freeradius debug

1. rlm_sql (sql): Released connection (14)
2. Need 1 more connections to reach 10 spares
3. rlm_sql (sql): Opening additional connection (19), 1 of 23 pending slots used
4. rlm_sql_mysql: Starting connect to MySQL server
5. rlm_sql_mysql: Connected to database 'radius' on freeraddb via TCP/IP, server version 5.5.5-10.3.31-MariaDB-0ubuntu0.20.04.1-log, protocol version 10
6. (19) [sql] = ok
7. (19) [exec] = noop
8. (19) policy remove_reply_message_if_eap {
9. (19) if (&reply:EAP-Message && &reply:Reply-Message) {
10. (19) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
11. (19) else {
12. (19) [noop] = noop
13. (19) } # else = noop
14. (19) } # policy remove_reply_message_if_eap = noop
15. (19) if (EAP-Key-Name && &reply:EAP-Session-Id) {
16. (19) if (EAP-Key-Name && &reply:EAP-Session-Id) -> FALSE
17. (19) } # post-auth = ok
18. (19) Sent Access-Accept Id 48 from 127.0.0.1:1812 to 127.0.0.1:41572 length 0
19. (19) MS-CHAP-MPPE-Keys = 0x000000000000000007db3f1956e783b80e035b938a27d2aa
20. (19) MS-MPPE-Encryption-Policy = Encryption-Allowed
21. (19) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
22. (19) Finished request
23. Waking up in 4.6 seconds.
24. Aug 26 22:35:48 mstfreerad01 systemd[1]: check_mk@2893-172.16.200.253:6556-172.16.193.173:36926.service: Succeeded.
25. (18) Cleaning up request packet ID 0 with timestamp +496
26. Waking up in 0.3 seconds.
27. (19) Cleaning up request packet ID 48 with timestamp +496
28. Ready to process requests
29. (20) Received Access-Request Id 68 from 10.15.200.15:61772 to 172.16.200.253:1812 length 309
30. (20) User-Name = "CORPORATE\\Raspb.P14"
31. (20) Service-Type = Framed-User
32. (20) Cisco-AVPair = "service-type=Framed"
33. (20) Framed-MTU = 1468
34. (20) EAP-Message = 0x0201001801434f52504f524154455c52617370622e503134
35. (20) Message-Authenticator = 0xeaaa29ac81f3b1fff448cdc85dc9aaa3
36. (20) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
37. (20) Cisco-AVPair = "method=dot1x"
38. (20) Cisco-AVPair = "client-iif-id=346278732"
39. (20) NAS-IP-Address = 10.15.200.15
40. (20) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
41. (20) NAS-Port-Type = Ethernet
42. (20) NAS-Port = 50115
43. (20) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
44. (20) Called-Station-Id = "34-ED-1B-4B-15-8F"
45. (20) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
46. (20) authorize {
47. (20) policy filter_username {
48. (20) if (&User-Name) {
49. (20) if (&User-Name) -> TRUE
50. (20) if (&User-Name) {
51. (20) if (&User-Name =~ / /) {
52. (20) if (&User-Name =~ / /) -> FALSE
53. (20) if (&User-Name =~ /@[^@]*@/ ) {
54. (20) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
55. (20) if (&User-Name =~ /\.\./ ) {
56. (20) if (&User-Name =~ /\.\./ ) -> FALSE
57. (20) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
58. (20) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
59. (20) if (&User-Name =~ /\.$/) {
60. (20) if (&User-Name =~ /\.$/) -> FALSE
61. (20) if (&User-Name =~ /@\./) {
62. (20) if (&User-Name =~ /@\./) -> FALSE
63. (20) } # if (&User-Name) = notfound
64. (20) } # policy filter_username = notfound
65. (20) [preprocess] = ok
66. (20) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
67. (20) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
68. (20) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
69. (20) auth_log: EXPAND %t
70. (20) auth_log: --> Thu Aug 26 22:36:18 2021
71. (20) [auth_log] = ok
72. (20) [mschap] = noop
73. (20) ntdomain: Checking for prefix before "\"
74. (20) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
75. (20) ntdomain: Found realm "CORPORATE"
76. (20) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
77. (20) ntdomain: Adding Realm = "CORPORATE"
78. (20) ntdomain: Authentication realm is LOCAL
79. (20) [ntdomain] = ok
80. (20) eap: Peer sent EAP Response (code 2) ID 1 length 24
81. (20) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
82. (20) [eap] = ok
83. (20) } # authorize = ok
84. (20) Found Auth-Type = eap
85. (20) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
86. (20) authenticate {
87. (20) eap: Peer sent packet with method EAP Identity (1)
88. (20) eap: Calling submodule eap_peap to process data
89. (20) eap_peap: (TLS) Initiating new session
90. (20) eap: Sending EAP Request (code 1) ID 2 length 6
91. (20) eap: EAP session adding &reply:State = 0x68ef777168ed6ef7
92. (20) [eap] = handled
93. (20) } # authenticate = handled
94. (20) Using Post-Auth-Type Challenge
95. (20) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
96. (20) Challenge { ... } # empty sub-section is ignored
97. (20) session-state: Saving cached attributes
98. (20) Framed-MTU = 994
99. (20) Sent Access-Challenge Id 68 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
100. (20) EAP-Message = 0x010200061920
101. (20) Message-Authenticator = 0x00000000000000000000000000000000
102. (20) State = 0x68ef777168ed6ef72d7f5eed64273179
103. (20) Finished request
104. Waking up in 4.9 seconds.
105. (21) Received Access-Request Id 69 from 10.15.200.15:61772 to 172.16.200.253:1812 length 503
106. (21) User-Name = "CORPORATE\\Raspb.P14"
107. (21) Service-Type = Framed-User
108. (21) Cisco-AVPair = "service-type=Framed"
109. (21) Framed-MTU = 1468
110. (21) EAP-Message = 0x020200c81980000000be16030100b9010000b503031cc258e9e427593bdafb5fd88b51224244622ec74f9a5a0e91b6abc3f9d52ab6000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000054000b000403000102000a000c000a001d0017001e001900180016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602
111. (21) Message-Authenticator = 0xefe4412e3558ba16c8273d117042e833
112. (21) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
113. (21) Cisco-AVPair = "method=dot1x"
114. (21) Cisco-AVPair = "client-iif-id=346278732"
115. (21) NAS-IP-Address = 10.15.200.15
116. (21) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
117. (21) NAS-Port-Type = Ethernet
118. (21) NAS-Port = 50115
119. (21) State = 0x68ef777168ed6ef72d7f5eed64273179
120. (21) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
121. (21) Called-Station-Id = "34-ED-1B-4B-15-8F"
122. (21) Restoring &session-state
123. (21) &session-state:Framed-MTU = 994
124. (21) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
125. (21) authorize {
126. (21) policy filter_username {
127. (21) if (&User-Name) {
128. (21) if (&User-Name) -> TRUE
129. (21) if (&User-Name) {
130. (21) if (&User-Name =~ / /) {
131. (21) if (&User-Name =~ / /) -> FALSE
132. (21) if (&User-Name =~ /@[^@]*@/ ) {
133. (21) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
134. (21) if (&User-Name =~ /\.\./ ) {
135. (21) if (&User-Name =~ /\.\./ ) -> FALSE
136. (21) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
137. (21) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
138. (21) if (&User-Name =~ /\.$/) {
139. (21) if (&User-Name =~ /\.$/) -> FALSE
140. (21) if (&User-Name =~ /@\./) {
141. (21) if (&User-Name =~ /@\./) -> FALSE
142. (21) } # if (&User-Name) = notfound
143. (21) } # policy filter_username = notfound
144. (21) [preprocess] = ok
145. (21) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
146. (21) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
147. (21) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
148. (21) auth_log: EXPAND %t
149. (21) auth_log: --> Thu Aug 26 22:36:18 2021
150. (21) [auth_log] = ok
151. (21) [mschap] = noop
152. (21) ntdomain: Checking for prefix before "\"
153. (21) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
154. (21) ntdomain: Found realm "CORPORATE"
155. (21) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
156. (21) ntdomain: Adding Realm = "CORPORATE"
157. (21) ntdomain: Authentication realm is LOCAL
158. (21) [ntdomain] = ok
159. (21) eap: Peer sent EAP Response (code 2) ID 2 length 200
160. (21) eap: Continuing tunnel setup
161. (21) [eap] = ok
162. (21) } # authorize = ok
163. (21) Found Auth-Type = eap
164. (21) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
165. (21) authenticate {
166. (21) eap: Expiring EAP session with state 0x68ef777168ed6ef7
167. (21) eap: Finished EAP session with state 0x68ef777168ed6ef7
168. (21) eap: Previous EAP request found for state 0x68ef777168ed6ef7, released from the list
169. (21) eap: Peer sent packet with method EAP PEAP (25)
170. (21) eap: Calling submodule eap_peap to process data
171. (21) eap_peap: (TLS) EAP Peer says that the final record size will be 190 bytes
172. (21) eap_peap: (TLS) EAP Got all data (190 bytes)
173. (21) eap_peap: (TLS) Handshake state - before SSL initialization
174. (21) eap_peap: (TLS) Handshake state - Server before SSL initialization
175. (21) eap_peap: (TLS) Handshake state - Server before SSL initialization
176. (21) eap_peap: (TLS) recv TLS 1.3 Handshake, ClientHello
177. (21) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read client hello
178. (21) eap_peap: (TLS) send TLS 1.2 Handshake, ServerHello
179. (21) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write server hello
180. (21) eap_peap: (TLS) send TLS 1.2 Handshake, Certificate
181. (21) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write certificate
182. (21) eap_peap: (TLS) send TLS 1.2 Handshake, ServerKeyExchange
183. (21) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write key exchange
184. (21) eap_peap: (TLS) send TLS 1.2 Handshake, ServerHelloDone
185. (21) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write server done
186. (21) eap_peap: (TLS) Server : Need to read more data: SSLv3/TLS write server done
187. (21) eap_peap: (TLS) In Handshake Phase
188. (21) eap: Sending EAP Request (code 1) ID 3 length 1004
189. (21) eap: EAP session adding &reply:State = 0x68ef777169ec6ef7
190. (21) [eap] = handled
191. (21) } # authenticate = handled
192. (21) Using Post-Auth-Type Challenge
193. (21) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
194. (21) Challenge { ... } # empty sub-section is ignored
195. (21) session-state: Saving cached attributes
196. (21) Framed-MTU = 994
197. (21) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
198. (21) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
199. (21) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
200. (21) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
201. (21) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
202. (21) Sent Access-Challenge Id 69 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
203. (21) EAP-Message = 0x010303ec19c000000aa5160303003d020000390303fbfab067d669502031374031eec3dfa5348376bd887c379ba5531f0373ce6f9a00c030000011ff01000100000b0004030001020017000016030309030b0008ff0008fc0003f8308203f4308202dca003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3231303732363134343635345a170d3231303932343134343635345a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d70
204. (21) Message-Authenticator = 0x00000000000000000000000000000000
205. (21) State = 0x68ef777169ec6ef72d7f5eed64273179
206. (21) Finished request
207. Waking up in 4.9 seconds.
208. (22) Received Access-Request Id 70 from 10.15.200.15:61772 to 172.16.200.253:1812 length 309
209. (22) User-Name = "CORPORATE\\Raspb.P14"
210. (22) Service-Type = Framed-User
211. (22) Cisco-AVPair = "service-type=Framed"
212. (22) Framed-MTU = 1468
213. (22) EAP-Message = 0x020300061900
214. (22) Message-Authenticator = 0x22bc4c3b4d39e1d3baf8c085b679696f
215. (22) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
216. (22) Cisco-AVPair = "method=dot1x"
217. (22) Cisco-AVPair = "client-iif-id=346278732"
218. (22) NAS-IP-Address = 10.15.200.15
219. (22) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
220. (22) NAS-Port-Type = Ethernet
221. (22) NAS-Port = 50115
222. (22) State = 0x68ef777169ec6ef72d7f5eed64273179
223. (22) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
224. (22) Called-Station-Id = "34-ED-1B-4B-15-8F"
225. (22) Restoring &session-state
226. (22) &session-state:Framed-MTU = 994
227. (22) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
228. (22) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
229. (22) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
230. (22) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
231. (22) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
232. (22) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
233. (22) authorize {
234. (22) policy filter_username {
235. (22) if (&User-Name) {
236. (22) if (&User-Name) -> TRUE
237. (22) if (&User-Name) {
238. (22) if (&User-Name =~ / /) {
239. (22) if (&User-Name =~ / /) -> FALSE
240. (22) if (&User-Name =~ /@[^@]*@/ ) {
241. (22) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
242. (22) if (&User-Name =~ /\.\./ ) {
243. (22) if (&User-Name =~ /\.\./ ) -> FALSE
244. (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
245. (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
246. (22) if (&User-Name =~ /\.$/) {
247. (22) if (&User-Name =~ /\.$/) -> FALSE
248. (22) if (&User-Name =~ /@\./) {
249. (22) if (&User-Name =~ /@\./) -> FALSE
250. (22) } # if (&User-Name) = notfound
251. (22) } # policy filter_username = notfound
252. (22) [preprocess] = ok
253. (22) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
254. (22) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
255. (22) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
256. (22) auth_log: EXPAND %t
257. (22) auth_log: --> Thu Aug 26 22:36:18 2021
258. (22) [auth_log] = ok
259. (22) [mschap] = noop
260. (22) ntdomain: Checking for prefix before "\"
261. (22) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
262. (22) ntdomain: Found realm "CORPORATE"
263. (22) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
264. (22) ntdomain: Adding Realm = "CORPORATE"
265. (22) ntdomain: Authentication realm is LOCAL
266. (22) [ntdomain] = ok
267. (22) eap: Peer sent EAP Response (code 2) ID 3 length 6
268. (22) eap: Continuing tunnel setup
269. (22) [eap] = ok
270. (22) } # authorize = ok
271. (22) Found Auth-Type = eap
272. (22) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
273. (22) authenticate {
274. (22) eap: Expiring EAP session with state 0x68ef777169ec6ef7
275. (22) eap: Finished EAP session with state 0x68ef777169ec6ef7
276. (22) eap: Previous EAP request found for state 0x68ef777169ec6ef7, released from the list
277. (22) eap: Peer sent packet with method EAP PEAP (25)
278. (22) eap: Calling submodule eap_peap to process data
279. (22) eap_peap: (TLS) Peer ACKed our handshake fragment
280. (22) eap: Sending EAP Request (code 1) ID 4 length 1000
281. (22) eap: EAP session adding &reply:State = 0x68ef77716aeb6ef7
282. (22) [eap] = handled
283. (22) } # authenticate = handled
284. (22) Using Post-Auth-Type Challenge
285. (22) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
286. (22) Challenge { ... } # empty sub-section is ignored
287. (22) session-state: Saving cached attributes
288. (22) Framed-MTU = 994
289. (22) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
290. (22) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
291. (22) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
292. (22) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
293. (22) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
294. (22) Sent Access-Challenge Id 70 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
295. (22) EAP-Message = 0x010403e81940612118fa668f9c12cc64288e16c497e12585eda91486f0a8c5240f5ea6b9f623c5c87569dfdb85e99e5c90b6a01a8da8cae26e1fc4710c9d389f642b50cd628b8505529391151970bd086c6b782fa100248dff3934c1a81e9331bd2ee5b85658d2a2f1c8a904d30004fe308204fa308203e2a00302010202140ea6ec415cdc0fa962de082473e519055ec35eed300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3231303732363134343635345a170d3231303932343134343635345a308193310b3009060355040613024652310f300d06035504080c0652616469
296. (22) Message-Authenticator = 0x00000000000000000000000000000000
297. (22) State = 0x68ef77716aeb6ef72d7f5eed64273179
298. (22) Finished request
299. Waking up in 4.9 seconds.
300. (23) Received Access-Request Id 71 from 10.15.200.15:61772 to 172.16.200.253:1812 length 309
301. (23) User-Name = "CORPORATE\\Raspb.P14"
302. (23) Service-Type = Framed-User
303. (23) Cisco-AVPair = "service-type=Framed"
304. (23) Framed-MTU = 1468
305. (23) EAP-Message = 0x020400061900
306. (23) Message-Authenticator = 0xe35d9a131a37fe003c600249edf13aeb
307. (23) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
308. (23) Cisco-AVPair = "method=dot1x"
309. (23) Cisco-AVPair = "client-iif-id=346278732"
310. (23) NAS-IP-Address = 10.15.200.15
311. (23) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
312. (23) NAS-Port-Type = Ethernet
313. (23) NAS-Port = 50115
314. (23) State = 0x68ef77716aeb6ef72d7f5eed64273179
315. (23) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
316. (23) Called-Station-Id = "34-ED-1B-4B-15-8F"
317. (23) Restoring &session-state
318. (23) &session-state:Framed-MTU = 994
319. (23) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
320. (23) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
321. (23) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
322. (23) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
323. (23) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
324. (23) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
325. (23) authorize {
326. (23) policy filter_username {
327. (23) if (&User-Name) {
328. (23) if (&User-Name) -> TRUE
329. (23) if (&User-Name) {
330. (23) if (&User-Name =~ / /) {
331. (23) if (&User-Name =~ / /) -> FALSE
332. (23) if (&User-Name =~ /@[^@]*@/ ) {
333. (23) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
334. (23) if (&User-Name =~ /\.\./ ) {
335. (23) if (&User-Name =~ /\.\./ ) -> FALSE
336. (23) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
337. (23) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
338. (23) if (&User-Name =~ /\.$/) {
339. (23) if (&User-Name =~ /\.$/) -> FALSE
340. (23) if (&User-Name =~ /@\./) {
341. (23) if (&User-Name =~ /@\./) -> FALSE
342. (23) } # if (&User-Name) = notfound
343. (23) } # policy filter_username = notfound
344. (23) [preprocess] = ok
345. (23) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
346. (23) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
347. (23) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
348. (23) auth_log: EXPAND %t
349. (23) auth_log: --> Thu Aug 26 22:36:18 2021
350. (23) [auth_log] = ok
351. (23) [mschap] = noop
352. (23) ntdomain: Checking for prefix before "\"
353. (23) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
354. (23) ntdomain: Found realm "CORPORATE"
355. (23) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
356. (23) ntdomain: Adding Realm = "CORPORATE"
357. (23) ntdomain: Authentication realm is LOCAL
358. (23) [ntdomain] = ok
359. (23) eap: Peer sent EAP Response (code 2) ID 4 length 6
360. (23) eap: Continuing tunnel setup
361. (23) [eap] = ok
362. (23) } # authorize = ok
363. (23) Found Auth-Type = eap
364. (23) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
365. (23) authenticate {
366. (23) eap: Expiring EAP session with state 0x68ef77716aeb6ef7
367. (23) eap: Finished EAP session with state 0x68ef77716aeb6ef7
368. (23) eap: Previous EAP request found for state 0x68ef77716aeb6ef7, released from the list
369. (23) eap: Peer sent packet with method EAP PEAP (25)
370. (23) eap: Calling submodule eap_peap to process data
371. (23) eap_peap: (TLS) Peer ACKed our handshake fragment
372. (23) eap: Sending EAP Request (code 1) ID 5 length 743
373. (23) eap: EAP session adding &reply:State = 0x68ef77716bea6ef7
374. (23) [eap] = handled
375. (23) } # authenticate = handled
376. (23) Using Post-Auth-Type Challenge
377. (23) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
378. (23) Challenge { ... } # empty sub-section is ignored
379. (23) session-state: Saving cached attributes
380. (23) Framed-MTU = 994
381. (23) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
382. (23) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
383. (23) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
384. (23) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
385. (23) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
386. (23) Sent Access-Challenge Id 71 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
387. (23) EAP-Message = 0x010502e7190072746966696361746520417574686f7269747982140ea6ec415cdc0fa962de082473e519055ec35eed300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101001783ba56de4f62e5d71f7c655686bc3eadf3f1f44ed7ba6c98e17b1a9d4f6abfb1424d0a50bfa80006f56dc1c488cab9edb82ef48f0c93755ef56904e6878081e3c8bf429fc76c0456b699c180a2262f23d381f93234689d4f421f78d2a495433be04700b4fe6e0af35bc5227423696c941aa8d39a72b5b921ed07f94b914a9c5f56e19adfbb8356f04a107d2a992f546dcb3c80bd5fd04d8bbe26ef71ee7d025a7d6381d316ae4361f6e93c6a41e15121bd03733bb2325ccb7908054e5e1477ff7d59191bd8e198415c4d5ffc7506cf0794308721797f42436d08ee59b621d40c422096c58209f8e3af4e
388. (23) Message-Authenticator = 0x00000000000000000000000000000000
389. (23) State = 0x68ef77716bea6ef72d7f5eed64273179
390. (23) Finished request
391. Waking up in 4.9 seconds.
392. (24) Received Access-Request Id 72 from 10.15.200.15:61772 to 172.16.200.253:1812 length 439
393. (24) User-Name = "CORPORATE\\Raspb.P14"
394. (24) Service-Type = Framed-User
395. (24) Cisco-AVPair = "service-type=Framed"
396. (24) Framed-MTU = 1468
397. (24) EAP-Message = 0x0205008819800000007e1603030046100000424104f05837335e34cec84ffa55386d0c795e96a0a641e1b471072b0a7b915ceda78f0cc9c46ad3b7659412879afb62ed0c35626713bdddd90b0b964c748cc0c4726f140303000101160303002865d2428980423cdd05868839ed2e13603aad86695d53e50bf21463c6d3e2bcebe1aa018afec0a4f4
398. (24) Message-Authenticator = 0xaf52444b53a3ad902c3bf3b2bc1ab40b
399. (24) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
400. (24) Cisco-AVPair = "method=dot1x"
401. (24) Cisco-AVPair = "client-iif-id=346278732"
402. (24) NAS-IP-Address = 10.15.200.15
403. (24) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
404. (24) NAS-Port-Type = Ethernet
405. (24) NAS-Port = 50115
406. (24) State = 0x68ef77716bea6ef72d7f5eed64273179
407. (24) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
408. (24) Called-Station-Id = "34-ED-1B-4B-15-8F"
409. (24) Restoring &session-state
410. (24) &session-state:Framed-MTU = 994
411. (24) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
412. (24) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
413. (24) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
414. (24) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
415. (24) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
416. (24) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
417. (24) authorize {
418. (24) policy filter_username {
419. (24) if (&User-Name) {
420. (24) if (&User-Name) -> TRUE
421. (24) if (&User-Name) {
422. (24) if (&User-Name =~ / /) {
423. (24) if (&User-Name =~ / /) -> FALSE
424. (24) if (&User-Name =~ /@[^@]*@/ ) {
425. (24) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
426. (24) if (&User-Name =~ /\.\./ ) {
427. (24) if (&User-Name =~ /\.\./ ) -> FALSE
428. (24) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
429. (24) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
430. (24) if (&User-Name =~ /\.$/) {
431. (24) if (&User-Name =~ /\.$/) -> FALSE
432. (24) if (&User-Name =~ /@\./) {
433. (24) if (&User-Name =~ /@\./) -> FALSE
434. (24) } # if (&User-Name) = notfound
435. (24) } # policy filter_username = notfound
436. (24) [preprocess] = ok
437. (24) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
438. (24) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
439. (24) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
440. (24) auth_log: EXPAND %t
441. (24) auth_log: --> Thu Aug 26 22:36:18 2021
442. (24) [auth_log] = ok
443. (24) [mschap] = noop
444. (24) ntdomain: Checking for prefix before "\"
445. (24) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
446. (24) ntdomain: Found realm "CORPORATE"
447. (24) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
448. (24) ntdomain: Adding Realm = "CORPORATE"
449. (24) ntdomain: Authentication realm is LOCAL
450. (24) [ntdomain] = ok
451. (24) eap: Peer sent EAP Response (code 2) ID 5 length 136
452. (24) eap: Continuing tunnel setup
453. (24) [eap] = ok
454. (24) } # authorize = ok
455. (24) Found Auth-Type = eap
456. (24) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
457. (24) authenticate {
458. (24) eap: Expiring EAP session with state 0x68ef77716bea6ef7
459. (24) eap: Finished EAP session with state 0x68ef77716bea6ef7
460. (24) eap: Previous EAP request found for state 0x68ef77716bea6ef7, released from the list
461. (24) eap: Peer sent packet with method EAP PEAP (25)
462. (24) eap: Calling submodule eap_peap to process data
463. (24) eap_peap: (TLS) EAP Peer says that the final record size will be 126 bytes
464. (24) eap_peap: (TLS) EAP Got all data (126 bytes)
465. (24) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write server done
466. (24) eap_peap: (TLS) recv TLS 1.2 Handshake, ClientKeyExchange
467. (24) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read client key exchange
468. (24) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read change cipher spec
469. (24) eap_peap: (TLS) recv TLS 1.2 Handshake, Finished
470. (24) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read finished
471. (24) eap_peap: (TLS) send TLS 1.2 ChangeCipherSpec
472. (24) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write change cipher spec
473. (24) eap_peap: (TLS) send TLS 1.2 Handshake, Finished
474. (24) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write finished
475. (24) eap_peap: (TLS) Handshake state - SSL negotiation finished successfully
476. (24) eap_peap: (TLS) Connection Established
477. (24) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
478. (24) eap_peap: TLS-Session-Version = "TLS 1.2"
479. (24) eap: Sending EAP Request (code 1) ID 6 length 57
480. (24) eap: EAP session adding &reply:State = 0x68ef77716ce96ef7
481. (24) [eap] = handled
482. (24) } # authenticate = handled
483. (24) Using Post-Auth-Type Challenge
484. (24) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
485. (24) Challenge { ... } # empty sub-section is ignored
486. (24) session-state: Saving cached attributes
487. (24) Framed-MTU = 994
488. (24) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
489. (24) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
490. (24) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
491. (24) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
492. (24) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
493. (24) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
494. (24) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
495. (24) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
496. (24) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
497. (24) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
498. (24) TLS-Session-Version = "TLS 1.2"
499. (24) Sent Access-Challenge Id 72 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
500. (24) EAP-Message = 0x0106003919001403030001011603030028e1ae2a7bad0fc698bf83bbb5171e14d8ecd113c8d0f8710cf76e50f9e631d2e15f9d37fef507cdf9
501. (24) Message-Authenticator = 0x00000000000000000000000000000000
502. (24) State = 0x68ef77716ce96ef72d7f5eed64273179
503. (24) Finished request
504. Waking up in 4.9 seconds.
505. (25) Received Access-Request Id 73 from 10.15.200.15:61772 to 172.16.200.253:1812 length 309
506. (25) User-Name = "CORPORATE\\Raspb.P14"
507. (25) Service-Type = Framed-User
508. (25) Cisco-AVPair = "service-type=Framed"
509. (25) Framed-MTU = 1468
510. (25) EAP-Message = 0x020600061900
511. (25) Message-Authenticator = 0x344cd0efd0ef97522a44d0d06f23f595
512. (25) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
513. (25) Cisco-AVPair = "method=dot1x"
514. (25) Cisco-AVPair = "client-iif-id=346278732"
515. (25) NAS-IP-Address = 10.15.200.15
516. (25) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
517. (25) NAS-Port-Type = Ethernet
518. (25) NAS-Port = 50115
519. (25) State = 0x68ef77716ce96ef72d7f5eed64273179
520. (25) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
521. (25) Called-Station-Id = "34-ED-1B-4B-15-8F"
522. (25) Restoring &session-state
523. (25) &session-state:Framed-MTU = 994
524. (25) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
525. (25) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
526. (25) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
527. (25) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
528. (25) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
529. (25) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
530. (25) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
531. (25) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
532. (25) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
533. (25) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
534. (25) &session-state:TLS-Session-Version = "TLS 1.2"
535. (25) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
536. (25) authorize {
537. (25) policy filter_username {
538. (25) if (&User-Name) {
539. (25) if (&User-Name) -> TRUE
540. (25) if (&User-Name) {
541. (25) if (&User-Name =~ / /) {
542. (25) if (&User-Name =~ / /) -> FALSE
543. (25) if (&User-Name =~ /@[^@]*@/ ) {
544. (25) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
545. (25) if (&User-Name =~ /\.\./ ) {
546. (25) if (&User-Name =~ /\.\./ ) -> FALSE
547. (25) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
548. (25) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
549. (25) if (&User-Name =~ /\.$/) {
550. (25) if (&User-Name =~ /\.$/) -> FALSE
551. (25) if (&User-Name =~ /@\./) {
552. (25) if (&User-Name =~ /@\./) -> FALSE
553. (25) } # if (&User-Name) = notfound
554. (25) } # policy filter_username = notfound
555. (25) [preprocess] = ok
556. (25) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
557. (25) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
558. (25) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
559. (25) auth_log: EXPAND %t
560. (25) auth_log: --> Thu Aug 26 22:36:18 2021
561. (25) [auth_log] = ok
562. (25) [mschap] = noop
563. (25) ntdomain: Checking for prefix before "\"
564. (25) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
565. (25) ntdomain: Found realm "CORPORATE"
566. (25) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
567. (25) ntdomain: Adding Realm = "CORPORATE"
568. (25) ntdomain: Authentication realm is LOCAL
569. (25) [ntdomain] = ok
570. (25) eap: Peer sent EAP Response (code 2) ID 6 length 6
571. (25) eap: Continuing tunnel setup
572. (25) [eap] = ok
573. (25) } # authorize = ok
574. (25) Found Auth-Type = eap
575. (25) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
576. (25) authenticate {
577. (25) eap: Expiring EAP session with state 0x68ef77716ce96ef7
578. (25) eap: Finished EAP session with state 0x68ef77716ce96ef7
579. (25) eap: Previous EAP request found for state 0x68ef77716ce96ef7, released from the list
580. (25) eap: Peer sent packet with method EAP PEAP (25)
581. (25) eap: Calling submodule eap_peap to process data
582. (25) eap_peap: (TLS) Peer ACKed our handshake fragment. handshake is finished
583. (25) eap_peap: Session established. Decoding tunneled attributes
584. (25) eap_peap: PEAP state TUNNEL ESTABLISHED
585. (25) eap: Sending EAP Request (code 1) ID 7 length 40
586. (25) eap: EAP session adding &reply:State = 0x68ef77716de86ef7
587. (25) [eap] = handled
588. (25) } # authenticate = handled
589. (25) Using Post-Auth-Type Challenge
590. (25) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
591. (25) Challenge { ... } # empty sub-section is ignored
592. (25) session-state: Saving cached attributes
593. (25) Framed-MTU = 994
594. (25) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
595. (25) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
596. (25) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
597. (25) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
598. (25) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
599. (25) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
600. (25) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
601. (25) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
602. (25) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
603. (25) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
604. (25) TLS-Session-Version = "TLS 1.2"
605. (25) Sent Access-Challenge Id 73 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
606. (25) EAP-Message = 0x010700281900170303001de1ae2a7bad0fc699c41ae355b5579cd3565c0456b4baecae93d2245278
607. (25) Message-Authenticator = 0x00000000000000000000000000000000
608. (25) State = 0x68ef77716de86ef72d7f5eed64273179
609. (25) Finished request
610. Waking up in 4.9 seconds.
611. (26) Received Access-Request Id 74 from 10.15.200.15:61772 to 172.16.200.253:1812 length 358
612. (26) User-Name = "CORPORATE\\Raspb.P14"
613. (26) Service-Type = Framed-User
614. (26) Cisco-AVPair = "service-type=Framed"
615. (26) Framed-MTU = 1468
616. (26) EAP-Message = 0x020700371900170303002c65d2428980423cde3946862910c9599864d7a68e131cd98be33af7dc63e4f7ea1c420d7002089d732fb9d843
617. (26) Message-Authenticator = 0x4bb17c18a02f10458625865643aa2047
618. (26) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
619. (26) Cisco-AVPair = "method=dot1x"
620. (26) Cisco-AVPair = "client-iif-id=346278732"
621. (26) NAS-IP-Address = 10.15.200.15
622. (26) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
623. (26) NAS-Port-Type = Ethernet
624. (26) NAS-Port = 50115
625. (26) State = 0x68ef77716de86ef72d7f5eed64273179
626. (26) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
627. (26) Called-Station-Id = "34-ED-1B-4B-15-8F"
628. (26) Restoring &session-state
629. (26) &session-state:Framed-MTU = 994
630. (26) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
631. (26) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
632. (26) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
633. (26) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
634. (26) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
635. (26) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
636. (26) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
637. (26) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
638. (26) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
639. (26) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
640. (26) &session-state:TLS-Session-Version = "TLS 1.2"
641. (26) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
642. (26) authorize {
643. (26) policy filter_username {
644. (26) if (&User-Name) {
645. (26) if (&User-Name) -> TRUE
646. (26) if (&User-Name) {
647. (26) if (&User-Name =~ / /) {
648. (26) if (&User-Name =~ / /) -> FALSE
649. (26) if (&User-Name =~ /@[^@]*@/ ) {
650. (26) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
651. (26) if (&User-Name =~ /\.\./ ) {
652. (26) if (&User-Name =~ /\.\./ ) -> FALSE
653. (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
654. (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
655. (26) if (&User-Name =~ /\.$/) {
656. (26) if (&User-Name =~ /\.$/) -> FALSE
657. (26) if (&User-Name =~ /@\./) {
658. (26) if (&User-Name =~ /@\./) -> FALSE
659. (26) } # if (&User-Name) = notfound
660. (26) } # policy filter_username = notfound
661. (26) [preprocess] = ok
662. (26) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
663. (26) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
664. (26) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
665. (26) auth_log: EXPAND %t
666. (26) auth_log: --> Thu Aug 26 22:36:18 2021
667. (26) [auth_log] = ok
668. (26) [mschap] = noop
669. (26) ntdomain: Checking for prefix before "\"
670. (26) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
671. (26) ntdomain: Found realm "CORPORATE"
672. (26) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
673. (26) ntdomain: Adding Realm = "CORPORATE"
674. (26) ntdomain: Authentication realm is LOCAL
675. (26) [ntdomain] = ok
676. (26) eap: Peer sent EAP Response (code 2) ID 7 length 55
677. (26) eap: Continuing tunnel setup
678. (26) [eap] = ok
679. (26) } # authorize = ok
680. (26) Found Auth-Type = eap
681. (26) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
682. (26) authenticate {
683. (26) eap: Expiring EAP session with state 0x68ef77716de86ef7
684. (26) eap: Finished EAP session with state 0x68ef77716de86ef7
685. (26) eap: Previous EAP request found for state 0x68ef77716de86ef7, released from the list
686. (26) eap: Peer sent packet with method EAP PEAP (25)
687. (26) eap: Calling submodule eap_peap to process data
688. (26) eap_peap: (TLS) EAP Done initial handshake
689. (26) eap_peap: Session established. Decoding tunneled attributes
690. (26) eap_peap: PEAP state WAITING FOR INNER IDENTITY
691. (26) eap_peap: Identity - CORPORATE\Raspb.P14
692. (26) eap_peap: Got inner identity 'CORPORATE\Raspb.P14'
693. (26) eap_peap: Setting default EAP type for tunneled EAP session
694. (26) eap_peap: Got tunneled request
695. (26) eap_peap: EAP-Message = 0x0207001801434f52504f524154455c52617370622e503134
696. (26) eap_peap: Setting User-Name to CORPORATE\Raspb.P14
697. (26) eap_peap: Sending tunneled request to inner-tunnel
698. (26) eap_peap: EAP-Message = 0x0207001801434f52504f524154455c52617370622e503134
699. (26) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
700. (26) eap_peap: User-Name = "CORPORATE\\Raspb.P14"
701. (26) Virtual server inner-tunnel received request
702. (26) EAP-Message = 0x0207001801434f52504f524154455c52617370622e503134
703. (26) FreeRADIUS-Proxied-To = 127.0.0.1
704. (26) User-Name = "CORPORATE\\Raspb.P14"
705. (26) WARNING: Outer and inner identities are the same. User privacy is compromised.
706. (26) server inner-tunnel {
707. (26) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
708. (26) authorize {
709. (26) policy filter_username {
710. (26) if (&User-Name) {
711. (26) if (&User-Name) -> TRUE
712. (26) if (&User-Name) {
713. (26) if (&User-Name =~ / /) {
714. (26) if (&User-Name =~ / /) -> FALSE
715. (26) if (&User-Name =~ /@[^@]*@/ ) {
716. (26) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
717. (26) if (&User-Name =~ /\.\./ ) {
718. (26) if (&User-Name =~ /\.\./ ) -> FALSE
719. (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
720. (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
721. (26) if (&User-Name =~ /\.$/) {
722. (26) if (&User-Name =~ /\.$/) -> FALSE
723. (26) if (&User-Name =~ /@\./) {
724. (26) if (&User-Name =~ /@\./) -> FALSE
725. (26) } # if (&User-Name) = notfound
726. (26) } # policy filter_username = notfound
727. (26) [mschap] = noop
728. (26) ntdomain: Checking for prefix before "\"
729. (26) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
730. (26) ntdomain: Found realm "CORPORATE"
731. (26) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
732. (26) ntdomain: Adding Realm = "CORPORATE"
733. (26) ntdomain: Authentication realm is LOCAL
734. (26) [ntdomain] = ok
735. (26) eap: Peer sent EAP Response (code 2) ID 7 length 24
736. (26) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
737. (26) [eap] = ok
738. (26) } # authorize = ok
739. (26) Found Auth-Type = eap
740. (26) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
741. (26) authenticate {
742. (26) eap: Peer sent packet with method EAP Identity (1)
743. (26) eap: Calling submodule eap_mschapv2 to process data
744. (26) eap_mschapv2: Issuing Challenge
745. (26) eap: Sending EAP Request (code 1) ID 8 length 43
746. (26) eap: EAP session adding &reply:State = 0x2c4eaac22c46b0b4
747. (26) [eap] = handled
748. (26) } # authenticate = handled
749. (26) } # server inner-tunnel
750. (26) Virtual server sending reply
751. (26) EAP-Message = 0x0108002b1a01080026105651527af0db11d65047cdd227eed5a7667265657261646975732d332e302e3233
752. (26) Message-Authenticator = 0x00000000000000000000000000000000
753. (26) State = 0x2c4eaac22c46b0b4656110deb915f9b3
754. (26) eap_peap: Got tunneled reply code 11
755. (26) eap_peap: EAP-Message = 0x0108002b1a01080026105651527af0db11d65047cdd227eed5a7667265657261646975732d332e302e3233
756. (26) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
757. (26) eap_peap: State = 0x2c4eaac22c46b0b4656110deb915f9b3
758. (26) eap_peap: Got tunneled reply RADIUS code 11
759. (26) eap_peap: EAP-Message = 0x0108002b1a01080026105651527af0db11d65047cdd227eed5a7667265657261646975732d332e302e3233
760. (26) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
761. (26) eap_peap: State = 0x2c4eaac22c46b0b4656110deb915f9b3
762. (26) eap_peap: Got tunneled Access-Challenge
763. (26) eap: Sending EAP Request (code 1) ID 8 length 74
764. (26) eap: EAP session adding &reply:State = 0x68ef77716ee76ef7
765. (26) [eap] = handled
766. (26) } # authenticate = handled
767. (26) Using Post-Auth-Type Challenge
768. (26) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
769. (26) Challenge { ... } # empty sub-section is ignored
770. (26) session-state: Saving cached attributes
771. (26) Framed-MTU = 994
772. (26) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
773. (26) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
774. (26) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
775. (26) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
776. (26) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
777. (26) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
778. (26) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
779. (26) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
780. (26) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
781. (26) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
782. (26) TLS-Session-Version = "TLS 1.2"
783. (26) Sent Access-Challenge Id 74 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
784. (26) EAP-Message = 0x0108004a1900170303003fe1ae2a7bad0fc69a9f13ab50bc87f16914defdf66e73e5745a2a468208edd8a45d91e69b4760838035e53bd0b9f40d57ed37432cf1fd18e53cc4956479f597
785. (26) Message-Authenticator = 0x00000000000000000000000000000000
786. (26) State = 0x68ef77716ee76ef72d7f5eed64273179
787. (26) Finished request
788. Waking up in 4.9 seconds.
789. (27) Received Access-Request Id 75 from 10.15.200.15:61772 to 172.16.200.253:1812 length 412
790. (27) User-Name = "CORPORATE\\Raspb.P14"
791. (27) Service-Type = Framed-User
792. (27) Cisco-AVPair = "service-type=Framed"
793. (27) Framed-MTU = 1468
794. (27) EAP-Message = 0x0208006d1900170303006265d2428980423cdf9c5834fce18e3bac46bee800a013d319ef01a02112592647cb4cc8f5987822e14973f421b78e89dac39b7de48cb87e449ed9ace084312025ea1571ed38fb0de840731cf641824d10a9938b67da4f6ff32368f29d280b4d62dcdd
795. (27) Message-Authenticator = 0x3430d80e7a904ed189a80d7f983417d3
796. (27) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
797. (27) Cisco-AVPair = "method=dot1x"
798. (27) Cisco-AVPair = "client-iif-id=346278732"
799. (27) NAS-IP-Address = 10.15.200.15
800. (27) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
801. (27) NAS-Port-Type = Ethernet
802. (27) NAS-Port = 50115
803. (27) State = 0x68ef77716ee76ef72d7f5eed64273179
804. (27) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
805. (27) Called-Station-Id = "34-ED-1B-4B-15-8F"
806. (27) Restoring &session-state
807. (27) &session-state:Framed-MTU = 994
808. (27) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
809. (27) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
810. (27) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
811. (27) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
812. (27) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
813. (27) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
814. (27) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
815. (27) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
816. (27) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
817. (27) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
818. (27) &session-state:TLS-Session-Version = "TLS 1.2"
819. (27) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
820. (27) authorize {
821. (27) policy filter_username {
822. (27) if (&User-Name) {
823. (27) if (&User-Name) -> TRUE
824. (27) if (&User-Name) {
825. (27) if (&User-Name =~ / /) {
826. (27) if (&User-Name =~ / /) -> FALSE
827. (27) if (&User-Name =~ /@[^@]*@/ ) {
828. (27) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
829. (27) if (&User-Name =~ /\.\./ ) {
830. (27) if (&User-Name =~ /\.\./ ) -> FALSE
831. (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
832. (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
833. (27) if (&User-Name =~ /\.$/) {
834. (27) if (&User-Name =~ /\.$/) -> FALSE
835. (27) if (&User-Name =~ /@\./) {
836. (27) if (&User-Name =~ /@\./) -> FALSE
837. (27) } # if (&User-Name) = notfound
838. (27) } # policy filter_username = notfound
839. (27) [preprocess] = ok
840. (27) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
841. (27) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
842. (27) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
843. (27) auth_log: EXPAND %t
844. (27) auth_log: --> Thu Aug 26 22:36:18 2021
845. (27) [auth_log] = ok
846. (27) [mschap] = noop
847. (27) ntdomain: Checking for prefix before "\"
848. (27) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
849. (27) ntdomain: Found realm "CORPORATE"
850. (27) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
851. (27) ntdomain: Adding Realm = "CORPORATE"
852. (27) ntdomain: Authentication realm is LOCAL
853. (27) [ntdomain] = ok
854. (27) eap: Peer sent EAP Response (code 2) ID 8 length 109
855. (27) eap: Continuing tunnel setup
856. (27) [eap] = ok
857. (27) } # authorize = ok
858. (27) Found Auth-Type = eap
859. (27) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
860. (27) authenticate {
861. (27) eap: Expiring EAP session with state 0x2c4eaac22c46b0b4
862. (27) eap: Finished EAP session with state 0x68ef77716ee76ef7
863. (27) eap: Previous EAP request found for state 0x68ef77716ee76ef7, released from the list
864. (27) eap: Peer sent packet with method EAP PEAP (25)
865. (27) eap: Calling submodule eap_peap to process data
866. (27) eap_peap: (TLS) EAP Done initial handshake
867. (27) eap_peap: Session established. Decoding tunneled attributes
868. (27) eap_peap: PEAP state phase2
869. (27) eap_peap: EAP method MSCHAPv2 (26)
870. (27) eap_peap: Got tunneled request
871. (27) eap_peap: EAP-Message = 0x0208004e1a0208004931dace487f2291cfb1803462e241094cb100000000000000006bad6ccdfb11f56adf4f46fd82b4ca886f638ede417aebf500434f52504f524154455c52617370622e503134
872. (27) eap_peap: Setting User-Name to CORPORATE\Raspb.P14
873. (27) eap_peap: Sending tunneled request to inner-tunnel
874. (27) eap_peap: EAP-Message = 0x0208004e1a0208004931dace487f2291cfb1803462e241094cb100000000000000006bad6ccdfb11f56adf4f46fd82b4ca886f638ede417aebf500434f52504f524154455c52617370622e503134
875. (27) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
876. (27) eap_peap: User-Name = "CORPORATE\\Raspb.P14"
877. (27) eap_peap: State = 0x2c4eaac22c46b0b4656110deb915f9b3
878. (27) Virtual server inner-tunnel received request
879. (27) EAP-Message = 0x0208004e1a0208004931dace487f2291cfb1803462e241094cb100000000000000006bad6ccdfb11f56adf4f46fd82b4ca886f638ede417aebf500434f52504f524154455c52617370622e503134
880. (27) FreeRADIUS-Proxied-To = 127.0.0.1
881. (27) User-Name = "CORPORATE\\Raspb.P14"
882. (27) State = 0x2c4eaac22c46b0b4656110deb915f9b3
883. (27) WARNING: Outer and inner identities are the same. User privacy is compromised.
884. (27) server inner-tunnel {
885. (27) session-state: No cached attributes
886. (27) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
887. (27) authorize {
888. (27) policy filter_username {
889. (27) if (&User-Name) {
890. (27) if (&User-Name) -> TRUE
891. (27) if (&User-Name) {
892. (27) if (&User-Name =~ / /) {
893. (27) if (&User-Name =~ / /) -> FALSE
894. (27) if (&User-Name =~ /@[^@]*@/ ) {
895. (27) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
896. (27) if (&User-Name =~ /\.\./ ) {
897. (27) if (&User-Name =~ /\.\./ ) -> FALSE
898. (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
899. (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
900. (27) if (&User-Name =~ /\.$/) {
901. (27) if (&User-Name =~ /\.$/) -> FALSE
902. (27) if (&User-Name =~ /@\./) {
903. (27) if (&User-Name =~ /@\./) -> FALSE
904. (27) } # if (&User-Name) = notfound
905. (27) } # policy filter_username = notfound
906. (27) [mschap] = noop
907. (27) ntdomain: Checking for prefix before "\"
908. (27) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
909. (27) ntdomain: Found realm "CORPORATE"
910. (27) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
911. (27) ntdomain: Adding Realm = "CORPORATE"
912. (27) ntdomain: Authentication realm is LOCAL
913. (27) [ntdomain] = ok
914. (27) eap: Peer sent EAP Response (code 2) ID 8 length 78
915. (27) eap: No EAP Start, assuming it's an on-going EAP conversation
916. (27) [eap] = updated
917. (27) [files] = noop
918. (27) sql: EXPAND %{User-Name}
919. (27) sql: --> CORPORATE\\Raspb.P14
920. (27) sql: SQL-User-Name set to 'CORPORATE\\Raspb.P14'
921. rlm_sql (sql): Reserved connection (11)
922. (27) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
923. (27) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY id
924. (27) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY id
925. (27) sql: WARNING: User not found in radcheck table.
926. (27) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
927. (27) sql: --> SELECT groupname FROM radusergroup WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY priority
928. (27) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY priority
929. (27) sql: User not found in any groups
930. rlm_sql (sql): Released connection (11)
931. (27) [sql] = notfound
932. rlm_ldap (ldap): Reserved connection (19)
933. (27) ldap: EXPAND (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
934. (27) ldap: --> (sAMAccountName=Raspb.P14)
935. (27) ldap: Performing search in "dc=corporate,dc=intra" with filter "(sAMAccountName=Raspb.P14)", scope "sub"
936. (27) ldap: Waiting for search result...
937. rlm_ldap (ldap): Rebinding to URL ldap://DomainDnsZones.corporate.intra/DC=DomainDnsZones,DC=corporate,DC=intra
938. rlm_ldap (ldap): Waiting for bind result...
939. rlm_ldap (ldap): Rebinding to URL ldap://ForestDnsZones.corporate.intra/DC=ForestDnsZones,DC=corporate,DC=intra
940. rlm_ldap (ldap): Waiting for bind result...
941. rlm_ldap (ldap): Bind successful
942. rlm_ldap (ldap): Bind successful
943. (27) ldap: User object found at DN "CN=Raspb.P14,OU=GO Services,OU=Systems_Administration_OU,DC=corporate,DC=intra"
944. (27) ldap: Processing user attributes
945. (27) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute
946. (27) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
947. rlm_ldap (ldap): Deleting connection (19) - Was referred to a different LDAP server
948. Need 2 more connections to reach min connections (3)
949. rlm_ldap (ldap): Opening additional connection (21), 1 of 31 pending slots used
950. rlm_ldap (ldap): Connecting to ldap://corporate.intra:389
951. rlm_ldap (ldap): Waiting for bind result...
952. rlm_ldap (ldap): Bind successful
953. (27) [ldap] = ok
954. (27) [expiration] = noop
955. (27) [logintime] = noop
956. Not doing PAP as Auth-Type is already set.
957. (27) [pap] = noop
958. (27) } # authorize = updated
959. (27) Found Auth-Type = eap
960. (27) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
961. (27) authenticate {
962. (27) eap: Expiring EAP session with state 0x2c4eaac22c46b0b4
963. (27) eap: Finished EAP session with state 0x2c4eaac22c46b0b4
964. (27) eap: Previous EAP request found for state 0x2c4eaac22c46b0b4, released from the list
965. (27) eap: Peer sent packet with method EAP MSCHAPv2 (26)
966. (27) eap: Calling submodule eap_mschapv2 to process data
967. (27) eap_mschapv2: # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
968. (27) eap_mschapv2: authenticate {
969. (27) mschap: Creating challenge hash with username: Raspb.P14
970. (27) mschap: Client is using MS-CHAPv2
971. (27) mschap: EXPAND %{mschap:User-Name}
972. (27) mschap: --> Raspb.P14
973. (27) mschap: EXPAND %{mschap:NT-Domain}
974. (27) mschap: --> CORPORATE
975. rlm_mschap (mschap): Reserved connection (3)
976. (27) mschap: sending authentication request user='Raspb.P14' domain='CORPORATE'
977. rlm_mschap (mschap): Released connection (3)
978. (27) mschap: Authenticated successfully
979. (27) mschap: Adding MS-CHAPv2 MPPE keys
980. (27) eap_mschapv2: [mschap] = ok
981. (27) eap_mschapv2: } # authenticate = ok
982. (27) eap_mschapv2: MSCHAP Success
983. (27) eap: Sending EAP Request (code 1) ID 9 length 51
984. (27) eap: EAP session adding &reply:State = 0x2c4eaac22d47b0b4
985. (27) [eap] = handled
986. (27) } # authenticate = handled
987. (27) } # server inner-tunnel
988. (27) Virtual server sending reply
989. (27) EAP-Message = 0x010900331a0308002e533d37444445423832363646333245324538344545333541433331324630444231453135464431353341
990. (27) Message-Authenticator = 0x00000000000000000000000000000000
991. (27) State = 0x2c4eaac22d47b0b4656110deb915f9b3
992. (27) eap_peap: Got tunneled reply code 11
993. (27) eap_peap: EAP-Message = 0x010900331a0308002e533d37444445423832363646333245324538344545333541433331324630444231453135464431353341
994. (27) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
995. (27) eap_peap: State = 0x2c4eaac22d47b0b4656110deb915f9b3
996. (27) eap_peap: Got tunneled reply RADIUS code 11
997. (27) eap_peap: EAP-Message = 0x010900331a0308002e533d37444445423832363646333245324538344545333541433331324630444231453135464431353341
998. (27) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
999. (27) eap_peap: State = 0x2c4eaac22d47b0b4656110deb915f9b3
1000. (27) eap_peap: Got tunneled Access-Challenge
1001. (27) eap: Sending EAP Request (code 1) ID 9 length 82
1002. (27) eap: EAP session adding &reply:State = 0x68ef77716fe66ef7
1003. (27) [eap] = handled
1004. (27) } # authenticate = handled
1005. (27) Using Post-Auth-Type Challenge
1006. (27) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
1007. (27) Challenge { ... } # empty sub-section is ignored
1008. (27) session-state: Saving cached attributes
1009. (27) Framed-MTU = 994
1010. (27) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
1011. (27) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
1012. (27) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
1013. (27) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
1014. (27) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
1015. (27) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
1016. (27) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
1017. (27) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
1018. (27) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
1019. (27) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
1020. (27) TLS-Session-Version = "TLS 1.2"
1021. (27) Sent Access-Challenge Id 75 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
1022. (27) EAP-Message = 0x0109005219001703030047e1ae2a7bad0fc69b74c77f1e05647ea7438cd4cfb62e63fe0bf1af9e28c19f7e7bc219dd4961c1367f798132dc13fc87ad1fd7b9b5329431cc0866a5bf9df66b8e1242c2a4416f
1023. (27) Message-Authenticator = 0x00000000000000000000000000000000
1024. (27) State = 0x68ef77716fe66ef72d7f5eed64273179
1025. (27) Finished request
1026. Waking up in 4.9 seconds.
1027. (28) Received Access-Request Id 76 from 10.15.200.15:61772 to 172.16.200.253:1812 length 340
1028. (28) User-Name = "CORPORATE\\Raspb.P14"
1029. (28) Service-Type = Framed-User
1030. (28) Cisco-AVPair = "service-type=Framed"
1031. (28) Framed-MTU = 1468
1032. (28) EAP-Message = 0x020900251900170303001a65d2428980423ce0d109908025fe7165f015f934f22cad9720cb
1033. (28) Message-Authenticator = 0x6c0d988538c227f9878c357a2dcbc6e3
1034. (28) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
1035. (28) Cisco-AVPair = "method=dot1x"
1036. (28) Cisco-AVPair = "client-iif-id=346278732"
1037. (28) NAS-IP-Address = 10.15.200.15
1038. (28) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
1039. (28) NAS-Port-Type = Ethernet
1040. (28) NAS-Port = 50115
1041. (28) State = 0x68ef77716fe66ef72d7f5eed64273179
1042. (28) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
1043. (28) Called-Station-Id = "34-ED-1B-4B-15-8F"
1044. (28) Restoring &session-state
1045. (28) &session-state:Framed-MTU = 994
1046. (28) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
1047. (28) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
1048. (28) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
1049. (28) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
1050. (28) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
1051. (28) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
1052. (28) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
1053. (28) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
1054. (28) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
1055. (28) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
1056. (28) &session-state:TLS-Session-Version = "TLS 1.2"
1057. (28) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
1058. (28) authorize {
1059. (28) policy filter_username {
1060. (28) if (&User-Name) {
1061. (28) if (&User-Name) -> TRUE
1062. (28) if (&User-Name) {
1063. (28) if (&User-Name =~ / /) {
1064. (28) if (&User-Name =~ / /) -> FALSE
1065. (28) if (&User-Name =~ /@[^@]*@/ ) {
1066. (28) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1067. (28) if (&User-Name =~ /\.\./ ) {
1068. (28) if (&User-Name =~ /\.\./ ) -> FALSE
1069. (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1070. (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1071. (28) if (&User-Name =~ /\.$/) {
1072. (28) if (&User-Name =~ /\.$/) -> FALSE
1073. (28) if (&User-Name =~ /@\./) {
1074. (28) if (&User-Name =~ /@\./) -> FALSE
1075. (28) } # if (&User-Name) = notfound
1076. (28) } # policy filter_username = notfound
1077. (28) [preprocess] = ok
1078. (28) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
1079. (28) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
1080. (28) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
1081. (28) auth_log: EXPAND %t
1082. (28) auth_log: --> Thu Aug 26 22:36:18 2021
1083. (28) [auth_log] = ok
1084. (28) [mschap] = noop
1085. (28) ntdomain: Checking for prefix before "\"
1086. (28) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
1087. (28) ntdomain: Found realm "CORPORATE"
1088. (28) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
1089. (28) ntdomain: Adding Realm = "CORPORATE"
1090. (28) ntdomain: Authentication realm is LOCAL
1091. (28) [ntdomain] = ok
1092. (28) eap: Peer sent EAP Response (code 2) ID 9 length 37
1093. (28) eap: Continuing tunnel setup
1094. (28) [eap] = ok
1095. (28) } # authorize = ok
1096. (28) Found Auth-Type = eap
1097. (28) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
1098. (28) authenticate {
1099. (28) eap: Expiring EAP session with state 0x2c4eaac22d47b0b4
1100. (28) eap: Finished EAP session with state 0x68ef77716fe66ef7
1101. (28) eap: Previous EAP request found for state 0x68ef77716fe66ef7, released from the list
1102. (28) eap: Peer sent packet with method EAP PEAP (25)
1103. (28) eap: Calling submodule eap_peap to process data
1104. (28) eap_peap: (TLS) EAP Done initial handshake
1105. (28) eap_peap: Session established. Decoding tunneled attributes
1106. (28) eap_peap: PEAP state phase2
1107. (28) eap_peap: EAP method MSCHAPv2 (26)
1108. (28) eap_peap: Got tunneled request
1109. (28) eap_peap: EAP-Message = 0x020900061a03
1110. (28) eap_peap: Setting User-Name to CORPORATE\Raspb.P14
1111. (28) eap_peap: Sending tunneled request to inner-tunnel
1112. (28) eap_peap: EAP-Message = 0x020900061a03
1113. (28) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
1114. (28) eap_peap: User-Name = "CORPORATE\\Raspb.P14"
1115. (28) eap_peap: State = 0x2c4eaac22d47b0b4656110deb915f9b3
1116. (28) Virtual server inner-tunnel received request
1117. (28) EAP-Message = 0x020900061a03
1118. (28) FreeRADIUS-Proxied-To = 127.0.0.1
1119. (28) User-Name = "CORPORATE\\Raspb.P14"
1120. (28) State = 0x2c4eaac22d47b0b4656110deb915f9b3
1121. (28) WARNING: Outer and inner identities are the same. User privacy is compromised.
1122. (28) server inner-tunnel {
1123. (28) session-state: No cached attributes
1124. (28) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
1125. (28) authorize {
1126. (28) policy filter_username {
1127. (28) if (&User-Name) {
1128. (28) if (&User-Name) -> TRUE
1129. (28) if (&User-Name) {
1130. (28) if (&User-Name =~ / /) {
1131. (28) if (&User-Name =~ / /) -> FALSE
1132. (28) if (&User-Name =~ /@[^@]*@/ ) {
1133. (28) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1134. (28) if (&User-Name =~ /\.\./ ) {
1135. (28) if (&User-Name =~ /\.\./ ) -> FALSE
1136. (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1137. (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1138. (28) if (&User-Name =~ /\.$/) {
1139. (28) if (&User-Name =~ /\.$/) -> FALSE
1140. (28) if (&User-Name =~ /@\./) {
1141. (28) if (&User-Name =~ /@\./) -> FALSE
1142. (28) } # if (&User-Name) = notfound
1143. (28) } # policy filter_username = notfound
1144. (28) [mschap] = noop
1145. (28) ntdomain: Checking for prefix before "\"
1146. (28) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
1147. (28) ntdomain: Found realm "CORPORATE"
1148. (28) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
1149. (28) ntdomain: Adding Realm = "CORPORATE"
1150. (28) ntdomain: Authentication realm is LOCAL
1151. (28) [ntdomain] = ok
1152. (28) eap: Peer sent EAP Response (code 2) ID 9 length 6
1153. (28) eap: No EAP Start, assuming it's an on-going EAP conversation
1154. (28) [eap] = updated
1155. (28) [files] = noop
1156. (28) sql: EXPAND %{User-Name}
1157. (28) sql: --> CORPORATE\\Raspb.P14
1158. (28) sql: SQL-User-Name set to 'CORPORATE\\Raspb.P14'
1159. rlm_sql (sql): Reserved connection (13)
1160. (28) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
1161. (28) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY id
1162. (28) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY id
1163. (28) sql: WARNING: User not found in radcheck table.
1164. (28) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
1165. (28) sql: --> SELECT groupname FROM radusergroup WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY priority
1166. (28) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY priority
1167. (28) sql: User not found in any groups
1168. rlm_sql (sql): Released connection (13)
1169. (28) [sql] = notfound
1170. rlm_ldap (ldap): Reserved connection (20)
1171. (28) ldap: EXPAND (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
1172. (28) ldap: --> (sAMAccountName=Raspb.P14)
1173. (28) ldap: Performing search in "dc=corporate,dc=intra" with filter "(sAMAccountName=Raspb.P14)", scope "sub"
1174. (28) ldap: Waiting for search result...
1175. rlm_ldap (ldap): Rebinding to URL ldap://DomainDnsZones.corporate.intra/DC=DomainDnsZones,DC=corporate,DC=intra
1176. rlm_ldap (ldap): Waiting for bind result...
1177. rlm_ldap (ldap): Rebinding to URL ldap://ForestDnsZones.corporate.intra/DC=ForestDnsZones,DC=corporate,DC=intra
1178. rlm_ldap (ldap): Waiting for bind result...
1179. rlm_ldap (ldap): Bind successful
1180. rlm_ldap (ldap): Bind successful
1181. (28) ldap: User object found at DN "CN=Raspb.P14,OU=GO Services,OU=Systems_Administration_OU,DC=corporate,DC=intra"
1182. (28) ldap: Processing user attributes
1183. (28) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute
1184. (28) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
1185. rlm_ldap (ldap): Deleting connection (20) - Was referred to a different LDAP server
1186. (28) [ldap] = ok
1187. (28) [expiration] = noop
1188. (28) [logintime] = noop
1189. Not doing PAP as Auth-Type is already set.
1190. (28) [pap] = noop
1191. (28) } # authorize = updated
1192. (28) Found Auth-Type = eap
1193. (28) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
1194. (28) authenticate {
1195. (28) eap: Expiring EAP session with state 0x2c4eaac22d47b0b4
1196. (28) eap: Finished EAP session with state 0x2c4eaac22d47b0b4
1197. (28) eap: Previous EAP request found for state 0x2c4eaac22d47b0b4, released from the list
1198. (28) eap: Peer sent packet with method EAP MSCHAPv2 (26)
1199. (28) eap: Calling submodule eap_mschapv2 to process data
1200. (28) eap: Sending EAP Success (code 3) ID 9 length 4
1201. (28) eap: Freeing handler
1202. (28) [eap] = ok
1203. (28) } # authenticate = ok
1204. (28) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
1205. (28) post-auth {
1206. (28) reply_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
1207. (28) reply_log: --> /var/log/freeradius/radacct/10.15.200.15/reply-detail-20210826
1208. (28) reply_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/reply-detail-20210826
1209. (28) reply_log: EXPAND %t
1210. (28) reply_log: --> Thu Aug 26 22:36:18 2021
1211. (28) [reply_log] = ok
1212. (28) sql: EXPAND .query
1213. (28) sql: --> .query
1214. (28) sql: Using query template 'query'
1215. rlm_sql (sql): Reserved connection (15)
1216. (28) sql: EXPAND %{User-Name}
1217. (28) sql: --> CORPORATE\\Raspb.P14
1218. (28) sql: SQL-User-Name set to 'CORPORATE\\Raspb.P14'
1219. (28) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( '%{SQL-User-Name}', 'Omitted', '%{reply:Packet-Type}', '%S.%M' )
1220. (28) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'CORPORATE=5C=5CRaspb.P14', 'Omitted', 'Access-Accept', '2021-08-26 22:36:18.150694' )
1221. (28) sql: EXPAND /var/log/freeradius/sqllog.sql
1222. (28) sql: --> /var/log/freeradius/sqllog.sql
1223. (28) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'CORPORATE=5C=5CRaspb.P14', 'Omitted', 'Access-Accept', '2021-08-26 22:36:18.150694' )
1224. (28) sql: SQL query returned: success
1225. (28) sql: 1 record(s) updated
1226. rlm_sql (sql): Released connection (15)
1227. (28) [sql] = ok
1228. (28) if (0) {
1229. (28) if (0) -> FALSE
1230. (28) } # post-auth = ok
1231. (28) } # server inner-tunnel
1232. (28) Virtual server sending reply
1233. (28) MS-MPPE-Encryption-Policy = Encryption-Allowed
1234. (28) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
1235. (28) MS-MPPE-Send-Key = 0x6fcc97fc56f2664af57946c75fd65b3f
1236. (28) MS-MPPE-Recv-Key = 0xa1adfb9c413b9a2ea82c01fbfdcb048a
1237. (28) EAP-Message = 0x03090004
1238. (28) Message-Authenticator = 0x00000000000000000000000000000000
1239. (28) User-Name = "CORPORATE\\Raspb.P14"
1240. (28) eap_peap: Got tunneled reply code 2
1241. (28) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
1242. (28) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
1243. (28) eap_peap: MS-MPPE-Send-Key = 0x6fcc97fc56f2664af57946c75fd65b3f
1244. (28) eap_peap: MS-MPPE-Recv-Key = 0xa1adfb9c413b9a2ea82c01fbfdcb048a
1245. (28) eap_peap: EAP-Message = 0x03090004
1246. (28) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
1247. (28) eap_peap: User-Name = "CORPORATE\\Raspb.P14"
1248. (28) eap_peap: Got tunneled reply RADIUS code 2
1249. (28) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
1250. (28) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
1251. (28) eap_peap: MS-MPPE-Send-Key = 0x6fcc97fc56f2664af57946c75fd65b3f
1252. (28) eap_peap: MS-MPPE-Recv-Key = 0xa1adfb9c413b9a2ea82c01fbfdcb048a
1253. (28) eap_peap: EAP-Message = 0x03090004
1254. (28) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
1255. (28) eap_peap: User-Name = "CORPORATE\\Raspb.P14"
1256. (28) eap_peap: Tunneled authentication was successful
1257. (28) eap_peap: SUCCESS
1258. (28) eap: Sending EAP Request (code 1) ID 10 length 46
1259. (28) eap: EAP session adding &reply:State = 0x68ef777160e56ef7
1260. (28) [eap] = handled
1261. (28) } # authenticate = handled
1262. (28) Using Post-Auth-Type Challenge
1263. (28) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
1264. (28) Challenge { ... } # empty sub-section is ignored
1265. (28) session-state: Saving cached attributes
1266. (28) Framed-MTU = 994
1267. (28) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
1268. (28) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
1269. (28) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
1270. (28) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
1271. (28) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
1272. (28) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
1273. (28) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
1274. (28) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
1275. (28) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
1276. (28) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
1277. (28) TLS-Session-Version = "TLS 1.2"
1278. (28) Sent Access-Challenge Id 76 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
1279. (28) EAP-Message = 0x010a002e19001703030023e1ae2a7bad0fc69c32ea9d39ba971ea0d1e3a3a430d86474b02204d3a403d08bb9e43b
1280. (28) Message-Authenticator = 0x00000000000000000000000000000000
1281. (28) State = 0x68ef777160e56ef72d7f5eed64273179
1282. (28) Finished request
1283. Waking up in 4.9 seconds.
1284. (29) Received Access-Request Id 77 from 10.15.200.15:61772 to 172.16.200.253:1812 length 349
1285. (29) User-Name = "CORPORATE\\Raspb.P14"
1286. (29) Service-Type = Framed-User
1287. (29) Cisco-AVPair = "service-type=Framed"
1288. (29) Framed-MTU = 1468
1289. (29) EAP-Message = 0x020a002e1900170303002365d2428980423ce13278d183c5398b295129ba2d247f08b2369bfd683a4480b51a21a1
1290. (29) Message-Authenticator = 0xff60f56fdbd96a27015bbf77ff967e72
1291. (29) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
1292. (29) Cisco-AVPair = "method=dot1x"
1293. (29) Cisco-AVPair = "client-iif-id=346278732"
1294. (29) NAS-IP-Address = 10.15.200.15
1295. (29) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
1296. (29) NAS-Port-Type = Ethernet
1297. (29) NAS-Port = 50115
1298. (29) State = 0x68ef777160e56ef72d7f5eed64273179
1299. (29) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
1300. (29) Called-Station-Id = "34-ED-1B-4B-15-8F"
1301. (29) Restoring &session-state
1302. (29) &session-state:Framed-MTU = 994
1303. (29) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
1304. (29) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
1305. (29) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
1306. (29) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
1307. (29) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
1308. (29) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
1309. (29) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
1310. (29) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
1311. (29) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
1312. (29) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
1313. (29) &session-state:TLS-Session-Version = "TLS 1.2"
1314. (29) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
1315. (29) authorize {
1316. (29) policy filter_username {
1317. (29) if (&User-Name) {
1318. (29) if (&User-Name) -> TRUE
1319. (29) if (&User-Name) {
1320. (29) if (&User-Name =~ / /) {
1321. (29) if (&User-Name =~ / /) -> FALSE
1322. (29) if (&User-Name =~ /@[^@]*@/ ) {
1323. (29) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
1324. (29) if (&User-Name =~ /\.\./ ) {
1325. (29) if (&User-Name =~ /\.\./ ) -> FALSE
1326. (29) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
1327. (29) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
1328. (29) if (&User-Name =~ /\.$/) {
1329. (29) if (&User-Name =~ /\.$/) -> FALSE
1330. (29) if (&User-Name =~ /@\./) {
1331. (29) if (&User-Name =~ /@\./) -> FALSE
1332. (29) } # if (&User-Name) = notfound
1333. (29) } # policy filter_username = notfound
1334. (29) [preprocess] = ok
1335. (29) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
1336. (29) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
1337. (29) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
1338. (29) auth_log: EXPAND %t
1339. (29) auth_log: --> Thu Aug 26 22:36:18 2021
1340. (29) [auth_log] = ok
1341. (29) [mschap] = noop
1342. (29) ntdomain: Checking for prefix before "\"
1343. (29) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
1344. (29) ntdomain: Found realm "CORPORATE"
1345. (29) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
1346. (29) ntdomain: Adding Realm = "CORPORATE"
1347. (29) ntdomain: Authentication realm is LOCAL
1348. (29) [ntdomain] = ok
1349. (29) eap: Peer sent EAP Response (code 2) ID 10 length 46
1350. (29) eap: Continuing tunnel setup
1351. (29) [eap] = ok
1352. (29) } # authorize = ok
1353. (29) Found Auth-Type = eap
1354. (29) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
1355. (29) authenticate {
1356. (29) eap: Expiring EAP session with state 0x68ef777160e56ef7
1357. (29) eap: Finished EAP session with state 0x68ef777160e56ef7
1358. (29) eap: Previous EAP request found for state 0x68ef777160e56ef7, released from the list
1359. (29) eap: Peer sent packet with method EAP PEAP (25)
1360. (29) eap: Calling submodule eap_peap to process data
1361. (29) eap_peap: (TLS) EAP Done initial handshake
1362. (29) eap_peap: Session established. Decoding tunneled attributes
1363. (29) eap_peap: PEAP state send tlv success
1364. (29) eap_peap: Received EAP-TLV response
1365. (29) eap_peap: Success
1366. (29) eap: Sending EAP Success (code 3) ID 10 length 4
1367. (29) eap: Freeing handler
1368. (29) [eap] = ok
1369. (29) } # authenticate = ok
1370. (29) # Executing section post-auth from file /etc/freeradius/sites-enabled/GO_Live
1371. (29) post-auth {
1372. (29) if (&Framed-IP-Address =~ /^169\.254\./) {
1373. (29) ERROR: Failed retrieving values required to evaluate condition
1374. (29) if (&LDAP-Group == "RSSO - IT - Networking") {
1375. (29) Searching for user in group "RSSO - IT - Networking"
1376. rlm_ldap (ldap): Reserved connection (21)
1377. (29) EXPAND (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
1378. (29) --> (sAMAccountName=Raspb.P14)
1379. (29) Performing search in "dc=corporate,dc=intra" with filter "(sAMAccountName=Raspb.P14)", scope "sub"
1380. (29) Waiting for search result...
1381. rlm_ldap (ldap): Rebinding to URL ldap://DomainDnsZones.corporate.intra/DC=DomainDnsZones,DC=corporate,DC=intra
1382. rlm_ldap (ldap): Waiting for bind result...
1383. rlm_ldap (ldap): Rebinding to URL ldap://ForestDnsZones.corporate.intra/DC=ForestDnsZones,DC=corporate,DC=intra
1384. rlm_ldap (ldap): Waiting for bind result...
1385. rlm_ldap (ldap): Bind successful
1386. rlm_ldap (ldap): Bind successful
1387. (29) User object found at DN "CN=Raspb.P14,OU=GO Services,OU=Systems_Administration_OU,DC=corporate,DC=intra"
1388. (29) Checking user object's memberOf attributes
1389. (29) Waiting for bind result...
1390. (29) Bind successful
1391. (29) Performing unfiltered search in "CN=Raspb.P14,OU=GO Services,OU=Systems_Administration_OU,DC=corporate,DC=intra", scope "base"
1392. (29) Waiting for search result...
1393. (29) Processing memberOf value "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra" as a DN
1394. (29) Resolving group DN "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra" to group name
1395. (29) Performing unfiltered search in "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra", scope "base"
1396. (29) Waiting for search result...
1397. (29) Group DN "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra" resolves to name "RSSO - TEC - RaspBerryPi"
1398. rlm_ldap (ldap): Deleting connection (21) - Was referred to a different LDAP server
1399. (29) User is not a member of "RSSO - IT - Networking"
1400. (29) if (&LDAP-Group == "RSSO - IT - Networking") -> FALSE
1401. (29) elsif (LDAP-Group == "RSSO - IT - App Support") {
1402. (29) Searching for user in group "RSSO - IT - App Support"
1403. rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare"
1404. rlm_ldap (ldap): Opening additional connection (22), 1 of 32 pending slots used
1405. rlm_ldap (ldap): Connecting to ldap://corporate.intra:389
1406. rlm_ldap (ldap): Waiting for bind result...
1407. rlm_ldap (ldap): Bind successful
1408. rlm_ldap (ldap): Reserved connection (22)
1409. <<escaped more ldap search text from debug>>
1410. rlm_ldap (ldap): Reserved connection (22)
1411. (29) Using user DN from request "CN=Raspb.P14,OU=GO Services,OU=Systems_Administration_OU,DC=corporate,DC=intra"
1412. (29) Checking user object's memberOf attributes
1413. (29) Performing unfiltered search in "CN=Raspb.P14,OU=GO Services,OU=Systems_Administration_OU,DC=corporate,DC=intra", scope "base"
1414. (29) Waiting for search result...
1415. (29) Processing memberOf value "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra" as a DN
1416. (29) Resolving group DN "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra" to group name
1417. (29) Performing unfiltered search in "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra", scope "base"
1418. (29) Waiting for search result...
1419. (29) Group DN "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra" resolves to name "RSSO - TEC - RaspBerryPi"
1420. (29) User found in group "RSSO - TEC - RaspBerryPi". Comparison between membership: name (resolved from DN "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra"), check: name
1421. rlm_ldap (ldap): Released connection (22)
1422. (29) elsif (LDAP-Group == "RSSO - TEC - RaspBerryPi") -> TRUE
1423. (29) elsif (LDAP-Group == "RSSO - TEC - RaspBerryPi") {
1424. (29) update Reply {
1425. (29) Tunnel-Type := VLAN
1426. (29) Tunnel-Medium-Type := IEEE-802
1427. (29) Tunnel-Private-Group-Id := "943"
1428. (29) Class := 0x5253534f2d5445432d5261737042657272795069
1429. (29) } # update Reply = noop
1430. (29) } # elsif (LDAP-Group == "RSSO - TEC - RaspBerryPi") = noop
1431. (29) ... skipping elsif: Preceding "if" was taken
1432. (29) ... skipping elsif: Preceding "if" was taken
1433. (29) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
1434. (29) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) -> FALSE
1435. (29) update {
1436. (29) &reply::Framed-MTU += &session-state:Framed-MTU[*] -> 994
1437. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) recv TLS 1.3 Handshake, ClientHello '
1438. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, ServerHello '
1439. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, Certificate '
1440. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, ServerKeyExchange '
1441. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, ServerHelloDone '
1442. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) recv TLS 1.2 Handshake, ClientKeyExchange '
1443. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) recv TLS 1.2 Handshake, Finished '
1444. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 ChangeCipherSpec '
1445. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, Finished '
1446. (29) &reply::TLS-Session-Cipher-Suite += &session-state:TLS-Session-Cipher-Suite[*] -> 'ECDHE-RSA-AES256-GCM-SHA384'
1447. (29) &reply::TLS-Session-Version += &session-state:TLS-Session-Version[*] -> 'TLS 1.2'
1448. (29) } # update = noop
1449. (29) reply_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
1450. (29) reply_log: --> /var/log/freeradius/radacct/10.15.200.15/reply-detail-20210826
1451. (29) reply_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/reply-detail-20210826
1452. (29) reply_log: EXPAND %t
1453. (29) reply_log: --> Thu Aug 26 22:36:18 2021
1454. (29) [reply_log] = ok
1455. (29) sql: EXPAND .query
1456. (29) sql: --> .query
1457. (29) sql: Using query template 'query'
1458. rlm_sql (sql): Reserved connection (17)
1459. (29) sql: EXPAND %{User-Name}
1460. (29) sql: --> CORPORATE\\Raspb.P14
1461. (29) sql: SQL-User-Name set to 'CORPORATE\\Raspb.P14'
1462. (29) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( '%{SQL-User-Name}', 'Omitted', '%{reply:Packet-Type}', '%S.%M' )
1463. (29) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'CORPORATE=5C=5CRaspb.P14', 'Omitted', 'Access-Accept', '2021-08-26 22:36:18.168110' )
1464. (29) sql: EXPAND /var/log/freeradius/sqllog.sql
1465. (29) sql: --> /var/log/freeradius/sqllog.sql
1466. (29) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'CORPORATE=5C=5CRaspb.P14', 'Omitted', 'Access-Accept', '2021-08-26 22:36:18.168110' )
1467. (29) sql: SQL query returned: success
1468. (29) sql: 1 record(s) updated
1469. rlm_sql (sql): Released connection (17)
1470. (29) [sql] = ok
1471. (29) [exec] = noop
1472. (29) policy remove_reply_message_if_eap {
1473. (29) if (&reply:EAP-Message && &reply:Reply-Message) {
1474. (29) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
1475. (29) else {
1476. (29) [noop] = noop
1477. (29) } # else = noop
1478. (29) } # policy remove_reply_message_if_eap = noop
1479. (29) if (EAP-Key-Name && &reply:EAP-Session-Id) {
1480. (29) if (EAP-Key-Name && &reply:EAP-Session-Id) -> FALSE
1481. (29) } # post-auth = ok
1482. (29) Sent Access-Accept Id 77 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
1483. (29) MS-MPPE-Recv-Key = 0xc509355dc56d93d4aa9c6ef2bce30f9ed436192345d42dd91ac1e180007091a1
1484. (29) MS-MPPE-Send-Key = 0xe271bf04394e6bd945d56b549a73e57671a60b1ed6f6976e58f0c98380ab33e8
1485. (29) EAP-Message = 0x030a0004
1486. (29) Message-Authenticator = 0x00000000000000000000000000000000
1487. (29) User-Name = "CORPORATE\\Raspb.P14"
1488. (29) Tunnel-Type := VLAN
1489. (29) Tunnel-Medium-Type := IEEE-802
1490. (29) Tunnel-Private-Group-Id := "943"
1491. (29) Class := 0x5253534f2d5445432d5261737042657272795069
1492. (29) Framed-MTU += 994
1493. (29) Finished request
1494. Waking up in 4.8 seconds.
1495. (20) Cleaning up request packet ID 68 with timestamp +527
1496. (21) Cleaning up request packet ID 69 with timestamp +527
1497. (22) Cleaning up request packet ID 70 with timestamp +527
1498. (23) Cleaning up request packet ID 71 with timestamp +527
1499. (24) Cleaning up request packet ID 72 with timestamp +527
1500. (25) Cleaning up request packet ID 73 with timestamp +527
1501. (26) Cleaning up request packet ID 74 with timestamp +527
1502. (27) Cleaning up request packet ID 75 with timestamp +527
1503. (28) Cleaning up request packet ID 76 with timestamp +527
1504. Waking up in 0.1 seconds.
1505. (29) Cleaning up request packet ID 77 with timestamp +527
1506. Ready to process requests
1507.  
1508.  
1509.  
1510.  
1511.  
1512.  
1513.  
1514. Ready to process requests
1515. (75) Received Accounting-Request Id 246 from 10.15.200.15:62985 to 172.16.200.253:1813 length 376
1516. (75) Framed-IP-Address = 10.15.204.105
1517. (75) Framed-IPv6-Address = fe80::423c:e86c:af53:897b
1518. (75) User-Name = "CORPORATE\\Raspb.P14"
1519. (75) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
1520. (75) Cisco-AVPair = "vlan-id=943"
1521. (75) Cisco-AVPair = "method=dot1x"
1522. (75) Called-Station-Id = "34-ED-1B-4B-15-8F"
1523. (75) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
1524. (75) NAS-IP-Address = 10.15.200.15
1525. (75) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
1526. (75) NAS-Port-Type = Ethernet
1527. (75) NAS-Port = 50115
1528. (75) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
1529. (75) NAS-Identifier = "MRS_3rdFlr_NW_SW3_93"
1530. (75) Called-Station-Id = "34-ED-1B-4B-15-8F"
1531. (75) Acct-Session-Id = "00000116"
1532. (75) Acct-Authentic = Remote
1533. (75) Class = 0x5253534f2d5445432d5261737042657272795069
1534. (75) Acct-Status-Type = Interim-Update
1535. (75) Event-Timestamp = "Aug 26 2021 22:56:18 CEST"
1536. (75) Acct-Input-Octets = 14864970
1537. (75) Acct-Output-Octets = 0
1538. (75) Acct-Input-Packets = 110074
1539. (75) Acct-Output-Packets = 0
1540. (75) Acct-Delay-Time = 0
1541. (75) # Executing section preacct from file /etc/freeradius/sites-enabled/GO_Live
1542. (75) preacct {
1543. (75) [preprocess] = ok
1544. (75) policy acct_unique {
1545. (75) update request {
1546. (75) &Tmp-String-9 := "ai:"
1547. (75) } # update request = noop
1548. (75) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
1549. (75) EXPAND %{hex:&Class}
1550. (75) --> 5253534f2d5445432d5261737042657272795069
1551. (75) EXPAND ^%{hex:&Tmp-String-9}
1552. (75) --> ^61693a
1553. (75) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
1554. (75) else {
1555. (75) update request {
1556. (75) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
1557. (75) --> df588029321131090ffa13b0d81e9e2d
1558. (75) &Acct-Unique-Session-Id := df588029321131090ffa13b0d81e9e2d
1559. (75) } # update request = noop
1560. (75) } # else = noop
1561. (75) } # policy acct_unique = noop
1562. (75) ntdomain: Checking for prefix before "\"
1563. (75) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
1564. (75) ntdomain: Found realm "CORPORATE"
1565. (75) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
1566. (75) ntdomain: Adding Realm = "CORPORATE"
1567. (75) ntdomain: Accounting realm is LOCAL
1568. (75) [ntdomain] = ok
1569. (75) [files] = noop
1570. (75) update control {
1571. (75) &Replicate-To-Realm += "Realm_FG_1500D_Agg_Users_Acct"
1572. (75) &Replicate-To-Realm += "Realm_FG_3300E_Datacentre_Acct"
1573. (75) &Replicate-To-Realm += "Realm_FG_1500D_Users_Acct"
1574. (75) &Replicate-To-Realm += "Realm_FG_3300E_Headend_Acct"
1575. (75) &Replicate-To-Realm += "Realm_FG_3300E_STG-DC_Acct"
1576. (75) &Replicate-To-Realm += "Realm_FG_3300E_ISP-Services_Acct"
1577. (75) &Replicate-To-Realm += "Realm_FG_3300E_Users-VPN_Acct"
1578. (75) } # update control = noop
1579. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Agg_Users_Acct'
1580. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Datacentre_Acct'
1581. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Users_Acct'
1582. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Headend_Acct'
1583. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_STG-DC_Acct'
1584. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_ISP-Services_Acct'
1585. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Users-VPN_Acct'
1586. (75) [replicate] = ok
1587. (75) } # preacct = ok
1588. (75) # Executing section accounting from file /etc/freeradius/sites-enabled/GO_Live
1589. (75) accounting {
1590. (75) detail: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
1591. (75) detail: --> /var/log/freeradius/radacct/10.15.200.15/detail-20210826
1592. (75) detail: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/detail-20210826
1593. (75) detail: EXPAND %t
1594. (75) detail: --> Thu Aug 26 22:56:19 2021
1595. (75) [detail] = ok
1596. (75) [unix] = noop
1597. (75) sql: EXPAND %{tolower:type.%{%{Acct-Status-Type}:-%{Request-Processing-Stage}}.query}
1598. (75) sql: --> type.interim-update.query
1599. (75) sql: Using query template 'query'
1600. rlm_sql (sql): Reserved connection (46)
1601. (75) sql: EXPAND %{User-Name}
1602. (75) sql: --> CORPORATE\\Raspb.P14
1603. (75) sql: SQL-User-Name set to 'CORPORATE\\Raspb.P14'
1604. (75) sql: EXPAND UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), acctinterval = %{%{integer:Event-Timestamp}:-%l} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', framedipv6address = '%{Framed-IPv6-Address}', framedipv6prefix = '%{Framed-IPv6-Prefix}', framedinterfaceid = '%{Framed-Interface-Id}', delegatedipv6prefix = '%{Delegated-IPv6-Prefix}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'
1605. (75) sql: --> UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(1630011378), acctinterval = 1630011378 - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '10.15.204.105', framedipv6address = 'fe80::423c:e86c:af53:897b', framedipv6prefix = '', framedinterfaceid = '', delegatedipv6prefix = '', acctsessiontime = NULL, acctinputoctets = '0' << 32 | '14864970', acctoutputoctets = '0' << 32 | '0' WHERE AcctUniqueId = 'df588029321131090ffa13b0d81e9e2d'
1606. (75) sql: EXPAND /var/log/freeradius/sqllog.sql
1607. (75) sql: --> /var/log/freeradius/sqllog.sql
1608. (75) sql: Executing query: UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(1630011378), acctinterval = 1630011378 - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '10.15.204.105', framedipv6address = 'fe80::423c:e86c:af53:897b', framedipv6prefix = '', framedinterfaceid = '', delegatedipv6prefix = '', acctsessiontime = NULL, acctinputoctets = '0' << 32 | '14864970', acctoutputoctets = '0' << 32 | '0' WHERE AcctUniqueId = 'df588029321131090ffa13b0d81e9e2d'
1609. rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
1610. (75) sql: SQL query returned: success
1611. (75) sql: 1 record(s) updated
1612. rlm_sql (sql): Released connection (46)
1613. (75) [sql] = ok
1614. (75) [exec] = noop
1615. (75) attr_filter.accounting_response: EXPAND %{User-Name}
1616. (75) attr_filter.accounting_response: --> CORPORATE\\Raspb.P14
1617. (75) attr_filter.accounting_response: Matched entry DEFAULT at line 12
1618. (75) [attr_filter.accounting_response] = updated
1619. (75) update control {
1620. (75) &Replicate-To-Realm += "Realm_FG_1500D_Agg_Users_Acct"
1621. (75) &Replicate-To-Realm += "Realm_FG_3300E_Datacentre_Acct"
1622. (75) &Replicate-To-Realm += "Realm_FG_1500D_Users_Acct"
1623. (75) &Replicate-To-Realm += "Realm_FG_3300E_Headend_Acct"
1624. (75) &Replicate-To-Realm += "Realm_FG_3300E_STG-DC_Acct"
1625. (75) &Replicate-To-Realm += "Realm_FG_3300E_ISP-Services_Acct"
1626. (75) &Replicate-To-Realm += "Realm_FG_3300E_Users-VPN_Acct"
1627. (75) } # update control = noop
1628. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Agg_Users_Acct'
1629. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Datacentre_Acct'
1630. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Users_Acct'
1631. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Headend_Acct'
1632. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_STG-DC_Acct'
1633. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_ISP-Services_Acct'
1634. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Users-VPN_Acct'
1635. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Agg_Users_Acct'
1636. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Datacentre_Acct'
1637. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Users_Acct'
1638. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Headend_Acct'
1639. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_STG-DC_Acct'
1640. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_ISP-Services_Acct'
1641. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Users-VPN_Acct'
1642. (75) [replicate] = ok
1643. (75) } # accounting = updated
1644. (75) Sent Accounting-Response Id 246 from 172.16.200.253:1813 to 10.15.200.15:62985 length 0
1645. (75) Finished request
1646. (75) Cleaning up request packet ID 246 with timestamp +1728
1647. Ready to process requests
1648. (76) Received Accounting-Request Id 247 from 10.15.200.15:62985 to 172.16.200.253:1813 length 376
1649. (76) Framed-IP-Address = 10.15.204.105
1650. (76) Framed-IPv6-Address = fe80::423c:e86c:af53:897b
1651. (76) User-Name = "CORPORATE\\Raspb.P14"
1652. (76) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
1653. (76) Cisco-AVPair = "vlan-id=943"
1654. (76) Cisco-AVPair = "method=dot1x"
1655. (76) Called-Station-Id = "34-ED-1B-4B-15-8F"
1656. (76) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
1657. (76) NAS-IP-Address = 10.15.200.15
1658. (76) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
1659. (76) NAS-Port-Type = Ethernet
1660. (76) NAS-Port = 50115
1661. (76) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
1662. (76) NAS-Identifier = "MRS_3rdFlr_NW_SW3_93"
1663. (76) Called-Station-Id = "34-ED-1B-4B-15-8F"
1664. (76) Acct-Session-Id = "00000116"
1665. (76) Acct-Authentic = Remote
1666. (76) Class = 0x5253534f2d5445432d5261737042657272795069
1667. (76) Acct-Status-Type = Interim-Update
1668. (76) Event-Timestamp = "Aug 26 2021 22:56:29 CEST"
1669. (76) Acct-Input-Octets = 15003058
1670. (76) Acct-Output-Octets = 0
1671. (76) Acct-Input-Packets = 111105
1672. (76) Acct-Output-Packets = 0
1673. (76) Acct-Delay-Time = 0
1674. (76) # Executing section preacct from file /etc/freeradius/sites-enabled/GO_Live
1675. (76) preacct {
1676. (76) [preprocess] = ok
1677. (76) policy acct_unique {
1678. (76) update request {
1679. (76) &Tmp-String-9 := "ai:"
1680. (76) } # update request = noop
1681. (76) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
1682. (76) EXPAND %{hex:&Class}
1683. (76) --> 5253534f2d5445432d5261737042657272795069
1684. (76) EXPAND ^%{hex:&Tmp-String-9}
1685. (76) --> ^61693a
1686. (76) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
1687. (76) else {
1688. (76) update request {
1689. (76) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
1690. (76) --> df588029321131090ffa13b0d81e9e2d
1691. (76) &Acct-Unique-Session-Id := df588029321131090ffa13b0d81e9e2d
1692. (76) } # update request = noop
1693. (76) } # else = noop
1694. (76) } # policy acct_unique = noop
1695. (76) ntdomain: Checking for prefix before "\"
1696. (76) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
1697. (76) ntdomain: Found realm "CORPORATE"
1698. (76) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
1699. (76) ntdomain: Adding Realm = "CORPORATE"
1700. (76) ntdomain: Accounting realm is LOCAL
1701. (76) [ntdomain] = ok
1702. (76) [files] = noop
1703. (76) update control {
1704. (76) &Replicate-To-Realm += "Realm_FG_1500D_Agg_Users_Acct"
1705. (76) &Replicate-To-Realm += "Realm_FG_3300E_Datacentre_Acct"
1706. (76) &Replicate-To-Realm += "Realm_FG_1500D_Users_Acct"
1707. (76) &Replicate-To-Realm += "Realm_FG_3300E_Headend_Acct"
1708. (76) &Replicate-To-Realm += "Realm_FG_3300E_STG-DC_Acct"
1709. (76) &Replicate-To-Realm += "Realm_FG_3300E_ISP-Services_Acct"
1710. (76) &Replicate-To-Realm += "Realm_FG_3300E_Users-VPN_Acct"
1711. (76) } # update control = noop
1712. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Agg_Users_Acct'
1713. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Datacentre_Acct'
1714. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Users_Acct'
1715. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Headend_Acct'
1716. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_STG-DC_Acct'
1717. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_ISP-Services_Acct'
1718. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Users-VPN_Acct'
1719. (76) [replicate] = ok
1720. (76) } # preacct = ok
1721. (76) # Executing section accounting from file /etc/freeradius/sites-enabled/GO_Live
1722. (76) accounting {
1723. (76) detail: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
1724. (76) detail: --> /var/log/freeradius/radacct/10.15.200.15/detail-20210826
1725. (76) detail: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/detail-20210826
1726. (76) detail: EXPAND %t
1727. (76) detail: --> Thu Aug 26 22:56:29 2021
1728. (76) [detail] = ok
1729. (76) [unix] = noop
1730. (76) sql: EXPAND %{tolower:type.%{%{Acct-Status-Type}:-%{Request-Processing-Stage}}.query}
1731. (76) sql: --> type.interim-update.query
1732. (76) sql: Using query template 'query'
1733. rlm_sql (sql): Reserved connection (48)
1734. (76) sql: EXPAND %{User-Name}
1735. (76) sql: --> CORPORATE\\Raspb.P14
1736. (76) sql: SQL-User-Name set to 'CORPORATE\\Raspb.P14'
1737. (76) sql: EXPAND UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), acctinterval = %{%{integer:Event-Timestamp}:-%l} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', framedipv6address = '%{Framed-IPv6-Address}', framedipv6prefix = '%{Framed-IPv6-Prefix}', framedinterfaceid = '%{Framed-Interface-Id}', delegatedipv6prefix = '%{Delegated-IPv6-Prefix}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'
1738. (76) sql: --> UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(1630011389), acctinterval = 1630011389 - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '10.15.204.105', framedipv6address = 'fe80::423c:e86c:af53:897b', framedipv6prefix = '', framedinterfaceid = '', delegatedipv6prefix = '', acctsessiontime = NULL, acctinputoctets = '0' << 32 | '15003058', acctoutputoctets = '0' << 32 | '0' WHERE AcctUniqueId = 'df588029321131090ffa13b0d81e9e2d'
1739. (76) sql: EXPAND /var/log/freeradius/sqllog.sql
1740. (76) sql: --> /var/log/freeradius/sqllog.sql
1741. (76) sql: Executing query: UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(1630011389), acctinterval = 1630011389 - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '10.15.204.105', framedipv6address = 'fe80::423c:e86c:af53:897b', framedipv6prefix = '', framedinterfaceid = '', delegatedipv6prefix = '', acctsessiontime = NULL, acctinputoctets = '0' << 32 | '15003058', acctoutputoctets = '0' << 32 | '0' WHERE AcctUniqueId = 'df588029321131090ffa13b0d81e9e2d'
1742. rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
1743. (76) sql: SQL query returned: success
1744. (76) sql: 1 record(s) updated
1745. rlm_sql (sql): Released connection (48)
1746. (76) [sql] = ok
1747. (76) [exec] = noop
1748. (76) attr_filter.accounting_response: EXPAND %{User-Name}
1749. (76) attr_filter.accounting_response: --> CORPORATE\\Raspb.P14
1750. (76) attr_filter.accounting_response: Matched entry DEFAULT at line 12
1751. (76) [attr_filter.accounting_response] = updated
1752. (76) update control {
1753. (76) &Replicate-To-Realm += "Realm_FG_1500D_Agg_Users_Acct"
1754. (76) &Replicate-To-Realm += "Realm_FG_3300E_Datacentre_Acct"
1755. (76) &Replicate-To-Realm += "Realm_FG_1500D_Users_Acct"
1756. (76) &Replicate-To-Realm += "Realm_FG_3300E_Headend_Acct"
1757. (76) &Replicate-To-Realm += "Realm_FG_3300E_STG-DC_Acct"
1758. (76) &Replicate-To-Realm += "Realm_FG_3300E_ISP-Services_Acct"
1759. (76) &Replicate-To-Realm += "Realm_FG_3300E_Users-VPN_Acct"
1760. (76) } # update control = noop
1761. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Agg_Users_Acct'
1762. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Datacentre_Acct'
1763. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Users_Acct'
1764. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Headend_Acct'
1765. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_STG-DC_Acct'
1766. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_ISP-Services_Acct'
1767. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Users-VPN_Acct'
1768. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Agg_Users_Acct'
1769. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Datacentre_Acct'
1770. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Users_Acct'
1771. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Headend_Acct'
1772. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_STG-DC_Acct'
1773. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_ISP-Services_Acct'
1774. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Users-VPN_Acct'
1775. (76) [replicate] = ok
1776. (76) } # accounting = updated
1777. (76) Sent Accounting-Response Id 247 from 172.16.200.253:1813 to 10.15.200.15:62985 length 0
1778. (76) Finished request
1779. (76) Cleaning up request packet ID 247 with timestamp +1738
1780. Ready to process requests