pizpower

freeradius debug

Aug 26th, 2021
122
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. rlm_sql (sql): Released connection (14)
  2. Need 1 more connections to reach 10 spares
  3. rlm_sql (sql): Opening additional connection (19), 1 of 23 pending slots used
  4. rlm_sql_mysql: Starting connect to MySQL server
  5. rlm_sql_mysql: Connected to database 'radius' on freeraddb via TCP/IP, server version 5.5.5-10.3.31-MariaDB-0ubuntu0.20.04.1-log, protocol version 10
  6. (19) [sql] = ok
  7. (19) [exec] = noop
  8. (19) policy remove_reply_message_if_eap {
  9. (19) if (&reply:EAP-Message && &reply:Reply-Message) {
  10. (19) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  11. (19) else {
  12. (19) [noop] = noop
  13. (19) } # else = noop
  14. (19) } # policy remove_reply_message_if_eap = noop
  15. (19) if (EAP-Key-Name && &reply:EAP-Session-Id) {
  16. (19) if (EAP-Key-Name && &reply:EAP-Session-Id) -> FALSE
  17. (19) } # post-auth = ok
  18. (19) Sent Access-Accept Id 48 from 127.0.0.1:1812 to 127.0.0.1:41572 length 0
  19. (19) MS-CHAP-MPPE-Keys = 0x000000000000000007db3f1956e783b80e035b938a27d2aa
  20. (19) MS-MPPE-Encryption-Policy = Encryption-Allowed
  21. (19) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
  22. (19) Finished request
  23. Waking up in 4.6 seconds.
  24. Aug 26 22:35:48 mstfreerad01 systemd[1]: check_mk@2893-172.16.200.253:6556-172.16.193.173:36926.service: Succeeded.
  25. (18) Cleaning up request packet ID 0 with timestamp +496
  26. Waking up in 0.3 seconds.
  27. (19) Cleaning up request packet ID 48 with timestamp +496
  28. Ready to process requests
  29. (20) Received Access-Request Id 68 from 10.15.200.15:61772 to 172.16.200.253:1812 length 309
  30. (20) User-Name = "CORPORATE\\Raspb.P14"
  31. (20) Service-Type = Framed-User
  32. (20) Cisco-AVPair = "service-type=Framed"
  33. (20) Framed-MTU = 1468
  34. (20) EAP-Message = 0x0201001801434f52504f524154455c52617370622e503134
  35. (20) Message-Authenticator = 0xeaaa29ac81f3b1fff448cdc85dc9aaa3
  36. (20) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
  37. (20) Cisco-AVPair = "method=dot1x"
  38. (20) Cisco-AVPair = "client-iif-id=346278732"
  39. (20) NAS-IP-Address = 10.15.200.15
  40. (20) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
  41. (20) NAS-Port-Type = Ethernet
  42. (20) NAS-Port = 50115
  43. (20) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  44. (20) Called-Station-Id = "34-ED-1B-4B-15-8F"
  45. (20) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
  46. (20) authorize {
  47. (20) policy filter_username {
  48. (20) if (&User-Name) {
  49. (20) if (&User-Name) -> TRUE
  50. (20) if (&User-Name) {
  51. (20) if (&User-Name =~ / /) {
  52. (20) if (&User-Name =~ / /) -> FALSE
  53. (20) if (&User-Name =~ /@[^@]*@/ ) {
  54. (20) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  55. (20) if (&User-Name =~ /\.\./ ) {
  56. (20) if (&User-Name =~ /\.\./ ) -> FALSE
  57. (20) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  58. (20) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  59. (20) if (&User-Name =~ /\.$/) {
  60. (20) if (&User-Name =~ /\.$/) -> FALSE
  61. (20) if (&User-Name =~ /@\./) {
  62. (20) if (&User-Name =~ /@\./) -> FALSE
  63. (20) } # if (&User-Name) = notfound
  64. (20) } # policy filter_username = notfound
  65. (20) [preprocess] = ok
  66. (20) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
  67. (20) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  68. (20) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  69. (20) auth_log: EXPAND %t
  70. (20) auth_log: --> Thu Aug 26 22:36:18 2021
  71. (20) [auth_log] = ok
  72. (20) [mschap] = noop
  73. (20) ntdomain: Checking for prefix before "\"
  74. (20) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  75. (20) ntdomain: Found realm "CORPORATE"
  76. (20) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  77. (20) ntdomain: Adding Realm = "CORPORATE"
  78. (20) ntdomain: Authentication realm is LOCAL
  79. (20) [ntdomain] = ok
  80. (20) eap: Peer sent EAP Response (code 2) ID 1 length 24
  81. (20) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  82. (20) [eap] = ok
  83. (20) } # authorize = ok
  84. (20) Found Auth-Type = eap
  85. (20) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  86. (20) authenticate {
  87. (20) eap: Peer sent packet with method EAP Identity (1)
  88. (20) eap: Calling submodule eap_peap to process data
  89. (20) eap_peap: (TLS) Initiating new session
  90. (20) eap: Sending EAP Request (code 1) ID 2 length 6
  91. (20) eap: EAP session adding &reply:State = 0x68ef777168ed6ef7
  92. (20) [eap] = handled
  93. (20) } # authenticate = handled
  94. (20) Using Post-Auth-Type Challenge
  95. (20) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  96. (20) Challenge { ... } # empty sub-section is ignored
  97. (20) session-state: Saving cached attributes
  98. (20) Framed-MTU = 994
  99. (20) Sent Access-Challenge Id 68 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
  100. (20) EAP-Message = 0x010200061920
  101. (20) Message-Authenticator = 0x00000000000000000000000000000000
  102. (20) State = 0x68ef777168ed6ef72d7f5eed64273179
  103. (20) Finished request
  104. Waking up in 4.9 seconds.
  105. (21) Received Access-Request Id 69 from 10.15.200.15:61772 to 172.16.200.253:1812 length 503
  106. (21) User-Name = "CORPORATE\\Raspb.P14"
  107. (21) Service-Type = Framed-User
  108. (21) Cisco-AVPair = "service-type=Framed"
  109. (21) Framed-MTU = 1468
  110. (21) EAP-Message = 0x020200c81980000000be16030100b9010000b503031cc258e9e427593bdafb5fd88b51224244622ec74f9a5a0e91b6abc3f9d52ab6000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000054000b000403000102000a000c000a001d0017001e001900180016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602
  111. (21) Message-Authenticator = 0xefe4412e3558ba16c8273d117042e833
  112. (21) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
  113. (21) Cisco-AVPair = "method=dot1x"
  114. (21) Cisco-AVPair = "client-iif-id=346278732"
  115. (21) NAS-IP-Address = 10.15.200.15
  116. (21) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
  117. (21) NAS-Port-Type = Ethernet
  118. (21) NAS-Port = 50115
  119. (21) State = 0x68ef777168ed6ef72d7f5eed64273179
  120. (21) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  121. (21) Called-Station-Id = "34-ED-1B-4B-15-8F"
  122. (21) Restoring &session-state
  123. (21) &session-state:Framed-MTU = 994
  124. (21) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
  125. (21) authorize {
  126. (21) policy filter_username {
  127. (21) if (&User-Name) {
  128. (21) if (&User-Name) -> TRUE
  129. (21) if (&User-Name) {
  130. (21) if (&User-Name =~ / /) {
  131. (21) if (&User-Name =~ / /) -> FALSE
  132. (21) if (&User-Name =~ /@[^@]*@/ ) {
  133. (21) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  134. (21) if (&User-Name =~ /\.\./ ) {
  135. (21) if (&User-Name =~ /\.\./ ) -> FALSE
  136. (21) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  137. (21) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  138. (21) if (&User-Name =~ /\.$/) {
  139. (21) if (&User-Name =~ /\.$/) -> FALSE
  140. (21) if (&User-Name =~ /@\./) {
  141. (21) if (&User-Name =~ /@\./) -> FALSE
  142. (21) } # if (&User-Name) = notfound
  143. (21) } # policy filter_username = notfound
  144. (21) [preprocess] = ok
  145. (21) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
  146. (21) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  147. (21) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  148. (21) auth_log: EXPAND %t
  149. (21) auth_log: --> Thu Aug 26 22:36:18 2021
  150. (21) [auth_log] = ok
  151. (21) [mschap] = noop
  152. (21) ntdomain: Checking for prefix before "\"
  153. (21) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  154. (21) ntdomain: Found realm "CORPORATE"
  155. (21) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  156. (21) ntdomain: Adding Realm = "CORPORATE"
  157. (21) ntdomain: Authentication realm is LOCAL
  158. (21) [ntdomain] = ok
  159. (21) eap: Peer sent EAP Response (code 2) ID 2 length 200
  160. (21) eap: Continuing tunnel setup
  161. (21) [eap] = ok
  162. (21) } # authorize = ok
  163. (21) Found Auth-Type = eap
  164. (21) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  165. (21) authenticate {
  166. (21) eap: Expiring EAP session with state 0x68ef777168ed6ef7
  167. (21) eap: Finished EAP session with state 0x68ef777168ed6ef7
  168. (21) eap: Previous EAP request found for state 0x68ef777168ed6ef7, released from the list
  169. (21) eap: Peer sent packet with method EAP PEAP (25)
  170. (21) eap: Calling submodule eap_peap to process data
  171. (21) eap_peap: (TLS) EAP Peer says that the final record size will be 190 bytes
  172. (21) eap_peap: (TLS) EAP Got all data (190 bytes)
  173. (21) eap_peap: (TLS) Handshake state - before SSL initialization
  174. (21) eap_peap: (TLS) Handshake state - Server before SSL initialization
  175. (21) eap_peap: (TLS) Handshake state - Server before SSL initialization
  176. (21) eap_peap: (TLS) recv TLS 1.3 Handshake, ClientHello
  177. (21) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read client hello
  178. (21) eap_peap: (TLS) send TLS 1.2 Handshake, ServerHello
  179. (21) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write server hello
  180. (21) eap_peap: (TLS) send TLS 1.2 Handshake, Certificate
  181. (21) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write certificate
  182. (21) eap_peap: (TLS) send TLS 1.2 Handshake, ServerKeyExchange
  183. (21) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write key exchange
  184. (21) eap_peap: (TLS) send TLS 1.2 Handshake, ServerHelloDone
  185. (21) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write server done
  186. (21) eap_peap: (TLS) Server : Need to read more data: SSLv3/TLS write server done
  187. (21) eap_peap: (TLS) In Handshake Phase
  188. (21) eap: Sending EAP Request (code 1) ID 3 length 1004
  189. (21) eap: EAP session adding &reply:State = 0x68ef777169ec6ef7
  190. (21) [eap] = handled
  191. (21) } # authenticate = handled
  192. (21) Using Post-Auth-Type Challenge
  193. (21) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  194. (21) Challenge { ... } # empty sub-section is ignored
  195. (21) session-state: Saving cached attributes
  196. (21) Framed-MTU = 994
  197. (21) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  198. (21) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  199. (21) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  200. (21) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  201. (21) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  202. (21) Sent Access-Challenge Id 69 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
  203. (21) EAP-Message = 0x010303ec19c000000aa5160303003d020000390303fbfab067d669502031374031eec3dfa5348376bd887c379ba5531f0373ce6f9a00c030000011ff01000100000b0004030001020017000016030309030b0008ff0008fc0003f8308203f4308202dca003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3231303732363134343635345a170d3231303932343134343635345a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d70
  204. (21) Message-Authenticator = 0x00000000000000000000000000000000
  205. (21) State = 0x68ef777169ec6ef72d7f5eed64273179
  206. (21) Finished request
  207. Waking up in 4.9 seconds.
  208. (22) Received Access-Request Id 70 from 10.15.200.15:61772 to 172.16.200.253:1812 length 309
  209. (22) User-Name = "CORPORATE\\Raspb.P14"
  210. (22) Service-Type = Framed-User
  211. (22) Cisco-AVPair = "service-type=Framed"
  212. (22) Framed-MTU = 1468
  213. (22) EAP-Message = 0x020300061900
  214. (22) Message-Authenticator = 0x22bc4c3b4d39e1d3baf8c085b679696f
  215. (22) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
  216. (22) Cisco-AVPair = "method=dot1x"
  217. (22) Cisco-AVPair = "client-iif-id=346278732"
  218. (22) NAS-IP-Address = 10.15.200.15
  219. (22) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
  220. (22) NAS-Port-Type = Ethernet
  221. (22) NAS-Port = 50115
  222. (22) State = 0x68ef777169ec6ef72d7f5eed64273179
  223. (22) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  224. (22) Called-Station-Id = "34-ED-1B-4B-15-8F"
  225. (22) Restoring &session-state
  226. (22) &session-state:Framed-MTU = 994
  227. (22) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  228. (22) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  229. (22) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  230. (22) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  231. (22) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  232. (22) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
  233. (22) authorize {
  234. (22) policy filter_username {
  235. (22) if (&User-Name) {
  236. (22) if (&User-Name) -> TRUE
  237. (22) if (&User-Name) {
  238. (22) if (&User-Name =~ / /) {
  239. (22) if (&User-Name =~ / /) -> FALSE
  240. (22) if (&User-Name =~ /@[^@]*@/ ) {
  241. (22) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  242. (22) if (&User-Name =~ /\.\./ ) {
  243. (22) if (&User-Name =~ /\.\./ ) -> FALSE
  244. (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  245. (22) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  246. (22) if (&User-Name =~ /\.$/) {
  247. (22) if (&User-Name =~ /\.$/) -> FALSE
  248. (22) if (&User-Name =~ /@\./) {
  249. (22) if (&User-Name =~ /@\./) -> FALSE
  250. (22) } # if (&User-Name) = notfound
  251. (22) } # policy filter_username = notfound
  252. (22) [preprocess] = ok
  253. (22) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
  254. (22) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  255. (22) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  256. (22) auth_log: EXPAND %t
  257. (22) auth_log: --> Thu Aug 26 22:36:18 2021
  258. (22) [auth_log] = ok
  259. (22) [mschap] = noop
  260. (22) ntdomain: Checking for prefix before "\"
  261. (22) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  262. (22) ntdomain: Found realm "CORPORATE"
  263. (22) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  264. (22) ntdomain: Adding Realm = "CORPORATE"
  265. (22) ntdomain: Authentication realm is LOCAL
  266. (22) [ntdomain] = ok
  267. (22) eap: Peer sent EAP Response (code 2) ID 3 length 6
  268. (22) eap: Continuing tunnel setup
  269. (22) [eap] = ok
  270. (22) } # authorize = ok
  271. (22) Found Auth-Type = eap
  272. (22) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  273. (22) authenticate {
  274. (22) eap: Expiring EAP session with state 0x68ef777169ec6ef7
  275. (22) eap: Finished EAP session with state 0x68ef777169ec6ef7
  276. (22) eap: Previous EAP request found for state 0x68ef777169ec6ef7, released from the list
  277. (22) eap: Peer sent packet with method EAP PEAP (25)
  278. (22) eap: Calling submodule eap_peap to process data
  279. (22) eap_peap: (TLS) Peer ACKed our handshake fragment
  280. (22) eap: Sending EAP Request (code 1) ID 4 length 1000
  281. (22) eap: EAP session adding &reply:State = 0x68ef77716aeb6ef7
  282. (22) [eap] = handled
  283. (22) } # authenticate = handled
  284. (22) Using Post-Auth-Type Challenge
  285. (22) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  286. (22) Challenge { ... } # empty sub-section is ignored
  287. (22) session-state: Saving cached attributes
  288. (22) Framed-MTU = 994
  289. (22) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  290. (22) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  291. (22) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  292. (22) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  293. (22) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  294. (22) Sent Access-Challenge Id 70 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
  295. (22) EAP-Message = 0x010403e81940612118fa668f9c12cc64288e16c497e12585eda91486f0a8c5240f5ea6b9f623c5c87569dfdb85e99e5c90b6a01a8da8cae26e1fc4710c9d389f642b50cd628b8505529391151970bd086c6b782fa100248dff3934c1a81e9331bd2ee5b85658d2a2f1c8a904d30004fe308204fa308203e2a00302010202140ea6ec415cdc0fa962de082473e519055ec35eed300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3231303732363134343635345a170d3231303932343134343635345a308193310b3009060355040613024652310f300d06035504080c0652616469
  296. (22) Message-Authenticator = 0x00000000000000000000000000000000
  297. (22) State = 0x68ef77716aeb6ef72d7f5eed64273179
  298. (22) Finished request
  299. Waking up in 4.9 seconds.
  300. (23) Received Access-Request Id 71 from 10.15.200.15:61772 to 172.16.200.253:1812 length 309
  301. (23) User-Name = "CORPORATE\\Raspb.P14"
  302. (23) Service-Type = Framed-User
  303. (23) Cisco-AVPair = "service-type=Framed"
  304. (23) Framed-MTU = 1468
  305. (23) EAP-Message = 0x020400061900
  306. (23) Message-Authenticator = 0xe35d9a131a37fe003c600249edf13aeb
  307. (23) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
  308. (23) Cisco-AVPair = "method=dot1x"
  309. (23) Cisco-AVPair = "client-iif-id=346278732"
  310. (23) NAS-IP-Address = 10.15.200.15
  311. (23) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
  312. (23) NAS-Port-Type = Ethernet
  313. (23) NAS-Port = 50115
  314. (23) State = 0x68ef77716aeb6ef72d7f5eed64273179
  315. (23) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  316. (23) Called-Station-Id = "34-ED-1B-4B-15-8F"
  317. (23) Restoring &session-state
  318. (23) &session-state:Framed-MTU = 994
  319. (23) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  320. (23) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  321. (23) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  322. (23) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  323. (23) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  324. (23) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
  325. (23) authorize {
  326. (23) policy filter_username {
  327. (23) if (&User-Name) {
  328. (23) if (&User-Name) -> TRUE
  329. (23) if (&User-Name) {
  330. (23) if (&User-Name =~ / /) {
  331. (23) if (&User-Name =~ / /) -> FALSE
  332. (23) if (&User-Name =~ /@[^@]*@/ ) {
  333. (23) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  334. (23) if (&User-Name =~ /\.\./ ) {
  335. (23) if (&User-Name =~ /\.\./ ) -> FALSE
  336. (23) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  337. (23) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  338. (23) if (&User-Name =~ /\.$/) {
  339. (23) if (&User-Name =~ /\.$/) -> FALSE
  340. (23) if (&User-Name =~ /@\./) {
  341. (23) if (&User-Name =~ /@\./) -> FALSE
  342. (23) } # if (&User-Name) = notfound
  343. (23) } # policy filter_username = notfound
  344. (23) [preprocess] = ok
  345. (23) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
  346. (23) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  347. (23) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  348. (23) auth_log: EXPAND %t
  349. (23) auth_log: --> Thu Aug 26 22:36:18 2021
  350. (23) [auth_log] = ok
  351. (23) [mschap] = noop
  352. (23) ntdomain: Checking for prefix before "\"
  353. (23) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  354. (23) ntdomain: Found realm "CORPORATE"
  355. (23) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  356. (23) ntdomain: Adding Realm = "CORPORATE"
  357. (23) ntdomain: Authentication realm is LOCAL
  358. (23) [ntdomain] = ok
  359. (23) eap: Peer sent EAP Response (code 2) ID 4 length 6
  360. (23) eap: Continuing tunnel setup
  361. (23) [eap] = ok
  362. (23) } # authorize = ok
  363. (23) Found Auth-Type = eap
  364. (23) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  365. (23) authenticate {
  366. (23) eap: Expiring EAP session with state 0x68ef77716aeb6ef7
  367. (23) eap: Finished EAP session with state 0x68ef77716aeb6ef7
  368. (23) eap: Previous EAP request found for state 0x68ef77716aeb6ef7, released from the list
  369. (23) eap: Peer sent packet with method EAP PEAP (25)
  370. (23) eap: Calling submodule eap_peap to process data
  371. (23) eap_peap: (TLS) Peer ACKed our handshake fragment
  372. (23) eap: Sending EAP Request (code 1) ID 5 length 743
  373. (23) eap: EAP session adding &reply:State = 0x68ef77716bea6ef7
  374. (23) [eap] = handled
  375. (23) } # authenticate = handled
  376. (23) Using Post-Auth-Type Challenge
  377. (23) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  378. (23) Challenge { ... } # empty sub-section is ignored
  379. (23) session-state: Saving cached attributes
  380. (23) Framed-MTU = 994
  381. (23) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  382. (23) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  383. (23) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  384. (23) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  385. (23) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  386. (23) Sent Access-Challenge Id 71 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
  387. (23) EAP-Message = 0x010502e7190072746966696361746520417574686f7269747982140ea6ec415cdc0fa962de082473e519055ec35eed300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101001783ba56de4f62e5d71f7c655686bc3eadf3f1f44ed7ba6c98e17b1a9d4f6abfb1424d0a50bfa80006f56dc1c488cab9edb82ef48f0c93755ef56904e6878081e3c8bf429fc76c0456b699c180a2262f23d381f93234689d4f421f78d2a495433be04700b4fe6e0af35bc5227423696c941aa8d39a72b5b921ed07f94b914a9c5f56e19adfbb8356f04a107d2a992f546dcb3c80bd5fd04d8bbe26ef71ee7d025a7d6381d316ae4361f6e93c6a41e15121bd03733bb2325ccb7908054e5e1477ff7d59191bd8e198415c4d5ffc7506cf0794308721797f42436d08ee59b621d40c422096c58209f8e3af4e
  388. (23) Message-Authenticator = 0x00000000000000000000000000000000
  389. (23) State = 0x68ef77716bea6ef72d7f5eed64273179
  390. (23) Finished request
  391. Waking up in 4.9 seconds.
  392. (24) Received Access-Request Id 72 from 10.15.200.15:61772 to 172.16.200.253:1812 length 439
  393. (24) User-Name = "CORPORATE\\Raspb.P14"
  394. (24) Service-Type = Framed-User
  395. (24) Cisco-AVPair = "service-type=Framed"
  396. (24) Framed-MTU = 1468
  397. (24) EAP-Message = 0x0205008819800000007e1603030046100000424104f05837335e34cec84ffa55386d0c795e96a0a641e1b471072b0a7b915ceda78f0cc9c46ad3b7659412879afb62ed0c35626713bdddd90b0b964c748cc0c4726f140303000101160303002865d2428980423cdd05868839ed2e13603aad86695d53e50bf21463c6d3e2bcebe1aa018afec0a4f4
  398. (24) Message-Authenticator = 0xaf52444b53a3ad902c3bf3b2bc1ab40b
  399. (24) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
  400. (24) Cisco-AVPair = "method=dot1x"
  401. (24) Cisco-AVPair = "client-iif-id=346278732"
  402. (24) NAS-IP-Address = 10.15.200.15
  403. (24) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
  404. (24) NAS-Port-Type = Ethernet
  405. (24) NAS-Port = 50115
  406. (24) State = 0x68ef77716bea6ef72d7f5eed64273179
  407. (24) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  408. (24) Called-Station-Id = "34-ED-1B-4B-15-8F"
  409. (24) Restoring &session-state
  410. (24) &session-state:Framed-MTU = 994
  411. (24) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  412. (24) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  413. (24) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  414. (24) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  415. (24) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  416. (24) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
  417. (24) authorize {
  418. (24) policy filter_username {
  419. (24) if (&User-Name) {
  420. (24) if (&User-Name) -> TRUE
  421. (24) if (&User-Name) {
  422. (24) if (&User-Name =~ / /) {
  423. (24) if (&User-Name =~ / /) -> FALSE
  424. (24) if (&User-Name =~ /@[^@]*@/ ) {
  425. (24) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  426. (24) if (&User-Name =~ /\.\./ ) {
  427. (24) if (&User-Name =~ /\.\./ ) -> FALSE
  428. (24) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  429. (24) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  430. (24) if (&User-Name =~ /\.$/) {
  431. (24) if (&User-Name =~ /\.$/) -> FALSE
  432. (24) if (&User-Name =~ /@\./) {
  433. (24) if (&User-Name =~ /@\./) -> FALSE
  434. (24) } # if (&User-Name) = notfound
  435. (24) } # policy filter_username = notfound
  436. (24) [preprocess] = ok
  437. (24) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
  438. (24) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  439. (24) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  440. (24) auth_log: EXPAND %t
  441. (24) auth_log: --> Thu Aug 26 22:36:18 2021
  442. (24) [auth_log] = ok
  443. (24) [mschap] = noop
  444. (24) ntdomain: Checking for prefix before "\"
  445. (24) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  446. (24) ntdomain: Found realm "CORPORATE"
  447. (24) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  448. (24) ntdomain: Adding Realm = "CORPORATE"
  449. (24) ntdomain: Authentication realm is LOCAL
  450. (24) [ntdomain] = ok
  451. (24) eap: Peer sent EAP Response (code 2) ID 5 length 136
  452. (24) eap: Continuing tunnel setup
  453. (24) [eap] = ok
  454. (24) } # authorize = ok
  455. (24) Found Auth-Type = eap
  456. (24) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  457. (24) authenticate {
  458. (24) eap: Expiring EAP session with state 0x68ef77716bea6ef7
  459. (24) eap: Finished EAP session with state 0x68ef77716bea6ef7
  460. (24) eap: Previous EAP request found for state 0x68ef77716bea6ef7, released from the list
  461. (24) eap: Peer sent packet with method EAP PEAP (25)
  462. (24) eap: Calling submodule eap_peap to process data
  463. (24) eap_peap: (TLS) EAP Peer says that the final record size will be 126 bytes
  464. (24) eap_peap: (TLS) EAP Got all data (126 bytes)
  465. (24) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write server done
  466. (24) eap_peap: (TLS) recv TLS 1.2 Handshake, ClientKeyExchange
  467. (24) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read client key exchange
  468. (24) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read change cipher spec
  469. (24) eap_peap: (TLS) recv TLS 1.2 Handshake, Finished
  470. (24) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read finished
  471. (24) eap_peap: (TLS) send TLS 1.2 ChangeCipherSpec
  472. (24) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write change cipher spec
  473. (24) eap_peap: (TLS) send TLS 1.2 Handshake, Finished
  474. (24) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write finished
  475. (24) eap_peap: (TLS) Handshake state - SSL negotiation finished successfully
  476. (24) eap_peap: (TLS) Connection Established
  477. (24) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
  478. (24) eap_peap: TLS-Session-Version = "TLS 1.2"
  479. (24) eap: Sending EAP Request (code 1) ID 6 length 57
  480. (24) eap: EAP session adding &reply:State = 0x68ef77716ce96ef7
  481. (24) [eap] = handled
  482. (24) } # authenticate = handled
  483. (24) Using Post-Auth-Type Challenge
  484. (24) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  485. (24) Challenge { ... } # empty sub-section is ignored
  486. (24) session-state: Saving cached attributes
  487. (24) Framed-MTU = 994
  488. (24) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  489. (24) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  490. (24) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  491. (24) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  492. (24) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  493. (24) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
  494. (24) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
  495. (24) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
  496. (24) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
  497. (24) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
  498. (24) TLS-Session-Version = "TLS 1.2"
  499. (24) Sent Access-Challenge Id 72 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
  500. (24) EAP-Message = 0x0106003919001403030001011603030028e1ae2a7bad0fc698bf83bbb5171e14d8ecd113c8d0f8710cf76e50f9e631d2e15f9d37fef507cdf9
  501. (24) Message-Authenticator = 0x00000000000000000000000000000000
  502. (24) State = 0x68ef77716ce96ef72d7f5eed64273179
  503. (24) Finished request
  504. Waking up in 4.9 seconds.
  505. (25) Received Access-Request Id 73 from 10.15.200.15:61772 to 172.16.200.253:1812 length 309
  506. (25) User-Name = "CORPORATE\\Raspb.P14"
  507. (25) Service-Type = Framed-User
  508. (25) Cisco-AVPair = "service-type=Framed"
  509. (25) Framed-MTU = 1468
  510. (25) EAP-Message = 0x020600061900
  511. (25) Message-Authenticator = 0x344cd0efd0ef97522a44d0d06f23f595
  512. (25) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
  513. (25) Cisco-AVPair = "method=dot1x"
  514. (25) Cisco-AVPair = "client-iif-id=346278732"
  515. (25) NAS-IP-Address = 10.15.200.15
  516. (25) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
  517. (25) NAS-Port-Type = Ethernet
  518. (25) NAS-Port = 50115
  519. (25) State = 0x68ef77716ce96ef72d7f5eed64273179
  520. (25) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  521. (25) Called-Station-Id = "34-ED-1B-4B-15-8F"
  522. (25) Restoring &session-state
  523. (25) &session-state:Framed-MTU = 994
  524. (25) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  525. (25) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  526. (25) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  527. (25) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  528. (25) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  529. (25) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
  530. (25) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
  531. (25) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
  532. (25) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
  533. (25) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
  534. (25) &session-state:TLS-Session-Version = "TLS 1.2"
  535. (25) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
  536. (25) authorize {
  537. (25) policy filter_username {
  538. (25) if (&User-Name) {
  539. (25) if (&User-Name) -> TRUE
  540. (25) if (&User-Name) {
  541. (25) if (&User-Name =~ / /) {
  542. (25) if (&User-Name =~ / /) -> FALSE
  543. (25) if (&User-Name =~ /@[^@]*@/ ) {
  544. (25) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  545. (25) if (&User-Name =~ /\.\./ ) {
  546. (25) if (&User-Name =~ /\.\./ ) -> FALSE
  547. (25) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  548. (25) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  549. (25) if (&User-Name =~ /\.$/) {
  550. (25) if (&User-Name =~ /\.$/) -> FALSE
  551. (25) if (&User-Name =~ /@\./) {
  552. (25) if (&User-Name =~ /@\./) -> FALSE
  553. (25) } # if (&User-Name) = notfound
  554. (25) } # policy filter_username = notfound
  555. (25) [preprocess] = ok
  556. (25) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
  557. (25) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  558. (25) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  559. (25) auth_log: EXPAND %t
  560. (25) auth_log: --> Thu Aug 26 22:36:18 2021
  561. (25) [auth_log] = ok
  562. (25) [mschap] = noop
  563. (25) ntdomain: Checking for prefix before "\"
  564. (25) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  565. (25) ntdomain: Found realm "CORPORATE"
  566. (25) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  567. (25) ntdomain: Adding Realm = "CORPORATE"
  568. (25) ntdomain: Authentication realm is LOCAL
  569. (25) [ntdomain] = ok
  570. (25) eap: Peer sent EAP Response (code 2) ID 6 length 6
  571. (25) eap: Continuing tunnel setup
  572. (25) [eap] = ok
  573. (25) } # authorize = ok
  574. (25) Found Auth-Type = eap
  575. (25) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  576. (25) authenticate {
  577. (25) eap: Expiring EAP session with state 0x68ef77716ce96ef7
  578. (25) eap: Finished EAP session with state 0x68ef77716ce96ef7
  579. (25) eap: Previous EAP request found for state 0x68ef77716ce96ef7, released from the list
  580. (25) eap: Peer sent packet with method EAP PEAP (25)
  581. (25) eap: Calling submodule eap_peap to process data
  582. (25) eap_peap: (TLS) Peer ACKed our handshake fragment. handshake is finished
  583. (25) eap_peap: Session established. Decoding tunneled attributes
  584. (25) eap_peap: PEAP state TUNNEL ESTABLISHED
  585. (25) eap: Sending EAP Request (code 1) ID 7 length 40
  586. (25) eap: EAP session adding &reply:State = 0x68ef77716de86ef7
  587. (25) [eap] = handled
  588. (25) } # authenticate = handled
  589. (25) Using Post-Auth-Type Challenge
  590. (25) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  591. (25) Challenge { ... } # empty sub-section is ignored
  592. (25) session-state: Saving cached attributes
  593. (25) Framed-MTU = 994
  594. (25) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  595. (25) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  596. (25) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  597. (25) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  598. (25) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  599. (25) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
  600. (25) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
  601. (25) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
  602. (25) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
  603. (25) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
  604. (25) TLS-Session-Version = "TLS 1.2"
  605. (25) Sent Access-Challenge Id 73 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
  606. (25) EAP-Message = 0x010700281900170303001de1ae2a7bad0fc699c41ae355b5579cd3565c0456b4baecae93d2245278
  607. (25) Message-Authenticator = 0x00000000000000000000000000000000
  608. (25) State = 0x68ef77716de86ef72d7f5eed64273179
  609. (25) Finished request
  610. Waking up in 4.9 seconds.
  611. (26) Received Access-Request Id 74 from 10.15.200.15:61772 to 172.16.200.253:1812 length 358
  612. (26) User-Name = "CORPORATE\\Raspb.P14"
  613. (26) Service-Type = Framed-User
  614. (26) Cisco-AVPair = "service-type=Framed"
  615. (26) Framed-MTU = 1468
  616. (26) EAP-Message = 0x020700371900170303002c65d2428980423cde3946862910c9599864d7a68e131cd98be33af7dc63e4f7ea1c420d7002089d732fb9d843
  617. (26) Message-Authenticator = 0x4bb17c18a02f10458625865643aa2047
  618. (26) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
  619. (26) Cisco-AVPair = "method=dot1x"
  620. (26) Cisco-AVPair = "client-iif-id=346278732"
  621. (26) NAS-IP-Address = 10.15.200.15
  622. (26) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
  623. (26) NAS-Port-Type = Ethernet
  624. (26) NAS-Port = 50115
  625. (26) State = 0x68ef77716de86ef72d7f5eed64273179
  626. (26) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  627. (26) Called-Station-Id = "34-ED-1B-4B-15-8F"
  628. (26) Restoring &session-state
  629. (26) &session-state:Framed-MTU = 994
  630. (26) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  631. (26) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  632. (26) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  633. (26) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  634. (26) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  635. (26) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
  636. (26) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
  637. (26) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
  638. (26) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
  639. (26) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
  640. (26) &session-state:TLS-Session-Version = "TLS 1.2"
  641. (26) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
  642. (26) authorize {
  643. (26) policy filter_username {
  644. (26) if (&User-Name) {
  645. (26) if (&User-Name) -> TRUE
  646. (26) if (&User-Name) {
  647. (26) if (&User-Name =~ / /) {
  648. (26) if (&User-Name =~ / /) -> FALSE
  649. (26) if (&User-Name =~ /@[^@]*@/ ) {
  650. (26) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  651. (26) if (&User-Name =~ /\.\./ ) {
  652. (26) if (&User-Name =~ /\.\./ ) -> FALSE
  653. (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  654. (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  655. (26) if (&User-Name =~ /\.$/) {
  656. (26) if (&User-Name =~ /\.$/) -> FALSE
  657. (26) if (&User-Name =~ /@\./) {
  658. (26) if (&User-Name =~ /@\./) -> FALSE
  659. (26) } # if (&User-Name) = notfound
  660. (26) } # policy filter_username = notfound
  661. (26) [preprocess] = ok
  662. (26) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
  663. (26) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  664. (26) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  665. (26) auth_log: EXPAND %t
  666. (26) auth_log: --> Thu Aug 26 22:36:18 2021
  667. (26) [auth_log] = ok
  668. (26) [mschap] = noop
  669. (26) ntdomain: Checking for prefix before "\"
  670. (26) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  671. (26) ntdomain: Found realm "CORPORATE"
  672. (26) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  673. (26) ntdomain: Adding Realm = "CORPORATE"
  674. (26) ntdomain: Authentication realm is LOCAL
  675. (26) [ntdomain] = ok
  676. (26) eap: Peer sent EAP Response (code 2) ID 7 length 55
  677. (26) eap: Continuing tunnel setup
  678. (26) [eap] = ok
  679. (26) } # authorize = ok
  680. (26) Found Auth-Type = eap
  681. (26) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  682. (26) authenticate {
  683. (26) eap: Expiring EAP session with state 0x68ef77716de86ef7
  684. (26) eap: Finished EAP session with state 0x68ef77716de86ef7
  685. (26) eap: Previous EAP request found for state 0x68ef77716de86ef7, released from the list
  686. (26) eap: Peer sent packet with method EAP PEAP (25)
  687. (26) eap: Calling submodule eap_peap to process data
  688. (26) eap_peap: (TLS) EAP Done initial handshake
  689. (26) eap_peap: Session established. Decoding tunneled attributes
  690. (26) eap_peap: PEAP state WAITING FOR INNER IDENTITY
  691. (26) eap_peap: Identity - CORPORATE\Raspb.P14
  692. (26) eap_peap: Got inner identity 'CORPORATE\Raspb.P14'
  693. (26) eap_peap: Setting default EAP type for tunneled EAP session
  694. (26) eap_peap: Got tunneled request
  695. (26) eap_peap: EAP-Message = 0x0207001801434f52504f524154455c52617370622e503134
  696. (26) eap_peap: Setting User-Name to CORPORATE\Raspb.P14
  697. (26) eap_peap: Sending tunneled request to inner-tunnel
  698. (26) eap_peap: EAP-Message = 0x0207001801434f52504f524154455c52617370622e503134
  699. (26) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
  700. (26) eap_peap: User-Name = "CORPORATE\\Raspb.P14"
  701. (26) Virtual server inner-tunnel received request
  702. (26) EAP-Message = 0x0207001801434f52504f524154455c52617370622e503134
  703. (26) FreeRADIUS-Proxied-To = 127.0.0.1
  704. (26) User-Name = "CORPORATE\\Raspb.P14"
  705. (26) WARNING: Outer and inner identities are the same. User privacy is compromised.
  706. (26) server inner-tunnel {
  707. (26) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  708. (26) authorize {
  709. (26) policy filter_username {
  710. (26) if (&User-Name) {
  711. (26) if (&User-Name) -> TRUE
  712. (26) if (&User-Name) {
  713. (26) if (&User-Name =~ / /) {
  714. (26) if (&User-Name =~ / /) -> FALSE
  715. (26) if (&User-Name =~ /@[^@]*@/ ) {
  716. (26) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  717. (26) if (&User-Name =~ /\.\./ ) {
  718. (26) if (&User-Name =~ /\.\./ ) -> FALSE
  719. (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  720. (26) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  721. (26) if (&User-Name =~ /\.$/) {
  722. (26) if (&User-Name =~ /\.$/) -> FALSE
  723. (26) if (&User-Name =~ /@\./) {
  724. (26) if (&User-Name =~ /@\./) -> FALSE
  725. (26) } # if (&User-Name) = notfound
  726. (26) } # policy filter_username = notfound
  727. (26) [mschap] = noop
  728. (26) ntdomain: Checking for prefix before "\"
  729. (26) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  730. (26) ntdomain: Found realm "CORPORATE"
  731. (26) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  732. (26) ntdomain: Adding Realm = "CORPORATE"
  733. (26) ntdomain: Authentication realm is LOCAL
  734. (26) [ntdomain] = ok
  735. (26) eap: Peer sent EAP Response (code 2) ID 7 length 24
  736. (26) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  737. (26) [eap] = ok
  738. (26) } # authorize = ok
  739. (26) Found Auth-Type = eap
  740. (26) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  741. (26) authenticate {
  742. (26) eap: Peer sent packet with method EAP Identity (1)
  743. (26) eap: Calling submodule eap_mschapv2 to process data
  744. (26) eap_mschapv2: Issuing Challenge
  745. (26) eap: Sending EAP Request (code 1) ID 8 length 43
  746. (26) eap: EAP session adding &reply:State = 0x2c4eaac22c46b0b4
  747. (26) [eap] = handled
  748. (26) } # authenticate = handled
  749. (26) } # server inner-tunnel
  750. (26) Virtual server sending reply
  751. (26) EAP-Message = 0x0108002b1a01080026105651527af0db11d65047cdd227eed5a7667265657261646975732d332e302e3233
  752. (26) Message-Authenticator = 0x00000000000000000000000000000000
  753. (26) State = 0x2c4eaac22c46b0b4656110deb915f9b3
  754. (26) eap_peap: Got tunneled reply code 11
  755. (26) eap_peap: EAP-Message = 0x0108002b1a01080026105651527af0db11d65047cdd227eed5a7667265657261646975732d332e302e3233
  756. (26) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
  757. (26) eap_peap: State = 0x2c4eaac22c46b0b4656110deb915f9b3
  758. (26) eap_peap: Got tunneled reply RADIUS code 11
  759. (26) eap_peap: EAP-Message = 0x0108002b1a01080026105651527af0db11d65047cdd227eed5a7667265657261646975732d332e302e3233
  760. (26) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
  761. (26) eap_peap: State = 0x2c4eaac22c46b0b4656110deb915f9b3
  762. (26) eap_peap: Got tunneled Access-Challenge
  763. (26) eap: Sending EAP Request (code 1) ID 8 length 74
  764. (26) eap: EAP session adding &reply:State = 0x68ef77716ee76ef7
  765. (26) [eap] = handled
  766. (26) } # authenticate = handled
  767. (26) Using Post-Auth-Type Challenge
  768. (26) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  769. (26) Challenge { ... } # empty sub-section is ignored
  770. (26) session-state: Saving cached attributes
  771. (26) Framed-MTU = 994
  772. (26) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  773. (26) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  774. (26) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  775. (26) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  776. (26) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  777. (26) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
  778. (26) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
  779. (26) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
  780. (26) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
  781. (26) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
  782. (26) TLS-Session-Version = "TLS 1.2"
  783. (26) Sent Access-Challenge Id 74 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
  784. (26) EAP-Message = 0x0108004a1900170303003fe1ae2a7bad0fc69a9f13ab50bc87f16914defdf66e73e5745a2a468208edd8a45d91e69b4760838035e53bd0b9f40d57ed37432cf1fd18e53cc4956479f597
  785. (26) Message-Authenticator = 0x00000000000000000000000000000000
  786. (26) State = 0x68ef77716ee76ef72d7f5eed64273179
  787. (26) Finished request
  788. Waking up in 4.9 seconds.
  789. (27) Received Access-Request Id 75 from 10.15.200.15:61772 to 172.16.200.253:1812 length 412
  790. (27) User-Name = "CORPORATE\\Raspb.P14"
  791. (27) Service-Type = Framed-User
  792. (27) Cisco-AVPair = "service-type=Framed"
  793. (27) Framed-MTU = 1468
  794. (27) EAP-Message = 0x0208006d1900170303006265d2428980423cdf9c5834fce18e3bac46bee800a013d319ef01a02112592647cb4cc8f5987822e14973f421b78e89dac39b7de48cb87e449ed9ace084312025ea1571ed38fb0de840731cf641824d10a9938b67da4f6ff32368f29d280b4d62dcdd
  795. (27) Message-Authenticator = 0x3430d80e7a904ed189a80d7f983417d3
  796. (27) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
  797. (27) Cisco-AVPair = "method=dot1x"
  798. (27) Cisco-AVPair = "client-iif-id=346278732"
  799. (27) NAS-IP-Address = 10.15.200.15
  800. (27) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
  801. (27) NAS-Port-Type = Ethernet
  802. (27) NAS-Port = 50115
  803. (27) State = 0x68ef77716ee76ef72d7f5eed64273179
  804. (27) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  805. (27) Called-Station-Id = "34-ED-1B-4B-15-8F"
  806. (27) Restoring &session-state
  807. (27) &session-state:Framed-MTU = 994
  808. (27) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  809. (27) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  810. (27) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  811. (27) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  812. (27) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  813. (27) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
  814. (27) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
  815. (27) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
  816. (27) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
  817. (27) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
  818. (27) &session-state:TLS-Session-Version = "TLS 1.2"
  819. (27) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
  820. (27) authorize {
  821. (27) policy filter_username {
  822. (27) if (&User-Name) {
  823. (27) if (&User-Name) -> TRUE
  824. (27) if (&User-Name) {
  825. (27) if (&User-Name =~ / /) {
  826. (27) if (&User-Name =~ / /) -> FALSE
  827. (27) if (&User-Name =~ /@[^@]*@/ ) {
  828. (27) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  829. (27) if (&User-Name =~ /\.\./ ) {
  830. (27) if (&User-Name =~ /\.\./ ) -> FALSE
  831. (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  832. (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  833. (27) if (&User-Name =~ /\.$/) {
  834. (27) if (&User-Name =~ /\.$/) -> FALSE
  835. (27) if (&User-Name =~ /@\./) {
  836. (27) if (&User-Name =~ /@\./) -> FALSE
  837. (27) } # if (&User-Name) = notfound
  838. (27) } # policy filter_username = notfound
  839. (27) [preprocess] = ok
  840. (27) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
  841. (27) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  842. (27) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  843. (27) auth_log: EXPAND %t
  844. (27) auth_log: --> Thu Aug 26 22:36:18 2021
  845. (27) [auth_log] = ok
  846. (27) [mschap] = noop
  847. (27) ntdomain: Checking for prefix before "\"
  848. (27) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  849. (27) ntdomain: Found realm "CORPORATE"
  850. (27) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  851. (27) ntdomain: Adding Realm = "CORPORATE"
  852. (27) ntdomain: Authentication realm is LOCAL
  853. (27) [ntdomain] = ok
  854. (27) eap: Peer sent EAP Response (code 2) ID 8 length 109
  855. (27) eap: Continuing tunnel setup
  856. (27) [eap] = ok
  857. (27) } # authorize = ok
  858. (27) Found Auth-Type = eap
  859. (27) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  860. (27) authenticate {
  861. (27) eap: Expiring EAP session with state 0x2c4eaac22c46b0b4
  862. (27) eap: Finished EAP session with state 0x68ef77716ee76ef7
  863. (27) eap: Previous EAP request found for state 0x68ef77716ee76ef7, released from the list
  864. (27) eap: Peer sent packet with method EAP PEAP (25)
  865. (27) eap: Calling submodule eap_peap to process data
  866. (27) eap_peap: (TLS) EAP Done initial handshake
  867. (27) eap_peap: Session established. Decoding tunneled attributes
  868. (27) eap_peap: PEAP state phase2
  869. (27) eap_peap: EAP method MSCHAPv2 (26)
  870. (27) eap_peap: Got tunneled request
  871. (27) eap_peap: EAP-Message = 0x0208004e1a0208004931dace487f2291cfb1803462e241094cb100000000000000006bad6ccdfb11f56adf4f46fd82b4ca886f638ede417aebf500434f52504f524154455c52617370622e503134
  872. (27) eap_peap: Setting User-Name to CORPORATE\Raspb.P14
  873. (27) eap_peap: Sending tunneled request to inner-tunnel
  874. (27) eap_peap: EAP-Message = 0x0208004e1a0208004931dace487f2291cfb1803462e241094cb100000000000000006bad6ccdfb11f56adf4f46fd82b4ca886f638ede417aebf500434f52504f524154455c52617370622e503134
  875. (27) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
  876. (27) eap_peap: User-Name = "CORPORATE\\Raspb.P14"
  877. (27) eap_peap: State = 0x2c4eaac22c46b0b4656110deb915f9b3
  878. (27) Virtual server inner-tunnel received request
  879. (27) EAP-Message = 0x0208004e1a0208004931dace487f2291cfb1803462e241094cb100000000000000006bad6ccdfb11f56adf4f46fd82b4ca886f638ede417aebf500434f52504f524154455c52617370622e503134
  880. (27) FreeRADIUS-Proxied-To = 127.0.0.1
  881. (27) User-Name = "CORPORATE\\Raspb.P14"
  882. (27) State = 0x2c4eaac22c46b0b4656110deb915f9b3
  883. (27) WARNING: Outer and inner identities are the same. User privacy is compromised.
  884. (27) server inner-tunnel {
  885. (27) session-state: No cached attributes
  886. (27) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  887. (27) authorize {
  888. (27) policy filter_username {
  889. (27) if (&User-Name) {
  890. (27) if (&User-Name) -> TRUE
  891. (27) if (&User-Name) {
  892. (27) if (&User-Name =~ / /) {
  893. (27) if (&User-Name =~ / /) -> FALSE
  894. (27) if (&User-Name =~ /@[^@]*@/ ) {
  895. (27) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  896. (27) if (&User-Name =~ /\.\./ ) {
  897. (27) if (&User-Name =~ /\.\./ ) -> FALSE
  898. (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  899. (27) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  900. (27) if (&User-Name =~ /\.$/) {
  901. (27) if (&User-Name =~ /\.$/) -> FALSE
  902. (27) if (&User-Name =~ /@\./) {
  903. (27) if (&User-Name =~ /@\./) -> FALSE
  904. (27) } # if (&User-Name) = notfound
  905. (27) } # policy filter_username = notfound
  906. (27) [mschap] = noop
  907. (27) ntdomain: Checking for prefix before "\"
  908. (27) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  909. (27) ntdomain: Found realm "CORPORATE"
  910. (27) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  911. (27) ntdomain: Adding Realm = "CORPORATE"
  912. (27) ntdomain: Authentication realm is LOCAL
  913. (27) [ntdomain] = ok
  914. (27) eap: Peer sent EAP Response (code 2) ID 8 length 78
  915. (27) eap: No EAP Start, assuming it's an on-going EAP conversation
  916. (27) [eap] = updated
  917. (27) [files] = noop
  918. (27) sql: EXPAND %{User-Name}
  919. (27) sql: --> CORPORATE\\Raspb.P14
  920. (27) sql: SQL-User-Name set to 'CORPORATE\\Raspb.P14'
  921. rlm_sql (sql): Reserved connection (11)
  922. (27) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
  923. (27) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY id
  924. (27) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY id
  925. (27) sql: WARNING: User not found in radcheck table.
  926. (27) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
  927. (27) sql: --> SELECT groupname FROM radusergroup WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY priority
  928. (27) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY priority
  929. (27) sql: User not found in any groups
  930. rlm_sql (sql): Released connection (11)
  931. (27) [sql] = notfound
  932. rlm_ldap (ldap): Reserved connection (19)
  933. (27) ldap: EXPAND (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
  934. (27) ldap: --> (sAMAccountName=Raspb.P14)
  935. (27) ldap: Performing search in "dc=corporate,dc=intra" with filter "(sAMAccountName=Raspb.P14)", scope "sub"
  936. (27) ldap: Waiting for search result...
  937. rlm_ldap (ldap): Rebinding to URL ldap://DomainDnsZones.corporate.intra/DC=DomainDnsZones,DC=corporate,DC=intra
  938. rlm_ldap (ldap): Waiting for bind result...
  939. rlm_ldap (ldap): Rebinding to URL ldap://ForestDnsZones.corporate.intra/DC=ForestDnsZones,DC=corporate,DC=intra
  940. rlm_ldap (ldap): Waiting for bind result...
  941. rlm_ldap (ldap): Bind successful
  942. rlm_ldap (ldap): Bind successful
  943. (27) ldap: User object found at DN "CN=Raspb.P14,OU=GO Services,OU=Systems_Administration_OU,DC=corporate,DC=intra"
  944. (27) ldap: Processing user attributes
  945. (27) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute
  946. (27) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
  947. rlm_ldap (ldap): Deleting connection (19) - Was referred to a different LDAP server
  948. Need 2 more connections to reach min connections (3)
  949. rlm_ldap (ldap): Opening additional connection (21), 1 of 31 pending slots used
  950. rlm_ldap (ldap): Connecting to ldap://corporate.intra:389
  951. rlm_ldap (ldap): Waiting for bind result...
  952. rlm_ldap (ldap): Bind successful
  953. (27) [ldap] = ok
  954. (27) [expiration] = noop
  955. (27) [logintime] = noop
  956. Not doing PAP as Auth-Type is already set.
  957. (27) [pap] = noop
  958. (27) } # authorize = updated
  959. (27) Found Auth-Type = eap
  960. (27) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  961. (27) authenticate {
  962. (27) eap: Expiring EAP session with state 0x2c4eaac22c46b0b4
  963. (27) eap: Finished EAP session with state 0x2c4eaac22c46b0b4
  964. (27) eap: Previous EAP request found for state 0x2c4eaac22c46b0b4, released from the list
  965. (27) eap: Peer sent packet with method EAP MSCHAPv2 (26)
  966. (27) eap: Calling submodule eap_mschapv2 to process data
  967. (27) eap_mschapv2: # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  968. (27) eap_mschapv2: authenticate {
  969. (27) mschap: Creating challenge hash with username: Raspb.P14
  970. (27) mschap: Client is using MS-CHAPv2
  971. (27) mschap: EXPAND %{mschap:User-Name}
  972. (27) mschap: --> Raspb.P14
  973. (27) mschap: EXPAND %{mschap:NT-Domain}
  974. (27) mschap: --> CORPORATE
  975. rlm_mschap (mschap): Reserved connection (3)
  976. (27) mschap: sending authentication request user='Raspb.P14' domain='CORPORATE'
  977. rlm_mschap (mschap): Released connection (3)
  978. (27) mschap: Authenticated successfully
  979. (27) mschap: Adding MS-CHAPv2 MPPE keys
  980. (27) eap_mschapv2: [mschap] = ok
  981. (27) eap_mschapv2: } # authenticate = ok
  982. (27) eap_mschapv2: MSCHAP Success
  983. (27) eap: Sending EAP Request (code 1) ID 9 length 51
  984. (27) eap: EAP session adding &reply:State = 0x2c4eaac22d47b0b4
  985. (27) [eap] = handled
  986. (27) } # authenticate = handled
  987. (27) } # server inner-tunnel
  988. (27) Virtual server sending reply
  989. (27) EAP-Message = 0x010900331a0308002e533d37444445423832363646333245324538344545333541433331324630444231453135464431353341
  990. (27) Message-Authenticator = 0x00000000000000000000000000000000
  991. (27) State = 0x2c4eaac22d47b0b4656110deb915f9b3
  992. (27) eap_peap: Got tunneled reply code 11
  993. (27) eap_peap: EAP-Message = 0x010900331a0308002e533d37444445423832363646333245324538344545333541433331324630444231453135464431353341
  994. (27) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
  995. (27) eap_peap: State = 0x2c4eaac22d47b0b4656110deb915f9b3
  996. (27) eap_peap: Got tunneled reply RADIUS code 11
  997. (27) eap_peap: EAP-Message = 0x010900331a0308002e533d37444445423832363646333245324538344545333541433331324630444231453135464431353341
  998. (27) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
  999. (27) eap_peap: State = 0x2c4eaac22d47b0b4656110deb915f9b3
  1000. (27) eap_peap: Got tunneled Access-Challenge
  1001. (27) eap: Sending EAP Request (code 1) ID 9 length 82
  1002. (27) eap: EAP session adding &reply:State = 0x68ef77716fe66ef7
  1003. (27) [eap] = handled
  1004. (27) } # authenticate = handled
  1005. (27) Using Post-Auth-Type Challenge
  1006. (27) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  1007. (27) Challenge { ... } # empty sub-section is ignored
  1008. (27) session-state: Saving cached attributes
  1009. (27) Framed-MTU = 994
  1010. (27) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  1011. (27) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  1012. (27) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  1013. (27) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  1014. (27) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  1015. (27) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
  1016. (27) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
  1017. (27) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
  1018. (27) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
  1019. (27) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
  1020. (27) TLS-Session-Version = "TLS 1.2"
  1021. (27) Sent Access-Challenge Id 75 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
  1022. (27) EAP-Message = 0x0109005219001703030047e1ae2a7bad0fc69b74c77f1e05647ea7438cd4cfb62e63fe0bf1af9e28c19f7e7bc219dd4961c1367f798132dc13fc87ad1fd7b9b5329431cc0866a5bf9df66b8e1242c2a4416f
  1023. (27) Message-Authenticator = 0x00000000000000000000000000000000
  1024. (27) State = 0x68ef77716fe66ef72d7f5eed64273179
  1025. (27) Finished request
  1026. Waking up in 4.9 seconds.
  1027. (28) Received Access-Request Id 76 from 10.15.200.15:61772 to 172.16.200.253:1812 length 340
  1028. (28) User-Name = "CORPORATE\\Raspb.P14"
  1029. (28) Service-Type = Framed-User
  1030. (28) Cisco-AVPair = "service-type=Framed"
  1031. (28) Framed-MTU = 1468
  1032. (28) EAP-Message = 0x020900251900170303001a65d2428980423ce0d109908025fe7165f015f934f22cad9720cb
  1033. (28) Message-Authenticator = 0x6c0d988538c227f9878c357a2dcbc6e3
  1034. (28) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
  1035. (28) Cisco-AVPair = "method=dot1x"
  1036. (28) Cisco-AVPair = "client-iif-id=346278732"
  1037. (28) NAS-IP-Address = 10.15.200.15
  1038. (28) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
  1039. (28) NAS-Port-Type = Ethernet
  1040. (28) NAS-Port = 50115
  1041. (28) State = 0x68ef77716fe66ef72d7f5eed64273179
  1042. (28) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  1043. (28) Called-Station-Id = "34-ED-1B-4B-15-8F"
  1044. (28) Restoring &session-state
  1045. (28) &session-state:Framed-MTU = 994
  1046. (28) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  1047. (28) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  1048. (28) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  1049. (28) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  1050. (28) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  1051. (28) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
  1052. (28) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
  1053. (28) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
  1054. (28) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
  1055. (28) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
  1056. (28) &session-state:TLS-Session-Version = "TLS 1.2"
  1057. (28) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
  1058. (28) authorize {
  1059. (28) policy filter_username {
  1060. (28) if (&User-Name) {
  1061. (28) if (&User-Name) -> TRUE
  1062. (28) if (&User-Name) {
  1063. (28) if (&User-Name =~ / /) {
  1064. (28) if (&User-Name =~ / /) -> FALSE
  1065. (28) if (&User-Name =~ /@[^@]*@/ ) {
  1066. (28) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1067. (28) if (&User-Name =~ /\.\./ ) {
  1068. (28) if (&User-Name =~ /\.\./ ) -> FALSE
  1069. (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1070. (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1071. (28) if (&User-Name =~ /\.$/) {
  1072. (28) if (&User-Name =~ /\.$/) -> FALSE
  1073. (28) if (&User-Name =~ /@\./) {
  1074. (28) if (&User-Name =~ /@\./) -> FALSE
  1075. (28) } # if (&User-Name) = notfound
  1076. (28) } # policy filter_username = notfound
  1077. (28) [preprocess] = ok
  1078. (28) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
  1079. (28) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  1080. (28) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  1081. (28) auth_log: EXPAND %t
  1082. (28) auth_log: --> Thu Aug 26 22:36:18 2021
  1083. (28) [auth_log] = ok
  1084. (28) [mschap] = noop
  1085. (28) ntdomain: Checking for prefix before "\"
  1086. (28) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  1087. (28) ntdomain: Found realm "CORPORATE"
  1088. (28) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  1089. (28) ntdomain: Adding Realm = "CORPORATE"
  1090. (28) ntdomain: Authentication realm is LOCAL
  1091. (28) [ntdomain] = ok
  1092. (28) eap: Peer sent EAP Response (code 2) ID 9 length 37
  1093. (28) eap: Continuing tunnel setup
  1094. (28) [eap] = ok
  1095. (28) } # authorize = ok
  1096. (28) Found Auth-Type = eap
  1097. (28) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  1098. (28) authenticate {
  1099. (28) eap: Expiring EAP session with state 0x2c4eaac22d47b0b4
  1100. (28) eap: Finished EAP session with state 0x68ef77716fe66ef7
  1101. (28) eap: Previous EAP request found for state 0x68ef77716fe66ef7, released from the list
  1102. (28) eap: Peer sent packet with method EAP PEAP (25)
  1103. (28) eap: Calling submodule eap_peap to process data
  1104. (28) eap_peap: (TLS) EAP Done initial handshake
  1105. (28) eap_peap: Session established. Decoding tunneled attributes
  1106. (28) eap_peap: PEAP state phase2
  1107. (28) eap_peap: EAP method MSCHAPv2 (26)
  1108. (28) eap_peap: Got tunneled request
  1109. (28) eap_peap: EAP-Message = 0x020900061a03
  1110. (28) eap_peap: Setting User-Name to CORPORATE\Raspb.P14
  1111. (28) eap_peap: Sending tunneled request to inner-tunnel
  1112. (28) eap_peap: EAP-Message = 0x020900061a03
  1113. (28) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
  1114. (28) eap_peap: User-Name = "CORPORATE\\Raspb.P14"
  1115. (28) eap_peap: State = 0x2c4eaac22d47b0b4656110deb915f9b3
  1116. (28) Virtual server inner-tunnel received request
  1117. (28) EAP-Message = 0x020900061a03
  1118. (28) FreeRADIUS-Proxied-To = 127.0.0.1
  1119. (28) User-Name = "CORPORATE\\Raspb.P14"
  1120. (28) State = 0x2c4eaac22d47b0b4656110deb915f9b3
  1121. (28) WARNING: Outer and inner identities are the same. User privacy is compromised.
  1122. (28) server inner-tunnel {
  1123. (28) session-state: No cached attributes
  1124. (28) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  1125. (28) authorize {
  1126. (28) policy filter_username {
  1127. (28) if (&User-Name) {
  1128. (28) if (&User-Name) -> TRUE
  1129. (28) if (&User-Name) {
  1130. (28) if (&User-Name =~ / /) {
  1131. (28) if (&User-Name =~ / /) -> FALSE
  1132. (28) if (&User-Name =~ /@[^@]*@/ ) {
  1133. (28) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1134. (28) if (&User-Name =~ /\.\./ ) {
  1135. (28) if (&User-Name =~ /\.\./ ) -> FALSE
  1136. (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1137. (28) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1138. (28) if (&User-Name =~ /\.$/) {
  1139. (28) if (&User-Name =~ /\.$/) -> FALSE
  1140. (28) if (&User-Name =~ /@\./) {
  1141. (28) if (&User-Name =~ /@\./) -> FALSE
  1142. (28) } # if (&User-Name) = notfound
  1143. (28) } # policy filter_username = notfound
  1144. (28) [mschap] = noop
  1145. (28) ntdomain: Checking for prefix before "\"
  1146. (28) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  1147. (28) ntdomain: Found realm "CORPORATE"
  1148. (28) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  1149. (28) ntdomain: Adding Realm = "CORPORATE"
  1150. (28) ntdomain: Authentication realm is LOCAL
  1151. (28) [ntdomain] = ok
  1152. (28) eap: Peer sent EAP Response (code 2) ID 9 length 6
  1153. (28) eap: No EAP Start, assuming it's an on-going EAP conversation
  1154. (28) [eap] = updated
  1155. (28) [files] = noop
  1156. (28) sql: EXPAND %{User-Name}
  1157. (28) sql: --> CORPORATE\\Raspb.P14
  1158. (28) sql: SQL-User-Name set to 'CORPORATE\\Raspb.P14'
  1159. rlm_sql (sql): Reserved connection (13)
  1160. (28) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
  1161. (28) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY id
  1162. (28) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY id
  1163. (28) sql: WARNING: User not found in radcheck table.
  1164. (28) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
  1165. (28) sql: --> SELECT groupname FROM radusergroup WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY priority
  1166. (28) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'CORPORATE=5C=5CRaspb.P14' ORDER BY priority
  1167. (28) sql: User not found in any groups
  1168. rlm_sql (sql): Released connection (13)
  1169. (28) [sql] = notfound
  1170. rlm_ldap (ldap): Reserved connection (20)
  1171. (28) ldap: EXPAND (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
  1172. (28) ldap: --> (sAMAccountName=Raspb.P14)
  1173. (28) ldap: Performing search in "dc=corporate,dc=intra" with filter "(sAMAccountName=Raspb.P14)", scope "sub"
  1174. (28) ldap: Waiting for search result...
  1175. rlm_ldap (ldap): Rebinding to URL ldap://DomainDnsZones.corporate.intra/DC=DomainDnsZones,DC=corporate,DC=intra
  1176. rlm_ldap (ldap): Waiting for bind result...
  1177. rlm_ldap (ldap): Rebinding to URL ldap://ForestDnsZones.corporate.intra/DC=ForestDnsZones,DC=corporate,DC=intra
  1178. rlm_ldap (ldap): Waiting for bind result...
  1179. rlm_ldap (ldap): Bind successful
  1180. rlm_ldap (ldap): Bind successful
  1181. (28) ldap: User object found at DN "CN=Raspb.P14,OU=GO Services,OU=Systems_Administration_OU,DC=corporate,DC=intra"
  1182. (28) ldap: Processing user attributes
  1183. (28) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute
  1184. (28) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
  1185. rlm_ldap (ldap): Deleting connection (20) - Was referred to a different LDAP server
  1186. (28) [ldap] = ok
  1187. (28) [expiration] = noop
  1188. (28) [logintime] = noop
  1189. Not doing PAP as Auth-Type is already set.
  1190. (28) [pap] = noop
  1191. (28) } # authorize = updated
  1192. (28) Found Auth-Type = eap
  1193. (28) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  1194. (28) authenticate {
  1195. (28) eap: Expiring EAP session with state 0x2c4eaac22d47b0b4
  1196. (28) eap: Finished EAP session with state 0x2c4eaac22d47b0b4
  1197. (28) eap: Previous EAP request found for state 0x2c4eaac22d47b0b4, released from the list
  1198. (28) eap: Peer sent packet with method EAP MSCHAPv2 (26)
  1199. (28) eap: Calling submodule eap_mschapv2 to process data
  1200. (28) eap: Sending EAP Success (code 3) ID 9 length 4
  1201. (28) eap: Freeing handler
  1202. (28) [eap] = ok
  1203. (28) } # authenticate = ok
  1204. (28) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
  1205. (28) post-auth {
  1206. (28) reply_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
  1207. (28) reply_log: --> /var/log/freeradius/radacct/10.15.200.15/reply-detail-20210826
  1208. (28) reply_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/reply-detail-20210826
  1209. (28) reply_log: EXPAND %t
  1210. (28) reply_log: --> Thu Aug 26 22:36:18 2021
  1211. (28) [reply_log] = ok
  1212. (28) sql: EXPAND .query
  1213. (28) sql: --> .query
  1214. (28) sql: Using query template 'query'
  1215. rlm_sql (sql): Reserved connection (15)
  1216. (28) sql: EXPAND %{User-Name}
  1217. (28) sql: --> CORPORATE\\Raspb.P14
  1218. (28) sql: SQL-User-Name set to 'CORPORATE\\Raspb.P14'
  1219. (28) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( '%{SQL-User-Name}', 'Omitted', '%{reply:Packet-Type}', '%S.%M' )
  1220. (28) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'CORPORATE=5C=5CRaspb.P14', 'Omitted', 'Access-Accept', '2021-08-26 22:36:18.150694' )
  1221. (28) sql: EXPAND /var/log/freeradius/sqllog.sql
  1222. (28) sql: --> /var/log/freeradius/sqllog.sql
  1223. (28) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'CORPORATE=5C=5CRaspb.P14', 'Omitted', 'Access-Accept', '2021-08-26 22:36:18.150694' )
  1224. (28) sql: SQL query returned: success
  1225. (28) sql: 1 record(s) updated
  1226. rlm_sql (sql): Released connection (15)
  1227. (28) [sql] = ok
  1228. (28) if (0) {
  1229. (28) if (0) -> FALSE
  1230. (28) } # post-auth = ok
  1231. (28) } # server inner-tunnel
  1232. (28) Virtual server sending reply
  1233. (28) MS-MPPE-Encryption-Policy = Encryption-Allowed
  1234. (28) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
  1235. (28) MS-MPPE-Send-Key = 0x6fcc97fc56f2664af57946c75fd65b3f
  1236. (28) MS-MPPE-Recv-Key = 0xa1adfb9c413b9a2ea82c01fbfdcb048a
  1237. (28) EAP-Message = 0x03090004
  1238. (28) Message-Authenticator = 0x00000000000000000000000000000000
  1239. (28) User-Name = "CORPORATE\\Raspb.P14"
  1240. (28) eap_peap: Got tunneled reply code 2
  1241. (28) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
  1242. (28) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
  1243. (28) eap_peap: MS-MPPE-Send-Key = 0x6fcc97fc56f2664af57946c75fd65b3f
  1244. (28) eap_peap: MS-MPPE-Recv-Key = 0xa1adfb9c413b9a2ea82c01fbfdcb048a
  1245. (28) eap_peap: EAP-Message = 0x03090004
  1246. (28) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
  1247. (28) eap_peap: User-Name = "CORPORATE\\Raspb.P14"
  1248. (28) eap_peap: Got tunneled reply RADIUS code 2
  1249. (28) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
  1250. (28) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
  1251. (28) eap_peap: MS-MPPE-Send-Key = 0x6fcc97fc56f2664af57946c75fd65b3f
  1252. (28) eap_peap: MS-MPPE-Recv-Key = 0xa1adfb9c413b9a2ea82c01fbfdcb048a
  1253. (28) eap_peap: EAP-Message = 0x03090004
  1254. (28) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
  1255. (28) eap_peap: User-Name = "CORPORATE\\Raspb.P14"
  1256. (28) eap_peap: Tunneled authentication was successful
  1257. (28) eap_peap: SUCCESS
  1258. (28) eap: Sending EAP Request (code 1) ID 10 length 46
  1259. (28) eap: EAP session adding &reply:State = 0x68ef777160e56ef7
  1260. (28) [eap] = handled
  1261. (28) } # authenticate = handled
  1262. (28) Using Post-Auth-Type Challenge
  1263. (28) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  1264. (28) Challenge { ... } # empty sub-section is ignored
  1265. (28) session-state: Saving cached attributes
  1266. (28) Framed-MTU = 994
  1267. (28) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  1268. (28) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  1269. (28) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  1270. (28) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  1271. (28) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  1272. (28) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
  1273. (28) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
  1274. (28) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
  1275. (28) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
  1276. (28) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
  1277. (28) TLS-Session-Version = "TLS 1.2"
  1278. (28) Sent Access-Challenge Id 76 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
  1279. (28) EAP-Message = 0x010a002e19001703030023e1ae2a7bad0fc69c32ea9d39ba971ea0d1e3a3a430d86474b02204d3a403d08bb9e43b
  1280. (28) Message-Authenticator = 0x00000000000000000000000000000000
  1281. (28) State = 0x68ef777160e56ef72d7f5eed64273179
  1282. (28) Finished request
  1283. Waking up in 4.9 seconds.
  1284. (29) Received Access-Request Id 77 from 10.15.200.15:61772 to 172.16.200.253:1812 length 349
  1285. (29) User-Name = "CORPORATE\\Raspb.P14"
  1286. (29) Service-Type = Framed-User
  1287. (29) Cisco-AVPair = "service-type=Framed"
  1288. (29) Framed-MTU = 1468
  1289. (29) EAP-Message = 0x020a002e1900170303002365d2428980423ce13278d183c5398b295129ba2d247f08b2369bfd683a4480b51a21a1
  1290. (29) Message-Authenticator = 0xff60f56fdbd96a27015bbf77ff967e72
  1291. (29) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
  1292. (29) Cisco-AVPair = "method=dot1x"
  1293. (29) Cisco-AVPair = "client-iif-id=346278732"
  1294. (29) NAS-IP-Address = 10.15.200.15
  1295. (29) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
  1296. (29) NAS-Port-Type = Ethernet
  1297. (29) NAS-Port = 50115
  1298. (29) State = 0x68ef777160e56ef72d7f5eed64273179
  1299. (29) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  1300. (29) Called-Station-Id = "34-ED-1B-4B-15-8F"
  1301. (29) Restoring &session-state
  1302. (29) &session-state:Framed-MTU = 994
  1303. (29) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello\n"
  1304. (29) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello\n"
  1305. (29) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate\n"
  1306. (29) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange\n"
  1307. (29) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone\n"
  1308. (29) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange\n"
  1309. (29) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished\n"
  1310. (29) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec\n"
  1311. (29) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished\n"
  1312. (29) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
  1313. (29) &session-state:TLS-Session-Version = "TLS 1.2"
  1314. (29) # Executing section authorize from file /etc/freeradius/sites-enabled/GO_Live
  1315. (29) authorize {
  1316. (29) policy filter_username {
  1317. (29) if (&User-Name) {
  1318. (29) if (&User-Name) -> TRUE
  1319. (29) if (&User-Name) {
  1320. (29) if (&User-Name =~ / /) {
  1321. (29) if (&User-Name =~ / /) -> FALSE
  1322. (29) if (&User-Name =~ /@[^@]*@/ ) {
  1323. (29) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  1324. (29) if (&User-Name =~ /\.\./ ) {
  1325. (29) if (&User-Name =~ /\.\./ ) -> FALSE
  1326. (29) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  1327. (29) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  1328. (29) if (&User-Name =~ /\.$/) {
  1329. (29) if (&User-Name =~ /\.$/) -> FALSE
  1330. (29) if (&User-Name =~ /@\./) {
  1331. (29) if (&User-Name =~ /@\./) -> FALSE
  1332. (29) } # if (&User-Name) = notfound
  1333. (29) } # policy filter_username = notfound
  1334. (29) [preprocess] = ok
  1335. (29) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
  1336. (29) auth_log: --> /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  1337. (29) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/auth-detail-20210826
  1338. (29) auth_log: EXPAND %t
  1339. (29) auth_log: --> Thu Aug 26 22:36:18 2021
  1340. (29) [auth_log] = ok
  1341. (29) [mschap] = noop
  1342. (29) ntdomain: Checking for prefix before "\"
  1343. (29) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  1344. (29) ntdomain: Found realm "CORPORATE"
  1345. (29) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  1346. (29) ntdomain: Adding Realm = "CORPORATE"
  1347. (29) ntdomain: Authentication realm is LOCAL
  1348. (29) [ntdomain] = ok
  1349. (29) eap: Peer sent EAP Response (code 2) ID 10 length 46
  1350. (29) eap: Continuing tunnel setup
  1351. (29) [eap] = ok
  1352. (29) } # authorize = ok
  1353. (29) Found Auth-Type = eap
  1354. (29) # Executing group from file /etc/freeradius/sites-enabled/GO_Live
  1355. (29) authenticate {
  1356. (29) eap: Expiring EAP session with state 0x68ef777160e56ef7
  1357. (29) eap: Finished EAP session with state 0x68ef777160e56ef7
  1358. (29) eap: Previous EAP request found for state 0x68ef777160e56ef7, released from the list
  1359. (29) eap: Peer sent packet with method EAP PEAP (25)
  1360. (29) eap: Calling submodule eap_peap to process data
  1361. (29) eap_peap: (TLS) EAP Done initial handshake
  1362. (29) eap_peap: Session established. Decoding tunneled attributes
  1363. (29) eap_peap: PEAP state send tlv success
  1364. (29) eap_peap: Received EAP-TLV response
  1365. (29) eap_peap: Success
  1366. (29) eap: Sending EAP Success (code 3) ID 10 length 4
  1367. (29) eap: Freeing handler
  1368. (29) [eap] = ok
  1369. (29) } # authenticate = ok
  1370. (29) # Executing section post-auth from file /etc/freeradius/sites-enabled/GO_Live
  1371. (29) post-auth {
  1372. (29) if (&Framed-IP-Address =~ /^169\.254\./) {
  1373. (29) ERROR: Failed retrieving values required to evaluate condition
  1374. (29) if (&LDAP-Group == "RSSO - IT - Networking") {
  1375. (29) Searching for user in group "RSSO - IT - Networking"
  1376. rlm_ldap (ldap): Reserved connection (21)
  1377. (29) EXPAND (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
  1378. (29) --> (sAMAccountName=Raspb.P14)
  1379. (29) Performing search in "dc=corporate,dc=intra" with filter "(sAMAccountName=Raspb.P14)", scope "sub"
  1380. (29) Waiting for search result...
  1381. rlm_ldap (ldap): Rebinding to URL ldap://DomainDnsZones.corporate.intra/DC=DomainDnsZones,DC=corporate,DC=intra
  1382. rlm_ldap (ldap): Waiting for bind result...
  1383. rlm_ldap (ldap): Rebinding to URL ldap://ForestDnsZones.corporate.intra/DC=ForestDnsZones,DC=corporate,DC=intra
  1384. rlm_ldap (ldap): Waiting for bind result...
  1385. rlm_ldap (ldap): Bind successful
  1386. rlm_ldap (ldap): Bind successful
  1387. (29) User object found at DN "CN=Raspb.P14,OU=GO Services,OU=Systems_Administration_OU,DC=corporate,DC=intra"
  1388. (29) Checking user object's memberOf attributes
  1389. (29) Waiting for bind result...
  1390. (29) Bind successful
  1391. (29) Performing unfiltered search in "CN=Raspb.P14,OU=GO Services,OU=Systems_Administration_OU,DC=corporate,DC=intra", scope "base"
  1392. (29) Waiting for search result...
  1393. (29) Processing memberOf value "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra" as a DN
  1394. (29) Resolving group DN "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra" to group name
  1395. (29) Performing unfiltered search in "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra", scope "base"
  1396. (29) Waiting for search result...
  1397. (29) Group DN "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra" resolves to name "RSSO - TEC - RaspBerryPi"
  1398. rlm_ldap (ldap): Deleting connection (21) - Was referred to a different LDAP server
  1399. (29) User is not a member of "RSSO - IT - Networking"
  1400. (29) if (&LDAP-Group == "RSSO - IT - Networking") -> FALSE
  1401. (29) elsif (LDAP-Group == "RSSO - IT - App Support") {
  1402. (29) Searching for user in group "RSSO - IT - App Support"
  1403. rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare"
  1404. rlm_ldap (ldap): Opening additional connection (22), 1 of 32 pending slots used
  1405. rlm_ldap (ldap): Connecting to ldap://corporate.intra:389
  1406. rlm_ldap (ldap): Waiting for bind result...
  1407. rlm_ldap (ldap): Bind successful
  1408. rlm_ldap (ldap): Reserved connection (22)
  1409. <<escaped more ldap search text from debug>>
  1410. rlm_ldap (ldap): Reserved connection (22)
  1411. (29) Using user DN from request "CN=Raspb.P14,OU=GO Services,OU=Systems_Administration_OU,DC=corporate,DC=intra"
  1412. (29) Checking user object's memberOf attributes
  1413. (29) Performing unfiltered search in "CN=Raspb.P14,OU=GO Services,OU=Systems_Administration_OU,DC=corporate,DC=intra", scope "base"
  1414. (29) Waiting for search result...
  1415. (29) Processing memberOf value "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra" as a DN
  1416. (29) Resolving group DN "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra" to group name
  1417. (29) Performing unfiltered search in "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra", scope "base"
  1418. (29) Waiting for search result...
  1419. (29) Group DN "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra" resolves to name "RSSO - TEC - RaspBerryPi"
  1420. (29) User found in group "RSSO - TEC - RaspBerryPi". Comparison between membership: name (resolved from DN "CN=RSSO - TEC - RaspBerryPi,OU=GO Groups,OU=Users_OU,DC=corporate,DC=intra"), check: name
  1421. rlm_ldap (ldap): Released connection (22)
  1422. (29) elsif (LDAP-Group == "RSSO - TEC - RaspBerryPi") -> TRUE
  1423. (29) elsif (LDAP-Group == "RSSO - TEC - RaspBerryPi") {
  1424. (29) update Reply {
  1425. (29) Tunnel-Type := VLAN
  1426. (29) Tunnel-Medium-Type := IEEE-802
  1427. (29) Tunnel-Private-Group-Id := "943"
  1428. (29) Class := 0x5253534f2d5445432d5261737042657272795069
  1429. (29) } # update Reply = noop
  1430. (29) } # elsif (LDAP-Group == "RSSO - TEC - RaspBerryPi") = noop
  1431. (29) ... skipping elsif: Preceding "if" was taken
  1432. (29) ... skipping elsif: Preceding "if" was taken
  1433. (29) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
  1434. (29) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) -> FALSE
  1435. (29) update {
  1436. (29) &reply::Framed-MTU += &session-state:Framed-MTU[*] -> 994
  1437. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) recv TLS 1.3 Handshake, ClientHello '
  1438. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, ServerHello '
  1439. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, Certificate '
  1440. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, ServerKeyExchange '
  1441. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, ServerHelloDone '
  1442. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) recv TLS 1.2 Handshake, ClientKeyExchange '
  1443. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) recv TLS 1.2 Handshake, Finished '
  1444. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 ChangeCipherSpec '
  1445. (29) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, Finished '
  1446. (29) &reply::TLS-Session-Cipher-Suite += &session-state:TLS-Session-Cipher-Suite[*] -> 'ECDHE-RSA-AES256-GCM-SHA384'
  1447. (29) &reply::TLS-Session-Version += &session-state:TLS-Session-Version[*] -> 'TLS 1.2'
  1448. (29) } # update = noop
  1449. (29) reply_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
  1450. (29) reply_log: --> /var/log/freeradius/radacct/10.15.200.15/reply-detail-20210826
  1451. (29) reply_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/reply-detail-20210826
  1452. (29) reply_log: EXPAND %t
  1453. (29) reply_log: --> Thu Aug 26 22:36:18 2021
  1454. (29) [reply_log] = ok
  1455. (29) sql: EXPAND .query
  1456. (29) sql: --> .query
  1457. (29) sql: Using query template 'query'
  1458. rlm_sql (sql): Reserved connection (17)
  1459. (29) sql: EXPAND %{User-Name}
  1460. (29) sql: --> CORPORATE\\Raspb.P14
  1461. (29) sql: SQL-User-Name set to 'CORPORATE\\Raspb.P14'
  1462. (29) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( '%{SQL-User-Name}', 'Omitted', '%{reply:Packet-Type}', '%S.%M' )
  1463. (29) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'CORPORATE=5C=5CRaspb.P14', 'Omitted', 'Access-Accept', '2021-08-26 22:36:18.168110' )
  1464. (29) sql: EXPAND /var/log/freeradius/sqllog.sql
  1465. (29) sql: --> /var/log/freeradius/sqllog.sql
  1466. (29) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'CORPORATE=5C=5CRaspb.P14', 'Omitted', 'Access-Accept', '2021-08-26 22:36:18.168110' )
  1467. (29) sql: SQL query returned: success
  1468. (29) sql: 1 record(s) updated
  1469. rlm_sql (sql): Released connection (17)
  1470. (29) [sql] = ok
  1471. (29) [exec] = noop
  1472. (29) policy remove_reply_message_if_eap {
  1473. (29) if (&reply:EAP-Message && &reply:Reply-Message) {
  1474. (29) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  1475. (29) else {
  1476. (29) [noop] = noop
  1477. (29) } # else = noop
  1478. (29) } # policy remove_reply_message_if_eap = noop
  1479. (29) if (EAP-Key-Name && &reply:EAP-Session-Id) {
  1480. (29) if (EAP-Key-Name && &reply:EAP-Session-Id) -> FALSE
  1481. (29) } # post-auth = ok
  1482. (29) Sent Access-Accept Id 77 from 172.16.200.253:1812 to 10.15.200.15:61772 length 0
  1483. (29) MS-MPPE-Recv-Key = 0xc509355dc56d93d4aa9c6ef2bce30f9ed436192345d42dd91ac1e180007091a1
  1484. (29) MS-MPPE-Send-Key = 0xe271bf04394e6bd945d56b549a73e57671a60b1ed6f6976e58f0c98380ab33e8
  1485. (29) EAP-Message = 0x030a0004
  1486. (29) Message-Authenticator = 0x00000000000000000000000000000000
  1487. (29) User-Name = "CORPORATE\\Raspb.P14"
  1488. (29) Tunnel-Type := VLAN
  1489. (29) Tunnel-Medium-Type := IEEE-802
  1490. (29) Tunnel-Private-Group-Id := "943"
  1491. (29) Class := 0x5253534f2d5445432d5261737042657272795069
  1492. (29) Framed-MTU += 994
  1493. (29) Finished request
  1494. Waking up in 4.8 seconds.
  1495. (20) Cleaning up request packet ID 68 with timestamp +527
  1496. (21) Cleaning up request packet ID 69 with timestamp +527
  1497. (22) Cleaning up request packet ID 70 with timestamp +527
  1498. (23) Cleaning up request packet ID 71 with timestamp +527
  1499. (24) Cleaning up request packet ID 72 with timestamp +527
  1500. (25) Cleaning up request packet ID 73 with timestamp +527
  1501. (26) Cleaning up request packet ID 74 with timestamp +527
  1502. (27) Cleaning up request packet ID 75 with timestamp +527
  1503. (28) Cleaning up request packet ID 76 with timestamp +527
  1504. Waking up in 0.1 seconds.
  1505. (29) Cleaning up request packet ID 77 with timestamp +527
  1506. Ready to process requests
  1507.  
  1508.  
  1509.  
  1510.  
  1511.  
  1512.  
  1513.  
  1514. Ready to process requests
  1515. (75) Received Accounting-Request Id 246 from 10.15.200.15:62985 to 172.16.200.253:1813 length 376
  1516. (75) Framed-IP-Address = 10.15.204.105
  1517. (75) Framed-IPv6-Address = fe80::423c:e86c:af53:897b
  1518. (75) User-Name = "CORPORATE\\Raspb.P14"
  1519. (75) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
  1520. (75) Cisco-AVPair = "vlan-id=943"
  1521. (75) Cisco-AVPair = "method=dot1x"
  1522. (75) Called-Station-Id = "34-ED-1B-4B-15-8F"
  1523. (75) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  1524. (75) NAS-IP-Address = 10.15.200.15
  1525. (75) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
  1526. (75) NAS-Port-Type = Ethernet
  1527. (75) NAS-Port = 50115
  1528. (75) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  1529. (75) NAS-Identifier = "MRS_3rdFlr_NW_SW3_93"
  1530. (75) Called-Station-Id = "34-ED-1B-4B-15-8F"
  1531. (75) Acct-Session-Id = "00000116"
  1532. (75) Acct-Authentic = Remote
  1533. (75) Class = 0x5253534f2d5445432d5261737042657272795069
  1534. (75) Acct-Status-Type = Interim-Update
  1535. (75) Event-Timestamp = "Aug 26 2021 22:56:18 CEST"
  1536. (75) Acct-Input-Octets = 14864970
  1537. (75) Acct-Output-Octets = 0
  1538. (75) Acct-Input-Packets = 110074
  1539. (75) Acct-Output-Packets = 0
  1540. (75) Acct-Delay-Time = 0
  1541. (75) # Executing section preacct from file /etc/freeradius/sites-enabled/GO_Live
  1542. (75) preacct {
  1543. (75) [preprocess] = ok
  1544. (75) policy acct_unique {
  1545. (75) update request {
  1546. (75) &Tmp-String-9 := "ai:"
  1547. (75) } # update request = noop
  1548. (75) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
  1549. (75) EXPAND %{hex:&Class}
  1550. (75) --> 5253534f2d5445432d5261737042657272795069
  1551. (75) EXPAND ^%{hex:&Tmp-String-9}
  1552. (75) --> ^61693a
  1553. (75) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
  1554. (75) else {
  1555. (75) update request {
  1556. (75) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
  1557. (75) --> df588029321131090ffa13b0d81e9e2d
  1558. (75) &Acct-Unique-Session-Id := df588029321131090ffa13b0d81e9e2d
  1559. (75) } # update request = noop
  1560. (75) } # else = noop
  1561. (75) } # policy acct_unique = noop
  1562. (75) ntdomain: Checking for prefix before "\"
  1563. (75) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  1564. (75) ntdomain: Found realm "CORPORATE"
  1565. (75) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  1566. (75) ntdomain: Adding Realm = "CORPORATE"
  1567. (75) ntdomain: Accounting realm is LOCAL
  1568. (75) [ntdomain] = ok
  1569. (75) [files] = noop
  1570. (75) update control {
  1571. (75) &Replicate-To-Realm += "Realm_FG_1500D_Agg_Users_Acct"
  1572. (75) &Replicate-To-Realm += "Realm_FG_3300E_Datacentre_Acct"
  1573. (75) &Replicate-To-Realm += "Realm_FG_1500D_Users_Acct"
  1574. (75) &Replicate-To-Realm += "Realm_FG_3300E_Headend_Acct"
  1575. (75) &Replicate-To-Realm += "Realm_FG_3300E_STG-DC_Acct"
  1576. (75) &Replicate-To-Realm += "Realm_FG_3300E_ISP-Services_Acct"
  1577. (75) &Replicate-To-Realm += "Realm_FG_3300E_Users-VPN_Acct"
  1578. (75) } # update control = noop
  1579. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Agg_Users_Acct'
  1580. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Datacentre_Acct'
  1581. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Users_Acct'
  1582. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Headend_Acct'
  1583. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_STG-DC_Acct'
  1584. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_ISP-Services_Acct'
  1585. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Users-VPN_Acct'
  1586. (75) [replicate] = ok
  1587. (75) } # preacct = ok
  1588. (75) # Executing section accounting from file /etc/freeradius/sites-enabled/GO_Live
  1589. (75) accounting {
  1590. (75) detail: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
  1591. (75) detail: --> /var/log/freeradius/radacct/10.15.200.15/detail-20210826
  1592. (75) detail: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/detail-20210826
  1593. (75) detail: EXPAND %t
  1594. (75) detail: --> Thu Aug 26 22:56:19 2021
  1595. (75) [detail] = ok
  1596. (75) [unix] = noop
  1597. (75) sql: EXPAND %{tolower:type.%{%{Acct-Status-Type}:-%{Request-Processing-Stage}}.query}
  1598. (75) sql: --> type.interim-update.query
  1599. (75) sql: Using query template 'query'
  1600. rlm_sql (sql): Reserved connection (46)
  1601. (75) sql: EXPAND %{User-Name}
  1602. (75) sql: --> CORPORATE\\Raspb.P14
  1603. (75) sql: SQL-User-Name set to 'CORPORATE\\Raspb.P14'
  1604. (75) sql: EXPAND UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), acctinterval = %{%{integer:Event-Timestamp}:-%l} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', framedipv6address = '%{Framed-IPv6-Address}', framedipv6prefix = '%{Framed-IPv6-Prefix}', framedinterfaceid = '%{Framed-Interface-Id}', delegatedipv6prefix = '%{Delegated-IPv6-Prefix}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'
  1605. (75) sql: --> UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(1630011378), acctinterval = 1630011378 - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '10.15.204.105', framedipv6address = 'fe80::423c:e86c:af53:897b', framedipv6prefix = '', framedinterfaceid = '', delegatedipv6prefix = '', acctsessiontime = NULL, acctinputoctets = '0' << 32 | '14864970', acctoutputoctets = '0' << 32 | '0' WHERE AcctUniqueId = 'df588029321131090ffa13b0d81e9e2d'
  1606. (75) sql: EXPAND /var/log/freeradius/sqllog.sql
  1607. (75) sql: --> /var/log/freeradius/sqllog.sql
  1608. (75) sql: Executing query: UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(1630011378), acctinterval = 1630011378 - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '10.15.204.105', framedipv6address = 'fe80::423c:e86c:af53:897b', framedipv6prefix = '', framedinterfaceid = '', delegatedipv6prefix = '', acctsessiontime = NULL, acctinputoctets = '0' << 32 | '14864970', acctoutputoctets = '0' << 32 | '0' WHERE AcctUniqueId = 'df588029321131090ffa13b0d81e9e2d'
  1609. rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
  1610. (75) sql: SQL query returned: success
  1611. (75) sql: 1 record(s) updated
  1612. rlm_sql (sql): Released connection (46)
  1613. (75) [sql] = ok
  1614. (75) [exec] = noop
  1615. (75) attr_filter.accounting_response: EXPAND %{User-Name}
  1616. (75) attr_filter.accounting_response: --> CORPORATE\\Raspb.P14
  1617. (75) attr_filter.accounting_response: Matched entry DEFAULT at line 12
  1618. (75) [attr_filter.accounting_response] = updated
  1619. (75) update control {
  1620. (75) &Replicate-To-Realm += "Realm_FG_1500D_Agg_Users_Acct"
  1621. (75) &Replicate-To-Realm += "Realm_FG_3300E_Datacentre_Acct"
  1622. (75) &Replicate-To-Realm += "Realm_FG_1500D_Users_Acct"
  1623. (75) &Replicate-To-Realm += "Realm_FG_3300E_Headend_Acct"
  1624. (75) &Replicate-To-Realm += "Realm_FG_3300E_STG-DC_Acct"
  1625. (75) &Replicate-To-Realm += "Realm_FG_3300E_ISP-Services_Acct"
  1626. (75) &Replicate-To-Realm += "Realm_FG_3300E_Users-VPN_Acct"
  1627. (75) } # update control = noop
  1628. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Agg_Users_Acct'
  1629. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Datacentre_Acct'
  1630. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Users_Acct'
  1631. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Headend_Acct'
  1632. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_STG-DC_Acct'
  1633. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_ISP-Services_Acct'
  1634. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Users-VPN_Acct'
  1635. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Agg_Users_Acct'
  1636. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Datacentre_Acct'
  1637. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Users_Acct'
  1638. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Headend_Acct'
  1639. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_STG-DC_Acct'
  1640. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_ISP-Services_Acct'
  1641. (75) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Users-VPN_Acct'
  1642. (75) [replicate] = ok
  1643. (75) } # accounting = updated
  1644. (75) Sent Accounting-Response Id 246 from 172.16.200.253:1813 to 10.15.200.15:62985 length 0
  1645. (75) Finished request
  1646. (75) Cleaning up request packet ID 246 with timestamp +1728
  1647. Ready to process requests
  1648. (76) Received Accounting-Request Id 247 from 10.15.200.15:62985 to 172.16.200.253:1813 length 376
  1649. (76) Framed-IP-Address = 10.15.204.105
  1650. (76) Framed-IPv6-Address = fe80::423c:e86c:af53:897b
  1651. (76) User-Name = "CORPORATE\\Raspb.P14"
  1652. (76) Cisco-AVPair = "audit-session-id=0FC80F0A000006F3842D78C6"
  1653. (76) Cisco-AVPair = "vlan-id=943"
  1654. (76) Cisco-AVPair = "method=dot1x"
  1655. (76) Called-Station-Id = "34-ED-1B-4B-15-8F"
  1656. (76) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  1657. (76) NAS-IP-Address = 10.15.200.15
  1658. (76) NAS-Port-Id = "FiveGigabitEthernet1/0/15"
  1659. (76) NAS-Port-Type = Ethernet
  1660. (76) NAS-Port = 50115
  1661. (76) Calling-Station-Id = "DC-A6-32-A8-8A-D0"
  1662. (76) NAS-Identifier = "MRS_3rdFlr_NW_SW3_93"
  1663. (76) Called-Station-Id = "34-ED-1B-4B-15-8F"
  1664. (76) Acct-Session-Id = "00000116"
  1665. (76) Acct-Authentic = Remote
  1666. (76) Class = 0x5253534f2d5445432d5261737042657272795069
  1667. (76) Acct-Status-Type = Interim-Update
  1668. (76) Event-Timestamp = "Aug 26 2021 22:56:29 CEST"
  1669. (76) Acct-Input-Octets = 15003058
  1670. (76) Acct-Output-Octets = 0
  1671. (76) Acct-Input-Packets = 111105
  1672. (76) Acct-Output-Packets = 0
  1673. (76) Acct-Delay-Time = 0
  1674. (76) # Executing section preacct from file /etc/freeradius/sites-enabled/GO_Live
  1675. (76) preacct {
  1676. (76) [preprocess] = ok
  1677. (76) policy acct_unique {
  1678. (76) update request {
  1679. (76) &Tmp-String-9 := "ai:"
  1680. (76) } # update request = noop
  1681. (76) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
  1682. (76) EXPAND %{hex:&Class}
  1683. (76) --> 5253534f2d5445432d5261737042657272795069
  1684. (76) EXPAND ^%{hex:&Tmp-String-9}
  1685. (76) --> ^61693a
  1686. (76) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
  1687. (76) else {
  1688. (76) update request {
  1689. (76) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
  1690. (76) --> df588029321131090ffa13b0d81e9e2d
  1691. (76) &Acct-Unique-Session-Id := df588029321131090ffa13b0d81e9e2d
  1692. (76) } # update request = noop
  1693. (76) } # else = noop
  1694. (76) } # policy acct_unique = noop
  1695. (76) ntdomain: Checking for prefix before "\"
  1696. (76) ntdomain: Looking up realm "CORPORATE" for User-Name = "CORPORATE\Raspb.P14"
  1697. (76) ntdomain: Found realm "CORPORATE"
  1698. (76) ntdomain: Adding Stripped-User-Name = "Raspb.P14"
  1699. (76) ntdomain: Adding Realm = "CORPORATE"
  1700. (76) ntdomain: Accounting realm is LOCAL
  1701. (76) [ntdomain] = ok
  1702. (76) [files] = noop
  1703. (76) update control {
  1704. (76) &Replicate-To-Realm += "Realm_FG_1500D_Agg_Users_Acct"
  1705. (76) &Replicate-To-Realm += "Realm_FG_3300E_Datacentre_Acct"
  1706. (76) &Replicate-To-Realm += "Realm_FG_1500D_Users_Acct"
  1707. (76) &Replicate-To-Realm += "Realm_FG_3300E_Headend_Acct"
  1708. (76) &Replicate-To-Realm += "Realm_FG_3300E_STG-DC_Acct"
  1709. (76) &Replicate-To-Realm += "Realm_FG_3300E_ISP-Services_Acct"
  1710. (76) &Replicate-To-Realm += "Realm_FG_3300E_Users-VPN_Acct"
  1711. (76) } # update control = noop
  1712. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Agg_Users_Acct'
  1713. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Datacentre_Acct'
  1714. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Users_Acct'
  1715. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Headend_Acct'
  1716. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_STG-DC_Acct'
  1717. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_ISP-Services_Acct'
  1718. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Users-VPN_Acct'
  1719. (76) [replicate] = ok
  1720. (76) } # preacct = ok
  1721. (76) # Executing section accounting from file /etc/freeradius/sites-enabled/GO_Live
  1722. (76) accounting {
  1723. (76) detail: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
  1724. (76) detail: --> /var/log/freeradius/radacct/10.15.200.15/detail-20210826
  1725. (76) detail: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/10.15.200.15/detail-20210826
  1726. (76) detail: EXPAND %t
  1727. (76) detail: --> Thu Aug 26 22:56:29 2021
  1728. (76) [detail] = ok
  1729. (76) [unix] = noop
  1730. (76) sql: EXPAND %{tolower:type.%{%{Acct-Status-Type}:-%{Request-Processing-Stage}}.query}
  1731. (76) sql: --> type.interim-update.query
  1732. (76) sql: Using query template 'query'
  1733. rlm_sql (sql): Reserved connection (48)
  1734. (76) sql: EXPAND %{User-Name}
  1735. (76) sql: --> CORPORATE\\Raspb.P14
  1736. (76) sql: SQL-User-Name set to 'CORPORATE\\Raspb.P14'
  1737. (76) sql: EXPAND UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), acctinterval = %{%{integer:Event-Timestamp}:-%l} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', framedipv6address = '%{Framed-IPv6-Address}', framedipv6prefix = '%{Framed-IPv6-Prefix}', framedinterfaceid = '%{Framed-Interface-Id}', delegatedipv6prefix = '%{Delegated-IPv6-Prefix}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'
  1738. (76) sql: --> UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(1630011389), acctinterval = 1630011389 - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '10.15.204.105', framedipv6address = 'fe80::423c:e86c:af53:897b', framedipv6prefix = '', framedinterfaceid = '', delegatedipv6prefix = '', acctsessiontime = NULL, acctinputoctets = '0' << 32 | '15003058', acctoutputoctets = '0' << 32 | '0' WHERE AcctUniqueId = 'df588029321131090ffa13b0d81e9e2d'
  1739. (76) sql: EXPAND /var/log/freeradius/sqllog.sql
  1740. (76) sql: --> /var/log/freeradius/sqllog.sql
  1741. (76) sql: Executing query: UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(1630011389), acctinterval = 1630011389 - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '10.15.204.105', framedipv6address = 'fe80::423c:e86c:af53:897b', framedipv6prefix = '', framedinterfaceid = '', delegatedipv6prefix = '', acctsessiontime = NULL, acctinputoctets = '0' << 32 | '15003058', acctoutputoctets = '0' << 32 | '0' WHERE AcctUniqueId = 'df588029321131090ffa13b0d81e9e2d'
  1742. rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
  1743. (76) sql: SQL query returned: success
  1744. (76) sql: 1 record(s) updated
  1745. rlm_sql (sql): Released connection (48)
  1746. (76) [sql] = ok
  1747. (76) [exec] = noop
  1748. (76) attr_filter.accounting_response: EXPAND %{User-Name}
  1749. (76) attr_filter.accounting_response: --> CORPORATE\\Raspb.P14
  1750. (76) attr_filter.accounting_response: Matched entry DEFAULT at line 12
  1751. (76) [attr_filter.accounting_response] = updated
  1752. (76) update control {
  1753. (76) &Replicate-To-Realm += "Realm_FG_1500D_Agg_Users_Acct"
  1754. (76) &Replicate-To-Realm += "Realm_FG_3300E_Datacentre_Acct"
  1755. (76) &Replicate-To-Realm += "Realm_FG_1500D_Users_Acct"
  1756. (76) &Replicate-To-Realm += "Realm_FG_3300E_Headend_Acct"
  1757. (76) &Replicate-To-Realm += "Realm_FG_3300E_STG-DC_Acct"
  1758. (76) &Replicate-To-Realm += "Realm_FG_3300E_ISP-Services_Acct"
  1759. (76) &Replicate-To-Realm += "Realm_FG_3300E_Users-VPN_Acct"
  1760. (76) } # update control = noop
  1761. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Agg_Users_Acct'
  1762. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Datacentre_Acct'
  1763. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Users_Acct'
  1764. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Headend_Acct'
  1765. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_STG-DC_Acct'
  1766. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_ISP-Services_Acct'
  1767. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Users-VPN_Acct'
  1768. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Agg_Users_Acct'
  1769. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Datacentre_Acct'
  1770. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_1500D_Users_Acct'
  1771. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Headend_Acct'
  1772. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_STG-DC_Acct'
  1773. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_ISP-Services_Acct'
  1774. (76) replicate: Replicating list 'request' to Realm 'Realm_FG_3300E_Users-VPN_Acct'
  1775. (76) [replicate] = ok
  1776. (76) } # accounting = updated
  1777. (76) Sent Accounting-Response Id 247 from 172.16.200.253:1813 to 10.15.200.15:62985 length 0
  1778. (76) Finished request
  1779. (76) Cleaning up request packet ID 247 with timestamp +1738
  1780. Ready to process requests
RAW Paste Data Copied