/usr/perl5/5.8.4/bin/radiusd -log_stdout -trace 5 -foreground -config_file /etc/raddb/radius.cfg
Wed Jan 30 00:23:23 2008: DEBUG: Creating StreamServer tcp port 0.0.0.0:9048
Wed Jan 30 00:23:23 2008: DEBUG: Creating TACACSPLUS port 0.0.0.0:49
Wed Jan 30 00:23:24 2008: DEBUG: Finished reading configuration file '/etc/raddb/radius.cfg'
Wed Jan 30 00:23:24 2008: DEBUG: Reading dictionary file '/etc/raddb/dictionary'
Wed Jan 30 00:23:24 2008: DEBUG: Creating authentication port 0.0.0.0:1645
Wed Jan 30 00:23:24 2008: DEBUG: Creating accounting port 0.0.0.0:1646
Wed Jan 30 00:23:24 2008: NOTICE: Server started: Radiator 4.0 on secengdev03
Wed Jan 30 00:23:36 2008: DEBUG: New TacacsplusConnection created for 192.168.2.1:11280
Wed Jan 30 00:23:36 2008: DEBUG: TacacsplusConnection request 192, 1, 1, 0, 3990349094, 25
Wed Jan 30 00:23:36 2008: DEBUG: TacacsPlus request packet dump: c0010100edd7e52600000019ada0a9b6f12a8049f317cc4f84100a4a16f0db5c7e7706895a
Wed Jan 30 00:23:36 2008: DEBUG: Decrypting TacacsPlus request
Wed Jan 30 00:23:36 2008: DEBUG: TacacsPlus request decrypted body: 0101010100050c00747479313831302e3132382e35352e3233
Wed Jan 30 00:23:36 2008: DEBUG: TacacsplusConnection Authentication START 1, 1, 1 for , tty18, 192.168.1.1
Wed Jan 30 00:23:36 2008: DEBUG: TacacsplusConnection Authentication REPLY 4, 0, Username: ,  
Wed Jan 30 00:23:41 2008: DEBUG: TacacsplusConnection request 192, 1, 3, 0, 3990349094, 11
Wed Jan 30 00:23:41 2008: DEBUG: TacacsPlus request packet dump: c0010300edd7e5260000000b1886ede246994469720be1
Wed Jan 30 00:23:41 2008: DEBUG: Decrypting TacacsPlus request
Wed Jan 30 00:23:41 2008: DEBUG: TacacsPlus request decrypted body: 0006000000666972657375
Wed Jan 30 00:23:41 2008: DEBUG: TacacsplusConnection Authentication CONTINUE 0, fred, 
Wed Jan 30 00:23:41 2008: DEBUG: TacacsplusConnection Authentication REPLY 5, 1, Password: ,  
Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection request 192, 1, 5, 0, 3990349094, 11
Wed Jan 30 00:23:44 2008: DEBUG: TacacsPlus request packet dump: c0010500edd7e5260000000b5830c0542adc59bda7fc66
Wed Jan 30 00:23:44 2008: DEBUG: Decrypting TacacsPlus request
Wed Jan 30 00:23:44 2008: DEBUG: TacacsPlus request decrypted body: 0006000000736563726574
Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection Authentication CONTINUE 0, XXX, 
Wed Jan 30 00:23:44 2008: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <165><239>Y<1>$<195>z<204><28><132>z<216><168>;<179><209>
Attributes:
        NAS-IP-Address = 192.168.2.1
        NAS-Port-Id = "tty18"
        Calling-Station-Id = "192.168.1.1"
        Service-Type = Login-User
        Request-Protocol = TACACS+
        User-Name = "fred"
        User-Password = XXX

Wed Jan 30 00:23:44 2008: DEBUG: Handling request with Handler 'User-Name=fred'
Wed Jan 30 00:23:44 2008: DEBUG:  Deleting session for fred, 192.168.2.1, 
Wed Jan 30 00:23:44 2008: DEBUG: Handling with Radius::AuthFILE: UserFilter
Wed Jan 30 00:23:44 2008: DEBUG: Reading users file /etc/raddb/users
Wed Jan 30 00:23:44 2008: DEBUG: Radius::AuthFILE looks for match with fred [fred]
Wed Jan 30 00:23:44 2008: DEBUG: Radius::AuthFILE ACCEPT: : fred [fred]
Wed Jan 30 00:23:44 2008: DEBUG: AuthBy FILE result: ACCEPT, 
Wed Jan 30 00:23:44 2008: DEBUG: Access accepted for fred
Wed Jan 30 00:23:44 2008: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Access-Accept
Identifier: UNDEF
Authentic:  <165><239>Y<1>$<195>z<204><28><132>z<216><168>;<179><209>
Attributes:
        TEST-GROUP = all

Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection result Access-Accept
Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection Authentication REPLY 1, 0, ,  
Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection disconnected from 192.168.2.1:11280
Wed Jan 30 00:23:44 2008: DEBUG: New TacacsplusConnection created for 192.168.2.1:11281
Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection request 192, 2, 1, 0, 489849026, 50
Wed Jan 30 00:23:44 2008: DEBUG: TacacsPlus request packet dump: c00201001d3280c200000032cf5529438f3487e334dfc7147a7941c7690ce8b5b61f91d4922e2f9e9199ad4b5cfcaf7e6d514ca4bbd6adb518fe68c3f3ad
Wed Jan 30 00:23:44 2008: DEBUG: Decrypting TacacsPlus request
Wed Jan 30 00:23:44 2008: DEBUG: TacacsPlus request decrypted body: 0601010106050c020d04666972657375747479313831302e3132382e35352e3233736572766963653d7368656c6c636d642a
Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection Authorization REQUEST 6, 1, 1, 1, fred, tty18, 192.168.1.1, 2, service=shell cmd*
Wed Jan 30 00:23:44 2008: DEBUG: AuthorizeGroup rule match found: permit service=shell {  }
Wed Jan 30 00:23:44 2008: INFO: Authorization permitted for fred, group all, args service=shell cmd*
Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection Authorization RESPONSE 1, , , 
Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection disconnected from 192.168.2.1:11281
Wed Jan 30 00:23:44 2008: DEBUG: New TacacsplusConnection created for 192.168.2.1:11282
Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 2249417774, 70
Wed Jan 30 00:23:44 2008: DEBUG: TacacsPlus request packet dump: c00301008613642e000000469952009b129bdc9eba9a771e452325b94f92ee87f2bf4f52917fe42c6fd019c5e10a54271ca6b8c8a085ee106179f3e435096eacdc3aca60e6412e5ce53f83007fd271f06389
Wed Jan 30 00:23:44 2008: DEBUG: Decrypting TacacsPlus request
Wed Jan 30 00:23:44 2008: DEBUG: TacacsPlus request decrypted body: 020601010106050c030a0c0d666972657375747479313831302e3132382e35352e32337461736b5f69643d363574696d657a6f6e653d555443736572766963653d7368656c6c
Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection Accounting REQUEST 2, 6, 1, 1, 1, fred, tty18, 192.168.1.1, 3, task_id=65 timezone=UTC service=shell
Wed Jan 30 00:23:44 2008: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Accounting-Request
Identifier: UNDEF
Authentic:  gx<21><152>}h<214>O++<226><159><14>F<135><190>
Attributes:
        NAS-IP-Address = 192.168.2.1
        NAS-Port-Id = "tty18"
        Calling-Station-Id = "192.168.1.1"
        Request-Protocol = TACACS+
        User-Name = "fred"
        Acct-Status-Type = Start
        Acct-Session-Id = "2249417774"
        cisco-avpair = "task_id=65"
        cisco-avpair = "timezone=UTC"
        cisco-avpair = "service=shell"

Wed Jan 30 00:23:44 2008: DEBUG: Handling request with Handler 'User-Name=fred'
Wed Jan 30 00:23:44 2008: DEBUG:  Adding session for fred, 192.168.2.1, 
Wed Jan 30 00:23:44 2008: DEBUG: Handling with Radius::AuthFILE: UserFilter
Wed Jan 30 00:23:44 2008: DEBUG: AuthBy FILE result: ACCEPT, 
Wed Jan 30 00:23:44 2008: DEBUG: Accounting accepted
Wed Jan 30 00:23:44 2008: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Accounting-Response
Identifier: UNDEF
Authentic:  gx<21><152>}h<214>O++<226><159><14>F<135><190>
Attributes:

Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection result Accounting-Response
Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection Accounting REPLY 1, ,  
Wed Jan 30 00:23:44 2008: DEBUG: TacacsplusConnection disconnected from 192.168.2.1:11282
Wed Jan 30 00:23:46 2008: DEBUG: New TacacsplusConnection created for 192.168.2.1:11283
Wed Jan 30 00:23:46 2008: DEBUG: TacacsplusConnection request 192, 1, 1, 0, 1165099475, 31
Wed Jan 30 00:23:46 2008: DEBUG: TacacsPlus request packet dump: c0010100457201d30000001f77e2e399f8f7ad1770012b8eff34aa16298159018ea4d84e261b4fbb9f6c46
Wed Jan 30 00:23:46 2008: DEBUG: Decrypting TacacsPlus request
Wed Jan 30 00:23:46 2008: DEBUG: TacacsPlus request decrypted body: 010f010206050c00666972657375747479313831302e3132382e35352e3233
Wed Jan 30 00:23:46 2008: DEBUG: TacacsplusConnection Authentication START 1, 1, 2 for fred, tty18, 192.168.1.1
Wed Jan 30 00:23:46 2008: DEBUG: TacacsplusConnection Authentication REPLY 5, 1, Password: ,  
Wed Jan 30 00:23:48 2008: DEBUG: TacacsplusConnection request 192, 1, 3, 0, 1165099475, 9
Wed Jan 30 00:23:48 2008: DEBUG: TacacsPlus request packet dump: c0010300457201d300000009de095150d2edeb0d0d
Wed Jan 30 00:23:48 2008: DEBUG: Decrypting TacacsPlus request
Wed Jan 30 00:23:48 2008: DEBUG: TacacsPlus request decrypted body: 000400000074657374
Wed Jan 30 00:23:48 2008: DEBUG: TacacsplusConnection Authentication CONTINUE 0, test, 
Wed Jan 30 00:23:48 2008: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <140>3<191><231><206><176>4a<240><27><7><179><12><0><154><205>
Attributes:
        NAS-IP-Address = 192.168.2.1
        NAS-Port-Id = "tty18"
        Calling-Station-Id = "192.168.1.1"
        Service-Type = Administrative-User
        Request-Protocol = TACACS+
        User-Name = "fred"
        User-Password = test

Wed Jan 30 00:23:48 2008: DEBUG: Handling request with Handler 'Service-Type=Administrative-User'
Wed Jan 30 00:23:48 2008: DEBUG:  Deleting session for fred, 192.168.2.1, 
Wed Jan 30 00:23:48 2008: DEBUG: Handling with Radius::AuthFILE: UserFilter
Wed Jan 30 00:23:48 2008: DEBUG: Radius::AuthFILE looks for match with fred [fred]
Wed Jan 30 00:23:48 2008: DEBUG: Radius::AuthFILE REJECT: Bad Password: fred [fred]
Wed Jan 30 00:23:48 2008: DEBUG: Radius::AuthFILE looks for match with DEFAULT [fred]
Wed Jan 30 00:23:48 2008: DEBUG: Radius::AuthFILE REJECT: Check item Privilege-Level expression '15' does not match '' in request: DEFAULT [fred]
Wed Jan 30 00:23:48 2008: DEBUG: Radius::AuthFILE looks for match with DEFAULT1 [fred]
Wed Jan 30 00:23:48 2008: DEBUG: Radius::AuthFILE REJECT: Check item T-ACCOUNT expression 'Y' does not match '' in request: DEFAULT1 [fred]
Wed Jan 30 00:23:48 2008: DEBUG: Radius::AuthFILE looks for match with DEFAULT2 [fred]
Wed Jan 30 00:23:48 2008: DEBUG: Radius::AuthFILE REJECT: Check item R-ACCOUNT expression 'Y' does not match '' in request: DEFAULT2 [fred]
Wed Jan 30 00:23:48 2008: DEBUG: AuthBy FILE result: REJECT, Check item R-ACCOUNT expression 'Y' does not match '' in request
Wed Jan 30 00:23:48 2008: INFO: Access rejected for fred: Check item R-ACCOUNT expression 'Y' does not match '' in request
Wed Jan 30 00:23:48 2008: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Access-Reject
Identifier: UNDEF
Authentic:  <140>3<191><231><206><176>4a<240><27><7><179><12><0><154><205>
Attributes:
        Reply-Message = "Request Denied"

Wed Jan 30 00:23:48 2008: DEBUG: TacacsplusConnection result Access-Reject
Wed Jan 30 00:23:48 2008: DEBUG: TacacsplusConnection Authentication REPLY 2, 0, Request Denied,  
Wed Jan 30 00:23:48 2008: DEBUG: TacacsplusConnection disconnected from 192.168.2.1:11283
Wed Jan 30 00:23:50 2008: DEBUG: New TacacsplusConnection created for 192.168.2.1:11284
Wed Jan 30 00:23:50 2008: DEBUG: TacacsplusConnection request 192, 3, 1, 0, 1424017558, 166
Wed Jan 30 00:23:50 2008: DEBUG: TacacsPlus request packet dump: c003010054e0c896000000a6bd74f0d74832f4f779cfe2ed0f9a3fcaf6a40c7beea5c3127741d73192d96c6f2ef47362966bc28e4d79353c7b7a9df2f836e39a2dc97386487ec0bfa2e783e62f0cd156b701aa0686146787fbaab28570be1db36bdd814fdcafc8aa1984bc6f1fe26472c5ed28423274c453efa7124c1eceef147f28c5165f7578fd04f3e8194f96aec654dd7fa27cf75fc5b3fdb94ea13a86a4cba63ab30c014c2f68d1414e814914fd8a95
Wed Jan 30 00:23:50 2008: DEBUG: Decrypting TacacsPlus request
Wed Jan 30 00:23:50 2008: DEBUG: TacacsPlus request decrypted body: 040601010106050c080a0c0d0c130e1717666972657375747479313831302e3132382e35352e32337461736b5f69643d363574696d657a6f6e653d555443736572766963653d7368656c6c646973632d63617573653d31646973632d63617573652d6578743d31303230656c61707365645f74696d653d366e61732d72782d73706565643d323336353036333231316e61732d74782d73706565643d34303538393036363638
Wed Jan 30 00:23:50 2008: DEBUG: TacacsplusConnection Accounting REQUEST 4, 6, 1, 1, 1, fred, tty18, 192.168.1.1, 8, task_id=65 timezone=UTC service=shell disc-cause=1 disc-cause-ext=1020 elapsed_time=6 nas-rx-speed=2365063211 nas-tx-speed=4058906668
Wed Jan 30 00:23:50 2008: DEBUG: TACACSPLUS derived Radius request packet dump:
Code:       Accounting-Request
Identifier: UNDEF
Authentic:  <31><174><5><147><149><254><160><153><156><192><188><241>g<243>Ck
Attributes:
        NAS-IP-Address = 192.168.2.1
        NAS-Port-Id = "tty18"
        Calling-Station-Id = "192.168.1.1"
        Request-Protocol = TACACS+
        User-Name = "fred"
        Acct-Status-Type = Stop
        Acct-Session-Id = "1424017558"
        cisco-avpair = "task_id=65"
        cisco-avpair = "timezone=UTC"
        cisco-avpair = "service=shell"
        cisco-avpair = "disc-cause=1"
        cisco-avpair = "disc-cause-ext=1020"
        cisco-avpair = "elapsed_time=6"
        cisco-avpair = "nas-rx-speed=2365063211"
        cisco-avpair = "nas-tx-speed=4058906668"

Wed Jan 30 00:23:50 2008: DEBUG: Handling request with Handler 'User-Name=fred'
Wed Jan 30 00:23:50 2008: DEBUG:  Deleting session for fred, 192.168.2.1, 
Wed Jan 30 00:23:50 2008: DEBUG: Handling with Radius::AuthFILE: UserFilter
Wed Jan 30 00:23:50 2008: DEBUG: AuthBy FILE result: ACCEPT, 
Wed Jan 30 00:23:50 2008: DEBUG: Accounting accepted
Wed Jan 30 00:23:50 2008: DEBUG: Packet dump:
*** Reply to TACACSPLUS request:
Code:       Accounting-Response
Identifier: UNDEF
Authentic:  <31><174><5><147><149><254><160><153><156><192><188><241>g<243>Ck
Attributes:

Wed Jan 30 00:23:50 2008: DEBUG: TacacsplusConnection result Accounting-Response
Wed Jan 30 00:23:50 2008: DEBUG: TacacsplusConnection Accounting REPLY 1, ,  
Wed Jan 30 00:23:50 2008: DEBUG: TacacsplusConnection disconnected from 192.168.2.1:11284