FreeBSD Port: freeradius-2.2.0

zi at FreeBSD.org zi at FreeBSD.org
Thu Jan 3 23:38:17 UTC 2013


On (01/03/13 15:17), Magnuson, Steve wrote:
> Hello,
> 
> Please advise if I need to post this elsewhere.  I'm having problems with FreeBSD FreeRADIUS 2.2.0 port segfaulting.
> 

Greetings!

> I've upgraded (using portupgrade) the FreeRADIUS port from 2.1.12 to 2.2.0 and now EAP-TLS clients are causing FreeRADIUS to segfault at the very end of the authentication process. The odd thing is that I upgraded another server from FR 2.1.12 to 2.2.0 and that server authenticates the same clients fine.  Both servers are virtual (VMware) and configured with identical memory, OS, etc.
> 

Can you please rebuild freeradius on the offending server?  Using
portmaster, you would run:

portmaster freeradius\*

Thanks!
-r

> Here are the particulars for *both* servers:
> 
> # uname -a
> FreeBSD wan231s1.wan.lab 9.0-RELEASE-p3 FreeBSD 9.0-RELEASE-p3 #0: Tue Jun 12 01:47:53 UTC 2012     root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
> 
> # pkg_info -r freeradius-2.2.0
> Information for freeradius-2.2.0:
> 
> Depends on:
> Dependency: openssl-1.0.1_4
> Dependency: perl-5.16.2
> Dependency: libltdl-2.4.2
> Dependency: gdbm-1.9.1
> Dependency: libiconv-1.14
> Dependency: gettext-0.18.1.1
> Dependency: python27-2.7.3_5
> 
> The FreeRADIUS port on both servers was build with these config options:
> 
> # make showconfig
> ===> The following configuration options are available for freeradius-2.2.0:
>      DEVELOPER=off: Enable developer options
>      DHCP=off: With DHCP support (EXPERIMENTAL)
>      EDIR=off: Enable eDirectory support (implies LDAP)
>      EXPERIMENTAL=on: Build experimental modules
>      FIREBIRD=off: With Firebird database support (EXPERIMENTAL)
>      HEIMDAL=off: With Heimdal Kerberos support
>      HEIMDAL_PATCH=off: Enhanced Heimdal support (specify SPN/keytab)
>      HEIMDAL_PORT=off: With Heimdal Kerberos from ports
>      KERBEROS=off: Kerberos support
>      LDAP=off: LDAP support
>      MYSQL=off: MySQL database
>      OCI8=off: With Oracle support (currently experimental)
>      PERL=on: Perl scripting language
>      PGSQL=off: PostgreSQL database
>      PYTHON=on: Python bindings
>      RUBY=off: Ruby binding/support
>      UDPFROMTO=off: Compile in UDPFROMTO support
>      UNIXODBC=off: With unixODBC database support
>      USER=on: Run as user freeradius, group freeradius
> ===> Use 'make config' to modify these settings
> 
> When I run radius -X under gdb, the error I get is:
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 28804300 (LWP 101549/radiusd)]
> 0x28489873 in eaptls_gen_mppe_keys (reply_vps=0x28bc4230, s=0x288b7400,
>     prf_label=0x2849a8ff "client EAP encryption") at mppe_keys.c:147
> 147             PRF(s->session->master_key, s->session->master_key_length,
> 
> I cannot figure out why this server exhibits this behavior and the other server does not.  When I portdowngrade back to 2.1.12, the clients authenticate with no problems.
> 
> Any suggestions?
> 
> 
> Full output follows:
> ============================================================
> 
> 
> # gdb /usr/local/sbin/radiusd
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols found)...
> (gdb) run -X
> Starting program: /usr/local/sbin/radiusd -X
> (no debugging symbols found)...(no debugging symbols found)...[New LWP 101549]
> (no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
> (no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
> [New Thread 28804300 (LWP 101549/radiusd)]
> FreeRADIUS Version 2.2.0, for host i386-portbld-freebsd9.0, built on Jan  3 2013 at 20:39:43
> Copyright (C) 1999-2012 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
> Starting - reading configuration files ...
> including configuration file /usr/local/etc/raddb/radiusd.conf
> including configuration file /usr/local/etc/raddb/proxy.conf
> including configuration file /usr/local/etc/raddb/clients.conf
> including files in directory /usr/local/etc/raddb/modules/
> including configuration file /usr/local/etc/raddb/modules/wimax
> including configuration file /usr/local/etc/raddb/modules/always
> including configuration file /usr/local/etc/raddb/modules/attr_filter
> including configuration file /usr/local/etc/raddb/modules/attr_rewrite
> including configuration file /usr/local/etc/raddb/modules/cache
> including configuration file /usr/local/etc/raddb/modules/chap
> including configuration file /usr/local/etc/raddb/modules/checkval
> including configuration file /usr/local/etc/raddb/modules/counter
> including configuration file /usr/local/etc/raddb/modules/cui
> including configuration file /usr/local/etc/raddb/modules/detail
> including configuration file /usr/local/etc/raddb/modules/detail.example.com
> including configuration file /usr/local/etc/raddb/modules/detail.log
> including configuration file /usr/local/etc/raddb/modules/dhcp_sqlippool
> including configuration file /usr/local/etc/raddb/sql/mysql/ippool-dhcp.conf
> including configuration file /usr/local/etc/raddb/modules/digest
> including configuration file /usr/local/etc/raddb/modules/dynamic_clients
> including configuration file /usr/local/etc/raddb/modules/echo
> including configuration file /usr/local/etc/raddb/modules/etc_group
> including configuration file /usr/local/etc/raddb/modules/exec
> including configuration file /usr/local/etc/raddb/modules/expiration
> including configuration file /usr/local/etc/raddb/modules/expr
> including configuration file /usr/local/etc/raddb/modules/files
> including configuration file /usr/local/etc/raddb/modules/inner-eap
> including configuration file /usr/local/etc/raddb/modules/ippool
> including configuration file /usr/local/etc/raddb/modules/krb5
> including configuration file /usr/local/etc/raddb/modules/ldap
> including configuration file /usr/local/etc/raddb/modules/linelog
> including configuration file /usr/local/etc/raddb/modules/otp
> including configuration file /usr/local/etc/raddb/modules/logintime
> including configuration file /usr/local/etc/raddb/modules/mac2ip
> including configuration file /usr/local/etc/raddb/modules/mac2vlan
> including configuration file /usr/local/etc/raddb/modules/mschap
> including configuration file /usr/local/etc/raddb/modules/ntlm_auth
> including configuration file /usr/local/etc/raddb/modules/opendirectory
> including configuration file /usr/local/etc/raddb/modules/pam
> including configuration file /usr/local/etc/raddb/modules/pap
> including configuration file /usr/local/etc/raddb/modules/passwd
> including configuration file /usr/local/etc/raddb/modules/perl
> including configuration file /usr/local/etc/raddb/modules/policy
> including configuration file /usr/local/etc/raddb/modules/preprocess
> including configuration file /usr/local/etc/raddb/modules/radrelay
> including configuration file /usr/local/etc/raddb/modules/radutmp
> including configuration file /usr/local/etc/raddb/modules/realm
> including configuration file /usr/local/etc/raddb/modules/redis
> including configuration file /usr/local/etc/raddb/modules/rediswho
> including configuration file /usr/local/etc/raddb/modules/replicate
> including configuration file /usr/local/etc/raddb/modules/smbpasswd
> including configuration file /usr/local/etc/raddb/modules/smsotp
> including configuration file /usr/local/etc/raddb/modules/soh
> including configuration file /usr/local/etc/raddb/modules/sql_log
> including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
> including configuration file /usr/local/etc/raddb/modules/sradutmp
> including configuration file /usr/local/etc/raddb/modules/unix
> including configuration file /usr/local/etc/raddb/modules/acct_unique
> including configuration file /usr/local/etc/raddb/eap.conf
> including configuration file /usr/local/etc/raddb/policy.conf
> including files in directory /usr/local/etc/raddb/sites-enabled/
> including configuration file /usr/local/etc/raddb/sites-enabled/default
> main {
>         user = "freeradius"
>         group = "freeradius"
>         allow_core_dumps = no
> }
> including dictionary file /usr/local/etc/raddb/dictionary
> main {
>         name = "radiusd"
>         prefix = "/usr/local"
>         localstatedir = "/var"
>         sbindir = "/usr/local/sbin"
>         logdir = "/var/log"
>         run_dir = "/var/run/radiusd"
>         libdir = "/usr/local/lib/freeradius-2.2.0"
>         radacctdir = "/var/log/radacct"
>         hostname_lookups = no
>         max_request_time = 30
>         cleanup_delay = 5
>         max_requests = 1024
>         pidfile = "/var/run/radiusd/radiusd.pid"
>         checkrad = "/usr/local/sbin/checkrad"
>         debug_level = 0
>         proxy_requests = no
>  log {
>         stripped_names = no
>         auth = yes
>         auth_badpass = no
>         auth_goodpass = no
>  }
>  security {
>         max_attributes = 200
>         reject_delay = 1
>         status_server = yes
>  }
> }
> radiusd: #### Loading Realms and Home Servers ####
>  proxy server {
>         retry_delay = 5
>         retry_count = 3
>         default_fallback = no
>         dead_time = 120
>         wake_all_if_all_dead = no
>  }
>  home_server localhost {
>         ipaddr = 127.0.0.1
>         port = 1812
>         type = "auth"
>         secret = "testing123"
>         response_window = 20
>         max_outstanding = 65536
>         require_message_authenticator = yes
>         zombie_period = 40
>         status_check = "status-server"
>         ping_interval = 30
>         check_interval = 30
>         num_answers_to_alive = 3
>         num_pings_to_alive = 3
>         revive_interval = 120
>         status_check_timeout = 4
>   coa {
>         irt = 2
>         mrt = 16
>         mrc = 5
>         mrd = 30
>   }
>  }
>  home_server_pool my_auth_failover {
>         type = fail-over
>         home_server = localhost
>  }
>  realm example.com {
>         auth_pool = my_auth_failover
>  }
>  realm LOCAL {
>  }
> radiusd: #### Loading Clients ####
>  client localhost {
>         ipaddr = 127.0.0.1
>         require_message_authenticator = no
>         secret = "testing123"
>         nastype = "other"
>  }
>  client 10.128.0.100 {
>         require_message_authenticator = no
>         secret = "redacted"
>         shortname = "nms231s1-eapol-test"
>         nastype = "other"
>  }
> radiusd: #### Instantiating modules ####
>  instantiate {
> (no debugging symbols found)... Module: Linked to module rlm_exec
>  Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec
>   exec {
>         wait = no
>         input_pairs = "request"
>         shell_escape = yes
>   }
>  Module: Linked to module rlm_expr
>  Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr
>  Module: Linked to module rlm_expiration
>  Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration
>   expiration {
>         reply-message = "Password Has Expired  "
>   }
>  Module: Linked to module rlm_logintime
>  Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime
>   logintime {
>         reply-message = "You are calling outside your allowed timespan  "
>         minimum-timeout = 60
>   }
>  }
> radiusd: #### Loading Virtual Servers ####
> server { # from file /usr/local/etc/raddb/radiusd.conf
>  modules {
>   Module: Creating Auth-Type = digest
>   Module: Creating Post-Auth-Type = REJECT
>  Module: Checking authenticate {...} for more modules to load
>  Module: Linked to module rlm_pap
>  Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap
>   pap {
>         encryption_scheme = "auto"
>         auto_header = no
>   }
>  Module: Linked to module rlm_chap
>  Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap
>  Module: Linked to module rlm_mschap
>  Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap
>   mschap {
>         use_mppe = yes
>         require_encryption = no
>         require_strong = no
>         with_ntdomain_hack = no
>         allow_retry = yes
>   }
>  Module: Linked to module rlm_digest
>  Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest
>  Module: Linked to module rlm_unix
>  Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix
>   unix {
>         radwtmp = "/var/log/radwtmp"
>   }
>  Module: Linked to module rlm_eap
>  Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf
>   eap {
>         default_eap_type = "tls"
>         timer_expire = 60
>         ignore_unknown_eap_types = no
>         cisco_accounting_username_bug = no
>         max_sessions = 4096
>   }
>  Module: Linked to sub-module rlm_eap_md5
>  Module: Instantiating eap-md5
>  Module: Linked to sub-module rlm_eap_leap
>  Module: Instantiating eap-leap
>  Module: Linked to sub-module rlm_eap_gtc
>  Module: Instantiating eap-gtc
>    gtc {
>         challenge = "Password: "
>         auth_type = "PAP"
>    }
>  Module: Linked to sub-module rlm_eap_tls
>  Module: Instantiating eap-tls
>    tls {
>         rsa_key_exchange = no
>         dh_key_exchange = yes
>         rsa_key_length = 512
>         dh_key_length = 512
>         verify_depth = 0
>         CA_path = "/usr/local/etc/raddb/certs/CA"
>         pem_file_type = yes
>         private_key_file = "/usr/local/etc/raddb/certs/gatelink822-wan231s1_key.pem"
>         certificate_file = "/usr/local/etc/raddb/certs/gatelink822-wan231s1_cert.pem"
>         private_key_password = "redacted"
>         dh_file = "/usr/local/etc/raddb/certs/dh"
>         random_file = "/usr/local/etc/raddb/certs/random"
>         fragment_size = 1024
>         include_length = yes
>         check_crl = no
>         cipher_list = "DEFAULT"
>         make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
>         ecdh_curve = "prime256v1"
>     cache {
>         enable = no
>         lifetime = 24
>         max_entries = 255
>     }
>     verify {
>     }
>     ocsp {
>         enable = no
>         override_cert_url = yes
>         url = "http://127.0.0.1/ocsp/"
>         use_nonce = yes
>         timeout = 0
>         softfail = no
>     }
>    }
>  Module: Linked to sub-module rlm_eap_ttls
>  Module: Instantiating eap-ttls
>    ttls {
>         default_eap_type = "md5"
>         copy_request_to_tunnel = no
>         use_tunneled_reply = no
>         virtual_server = "inner-tunnel"
>         include_length = yes
>    }
>  Module: Linked to sub-module rlm_eap_peap
>  Module: Instantiating eap-peap
>    peap {
>         default_eap_type = "mschapv2"
>         copy_request_to_tunnel = no
>         use_tunneled_reply = no
>         proxy_tunneled_request_as_eap = yes
>         virtual_server = "inner-tunnel"
>         soh = no
>    }
>  Module: Linked to sub-module rlm_eap_mschapv2
>  Module: Instantiating eap-mschapv2
>    mschapv2 {
>         with_ntdomain_hack = no
>         send_error = no
>    }
>  Module: Checking authorize {...} for more modules to load
>  Module: Linked to module rlm_preprocess
>  Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess
>   preprocess {
>         huntgroups = "/usr/local/etc/raddb/huntgroups"
>         hints = "/usr/local/etc/raddb/hints"
>         with_ascend_hack = no
>         ascend_channels_per_line = 23
>         with_ntdomain_hack = no
>         with_specialix_jetstream_hack = no
>         with_cisco_vsa_hack = no
>         with_alvarion_vsa_hack = no
>   }
> reading pairlist file /usr/local/etc/raddb/huntgroups
> reading pairlist file /usr/local/etc/raddb/hints
>  Module: Linked to module rlm_realm
>  Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm
>   realm suffix {
>         format = "suffix"
>         delimiter = "@"
>         ignore_default = no
>         ignore_null = no
>   }
>  Module: Linked to module rlm_files
>  Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files
>   files {
>         usersfile = "/usr/local/etc/raddb/users"
>         acctusersfile = "/usr/local/etc/raddb/acct_users"
>         preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
>         compat = "no"
>   }
> reading pairlist file /usr/local/etc/raddb/users
> reading pairlist file /usr/local/etc/raddb/acct_users
> reading pairlist file /usr/local/etc/raddb/preproxy_users
>  Module: Checking preacct {...} for more modules to load
>  Module: Linked to module rlm_acct_unique
>  Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique
>   acct_unique {
>         key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
>   }
>  Module: Checking accounting {...} for more modules to load
>  Module: Linked to module rlm_detail
>  Module: Instantiating module "detail" from file /usr/local/etc/raddb/modules/detail
>   detail {
>         detailfile = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
>         header = "%t"
>         detailperm = 384
>         dirperm = 493
>         locking = no
>         log_packet_header = no
>   }
>  Module: Linked to module rlm_attr_filter
>  Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_fi                                                                      lter
>   attr_filter attr_filter.accounting_response {
>         attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
>         key = "%{User-Name}"
>         relaxed = no
>   }
> reading pairlist file /usr/local/etc/raddb/attrs.accounting_response
>  Module: Checking session {...} for more modules to load
>  Module: Linked to module rlm_radutmp
>  Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp
>   radutmp {
>         filename = "/var/log/radutmp"
>         username = "%{User-Name}"
>         case_sensitive = yes
>         check_with_nas = yes
>         perm = 384
>         callerid = yes
>   }
>  Module: Checking post-proxy {...} for more modules to load
>  Module: Checking post-auth {...} for more modules to load
>  Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter
>   attr_filter attr_filter.access_reject {
>         attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
>         key = "%{User-Name}"
>         relaxed = no
>   }
> reading pairlist file /usr/local/etc/raddb/attrs.access_reject
>  } # modules
> } # server
> radiusd: #### Opening IP addresses and Ports ####
> listen {
>         type = "auth"
>         ipaddr = *
>         port = 0
> }
> listen {
>         type = "acct"
>         ipaddr = *
>         port = 0
> }
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Ready to process requests.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=0, length=158
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x0200001e014d61696e74656e616e6365436f6e74726f6c446973706c6179
>         Message-Authenticator = 0xad8a60fa6b73d53acb5ce659eff3da36
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 0 length 30
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type tls
> [tls] Requiring client certificate
> [tls] Initiate
> [tls] Start returned 1
> ++[eap] returns handled
> Sending Access-Challenge of id 0 to 10.128.0.100 port 37626
>         EAP-Message = 0x010100060d20
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c87513d316c3a43028be40032ff
> Finished request 0.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=1, length=258
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020100700d00160301006501000061030150e5f39860827a0411cfb562ef8e20af61649f10290355949974                                                                      ed309594e83f00003400390038003500880087008400160013000a00330032002f00450044004100050004001500120009001400110008                                                                      0006000300ff0100000400230000
>         State = 0x513c3c87513d316c3a43028be40032ff
>         Message-Authenticator = 0x0633be04de5c0102ddc9fa927ed47610
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 1 length 112
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] eaptls_verify returned 7
> [tls] Done initial handshake
> [tls]     (other): before/accept initialization
> [tls]     TLS_accept: before/accept initialization
> [tls] <<< TLS 1.0 Handshake [length 0065], ClientHello
> [tls]     TLS_accept: SSLv3 read client hello A
> [tls] >>> TLS 1.0 Handshake [length 0031], ServerHello
> [tls]     TLS_accept: SSLv3 write server hello A
> [tls] >>> TLS 1.0 Handshake [length 1756], Certificate
> [tls]     TLS_accept: SSLv3 write certificate A
> [tls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
> [tls]     TLS_accept: SSLv3 write key exchange A
> [tls] >>> TLS 1.0 Handshake [length 0010], CertificateRequest
> [tls]     TLS_accept: SSLv3 write certificate request A
> [tls]     TLS_accept: SSLv3 flush data
> [tls]     TLS_accept: Need to read more data: SSLv3 read client certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 1 to 10.128.0.100 port 37626
>         EAP-Message = 0x010204000dc0000019b816030100310200002d030150e5f3981aa9077b62c7c34d9eb90bd512eac8348779                                                                      1227b2d8e289befa6edf000039000005ff0100010016030117560b00175200174f000489308204853082036da003020102020a4b426b00                                                                      000100000d22300d06092a864886f70d0101050500305b31133011060a0992268993f22c6401191603636f6d31163014060a0992268993                                                                      f22c6401191606626f65696e6731133011060a0992268993f22c6401191603666c79311730150603550403130e45534444497373756572                                                                      32303438301e170d3132303331343139343732395a170d3134303131383036333331365a308191310b30090603
>         EAP-Message = 0x55040613025553310b30090603550408130257413110300e0603550407130753656174746c65311b301906                                                                      0355040a131254686520426f65696e6720436f6d70616e79311f301d060355040b1316466f72205465737420507572706f736573204f6e                                                                      6c79312530230603550403131c676174656c696e6b3832322e77616e32333173312e77616e2e6c616230820122300d06092a864886f70d                                                                      01010105000382010f003082010a0282010100c175642cacaf0313bb775762d65e844208b24fe044be27d2523ff76cb718dec7f17eb3ee                                                                      320f859c8a03a5d34400a1783e2b543e8398d1785daa255073353c5d13ffa304f26019b8b859368bae5c65d617
>         EAP-Message = 0x93e77241750f6fc8e2ffbff4b8fefbdd0321433512b07d0180c2271de6c5fa9458579163d21f4c26f7ced4                                                                      30868b3c0d344b85a2f5d37adcda8fb477d64b4c0c2a978946081e0e52e47f4ddb0cb82c02f8a704f6f169b46c63f1db7e0403f7e0989d                                                                      73546ddfe6823a83310c68ea5722997a969fa9b0858799de63fab0f941b510fb826d581823ef6f0eb6e59dc96a434f18fa2288574a6de1                                                                      53a979ce2fc2b31e06dbd12bce17213019db711b563d0203010001a38201123082010e301d0603551d0e04160414afc898ac5da8d7db13                                                                      80f5ca855cff669aa3035c300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505
>         EAP-Message = 0x070301301f0603551d230418301680147b3f3d89d72bac972c086ada7233f64a074ea0a1303d0603551d1f                                                                      043630343032a030a02e862c687474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f45534444497373756572323034382e6372                                                                      6c300c0603551d130101ff04023000303d06092b06010401823715070430302e06262b0601040182371508acc31f85e0d61c87dd892487                                                                      e6e83681a1f354814681b4812e84aaae09020164020105301b06092b060104018237150a040e300c300a06082b06010505070301300d06                                                                      092a864886f70d01010505000382010100702d7a1bde789d5af9c5d5ba6afed07c0f23bd794b1e54aa6ac6ed3b
>         EAP-Message = 0x634ee662bd183641cf537132
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c87503e316c3a43028be40032ff
> Finished request 1.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=2, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020200060d00
>         State = 0x513c3c87503e316c3a43028be40032ff
>         Message-Authenticator = 0xb498e0ab471b0fe82149a213e502cc78
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 2 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake fragment handler
> [tls] eaptls_verify returned 1
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 2 to 10.128.0.100 port 37626
>         EAP-Message = 0x010304000dc0000019b8322dbdd1145b65fc9a838c88b38578712aee8672f594dbb51c82d3b2b239171e2b                                                                      c6816740828370ab131a9f6e7cdbc9ce1af59564ab13f6084b2f7dfbc59766edeb710de9be3c3820775d69539962c845f60c47fcaf3c43                                                                      d021eea95f86ab7bfecab3ae917a9d8fa792195be052d27c8e2d7cdd72d743d89cfff56a500f9face99c5563972d19ead292a4ebda615f                                                                      f2c89a07dd30c1c06f25bc476090e077f5a6af2d1e618208bfd018a56abb362b8bce884976f6d3adb093d2eeae7bd59063ae8a868fb1cd                                                                      c19c990d818216e7f1e68c5c7c1495bb1bc800057a308205763082035ea003020102020a61395bb70001000000
>         EAP-Message = 0x0a300d06092a864886f70d0101050500305a31133011060a0992268993f22c6401191603636f6d31163014                                                                      060a0992268993f22c6401191606626f65696e6731133011060a0992268993f22c6401191603666c79311630140603550403130d455344                                                                      44496e74657234303936301e170d3039303131393037303632315a170d3134303131383036333331365a305b31133011060a0992268993                                                                      f22c6401191603636f6d31163014060a0992268993f22c6401191606626f65696e6731133011060a0992268993f22c6401191603666c79                                                                      311730150603550403130e455344444973737565723230343830820122300d06092a864886f70d010101050003
>         EAP-Message = 0x82010f003082010a02820101009ede837e52ce12f2f315c72da8adbaf7828db60d09392a3cf133c5f11a49                                                                      7d7bd90f1e1eddcdb23058de50acad29c809b5036f4ce1b0307609a68c92c47bb3a089b236e8e05e3275170369ab25371f4bc684324ac5                                                                      4ad223a046a4eb84964daaf1c2244edec54b03ef4137634d55afc4e118031d822efd491b7cf9d6530362297ccff6616dfe1f0ebaebaf4f                                                                      84ff9edce03a9189f34ca257ce621e20aeaf539e5f91fcae83e89219e587fde80e5c86666d5fd5fdc364f47ab4bda8b62f6233a18e1ddc                                                                      f109c90234bec8def2d14c026d557b14cd764a677f91c3e5a096bc0f216a6aa60365dad3b4bbe2616ef038a6d2
>         EAP-Message = 0x610bf15597e4fb288472028530c054f10203010001a382013b30820137300f0603551d130101ff04053003                                                                      0101ff301d0603551d0e041604147b3f3d89d72bac972c086ada7233f64a074ea0a1300b0603551d0f040403020186301006092b060104                                                                      01823715010403020101302306092b060104018237150204160414249ba6c4888fd87d96ab95594e6637dd6e25632f301906092b060104                                                                      0182371402040c1e0a00530075006200430041301f0603551d2304183016801443b1f625d530e7f847f0bfcb526b9b4fe1fe72b9303c06                                                                      03551d1f043530333031a02fa02d862b687474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f455344
>         EAP-Message = 0x44496e746572343039362e63
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c87533f316c3a43028be40032ff
> Finished request 2.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=3, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020300060d00
>         State = 0x513c3c87533f316c3a43028be40032ff
>         Message-Authenticator = 0xbfd7afb5cc827e4dfe0e545087c18bdd
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 3 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake fragment handler
> [tls] eaptls_verify returned 1
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 3 to 10.128.0.100 port 37626
>         EAP-Message = 0x010404000dc0000019b8726c304706082b06010505070101043b3039303706082b06010505073002862b68                                                                      7474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f45534444496e746572343039362e637274300d06092a864886f70d010105                                                                      050003820201006bd3c23ef41bc64c3383a89e90f53061c5b5f03e2040ebc07377fedd37e6ea3f8ce247d0459c1889138a0c63c9b5b5b3                                                                      05e8696de327c1658330193d784233a5343e00e03ccce0e77960a69b0f9a547a193d6a6502ec30fe65c6365aab74304517f7fea0ce3a07                                                                      896d13492d59f11ff187aae8d743897f92efa32b18a86a8c02d4e909e17e97417d5c676d546785540ebdf85336
>         EAP-Message = 0x6842f38e66b0d9a00bc6cf2a25777f0def04b8971ebce5b776400e121455288ae22c65c6d23fbcd243a9be                                                                      7182f6969f0d6061dc4f786eb6eb2fbfd89c807c990eb67a595fb2717599cc0262dfe8483f7e4f010c8bf6e8c9e02de0a3ccb594e8a1ee                                                                      52cfd051e13642a34f0325c6c767548c6102d4e4311a37b08d44164afff6a0a67af3f971ad402ee75a8835d5fa76731958078d4b3f483f                                                                      412fbb36b888e5416ec598487402187b049bd80f79fa8d53f6476999c2cf3b82646d2777fd7c6c0ce31b3c330693d78b8960d784840ff1                                                                      0e784e078023b73ad81e0fd6fdc7bf66bf09cf8118d3852613bd4cf23f384191bdd292050490c3bfde93230dba
>         EAP-Message = 0x380f1391aaf299bd7c4288e0758c9132df0250d269f10da91b51fb1cd3238828cfc140f801ba777248759e                                                                      0fdb13e10e08560616d5d7dd7b4cd5a091b28ffba665665648e98da44682f17430ada59a3a4b889250ae64a1d4f112a3a83fab8bcaf308                                                                      087ff97a820a6844c8e64ac929000676308206723082045aa003020102020a611b280600000000000c300d06092a864886f70d01010505                                                                      00305931133011060a0992268993f22c6401191603636f6d31163014060a0992268993f22c6401191606626f65696e6731133011060a09                                                                      92268993f22c6401191603666c79311530130603550403130c45534444526f6f7434303936301e170d30393031
>         EAP-Message = 0x31393036333331365a170d3134303131383036333331365a305a31133011060a0992268993f22c64011916                                                                      03636f6d31163014060a0992268993f22c6401191606626f65696e6731133011060a0992268993f22c6401191603666c79311630140603                                                                      550403130d45534444496e7465723430393630820222300d06092a864886f70d01010105000382020f003082020a02820201009f550e60                                                                      c398442453191759d44c49d10f2a9e1a27f47675f419fe64086a65ff77d075fbbbb7239ca1fd75d1dc0edc36c967a6ea0bd640e7cea54d                                                                      41b0cb877f320f987db51ef21dbad0e6b248c8bc4473b4a39f180bc2b8427c69bfecc87f56d43bceacb6b6fed6
>         EAP-Message = 0x27d3d06b2c391f698a19dcc9
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875238316c3a43028be40032ff
> Finished request 3.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=4, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020400060d00
>         State = 0x513c3c875238316c3a43028be40032ff
>         Message-Authenticator = 0x6fcf451c592fb99c374d0321cdc02af7
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 4 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake fragment handler
> [tls] eaptls_verify returned 1
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 4 to 10.128.0.100 port 37626
>         EAP-Message = 0x010504000dc0000019b818b1a01850edb9a3f1c949732ec57efb446b43e596e64a768bab47d95f225af8d8                                                                      c5ae7de5f79fddcaf339bc7d98ac0d09d0c82360ab3ab9208403293f45606176d518eb96ecd05d09ddce6b4740583074d5f6b4315fd1a1                                                                      599941102a313f6ca1689620d6bc8101088ac513e2d20b333d60617ae64f68af26146da6b94180f0ee7031bd05d03d03abc66ca3b6a283                                                                      21b0e409107c1b867cf999bb1aaca9d29d85295c57b27c29cab526a8da538e6a449f253a44ad71e2d3ac3769fe8c6ce37e1298ff4f96d9                                                                      1f9ccd37d21a763b9e508d11a964dfbe19c6f4a51d2562ef397940ed309f29427f85ade6fc8015e56090fa480b
>         EAP-Message = 0xa5b8225807f6d9804f0812390cea201da3a955473b5f19dfd3223b1341e9e36b72b28c82c75b6c5da59751                                                                      8f2f7b6c9fe052f98590c8c3225ea11c1b2805077251f5ac84fef400f43ad9940338c1b66b158dcf3b31649ce753edbd8b38bda0d50387                                                                      81dc638111474a99a932a144c6b3ac153f1d3d0d61117cd2cb590d424b39e8b3164ef536f1c2860dc7e8889e3ae9412bc0422e5b7923c5                                                                      0203010001a382013930820135300f0603551d130101ff040530030101ff301d0603551d0e0416041443b1f625d530e7f847f0bfcb526b                                                                      9b4fe1fe72b9300b0603551d0f040403020186301006092b06010401823715010403020101302306092b060104
>         EAP-Message = 0x018237150204160414d31f074108cfac5cc47ed111d3a2712f219c9012301906092b060104018237140204                                                                      0c1e0a00530075006200430041301f0603551d230418301680141e4e1c8a14ef89a83391ee997b1cabed3f47eaa6303b0603551d1f0434                                                                      30323030a02ea02c862a687474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f45534444526f6f74343039362e63726c304606                                                                      082b06010505070101043a3038303606082b06010505073002862a687474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f4553                                                                      4444526f6f74343039362e637274300d06092a864886f70d01010505000382020100976a48f45eed37c7312614
>         EAP-Message = 0x76bba7a6b705e7d169a8fbad7b380e5f75f32761bb56e803864ee663cac722b7c1a9ea1d6b2a0c06f952c9                                                                      1e4b7b2d99724f0330cd81d4800cf17842bceeaed7285a45f90879667e3a18f70b3464a3d0d6d514173a98b9678e998b8d9a494cfe9243                                                                      e300c2832a35df610158cd396b1f280db73d94c58709c200b1d702aee8c2a8ebb7b07ff2acbc547bdc9889122128abeaeb1f5750264529                                                                      52e0e9c51292bd2ef1eff30468f418406c0860cd36806e73fc3e13fb5f3cccc7cd8fb934c2f06f94e83a8be6d9985b53b884c8236135e8                                                                      8e63ba8dd36b4708cff97de8f14e4a035a02e9aef78670e90101f725f08e02ea7beaf85acf6e722216671b0074
>         EAP-Message = 0x9643ef995a71e0e0f21dd9f5
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875539316c3a43028be40032ff
> Finished request 4.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=5, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020500060d00
>         State = 0x513c3c875539316c3a43028be40032ff
>         Message-Authenticator = 0x66eccf08ef53f2b5ae2dbbb2933ccbf3
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 5 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake fragment handler
> [tls] eaptls_verify returned 1
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 5 to 10.128.0.100 port 37626
>         EAP-Message = 0x010604000dc0000019b8282ddba71c014fea56097bdf2c60cdc6056d3cea13ba4aae1782860adaebd34a89                                                                      6186d5840355a6e80e91b21bfa283bed2bbb4c67b198e212875081fd305ec7d6d74af01bf6780355aea3a1ee8cd3e506224829321aade7                                                                      c25d915394eb31db8310834e1724d5ca7dfccfff1d18935ddb264b199bda870f3954c4243e82b167acdd96fb2091a99de16a1710007885                                                                      b0f9e045d7bc8ab34af0041db6e8009a20d0ba835517ea46b6e95b6a47b993c8ba1ad606a030f40102b8c02b226bce7e64d4a2a705a08f                                                                      e4c4cb51519be63c4455c0a6e8871658c1f20195a7d7efeecd530454602d8d6ac6cb81540d180006ca308206c6
>         EAP-Message = 0x308204aea003020102021056886f61a89e888c4face278a0aabf44300d06092a864886f70d010105050030                                                                      5931133011060a0992268993f22c6401191603636f6d31163014060a0992268993f22c6401191606626f65696e6731133011060a099226                                                                      8993f22c6401191603666c79311530130603550403130c45534444526f6f7434303936301e170d3037313231373233333632385a170d32                                                                      37313231373233343335395a305931133011060a0992268993f22c6401191603636f6d31163014060a0992268993f22c6401191606626f                                                                      65696e6731133011060a0992268993f22c6401191603666c79311530130603550403130c45534444526f6f7434
>         EAP-Message = 0x30393630820222300d06092a864886f70d01010105000382020f003082020a0282020100a893f9fa5409d6                                                                      8e7a33cfcd03bc0578efac41770a34a84b1d78ba3b554ef6a3b40722737a757b7db9e9e9f24fbb3d065e30a8ff8834e8e0c1b864c8d365                                                                      10289b131150730708492a06254d96761937a485841420ea2a80c539e68e8adac2a5242c0281659c60169a50b6a926be06544eee5901f9                                                                      073377613af43616575be42d8a2fa8184a5bb0740fc13203bbc397b154725415586ae6554dce245015f13b42c85358f46aff90ade72f86                                                                      4789cb9739f179efbaabb0be436bbaeeb6bc8ba42e35497e4f02c0fd47515a6d354553e23ff3c9b4654094f7a1
>         EAP-Message = 0x09e81f95a131b619b94fdeaba656439b470f3f2e4c4679ce6b3b19d3cdc132dda580ef80f98af9ddfdcb50                                                                      d59a335f8bd4de4a3ce7f493fc4a942659b3b35c0f67b7d2e7b21609e9ea84ca7b5bb9f8db4904e7353c8f32a8f04091df845c69df0631                                                                      2eac02e25621f08615ccb20cab61b9703c9150a3a5c13cec3f590a8258950ac680d5c578aa6ccb5f27effdabdeb10d7ff6dc49b4441f6e                                                                      29b88283a446ca910e90c9e6572f595c3476eaf515efe2793ac6d7b7a4891f4c655926fb4e2a76d90d8a8ab6b062aabf7aab2bc6354b1b                                                                      a8161d71ea4b54ab72547e20129f1e7947333165e07900b1b50fb9b482786124dedbe293e98b9386bf666129ea
>         EAP-Message = 0xf95088b9f7ecd25158dc52fd
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c87543a316c3a43028be40032ff
> Finished request 5.
> Going to the next request
> Waking up in 1.9 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=6, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020600060d00
>         State = 0x513c3c87543a316c3a43028be40032ff
>         Message-Authenticator = 0xbf530521aed3b6bee2217fd16706c847
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 6 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake fragment handler
> [tls] eaptls_verify returned 1
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 6 to 10.128.0.100 port 37626
>         EAP-Message = 0x010704000dc0000019b874ad9397665c795e18dbb69521343c7c7cf0c9c79720006e6707bc5fa3cf020301                                                                      0001a382018830820184301306092b060104018237140204061e0400430041300b0603551d0f040403020186300f0603551d130101ff04                                                                      0530030101ff301d0603551d0e041604141e4e1c8a14ef89a83391ee997b1cabed3f47eaa63082011c0603551d1f048201133082010f30                                                                      82010ba0820107a08201038681bf6c6461703a2f2f2f434e3d45534444526f6f74343039362c434e3d706b692d746573742d3738376d2c                                                                      434e3d4344502c434e3d5075626c69632532304b657925323053657276696365732c434e3d5365727669636573
>         EAP-Message = 0x2c434e3d436f6e66696775726174696f6e2c44433d666c792c44433d626f65696e672c44433d636f6d3f63                                                                      657274696669636174655265766f636174696f6e4c6973743f626173653f6f626a656374436c6173733d63524c44697374726962757469                                                                      6f6e506f696e74863f687474703a2f2f706b692d746573742d3738376d2e666c792e626f65696e672e636f6d2f43657274456e726f6c6c                                                                      2f45534444526f6f74343039362e63726c301006092b06010401823715010403020100300d06092a864886f70d01010505000382020100                                                                      89d0fd7533e496888b2ac6b9cedabf4da5fa5c734b99eca89061b28b303050d210ea6b591dfee0c4efc644244a
>         EAP-Message = 0x55b135a226d9597c71f777a1bee950cdc582f70f1afd54ad92a7f9d13b697c2e77777bfe33c5b486af6b82                                                                      2e97d9efdc82a072c3935760378f9faa5be09ac1026c0bf10b3f88bd8b6fb1366829a61ba8496a5f204ba82f88fcc05f8275de0addc828                                                                      7bb6c9e8c931a223475d7b29c414992ab24512048a99033f4a82fd82b68ae58129e7d3c7a4e60e26a8b5591098b9a9cde9fe2a3d17964e                                                                      686d8fccbb897fda38447ddd014fed04c06e4de165ffb3afe93e17a0bd63973b0a261e1eaf839060b716cdb7891fe872a2a45181c88842                                                                      27c94d290a3620ddbfe38a9e2da706250c49ec0413ad0cfb4440b1cf70fbad7668685ccd4146677001b560850e
>         EAP-Message = 0x8eba09cc6280711eb067230a81d461bcde5ceb4c33956460a20303d68d0219f5cc3bef1d14c94f632a9400                                                                      06cf1b90da3e8e37de8440d2079c6a5f4cde66fa9d045d6fcdc04250079b7e1387e0320f40e08d40f013f0d26b22d826a229b1460b64cc                                                                      447a34d86687a297b5fe04865b0fb328cd18d8abfa1ea4b1c58ae57f311567069d521fb42e9918aa3cbf6ca91db5eeae294156426a4249                                                                      cfd6d3750506a3bb8f98b9e5d839b7fd939293fb96483aaa2ff99110fff680e1117cd11c183cfdeb0aa91b26e89043e33d2ef03588b568                                                                      7b47727e3622160301020d0c0002090080dd92a7065d8e5c198f2ac94683f6016182a6c9d6ba13d1c40605fce5
>         EAP-Message = 0x6f7cd0bb7873bf1b9cb9e92f
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c87573b316c3a43028be40032ff
> Finished request 6.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=7, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020700060d00
>         State = 0x513c3c87573b316c3a43028be40032ff
>         Message-Authenticator = 0x06ae2cc57b97003ec0e8eac545dbfb0c
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 7 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake fragment handler
> [tls] eaptls_verify returned 1
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 7 to 10.128.0.100 port 37626
>         EAP-Message = 0x010801fe0d80000019b8544530c61e8a23e3590282c0ebba4fc54b2d29238cb7f36aef2cbab2aec5ba9a45                                                                      71e9c70452124f67982ee113094defee5efa0bccfa2370fbd4ce688f6bc87b7c19984a674679dded04265157ea403bf20afa80f983b843                                                                      00010200805b50c049e7191c5c308f9d08f146209d6e66fda2e79fcde8b3765984ce53e4a99e3c900efaff208fdd7895025afac839f9f8                                                                      e19d69bca8c19aba5618c1536001d26494c8cedfd8c5797fa60619922bf49b071db2088e732b4ce94e73f123a076d2f9b1d128b235a095                                                                      39c98f263dcb092111fb7e1f1638283f6d4b66f8a1315d01000ec6225e068fc52890b70cd59e8cfecf8f4e57ac
>         EAP-Message = 0x8dc359de5994463c15c9e624ef85895cb1da4aa68a7e8a09454fbbdfb4469ba590aafe3672b340e5526ade                                                                      b5186ca5e1e74e7fa38d9d394fa07944f31fb0a1b55e0e5ed92e20b7efdf543921e00a8a8e6a6efd2d90d1ccb35e5e140b97eb81ecc1a9                                                                      9f22c1eecbee017a724ec50bcbc0d89c64e877654f1a689986b1e192560ab2ebc8ca66cb3c3f7f7d97fb3fb5981f4dc7589a8ddf3f4147                                                                      e4c5b98786f2363f23383af6c50533f41c3a393cb68ffd2709816fde6408d945dc32e460918c36297894053fb6ce68f3a6f2fa0476bba5                                                                      9873c0cb03879687b89b2bec3166fabbe01d2d5b3965ba949c63b00016030100100d0000080503040102400000
>         EAP-Message = 0x0e000000
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875634316c3a43028be40032ff
> Finished request 7.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=8, length=1188
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x0208040a0dc00000194c16030117760b00177200176f0004a9308204a53082038da003020102020a3e173b                                                                      a1000100000d47300d06092a864886f70d0101050500305b31133011060a0992268993f22c6401191603636f6d31163014060a09922689                                                                      93f22c6401191606626f65696e6731133011060a0992268993f22c6401191603666c79311730150603550403130e455344444973737565                                                                      7232303438301e170d3132303433303233333030315a170d3134303131383036333331365a3081bf3111300f060355042d130841343033                                                                      36353235311b3019060355040d131243726577576972656c657373446576696365310b30090603550406130255
>         EAP-Message = 0x53313b3039060355040a1e320042004f0045005f00490054004c0020004100690072006c0069006e006500                                                                      7300200043006f002e0020004c00740064002e311f301d060355040b1316466f72205465737420507572706f736573204f6e6c79312230                                                                      20060355040313194d61696e74656e616e6365436f6e74726f6c446973706c617930820122300d06092a864886f70d0101010500038201                                                                      0f003082010a0282010100bb3bcec2944ed1d3fc8ac41562f821490aed9d0f94f8f287c607d8996a2687eb23f6b2ee59b525245e542b78                                                                      6dfd538078617b79923e0d80373a6c3ce49b3e4bedefc10d2f2cb045a7c03b1fe435d96f888cd388c1fa5acab9
>         EAP-Message = 0xd1a2b16fb1058b3ede15cd1be6bab2332201d884e276323a13180df7e56b14337910fc1bb70283e81da756                                                                      c47d934521842fa253f5243a175626324bf3aa886b391cde87206d0549d1d798994c87fa663d6fb76f28eeebe6228dcf30d24a7657c8e3                                                                      2dfea928cc37f4ad1787fc585fd2c0a6a7f600acb2acf5f4bae81dbf5d7fee78e2fa79b6d01d705930e7b6672a31e81959068105992392                                                                      fb4a91fded9d31f7bb2d7c01a7ab0203010001a382010430820100301d0603551d0e0416041489e6897d59dded56f52a300000aceac02c                                                                      fc277a30130603551d25040c300a06082b06010505070302300e0603551d0f0101ff0404030205a0301f060355
>         EAP-Message = 0x1d230418301680147b3f3d89d72bac972c086ada7233f64a074ea0a1303d0603551d1f043630343032a030                                                                      a02e862c687474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f45534444497373756572323034382e63726c303d06092b0601                                                                      0401823715070430302e06262b0601040182371508acc31f85e0d61c87dd892487e6e83681a1f354814687e8e46882f8d1190201640201                                                                      05301b06092b060104018237150a040e300c300a06082b06010505070302300d06092a864886f70d0101050500038201010004e19b0cfd                                                                      1d67050634a01adc74f1bf85a0fea2fba20aafdf51982415ce03664873d92731d65e2db6430c0fe9be3d6c3cdd
>         EAP-Message = 0xdacb8c60528ee06450f501b12ce84c5251ce30137e56
>         State = 0x513c3c875634316c3a43028be40032ff
>         Message-Authenticator = 0x9d6744dd03fb0ae72889cac849b5ede0
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 8 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
>   TLS Length 6476
> [tls] Received EAP-TLS First Fragment of the message
> [tls] eaptls_verify returned 9
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 8 to 10.128.0.100 port 37626
>         EAP-Message = 0x010900060d00
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875935316c3a43028be40032ff
> Finished request 8.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=9, length=1184
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020904060d40f35e9f31776548e380f13528708a648379fdce4901097a09426161485c1979bfcf3dfdc298                                                                      064f55d31f3db6d49ff38efb1e4ab36ce653696f663393f4a1a3370b8b63907c7888e2e7c7ba959804a22e18401bbf150bf8ee1e26a848                                                                      df7e61cb98fcf9dc67e5dd9d7dfbc9acf5451e7adbd50d14593439b45a9d79372b40c91b6d0f11dcad36a8f6fe0250ba5bbd3d277a2d17                                                                      8d2af8be7503bd65921740988796656199be2677eb8d1c1b2c3cfa840e4cd76884055803770006ca308206c6308204aea0030201020210                                                                      56886f61a89e888c4face278a0aabf44300d06092a864886f70d0101050500305931133011060a0992268993f2
>         EAP-Message = 0x2c6401191603636f6d31163014060a0992268993f22c6401191606626f65696e6731133011060a09922689                                                                      93f22c6401191603666c79311530130603550403130c45534444526f6f7434303936301e170d3037313231373233333632385a170d3237                                                                      313231373233343335395a305931133011060a0992268993f22c6401191603636f6d31163014060a0992268993f22c6401191606626f65                                                                      696e6731133011060a0992268993f22c6401191603666c79311530130603550403130c45534444526f6f743430393630820222300d0609                                                                      2a864886f70d01010105000382020f003082020a0282020100a893f9fa5409d68e7a33cfcd03bc0578efac4177
>         EAP-Message = 0x0a34a84b1d78ba3b554ef6a3b40722737a757b7db9e9e9f24fbb3d065e30a8ff8834e8e0c1b864c8d36510                                                                      289b131150730708492a06254d96761937a485841420ea2a80c539e68e8adac2a5242c0281659c60169a50b6a926be06544eee5901f907                                                                      3377613af43616575be42d8a2fa8184a5bb0740fc13203bbc397b154725415586ae6554dce245015f13b42c85358f46aff90ade72f8647                                                                      89cb9739f179efbaabb0be436bbaeeb6bc8ba42e35497e4f02c0fd47515a6d354553e23ff3c9b4654094f7a109e81f95a131b619b94fde                                                                      aba656439b470f3f2e4c4679ce6b3b19d3cdc132dda580ef80f98af9ddfdcb50d59a335f8bd4de4a3ce7f493fc
>         EAP-Message = 0x4a942659b3b35c0f67b7d2e7b21609e9ea84ca7b5bb9f8db4904e7353c8f32a8f04091df845c69df06312e                                                                      ac02e25621f08615ccb20cab61b9703c9150a3a5c13cec3f590a8258950ac680d5c578aa6ccb5f27effdabdeb10d7ff6dc49b4441f6e29                                                                      b88283a446ca910e90c9e6572f595c3476eaf515efe2793ac6d7b7a4891f4c655926fb4e2a76d90d8a8ab6b062aabf7aab2bc6354b1ba8                                                                      161d71ea4b54ab72547e20129f1e7947333165e07900b1b50fb9b482786124dedbe293e98b9386bf666129eaf95088b9f7ecd25158dc52                                                                      fd74ad9397665c795e18dbb69521343c7c7cf0c9c79720006e6707bc5fa3cf0203010001a38201883082018430
>         EAP-Message = 0x1306092b060104018237140204061e040043
>         State = 0x513c3c875935316c3a43028be40032ff
>         Message-Authenticator = 0xd56f46711110d24c271fb50b6ef77742
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 9 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] More fragments to follow
> [tls] eaptls_verify returned 10
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 9 to 10.128.0.100 port 37626
>         EAP-Message = 0x010a00060d00
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875836316c3a43028be40032ff
> Finished request 9.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=10, length=1184
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020a04060d400041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d060355                                                                      1d0e041604141e4e1c8a14ef89a83391ee997b1cabed3f47eaa63082011c0603551d1f048201133082010f3082010ba0820107a0820103                                                                      8681bf6c6461703a2f2f2f434e3d45534444526f6f74343039362c434e3d706b692d746573742d3738376d2c434e3d4344502c434e3d50                                                                      75626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d                                                                      666c792c44433d626f65696e672c44433d636f6d3f63657274696669636174655265766f636174696f6e4c6973
>         EAP-Message = 0x743f626173653f6f626a656374436c6173733d63524c446973747269627574696f6e506f696e74863f6874                                                                      74703a2f2f706b692d746573742d3738376d2e666c792e626f65696e672e636f6d2f43657274456e726f6c6c2f45534444526f6f743430                                                                      39362e63726c301006092b06010401823715010403020100300d06092a864886f70d0101050500038202010089d0fd7533e496888b2ac6                                                                      b9cedabf4da5fa5c734b99eca89061b28b303050d210ea6b591dfee0c4efc644244a55b135a226d9597c71f777a1bee950cdc582f70f1a                                                                      fd54ad92a7f9d13b697c2e77777bfe33c5b486af6b822e97d9efdc82a072c3935760378f9faa5be09ac1026c0b
>         EAP-Message = 0xf10b3f88bd8b6fb1366829a61ba8496a5f204ba82f88fcc05f8275de0addc8287bb6c9e8c931a223475d7b                                                                      29c414992ab24512048a99033f4a82fd82b68ae58129e7d3c7a4e60e26a8b5591098b9a9cde9fe2a3d17964e686d8fccbb897fda38447d                                                                      dd014fed04c06e4de165ffb3afe93e17a0bd63973b0a261e1eaf839060b716cdb7891fe872a2a45181c8884227c94d290a3620ddbfe38a                                                                      9e2da706250c49ec0413ad0cfb4440b1cf70fbad7668685ccd4146677001b560850e8eba09cc6280711eb067230a81d461bcde5ceb4c33                                                                      956460a20303d68d0219f5cc3bef1d14c94f632a940006cf1b90da3e8e37de8440d2079c6a5f4cde66fa9d045d
>         EAP-Message = 0x6fcdc04250079b7e1387e0320f40e08d40f013f0d26b22d826a229b1460b64cc447a34d86687a297b5fe04                                                                      865b0fb328cd18d8abfa1ea4b1c58ae57f311567069d521fb42e9918aa3cbf6ca91db5eeae294156426a4249cfd6d3750506a3bb8f98b9                                                                      e5d839b7fd939293fb96483aaa2ff99110fff680e1117cd11c183cfdeb0aa91b26e89043e33d2ef03588b5687b47727e36220006763082                                                                      06723082045aa003020102020a611b280600000000000c300d06092a864886f70d0101050500305931133011060a0992268993f22c6401                                                                      191603636f6d31163014060a0992268993f22c6401191606626f65696e6731133011060a0992268993f22c6401
>         EAP-Message = 0x191603666c79311530130603550403130c45
>         State = 0x513c3c875836316c3a43028be40032ff
>         Message-Authenticator = 0x84fe071ee7e336ed9305a724469d8da0
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 10 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] More fragments to follow
> [tls] eaptls_verify returned 10
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 10 to 10.128.0.100 port 37626
>         EAP-Message = 0x010b00060d00
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875b37316c3a43028be40032ff
> Finished request 10.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=11, length=1184
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020b04060d40534444526f6f7434303936301e170d3039303131393036333331365a170d31343031313830                                                                      36333331365a305a31133011060a0992268993f22c6401191603636f6d31163014060a0992268993f22c6401191606626f65696e673113                                                                      3011060a0992268993f22c6401191603666c79311630140603550403130d45534444496e7465723430393630820222300d06092a864886                                                                      f70d01010105000382020f003082020a02820201009f550e60c398442453191759d44c49d10f2a9e1a27f47675f419fe64086a65ff77d0                                                                      75fbbbb7239ca1fd75d1dc0edc36c967a6ea0bd640e7cea54d41b0cb877f320f987db51ef21dbad0e6b248c8bc
>         EAP-Message = 0x4473b4a39f180bc2b8427c69bfecc87f56d43bceacb6b6fed627d3d06b2c391f698a19dcc918b1a01850ed                                                                      b9a3f1c949732ec57efb446b43e596e64a768bab47d95f225af8d8c5ae7de5f79fddcaf339bc7d98ac0d09d0c82360ab3ab9208403293f                                                                      45606176d518eb96ecd05d09ddce6b4740583074d5f6b4315fd1a1599941102a313f6ca1689620d6bc8101088ac513e2d20b333d60617a                                                                      e64f68af26146da6b94180f0ee7031bd05d03d03abc66ca3b6a28321b0e409107c1b867cf999bb1aaca9d29d85295c57b27c29cab526a8                                                                      da538e6a449f253a44ad71e2d3ac3769fe8c6ce37e1298ff4f96d91f9ccd37d21a763b9e508d11a964dfbe19c6
>         EAP-Message = 0xf4a51d2562ef397940ed309f29427f85ade6fc8015e56090fa480ba5b8225807f6d9804f0812390cea201d                                                                      a3a955473b5f19dfd3223b1341e9e36b72b28c82c75b6c5da597518f2f7b6c9fe052f98590c8c3225ea11c1b2805077251f5ac84fef400                                                                      f43ad9940338c1b66b158dcf3b31649ce753edbd8b38bda0d5038781dc638111474a99a932a144c6b3ac153f1d3d0d61117cd2cb590d42                                                                      4b39e8b3164ef536f1c2860dc7e8889e3ae9412bc0422e5b7923c50203010001a382013930820135300f0603551d130101ff0405300301                                                                      01ff301d0603551d0e0416041443b1f625d530e7f847f0bfcb526b9b4fe1fe72b9300b0603551d0f0404030201
>         EAP-Message = 0x86301006092b06010401823715010403020101302306092b060104018237150204160414d31f074108cfac                                                                      5cc47ed111d3a2712f219c9012301906092b0601040182371402040c1e0a00530075006200430041301f0603551d230418301680141e4e                                                                      1c8a14ef89a83391ee997b1cabed3f47eaa6303b0603551d1f043430323030a02ea02c862a687474703a2f2f63726c2e626f65696e672e                                                                      636f6d2f63726c2f45534444526f6f74343039362e63726c304606082b06010505070101043a3038303606082b06010505073002862a68                                                                      7474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f45534444526f6f74343039362e637274300d0609
>         EAP-Message = 0x2a864886f70d01010505000382020100976a
>         State = 0x513c3c875b37316c3a43028be40032ff
>         Message-Authenticator = 0x0ad1596cf779061d296f593b2dfd3c51
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 11 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] More fragments to follow
> [tls] eaptls_verify returned 10
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 11 to 10.128.0.100 port 37626
>         EAP-Message = 0x010c00060d00
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875a30316c3a43028be40032ff
> Finished request 11.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=12, length=1184
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020c04060d4048f45eed37c731261476bba7a6b705e7d169a8fbad7b380e5f75f32761bb56e803864ee663                                                                      cac722b7c1a9ea1d6b2a0c06f952c91e4b7b2d99724f0330cd81d4800cf17842bceeaed7285a45f90879667e3a18f70b3464a3d0d6d514                                                                      173a98b9678e998b8d9a494cfe9243e300c2832a35df610158cd396b1f280db73d94c58709c200b1d702aee8c2a8ebb7b07ff2acbc547b                                                                      dc9889122128abeaeb1f575026452952e0e9c51292bd2ef1eff30468f418406c0860cd36806e73fc3e13fb5f3cccc7cd8fb934c2f06f94                                                                      e83a8be6d9985b53b884c8236135e88e63ba8dd36b4708cff97de8f14e4a035a02e9aef78670e90101f725f08e
>         EAP-Message = 0x02ea7beaf85acf6e722216671b00749643ef995a71e0e0f21dd9f5282ddba71c014fea56097bdf2c60cdc6                                                                      056d3cea13ba4aae1782860adaebd34a896186d5840355a6e80e91b21bfa283bed2bbb4c67b198e212875081fd305ec7d6d74af01bf678                                                                      0355aea3a1ee8cd3e506224829321aade7c25d915394eb31db8310834e1724d5ca7dfccfff1d18935ddb264b199bda870f3954c4243e82                                                                      b167acdd96fb2091a99de16a1710007885b0f9e045d7bc8ab34af0041db6e8009a20d0ba835517ea46b6e95b6a47b993c8ba1ad606a030                                                                      f40102b8c02b226bce7e64d4a2a705a08fe4c4cb51519be63c4455c0a6e8871658c1f20195a7d7efeecd530454
>         EAP-Message = 0x602d8d6ac6cb81540d1800057a308205763082035ea003020102020a61395bb700010000000a300d06092a                                                                      864886f70d0101050500305a31133011060a0992268993f22c6401191603636f6d31163014060a0992268993f22c6401191606626f6569                                                                      6e6731133011060a0992268993f22c6401191603666c79311630140603550403130d45534444496e74657234303936301e170d30393031                                                                      31393037303632315a170d3134303131383036333331365a305b31133011060a0992268993f22c6401191603636f6d31163014060a0992                                                                      268993f22c6401191606626f65696e6731133011060a0992268993f22c6401191603666c793117301506035504
>         EAP-Message = 0x03130e455344444973737565723230343830820122300d06092a864886f70d01010105000382010f003082                                                                      010a02820101009ede837e52ce12f2f315c72da8adbaf7828db60d09392a3cf133c5f11a497d7bd90f1e1eddcdb23058de50acad29c809                                                                      b5036f4ce1b0307609a68c92c47bb3a089b236e8e05e3275170369ab25371f4bc684324ac54ad223a046a4eb84964daaf1c2244edec54b                                                                      03ef4137634d55afc4e118031d822efd491b7cf9d6530362297ccff6616dfe1f0ebaebaf4f84ff9edce03a9189f34ca257ce621e20aeaf                                                                      539e5f91fcae83e89219e587fde80e5c86666d5fd5fdc364f47ab4bda8b62f6233a18e1ddcf109c90234bec8de
>         EAP-Message = 0xf2d14c026d557b14cd764a677f91c3e5a096
>         State = 0x513c3c875a30316c3a43028be40032ff
>         Message-Authenticator = 0x83805531ac628b23e32fce49a71392bd
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 12 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] More fragments to follow
> [tls] eaptls_verify returned 10
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 12 to 10.128.0.100 port 37626
>         EAP-Message = 0x010d00060d00
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875d31316c3a43028be40032ff
> Finished request 12.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=13, length=1184
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020d04060d40bc0f216a6aa60365dad3b4bbe2616ef038a6d2610bf15597e4fb288472028530c054f10203                                                                      010001a382013b30820137300f0603551d130101ff040530030101ff301d0603551d0e041604147b3f3d89d72bac972c086ada7233f64a                                                                      074ea0a1300b0603551d0f040403020186301006092b06010401823715010403020101302306092b060104018237150204160414249ba6                                                                      c4888fd87d96ab95594e6637dd6e25632f301906092b0601040182371402040c1e0a00530075006200430041301f0603551d2304183016                                                                      801443b1f625d530e7f847f0bfcb526b9b4fe1fe72b9303c0603551d1f043530333031a02fa02d862b68747470
>         EAP-Message = 0x3a2f2f63726c2e626f65696e672e636f6d2f63726c2f45534444496e746572343039362e63726c30470608                                                                      2b06010505070101043b3039303706082b06010505073002862b687474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f455344                                                                      44496e746572343039362e637274300d06092a864886f70d010105050003820201006bd3c23ef41bc64c3383a89e90f53061c5b5f03e20                                                                      40ebc07377fedd37e6ea3f8ce247d0459c1889138a0c63c9b5b5b305e8696de327c1658330193d784233a5343e00e03ccce0e77960a69b                                                                      0f9a547a193d6a6502ec30fe65c6365aab74304517f7fea0ce3a07896d13492d59f11ff187aae8d743897f92ef
>         EAP-Message = 0xa32b18a86a8c02d4e909e17e97417d5c676d546785540ebdf853366842f38e66b0d9a00bc6cf2a25777f0d                                                                      ef04b8971ebce5b776400e121455288ae22c65c6d23fbcd243a9be7182f6969f0d6061dc4f786eb6eb2fbfd89c807c990eb67a595fb271                                                                      7599cc0262dfe8483f7e4f010c8bf6e8c9e02de0a3ccb594e8a1ee52cfd051e13642a34f0325c6c767548c6102d4e4311a37b08d44164a                                                                      fff6a0a67af3f971ad402ee75a8835d5fa76731958078d4b3f483f412fbb36b888e5416ec598487402187b049bd80f79fa8d53f6476999                                                                      c2cf3b82646d2777fd7c6c0ce31b3c330693d78b8960d784840ff10e784e078023b73ad81e0fd6fdc7bf66bf09
>         EAP-Message = 0xcf8118d3852613bd4cf23f384191bdd292050490c3bfde93230dba380f1391aaf299bd7c4288e0758c9132                                                                      df0250d269f10da91b51fb1cd3238828cfc140f801ba777248759e0fdb13e10e08560616d5d7dd7b4cd5a091b28ffba665665648e98da4                                                                      4682f17430ada59a3a4b889250ae64a1d4f112a3a83fab8bcaf308087ff97a820a6844c8e64ac9291603010086100000820080d5c6f2b2                                                                      117a6cbad67d242f4a69802a07cc8aaf5ff59ebf219cf8af7a387d7803fb034db0e6070054f312a26293f461b6de33fa34b7b09a42aea8                                                                      c3394d9c7f44c7148e62b6f611dafa44040cb3378f6744dcf4ad54099d59580e2e445697c4ec2348b4552af63e
>         EAP-Message = 0x247063c1bccceed74889ea590e0da58ce6be
>         State = 0x513c3c875d31316c3a43028be40032ff
>         Message-Authenticator = 0xbb1d0ad92f5fd564954baa008cd36db0
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 13 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] More fragments to follow
> [tls] eaptls_verify returned 10
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 13 to 10.128.0.100 port 37626
>         EAP-Message = 0x010e00060d00
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875c32316c3a43028be40032ff
> Finished request 13.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=14, length=486
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020e01520d00a235d3b7f87016030101060f00010201009c5bae8f60c3882d11a8226db135282ea8065fa1                                                                      2587cd72b4beaa29ae85a390117cd3b2cb47dfd94438f6601cc5fd5b2a3ce4805ad3f88bd71df9ff5b2dff640402660699ddd03a645121                                                                      14167e1386a1968e46d91749f78cdbd5aace7b1a52a2df2d90c93b76ca567b41734a9ae1f3537cc938ab05e11bc100e9c265a72bc8345f                                                                      bfdd42242a3a376248f1d641f2ef2e294d4290ff8a216c17a90f43c2a04ec4f29de41bdda9dc8b3d0ac398fcf5c0bb3f2e9fe752aba87c                                                                      9c09250c91d2bb39f413765b620c3dea46fc330bcc347488fc0dc23e8f4c63008cdd1ebdbc907fe13f4c5619ab
>         EAP-Message = 0x6f49b68bd20f7c60ffb52b1f96a61c26aa6415e09dede4d5212c1403010001011603010030e0db5794014c                                                                      3d3d69d2bdfd98a304ad9779de997f577a7cd878ed46952ce28eb9918b0e21865ef74572c8e7cf16790d
>         State = 0x513c3c875c32316c3a43028be40032ff
>         Message-Authenticator = 0x9c9cc0760618df10c4d942cd95e95c9c
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 14 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] eaptls_verify returned 7
> [tls] Done initial handshake
> [tls] <<< TLS 1.0 Handshake [length 1776], Certificate
> [tls] chain-depth=3,
> [tls] error=0
> [tls] --> User-Name = MaintenanceControlDisplay
> [tls] --> BUF-Name = ESDDRoot4096
> [tls] --> subject = /DC=com/DC=boeing/DC=fly/CN=ESDDRoot4096
> [tls] --> issuer  = /DC=com/DC=boeing/DC=fly/CN=ESDDRoot4096
> [tls] --> verify return:1
> [tls] chain-depth=2,
> [tls] error=0
> [tls] --> User-Name = MaintenanceControlDisplay
> [tls] --> BUF-Name = ESDDInter4096
> [tls] --> subject = /DC=com/DC=boeing/DC=fly/CN=ESDDInter4096
> [tls] --> issuer  = /DC=com/DC=boeing/DC=fly/CN=ESDDRoot4096
> [tls] --> verify return:1
> [tls] chain-depth=1,
> [tls] error=0
> [tls] --> User-Name = MaintenanceControlDisplay
> [tls] --> BUF-Name = ESDDIssuer2048
> [tls] --> subject = /DC=com/DC=boeing/DC=fly/CN=ESDDIssuer2048
> [tls] --> issuer  = /DC=com/DC=boeing/DC=fly/CN=ESDDInter4096
> [tls] --> verify return:1
> [tls] chain-depth=0,
> [tls] error=0
> [tls] --> User-Name = MaintenanceControlDisplay
> [tls] --> BUF-Name = MaintenanceControlDisplay
> [tls] --> subject = /x500UniqueIdentifier=A4036525/description=CrewWirelessDevice/C=US/O=\x00B\x00O\x00E\x00_\                                                                      x00I\x00T\x00L\x00 \x00A\x00i\x00r\x00l\x00i\x00n\x00e\x00s\x00 \x00C\x00o\x00.\x00 \x00L\x00t\x00d\x00./OU=Fo                                                                      r Test Purposes Only/CN=MaintenanceControlDisplay
> [tls] --> issuer  = /DC=com/DC=boeing/DC=fly/CN=ESDDIssuer2048
> [tls] --> verify return:1
> [tls]     TLS_accept: SSLv3 read client certificate A
> [tls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
> [tls]     TLS_accept: SSLv3 read client key exchange A
> [tls] <<< TLS 1.0 Handshake [length 0106], CertificateVerify
> [tls]     TLS_accept: SSLv3 read certificate verify A
> [tls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
> [tls] <<< TLS 1.0 Handshake [length 0010], Finished
> [tls]     TLS_accept: SSLv3 read finished A
> [tls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
> [tls]     TLS_accept: SSLv3 write change cipher spec A
> [tls] >>> TLS 1.0 Handshake [length 0010], Finished
> [tls]     TLS_accept: SSLv3 write finished A
> [tls]     TLS_accept: SSLv3 flush data
> [tls]     (other): SSL negotiation finished successfully
> SSL Connection Established
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 14 to 10.128.0.100 port 37626
>         EAP-Message = 0x010f00450d800000003b14030100010116030100302e7324c43c27ba2ca05affb5044cdc80b6fde1835f0a                                                                      fcacabb0f0eeb818e2397f158ad69090966662002a492e085e48
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875f33316c3a43028be40032ff
> Finished request 14.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=15, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020f00060d00
>         State = 0x513c3c875f33316c3a43028be40032ff
>         Message-Authenticator = 0x434f2ff4845a3da8223675d555c7299c
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 15 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake is finished
> [tls] eaptls_verify returned 3
> [tls] eaptls_process returned 3
> [tls] Adding user data to cached session
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 28804300 (LWP 101549/radiusd)]
> 0x28489873 in eaptls_gen_mppe_keys (reply_vps=0x28bc4230, s=0x288b7400,
>     prf_label=0x2849a8ff "client EAP encryption") at mppe_keys.c:147
> 147             PRF(s->session->master_key, s->session->master_key_length,
> (gdb) help
> List of classes of commands:
> 
> aliases -- Aliases of other commands
> breakpoints -- Making program stop at certain points
> data -- Examining data
> files -- Specifying and examining files
> internals -- Maintenance commands
> obscure -- Obscure features
> running -- Running the program
> stack -- Examining the stack
> status -- Status inquiries
> support -- Support facilities
> tracepoints -- Tracing of program execution without stopping the program
> user-defined -- User-defined commands
> 
> Type "help" followed by a class name for a list of commands in that class.
> Type "help" followed by command name for full documentation.
> Command name abbreviations are allowed if unambiguous.
> (gdb) stack
> Undefined command: "stack".  Try "help".
> (gdb) quit
> The program is running.  Exit anyway? (y or n) y
> wan231s1# cat > /home/steve/radiusd-2.2.0-gdb-output.txt
> wan231s1# gdb /usr/local/sbin/radiusd
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols found)...
> (gdb) run -X
> Starting program: /usr/local/sbin/radiusd -X
> (no debugging symbols found)...(no debugging symbols found)...[New LWP 101549]
> (no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging sym                                                                      bols found)...(no debugging symbols found)...(no debugging symbols found)...[New Thread 28804300 (LWP 101549/r                                                                      adiusd)]
> FreeRADIUS Version 2.2.0, for host i386-portbld-freebsd9.0, built on Jan  3 2013 at 20:39:43
> Copyright (C) 1999-2012 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
> Starting - reading configuration files ...
> including configuration file /usr/local/etc/raddb/radiusd.conf
> including configuration file /usr/local/etc/raddb/proxy.conf
> including configuration file /usr/local/etc/raddb/clients.conf
> including files in directory /usr/local/etc/raddb/modules/
> including configuration file /usr/local/etc/raddb/modules/wimax
> including configuration file /usr/local/etc/raddb/modules/always
> including configuration file /usr/local/etc/raddb/modules/attr_filter
> including configuration file /usr/local/etc/raddb/modules/attr_rewrite
> including configuration file /usr/local/etc/raddb/modules/cache
> including configuration file /usr/local/etc/raddb/modules/chap
> including configuration file /usr/local/etc/raddb/modules/checkval
> including configuration file /usr/local/etc/raddb/modules/counter
> including configuration file /usr/local/etc/raddb/modules/cui
> including configuration file /usr/local/etc/raddb/modules/detail
> including configuration file /usr/local/etc/raddb/modules/detail.example.com
> including configuration file /usr/local/etc/raddb/modules/detail.log
> including configuration file /usr/local/etc/raddb/modules/dhcp_sqlippool
> including configuration file /usr/local/etc/raddb/sql/mysql/ippool-dhcp.conf
> including configuration file /usr/local/etc/raddb/modules/digest
> including configuration file /usr/local/etc/raddb/modules/dynamic_clients
> including configuration file /usr/local/etc/raddb/modules/echo
> including configuration file /usr/local/etc/raddb/modules/etc_group
> including configuration file /usr/local/etc/raddb/modules/exec
> including configuration file /usr/local/etc/raddb/modules/expiration
> including configuration file /usr/local/etc/raddb/modules/expr
> including configuration file /usr/local/etc/raddb/modules/files
> including configuration file /usr/local/etc/raddb/modules/inner-eap
> including configuration file /usr/local/etc/raddb/modules/ippool
> including configuration file /usr/local/etc/raddb/modules/krb5
> including configuration file /usr/local/etc/raddb/modules/ldap
> including configuration file /usr/local/etc/raddb/modules/linelog
> including configuration file /usr/local/etc/raddb/modules/otp
> including configuration file /usr/local/etc/raddb/modules/logintime
> including configuration file /usr/local/etc/raddb/modules/mac2ip
> including configuration file /usr/local/etc/raddb/modules/mac2vlan
> including configuration file /usr/local/etc/raddb/modules/mschap
> including configuration file /usr/local/etc/raddb/modules/ntlm_auth
> including configuration file /usr/local/etc/raddb/modules/opendirectory
> including configuration file /usr/local/etc/raddb/modules/pam
> including configuration file /usr/local/etc/raddb/modules/pap
> including configuration file /usr/local/etc/raddb/modules/passwd
> including configuration file /usr/local/etc/raddb/modules/perl
> including configuration file /usr/local/etc/raddb/modules/policy
> including configuration file /usr/local/etc/raddb/modules/preprocess
> including configuration file /usr/local/etc/raddb/modules/radrelay
> including configuration file /usr/local/etc/raddb/modules/radutmp
> including configuration file /usr/local/etc/raddb/modules/realm
> including configuration file /usr/local/etc/raddb/modules/redis
> including configuration file /usr/local/etc/raddb/modules/rediswho
> including configuration file /usr/local/etc/raddb/modules/replicate
> including configuration file /usr/local/etc/raddb/modules/smbpasswd
> including configuration file /usr/local/etc/raddb/modules/smsotp
> including configuration file /usr/local/etc/raddb/modules/soh
> including configuration file /usr/local/etc/raddb/modules/sql_log
> including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
> including configuration file /usr/local/etc/raddb/modules/sradutmp
> including configuration file /usr/local/etc/raddb/modules/unix
> including configuration file /usr/local/etc/raddb/modules/acct_unique
> including configuration file /usr/local/etc/raddb/eap.conf
> including configuration file /usr/local/etc/raddb/policy.conf
> including files in directory /usr/local/etc/raddb/sites-enabled/
> including configuration file /usr/local/etc/raddb/sites-enabled/default
> main {
>         user = "freeradius"
>         group = "freeradius"
>         allow_core_dumps = no
> }
> including dictionary file /usr/local/etc/raddb/dictionary
> main {
>         name = "radiusd"
>         prefix = "/usr/local"
>         localstatedir = "/var"
>         sbindir = "/usr/local/sbin"
>         logdir = "/var/log"
>         run_dir = "/var/run/radiusd"
>         libdir = "/usr/local/lib/freeradius-2.2.0"
>         radacctdir = "/var/log/radacct"
>         hostname_lookups = no
>         max_request_time = 30
>         cleanup_delay = 5
>         max_requests = 1024
>         pidfile = "/var/run/radiusd/radiusd.pid"
>         checkrad = "/usr/local/sbin/checkrad"
>         debug_level = 0
>         proxy_requests = no
>  log {
>         stripped_names = no
>         auth = yes
>         auth_badpass = no
>         auth_goodpass = no
>  }
>  security {
>         max_attributes = 200
>         reject_delay = 1
>         status_server = yes
>  }
> }
> radiusd: #### Loading Realms and Home Servers ####
>  proxy server {
>         retry_delay = 5
>         retry_count = 3
>         default_fallback = no
>         dead_time = 120
>         wake_all_if_all_dead = no
>  }
>  home_server localhost {
>         ipaddr = 127.0.0.1
>         port = 1812
>         type = "auth"
>         secret = "testing123"
>         response_window = 20
>         max_outstanding = 65536
>         require_message_authenticator = yes
>         zombie_period = 40
>         status_check = "status-server"
>         ping_interval = 30
>         check_interval = 30
>         num_answers_to_alive = 3
>         num_pings_to_alive = 3
>         revive_interval = 120
>         status_check_timeout = 4
>   coa {
>         irt = 2
>         mrt = 16
>         mrc = 5
>         mrd = 30
>   }
>  }
>  home_server_pool my_auth_failover {
>         type = fail-over
>         home_server = localhost
>  }
>  realm example.com {
>         auth_pool = my_auth_failover
>  }
>  realm LOCAL {
>  }
> radiusd: #### Loading Clients ####
>  client localhost {
>         ipaddr = 127.0.0.1
>         require_message_authenticator = no
>         secret = "testing123"
>         nastype = "other"
>  }
>  client 10.128.0.100 {
>         require_message_authenticator = no
>         secret = "redacted"
>         shortname = "nms231s1-eapol-test"
>         nastype = "other"
>  }
> radiusd: #### Instantiating modules ####
>  instantiate {
> (no debugging symbols found)... Module: Linked to module rlm_exec
>  Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec
>   exec {
>         wait = no
>         input_pairs = "request"
>         shell_escape = yes
>   }
>  Module: Linked to module rlm_expr
>  Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr
>  Module: Linked to module rlm_expiration
>  Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration
>   expiration {
>         reply-message = "Password Has Expired  "
>   }
>  Module: Linked to module rlm_logintime
>  Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime
>   logintime {
>         reply-message = "You are calling outside your allowed timespan  "
>         minimum-timeout = 60
>   }
>  }
> radiusd: #### Loading Virtual Servers ####
> server { # from file /usr/local/etc/raddb/radiusd.conf
>  modules {
>   Module: Creating Auth-Type = digest
>   Module: Creating Post-Auth-Type = REJECT
>  Module: Checking authenticate {...} for more modules to load
>  Module: Linked to module rlm_pap
>  Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap
>   pap {
>         encryption_scheme = "auto"
>         auto_header = no
>   }
>  Module: Linked to module rlm_chap
>  Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap
>  Module: Linked to module rlm_mschap
>  Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap
>   mschap {
>         use_mppe = yes
>         require_encryption = no
>         require_strong = no
>         with_ntdomain_hack = no
>         allow_retry = yes
>   }
>  Module: Linked to module rlm_digest
>  Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest
>  Module: Linked to module rlm_unix
>  Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix
>   unix {
>         radwtmp = "/var/log/radwtmp"
>   }
>  Module: Linked to module rlm_eap
>  Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf
>   eap {
>         default_eap_type = "tls"
>         timer_expire = 60
>         ignore_unknown_eap_types = no
>         cisco_accounting_username_bug = no
>         max_sessions = 4096
>   }
>  Module: Linked to sub-module rlm_eap_md5
>  Module: Instantiating eap-md5
>  Module: Linked to sub-module rlm_eap_leap
>  Module: Instantiating eap-leap
>  Module: Linked to sub-module rlm_eap_gtc
>  Module: Instantiating eap-gtc
>    gtc {
>         challenge = "Password: "
>         auth_type = "PAP"
>    }
>  Module: Linked to sub-module rlm_eap_tls
>  Module: Instantiating eap-tls
>    tls {
>         rsa_key_exchange = no
>         dh_key_exchange = yes
>         rsa_key_length = 512
>         dh_key_length = 512
>         verify_depth = 0
>         CA_path = "/usr/local/etc/raddb/certs/CA"
>         pem_file_type = yes
>         private_key_file = "/usr/local/etc/raddb/certs/gatelink822-wan231s1_key.pem"
>         certificate_file = "/usr/local/etc/raddb/certs/gatelink822-wan231s1_cert.pem"
>         private_key_password = "redacted"
>         dh_file = "/usr/local/etc/raddb/certs/dh"
>         random_file = "/usr/local/etc/raddb/certs/random"
>         fragment_size = 1024
>         include_length = yes
>         check_crl = no
>         cipher_list = "DEFAULT"
>         make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
>         ecdh_curve = "prime256v1"
>     cache {
>         enable = no
>         lifetime = 24
>         max_entries = 255
>     }
>     verify {
>     }
>     ocsp {
>         enable = no
>         override_cert_url = yes
>         url = "http://127.0.0.1/ocsp/"
>         use_nonce = yes
>         timeout = 0
>         softfail = no
>     }
>    }
>  Module: Linked to sub-module rlm_eap_ttls
>  Module: Instantiating eap-ttls
>    ttls {
>         default_eap_type = "md5"
>         copy_request_to_tunnel = no
>         use_tunneled_reply = no
>         virtual_server = "inner-tunnel"
>         include_length = yes
>    }
>  Module: Linked to sub-module rlm_eap_peap
>  Module: Instantiating eap-peap
>    peap {
>         default_eap_type = "mschapv2"
>         copy_request_to_tunnel = no
>         use_tunneled_reply = no
>         proxy_tunneled_request_as_eap = yes
>         virtual_server = "inner-tunnel"
>         soh = no
>    }
>  Module: Linked to sub-module rlm_eap_mschapv2
>  Module: Instantiating eap-mschapv2
>    mschapv2 {
>         with_ntdomain_hack = no
>         send_error = no
>    }
>  Module: Checking authorize {...} for more modules to load
>  Module: Linked to module rlm_preprocess
>  Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess
>   preprocess {
>         huntgroups = "/usr/local/etc/raddb/huntgroups"
>         hints = "/usr/local/etc/raddb/hints"
>         with_ascend_hack = no
>         ascend_channels_per_line = 23
>         with_ntdomain_hack = no
>         with_specialix_jetstream_hack = no
>         with_cisco_vsa_hack = no
>         with_alvarion_vsa_hack = no
>   }
> reading pairlist file /usr/local/etc/raddb/huntgroups
> reading pairlist file /usr/local/etc/raddb/hints
>  Module: Linked to module rlm_realm
>  Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm
>   realm suffix {
>         format = "suffix"
>         delimiter = "@"
>         ignore_default = no
>         ignore_null = no
>   }
>  Module: Linked to module rlm_files
>  Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files
>   files {
>         usersfile = "/usr/local/etc/raddb/users"
>         acctusersfile = "/usr/local/etc/raddb/acct_users"
>         preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
>         compat = "no"
>   }
> reading pairlist file /usr/local/etc/raddb/users
> reading pairlist file /usr/local/etc/raddb/acct_users
> reading pairlist file /usr/local/etc/raddb/preproxy_users
>  Module: Checking preacct {...} for more modules to load
>  Module: Linked to module rlm_acct_unique
>  Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique
>   acct_unique {
>         key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
>   }
>  Module: Checking accounting {...} for more modules to load
>  Module: Linked to module rlm_detail
>  Module: Instantiating module "detail" from file /usr/local/etc/raddb/modules/detail
>   detail {
>         detailfile = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
>         header = "%t"
>         detailperm = 384
>         dirperm = 493
>         locking = no
>         log_packet_header = no
>   }
>  Module: Linked to module rlm_attr_filter
>  Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_fi                                                                      lter
>   attr_filter attr_filter.accounting_response {
>         attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
>         key = "%{User-Name}"
>         relaxed = no
>   }
> reading pairlist file /usr/local/etc/raddb/attrs.accounting_response
>  Module: Checking session {...} for more modules to load
>  Module: Linked to module rlm_radutmp
>  Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp
>   radutmp {
>         filename = "/var/log/radutmp"
>         username = "%{User-Name}"
>         case_sensitive = yes
>         check_with_nas = yes
>         perm = 384
>         callerid = yes
>   }
>  Module: Checking post-proxy {...} for more modules to load
>  Module: Checking post-auth {...} for more modules to load
>  Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter
>   attr_filter attr_filter.access_reject {
>         attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
>         key = "%{User-Name}"
>         relaxed = no
>   }
> reading pairlist file /usr/local/etc/raddb/attrs.access_reject
>  } # modules
> } # server
> radiusd: #### Opening IP addresses and Ports ####
> listen {
>         type = "auth"
>         ipaddr = *
>         port = 0
> }
> listen {
>         type = "acct"
>         ipaddr = *
>         port = 0
> }
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Ready to process requests.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=0, length=158
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x0200001e014d61696e74656e616e6365436f6e74726f6c446973706c6179
>         Message-Authenticator = 0xad8a60fa6b73d53acb5ce659eff3da36
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 0 length 30
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type tls
> [tls] Requiring client certificate
> [tls] Initiate
> [tls] Start returned 1
> ++[eap] returns handled
> Sending Access-Challenge of id 0 to 10.128.0.100 port 37626
>         EAP-Message = 0x010100060d20
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c87513d316c3a43028be40032ff
> Finished request 0.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=1, length=258
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020100700d00160301006501000061030150e5f39860827a0411cfb562ef8e20af61649f10290355949974                                                                      ed309594e83f00003400390038003500880087008400160013000a00330032002f00450044004100050004001500120009001400110008                                                                      0006000300ff0100000400230000
>         State = 0x513c3c87513d316c3a43028be40032ff
>         Message-Authenticator = 0x0633be04de5c0102ddc9fa927ed47610
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 1 length 112
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] eaptls_verify returned 7
> [tls] Done initial handshake
> [tls]     (other): before/accept initialization
> [tls]     TLS_accept: before/accept initialization
> [tls] <<< TLS 1.0 Handshake [length 0065], ClientHello
> [tls]     TLS_accept: SSLv3 read client hello A
> [tls] >>> TLS 1.0 Handshake [length 0031], ServerHello
> [tls]     TLS_accept: SSLv3 write server hello A
> [tls] >>> TLS 1.0 Handshake [length 1756], Certificate
> [tls]     TLS_accept: SSLv3 write certificate A
> [tls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
> [tls]     TLS_accept: SSLv3 write key exchange A
> [tls] >>> TLS 1.0 Handshake [length 0010], CertificateRequest
> [tls]     TLS_accept: SSLv3 write certificate request A
> [tls]     TLS_accept: SSLv3 flush data
> [tls]     TLS_accept: Need to read more data: SSLv3 read client certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 1 to 10.128.0.100 port 37626
>         EAP-Message = 0x010204000dc0000019b816030100310200002d030150e5f3981aa9077b62c7c34d9eb90bd512eac8348779                                                                      1227b2d8e289befa6edf000039000005ff0100010016030117560b00175200174f000489308204853082036da003020102020a4b426b00                                                                      000100000d22300d06092a864886f70d0101050500305b31133011060a0992268993f22c6401191603636f6d31163014060a0992268993                                                                      f22c6401191606626f65696e6731133011060a0992268993f22c6401191603666c79311730150603550403130e45534444497373756572                                                                      32303438301e170d3132303331343139343732395a170d3134303131383036333331365a308191310b30090603
>         EAP-Message = 0x55040613025553310b30090603550408130257413110300e0603550407130753656174746c65311b301906                                                                      0355040a131254686520426f65696e6720436f6d70616e79311f301d060355040b1316466f72205465737420507572706f736573204f6e                                                                      6c79312530230603550403131c676174656c696e6b3832322e77616e32333173312e77616e2e6c616230820122300d06092a864886f70d                                                                      01010105000382010f003082010a0282010100c175642cacaf0313bb775762d65e844208b24fe044be27d2523ff76cb718dec7f17eb3ee                                                                      320f859c8a03a5d34400a1783e2b543e8398d1785daa255073353c5d13ffa304f26019b8b859368bae5c65d617
>         EAP-Message = 0x93e77241750f6fc8e2ffbff4b8fefbdd0321433512b07d0180c2271de6c5fa9458579163d21f4c26f7ced4                                                                      30868b3c0d344b85a2f5d37adcda8fb477d64b4c0c2a978946081e0e52e47f4ddb0cb82c02f8a704f6f169b46c63f1db7e0403f7e0989d                                                                      73546ddfe6823a83310c68ea5722997a969fa9b0858799de63fab0f941b510fb826d581823ef6f0eb6e59dc96a434f18fa2288574a6de1                                                                      53a979ce2fc2b31e06dbd12bce17213019db711b563d0203010001a38201123082010e301d0603551d0e04160414afc898ac5da8d7db13                                                                      80f5ca855cff669aa3035c300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505
>         EAP-Message = 0x070301301f0603551d230418301680147b3f3d89d72bac972c086ada7233f64a074ea0a1303d0603551d1f                                                                      043630343032a030a02e862c687474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f45534444497373756572323034382e6372                                                                      6c300c0603551d130101ff04023000303d06092b06010401823715070430302e06262b0601040182371508acc31f85e0d61c87dd892487                                                                      e6e83681a1f354814681b4812e84aaae09020164020105301b06092b060104018237150a040e300c300a06082b06010505070301300d06                                                                      092a864886f70d01010505000382010100702d7a1bde789d5af9c5d5ba6afed07c0f23bd794b1e54aa6ac6ed3b
>         EAP-Message = 0x634ee662bd183641cf537132
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c87503e316c3a43028be40032ff
> Finished request 1.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=2, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020200060d00
>         State = 0x513c3c87503e316c3a43028be40032ff
>         Message-Authenticator = 0xb498e0ab471b0fe82149a213e502cc78
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 2 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake fragment handler
> [tls] eaptls_verify returned 1
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 2 to 10.128.0.100 port 37626
>         EAP-Message = 0x010304000dc0000019b8322dbdd1145b65fc9a838c88b38578712aee8672f594dbb51c82d3b2b239171e2b                                                                      c6816740828370ab131a9f6e7cdbc9ce1af59564ab13f6084b2f7dfbc59766edeb710de9be3c3820775d69539962c845f60c47fcaf3c43                                                                      d021eea95f86ab7bfecab3ae917a9d8fa792195be052d27c8e2d7cdd72d743d89cfff56a500f9face99c5563972d19ead292a4ebda615f                                                                      f2c89a07dd30c1c06f25bc476090e077f5a6af2d1e618208bfd018a56abb362b8bce884976f6d3adb093d2eeae7bd59063ae8a868fb1cd                                                                      c19c990d818216e7f1e68c5c7c1495bb1bc800057a308205763082035ea003020102020a61395bb70001000000
>         EAP-Message = 0x0a300d06092a864886f70d0101050500305a31133011060a0992268993f22c6401191603636f6d31163014                                                                      060a0992268993f22c6401191606626f65696e6731133011060a0992268993f22c6401191603666c79311630140603550403130d455344                                                                      44496e74657234303936301e170d3039303131393037303632315a170d3134303131383036333331365a305b31133011060a0992268993                                                                      f22c6401191603636f6d31163014060a0992268993f22c6401191606626f65696e6731133011060a0992268993f22c6401191603666c79                                                                      311730150603550403130e455344444973737565723230343830820122300d06092a864886f70d010101050003
>         EAP-Message = 0x82010f003082010a02820101009ede837e52ce12f2f315c72da8adbaf7828db60d09392a3cf133c5f11a49                                                                      7d7bd90f1e1eddcdb23058de50acad29c809b5036f4ce1b0307609a68c92c47bb3a089b236e8e05e3275170369ab25371f4bc684324ac5                                                                      4ad223a046a4eb84964daaf1c2244edec54b03ef4137634d55afc4e118031d822efd491b7cf9d6530362297ccff6616dfe1f0ebaebaf4f                                                                      84ff9edce03a9189f34ca257ce621e20aeaf539e5f91fcae83e89219e587fde80e5c86666d5fd5fdc364f47ab4bda8b62f6233a18e1ddc                                                                      f109c90234bec8def2d14c026d557b14cd764a677f91c3e5a096bc0f216a6aa60365dad3b4bbe2616ef038a6d2
>         EAP-Message = 0x610bf15597e4fb288472028530c054f10203010001a382013b30820137300f0603551d130101ff04053003                                                                      0101ff301d0603551d0e041604147b3f3d89d72bac972c086ada7233f64a074ea0a1300b0603551d0f040403020186301006092b060104                                                                      01823715010403020101302306092b060104018237150204160414249ba6c4888fd87d96ab95594e6637dd6e25632f301906092b060104                                                                      0182371402040c1e0a00530075006200430041301f0603551d2304183016801443b1f625d530e7f847f0bfcb526b9b4fe1fe72b9303c06                                                                      03551d1f043530333031a02fa02d862b687474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f455344
>         EAP-Message = 0x44496e746572343039362e63
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c87533f316c3a43028be40032ff
> Finished request 2.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=3, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020300060d00
>         State = 0x513c3c87533f316c3a43028be40032ff
>         Message-Authenticator = 0xbfd7afb5cc827e4dfe0e545087c18bdd
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 3 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake fragment handler
> [tls] eaptls_verify returned 1
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 3 to 10.128.0.100 port 37626
>         EAP-Message = 0x010404000dc0000019b8726c304706082b06010505070101043b3039303706082b06010505073002862b68                                                                      7474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f45534444496e746572343039362e637274300d06092a864886f70d010105                                                                      050003820201006bd3c23ef41bc64c3383a89e90f53061c5b5f03e2040ebc07377fedd37e6ea3f8ce247d0459c1889138a0c63c9b5b5b3                                                                      05e8696de327c1658330193d784233a5343e00e03ccce0e77960a69b0f9a547a193d6a6502ec30fe65c6365aab74304517f7fea0ce3a07                                                                      896d13492d59f11ff187aae8d743897f92efa32b18a86a8c02d4e909e17e97417d5c676d546785540ebdf85336
>         EAP-Message = 0x6842f38e66b0d9a00bc6cf2a25777f0def04b8971ebce5b776400e121455288ae22c65c6d23fbcd243a9be                                                                      7182f6969f0d6061dc4f786eb6eb2fbfd89c807c990eb67a595fb2717599cc0262dfe8483f7e4f010c8bf6e8c9e02de0a3ccb594e8a1ee                                                                      52cfd051e13642a34f0325c6c767548c6102d4e4311a37b08d44164afff6a0a67af3f971ad402ee75a8835d5fa76731958078d4b3f483f                                                                      412fbb36b888e5416ec598487402187b049bd80f79fa8d53f6476999c2cf3b82646d2777fd7c6c0ce31b3c330693d78b8960d784840ff1                                                                      0e784e078023b73ad81e0fd6fdc7bf66bf09cf8118d3852613bd4cf23f384191bdd292050490c3bfde93230dba
>         EAP-Message = 0x380f1391aaf299bd7c4288e0758c9132df0250d269f10da91b51fb1cd3238828cfc140f801ba777248759e                                                                      0fdb13e10e08560616d5d7dd7b4cd5a091b28ffba665665648e98da44682f17430ada59a3a4b889250ae64a1d4f112a3a83fab8bcaf308                                                                      087ff97a820a6844c8e64ac929000676308206723082045aa003020102020a611b280600000000000c300d06092a864886f70d01010505                                                                      00305931133011060a0992268993f22c6401191603636f6d31163014060a0992268993f22c6401191606626f65696e6731133011060a09                                                                      92268993f22c6401191603666c79311530130603550403130c45534444526f6f7434303936301e170d30393031
>         EAP-Message = 0x31393036333331365a170d3134303131383036333331365a305a31133011060a0992268993f22c64011916                                                                      03636f6d31163014060a0992268993f22c6401191606626f65696e6731133011060a0992268993f22c6401191603666c79311630140603                                                                      550403130d45534444496e7465723430393630820222300d06092a864886f70d01010105000382020f003082020a02820201009f550e60                                                                      c398442453191759d44c49d10f2a9e1a27f47675f419fe64086a65ff77d075fbbbb7239ca1fd75d1dc0edc36c967a6ea0bd640e7cea54d                                                                      41b0cb877f320f987db51ef21dbad0e6b248c8bc4473b4a39f180bc2b8427c69bfecc87f56d43bceacb6b6fed6
>         EAP-Message = 0x27d3d06b2c391f698a19dcc9
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875238316c3a43028be40032ff
> Finished request 3.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=4, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020400060d00
>         State = 0x513c3c875238316c3a43028be40032ff
>         Message-Authenticator = 0x6fcf451c592fb99c374d0321cdc02af7
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 4 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake fragment handler
> [tls] eaptls_verify returned 1
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 4 to 10.128.0.100 port 37626
>         EAP-Message = 0x010504000dc0000019b818b1a01850edb9a3f1c949732ec57efb446b43e596e64a768bab47d95f225af8d8                                                                      c5ae7de5f79fddcaf339bc7d98ac0d09d0c82360ab3ab9208403293f45606176d518eb96ecd05d09ddce6b4740583074d5f6b4315fd1a1                                                                      599941102a313f6ca1689620d6bc8101088ac513e2d20b333d60617ae64f68af26146da6b94180f0ee7031bd05d03d03abc66ca3b6a283                                                                      21b0e409107c1b867cf999bb1aaca9d29d85295c57b27c29cab526a8da538e6a449f253a44ad71e2d3ac3769fe8c6ce37e1298ff4f96d9                                                                      1f9ccd37d21a763b9e508d11a964dfbe19c6f4a51d2562ef397940ed309f29427f85ade6fc8015e56090fa480b
>         EAP-Message = 0xa5b8225807f6d9804f0812390cea201da3a955473b5f19dfd3223b1341e9e36b72b28c82c75b6c5da59751                                                                      8f2f7b6c9fe052f98590c8c3225ea11c1b2805077251f5ac84fef400f43ad9940338c1b66b158dcf3b31649ce753edbd8b38bda0d50387                                                                      81dc638111474a99a932a144c6b3ac153f1d3d0d61117cd2cb590d424b39e8b3164ef536f1c2860dc7e8889e3ae9412bc0422e5b7923c5                                                                      0203010001a382013930820135300f0603551d130101ff040530030101ff301d0603551d0e0416041443b1f625d530e7f847f0bfcb526b                                                                      9b4fe1fe72b9300b0603551d0f040403020186301006092b06010401823715010403020101302306092b060104
>         EAP-Message = 0x018237150204160414d31f074108cfac5cc47ed111d3a2712f219c9012301906092b060104018237140204                                                                      0c1e0a00530075006200430041301f0603551d230418301680141e4e1c8a14ef89a83391ee997b1cabed3f47eaa6303b0603551d1f0434                                                                      30323030a02ea02c862a687474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f45534444526f6f74343039362e63726c304606                                                                      082b06010505070101043a3038303606082b06010505073002862a687474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f4553                                                                      4444526f6f74343039362e637274300d06092a864886f70d01010505000382020100976a48f45eed37c7312614
>         EAP-Message = 0x76bba7a6b705e7d169a8fbad7b380e5f75f32761bb56e803864ee663cac722b7c1a9ea1d6b2a0c06f952c9                                                                      1e4b7b2d99724f0330cd81d4800cf17842bceeaed7285a45f90879667e3a18f70b3464a3d0d6d514173a98b9678e998b8d9a494cfe9243                                                                      e300c2832a35df610158cd396b1f280db73d94c58709c200b1d702aee8c2a8ebb7b07ff2acbc547bdc9889122128abeaeb1f5750264529                                                                      52e0e9c51292bd2ef1eff30468f418406c0860cd36806e73fc3e13fb5f3cccc7cd8fb934c2f06f94e83a8be6d9985b53b884c8236135e8                                                                      8e63ba8dd36b4708cff97de8f14e4a035a02e9aef78670e90101f725f08e02ea7beaf85acf6e722216671b0074
>         EAP-Message = 0x9643ef995a71e0e0f21dd9f5
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875539316c3a43028be40032ff
> Finished request 4.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=5, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020500060d00
>         State = 0x513c3c875539316c3a43028be40032ff
>         Message-Authenticator = 0x66eccf08ef53f2b5ae2dbbb2933ccbf3
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 5 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake fragment handler
> [tls] eaptls_verify returned 1
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 5 to 10.128.0.100 port 37626
>         EAP-Message = 0x010604000dc0000019b8282ddba71c014fea56097bdf2c60cdc6056d3cea13ba4aae1782860adaebd34a89                                                                      6186d5840355a6e80e91b21bfa283bed2bbb4c67b198e212875081fd305ec7d6d74af01bf6780355aea3a1ee8cd3e506224829321aade7                                                                      c25d915394eb31db8310834e1724d5ca7dfccfff1d18935ddb264b199bda870f3954c4243e82b167acdd96fb2091a99de16a1710007885                                                                      b0f9e045d7bc8ab34af0041db6e8009a20d0ba835517ea46b6e95b6a47b993c8ba1ad606a030f40102b8c02b226bce7e64d4a2a705a08f                                                                      e4c4cb51519be63c4455c0a6e8871658c1f20195a7d7efeecd530454602d8d6ac6cb81540d180006ca308206c6
>         EAP-Message = 0x308204aea003020102021056886f61a89e888c4face278a0aabf44300d06092a864886f70d010105050030                                                                      5931133011060a0992268993f22c6401191603636f6d31163014060a0992268993f22c6401191606626f65696e6731133011060a099226                                                                      8993f22c6401191603666c79311530130603550403130c45534444526f6f7434303936301e170d3037313231373233333632385a170d32                                                                      37313231373233343335395a305931133011060a0992268993f22c6401191603636f6d31163014060a0992268993f22c6401191606626f                                                                      65696e6731133011060a0992268993f22c6401191603666c79311530130603550403130c45534444526f6f7434
>         EAP-Message = 0x30393630820222300d06092a864886f70d01010105000382020f003082020a0282020100a893f9fa5409d6                                                                      8e7a33cfcd03bc0578efac41770a34a84b1d78ba3b554ef6a3b40722737a757b7db9e9e9f24fbb3d065e30a8ff8834e8e0c1b864c8d365                                                                      10289b131150730708492a06254d96761937a485841420ea2a80c539e68e8adac2a5242c0281659c60169a50b6a926be06544eee5901f9                                                                      073377613af43616575be42d8a2fa8184a5bb0740fc13203bbc397b154725415586ae6554dce245015f13b42c85358f46aff90ade72f86                                                                      4789cb9739f179efbaabb0be436bbaeeb6bc8ba42e35497e4f02c0fd47515a6d354553e23ff3c9b4654094f7a1
>         EAP-Message = 0x09e81f95a131b619b94fdeaba656439b470f3f2e4c4679ce6b3b19d3cdc132dda580ef80f98af9ddfdcb50                                                                      d59a335f8bd4de4a3ce7f493fc4a942659b3b35c0f67b7d2e7b21609e9ea84ca7b5bb9f8db4904e7353c8f32a8f04091df845c69df0631                                                                      2eac02e25621f08615ccb20cab61b9703c9150a3a5c13cec3f590a8258950ac680d5c578aa6ccb5f27effdabdeb10d7ff6dc49b4441f6e                                                                      29b88283a446ca910e90c9e6572f595c3476eaf515efe2793ac6d7b7a4891f4c655926fb4e2a76d90d8a8ab6b062aabf7aab2bc6354b1b                                                                      a8161d71ea4b54ab72547e20129f1e7947333165e07900b1b50fb9b482786124dedbe293e98b9386bf666129ea
>         EAP-Message = 0xf95088b9f7ecd25158dc52fd
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c87543a316c3a43028be40032ff
> Finished request 5.
> Going to the next request
> Waking up in 1.9 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=6, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020600060d00
>         State = 0x513c3c87543a316c3a43028be40032ff
>         Message-Authenticator = 0xbf530521aed3b6bee2217fd16706c847
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 6 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake fragment handler
> [tls] eaptls_verify returned 1
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 6 to 10.128.0.100 port 37626
>         EAP-Message = 0x010704000dc0000019b874ad9397665c795e18dbb69521343c7c7cf0c9c79720006e6707bc5fa3cf020301                                                                      0001a382018830820184301306092b060104018237140204061e0400430041300b0603551d0f040403020186300f0603551d130101ff04                                                                      0530030101ff301d0603551d0e041604141e4e1c8a14ef89a83391ee997b1cabed3f47eaa63082011c0603551d1f048201133082010f30                                                                      82010ba0820107a08201038681bf6c6461703a2f2f2f434e3d45534444526f6f74343039362c434e3d706b692d746573742d3738376d2c                                                                      434e3d4344502c434e3d5075626c69632532304b657925323053657276696365732c434e3d5365727669636573
>         EAP-Message = 0x2c434e3d436f6e66696775726174696f6e2c44433d666c792c44433d626f65696e672c44433d636f6d3f63                                                                      657274696669636174655265766f636174696f6e4c6973743f626173653f6f626a656374436c6173733d63524c44697374726962757469                                                                      6f6e506f696e74863f687474703a2f2f706b692d746573742d3738376d2e666c792e626f65696e672e636f6d2f43657274456e726f6c6c                                                                      2f45534444526f6f74343039362e63726c301006092b06010401823715010403020100300d06092a864886f70d01010505000382020100                                                                      89d0fd7533e496888b2ac6b9cedabf4da5fa5c734b99eca89061b28b303050d210ea6b591dfee0c4efc644244a
>         EAP-Message = 0x55b135a226d9597c71f777a1bee950cdc582f70f1afd54ad92a7f9d13b697c2e77777bfe33c5b486af6b82                                                                      2e97d9efdc82a072c3935760378f9faa5be09ac1026c0bf10b3f88bd8b6fb1366829a61ba8496a5f204ba82f88fcc05f8275de0addc828                                                                      7bb6c9e8c931a223475d7b29c414992ab24512048a99033f4a82fd82b68ae58129e7d3c7a4e60e26a8b5591098b9a9cde9fe2a3d17964e                                                                      686d8fccbb897fda38447ddd014fed04c06e4de165ffb3afe93e17a0bd63973b0a261e1eaf839060b716cdb7891fe872a2a45181c88842                                                                      27c94d290a3620ddbfe38a9e2da706250c49ec0413ad0cfb4440b1cf70fbad7668685ccd4146677001b560850e
>         EAP-Message = 0x8eba09cc6280711eb067230a81d461bcde5ceb4c33956460a20303d68d0219f5cc3bef1d14c94f632a9400                                                                      06cf1b90da3e8e37de8440d2079c6a5f4cde66fa9d045d6fcdc04250079b7e1387e0320f40e08d40f013f0d26b22d826a229b1460b64cc                                                                      447a34d86687a297b5fe04865b0fb328cd18d8abfa1ea4b1c58ae57f311567069d521fb42e9918aa3cbf6ca91db5eeae294156426a4249                                                                      cfd6d3750506a3bb8f98b9e5d839b7fd939293fb96483aaa2ff99110fff680e1117cd11c183cfdeb0aa91b26e89043e33d2ef03588b568                                                                      7b47727e3622160301020d0c0002090080dd92a7065d8e5c198f2ac94683f6016182a6c9d6ba13d1c40605fce5
>         EAP-Message = 0x6f7cd0bb7873bf1b9cb9e92f
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c87573b316c3a43028be40032ff
> Finished request 6.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=7, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020700060d00
>         State = 0x513c3c87573b316c3a43028be40032ff
>         Message-Authenticator = 0x06ae2cc57b97003ec0e8eac545dbfb0c
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 7 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake fragment handler
> [tls] eaptls_verify returned 1
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 7 to 10.128.0.100 port 37626
>         EAP-Message = 0x010801fe0d80000019b8544530c61e8a23e3590282c0ebba4fc54b2d29238cb7f36aef2cbab2aec5ba9a45                                                                      71e9c70452124f67982ee113094defee5efa0bccfa2370fbd4ce688f6bc87b7c19984a674679dded04265157ea403bf20afa80f983b843                                                                      00010200805b50c049e7191c5c308f9d08f146209d6e66fda2e79fcde8b3765984ce53e4a99e3c900efaff208fdd7895025afac839f9f8                                                                      e19d69bca8c19aba5618c1536001d26494c8cedfd8c5797fa60619922bf49b071db2088e732b4ce94e73f123a076d2f9b1d128b235a095                                                                      39c98f263dcb092111fb7e1f1638283f6d4b66f8a1315d01000ec6225e068fc52890b70cd59e8cfecf8f4e57ac
>         EAP-Message = 0x8dc359de5994463c15c9e624ef85895cb1da4aa68a7e8a09454fbbdfb4469ba590aafe3672b340e5526ade                                                                      b5186ca5e1e74e7fa38d9d394fa07944f31fb0a1b55e0e5ed92e20b7efdf543921e00a8a8e6a6efd2d90d1ccb35e5e140b97eb81ecc1a9                                                                      9f22c1eecbee017a724ec50bcbc0d89c64e877654f1a689986b1e192560ab2ebc8ca66cb3c3f7f7d97fb3fb5981f4dc7589a8ddf3f4147                                                                      e4c5b98786f2363f23383af6c50533f41c3a393cb68ffd2709816fde6408d945dc32e460918c36297894053fb6ce68f3a6f2fa0476bba5                                                                      9873c0cb03879687b89b2bec3166fabbe01d2d5b3965ba949c63b00016030100100d0000080503040102400000
>         EAP-Message = 0x0e000000
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875634316c3a43028be40032ff
> Finished request 7.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=8, length=1188
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x0208040a0dc00000194c16030117760b00177200176f0004a9308204a53082038da003020102020a3e173b                                                                      a1000100000d47300d06092a864886f70d0101050500305b31133011060a0992268993f22c6401191603636f6d31163014060a09922689                                                                      93f22c6401191606626f65696e6731133011060a0992268993f22c6401191603666c79311730150603550403130e455344444973737565                                                                      7232303438301e170d3132303433303233333030315a170d3134303131383036333331365a3081bf3111300f060355042d130841343033                                                                      36353235311b3019060355040d131243726577576972656c657373446576696365310b30090603550406130255
>         EAP-Message = 0x53313b3039060355040a1e320042004f0045005f00490054004c0020004100690072006c0069006e006500                                                                      7300200043006f002e0020004c00740064002e311f301d060355040b1316466f72205465737420507572706f736573204f6e6c79312230                                                                      20060355040313194d61696e74656e616e6365436f6e74726f6c446973706c617930820122300d06092a864886f70d0101010500038201                                                                      0f003082010a0282010100bb3bcec2944ed1d3fc8ac41562f821490aed9d0f94f8f287c607d8996a2687eb23f6b2ee59b525245e542b78                                                                      6dfd538078617b79923e0d80373a6c3ce49b3e4bedefc10d2f2cb045a7c03b1fe435d96f888cd388c1fa5acab9
>         EAP-Message = 0xd1a2b16fb1058b3ede15cd1be6bab2332201d884e276323a13180df7e56b14337910fc1bb70283e81da756                                                                      c47d934521842fa253f5243a175626324bf3aa886b391cde87206d0549d1d798994c87fa663d6fb76f28eeebe6228dcf30d24a7657c8e3                                                                      2dfea928cc37f4ad1787fc585fd2c0a6a7f600acb2acf5f4bae81dbf5d7fee78e2fa79b6d01d705930e7b6672a31e81959068105992392                                                                      fb4a91fded9d31f7bb2d7c01a7ab0203010001a382010430820100301d0603551d0e0416041489e6897d59dded56f52a300000aceac02c                                                                      fc277a30130603551d25040c300a06082b06010505070302300e0603551d0f0101ff0404030205a0301f060355
>         EAP-Message = 0x1d230418301680147b3f3d89d72bac972c086ada7233f64a074ea0a1303d0603551d1f043630343032a030                                                                      a02e862c687474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f45534444497373756572323034382e63726c303d06092b0601                                                                      0401823715070430302e06262b0601040182371508acc31f85e0d61c87dd892487e6e83681a1f354814687e8e46882f8d1190201640201                                                                      05301b06092b060104018237150a040e300c300a06082b06010505070302300d06092a864886f70d0101050500038201010004e19b0cfd                                                                      1d67050634a01adc74f1bf85a0fea2fba20aafdf51982415ce03664873d92731d65e2db6430c0fe9be3d6c3cdd
>         EAP-Message = 0xdacb8c60528ee06450f501b12ce84c5251ce30137e56
>         State = 0x513c3c875634316c3a43028be40032ff
>         Message-Authenticator = 0x9d6744dd03fb0ae72889cac849b5ede0
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 8 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
>   TLS Length 6476
> [tls] Received EAP-TLS First Fragment of the message
> [tls] eaptls_verify returned 9
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 8 to 10.128.0.100 port 37626
>         EAP-Message = 0x010900060d00
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875935316c3a43028be40032ff
> Finished request 8.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=9, length=1184
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020904060d40f35e9f31776548e380f13528708a648379fdce4901097a09426161485c1979bfcf3dfdc298                                                                      064f55d31f3db6d49ff38efb1e4ab36ce653696f663393f4a1a3370b8b63907c7888e2e7c7ba959804a22e18401bbf150bf8ee1e26a848                                                                      df7e61cb98fcf9dc67e5dd9d7dfbc9acf5451e7adbd50d14593439b45a9d79372b40c91b6d0f11dcad36a8f6fe0250ba5bbd3d277a2d17                                                                      8d2af8be7503bd65921740988796656199be2677eb8d1c1b2c3cfa840e4cd76884055803770006ca308206c6308204aea0030201020210                                                                      56886f61a89e888c4face278a0aabf44300d06092a864886f70d0101050500305931133011060a0992268993f2
>         EAP-Message = 0x2c6401191603636f6d31163014060a0992268993f22c6401191606626f65696e6731133011060a09922689                                                                      93f22c6401191603666c79311530130603550403130c45534444526f6f7434303936301e170d3037313231373233333632385a170d3237                                                                      313231373233343335395a305931133011060a0992268993f22c6401191603636f6d31163014060a0992268993f22c6401191606626f65                                                                      696e6731133011060a0992268993f22c6401191603666c79311530130603550403130c45534444526f6f743430393630820222300d0609                                                                      2a864886f70d01010105000382020f003082020a0282020100a893f9fa5409d68e7a33cfcd03bc0578efac4177
>         EAP-Message = 0x0a34a84b1d78ba3b554ef6a3b40722737a757b7db9e9e9f24fbb3d065e30a8ff8834e8e0c1b864c8d36510                                                                      289b131150730708492a06254d96761937a485841420ea2a80c539e68e8adac2a5242c0281659c60169a50b6a926be06544eee5901f907                                                                      3377613af43616575be42d8a2fa8184a5bb0740fc13203bbc397b154725415586ae6554dce245015f13b42c85358f46aff90ade72f8647                                                                      89cb9739f179efbaabb0be436bbaeeb6bc8ba42e35497e4f02c0fd47515a6d354553e23ff3c9b4654094f7a109e81f95a131b619b94fde                                                                      aba656439b470f3f2e4c4679ce6b3b19d3cdc132dda580ef80f98af9ddfdcb50d59a335f8bd4de4a3ce7f493fc
>         EAP-Message = 0x4a942659b3b35c0f67b7d2e7b21609e9ea84ca7b5bb9f8db4904e7353c8f32a8f04091df845c69df06312e                                                                      ac02e25621f08615ccb20cab61b9703c9150a3a5c13cec3f590a8258950ac680d5c578aa6ccb5f27effdabdeb10d7ff6dc49b4441f6e29                                                                      b88283a446ca910e90c9e6572f595c3476eaf515efe2793ac6d7b7a4891f4c655926fb4e2a76d90d8a8ab6b062aabf7aab2bc6354b1ba8                                                                      161d71ea4b54ab72547e20129f1e7947333165e07900b1b50fb9b482786124dedbe293e98b9386bf666129eaf95088b9f7ecd25158dc52                                                                      fd74ad9397665c795e18dbb69521343c7c7cf0c9c79720006e6707bc5fa3cf0203010001a38201883082018430
>         EAP-Message = 0x1306092b060104018237140204061e040043
>         State = 0x513c3c875935316c3a43028be40032ff
>         Message-Authenticator = 0xd56f46711110d24c271fb50b6ef77742
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 9 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] More fragments to follow
> [tls] eaptls_verify returned 10
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 9 to 10.128.0.100 port 37626
>         EAP-Message = 0x010a00060d00
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875836316c3a43028be40032ff
> Finished request 9.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=10, length=1184
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020a04060d400041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d060355                                                                      1d0e041604141e4e1c8a14ef89a83391ee997b1cabed3f47eaa63082011c0603551d1f048201133082010f3082010ba0820107a0820103                                                                      8681bf6c6461703a2f2f2f434e3d45534444526f6f74343039362c434e3d706b692d746573742d3738376d2c434e3d4344502c434e3d50                                                                      75626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d                                                                      666c792c44433d626f65696e672c44433d636f6d3f63657274696669636174655265766f636174696f6e4c6973
>         EAP-Message = 0x743f626173653f6f626a656374436c6173733d63524c446973747269627574696f6e506f696e74863f6874                                                                      74703a2f2f706b692d746573742d3738376d2e666c792e626f65696e672e636f6d2f43657274456e726f6c6c2f45534444526f6f743430                                                                      39362e63726c301006092b06010401823715010403020100300d06092a864886f70d0101050500038202010089d0fd7533e496888b2ac6                                                                      b9cedabf4da5fa5c734b99eca89061b28b303050d210ea6b591dfee0c4efc644244a55b135a226d9597c71f777a1bee950cdc582f70f1a                                                                      fd54ad92a7f9d13b697c2e77777bfe33c5b486af6b822e97d9efdc82a072c3935760378f9faa5be09ac1026c0b
>         EAP-Message = 0xf10b3f88bd8b6fb1366829a61ba8496a5f204ba82f88fcc05f8275de0addc8287bb6c9e8c931a223475d7b                                                                      29c414992ab24512048a99033f4a82fd82b68ae58129e7d3c7a4e60e26a8b5591098b9a9cde9fe2a3d17964e686d8fccbb897fda38447d                                                                      dd014fed04c06e4de165ffb3afe93e17a0bd63973b0a261e1eaf839060b716cdb7891fe872a2a45181c8884227c94d290a3620ddbfe38a                                                                      9e2da706250c49ec0413ad0cfb4440b1cf70fbad7668685ccd4146677001b560850e8eba09cc6280711eb067230a81d461bcde5ceb4c33                                                                      956460a20303d68d0219f5cc3bef1d14c94f632a940006cf1b90da3e8e37de8440d2079c6a5f4cde66fa9d045d
>         EAP-Message = 0x6fcdc04250079b7e1387e0320f40e08d40f013f0d26b22d826a229b1460b64cc447a34d86687a297b5fe04                                                                      865b0fb328cd18d8abfa1ea4b1c58ae57f311567069d521fb42e9918aa3cbf6ca91db5eeae294156426a4249cfd6d3750506a3bb8f98b9                                                                      e5d839b7fd939293fb96483aaa2ff99110fff680e1117cd11c183cfdeb0aa91b26e89043e33d2ef03588b5687b47727e36220006763082                                                                      06723082045aa003020102020a611b280600000000000c300d06092a864886f70d0101050500305931133011060a0992268993f22c6401                                                                      191603636f6d31163014060a0992268993f22c6401191606626f65696e6731133011060a0992268993f22c6401
>         EAP-Message = 0x191603666c79311530130603550403130c45
>         State = 0x513c3c875836316c3a43028be40032ff
>         Message-Authenticator = 0x84fe071ee7e336ed9305a724469d8da0
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 10 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] More fragments to follow
> [tls] eaptls_verify returned 10
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 10 to 10.128.0.100 port 37626
>         EAP-Message = 0x010b00060d00
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875b37316c3a43028be40032ff
> Finished request 10.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=11, length=1184
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020b04060d40534444526f6f7434303936301e170d3039303131393036333331365a170d31343031313830                                                                      36333331365a305a31133011060a0992268993f22c6401191603636f6d31163014060a0992268993f22c6401191606626f65696e673113                                                                      3011060a0992268993f22c6401191603666c79311630140603550403130d45534444496e7465723430393630820222300d06092a864886                                                                      f70d01010105000382020f003082020a02820201009f550e60c398442453191759d44c49d10f2a9e1a27f47675f419fe64086a65ff77d0                                                                      75fbbbb7239ca1fd75d1dc0edc36c967a6ea0bd640e7cea54d41b0cb877f320f987db51ef21dbad0e6b248c8bc
>         EAP-Message = 0x4473b4a39f180bc2b8427c69bfecc87f56d43bceacb6b6fed627d3d06b2c391f698a19dcc918b1a01850ed                                                                      b9a3f1c949732ec57efb446b43e596e64a768bab47d95f225af8d8c5ae7de5f79fddcaf339bc7d98ac0d09d0c82360ab3ab9208403293f                                                                      45606176d518eb96ecd05d09ddce6b4740583074d5f6b4315fd1a1599941102a313f6ca1689620d6bc8101088ac513e2d20b333d60617a                                                                      e64f68af26146da6b94180f0ee7031bd05d03d03abc66ca3b6a28321b0e409107c1b867cf999bb1aaca9d29d85295c57b27c29cab526a8                                                                      da538e6a449f253a44ad71e2d3ac3769fe8c6ce37e1298ff4f96d91f9ccd37d21a763b9e508d11a964dfbe19c6
>         EAP-Message = 0xf4a51d2562ef397940ed309f29427f85ade6fc8015e56090fa480ba5b8225807f6d9804f0812390cea201d                                                                      a3a955473b5f19dfd3223b1341e9e36b72b28c82c75b6c5da597518f2f7b6c9fe052f98590c8c3225ea11c1b2805077251f5ac84fef400                                                                      f43ad9940338c1b66b158dcf3b31649ce753edbd8b38bda0d5038781dc638111474a99a932a144c6b3ac153f1d3d0d61117cd2cb590d42                                                                      4b39e8b3164ef536f1c2860dc7e8889e3ae9412bc0422e5b7923c50203010001a382013930820135300f0603551d130101ff0405300301                                                                      01ff301d0603551d0e0416041443b1f625d530e7f847f0bfcb526b9b4fe1fe72b9300b0603551d0f0404030201
>         EAP-Message = 0x86301006092b06010401823715010403020101302306092b060104018237150204160414d31f074108cfac                                                                      5cc47ed111d3a2712f219c9012301906092b0601040182371402040c1e0a00530075006200430041301f0603551d230418301680141e4e                                                                      1c8a14ef89a83391ee997b1cabed3f47eaa6303b0603551d1f043430323030a02ea02c862a687474703a2f2f63726c2e626f65696e672e                                                                      636f6d2f63726c2f45534444526f6f74343039362e63726c304606082b06010505070101043a3038303606082b06010505073002862a68                                                                      7474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f45534444526f6f74343039362e637274300d0609
>         EAP-Message = 0x2a864886f70d01010505000382020100976a
>         State = 0x513c3c875b37316c3a43028be40032ff
>         Message-Authenticator = 0x0ad1596cf779061d296f593b2dfd3c51
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 11 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] More fragments to follow
> [tls] eaptls_verify returned 10
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 11 to 10.128.0.100 port 37626
>         EAP-Message = 0x010c00060d00
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875a30316c3a43028be40032ff
> Finished request 11.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=12, length=1184
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020c04060d4048f45eed37c731261476bba7a6b705e7d169a8fbad7b380e5f75f32761bb56e803864ee663                                                                      cac722b7c1a9ea1d6b2a0c06f952c91e4b7b2d99724f0330cd81d4800cf17842bceeaed7285a45f90879667e3a18f70b3464a3d0d6d514                                                                      173a98b9678e998b8d9a494cfe9243e300c2832a35df610158cd396b1f280db73d94c58709c200b1d702aee8c2a8ebb7b07ff2acbc547b                                                                      dc9889122128abeaeb1f575026452952e0e9c51292bd2ef1eff30468f418406c0860cd36806e73fc3e13fb5f3cccc7cd8fb934c2f06f94                                                                      e83a8be6d9985b53b884c8236135e88e63ba8dd36b4708cff97de8f14e4a035a02e9aef78670e90101f725f08e
>         EAP-Message = 0x02ea7beaf85acf6e722216671b00749643ef995a71e0e0f21dd9f5282ddba71c014fea56097bdf2c60cdc6                                                                      056d3cea13ba4aae1782860adaebd34a896186d5840355a6e80e91b21bfa283bed2bbb4c67b198e212875081fd305ec7d6d74af01bf678                                                                      0355aea3a1ee8cd3e506224829321aade7c25d915394eb31db8310834e1724d5ca7dfccfff1d18935ddb264b199bda870f3954c4243e82                                                                      b167acdd96fb2091a99de16a1710007885b0f9e045d7bc8ab34af0041db6e8009a20d0ba835517ea46b6e95b6a47b993c8ba1ad606a030                                                                      f40102b8c02b226bce7e64d4a2a705a08fe4c4cb51519be63c4455c0a6e8871658c1f20195a7d7efeecd530454
>         EAP-Message = 0x602d8d6ac6cb81540d1800057a308205763082035ea003020102020a61395bb700010000000a300d06092a                                                                      864886f70d0101050500305a31133011060a0992268993f22c6401191603636f6d31163014060a0992268993f22c6401191606626f6569                                                                      6e6731133011060a0992268993f22c6401191603666c79311630140603550403130d45534444496e74657234303936301e170d30393031                                                                      31393037303632315a170d3134303131383036333331365a305b31133011060a0992268993f22c6401191603636f6d31163014060a0992                                                                      268993f22c6401191606626f65696e6731133011060a0992268993f22c6401191603666c793117301506035504
>         EAP-Message = 0x03130e455344444973737565723230343830820122300d06092a864886f70d01010105000382010f003082                                                                      010a02820101009ede837e52ce12f2f315c72da8adbaf7828db60d09392a3cf133c5f11a497d7bd90f1e1eddcdb23058de50acad29c809                                                                      b5036f4ce1b0307609a68c92c47bb3a089b236e8e05e3275170369ab25371f4bc684324ac54ad223a046a4eb84964daaf1c2244edec54b                                                                      03ef4137634d55afc4e118031d822efd491b7cf9d6530362297ccff6616dfe1f0ebaebaf4f84ff9edce03a9189f34ca257ce621e20aeaf                                                                      539e5f91fcae83e89219e587fde80e5c86666d5fd5fdc364f47ab4bda8b62f6233a18e1ddcf109c90234bec8de
>         EAP-Message = 0xf2d14c026d557b14cd764a677f91c3e5a096
>         State = 0x513c3c875a30316c3a43028be40032ff
>         Message-Authenticator = 0x83805531ac628b23e32fce49a71392bd
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 12 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] More fragments to follow
> [tls] eaptls_verify returned 10
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 12 to 10.128.0.100 port 37626
>         EAP-Message = 0x010d00060d00
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875d31316c3a43028be40032ff
> Finished request 12.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=13, length=1184
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020d04060d40bc0f216a6aa60365dad3b4bbe2616ef038a6d2610bf15597e4fb288472028530c054f10203                                                                      010001a382013b30820137300f0603551d130101ff040530030101ff301d0603551d0e041604147b3f3d89d72bac972c086ada7233f64a                                                                      074ea0a1300b0603551d0f040403020186301006092b06010401823715010403020101302306092b060104018237150204160414249ba6                                                                      c4888fd87d96ab95594e6637dd6e25632f301906092b0601040182371402040c1e0a00530075006200430041301f0603551d2304183016                                                                      801443b1f625d530e7f847f0bfcb526b9b4fe1fe72b9303c0603551d1f043530333031a02fa02d862b68747470
>         EAP-Message = 0x3a2f2f63726c2e626f65696e672e636f6d2f63726c2f45534444496e746572343039362e63726c30470608                                                                      2b06010505070101043b3039303706082b06010505073002862b687474703a2f2f63726c2e626f65696e672e636f6d2f63726c2f455344                                                                      44496e746572343039362e637274300d06092a864886f70d010105050003820201006bd3c23ef41bc64c3383a89e90f53061c5b5f03e20                                                                      40ebc07377fedd37e6ea3f8ce247d0459c1889138a0c63c9b5b5b305e8696de327c1658330193d784233a5343e00e03ccce0e77960a69b                                                                      0f9a547a193d6a6502ec30fe65c6365aab74304517f7fea0ce3a07896d13492d59f11ff187aae8d743897f92ef
>         EAP-Message = 0xa32b18a86a8c02d4e909e17e97417d5c676d546785540ebdf853366842f38e66b0d9a00bc6cf2a25777f0d                                                                      ef04b8971ebce5b776400e121455288ae22c65c6d23fbcd243a9be7182f6969f0d6061dc4f786eb6eb2fbfd89c807c990eb67a595fb271                                                                      7599cc0262dfe8483f7e4f010c8bf6e8c9e02de0a3ccb594e8a1ee52cfd051e13642a34f0325c6c767548c6102d4e4311a37b08d44164a                                                                      fff6a0a67af3f971ad402ee75a8835d5fa76731958078d4b3f483f412fbb36b888e5416ec598487402187b049bd80f79fa8d53f6476999                                                                      c2cf3b82646d2777fd7c6c0ce31b3c330693d78b8960d784840ff10e784e078023b73ad81e0fd6fdc7bf66bf09
>         EAP-Message = 0xcf8118d3852613bd4cf23f384191bdd292050490c3bfde93230dba380f1391aaf299bd7c4288e0758c9132                                                                      df0250d269f10da91b51fb1cd3238828cfc140f801ba777248759e0fdb13e10e08560616d5d7dd7b4cd5a091b28ffba665665648e98da4                                                                      4682f17430ada59a3a4b889250ae64a1d4f112a3a83fab8bcaf308087ff97a820a6844c8e64ac9291603010086100000820080d5c6f2b2                                                                      117a6cbad67d242f4a69802a07cc8aaf5ff59ebf219cf8af7a387d7803fb034db0e6070054f312a26293f461b6de33fa34b7b09a42aea8                                                                      c3394d9c7f44c7148e62b6f611dafa44040cb3378f6744dcf4ad54099d59580e2e445697c4ec2348b4552af63e
>         EAP-Message = 0x247063c1bccceed74889ea590e0da58ce6be
>         State = 0x513c3c875d31316c3a43028be40032ff
>         Message-Authenticator = 0xbb1d0ad92f5fd564954baa008cd36db0
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 13 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] More fragments to follow
> [tls] eaptls_verify returned 10
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 13 to 10.128.0.100 port 37626
>         EAP-Message = 0x010e00060d00
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875c32316c3a43028be40032ff
> Finished request 13.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=14, length=486
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020e01520d00a235d3b7f87016030101060f00010201009c5bae8f60c3882d11a8226db135282ea8065fa1                                                                      2587cd72b4beaa29ae85a390117cd3b2cb47dfd94438f6601cc5fd5b2a3ce4805ad3f88bd71df9ff5b2dff640402660699ddd03a645121                                                                      14167e1386a1968e46d91749f78cdbd5aace7b1a52a2df2d90c93b76ca567b41734a9ae1f3537cc938ab05e11bc100e9c265a72bc8345f                                                                      bfdd42242a3a376248f1d641f2ef2e294d4290ff8a216c17a90f43c2a04ec4f29de41bdda9dc8b3d0ac398fcf5c0bb3f2e9fe752aba87c                                                                      9c09250c91d2bb39f413765b620c3dea46fc330bcc347488fc0dc23e8f4c63008cdd1ebdbc907fe13f4c5619ab
>         EAP-Message = 0x6f49b68bd20f7c60ffb52b1f96a61c26aa6415e09dede4d5212c1403010001011603010030e0db5794014c                                                                      3d3d69d2bdfd98a304ad9779de997f577a7cd878ed46952ce28eb9918b0e21865ef74572c8e7cf16790d
>         State = 0x513c3c875c32316c3a43028be40032ff
>         Message-Authenticator = 0x9c9cc0760618df10c4d942cd95e95c9c
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 14 length 253
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] eaptls_verify returned 7
> [tls] Done initial handshake
> [tls] <<< TLS 1.0 Handshake [length 1776], Certificate
> [tls] chain-depth=3,
> [tls] error=0
> [tls] --> User-Name = MaintenanceControlDisplay
> [tls] --> BUF-Name = ESDDRoot4096
> [tls] --> subject = /DC=com/DC=boeing/DC=fly/CN=ESDDRoot4096
> [tls] --> issuer  = /DC=com/DC=boeing/DC=fly/CN=ESDDRoot4096
> [tls] --> verify return:1
> [tls] chain-depth=2,
> [tls] error=0
> [tls] --> User-Name = MaintenanceControlDisplay
> [tls] --> BUF-Name = ESDDInter4096
> [tls] --> subject = /DC=com/DC=boeing/DC=fly/CN=ESDDInter4096
> [tls] --> issuer  = /DC=com/DC=boeing/DC=fly/CN=ESDDRoot4096
> [tls] --> verify return:1
> [tls] chain-depth=1,
> [tls] error=0
> [tls] --> User-Name = MaintenanceControlDisplay
> [tls] --> BUF-Name = ESDDIssuer2048
> [tls] --> subject = /DC=com/DC=boeing/DC=fly/CN=ESDDIssuer2048
> [tls] --> issuer  = /DC=com/DC=boeing/DC=fly/CN=ESDDInter4096
> [tls] --> verify return:1
> [tls] chain-depth=0,
> [tls] error=0
> [tls] --> User-Name = MaintenanceControlDisplay
> [tls] --> BUF-Name = MaintenanceControlDisplay
> [tls] --> subject = /x500UniqueIdentifier=A4036525/description=CrewWirelessDevice/C=US/O=\x00B\x00O\x00E\x00_\                                                                      x00I\x00T\x00L\x00 \x00A\x00i\x00r\x00l\x00i\x00n\x00e\x00s\x00 \x00C\x00o\x00.\x00 \x00L\x00t\x00d\x00./OU=Fo                                                                      r Test Purposes Only/CN=MaintenanceControlDisplay
> [tls] --> issuer  = /DC=com/DC=boeing/DC=fly/CN=ESDDIssuer2048
> [tls] --> verify return:1
> [tls]     TLS_accept: SSLv3 read client certificate A
> [tls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
> [tls]     TLS_accept: SSLv3 read client key exchange A
> [tls] <<< TLS 1.0 Handshake [length 0106], CertificateVerify
> [tls]     TLS_accept: SSLv3 read certificate verify A
> [tls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
> [tls] <<< TLS 1.0 Handshake [length 0010], Finished
> [tls]     TLS_accept: SSLv3 read finished A
> [tls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
> [tls]     TLS_accept: SSLv3 write change cipher spec A
> [tls] >>> TLS 1.0 Handshake [length 0010], Finished
> [tls]     TLS_accept: SSLv3 write finished A
> [tls]     TLS_accept: SSLv3 flush data
> [tls]     (other): SSL negotiation finished successfully
> SSL Connection Established
> [tls] eaptls_process returned 13
> ++[eap] returns handled
> Sending Access-Challenge of id 14 to 10.128.0.100 port 37626
>         EAP-Message = 0x010f00450d800000003b14030100010116030100302e7324c43c27ba2ca05affb5044cdc80b6fde1835f0a                                                                      fcacabb0f0eeb818e2397f158ad69090966662002a492e085e48
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x513c3c875f33316c3a43028be40032ff
> Finished request 14.
> Going to the next request
> Waking up in 1.8 seconds.
> rad_recv: Access-Request packet from host 10.128.0.100 port 37626, id=15, length=152
>         User-Name = "MaintenanceControlDisplay"
>         NAS-IP-Address = 127.0.0.1
>         Calling-Station-Id = "02-00-00-00-00-01"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 11Mbps 802.11b"
>         EAP-Message = 0x020f00060d00
>         State = 0x513c3c875f33316c3a43028be40032ff
>         Message-Authenticator = 0x434f2ff4845a3da8223675d555c7299c
> # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> [preprocess]    expand: %{User-Name} -> MaintenanceControlDisplay
> [preprocess]   hints: Matched DEFAULT at 78
> [preprocess]    expand: %{Calling-Station-Id}@%{Cisco-AVPair[0]} -> 02-00-00-00-00-01@
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "MaintenanceControlDisplay", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 15 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/tls
> [eap] processing type tls
> [tls] Authenticate
> [tls] processing EAP-TLS
> [tls] Received TLS ACK
> [tls] ACK handshake is finished
> [tls] eaptls_verify returned 3
> [tls] eaptls_process returned 3
> [tls] Adding user data to cached session
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 28804300 (LWP 101549/radiusd)]
> 0x28489873 in eaptls_gen_mppe_keys (reply_vps=0x28bc4230, s=0x288b7400,
>     prf_label=0x2849a8ff "client EAP encryption") at mppe_keys.c:147
> 147             PRF(s->session->master_key, s->session->master_key_length,
> (gdb)
> 
> 
> 
> Steve Magnuson
> Boeing Commercial Airplanes
> 
> 

-- 
Ryan Steinmetz
PGP: EF36 D45A 5CA9 28B1 A550  18CD A43C D111 7AD7 FAF2



More information about the freebsd-ports mailing list