Ready to process requests Received Access-Request Id 32 from 192.168.254.99:36050 to 192.168.211.189:1812 length 212 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' EAP-Message = 0x0200000e017269636b6a616d6573 Attr-26.25053.3 = 0x746573742d6561702d72616469757331 Message-Authenticator = 0xab617ffbf998dff20d1e24dd36e3a66a (0) # Executing section authorize from file /etc/raddb/sites-enabled/default (0) authorize { (0) filter_username filter_username { (0) if (User-Name =~ /@.*@/ ) (0) if (User-Name =~ /@.*@/ ) -> FALSE (0) if (User-Name =~ /\\.\\./ ) (0) if (User-Name =~ /\\.\\./ ) -> FALSE (0) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (0) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (0) if (User-Name =~ /\\.$/) (0) if (User-Name =~ /\\.$/) -> FALSE (0) if (User-Name =~ /@\\./) (0) if (User-Name =~ /@\\./) -> FALSE (0) } # filter_username filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (0) suffix : No such realm "NULL" (0) [suffix] = noop (0) [files] = noop SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (0) eap : EAP packet type response id 0 length 14 (0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = EAP SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (0) # Executing group from file /etc/raddb/sites-enabled/default (0) authenticate { (0) eap : Peer sent Identity (1) (0) eap : Calling eap_md5 to process EAP data (0) eap_md5 : Issuing MD5 Challenge (0) eap : New EAP session, adding 'State' attribute to reply 0x136e6841136f6cbb (0) [eap] = handled (0) } # authenticate = handled Sending Access-Challenge Id 32 from 192.168.211.189:1812 to 192.168.254.99:36050 EAP-Message = 0x0101001604100547f24b08ffd59365dec4e2ae580972 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x136e6841136f6cbb2a1b98fa6bba5141 (0) Finished request Waking up in 0.3 seconds. Received Access-Request Id 33 from 192.168.254.99:36050 to 192.168.211.189:1812 length 222 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' EAP-Message = 0x020100060319 State = 0x136e6841136f6cbb2a1b98fa6bba5141 Attr-26.25053.3 = 0x746573742d6561702d72616469757331 Message-Authenticator = 0xc9a30354b33bc47c29bbda56fcc2ef76 (1) # Executing section authorize from file /etc/raddb/sites-enabled/default (1) authorize { (1) filter_username filter_username { (1) if (User-Name =~ /@.*@/ ) (1) if (User-Name =~ /@.*@/ ) -> FALSE (1) if (User-Name =~ /\\.\\./ ) (1) if (User-Name =~ /\\.\\./ ) -> FALSE (1) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (1) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (1) if (User-Name =~ /\\.$/) (1) if (User-Name =~ /\\.$/) -> FALSE (1) if (User-Name =~ /@\\./) (1) if (User-Name =~ /@\\./) -> FALSE (1) } # filter_username filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (1) suffix : No such realm "NULL" (1) [suffix] = noop (1) [files] = noop SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp: Unknown value 'Challenge' for attribute 'Post-Auth-Type' (1) eap : EAP packet type response id 1 length 6 (1) eap : No EAP Start, assuming it's an on-going EAP conversation SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (1) [eap] = updated (1) sql : EXPAND %{User-Name} (1) sql : --> rickjames (1) sql : SQL-User-Name set to 'rickjames' rlm_sql (sql): Reserved connection (4) (1) sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (1) sql : --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rickjames' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rickjames' ORDER BY id' (1) sql : User found in radcheck table (1) sql : Check items matched (1) sql : EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (1) sql : --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rickjames' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rickjames' ORDER BY id' (1) sql : EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (1) sql : --> SELECT groupname FROM radusergroup WHERE username = 'rickjames' ORDER BY priority rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'rickjames' ORDER BY priority' (1) sql : User found in the group table (1) sql : EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id (1) sql : --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'TestSite-Premium' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'TestSite-Premium' ORDER BY id' (1) sql : Group "TestSite-Premium" check items matched (1) sql : EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id (1) sql : --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'TestSite-Premium' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'TestSite-Premium' ORDER BY id' (1) sql : Group "TestSite-Premium" reply items processed rlm_sql (sql): Released connection (4) rlm_sql (sql): Closing connection (0), from 1 unused connections rlm_sql_mysql: Socket destructor called, closing socket (1) [sql] = ok (1) [expiration] = noop (1) [logintime] = noop (1) WARNING: pap : Auth-Type already set. Not setting to PAP (1) [pap] = noop (1) } # authorize = updated (1) Found Auth-Type = EAP (1) # Executing group from file /etc/raddb/sites-enabled/default (1) authenticate { (1) eap : Expiring EAP session with state 0x136e6841136f6cbb (1) eap : Finished EAP session with state 0x136e6841136f6cbb (1) eap : Previous EAP request found for state 0x136e6841136f6cbb, released from the list (1) eap : Peer sent NAK (3) (1) eap : Found mutually acceptable type PEAP (25) (1) eap : Calling eap_peap to process EAP data (1) eap_peap : Flushing SSL sessions (of #0) (1) eap_peap : Initiate (1) eap_peap : Start returned 1 (1) eap : New EAP session, adding 'State' attribute to reply 0x136e6841126c71bb (1) [eap] = handled (1) } # authenticate = handled Sending Access-Challenge Id 33 from 192.168.211.189:1812 to 192.168.254.99:36050 Ruckus-Role = 'TestSite-Premium' EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x136e6841126c71bb2a1b98fa6bba5141 (1) Finished request Waking up in 0.3 seconds. Received Access-Request Id 34 from 192.168.254.99:36050 to 192.168.211.189:1812 length 487 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' EAP-Message = 0x0202010d19800000010316030100fe010000fa030153eb6692582271d7d5053d7395f22c2454773ed2d1d295101a3195a06a0c4751209a553fb3c8bbd88d96bdd0c61b3a519c962ced5843451147c018638d0027cf0b0068c014c00ac022c0210039003800880087c00fc00500350084c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032009a009900450044c00ec004002f009600410007c011c007c00cc002000500040015001200090014001100080006000300ff01000049000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f0010001100230000000f000101 State = 0x136e6841126c71bb2a1b98fa6bba5141 Attr-26.25053.3 = 0x746573742d6561702d72616469757331 Message-Authenticator = 0x5a1c83ad5da145bca498af06ff83b1d4 (2) # Executing section authorize from file /etc/raddb/sites-enabled/default (2) authorize { (2) filter_username filter_username { (2) if (User-Name =~ /@.*@/ ) (2) if (User-Name =~ /@.*@/ ) -> FALSE (2) if (User-Name =~ /\\.\\./ ) (2) if (User-Name =~ /\\.\\./ ) -> FALSE (2) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (2) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (2) if (User-Name =~ /\\.$/) (2) if (User-Name =~ /\\.$/) -> FALSE (2) if (User-Name =~ /@\\./) (2) if (User-Name =~ /@\\./) -> FALSE (2) } # filter_username filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (2) suffix : No such realm "NULL" (2) [suffix] = noop (2) [files] = noop SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp: Unknown value 'Challenge' for attribute 'Post-Auth-Type' (2) eap : EAP packet type response id 2 length 269 (2) eap : Continuing tunnel setup SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = EAP SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (2) # Executing group from file /etc/raddb/sites-enabled/default (2) authenticate { (2) eap : Expiring EAP session with state 0x136e6841126c71bb (2) eap : Finished EAP session with state 0x136e6841126c71bb (2) eap : Previous EAP request found for state 0x136e6841126c71bb, released from the list (2) eap : Peer sent PEAP (25) (2) eap : EAP PEAP (25) (2) eap : Calling eap_peap to process EAP data (2) eap_peap : processing EAP-TLS TLS Length 259 (2) eap_peap : Length Included (2) eap_peap : eaptls_verify returned 11 (2) eap_peap : (other): before/accept initialization (2) eap_peap : TLS_accept: before/accept initialization (2) eap_peap : <<< TLS 1.0 Handshake [length 00fe], ClientHello SSL: Client requested cached session 9a553fb3c8bbd88d96bdd0c61b3a519c962ced5843451147c018638d0027cf0b (2) eap_peap : TLS_accept: SSLv3 read client hello A (2) eap_peap : >>> TLS 1.0 Handshake [length 005e], ServerHello (2) eap_peap : TLS_accept: SSLv3 write server hello A (2) eap_peap : >>> TLS 1.0 Handshake [length 0e63], Certificate (2) eap_peap : TLS_accept: SSLv3 write certificate A (2) eap_peap : >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange (2) eap_peap : TLS_accept: SSLv3 write key exchange A (2) eap_peap : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone (2) eap_peap : TLS_accept: SSLv3 write server done A (2) eap_peap : TLS_accept: SSLv3 flush data (2) eap_peap : TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (2) eap_peap : eaptls_process returned 13 (2) eap_peap : FR_TLS_HANDLED (2) eap : New EAP session, adding 'State' attribute to reply 0x136e6841116d71bb (2) [eap] = handled (2) } # authenticate = handled Sending Access-Challenge Id 34 from 192.168.211.189:1812 to 192.168.254.99:36050 EAP-Message = 0x010303ec19c000001024160301005e0200005a03014b54ec4463086a2d83fc89a6c62b693ac61e30e05dc5bca9313464d106545086200997cfc9e31e456f3b47687295c9a0808a51db1f4ff57082b470732e0a50bd92c014000012ff01000100000b000403000102000f0001011603010e630b000e5f000e5c0005303082052c30820414a003020102021100b512df55e3a6f3b415e81fff9b1dcf95300d06092a864886f70d01010505003073310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643119301706035504031310506f73697469766553534c2043412032301e170d3134303830343030303030305a170d3137303830333233353935395a30613121301f060355040b1318446f6d61696e20436f6e74726f6c2056616c69646174656431143012060355040b130b506f73697469766553534c312630240603550403131d6d616e616765642d776972656c6573732e76656c6f636974792e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100c1e570a88d32cd6fe220c09da1891a02990a1c66e0b95fd5a5973ebdb0577b36594ca66c048eb08f9c5e495333d1c9e6eb390 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x136e6841116d71bb2a1b98fa6bba5141 (2) Finished request Waking up in 0.3 seconds. Received Access-Request Id 35 from 192.168.254.99:36050 to 192.168.211.189:1812 length 222 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' EAP-Message = 0x020300061900 State = 0x136e6841116d71bb2a1b98fa6bba5141 Attr-26.25053.3 = 0x746573742d6561702d72616469757331 Message-Authenticator = 0x4b2970ea051253f111840776a669dc2f (3) # Executing section authorize from file /etc/raddb/sites-enabled/default (3) authorize { (3) filter_username filter_username { (3) if (User-Name =~ /@.*@/ ) (3) if (User-Name =~ /@.*@/ ) -> FALSE (3) if (User-Name =~ /\\.\\./ ) (3) if (User-Name =~ /\\.\\./ ) -> FALSE (3) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (3) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (3) if (User-Name =~ /\\.$/) (3) if (User-Name =~ /\\.$/) -> FALSE (3) if (User-Name =~ /@\\./) (3) if (User-Name =~ /@\\./) -> FALSE (3) } # filter_username filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (3) suffix : No such realm "NULL" (3) [suffix] = noop (3) [files] = noop SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp: Unknown value 'Challenge' for attribute 'Post-Auth-Type' (3) eap : EAP packet type response id 3 length 6 (3) eap : Continuing tunnel setup SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = EAP SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (3) # Executing group from file /etc/raddb/sites-enabled/default (3) authenticate { (3) eap : Expiring EAP session with state 0x136e6841116d71bb (3) eap : Finished EAP session with state 0x136e6841116d71bb (3) eap : Previous EAP request found for state 0x136e6841116d71bb, released from the list (3) eap : Peer sent PEAP (25) (3) eap : EAP PEAP (25) (3) eap : Calling eap_peap to process EAP data (3) eap_peap : processing EAP-TLS (3) eap_peap : Received TLS ACK (3) eap_peap : Received TLS ACK (3) eap_peap : ACK handshake fragment handler (3) eap_peap : eaptls_verify returned 1 (3) eap_peap : eaptls_process returned 13 (3) eap_peap : FR_TLS_HANDLED (3) eap : New EAP session, adding 'State' attribute to reply 0x136e6841106a71bb (3) [eap] = handled (3) } # authenticate = handled Sending Access-Challenge Id 35 from 192.168.211.189:1812 to 192.168.254.99:36050 EAP-Message = 0x010403e819405e303606082b06010505073002862a687474703a2f2f6372742e636f6d6f646f63612e636f6d2f506f73697469766553534c4341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d304b0603551d1104443042821d6d616e616765642d776972656c6573732e76656c6f636974792e6e657482217777772e6d616e616765642d776972656c6573732e76656c6f636974792e6e6574300d06092a864886f70d01010505000382010100cb149d1facc1f69732e870953b090e67ea1d1ed48fd7fa76a7a98d2515abf97afa296b5f101af7bb229cc9f1fe7f095499ef514fe7f6c0fe6d6dad75a067a3c9608d0b6e155ee5ce7768d431d4166f928ac7b9218db8787a0c2b1ecfe25c0fbb7be14731be74f7ad37c5f11b383c683643e60bd609afa3e057cb71223c297799e99666363bfff3e5c10c2036197d4b9569c130b7df40bd599aa923d04fef3ab258b021129db26870e958fb6f78800ebba921f11d2daa6091f5eb9cbe33b6f1f165f69909e3f7b24b8c63d75e77a5f742a4965a5ff20fd3546e4aaaf2b53f0296fb6240e7fdf13c142dfcf410a394dd74f45082e23e9186dde1629ca70b33eb080004e9308204e5308203cda0030201020210076f124681459c28d548d697c40e001b300d06092a864886f70d010105050 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x136e6841106a71bb2a1b98fa6bba5141 (3) Finished request Waking up in 0.3 seconds. Received Access-Request Id 36 from 192.168.254.99:36050 to 192.168.211.189:1812 length 222 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' EAP-Message = 0x020400061900 State = 0x136e6841106a71bb2a1b98fa6bba5141 Attr-26.25053.3 = 0x746573742d6561702d72616469757331 Message-Authenticator = 0xa69484d8ccbd5252a1098e5db4721b86 (4) # Executing section authorize from file /etc/raddb/sites-enabled/default (4) authorize { (4) filter_username filter_username { (4) if (User-Name =~ /@.*@/ ) (4) if (User-Name =~ /@.*@/ ) -> FALSE (4) if (User-Name =~ /\\.\\./ ) (4) if (User-Name =~ /\\.\\./ ) -> FALSE (4) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (4) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (4) if (User-Name =~ /\\.$/) (4) if (User-Name =~ /\\.$/) -> FALSE (4) if (User-Name =~ /@\\./) (4) if (User-Name =~ /@\\./) -> FALSE (4) } # filter_username filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (4) suffix : No such realm "NULL" (4) [suffix] = noop (4) [files] = noop SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp: Unknown value 'Challenge' for attribute 'Post-Auth-Type' (4) eap : EAP packet type response id 4 length 6 (4) eap : Continuing tunnel setup SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = EAP SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (4) # Executing group from file /etc/raddb/sites-enabled/default (4) authenticate { (4) eap : Expiring EAP session with state 0x136e6841106a71bb (4) eap : Finished EAP session with state 0x136e6841106a71bb (4) eap : Previous EAP request found for state 0x136e6841106a71bb, released from the list (4) eap : Peer sent PEAP (25) (4) eap : EAP PEAP (25) (4) eap : Calling eap_peap to process EAP data (4) eap_peap : processing EAP-TLS (4) eap_peap : Received TLS ACK (4) eap_peap : Received TLS ACK (4) eap_peap : ACK handshake fragment handler (4) eap_peap : eaptls_verify returned 1 (4) eap_peap : eaptls_process returned 13 (4) eap_peap : FR_TLS_HANDLED (4) eap : New EAP session, adding 'State' attribute to reply 0x136e6841176b71bb (4) [eap] = handled (4) } # authenticate = handled Sending Access-Challenge Id 36 from 192.168.211.189:1812 to 192.168.254.99:36050 EAP-Message = 0x010503e8194078e0f0453bac8055fe2893e10a1168f452576ffe480b5b5d1a6a67739982b49e43603ec75b2a126e1aeecb39aec3359da8bc5db02fc30203010001a382017730820173301f0603551d23041830168014adbd987a34b426f7fac42654ef03bde024cb541a301d0603551d0e0416041499e4405f6b145e3e05d9ddd36354fc62b8f700ac300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff02010030110603551d20040a300830060604551d200030440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c3081b306082b060105050701010481a63081a3303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e703763303906082b06010505073002862d687474703a2f2f6372742e7573657274727573742e636f6d2f416464547275737455544e53474343412e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d010105050003820101009c36e34eaef18abb6c978c8f4b67d09fd884aa9f215f35a15bc42b630de8bc775da7c437fd4b2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x136e6841176b71bb2a1b98fa6bba5141 (4) Finished request Waking up in 0.2 seconds. Received Access-Request Id 37 from 192.168.254.99:36050 to 192.168.211.189:1812 length 222 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' EAP-Message = 0x020500061900 State = 0x136e6841176b71bb2a1b98fa6bba5141 Attr-26.25053.3 = 0x746573742d6561702d72616469757331 Message-Authenticator = 0x61b223aba9ea867df919d0a22a4393b5 (5) # Executing section authorize from file /etc/raddb/sites-enabled/default (5) authorize { (5) filter_username filter_username { (5) if (User-Name =~ /@.*@/ ) (5) if (User-Name =~ /@.*@/ ) -> FALSE (5) if (User-Name =~ /\\.\\./ ) (5) if (User-Name =~ /\\.\\./ ) -> FALSE (5) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (5) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (5) if (User-Name =~ /\\.$/) (5) if (User-Name =~ /\\.$/) -> FALSE (5) if (User-Name =~ /@\\./) (5) if (User-Name =~ /@\\./) -> FALSE (5) } # filter_username filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (5) suffix : No such realm "NULL" (5) [suffix] = noop (5) [files] = noop SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp: Unknown value 'Challenge' for attribute 'Post-Auth-Type' (5) eap : EAP packet type response id 5 length 6 (5) eap : Continuing tunnel setup SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = EAP SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (5) # Executing group from file /etc/raddb/sites-enabled/default (5) authenticate { (5) eap : Expiring EAP session with state 0x136e6841176b71bb (5) eap : Finished EAP session with state 0x136e6841176b71bb (5) eap : Previous EAP request found for state 0x136e6841176b71bb, released from the list (5) eap : Peer sent PEAP (25) (5) eap : EAP PEAP (25) (5) eap : Calling eap_peap to process EAP data (5) eap_peap : processing EAP-TLS (5) eap_peap : Received TLS ACK (5) eap_peap : Received TLS ACK (5) eap_peap : ACK handshake fragment handler (5) eap_peap : eaptls_verify returned 1 (5) eap_peap : eaptls_process returned 13 (5) eap_peap : FR_TLS_HANDLED (5) eap : New EAP session, adding 'State' attribute to reply 0x136e6841166871bb (5) [eap] = handled (5) } # authenticate = handled Sending Access-Challenge Id 37 from 192.168.211.189:1812 to 192.168.254.99:36050 EAP-Message = 0x010603e81940726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b3122302006035 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x136e6841166871bb2a1b98fa6bba5141 (5) Finished request Waking up in 0.2 seconds. Received Access-Request Id 38 from 192.168.254.99:36050 to 192.168.211.189:1812 length 222 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' EAP-Message = 0x020600061900 State = 0x136e6841166871bb2a1b98fa6bba5141 Attr-26.25053.3 = 0x746573742d6561702d72616469757331 Message-Authenticator = 0x7212f19ab42053030f35e77d94945511 (6) # Executing section authorize from file /etc/raddb/sites-enabled/default (6) authorize { (6) filter_username filter_username { (6) if (User-Name =~ /@.*@/ ) (6) if (User-Name =~ /@.*@/ ) -> FALSE (6) if (User-Name =~ /\\.\\./ ) (6) if (User-Name =~ /\\.\\./ ) -> FALSE (6) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (6) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (6) if (User-Name =~ /\\.$/) (6) if (User-Name =~ /\\.$/) -> FALSE (6) if (User-Name =~ /@\\./) (6) if (User-Name =~ /@\\./) -> FALSE (6) } # filter_username filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (6) suffix : No such realm "NULL" (6) [suffix] = noop (6) [files] = noop SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp: Unknown value 'Challenge' for attribute 'Post-Auth-Type' (6) eap : EAP packet type response id 6 length 6 (6) eap : Continuing tunnel setup SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = EAP SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (6) # Executing group from file /etc/raddb/sites-enabled/default (6) authenticate { (6) eap : Expiring EAP session with state 0x136e6841166871bb (6) eap : Finished EAP session with state 0x136e6841166871bb (6) eap : Previous EAP request found for state 0x136e6841166871bb, released from the list (6) eap : Peer sent PEAP (25) (6) eap : EAP PEAP (25) (6) eap : Calling eap_peap to process EAP data (6) eap_peap : processing EAP-TLS (6) eap_peap : Received TLS ACK (6) eap_peap : Received TLS ACK (6) eap_peap : ACK handshake fragment handler (6) eap_peap : eaptls_verify returned 1 (6) eap_peap : eaptls_process returned 13 (6) eap_peap : FR_TLS_HANDLED (6) eap : New EAP session, adding 'State' attribute to reply 0x136e6841156971bb (6) [eap] = handled (6) } # authenticate = handled Sending Access-Challenge Id 38 from 192.168.211.189:1812 to 192.168.254.99:36050 EAP-Message = 0x010700a21900f5fa834b17adb0c4f472ec9070fc54664edf73567ed40f55f4ff2444597d3362cb6407404aaff61c87c8fc071afb2813699859668fce80fccee72f72d79412a99a0093d43dc021cb8a68ca03c22a3a0a83f9550ecee7b5271e87f29a8743186858bda55404a061c2b31e1a1baaec32c562004f05d696a8cb5db3abe3e660affea8c318dd70672f42289d4a1b67f9e843cb91d516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x136e6841156971bb2a1b98fa6bba5141 (6) Finished request Waking up in 0.2 seconds. Received Access-Request Id 39 from 192.168.254.99:36050 to 192.168.211.189:1812 length 360 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' EAP-Message = 0x020700901980000000861603010046100000424104e9c1e2227a4ca45a8773e989ddfc559d824fa046dbb39afbcabb48b888a5358b8b7ab522a0888f111d60356bce956d0a0180b0a4c7aa69cac560ea5cdbd05e17140301000101160301003045ac41aba121eef1ea35eb8853c0adeb419abd61686dd7eee92e2037c3e340860ea409e6fd4e9f96814e23dd843e35d7 State = 0x136e6841156971bb2a1b98fa6bba5141 Attr-26.25053.3 = 0x746573742d6561702d72616469757331 Message-Authenticator = 0xf2617bb4379cc4a780b8ba0c7ae4ced6 (7) # Executing section authorize from file /etc/raddb/sites-enabled/default (7) authorize { (7) filter_username filter_username { (7) if (User-Name =~ /@.*@/ ) (7) if (User-Name =~ /@.*@/ ) -> FALSE (7) if (User-Name =~ /\\.\\./ ) (7) if (User-Name =~ /\\.\\./ ) -> FALSE (7) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (7) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (7) if (User-Name =~ /\\.$/) (7) if (User-Name =~ /\\.$/) -> FALSE (7) if (User-Name =~ /@\\./) (7) if (User-Name =~ /@\\./) -> FALSE (7) } # filter_username filter_username = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (7) suffix : No such realm "NULL" (7) [suffix] = noop (7) [files] = noop SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp: Unknown value 'Challenge' for attribute 'Post-Auth-Type' (7) eap : EAP packet type response id 7 length 144 (7) eap : Continuing tunnel setup SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = EAP SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (7) # Executing group from file /etc/raddb/sites-enabled/default (7) authenticate { (7) eap : Expiring EAP session with state 0x136e6841156971bb (7) eap : Finished EAP session with state 0x136e6841156971bb (7) eap : Previous EAP request found for state 0x136e6841156971bb, released from the list (7) eap : Peer sent PEAP (25) (7) eap : EAP PEAP (25) (7) eap : Calling eap_peap to process EAP data (7) eap_peap : processing EAP-TLS TLS Length 134 (7) eap_peap : Length Included (7) eap_peap : eaptls_verify returned 11 (7) eap_peap : <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange (7) eap_peap : TLS_accept: SSLv3 read client key exchange A (7) eap_peap : <<< TLS 1.0 ChangeCipherSpec [length 0001] (7) eap_peap : <<< TLS 1.0 Handshake [length 0010], Finished (7) eap_peap : TLS_accept: SSLv3 read finished A (7) eap_peap : >>> TLS 1.0 ChangeCipherSpec [length 0001] (7) eap_peap : TLS_accept: SSLv3 write change cipher spec A (7) eap_peap : >>> TLS 1.0 Handshake [length 0010], Finished (7) eap_peap : TLS_accept: SSLv3 write finished A (7) eap_peap : TLS_accept: SSLv3 flush data SSL: adding session 0997cfc9e31e456f3b47687295c9a0808a51db1f4ff57082b470732e0a50bd92 to cache (7) eap_peap : (other): SSL negotiation finished successfully SSL Connection Established (7) eap_peap : eaptls_process returned 13 (7) eap_peap : FR_TLS_HANDLED (7) eap : New EAP session, adding 'State' attribute to reply 0x136e6841146671bb (7) [eap] = handled (7) } # authenticate = handled Sending Access-Challenge Id 39 from 192.168.211.189:1812 to 192.168.254.99:36050 EAP-Message = 0x0108004119001403010001011603010030b194eea675079c655e9dfe5cfa07c2e53fcc19b767b0f3568b0a66340f9685c007c3271117d93f089210c7caf3a36f69 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x136e6841146671bb2a1b98fa6bba5141 (7) Finished request Waking up in 0.2 seconds. Received Access-Request Id 40 from 192.168.254.99:36050 to 192.168.211.189:1812 length 222 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' EAP-Message = 0x020800061900 State = 0x136e6841146671bb2a1b98fa6bba5141 Attr-26.25053.3 = 0x746573742d6561702d72616469757331 Message-Authenticator = 0x4a968b3f0249cacdcc65ccd81a81276a (8) # Executing section authorize from file /etc/raddb/sites-enabled/default (8) authorize { (8) filter_username filter_username { (8) if (User-Name =~ /@.*@/ ) (8) if (User-Name =~ /@.*@/ ) -> FALSE (8) if (User-Name =~ /\\.\\./ ) (8) if (User-Name =~ /\\.\\./ ) -> FALSE (8) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (8) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (8) if (User-Name =~ /\\.$/) (8) if (User-Name =~ /\\.$/) -> FALSE (8) if (User-Name =~ /@\\./) (8) if (User-Name =~ /@\\./) -> FALSE (8) } # filter_username filter_username = notfound (8) [preprocess] = ok (8) [chap] = noop (8) [mschap] = noop (8) [digest] = noop (8) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (8) suffix : No such realm "NULL" (8) [suffix] = noop (8) [files] = noop SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp: Unknown value 'Challenge' for attribute 'Post-Auth-Type' (8) eap : EAP packet type response id 8 length 6 (8) eap : Continuing tunnel setup SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (8) [eap] = ok (8) } # authorize = ok (8) Found Auth-Type = EAP SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (8) # Executing group from file /etc/raddb/sites-enabled/default (8) authenticate { (8) eap : Expiring EAP session with state 0x136e6841146671bb (8) eap : Finished EAP session with state 0x136e6841146671bb (8) eap : Previous EAP request found for state 0x136e6841146671bb, released from the list (8) eap : Peer sent PEAP (25) (8) eap : EAP PEAP (25) (8) eap : Calling eap_peap to process EAP data (8) eap_peap : processing EAP-TLS (8) eap_peap : Received TLS ACK (8) eap_peap : Received TLS ACK (8) eap_peap : ACK handshake is finished (8) eap_peap : eaptls_verify returned 3 (8) eap_peap : eaptls_process returned 3 (8) eap_peap : FR_TLS_SUCCESS (8) eap_peap : Session established. Decoding tunneled attributes (8) eap_peap : Peap state TUNNEL ESTABLISHED (8) eap : New EAP session, adding 'State' attribute to reply 0x136e68411b6771bb (8) [eap] = handled (8) } # authenticate = handled Sending Access-Challenge Id 40 from 192.168.211.189:1812 to 192.168.254.99:36050 EAP-Message = 0x0109002b1900170301002033451973a36dd6a4e19d20b0973b68584c4c563547ac122f05ca3f9dfdee8320 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x136e68411b6771bb2a1b98fa6bba5141 (8) Finished request Waking up in 0.2 seconds. Received Access-Request Id 41 from 192.168.254.99:36050 to 192.168.211.189:1812 length 296 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' EAP-Message = 0x0209005019001703010020e98626334a8191d9b71b2cef0b9450695c2c49abe8552a4f895c2465c0ab7b4c1703010020f511f8ef354e26d46d018ab0c14fef378da403e3a6bf3ba46ec9275aa06a99ed State = 0x136e68411b6771bb2a1b98fa6bba5141 Attr-26.25053.3 = 0x746573742d6561702d72616469757331 Message-Authenticator = 0xec32d9bd7256877b2a732075e68daddf (9) # Executing section authorize from file /etc/raddb/sites-enabled/default (9) authorize { (9) filter_username filter_username { (9) if (User-Name =~ /@.*@/ ) (9) if (User-Name =~ /@.*@/ ) -> FALSE (9) if (User-Name =~ /\\.\\./ ) (9) if (User-Name =~ /\\.\\./ ) -> FALSE (9) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (9) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (9) if (User-Name =~ /\\.$/) (9) if (User-Name =~ /\\.$/) -> FALSE (9) if (User-Name =~ /@\\./) (9) if (User-Name =~ /@\\./) -> FALSE (9) } # filter_username filter_username = notfound (9) [preprocess] = ok (9) [chap] = noop (9) [mschap] = noop (9) [digest] = noop (9) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (9) suffix : No such realm "NULL" (9) [suffix] = noop (9) [files] = noop SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp: Unknown value 'Challenge' for attribute 'Post-Auth-Type' (9) eap : EAP packet type response id 9 length 80 (9) eap : Continuing tunnel setup SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (9) [eap] = ok (9) } # authorize = ok (9) Found Auth-Type = EAP SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (9) # Executing group from file /etc/raddb/sites-enabled/default (9) authenticate { (9) eap : Expiring EAP session with state 0x136e68411b6771bb (9) eap : Finished EAP session with state 0x136e68411b6771bb (9) eap : Previous EAP request found for state 0x136e68411b6771bb, released from the list (9) eap : Peer sent PEAP (25) (9) eap : EAP PEAP (25) (9) eap : Calling eap_peap to process EAP data (9) eap_peap : processing EAP-TLS (9) eap_peap : eaptls_verify returned 7 (9) eap_peap : Done initial handshake (9) eap_peap : eaptls_process returned 7 (9) eap_peap : FR_TLS_OK (9) eap_peap : Session established. Decoding tunneled attributes (9) eap_peap : Peap state WAITING FOR INNER IDENTITY (9) eap_peap : Identity - rickjames (9) eap_peap : Got inner identity 'rickjames' (9) eap_peap : Setting default EAP type for tunneled EAP session (9) eap_peap : Got tunneled request EAP-Message = 0x0209000e017269636b6a616d6573 server default { (9) eap_peap : Setting User-Name to rickjames Sending tunneled request EAP-Message = 0x0209000e017269636b6a616d6573 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' server inner-tunnel { (9) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (9) authorize { (9) [mschap] = noop (9) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (9) suffix : No such realm "NULL" (9) [suffix] = noop (9) update control { (9) Proxy-To-Realm := 'LOCAL' (9) } # update control = noop (9) eap : EAP packet type response id 9 length 14 (9) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (9) [eap] = ok (9) } # authorize = ok (9) Found Auth-Type = EAP SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (9) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (9) authenticate { (9) eap : Peer sent Identity (1) (9) eap : Calling eap_mschapv2 to process EAP data (9) eap_mschapv2 : Issuing Challenge (9) eap : New EAP session, adding 'State' attribute to reply 0x2ec2652d2ec87fad (9) [eap] = handled (9) } # authenticate = handled } # server inner-tunnel (9) eap_peap : Got tunneled reply code 11 EAP-Message = 0x010a00231a010a001e10995f6102363d52035e65fa6ba45288437269636b6a616d6573 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2ec2652d2ec87fad4a09547ad27dcfe9 (9) eap_peap : Got tunneled reply RADIUS code 11 EAP-Message = 0x010a00231a010a001e10995f6102363d52035e65fa6ba45288437269636b6a616d6573 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2ec2652d2ec87fad4a09547ad27dcfe9 (9) eap_peap : Got tunneled Access-Challenge (9) eap : New EAP session, adding 'State' attribute to reply 0x136e68411a6471bb (9) [eap] = handled (9) } # authenticate = handled Sending Access-Challenge Id 41 from 192.168.211.189:1812 to 192.168.254.99:36050 EAP-Message = 0x010a004b19001703010040eda3c7d96022285ed952c583a3025225fb9ec53cde65c20ef72b80196b8fc3a153fc745d03aaa5fb11b58040624a77b29eb202840b88de38220c0376af174a1a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x136e68411a6471bb2a1b98fa6bba5141 (9) Finished request Waking up in 0.2 seconds. Received Access-Request Id 42 from 192.168.254.99:36050 to 192.168.211.189:1812 length 360 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' EAP-Message = 0x020a00901900170301002015a83849b0ce610a1d9a28c86e651e43aea44867fbcc9cb16cab4c575cee45101703010060a5a929abbd9e7c855f8774c2b272fbdb27b0556f225c43d50cb9d4c3d990685076cd3ae741c18651cc51d0a4b56197e94ef3524d69a550c617b4a89474041379d3bf6f509cff422059924c0cfe890b794481d9f9e85b88e04a117d1e5c951b43 State = 0x136e68411a6471bb2a1b98fa6bba5141 Attr-26.25053.3 = 0x746573742d6561702d72616469757331 Message-Authenticator = 0x35b2e484a70d89c4fbe075b4cdfb5d61 (10) # Executing section authorize from file /etc/raddb/sites-enabled/default (10) authorize { (10) filter_username filter_username { (10) if (User-Name =~ /@.*@/ ) (10) if (User-Name =~ /@.*@/ ) -> FALSE (10) if (User-Name =~ /\\.\\./ ) (10) if (User-Name =~ /\\.\\./ ) -> FALSE (10) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (10) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (10) if (User-Name =~ /\\.$/) (10) if (User-Name =~ /\\.$/) -> FALSE (10) if (User-Name =~ /@\\./) (10) if (User-Name =~ /@\\./) -> FALSE (10) } # filter_username filter_username = notfound (10) [preprocess] = ok (10) [chap] = noop (10) [mschap] = noop (10) [digest] = noop (10) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (10) suffix : No such realm "NULL" (10) [suffix] = noop (10) [files] = noop SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp: Unknown value 'Challenge' for attribute 'Post-Auth-Type' (10) eap : EAP packet type response id 10 length 144 (10) eap : Continuing tunnel setup SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (10) [eap] = ok (10) } # authorize = ok (10) Found Auth-Type = EAP SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (10) # Executing group from file /etc/raddb/sites-enabled/default (10) authenticate { (10) eap : Expiring EAP session with state 0x2ec2652d2ec87fad (10) eap : Finished EAP session with state 0x136e68411a6471bb (10) eap : Previous EAP request found for state 0x136e68411a6471bb, released from the list (10) eap : Peer sent PEAP (25) (10) eap : EAP PEAP (25) (10) eap : Calling eap_peap to process EAP data (10) eap_peap : processing EAP-TLS (10) eap_peap : eaptls_verify returned 7 (10) eap_peap : Done initial handshake (10) eap_peap : eaptls_process returned 7 (10) eap_peap : FR_TLS_OK (10) eap_peap : Session established. Decoding tunneled attributes (10) eap_peap : Peap state phase2 (10) eap_peap : EAP type MSCHAPv2 (26) (10) eap_peap : Got tunneled request EAP-Message = 0x020a00441a020a003f31582f9a8144172342a69b6a2b8e268ec80000000000000000f73b3c7af70d3a572d8a27aab62c1ced7324dce21fd56c64007269636b6a616d6573 server default { (10) eap_peap : Setting User-Name to rickjames Sending tunneled request EAP-Message = 0x020a00441a020a003f31582f9a8144172342a69b6a2b8e268ec80000000000000000f73b3c7af70d3a572d8a27aab62c1ced7324dce21fd56c64007269636b6a616d6573 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = 'rickjames' State = 0x2ec2652d2ec87fad4a09547ad27dcfe9 Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' server inner-tunnel { (10) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (10) authorize { (10) [mschap] = noop (10) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (10) suffix : No such realm "NULL" (10) [suffix] = noop (10) update control { (10) Proxy-To-Realm := 'LOCAL' (10) } # update control = noop (10) eap : EAP packet type response id 10 length 68 (10) eap : No EAP Start, assuming it's an on-going EAP conversation (10) [eap] = updated (10) sql : EXPAND %{User-Name} (10) sql : --> rickjames (10) sql : SQL-User-Name set to 'rickjames' rlm_sql (sql): Reserved connection (4) (10) sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (10) sql : --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rickjames' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rickjames' ORDER BY id' (10) sql : User found in radcheck table (10) sql : Check items matched (10) sql : EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (10) sql : --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rickjames' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rickjames' ORDER BY id' (10) sql : EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (10) sql : --> SELECT groupname FROM radusergroup WHERE username = 'rickjames' ORDER BY priority rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'rickjames' ORDER BY priority' (10) sql : User found in the group table (10) sql : EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id (10) sql : --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'TestSite-Premium' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'TestSite-Premium' ORDER BY id' (10) sql : Group "TestSite-Premium" check items matched (10) sql : EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id (10) sql : --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'TestSite-Premium' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'TestSite-Premium' ORDER BY id' (10) sql : Group "TestSite-Premium" reply items processed rlm_sql (sql): Released connection (4) (10) [sql] = ok (10) [expiration] = noop (10) [logintime] = noop (10) WARNING: pap : Auth-Type already set. Not setting to PAP (10) [pap] = noop (10) } # authorize = updated (10) Found Auth-Type = EAP (10) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (10) authenticate { (10) eap : Expiring EAP session with state 0x2ec2652d2ec87fad (10) eap : Finished EAP session with state 0x2ec2652d2ec87fad (10) eap : Previous EAP request found for state 0x2ec2652d2ec87fad, released from the list (10) eap : Peer sent MSCHAPv2 (26) (10) eap : EAP MSCHAPv2 (26) (10) eap : Calling eap_mschapv2 to process EAP data (10) eap_mschapv2 : # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (10) eap_mschapv2 : Auth-Type MS-CHAP { (10) mschap : Found Cleartext-Password, hashing to create LM-Password (10) mschap : Found Cleartext-Password, hashing to create NT-Password (10) mschap : Creating challenge hash with username: rickjames (10) mschap : Client is using MS-CHAPv2 (10) mschap : Adding MS-CHAPv2 MPPE keys (10) [mschap] = ok (10) } # Auth-Type MS-CHAP = ok MSCHAP Success (10) eap : New EAP session, adding 'State' attribute to reply 0x2ec2652d2fc97fad (10) [eap] = handled (10) } # authenticate = handled } # server inner-tunnel (10) eap_peap : Got tunneled reply code 11 Ruckus-Role = 'TestSite-Premium' EAP-Message = 0x010b00331a030a002e533d46364439454433443336453237444233304444394333394135353032413441423742314641334145 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2ec2652d2fc97fad4a09547ad27dcfe9 (10) eap_peap : Got tunneled reply RADIUS code 11 Ruckus-Role = 'TestSite-Premium' EAP-Message = 0x010b00331a030a002e533d46364439454433443336453237444233304444394333394135353032413441423742314641334145 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2ec2652d2fc97fad4a09547ad27dcfe9 (10) eap_peap : Got tunneled Access-Challenge (10) eap : New EAP session, adding 'State' attribute to reply 0x136e6841196571bb (10) [eap] = handled (10) } # authenticate = handled Sending Access-Challenge Id 42 from 192.168.211.189:1812 to 192.168.254.99:36050 EAP-Message = 0x010b005b1900170301005098942ae95d0275c0eed2fc972b3bbcff7950c279881fe54c3094ca6983ce2b690c0aa8af6485a3d86e86f0adeb816fe67a05dca105e5847a0b0cbefb2921449ddb992da8cb3a844708eb985a3d864752 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x136e6841196571bb2a1b98fa6bba5141 (10) Finished request Waking up in 0.2 seconds. Received Access-Request Id 43 from 192.168.254.99:36050 to 192.168.211.189:1812 length 296 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' EAP-Message = 0x020b005019001703010020a84c8e73d4bb000df85d9d52a999d15496a0cd0a5379370192525c87dba5459f1703010020bce4e2e023f4c1e40628bcc3627e26014d804f9b8bef687bcf0eac3beabd5b07 State = 0x136e6841196571bb2a1b98fa6bba5141 Attr-26.25053.3 = 0x746573742d6561702d72616469757331 Message-Authenticator = 0x132995c07ea21254be654d718a2a7f76 (11) # Executing section authorize from file /etc/raddb/sites-enabled/default (11) authorize { (11) filter_username filter_username { (11) if (User-Name =~ /@.*@/ ) (11) if (User-Name =~ /@.*@/ ) -> FALSE (11) if (User-Name =~ /\\.\\./ ) (11) if (User-Name =~ /\\.\\./ ) -> FALSE (11) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (11) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (11) if (User-Name =~ /\\.$/) (11) if (User-Name =~ /\\.$/) -> FALSE (11) if (User-Name =~ /@\\./) (11) if (User-Name =~ /@\\./) -> FALSE (11) } # filter_username filter_username = notfound (11) [preprocess] = ok (11) [chap] = noop (11) [mschap] = noop (11) [digest] = noop (11) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (11) suffix : No such realm "NULL" (11) [suffix] = noop (11) [files] = noop SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp: Unknown value 'Challenge' for attribute 'Post-Auth-Type' (11) eap : EAP packet type response id 11 length 80 (11) eap : Continuing tunnel setup SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (11) [eap] = ok (11) } # authorize = ok (11) Found Auth-Type = EAP SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (11) # Executing group from file /etc/raddb/sites-enabled/default (11) authenticate { (11) eap : Expiring EAP session with state 0x2ec2652d2fc97fad (11) eap : Finished EAP session with state 0x136e6841196571bb (11) eap : Previous EAP request found for state 0x136e6841196571bb, released from the list (11) eap : Peer sent PEAP (25) (11) eap : EAP PEAP (25) (11) eap : Calling eap_peap to process EAP data (11) eap_peap : processing EAP-TLS (11) eap_peap : eaptls_verify returned 7 (11) eap_peap : Done initial handshake (11) eap_peap : eaptls_process returned 7 (11) eap_peap : FR_TLS_OK (11) eap_peap : Session established. Decoding tunneled attributes (11) eap_peap : Peap state phase2 (11) eap_peap : EAP type MSCHAPv2 (26) (11) eap_peap : Got tunneled request EAP-Message = 0x020b00061a03 server default { (11) eap_peap : Setting User-Name to rickjames Sending tunneled request EAP-Message = 0x020b00061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = 'rickjames' State = 0x2ec2652d2fc97fad4a09547ad27dcfe9 Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' server inner-tunnel { (11) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (11) authorize { (11) [mschap] = noop (11) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (11) suffix : No such realm "NULL" (11) [suffix] = noop (11) update control { (11) Proxy-To-Realm := 'LOCAL' (11) } # update control = noop (11) eap : EAP packet type response id 11 length 6 (11) eap : No EAP Start, assuming it's an on-going EAP conversation (11) [eap] = updated (11) sql : EXPAND %{User-Name} (11) sql : --> rickjames (11) sql : SQL-User-Name set to 'rickjames' rlm_sql (sql): Reserved connection (4) (11) sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (11) sql : --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rickjames' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rickjames' ORDER BY id' (11) sql : User found in radcheck table (11) sql : Check items matched (11) sql : EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (11) sql : --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rickjames' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rickjames' ORDER BY id' (11) sql : EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (11) sql : --> SELECT groupname FROM radusergroup WHERE username = 'rickjames' ORDER BY priority rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'rickjames' ORDER BY priority' (11) sql : User found in the group table (11) sql : EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id (11) sql : --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'TestSite-Premium' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'TestSite-Premium' ORDER BY id' (11) sql : Group "TestSite-Premium" check items matched (11) sql : EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id (11) sql : --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'TestSite-Premium' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'TestSite-Premium' ORDER BY id' (11) sql : Group "TestSite-Premium" reply items processed rlm_sql (sql): Released connection (4) (11) [sql] = ok (11) [expiration] = noop (11) [logintime] = noop (11) WARNING: pap : Auth-Type already set. Not setting to PAP (11) [pap] = noop (11) } # authorize = updated (11) Found Auth-Type = EAP (11) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (11) authenticate { (11) eap : Expiring EAP session with state 0x2ec2652d2fc97fad (11) eap : Finished EAP session with state 0x2ec2652d2fc97fad (11) eap : Previous EAP request found for state 0x2ec2652d2fc97fad, released from the list (11) eap : Peer sent MSCHAPv2 (26) (11) eap : EAP MSCHAPv2 (26) (11) eap : Calling eap_mschapv2 to process EAP data (11) eap : Freeing handler (11) [eap] = ok (11) } # authenticate = ok (11) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel (11) post-auth { (11) sql : EXPAND .query (11) sql : --> .query (11) sql : Using query template 'query' rlm_sql (sql): Reserved connection (4) (11) sql : EXPAND %{User-Name} (11) sql : --> rickjames (11) sql : SQL-User-Name set to 'rickjames' (11) sql : EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (11) sql : --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'rickjames', '', 'Access-Accept', '2014-08-13 09:21:28') rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'rickjames', '', 'Access-Accept', '2014-08-13 09:21:28')' rlm_sql (sql): Released connection (4) (11) [sql] = ok (11) } # post-auth = ok } # server inner-tunnel (11) eap_peap : Got tunneled reply code 2 Ruckus-Role = 'TestSite-Premium' MS-MPPE-Encryption-Policy = Encryption-Allowed MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed MS-MPPE-Send-Key = 0xeaf782950ee59dbf8a0fff586c492c51 MS-MPPE-Recv-Key = 0x1789cc3f16209aeaa19a8c822a7d7c91 EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = 'rickjames' (11) eap_peap : Got tunneled reply RADIUS code 2 Ruckus-Role = 'TestSite-Premium' MS-MPPE-Encryption-Policy = Encryption-Allowed MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed MS-MPPE-Send-Key = 0xeaf782950ee59dbf8a0fff586c492c51 MS-MPPE-Recv-Key = 0x1789cc3f16209aeaa19a8c822a7d7c91 EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = 'rickjames' (11) eap_peap : Tunneled authentication was successful (11) eap_peap : SUCCESS (11) eap_peap : Saving tunneled attributes for later (11) eap : New EAP session, adding 'State' attribute to reply 0x136e6841186271bb (11) [eap] = handled (11) } # authenticate = handled Sending Access-Challenge Id 43 from 192.168.211.189:1812 to 192.168.254.99:36050 EAP-Message = 0x010c002b19001703010020030195580686d8c55b7258ab8cc2d7c08eb18adc25ae666bc33e4b3cac96dda1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x136e6841186271bb2a1b98fa6bba5141 (11) Finished request Waking up in 0.1 seconds. Received Access-Request Id 44 from 192.168.254.99:36050 to 192.168.211.189:1812 length 296 User-Name = 'rickjames' Calling-Station-Id = 'F0-7B-CB-6D-07-6D' NAS-IP-Address = 10.177.1.230 NAS-Port = 98 Called-Station-Id = '6C-AA-B3-CF-40-A9:test-eap-radius1' Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = '6C-AA-B3-CF-40-A9' Connect-Info = 'CONNECT 802.11g/n' EAP-Message = 0x020c005019001703010020d4f44b23f4a5c42a8ec0a8a6d96cceaaace541579ec7e14383b635ca9fcb617e17030100204d6c2136d6ff6568ade9c503f6639704f8f540dd7e640da9d728e704823958e1 State = 0x136e6841186271bb2a1b98fa6bba5141 Attr-26.25053.3 = 0x746573742d6561702d72616469757331 Message-Authenticator = 0x1b77f8b0ea3e0557c49aa26fd8622e4a (12) # Executing section authorize from file /etc/raddb/sites-enabled/default (12) authorize { (12) filter_username filter_username { (12) if (User-Name =~ /@.*@/ ) (12) if (User-Name =~ /@.*@/ ) -> FALSE (12) if (User-Name =~ /\\.\\./ ) (12) if (User-Name =~ /\\.\\./ ) -> FALSE (12) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (12) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (12) if (User-Name =~ /\\.$/) (12) if (User-Name =~ /\\.$/) -> FALSE (12) if (User-Name =~ /@\\./) (12) if (User-Name =~ /@\\./) -> FALSE (12) } # filter_username filter_username = notfound (12) [preprocess] = ok (12) [chap] = noop (12) [mschap] = noop (12) [digest] = noop (12) suffix : No '@' in User-Name = "rickjames", looking up realm NULL (12) suffix : No such realm "NULL" (12) [suffix] = noop (12) [files] = noop SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp: Unknown value 'Challenge' for attribute 'Post-Auth-Type' (12) eap : EAP packet type response id 12 length 80 (12) eap : Continuing tunnel setup SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (12) [eap] = ok (12) } # authorize = ok (12) Found Auth-Type = EAP SOFT ASSERT FAILED src/lib/valuepair.c[235]: vp (12) # Executing group from file /etc/raddb/sites-enabled/default (12) authenticate { (12) eap : Expiring EAP session with state 0x136e6841186271bb (12) eap : Finished EAP session with state 0x136e6841186271bb (12) eap : Previous EAP request found for state 0x136e6841186271bb, released from the list (12) eap : Peer sent PEAP (25) (12) eap : EAP PEAP (25) (12) eap : Calling eap_peap to process EAP data (12) eap_peap : processing EAP-TLS (12) eap_peap : eaptls_verify returned 7 (12) eap_peap : Done initial handshake (12) eap_peap : eaptls_process returned 7 (12) eap_peap : FR_TLS_OK (12) eap_peap : Session established. Decoding tunneled attributes (12) eap_peap : Peap state send tlv success (12) eap_peap : Received EAP-TLV response (12) eap_peap : Success (12) eap_peap : Using saved attributes from the original Access-Accept Ruckus-Role = 'TestSite-Premium' User-Name = 'rickjames' (12) eap_peap : Saving session 0997cfc9e31e456f3b47687295c9a0808a51db1f4ff57082b470732e0a50bd92 vps 0x2764630 in the cache (12) eap : Freeing handler (12) [eap] = ok (12) } # authenticate = ok (12) # Executing section post-auth from file /etc/raddb/sites-enabled/default (12) post-auth { (12) sql : EXPAND .query (12) sql : --> .query (12) sql : Using query template 'query' rlm_sql (sql): Reserved connection (4) (12) sql : EXPAND %{User-Name} (12) sql : --> rickjames (12) sql : SQL-User-Name set to 'rickjames' (12) sql : EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (12) sql : --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'rickjames', '', 'Access-Accept', '2014-08-13 09:21:28') rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'rickjames', '', 'Access-Accept', '2014-08-13 09:21:28')' rlm_sql (sql): Released connection (4) (12) [sql] = ok (12) [exec] = noop (12) remove_reply_message_if_eap remove_reply_message_if_eap { (12) if (reply:EAP-Message && reply:Reply-Message) (12) if (reply:EAP-Message && reply:Reply-Message) -> FALSE (12) else else { (12) [noop] = noop (12) } # else else = noop (12) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (12) } # post-auth = ok Sending Access-Accept Id 44 from 192.168.211.189:1812 to 192.168.254.99:36050 Ruckus-Role = 'TestSite-Premium' User-Name = 'rickjames' MS-MPPE-Recv-Key = 0x14046c8dbf08ecc46b718ea254b43aa5773f874ca2bcd227fc130253a02c5978 MS-MPPE-Send-Key = 0x9b8be7935c20ffd7dcc4e36b45cfb2552f4326ae051c7574da2c509fa662a8d8 EAP-Message = 0x030c0004 Message-Authenticator = 0x00000000000000000000000000000000 (12) Finished request Waking up in 0.1 seconds. Waking up in 4.5 seconds. (0) Cleaning up request packet ID 32 with timestamp +41 (1) Cleaning up request packet ID 33 with timestamp +41 (2) Cleaning up request packet ID 34 with timestamp +41 (3) Cleaning up request packet ID 35 with timestamp +41 (4) Cleaning up request packet ID 36 with timestamp +41 (5) Cleaning up request packet ID 37 with timestamp +41 (6) Cleaning up request packet ID 38 with timestamp +41 (7) Cleaning up request packet ID 39 with timestamp +41 (8) Cleaning up request packet ID 40 with timestamp +41 (9) Cleaning up request packet ID 41 with timestamp +41 (10) Cleaning up request packet ID 42 with timestamp +41 (11) Cleaning up request packet ID 43 with timestamp +41 (12) Cleaning up request packet ID 44 with timestamp +41