub-section not found. Ignoring.
- (78) # Executing group from file /etc/raddb/sites-enabled/default
- (78) Sent Access-Challenge Id 102 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (78) EAP-Message = 0x014f009f19001603010059020000550301573f503db286ec47660e71553344b40d34f0b294b0796a4b2ed87ab6cc75c2f620274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030a686efa8a970c9ea
- (78) Message-Authenticator = 0x00000000000000000000000000000000
- (78) State = 0x9d0d5abc9c424358cd2e63b54f3ee4cc
- (78) Finished request
- Waking up in 2.9 seconds.
- (79) Received Access-Request Id 103 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (79) User-Name = "vkratsberg"
- (79) NAS-Port = 358
- (79) State = 0x9d0d5abc9c424358cd2e63b54f3ee4cc
- (79) EAP-Message = 0x024f004519800000003b14030100010116030100306a4a5769d7db1466e9210d86694b61d41fd881b90b67e85d38d56c54f99ca263cb4502b290c402c43fbe1ce9b29ffde7
- (79) Message-Authenticator = 0xcdd15a2fbc0c7b5abcce444d6c41201a
- (79) Acct-Session-Id = "8O2.1x81bb0845000abeb9"
- (79) NAS-Port-Id = "ge-3/0/6.0"
- (79) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (79) Called-Station-Id = "ec-3e-f7-68-35-00"
- (79) NAS-IP-Address = 10.8.0.111
- (79) NAS-Identifier = "nyc-access-sw011"
- (79) NAS-Port-Type = Ethernet
- (79) session-state: No cached attributes
- (79) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (79) authorize {
- (79) policy filter_username {
- (79) if (&User-Name) {
- (79) if (&User-Name) -> TRUE
- (79) if (&User-Name) {
- (79) if (&User-Name =~ / /) {
- (79) if (&User-Name =~ / /) -> FALSE
- (79) if (&User-Name =~ /@[^@]*@/ ) {
- (79) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (79) if (&User-Name =~ /\.\./ ) {
- (79) if (&User-Name =~ /\.\./ ) -> FALSE
- (79) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (79) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (79) if (&User-Name =~ /\.$/) {
- (79) if (&User-Name =~ /\.$/) -> FALSE
- (79) if (&User-Name =~ /@\./) {
- (79) if (&User-Name =~ /@\./) -> FALSE
- (79) } # if (&User-Name) = notfound
- (79) } # policy filter_username = notfound
- (79) [preprocess] = ok
- (79) [chap] = noop
- (79) [mschap] = noop
- (79) [digest] = noop
- (79) suffix: Checking for suffix after "@"
- (79) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (79) suffix: No such realm "NULL"
- (79) [suffix] = noop
- (79) eap: Peer sent EAP Response (code 2) ID 79 length 69
- (79) eap: Continuing tunnel setup
- (79) [eap] = ok
- (79) } # authorize = ok
- (79) Found Auth-Type = eap
- (79) # Executing group from file /etc/raddb/sites-enabled/default
- (79) authenticate {
- (79) eap: Expiring EAP session with state 0x9d0d5abc9c424358
- (79) eap: Finished EAP session with state 0x9d0d5abc9c424358
- (79) eap: Previous EAP request found for state 0x9d0d5abc9c424358, released from the list
- (79) eap: Peer sent packet with method EAP PEAP (25)
- (79) eap: Calling submodule eap_peap to process data
- (79) eap_peap: Continuing EAP-TLS
- (79) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (79) eap_peap: Got complete TLS record (59 bytes)
- (79) eap_peap: [eaptls verify] = length included
- (79) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (79) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (79) eap_peap: TLS_accept: SSLv3 read finished A
- (79) eap_peap: (other): SSL negotiation finished successfully
- (79) eap_peap: SSL Connection Established
- (79) eap_peap: SSL Application Data
- (79) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (79) eap_peap: reply:User-Name = "vkratsberg"
- (79) eap_peap: [eaptls process] = success
- (79) eap_peap: Session established. Decoding tunneled attributes
- (79) eap_peap: PEAP state TUNNEL ESTABLISHED
- (79) eap_peap: Skipping Phase2 because of session resumption
- (79) eap_peap: SUCCESS
- (79) eap: Sending EAP Request (code 1) ID 80 length 43
- (79) eap: EAP session adding &reply:State = 0x9d0d5abc9f5d4358
- (79) [eap] = handled
- (79) } # authenticate = handled
- (79) Using Post-Auth-Type Challenge
- (79) Post-Auth-Type sub-section not found. Ignoring.
- (79) # Executing group from file /etc/raddb/sites-enabled/default
- (79) Sent Access-Challenge Id 103 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (79) User-Name = "vkratsberg"
- (79) EAP-Message = 0x0150002b19001703010020f4e28daf8b9f063a2127510ec847285a61754e5f5c3350a30c8a17db36dec795
- (79) Message-Authenticator = 0x00000000000000000000000000000000
- (79) State = 0x9d0d5abc9f5d4358cd2e63b54f3ee4cc
- (79) Finished request
- Waking up in 2.8 seconds.
- (80) Received Access-Request Id 104 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (80) User-Name = "vkratsberg"
- (80) NAS-Port = 358
- (80) State = 0x9d0d5abc9f5d4358cd2e63b54f3ee4cc
- (80) EAP-Message = 0x0250002b1900170301002065922aa1e6d0ae9310267c6aaeeaa755f85f233a3cde4f905341e11251d84f44
- (80) Message-Authenticator = 0xeac9283b96e07a540d0a28f5e2a65562
- (80) Acct-Session-Id = "8O2.1x81bb0845000abeb9"
- (80) NAS-Port-Id = "ge-3/0/6.0"
- (80) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (80) Called-Station-Id = "ec-3e-f7-68-35-00"
- (80) NAS-IP-Address = 10.8.0.111
- (80) NAS-Identifier = "nyc-access-sw011"
- (80) NAS-Port-Type = Ethernet
- (80) session-state: No cached attributes
- (80) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (80) authorize {
- (80) policy filter_username {
- (80) if (&User-Name) {
- (80) if (&User-Name) -> TRUE
- (80) if (&User-Name) {
- (80) if (&User-Name =~ / /) {
- (80) if (&User-Name =~ / /) -> FALSE
- (80) if (&User-Name =~ /@[^@]*@/ ) {
- (80) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (80) if (&User-Name =~ /\.\./ ) {
- (80) if (&User-Name =~ /\.\./ ) -> FALSE
- (80) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (80) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (80) if (&User-Name =~ /\.$/) {
- (80) if (&User-Name =~ /\.$/) -> FALSE
- (80) if (&User-Name =~ /@\./) {
- (80) if (&User-Name =~ /@\./) -> FALSE
- (80) } # if (&User-Name) = notfound
- (80) } # policy filter_username = notfound
- (80) [preprocess] = ok
- (80) [chap] = noop
- (80) [mschap] = noop
- (80) [digest] = noop
- (80) suffix: Checking for suffix after "@"
- (80) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (80) suffix: No such realm "NULL"
- (80) [suffix] = noop
- (80) eap: Peer sent EAP Response (code 2) ID 80 length 43
- (80) eap: Continuing tunnel setup
- (80) [eap] = ok
- (80) } # authorize = ok
- (80) Found Auth-Type = eap
- (80) # Executing group from file /etc/raddb/sites-enabled/default
- (80) authenticate {
- (80) eap: Expiring EAP session with state 0x9d0d5abc9f5d4358
- (80) eap: Finished EAP session with state 0x9d0d5abc9f5d4358
- (80) eap: Previous EAP request found for state 0x9d0d5abc9f5d4358, released from the list
- (80) eap: Peer sent packet with method EAP PEAP (25)
- (80) eap: Calling submodule eap_peap to process data
- (80) eap_peap: Continuing EAP-TLS
- (80) eap_peap: [eaptls verify] = ok
- (80) eap_peap: Done initial handshake
- (80) eap_peap: [eaptls process] = ok
- (80) eap_peap: Session established. Decoding tunneled attributes
- (80) eap_peap: PEAP state send tlv success
- (80) eap_peap: Received EAP-TLV response
- (80) eap_peap: Success
- (80) eap_peap: No saved attributes in the original Access-Accept
- (80) eap: Sending EAP Success (code 3) ID 80 length 4
- (80) eap: Freeing handler
- (80) [eap] = ok
- (80) } # authenticate = ok
- (80) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (80) post-auth {
- (80) update {
- (80) No attributes updated
- (80) } # update = noop
- (80) [exec] = noop
- (80) policy remove_reply_message_if_eap {
- (80) if (&reply:EAP-Message && &reply:Reply-Message) {
- (80) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (80) else {
- (80) [noop] = noop
- (80) } # else = noop
- (80) } # policy remove_reply_message_if_eap = noop
- (80) } # post-auth = noop
- (80) Sent Access-Accept Id 104 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (80) MS-MPPE-Recv-Key = 0x0ef2363f1eeaa3122fc5618284ab88ce9ba41a636c39034c0ea58a7f06bd8243
- (80) MS-MPPE-Send-Key = 0x1a05bb1691a91e4033d78ec6c50886b4a77075e84442d0adde448607c83016b9
- (80) EAP-Message = 0x03500004
- (80) Message-Authenticator = 0x00000000000000000000000000000000
- (80) User-Name = "vkratsberg"
- (80) Finished request
- Waking up in 2.8 seconds.
- (81) Received Access-Request Id 105 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (81) User-Name = "vkratsberg"
- (81) NAS-Port = 358
- (81) EAP-Message = 0x0251000f01766b7261747362657267
- (81) Message-Authenticator = 0x20209c723b05045c5639d53cd4ca27da
- (81) Acct-Session-Id = "8O2.1x81bb0846000c5c3d"
- (81) NAS-Port-Id = "ge-3/0/6.0"
- (81) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (81) Called-Station-Id = "ec-3e-f7-68-35-00"
- (81) NAS-IP-Address = 10.8.0.111
- (81) NAS-Identifier = "nyc-access-sw011"
- (81) NAS-Port-Type = Ethernet
- (81) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (81) authorize {
- (81) policy filter_username {
- (81) if (&User-Name) {
- (81) if (&User-Name) -> TRUE
- (81) if (&User-Name) {
- (81) if (&User-Name =~ / /) {
- (81) if (&User-Name =~ / /) -> FALSE
- (81) if (&User-Name =~ /@[^@]*@/ ) {
- (81) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (81) if (&User-Name =~ /\.\./ ) {
- (81) if (&User-Name =~ /\.\./ ) -> FALSE
- (81) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (81) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (81) if (&User-Name =~ /\.$/) {
- (81) if (&User-Name =~ /\.$/) -> FALSE
- (81) if (&User-Name =~ /@\./) {
- (81) if (&User-Name =~ /@\./) -> FALSE
- (81) } # if (&User-Name) = notfound
- (81) } # policy filter_username = notfound
- (81) [preprocess] = ok
- (81) [chap] = noop
- (81) [mschap] = noop
- (81) [digest] = noop
- (81) suffix: Checking for suffix after "@"
- (81) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (81) suffix: No such realm "NULL"
- (81) [suffix] = noop
- (81) eap: Peer sent EAP Response (code 2) ID 81 length 15
- (81) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (81) [eap] = ok
- (81) } # authorize = ok
- (81) Found Auth-Type = eap
- (81) # Executing group from file /etc/raddb/sites-enabled/default
- (81) authenticate {
- (81) eap: Peer sent packet with method EAP Identity (1)
- (81) eap: Calling submodule eap_peap to process data
- (81) eap_peap: Initiating new EAP-TLS session
- (81) eap_peap: [eaptls start] = request
- (81) eap: Sending EAP Request (code 1) ID 82 length 6
- (81) eap: EAP session adding &reply:State = 0x1282b3c712d0aa5d
- (81) [eap] = handled
- (81) } # authenticate = handled
- (81) Using Post-Auth-Type Challenge
- (81) Post-Auth-Type sub-section not found. Ignoring.
- (81) # Executing group from file /etc/raddb/sites-enabled/default
- (81) Sent Access-Challenge Id 105 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (81) EAP-Message = 0x015200061920
- (81) Message-Authenticator = 0x00000000000000000000000000000000
- (81) State = 0x1282b3c712d0aa5d9311ce8743c8961a
- (81) Finished request
- Waking up in 2.8 seconds.
- (82) Received Access-Request Id 106 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (82) User-Name = "vkratsberg"
- (82) NAS-Port = 358
- (82) State = 0x1282b3c712d0aa5d9311ce8743c8961a
- (82) EAP-Message = 0x025200a31980000000991603010094010000900301573f503ddbcca494dbfda341c06134d196d9ea918fe79ba1721e431bafe74d4020274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (82) Message-Authenticator = 0x8fa59f5e56408ed702ea0aef1861ccf1
- (82) Acct-Session-Id = "8O2.1x81bb0846000c5c3d"
- (82) NAS-Port-Id = "ge-3/0/6.0"
- (82) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (82) Called-Station-Id = "ec-3e-f7-68-35-00"
- (82) NAS-IP-Address = 10.8.0.111
- (82) NAS-Identifier = "nyc-access-sw011"
- (82) NAS-Port-Type = Ethernet
- (82) session-state: No cached attributes
- (82) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (82) authorize {
- (82) policy filter_username {
- (82) if (&User-Name) {
- (82) if (&User-Name) -> TRUE
- (82) if (&User-Name) {
- (82) if (&User-Name =~ / /) {
- (82) if (&User-Name =~ / /) -> FALSE
- (82) if (&User-Name =~ /@[^@]*@/ ) {
- (82) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (82) if (&User-Name =~ /\.\./ ) {
- (82) if (&User-Name =~ /\.\./ ) -> FALSE
- (82) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (82) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (82) if (&User-Name =~ /\.$/) {
- (82) if (&User-Name =~ /\.$/) -> FALSE
- (82) if (&User-Name =~ /@\./) {
- (82) if (&User-Name =~ /@\./) -> FALSE
- (82) } # if (&User-Name) = notfound
- (82) } # policy filter_username = notfound
- (82) [preprocess] = ok
- (82) [chap] = noop
- (82) [mschap] = noop
- (82) [digest] = noop
- (82) suffix: Checking for suffix after "@"
- (82) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (82) suffix: No such realm "NULL"
- (82) [suffix] = noop
- (82) eap: Peer sent EAP Response (code 2) ID 82 length 163
- (82) eap: Continuing tunnel setup
- (82) [eap] = ok
- (82) } # authorize = ok
- (82) Found Auth-Type = eap
- (82) # Executing group from file /etc/raddb/sites-enabled/default
- (82) authenticate {
- (82) eap: Expiring EAP session with state 0x1282b3c712d0aa5d
- (82) eap: Finished EAP session with state 0x1282b3c712d0aa5d
- (82) eap: Previous EAP request found for state 0x1282b3c712d0aa5d, released from the list
- (82) eap: Peer sent packet with method EAP PEAP (25)
- (82) eap: Calling submodule eap_peap to process data
- (82) eap_peap: Continuing EAP-TLS
- (82) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (82) eap_peap: Got complete TLS record (153 bytes)
- (82) eap_peap: [eaptls verify] = length included
- (82) eap_peap: (other): before/accept initialization
- (82) eap_peap: TLS_accept: before/accept initialization
- (82) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (82) eap_peap: TLS_accept: SSLv3 read client hello A
- (82) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (82) eap_peap: TLS_accept: SSLv3 write server hello A
- (82) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (82) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (82) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (82) eap_peap: TLS_accept: SSLv3 write finished A
- (82) eap_peap: TLS_accept: SSLv3 flush data
- (82) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (82) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (82) eap_peap: In SSL Handshake Phase
- (82) eap_peap: In SSL Accept mode
- (82) eap_peap: [eaptls process] = handled
- (82) eap: Sending EAP Request (code 1) ID 83 length 159
- (82) eap: EAP session adding &reply:State = 0x1282b3c713d1aa5d
- (82) [eap] = handled
- (82) } # authenticate = handled
- (82) Using Post-Auth-Type Challenge
- (82) Post-Auth-Type sub-section not found. Ignoring.
- (82) # Executing group from file /etc/raddb/sites-enabled/default
- (82) Sent Access-Challenge Id 106 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (82) EAP-Message = 0x0153009f19001603010059020000550301573f503d1f9020ebd5bec3f0c4e3bbb72ba272fb9c3a445fcb088a352f90c46f20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100304653fb878a1c1e1e
- (82) Message-Authenticator = 0x00000000000000000000000000000000
- (82) State = 0x1282b3c713d1aa5d9311ce8743c8961a
- (82) Finished request
- Waking up in 2.8 seconds.
- (83) Received Access-Request Id 107 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (83) User-Name = "vkratsberg"
- (83) NAS-Port = 358
- (83) State = 0x1282b3c713d1aa5d9311ce8743c8961a
- (83) EAP-Message = 0x0253004519800000003b1403010001011603010030ff212521112c4f3a26673934c18da442cb6d941f8994c070edd1b995c6f00dd2d110b09a837c38049a21051fa36cee68
- (83) Message-Authenticator = 0x82aef3808eaaf7933e6d1bf775edba21
- (83) Acct-Session-Id = "8O2.1x81bb0846000c5c3d"
- (83) NAS-Port-Id = "ge-3/0/6.0"
- (83) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (83) Called-Station-Id = "ec-3e-f7-68-35-00"
- (83) NAS-IP-Address = 10.8.0.111
- (83) NAS-Identifier = "nyc-access-sw011"
- (83) NAS-Port-Type = Ethernet
- (83) session-state: No cached attributes
- (83) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (83) authorize {
- (83) policy filter_username {
- (83) if (&User-Name) {
- (83) if (&User-Name) -> TRUE
- (83) if (&User-Name) {
- (83) if (&User-Name =~ / /) {
- (83) if (&User-Name =~ / /) -> FALSE
- (83) if (&User-Name =~ /@[^@]*@/ ) {
- (83) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (83) if (&User-Name =~ /\.\./ ) {
- (83) if (&User-Name =~ /\.\./ ) -> FALSE
- (83) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (83) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (83) if (&User-Name =~ /\.$/) {
- (83) if (&User-Name =~ /\.$/) -> FALSE
- (83) if (&User-Name =~ /@\./) {
- (83) if (&User-Name =~ /@\./) -> FALSE
- (83) } # if (&User-Name) = notfound
- (83) } # policy filter_username = notfound
- (83) [preprocess] = ok
- (83) [chap] = noop
- (83) [mschap] = noop
- (83) [digest] = noop
- (83) suffix: Checking for suffix after "@"
- (83) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (83) suffix: No such realm "NULL"
- (83) [suffix] = noop
- (83) eap: Peer sent EAP Response (code 2) ID 83 length 69
- (83) eap: Continuing tunnel setup
- (83) [eap] = ok
- (83) } # authorize = ok
- (83) Found Auth-Type = eap
- (83) # Executing group from file /etc/raddb/sites-enabled/default
- (83) authenticate {
- (83) eap: Expiring EAP session with state 0x1282b3c713d1aa5d
- (83) eap: Finished EAP session with state 0x1282b3c713d1aa5d
- (83) eap: Previous EAP request found for state 0x1282b3c713d1aa5d, released from the list
- (83) eap: Peer sent packet with method EAP PEAP (25)
- (83) eap: Calling submodule eap_peap to process data
- (83) eap_peap: Continuing EAP-TLS
- (83) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (83) eap_peap: Got complete TLS record (59 bytes)
- (83) eap_peap: [eaptls verify] = length included
- (83) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (83) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (83) eap_peap: TLS_accept: SSLv3 read finished A
- (83) eap_peap: (other): SSL negotiation finished successfully
- (83) eap_peap: SSL Connection Established
- (83) eap_peap: SSL Application Data
- (83) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (83) eap_peap: reply:User-Name = "vkratsberg"
- (83) eap_peap: [eaptls process] = success
- (83) eap_peap: Session established. Decoding tunneled attributes
- (83) eap_peap: PEAP state TUNNEL ESTABLISHED
- (83) eap_peap: Skipping Phase2 because of session resumption
- (83) eap_peap: SUCCESS
- (83) eap: Sending EAP Request (code 1) ID 84 length 43
- (83) eap: EAP session adding &reply:State = 0x1282b3c710d6aa5d
- (83) [eap] = handled
- (83) } # authenticate = handled
- (83) Using Post-Auth-Type Challenge
- (83) Post-Auth-Type sub-section not found. Ignoring.
- (83) # Executing group from file /etc/raddb/sites-enabled/default
- (83) Sent Access-Challenge Id 107 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (83) User-Name = "vkratsberg"
- (83) EAP-Message = 0x0154002b190017030100209760ac1bb8b53623fc06d5bfbd3a22638047620429e21deb8cba4dffd44e3640
- (83) Message-Authenticator = 0x00000000000000000000000000000000
- (83) State = 0x1282b3c710d6aa5d9311ce8743c8961a
- (83) Finished request
- Waking up in 2.7 seconds.
- (84) Received Access-Request Id 108 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (84) User-Name = "vkratsberg"
- (84) NAS-Port = 358
- (84) State = 0x1282b3c710d6aa5d9311ce8743c8961a
- (84) EAP-Message = 0x0254002b190017030100203fec3b7a034a0bd45ed51028351b10ea990311363a5d631bf4dcc1ffe7ae84fa
- (84) Message-Authenticator = 0xab37877a07f117ef12051f64c01b4eb6
- (84) Acct-Session-Id = "8O2.1x81bb0846000c5c3d"
- (84) NAS-Port-Id = "ge-3/0/6.0"
- (84) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (84) Called-Station-Id = "ec-3e-f7-68-35-00"
- (84) NAS-IP-Address = 10.8.0.111
- (84) NAS-Identifier = "nyc-access-sw011"
- (84) NAS-Port-Type = Ethernet
- (84) session-state: No cached attributes
- (84) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (84) authorize {
- (84) policy filter_username {
- (84) if (&User-Name) {
- (84) if (&User-Name) -> TRUE
- (84) if (&User-Name) {
- (84) if (&User-Name =~ / /) {
- (84) if (&User-Name =~ / /) -> FALSE
- (84) if (&User-Name =~ /@[^@]*@/ ) {
- (84) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (84) if (&User-Name =~ /\.\./ ) {
- (84) if (&User-Name =~ /\.\./ ) -> FALSE
- (84) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (84) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (84) if (&User-Name =~ /\.$/) {
- (84) if (&User-Name =~ /\.$/) -> FALSE
- (84) if (&User-Name =~ /@\./) {
- (84) if (&User-Name =~ /@\./) -> FALSE
- (84) } # if (&User-Name) = notfound
- (84) } # policy filter_username = notfound
- (84) [preprocess] = ok
- (84) [chap] = noop
- (84) [mschap] = noop
- (84) [digest] = noop
- (84) suffix: Checking for suffix after "@"
- (84) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (84) suffix: No such realm "NULL"
- (84) [suffix] = noop
- (84) eap: Peer sent EAP Response (code 2) ID 84 length 43
- (84) eap: Continuing tunnel setup
- (84) [eap] = ok
- (84) } # authorize = ok
- (84) Found Auth-Type = eap
- (84) # Executing group from file /etc/raddb/sites-enabled/default
- (84) authenticate {
- (84) eap: Expiring EAP session with state 0x1282b3c710d6aa5d
- (84) eap: Finished EAP session with state 0x1282b3c710d6aa5d
- (84) eap: Previous EAP request found for state 0x1282b3c710d6aa5d, released from the list
- (84) eap: Peer sent packet with method EAP PEAP (25)
- (84) eap: Calling submodule eap_peap to process data
- (84) eap_peap: Continuing EAP-TLS
- (84) eap_peap: [eaptls verify] = ok
- (84) eap_peap: Done initial handshake
- (84) eap_peap: [eaptls process] = ok
- (84) eap_peap: Session established. Decoding tunneled attributes
- (84) eap_peap: PEAP state send tlv success
- (84) eap_peap: Received EAP-TLV response
- (84) eap_peap: Success
- (84) eap_peap: No saved attributes in the original Access-Accept
- (84) eap: Sending EAP Success (code 3) ID 84 length 4
- (84) eap: Freeing handler
- (84) [eap] = ok
- (84) } # authenticate = ok
- (84) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (84) post-auth {
- (84) update {
- (84) No attributes updated
- (84) } # update = noop
- (84) [exec] = noop
- (84) policy remove_reply_message_if_eap {
- (84) if (&reply:EAP-Message && &reply:Reply-Message) {
- (84) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (84) else {
- (84) [noop] = noop
- (84) } # else = noop
- (84) } # policy remove_reply_message_if_eap = noop
- (84) } # post-auth = noop
- (84) Sent Access-Accept Id 108 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (84) MS-MPPE-Recv-Key = 0xfaf701d3b3c4a4a1b5baaa25f05b810dc9c394ff78206175d7a2270d8d7a6343
- (84) MS-MPPE-Send-Key = 0xb65276371fa9e39891f65d28875dd3d5524a673ac1c3fb40e9722e67363d231b
- (84) EAP-Message = 0x03540004
- (84) Message-Authenticator = 0x00000000000000000000000000000000
- (84) User-Name = "vkratsberg"
- (84) Finished request
- Waking up in 2.7 seconds.
- (85) Received Access-Request Id 109 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (85) User-Name = "vkratsberg"
- (85) NAS-Port = 358
- (85) EAP-Message = 0x0255000f01766b7261747362657267
- (85) Message-Authenticator = 0xbace1550b527da4c69dfac6d3431f8c1
- (85) Acct-Session-Id = "8O2.1x81bb0847000dfbd9"
- (85) NAS-Port-Id = "ge-3/0/6.0"
- (85) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (85) Called-Station-Id = "ec-3e-f7-68-35-00"
- (85) NAS-IP-Address = 10.8.0.111
- (85) NAS-Identifier = "nyc-access-sw011"
- (85) NAS-Port-Type = Ethernet
- (85) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (85) authorize {
- (85) policy filter_username {
- (85) if (&User-Name) {
- (85) if (&User-Name) -> TRUE
- (85) if (&User-Name) {
- (85) if (&User-Name =~ / /) {
- (85) if (&User-Name =~ / /) -> FALSE
- (85) if (&User-Name =~ /@[^@]*@/ ) {
- (85) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (85) if (&User-Name =~ /\.\./ ) {
- (85) if (&User-Name =~ /\.\./ ) -> FALSE
- (85) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (85) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (85) if (&User-Name =~ /\.$/) {
- (85) if (&User-Name =~ /\.$/) -> FALSE
- (85) if (&User-Name =~ /@\./) {
- (85) if (&User-Name =~ /@\./) -> FALSE
- (85) } # if (&User-Name) = notfound
- (85) } # policy filter_username = notfound
- (85) [preprocess] = ok
- (85) [chap] = noop
- (85) [mschap] = noop
- (85) [digest] = noop
- (85) suffix: Checking for suffix after "@"
- (85) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (85) suffix: No such realm "NULL"
- (85) [suffix] = noop
- (85) eap: Peer sent EAP Response (code 2) ID 85 length 15
- (85) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (85) [eap] = ok
- (85) } # authorize = ok
- (85) Found Auth-Type = eap
- (85) # Executing group from file /etc/raddb/sites-enabled/default
- (85) authenticate {
- (85) eap: Peer sent packet with method EAP Identity (1)
- (85) eap: Calling submodule eap_peap to process data
- (85) eap_peap: Initiating new EAP-TLS session
- (85) eap_peap: [eaptls start] = request
- (85) eap: Sending EAP Request (code 1) ID 86 length 6
- (85) eap: EAP session adding &reply:State = 0xddec9c40ddba8583
- (85) [eap] = handled
- (85) } # authenticate = handled
- (85) Using Post-Auth-Type Challenge
- (85) Post-Auth-Type sub-section not found. Ignoring.
- (85) # Executing group from file /etc/raddb/sites-enabled/default
- (85) Sent Access-Challenge Id 109 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (85) EAP-Message = 0x015600061920
- (85) Message-Authenticator = 0x00000000000000000000000000000000
- (85) State = 0xddec9c40ddba858300be6bd519d98106
- (85) Finished request
- Waking up in 2.7 seconds.
- (86) Received Access-Request Id 110 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (86) User-Name = "vkratsberg"
- (86) NAS-Port = 358
- (86) State = 0xddec9c40ddba858300be6bd519d98106
- (86) EAP-Message = 0x025600a31980000000991603010094010000900301573f503d130cb7c1a5d4ec02e96f0c1405ebbd488879e308a234f386b1532f0a20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (86) Message-Authenticator = 0x532c2a83495a7f390cc7db7d385841a2
- (86) Acct-Session-Id = "8O2.1x81bb0847000dfbd9"
- (86) NAS-Port-Id = "ge-3/0/6.0"
- (86) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (86) Called-Station-Id = "ec-3e-f7-68-35-00"
- (86) NAS-IP-Address = 10.8.0.111
- (86) NAS-Identifier = "nyc-access-sw011"
- (86) NAS-Port-Type = Ethernet
- (86) session-state: No cached attributes
- (86) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (86) authorize {
- (86) policy filter_username {
- (86) if (&User-Name) {
- (86) if (&User-Name) -> TRUE
- (86) if (&User-Name) {
- (86) if (&User-Name =~ / /) {
- (86) if (&User-Name =~ / /) -> FALSE
- (86) if (&User-Name =~ /@[^@]*@/ ) {
- (86) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (86) if (&User-Name =~ /\.\./ ) {
- (86) if (&User-Name =~ /\.\./ ) -> FALSE
- (86) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (86) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (86) if (&User-Name =~ /\.$/) {
- (86) if (&User-Name =~ /\.$/) -> FALSE
- (86) if (&User-Name =~ /@\./) {
- (86) if (&User-Name =~ /@\./) -> FALSE
- (86) } # if (&User-Name) = notfound
- (86) } # policy filter_username = notfound
- (86) [preprocess] = ok
- (86) [chap] = noop
- (86) [mschap] = noop
- (86) [digest] = noop
- (86) suffix: Checking for suffix after "@"
- (86) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (86) suffix: No such realm "NULL"
- (86) [suffix] = noop
- (86) eap: Peer sent EAP Response (code 2) ID 86 length 163
- (86) eap: Continuing tunnel setup
- (86) [eap] = ok
- (86) } # authorize = ok
- (86) Found Auth-Type = eap
- (86) # Executing group from file /etc/raddb/sites-enabled/default
- (86) authenticate {
- (86) eap: Expiring EAP session with state 0xddec9c40ddba8583
- (86) eap: Finished EAP session with state 0xddec9c40ddba8583
- (86) eap: Previous EAP request found for state 0xddec9c40ddba8583, released from the list
- (86) eap: Peer sent packet with method EAP PEAP (25)
- (86) eap: Calling submodule eap_peap to process data
- (86) eap_peap: Continuing EAP-TLS
- (86) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (86) eap_peap: Got complete TLS record (153 bytes)
- (86) eap_peap: [eaptls verify] = length included
- (86) eap_peap: (other): before/accept initialization
- (86) eap_peap: TLS_accept: before/accept initialization
- (86) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (86) eap_peap: TLS_accept: SSLv3 read client hello A
- (86) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (86) eap_peap: TLS_accept: SSLv3 write server hello A
- (86) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (86) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (86) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (86) eap_peap: TLS_accept: SSLv3 write finished A
- (86) eap_peap: TLS_accept: SSLv3 flush data
- (86) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (86) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (86) eap_peap: In SSL Handshake Phase
- (86) eap_peap: In SSL Accept mode
- (86) eap_peap: [eaptls process] = handled
- (86) eap: Sending EAP Request (code 1) ID 87 length 159
- (86) eap: EAP session adding &reply:State = 0xddec9c40dcbb8583
- (86) [eap] = handled
- (86) } # authenticate = handled
- (86) Using Post-Auth-Type Challenge
- (86) Post-Auth-Type sub-section not found. Ignoring.
- (86) # Executing group from file /etc/raddb/sites-enabled/default
- (86) Sent Access-Challenge Id 110 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (86) EAP-Message = 0x0157009f19001603010059020000550301573f503db3daf59fd6e962d784b026bfd5e646876db59f77d2d794aba48780c020274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030b45c38a34a724f64
- (86) Message-Authenticator = 0x00000000000000000000000000000000
- (86) State = 0xddec9c40dcbb858300be6bd519d98106
- (86) Finished request
- Waking up in 2.7 seconds.
- (87) Received Access-Request Id 111 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (87) User-Name = "vkratsberg"
- (87) NAS-Port = 358
- (87) State = 0xddec9c40dcbb858300be6bd519d98106
- (87) EAP-Message = 0x0257004519800000003b1403010001011603010030821c78fe635699a956117ba34228dcce1f37a15e0e31c46d0deaa6ab40fbb69e7d7334d901b8b68c965abf9ef3e5057b
- (87) Message-Authenticator = 0xb10d8d5294e3a1c9a8781a1a835a1226
- (87) Acct-Session-Id = "8O2.1x81bb0847000dfbd9"
- (87) NAS-Port-Id = "ge-3/0/6.0"
- (87) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (87) Called-Station-Id = "ec-3e-f7-68-35-00"
- (87) NAS-IP-Address = 10.8.0.111
- (87) NAS-Identifier = "nyc-access-sw011"
- (87) NAS-Port-Type = Ethernet
- (87) session-state: No cached attributes
- (87) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (87) authorize {
- (87) policy filter_username {
- (87) if (&User-Name) {
- (87) if (&User-Name) -> TRUE
- (87) if (&User-Name) {
- (87) if (&User-Name =~ / /) {
- (87) if (&User-Name =~ / /) -> FALSE
- (87) if (&User-Name =~ /@[^@]*@/ ) {
- (87) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (87) if (&User-Name =~ /\.\./ ) {
- (87) if (&User-Name =~ /\.\./ ) -> FALSE
- (87) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (87) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (87) if (&User-Name =~ /\.$/) {
- (87) if (&User-Name =~ /\.$/) -> FALSE
- (87) if (&User-Name =~ /@\./) {
- (87) if (&User-Name =~ /@\./) -> FALSE
- (87) } # if (&User-Name) = notfound
- (87) } # policy filter_username = notfound
- (87) [preprocess] = ok
- (87) [chap] = noop
- (87) [mschap] = noop
- (87) [digest] = noop
- (87) suffix: Checking for suffix after "@"
- (87) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (87) suffix: No such realm "NULL"
- (87) [suffix] = noop
- (87) eap: Peer sent EAP Response (code 2) ID 87 length 69
- (87) eap: Continuing tunnel setup
- (87) [eap] = ok
- (87) } # authorize = ok
- (87) Found Auth-Type = eap
- (87) # Executing group from file /etc/raddb/sites-enabled/default
- (87) authenticate {
- (87) eap: Expiring EAP session with state 0xddec9c40dcbb8583
- (87) eap: Finished EAP session with state 0xddec9c40dcbb8583
- (87) eap: Previous EAP request found for state 0xddec9c40dcbb8583, released from the list
- (87) eap: Peer sent packet with method EAP PEAP (25)
- (87) eap: Calling submodule eap_peap to process data
- (87) eap_peap: Continuing EAP-TLS
- (87) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (87) eap_peap: Got complete TLS record (59 bytes)
- (87) eap_peap: [eaptls verify] = length included
- (87) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (87) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (87) eap_peap: TLS_accept: SSLv3 read finished A
- (87) eap_peap: (other): SSL negotiation finished successfully
- (87) eap_peap: SSL Connection Established
- (87) eap_peap: SSL Application Data
- (87) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (87) eap_peap: reply:User-Name = "vkratsberg"
- (87) eap_peap: [eaptls process] = success
- (87) eap_peap: Session established. Decoding tunneled attributes
- (87) eap_peap: PEAP state TUNNEL ESTABLISHED
- (87) eap_peap: Skipping Phase2 because of session resumption
- (87) eap_peap: SUCCESS
- (87) eap: Sending EAP Request (code 1) ID 88 length 43
- (87) eap: EAP session adding &reply:State = 0xddec9c40dfb48583
- (87) [eap] = handled
- (87) } # authenticate = handled
- (87) Using Post-Auth-Type Challenge
- (87) Post-Auth-Type sub-section not found. Ignoring.
- (87) # Executing group from file /etc/raddb/sites-enabled/default
- (87) Sent Access-Challenge Id 111 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (87) User-Name = "vkratsberg"
- (87) EAP-Message = 0x0158002b19001703010020236a8e9914576a8fb73ab10a1d9bd999efece7d3f01eff7af1db015a9315a528
- (87) Message-Authenticator = 0x00000000000000000000000000000000
- (87) State = 0xddec9c40dfb4858300be6bd519d98106
- (87) Finished request
- Waking up in 2.6 seconds.
- (88) Received Access-Request Id 112 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (88) User-Name = "vkratsberg"
- (88) NAS-Port = 358
- (88) State = 0xddec9c40dfb4858300be6bd519d98106
- (88) EAP-Message = 0x0258002b19001703010020b29786f7f066ea1680060048c979bcf814b77d2a5f1583934e86ef7f1bb4c63d
- (88) Message-Authenticator = 0x94638561a1f2065aff01b636fa88e45e
- (88) Acct-Session-Id = "8O2.1x81bb0847000dfbd9"
- (88) NAS-Port-Id = "ge-3/0/6.0"
- (88) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (88) Called-Station-Id = "ec-3e-f7-68-35-00"
- (88) NAS-IP-Address = 10.8.0.111
- (88) NAS-Identifier = "nyc-access-sw011"
- (88) NAS-Port-Type = Ethernet
- (88) session-state: No cached attributes
- (88) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (88) authorize {
- (88) policy filter_username {
- (88) if (&User-Name) {
- (88) if (&User-Name) -> TRUE
- (88) if (&User-Name) {
- (88) if (&User-Name =~ / /) {
- (88) if (&User-Name =~ / /) -> FALSE
- (88) if (&User-Name =~ /@[^@]*@/ ) {
- (88) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (88) if (&User-Name =~ /\.\./ ) {
- (88) if (&User-Name =~ /\.\./ ) -> FALSE
- (88) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (88) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (88) if (&User-Name =~ /\.$/) {
- (88) if (&User-Name =~ /\.$/) -> FALSE
- (88) if (&User-Name =~ /@\./) {
- (88) if (&User-Name =~ /@\./) -> FALSE
- (88) } # if (&User-Name) = notfound
- (88) } # policy filter_username = notfound
- (88) [preprocess] = ok
- (88) [chap] = noop
- (88) [mschap] = noop
- (88) [digest] = noop
- (88) suffix: Checking for suffix after "@"
- (88) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (88) suffix: No such realm "NULL"
- (88) [suffix] = noop
- (88) eap: Peer sent EAP Response (code 2) ID 88 length 43
- (88) eap: Continuing tunnel setup
- (88) [eap] = ok
- (88) } # authorize = ok
- (88) Found Auth-Type = eap
- (88) # Executing group from file /etc/raddb/sites-enabled/default
- (88) authenticate {
- (88) eap: Expiring EAP session with state 0xddec9c40dfb48583
- (88) eap: Finished EAP session with state 0xddec9c40dfb48583
- (88) eap: Previous EAP request found for state 0xddec9c40dfb48583, released from the list
- (88) eap: Peer sent packet with method EAP PEAP (25)
- (88) eap: Calling submodule eap_peap to process data
- (88) eap_peap: Continuing EAP-TLS
- (88) eap_peap: [eaptls verify] = ok
- (88) eap_peap: Done initial handshake
- (88) eap_peap: [eaptls process] = ok
- (88) eap_peap: Session established. Decoding tunneled attributes
- (88) eap_peap: PEAP state send tlv success
- (88) eap_peap: Received EAP-TLV response
- (88) eap_peap: Success
- (88) eap_peap: No saved attributes in the original Access-Accept
- (88) eap: Sending EAP Success (code 3) ID 88 length 4
- (88) eap: Freeing handler
- (88) [eap] = ok
- (88) } # authenticate = ok
- (88) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (88) post-auth {
- (88) update {
- (88) No attributes updated
- (88) } # update = noop
- (88) [exec] = noop
- (88) policy remove_reply_message_if_eap {
- (88) if (&reply:EAP-Message && &reply:Reply-Message) {
- (88) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (88) else {
- (88) [noop] = noop
- (88) } # else = noop
- (88) } # policy remove_reply_message_if_eap = noop
- (88) } # post-auth = noop
- (88) Sent Access-Accept Id 112 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (88) MS-MPPE-Recv-Key = 0x2ff6398cf2f496353df975ccf79389006a081af821406dae6f3b9a11d66d4ecc
- (88) MS-MPPE-Send-Key = 0x22bc82dfd8c9654140f97e436b7cbdbe7eee38bad1356412412895e8d536068a
- (88) EAP-Message = 0x03580004
- (88) Message-Authenticator = 0x00000000000000000000000000000000
- (88) User-Name = "vkratsberg"
- (88) Finished request
- Waking up in 2.6 seconds.
- (89) Received Access-Request Id 113 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (89) User-Name = "vkratsberg"
- (89) NAS-Port = 358
- (89) EAP-Message = 0x0259000f01766b7261747362657267
- (89) Message-Authenticator = 0xfb3b7fd821d0c3ddc23c94ad1753cb70
- (89) Acct-Session-Id = "8O2.1x81bb08480000b884"
- (89) NAS-Port-Id = "ge-3/0/6.0"
- (89) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (89) Called-Station-Id = "ec-3e-f7-68-35-00"
- (89) NAS-IP-Address = 10.8.0.111
- (89) NAS-Identifier = "nyc-access-sw011"
- (89) NAS-Port-Type = Ethernet
- (89) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (89) authorize {
- (89) policy filter_username {
- (89) if (&User-Name) {
- (89) if (&User-Name) -> TRUE
- (89) if (&User-Name) {
- (89) if (&User-Name =~ / /) {
- (89) if (&User-Name =~ / /) -> FALSE
- (89) if (&User-Name =~ /@[^@]*@/ ) {
- (89) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (89) if (&User-Name =~ /\.\./ ) {
- (89) if (&User-Name =~ /\.\./ ) -> FALSE
- (89) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (89) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (89) if (&User-Name =~ /\.$/) {
- (89) if (&User-Name =~ /\.$/) -> FALSE
- (89) if (&User-Name =~ /@\./) {
- (89) if (&User-Name =~ /@\./) -> FALSE
- (89) } # if (&User-Name) = notfound
- (89) } # policy filter_username = notfound
- (89) [preprocess] = ok
- (89) [chap] = noop
- (89) [mschap] = noop
- (89) [digest] = noop
- (89) suffix: Checking for suffix after "@"
- (89) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (89) suffix: No such realm "NULL"
- (89) [suffix] = noop
- (89) eap: Peer sent EAP Response (code 2) ID 89 length 15
- (89) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (89) [eap] = ok
- (89) } # authorize = ok
- (89) Found Auth-Type = eap
- (89) # Executing group from file /etc/raddb/sites-enabled/default
- (89) authenticate {
- (89) eap: Peer sent packet with method EAP Identity (1)
- (89) eap: Calling submodule eap_peap to process data
- (89) eap_peap: Initiating new EAP-TLS session
- (89) eap_peap: [eaptls start] = request
- (89) eap: Sending EAP Request (code 1) ID 90 length 6
- (89) eap: EAP session adding &reply:State = 0xf3f65797f3ac4e62
- (89) [eap] = handled
- (89) } # authenticate = handled
- (89) Using Post-Auth-Type Challenge
- (89) Post-Auth-Type sub-section not found. Ignoring.
- (89) # Executing group from file /etc/raddb/sites-enabled/default
- (89) Sent Access-Challenge Id 113 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (89) EAP-Message = 0x015a00061920
- (89) Message-Authenticator = 0x00000000000000000000000000000000
- (89) State = 0xf3f65797f3ac4e621ec30b7aa01bd58c
- (89) Finished request
- Waking up in 2.5 seconds.
- (90) Received Access-Request Id 114 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (90) User-Name = "vkratsberg"
- (90) NAS-Port = 358
- (90) State = 0xf3f65797f3ac4e621ec30b7aa01bd58c
- (90) EAP-Message = 0x025a00a31980000000991603010094010000900301573f503de945eae0f695404299c8048b7cc35ee097d42e3587c8b7a0ec03333520274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (90) Message-Authenticator = 0xc50b216c98bd5c9fa6e8553cd4b8296c
- (90) Acct-Session-Id = "8O2.1x81bb08480000b884"
- (90) NAS-Port-Id = "ge-3/0/6.0"
- (90) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (90) Called-Station-Id = "ec-3e-f7-68-35-00"
- (90) NAS-IP-Address = 10.8.0.111
- (90) NAS-Identifier = "nyc-access-sw011"
- (90) NAS-Port-Type = Ethernet
- (90) session-state: No cached attributes
- (90) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (90) authorize {
- (90) policy filter_username {
- (90) if (&User-Name) {
- (90) if (&User-Name) -> TRUE
- (90) if (&User-Name) {
- (90) if (&User-Name =~ / /) {
- (90) if (&User-Name =~ / /) -> FALSE
- (90) if (&User-Name =~ /@[^@]*@/ ) {
- (90) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (90) if (&User-Name =~ /\.\./ ) {
- (90) if (&User-Name =~ /\.\./ ) -> FALSE
- (90) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (90) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (90) if (&User-Name =~ /\.$/) {
- (90) if (&User-Name =~ /\.$/) -> FALSE
- (90) if (&User-Name =~ /@\./) {
- (90) if (&User-Name =~ /@\./) -> FALSE
- (90) } # if (&User-Name) = notfound
- (90) } # policy filter_username = notfound
- (90) [preprocess] = ok
- (90) [chap] = noop
- (90) [mschap] = noop
- (90) [digest] = noop
- (90) suffix: Checking for suffix after "@"
- (90) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (90) suffix: No such realm "NULL"
- (90) [suffix] = noop
- (90) eap: Peer sent EAP Response (code 2) ID 90 length 163
- (90) eap: Continuing tunnel setup
- (90) [eap] = ok
- (90) } # authorize = ok
- (90) Found Auth-Type = eap
- (90) # Executing group from file /etc/raddb/sites-enabled/default
- (90) authenticate {
- (90) eap: Expiring EAP session with state 0xf3f65797f3ac4e62
- (90) eap: Finished EAP session with state 0xf3f65797f3ac4e62
- (90) eap: Previous EAP request found for state 0xf3f65797f3ac4e62, released from the list
- (90) eap: Peer sent packet with method EAP PEAP (25)
- (90) eap: Calling submodule eap_peap to process data
- (90) eap_peap: Continuing EAP-TLS
- (90) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (90) eap_peap: Got complete TLS record (153 bytes)
- (90) eap_peap: [eaptls verify] = length included
- (90) eap_peap: (other): before/accept initialization
- (90) eap_peap: TLS_accept: before/accept initialization
- (90) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (90) eap_peap: TLS_accept: SSLv3 read client hello A
- (90) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (90) eap_peap: TLS_accept: SSLv3 write server hello A
- (90) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (90) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (90) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (90) eap_peap: TLS_accept: SSLv3 write finished A
- (90) eap_peap: TLS_accept: SSLv3 flush data
- (90) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (90) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (90) eap_peap: In SSL Handshake Phase
- (90) eap_peap: In SSL Accept mode
- (90) eap_peap: [eaptls process] = handled
- (90) eap: Sending EAP Request (code 1) ID 91 length 159
- (90) eap: EAP session adding &reply:State = 0xf3f65797f2ad4e62
- (90) [eap] = handled
- (90) } # authenticate = handled
- (90) Using Post-Auth-Type Challenge
- (90) Post-Auth-Type sub-section not found. Ignoring.
- (90) # Executing group from file /etc/raddb/sites-enabled/default
- (90) Sent Access-Challenge Id 114 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (90) EAP-Message = 0x015b009f19001603010059020000550301573f503ef26e8e9df3cee6a22df14125582356c78bc5a6ecc374a7a093d0290320274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030b74d19eb1117d774
- (90) Message-Authenticator = 0x00000000000000000000000000000000
- (90) State = 0xf3f65797f2ad4e621ec30b7aa01bd58c
- (90) Finished request
- Waking up in 2.5 seconds.
- (91) Received Access-Request Id 115 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (91) User-Name = "vkratsberg"
- (91) NAS-Port = 358
- (91) State = 0xf3f65797f2ad4e621ec30b7aa01bd58c
- (91) EAP-Message = 0x025b004519800000003b1403010001011603010030a22d00938647e55ec45ac542861fad0659c62d86eaa7037ba5fcc484057660325f730585150fd9b093fe1498881a069b
- (91) Message-Authenticator = 0xe35322a1f4968f7f065e42e1c88f2fd2
- (91) Acct-Session-Id = "8O2.1x81bb08480000b884"
- (91) NAS-Port-Id = "ge-3/0/6.0"
- (91) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (91) Called-Station-Id = "ec-3e-f7-68-35-00"
- (91) NAS-IP-Address = 10.8.0.111
- (91) NAS-Identifier = "nyc-access-sw011"
- (91) NAS-Port-Type = Ethernet
- (91) session-state: No cached attributes
- (91) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (91) authorize {
- (91) policy filter_username {
- (91) if (&User-Name) {
- (91) if (&User-Name) -> TRUE
- (91) if (&User-Name) {
- (91) if (&User-Name =~ / /) {
- (91) if (&User-Name =~ / /) -> FALSE
- (91) if (&User-Name =~ /@[^@]*@/ ) {
- (91) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (91) if (&User-Name =~ /\.\./ ) {
- (91) if (&User-Name =~ /\.\./ ) -> FALSE
- (91) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (91) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (91) if (&User-Name =~ /\.$/) {
- (91) if (&User-Name =~ /\.$/) -> FALSE
- (91) if (&User-Name =~ /@\./) {
- (91) if (&User-Name =~ /@\./) -> FALSE
- (91) } # if (&User-Name) = notfound
- (91) } # policy filter_username = notfound
- (91) [preprocess] = ok
- (91) [chap] = noop
- (91) [mschap] = noop
- (91) [digest] = noop
- (91) suffix: Checking for suffix after "@"
- (91) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (91) suffix: No such realm "NULL"
- (91) [suffix] = noop
- (91) eap: Peer sent EAP Response (code 2) ID 91 length 69
- (91) eap: Continuing tunnel setup
- (91) [eap] = ok
- (91) } # authorize = ok
- (91) Found Auth-Type = eap
- (91) # Executing group from file /etc/raddb/sites-enabled/default
- (91) authenticate {
- (91) eap: Expiring EAP session with state 0xf3f65797f2ad4e62
- (91) eap: Finished EAP session with state 0xf3f65797f2ad4e62
- (91) eap: Previous EAP request found for state 0xf3f65797f2ad4e62, released from the list
- (91) eap: Peer sent packet with method EAP PEAP (25)
- (91) eap: Calling submodule eap_peap to process data
- (91) eap_peap: Continuing EAP-TLS
- (91) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (91) eap_peap: Got complete TLS record (59 bytes)
- (91) eap_peap: [eaptls verify] = length included
- (91) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (91) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (91) eap_peap: TLS_accept: SSLv3 read finished A
- (91) eap_peap: (other): SSL negotiation finished successfully
- (91) eap_peap: SSL Connection Established
- (91) eap_peap: SSL Application Data
- (91) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (91) eap_peap: reply:User-Name = "vkratsberg"
- (91) eap_peap: [eaptls process] = success
- (91) eap_peap: Session established. Decoding tunneled attributes
- (91) eap_peap: PEAP state TUNNEL ESTABLISHED
- (91) eap_peap: Skipping Phase2 because of session resumption
- (91) eap_peap: SUCCESS
- (91) eap: Sending EAP Request (code 1) ID 92 length 43
- (91) eap: EAP session adding &reply:State = 0xf3f65797f1aa4e62
- (91) [eap] = handled
- (91) } # authenticate = handled
- (91) Using Post-Auth-Type Challenge
- (91) Post-Auth-Type sub-section not found. Ignoring.
- (91) # Executing group from file /etc/raddb/sites-enabled/default
- (91) Sent Access-Challenge Id 115 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (91) User-Name = "vkratsberg"
- (91) EAP-Message = 0x015c002b19001703010020d00e70e0f06682b9de92dbd0a58072cf53f13947ce29bfeb86b82afe17bc357f
- (91) Message-Authenticator = 0x00000000000000000000000000000000
- (91) State = 0xf3f65797f1aa4e621ec30b7aa01bd58c
- (91) Finished request
- Waking up in 2.5 seconds.
- (92) Received Access-Request Id 116 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (92) User-Name = "vkratsberg"
- (92) NAS-Port = 358
- (92) State = 0xf3f65797f1aa4e621ec30b7aa01bd58c
- (92) EAP-Message = 0x025c002b1900170301002011d9934e017c2f0071007889c6c4266921935be4652719dc64ecd25c0df64166
- (92) Message-Authenticator = 0xd7c01ec7a6a4eef0f297c1b36585105a
- (92) Acct-Session-Id = "8O2.1x81bb08480000b884"
- (92) NAS-Port-Id = "ge-3/0/6.0"
- (92) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (92) Called-Station-Id = "ec-3e-f7-68-35-00"
- (92) NAS-IP-Address = 10.8.0.111
- (92) NAS-Identifier = "nyc-access-sw011"
- (92) NAS-Port-Type = Ethernet
- (92) session-state: No cached attributes
- (92) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (92) authorize {
- (92) policy filter_username {
- (92) if (&User-Name) {
- (92) if (&User-Name) -> TRUE
- (92) if (&User-Name) {
- (92) if (&User-Name =~ / /) {
- (92) if (&User-Name =~ / /) -> FALSE
- (92) if (&User-Name =~ /@[^@]*@/ ) {
- (92) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (92) if (&User-Name =~ /\.\./ ) {
- (92) if (&User-Name =~ /\.\./ ) -> FALSE
- (92) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (92) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (92) if (&User-Name =~ /\.$/) {
- (92) if (&User-Name =~ /\.$/) -> FALSE
- (92) if (&User-Name =~ /@\./) {
- (92) if (&User-Name =~ /@\./) -> FALSE
- (92) } # if (&User-Name) = notfound
- (92) } # policy filter_username = notfound
- (92) [preprocess] = ok
- (92) [chap] = noop
- (92) [mschap] = noop
- (92) [digest] = noop
- (92) suffix: Checking for suffix after "@"
- (92) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (92) suffix: No such realm "NULL"
- (92) [suffix] = noop
- (92) eap: Peer sent EAP Response (code 2) ID 92 length 43
- (92) eap: Continuing tunnel setup
- (92) [eap] = ok
- (92) } # authorize = ok
- (92) Found Auth-Type = eap
- (92) # Executing group from file /etc/raddb/sites-enabled/default
- (92) authenticate {
- (92) eap: Expiring EAP session with state 0xf3f65797f1aa4e62
- (92) eap: Finished EAP session with state 0xf3f65797f1aa4e62
- (92) eap: Previous EAP request found for state 0xf3f65797f1aa4e62, released from the list
- (92) eap: Peer sent packet with method EAP PEAP (25)
- (92) eap: Calling submodule eap_peap to process data
- (92) eap_peap: Continuing EAP-TLS
- (92) eap_peap: [eaptls verify] = ok
- (92) eap_peap: Done initial handshake
- (92) eap_peap: [eaptls process] = ok
- (92) eap_peap: Session established. Decoding tunneled attributes
- (92) eap_peap: PEAP state send tlv success
- (92) eap_peap: Received EAP-TLV response
- (92) eap_peap: Success
- (92) eap_peap: No saved attributes in the original Access-Accept
- (92) eap: Sending EAP Success (code 3) ID 92 length 4
- (92) eap: Freeing handler
- (92) [eap] = ok
- (92) } # authenticate = ok
- (92) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (92) post-auth {
- (92) update {
- (92) No attributes updated
- (92) } # update = noop
- (92) [exec] = noop
- (92) policy remove_reply_message_if_eap {
- (92) if (&reply:EAP-Message && &reply:Reply-Message) {
- (92) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (92) else {
- (92) [noop] = noop
- (92) } # else = noop
- (92) } # policy remove_reply_message_if_eap = noop
- (92) } # post-auth = noop
- (92) Sent Access-Accept Id 116 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (92) MS-MPPE-Recv-Key = 0xf716988c33cbb8a7316d859a82454f9591af327132d56035581075ded4667631
- (92) MS-MPPE-Send-Key = 0xc9190767d184d55bf3c786833c56a85649dffb57b3a2d0c85257b68b25c736c1
- (92) EAP-Message = 0x035c0004
- (92) Message-Authenticator = 0x00000000000000000000000000000000
- (92) User-Name = "vkratsberg"
- (92) Finished request
- Waking up in 2.5 seconds.
- (93) Received Access-Request Id 117 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (93) User-Name = "vkratsberg"
- (93) NAS-Port = 358
- (93) EAP-Message = 0x025d000f01766b7261747362657267
- (93) Message-Authenticator = 0x13b404179d1a5e728643973224aadf56
- (93) Acct-Session-Id = "8O2.1x81bb084900024eea"
- (93) NAS-Port-Id = "ge-3/0/6.0"
- (93) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (93) Called-Station-Id = "ec-3e-f7-68-35-00"
- (93) NAS-IP-Address = 10.8.0.111
- (93) NAS-Identifier = "nyc-access-sw011"
- (93) NAS-Port-Type = Ethernet
- (93) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (93) authorize {
- (93) policy filter_username {
- (93) if (&User-Name) {
- (93) if (&User-Name) -> TRUE
- (93) if (&User-Name) {
- (93) if (&User-Name =~ / /) {
- (93) if (&User-Name =~ / /) -> FALSE
- (93) if (&User-Name =~ /@[^@]*@/ ) {
- (93) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (93) if (&User-Name =~ /\.\./ ) {
- (93) if (&User-Name =~ /\.\./ ) -> FALSE
- (93) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (93) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (93) if (&User-Name =~ /\.$/) {
- (93) if (&User-Name =~ /\.$/) -> FALSE
- (93) if (&User-Name =~ /@\./) {
- (93) if (&User-Name =~ /@\./) -> FALSE
- (93) } # if (&User-Name) = notfound
- (93) } # policy filter_username = notfound
- (93) [preprocess] = ok
- (93) [chap] = noop
- (93) [mschap] = noop
- (93) [digest] = noop
- (93) suffix: Checking for suffix after "@"
- (93) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (93) suffix: No such realm "NULL"
- (93) [suffix] = noop
- (93) eap: Peer sent EAP Response (code 2) ID 93 length 15
- (93) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (93) [eap] = ok
- (93) } # authorize = ok
- (93) Found Auth-Type = eap
- (93) # Executing group from file /etc/raddb/sites-enabled/default
- (93) authenticate {
- (93) eap: Peer sent packet with method EAP Identity (1)
- (93) eap: Calling submodule eap_peap to process data
- (93) eap_peap: Initiating new EAP-TLS session
- (93) eap_peap: [eaptls start] = request
- (93) eap: Sending EAP Request (code 1) ID 94 length 6
- (93) eap: EAP session adding &reply:State = 0xed4ec92ded10d02a
- (93) [eap] = handled
- (93) } # authenticate = handled
- (93) Using Post-Auth-Type Challenge
- (93) Post-Auth-Type sub-section not found. Ignoring.
- (93) # Executing group from file /etc/raddb/sites-enabled/default
- (93) Sent Access-Challenge Id 117 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (93) EAP-Message = 0x015e00061920
- (93) Message-Authenticator = 0x00000000000000000000000000000000
- (93) State = 0xed4ec92ded10d02ae7c6af9c4ae0a2b2
- (93) Finished request
- Waking up in 2.4 seconds.
- (94) Received Access-Request Id 118 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (94) User-Name = "vkratsberg"
- (94) NAS-Port = 358
- (94) State = 0xed4ec92ded10d02ae7c6af9c4ae0a2b2
- (94) EAP-Message = 0x025e00a31980000000991603010094010000900301573f503ec6462b8123d22a0abeaa8d81f7ec7daa9d18645b120a106bf52c301720274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (94) Message-Authenticator = 0xbbd84676ec17fced47d7b0a8785feaee
- (94) Acct-Session-Id = "8O2.1x81bb084900024eea"
- (94) NAS-Port-Id = "ge-3/0/6.0"
- (94) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (94) Called-Station-Id = "ec-3e-f7-68-35-00"
- (94) NAS-IP-Address = 10.8.0.111
- (94) NAS-Identifier = "nyc-access-sw011"
- (94) NAS-Port-Type = Ethernet
- (94) session-state: No cached attributes
- (94) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (94) authorize {
- (94) policy filter_username {
- (94) if (&User-Name) {
- (94) if (&User-Name) -> TRUE
- (94) if (&User-Name) {
- (94) if (&User-Name =~ / /) {
- (94) if (&User-Name =~ / /) -> FALSE
- (94) if (&User-Name =~ /@[^@]*@/ ) {
- (94) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (94) if (&User-Name =~ /\.\./ ) {
- (94) if (&User-Name =~ /\.\./ ) -> FALSE
- (94) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (94) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (94) if (&User-Name =~ /\.$/) {
- (94) if (&User-Name =~ /\.$/) -> FALSE
- (94) if (&User-Name =~ /@\./) {
- (94) if (&User-Name =~ /@\./) -> FALSE
- (94) } # if (&User-Name) = notfound
- (94) } # policy filter_username = notfound
- (94) [preprocess] = ok
- (94) [chap] = noop
- (94) [mschap] = noop
- (94) [digest] = noop
- (94) suffix: Checking for suffix after "@"
- (94) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (94) suffix: No such realm "NULL"
- (94) [suffix] = noop
- (94) eap: Peer sent EAP Response (code 2) ID 94 length 163
- (94) eap: Continuing tunnel setup
- (94) [eap] = ok
- (94) } # authorize = ok
- (94) Found Auth-Type = eap
- (94) # Executing group from file /etc/raddb/sites-enabled/default
- (94) authenticate {
- (94) eap: Expiring EAP session with state 0xed4ec92ded10d02a
- (94) eap: Finished EAP session with state 0xed4ec92ded10d02a
- (94) eap: Previous EAP request found for state 0xed4ec92ded10d02a, released from the list
- (94) eap: Peer sent packet with method EAP PEAP (25)
- (94) eap: Calling submodule eap_peap to process data
- (94) eap_peap: Continuing EAP-TLS
- (94) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (94) eap_peap: Got complete TLS record (153 bytes)
- (94) eap_peap: [eaptls verify] = length included
- (94) eap_peap: (other): before/accept initialization
- (94) eap_peap: TLS_accept: before/accept initialization
- (94) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (94) eap_peap: TLS_accept: SSLv3 read client hello A
- (94) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (94) eap_peap: TLS_accept: SSLv3 write server hello A
- (94) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (94) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (94) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (94) eap_peap: TLS_accept: SSLv3 write finished A
- (94) eap_peap: TLS_accept: SSLv3 flush data
- (94) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (94) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (94) eap_peap: In SSL Handshake Phase
- (94) eap_peap: In SSL Accept mode
- (94) eap_peap: [eaptls process] = handled
- (94) eap: Sending EAP Request (code 1) ID 95 length 159
- (94) eap: EAP session adding &reply:State = 0xed4ec92dec11d02a
- (94) [eap] = handled
- (94) } # authenticate = handled
- (94) Using Post-Auth-Type Challenge
- (94) Post-Auth-Type sub-section not found. Ignoring.
- (94) # Executing group from file /etc/raddb/sites-enabled/default
- (94) Sent Access-Challenge Id 118 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (94) EAP-Message = 0x015f009f19001603010059020000550301573f503eaaf5785ac4d488f7c13d1bbbddc772c5169346ee4d954936abdafcf820274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b00040300010214030100010116030100303a4b5486e6cfa0d1
- (94) Message-Authenticator = 0x00000000000000000000000000000000
- (94) State = 0xed4ec92dec11d02ae7c6af9c4ae0a2b2
- (94) Finished request
- Waking up in 2.4 seconds.
- (95) Received Access-Request Id 119 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (95) User-Name = "vkratsberg"
- (95) NAS-Port = 358
- (95) State = 0xed4ec92dec11d02ae7c6af9c4ae0a2b2
- (95) EAP-Message = 0x025f004519800000003b140301000101160301003039acef79d1dd1d9b7e3239c5068c3ad277547338529d265b4cc984fd7de888be4e2553780bdd0b4b68649120d2abea38
- (95) Message-Authenticator = 0xa7115a38582e0248ed4ee153f4117748
- (95) Acct-Session-Id = "8O2.1x81bb084900024eea"
- (95) NAS-Port-Id = "ge-3/0/6.0"
- (95) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (95) Called-Station-Id = "ec-3e-f7-68-35-00"
- (95) NAS-IP-Address = 10.8.0.111
- (95) NAS-Identifier = "nyc-access-sw011"
- (95) NAS-Port-Type = Ethernet
- (95) session-state: No cached attributes
- (95) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (95) authorize {
- (95) policy filter_username {
- (95) if (&User-Name) {
- (95) if (&User-Name) -> TRUE
- (95) if (&User-Name) {
- (95) if (&User-Name =~ / /) {
- (95) if (&User-Name =~ / /) -> FALSE
- (95) if (&User-Name =~ /@[^@]*@/ ) {
- (95) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (95) if (&User-Name =~ /\.\./ ) {
- (95) if (&User-Name =~ /\.\./ ) -> FALSE
- (95) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (95) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (95) if (&User-Name =~ /\.$/) {
- (95) if (&User-Name =~ /\.$/) -> FALSE
- (95) if (&User-Name =~ /@\./) {
- (95) if (&User-Name =~ /@\./) -> FALSE
- (95) } # if (&User-Name) = notfound
- (95) } # policy filter_username = notfound
- (95) [preprocess] = ok
- (95) [chap] = noop
- (95) [mschap] = noop
- (95) [digest] = noop
- (95) suffix: Checking for suffix after "@"
- (95) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (95) suffix: No such realm "NULL"
- (95) [suffix] = noop
- (95) eap: Peer sent EAP Response (code 2) ID 95 length 69
- (95) eap: Continuing tunnel setup
- (95) [eap] = ok
- (95) } # authorize = ok
- (95) Found Auth-Type = eap
- (95) # Executing group from file /etc/raddb/sites-enabled/default
- (95) authenticate {
- (95) eap: Expiring EAP session with state 0xed4ec92dec11d02a
- (95) eap: Finished EAP session with state 0xed4ec92dec11d02a
- (95) eap: Previous EAP request found for state 0xed4ec92dec11d02a, released from the list
- (95) eap: Peer sent packet with method EAP PEAP (25)
- (95) eap: Calling submodule eap_peap to process data
- (95) eap_peap: Continuing EAP-TLS
- (95) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (95) eap_peap: Got complete TLS record (59 bytes)
- (95) eap_peap: [eaptls verify] = length included
- (95) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (95) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (95) eap_peap: TLS_accept: SSLv3 read finished A
- (95) eap_peap: (other): SSL negotiation finished successfully
- (95) eap_peap: SSL Connection Established
- (95) eap_peap: SSL Application Data
- (95) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (95) eap_peap: reply:User-Name = "vkratsberg"
- (95) eap_peap: [eaptls process] = success
- (95) eap_peap: Session established. Decoding tunneled attributes
- (95) eap_peap: PEAP state TUNNEL ESTABLISHED
- (95) eap_peap: Skipping Phase2 because of session resumption
- (95) eap_peap: SUCCESS
- (95) eap: Sending EAP Request (code 1) ID 96 length 43
- (95) eap: EAP session adding &reply:State = 0xed4ec92def2ed02a
- (95) [eap] = handled
- (95) } # authenticate = handled
- (95) Using Post-Auth-Type Challenge
- (95) Post-Auth-Type sub-section not found. Ignoring.
- (95) # Executing group from file /etc/raddb/sites-enabled/default
- (95) Sent Access-Challenge Id 119 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (95) User-Name = "vkratsberg"
- (95) EAP-Message = 0x0160002b19001703010020dda7c68a4cdd1a8cbc59a6adabdeaaca357d79db85612ab9ef1658d2ba4d664a
- (95) Message-Authenticator = 0x00000000000000000000000000000000
- (95) State = 0xed4ec92def2ed02ae7c6af9c4ae0a2b2
- (95) Finished request
- Waking up in 2.4 seconds.
- (96) Received Access-Request Id 120 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (96) User-Name = "vkratsberg"
- (96) NAS-Port = 358
- (96) State = 0xed4ec92def2ed02ae7c6af9c4ae0a2b2
- (96) EAP-Message = 0x0260002b19001703010020859f63006c63f6dbab44b6fdd64847e070b5b55706bcbd2e9412e7ccbcf0b368
- (96) Message-Authenticator = 0x290f5f5338d3938e4ed7a511b110ea45
- (96) Acct-Session-Id = "8O2.1x81bb084900024eea"
- (96) NAS-Port-Id = "ge-3/0/6.0"
- (96) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (96) Called-Station-Id = "ec-3e-f7-68-35-00"
- (96) NAS-IP-Address = 10.8.0.111
- (96) NAS-Identifier = "nyc-access-sw011"
- (96) NAS-Port-Type = Ethernet
- (96) session-state: No cached attributes
- (96) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (96) authorize {
- (96) policy filter_username {
- (96) if (&User-Name) {
- (96) if (&User-Name) -> TRUE
- (96) if (&User-Name) {
- (96) if (&User-Name =~ / /) {
- (96) if (&User-Name =~ / /) -> FALSE
- (96) if (&User-Name =~ /@[^@]*@/ ) {
- (96) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (96) if (&User-Name =~ /\.\./ ) {
- (96) if (&User-Name =~ /\.\./ ) -> FALSE
- (96) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (96) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (96) if (&User-Name =~ /\.$/) {
- (96) if (&User-Name =~ /\.$/) -> FALSE
- (96) if (&User-Name =~ /@\./) {
- (96) if (&User-Name =~ /@\./) -> FALSE
- (96) } # if (&User-Name) = notfound
- (96) } # policy filter_username = notfound
- (96) [preprocess] = ok
- (96) [chap] = noop
- (96) [mschap] = noop
- (96) [digest] = noop
- (96) suffix: Checking for suffix after "@"
- (96) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (96) suffix: No such realm "NULL"
- (96) [suffix] = noop
- (96) eap: Peer sent EAP Response (code 2) ID 96 length 43
- (96) eap: Continuing tunnel setup
- (96) [eap] = ok
- (96) } # authorize = ok
- (96) Found Auth-Type = eap
- (96) # Executing group from file /etc/raddb/sites-enabled/default
- (96) authenticate {
- (96) eap: Expiring EAP session with state 0xed4ec92def2ed02a
- (96) eap: Finished EAP session with state 0xed4ec92def2ed02a
- (96) eap: Previous EAP request found for state 0xed4ec92def2ed02a, released from the list
- (96) eap: Peer sent packet with method EAP PEAP (25)
- (96) eap: Calling submodule eap_peap to process data
- (96) eap_peap: Continuing EAP-TLS
- (96) eap_peap: [eaptls verify] = ok
- (96) eap_peap: Done initial handshake
- (96) eap_peap: [eaptls process] = ok
- (96) eap_peap: Session established. Decoding tunneled attributes
- (96) eap_peap: PEAP state send tlv success
- (96) eap_peap: Received EAP-TLV response
- (96) eap_peap: Success
- (96) eap_peap: No saved attributes in the original Access-Accept
- (96) eap: Sending EAP Success (code 3) ID 96 length 4
- (96) eap: Freeing handler
- (96) [eap] = ok
- (96) } # authenticate = ok
- (96) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (96) post-auth {
- (96) update {
- (96) No attributes updated
- (96) } # update = noop
- (96) [exec] = noop
- (96) policy remove_reply_message_if_eap {
- (96) if (&reply:EAP-Message && &reply:Reply-Message) {
- (96) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (96) else {
- (96) [noop] = noop
- (96) } # else = noop
- (96) } # policy remove_reply_message_if_eap = noop
- (96) } # post-auth = noop
- (96) Sent Access-Accept Id 120 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (96) MS-MPPE-Recv-Key = 0x1ac0f3837aee3709bc6b4114125148e4c8285ae9e9b2839c1cc20856409eed53
- (96) MS-MPPE-Send-Key = 0xf94bc2e2e13f916d2b6dec6cd343480cb50945b27a34c0d6cf068b9fd37425fb
- (96) EAP-Message = 0x03600004
- (96) Message-Authenticator = 0x00000000000000000000000000000000
- (96) User-Name = "vkratsberg"
- (96) Finished request
- Waking up in 2.4 seconds.
- (97) Received Access-Request Id 121 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (97) User-Name = "vkratsberg"
- (97) NAS-Port = 358
- (97) EAP-Message = 0x0261000f01766b7261747362657267
- (97) Message-Authenticator = 0x9bc9a9b3aa84d15dd1cb114189331eb8
- (97) Acct-Session-Id = "8O2.1x81bb084a0003e8e0"
- (97) NAS-Port-Id = "ge-3/0/6.0"
- (97) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (97) Called-Station-Id = "ec-3e-f7-68-35-00"
- (97) NAS-IP-Address = 10.8.0.111
- (97) NAS-Identifier = "nyc-access-sw011"
- (97) NAS-Port-Type = Ethernet
- (97) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (97) authorize {
- (97) policy filter_username {
- (97) if (&User-Name) {
- (97) if (&User-Name) -> TRUE
- (97) if (&User-Name) {
- (97) if (&User-Name =~ / /) {
- (97) if (&User-Name =~ / /) -> FALSE
- (97) if (&User-Name =~ /@[^@]*@/ ) {
- (97) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (97) if (&User-Name =~ /\.\./ ) {
- (97) if (&User-Name =~ /\.\./ ) -> FALSE
- (97) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (97) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (97) if (&User-Name =~ /\.$/) {
- (97) if (&User-Name =~ /\.$/) -> FALSE
- (97) if (&User-Name =~ /@\./) {
- (97) if (&User-Name =~ /@\./) -> FALSE
- (97) } # if (&User-Name) = notfound
- (97) } # policy filter_username = notfound
- (97) [preprocess] = ok
- (97) [chap] = noop
- (97) [mschap] = noop
- (97) [digest] = noop
- (97) suffix: Checking for suffix after "@"
- (97) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (97) suffix: No such realm "NULL"
- (97) [suffix] = noop
- (97) eap: Peer sent EAP Response (code 2) ID 97 length 15
- (97) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (97) [eap] = ok
- (97) } # authorize = ok
- (97) Found Auth-Type = eap
- (97) # Executing group from file /etc/raddb/sites-enabled/default
- (97) authenticate {
- (97) eap: Peer sent packet with method EAP Identity (1)
- (97) eap: Calling submodule eap_peap to process data
- (97) eap_peap: Initiating new EAP-TLS session
- (97) eap_peap: [eaptls start] = request
- (97) eap: Sending EAP Request (code 1) ID 98 length 6
- (97) eap: EAP session adding &reply:State = 0x2c1c17b42c7e0e3c
- (97) [eap] = handled
- (97) } # authenticate = handled
- (97) Using Post-Auth-Type Challenge
- (97) Post-Auth-Type sub-section not found. Ignoring.
- (97) # Executing group from file /etc/raddb/sites-enabled/default
- (97) Sent Access-Challenge Id 121 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (97) EAP-Message = 0x016200061920
- (97) Message-Authenticator = 0x00000000000000000000000000000000
- (97) State = 0x2c1c17b42c7e0e3c9f7f86997a0aed31
- (97) Finished request
- Waking up in 2.3 seconds.
- (98) Received Access-Request Id 122 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (98) User-Name = "vkratsberg"
- (98) NAS-Port = 358
- (98) State = 0x2c1c17b42c7e0e3c9f7f86997a0aed31
- (98) EAP-Message = 0x026200a31980000000991603010094010000900301573f503e83fd035df2ff5dd1350d8e81638b8df3f11185f7bdbd9598601fcb3f20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (98) Message-Authenticator = 0xef092ef77306f124c11e3d45b144abf9
- (98) Acct-Session-Id = "8O2.1x81bb084a0003e8e0"
- (98) NAS-Port-Id = "ge-3/0/6.0"
- (98) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (98) Called-Station-Id = "ec-3e-f7-68-35-00"
- (98) NAS-IP-Address = 10.8.0.111
- (98) NAS-Identifier = "nyc-access-sw011"
- (98) NAS-Port-Type = Ethernet
- (98) session-state: No cached attributes
- (98) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (98) authorize {
- (98) policy filter_username {
- (98) if (&User-Name) {
- (98) if (&User-Name) -> TRUE
- (98) if (&User-Name) {
- (98) if (&User-Name =~ / /) {
- (98) if (&User-Name =~ / /) -> FALSE
- (98) if (&User-Name =~ /@[^@]*@/ ) {
- (98) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (98) if (&User-Name =~ /\.\./ ) {
- (98) if (&User-Name =~ /\.\./ ) -> FALSE
- (98) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (98) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (98) if (&User-Name =~ /\.$/) {
- (98) if (&User-Name =~ /\.$/) -> FALSE
- (98) if (&User-Name =~ /@\./) {
- (98) if (&User-Name =~ /@\./) -> FALSE
- (98) } # if (&User-Name) = notfound
- (98) } # policy filter_username = notfound
- (98) [preprocess] = ok
- (98) [chap] = noop
- (98) [mschap] = noop
- (98) [digest] = noop
- (98) suffix: Checking for suffix after "@"
- (98) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (98) suffix: No such realm "NULL"
- (98) [suffix] = noop
- (98) eap: Peer sent EAP Response (code 2) ID 98 length 163
- (98) eap: Continuing tunnel setup
- (98) [eap] = ok
- (98) } # authorize = ok
- (98) Found Auth-Type = eap
- (98) # Executing group from file /etc/raddb/sites-enabled/default
- (98) authenticate {
- (98) eap: Expiring EAP session with state 0x2c1c17b42c7e0e3c
- (98) eap: Finished EAP session with state 0x2c1c17b42c7e0e3c
- (98) eap: Previous EAP request found for state 0x2c1c17b42c7e0e3c, released from the list
- (98) eap: Peer sent packet with method EAP PEAP (25)
- (98) eap: Calling submodule eap_peap to process data
- (98) eap_peap: Continuing EAP-TLS
- (98) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (98) eap_peap: Got complete TLS record (153 bytes)
- (98) eap_peap: [eaptls verify] = length included
- (98) eap_peap: (other): before/accept initialization
- (98) eap_peap: TLS_accept: before/accept initialization
- (98) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (98) eap_peap: TLS_accept: SSLv3 read client hello A
- (98) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (98) eap_peap: TLS_accept: SSLv3 write server hello A
- (98) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (98) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (98) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (98) eap_peap: TLS_accept: SSLv3 write finished A
- (98) eap_peap: TLS_accept: SSLv3 flush data
- (98) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (98) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (98) eap_peap: In SSL Handshake Phase
- (98) eap_peap: In SSL Accept mode
- (98) eap_peap: [eaptls process] = handled
- (98) eap: Sending EAP Request (code 1) ID 99 length 159
- (98) eap: EAP session adding &reply:State = 0x2c1c17b42d7f0e3c
- (98) [eap] = handled
- (98) } # authenticate = handled
- (98) Using Post-Auth-Type Challenge
- (98) Post-Auth-Type sub-section not found. Ignoring.
- (98) # Executing group from file /etc/raddb/sites-enabled/default
- (98) Sent Access-Challenge Id 122 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (98) EAP-Message = 0x0163009f19001603010059020000550301573f503ed0837d391103fb378bdd8d2a6de0737b22cd7f632d8359d980ce9c9020274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030c2f3d07044b64546
- (98) Message-Authenticator = 0x00000000000000000000000000000000
- (98) State = 0x2c1c17b42d7f0e3c9f7f86997a0aed31
- (98) Finished request
- Waking up in 2.3 seconds.
- (99) Received Access-Request Id 123 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (99) User-Name = "vkratsberg"
- (99) NAS-Port = 358
- (99) State = 0x2c1c17b42d7f0e3c9f7f86997a0aed31
- (99) EAP-Message = 0x0263004519800000003b1403010001011603010030991dc152ca1ad3238f263a379cda4409facb6b529366c0d843e9d768cc2c7360701d5c9ea37dc7e3a38d6d2cbb34225c
- (99) Message-Authenticator = 0xd17b4dddc0460a9ea2a87245426d7e7f
- (99) Acct-Session-Id = "8O2.1x81bb084a0003e8e0"
- (99) NAS-Port-Id = "ge-3/0/6.0"
- (99) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (99) Called-Station-Id = "ec-3e-f7-68-35-00"
- (99) NAS-IP-Address = 10.8.0.111
- (99) NAS-Identifier = "nyc-access-sw011"
- (99) NAS-Port-Type = Ethernet
- (99) session-state: No cached attributes
- (99) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (99) authorize {
- (99) policy filter_username {
- (99) if (&User-Name) {
- (99) if (&User-Name) -> TRUE
- (99) if (&User-Name) {
- (99) if (&User-Name =~ / /) {
- (99) if (&User-Name =~ / /) -> FALSE
- (99) if (&User-Name =~ /@[^@]*@/ ) {
- (99) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (99) if (&User-Name =~ /\.\./ ) {
- (99) if (&User-Name =~ /\.\./ ) -> FALSE
- (99) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (99) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (99) if (&User-Name =~ /\.$/) {
- (99) if (&User-Name =~ /\.$/) -> FALSE
- (99) if (&User-Name =~ /@\./) {
- (99) if (&User-Name =~ /@\./) -> FALSE
- (99) } # if (&User-Name) = notfound
- (99) } # policy filter_username = notfound
- (99) [preprocess] = ok
- (99) [chap] = noop
- (99) [mschap] = noop
- (99) [digest] = noop
- (99) suffix: Checking for suffix after "@"
- (99) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (99) suffix: No such realm "NULL"
- (99) [suffix] = noop
- (99) eap: Peer sent EAP Response (code 2) ID 99 length 69
- (99) eap: Continuing tunnel setup
- (99) [eap] = ok
- (99) } # authorize = ok
- (99) Found Auth-Type = eap
- (99) # Executing group from file /etc/raddb/sites-enabled/default
- (99) authenticate {
- (99) eap: Expiring EAP session with state 0x2c1c17b42d7f0e3c
- (99) eap: Finished EAP session with state 0x2c1c17b42d7f0e3c
- (99) eap: Previous EAP request found for state 0x2c1c17b42d7f0e3c, released from the list
- (99) eap: Peer sent packet with method EAP PEAP (25)
- (99) eap: Calling submodule eap_peap to process data
- (99) eap_peap: Continuing EAP-TLS
- (99) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (99) eap_peap: Got complete TLS record (59 bytes)
- (99) eap_peap: [eaptls verify] = length included
- (99) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (99) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (99) eap_peap: TLS_accept: SSLv3 read finished A
- (99) eap_peap: (other): SSL negotiation finished successfully
- (99) eap_peap: SSL Connection Established
- (99) eap_peap: SSL Application Data
- (99) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (99) eap_peap: reply:User-Name = "vkratsberg"
- (99) eap_peap: [eaptls process] = success
- (99) eap_peap: Session established. Decoding tunneled attributes
- (99) eap_peap: PEAP state TUNNEL ESTABLISHED
- (99) eap_peap: Skipping Phase2 because of session resumption
- (99) eap_peap: SUCCESS
- (99) eap: Sending EAP Request (code 1) ID 100 length 43
- (99) eap: EAP session adding &reply:State = 0x2c1c17b42e780e3c
- (99) [eap] = handled
- (99) } # authenticate = handled
- (99) Using Post-Auth-Type Challenge
- (99) Post-Auth-Type sub-section not found. Ignoring.
- (99) # Executing group from file /etc/raddb/sites-enabled/default
- (99) Sent Access-Challenge Id 123 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (99) User-Name = "vkratsberg"
- (99) EAP-Message = 0x0164002b190017030100205e43efacac3b2c03d39faabf34e18424d7db7c016b7993b299576d9bdecf7289
- (99) Message-Authenticator = 0x00000000000000000000000000000000
- (99) State = 0x2c1c17b42e780e3c9f7f86997a0aed31
- (99) Finished request
- Waking up in 2.3 seconds.
- (100) Received Access-Request Id 124 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (100) User-Name = "vkratsberg"
- (100) NAS-Port = 358
- (100) State = 0x2c1c17b42e780e3c9f7f86997a0aed31
- (100) EAP-Message = 0x0264002b19001703010020532f4070ed29a7969a4776572c709ec686f494278a16321227b4d41265fa1562
- (100) Message-Authenticator = 0x54ad459699cdd67acaa88786184df8cc
- (100) Acct-Session-Id = "8O2.1x81bb084a0003e8e0"
- (100) NAS-Port-Id = "ge-3/0/6.0"
- (100) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (100) Called-Station-Id = "ec-3e-f7-68-35-00"
- (100) NAS-IP-Address = 10.8.0.111
- (100) NAS-Identifier = "nyc-access-sw011"
- (100) NAS-Port-Type = Ethernet
- (100) session-state: No cached attributes
- (100) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (100) authorize {
- (100) policy filter_username {
- (100) if (&User-Name) {
- (100) if (&User-Name) -> TRUE
- (100) if (&User-Name) {
- (100) if (&User-Name =~ / /) {
- (100) if (&User-Name =~ / /) -> FALSE
- (100) if (&User-Name =~ /@[^@]*@/ ) {
- (100) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (100) if (&User-Name =~ /\.\./ ) {
- (100) if (&User-Name =~ /\.\./ ) -> FALSE
- (100) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (100) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (100) if (&User-Name =~ /\.$/) {
- (100) if (&User-Name =~ /\.$/) -> FALSE
- (100) if (&User-Name =~ /@\./) {
- (100) if (&User-Name =~ /@\./) -> FALSE
- (100) } # if (&User-Name) = notfound
- (100) } # policy filter_username = notfound
- (100) [preprocess] = ok
- (100) [chap] = noop
- (100) [mschap] = noop
- (100) [digest] = noop
- (100) suffix: Checking for suffix after "@"
- (100) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (100) suffix: No such realm "NULL"
- (100) [suffix] = noop
- (100) eap: Peer sent EAP Response (code 2) ID 100 length 43
- (100) eap: Continuing tunnel setup
- (100) [eap] = ok
- (100) } # authorize = ok
- (100) Found Auth-Type = eap
- (100) # Executing group from file /etc/raddb/sites-enabled/default
- (100) authenticate {
- (100) eap: Expiring EAP session with state 0x2c1c17b42e780e3c
- (100) eap: Finished EAP session with state 0x2c1c17b42e780e3c
- (100) eap: Previous EAP request found for state 0x2c1c17b42e780e3c, released from the list
- (100) eap: Peer sent packet with method EAP PEAP (25)
- (100) eap: Calling submodule eap_peap to process data
- (100) eap_peap: Continuing EAP-TLS
- (100) eap_peap: [eaptls verify] = ok
- (100) eap_peap: Done initial handshake
- (100) eap_peap: [eaptls process] = ok
- (100) eap_peap: Session established. Decoding tunneled attributes
- (100) eap_peap: PEAP state send tlv success
- (100) eap_peap: Received EAP-TLV response
- (100) eap_peap: Success
- (100) eap_peap: No saved attributes in the original Access-Accept
- (100) eap: Sending EAP Success (code 3) ID 100 length 4
- (100) eap: Freeing handler
- (100) [eap] = ok
- (100) } # authenticate = ok
- (100) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (100) post-auth {
- (100) update {
- (100) No attributes updated
- (100) } # update = noop
- (100) [exec] = noop
- (100) policy remove_reply_message_if_eap {
- (100) if (&reply:EAP-Message && &reply:Reply-Message) {
- (100) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (100) else {
- (100) [noop] = noop
- (100) } # else = noop
- (100) } # policy remove_reply_message_if_eap = noop
- (100) } # post-auth = noop
- (100) Sent Access-Accept Id 124 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (100) MS-MPPE-Recv-Key = 0x98a19e084b1eb1999a4ffcec23251d54be4f668d264b0f9540487ff3e7265e26
- (100) MS-MPPE-Send-Key = 0x92799a3e159a30ef72f75c855b0011c79291a042e0425dc9bdd423a855698ff5
- (100) EAP-Message = 0x03640004
- (100) Message-Authenticator = 0x00000000000000000000000000000000
- (100) User-Name = "vkratsberg"
- (100) Finished request
- Waking up in 2.3 seconds.
- (101) Received Access-Request Id 125 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (101) User-Name = "vkratsberg"
- (101) NAS-Port = 358
- (101) EAP-Message = 0x0265000f01766b7261747362657267
- (101) Message-Authenticator = 0x4fb9ee30edfa3bc1eceac62705a5fa84
- (101) Acct-Session-Id = "8O2.1x81bb084b0005868c"
- (101) NAS-Port-Id = "ge-3/0/6.0"
- (101) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (101) Called-Station-Id = "ec-3e-f7-68-35-00"
- (101) NAS-IP-Address = 10.8.0.111
- (101) NAS-Identifier = "nyc-access-sw011"
- (101) NAS-Port-Type = Ethernet
- (101) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (101) authorize {
- (101) policy filter_username {
- (101) if (&User-Name) {
- (101) if (&User-Name) -> TRUE
- (101) if (&User-Name) {
- (101) if (&User-Name =~ / /) {
- (101) if (&User-Name =~ / /) -> FALSE
- (101) if (&User-Name =~ /@[^@]*@/ ) {
- (101) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (101) if (&User-Name =~ /\.\./ ) {
- (101) if (&User-Name =~ /\.\./ ) -> FALSE
- (101) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (101) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (101) if (&User-Name =~ /\.$/) {
- (101) if (&User-Name =~ /\.$/) -> FALSE
- (101) if (&User-Name =~ /@\./) {
- (101) if (&User-Name =~ /@\./) -> FALSE
- (101) } # if (&User-Name) = notfound
- (101) } # policy filter_username = notfound
- (101) [preprocess] = ok
- (101) [chap] = noop
- (101) [mschap] = noop
- (101) [digest] = noop
- (101) suffix: Checking for suffix after "@"
- (101) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (101) suffix: No such realm "NULL"
- (101) [suffix] = noop
- (101) eap: Peer sent EAP Response (code 2) ID 101 length 15
- (101) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (101) [eap] = ok
- (101) } # authorize = ok
- (101) Found Auth-Type = eap
- (101) # Executing group from file /etc/raddb/sites-enabled/default
- (101) authenticate {
- (101) eap: Peer sent packet with method EAP Identity (1)
- (101) eap: Calling submodule eap_peap to process data
- (101) eap_peap: Initiating new EAP-TLS session
- (101) eap_peap: [eaptls start] = request
- (101) eap: Sending EAP Request (code 1) ID 102 length 6
- (101) eap: EAP session adding &reply:State = 0x24a608c024c0111d
- (101) [eap] = handled
- (101) } # authenticate = handled
- (101) Using Post-Auth-Type Challenge
- (101) Post-Auth-Type sub-section not found. Ignoring.
- (101) # Executing group from file /etc/raddb/sites-enabled/default
- (101) Sent Access-Challenge Id 125 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (101) EAP-Message = 0x016600061920
- (101) Message-Authenticator = 0x00000000000000000000000000000000
- (101) State = 0x24a608c024c0111d81e437b9b4015e18
- (101) Finished request
- Waking up in 2.2 seconds.
- (102) Received Access-Request Id 126 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (102) User-Name = "vkratsberg"
- (102) NAS-Port = 358
- (102) State = 0x24a608c024c0111d81e437b9b4015e18
- (102) EAP-Message = 0x026600a31980000000991603010094010000900301573f503ed56ab4645d349533e56680459dfebbb1ab64b08c40551a599191a12e20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (102) Message-Authenticator = 0xa197e84cef07d4a14303722cab1c8b37
- (102) Acct-Session-Id = "8O2.1x81bb084b0005868c"
- (102) NAS-Port-Id = "ge-3/0/6.0"
- (102) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (102) Called-Station-Id = "ec-3e-f7-68-35-00"
- (102) NAS-IP-Address = 10.8.0.111
- (102) NAS-Identifier = "nyc-access-sw011"
- (102) NAS-Port-Type = Ethernet
- (102) session-state: No cached attributes
- (102) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (102) authorize {
- (102) policy filter_username {
- (102) if (&User-Name) {
- (102) if (&User-Name) -> TRUE
- (102) if (&User-Name) {
- (102) if (&User-Name =~ / /) {
- (102) if (&User-Name =~ / /) -> FALSE
- (102) if (&User-Name =~ /@[^@]*@/ ) {
- (102) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (102) if (&User-Name =~ /\.\./ ) {
- (102) if (&User-Name =~ /\.\./ ) -> FALSE
- (102) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (102) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (102) if (&User-Name =~ /\.$/) {
- (102) if (&User-Name =~ /\.$/) -> FALSE
- (102) if (&User-Name =~ /@\./) {
- (102) if (&User-Name =~ /@\./) -> FALSE
- (102) } # if (&User-Name) = notfound
- (102) } # policy filter_username = notfound
- (102) [preprocess] = ok
- (102) [chap] = noop
- (102) [mschap] = noop
- (102) [digest] = noop
- (102) suffix: Checking for suffix after "@"
- (102) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (102) suffix: No such realm "NULL"
- (102) [suffix] = noop
- (102) eap: Peer sent EAP Response (code 2) ID 102 length 163
- (102) eap: Continuing tunnel setup
- (102) [eap] = ok
- (102) } # authorize = ok
- (102) Found Auth-Type = eap
- (102) # Executing group from file /etc/raddb/sites-enabled/default
- (102) authenticate {
- (102) eap: Expiring EAP session with state 0x24a608c024c0111d
- (102) eap: Finished EAP session with state 0x24a608c024c0111d
- (102) eap: Previous EAP request found for state 0x24a608c024c0111d, released from the list
- (102) eap: Peer sent packet with method EAP PEAP (25)
- (102) eap: Calling submodule eap_peap to process data
- (102) eap_peap: Continuing EAP-TLS
- (102) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (102) eap_peap: Got complete TLS record (153 bytes)
- (102) eap_peap: [eaptls verify] = length included
- (102) eap_peap: (other): before/accept initialization
- (102) eap_peap: TLS_accept: before/accept initialization
- (102) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (102) eap_peap: TLS_accept: SSLv3 read client hello A
- (102) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (102) eap_peap: TLS_accept: SSLv3 write server hello A
- (102) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (102) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (102) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (102) eap_peap: TLS_accept: SSLv3 write finished A
- (102) eap_peap: TLS_accept: SSLv3 flush data
- (102) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (102) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (102) eap_peap: In SSL Handshake Phase
- (102) eap_peap: In SSL Accept mode
- (102) eap_peap: [eaptls process] = handled
- (102) eap: Sending EAP Request (code 1) ID 103 length 159
- (102) eap: EAP session adding &reply:State = 0x24a608c025c1111d
- (102) [eap] = handled
- (102) } # authenticate = handled
- (102) Using Post-Auth-Type Challenge
- (102) Post-Auth-Type sub-section not found. Ignoring.
- (102) # Executing group from file /etc/raddb/sites-enabled/default
- (102) Sent Access-Challenge Id 126 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (102) EAP-Message = 0x0167009f19001603010059020000550301573f503e72facb0c583779b3179aedb0ddf4a966de439d4bd7e0cb8e91237cd920274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b000403000102140301000101160301003083b18f8cc835cd24
- (102) Message-Authenticator = 0x00000000000000000000000000000000
- (102) State = 0x24a608c025c1111d81e437b9b4015e18
- (102) Finished request
- Waking up in 2.2 seconds.
- (103) Received Access-Request Id 127 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (103) User-Name = "vkratsberg"
- (103) NAS-Port = 358
- (103) State = 0x24a608c025c1111d81e437b9b4015e18
- (103) EAP-Message = 0x0267004519800000003b1403010001011603010030e90138e5b4ce00ca45eed9d71b48d9fc7814ed133faacc9bf0489a142cb59553cb3293d383592723db7c4794dd6ca5c4
- (103) Message-Authenticator = 0x09c12b3bd8aa51cd64bbfe7e424efec9
- (103) Acct-Session-Id = "8O2.1x81bb084b0005868c"
- (103) NAS-Port-Id = "ge-3/0/6.0"
- (103) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (103) Called-Station-Id = "ec-3e-f7-68-35-00"
- (103) NAS-IP-Address = 10.8.0.111
- (103) NAS-Identifier = "nyc-access-sw011"
- (103) NAS-Port-Type = Ethernet
- (103) session-state: No cached attributes
- (103) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (103) authorize {
- (103) policy filter_username {
- (103) if (&User-Name) {
- (103) if (&User-Name) -> TRUE
- (103) if (&User-Name) {
- (103) if (&User-Name =~ / /) {
- (103) if (&User-Name =~ / /) -> FALSE
- (103) if (&User-Name =~ /@[^@]*@/ ) {
- (103) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (103) if (&User-Name =~ /\.\./ ) {
- (103) if (&User-Name =~ /\.\./ ) -> FALSE
- (103) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (103) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (103) if (&User-Name =~ /\.$/) {
- (103) if (&User-Name =~ /\.$/) -> FALSE
- (103) if (&User-Name =~ /@\./) {
- (103) if (&User-Name =~ /@\./) -> FALSE
- (103) } # if (&User-Name) = notfound
- (103) } # policy filter_username = notfound
- (103) [preprocess] = ok
- (103) [chap] = noop
- (103) [mschap] = noop
- (103) [digest] = noop
- (103) suffix: Checking for suffix after "@"
- (103) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (103) suffix: No such realm "NULL"
- (103) [suffix] = noop
- (103) eap: Peer sent EAP Response (code 2) ID 103 length 69
- (103) eap: Continuing tunnel setup
- (103) [eap] = ok
- (103) } # authorize = ok
- (103) Found Auth-Type = eap
- (103) # Executing group from file /etc/raddb/sites-enabled/default
- (103) authenticate {
- (103) eap: Expiring EAP session with state 0x24a608c025c1111d
- (103) eap: Finished EAP session with state 0x24a608c025c1111d
- (103) eap: Previous EAP request found for state 0x24a608c025c1111d, released from the list
- (103) eap: Peer sent packet with method EAP PEAP (25)
- (103) eap: Calling submodule eap_peap to process data
- (103) eap_peap: Continuing EAP-TLS
- (103) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (103) eap_peap: Got complete TLS record (59 bytes)
- (103) eap_peap: [eaptls verify] = length included
- (103) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (103) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (103) eap_peap: TLS_accept: SSLv3 read finished A
- (103) eap_peap: (other): SSL negotiation finished successfully
- (103) eap_peap: SSL Connection Established
- (103) eap_peap: SSL Application Data
- (103) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (103) eap_peap: reply:User-Name = "vkratsberg"
- (103) eap_peap: [eaptls process] = success
- (103) eap_peap: Session established. Decoding tunneled attributes
- (103) eap_peap: PEAP state TUNNEL ESTABLISHED
- (103) eap_peap: Skipping Phase2 because of session resumption
- (103) eap_peap: SUCCESS
- (103) eap: Sending EAP Request (code 1) ID 104 length 43
- (103) eap: EAP session adding &reply:State = 0x24a608c026ce111d
- (103) [eap] = handled
- (103) } # authenticate = handled
- (103) Using Post-Auth-Type Challenge
- (103) Post-Auth-Type sub-section not found. Ignoring.
- (103) # Executing group from file /etc/raddb/sites-enabled/default
- (103) Sent Access-Challenge Id 127 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (103) User-Name = "vkratsberg"
- (103) EAP-Message = 0x0168002b190017030100204cf3f2b354d96fe2a59b44d7199a6f52e3200520e62e7304e073c2d25a1ea45a
- (103) Message-Authenticator = 0x00000000000000000000000000000000
- (103) State = 0x24a608c026ce111d81e437b9b4015e18
- (103) Finished request
- Waking up in 2.2 seconds.
- (104) Received Access-Request Id 128 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (104) User-Name = "vkratsberg"
- (104) NAS-Port = 358
- (104) State = 0x24a608c026ce111d81e437b9b4015e18
- (104) EAP-Message = 0x0268002b190017030100209f8d22eed960e85d4b2b80e2ae0f628a148651baff16d38cdf0ab1fbbe21a953
- (104) Message-Authenticator = 0x6784b214786030cb9526d336b0b049f3
- (104) Acct-Session-Id = "8O2.1x81bb084b0005868c"
- (104) NAS-Port-Id = "ge-3/0/6.0"
- (104) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (104) Called-Station-Id = "ec-3e-f7-68-35-00"
- (104) NAS-IP-Address = 10.8.0.111
- (104) NAS-Identifier = "nyc-access-sw011"
- (104) NAS-Port-Type = Ethernet
- (104) session-state: No cached attributes
- (104) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (104) authorize {
- (104) policy filter_username {
- (104) if (&User-Name) {
- (104) if (&User-Name) -> TRUE
- (104) if (&User-Name) {
- (104) if (&User-Name =~ / /) {
- (104) if (&User-Name =~ / /) -> FALSE
- (104) if (&User-Name =~ /@[^@]*@/ ) {
- (104) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (104) if (&User-Name =~ /\.\./ ) {
- (104) if (&User-Name =~ /\.\./ ) -> FALSE
- (104) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (104) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (104) if (&User-Name =~ /\.$/) {
- (104) if (&User-Name =~ /\.$/) -> FALSE
- (104) if (&User-Name =~ /@\./) {
- (104) if (&User-Name =~ /@\./) -> FALSE
- (104) } # if (&User-Name) = notfound
- (104) } # policy filter_username = notfound
- (104) [preprocess] = ok
- (104) [chap] = noop
- (104) [mschap] = noop
- (104) [digest] = noop
- (104) suffix: Checking for suffix after "@"
- (104) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (104) suffix: No such realm "NULL"
- (104) [suffix] = noop
- (104) eap: Peer sent EAP Response (code 2) ID 104 length 43
- (104) eap: Continuing tunnel setup
- (104) [eap] = ok
- (104) } # authorize = ok
- (104) Found Auth-Type = eap
- (104) # Executing group from file /etc/raddb/sites-enabled/default
- (104) authenticate {
- (104) eap: Expiring EAP session with state 0x24a608c026ce111d
- (104) eap: Finished EAP session with state 0x24a608c026ce111d
- (104) eap: Previous EAP request found for state 0x24a608c026ce111d, released from the list
- (104) eap: Peer sent packet with method EAP PEAP (25)
- (104) eap: Calling submodule eap_peap to process data
- (104) eap_peap: Continuing EAP-TLS
- (104) eap_peap: [eaptls verify] = ok
- (104) eap_peap: Done initial handshake
- (104) eap_peap: [eaptls process] = ok
- (104) eap_peap: Session established. Decoding tunneled attributes
- (104) eap_peap: PEAP state send tlv success
- (104) eap_peap: Received EAP-TLV response
- (104) eap_peap: Success
- (104) eap_peap: No saved attributes in the original Access-Accept
- (104) eap: Sending EAP Success (code 3) ID 104 length 4
- (104) eap: Freeing handler
- (104) [eap] = ok
- (104) } # authenticate = ok
- (104) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (104) post-auth {
- (104) update {
- (104) No attributes updated
- (104) } # update = noop
- (104) [exec] = noop
- (104) policy remove_reply_message_if_eap {
- (104) if (&reply:EAP-Message && &reply:Reply-Message) {
- (104) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (104) else {
- (104) [noop] = noop
- (104) } # else = noop
- (104) } # policy remove_reply_message_if_eap = noop
- (104) } # post-auth = noop
- (104) Sent Access-Accept Id 128 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (104) MS-MPPE-Recv-Key = 0xc2d72280488203e380e06836087c1be2130b17b891ac39cea8cca0cb6013368f
- (104) MS-MPPE-Send-Key = 0x2aef80403bb6b5faae9f0d031fa01f616330b19d89744b617c0d7f7493ed3dd2
- (104) EAP-Message = 0x03680004
- (104) Message-Authenticator = 0x00000000000000000000000000000000
- (104) User-Name = "vkratsberg"
- (104) Finished request
- Waking up in 2.2 seconds.
- (105) Received Access-Request Id 129 from 10.8.0.111:58432 to 10.8.64.155:1812 length 177
- (105) User-Name = "vkratsberg"
- (105) NAS-Port = 358
- (105) EAP-Message = 0x0269000f01766b7261747362657267
- (105) Message-Authenticator = 0x3d7755516c30867e401a0fb94e1177db
- (105) Acct-Session-Id = "8O2.1x81bb084c00071fd5"
- (105) NAS-Port-Id = "ge-3/0/6.0"
- (105) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (105) Called-Station-Id = "ec-3e-f7-68-35-00"
- (105) NAS-IP-Address = 10.8.0.111
- (105) NAS-Identifier = "nyc-access-sw011"
- (105) NAS-Port-Type = Ethernet
- (105) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (105) authorize {
- (105) policy filter_username {
- (105) if (&User-Name) {
- (105) if (&User-Name) -> TRUE
- (105) if (&User-Name) {
- (105) if (&User-Name =~ / /) {
- (105) if (&User-Name =~ / /) -> FALSE
- (105) if (&User-Name =~ /@[^@]*@/ ) {
- (105) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (105) if (&User-Name =~ /\.\./ ) {
- (105) if (&User-Name =~ /\.\./ ) -> FALSE
- (105) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (105) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (105) if (&User-Name =~ /\.$/) {
- (105) if (&User-Name =~ /\.$/) -> FALSE
- (105) if (&User-Name =~ /@\./) {
- (105) if (&User-Name =~ /@\./) -> FALSE
- (105) } # if (&User-Name) = notfound
- (105) } # policy filter_username = notfound
- (105) [preprocess] = ok
- (105) [chap] = noop
- (105) [mschap] = noop
- (105) [digest] = noop
- (105) suffix: Checking for suffix after "@"
- (105) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (105) suffix: No such realm "NULL"
- (105) [suffix] = noop
- (105) eap: Peer sent EAP Response (code 2) ID 105 length 15
- (105) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (105) [eap] = ok
- (105) } # authorize = ok
- (105) Found Auth-Type = eap
- (105) # Executing group from file /etc/raddb/sites-enabled/default
- (105) authenticate {
- (105) eap: Peer sent packet with method EAP Identity (1)
- (105) eap: Calling submodule eap_peap to process data
- (105) eap_peap: Initiating new EAP-TLS session
- (105) eap_peap: [eaptls start] = request
- (105) eap: Sending EAP Request (code 1) ID 106 length 6
- (105) eap: EAP session adding &reply:State = 0x1d99cdfb1df3d417
- (105) [eap] = handled
- (105) } # authenticate = handled
- (105) Using Post-Auth-Type Challenge
- (105) Post-Auth-Type sub-section not found. Ignoring.
- (105) # Executing group from file /etc/raddb/sites-enabled/default
- (105) Sent Access-Challenge Id 129 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (105) EAP-Message = 0x016a00061920
- (105) Message-Authenticator = 0x00000000000000000000000000000000
- (105) State = 0x1d99cdfb1df3d4170bd1ad507d2b4f7b
- (105) Finished request
- Waking up in 2.1 seconds.
- (106) Received Access-Request Id 130 from 10.8.0.111:58432 to 10.8.64.155:1812 length 343
- (106) User-Name = "vkratsberg"
- (106) NAS-Port = 358
- (106) State = 0x1d99cdfb1df3d4170bd1ad507d2b4f7b
- (106) EAP-Message = 0x026a00a31980000000991603010094010000900301573f503e067c72ab0dead435de8cdf5db7aa389b78d598c5ad21c045cd77256320274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f00
- (106) Message-Authenticator = 0x2204e47e278393256fc5ce0e9fca46c3
- (106) Acct-Session-Id = "8O2.1x81bb084c00071fd5"
- (106) NAS-Port-Id = "ge-3/0/6.0"
- (106) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (106) Called-Station-Id = "ec-3e-f7-68-35-00"
- (106) NAS-IP-Address = 10.8.0.111
- (106) NAS-Identifier = "nyc-access-sw011"
- (106) NAS-Port-Type = Ethernet
- (106) session-state: No cached attributes
- (106) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (106) authorize {
- (106) policy filter_username {
- (106) if (&User-Name) {
- (106) if (&User-Name) -> TRUE
- (106) if (&User-Name) {
- (106) if (&User-Name =~ / /) {
- (106) if (&User-Name =~ / /) -> FALSE
- (106) if (&User-Name =~ /@[^@]*@/ ) {
- (106) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (106) if (&User-Name =~ /\.\./ ) {
- (106) if (&User-Name =~ /\.\./ ) -> FALSE
- (106) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (106) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (106) if (&User-Name =~ /\.$/) {
- (106) if (&User-Name =~ /\.$/) -> FALSE
- (106) if (&User-Name =~ /@\./) {
- (106) if (&User-Name =~ /@\./) -> FALSE
- (106) } # if (&User-Name) = notfound
- (106) } # policy filter_username = notfound
- (106) [preprocess] = ok
- (106) [chap] = noop
- (106) [mschap] = noop
- (106) [digest] = noop
- (106) suffix: Checking for suffix after "@"
- (106) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (106) suffix: No such realm "NULL"
- (106) [suffix] = noop
- (106) eap: Peer sent EAP Response (code 2) ID 106 length 163
- (106) eap: Continuing tunnel setup
- (106) [eap] = ok
- (106) } # authorize = ok
- (106) Found Auth-Type = eap
- (106) # Executing group from file /etc/raddb/sites-enabled/default
- (106) authenticate {
- (106) eap: Expiring EAP session with state 0x1d99cdfb1df3d417
- (106) eap: Finished EAP session with state 0x1d99cdfb1df3d417
- (106) eap: Previous EAP request found for state 0x1d99cdfb1df3d417, released from the list
- (106) eap: Peer sent packet with method EAP PEAP (25)
- (106) eap: Calling submodule eap_peap to process data
- (106) eap_peap: Continuing EAP-TLS
- (106) eap_peap: Peer indicated complete TLS record size will be 153 bytes
- (106) eap_peap: Got complete TLS record (153 bytes)
- (106) eap_peap: [eaptls verify] = length included
- (106) eap_peap: (other): before/accept initialization
- (106) eap_peap: TLS_accept: before/accept initialization
- (106) eap_peap: <<< recv TLS 1.0 Handshake [length 0094], ClientHello
- (106) eap_peap: TLS_accept: SSLv3 read client hello A
- (106) eap_peap: >>> send TLS 1.0 Handshake [length 0059], ServerHello
- (106) eap_peap: TLS_accept: SSLv3 write server hello A
- (106) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001]
- (106) eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (106) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished
- (106) eap_peap: TLS_accept: SSLv3 write finished A
- (106) eap_peap: TLS_accept: SSLv3 flush data
- (106) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (106) eap_peap: TLS_accept: Need to read more data: SSLv3 read finished A
- (106) eap_peap: In SSL Handshake Phase
- (106) eap_peap: In SSL Accept mode
- (106) eap_peap: [eaptls process] = handled
- (106) eap: Sending EAP Request (code 1) ID 107 length 159
- (106) eap: EAP session adding &reply:State = 0x1d99cdfb1cf2d417
- (106) [eap] = handled
- (106) } # authenticate = handled
- (106) Using Post-Auth-Type Challenge
- (106) Post-Auth-Type sub-section not found. Ignoring.
- (106) # Executing group from file /etc/raddb/sites-enabled/default
- (106) Sent Access-Challenge Id 130 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (106) EAP-Message = 0x016b009f19001603010059020000550301573f503e1bc3d040156caa8a5eae67b2639d18dafcedf462a8ee4ecd358817de20274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0c01400000dff01000100000b0004030001021403010001011603010030884a5ec9d690f5f9
- (106) Message-Authenticator = 0x00000000000000000000000000000000
- (106) State = 0x1d99cdfb1cf2d4170bd1ad507d2b4f7b
- (106) Finished request
- Waking up in 2.1 seconds.
- (107) Received Access-Request Id 131 from 10.8.0.111:58432 to 10.8.64.155:1812 length 249
- (107) User-Name = "vkratsberg"
- (107) NAS-Port = 358
- (107) State = 0x1d99cdfb1cf2d4170bd1ad507d2b4f7b
- (107) EAP-Message = 0x026b004519800000003b1403010001011603010030c936eb08b7bb1fc1daadb789aed1303be1814a8fe2b0f5f93fe1cd7df2e951546f0b92a87c993e4528b6f4749cc33f72
- (107) Message-Authenticator = 0x3d8216be085c941af434341f2eff0d2e
- (107) Acct-Session-Id = "8O2.1x81bb084c00071fd5"
- (107) NAS-Port-Id = "ge-3/0/6.0"
- (107) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (107) Called-Station-Id = "ec-3e-f7-68-35-00"
- (107) NAS-IP-Address = 10.8.0.111
- (107) NAS-Identifier = "nyc-access-sw011"
- (107) NAS-Port-Type = Ethernet
- (107) session-state: No cached attributes
- (107) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (107) authorize {
- (107) policy filter_username {
- (107) if (&User-Name) {
- (107) if (&User-Name) -> TRUE
- (107) if (&User-Name) {
- (107) if (&User-Name =~ / /) {
- (107) if (&User-Name =~ / /) -> FALSE
- (107) if (&User-Name =~ /@[^@]*@/ ) {
- (107) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (107) if (&User-Name =~ /\.\./ ) {
- (107) if (&User-Name =~ /\.\./ ) -> FALSE
- (107) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (107) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (107) if (&User-Name =~ /\.$/) {
- (107) if (&User-Name =~ /\.$/) -> FALSE
- (107) if (&User-Name =~ /@\./) {
- (107) if (&User-Name =~ /@\./) -> FALSE
- (107) } # if (&User-Name) = notfound
- (107) } # policy filter_username = notfound
- (107) [preprocess] = ok
- (107) [chap] = noop
- (107) [mschap] = noop
- (107) [digest] = noop
- (107) suffix: Checking for suffix after "@"
- (107) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (107) suffix: No such realm "NULL"
- (107) [suffix] = noop
- (107) eap: Peer sent EAP Response (code 2) ID 107 length 69
- (107) eap: Continuing tunnel setup
- (107) [eap] = ok
- (107) } # authorize = ok
- (107) Found Auth-Type = eap
- (107) # Executing group from file /etc/raddb/sites-enabled/default
- (107) authenticate {
- (107) eap: Expiring EAP session with state 0x1d99cdfb1cf2d417
- (107) eap: Finished EAP session with state 0x1d99cdfb1cf2d417
- (107) eap: Previous EAP request found for state 0x1d99cdfb1cf2d417, released from the list
- (107) eap: Peer sent packet with method EAP PEAP (25)
- (107) eap: Calling submodule eap_peap to process data
- (107) eap_peap: Continuing EAP-TLS
- (107) eap_peap: Peer indicated complete TLS record size will be 59 bytes
- (107) eap_peap: Got complete TLS record (59 bytes)
- (107) eap_peap: [eaptls verify] = length included
- (107) eap_peap: <<< recv TLS 1.0 ChangeCipherSpec [length 0001]
- (107) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished
- (107) eap_peap: TLS_accept: SSLv3 read finished A
- (107) eap_peap: (other): SSL negotiation finished successfully
- (107) eap_peap: SSL Connection Established
- (107) eap_peap: SSL Application Data
- (107) eap_peap: Adding cached attributes from session 274ecbf5f7260bee32f90278cbdad23d323ff8579c1e7982a3121729eaf184a0
- (107) eap_peap: reply:User-Name = "vkratsberg"
- (107) eap_peap: [eaptls process] = success
- (107) eap_peap: Session established. Decoding tunneled attributes
- (107) eap_peap: PEAP state TUNNEL ESTABLISHED
- (107) eap_peap: Skipping Phase2 because of session resumption
- (107) eap_peap: SUCCESS
- (107) eap: Sending EAP Request (code 1) ID 108 length 43
- (107) eap: EAP session adding &reply:State = 0x1d99cdfb1ff5d417
- (107) [eap] = handled
- (107) } # authenticate = handled
- (107) Using Post-Auth-Type Challenge
- (107) Post-Auth-Type sub-section not found. Ignoring.
- (107) # Executing group from file /etc/raddb/sites-enabled/default
- (107) Sent Access-Challenge Id 131 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (107) User-Name = "vkratsberg"
- (107) EAP-Message = 0x016c002b190017030100200d4ddd02206209834e2064ec16746ec90c88250f726c286409514b27ec5957c2
- (107) Message-Authenticator = 0x00000000000000000000000000000000
- (107) State = 0x1d99cdfb1ff5d4170bd1ad507d2b4f7b
- (107) Finished request
- Waking up in 2.1 seconds.
- (108) Received Access-Request Id 132 from 10.8.0.111:58432 to 10.8.64.155:1812 length 223
- (108) User-Name = "vkratsberg"
- (108) NAS-Port = 358
- (108) State = 0x1d99cdfb1ff5d4170bd1ad507d2b4f7b
- (108) EAP-Message = 0x026c002b190017030100200ce3d21a1382eb22fb48436cd1458fd11b330aff627731f9d3f083babf2ccfd0
- (108) Message-Authenticator = 0x0ad4a8e93fb7cc8581ff7b74b64c2060
- (108) Acct-Session-Id = "8O2.1x81bb084c00071fd5"
- (108) NAS-Port-Id = "ge-3/0/6.0"
- (108) Calling-Station-Id = "00-e0-4c-b8-16-4d"
- (108) Called-Station-Id = "ec-3e-f7-68-35-00"
- (108) NAS-IP-Address = 10.8.0.111
- (108) NAS-Identifier = "nyc-access-sw011"
- (108) NAS-Port-Type = Ethernet
- (108) session-state: No cached attributes
- (108) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (108) authorize {
- (108) policy filter_username {
- (108) if (&User-Name) {
- (108) if (&User-Name) -> TRUE
- (108) if (&User-Name) {
- (108) if (&User-Name =~ / /) {
- (108) if (&User-Name =~ / /) -> FALSE
- (108) if (&User-Name =~ /@[^@]*@/ ) {
- (108) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (108) if (&User-Name =~ /\.\./ ) {
- (108) if (&User-Name =~ /\.\./ ) -> FALSE
- (108) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (108) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (108) if (&User-Name =~ /\.$/) {
- (108) if (&User-Name =~ /\.$/) -> FALSE
- (108) if (&User-Name =~ /@\./) {
- (108) if (&User-Name =~ /@\./) -> FALSE
- (108) } # if (&User-Name) = notfound
- (108) } # policy filter_username = notfound
- (108) [preprocess] = ok
- (108) [chap] = noop
- (108) [mschap] = noop
- (108) [digest] = noop
- (108) suffix: Checking for suffix after "@"
- (108) suffix: No '@' in User-Name = "vkratsberg", looking up realm NULL
- (108) suffix: No such realm "NULL"
- (108) [suffix] = noop
- (108) eap: Peer sent EAP Response (code 2) ID 108 length 43
- (108) eap: Continuing tunnel setup
- (108) [eap] = ok
- (108) } # authorize = ok
- (108) Found Auth-Type = eap
- (108) # Executing group from file /etc/raddb/sites-enabled/default
- (108) authenticate {
- (108) eap: Expiring EAP session with state 0x1d99cdfb1ff5d417
- (108) eap: Finished EAP session with state 0x1d99cdfb1ff5d417
- (108) eap: Previous EAP request found for state 0x1d99cdfb1ff5d417, released from the list
- (108) eap: Peer sent packet with method EAP PEAP (25)
- (108) eap: Calling submodule eap_peap to process data
- (108) eap_peap: Continuing EAP-TLS
- (108) eap_peap: [eaptls verify] = ok
- (108) eap_peap: Done initial handshake
- (108) eap_peap: [eaptls process] = ok
- (108) eap_peap: Session established. Decoding tunneled attributes
- (108) eap_peap: PEAP state send tlv success
- (108) eap_peap: Received EAP-TLV response
- (108) eap_peap: Success
- (108) eap_peap: No saved attributes in the original Access-Accept
- (108) eap: Sending EAP Success (code 3) ID 108 length 4
- (108) eap: Freeing handler
- (108) [eap] = ok
- (108) } # authenticate = ok
- (108) # Executing section post-auth from file /etc/raddb/sites-enabled/default
- (108) post-auth {
- (108) update {
- (108) No attributes updated
- (108) } # update = noop
- (108) [exec] = noop
- (108) policy remove_reply_message_if_eap {
- (108) if (&reply:EAP-Message && &reply:Reply-Message) {
- (108) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (108) else {
- (108) [noop] = noop
- (108) } # else = noop
- (108) } # policy remove_reply_message_if_eap = noop
- (108) } # post-auth = noop
- (108) Sent Access-Accept Id 132 from 10.8.64.155:1812 to 10.8.0.111:58432 length 0
- (108) MS-MPPE-Recv-Key = 0x3bb1a9f878b8c9cb83b0abd3aa05dff1d7e0ef0af382d7128efdd71f23018fdd
- (108) MS-MPPE-Send-Key = 0x31200eee66e51e31cda2deaed087641235748504e36d45ad0d54a23fbbfff780
- (108) EAP-Message = 0x036c0004
- (108) Message-Authenticator = 0x00000000000000000000000000000000
- (108) User-Name = "vkratsberg"
- (108) Finished request
- Waking up in 2.1 seconds.
- (0) Cleaning up request packet ID 24 with timestamp +6
- (1) Cleaning up request packet ID 25 with timestamp +6
- (2) Cleaning up request packet ID 26 with timestamp +6
- (3) Cleaning up request packet ID 27 with timestamp +6
- (4) Cleaning up request packet ID 28 with timestamp +6
- (5) Cleaning up request packet ID 29 with timestamp +6
- (6) Cleaning up request packet ID 30 with timestamp +6
- (7) Cleaning up request packet ID 31 with timestamp +6
- (8) Cleaning up request packet ID 32 with timestamp +6
- Waking up in 0.1 seconds.
- (9) Cleaning up request packet ID 33 with timestamp +6
- (10) Cleaning up request packet ID 34 with timestamp +6
- (11) Cleaning up request packet ID 35 with timestamp +6
- (12) Cleaning up request packet ID 36 with timestamp +6
- (13) Cleaning up request packet ID 37 with timestamp +6
- (14) Cleaning up request packet ID 38 with timestamp +7
- (15) Cleaning up request packet ID 39 with timestamp +7
- (16) Cleaning up request packet ID 40 with timestamp +7
- (17) Cleaning up request packet ID 41 with timestamp +7
- (18) Cleaning up request packet ID 42 with timestamp +7
- (19) Cleaning up request packet ID 43 with timestamp +7
- (20) Cleaning up request packet ID 44 with timestamp +7
- (21) Cleaning up request packet ID 45 with timestamp +7
- (22) Cleaning up request packet ID 46 with timestamp +7
- (23) Cleaning up request packet ID 47 with timestamp +7
- (24) Cleaning up request packet ID 48 with timestamp +7
- (25) Cleaning up request packet ID 49 with timestamp +7
- (26) Cleaning up request packet ID 50 with timestamp +7
- (27) Cleaning up request packet ID 51 with timestamp +7
- (28) Cleaning up request packet ID 52 with timestamp +7
- (29) Cleaning up request packet ID 53 with timestamp +7
- (30) Cleaning up request packet ID 54 with timestamp +7
- (31) Cleaning up request packet ID 55 with timestamp +7
- (32) Cleaning up request packet ID 56 with timestamp +7
- (33) Cleaning up request packet ID 57 with timestamp +7
- (34) Cleaning up request packet ID 58 with timestamp +7
- (35) Cleaning up request packet ID 59 with timestamp +7
- (36) Cleaning up request packet ID 60 with timestamp +7
- (37) Cleaning up request packet ID 61 with timestamp +7
- (38) Cleaning up request packet ID 62 with timestamp +7
- (39) Cleaning up request packet ID 63 with timestamp +7
- (40) Cleaning up request packet ID 64 with timestamp +7
- (41) Cleaning up request packet ID 65 with timestamp +7
- (42) Cleaning up request packet ID 66 with timestamp +7
- (43) Cleaning up request packet ID 67 with timestamp +7
- (44) Cleaning up request packet ID 68 with timestamp +7
- (45) Cleaning up request packet ID 69 with timestamp +7
- (46) Cleaning up request packet ID 70 with timestamp +7
- (47) Cleaning up request packet ID 71 with timestamp +7
- (48) Cleaning up request packet ID 72 with timestamp +7
- (49) Cleaning up request packet ID 73 with timestamp +7
- (50) Cleaning up request packet ID 74 with timestamp +7
- (51) Cleaning up request packet ID 75 with timestamp +7
- (52) Cleaning up request packet ID 76 with timestamp +7
- (53) Cleaning up request packet ID 77 with timestamp +8
- (54) Cleaning up request packet ID 78 with timestamp +8
- (55) Cleaning up request packet ID 79 with timestamp +8
- (56) Cleaning up request packet ID 80 with timestamp +8
- (57) Cleaning up request packet ID 81 with timestamp +8
- (58) Cleaning up request packet ID 82 with timestamp +8
- (59) Cleaning up request packet ID 83 with timestamp +8
- (60) Cleaning up request packet ID 84 with timestamp +8
- (61) Cleaning up request packet ID 85 with timestamp +8
- (62) Cleaning up request packet ID 86 with timestamp +8
- (63) Cleaning up request packet ID 87 with timestamp +8
- (64) Cleaning up request packet ID 88 with timestamp +8
- (65) Cleaning up request packet ID 89 with timestamp +8
- (66) Cleaning up request packet ID 90 with timestamp +8
- (67) Cleaning up request packet ID 91 with timestamp +8
- (68) Cleaning up request packet ID 92 with timestamp +8
- (69) Cleaning up request packet ID 93 with timestamp +8
- (70) Cleaning up request packet ID 94 with timestamp +8
- (71) Cleaning up request packet ID 95 with timestamp +8
- (72) Cleaning up request packet ID 96 with timestamp +8
- (73) Cleaning up request packet ID 97 with timestamp +8
- (74) Cleaning up request packet ID 98 with timestamp +8
- (75) Cleaning up request packet ID 99 with timestamp +8
- (76) Cleaning up request packet ID 100 with timestamp +8
- (77) Cleaning up request packet ID 101 with timestamp +8
- (78) Cleaning up request packet ID 102 with timestamp +8
- (79) Cleaning up request packet ID 103 with timestamp +8
- (80) Cleaning up request packet ID 104 with timestamp +8
- (81) Cleaning up request packet ID 105 with timestamp +8
- (82) Cleaning up request packet ID 106 with timestamp +8
- (83) Cleaning up request packet ID 107 with timestamp +8
- (84) Cleaning up request packet ID 108 with timestamp +8
- (85) Cleaning up request packet ID 109 with timestamp +8
- (86) Cleaning up request packet ID 110 with timestamp +8
- (87) Cleaning up request packet ID 111 with timestamp +8
- (88) Cleaning up request packet ID 112 with timestamp +8
- Waking up in 0.1 seconds.
- (89) Cleaning up request packet ID 113 with timestamp +9
- (90) Cleaning up request packet ID 114 with timestamp +9
- (91) Cleaning up request packet ID 115 with timestamp +9
- (92) Cleaning up request packet ID 116 with timestamp +9
- (93) Cleaning up request packet ID 117 with timestamp +9
- (94) Cleaning up request packet ID 118 with timestamp +9
- (95) Cleaning up request packet ID 119 with timestamp +9
- (96) Cleaning up request packet ID 120 with timestamp +9
- (97) Cleaning up request packet ID 121 with timestamp +9
- (98) Cleaning up request packet ID 122 with timestamp +9
- (99) Cleaning up request packet ID 123 with timestamp +9
- (100) Cleaning up request packet ID 124 with timestamp +9
- (101) Cleaning up request packet ID 125 with timestamp +9
- (102) Cleaning up request packet ID 126 with timestamp +9
- (103) Cleaning up request packet ID 127 with timestamp +9
- (104) Cleaning up request packet ID 128 with timestamp +9
- (105) Cleaning up request packet ID 129 with timestamp +9
- (106) Cleaning up request packet ID 130 with timestamp +9
- (107) Cleaning up request packet ID 131 with timestamp +9
- (108) Cleaning up request packet ID 132 with timestamp +9
Add Comment
Please, Sign In to add comment