Hello,
I’m using ZEN, latest download from site. I do not plan to join
AD/LDAP but only to use local users.
I’ve created local users in RADDB but according to precedent posts in
mailing lists I’ve deleted it and planned to use only “person” in web
interface.
Plaintext password are enabled in advanced config and I’ve added
“packetfence-local-auth” both in
/usr/local/pf/conf/radiusd/packetfence-tunnel and in in authorize
section just after
packetfence-eap-mac-policy in conf/radiusd/packetfence
but debug still shows logs attached below…
thanks in advance…
(2) Thu Jul 13 15:27:49 2017: Debug: Received Access-Request Id 72
from 127.0.0. 1:43886 to 127.0.0.1:18120 length 73
(2) Thu Jul 13 15:27:49 2017: Debug: User-Name = "ale"
(2) Thu Jul 13 15:27:49 2017: Debug: User-Password = "pale"
(2) Thu Jul 13 15:27:49 2017: Debug: NAS-IP-Address = 153.47.30.99
(2) Thu Jul 13 15:27:49 2017: Debug: NAS-Port = 12
(2) Thu Jul 13 15:27:49 2017: Debug: Message-Authenticator =
0x952a6bbbaa25fb2 f8c80772d743956be
(2) Thu Jul 13 15:27:49 2017: Debug: # Executing section authorize
from file /us r/local/pf/raddb/sites-enabled/packetfence
(2) Thu Jul 13 15:27:49 2017: Debug: authorize {
(2) Thu Jul 13 15:27:49 2017: Debug: update {
(2) Thu Jul 13 15:27:49 2017: Debug: EXPAND %{Packet-Src-IP-Address}
(2) Thu Jul 13 15:27:49 2017: Debug: --> 127.0.0.1
(2) Thu Jul 13 15:27:49 2017: Debug: EXPAND %l
(2) Thu Jul 13 15:27:49 2017: Debug: --> 1499959669
(2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy
rewrite_calling_station_id {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&Calling-Station-Id &&
(&Calling- Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&Calling-Station-Id &&
(&Calling- Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
-> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: else {
(2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # else = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy
rewrite_calling_station_id = noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy
rewrite_called_station_id {
(2) Thu Jul 13 15:27:49 2017: Debug: if ((&Called-Station-Id) &&
(&Called- Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
{
(2) Thu Jul 13 15:27:49 2017: Debug: if ((&Called-Station-Id) &&
(&Called- Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
- > FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: else {
(2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # else = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy
rewrite_called_station_id = noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy filter_username {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name) -> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ / /) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ / /)
-> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~
/@[^@]*@/ ) -> F
ALSE
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ /\.\./ ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ /\.\./
) -> FALS E
(2) Thu Jul 13 15:27:49 2017: Debug: if ((&User-Name =~ /@/)
&& (&User-N ame
!~ /@(.+)\.(.+)$/)) {
(2) Thu Jul 13 15:27:49 2017: Debug: if ((&User-Name =~ /@/)
&& (&User-N ame
!~ /@(.+)\.(.+)$/)) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ /\.$/) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~
/\.$/) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ /@\./) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~
/@\./) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: } # if (&User-Name) = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy filter_username = noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy filter_password {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Password && (&Use
r-Password != "%{string:User-Password}")) {
(2) Thu Jul 13 15:27:49 2017: Debug: EXPAND %{string:User-Password}
(2) Thu Jul 13 15:27:49 2017: Debug: --> pale
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Password
&& (&Use r-Password !=
"%{string:User-Password}")) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy filter_password = noop
(2) Thu Jul 13 15:27:49 2017: Debug: [preprocess] = ok
(2) Thu Jul 13 15:27:49 2017: Debug: suffix: Checking for suffix after "@"
(2) Thu Jul 13 15:27:49 2017: Debug: suffix: No '@' in User-Name =
"ale", skippi ng NULL due to config.
(2) Thu Jul 13 15:27:49 2017: Debug: [suffix] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Checking for prefix
before "\"
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: No '\' in User-Name =
"ale", look ing up realm NULL
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Found realm "null"
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Adding
Stripped-User-Name = "ale"
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Adding Realm = "null"
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Authentication realm is
LOCAL
(2) Thu Jul 13 15:27:49 2017: Debug: [ntdomain] = ok
(2) Thu Jul 13 15:27:49 2017: Debug: eap: No EAP-Message, not doing EAP
(2) Thu Jul 13 15:27:49 2017: Debug: [eap] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: if ( !EAP-Message ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if ( !EAP-Message ) -> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug: if ( !EAP-Message ) {
(2) Thu Jul 13 15:27:49 2017: Debug: update {
(2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # if ( !EAP-Message ) = noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy
packetfence-eap-mac-policy {
(2) Thu Jul 13 15:27:49 2017: Debug: if ( &EAP-Type ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if ( &EAP-Type ) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy
packetfence-eap-mac-policy = noop
(2) Thu Jul 13 15:27:49 2017: WARNING: pap:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! Ignoring
control:User-Password. Update your !!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! configuration so that
the "known good" clear text !!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! password is in
Cleartext-Passwor d and NOT in !!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! User-Password. !!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: Auth-Type already set.
Not setting to PAP
(2) Thu Jul 13 15:27:49 2017: Debug: [pap] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # authorize = ok
(2) Thu Jul 13 15:27:49 2017: Debug: Found Auth-Type = Accept
(2) Thu Jul 13 15:27:49 2017: Debug: Auth-Type = Accept, accepting the
user
(2) Thu Jul 13 15:27:49 2017: Debug: # Executing section post-auth
from file /us r/local/pf/raddb/sites-enabled/packetfence
(2) Thu Jul 13 15:27:49 2017: Debug: post-auth {
(2) Thu Jul 13 15:27:49 2017: Debug: update {
(2) Thu Jul 13 15:27:49 2017: Debug: EXPAND %{Packet-Src-IP-Address}
(2) Thu Jul 13 15:27:49 2017: Debug: --> 127.0.0.1
(2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type || (EAP-Type
!= TTLS && EAP-Type != PEAP) ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type || (EAP-Type
!= TTLS && EAP-Type != PEAP) ) -> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type || (EAP-Type
!= TTLS && EAP-Type != PEAP) ) {
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Expanding URI components
(2) Thu Jul 13 15:27:49 2017: Debug: rest: EXPAND http://127.0.0.1:7070
(2) Thu Jul 13 15:27:49 2017: Debug: rest: --> http://127.0.0.1:7070
(2) Thu Jul 13 15:27:49 2017: Debug: rest: EXPAND //radius/rest/authorize
(2) Thu Jul 13 15:27:49 2017: Debug: rest: --> //radius/rest/authorize
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Sending HTTP POST to
"http://127.0.0. 1:7070//radius/rest/authorize"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "User-Name"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
"User-Password"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
"NAS-IP-Address"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "NAS-Port"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
"Event-Timestamp"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
"Message-Authentic ator"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
"Stripped-User-Nam e"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "Realm"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
"FreeRADIUS-Client -IP-Address"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Processing response header
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Status : 401 (Unauthorized)
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Type : json
(application/json)
(2) Thu Jul 13 15:27:49 2017: ERROR: rest: Server returned:
(2) Thu Jul 13 15:27:49 2017: ERROR: rest:
{"control:PacketFence-Authorization-S
tatus":"allow","Reply-Message":"CLI
Access is not allowed by PacketFence on this switch"}
(2) Thu Jul 13 15:27:49 2017: Debug: [rest] = invalid
(2) Thu Jul 13 15:27:49 2017: Debug: } # if (! EAP-Type ||
(EAP-Type != TTLS && EAP-Type != PEAP) ) = invalid
(2) Thu Jul 13 15:27:49 2017: Debug: } # post-auth = invalid
(2) Thu Jul 13 15:27:49 2017: Debug: Using Post-Auth-Type Reject
(2) Thu Jul 13 15:27:49 2017: Debug: # Executing group from file
/usr/local/pf/r addb/sites-enabled/packetfence
(2) Thu Jul 13 15:27:49 2017: Debug: Post-Auth-Type REJECT {
(2) Thu Jul 13 15:27:49 2017: Debug: update {
(2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type || (EAP-Type
!= TTLS && EAP-Type != PEAP) ) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type || (EAP-Type
!= TTLS && EAP-Type != PEAP) ) -> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type || (EAP-Type
!= TTLS && EAP-Type != PEAP) ) {
(2) Thu Jul 13 15:27:49 2017: Debug: policy
packetfence-audit-log-reject {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name != "dummy") {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name !=
"dummy") -> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name != "dummy") {
(2) Thu Jul 13 15:27:49 2017: Debug: policy request-timing {
(2) Thu Jul 13 15:27:49 2017: Debug: if
(control:PacketFence-Request -Time != 0) {
(2) Thu Jul 13 15:27:49 2017: Debug: if
(control:PacketFence-Request -Time != 0) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy
request-timing = noop
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: EXPAND type.reject.query
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: --> type.reject.query
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: Using query template
'query'
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: EXPAND %{User-Name}
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: --> ale
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: SQL-User-Name set to
'ale'
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: EXPAND INSERT INTO
radius_audit _log ( mac, ip, computer_name, user_name,
stripped_ user_name, realm,
event_type, switch_id, switch_mac, switch_ip_a
ddress, radius_source_ip_address, called_station_id,
calling_stat ion_id,
nas_port_type, ssid, nas_port_id, ifindex, nas_port,
connection_type, nas_ip_address, nas_identifier, auth_
status, reason, auth_type, eap_type,
role, node_st atus, profile, source, auto_reg,
is_phone, pf_doma in, uuid, radius_request,
radius_reply, request_time) VALUES (
'%{request:Calling-Station-Id}', '%{request:Framed-IP-A ddress}',
'%{%{control:PacketFence-Computer-Name}:-N/A}', '%{request:User-Name}'
, '%{request:Stripped-User-Name}', '%{request:Realm}',
'Radius-Ac cess-Request', '%{%{control:PacketFence-Switch-Id}:-N/A}',
'%{%{c ontrol:PacketFence-Switch-Mac}:-N/A}',
'%{%{control:PacketFence-Switch-Ip-Addres s}:-N/A}',
'%{Packet-Src-IP-Address}', '%{request:Called-Station- Id}',
'%{request:Calling-Station-Id}', '%{request:NAS-Port-Type}' ,
'%{request:Called-Station-SSID}', '%{request:NAS-Port-Id}', '%{
%{control:PacketFence-IfIndex}:-N/A}', '%{request:NAS-Port}',
'%{%{control:Packe tFence-Connection-Type}:-N/A}',
'%{request:NAS-IP-Address}', '%{r
equest:NAS-Identifier}', 'Reject',
'%{request:Module-Failure-Me ssage}', '%{control:Auth-Type}',
'%{request:EAP-Type}', '%{%{cont
rol:PacketFence-Role}:-N/A}',
'%{%{control:PacketFence-Status}:-N/A}', '%{%{cont
rol:PacketFence-Profile}:-N/A}', '%{%{control:PacketFence-Source}
:-N/A}',
'%{%{control:PacketFence-AutoReg}:-N/A}',
'%{%{control:PacketFence-IsPh one}:-N/A}',
'%{request:PacketFence-Domain}', '', '%{pairs:&reque
st:[*]}','%{pairs:&reply:[*]}',
'%{%{control:PacketFence-Request-Time}:-N/A}')
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: --> INSERT INTO
radius_audit _log ( mac, ip,
computer_name, user_name, stripped_ user_name, realm,
event_type, switch_id, switch_mac, switch_ip_a
ddress, radius_source_ip_address,
called_station_id, calling_stat ion_id, nas_port_type,
ssid, nas_port_id, ifindex,
nas_port,
connection_type, nas_ip_address, nas_identifier, auth_
status, reason, auth_type, eap_type,
role, node_st atus, profile, source, auto_reg,
is_phone, pf_doma in, uuid, radius_request,
radius_reply, request_time) VALUES ( '', '', 'N/A',
'ale', 'ale', 'null', 'Ra dius-Access-Request', 'N/A',
'N/A', 'N/A', '127.0. 0.1', '', '', '', '', '', 'N/A',
'12', 'N/A', '153.47.30.99', '', 'Reject', 'rest:
Server returned
:', 'Accept', '', 'N/A', 'N/A', 'N/A',
'N/A', 'N/A ', 'N/A', '', '', 'User-Name =3D
=22ale=22=2C User-Password =3D = 22=2A=2A=2A=2A=2A=2A=22=2C
NAS-IP-Address =3D 153.47.30.99=2C NAS-Port =3D 12=2C Event-Timestamp
=3D =22Jul 13 2017 15:27:49 UTC=22=2C Message-Authenticator =3D
0x952a6bbbaa25fb2f8c80772d743956be=2C Stripped-User-Name =3D
=22ale=22=2C Realm =3D =22null=22=2C
FreeRADIUS-Client-IP-Address =3D 127.0.0.1=2C Module-Failure- Message
=3D =22rest: Server returned:=22=2C Module-Failure-Message =3D
=22rest:
=7B=5C=22control:PacketFence-Authorization-Status=5C=22:=5C=22allow=5C=22=2C=5C=
22Reply-Message=5C=22:=5C=22CLI Access is not allowed by PacketFence
on this swi tch=5C=22=7D=22=2C
SQL-User-Name =3D =22ale=22','', '0')
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: Executing query:
INSERT INTO ra dius_audit_log ( mac, ip, computer_name,
user_name, stripped_user_name, realm, event_type, switch_id,
switch_mac, s witch_ip_address,
radius_source_ip_address, called_station_id, ca
lling_station_id, nas_port_type, ssid, nas_port_id,
ifindex, nas_port, connection_type, nas_ip_address, nas_identif
ier, auth_status, reason, auth_type, eap_type,
rol e,
node_status, profile, source, auto_reg, is_phone,
pf_domain, uuid, radius_request, radius_reply, request_time)
VALUES ( '', '', 'N/A',
'ale', 'ale', ' null',
'Radius-Access-Request', 'N/A', 'N/A', 'N/A',
'127.0.0.1', '',
'', '', '', '', 'N/A', '12', '
N/A', '153.47.30.99', '', 'Reject',
'rest: Serve r returned:', 'Accept', '', 'N/A', 'N/A',
'N/A', ' N/A', 'N/A', 'N/A', '', '', 'User-Name =3D
=22ale=22=2C User-Pass word =3D =22=2A=2A=2A=2A=2A=2A=22=2C
NAS-IP-Address =3D 153.47.30.99=2C NAS-Port =3D 12=2C Event-Timestamp
=3D =22Jul 13 2017 15:27:49 UTC=22=2C Message-Authent icator =3D
0x952a6bbbaa25fb2f8c80772d743956be=2C Stripped-User-Name =3D =22ale=2
2=2C Realm =3D =22null=22=2C FreeRADIUS-Client-IP-Address =3D
127.0.0.1=2C Modul e-Failure-Message =3D =22rest: Server
returned:=22=2C Module-Failure-Message =3D =22rest:
=7B=5C=22control:PacketFence-Authorization-Status=5C=22:=5C=22allow=5C
=22=2C=5C=22Reply-Message=5C=22:=5C=22CLI Access is not allowed by
PacketFence o n
this switch=5C=22=7D=22=2C SQL-User-Name =3D =22ale=22','', '0')
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: SQL query returned:
success
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: 1 record(s) updated
(2) Thu Jul 13 15:27:49 2017: Debug: [sql_reject] = ok
(2) Thu Jul 13 15:27:49 2017: Debug: } # if (&User-Name !=
"dummy") = o k
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy
packetfence-audit-log-reje ct = ok
(2) Thu Jul 13 15:27:49 2017: Debug: } # if (! EAP-Type ||
(EAP-Type != TTLS && EAP-Type != PEAP) ) = ok
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.access_reject: EXPAND
%{User-Na me}
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.access_reject: --> ale
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.access_reject:
Matched entry DE FAULT at
line 11
(2) Thu Jul 13 15:27:49 2017: Debug: [attr_filter.access_reject] =
updated
(2) Thu Jul 13 15:27:49 2017: Debug:
attr_filter.packetfence_post_auth: EXPAND % {User-Name}
(2) Thu Jul 13 15:27:49 2017: Debug:
attr_filter.packetfence_post_auth: -->
a le
(2) Thu Jul 13 15:27:49 2017: Debug:
attr_filter.packetfence_post_auth: Matched
entry DEFAULT at line 10
(2) Thu Jul 13 15:27:49 2017: Debug:
[attr_filter.packetfence_post_auth] = u pdated
(2) Thu Jul 13 15:27:49 2017: Debug: [eap] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: policy
remove_reply_message_if_eap {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&reply:EAP-Message &&
&reply:Repl y-Message) {
(2) Thu Jul 13 15:27:49 2017: Debug: if (&reply:EAP-Message &&
&reply:Repl y-Message) -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug: else {
(2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # else = noop
(2) Thu Jul 13 15:27:49 2017: Debug: } # policy
remove_reply_message_if_eap = noop
(2) Thu Jul 13 15:27:49 2017: Debug: linelog: EXPAND
messages.%{%{reply:Packet-T ype}:-default}
(2) Thu Jul 13 15:27:49 2017: Debug: linelog: -->
messages.Access-Reject
(2) Thu Jul 13 15:27:49 2017: Debug: linelog: EXPAND %t :
[mac:%{Calling-Station -Id}]
Rejected user: %{User-Name}
(2) Thu Jul 13 15:27:49 2017: Debug: linelog: --> Thu Jul 13
15:27:49 2017 : [mac:] Rejected user: ale
(2) Thu Jul 13 15:27:49 2017: Debug: [linelog] = ok
(2) Thu Jul 13 15:27:49 2017: Debug: } # Post-Auth-Type REJECT = updated
(2) Thu Jul 13 15:27:49 2017: Debug: Delaying response for 1.000000
seconds
(2) Thu Jul 13 15:27:50 2017: Debug: Sending delayed response
(2) Thu Jul 13 15:27:50 2017: Debug: Sent Access-Reject Id 72 from
127.0.0.1:181 20 to 127.0.0.1:43886 length 20
(2) Thu Jul 13 15:27:54 2017: Debug: Cleaning up request packet ID 72
with times tamp +459
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
