Jump to content

Настройка Freeradius + Daloradius dynamic vlan assignment

Всем привет!
Пытаюсь настроить Freeradius для динамического назначения vlan при подключении Wi-Fi пользователей.

Есть несколько Wi-Fi точек Aruba IAP которые обращаются к radius серверу. В качестве radius сервера развернут Freeradius с GUI Daloradius. В Daloradius настроил NAS и тестового пользователя который привязан к профилю и в профиле указал атрибуты ответа:

Tunnel-Type := VLAN

Tunnel-Medium-Type := IEEE-802

Tunnel-Private-Group-Id := " нужный номер vlan"

 

Тест User Connectivity проходит успешно, настроенные атрибуты передаются от Freeradius в сообщении Sent Access-Accept.

А вот кода приходит запрос от адреса виртуального контроллера Aruba с тем же логином паролем тестового пользователя, то в дебаге видно, что Freeradius авторизовывает пользователя, но отправляет сообщение Sent Access-Accept без атрибутов. Похоже проблема связана с EAP.
Что может быть не так и как правильно настроить?

 

Share this post


Link to post
Share on other sites

вывод в дебаге тестового подключения с Daloradius:

Spoiler

(15863) Received Access-Request Id 37 from 127.0.0.1:52329 to 127.0.0.1:1812 length 46
(15863)   User-Name = "test12"
(15863)   User-Password = "test12"
(15863) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(15863)   authorize {
(15863)     policy filter_username {
(15863)       if (&User-Name) {
(15863)       if (&User-Name)  -> TRUE
(15863)       if (&User-Name)  {
(15863)         if (&User-Name =~ / /) {
(15863)         if (&User-Name =~ / /)  -> FALSE
(15863)         if (&User-Name =~ /@[^@]*@/ ) {
(15863)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15863)         if (&User-Name =~ /\.\./ ) {
(15863)         if (&User-Name =~ /\.\./ )  -> FALSE
(15863)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15863)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15863)         if (&User-Name =~ /\.$/)  {
(15863)         if (&User-Name =~ /\.$/)   -> FALSE
(15863)         if (&User-Name =~ /@\./)  {
(15863)         if (&User-Name =~ /@\./)   -> FALSE
(15863)       } # if (&User-Name)  = notfound
(15863)     } # policy filter_username = notfound
(15863)     [preprocess] = ok
(15863)     [chap] = noop
(15863)     [mschap] = noop
(15863)     [digest] = noop
(15863) suffix: Checking for suffix after "@"
(15863) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15863) suffix: No such realm "NULL"
(15863)     [suffix] = noop
(15863) eap: No EAP-Message, not doing EAP
(15863)     [eap] = noop
(15863)     [files] = noop
(15863) sql: EXPAND %{User-Name}
(15863) sql:    --> test12
(15863) sql: SQL-User-Name set to 'test12'
rlm_sql (sql): Reserved connection (5225)
(15863) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(15863) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test12' ORDER BY id
(15863) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test12' ORDER BY id
(15863) sql: User found in radcheck table
(15863) sql: Conditional check items matched, merging assignment check items
(15863) sql:   Cleartext-Password := "test12"
(15863) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(15863) sql:    --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test12' ORDER BY id
(15863) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test12' ORDER BY id
rlm_sql (sql): Reserved connection (5226)
rlm_sql (sql): Released connection (5226)
Need 7 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (5228), 1 of 28 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.3.34-MariaDB-0ubuntu0.20.04.1, protocol version 10
(15863) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(15863) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'test12' ORDER BY priority
(15863) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test12' ORDER BY priority
(15863) sql: User found in the group table
(15863) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(15863) sql:    --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15863) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15863) sql: Group "Dynamic Vlan Assigment": Conditional check items matched
(15863) sql: Group "Dynamic Vlan Assigment": Merging assignment check items
(15863) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(15863) sql:    --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15863) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15863) sql: Group "Dynamic Vlan Assigment": Merging reply items
(15863) sql:   Tunnel-Type := VLAN
(15863) sql:   Tunnel-Private-Group-Id := "84"
(15863) sql:   Tunnel-Medium-Type := IEEE-802
(15863) sql:   Aruba-User-Vlan := 4
(15863) sql:   Framed-Protocol = PPP
(15863) sql:   Service-Type = Framed-User
rlm_sql (sql): Released connection (5225)
(15863)     [sql] = ok
(15863)     [expiration] = noop
(15863)     [logintime] = noop
(15863)     [pap] = updated
(15863)   } # authorize = updated
(15863) Found Auth-Type = PAP
(15863) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15863)   Auth-Type PAP {
(15863) pap: Login attempt with password
(15863) pap: Comparing with "known good" Cleartext-Password
(15863) pap: User authenticated successfully
(15863)     [pap] = ok
(15863)   } # Auth-Type PAP = ok
(15863) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default
(15863)   post-auth {
(15863)     if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
(15863)     if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name))  -> FALSE
(15863)     update {
(15863)       No attributes updated for RHS &session-state:
(15863)     } # update = noop
(15863) sql: EXPAND .query
(15863) sql:    --> .query
(15863) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (5224)
(15863) sql: EXPAND %{User-Name}
(15863) sql:    --> test12
(15863) sql: SQL-User-Name set to 'test12'
(15863) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(15863) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test12', 'test12', 'Access-Accept', '2022-08-03 11:05:59')
(15863) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test12', 'test12', 'Access-Accept', '2022-08-03 11:05:59')
(15863) sql: SQL query returned: success
(15863) sql: 1 record(s) updated
rlm_sql (sql): Released connection (5224)
(15863)     [sql] = ok
(15863)     [exec] = noop
(15863)     policy remove_reply_message_if_eap {
(15863)       if (&reply:EAP-Message && &reply:Reply-Message) {
(15863)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(15863)       else {
(15863)         [noop] = noop
(15863)       } # else = noop
(15863)     } # policy remove_reply_message_if_eap = noop
(15863)   } # post-auth = ok
(15863) Sent Access-Accept Id 37 from 127.0.0.1:1812 to 127.0.0.1:52329 length 0
(15863)   Tunnel-Type = VLAN
(15863)   Tunnel-Private-Group-Id = "84"
(15863)   Tunnel-Medium-Type = IEEE-802
(15863)   Aruba-User-Vlan = 4
(15863)   Framed-Protocol = PPP
(15863)   Service-Type = Framed-User
(15863) Finished request
Waking up in 4.9 seconds.
(15863) Cleaning up request packet ID 37 with timestamp +751938
Ready to process requests
 

 

вывод в дебаге подключения с Wi-Fi точек доступа Aruba:

Spoiler

(15895) Received Access-Request Id 11 from 10.80.10.100:54194 to 10.80.9.2:1812 length 216
(15895)   User-Name = "test12"
(15895)   NAS-IP-Address = 10.80.10.100
(15895)   NAS-Port = 0
(15895)   NAS-Identifier = "10.80.10.159"
(15895)   NAS-Port-Type = Wireless-802.11
(15895)   Calling-Station-Id = "606ee82d9a34"
(15895)   Called-Station-Id = "904c81c63c70"
(15895)   Service-Type = Framed-User
(15895)   Framed-MTU = 1100
(15895)   EAP-Message = 0x0201000b01746573743132
(15895)   Aruba-Essid-Name = "TEST-SSID"
(15895)   Aruba-Location-Id = "Aruba-AP-5"
(15895)   Aruba-AP-Group = "wi-fi-aruba"
(15895)   Aruba-Device-Type = "Linux"
(15895)   Message-Authenticator = 0x2070d6c1adcc70a413da32e33e8e1f17
(15895) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(15895)   authorize {
(15895)     policy filter_username {
(15895)       if (&User-Name) {
(15895)       if (&User-Name)  -> TRUE
(15895)       if (&User-Name)  {
(15895)         if (&User-Name =~ / /) {
(15895)         if (&User-Name =~ / /)  -> FALSE
(15895)         if (&User-Name =~ /@[^@]*@/ ) {
(15895)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15895)         if (&User-Name =~ /\.\./ ) {
(15895)         if (&User-Name =~ /\.\./ )  -> FALSE
(15895)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15895)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15895)         if (&User-Name =~ /\.$/)  {
(15895)         if (&User-Name =~ /\.$/)   -> FALSE
(15895)         if (&User-Name =~ /@\./)  {
(15895)         if (&User-Name =~ /@\./)   -> FALSE
(15895)       } # if (&User-Name)  = notfound
(15895)     } # policy filter_username = notfound
(15895)     [preprocess] = ok
(15895)     [chap] = noop
(15895)     [mschap] = noop
(15895)     [digest] = noop
(15895) suffix: Checking for suffix after "@"
(15895) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15895) suffix: No such realm "NULL"
(15895)     [suffix] = noop
(15895) eap: Peer sent EAP Response (code 2) ID 1 length 11
(15895) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(15895)     [eap] = ok
(15895)   } # authorize = ok
(15895) Found Auth-Type = eap
(15895) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15895)   authenticate {
(15895) eap: Peer sent packet with method EAP Identity (1)
(15895) eap: Calling submodule eap_tls to process data
(15895) eap_tls: Initiating new TLS session
(15895) eap_tls: Setting verify mode to require certificate from client
(15895) eap_tls: [eaptls start] = request
(15895) eap: Sending EAP Request (code 1) ID 2 length 6
(15895) eap: EAP session adding &reply:State = 0x289e91c1289c9c55
(15895)     [eap] = handled
(15895)   } # authenticate = handled
(15895) Using Post-Auth-Type Challenge
(15895) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15895)   Challenge { ... } # empty sub-section is ignored
(15895) Sent Access-Challenge Id 11 from 10.80.9.2:1812 to 10.80.10.100:54194 length 0
(15895)   EAP-Message = 0x010200060d20
(15895)   Message-Authenticator = 0x00000000000000000000000000000000
(15895)   State = 0x289e91c1289c9c55ee3fc9064da4dff1
(15895) Finished request
Waking up in 4.9 seconds.
(15896) Received Access-Request Id 12 from 10.80.10.100:54194 to 10.80.9.2:1812 length 231
(15896)   User-Name = "test12"
(15896)   NAS-IP-Address = 10.80.10.100
(15896)   NAS-Port = 0
(15896)   NAS-Identifier = "10.80.10.159"
(15896)   NAS-Port-Type = Wireless-802.11
(15896)   Calling-Station-Id = "606ee82d9a34"
(15896)   Called-Station-Id = "904c81c63c70"
(15896)   Service-Type = Framed-User
(15896)   Framed-MTU = 1100
(15896)   EAP-Message = 0x0202000803191534
(15896)   State = 0x289e91c1289c9c55ee3fc9064da4dff1
(15896)   Aruba-Essid-Name = "TEST-SSID"
(15896)   Aruba-Location-Id = "Aruba-AP-5"
(15896)   Aruba-AP-Group = "wi-fi-aruba"
(15896)   Aruba-Device-Type = "Linux"
(15896)   Message-Authenticator = 0xe068f9184b5fc9607f8ccce9cd74f20e
(15896) session-state: No cached attributes
(15896) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(15896)   authorize {
(15896)     policy filter_username {
(15896)       if (&User-Name) {
(15896)       if (&User-Name)  -> TRUE
(15896)       if (&User-Name)  {
(15896)         if (&User-Name =~ / /) {
(15896)         if (&User-Name =~ / /)  -> FALSE
(15896)         if (&User-Name =~ /@[^@]*@/ ) {
(15896)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15896)         if (&User-Name =~ /\.\./ ) {
(15896)         if (&User-Name =~ /\.\./ )  -> FALSE
(15896)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15896)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15896)         if (&User-Name =~ /\.$/)  {
(15896)         if (&User-Name =~ /\.$/)   -> FALSE
(15896)         if (&User-Name =~ /@\./)  {
(15896)         if (&User-Name =~ /@\./)   -> FALSE
(15896)       } # if (&User-Name)  = notfound
(15896)     } # policy filter_username = notfound
(15896)     [preprocess] = ok
(15896)     [chap] = noop
(15896)     [mschap] = noop
(15896)     [digest] = noop
(15896) suffix: Checking for suffix after "@"
(15896) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15896) suffix: No such realm "NULL"
(15896)     [suffix] = noop
(15896) eap: Peer sent EAP Response (code 2) ID 2 length 8
(15896) eap: No EAP Start, assuming it's an on-going EAP conversation
(15896)     [eap] = updated
(15896)     [files] = noop
(15896) sql: EXPAND %{User-Name}
(15896) sql:    --> test12
(15896) sql: SQL-User-Name set to 'test12'
rlm_sql (sql): Closing connection (5235): Hit idle_timeout, was idle for 65 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (5236): Hit idle_timeout, was idle for 65 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (5234): Hit idle_timeout, was idle for 65 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): 0 of 0 connections in use.  You  may need to increase "spare"
rlm_sql (sql): Opening additional connection (5237), 1 of 32 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.3.34-MariaDB-0ubuntu0.20.04.1, protocol version 10
rlm_sql (sql): Reserved connection (5237)
(15896) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(15896) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test12' ORDER BY id
(15896) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test12' ORDER BY id
(15896) sql: User found in radcheck table
(15896) sql: Conditional check items matched, merging assignment check items
(15896) sql:   Cleartext-Password := "test12"
(15896) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(15896) sql:    --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test12' ORDER BY id
(15896) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test12' ORDER BY id
rlm_sql (sql): 1 of 1 connections in use.  You  may need to increase "spare"
rlm_sql (sql): Opening additional connection (5238), 1 of 31 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.3.34-MariaDB-0ubuntu0.20.04.1, protocol version 10
rlm_sql (sql): Reserved connection (5238)
rlm_sql (sql): Released connection (5238)
Need 1 more connections to reach min connections (3)
rlm_sql (sql): Opening additional connection (5239), 1 of 30 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.5-10.3.34-MariaDB-0ubuntu0.20.04.1, protocol version 10
(15896) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(15896) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'test12' ORDER BY priority
(15896) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test12' ORDER BY priority
(15896) sql: User found in the group table
(15896) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(15896) sql:    --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15896) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15896) sql: Group "Dynamic Vlan Assigment": Conditional check items matched
(15896) sql: Group "Dynamic Vlan Assigment": Merging assignment check items
(15896) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(15896) sql:    --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15896) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15896) sql: Group "Dynamic Vlan Assigment": Merging reply items
(15896) sql:   Tunnel-Type := VLAN
(15896) sql:   Tunnel-Private-Group-Id := "84"
(15896) sql:   Tunnel-Medium-Type := IEEE-802
(15896) sql:   Aruba-User-Vlan := 4
(15896) sql:   Framed-Protocol = PPP
(15896) sql:   Service-Type = Framed-User
rlm_sql (sql): Released connection (5237)
(15896)     [sql] = ok
(15896)     [expiration] = noop
(15896)     [logintime] = noop
(15896) pap: WARNING: Auth-Type already set.  Not setting to PAP
(15896)     [pap] = noop
(15896)   } # authorize = updated
(15896) Found Auth-Type = eap
(15896) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15896)   authenticate {
(15896) eap: Expiring EAP session with state 0x289e91c1289c9c55
(15896) eap: Finished EAP session with state 0x289e91c1289c9c55
(15896) eap: Previous EAP request found for state 0x289e91c1289c9c55, released from the list
(15896) eap: Peer sent packet with method EAP NAK (3)
(15896) eap: Found mutually acceptable type PEAP (25)
(15896) eap: Calling submodule eap_peap to process data
(15896) eap_peap: Initiating new TLS session
(15896) eap_peap: [eaptls start] = request
(15896) eap: Sending EAP Request (code 1) ID 3 length 6
(15896) eap: EAP session adding &reply:State = 0x289e91c1299d8855
(15896)     [eap] = handled
(15896)   } # authenticate = handled
(15896) Using Post-Auth-Type Challenge
(15896) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15896)   Challenge { ... } # empty sub-section is ignored
(15896) Sent Access-Challenge Id 12 from 10.80.9.2:1812 to 10.80.10.100:54194 length 0
(15896)   Tunnel-Type = VLAN
(15896)   Tunnel-Private-Group-Id = "84"
(15896)   Tunnel-Medium-Type = IEEE-802
(15896)   Aruba-User-Vlan = 4
(15896)   Framed-Protocol = PPP
(15896)   Service-Type = Framed-User
(15896)   EAP-Message = 0x010300061920
(15896)   Message-Authenticator = 0x00000000000000000000000000000000
(15896)   State = 0x289e91c1299d8855ee3fc9064da4dff1
(15896) Finished request
Waking up in 4.9 seconds.
(15897) Received Access-Request Id 13 from 10.80.10.100:54194 to 10.80.9.2:1812 length 364
(15897)   User-Name = "test12"
(15897)   NAS-IP-Address = 10.80.10.100
(15897)   NAS-Port = 0
(15897)   NAS-Identifier = "10.80.10.159"
(15897)   NAS-Port-Type = Wireless-802.11
(15897)   Calling-Station-Id = "606ee82d9a34"
(15897)   Called-Station-Id = "904c81c63c70"
(15897)   Service-Type = Framed-User
(15897)   Framed-MTU = 1100
(15897)   EAP-Message = 0x0203008d198000000083160301007e0100007a03038f20528e95f2f4930f4ac1e380ad72ccb9a12086d7e4159d28f5355cfc1547a700001ec02bc02fc02cc030cca9cca8c009c013c00ac014009c009d002f0035000a0100003300170000ff01000100000a00080006001d00170018000b00020100000d00140012040308040401050308050501080606010201
(15897)   State = 0x289e91c1299d8855ee3fc9064da4dff1
(15897)   Aruba-Essid-Name = "TEST-SSID"
(15897)   Aruba-Location-Id = "Aruba-AP-5"
(15897)   Aruba-AP-Group = "wi-fi-aruba"
(15897)   Aruba-Device-Type = "Linux"
(15897)   Message-Authenticator = 0x20d29198e0ba8de162e713f9f2edece2
(15897) session-state: No cached attributes
(15897) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(15897)   authorize {
(15897)     policy filter_username {
(15897)       if (&User-Name) {
(15897)       if (&User-Name)  -> TRUE
(15897)       if (&User-Name)  {
(15897)         if (&User-Name =~ / /) {
(15897)         if (&User-Name =~ / /)  -> FALSE
(15897)         if (&User-Name =~ /@[^@]*@/ ) {
(15897)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15897)         if (&User-Name =~ /\.\./ ) {
(15897)         if (&User-Name =~ /\.\./ )  -> FALSE
(15897)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15897)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15897)         if (&User-Name =~ /\.$/)  {
(15897)         if (&User-Name =~ /\.$/)   -> FALSE
(15897)         if (&User-Name =~ /@\./)  {
(15897)         if (&User-Name =~ /@\./)   -> FALSE
(15897)       } # if (&User-Name)  = notfound
(15897)     } # policy filter_username = notfound
(15897)     [preprocess] = ok
(15897)     [chap] = noop
(15897)     [mschap] = noop
(15897)     [digest] = noop
(15897) suffix: Checking for suffix after "@"
(15897) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15897) suffix: No such realm "NULL"
(15897)     [suffix] = noop
(15897) eap: Peer sent EAP Response (code 2) ID 3 length 141
(15897) eap: Continuing tunnel setup
(15897)     [eap] = ok
(15897)   } # authorize = ok
(15897) Found Auth-Type = eap
(15897) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15897)   authenticate {
(15897) eap: Expiring EAP session with state 0x289e91c1299d8855
(15897) eap: Finished EAP session with state 0x289e91c1299d8855
(15897) eap: Previous EAP request found for state 0x289e91c1299d8855, released from the list
(15897) eap: Peer sent packet with method EAP PEAP (25)
(15897) eap: Calling submodule eap_peap to process data
(15897) eap_peap: Continuing EAP-TLS
(15897) eap_peap: Peer indicated complete TLS record size will be 131 bytes
(15897) eap_peap: Got complete TLS record (131 bytes)
(15897) eap_peap: [eaptls verify] = length included
(15897) eap_peap: (other): before SSL initialization
(15897) eap_peap: TLS_accept: before SSL initialization
(15897) eap_peap: TLS_accept: before SSL initialization
(15897) eap_peap: <<< recv TLS 1.3  [length 007e] 
(15897) eap_peap: TLS_accept: SSLv3/TLS read client hello
(15897) eap_peap: >>> send TLS 1.2  [length 003d] 
(15897) eap_peap: TLS_accept: SSLv3/TLS write server hello
(15897) eap_peap: >>> send TLS 1.2  [length 0884] 
(15897) eap_peap: TLS_accept: SSLv3/TLS write certificate
(15897) eap_peap: >>> send TLS 1.2  [length 014d] 
(15897) eap_peap: TLS_accept: SSLv3/TLS write key exchange
(15897) eap_peap: >>> send TLS 1.2  [length 0004] 
(15897) eap_peap: TLS_accept: SSLv3/TLS write server done
(15897) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
(15897) eap_peap: TLS - In Handshake Phase
(15897) eap_peap: TLS - got 2598 bytes of data
(15897) eap_peap: [eaptls process] = handled
(15897) eap: Sending EAP Request (code 1) ID 4 length 1004
(15897) eap: EAP session adding &reply:State = 0x289e91c12a9a8855
(15897)     [eap] = handled
(15897)   } # authenticate = handled
(15897) Using Post-Auth-Type Challenge
(15897) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15897)   Challenge { ... } # empty sub-section is ignored
(15897) Sent Access-Challenge Id 13 from 10.80.9.2:1812 to 10.80.10.100:54194 length 0
(15897)   EAP-Message = 0x010403ec19c000000a26160303003d0200003903034664f5728092f10356510ec480f05a830c457a3d36a9150422aa99b518ddf64000c02f000011ff01000100000b0004030001020017000016030308840b00088000087d0003bf308203bb308202a3a003020102020101300d06092a864886f70d01010b0500307d310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673110300e06035504030c07526f6f74204341301e170d3232303732303135323030345a170d3232303931383135323030345a3074310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e311b301906035504030c125365727665722043657274696669636174653120301e06092a864886
(15897)   Message-Authenticator = 0x00000000000000000000000000000000
(15897)   State = 0x289e91c12a9a8855ee3fc9064da4dff1
(15897) Finished request
Waking up in 4.9 seconds.
(15898) Received Access-Request Id 14 from 10.80.10.100:54194 to 10.80.9.2:1812 length 229
(15898)   User-Name = "test12"
(15898)   NAS-IP-Address = 10.80.10.100
(15898)   NAS-Port = 0
(15898)   NAS-Identifier = "10.80.10.159"
(15898)   NAS-Port-Type = Wireless-802.11
(15898)   Calling-Station-Id = "606ee82d9a34"
(15898)   Called-Station-Id = "904c81c63c70"
(15898)   Service-Type = Framed-User
(15898)   Framed-MTU = 1100
(15898)   EAP-Message = 0x020400061900
(15898)   State = 0x289e91c12a9a8855ee3fc9064da4dff1
(15898)   Aruba-Essid-Name = "TEST-SSID"
(15898)   Aruba-Location-Id = "Aruba-AP-5"
(15898)   Aruba-AP-Group = "wi-fi-aruba"
(15898)   Aruba-Device-Type = "Linux"
(15898)   Message-Authenticator = 0x4a3e83a9f8189685d37b0503b229da2d
(15898) session-state: No cached attributes
(15898) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(15898)   authorize {
(15898)     policy filter_username {
(15898)       if (&User-Name) {
(15898)       if (&User-Name)  -> TRUE
(15898)       if (&User-Name)  {
(15898)         if (&User-Name =~ / /) {
(15898)         if (&User-Name =~ / /)  -> FALSE
(15898)         if (&User-Name =~ /@[^@]*@/ ) {
(15898)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15898)         if (&User-Name =~ /\.\./ ) {
(15898)         if (&User-Name =~ /\.\./ )  -> FALSE
(15898)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15898)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15898)         if (&User-Name =~ /\.$/)  {
(15898)         if (&User-Name =~ /\.$/)   -> FALSE
(15898)         if (&User-Name =~ /@\./)  {
(15898)         if (&User-Name =~ /@\./)   -> FALSE
(15898)       } # if (&User-Name)  = notfound
(15898)     } # policy filter_username = notfound
(15898)     [preprocess] = ok
(15898)     [chap] = noop
(15898)     [mschap] = noop
(15898)     [digest] = noop
(15898) suffix: Checking for suffix after "@"
(15898) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15898) suffix: No such realm "NULL"
(15898)     [suffix] = noop
(15898) eap: Peer sent EAP Response (code 2) ID 4 length 6
(15898) eap: Continuing tunnel setup
(15898)     [eap] = ok
(15898)   } # authorize = ok
(15898) Found Auth-Type = eap
(15898) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15898)   authenticate {
(15898) eap: Expiring EAP session with state 0x289e91c12a9a8855
(15898) eap: Finished EAP session with state 0x289e91c12a9a8855
(15898) eap: Previous EAP request found for state 0x289e91c12a9a8855, released from the list
(15898) eap: Peer sent packet with method EAP PEAP (25)
(15898) eap: Calling submodule eap_peap to process data
(15898) eap_peap: Continuing EAP-TLS
(15898) eap_peap: Peer ACKed our handshake fragment
(15898) eap_peap: [eaptls verify] = request
(15898) eap_peap: [eaptls process] = handled
(15898) eap: Sending EAP Request (code 1) ID 5 length 1000
(15898) eap: EAP session adding &reply:State = 0x289e91c12b9b8855
(15898)     [eap] = handled
(15898)   } # authenticate = handled
(15898) Using Post-Auth-Type Challenge
(15898) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15898)   Challenge { ... } # empty sub-section is ignored
(15898) Sent Access-Challenge Id 14 from 10.80.9.2:1812 to 10.80.10.100:54194 length 0
(15898)   EAP-Message = 0x010503e819408380a71bab0239f85557faae3cbcbf0597aadd273175371ffebf023dcb7e60f4e5817d2158ab304f96166d090c2d0004b8308204b43082039ca00302010202142dc00f81e7d5149544d5c87d0fece93eeb1bacd1300d06092a864886f70d01010b0500307d310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673110300e06035504030c07526f6f74204341301e170d3232303732303135323030345a170d3232303931383135323030345a307d310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673110
(15898)   Message-Authenticator = 0x00000000000000000000000000000000
(15898)   State = 0x289e91c12b9b8855ee3fc9064da4dff1
(15898) Finished request
Waking up in 4.9 seconds.
(15899) Received Access-Request Id 15 from 10.80.10.100:54194 to 10.80.9.2:1812 length 229
(15899)   User-Name = "test12"
(15899)   NAS-IP-Address = 10.80.10.100
(15899)   NAS-Port = 0
(15899)   NAS-Identifier = "10.80.10.159"
(15899)   NAS-Port-Type = Wireless-802.11
(15899)   Calling-Station-Id = "606ee82d9a34"
(15899)   Called-Station-Id = "904c81c63c70"
(15899)   Service-Type = Framed-User
(15899)   Framed-MTU = 1100
(15899)   EAP-Message = 0x020500061900
(15899)   State = 0x289e91c12b9b8855ee3fc9064da4dff1
(15899)   Aruba-Essid-Name = "TEST-SSID"
(15899)   Aruba-Location-Id = "Aruba-AP-5"
(15899)   Aruba-AP-Group = "wi-fi-aruba"
(15899)   Aruba-Device-Type = "Linux"
(15899)   Message-Authenticator = 0xb4ba1bddb32caf486b262a91b02f7267
(15899) session-state: No cached attributes
(15899) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(15899)   authorize {
(15899)     policy filter_username {
(15899)       if (&User-Name) {
(15899)       if (&User-Name)  -> TRUE
(15899)       if (&User-Name)  {
(15899)         if (&User-Name =~ / /) {
(15899)         if (&User-Name =~ / /)  -> FALSE
(15899)         if (&User-Name =~ /@[^@]*@/ ) {
(15899)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15899)         if (&User-Name =~ /\.\./ ) {
(15899)         if (&User-Name =~ /\.\./ )  -> FALSE
(15899)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15899)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15899)         if (&User-Name =~ /\.$/)  {
(15899)         if (&User-Name =~ /\.$/)   -> FALSE
(15899)         if (&User-Name =~ /@\./)  {
(15899)         if (&User-Name =~ /@\./)   -> FALSE
(15899)       } # if (&User-Name)  = notfound
(15899)     } # policy filter_username = notfound
(15899)     [preprocess] = ok
(15899)     [chap] = noop
(15899)     [mschap] = noop
(15899)     [digest] = noop
(15899) suffix: Checking for suffix after "@"
(15899) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15899) suffix: No such realm "NULL"
(15899)     [suffix] = noop
(15899) eap: Peer sent EAP Response (code 2) ID 5 length 6
(15899) eap: Continuing tunnel setup
(15899)     [eap] = ok
(15899)   } # authorize = ok
(15899) Found Auth-Type = eap
(15899) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15899)   authenticate {
(15899) eap: Expiring EAP session with state 0x289e91c12b9b8855
(15899) eap: Finished EAP session with state 0x289e91c12b9b8855
(15899) eap: Previous EAP request found for state 0x289e91c12b9b8855, released from the list
(15899) eap: Peer sent packet with method EAP PEAP (25)
(15899) eap: Calling submodule eap_peap to process data
(15899) eap_peap: Continuing EAP-TLS
(15899) eap_peap: Peer ACKed our handshake fragment
(15899) eap_peap: [eaptls verify] = request
(15899) eap_peap: [eaptls process] = handled
(15899) eap: Sending EAP Request (code 1) ID 6 length 616
(15899) eap: EAP session adding &reply:State = 0x289e91c12c988855
(15899)     [eap] = handled
(15899)   } # authenticate = handled
(15899) Using Post-Auth-Type Challenge
(15899) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15899)   Challenge { ... } # empty sub-section is ignored
(15899) Sent Access-Challenge Id 15 from 10.80.9.2:1812 to 10.80.10.100:54194 length 0
(15899)   EAP-Message = 0x010602681900050003820101005dcea2bb866c37f1d3655e63b1cfc256d495929e4057b989c79938e1c1d9fc9984e63c57b470a9c8eb8717856218dc9f7bce8bbc982016c1a76e5ea563d642b9f7eda66628df5103595cec2b3ad1981bf55cf424aff4355891101915834b30100342e4cd6765d3aaf28e8ebb8600f579968c8437c293bf61a4abf97ade7e196dafa7fe61348c530fb5b6db12e9a82aef91e797b8331417746441b689357ea4805538306d15cb65c2026b0b9b69f8c95206485a986fb093a4ad3740f27e65dc357118be3a2ae6a8aca8b5fd1566a52239c43c33995654dbb1ad93f8ffd0b459c6921860006a780847e6c86547a9dfd205a3c136db3f1862cec9080106cecf9533160303014d0c00014903001741045a769c1cb5e3b8a0ff04fec9be60a8f46461fe4bfa005940fa806308ec4c218572e5bebcad517a1faa500a56de374d50ab5a380047989ae686e1b308837a6fd8080401008d30cd6e5d60a4aa018866b8c5ba59d8022f243cf4b695d5
(15899)   Message-Authenticator = 0x00000000000000000000000000000000
(15899)   State = 0x289e91c12c988855ee3fc9064da4dff1
(15899) Finished request
Waking up in 4.8 seconds.
(15900) Received Access-Request Id 16 from 10.80.10.100:54194 to 10.80.9.2:1812 length 359
(15900)   User-Name = "test12"
(15900)   NAS-IP-Address = 10.80.10.100
(15900)   NAS-Port = 0
(15900)   NAS-Identifier = "10.80.10.159"
(15900)   NAS-Port-Type = Wireless-802.11
(15900)   Calling-Station-Id = "606ee82d9a34"
(15900)   Called-Station-Id = "904c81c63c70"
(15900)   Service-Type = Framed-User
(15900)   Framed-MTU = 1100
(15900)   EAP-Message = 0x0206008819800000007e160303004610000042410447484a7b932cd1d2d24b535cd2e1abb4f00b023385311c034d942b03fb12f12499a8b327ba9daec659966266b7e2fc74820e0df2d78f3037164c890374e33a0f14030300010116030300280000000000000000a78df3082aaf6b7856e4ced0f0537f7130ceaab22faf1d3270258d426e901aae
(15900)   State = 0x289e91c12c988855ee3fc9064da4dff1
(15900)   Aruba-Essid-Name = "TEST-SSID"
(15900)   Aruba-Location-Id = "Aruba-AP-5"
(15900)   Aruba-AP-Group = "wi-fi-aruba"
(15900)   Aruba-Device-Type = "Linux"
(15900)   Message-Authenticator = 0x3d9e9c3e404ab0cebe5b8c32aa33ad5d
(15900) session-state: No cached attributes
(15900) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(15900)   authorize {
(15900)     policy filter_username {
(15900)       if (&User-Name) {
(15900)       if (&User-Name)  -> TRUE
(15900)       if (&User-Name)  {
(15900)         if (&User-Name =~ / /) {
(15900)         if (&User-Name =~ / /)  -> FALSE
(15900)         if (&User-Name =~ /@[^@]*@/ ) {
(15900)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15900)         if (&User-Name =~ /\.\./ ) {
(15900)         if (&User-Name =~ /\.\./ )  -> FALSE
(15900)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15900)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15900)         if (&User-Name =~ /\.$/)  {
(15900)         if (&User-Name =~ /\.$/)   -> FALSE
(15900)         if (&User-Name =~ /@\./)  {
(15900)         if (&User-Name =~ /@\./)   -> FALSE
(15900)       } # if (&User-Name)  = notfound
(15900)     } # policy filter_username = notfound
(15900)     [preprocess] = ok
(15900)     [chap] = noop
(15900)     [mschap] = noop
(15900)     [digest] = noop
(15900) suffix: Checking for suffix after "@"
(15900) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15900) suffix: No such realm "NULL"
(15900)     [suffix] = noop
(15900) eap: Peer sent EAP Response (code 2) ID 6 length 136
(15900) eap: Continuing tunnel setup
(15900)     [eap] = ok
(15900)   } # authorize = ok
(15900) Found Auth-Type = eap
(15900) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15900)   authenticate {
(15900) eap: Expiring EAP session with state 0x289e91c12c988855
(15900) eap: Finished EAP session with state 0x289e91c12c988855
(15900) eap: Previous EAP request found for state 0x289e91c12c988855, released from the list
(15900) eap: Peer sent packet with method EAP PEAP (25)
(15900) eap: Calling submodule eap_peap to process data
(15900) eap_peap: Continuing EAP-TLS
(15900) eap_peap: Peer indicated complete TLS record size will be 126 bytes
(15900) eap_peap: Got complete TLS record (126 bytes)
(15900) eap_peap: [eaptls verify] = length included
(15900) eap_peap: TLS_accept: SSLv3/TLS write server done
(15900) eap_peap: <<< recv TLS 1.2  [length 0046] 
(15900) eap_peap: TLS_accept: SSLv3/TLS read client key exchange
(15900) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec
(15900) eap_peap: <<< recv TLS 1.2  [length 0010] 
(15900) eap_peap: TLS_accept: SSLv3/TLS read finished
(15900) eap_peap: >>> send TLS 1.2  [length 0001] 
(15900) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec
(15900) eap_peap: >>> send TLS 1.2  [length 0010] 
(15900) eap_peap: TLS_accept: SSLv3/TLS write finished
(15900) eap_peap: (other): SSL negotiation finished successfully
(15900) eap_peap: TLS - Connection Established
(15900) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(15900) eap_peap: TLS-Session-Version = "TLS 1.2"
(15900) eap_peap: TLS - got 51 bytes of data
(15900) eap_peap: [eaptls process] = handled
(15900) eap: Sending EAP Request (code 1) ID 7 length 57
(15900) eap: EAP session adding &reply:State = 0x289e91c12d998855
(15900)     [eap] = handled
(15900)   } # authenticate = handled
(15900) Using Post-Auth-Type Challenge
(15900) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15900)   Challenge { ... } # empty sub-section is ignored
(15900) session-state: Saving cached attributes
(15900)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(15900)   TLS-Session-Version = "TLS 1.2"
(15900) Sent Access-Challenge Id 16 from 10.80.9.2:1812 to 10.80.10.100:54194 length 0
(15900)   EAP-Message = 0x010700391900140303000101160303002819c13e2fff220621a335d0669ef6f7905e59188195ebc0d240092475d7576163021c4526ce753c76
(15900)   Message-Authenticator = 0x00000000000000000000000000000000
(15900)   State = 0x289e91c12d998855ee3fc9064da4dff1
(15900) Finished request
Waking up in 4.8 seconds.
(15901) Received Access-Request Id 17 from 10.80.10.100:54194 to 10.80.9.2:1812 length 229
(15901)   User-Name = "test12"
(15901)   NAS-IP-Address = 10.80.10.100
(15901)   NAS-Port = 0
(15901)   NAS-Identifier = "10.80.10.159"
(15901)   NAS-Port-Type = Wireless-802.11
(15901)   Calling-Station-Id = "606ee82d9a34"
(15901)   Called-Station-Id = "904c81c63c70"
(15901)   Service-Type = Framed-User
(15901)   Framed-MTU = 1100
(15901)   EAP-Message = 0x020700061900
(15901)   State = 0x289e91c12d998855ee3fc9064da4dff1
(15901)   Aruba-Essid-Name = "TEST-SSID"
(15901)   Aruba-Location-Id = "Aruba-AP-5"
(15901)   Aruba-AP-Group = "wi-fi-aruba"
(15901)   Aruba-Device-Type = "Linux"
(15901)   Message-Authenticator = 0x06925ed0038a088ba618f0fb68f5ce16
(15901) Restoring &session-state
(15901)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(15901)   &session-state:TLS-Session-Version = "TLS 1.2"
(15901) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(15901)   authorize {
(15901)     policy filter_username {
(15901)       if (&User-Name) {
(15901)       if (&User-Name)  -> TRUE
(15901)       if (&User-Name)  {
(15901)         if (&User-Name =~ / /) {
(15901)         if (&User-Name =~ / /)  -> FALSE
(15901)         if (&User-Name =~ /@[^@]*@/ ) {
(15901)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15901)         if (&User-Name =~ /\.\./ ) {
(15901)         if (&User-Name =~ /\.\./ )  -> FALSE
(15901)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15901)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15901)         if (&User-Name =~ /\.$/)  {
(15901)         if (&User-Name =~ /\.$/)   -> FALSE
(15901)         if (&User-Name =~ /@\./)  {
(15901)         if (&User-Name =~ /@\./)   -> FALSE
(15901)       } # if (&User-Name)  = notfound
(15901)     } # policy filter_username = notfound
(15901)     [preprocess] = ok
(15901)     [chap] = noop
(15901)     [mschap] = noop
(15901)     [digest] = noop
(15901) suffix: Checking for suffix after "@"
(15901) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15901) suffix: No such realm "NULL"
(15901)     [suffix] = noop
(15901) eap: Peer sent EAP Response (code 2) ID 7 length 6
(15901) eap: Continuing tunnel setup
(15901)     [eap] = ok
(15901)   } # authorize = ok
(15901) Found Auth-Type = eap
(15901) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15901)   authenticate {
(15901) eap: Expiring EAP session with state 0x289e91c12d998855
(15901) eap: Finished EAP session with state 0x289e91c12d998855
(15901) eap: Previous EAP request found for state 0x289e91c12d998855, released from the list
(15901) eap: Peer sent packet with method EAP PEAP (25)
(15901) eap: Calling submodule eap_peap to process data
(15901) eap_peap: Continuing EAP-TLS
(15901) eap_peap: Peer ACKed our handshake fragment.  handshake is finished
(15901) eap_peap: [eaptls verify] = success
(15901) eap_peap: [eaptls process] = success
(15901) eap_peap: Session established.  Decoding tunneled attributes
(15901) eap_peap: PEAP state TUNNEL ESTABLISHED
(15901) eap: Sending EAP Request (code 1) ID 8 length 40
(15901) eap: EAP session adding &reply:State = 0x289e91c12e968855
(15901)     [eap] = handled
(15901)   } # authenticate = handled
(15901) Using Post-Auth-Type Challenge
(15901) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15901)   Challenge { ... } # empty sub-section is ignored
(15901) session-state: Saving cached attributes
(15901)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(15901)   TLS-Session-Version = "TLS 1.2"
(15901) Sent Access-Challenge Id 17 from 10.80.9.2:1812 to 10.80.10.100:54194 length 0
(15901)   EAP-Message = 0x010800281900170303001d19c13e2fff220622de4e7225f9b7aa765da3b80f3eb9f1d255753fff00
(15901)   Message-Authenticator = 0x00000000000000000000000000000000
(15901)   State = 0x289e91c12e968855ee3fc9064da4dff1
(15901) Finished request
Waking up in 4.7 seconds.
(15902) Received Access-Request Id 18 from 10.80.10.100:54194 to 10.80.9.2:1812 length 265
(15902)   User-Name = "test12"
(15902)   NAS-IP-Address = 10.80.10.100
(15902)   NAS-Port = 0
(15902)   NAS-Identifier = "10.80.10.159"
(15902)   NAS-Port-Type = Wireless-802.11
(15902)   Calling-Station-Id = "606ee82d9a34"
(15902)   Called-Station-Id = "904c81c63c70"
(15902)   Service-Type = Framed-User
(15902)   Framed-MTU = 1100
(15902)   EAP-Message = 0x0208002a1900170303001f00000000000000011284c0b264680a099d48462559ff66da636779115801c7
(15902)   State = 0x289e91c12e968855ee3fc9064da4dff1
(15902)   Aruba-Essid-Name = "TEST-SSID"
(15902)   Aruba-Location-Id = "Aruba-AP-5"
(15902)   Aruba-AP-Group = "wi-fi-aruba"
(15902)   Aruba-Device-Type = "Linux"
(15902)   Message-Authenticator = 0x2c9a4a2a7790084bb4029be16c541a99
(15902) Restoring &session-state
(15902)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(15902)   &session-state:TLS-Session-Version = "TLS 1.2"
(15902) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(15902)   authorize {
(15902)     policy filter_username {
(15902)       if (&User-Name) {
(15902)       if (&User-Name)  -> TRUE
(15902)       if (&User-Name)  {
(15902)         if (&User-Name =~ / /) {
(15902)         if (&User-Name =~ / /)  -> FALSE
(15902)         if (&User-Name =~ /@[^@]*@/ ) {
(15902)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15902)         if (&User-Name =~ /\.\./ ) {
(15902)         if (&User-Name =~ /\.\./ )  -> FALSE
(15902)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15902)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15902)         if (&User-Name =~ /\.$/)  {
(15902)         if (&User-Name =~ /\.$/)   -> FALSE
(15902)         if (&User-Name =~ /@\./)  {
(15902)         if (&User-Name =~ /@\./)   -> FALSE
(15902)       } # if (&User-Name)  = notfound
(15902)     } # policy filter_username = notfound
(15902)     [preprocess] = ok
(15902)     [chap] = noop
(15902)     [mschap] = noop
(15902)     [digest] = noop
(15902) suffix: Checking for suffix after "@"
(15902) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15902) suffix: No such realm "NULL"
(15902)     [suffix] = noop
(15902) eap: Peer sent EAP Response (code 2) ID 8 length 42
(15902) eap: Continuing tunnel setup
(15902)     [eap] = ok
(15902)   } # authorize = ok
(15902) Found Auth-Type = eap
(15902) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15902)   authenticate {
(15902) eap: Expiring EAP session with state 0x289e91c12e968855
(15902) eap: Finished EAP session with state 0x289e91c12e968855
(15902) eap: Previous EAP request found for state 0x289e91c12e968855, released from the list
(15902) eap: Peer sent packet with method EAP PEAP (25)
(15902) eap: Calling submodule eap_peap to process data
(15902) eap_peap: Continuing EAP-TLS
(15902) eap_peap: [eaptls verify] = ok
(15902) eap_peap: Done initial handshake
(15902) eap_peap: [eaptls process] = ok
(15902) eap_peap: Session established.  Decoding tunneled attributes
(15902) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(15902) eap_peap: Identity - test12
(15902) eap_peap: Got inner identity 'test12'
(15902) eap_peap: Setting default EAP type for tunneled EAP session
(15902) eap_peap: Got tunneled request
(15902) eap_peap:   EAP-Message = 0x0208000b01746573743132
(15902) eap_peap: Setting User-Name to test12
(15902) eap_peap: Sending tunneled request to inner-tunnel
(15902) eap_peap:   EAP-Message = 0x0208000b01746573743132
(15902) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
(15902) eap_peap:   User-Name = "test12"
(15902) Virtual server inner-tunnel received request
(15902)   EAP-Message = 0x0208000b01746573743132
(15902)   FreeRADIUS-Proxied-To = 127.0.0.1
(15902)   User-Name = "test12"
(15902) WARNING: Outer and inner identities are the same.  User privacy is compromised.
(15902) server inner-tunnel {
(15902)   # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(15902)     authorize {
(15902)       policy filter_username {
(15902)         if (&User-Name) {
(15902)         if (&User-Name)  -> TRUE
(15902)         if (&User-Name)  {
(15902)           if (&User-Name =~ / /) {
(15902)           if (&User-Name =~ / /)  -> FALSE
(15902)           if (&User-Name =~ /@[^@]*@/ ) {
(15902)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15902)           if (&User-Name =~ /\.\./ ) {
(15902)           if (&User-Name =~ /\.\./ )  -> FALSE
(15902)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15902)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15902)           if (&User-Name =~ /\.$/)  {
(15902)           if (&User-Name =~ /\.$/)   -> FALSE
(15902)           if (&User-Name =~ /@\./)  {
(15902)           if (&User-Name =~ /@\./)   -> FALSE
(15902)         } # if (&User-Name)  = notfound
(15902)       } # policy filter_username = notfound
(15902)       [chap] = noop
(15902)       [mschap] = noop
(15902) suffix: Checking for suffix after "@"
(15902) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15902) suffix: No such realm "NULL"
(15902)       [suffix] = noop
(15902)       update control {
(15902)         &Proxy-To-Realm := LOCAL
(15902)       } # update control = noop
(15902) eap: Peer sent EAP Response (code 2) ID 8 length 11
(15902) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(15902)       [eap] = ok
(15902)     } # authorize = ok
(15902)   Found Auth-Type = eap
(15902)   # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(15902)     authenticate {
(15902) eap: Peer sent packet with method EAP Identity (1)
(15902) eap: Calling submodule eap_mschapv2 to process data
(15902) eap_mschapv2: Issuing Challenge
(15902) eap: Sending EAP Request (code 1) ID 9 length 43
(15902) eap: EAP session adding &reply:State = 0x7e33b8807e3aa23b
(15902)       [eap] = handled
(15902)     } # authenticate = handled
(15902) } # server inner-tunnel
(15902) Virtual server sending reply
(15902)   EAP-Message = 0x0109002b1a0109002610429c6c01e396762acefc3105c20366e6667265657261646975732d332e302e3230
(15902)   Message-Authenticator = 0x00000000000000000000000000000000
(15902)   State = 0x7e33b8807e3aa23bd4880a649b237942
(15902) eap_peap: Got tunneled reply code 11
(15902) eap_peap:   EAP-Message = 0x0109002b1a0109002610429c6c01e396762acefc3105c20366e6667265657261646975732d332e302e3230
(15902) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(15902) eap_peap:   State = 0x7e33b8807e3aa23bd4880a649b237942
(15902) eap_peap: Got tunneled reply RADIUS code 11
(15902) eap_peap:   EAP-Message = 0x0109002b1a0109002610429c6c01e396762acefc3105c20366e6667265657261646975732d332e302e3230
(15902) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(15902) eap_peap:   State = 0x7e33b8807e3aa23bd4880a649b237942
(15902) eap_peap: Got tunneled Access-Challenge
(15902) eap: Sending EAP Request (code 1) ID 9 length 74
(15902) eap: EAP session adding &reply:State = 0x289e91c12f978855
(15902)     [eap] = handled
(15902)   } # authenticate = handled
(15902) Using Post-Auth-Type Challenge
(15902) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15902)   Challenge { ... } # empty sub-section is ignored
(15902) session-state: Saving cached attributes
(15902)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(15902)   TLS-Session-Version = "TLS 1.2"
(15902) Sent Access-Challenge Id 18 from 10.80.9.2:1812 to 10.80.10.100:54194 length 0
(15902)   EAP-Message = 0x0109004a1900170303003f19c13e2fff2206238a1fddfa73d945dd6949627be3a0c0ffe6a0684fb8c1dd2b456ceab423f60e84bdaf73d7aa702a599ee4814b47b33a1ee491c36e0a7584
(15902)   Message-Authenticator = 0x00000000000000000000000000000000
(15902)   State = 0x289e91c12f978855ee3fc9064da4dff1
(15902) Finished request
Waking up in 4.7 seconds.
(15903) Received Access-Request Id 19 from 10.80.10.100:54194 to 10.80.9.2:1812 length 319
(15903)   User-Name = "test12"
(15903)   NAS-IP-Address = 10.80.10.100
(15903)   NAS-Port = 0
(15903)   NAS-Identifier = "10.80.10.159"
(15903)   NAS-Port-Type = Wireless-802.11
(15903)   Calling-Station-Id = "606ee82d9a34"
(15903)   Called-Station-Id = "904c81c63c70"
(15903)   Service-Type = Framed-User
(15903)   Framed-MTU = 1100
(15903)   EAP-Message = 0x020900601900170303005500000000000000028543f6e3255f6fea8088850354474c668f458aec461ff545516d11c0096cf9adcb3fa34a321c5026b7e548667dfc11ee3bebf2479cb8dbe58b8924f707aad3f1b43dcf90fdb1c74dd60cf59cb5
(15903)   State = 0x289e91c12f978855ee3fc9064da4dff1
(15903)   Aruba-Essid-Name = "TEST-SSID"
(15903)   Aruba-Location-Id = "Aruba-AP-5"
(15903)   Aruba-AP-Group = "wi-fi-aruba"
(15903)   Aruba-Device-Type = "Linux"
(15903)   Message-Authenticator = 0x7a8dcbd0f05e6442e2695144b060992e
(15903) Restoring &session-state
(15903)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(15903)   &session-state:TLS-Session-Version = "TLS 1.2"
(15903) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(15903)   authorize {
(15903)     policy filter_username {
(15903)       if (&User-Name) {
(15903)       if (&User-Name)  -> TRUE
(15903)       if (&User-Name)  {
(15903)         if (&User-Name =~ / /) {
(15903)         if (&User-Name =~ / /)  -> FALSE
(15903)         if (&User-Name =~ /@[^@]*@/ ) {
(15903)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15903)         if (&User-Name =~ /\.\./ ) {
(15903)         if (&User-Name =~ /\.\./ )  -> FALSE
(15903)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15903)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15903)         if (&User-Name =~ /\.$/)  {
(15903)         if (&User-Name =~ /\.$/)   -> FALSE
(15903)         if (&User-Name =~ /@\./)  {
(15903)         if (&User-Name =~ /@\./)   -> FALSE
(15903)       } # if (&User-Name)  = notfound
(15903)     } # policy filter_username = notfound
(15903)     [preprocess] = ok
(15903)     [chap] = noop
(15903)     [mschap] = noop
(15903)     [digest] = noop
(15903) suffix: Checking for suffix after "@"
(15903) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15903) suffix: No such realm "NULL"
(15903)     [suffix] = noop
(15903) eap: Peer sent EAP Response (code 2) ID 9 length 96
(15903) eap: Continuing tunnel setup
(15903)     [eap] = ok
(15903)   } # authorize = ok
(15903) Found Auth-Type = eap
(15903) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15903)   authenticate {
(15903) eap: Expiring EAP session with state 0x7e33b8807e3aa23b
(15903) eap: Finished EAP session with state 0x289e91c12f978855
(15903) eap: Previous EAP request found for state 0x289e91c12f978855, released from the list
(15903) eap: Peer sent packet with method EAP PEAP (25)
(15903) eap: Calling submodule eap_peap to process data
(15903) eap_peap: Continuing EAP-TLS
(15903) eap_peap: [eaptls verify] = ok
(15903) eap_peap: Done initial handshake
(15903) eap_peap: [eaptls process] = ok
(15903) eap_peap: Session established.  Decoding tunneled attributes
(15903) eap_peap: PEAP state phase2
(15903) eap_peap: EAP method MSCHAPv2 (26)
(15903) eap_peap: Got tunneled request
(15903) eap_peap:   EAP-Message = 0x020900411a0209003c31438d8be50c45d72f5946ba7b788ce72200000000000000000bfccac378426204acb770979598b757a4473a2f24cd268400746573743132
(15903) eap_peap: Setting User-Name to test12
(15903) eap_peap: Sending tunneled request to inner-tunnel
(15903) eap_peap:   EAP-Message = 0x020900411a0209003c31438d8be50c45d72f5946ba7b788ce72200000000000000000bfccac378426204acb770979598b757a4473a2f24cd268400746573743132
(15903) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
(15903) eap_peap:   User-Name = "test12"
(15903) eap_peap:   State = 0x7e33b8807e3aa23bd4880a649b237942
(15903) Virtual server inner-tunnel received request
(15903)   EAP-Message = 0x020900411a0209003c31438d8be50c45d72f5946ba7b788ce72200000000000000000bfccac378426204acb770979598b757a4473a2f24cd268400746573743132
(15903)   FreeRADIUS-Proxied-To = 127.0.0.1
(15903)   User-Name = "test12"
(15903)   State = 0x7e33b8807e3aa23bd4880a649b237942
(15903) WARNING: Outer and inner identities are the same.  User privacy is compromised.
(15903) server inner-tunnel {
(15903)   session-state: No cached attributes
(15903)   # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(15903)     authorize {
(15903)       policy filter_username {
(15903)         if (&User-Name) {
(15903)         if (&User-Name)  -> TRUE
(15903)         if (&User-Name)  {
(15903)           if (&User-Name =~ / /) {
(15903)           if (&User-Name =~ / /)  -> FALSE
(15903)           if (&User-Name =~ /@[^@]*@/ ) {
(15903)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15903)           if (&User-Name =~ /\.\./ ) {
(15903)           if (&User-Name =~ /\.\./ )  -> FALSE
(15903)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15903)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15903)           if (&User-Name =~ /\.$/)  {
(15903)           if (&User-Name =~ /\.$/)   -> FALSE
(15903)           if (&User-Name =~ /@\./)  {
(15903)           if (&User-Name =~ /@\./)   -> FALSE
(15903)         } # if (&User-Name)  = notfound
(15903)       } # policy filter_username = notfound
(15903)       [chap] = noop
(15903)       [mschap] = noop
(15903) suffix: Checking for suffix after "@"
(15903) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15903) suffix: No such realm "NULL"
(15903)       [suffix] = noop
(15903)       update control {
(15903)         &Proxy-To-Realm := LOCAL
(15903)       } # update control = noop
(15903) eap: Peer sent EAP Response (code 2) ID 9 length 65
(15903) eap: No EAP Start, assuming it's an on-going EAP conversation
(15903)       [eap] = updated
(15903)       [files] = noop
(15903) sql: EXPAND %{User-Name}
(15903) sql:    --> test12
(15903) sql: SQL-User-Name set to 'test12'
rlm_sql (sql): Reserved connection (5237)
(15903) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(15903) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test12' ORDER BY id
(15903) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test12' ORDER BY id
(15903) sql: User found in radcheck table
(15903) sql: Conditional check items matched, merging assignment check items
(15903) sql:   Cleartext-Password := "test12"
(15903) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(15903) sql:    --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test12' ORDER BY id
(15903) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test12' ORDER BY id
rlm_sql (sql): Reserved connection (5238)
rlm_sql (sql): Released connection (5238)
(15903) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(15903) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'test12' ORDER BY priority
(15903) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test12' ORDER BY priority
(15903) sql: User found in the group table
(15903) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(15903) sql:    --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15903) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15903) sql: Group "Dynamic Vlan Assigment": Conditional check items matched
(15903) sql: Group "Dynamic Vlan Assigment": Merging assignment check items
(15903) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(15903) sql:    --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15903) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15903) sql: Group "Dynamic Vlan Assigment": Merging reply items
(15903) sql:   Tunnel-Type := VLAN
(15903) sql:   Tunnel-Private-Group-Id := "84"
(15903) sql:   Tunnel-Medium-Type := IEEE-802
(15903) sql:   Aruba-User-Vlan := 4
(15903) sql:   Framed-Protocol = PPP
(15903) sql:   Service-Type = Framed-User
rlm_sql (sql): Released connection (5237)
(15903)       [sql] = ok
(15903)       [expiration] = noop
(15903)       [logintime] = noop
(15903) pap: WARNING: Auth-Type already set.  Not setting to PAP
(15903)       [pap] = noop
(15903)     } # authorize = updated
(15903)   Found Auth-Type = eap
(15903)   # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(15903)     authenticate {
(15903) eap: Expiring EAP session with state 0x7e33b8807e3aa23b
(15903) eap: Finished EAP session with state 0x7e33b8807e3aa23b
(15903) eap: Previous EAP request found for state 0x7e33b8807e3aa23b, released from the list
(15903) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(15903) eap: Calling submodule eap_mschapv2 to process data
(15903) eap_mschapv2: # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(15903) eap_mschapv2:   authenticate {
(15903) mschap: Found Cleartext-Password, hashing to create NT-Password
(15903) mschap: Creating challenge hash with username: test12
(15903) mschap: Client is using MS-CHAPv2
(15903) mschap: Adding MS-CHAPv2 MPPE keys
(15903) eap_mschapv2:     [mschap] = ok
(15903) eap_mschapv2:   } # authenticate = ok
(15903) eap_mschapv2: MSCHAP Success
(15903) eap: Sending EAP Request (code 1) ID 10 length 51
(15903) eap: EAP session adding &reply:State = 0x7e33b8807f39a23b
(15903)       [eap] = handled
(15903)     } # authenticate = handled
(15903) } # server inner-tunnel
(15903) Virtual server sending reply
(15903)   Tunnel-Type = VLAN
(15903)   Tunnel-Private-Group-Id = "84"
(15903)   Tunnel-Medium-Type = IEEE-802
(15903)   Aruba-User-Vlan = 4
(15903)   Framed-Protocol = PPP
(15903)   Service-Type = Framed-User
(15903)   EAP-Message = 0x010a00331a0309002e533d30313242364437413046393831313134313337453638353132443345373944454432443839374431
(15903)   Message-Authenticator = 0x00000000000000000000000000000000
(15903)   State = 0x7e33b8807f39a23bd4880a649b237942
(15903) eap_peap: Got tunneled reply code 11
(15903) eap_peap:   Tunnel-Type = VLAN
(15903) eap_peap:   Tunnel-Private-Group-Id = "84"
(15903) eap_peap:   Tunnel-Medium-Type = IEEE-802
(15903) eap_peap:   Aruba-User-Vlan = 4
(15903) eap_peap:   Framed-Protocol = PPP
(15903) eap_peap:   Service-Type = Framed-User
(15903) eap_peap:   EAP-Message = 0x010a00331a0309002e533d30313242364437413046393831313134313337453638353132443345373944454432443839374431
(15903) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(15903) eap_peap:   State = 0x7e33b8807f39a23bd4880a649b237942
(15903) eap_peap: Got tunneled reply RADIUS code 11
(15903) eap_peap:   Tunnel-Type = VLAN
(15903) eap_peap:   Tunnel-Private-Group-Id = "84"
(15903) eap_peap:   Tunnel-Medium-Type = IEEE-802
(15903) eap_peap:   Aruba-User-Vlan = 4
(15903) eap_peap:   Framed-Protocol = PPP
(15903) eap_peap:   Service-Type = Framed-User
(15903) eap_peap:   EAP-Message = 0x010a00331a0309002e533d30313242364437413046393831313134313337453638353132443345373944454432443839374431
(15903) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(15903) eap_peap:   State = 0x7e33b8807f39a23bd4880a649b237942
(15903) eap_peap: Got tunneled Access-Challenge
(15903) eap: Sending EAP Request (code 1) ID 10 length 82
(15903) eap: EAP session adding &reply:State = 0x289e91c120948855
(15903)     [eap] = handled
(15903)   } # authenticate = handled
(15903) Using Post-Auth-Type Challenge
(15903) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15903)   Challenge { ... } # empty sub-section is ignored
(15903) session-state: Saving cached attributes
(15903)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(15903)   TLS-Session-Version = "TLS 1.2"
(15903) Sent Access-Challenge Id 19 from 10.80.9.2:1812 to 10.80.10.100:54194 length 0
(15903)   EAP-Message = 0x010a00521900170303004719c13e2fff220624798095d1afce280bb0d592ed6c78cae92c888d08cdfe66f496870783feb68249a45da15ffc51884ceea5a864c6a76107d325bf92e527f7f7650e375a908980
(15903)   Message-Authenticator = 0x00000000000000000000000000000000
(15903)   State = 0x289e91c120948855ee3fc9064da4dff1
(15903) Finished request
Waking up in 4.7 seconds.
(15904) Received Access-Request Id 20 from 10.80.10.100:54194 to 10.80.9.2:1812 length 260
(15904)   User-Name = "test12"
(15904)   NAS-IP-Address = 10.80.10.100
(15904)   NAS-Port = 0
(15904)   NAS-Identifier = "10.80.10.159"
(15904)   NAS-Port-Type = Wireless-802.11
(15904)   Calling-Station-Id = "606ee82d9a34"
(15904)   Called-Station-Id = "904c81c63c70"
(15904)   Service-Type = Framed-User
(15904)   Framed-MTU = 1100
(15904)   EAP-Message = 0x020a00251900170303001a0000000000000003938868900849962335a47efe530c2fe42119
(15904)   State = 0x289e91c120948855ee3fc9064da4dff1
(15904)   Aruba-Essid-Name = "TEST-SSID"
(15904)   Aruba-Location-Id = "Aruba-AP-5"
(15904)   Aruba-AP-Group = "wi-fi-aruba"
(15904)   Aruba-Device-Type = "Linux"
(15904)   Message-Authenticator = 0x099ec4c0fbcfeb0cec576111734e7bf3
(15904) Restoring &session-state
(15904)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(15904)   &session-state:TLS-Session-Version = "TLS 1.2"
(15904) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(15904)   authorize {
(15904)     policy filter_username {
(15904)       if (&User-Name) {
(15904)       if (&User-Name)  -> TRUE
(15904)       if (&User-Name)  {
(15904)         if (&User-Name =~ / /) {
(15904)         if (&User-Name =~ / /)  -> FALSE
(15904)         if (&User-Name =~ /@[^@]*@/ ) {
(15904)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15904)         if (&User-Name =~ /\.\./ ) {
(15904)         if (&User-Name =~ /\.\./ )  -> FALSE
(15904)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15904)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15904)         if (&User-Name =~ /\.$/)  {
(15904)         if (&User-Name =~ /\.$/)   -> FALSE
(15904)         if (&User-Name =~ /@\./)  {
(15904)         if (&User-Name =~ /@\./)   -> FALSE
(15904)       } # if (&User-Name)  = notfound
(15904)     } # policy filter_username = notfound
(15904)     [preprocess] = ok
(15904)     [chap] = noop
(15904)     [mschap] = noop
(15904)     [digest] = noop
(15904) suffix: Checking for suffix after "@"
(15904) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15904) suffix: No such realm "NULL"
(15904)     [suffix] = noop
(15904) eap: Peer sent EAP Response (code 2) ID 10 length 37
(15904) eap: Continuing tunnel setup
(15904)     [eap] = ok
(15904)   } # authorize = ok
(15904) Found Auth-Type = eap
(15904) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15904)   authenticate {
(15904) eap: Expiring EAP session with state 0x7e33b8807f39a23b
(15904) eap: Finished EAP session with state 0x289e91c120948855
(15904) eap: Previous EAP request found for state 0x289e91c120948855, released from the list
(15904) eap: Peer sent packet with method EAP PEAP (25)
(15904) eap: Calling submodule eap_peap to process data
(15904) eap_peap: Continuing EAP-TLS
(15904) eap_peap: [eaptls verify] = ok
(15904) eap_peap: Done initial handshake
(15904) eap_peap: [eaptls process] = ok
(15904) eap_peap: Session established.  Decoding tunneled attributes
(15904) eap_peap: PEAP state phase2
(15904) eap_peap: EAP method MSCHAPv2 (26)
(15904) eap_peap: Got tunneled request
(15904) eap_peap:   EAP-Message = 0x020a00061a03
(15904) eap_peap: Setting User-Name to test12
(15904) eap_peap: Sending tunneled request to inner-tunnel
(15904) eap_peap:   EAP-Message = 0x020a00061a03
(15904) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
(15904) eap_peap:   User-Name = "test12"
(15904) eap_peap:   State = 0x7e33b8807f39a23bd4880a649b237942
(15904) Virtual server inner-tunnel received request
(15904)   EAP-Message = 0x020a00061a03
(15904)   FreeRADIUS-Proxied-To = 127.0.0.1
(15904)   User-Name = "test12"
(15904)   State = 0x7e33b8807f39a23bd4880a649b237942
(15904) WARNING: Outer and inner identities are the same.  User privacy is compromised.
(15904) server inner-tunnel {
(15904)   session-state: No cached attributes
(15904)   # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(15904)     authorize {
(15904)       policy filter_username {
(15904)         if (&User-Name) {
(15904)         if (&User-Name)  -> TRUE
(15904)         if (&User-Name)  {
(15904)           if (&User-Name =~ / /) {
(15904)           if (&User-Name =~ / /)  -> FALSE
(15904)           if (&User-Name =~ /@[^@]*@/ ) {
(15904)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15904)           if (&User-Name =~ /\.\./ ) {
(15904)           if (&User-Name =~ /\.\./ )  -> FALSE
(15904)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15904)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15904)           if (&User-Name =~ /\.$/)  {
(15904)           if (&User-Name =~ /\.$/)   -> FALSE
(15904)           if (&User-Name =~ /@\./)  {
(15904)           if (&User-Name =~ /@\./)   -> FALSE
(15904)         } # if (&User-Name)  = notfound
(15904)       } # policy filter_username = notfound
(15904)       [chap] = noop
(15904)       [mschap] = noop
(15904) suffix: Checking for suffix after "@"
(15904) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15904) suffix: No such realm "NULL"
(15904)       [suffix] = noop
(15904)       update control {
(15904)         &Proxy-To-Realm := LOCAL
(15904)       } # update control = noop
(15904) eap: Peer sent EAP Response (code 2) ID 10 length 6
(15904) eap: No EAP Start, assuming it's an on-going EAP conversation
(15904)       [eap] = updated
(15904)       [files] = noop
(15904) sql: EXPAND %{User-Name}
(15904) sql:    --> test12
(15904) sql: SQL-User-Name set to 'test12'
rlm_sql (sql): Reserved connection (5239)
(15904) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(15904) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test12' ORDER BY id
(15904) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test12' ORDER BY id
(15904) sql: User found in radcheck table
(15904) sql: Conditional check items matched, merging assignment check items
(15904) sql:   Cleartext-Password := "test12"
(15904) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(15904) sql:    --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test12' ORDER BY id
(15904) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test12' ORDER BY id
rlm_sql (sql): Reserved connection (5237)
rlm_sql (sql): Released connection (5237)
(15904) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(15904) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'test12' ORDER BY priority
(15904) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test12' ORDER BY priority
(15904) sql: User found in the group table
(15904) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(15904) sql:    --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15904) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15904) sql: Group "Dynamic Vlan Assigment": Conditional check items matched
(15904) sql: Group "Dynamic Vlan Assigment": Merging assignment check items
(15904) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(15904) sql:    --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15904) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Dynamic Vlan Assigment' ORDER BY id
(15904) sql: Group "Dynamic Vlan Assigment": Merging reply items
(15904) sql:   Tunnel-Type := VLAN
(15904) sql:   Tunnel-Private-Group-Id := "84"
(15904) sql:   Tunnel-Medium-Type := IEEE-802
(15904) sql:   Aruba-User-Vlan := 4
(15904) sql:   Framed-Protocol = PPP
(15904) sql:   Service-Type = Framed-User
rlm_sql (sql): Released connection (5239)
(15904)       [sql] = ok
(15904)       [expiration] = noop
(15904)       [logintime] = noop
(15904) pap: WARNING: Auth-Type already set.  Not setting to PAP
(15904)       [pap] = noop
(15904)     } # authorize = updated
(15904)   Found Auth-Type = eap
(15904)   # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(15904)     authenticate {
(15904) eap: Expiring EAP session with state 0x7e33b8807f39a23b
(15904) eap: Finished EAP session with state 0x7e33b8807f39a23b
(15904) eap: Previous EAP request found for state 0x7e33b8807f39a23b, released from the list
(15904) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(15904) eap: Calling submodule eap_mschapv2 to process data
(15904) eap: Sending EAP Success (code 3) ID 10 length 4
(15904) eap: Freeing handler
(15904)       [eap] = ok
(15904)     } # authenticate = ok
(15904)   # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(15904)     post-auth {
(15904) sql: EXPAND .query
(15904) sql:    --> .query
(15904) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (5238)
(15904) sql: EXPAND %{User-Name}
(15904) sql:    --> test12
(15904) sql: SQL-User-Name set to 'test12'
(15904) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(15904) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test12', '', 'Access-Accept', '2022-08-03 11:18:07')
(15904) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test12', '', 'Access-Accept', '2022-08-03 11:18:07')
(15904) sql: SQL query returned: success
(15904) sql: 1 record(s) updated
rlm_sql (sql): Released connection (5238)
(15904)       [sql] = ok
(15904)       if (0) {
(15904)       if (0)  -> FALSE
(15904)     } # post-auth = ok
(15904) } # server inner-tunnel
(15904) Virtual server sending reply
(15904)   Tunnel-Type = VLAN
(15904)   Tunnel-Private-Group-Id = "84"
(15904)   Tunnel-Medium-Type = IEEE-802
(15904)   Aruba-User-Vlan = 4
(15904)   Framed-Protocol = PPP
(15904)   Service-Type = Framed-User
(15904)   MS-MPPE-Encryption-Policy = Encryption-Allowed
(15904)   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(15904)   MS-MPPE-Send-Key = 0x20fabc726bb76c44546ee2b133a5a039
(15904)   MS-MPPE-Recv-Key = 0x9df883f3c8e6f08521cca94374084ebb
(15904)   EAP-Message = 0x030a0004
(15904)   Message-Authenticator = 0x00000000000000000000000000000000
(15904)   User-Name = "test12"
(15904) eap_peap: Got tunneled reply code 2
(15904) eap_peap:   Tunnel-Type = VLAN
(15904) eap_peap:   Tunnel-Private-Group-Id = "84"
(15904) eap_peap:   Tunnel-Medium-Type = IEEE-802
(15904) eap_peap:   Aruba-User-Vlan = 4
(15904) eap_peap:   Framed-Protocol = PPP
(15904) eap_peap:   Service-Type = Framed-User
(15904) eap_peap:   MS-MPPE-Encryption-Policy = Encryption-Allowed
(15904) eap_peap:   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(15904) eap_peap:   MS-MPPE-Send-Key = 0x20fabc726bb76c44546ee2b133a5a039
(15904) eap_peap:   MS-MPPE-Recv-Key = 0x9df883f3c8e6f08521cca94374084ebb
(15904) eap_peap:   EAP-Message = 0x030a0004
(15904) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(15904) eap_peap:   User-Name = "test12"
(15904) eap_peap: Got tunneled reply RADIUS code 2
(15904) eap_peap:   Tunnel-Type = VLAN
(15904) eap_peap:   Tunnel-Private-Group-Id = "84"
(15904) eap_peap:   Tunnel-Medium-Type = IEEE-802
(15904) eap_peap:   Aruba-User-Vlan = 4
(15904) eap_peap:   Framed-Protocol = PPP
(15904) eap_peap:   Service-Type = Framed-User
(15904) eap_peap:   MS-MPPE-Encryption-Policy = Encryption-Allowed
(15904) eap_peap:   MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(15904) eap_peap:   MS-MPPE-Send-Key = 0x20fabc726bb76c44546ee2b133a5a039
(15904) eap_peap:   MS-MPPE-Recv-Key = 0x9df883f3c8e6f08521cca94374084ebb
(15904) eap_peap:   EAP-Message = 0x030a0004
(15904) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(15904) eap_peap:   User-Name = "test12"
(15904) eap_peap: Tunneled authentication was successful
(15904) eap_peap: SUCCESS
(15904) eap: Sending EAP Request (code 1) ID 11 length 46
(15904) eap: EAP session adding &reply:State = 0x289e91c121958855
(15904)     [eap] = handled
(15904)   } # authenticate = handled
(15904) Using Post-Auth-Type Challenge
(15904) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15904)   Challenge { ... } # empty sub-section is ignored
(15904) session-state: Saving cached attributes
(15904)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(15904)   TLS-Session-Version = "TLS 1.2"
(15904) Sent Access-Challenge Id 20 from 10.80.9.2:1812 to 10.80.10.100:54194 length 0
(15904)   EAP-Message = 0x010b002e1900170303002319c13e2fff220625d6b8b0b6b94062c0f3475d5799d0803a4427e0e95c03753c74e606
(15904)   Message-Authenticator = 0x00000000000000000000000000000000
(15904)   State = 0x289e91c121958855ee3fc9064da4dff1
(15904) Finished request
Waking up in 4.6 seconds.
(15905) Received Access-Request Id 21 from 10.80.10.100:54194 to 10.80.9.2:1812 length 269
(15905)   User-Name = "test12"
(15905)   NAS-IP-Address = 10.80.10.100
(15905)   NAS-Port = 0
(15905)   NAS-Identifier = "10.80.10.159"
(15905)   NAS-Port-Type = Wireless-802.11
(15905)   Calling-Station-Id = "606ee82d9a34"
(15905)   Called-Station-Id = "904c81c63c70"
(15905)   Service-Type = Framed-User
(15905)   Framed-MTU = 1100
(15905)   EAP-Message = 0x020b002e1900170303002300000000000000044bfb68fbf65c531a986b7e76e4afa89c6d06e8060ceb8b81f8da6e
(15905)   State = 0x289e91c121958855ee3fc9064da4dff1
(15905)   Aruba-Essid-Name = "TEST-SSID"
(15905)   Aruba-Location-Id = "Aruba-AP-5"
(15905)   Aruba-AP-Group = "wi-fi-aruba"
(15905)   Aruba-Device-Type = "Linux"
(15905)   Message-Authenticator = 0x31fcc58e9a7bad467fc154c4fd2eb429
(15905) Restoring &session-state
(15905)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(15905)   &session-state:TLS-Session-Version = "TLS 1.2"
(15905) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(15905)   authorize {
(15905)     policy filter_username {
(15905)       if (&User-Name) {
(15905)       if (&User-Name)  -> TRUE
(15905)       if (&User-Name)  {
(15905)         if (&User-Name =~ / /) {
(15905)         if (&User-Name =~ / /)  -> FALSE
(15905)         if (&User-Name =~ /@[^@]*@/ ) {
(15905)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(15905)         if (&User-Name =~ /\.\./ ) {
(15905)         if (&User-Name =~ /\.\./ )  -> FALSE
(15905)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(15905)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(15905)         if (&User-Name =~ /\.$/)  {
(15905)         if (&User-Name =~ /\.$/)   -> FALSE
(15905)         if (&User-Name =~ /@\./)  {
(15905)         if (&User-Name =~ /@\./)   -> FALSE
(15905)       } # if (&User-Name)  = notfound
(15905)     } # policy filter_username = notfound
(15905)     [preprocess] = ok
(15905)     [chap] = noop
(15905)     [mschap] = noop
(15905)     [digest] = noop
(15905) suffix: Checking for suffix after "@"
(15905) suffix: No '@' in User-Name = "test12", looking up realm NULL
(15905) suffix: No such realm "NULL"
(15905)     [suffix] = noop
(15905) eap: Peer sent EAP Response (code 2) ID 11 length 46
(15905) eap: Continuing tunnel setup
(15905)     [eap] = ok
(15905)   } # authorize = ok
(15905) Found Auth-Type = eap
(15905) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(15905)   authenticate {
(15905) eap: Expiring EAP session with state 0x289e91c121958855
(15905) eap: Finished EAP session with state 0x289e91c121958855
(15905) eap: Previous EAP request found for state 0x289e91c121958855, released from the list
(15905) eap: Peer sent packet with method EAP PEAP (25)
(15905) eap: Calling submodule eap_peap to process data
(15905) eap_peap: Continuing EAP-TLS
(15905) eap_peap: [eaptls verify] = ok
(15905) eap_peap: Done initial handshake
(15905) eap_peap: [eaptls process] = ok
(15905) eap_peap: Session established.  Decoding tunneled attributes
(15905) eap_peap: PEAP state send tlv success
(15905) eap_peap: Received EAP-TLV response
(15905) eap_peap: Success
(15905) eap: Sending EAP Success (code 3) ID 11 length 4
(15905) eap: Freeing handler
(15905)     [eap] = ok
(15905)   } # authenticate = ok
(15905) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default
(15905)   post-auth {
(15905)     if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
(15905)     if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name))  -> FALSE
(15905)     update {
(15905)       &reply::TLS-Session-Cipher-Suite += &session-state:TLS-Session-Cipher-Suite[*] -> 'ECDHE-RSA-AES128-GCM-SHA256'
(15905)       &reply::TLS-Session-Version += &session-state:TLS-Session-Version[*] -> 'TLS 1.2'
(15905)     } # update = noop
(15905) sql: EXPAND .query
(15905) sql:    --> .query
(15905) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (5239)
(15905) sql: EXPAND %{User-Name}
(15905) sql:    --> test12
(15905) sql: SQL-User-Name set to 'test12'
(15905) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(15905) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test12', '', 'Access-Accept', '2022-08-03 11:18:07')
(15905) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test12', '', 'Access-Accept', '2022-08-03 11:18:07')
(15905) sql: SQL query returned: success
(15905) sql: 1 record(s) updated
rlm_sql (sql): Released connection (5239)
(15905)     [sql] = ok
(15905)     [exec] = noop
(15905)     policy remove_reply_message_if_eap {
(15905)       if (&reply:EAP-Message && &reply:Reply-Message) {
(15905)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(15905)       else {
(15905)         [noop] = noop
(15905)       } # else = noop
(15905)     } # policy remove_reply_message_if_eap = noop
(15905)   } # post-auth = ok
(15905) Sent Access-Accept Id 21 from 10.80.9.2:1812 to 10.80.10.100:54194 length 0
(15905)   MS-MPPE-Recv-Key = 0xe4910073e6f26f2aa49ad008ee659bc843d078adc9f109c0f1f1842cfcb3df8d
(15905)   MS-MPPE-Send-Key = 0x635e3e1191ec21391f63ce76fe7b2e61c7cff67b6fc79083df69f00b70e4da43
(15905)   EAP-Message = 0x030b0004
(15905)   Message-Authenticator = 0x00000000000000000000000000000000
(15905)   User-Name = "test12"
(15905) Finished request
Waking up in 4.6 seconds.
(15895) Cleaning up request packet ID 11 with timestamp +752665
(15896) Cleaning up request packet ID 12 with timestamp +752666
(15897) Cleaning up request packet ID 13 with timestamp +752666
(15898) Cleaning up request packet ID 14 with timestamp +752666
(15899) Cleaning up request packet ID 15 with timestamp +752666
(15900) Cleaning up request packet ID 16 with timestamp +752666
(15901) Cleaning up request packet ID 17 with timestamp +752666
(15902) Cleaning up request packet ID 18 with timestamp +752666
(15903) Cleaning up request packet ID 19 with timestamp +752666
(15904) Cleaning up request packet ID 20 with timestamp +752666
(15905) Cleaning up request packet ID 21 with timestamp +752666
Ready to process requests

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.