I have a new server giving me fits and I cannot figure out what the heck I did wrong:
FreeRADIUS Version 3.0.0, for host x86_64-unknown-linux-gnu, built on Jul 27 2012 at 08:55:21 Copyright (C) 1999-2012 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/sqlippool including configuration file /usr/local/etc/raddb/sql/postgresql/ippool.conf including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/eap including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/sql including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/rediswho including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/redis including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/dynamic_clients including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/soh including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/opendirectory including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/control-socket including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel main { security { allow_core_dumps = no } } including dictionary file /usr/local/etc/raddb/dictionary main { name = "radiusd" prefix = "/usr/local" localstatedir = "/usr/local/var" sbindir = "/usr/local/sbin" logdir = "/usr/local/var/log/radius" run_dir = "/usr/local/var/run/radiusd" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### realm cueband.com { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" proto = "*" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /usr/local/etc/raddb/modules/eap eap { default_eap_type = "mschapv2" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_pwd Module: Instantiating eap-pwd pwd { group = 19 fragment_size = 1020 server_id = "theser...@example.com" virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { tls = "tls-common" } tls-config tls-common { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" CA_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/usr/local/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/usr/local/etc/raddb/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = yes } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "inner-tunnel" include_length = yes } debug: Using cached TLS configuration from previous invocation Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } debug: Using cached TLS configuration from previous invocation Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/huntgroups" hints = "/usr/local/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_wimax Module: Instantiating module "wimax" from file /usr/local/etc/raddb/modules/wimax wimax { delete_mppe_keys = yes } Module: Linked to module rlm_sql Module: Instantiating module "sql" from file /usr/local/etc/raddb/modules/sql sql { driver = "rlm_sql_mysql" server = "10.50.0.10" port = "" login = "root" password = "unl0ck" radius_db = "radius" read_groups = yes sqltrace = no sqltracefile = "/usr/local/var/log/radius/sqltrace.sql" readclients = yes deletestalesessions = yes sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id" accounting_onoff_query = "UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'" accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" simul_count_query = "" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to root@10.50.0.10:/radius rlm_sql (sql): Initialising connection pool rlm_sql (sql): Processing generate_sql_clients rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): Opening additional connection (0) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Reserved connection (0) rlm_sql (sql): Executing query rlm_sql (sql): Read entry nasname=10.50.4.2,shortname=Geauga AZ0,secret=unl0ck rlm_sql (sql): Adding client 10.50.4.2 (Geauga AZ0, server=<none>) to clients list rlm_sql (sql): Read entry nasname=10.50.3.2,shortname=Geauga AZ120,secret=unl0ck rlm_sql (sql): Adding client 10.50.3.2 (Geauga AZ120, server=<none>) to clients list rlm_sql (sql): Read entry nasname=10.50.2.2,shortname=Geauga AZ240,secret=unl0ck rlm_sql (sql): Adding client 10.50.2.2 (Geauga AZ240, server=<none>) to clients list rlm_sql (sql): Released connection (0) rlm_sql (sql): Closing idle connection (0): Too many free connections (1 > 0) rlm_sql (sql): Closing connection (0) Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /usr/local/etc/raddb/modules/detail detail { detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_sql_log Module: Instantiating module "sql_log" from file /usr/local/etc/raddb/modules/sql_log sql_log { path = "/usr/local/var/log/radius/radacct/sql-relay" Post-Auth = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S');" sql_user_name = "%{%{User-Name}:-DEFAULT}" utf8 = no safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/usr/local/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/usr/local/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 max_pps = 0 } listen { type = "acct" ipaddr = * port = 0 max_pps = 0 } listen { type = "control" listen { socket = "/usr/local/var/run/radiusd/radiusd.sock" } } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Opening new proxy address * port 1814 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=10, length=274 User-Name = "{am=1}{sm=1}396139fca3777664ee26c1ec0fffb...@cueband.com" NAS-IP-Address = 10.50.4.2 NAS-Port-Type = Wireless-802.16 NAS-Port = 1 Calling-Station-Id = "\254\201\022\027\217\352" NAS-Identifier = "010010010000032000" WiMAX-GMT-Timezone-offset = 0 Framed-MTU = 1490 Service-Type = Framed-User WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-BS-Id = 0x303130303130303130303030303332303030 EAP-Message = 0x0201003d017b616d3d317d7b736d3d317d3339363133394643413337373736363445453236 4331454330464646424646324063756562616e642e636f6d Message-Authenticator = 0xd3e9283d07c41fc0d964b697a06bcbd0 (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (0) group authorize { (0) - entering group authorize {...} (0) [preprocess] = ok (0) [mschap] = noop rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea (0) [wimax] = ok (0) eap : EAP packet type response id 1 length 61 (0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) Found Auth-Type = EAP (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (0) group authenticate { (0) - entering group authenticate {...} (0) eap : EAP Identity (0) eap : processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge (0) [eap] = handled Sending Access-Challenge of id 10 to 10.50.4.2 port 49154 EAP-Message = 0x010200521a0102004d10e477a9dde07ba9f3550c4c7c181cd79d7b616d3d317d7b736d3d31 7d33393631333946434133373737363634454532364331454330464646424646324063756562 616e642e636f6d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x534198ee534382198a827a734ef513ce (0) Finished request 0. Waking up in 0.3 seconds. Waking up in 4.6 seconds. (0) Cleaning up request packet ID 10 with timestamp +4 Ready to process requests. rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=11, length=274 User-Name = "{am=1}{sm=1}facfd4b7eba428d1fa794025e47ca...@cueband.com" NAS-IP-Address = 10.50.4.2 NAS-Port-Type = Wireless-802.16 NAS-Port = 1 Calling-Station-Id = "\254\201\022\027\217\352" NAS-Identifier = "010010010000032000" WiMAX-GMT-Timezone-offset = 0 Framed-MTU = 1490 Service-Type = Framed-User WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-BS-Id = 0x303130303130303130303030303332303030 EAP-Message = 0x0201003d017b616d3d317d7b736d3d317d4641434644344237454241343238443146413739 3430323545343743413446354063756562616e642e636f6d Message-Authenticator = 0x8822db580daa6714b72a1b28a3d08079 (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (1) group authorize { (1) - entering group authorize {...} (1) [preprocess] = ok (1) [mschap] = noop rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea (1) [wimax] = ok (1) eap : EAP packet type response id 1 length 61 (1) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (1) [eap] = ok (1) Found Auth-Type = EAP (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (1) group authenticate { (1) - entering group authenticate {...} (1) eap : EAP Identity (1) eap : processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge (1) [eap] = handled Sending Access-Challenge of id 11 to 10.50.4.2 port 49154 EAP-Message = 0x010200521a0102004d1022f39aa355b7811088ab8a1bc0b211007b616d3d317d7b736d3d31 7d46414346443442374542413432384431464137393430323545343743413446354063756562 616e642e636f6d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x03a9feba03abe4620c7aa45ec6c0be35 (1) Finished request 1. Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=12, length=237 User-Name = "{am=1}{sm=1}facfd4b7eba428d1fa794025e47ca...@cueband.com" NAS-IP-Address = 10.50.4.2 NAS-Port-Type = Wireless-802.16 NAS-Port = 1 Calling-Station-Id = "\254\201\022\027\217\352" NAS-Identifier = "010010010000032000" WiMAX-GMT-Timezone-offset = 0 Framed-MTU = 1490 Service-Type = Framed-User State = 0x03a9feba03abe4620c7aa45ec6c0be35 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-BS-Id = 0x303130303130303130303030303332303030 EAP-Message = 0x020200060315 Message-Authenticator = 0x88fbeb571ec0612d6935910202c5f3cd (2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (2) group authorize { (2) - entering group authorize {...} (2) [preprocess] = ok (2) [mschap] = noop rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea (2) [wimax] = ok (2) eap : EAP packet type response id 2 length 6 (2) eap : No EAP Start, assuming it's an on-going EAP conversation (2) [eap] = updated (2) sql : expand: %{User-Name} -> {am=1}{sm=1}facfd4b7eba428d1fa794025e47ca...@cueband.com (2) sql : sql_set_user escaped user --> '{am=1}{sm=1}facfd4b7eba428d1fa794025e47ca...@cueband.com' rlm_sql (sql): Opening additional connection (1) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Reserved connection (1) (2) sql : expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '=7Bam=3D1=7D=7Bsm=3D1=7dfacfd4b7eba428d1fa794025e47ca...@cueband.com' ORDER BY id rlm_sql (sql): Executing query (2) sql : expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '=7Bam=3D1=7D=7Bsm=3D1=7dfacfd4b7eba428d1fa794025e47ca...@cueband.com' ORDER BY priority rlm_sql (sql): Executing query rlm_sql (sql): Released connection (1) rlm_sql (sql): Closing idle connection (1): Too many free connections (1 > 0) rlm_sql (sql): Closing connection (1) (2) sql : User {am=1}{sm=1}facfd4b7eba428d1fa794025e47ca...@cueband.com not found (2) [sql] = notfound (2) [expiration] = noop (2) [logintime] = noop (2) Found Auth-Type = EAP (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (2) group authenticate { (2) - entering group authenticate {...} (2) eap : Request found, released from the list (2) eap : EAP NAK (2) eap : EAP-NAK asked for EAP-Type/ttls (2) eap : processing type ttls (2) ttls : Flushing SSL sessions (of #0) (2) ttls : Initiate (2) ttls : Start returned 1 (2) [eap] = handled Sending Access-Challenge of id 12 to 10.50.4.2 port 49154 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x03a9feba02aaeb620c7aa45ec6c0be35 (2) Finished request 2. Waking up in 0.2 seconds. Waking up in 4.5 seconds. (1) Cleaning up request packet ID 11 with timestamp +19 (2) Cleaning up request packet ID 12 with timestamp +19 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x03a9feba02aaeb62 did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ready to process requests. rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=13, length=274 User-Name = "{am=1}{sm=1}94a435643c002da3e54f3d9779c1f...@cueband.com" NAS-IP-Address = 10.50.4.2 NAS-Port-Type = Wireless-802.16 NAS-Port = 1 Calling-Station-Id = "\254\201\022\027\217\352" NAS-Identifier = "010010010000032000" WiMAX-GMT-Timezone-offset = 0 Framed-MTU = 1490 Service-Type = Framed-User WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-BS-Id = 0x303130303130303130303030303332303030 EAP-Message = 0x0201003d017b616d3d317d7b736d3d317d3934413433353634334330303244413345353446 3344393737394331464537304063756562616e642e636f6d Message-Authenticator = 0x3ddf39952f63cae6374be72419a86f1e (3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (3) group authorize { (3) - entering group authorize {...} (3) [preprocess] = ok (3) [mschap] = noop rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea (3) [wimax] = ok (3) eap : EAP packet type response id 1 length 61 (3) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (3) [eap] = ok (3) Found Auth-Type = EAP (3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (3) group authenticate { (3) - entering group authenticate {...} (3) eap : EAP Identity (3) eap : processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge (3) [eap] = handled Sending Access-Challenge of id 13 to 10.50.4.2 port 49154 EAP-Message = 0x010200521a0102004d10bb0df969f618f1ce068b882685a6b16f7b616d3d317d7b736d3d31 7d39344134333536343343303032444133453534463344393737394331464537304063756562 616e642e636f6d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1952930c19508927ccef9d983eb1b684 (3) Finished request 3. Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=14, length=237 User-Name = "{am=1}{sm=1}94a435643c002da3e54f3d9779c1f...@cueband.com" NAS-IP-Address = 10.50.4.2 NAS-Port-Type = Wireless-802.16 NAS-Port = 1 Calling-Station-Id = "\254\201\022\027\217\352" NAS-Identifier = "010010010000032000" WiMAX-GMT-Timezone-offset = 0 Framed-MTU = 1490 Service-Type = Framed-User State = 0x1952930c19508927ccef9d983eb1b684 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-BS-Id = 0x303130303130303130303030303332303030 EAP-Message = 0x020200060315 Message-Authenticator = 0xdf93d27137571334ab88b524c3a48c2e (4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (4) group authorize { (4) - entering group authorize {...} (4) [preprocess] = ok (4) [mschap] = noop rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea (4) [wimax] = ok (4) eap : EAP packet type response id 2 length 6 (4) eap : No EAP Start, assuming it's an on-going EAP conversation (4) [eap] = updated (4) sql : expand: %{User-Name} -> {am=1}{sm=1}94a435643c002da3e54f3d9779c1f...@cueband.com (4) sql : sql_set_user escaped user --> '{am=1}{sm=1}94a435643c002da3e54f3d9779c1f...@cueband.com' rlm_sql (sql): Opening additional connection (2) rlm_sql_mysql: Starting connect to MySQL server rlm_sql (sql): Reserved connection (2) (4) sql : expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '=7Bam=3D1=7D=7Bsm=3D1=7d94a435643c002da3e54f3d9779c1f...@cueband.com' ORDER BY id rlm_sql (sql): Executing query (4) sql : expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '=7Bam=3D1=7D=7Bsm=3D1=7d94a435643c002da3e54f3d9779c1f...@cueband.com' ORDER BY priority rlm_sql (sql): Executing query rlm_sql (sql): Released connection (2) rlm_sql (sql): Closing idle connection (2): Too many free connections (1 > 0) rlm_sql (sql): Closing connection (2) (4) sql : User {am=1}{sm=1}94a435643c002da3e54f3d9779c1f...@cueband.com not found (4) [sql] = notfound (4) [expiration] = noop (4) [logintime] = noop (4) Found Auth-Type = EAP (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (4) group authenticate { (4) - entering group authenticate {...} (4) eap : Request found, released from the list (4) eap : EAP NAK (4) eap : EAP-NAK asked for EAP-Type/ttls (4) eap : processing type ttls (4) ttls : Initiate (4) ttls : Start returned 1 (4) [eap] = handled Sending Access-Challenge of id 14 to 10.50.4.2 port 49154 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1952930c18518627ccef9d983eb1b684 (4) Finished request 4. Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=15, length=319 User-Name = "{am=1}{sm=1}94a435643c002da3e54f3d9779c1f...@cueband.com" NAS-IP-Address = 10.50.4.2 NAS-Port-Type = Wireless-802.16 NAS-Port = 1 Calling-Station-Id = "\254\201\022\027\217\352" NAS-Identifier = "010010010000032000" WiMAX-GMT-Timezone-offset = 0 Framed-MTU = 1490 Service-Type = Framed-User State = 0x1952930c18518627ccef9d983eb1b684 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-BS-Id = 0x303130303130303130303030303332303030 EAP-Message = 0x0203005815800000004e16030100490100004503014e4a68271cb3efd28c7ffd6cb2d5a69e 02c7835c4f6293c615d9eced05ab3a1700001e00390038003500160013000a00330032002f00 15001200090014001100080100 Message-Authenticator = 0x94c9d5d50fa8ae9231510126cdcbd0a8 (5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (5) group authorize { (5) - entering group authorize {...} (5) [preprocess] = ok (5) [mschap] = noop rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea (5) [wimax] = ok (5) eap : EAP packet type response id 3 length 88 (5) eap : Continuing tunnel setup. (5) [eap] = ok (5) Found Auth-Type = EAP (5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (5) group authenticate { (5) - entering group authenticate {...} (5) eap : Request found, released from the list (5) eap : EAP/ttls (5) eap : processing type ttls (5) ttls : Authenticate (5) ttls : processing EAP-TLS TLS Length 78 (5) ttls : Length Included (5) ttls : eaptls_verify returned 11 (5) ttls : (other): before/accept initialization (5) ttls : TLS_accept: before/accept initialization (5) ttls : <<< TLS 1.0 Handshake [length 0049], ClientHello (5) ttls : TLS_accept: SSLv3 read client hello A (5) ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello (5) ttls : TLS_accept: SSLv3 write server hello A (5) ttls : >>> TLS 1.0 Handshake [length 085e], Certificate (5) ttls : TLS_accept: SSLv3 write certificate A (5) ttls : >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange (5) ttls : TLS_accept: SSLv3 write key exchange A (5) ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone (5) ttls : TLS_accept: SSLv3 write server done A (5) ttls : TLS_accept: SSLv3 flush data (5) ttls : TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode (5) ttls : eaptls_process returned 13 (5) [eap] = handled Sending Access-Challenge of id 15 to 10.50.4.2 port 49154 EAP-Message = 0x010403ec15c000000acd160301004a0200004603015012ea53cce022a5de5d29899ab62086 5e0b6e626f469622254c0e50eb26ce08204cf09e9c9f327a21bd3f49610525905b42346e067b 3d1f254b14331103397e81003900160301085e0b00085a0008570003a6308203a23082028aa0 03020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652 310f300d060355040813065261646975733112301006035504071309536f6d65776865726531 153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116 1161646d696e406578616d706c652e636f6d3126302406035504 EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31 32303732373132353731395a170d3133303732373132353731395a307c310b30090603550406 13024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c 6520496e632e312330210603550403131a4578616d706c652053657276657220436572746966 69636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f 6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100be15f401 8757bc2f4b8f997f0a1e9d1ca5dc41fcfd0eb2b787eee7a3ebe5 EAP-Message = 0x21573525464944eab09b4ffe0337dcbd756fb653290d7665b5fd49130292b9398948b72fc7 10eda687e3fefb84f601a95504c4da1b4b905e13d942af2a415422bf2a7c08ce134b099cd075 bdb85739fbc3e8133fef94631116eb03a78c6b658adf2a244e40e371a74dfd5bcade5f98d0c2 f85e44c1084e012e7ad72a1344aa7600f22c9fe2a90a14d5c52623bd4397bdbfa7a383dfb8f0 23de8e0ccb25c81eabed2d5a8ea3853b9a3afbd538bf3c7fbd2cf48962bef7e3da3924b11892 c7b0c422647fb1a11ca55df5634be49c74b581869d1d9dfb28c982ad07613d51194075d6e502 03010001a317301530130603551d25040c300a06082b06010505 EAP-Message = 0x070301300d06092a864886f70d010105050003820101007f104aa64a39f7411fcc53af2182 ad8801983e5ce15768e9a4adc9fae77d3eb5c37b601ee0481abb014cfaf2c660a1d0711b81b5 0d325fdd1de77e7bea774a879fbbd4127019ce73a86d729f38e75fedbc09f96dfcbf49b824c5 2e7b3d5652a78421afc9caf2c197d0e6c9cd653c5828a12a87d9cc131871b941f8cda86a594b 8e1d08a16d2fa0f8912199d936fb59ac2bf50e0cd8a0390279aac75d04e9619ce5cfd35f6301 f89691b32f904b48a73714e48fe9ac157cd3540167ae31786cd2eb9a598f4941e499ce798c42 748c445ff91c88c423cba1d29ce7f3062ca1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1952930c1b568627ccef9d983eb1b684 (5) Finished request 5. Waking up in 0.1 seconds. rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=16, length=237 User-Name = "{am=1}{sm=1}94a435643c002da3e54f3d9779c1f...@cueband.com" NAS-IP-Address = 10.50.4.2 NAS-Port-Type = Wireless-802.16 NAS-Port = 1 Calling-Station-Id = "\254\201\022\027\217\352" NAS-Identifier = "010010010000032000" WiMAX-GMT-Timezone-offset = 0 Framed-MTU = 1490 Service-Type = Framed-User State = 0x1952930c1b568627ccef9d983eb1b684 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-BS-Id = 0x303130303130303130303030303332303030 EAP-Message = 0x020400061500 Message-Authenticator = 0x50bbf63701339da3751b0969f39e75ff (6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (6) group authorize { (6) - entering group authorize {...} (6) [preprocess] = ok (6) [mschap] = noop rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea (6) [wimax] = ok (6) eap : EAP packet type response id 4 length 6 (6) eap : Continuing tunnel setup. (6) [eap] = ok (6) Found Auth-Type = EAP (6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (6) group authenticate { (6) - entering group authenticate {...} (6) eap : Request found, released from the list (6) eap : EAP/ttls (6) eap : processing type ttls (6) ttls : Authenticate (6) ttls : processing EAP-TLS (6) ttls : Received TLS ACK (6) ttls : Received TLS ACK (6) ttls : ACK handshake fragment handler (6) ttls : eaptls_verify returned 1 (6) ttls : eaptls_process returned 13 (6) [eap] = handled Sending Access-Challenge of id 16 to 10.50.4.2 port 49154 EAP-Message = 0x010503ec15c000000acdb86f4a892e7341ac83b4d73f079f9b7bc84f5bf9b2b36de758714f dd1128197b5a840004ab308204a73082038fa0030201020209009f2d7ada256cb590300d0609 2a864886f70d0101050500308193310b3009060355040613024652310f300d06035504081306 5261646975733112301006035504071309536f6d65776865726531153013060355040a130c45 78616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d 706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520 417574686f72697479301e170d3132303732373132353731395a EAP-Message = 0x170d3133303732373132353731395a308193310b3009060355040613024652310f300d0603 55040813065261646975733112301006035504071309536f6d65776865726531153013060355 040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e 406578616d706c652e636f6d312630240603550403131d4578616d706c652043657274696669 6361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f00 3082010a0282010100cfac03ee20e4ce9bdc0bd0a8138dcf8f6dd0a6cc7223212941e9637389 97c7804c8285dc1c6e118a8110d859c9115ac7632a3bf6ce899b EAP-Message = 0xdd5c0ecd12235a8bd509535b9d5a84728637c6e034ceff030ddf41d755fc87ad1573d20de7 9706f928cb3991f3f000c309b268d63517a7152351ddcdb0374c4d425b7dc79aaa54e04b824a e46c96debf4c67eb4f7644dfdd8d1b5f69e4abb512f60ac79b56687c096553bfb607384a82f0 40d00438e4448115ae8000f53994076a1a009b8c39961f200dd05fe6e89c8c694c8989d46e1b 393598a21f2c470b5f73b143730a631b2772402c6081b54f9725963cc2bef9642030ce9b1848 0ba7ef13a68535469f94f5370203010001a381fb3081f8301d0603551d0e041604144eb70ed6 4e9941f34a7066a80dccbede358df58f3081c80603551d230481 EAP-Message = 0xc03081bd80144eb70ed64e9941f34a7066a80dccbede358df58fa18199a48196308193310b 3009060355040613024652310f300d0603550408130652616469757331123010060355040713 09536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06 092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403 131d4578616d706c6520436572746966696361746520417574686f726974798209009f2d7ada 256cb590300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100 35808c266c4978a7eb629101e5d27c6dbb11 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1952930c1a578627ccef9d983eb1b684 (6) Finished request 6. rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=17, length=237 User-Name = "{am=1}{sm=1}94a435643c002da3e54f3d9779c1f...@cueband.com" NAS-IP-Address = 10.50.4.2 NAS-Port-Type = Wireless-802.16 NAS-Port = 1 Calling-Station-Id = "\254\201\022\027\217\352" NAS-Identifier = "010010010000032000" WiMAX-GMT-Timezone-offset = 0 Framed-MTU = 1490 Service-Type = Framed-User State = 0x1952930c1a578627ccef9d983eb1b684 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-BS-Id = 0x303130303130303130303030303332303030 EAP-Message = 0x020500061500 Message-Authenticator = 0xfa070be428a7e0f31c1fb4c68760b4cf (7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (7) group authorize { (7) - entering group authorize {...} (7) [preprocess] = ok (7) [mschap] = noop rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea (7) [wimax] = ok (7) eap : EAP packet type response id 5 length 6 (7) eap : Continuing tunnel setup. (7) [eap] = ok (7) Found Auth-Type = EAP (7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (7) group authenticate { (7) - entering group authenticate {...} (7) eap : Request found, released from the list (7) eap : EAP/ttls (7) eap : processing type ttls (7) ttls : Authenticate (7) ttls : processing EAP-TLS (7) ttls : Received TLS ACK (7) ttls : Received TLS ACK (7) ttls : ACK handshake fragment handler (7) ttls : eaptls_verify returned 1 (7) ttls : eaptls_process returned 13 (7) [eap] = handled Sending Access-Challenge of id 17 to 10.50.4.2 port 49154 EAP-Message = 0x01060313158000000acd58f51ec582b80339e1b6e4840c26464b17b59fd9be0f60822d0d5a ae008d36d7088a20489e421786f0359fd2e268ceafa3bf9c07bbf1c2e9267fdb99690d3d2f13 3235d56cf9583252b353b79cca2c57dbe3ca644f175bb48df9389d3575979cef123841f22597 956732f89380db12983f038ae0d7b7d4cbe8adac83af314936a2c318ea702c17cf0749d916d0 750a5af92a40a8419f9444ba0da4604878fd7094eaddf055aedcf748443c1f293bacd4e4d297 c6f5c6bf09039fdd9f6f570a24532a162a2688be5e16ad62f6050d4091be7d0a5c933c653802 3ac87145d6a53bf81dbb0246e3f745dca39b773e5b160301020d EAP-Message = 0x0c0002090080937241455120e5f86723331c043ae3551d357c209fb557cb58312d1b1583a9 1e018e4955d2f2891568f6490d44dab517976062592a362a6857f2578ef2d1865e469f97f7dc 2b8b1fa0a1fed25aac2ccee0160f3369a80a73d70958c736f3eb6a0d59a74e8414372a5b2963 8a7e74e2875188d3f4280aa8633ac3ecac606c8abb00010200800198b440f8e9d92975289bc5 b020fe363603f57a4d9edf3e3627b137e0c60ba81756694410d0b588f253221c1b09b34d32a8 402a77d2b83eea0fc6551c1ef056f4d7b0db870f4a4fb6fc4a6e140dd6faaca5d1948255fa0f 1dbc352adfa2eb6585b5a2c0ae3dc2a738aa4ee53950dfe1bd40 EAP-Message = 0x368f69b0b921b6e14f7be84725b60100193202fd650f77df635b926ddebc6b0acf680a5ff5 454f8560c920e0ed1437ede5982e783fc5c1ab38cec26a2379ff7595fef27e4db5aee82b9523 31fd604d86daf606276006464defb8b06ff3e76ca02800f4a3401b803dca6ae97459add32448 d59fbd344f8dc8bb6622a97cf8cabfb6f6827eb10c8df775e5ffe8752747eff36249120770dd 48d2c885d7f93caff347d9baad490b640e45240629fc317a4cfae657cec634ac2809f214c984 fff2e9d6d8fff9ca019bf88aa997fd0cdaa3d726c3efa983167f925e3c40be1eeb9a2121b465 605dea0d6371adecf2d270321a2b30d427c848e94a37a00fbeef EAP-Message = 0xab2f2f04cb1feffc067e581402bb2bf5913ea116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1952930c1d548627ccef9d983eb1b684 (7) Finished request 7. Waking up in 4.3 seconds. rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=18, length=439 User-Name = "{am=1}{sm=1}94a435643c002da3e54f3d9779c1f...@cueband.com" NAS-IP-Address = 10.50.4.2 NAS-Port-Type = Wireless-802.16 NAS-Port = 1 Calling-Station-Id = "\254\201\022\027\217\352" NAS-Identifier = "010010010000032000" WiMAX-GMT-Timezone-offset = 0 Framed-MTU = 1490 Service-Type = Framed-User State = 0x1952930c1d548627ccef9d983eb1b684 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-BS-Id = 0x303130303130303130303030303332303030 EAP-Message = 0x020600d01580000000c616030100861000008200804601ed4cea7a4fbf3ea936bb190447aa 79e902f76bd9ca26bf56b5002c860bb7514513debe0262889773db19e9fde0637c596e9f8e95 c758e5572d94b816837ff33624babf64a1e49b10391c78c7d0429098de0483b093fdc72b16e8 efe20271ceb0c635de78bf1d6676197e9132e558accb96c43accde388dc47be89ee22b401403 0100010116030100308113e5ba633d23953215f260177dec8b25a61b3db96c29b3986c88e2c4 ed89e87c5f2bdc224e78ade7702668167ba5a6 Message-Authenticator = 0xf1cb9dcb23d2730fdd71275b451e332d (8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (8) group authorize { (8) - entering group authorize {...} (8) [preprocess] = ok (8) [mschap] = noop rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea (8) [wimax] = ok (8) eap : EAP packet type response id 6 length 208 (8) eap : Continuing tunnel setup. (8) [eap] = ok (8) Found Auth-Type = EAP (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (8) group authenticate { (8) - entering group authenticate {...} (8) eap : Request found, released from the list (8) eap : EAP/ttls (8) eap : processing type ttls (8) ttls : Authenticate (8) ttls : processing EAP-TLS TLS Length 198 (8) ttls : Length Included (8) ttls : eaptls_verify returned 11 (8) ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange (8) ttls : TLS_accept: SSLv3 read client key exchange A (8) ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001] (8) ttls : <<< TLS 1.0 Handshake [length 0010], Finished (8) ttls : TLS_accept: SSLv3 read finished A (8) ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001] (8) ttls : TLS_accept: SSLv3 write change cipher spec A (8) ttls : >>> TLS 1.0 Handshake [length 0010], Finished (8) ttls : TLS_accept: SSLv3 write finished A (8) ttls : TLS_accept: SSLv3 flush data SSL: adding session 4cf09e9c9f327a21bd3f49610525905b42346e067b3d1f254b14331103397e81 to cache (8) ttls : (other): SSL negotiation finished successfully SSL Connection Established (8) ttls : eaptls_process returned 13 (8) [eap] = handled Sending Access-Challenge of id 18 to 10.50.4.2 port 49154 EAP-Message = 0x0107004515800000003b1403010001011603010030570f9a8f3128c5efe3ab40fedb710a6a 98b4a758734a6f041228fc595846a4271cd9fab4385458fcc226338fb0b91a15 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1952930c1c558627ccef9d983eb1b684 (8) Finished request 8. Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=19, length=423 User-Name = "{am=1}{sm=1}94a435643c002da3e54f3d9779c1f...@cueband.com" NAS-IP-Address = 10.50.4.2 NAS-Port-Type = Wireless-802.16 NAS-Port = 1 Calling-Station-Id = "\254\201\022\027\217\352" NAS-Identifier = "010010010000032000" WiMAX-GMT-Timezone-offset = 0 Framed-MTU = 1490 Service-Type = Framed-User State = 0x1952930c1c558627ccef9d983eb1b684 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-BS-Id = 0x303130303130303130303030303332303030 EAP-Message = 0x020700c015001703010020b101f024e95005e369d9c5d192382a8d453c5e51c9af2d15d2a8 b755743b33d3170301009021437256763846c6c051ca099d0357cea3821edb948ba156193791 20f1b97521bb987a775214f1564df6ffbb3f01fd4476a5319bbe7ce4fd1dd8a93abd57cb28b6 b8aed2f37753ede1783589002e0404d1a4247525b941b14d6708f0988df41511758749c51d52 9423167e100ab43bab6991c786266a10f5dd03324930afb09ae3020edcc6a9ac7a77eed51b44 0c88a8 Message-Authenticator = 0xbfaf7a1a3a19e84106b8191119a83fcc (9) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (9) group authorize { (9) - entering group authorize {...} (9) [preprocess] = ok (9) [mschap] = noop rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea (9) [wimax] = ok (9) eap : EAP packet type response id 7 length 192 (9) eap : Continuing tunnel setup. (9) [eap] = ok (9) Found Auth-Type = EAP (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (9) group authenticate { (9) - entering group authenticate {...} (9) eap : Request found, released from the list (9) eap : EAP/ttls (9) eap : processing type ttls (9) ttls : Authenticate (9) ttls : processing EAP-TLS (9) ttls : eaptls_verify returned 7 (9) ttls : Done initial handshake (9) ttls : eaptls_process returned 7 (9) ttls : Session established. Proceeding to decode tunneled attributes. (9) ttls : Tunneled attribute 1 is too short (1 < 12) to contain anything useful. SSL: Removing session 4cf09e9c9f327a21bd3f49610525905b42346e067b3d1f254b14331103397e81 from the cache (9) eap : Handler failed in EAP/ttls (9) eap : Failed in EAP select (9) [eap] = invalid (9) Failed to authenticate the user. (9) Using Post-Auth-Type Reject (9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (9) group REJECT { (9) - entering group REJECT {...} (9) attr_filter.access_reject : expand: %{User-Name} -> {am=1}{sm=1}94a435643c002da3e54f3d9779c1f...@cueband.com (9) attr_filter.access_reject : Matched entry DEFAULT at line 11 (9) [attr_filter.access_reject] = updated (9) Finished request 9. Waking up in 0.2 seconds. Waking up in 0.1 seconds. Waking up in 0.6 seconds. (9) Sending delayed reject Sending Access-Reject of id 19 to 10.50.4.2 port 49154 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 2.3 seconds. (3) Cleaning up request packet ID 13 with timestamp +35 (4) Cleaning up request packet ID 14 with timestamp +35 (5) Cleaning up request packet ID 15 with timestamp +36 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html