Hi Fabrice,
Thank's for your fast answer, try with radtest but I have same issue :
Mon Feb 13 17:16:34 2017 : Debug: (0) Received Access-Request Id 8 from
192.168.10.21:51726 to 192.168.10.22:1812 length 78
Mon Feb 13 17:16:34 2017 : Debug: (0) User-Name = "UserTest"
Mon Feb 13 17:16:34 2017 : Debug: (0) User-Password = "p@55word"
Mon Feb 13 17:16:34 2017 : Debug: (0) NAS-IP-Address = 192.168.4.148
Mon Feb 13 17:16:34 2017 : Debug: (0) NAS-Port = 7070
Mon Feb 13 17:16:34 2017 : Debug: (0) Message-Authenticator =
0xfba43f2e2676863ec538ad5c9b0d298e
Mon Feb 13 17:16:34 2017 : Debug: (0) session-state: No State attribute
Mon Feb 13 17:16:34 2017 : Debug: (0) # Executing section authorize from
file /usr/local/pf/raddb/sites-enabled/packetfence
Mon Feb 13 17:16:34 2017 : Debug: (0) authorize {
Mon Feb 13 17:16:34 2017 : Debug: (0) update {
Mon Feb 13 17:16:34 2017 : Debug: (0) EXPAND %{Packet-Src-IP-Address}
Mon Feb 13 17:16:34 2017 : Debug: (0) --> 192.168.10.21
Mon Feb 13 17:16:34 2017 : Debug: (0)
&request:FreeRADIUS-Client-IP-Address := 192.168.10.21
Mon Feb 13 17:16:34 2017 : Debug: (0) &control:PacketFence-RPC-Server =
127.0.0.1
Mon Feb 13 17:16:34 2017 : Debug: (0) &control:PacketFence-RPC-Port = 7070
Mon Feb 13 17:16:34 2017 : Debug: (0) &control:PacketFence-RPC-User =
Mon Feb 13 17:16:34 2017 : Debug: (0) &control:PacketFence-RPC-Pass =
Mon Feb 13 17:16:34 2017 : Debug: (0) &control:PacketFence-RPC-Proto = http
Mon Feb 13 17:16:34 2017 : Debug: (0) EXPAND %l
Mon Feb 13 17:16:34 2017 : Debug: (0) --> 1487002594
Mon Feb 13 17:16:34 2017 : Debug: (0) &control:Tmp-Integer-0 := 1487002594
Mon Feb 13 17:16:34 2017 : Debug: (0) &control:PacketFence-Request-Time := 0
Mon Feb 13 17:16:34 2017 : Debug: (0) } # update = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) policy
rewrite_calling_station_id {
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
-> FALSE
Mon Feb 13 17:16:34 2017 : Debug: (0) else {
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
calling noop (rlm_always)
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
returned from noop (rlm_always)
Mon Feb 13 17:16:34 2017 : Debug: (0) [noop] = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) } # else = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy
rewrite_calling_station_id = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) policy rewrite_called_station_id {
Mon Feb 13 17:16:34 2017 : Debug: (0) if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
{
Mon Feb 13 17:16:34 2017 : Debug: (0) if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
-> FALSE
Mon Feb 13 17:16:34 2017 : Debug: (0) else {
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
calling noop (rlm_always)
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
returned from noop (rlm_always)
Mon Feb 13 17:16:34 2017 : Debug: (0) [noop] = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) } # else = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy
rewrite_called_station_id = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) policy filter_username {
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name) {
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name) -> TRUE
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name) {
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ / /) {
Mon Feb 13 17:16:34 2017 : Debug: No matches
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ / /) ->
FALSE
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~
/@[^@]*@/ ) {
Mon Feb 13 17:16:34 2017 : Debug: No matches
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~
/@[^@]*@/ ) -> FALSE
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ /\.\./ ) {
Mon Feb 13 17:16:34 2017 : Debug: No matches
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ /\.\./
) -> FALSE
Mon Feb 13 17:16:34 2017 : Debug: (0) if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) {
Mon Feb 13 17:16:34 2017 : Debug: No matches
Mon Feb 13 17:16:34 2017 : Debug: (0) if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ /\.$/) {
Mon Feb 13 17:16:34 2017 : Debug: No matches
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ /\.$/)
-> FALSE
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ /@\./) {
Mon Feb 13 17:16:34 2017 : Debug: No matches
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ /@\./)
-> FALSE
Mon Feb 13 17:16:34 2017 : Debug: (0) } # if (&User-Name) = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy filter_username = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) policy filter_password {
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Password &&
(&User-Password != "%{string:User-Password}")) {
Mon Feb 13 17:16:34 2017 : Debug: (0) EXPAND TMPL XLAT STRUCT
Mon Feb 13 17:16:34 2017 : Debug: (0) EXPAND %{string:User-Password}
Mon Feb 13 17:16:34 2017 : Debug: (0) --> p@55word
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Password &&
(&User-Password != "%{string:User-Password}")) -> FALSE
Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy filter_password = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]: calling
preprocess (rlm_preprocess)
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]: returned
from preprocess (rlm_preprocess)
Mon Feb 13 17:16:34 2017 : Debug: (0) [preprocess] = ok
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]: calling
suffix (rlm_realm)
Mon Feb 13 17:16:34 2017 : Debug: (0) suffix: Checking for suffix after "@"
Mon Feb 13 17:16:34 2017 : Debug: (0) suffix: No '@' in User-Name =
"UserTest", skipping NULL due to config.
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]: returned
from suffix (rlm_realm)
Mon Feb 13 17:16:34 2017 : Debug: (0) [suffix] = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]: calling
ntdomain (rlm_realm)
Mon Feb 13 17:16:34 2017 : Debug: (0) ntdomain: Checking for prefix
before "\"
Mon Feb 13 17:16:34 2017 : Debug: (0) ntdomain: No '\' in User-Name =
"UserTest", looking up realm NULL
Mon Feb 13 17:16:34 2017 : Debug: (0) ntdomain: Found realm "null"
Mon Feb 13 17:16:34 2017 : Debug: (0) ntdomain: Adding
Stripped-User-Name = "UserTest"
Mon Feb 13 17:16:34 2017 : Debug: (0) ntdomain: Adding Realm = "null"
Mon Feb 13 17:16:34 2017 : Debug: (0) ntdomain: Authentication realm is
LOCAL
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]: returned
from ntdomain (rlm_realm)
Mon Feb 13 17:16:34 2017 : Debug: (0) [ntdomain] = ok
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]: calling
eap (rlm_eap)
Mon Feb 13 17:16:34 2017 : Debug: (0) eap: No EAP-Message, not doing EAP
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]: returned
from eap (rlm_eap)
Mon Feb 13 17:16:34 2017 : Debug: (0) [eap] = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) if ( !EAP-Message ) {
Mon Feb 13 17:16:34 2017 : Debug: (0) if ( !EAP-Message ) -> TRUE
Mon Feb 13 17:16:34 2017 : Debug: (0) if ( !EAP-Message ) {
Mon Feb 13 17:16:34 2017 : Debug: (0) update {
Mon Feb 13 17:16:34 2017 : Debug: (0) &control:Auth-Type := Accept
Mon Feb 13 17:16:34 2017 : Debug: (0) } # update = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) } # if ( !EAP-Message ) = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) policy
packetfence-eap-mac-policy {
Mon Feb 13 17:16:34 2017 : Debug: (0) if ( &EAP-Type ) {
Mon Feb 13 17:16:34 2017 : Debug: (0) if ( &EAP-Type ) -> FALSE
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
calling noop (rlm_always)
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
returned from noop (rlm_always)
Mon Feb 13 17:16:34 2017 : Debug: (0) [noop] = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy
packetfence-eap-mac-policy = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]: calling
pap (rlm_pap)
Mon Feb 13 17:16:34 2017 : WARNING: (0) pap:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Mon Feb 13 17:16:34 2017 : WARNING: (0) pap: !!! Ignoring
control:User-Password. Update your !!!
Mon Feb 13 17:16:34 2017 : WARNING: (0) pap: !!! configuration so that
the "known good" clear text !!!
Mon Feb 13 17:16:34 2017 : WARNING: (0) pap: !!! password is in
Cleartext-Password and NOT in !!!
Mon Feb 13 17:16:34 2017 : WARNING: (0) pap: !!!
User-Password. !!!
Mon Feb 13 17:16:34 2017 : WARNING: (0) pap:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Mon Feb 13 17:16:34 2017 : WARNING: (0) pap: Auth-Type already set. Not
setting to PAP
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]: returned
from pap (rlm_pap)
Mon Feb 13 17:16:34 2017 : Debug: (0) [pap] = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) } # authorize = ok
Mon Feb 13 17:16:34 2017 : Debug: (0) Found Auth-Type = Accept
Mon Feb 13 17:16:34 2017 : Debug: (0) Auth-Type = Accept, accepting the user
Mon Feb 13 17:16:34 2017 : Debug: (0) # Executing section post-auth from
file /usr/local/pf/raddb/sites-enabled/packetfence
Mon Feb 13 17:16:34 2017 : Debug: (0) post-auth {
Mon Feb 13 17:16:34 2017 : Debug: (0) update {
Mon Feb 13 17:16:34 2017 : Debug: (0) EXPAND %{Packet-Src-IP-Address}
Mon Feb 13 17:16:34 2017 : Debug: (0) --> 192.168.10.21
Mon Feb 13 17:16:34 2017 : Debug: (0)
&request:FreeRADIUS-Client-IP-Address := 192.168.10.21
Mon Feb 13 17:16:34 2017 : Debug: (0) Overwriting value
"192.168.10.21" with "192.168.10.21"
Mon Feb 13 17:16:34 2017 : Debug: (0) &control:PacketFence-RPC-Server =
127.0.0.1
Mon Feb 13 17:16:34 2017 : Debug: (0) Refusing to overwrite (use :=)
Mon Feb 13 17:16:34 2017 : Debug: (0) &control:PacketFence-RPC-Port = 7070
Mon Feb 13 17:16:34 2017 : Debug: (0) Refusing to overwrite (use :=)
Mon Feb 13 17:16:34 2017 : Debug: (0) &control:PacketFence-RPC-User =
Mon Feb 13 17:16:34 2017 : Debug: (0) Refusing to overwrite (use :=)
Mon Feb 13 17:16:34 2017 : Debug: (0) &control:PacketFence-RPC-Pass =
Mon Feb 13 17:16:34 2017 : Debug: (0) Refusing to overwrite (use :=)
Mon Feb 13 17:16:34 2017 : Debug: (0) &control:PacketFence-RPC-Proto = http
Mon Feb 13 17:16:34 2017 : Debug: (0) Refusing to overwrite (use :=)
Mon Feb 13 17:16:34 2017 : Debug: (0) } # update = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) if (! EAP-Type || (EAP-Type !=
TTLS && EAP-Type != PEAP) ) {
Mon Feb 13 17:16:34 2017 : Debug: (0) if (! EAP-Type || (EAP-Type !=
TTLS && EAP-Type != PEAP) ) -> TRUE
Mon Feb 13 17:16:34 2017 : Debug: (0) if (! EAP-Type || (EAP-Type !=
TTLS && EAP-Type != PEAP) ) {
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
calling rest (rlm_rest)
Mon Feb 13 17:16:34 2017 : Debug: rlm_rest (rest): Reserved connection (0)
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Expanding URI components
Mon Feb 13 17:16:34 2017 : Debug: http://127.0.0.1:7070
Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
Mon Feb 13 17:16:34 2017 : Debug: literal --> http://127.0.0.1:7070
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: EXPAND http://127.0.0.1:7070
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: --> http://127.0.0.1:7070
Mon Feb 13 17:16:34 2017 : Debug: //radius/rest/authorize
Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
Mon Feb 13 17:16:34 2017 : Debug: literal --> //radius/rest/authorize
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: EXPAND //radius/rest/authorize
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: --> //radius/rest/authorize
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Sending HTTP POST to
"http://127.0.0.1:7070//radius/rest/authorize";
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Adding custom headers:
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: X-FreeRADIUS-Section:
post-auth
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: X-FreeRADIUS-Server:
packetfence
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Request body content-type
will be "application/json"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute "User-Name"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : string
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 8
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "UserTest"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute
"User-Password"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : string
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 8
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "p@55word"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute
"NAS-IP-Address"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : ipaddr
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 13
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "192.168.4.148"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute "NAS-Port"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : integer
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 4
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : 7070
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute
"Event-Timestamp"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : date
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 27
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "févr. 13 2017
17:16:34 CET"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute
"Message-Authenticator"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : octets
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 34
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value :
"0xfba43f2e2676863ec538ad5c9b0d298e"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute
"Stripped-User-Name"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : string
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 8
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "UserTest"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute "Realm"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : string
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 4
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "null"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute
"FreeRADIUS-Client-IP-Address"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : ipaddr
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 13
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "192.168.10.21"
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: JSON Data:
{"User-Name":{"type":"string","value":["UserTest"]},"User-Password":{"type":"string","value":["p@55word"]},"NAS-IP-Address":{"type":"ipaddr","value":["192.168.4.148"]},"NAS-Port":{"type":"integer","value":[7070]},"Event-Timestamp":{"type":"date","value":["févr.
13 2017 17:16:34
CET"]},"Message-Authenticator":{"type":"octets","value":["0xfba43f2e2676863ec538ad5c9b0d298e"]},"Stripped-User-Name":{"type":"string","value":["UserTest"]},"Realm":{"type":"string","value":["null"]},"FreeRADIUS-Client-IP-Address":{"type":"ipaddr","value":["192.168.10.21"]}}
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Returning 554 bytes of JSON data
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Processing response header
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Status : 401 (Unauthorized)
Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : json
(application/json)
Mon Feb 13 17:16:34 2017 : ERROR: (0) rest: Server returned:
Mon Feb 13 17:16:34 2017 : ERROR: (0) rest:
{"Reply-Message":"PacketFence does not support this switch for
read/write access login","reply:PacketFence-Authorization-Status":"allow"}
Mon Feb 13 17:16:34 2017 : Debug: rlm_rest (rest): Released connection (0)
Mon Feb 13 17:16:34 2017 : Info: rlm_rest (rest): Need 5 more
connections to reach 10 spares
Mon Feb 13 17:16:34 2017 : Info: rlm_rest (rest): Opening additional
connection (5), 1 of 59 pending slots used
Mon Feb 13 17:16:34 2017 : Debug: rlm_rest (rest): Connecting to
"http://127.0.0.1:7070/";
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
returned from rest (rlm_rest)
Mon Feb 13 17:16:34 2017 : Debug: (0) [rest] = invalid
Mon Feb 13 17:16:34 2017 : Debug: (0) } # if (! EAP-Type ||
(EAP-Type != TTLS && EAP-Type != PEAP) ) = invalid
Mon Feb 13 17:16:34 2017 : Debug: (0) } # post-auth = invalid
Mon Feb 13 17:16:34 2017 : Debug: (0) Using Post-Auth-Type Reject
Mon Feb 13 17:16:34 2017 : Debug: (0) # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence
Mon Feb 13 17:16:34 2017 : Debug: (0) Post-Auth-Type REJECT {
Mon Feb 13 17:16:34 2017 : Debug: (0) if (! EAP-Type || (EAP-Type !=
TTLS && EAP-Type != PEAP) ) {
Mon Feb 13 17:16:34 2017 : Debug: (0) if (! EAP-Type || (EAP-Type !=
TTLS && EAP-Type != PEAP) ) -> TRUE
Mon Feb 13 17:16:34 2017 : Debug: (0) if (! EAP-Type || (EAP-Type !=
TTLS && EAP-Type != PEAP) ) {
Mon Feb 13 17:16:34 2017 : Debug: (0) policy
packetfence-audit-log-reject {
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name != "dummy") {
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name !=
"dummy") -> TRUE
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name != "dummy") {
Mon Feb 13 17:16:34 2017 : Debug: (0) policy request-timing {
Mon Feb 13 17:16:34 2017 : Debug: (0) if
(control:PacketFence-Request-Time != 0) {
Mon Feb 13 17:16:34 2017 : Debug: (0) if
(control:PacketFence-Request-Time != 0) -> FALSE
Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy
request-timing = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]: calling
sql_reject (rlm_sql)
Mon Feb 13 17:16:34 2017 : Debug: type.reject.query
Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
Mon Feb 13 17:16:34 2017 : Debug: literal --> type.reject.query
Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: EXPAND type.reject.query
Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: --> type.reject.query
Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: Using query template
'query'
Mon Feb 13 17:16:34 2017 : Debug: rlm_sql (sql): Reserved connection (1)
Mon Feb 13 17:16:34 2017 : Debug: %{User-Name}
Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
Mon Feb 13 17:16:34 2017 : Debug: attribute --> User-Name
Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: EXPAND %{User-Name}
Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: --> UserTest
Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: SQL-User-Name set to
'UserTest'
Mon Feb 13 17:16:34 2017 : Debug: INSERT INTO
radius_audit_log ( mac, ip, computer_name,
user_name, stripped_user_name, realm,
event_type, switch_id, switch_mac,
switch_ip_address, radius_source_ip_address,
called_station_id, calling_station_id, nas_port_type,
ssid, nas_port_id, ifindex, nas_port,
connection_type, nas_ip_address, nas_identifier,
auth_status, reason, auth_type, eap_type,
role, node_status, profile, source, auto_reg, is_phone,
pf_domain, uuid, radius_request, radius_reply,
request_time) VALUES (
'%{request:Calling-Station-Id}', '%{request:Framed-IP-Address}',
'%{%{control:PacketFence-Computer-Name}:-N/A}', '%{request:User-Name}',
'%{request:Stripped-User-Name}', '%{request:Realm}',
'Radius-Access-Request', '%{%{control:PacketFence-Switch-Id}:-N/A}',
'%{%{control:PacketFence-Switch-Mac}:-N/A}',
'%{%{control:PacketFence-Switch-Ip-Address}:-N/A}',
'%{Packet-Src-IP-Address}', '%{request:Called-Station-Id}',
'%{request:Calling-Station-Id}', '%{request:NAS-Port-Type}',
'%{request:Called-Station-SSID}', '%{request:NAS-Port-Id}',
'%{%{control:PacketFence-IfIndex}:-N/A}', '%{request:NAS-Port}',
'%{%{control:PacketFence-Connection-Type}:-N/A}',
'%{request:NAS-IP-Address}', '%{request:NAS-Identifier}',
'Reject', '%{request:Module-Failure-Message}',
'%{control:Auth-Type}', '%{request:EAP-Type}',
'%{%{control:PacketFence-Role}:-N/A}',
'%{%{control:PacketFence-Status}:-N/A}',
'%{%{control:PacketFence-Profile}:-N/A}',
'%{%{control:PacketFence-Source}:-N/A}',
'%{%{control:PacketFence-AutoReg}:-N/A}',
'%{%{control:PacketFence-IsPhone}:-N/A}',
'%{request:PacketFence-Domain}', '',
'%{pairs:&request:[*]}','%{pairs:&reply:[*]}',
'%{%{control:PacketFence-Request-Time}:-N/A}')
Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
Mon Feb 13 17:16:34 2017 : Debug: literal --> INSERT INTO
radius_audit_log ( mac, ip, computer_name,
user_name, stripped_user_name, realm,
event_type, switch_id, switch_mac,
switch_ip_address, radius_source_ip_address,
called_station_id, calling_station_id, nas_port_type,
ssid, nas_port_id, ifindex, nas_port,
connection_type, nas_ip_address, nas_identifier,
auth_status, reason, auth_type, eap_type,
role, node_status, profile, source, auto_reg, is_phone,
pf_domain, uuid, radius_request, radius_reply,
request_time) VALUES ( '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> Calling-Station-Id
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> Framed-IP-Address
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute -->
PacketFence-Computer-Name
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> User-Name
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> Stripped-User-Name
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> Realm
Mon Feb 13 17:16:34 2017 : Debug: literal --> ',
'Radius-Access-Request', '
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Switch-Id
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Switch-Mac
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute -->
PacketFence-Switch-Ip-Address
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> Packet-Src-IP-Address
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> Called-Station-Id
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> Calling-Station-Id
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> NAS-Port-Type
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> Called-Station-SSID
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> NAS-Port-Id
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-IfIndex
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> NAS-Port
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute -->
PacketFence-Connection-Type
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> NAS-IP-Address
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> NAS-Identifier
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', 'Reject', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> Module-Failure-Message
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> Auth-Type
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> EAP-Type
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Role
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Status
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Profile
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Source
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-AutoReg
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-IsPhone
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Domain
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '', '
Mon Feb 13 17:16:34 2017 : Debug: xlat --> pairs
Mon Feb 13 17:16:34 2017 : Debug: {
Mon Feb 13 17:16:34 2017 : Debug: literal --> &request:[*]
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ','
Mon Feb 13 17:16:34 2017 : Debug: xlat --> pairs
Mon Feb 13 17:16:34 2017 : Debug: {
Mon Feb 13 17:16:34 2017 : Debug: literal --> &reply:[*]
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Request-Time
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: literal --> ')
Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: EXPAND INSERT INTO
radius_audit_log ( mac, ip, computer_name,
user_name, stripped_user_name, realm,
event_type, switch_id, switch_mac,
switch_ip_address, radius_source_ip_address,
called_station_id, calling_station_id, nas_port_type,
ssid, nas_port_id, ifindex, nas_port,
connection_type, nas_ip_address, nas_identifier,
auth_status, reason, auth_type, eap_type,
role, node_status, profile, source, auto_reg, is_phone,
pf_domain, uuid, radius_request, radius_reply,
request_time) VALUES (
'%{request:Calling-Station-Id}', '%{request:Framed-IP-Address}',
'%{%{control:PacketFence-Computer-Name}:-N/A}', '%{request:User-Name}',
'%{request:Stripped-User-Name}', '%{request:Realm}',
'Radius-Access-Request', '%{%{control:PacketFence-Switch-Id}:-N/A}',
'%{%{control:PacketFence-Switch-Mac}:-N/A}',
'%{%{control:PacketFence-Switch-Ip-Address}:-N/A}',
'%{Packet-Src-IP-Address}', '%{request:Called-Station-Id}',
'%{request:Calling-Station-Id}', '%{request:NAS-Port-Type}',
'%{request:Called-Station-SSID}', '%{request:NAS-Port-Id}',
'%{%{control:PacketFence-IfIndex}:-N/A}', '%{request:NAS-Port}',
'%{%{control:PacketFence-Connection-Type}:-N/A}',
'%{request:NAS-IP-Address}', '%{request:NAS-Identifier}',
'Reject', '%{request:Module-Failure-Message}',
'%{control:Auth-Type}', '%{request:EAP-Type}',
'%{%{control:PacketFence-Role}:-N/A}',
'%{%{control:PacketFence-Status}:-N/A}',
'%{%{control:PacketFence-Profile}:-N/A}',
'%{%{control:PacketFence-Source}:-N/A}',
'%{%{control:PacketFence-AutoReg}:-N/A}',
'%{%{control:PacketFence-IsPhone}:-N/A}',
'%{request:PacketFence-Domain}', '',
'%{pairs:&request:[*]}','%{pairs:&reply:[*]}',
'%{%{control:PacketFence-Request-Time}:-N/A}')
Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: --> INSERT INTO
radius_audit_log ( mac, ip, computer_name,
user_name, stripped_user_name, realm,
event_type, switch_id, switch_mac,
switch_ip_address, radius_source_ip_address,
called_station_id, calling_station_id, nas_port_type,
ssid, nas_port_id, ifindex, nas_port,
connection_type, nas_ip_address, nas_identifier,
auth_status, reason, auth_type, eap_type,
role, node_status, profile, source, auto_reg, is_phone,
pf_domain, uuid, radius_request, radius_reply,
request_time) VALUES ( '', '', 'N/A',
'UserTest', 'UserTest', 'null',
'Radius-Access-Request', 'N/A', 'N/A',
'N/A', '192.168.10.21', '', '', '', '',
'', 'N/A', '7070', 'N/A', '192.168.4.148', '',
'Reject', 'rest: Server returned:', 'Accept',
'', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A',
'N/A', '', '', 'User-Name =3D =22UserTest=22=2C
User-Password =3D =22p@55word=22=2C NAS-IP-Address =3D 192.168.4.148=2C
NAS-Port =3D 7070=2C Event-Timestamp =3D =22févr. 13 2017 17:16:34
CET=22=2C Message-Authenticator =3D
0xfba43f2e2676863ec538ad5c9b0d298e=2C Stripped-User-Name =3D
=22UserTest=22=2C Realm =3D =22null=22=2C FreeRADIUS-Client-IP-Address
=3D 192.168.10.21=2C Module-Failure-Message =3D =22rest: Server
returned:=22=2C Module-Failure-Message =3D =22rest:
=7B=5C=22Reply-Message=5C=22:=5C=22PacketFence does not support this
switch for read/write access
login=5C=22=2C=5C=22reply:PacketFence-Authorization-Status=5C=22:=5C=22allow=5C=22=7D=22=2C
SQL-User-Name =3D =22UserTest=22','', '0')
Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: Executing query:
INSERT INTO radius_audit_log ( mac, ip, computer_name,
user_name, stripped_user_name, realm,
event_type, switch_id, switch_mac,
switch_ip_address, radius_source_ip_address,
called_station_id, calling_station_id, nas_port_type,
ssid, nas_port_id, ifindex, nas_port,
connection_type, nas_ip_address, nas_identifier,
auth_status, reason, auth_type, eap_type,
role, node_status, profile, source, auto_reg, is_phone,
pf_domain, uuid, radius_request, radius_reply,
request_time) VALUES ( '', '', 'N/A',
'UserTest', 'UserTest', 'null',
'Radius-Access-Request', 'N/A', 'N/A',
'N/A', '192.168.10.21', '', '', '', '',
'', 'N/A', '7070', 'N/A', '192.168.4.148', '',
'Reject', 'rest: Server returned:', 'Accept',
'', 'N/A', 'N/A', 'N/A', 'N/A', 'N/A',
'N/A', '', '', 'User-Name =3D =22UserTest=22=2C
User-Password =3D =22p@55word=22=2C NAS-IP-Address =3D 192.168.4.148=2C
NAS-Port =3D 7070=2C Event-Timestamp =3D =22févr. 13 2017 17:16:34
CET=22=2C Message-Authenticator =3D
0xfba43f2e2676863ec538ad5c9b0d298e=2C Stripped-User-Name =3D
=22UserTest=22=2C Realm =3D =22null=22=2C FreeRADIUS-Client-IP-Address
=3D 192.168.10.21=2C Module-Failure-Message =3D =22rest: Server
returned:=22=2C Module-Failure-Message =3D =22rest:
=7B=5C=22Reply-Message=5C=22:=5C=22PacketFence does not support this
switch for read/write access
login=5C=22=2C=5C=22reply:PacketFence-Authorization-Status=5C=22:=5C=22allow=5C=22=7D=22=2C
SQL-User-Name =3D =22UserTest=22','', '0')
Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: SQL query returned:
success
Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: 1 record(s) updated
Mon Feb 13 17:16:34 2017 : Debug: rlm_sql (sql): Released connection (1)
Mon Feb 13 17:16:34 2017 : Info: rlm_sql (sql): Need 4 more connections
to reach 10 spares
Mon Feb 13 17:16:34 2017 : Info: rlm_sql (sql): Opening additional
connection (6), 1 of 58 pending slots used
Mon Feb 13 17:16:34 2017 : Debug: rlm_sql_mysql: Starting connect to
MySQL server
Mon Feb 13 17:16:34 2017 : Debug: rlm_sql_mysql: Connected to database
'pf' on Localhost via UNIX socket, server version 5.5.52-MariaDB,
protocol version 10
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]: returned
from sql_reject (rlm_sql)
Mon Feb 13 17:16:34 2017 : Debug: (0) [sql_reject] = ok
Mon Feb 13 17:16:34 2017 : Debug: (0) } # if (&User-Name !=
"dummy") = ok
Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy
packetfence-audit-log-reject = ok
Mon Feb 13 17:16:34 2017 : Debug: (0) } # if (! EAP-Type ||
(EAP-Type != TTLS && EAP-Type != PEAP) ) = ok
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter)
Mon Feb 13 17:16:34 2017 : Debug: %{User-Name}
Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
Mon Feb 13 17:16:34 2017 : Debug: attribute --> User-Name
Mon Feb 13 17:16:34 2017 : Debug: (0) attr_filter.access_reject: EXPAND
%{User-Name}
Mon Feb 13 17:16:34 2017 : Debug: (0) attr_filter.access_reject: -->
UserTest
Mon Feb 13 17:16:34 2017 : Debug: (0) attr_filter.access_reject: Matched
entry DEFAULT at line 11
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]: returned
from attr_filter.access_reject (rlm_attr_filter)
Mon Feb 13 17:16:34 2017 : Debug: (0) [attr_filter.access_reject] = updated
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]: calling
attr_filter.packetfence_post_auth (rlm_attr_filter)
Mon Feb 13 17:16:34 2017 : Debug: %{User-Name}
Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
Mon Feb 13 17:16:34 2017 : Debug: attribute --> User-Name
Mon Feb 13 17:16:34 2017 : Debug: (0) attr_filter.packetfence_post_auth:
EXPAND %{User-Name}
Mon Feb 13 17:16:34 2017 : Debug: (0)
attr_filter.packetfence_post_auth: --> UserTest
Mon Feb 13 17:16:34 2017 : Debug: (0) attr_filter.packetfence_post_auth:
Matched entry DEFAULT at line 10
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]: returned
from attr_filter.packetfence_post_auth (rlm_attr_filter)
Mon Feb 13 17:16:34 2017 : Debug: (0)
[attr_filter.packetfence_post_auth] = updated
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]: calling
eap (rlm_eap)
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]: returned
from eap (rlm_eap)
Mon Feb 13 17:16:34 2017 : Debug: (0) [eap] = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) policy
remove_reply_message_if_eap {
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&reply:EAP-Message &&
&reply:Reply-Message) {
Mon Feb 13 17:16:34 2017 : Debug: (0) if (&reply:EAP-Message &&
&reply:Reply-Message) -> FALSE
Mon Feb 13 17:16:34 2017 : Debug: (0) else {
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
calling noop (rlm_always)
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
returned from noop (rlm_always)
Mon Feb 13 17:16:34 2017 : Debug: (0) [noop] = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) } # else = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy
remove_reply_message_if_eap = noop
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]: calling
linelog (rlm_linelog)
Mon Feb 13 17:16:34 2017 : Debug: messages.%{%{reply:Packet-Type}:-default}
Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
Mon Feb 13 17:16:34 2017 : Debug: literal --> messages.
Mon Feb 13 17:16:34 2017 : Debug: if {
Mon Feb 13 17:16:34 2017 : Debug: attribute --> Packet-Type
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: else {
Mon Feb 13 17:16:34 2017 : Debug: literal --> default
Mon Feb 13 17:16:34 2017 : Debug: }
Mon Feb 13 17:16:34 2017 : Debug: (0) linelog: EXPAND
messages.%{%{reply:Packet-Type}:-default}
Mon Feb 13 17:16:34 2017 : Debug: (0) linelog: --> messages.Access-Accept
Mon Feb 13 17:16:34 2017 : Debug: %t : [mac:%{Calling-Station-Id}]
Accepted user: %{reply:User-Name} and returned VLAN
%{reply:Tunnel-Private-Group-ID}
Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
Mon Feb 13 17:16:34 2017 : Debug: percent --> t
Mon Feb 13 17:16:34 2017 : Debug: literal --> : [mac:
Mon Feb 13 17:16:34 2017 : Debug: attribute --> Calling-Station-Id
Mon Feb 13 17:16:34 2017 : Debug: literal --> ] Accepted user:
Mon Feb 13 17:16:34 2017 : Debug: attribute --> User-Name
Mon Feb 13 17:16:34 2017 : Debug: literal --> and returned VLAN
Mon Feb 13 17:16:34 2017 : Debug: attribute --> Tunnel-Private-Group-Id
Mon Feb 13 17:16:34 2017 : Debug: (0) linelog: EXPAND %t :
[mac:%{Calling-Station-Id}] Accepted user: %{reply:User-Name} and
returned VLAN %{reply:Tunnel-Private-Group-ID}
Mon Feb 13 17:16:34 2017 : Debug: (0) linelog: --> Mon Feb 13
17:16:34 2017 : [mac:] Accepted user: and returned VLAN
Mon Feb 13 17:16:34 2017 : Debug: /usr/local/pf/logs/radius.log
Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
Mon Feb 13 17:16:34 2017 : Debug: literal --> /usr/local/pf/logs/radius.log
Mon Feb 13 17:16:34 2017 : Debug: (0) linelog: EXPAND
/usr/local/pf/logs/radius.log
Mon Feb 13 17:16:34 2017 : Debug: (0) linelog: -->
/usr/local/pf/logs/radius.log
Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]: returned
from linelog (rlm_linelog)
Mon Feb 13 17:16:34 2017 : Debug: (0) [linelog] = ok
Mon Feb 13 17:16:34 2017 : Debug: (0) } # Post-Auth-Type REJECT = updated
Mon Feb 13 17:16:34 2017 : Auth: (0) Rejected in post-auth: [UserTest]
(from client 192.168.10.0/24 port 7070)
Mon Feb 13 17:16:34 2017 : Debug: (0) Delaying response for 1.000000 seconds
Mon Feb 13 17:16:34 2017 : Debug: Waking up in 0.9 seconds.
Mon Feb 13 17:16:35 2017 : Debug: (0) Sending delayed response
Mon Feb 13 17:16:35 2017 : Debug: (0) Sent Access-Reject Id 8 from
192.168.10.22:1812 to 192.168.10.21:51726 length 20
Mon Feb 13 17:16:35 2017 : Debug: Waking up in 3.9 seconds.
Le 13/02/2017 à 15:25, Fabrice Durand a écrit :
Hello Thomas,
you are using PPP on the port 1812.
If there is no calling-station-id attribute then it suppose that it's
for cli access.
May i ask you what sort of setup you try to achieve ?
Regards
Fabrice Durand
Le 2017-02-13 à 08:42, Thomas Massip a écrit :
Hi all,
I actually use FreeRADIUS Version 3.0.13 with PacketFence
and I have an issue when I try the rlm_rest.
If somoene Know why I have this issue :
rest: ERROR: Server returned:
(0) rest: ERROR: {"Reply-Message":"PacketFence does not support this
switch for read/write access
login","reply:PacketFence-Authorization-Status":"allow"}
This is my output radius -x :
Thanks for ur help
Best regards
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
