Hello,
I'm using ZEN, latest download from site. I do not plan to join AD/LDAP but
only to use local users.
I've created local users in RADDB but according to precedent posts in mailing
lists I've deleted it and planned to use only "person" in web interface.
Plaintext password are enabled in advanced config and I've added
"packetfence-local-auth" both in /usr/local/pf/conf/radiusd/packetfence-tunnel
and in in authorize section just after
packetfence-eap-mac-policy in conf/radiusd/packetfence
but debug still shows logs attached below...
thanks in advance...
(2) Thu Jul 13 15:27:49 2017: Debug: Received Access-Request Id 72 from
127.0.0. 1:43886 to
127.0.0.1:18120 length 73
(2) Thu Jul 13 15:27:49 2017: Debug: User-Name = "ale"
(2) Thu Jul 13 15:27:49 2017: Debug: User-Password = "pale"
(2) Thu Jul 13 15:27:49 2017: Debug: NAS-IP-Address = 153.47.30.99
(2) Thu Jul 13 15:27:49 2017: Debug: NAS-Port = 12
(2) Thu Jul 13 15:27:49 2017: Debug: Message-Authenticator =
0x952a6bbbaa25fb2
f8c80772d743956be
(2) Thu Jul 13 15:27:49 2017: Debug: # Executing section authorize from file
/us
r/local/pf/raddb/sites-enabled/packetfence
(2) Thu Jul 13 15:27:49 2017: Debug: authorize {
(2) Thu Jul 13 15:27:49 2017: Debug: update {
(2) Thu Jul 13 15:27:49 2017: Debug: EXPAND %{Packet-Src-IP-Address}
(2) Thu Jul 13 15:27:49 2017: Debug: --> 127.0.0.1
(2) Thu Jul 13 15:27:49 2017: Debug: EXPAND %l
(2) Thu Jul 13 15:27:49 2017: Debug: --> 1499959669
(2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy rewrite_calling_station_id {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&Calling-Station-Id &&
(&Calling- Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&Calling-Station-Id &&
(&Calling- Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: else {
(2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # else = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy rewrite_calling_station_id
= noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy rewrite_called_station_id {
(2) Thu Jul 13 15:27:49 2017: Debug: if ((&Called-Station-Id) &&
(&Called- Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
(2) Thu Jul 13 15:27:49 2017: Debug: if ((&Called-Station-Id) &&
(&Called- Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
- > FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: else {
(2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # else = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy rewrite_called_station_id =
noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy filter_username {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name) -> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ / /) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ / /) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ /@[^@]*@/ ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ /@[^@]*@/ ) ->
F ALSE
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ /\.\./ ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ /\.\./ ) ->
FALS E
(2) Thu Jul 13 15:27:49 2017: Debug: if ((&User-Name =~ /@/) &&
(&User-N ame !~
/@(.+)\.(.+)$/)) {
(2) Thu Jul 13 15:27:49 2017: Debug: if ((&User-Name =~ /@/) &&
(&User-N ame !~
/@(.+)\.(.+)$/)) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ /\.$/) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ /\.$/) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ /@\./) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ /@\./) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: } # if (&User-Name) = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy filter_username = noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy filter_password {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Password &&
(&Use r-Password !=
"%{string:User-Password}")) {
(2) Thu Jul 13 15:27:49 2017: Debug: EXPAND %{string:User-Password}
(2) Thu Jul 13 15:27:49 2017: Debug: --> pale
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Password &&
(&Use r-Password !=
"%{string:User-Password}")) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy filter_password = noop
(2) Thu Jul 13 15:27:49 2017: Debug: [preprocess] = ok
(2) Thu Jul 13 15:27:49 2017: Debug: suffix: Checking for suffix after "@"
(2) Thu Jul 13 15:27:49 2017: Debug: suffix: No '@' in User-Name = "ale",
skippi ng NULL due to
config.
(2) Thu Jul 13 15:27:49 2017: Debug: [suffix] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Checking for prefix before "\"
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: No '\' in User-Name = "ale",
look ing up realm NULL
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Found realm "null"
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Adding Stripped-User-Name = "ale"
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Adding Realm = "null"
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Authentication realm is LOCAL
(2) Thu Jul 13 15:27:49 2017: Debug: [ntdomain] = ok
(2) Thu Jul 13 15:27:49 2017: Debug: eap: No EAP-Message, not doing EAP
(2) Thu Jul 13 15:27:49 2017: Debug: [eap] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: if ( !EAP-Message ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if ( !EAP-Message ) -> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug: if ( !EAP-Message ) {
(2) Thu Jul 13 15:27:49 2017: Debug: update {
(2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # if ( !EAP-Message ) = noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy packetfence-eap-mac-policy {
(2) Thu Jul 13 15:27:49 2017: Debug: if ( &EAP-Type ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if ( &EAP-Type ) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy packetfence-eap-mac-policy
= noop
(2) Thu Jul 13 15:27:49 2017: WARNING: pap:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! Ignoring control:User-Password.
Update your !!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! configuration so that the
"known good" clear text
!!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! password is in
Cleartext-Passwor d and
NOT in !!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! User-Password.
!!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: Auth-Type already set. Not setting
to PAP
(2) Thu Jul 13 15:27:49 2017: Debug: [pap] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # authorize = ok
(2) Thu Jul 13 15:27:49 2017: Debug: Found Auth-Type = Accept
(2) Thu Jul 13 15:27:49 2017: Debug: Auth-Type = Accept, accepting the user
(2) Thu Jul 13 15:27:49 2017: Debug: # Executing section post-auth from file
/us
r/local/pf/raddb/sites-enabled/packetfence
(2) Thu Jul 13 15:27:49 2017: Debug: post-auth {
(2) Thu Jul 13 15:27:49 2017: Debug: update {
(2) Thu Jul 13 15:27:49 2017: Debug: EXPAND %{Packet-Src-IP-Address}
(2) Thu Jul 13 15:27:49 2017: Debug: --> 127.0.0.1
(2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type || (EAP-Type != TTLS
&& EAP-Type != PEAP) ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type || (EAP-Type != TTLS
&& EAP-Type != PEAP) )
-> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type || (EAP-Type != TTLS
&& EAP-Type != PEAP) ) {
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Expanding URI components
(2) Thu Jul 13 15:27:49 2017: Debug: rest: EXPAND http://127.0.0.1:7070
(2) Thu Jul 13 15:27:49 2017: Debug: rest: --> http://127.0.0.1:7070
(2) Thu Jul 13 15:27:49 2017: Debug: rest: EXPAND //radius/rest/authorize
(2) Thu Jul 13 15:27:49 2017: Debug: rest: --> //radius/rest/authorize
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Sending HTTP POST to
"http://127.0.0.
1:7070//radius/rest/authorize"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "User-Name"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "User-Password"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "NAS-IP-Address"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "NAS-Port"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "Event-Timestamp"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
"Message-Authentic ator"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
"Stripped-User-Nam e"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "Realm"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
"FreeRADIUS-Client
-IP-Address"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Processing response header
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Status : 401 (Unauthorized)
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Type : json (application/json)
(2) Thu Jul 13 15:27:49 2017: ERROR: rest: Server returned:
(2) Thu Jul 13 15:27:49 2017: ERROR: rest:
{"control:PacketFence-Authorization-S
tatus":"allow","Reply-Message":"CLI Access is not allowed by
PacketFence on this
switch"}
(2) Thu Jul 13 15:27:49 2017: Debug: [rest] = invalid
(2) Thu Jul 13 15:27:49 2017: Debug: } # if (! EAP-Type || (EAP-Type !=
TTLS && EAP-Type !=
PEAP) ) = invalid
(2) Thu Jul 13 15:27:49 2017: Debug: } # post-auth = invalid
(2) Thu Jul 13 15:27:49 2017: Debug: Using Post-Auth-Type Reject
(2) Thu Jul 13 15:27:49 2017: Debug: # Executing group from file
/usr/local/pf/r
addb/sites-enabled/packetfence
(2) Thu Jul 13 15:27:49 2017: Debug: Post-Auth-Type REJECT {
(2) Thu Jul 13 15:27:49 2017: Debug: update {
(2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type || (EAP-Type != TTLS
&& EAP-Type != PEAP) ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type || (EAP-Type != TTLS
&& EAP-Type != PEAP) )
-> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type || (EAP-Type != TTLS
&& EAP-Type != PEAP) ) {
(2) Thu Jul 13 15:27:49 2017: Debug: policy packetfence-audit-log-reject {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name != "dummy") {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name != "dummy") -> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name != "dummy") {
(2) Thu Jul 13 15:27:49 2017: Debug: policy request-timing {
(2) Thu Jul 13 15:27:49 2017: Debug: if
(control:PacketFence-Request
-Time != 0) {
(2) Thu Jul 13 15:27:49 2017: Debug: if
(control:PacketFence-Request
-Time != 0) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy request-timing = noop
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: EXPAND type.reject.query
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: --> type.reject.query
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: Using query template 'query'
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: EXPAND %{User-Name}
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: --> ale
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: SQL-User-Name set to 'ale'
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: EXPAND INSERT INTO
radius_audit _log
( mac, ip, computer_name, user_name, stripped_
user_name, realm, event_type,
switch_id, switch_mac, switch_ip_a
ddress, radius_source_ip_address,
called_station_id, calling_stat
ion_id, nas_port_type, ssid, nas_port_id,
ifindex, nas_port,
connection_type, nas_ip_address, nas_identifier, auth_
status, reason,
auth_type, eap_type, role, node_st
atus, profile, source, auto_reg,
is_phone, pf_doma
in, uuid, radius_request, radius_reply, request_time)
VALUES
( '%{request:Calling-Station-Id}', '%{request:Framed-IP-A
ddress}',
'%{%{control:PacketFence-Computer-Name}:-N/A}', '%{request:User-Name}'
,
'%{request:Stripped-User-Name}', '%{request:Realm}', 'Radius-Ac
cess-Request',
'%{%{control:PacketFence-Switch-Id}:-N/A}', '%{%{c
ontrol:PacketFence-Switch-Mac}:-N/A}',
'%{%{control:PacketFence-Switch-Ip-Addres
s}:-N/A}', '%{Packet-Src-IP-Address}',
'%{request:Called-Station-
Id}', '%{request:Calling-Station-Id}',
'%{request:NAS-Port-Type}'
, '%{request:Called-Station-SSID}', '%{request:NAS-Port-Id}',
'%{
%{control:PacketFence-IfIndex}:-N/A}', '%{request:NAS-Port}',
'%{%{control:Packe
tFence-Connection-Type}:-N/A}', '%{request:NAS-IP-Address}',
'%{r
equest:NAS-Identifier}', 'Reject',
'%{request:Module-Failure-Me
ssage}', '%{control:Auth-Type}', '%{request:EAP-Type}',
'%{%{cont
rol:PacketFence-Role}:-N/A}', '%{%{control:PacketFence-Status}:-N/A}',
'%{%{cont
rol:PacketFence-Profile}:-N/A}',
'%{%{control:PacketFence-Source}
:-N/A}', '%{%{control:PacketFence-AutoReg}:-N/A}',
'%{%{control:PacketFence-IsPh
one}:-N/A}', '%{request:PacketFence-Domain}', '',
'%{pairs:&reque
st:[*]}','%{pairs:&reply:[*]}', '%{%{control:PacketFence-Request-Time}:-N/A}')
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: --> INSERT INTO
radius_audit _log
( mac, ip, computer_name, user_name, stripped_
user_name, realm, event_type,
switch_id, switch_mac, switch_ip_a
ddress, radius_source_ip_address,
called_station_id, calling_stat
ion_id, nas_port_type, ssid, nas_port_id,
ifindex, nas_port,
connection_type, nas_ip_address, nas_identifier, auth_
status, reason,
auth_type, eap_type, role, node_st
atus, profile, source, auto_reg,
is_phone, pf_doma
in, uuid, radius_request, radius_reply, request_time)
VALUES
( '', '', 'N/A', 'ale', 'ale', 'null', 'Ra
dius-Access-Request',
'N/A', 'N/A', 'N/A', '127.0.
0.1', '', '', '', '', '',
'N/A', '12', 'N/A',
'153.47.30.99', '', 'Reject', 'rest: Server returned
:', 'Accept', '',
'N/A', 'N/A', 'N/A', 'N/A', 'N/A
', 'N/A', '', '', 'User-Name =3D
=22ale=22=2C User-Password =3D =
22=2A=2A=2A=2A=2A=2A=22=2C NAS-IP-Address =3D 153.47.30.99=2C NAS-Port
=3D 12=2C
Event-Timestamp =3D =22Jul 13 2017 15:27:49 UTC=22=2C Message-Authenticator =3D
0x952a6bbbaa25fb2f8c80772d743956be=2C Stripped-User-Name =3D =22ale=22=2C Realm
=3D =22null=22=2C
FreeRADIUS-Client-IP-Address =3D 127.0.0.1=2C Module-Failure-
Message =3D =22rest: Server returned:=22=2C
Module-Failure-Message =3D =22rest:
=7B=5C=22control:PacketFence-Authorization-Status=5C=22:=5C=22allow=5C=22=2C=5C=
22Reply-Message=5C=22:=5C=22CLI Access is not allowed by PacketFence on this
swi tch=5C=22=7D=22=2C
SQL-User-Name =3D =22ale=22','', '0')
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: Executing query: INSERT INTO
ra dius_audit_log
( mac, ip, computer_name, user_name,
stripped_user_name, realm, event_type,
switch_id, switch_mac, s
witch_ip_address, radius_source_ip_address,
called_station_id, ca
lling_station_id, nas_port_type, ssid, nas_port_id,
ifindex, nas_port,
connection_type, nas_ip_address, nas_identif
ier, auth_status, reason,
auth_type, eap_type, rol
e, node_status, profile, source, auto_reg,
is_phone,
pf_domain, uuid, radius_request, radius_reply, request_time)
VALUES
( '', '', 'N/A', 'ale', 'ale', '
null', 'Radius-Access-Request',
'N/A', 'N/A', 'N/A',
'127.0.0.1', '', '', '', '', '',
'N/A', '12', ' N/A',
'153.47.30.99', '', 'Reject', 'rest: Serve
r returned:', 'Accept', '',
'N/A', 'N/A', 'N/A', '
N/A', 'N/A', 'N/A', '', '', 'User-Name =3D
=22ale=22=2C User-Pass
word =3D =22=2A=2A=2A=2A=2A=2A=22=2C NAS-IP-Address =3D 153.47.30.99=2C
NAS-Port =3D 12=2C
Event-Timestamp =3D =22Jul 13 2017 15:27:49 UTC=22=2C Message-Authent
icator =3D
0x952a6bbbaa25fb2f8c80772d743956be=2C Stripped-User-Name =3D =22ale=2
2=2C Realm =3D =22null=22=2C
FreeRADIUS-Client-IP-Address =3D 127.0.0.1=2C Modul
e-Failure-Message =3D =22rest: Server returned:=22=2C
Module-Failure-Message =3D
=22rest:
=7B=5C=22control:PacketFence-Authorization-Status=5C=22:=5C=22allow=5C
=22=2C=5C=22Reply-Message=5C=22:=5C=22CLI Access is not allowed by PacketFence
o n this
switch=5C=22=7D=22=2C SQL-User-Name =3D =22ale=22','', '0')
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: SQL query returned: success
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: 1 record(s) updated
(2) Thu Jul 13 15:27:49 2017: Debug: [sql_reject] = ok
(2) Thu Jul 13 15:27:49 2017: Debug: } # if (&User-Name != "dummy") =
o k
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy
packetfence-audit-log-reje
ct = ok
(2) Thu Jul 13 15:27:49 2017: Debug: } # if (! EAP-Type || (EAP-Type !=
TTLS && EAP-Type !=
PEAP) ) = ok
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.access_reject: EXPAND
%{User-Na me}
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.access_reject: --> ale
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.access_reject: Matched entry
DE FAULT at line 11
(2) Thu Jul 13 15:27:49 2017: Debug: [attr_filter.access_reject] = updated
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.packetfence_post_auth: EXPAND
% {User-Name}
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.packetfence_post_auth: -->
a le
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.packetfence_post_auth: Matched
entry DEFAULT at line 10
(2) Thu Jul 13 15:27:49 2017: Debug: [attr_filter.packetfence_post_auth] =
u pdated
(2) Thu Jul 13 15:27:49 2017: Debug: [eap] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy remove_reply_message_if_eap {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&reply:EAP-Message &&
&reply:Repl y-Message) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&reply:EAP-Message &&
&reply:Repl y-Message)
-> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: else {
(2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # else = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy remove_reply_message_if_eap
= noop
(2) Thu Jul 13 15:27:49 2017: Debug: linelog: EXPAND
messages.%{%{reply:Packet-T
ype}:-default}
(2) Thu Jul 13 15:27:49 2017: Debug: linelog: --> messages.Access-Reject
(2) Thu Jul 13 15:27:49 2017: Debug: linelog: EXPAND %t :
[mac:%{Calling-Station
-Id}] Rejected user: %{User-Name}
(2) Thu Jul 13 15:27:49 2017: Debug: linelog: --> Thu Jul 13 15:27:49 2017 :
[mac:] Rejected user: ale
(2) Thu Jul 13 15:27:49 2017: Debug: [linelog] = ok
(2) Thu Jul 13 15:27:49 2017: Debug: } # Post-Auth-Type REJECT = updated
(2) Thu Jul 13 15:27:49 2017: Debug: Delaying response for 1.000000 seconds
(2) Thu Jul 13 15:27:50 2017: Debug: Sending delayed response
(2) Thu Jul 13 15:27:50 2017: Debug: Sent Access-Reject Id 72 from
127.0.0.1:181 20 to
127.0.0.1:43886 length 20
(2) Thu Jul 13 15:27:54 2017: Debug: Cleaning up request packet ID 72 with
times tamp +459
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
