NoPaste

freeradius -x

von Alternativende

SNIPPET_TEXT:
  1. FreeRADIUS Version 3.0.17
  2. Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
  3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  4. PARTICULAR PURPOSE
  5. You may redistribute copies of FreeRADIUS under the terms of the
  6. GNU General Public License
  7. For more information about these matters, see the file named COPYRIGHT
  8. Starting - reading configuration files ...
  9. including dictionary file /usr/share/freeradius/dictionary
  10. including dictionary file /usr/share/freeradius/dictionary.dhcp
  11. including dictionary file /usr/share/freeradius/dictionary.vqp
  12. including dictionary file /etc/freeradius/3.0/dictionary
  13. including configuration file /etc/freeradius/3.0/radiusd.conf
  14. including configuration file /etc/freeradius/3.0/proxy.conf
  15. including configuration file /etc/freeradius/3.0/clients.conf
  16. including files in directory /etc/freeradius/3.0/mods-enabled/
  17. including configuration file /etc/freeradius/3.0/mods-enabled/pap
  18. including configuration file /etc/freeradius/3.0/mods-enabled/passwd
  19. including configuration file /etc/freeradius/3.0/mods-enabled/detail
  20. including configuration file /etc/freeradius/3.0/mods-enabled/replicate
  21. including configuration file /etc/freeradius/3.0/mods-enabled/radutmp
  22. including configuration file /etc/freeradius/3.0/mods-enabled/files
  23. including configuration file /etc/freeradius/3.0/mods-enabled/exec
  24. including configuration file /etc/freeradius/3.0/mods-enabled/unpack
  25. including configuration file /etc/freeradius/3.0/mods-enabled/mschap
  26. including configuration file /etc/freeradius/3.0/mods-enabled/dynamic_clients
  27. including configuration file /etc/freeradius/3.0/mods-enabled/eap
  28. including configuration file /etc/freeradius/3.0/mods-enabled/digest
  29. including configuration file /etc/freeradius/3.0/mods-enabled/expr
  30. including configuration file /etc/freeradius/3.0/mods-enabled/expiration
  31. including configuration file /etc/freeradius/3.0/mods-enabled/always
  32. including configuration file /etc/freeradius/3.0/mods-enabled/attr_filter
  33. including configuration file /etc/freeradius/3.0/mods-enabled/unix
  34. including configuration file /etc/freeradius/3.0/mods-enabled/logintime
  35. including configuration file /etc/freeradius/3.0/mods-enabled/detail.log
  36. including configuration file /etc/freeradius/3.0/mods-enabled/utf8
  37. including configuration file /etc/freeradius/3.0/mods-enabled/preprocess
  38. including configuration file /etc/freeradius/3.0/mods-enabled/cache_eap
  39. including configuration file /etc/freeradius/3.0/mods-enabled/chap
  40. including configuration file /etc/freeradius/3.0/mods-enabled/linelog
  41. including configuration file /etc/freeradius/3.0/mods-enabled/soh
  42. including configuration file /etc/freeradius/3.0/mods-enabled/echo
  43. including configuration file /etc/freeradius/3.0/mods-enabled/sradutmp
  44. including configuration file /etc/freeradius/3.0/mods-enabled/ntlm_auth
  45. including configuration file /etc/freeradius/3.0/mods-enabled/realm
  46. including files in directory /etc/freeradius/3.0/policy.d/
  47. including configuration file /etc/freeradius/3.0/policy.d/dhcp
  48. including configuration file /etc/freeradius/3.0/policy.d/operator-name
  49. including configuration file /etc/freeradius/3.0/policy.d/cui
  50. including configuration file /etc/freeradius/3.0/policy.d/accounting
  51. including configuration file /etc/freeradius/3.0/policy.d/eap
  52. including configuration file /etc/freeradius/3.0/policy.d/canonicalization
  53. including configuration file /etc/freeradius/3.0/policy.d/debug
  54. including configuration file /etc/freeradius/3.0/policy.d/abfab-tr
  55. including configuration file /etc/freeradius/3.0/policy.d/filter
  56. including configuration file /etc/freeradius/3.0/policy.d/control
  57. including configuration file /etc/freeradius/3.0/policy.d/moonshot-targeted-ids
  58. including files in directory /etc/freeradius/3.0/sites-enabled/
  59. including configuration file /etc/freeradius/3.0/sites-enabled/inner-tunnel
  60. including configuration file /etc/freeradius/3.0/sites-enabled/default
  61. main {
  62.  security {
  63.         user = "freerad"
  64.         group = "freerad"
  65.         allow_core_dumps = no
  66.  }
  67.         name = "freeradius"
  68.         prefix = "/usr"
  69.         localstatedir = "/var"
  70.         logdir = "/var/log/freeradius"
  71.         run_dir = "/var/run/freeradius"
  72. }
  73. main {
  74.         name = "freeradius"
  75.         prefix = "/usr"
  76.         localstatedir = "/var"
  77.         sbindir = "/usr/sbin"
  78.         logdir = "/var/log/freeradius"
  79.         run_dir = "/var/run/freeradius"
  80.         libdir = "/usr/lib/freeradius"
  81.         radacctdir = "/var/log/freeradius/radacct"
  82.         hostname_lookups = no
  83.         max_request_time = 30
  84.         cleanup_delay = 5
  85.         max_requests = 64000
  86.         pidfile = "/var/run/freeradius/freeradius.pid"
  87.         checkrad = "/usr/sbin/checkrad"
  88.         debug_level = 0
  89.         proxy_requests = yes
  90.  log {
  91.         stripped_names = yes
  92.         auth = yes
  93.         auth_badpass = yes
  94.         auth_goodpass = no
  95.         colourise = yes
  96.         msg_denied = "You are already logged in - access denied"
  97.  }
  98.  resources {
  99.  }
  100.  security {
  101.         max_attributes = 200
  102.         reject_delay = 1.000000
  103.         status_server = yes
  104.  }
  105. }
  106. radiusd: #### Loading Realms and Home Servers ####
  107.  proxy server {
  108.         retry_delay = 5
  109.         retry_count = 3
  110.         default_fallback = no
  111.         dead_time = 120
  112.         wake_all_if_all_dead = no
  113.  }
  114.  home_server localhost {
  115.         ipaddr = 127.0.0.1
  116.         port = 1812
  117.         type = "auth"
  118.         secret = <<< secret >>>
  119.         response_window = 20.000000
  120.         response_timeouts = 1
  121.         max_outstanding = 65536
  122.         zombie_period = 40
  123.         status_check = "status-server"
  124.         ping_interval = 30
  125.         check_interval = 30
  126.         check_timeout = 4
  127.         num_answers_to_alive = 3
  128.         revive_interval = 120
  129.   limit {
  130.         max_connections = 16
  131.         max_requests = 0
  132.         lifetime = 0
  133.         idle_timeout = 0
  134.   }
  135.   coa {
  136.         irt = 2
  137.         mrt = 16
  138.         mrc = 5
  139.         mrd = 30
  140.   }
  141.  }
  142.  home_server_pool my_auth_failover {
  143.         type = fail-over
  144.         home_server = localhost
  145.  }
  146.  realm example.com {
  147.         auth_pool = my_auth_failover
  148.  }
  149.  realm LOCAL {
  150.  }
  151. radiusd: #### Loading Clients ####
  152.  client GSN-AP-R035 {
  153.         ipaddr = 192.168.100.100
  154.         require_message_authenticator = no
  155.         secret = <<< secret >>>
  156.         nas_type = "other"
  157.         proto = "*"
  158.   limit {
  159.         max_connections = 16
  160.         lifetime = 0
  161.         idle_timeout = 30
  162.   }
  163.  }
  164.  client GSN-AP-R14 {
  165.         ipaddr = 192.168.100.101
  166.         require_message_authenticator = no
  167.         secret = <<< secret >>>
  168.         nas_type = "other"
  169.         proto = "*"
  170.   limit {
  171.         max_connections = 16
  172.         lifetime = 0
  173.         idle_timeout = 30
  174.   }
  175.  }
  176.  client GSN-AP-R004 {
  177.         ipaddr = 192.168.100.103
  178.         require_message_authenticator = no
  179.         secret = <<< secret >>>
  180.         nas_type = "other"
  181.         proto = "*"
  182.   limit {
  183.         max_connections = 16
  184.         lifetime = 0
  185.         idle_timeout = 30
  186.   }
  187.  }
  188.  client GSN-AP-R032 {
  189.         ipaddr = 192.168.100.104
  190.         require_message_authenticator = no
  191.         secret = <<< secret >>>
  192.         nas_type = "other"
  193.         proto = "*"
  194.   limit {
  195.         max_connections = 16
  196.         lifetime = 0
  197.         idle_timeout = 30
  198.   }
  199.  }
  200.  client GSN-AP-R27 {
  201.         ipaddr = 192.168.100.105
  202.         require_message_authenticator = no
  203.         secret = <<< secret >>>
  204.         nas_type = "other"
  205.         proto = "*"
  206.   limit {
  207.         max_connections = 16
  208.         lifetime = 0
  209.         idle_timeout = 30
  210.   }
  211.  }
  212.  client GSN-AP-R106 {
  213.         ipaddr = 192.168.100.106
  214.         require_message_authenticator = no
  215.         secret = <<< secret >>>
  216.         nas_type = "other"
  217.         proto = "*"
  218.   limit {
  219.         max_connections = 16
  220.         lifetime = 0
  221.         idle_timeout = 30
  222.   }
  223.  }
  224.  client GSN-AP-R30 {
  225.         ipaddr = 192.168.100.107
  226.         require_message_authenticator = no
  227.         secret = <<< secret >>>
  228.         nas_type = "other"
  229.         proto = "*"
  230.   limit {
  231.         max_connections = 16
  232.         lifetime = 0
  233.         idle_timeout = 30
  234.   }
  235.  }
  236.  client GSN-AP-OGS5 {
  237.         ipaddr = 192.168.100.108
  238.         require_message_authenticator = no
  239.         secret = <<< secret >>>
  240.         nas_type = "other"
  241.         proto = "*"
  242.   limit {
  243.         max_connections = 16
  244.         lifetime = 0
  245.         idle_timeout = 30
  246.   }
  247.  }
  248.  client GSN-AP-R22 {
  249.         ipaddr = 192.168.100.110
  250.         require_message_authenticator = no
  251.         secret = <<< secret >>>
  252.         nas_type = "other"
  253.         proto = "*"
  254.   limit {
  255.         max_connections = 16
  256.         lifetime = 0
  257.         idle_timeout = 30
  258.   }
  259.  }
  260.  client GSN-AP-R115 {
  261.         ipaddr = 192.168.100.111
  262.         require_message_authenticator = no
  263.         secret = <<< secret >>>
  264.         nas_type = "other"
  265.         proto = "*"
  266.   limit {
  267.         max_connections = 16
  268.         lifetime = 0
  269.         idle_timeout = 30
  270.   }
  271.  }
  272.  client GSN-AP-R04 {
  273.         ipaddr = 192.168.100.112
  274.         require_message_authenticator = no
  275.         secret = <<< secret >>>
  276.         nas_type = "other"
  277.         proto = "*"
  278.   limit {
  279.         max_connections = 16
  280.         lifetime = 0
  281.         idle_timeout = 30
  282.   }
  283.  }
  284.  client GSN-AP-R25 {
  285.         ipaddr = 192.168.100.114
  286.         require_message_authenticator = no
  287.         secret = <<< secret >>>
  288.         nas_type = "other"
  289.         proto = "*"
  290.   limit {
  291.         max_connections = 16
  292.         lifetime = 0
  293.         idle_timeout = 30
  294.   }
  295.  }
  296.  client GSN-AP-R101 {
  297.         ipaddr = 192.168.100.115
  298.         require_message_authenticator = no
  299.         secret = <<< secret >>>
  300.         nas_type = "other"
  301.         proto = "*"
  302.   limit {
  303.         max_connections = 16
  304.         lifetime = 0
  305.         idle_timeout = 30
  306.   }
  307.  }
  308.  client GSN-AP-R116 {
  309.         ipaddr = 192.168.100.116
  310.         require_message_authenticator = no
  311.         secret = <<< secret >>>
  312.         nas_type = "other"
  313.         proto = "*"
  314.   limit {
  315.         max_connections = 16
  316.         lifetime = 0
  317.         idle_timeout = 30
  318.   }
  319.  }
  320.  client GSN-AP-AU11 {
  321.         ipaddr = 192.168.100.117
  322.         require_message_authenticator = no
  323.         secret = <<< secret >>>
  324.         nas_type = "other"
  325.         proto = "*"
  326.   limit {
  327.         max_connections = 16
  328.         lifetime = 0
  329.         idle_timeout = 30
  330.   }
  331.  }
  332.  client GSN-AP-R035-02 {
  333.         ipaddr = 192.168.100.118
  334.         require_message_authenticator = no
  335.         secret = <<< secret >>>
  336.         nas_type = "other"
  337.         proto = "*"
  338.   limit {
  339.         max_connections = 16
  340.         lifetime = 0
  341.         idle_timeout = 30
  342.   }
  343.  }
  344. Debugger not attached
  345.  # Creating Auth-Type = mschap
  346.  # Creating Auth-Type = eap
  347.  # Creating Auth-Type = PAP
  348.  # Creating Auth-Type = CHAP
  349.  # Creating Auth-Type = MS-CHAP
  350.  # Creating Auth-Type = digest
  351. radiusd: #### Instantiating modules ####
  352.  modules {
  353.   # Loaded module rlm_pap
  354.   # Loading module "pap" from file /etc/freeradius/3.0/mods-enabled/pap
  355.   pap {
  356.         normalise = yes
  357.   }
  358.   # Loaded module rlm_passwd
  359.   # Loading module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd
  360.   passwd etc_passwd {
  361.         filename = "/etc/passwd"
  362.         format = "*User-Name:Crypt-Password:"
  363.         delimiter = ":"
  364.         ignore_nislike = no
  365.         ignore_empty = yes
  366.         allow_multiple_keys = no
  367.         hash_size = 100
  368.   }
  369.   # Loaded module rlm_detail
  370.   # Loading module "detail" from file /etc/freeradius/3.0/mods-enabled/detail
  371.   detail {
  372.         filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  373.         header = "%t"
  374.         permissions = 384
  375.         locking = no
  376.         escape_filenames = no
  377.         log_packet_header = no
  378.   }
  379.   # Loaded module rlm_replicate
  380.   # Loading module "replicate" from file /etc/freeradius/3.0/mods-enabled/replicate
  381.   # Loaded module rlm_radutmp
  382.   # Loading module "radutmp" from file /etc/freeradius/3.0/mods-enabled/radutmp
  383.   radutmp {
  384.         filename = "/var/log/freeradius/radutmp"
  385.         username = "%{User-Name}"
  386.         case_sensitive = yes
  387.         check_with_nas = yes
  388.         permissions = 384
  389.         caller_id = yes
  390.   }
  391.   # Loaded module rlm_files
  392.   # Loading module "files" from file /etc/freeradius/3.0/mods-enabled/files
  393.   files {
  394.         filename = "/etc/freeradius/3.0/mods-config/files/authorize"
  395.         acctusersfile = "/etc/freeradius/3.0/mods-config/files/accounting"
  396.         preproxy_usersfile = "/etc/freeradius/3.0/mods-config/files/pre-proxy"
  397.   }
  398.   # Loading module "authorized_macs" from file /etc/freeradius/3.0/mods-enabled/files
  399.   files authorized_macs {
  400.         usersfile = "/etc/freeradius/3.0/authorized_macs"
  401.         key = "%{Calling-Station-ID}"
  402.   }
  403.   # Loaded module rlm_exec
  404.   # Loading module "exec" from file /etc/freeradius/3.0/mods-enabled/exec
  405.   exec {
  406.         wait = no
  407.         input_pairs = "request"
  408.         shell_escape = yes
  409.         timeout = 10
  410.   }
  411.   # Loaded module rlm_unpack
  412.   # Loading module "unpack" from file /etc/freeradius/3.0/mods-enabled/unpack
  413.   # Loaded module rlm_mschap
  414.   # Loading module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap
  415.   mschap {
  416.         use_mppe = yes
  417.         require_encryption = no
  418.         require_strong = no
  419.         with_ntdomain_hack = yes
  420.    passchange {
  421.    }
  422.         allow_retry = yes
  423.         winbind_retry_with_normalised_username = no
  424.   }
  425.   # Loaded module rlm_dynamic_clients
  426.   # Loading module "dynamic_clients" from file /etc/freeradius/3.0/mods-enabled/dynamic_clients
  427.   # Loaded module rlm_eap
  428.   # Loading module "eap" from file /etc/freeradius/3.0/mods-enabled/eap
  429.   eap {
  430.         default_eap_type = "md5"
  431.         timer_expire = 60
  432.         ignore_unknown_eap_types = no
  433.         cisco_accounting_username_bug = no
  434.         max_sessions = 64000
  435.   }
  436.   # Loaded module rlm_digest
  437.   # Loading module "digest" from file /etc/freeradius/3.0/mods-enabled/digest
  438.   # Loaded module rlm_expr
  439.   # Loading module "expr" from file /etc/freeradius/3.0/mods-enabled/expr
  440.   expr {
  441.         safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
  442.   }
  443.   # Loaded module rlm_expiration
  444.   # Loading module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration
  445.   # Loaded module rlm_always
  446.   # Loading module "reject" from file /etc/freeradius/3.0/mods-enabled/always
  447.   always reject {
  448.         rcode = "reject"
  449.         simulcount = 0
  450.         mpp = no
  451.   }
  452.   # Loading module "fail" from file /etc/freeradius/3.0/mods-enabled/always
  453.   always fail {
  454.         rcode = "fail"
  455.         simulcount = 0
  456.         mpp = no
  457.   }
  458.   # Loading module "ok" from file /etc/freeradius/3.0/mods-enabled/always
  459.   always ok {
  460.         rcode = "ok"
  461.         simulcount = 0
  462.         mpp = no
  463.   }
  464.   # Loading module "handled" from file /etc/freeradius/3.0/mods-enabled/always
  465.   always handled {
  466.         rcode = "handled"
  467.         simulcount = 0
  468.         mpp = no
  469.   }
  470.   # Loading module "invalid" from file /etc/freeradius/3.0/mods-enabled/always
  471.   always invalid {
  472.         rcode = "invalid"
  473.         simulcount = 0
  474.         mpp = no
  475.   }
  476.   # Loading module "userlock" from file /etc/freeradius/3.0/mods-enabled/always
  477.   always userlock {
  478.         rcode = "userlock"
  479.         simulcount = 0
  480.         mpp = no
  481.   }
  482.   # Loading module "notfound" from file /etc/freeradius/3.0/mods-enabled/always
  483.   always notfound {
  484.         rcode = "notfound"
  485.         simulcount = 0
  486.         mpp = no
  487.   }
  488.   # Loading module "noop" from file /etc/freeradius/3.0/mods-enabled/always
  489.   always noop {
  490.         rcode = "noop"
  491.         simulcount = 0
  492.         mpp = no
  493.   }
  494.   # Loading module "updated" from file /etc/freeradius/3.0/mods-enabled/always
  495.   always updated {
  496.         rcode = "updated"
  497.         simulcount = 0
  498.         mpp = no
  499.   }
  500.   # Loaded module rlm_attr_filter
  501.   # Loading module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  502.   attr_filter attr_filter.post-proxy {
  503.         filename = "/etc/freeradius/3.0/mods-config/attr_filter/post-proxy"
  504.         key = "%{Realm}"
  505.         relaxed = no
  506.   }
  507.   # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  508.   attr_filter attr_filter.pre-proxy {
  509.         filename = "/etc/freeradius/3.0/mods-config/attr_filter/pre-proxy"
  510.         key = "%{Realm}"
  511.         relaxed = no
  512.   }
  513.   # Loading module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  514.   attr_filter attr_filter.access_reject {
  515.         filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_reject"
  516.         key = "%{User-Name}"
  517.         relaxed = no
  518.   }
  519.   # Loading module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  520.   attr_filter attr_filter.access_challenge {
  521.         filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_challenge"
  522.         key = "%{User-Name}"
  523.         relaxed = no
  524.   }
  525.   # Loading module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  526.   attr_filter attr_filter.accounting_response {
  527.         filename = "/etc/freeradius/3.0/mods-config/attr_filter/accounting_response"
  528.         key = "%{User-Name}"
  529.         relaxed = no
  530.   }
  531.   # Loaded module rlm_unix
  532.   # Loading module "unix" from file /etc/freeradius/3.0/mods-enabled/unix
  533.   unix {
  534.         radwtmp = "/var/log/freeradius/radwtmp"
  535.   }
  536. Creating attribute Unix-Group
  537.   # Loaded module rlm_logintime
  538.   # Loading module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime
  539.   logintime {
  540.         minimum_timeout = 60
  541.   }
  542.   # Loading module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  543.   detail auth_log {
  544.         filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  545.         header = "%t"
  546.         permissions = 384
  547.         locking = no
  548.         escape_filenames = no
  549.         log_packet_header = no
  550.   }
  551.   # Loading module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  552.   detail reply_log {
  553.         filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  554.         header = "%t"
  555.         permissions = 384
  556.         locking = no
  557.         escape_filenames = no
  558.         log_packet_header = no
  559.   }
  560.   # Loading module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  561.   detail pre_proxy_log {
  562.         filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  563.         header = "%t"
  564.         permissions = 384
  565.         locking = no
  566.         escape_filenames = no
  567.         log_packet_header = no
  568.   }
  569.   # Loading module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  570.   detail post_proxy_log {
  571.         filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  572.         header = "%t"
  573.         permissions = 384
  574.         locking = no
  575.         escape_filenames = no
  576.         log_packet_header = no
  577.   }
  578.   # Loaded module rlm_utf8
  579.   # Loading module "utf8" from file /etc/freeradius/3.0/mods-enabled/utf8
  580.   # Loaded module rlm_preprocess
  581.   # Loading module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess
  582.   preprocess {
  583.         huntgroups = "/etc/freeradius/3.0/mods-config/preprocess/huntgroups"
  584.         hints = "/etc/freeradius/3.0/mods-config/preprocess/hints"
  585.         with_ascend_hack = no
  586.         ascend_channels_per_line = 23
  587.         with_ntdomain_hack = no
  588.         with_specialix_jetstream_hack = no
  589.         with_cisco_vsa_hack = no
  590.         with_alvarion_vsa_hack = no
  591.   }
  592.   # Loaded module rlm_cache
  593.   # Loading module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap
  594.   cache cache_eap {
  595.         driver = "rlm_cache_rbtree"
  596.         key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  597.         ttl = 15
  598.         max_entries = 0
  599.         epoch = 0
  600.         add_stats = no
  601.   }
  602.   # Loaded module rlm_chap
  603.   # Loading module "chap" from file /etc/freeradius/3.0/mods-enabled/chap
  604.   # Loaded module rlm_linelog
  605.   # Loading module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog
  606.   linelog {
  607.         filename = "/var/log/freeradius/linelog"
  608.         escape_filenames = no
  609.         syslog_severity = "info"
  610.         permissions = 384
  611.         format = "This is a log message for %{User-Name}"
  612.         reference = "messages.%{%{reply:Packet-Type}:-default}"
  613.   }
  614.   # Loading module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog
  615.   linelog log_accounting {
  616.         filename = "/var/log/freeradius/linelog-accounting"
  617.         escape_filenames = no
  618.         syslog_severity = "info"
  619.         permissions = 384
  620.         format = ""
  621.         reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  622.   }
  623.   # Loaded module rlm_soh
  624.   # Loading module "soh" from file /etc/freeradius/3.0/mods-enabled/soh
  625.   soh {
  626.         dhcp = yes
  627.   }
  628.   # Loading module "echo" from file /etc/freeradius/3.0/mods-enabled/echo
  629.   exec echo {
  630.         wait = yes
  631.         program = "/bin/echo %{User-Name}"
  632.         input_pairs = "request"
  633.         output_pairs = "reply"
  634.         shell_escape = yes
  635.   }
  636.   # Loading module "sradutmp" from file /etc/freeradius/3.0/mods-enabled/sradutmp
  637.   radutmp sradutmp {
  638.         filename = "/var/log/freeradius/sradutmp"
  639.         username = "%{User-Name}"
  640.         case_sensitive = yes
  641.         check_with_nas = yes
  642.         permissions = 420
  643.         caller_id = no
  644.   }
  645.   # Loading module "ntlm_auth" from file /etc/freeradius/3.0/mods-enabled/ntlm_auth
  646.   exec ntlm_auth {
  647.         wait = yes
  648.         program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  649.         shell_escape = yes
  650.   }
  651.   # Loaded module rlm_realm
  652.   # Loading module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm
  653.   realm IPASS {
  654.         format = "prefix"
  655.         delimiter = "/"
  656.         ignore_default = no
  657.         ignore_null = no
  658.   }
  659.   # Loading module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm
  660.   realm suffix {
  661.         format = "suffix"
  662.         delimiter = "@"
  663.         ignore_default = no
  664.         ignore_null = no
  665.   }
  666.   # Loading module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm
  667.   realm realmpercent {
  668.         format = "suffix"
  669.         delimiter = "%"
  670.         ignore_default = no
  671.         ignore_null = no
  672.   }
  673.   # Loading module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm
  674.   realm ntdomain {
  675.         format = "prefix"
  676.         delimiter = "\\"
  677.         ignore_default = no
  678.         ignore_null = no
  679.   }
  680.   instantiate {
  681.   }
  682.   # Instantiating module "pap" from file /etc/freeradius/3.0/mods-enabled/pap
  683.   # Instantiating module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd
  684. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  685.   # Instantiating module "detail" from file /etc/freeradius/3.0/mods-enabled/detail
  686.   # Instantiating module "files" from file /etc/freeradius/3.0/mods-enabled/files
  687. reading pairlist file /etc/freeradius/3.0/mods-config/files/authorize
  688. reading pairlist file /etc/freeradius/3.0/mods-config/files/accounting
  689. reading pairlist file /etc/freeradius/3.0/mods-config/files/pre-proxy
  690.   # Instantiating module "authorized_macs" from file /etc/freeradius/3.0/mods-enabled/files
  691. reading pairlist file /etc/freeradius/3.0/authorized_macs
  692.   # Instantiating module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap
  693. rlm_mschap (mschap): using internal authentication
  694.   # Instantiating module "eap" from file /etc/freeradius/3.0/mods-enabled/eap
  695.    # Linked to sub-module rlm_eap_md5
  696.    # Linked to sub-module rlm_eap_leap
  697.    # Linked to sub-module rlm_eap_gtc
  698.    gtc {
  699.         challenge = "Password: "
  700.         auth_type = "PAP"
  701.    }
  702.    # Linked to sub-module rlm_eap_tls
  703.    tls {
  704.         tls = "tls-common"
  705.    }
  706.    tls-config tls-common {
  707.         verify_depth = 0
  708.         ca_path = "/etc/freeradius/3.0/certs"
  709.         pem_file_type = yes
  710.         private_key_file = "/etc/ssl/private/ssl-cert-snakeoil.key"
  711.         certificate_file = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
  712.         ca_file = "/etc/freeradius/3.0/certs/ca.pem"
  713.         private_key_password = <<< secret >>>
  714.         dh_file = "/etc/freeradius/3.0/certs/dh"
  715.         fragment_size = 1024
  716.         include_length = yes
  717.         auto_chain = yes
  718.         check_crl = no
  719.         check_all_crl = no
  720.         cipher_list = "DEFAULT"
  721.         cipher_server_preference = no
  722.         ecdh_curve = "prime256v1"
  723.         tls_max_version = ""
  724.         tls_min_version = "1.0"
  725.     cache {
  726.         enable = no
  727.         lifetime = 24
  728.         max_entries = 255
  729.     }
  730.     verify {
  731.         skip_if_ocsp_ok = no
  732.     }
  733.     ocsp {
  734.         enable = no
  735.         override_cert_url = yes
  736.         url = "http://127.0.0.1/ocsp/"
  737.         use_nonce = yes
  738.         timeout = 0
  739.         softfail = no
  740.     }
  741.    }
  742.    # Linked to sub-module rlm_eap_ttls
  743.    ttls {
  744.         tls = "tls-common"
  745.         default_eap_type = "md5"
  746.         copy_request_to_tunnel = no
  747.         use_tunneled_reply = no
  748.         virtual_server = "inner-tunnel"
  749.         include_length = yes
  750.         require_client_cert = no
  751.    }
  752. tls: Using cached TLS configuration from previous invocation
  753.    # Linked to sub-module rlm_eap_peap
  754.    peap {
  755.         tls = "tls-common"
  756.         default_eap_type = "mschapv2"
  757.         copy_request_to_tunnel = no
  758.         use_tunneled_reply = no
  759.         proxy_tunneled_request_as_eap = yes
  760.         virtual_server = "inner-tunnel"
  761.         soh = no
  762.         require_client_cert = no
  763.    }
  764. tls: Using cached TLS configuration from previous invocation
  765.    # Linked to sub-module rlm_eap_mschapv2
  766.    mschapv2 {
  767.         with_ntdomain_hack = no
  768.         send_error = no
  769.    }
  770.   # Instantiating module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration
  771.   # Instantiating module "reject" from file /etc/freeradius/3.0/mods-enabled/always
  772.   # Instantiating module "fail" from file /etc/freeradius/3.0/mods-enabled/always
  773.   # Instantiating module "ok" from file /etc/freeradius/3.0/mods-enabled/always
  774.   # Instantiating module "handled" from file /etc/freeradius/3.0/mods-enabled/always
  775.   # Instantiating module "invalid" from file /etc/freeradius/3.0/mods-enabled/always
  776.   # Instantiating module "userlock" from file /etc/freeradius/3.0/mods-enabled/always
  777.   # Instantiating module "notfound" from file /etc/freeradius/3.0/mods-enabled/always
  778.   # Instantiating module "noop" from file /etc/freeradius/3.0/mods-enabled/always
  779.   # Instantiating module "updated" from file /etc/freeradius/3.0/mods-enabled/always
  780.   # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  781. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/post-proxy
  782.   # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  783. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/pre-proxy
  784.   # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  785. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_reject
  786. [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay"   found in filter list for realm "DEFAULT".
  787. [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec"      found in filter list for realm "DEFAULT".
  788.   # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  789. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_challenge
  790.   # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  791. reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/accounting_response
  792.   # Instantiating module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime
  793.   # Instantiating module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  794. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  795.   # Instantiating module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  796.   # Instantiating module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  797.   # Instantiating module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  798.   # Instantiating module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess
  799. reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/huntgroups
  800. reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/hints
  801.   # Instantiating module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap
  802. rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  803.   # Instantiating module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog
  804.   # Instantiating module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog
  805.   # Instantiating module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm
  806.   # Instantiating module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm
  807.   # Instantiating module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm
  808.   # Instantiating module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm
  809.  } # modules
  810. radiusd: #### Loading Virtual Servers ####
  811. server { # from file /etc/freeradius/3.0/radiusd.conf
  812. } # server
  813. server inner-tunnel { # from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
  814.  # Loading authenticate {...}
  815.  # Loading authorize {...}
  816. Ignoring "sql" (see raddb/mods-available/README.rst)
  817. Ignoring "ldap" (see raddb/mods-available/README.rst)
  818.  # Loading session {...}
  819.  # Loading post-proxy {...}
  820.  # Loading post-auth {...}
  821.  # Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/3.0/sites-enabled/inner-tunnel:331
  822. } # server inner-tunnel
  823. server default { # from file /etc/freeradius/3.0/sites-enabled/default
  824.  # Loading authenticate {...}
  825.  # Loading authorize {...}
  826.  # Loading preacct {...}
  827.  # Loading accounting {...}
  828.  # Loading post-proxy {...}
  829.  # Loading post-auth {...}
  830. } # server default
  831. radiusd: #### Opening IP addresses and Ports ####
  832. listen {
  833.         type = "auth"
  834.         ipaddr = 127.0.0.1
  835.         port = 18120
  836. }
  837. listen {
  838.         type = "auth"
  839.         ipaddr = *
  840.         port = 0
  841.    limit {
  842.         max_connections = 16
  843.         lifetime = 0
  844.         idle_timeout = 30
  845.    }
  846. }
  847. listen {
  848.         type = "acct"
  849.         ipaddr = *
  850.         port = 0
  851.    limit {
  852.         max_connections = 16
  853.         lifetime = 0
  854.         idle_timeout = 30
  855.    }
  856. }
  857. listen {
  858.         type = "auth"
  859.         ipv6addr = ::
  860.         port = 0
  861.    limit {
  862.         max_connections = 16
  863.         lifetime = 0
  864.         idle_timeout = 30
  865.    }
  866. }
  867. listen {
  868.         type = "acct"
  869.         ipv6addr = ::
  870.         port = 0
  871.    limit {
  872.         max_connections = 16
  873.         lifetime = 0
  874.         idle_timeout = 30
  875.    }
  876. }
  877. Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
  878. Listening on auth address * port 1812 bound to server default
  879. Listening on acct address * port 1813 bound to server default
  880. Listening on auth address :: port 1812 bound to server default
  881. Listening on acct address :: port 1813 bound to server default
  882. Listening on proxy address * port 46394
  883. Listening on proxy address :: port 46032
  884. Ready to process requests
  885. (0) Received Access-Request Id 158 from 192.168.100.118:44442 to 192.168.100.3:1812 length 194
  886. (0)   User-Name = "tklassen"
  887. (0)   Called-Station-Id = "E4-C3-2A-47-4D-AA:GSN-WIFI"
  888. (0)   NAS-Port-Type = Wireless-802.11
  889. (0)   Service-Type = Framed-User
  890. (0)   NAS-Port = 18
  891. (0)   Calling-Station-Id = "84-CF-BF-94-EC-DE"
  892. (0)   Connect-Info = "CONNECT 54Mbps 802.11a"
  893. (0)   Acct-Session-Id = "3A7E1D3140E6C4FE"
  894. (0)   WLAN-Pairwise-Cipher = 1027076
  895. (0)   WLAN-Group-Cipher = 1027076
  896. (0)   WLAN-AKM-Suite = 1027073
  897. (0)   Framed-MTU = 1400
  898. (0)   EAP-Message = 0x02ea000d01746b6c617373656e
  899. (0)   Message-Authenticator = 0x773e4a388cfa1a95b5aa8f9dbf786054
  900. (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
  901. (0)   authorize {
  902. (0)     policy filter_username {
  903. (0)       if (&User-Name) {
  904. (0)       if (&User-Name)  -> TRUE
  905. (0)       if (&User-Name)  {
  906. (0)         if (&User-Name =~ / /) {
  907. (0)         if (&User-Name =~ / /)  -> FALSE
  908. (0)         if (&User-Name =~ /@[^@]*@/ ) {
  909. (0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
  910. (0)         if (&User-Name =~ /\.\./ ) {
  911. (0)         if (&User-Name =~ /\.\./ )  -> FALSE
  912. (0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
  913. (0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
  914. (0)         if (&User-Name =~ /\.$/)  {
  915. (0)         if (&User-Name =~ /\.$/)   -> FALSE
  916. (0)         if (&User-Name =~ /@\./)  {
  917. (0)         if (&User-Name =~ /@\./)   -> FALSE
  918. (0)       } # if (&User-Name)  = notfound
  919. (0)     } # policy filter_username = notfound
  920. (0)     [preprocess] = ok
  921. (0)     [chap] = noop
  922. (0)     [mschap] = noop
  923. (0)     [digest] = noop
  924. (0) suffix: Checking for suffix after "@"
  925. (0) suffix: No '@' in User-Name = "tklassen", looking up realm NULL
  926. (0) suffix: No such realm "NULL"
  927. (0)     [suffix] = noop
  928. (0) eap: Peer sent EAP Response (code 2) ID 234 length 13
  929. (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  930. (0)     [eap] = ok
  931. (0)   } # authorize = ok
  932. (0) Found Auth-Type = eap
  933. (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  934. (0)   authenticate {
  935. (0) eap: Peer sent packet with method EAP Identity (1)
  936. (0) eap: Calling submodule eap_md5 to process data
  937. (0) eap_md5: Issuing MD5 Challenge
  938. (0) eap: Sending EAP Request (code 1) ID 235 length 22
  939. (0) eap: EAP session adding &reply:State = 0x88427c9388a9785d
  940. (0)     [eap] = handled
  941. (0)   } # authenticate = handled
  942. (0) Using Post-Auth-Type Challenge
  943. (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  944. (0)   Challenge { ... } # empty sub-section is ignored
  945. (0) Sent Access-Challenge Id 158 from 192.168.100.3:1812 to 192.168.100.118:44442 length 0
  946. (0)   EAP-Message = 0x01eb001604108de41eb56df9415d3ff120dccce6b1c9
  947. (0)   Message-Authenticator = 0x00000000000000000000000000000000
  948. (0)   State = 0x88427c9388a9785ddb9880f3ff32414b
  949. (0) Finished request
  950. Waking up in 4.9 seconds.
  951. (1) Received Access-Request Id 159 from 192.168.100.118:44442 to 192.168.100.3:1812 length 205
  952. (1)   User-Name = "tklassen"
  953. (1)   Called-Station-Id = "E4-C3-2A-47-4D-AA:GSN-WIFI"
  954. (1)   NAS-Port-Type = Wireless-802.11
  955. (1)   Service-Type = Framed-User
  956. (1)   NAS-Port = 18
  957. (1)   Calling-Station-Id = "84-CF-BF-94-EC-DE"
  958. (1)   Connect-Info = "CONNECT 54Mbps 802.11a"
  959. (1)   Acct-Session-Id = "3A7E1D3140E6C4FE"
  960. (1)   WLAN-Pairwise-Cipher = 1027076
  961. (1)   WLAN-Group-Cipher = 1027076
  962. (1)   WLAN-AKM-Suite = 1027073
  963. (1)   Framed-MTU = 1400
  964. (1)   EAP-Message = 0x02eb00060319
  965. (1)   State = 0x88427c9388a9785ddb9880f3ff32414b
  966. (1)   Message-Authenticator = 0xc0a3d3a3781d84763c8e811ac40d18dd
  967. (1) session-state: No cached attributes
  968. (1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
  969. (1)   authorize {
  970. (1)     policy filter_username {
  971. (1)       if (&User-Name) {
  972. (1)       if (&User-Name)  -> TRUE
  973. (1)       if (&User-Name)  {
  974. (1)         if (&User-Name =~ / /) {
  975. (1)         if (&User-Name =~ / /)  -> FALSE
  976. (1)         if (&User-Name =~ /@[^@]*@/ ) {
  977. (1)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
  978. (1)         if (&User-Name =~ /\.\./ ) {
  979. (1)         if (&User-Name =~ /\.\./ )  -> FALSE
  980. (1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
  981. (1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
  982. (1)         if (&User-Name =~ /\.$/)  {
  983. (1)         if (&User-Name =~ /\.$/)   -> FALSE
  984. (1)         if (&User-Name =~ /@\./)  {
  985. (1)         if (&User-Name =~ /@\./)   -> FALSE
  986. (1)       } # if (&User-Name)  = notfound
  987. (1)     } # policy filter_username = notfound
  988. (1)     [preprocess] = ok
  989. (1)     [chap] = noop
  990. (1)     [mschap] = noop
  991. (1)     [digest] = noop
  992. (1) suffix: Checking for suffix after "@"
  993. (1) suffix: No '@' in User-Name = "tklassen", looking up realm NULL
  994. (1) suffix: No such realm "NULL"
  995. (1)     [suffix] = noop
  996. (1) eap: Peer sent EAP Response (code 2) ID 235 length 6
  997. (1) eap: No EAP Start, assuming it's an on-going EAP conversation
  998. (1)     [eap] = updated
  999. (1) files: users: Matched entry tklassen at line 227
  1000. (1) files: EXPAND Hello, %{User-Name}
  1001. (1) files:    --> Hello, tklassen
  1002. (1)     [files] = ok
  1003. (1)     [expiration] = noop
  1004. (1)     [logintime] = noop
  1005. (1) pap: WARNING: Auth-Type already set.  Not setting to PAP
  1006. (1)     [pap] = noop
  1007. (1)   } # authorize = updated
  1008. (1) Found Auth-Type = eap
  1009. (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1010. (1)   authenticate {
  1011. (1) eap: Expiring EAP session with state 0x88427c9388a9785d
  1012. (1) eap: Finished EAP session with state 0x88427c9388a9785d
  1013. (1) eap: Previous EAP request found for state 0x88427c9388a9785d, released from the list
  1014. (1) eap: Peer sent packet with method EAP NAK (3)
  1015. (1) eap: Found mutually acceptable type PEAP (25)
  1016. (1) eap: Calling submodule eap_peap to process data
  1017. (1) eap_peap: Initiating new EAP-TLS session
  1018. (1) eap_peap: [eaptls start] = request
  1019. (1) eap: Sending EAP Request (code 1) ID 236 length 6
  1020. (1) eap: EAP session adding &reply:State = 0x88427c9389ae655d
  1021. (1)     [eap] = handled
  1022. (1)   } # authenticate = handled
  1023. (1) Using Post-Auth-Type Challenge
  1024. (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1025. (1)   Challenge { ... } # empty sub-section is ignored
  1026. (1) Sent Access-Challenge Id 159 from 192.168.100.3:1812 to 192.168.100.118:44442 length 0
  1027. (1)   Reply-Message = "Hello, tklassen"
  1028. (1)   EAP-Message = 0x01ec00061920
  1029. (1)   Message-Authenticator = 0x00000000000000000000000000000000
  1030. (1)   State = 0x88427c9389ae655ddb9880f3ff32414b
  1031. (1) Finished request
  1032. Waking up in 4.9 seconds.
  1033. (2) Received Access-Request Id 160 from 192.168.100.118:44442 to 192.168.100.3:1812 length 340
  1034. (2)   User-Name = "tklassen"
  1035. (2)   Called-Station-Id = "E4-C3-2A-47-4D-AA:GSN-WIFI"
  1036. (2)   NAS-Port-Type = Wireless-802.11
  1037. (2)   Service-Type = Framed-User
  1038. (2)   NAS-Port = 18
  1039. (2)   Calling-Station-Id = "84-CF-BF-94-EC-DE"
  1040. (2)   Connect-Info = "CONNECT 54Mbps 802.11a"
  1041. (2)   Acct-Session-Id = "3A7E1D3140E6C4FE"
  1042. (2)   WLAN-Pairwise-Cipher = 1027076
  1043. (2)   WLAN-Group-Cipher = 1027076
  1044. (2)   WLAN-AKM-Suite = 1027073
  1045. (2)   Framed-MTU = 1400
  1046. (2)   EAP-Message = 0x02ec008d198000000083160301007e0100007a030311a8a623ea73c55c3498b272f92009ef035e814b5ed4d726b826be63bb0b7e2100001ec02bc02fc02cc030cca9cca8c009c013c00ac014009c009d002f0035000a0100003300170000ff01000100000a00080006001d00170018000b00020100000d
  1047. (2)   State = 0x88427c9389ae655ddb9880f3ff32414b
  1048. (2)   Message-Authenticator = 0x364bd71f0f1c2378727f43d050a312f1
  1049. (2) session-state: No cached attributes
  1050. (2) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
  1051. (2)   authorize {
  1052. (2)     policy filter_username {
  1053. (2)       if (&User-Name) {
  1054. (2)       if (&User-Name)  -> TRUE
  1055. (2)       if (&User-Name)  {
  1056. (2)         if (&User-Name =~ / /) {
  1057. (2)         if (&User-Name =~ / /)  -> FALSE
  1058. (2)         if (&User-Name =~ /@[^@]*@/ ) {
  1059. (2)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
  1060. (2)         if (&User-Name =~ /\.\./ ) {
  1061. (2)         if (&User-Name =~ /\.\./ )  -> FALSE
  1062. (2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
  1063. (2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
  1064. (2)         if (&User-Name =~ /\.$/)  {
  1065. (2)         if (&User-Name =~ /\.$/)   -> FALSE
  1066. (2)         if (&User-Name =~ /@\./)  {
  1067. (2)         if (&User-Name =~ /@\./)   -> FALSE
  1068. (2)       } # if (&User-Name)  = notfound
  1069. (2)     } # policy filter_username = notfound
  1070. (2)     [preprocess] = ok
  1071. (2)     [chap] = noop
  1072. (2)     [mschap] = noop
  1073. (2)     [digest] = noop
  1074. (2) suffix: Checking for suffix after "@"
  1075. (2) suffix: No '@' in User-Name = "tklassen", looking up realm NULL
  1076. (2) suffix: No such realm "NULL"
  1077. (2)     [suffix] = noop
  1078. (2) eap: Peer sent EAP Response (code 2) ID 236 length 141
  1079. (2) eap: Continuing tunnel setup
  1080. (2)     [eap] = ok
  1081. (2)   } # authorize = ok
  1082. (2) Found Auth-Type = eap
  1083. (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1084. (2)   authenticate {
  1085. (2) eap: Expiring EAP session with state 0x88427c9389ae655d
  1086. (2) eap: Finished EAP session with state 0x88427c9389ae655d
  1087. (2) eap: Previous EAP request found for state 0x88427c9389ae655d, released from the list
  1088. (2) eap: Peer sent packet with method EAP PEAP (25)
  1089. (2) eap: Calling submodule eap_peap to process data
  1090. (2) eap_peap: Continuing EAP-TLS
  1091. (2) eap_peap: Peer indicated complete TLS record size will be 131 bytes
  1092. (2) eap_peap: Got complete TLS record (131 bytes)
  1093. (2) eap_peap: [eaptls verify] = length included
  1094. (2) eap_peap: (other): before SSL initialization
  1095. (2) eap_peap: TLS_accept: before SSL initialization
  1096. (2) eap_peap: TLS_accept: before SSL initialization
  1097. (2) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 007e]
  1098. (2) eap_peap: TLS_accept: SSLv3/TLS read client hello
  1099. (2) eap_peap: >>> send TLS 1.2  [length 003d]
  1100. (2) eap_peap: TLS_accept: SSLv3/TLS write server hello
  1101. (2) eap_peap: >>> send TLS 1.2  [length 0312]
  1102. (2) eap_peap: TLS_accept: SSLv3/TLS write certificate
  1103. (2) eap_peap: >>> send TLS 1.2  [length 014d]
  1104. (2) eap_peap: TLS_accept: SSLv3/TLS write key exchange
  1105. (2) eap_peap: >>> send TLS 1.2  [length 0004]
  1106. (2) eap_peap: TLS_accept: SSLv3/TLS write server done
  1107. (2) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
  1108. (2) eap_peap: In SSL Handshake Phase
  1109. (2) eap_peap: In SSL Accept mode
  1110. (2) eap_peap: [eaptls process] = handled
  1111. (2) eap: Sending EAP Request (code 1) ID 237 length 1004
  1112. (2) eap: EAP session adding &reply:State = 0x88427c938aaf655d
  1113. (2)     [eap] = handled
  1114. (2)   } # authenticate = handled
  1115. (2) Using Post-Auth-Type Challenge
  1116. (2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1117. (2)   Challenge { ... } # empty sub-section is ignored
  1118. (2) Sent Access-Challenge Id 160 from 192.168.100.3:1812 to 192.168.100.118:44442 length 0
  1119. (2)   EAP-Message = 0x01ed03ec19c0000004b4160303003d0200003903033a554ef544d4bd57deb784df7a0803ab63e5835c858b09c1444f574e4752440100c02f000011ff01000100000b0004030001020017000016030303120b00030e00030b00030830820304308201eca00302010202090095baa285e46493c3300d0609
  1120. (2)   Message-Authenticator = 0x00000000000000000000000000000000
  1121. (2)   State = 0x88427c938aaf655ddb9880f3ff32414b
  1122. (2) Finished request
  1123. Waking up in 4.9 seconds.
  1124. (3) Received Access-Request Id 161 from 192.168.100.118:44442 to 192.168.100.3:1812 length 205
  1125. (3)   User-Name = "tklassen"
  1126. (3)   Called-Station-Id = "E4-C3-2A-47-4D-AA:GSN-WIFI"
  1127. (3)   NAS-Port-Type = Wireless-802.11
  1128. (3)   Service-Type = Framed-User
  1129. (3)   NAS-Port = 18
  1130. (3)   Calling-Station-Id = "84-CF-BF-94-EC-DE"
  1131. (3)   Connect-Info = "CONNECT 54Mbps 802.11a"
  1132. (3)   Acct-Session-Id = "3A7E1D3140E6C4FE"
  1133. (3)   WLAN-Pairwise-Cipher = 1027076
  1134. (3)   WLAN-Group-Cipher = 1027076
  1135. (3)   WLAN-AKM-Suite = 1027073
  1136. (3)   Framed-MTU = 1400
  1137. (3)   EAP-Message = 0x02ed00061900
  1138. (3)   State = 0x88427c938aaf655ddb9880f3ff32414b
  1139. (3)   Message-Authenticator = 0x555bdb968b1ee2e6418c10fae8a83ebd
  1140. (3) session-state: No cached attributes
  1141. (3) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
  1142. (3)   authorize {
  1143. (3)     policy filter_username {
  1144. (3)       if (&User-Name) {
  1145. (3)       if (&User-Name)  -> TRUE
  1146. (3)       if (&User-Name)  {
  1147. (3)         if (&User-Name =~ / /) {
  1148. (3)         if (&User-Name =~ / /)  -> FALSE
  1149. (3)         if (&User-Name =~ /@[^@]*@/ ) {
  1150. (3)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
  1151. (3)         if (&User-Name =~ /\.\./ ) {
  1152. (3)         if (&User-Name =~ /\.\./ )  -> FALSE
  1153. (3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
  1154. (3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
  1155. (3)         if (&User-Name =~ /\.$/)  {
  1156. (3)         if (&User-Name =~ /\.$/)   -> FALSE
  1157. (3)         if (&User-Name =~ /@\./)  {
  1158. (3)         if (&User-Name =~ /@\./)   -> FALSE
  1159. (3)       } # if (&User-Name)  = notfound
  1160. (3)     } # policy filter_username = notfound
  1161. (3)     [preprocess] = ok
  1162. (3)     [chap] = noop
  1163. (3)     [mschap] = noop
  1164. (3)     [digest] = noop
  1165. (3) suffix: Checking for suffix after "@"
  1166. (3) suffix: No '@' in User-Name = "tklassen", looking up realm NULL
  1167. (3) suffix: No such realm "NULL"
  1168. (3)     [suffix] = noop
  1169. (3) eap: Peer sent EAP Response (code 2) ID 237 length 6
  1170. (3) eap: Continuing tunnel setup
  1171. (3)     [eap] = ok
  1172. (3)   } # authorize = ok
  1173. (3) Found Auth-Type = eap
  1174. (3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1175. (3)   authenticate {
  1176. (3) eap: Expiring EAP session with state 0x88427c938aaf655d
  1177. (3) eap: Finished EAP session with state 0x88427c938aaf655d
  1178. (3) eap: Previous EAP request found for state 0x88427c938aaf655d, released from the list
  1179. (3) eap: Peer sent packet with method EAP PEAP (25)
  1180. (3) eap: Calling submodule eap_peap to process data
  1181. (3) eap_peap: Continuing EAP-TLS
  1182. (3) eap_peap: Peer ACKed our handshake fragment
  1183. (3) eap_peap: [eaptls verify] = request
  1184. (3) eap_peap: [eaptls process] = handled
  1185. (3) eap: Sending EAP Request (code 1) ID 238 length 216
  1186. (3) eap: EAP session adding &reply:State = 0x88427c938bac655d
  1187. (3)     [eap] = handled
  1188. (3)   } # authenticate = handled
  1189. (3) Using Post-Auth-Type Challenge
  1190. (3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1191. (3)   Challenge { ... } # empty sub-section is ignored
  1192. (3) Sent Access-Challenge Id 161 from 192.168.100.3:1812 to 192.168.100.118:44442 length 0
  1193. (3)   EAP-Message = 0x01ee00d81900508977d5582bb2dae101179f37f2a7930313dce06d3d3d6f4f603b4b717caa4bc38c1894b3cb48c6e6674f24c74547a196e488caf89e0a58f2c50a6d27e0d2e71f9d8f744ea9a464cb35596953e19c5a8c8e6006ba263cff28e3b33dc7713c1a07139d16b8b906c83da3e5a043c703f3df
  1194. (3)   Message-Authenticator = 0x00000000000000000000000000000000
  1195. (3)   State = 0x88427c938bac655ddb9880f3ff32414b
  1196. (3) Finished request
  1197. Waking up in 4.9 seconds.
  1198. (4) Received Access-Request Id 162 from 192.168.100.118:44442 to 192.168.100.3:1812 length 216
  1199. (4)   User-Name = "tklassen"
  1200. (4)   Called-Station-Id = "E4-C3-2A-47-4D-AA:GSN-WIFI"
  1201. (4)   NAS-Port-Type = Wireless-802.11
  1202. (4)   Service-Type = Framed-User
  1203. (4)   NAS-Port = 18
  1204. (4)   Calling-Station-Id = "84-CF-BF-94-EC-DE"
  1205. (4)   Connect-Info = "CONNECT 54Mbps 802.11a"
  1206. (4)   Acct-Session-Id = "3A7E1D3140E6C4FE"
  1207. (4)   WLAN-Pairwise-Cipher = 1027076
  1208. (4)   WLAN-Group-Cipher = 1027076
  1209. (4)   WLAN-AKM-Suite = 1027073
  1210. (4)   Framed-MTU = 1400
  1211. (4)   EAP-Message = 0x02ee001119800000000715030300020230
  1212. (4)   State = 0x88427c938bac655ddb9880f3ff32414b
  1213. (4)   Message-Authenticator = 0x9d7ba7e73806a156b7e0393de8d55113
  1214. (4) session-state: No cached attributes
  1215. (4) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
  1216. (4)   authorize {
  1217. (4)     policy filter_username {
  1218. (4)       if (&User-Name) {
  1219. (4)       if (&User-Name)  -> TRUE
  1220. (4)       if (&User-Name)  {
  1221. (4)         if (&User-Name =~ / /) {
  1222. (4)         if (&User-Name =~ / /)  -> FALSE
  1223. (4)         if (&User-Name =~ /@[^@]*@/ ) {
  1224. (4)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
  1225. (4)         if (&User-Name =~ /\.\./ ) {
  1226. (4)         if (&User-Name =~ /\.\./ )  -> FALSE
  1227. (4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
  1228. (4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
  1229. (4)         if (&User-Name =~ /\.$/)  {
  1230. (4)         if (&User-Name =~ /\.$/)   -> FALSE
  1231. (4)         if (&User-Name =~ /@\./)  {
  1232. (4)         if (&User-Name =~ /@\./)   -> FALSE
  1233. (4)       } # if (&User-Name)  = notfound
  1234. (4)     } # policy filter_username = notfound
  1235. (4)     [preprocess] = ok
  1236. (4)     [chap] = noop
  1237. (4)     [mschap] = noop
  1238. (4)     [digest] = noop
  1239. (4) suffix: Checking for suffix after "@"
  1240. (4) suffix: No '@' in User-Name = "tklassen", looking up realm NULL
  1241. (4) suffix: No such realm "NULL"
  1242. (4)     [suffix] = noop
  1243. (4) eap: Peer sent EAP Response (code 2) ID 238 length 17
  1244. (4) eap: Continuing tunnel setup
  1245. (4)     [eap] = ok
  1246. (4)   } # authorize = ok
  1247. (4) Found Auth-Type = eap
  1248. (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1249. (4)   authenticate {
  1250. (4) eap: Expiring EAP session with state 0x88427c938bac655d
  1251. (4) eap: Finished EAP session with state 0x88427c938bac655d
  1252. (4) eap: Previous EAP request found for state 0x88427c938bac655d, released from the list
  1253. (4) eap: Peer sent packet with method EAP PEAP (25)
  1254. (4) eap: Calling submodule eap_peap to process data
  1255. (4) eap_peap: Continuing EAP-TLS
  1256. (4) eap_peap: Peer indicated complete TLS record size will be 7 bytes
  1257. (4) eap_peap: Got complete TLS record (7 bytes)
  1258. (4) eap_peap: [eaptls verify] = length included
  1259. (4) eap_peap: <<< recv TLS 1.2  [length 0002]
  1260. (4) eap_peap: ERROR: TLS Alert read:fatal:unknown CA
  1261. (4) eap_peap: TLS_accept: Need to read more data: error
  1262. (4) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
  1263. (4) eap_peap: In SSL Handshake Phase
  1264. (4) eap_peap: In SSL Accept mode
  1265. (4) eap_peap: SSL Application Data
  1266. (4) eap_peap: ERROR: TLS failed during operation
  1267. (4) eap_peap: ERROR: [eaptls process] = fail
  1268. (4) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
  1269. (4) eap: Sending EAP Failure (code 4) ID 238 length 4
  1270. (4) eap: Failed in EAP select
  1271. (4)     [eap] = invalid
  1272. (4)   } # authenticate = invalid
  1273. (4) Failed to authenticate the user
  1274. (4) Using Post-Auth-Type Reject
  1275. (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1276. (4)   Post-Auth-Type REJECT {
  1277. (4) attr_filter.access_reject: EXPAND %{User-Name}
  1278. (4) attr_filter.access_reject:    --> tklassen
  1279. (4) attr_filter.access_reject: Matched entry DEFAULT at line 11
  1280. (4)     [attr_filter.access_reject] = updated
  1281. (4)     [eap] = noop
  1282. (4)     policy remove_reply_message_if_eap {
  1283. (4)       if (&reply:EAP-Message && &reply:Reply-Message) {
  1284. (4)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
  1285. (4)       else {
  1286. (4)         [noop] = noop
  1287. (4)       } # else = noop
  1288. (4)     } # policy remove_reply_message_if_eap = noop
  1289. (4)   } # Post-Auth-Type REJECT = updated
  1290. (4) Login incorrect (eap_peap: TLS Alert read:fatal:unknown CA): [tklassen/<via Auth-Type = eap>] (from client GSN-AP-R035-02 port 18 cli 84-CF-BF-94-EC-DE)
  1291. (4) Delaying response for 1.000000 seconds
  1292. Waking up in 0.3 seconds.
  1293. Waking up in 0.6 seconds.
  1294. (4) Sending delayed response
  1295. (4) Sent Access-Reject Id 162 from 192.168.100.3:1812 to 192.168.100.118:44442 length 44
  1296. (4)   EAP-Message = 0x04ee0004
  1297. (4)   Message-Authenticator = 0x00000000000000000000000000000000
  1298. Waking up in 3.9 seconds.
  1299. (5) Received Access-Request Id 85 from 192.168.100.104:36141 to 192.168.100.3:1812 length 178
  1300. (5)   Called-Station-Id = "5A-EF-68-B7-6B-6A:GSN-WIFI"
  1301. (5)   NAS-Port-Type = Wireless-802.11
  1302. (5)   Service-Type = Framed-User
  1303. (5)   NAS-Port = 1
  1304. (5)   Calling-Station-Id = "C8-F3-19-0B-4C-41"
  1305. (5)   Connect-Info = "CONNECT 54Mbps 802.11a"
  1306. (5)   Acct-Session-Id = "63B74D09DE74C82D"
  1307. (5)   WLAN-Pairwise-Cipher = 1027076
  1308. (5)   WLAN-Group-Cipher = 1027076
  1309. (5)   WLAN-AKM-Suite = 1027073
  1310. (5)   Framed-MTU = 1400
  1311. (5)   EAP-Message = 0x02f3000501
  1312. (5)   Message-Authenticator = 0xf3b79a017166523cbb95a74eb0e686d5
  1313. (5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
  1314. (5)   authorize {
  1315. (5)     policy filter_username {
  1316. (5)       if (&User-Name) {
  1317. (5)       if (&User-Name)  -> FALSE
  1318. (5)     } # policy filter_username = notfound
  1319. (5)     [preprocess] = ok
  1320. (5)     [chap] = noop
  1321. (5)     [mschap] = noop
  1322. (5)     [digest] = noop
  1323. (5) suffix: Proxy reply, or no User-Name.  Ignoring
  1324. (5)     [suffix] = noop
  1325. (5) eap: Peer sent EAP Response (code 2) ID 243 length 5
  1326. (5) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  1327. (5)     [eap] = ok
  1328. (5)   } # authorize = ok
  1329. (5) Found Auth-Type = eap
  1330. (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1331. (5)   authenticate {
  1332. (5) eap: ERROR: EAP-Identity Unknown
  1333. (5) eap: Identity Unknown, authentication failed
  1334. (5) eap: Failed in handler
  1335. (5)     [eap] = invalid
  1336. (5)   } # authenticate = invalid
  1337. (5) Failed to authenticate the user
  1338. (5) Using Post-Auth-Type Reject
  1339. (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1340. (5)   Post-Auth-Type REJECT {
  1341. (5) attr_filter.access_reject: EXPAND %{User-Name}
  1342. (5) attr_filter.access_reject:    -->
  1343. (5)     [attr_filter.access_reject] = noop
  1344. (5) eap: ERROR: EAP-Identity Unknown
  1345. (5) eap: Identity Unknown, authentication failed
  1346. (5) eap: Failed to get handler, probably already removed, not inserting EAP-Failure
  1347. (5)     [eap] = noop
  1348. (5)     policy remove_reply_message_if_eap {
  1349. (5)       if (&reply:EAP-Message && &reply:Reply-Message) {
  1350. (5)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
  1351. (5)       else {
  1352. (5)         [noop] = noop
  1353. (5)       } # else = noop
  1354. (5)     } # policy remove_reply_message_if_eap = noop
  1355. (5)   } # Post-Auth-Type REJECT = noop
  1356. (5) Login incorrect (eap: EAP-Identity Unknown): [<no User-Name attribute>/<via Auth-Type = eap>] (from client GSN-AP-R032 port 1 cli C8-F3-19-0B-4C-41)
  1357. (5) Delaying response for 1.000000 seconds
  1358. Waking up in 0.3 seconds.
  1359. Waking up in 0.6 seconds.
  1360. (5) Sending delayed response
  1361. (5) Sent Access-Reject Id 85 from 192.168.100.3:1812 to 192.168.100.104:36141 length 20
  1362. Waking up in 1.9 seconds.
  1363. (6) Received Access-Request Id 240 from 192.168.100.118:35641 to 192.168.100.3:1812 length 194
  1364. (6)   User-Name = "tklassen"
  1365. (6)   Called-Station-Id = "E4-C3-2A-47-4D-AB:GSN-WIFI"
  1366. (6)   NAS-Port-Type = Wireless-802.11
  1367. (6)   Service-Type = Framed-User
  1368. (6)   NAS-Port = 2
  1369. (6)   Calling-Station-Id = "84-CF-BF-94-EC-DE"
  1370. (6)   Connect-Info = "CONNECT 54Mbps 802.11g"
  1371. (6)   Acct-Session-Id = "713382659E92CA9F"
  1372. (6)   WLAN-Pairwise-Cipher = 1027076
  1373. (6)   WLAN-Group-Cipher = 1027076
  1374. (6)   WLAN-AKM-Suite = 1027073
  1375. (6)   Framed-MTU = 1400
  1376. (6)   EAP-Message = 0x022c000d01746b6c617373656e
  1377. (6)   Message-Authenticator = 0x74aae92abaf129bdbfcb87241dfdc18a
  1378. (6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
  1379. (6)   authorize {
  1380. (6)     policy filter_username {
  1381. (6)       if (&User-Name) {
  1382. (6)       if (&User-Name)  -> TRUE
  1383. (6)       if (&User-Name)  {
  1384. (6)         if (&User-Name =~ / /) {
  1385. (6)         if (&User-Name =~ / /)  -> FALSE
  1386. (6)         if (&User-Name =~ /@[^@]*@/ ) {
  1387. (6)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
  1388. (6)         if (&User-Name =~ /\.\./ ) {
  1389. (6)         if (&User-Name =~ /\.\./ )  -> FALSE
  1390. (6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
  1391. (6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
  1392. (6)         if (&User-Name =~ /\.$/)  {
  1393. (6)         if (&User-Name =~ /\.$/)   -> FALSE
  1394. (6)         if (&User-Name =~ /@\./)  {
  1395. (6)         if (&User-Name =~ /@\./)   -> FALSE
  1396. (6)       } # if (&User-Name)  = notfound
  1397. (6)     } # policy filter_username = notfound
  1398. (6)     [preprocess] = ok
  1399. (6)     [chap] = noop
  1400. (6)     [mschap] = noop
  1401. (6)     [digest] = noop
  1402. (6) suffix: Checking for suffix after "@"
  1403. (6) suffix: No '@' in User-Name = "tklassen", looking up realm NULL
  1404. (6) suffix: No such realm "NULL"
  1405. (6)     [suffix] = noop
  1406. (6) eap: Peer sent EAP Response (code 2) ID 44 length 13
  1407. (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
  1408. (6)     [eap] = ok
  1409. (6)   } # authorize = ok
  1410. (6) Found Auth-Type = eap
  1411. (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1412. (6)   authenticate {
  1413. (6) eap: Peer sent packet with method EAP Identity (1)
  1414. (6) eap: Calling submodule eap_md5 to process data
  1415. (6) eap_md5: Issuing MD5 Challenge
  1416. (6) eap: Sending EAP Request (code 1) ID 45 length 22
  1417. (6) eap: EAP session adding &reply:State = 0xcae7a24ecacaa699
  1418. (6)     [eap] = handled
  1419. (6)   } # authenticate = handled
  1420. (6) Using Post-Auth-Type Challenge
  1421. (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1422. (6)   Challenge { ... } # empty sub-section is ignored
  1423. (6) Sent Access-Challenge Id 240 from 192.168.100.3:1812 to 192.168.100.118:35641 length 0
  1424. (6)   EAP-Message = 0x012d0016041046c396a4b2bb1735678427793d2e304d
  1425. (6)   Message-Authenticator = 0x00000000000000000000000000000000
  1426. (6)   State = 0xcae7a24ecacaa699248795ba8eb783fc
  1427. (6) Finished request
  1428. Waking up in 0.1 seconds.
  1429. (7) Received Access-Request Id 241 from 192.168.100.118:35641 to 192.168.100.3:1812 length 205
  1430. (7)   User-Name = "tklassen"
  1431. (7)   Called-Station-Id = "E4-C3-2A-47-4D-AB:GSN-WIFI"
  1432. (7)   NAS-Port-Type = Wireless-802.11
  1433. (7)   Service-Type = Framed-User
  1434. (7)   NAS-Port = 2
  1435. (7)   Calling-Station-Id = "84-CF-BF-94-EC-DE"
  1436. (7)   Connect-Info = "CONNECT 54Mbps 802.11g"
  1437. (7)   Acct-Session-Id = "713382659E92CA9F"
  1438. (7)   WLAN-Pairwise-Cipher = 1027076
  1439. (7)   WLAN-Group-Cipher = 1027076
  1440. (7)   WLAN-AKM-Suite = 1027073
  1441. (7)   Framed-MTU = 1400
  1442. (7)   EAP-Message = 0x022d00060319
  1443. (7)   State = 0xcae7a24ecacaa699248795ba8eb783fc
  1444. (7)   Message-Authenticator = 0x58044ea4b53fa3179ce8e1e5d9c6ea86
  1445. (7) session-state: No cached attributes
  1446. (7) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
  1447. (7)   authorize {
  1448. (7)     policy filter_username {
  1449. (7)       if (&User-Name) {
  1450. (7)       if (&User-Name)  -> TRUE
  1451. (7)       if (&User-Name)  {
  1452. (7)         if (&User-Name =~ / /) {
  1453. (7)         if (&User-Name =~ / /)  -> FALSE
  1454. (7)         if (&User-Name =~ /@[^@]*@/ ) {
  1455. (7)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
  1456. (7)         if (&User-Name =~ /\.\./ ) {
  1457. (7)         if (&User-Name =~ /\.\./ )  -> FALSE
  1458. (7)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
  1459. (7)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
  1460. (7)         if (&User-Name =~ /\.$/)  {
  1461. (7)         if (&User-Name =~ /\.$/)   -> FALSE
  1462. (7)         if (&User-Name =~ /@\./)  {
  1463. (7)         if (&User-Name =~ /@\./)   -> FALSE
  1464. (7)       } # if (&User-Name)  = notfound
  1465. (7)     } # policy filter_username = notfound
  1466. (7)     [preprocess] = ok
  1467. (7)     [chap] = noop
  1468. (7)     [mschap] = noop
  1469. (7)     [digest] = noop
  1470. (7) suffix: Checking for suffix after "@"
  1471. (7) suffix: No '@' in User-Name = "tklassen", looking up realm NULL
  1472. (7) suffix: No such realm "NULL"
  1473. (7)     [suffix] = noop
  1474. (7) eap: Peer sent EAP Response (code 2) ID 45 length 6
  1475. (7) eap: No EAP Start, assuming it's an on-going EAP conversation
  1476. (7)     [eap] = updated
  1477. (7) files: users: Matched entry tklassen at line 227
  1478. (7) files: EXPAND Hello, %{User-Name}
  1479. (7) files:    --> Hello, tklassen
  1480. (7)     [files] = ok
  1481. (7)     [expiration] = noop
  1482. (7)     [logintime] = noop
  1483. (7) pap: WARNING: Auth-Type already set.  Not setting to PAP
  1484. (7)     [pap] = noop
  1485. (7)   } # authorize = updated
  1486. (7) Found Auth-Type = eap
  1487. (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1488. (7)   authenticate {
  1489. (7) eap: Expiring EAP session with state 0xcae7a24ecacaa699
  1490. (7) eap: Finished EAP session with state 0xcae7a24ecacaa699
  1491. (7) eap: Previous EAP request found for state 0xcae7a24ecacaa699, released from the list
  1492. (7) eap: Peer sent packet with method EAP NAK (3)
  1493. (7) eap: Found mutually acceptable type PEAP (25)
  1494. (7) eap: Calling submodule eap_peap to process data
  1495. (7) eap_peap: Initiating new EAP-TLS session
  1496. (7) eap_peap: [eaptls start] = request
  1497. (7) eap: Sending EAP Request (code 1) ID 46 length 6
  1498. (7) eap: EAP session adding &reply:State = 0xcae7a24ecbc9bb99
  1499. (7)     [eap] = handled
  1500. (7)   } # authenticate = handled
  1501. (7) Using Post-Auth-Type Challenge
  1502. (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1503. (7)   Challenge { ... } # empty sub-section is ignored
  1504. (7) Sent Access-Challenge Id 241 from 192.168.100.3:1812 to 192.168.100.118:35641 length 0
  1505. (7)   Reply-Message = "Hello, tklassen"
  1506. (7)   EAP-Message = 0x012e00061920
  1507. (7)   Message-Authenticator = 0x00000000000000000000000000000000
  1508. (7)   State = 0xcae7a24ecbc9bb99248795ba8eb783fc
  1509. (7) Finished request
  1510. Waking up in 0.1 seconds.
  1511. (8) Received Access-Request Id 242 from 192.168.100.118:35641 to 192.168.100.3:1812 length 340
  1512. (8)   User-Name = "tklassen"
  1513. (8)   Called-Station-Id = "E4-C3-2A-47-4D-AB:GSN-WIFI"
  1514. (8)   NAS-Port-Type = Wireless-802.11
  1515. (8)   Service-Type = Framed-User
  1516. (8)   NAS-Port = 2
  1517. (8)   Calling-Station-Id = "84-CF-BF-94-EC-DE"
  1518. (8)   Connect-Info = "CONNECT 54Mbps 802.11g"
  1519. (8)   Acct-Session-Id = "713382659E92CA9F"
  1520. (8)   WLAN-Pairwise-Cipher = 1027076
  1521. (8)   WLAN-Group-Cipher = 1027076
  1522. (8)   WLAN-AKM-Suite = 1027073
  1523. (8)   Framed-MTU = 1400
  1524. (8)   EAP-Message = 0x022e008d198000000083160301007e0100007a0303b12a160ca72aa508bbc7034432645f8aa8d8c25fc8a13967f09b2f0a0694376600001ec02bc02fc02cc030cca9cca8c009c013c00ac014009c009d002f0035000a0100003300170000ff01000100000a00080006001d00170018000b00020100000d
  1525. (8)   State = 0xcae7a24ecbc9bb99248795ba8eb783fc
  1526. (8)   Message-Authenticator = 0x585198a5ffff2c2f021096aff0f4654d
  1527. (8) session-state: No cached attributes
  1528. (8) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
  1529. (8)   authorize {
  1530. (8)     policy filter_username {
  1531. (8)       if (&User-Name) {
  1532. (8)       if (&User-Name)  -> TRUE
  1533. (8)       if (&User-Name)  {
  1534. (8)         if (&User-Name =~ / /) {
  1535. (8)         if (&User-Name =~ / /)  -> FALSE
  1536. (8)         if (&User-Name =~ /@[^@]*@/ ) {
  1537. (8)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
  1538. (8)         if (&User-Name =~ /\.\./ ) {
  1539. (8)         if (&User-Name =~ /\.\./ )  -> FALSE
  1540. (8)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
  1541. (8)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
  1542. (8)         if (&User-Name =~ /\.$/)  {
  1543. (8)         if (&User-Name =~ /\.$/)   -> FALSE
  1544. (8)         if (&User-Name =~ /@\./)  {
  1545. (8)         if (&User-Name =~ /@\./)   -> FALSE
  1546. (8)       } # if (&User-Name)  = notfound
  1547. (8)     } # policy filter_username = notfound
  1548. (8)     [preprocess] = ok
  1549. (8)     [chap] = noop
  1550. (8)     [mschap] = noop
  1551. (8)     [digest] = noop
  1552. (8) suffix: Checking for suffix after "@"
  1553. (8) suffix: No '@' in User-Name = "tklassen", looking up realm NULL
  1554. (8) suffix: No such realm "NULL"
  1555. (8)     [suffix] = noop
  1556. (8) eap: Peer sent EAP Response (code 2) ID 46 length 141
  1557. (8) eap: Continuing tunnel setup
  1558. (8)     [eap] = ok
  1559. (8)   } # authorize = ok
  1560. (8) Found Auth-Type = eap
  1561. (8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1562. (8)   authenticate {
  1563. (8) eap: Expiring EAP session with state 0xcae7a24ecbc9bb99
  1564. (8) eap: Finished EAP session with state 0xcae7a24ecbc9bb99
  1565. (8) eap: Previous EAP request found for state 0xcae7a24ecbc9bb99, released from the list
  1566. (8) eap: Peer sent packet with method EAP PEAP (25)
  1567. (8) eap: Calling submodule eap_peap to process data
  1568. (8) eap_peap: Continuing EAP-TLS
  1569. (8) eap_peap: Peer indicated complete TLS record size will be 131 bytes
  1570. (8) eap_peap: Got complete TLS record (131 bytes)
  1571. (8) eap_peap: [eaptls verify] = length included
  1572. (8) eap_peap: (other): before SSL initialization
  1573. (8) eap_peap: TLS_accept: before SSL initialization
  1574. (8) eap_peap: TLS_accept: before SSL initialization
  1575. (8) eap_peap: <<< recv  TLS VERSION ?0304? [length 007e]
  1576. (8) eap_peap: TLS_accept: SSLv3/TLS read client hello
  1577. (8) eap_peap: >>> send TLS 1.2  [length 003d]
  1578. (8) eap_peap: TLS_accept: SSLv3/TLS write server hello
  1579. (8) eap_peap: >>> send TLS 1.2  [length 0312]
  1580. (8) eap_peap: TLS_accept: SSLv3/TLS write certificate
  1581. (8) eap_peap: >>> send TLS 1.2  [length 014d]
  1582. (8) eap_peap: TLS_accept: SSLv3/TLS write key exchange
  1583. (8) eap_peap: >>> send TLS 1.2  [length 0004]
  1584. (8) eap_peap: TLS_accept: SSLv3/TLS write server done
  1585. (8) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
  1586. (8) eap_peap: In SSL Handshake Phase
  1587. (8) eap_peap: In SSL Accept mode
  1588. (8) eap_peap: [eaptls process] = handled
  1589. (8) eap: Sending EAP Request (code 1) ID 47 length 1004
  1590. (8) eap: EAP session adding &reply:State = 0xcae7a24ec8c8bb99
  1591. (8)     [eap] = handled
  1592. (8)   } # authenticate = handled
  1593. (8) Using Post-Auth-Type Challenge
  1594. (8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1595. (8)   Challenge { ... } # empty sub-section is ignored
  1596. (8) Sent Access-Challenge Id 242 from 192.168.100.3:1812 to 192.168.100.118:35641 length 0
  1597. (8)   EAP-Message = 0x012f03ec19c0000004b4160303003d020000390303bf90dd8f682fb9b1c5d85d856cd958f2ff2668d95db08fd9444f574e4752440100c02f000011ff01000100000b0004030001020017000016030303120b00030e00030b00030830820304308201eca00302010202090095baa285e46493c3300d0609
  1598. (8)   Message-Authenticator = 0x00000000000000000000000000000000
  1599. (8)   State = 0xcae7a24ec8c8bb99248795ba8eb783fc
  1600. (8) Finished request
  1601. (9) Received Access-Request Id 243 from 192.168.100.118:35641 to 192.168.100.3:1812 length 205
  1602. (9)   User-Name = "tklassen"
  1603. (9)   Called-Station-Id = "E4-C3-2A-47-4D-AB:GSN-WIFI"
  1604. (9)   NAS-Port-Type = Wireless-802.11
  1605. (9)   Service-Type = Framed-User
  1606. (9)   NAS-Port = 2
  1607. (9)   Calling-Station-Id = "84-CF-BF-94-EC-DE"
  1608. (9)   Connect-Info = "CONNECT 54Mbps 802.11g"
  1609. (9)   Acct-Session-Id = "713382659E92CA9F"
  1610. (9)   WLAN-Pairwise-Cipher = 1027076
  1611. (9)   WLAN-Group-Cipher = 1027076
  1612. (9)   WLAN-AKM-Suite = 1027073
  1613. (9)   Framed-MTU = 1400
  1614. (9)   EAP-Message = 0x022f00061900
  1615. (9)   State = 0xcae7a24ec8c8bb99248795ba8eb783fc
  1616. (9)   Message-Authenticator = 0x005025a9c3789a5809b2bd776ed64511
  1617. (9) session-state: No cached attributes
  1618. (9) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
  1619. (9)   authorize {
  1620. (9)     policy filter_username {
  1621. (9)       if (&User-Name) {
  1622. (9)       if (&User-Name)  -> TRUE
  1623. (9)       if (&User-Name)  {
  1624. (9)         if (&User-Name =~ / /) {
  1625. (9)         if (&User-Name =~ / /)  -> FALSE
  1626. (9)         if (&User-Name =~ /@[^@]*@/ ) {
  1627. (9)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
  1628. (9)         if (&User-Name =~ /\.\./ ) {
  1629. (9)         if (&User-Name =~ /\.\./ )  -> FALSE
  1630. (9)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
  1631. (9)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
  1632. (9)         if (&User-Name =~ /\.$/)  {
  1633. (9)         if (&User-Name =~ /\.$/)   -> FALSE
  1634. (9)         if (&User-Name =~ /@\./)  {
  1635. (9)         if (&User-Name =~ /@\./)   -> FALSE
  1636. (9)       } # if (&User-Name)  = notfound
  1637. (9)     } # policy filter_username = notfound
  1638. (9)     [preprocess] = ok
  1639. (9)     [chap] = noop
  1640. (9)     [mschap] = noop
  1641. (9)     [digest] = noop
  1642. (9) suffix: Checking for suffix after "@"
  1643. (9) suffix: No '@' in User-Name = "tklassen", looking up realm NULL
  1644. (9) suffix: No such realm "NULL"
  1645. (9)     [suffix] = noop
  1646. (9) eap: Peer sent EAP Response (code 2) ID 47 length 6
  1647. (9) eap: Continuing tunnel setup
  1648. (9)     [eap] = ok
  1649. (9)   } # authorize = ok
  1650. (9) Found Auth-Type = eap
  1651. (9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1652. (9)   authenticate {
  1653. (9) eap: Expiring EAP session with state 0xcae7a24ec8c8bb99
  1654. (9) eap: Finished EAP session with state 0xcae7a24ec8c8bb99
  1655. (9) eap: Previous EAP request found for state 0xcae7a24ec8c8bb99, released from the list
  1656. (9) eap: Peer sent packet with method EAP PEAP (25)
  1657. (9) eap: Calling submodule eap_peap to process data
  1658. (9) eap_peap: Continuing EAP-TLS
  1659. (9) eap_peap: Peer ACKed our handshake fragment
  1660. (9) eap_peap: [eaptls verify] = request
  1661. (9) eap_peap: [eaptls process] = handled
  1662. (9) eap: Sending EAP Request (code 1) ID 48 length 216
  1663. (9) eap: EAP session adding &reply:State = 0xcae7a24ec9d7bb99
  1664. (9)     [eap] = handled
  1665. (9)   } # authenticate = handled
  1666. (9) Using Post-Auth-Type Challenge
  1667. (9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1668. (9)   Challenge { ... } # empty sub-section is ignored
  1669. (9) Sent Access-Challenge Id 243 from 192.168.100.3:1812 to 192.168.100.118:35641 length 0
  1670. (9)   EAP-Message = 0x013000d81900e29f097402bdc67ee2f0692fb5cbd391357f818c9e92be7eeb804fa0daf1554f257e7f4d2a94e3bab4f51f5754a0c9ba3c45c68ba9fed714185bade0316007b8a2fd65f1099550ff2174841fd31b6de7510777a77c88f9b7abe2e19b9ce18078d10acd887c42c78b8e898bbb6c0e4aff9f
  1671. (9)   Message-Authenticator = 0x00000000000000000000000000000000
  1672. (9)   State = 0xcae7a24ec9d7bb99248795ba8eb783fc
  1673. (9) Finished request
  1674. (10) Received Access-Request Id 244 from 192.168.100.118:35641 to 192.168.100.3:1812 length 216
  1675. (10)   User-Name = "tklassen"
  1676. (10)   Called-Station-Id = "E4-C3-2A-47-4D-AB:GSN-WIFI"
  1677. (10)   NAS-Port-Type = Wireless-802.11
  1678. (10)   Service-Type = Framed-User
  1679. (10)   NAS-Port = 2
  1680. (10)   Calling-Station-Id = "84-CF-BF-94-EC-DE"
  1681. (10)   Connect-Info = "CONNECT 54Mbps 802.11g"
  1682. (10)   Acct-Session-Id = "713382659E92CA9F"
  1683. (10)   WLAN-Pairwise-Cipher = 1027076
  1684. (10)   WLAN-Group-Cipher = 1027076
  1685. (10)   WLAN-AKM-Suite = 1027073
  1686. (10)   Framed-MTU = 1400
  1687. (10)   EAP-Message = 0x0230001119800000000715030300020230
  1688. (10)   State = 0xcae7a24ec9d7bb99248795ba8eb783fc
  1689. (10)   Message-Authenticator = 0xb3b4f7b2efd89639cff70a473b6abaf4
  1690. (10) session-state: No cached attributes
  1691. (10) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
  1692. (10)   authorize {
  1693. (10)     policy filter_username {
  1694. (10)       if (&User-Name) {
  1695. (10)       if (&User-Name)  -> TRUE
  1696. (10)       if (&User-Name)  {
  1697. (10)         if (&User-Name =~ / /) {
  1698. (10)         if (&User-Name =~ / /)  -> FALSE
  1699. (10)         if (&User-Name =~ /@[^@]*@/ ) {
  1700. (10)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
  1701. (10)         if (&User-Name =~ /\.\./ ) {
  1702. (10)         if (&User-Name =~ /\.\./ )  -> FALSE
  1703. (10)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
  1704. (10)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
  1705. (10)         if (&User-Name =~ /\.$/)  {
  1706. (10)         if (&User-Name =~ /\.$/)   -> FALSE
  1707. (10)         if (&User-Name =~ /@\./)  {
  1708. (10)         if (&User-Name =~ /@\./)   -> FALSE
  1709. (10)       } # if (&User-Name)  = notfound
  1710. (10)     } # policy filter_username = notfound
  1711. (10)     [preprocess] = ok
  1712. (10)     [chap] = noop
  1713. (10)     [mschap] = noop
  1714. (10)     [digest] = noop
  1715. (10) suffix: Checking for suffix after "@"
  1716. (10) suffix: No '@' in User-Name = "tklassen", looking up realm NULL
  1717. (10) suffix: No such realm "NULL"
  1718. (10)     [suffix] = noop
  1719. (10) eap: Peer sent EAP Response (code 2) ID 48 length 17
  1720. (10) eap: Continuing tunnel setup
  1721. (10)     [eap] = ok
  1722. (10)   } # authorize = ok
  1723. (10) Found Auth-Type = eap
  1724. (10) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1725. (10)   authenticate {
  1726. (10) eap: Expiring EAP session with state 0xcae7a24ec9d7bb99
  1727. (10) eap: Finished EAP session with state 0xcae7a24ec9d7bb99
  1728. (10) eap: Previous EAP request found for state 0xcae7a24ec9d7bb99, released from the list
  1729. (10) eap: Peer sent packet with method EAP PEAP (25)
  1730. (10) eap: Calling submodule eap_peap to process data
  1731. (10) eap_peap: Continuing EAP-TLS
  1732. (10) eap_peap: Peer indicated complete TLS record size will be 7 bytes
  1733. (10) eap_peap: Got complete TLS record (7 bytes)
  1734. (10) eap_peap: [eaptls verify] = length included
  1735. (10) eap_peap: <<< recv TLS 1.2  [length 0002]
  1736. (10) eap_peap: ERROR: TLS Alert read:fatal:unknown CA
  1737. (10) eap_peap: TLS_accept: Need to read more data: error
  1738. (10) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
  1739. (10) eap_peap: In SSL Handshake Phase
  1740. (10) eap_peap: In SSL Accept mode
  1741. (10) eap_peap: SSL Application Data
  1742. (10) eap_peap: ERROR: TLS failed during operation
  1743. (10) eap_peap: ERROR: [eaptls process] = fail
  1744. (10) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
  1745. (10) eap: Sending EAP Failure (code 4) ID 48 length 4
  1746. (10) eap: Failed in EAP select
  1747. (10)     [eap] = invalid
  1748. (10)   } # authenticate = invalid
  1749. (10) Failed to authenticate the user
  1750. (10) Using Post-Auth-Type Reject
  1751. (10) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  1752. (10)   Post-Auth-Type REJECT {
  1753. (10) attr_filter.access_reject: EXPAND %{User-Name}
  1754. (10) attr_filter.access_reject:    --> tklassen
  1755. (10) attr_filter.access_reject: Matched entry DEFAULT at line 11
  1756. (10)     [attr_filter.access_reject] = updated
  1757. (10)     [eap] = noop
  1758. (10)     policy remove_reply_message_if_eap {
  1759. (10)       if (&reply:EAP-Message && &reply:Reply-Message) {
  1760. (10)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
  1761. (10)       else {
  1762. (10)         [noop] = noop
  1763. (10)       } # else = noop
  1764. (10)     } # policy remove_reply_message_if_eap = noop
  1765. (10)   } # Post-Auth-Type REJECT = updated
  1766. (10) Login incorrect (eap_peap: TLS Alert read:fatal:unknown CA): [tklassen/<via Auth-Type = eap>] (from client GSN-AP-R035-02 port 2 cli 84-CF-BF-94-EC-DE)
  1767. (10) Delaying response for 1.000000 seconds
  1768. (0) Cleaning up request packet ID 158 with timestamp +3
  1769. (1) Cleaning up request packet ID 159 with timestamp +3
  1770. (2) Cleaning up request packet ID 160 with timestamp +3
  1771. (3) Cleaning up request packet ID 161 with timestamp +3
  1772. (4) Cleaning up request packet ID 162 with timestamp +3
  1773. Waking up in 0.2 seconds.
  1774. Waking up in 0.6 seconds.
  1775. (10) Sending delayed response
  1776. (10) Sent Access-Reject Id 244 from 192.168.100.3:1812 to 192.168.100.118:35641 length 44
  1777. (10)   EAP-Message = 0x04300004
  1778. (10)   Message-Authenticator = 0x00000000000000000000000000000000
  1779. Waking up in 1.0 seconds.
  1780. (5) Cleaning up request packet ID 85 with timestamp +5
  1781. Waking up in 2.8 seconds.
  1782. (6) Cleaning up request packet ID 240 with timestamp +7
  1783. (7) Cleaning up request packet ID 241 with timestamp +7
  1784. (8) Cleaning up request packet ID 242 with timestamp +7
  1785. (9) Cleaning up request packet ID 243 with timestamp +8
  1786. (10) Cleaning up request packet ID 244 with timestamp +8
  1787. Ready to process requests

Quellcode

Hier kannst du den Code kopieren und ihn in deinen bevorzugten Editor einfügen. PASTEBIN_DOWNLOAD_SNIPPET_EXPLAIN