[PacketFence-users] R: radius rejected.

[Alessandro Canella via PacketFence-users]

Hello Fabrice,

test are made with local radtest (I've switch configured and...unaccessible... 
and a Windows Radius test tool too) as I seen from log.

(2) Thu Jul 13 15:27:49 2017: Debug:       EXPAND %{Packet-Src-IP-Address}
(2) Thu Jul 13 15:27:49 2017: Debug:          --> 127.0.0.1


Da: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 14 luglio 2017 02.29
A: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice
Oggetto: Re: [PacketFence-users] radius rejected.


Hello Alessandro,

does the request is coming from a switch ?

It miss the Calling-Station-Id attribute.

Regards

Fabrice



Le 2017-07-13 à 13:01, Alessandro Canella via PacketFence-users a écrit :
Hello,

I'm using ZEN, latest download from site. I do not plan to join AD/LDAP but 
only to use local users.

I've created local users in RADDB but according to precedent posts in mailing 
lists I've deleted it and planned to use only "person" in web interface.

Plaintext password are enabled in advanced config and I've added 
"packetfence-local-auth" both in /usr/local/pf/conf/radiusd/packetfence-tunnel 
and in in authorize section just after
packetfence-eap-mac-policy in conf/radiusd/packetfence

but debug still shows logs attached below...

thanks in advance...


(2) Thu Jul 13 15:27:49 2017: Debug: Received Access-Request Id 72 from 
127.0.0.                                                       1:43886 to 
127.0.0.1:18120 length 73
(2) Thu Jul 13 15:27:49 2017: Debug:   User-Name = "ale"
(2) Thu Jul 13 15:27:49 2017: Debug:   User-Password = "pale"
(2) Thu Jul 13 15:27:49 2017: Debug:   NAS-IP-Address = 153.47.30.99
(2) Thu Jul 13 15:27:49 2017: Debug:   NAS-Port = 12
(2) Thu Jul 13 15:27:49 2017: Debug:   Message-Authenticator = 
0x952a6bbbaa25fb2                                                       
f8c80772d743956be
(2) Thu Jul 13 15:27:49 2017: Debug: # Executing section authorize from file 
/us                                                       
r/local/pf/raddb/sites-enabled/packetfence
(2) Thu Jul 13 15:27:49 2017: Debug:   authorize {
(2) Thu Jul 13 15:27:49 2017: Debug:     update {
(2) Thu Jul 13 15:27:49 2017: Debug:       EXPAND %{Packet-Src-IP-Address}
(2) Thu Jul 13 15:27:49 2017: Debug:          --> 127.0.0.1
(2) Thu Jul 13 15:27:49 2017: Debug:       EXPAND %l
(2) Thu Jul 13 15:27:49 2017: Debug:          --> 1499959669
(2) Thu Jul 13 15:27:49 2017: Debug:     } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     policy rewrite_calling_station_id {
(2) Thu Jul 13 15:27:49 2017: Debug:       if (&Calling-Station-Id && 
(&Calling-                                                       Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9              
                                         
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(2) Thu Jul 13 15:27:49 2017: Debug:       if (&Calling-Station-Id && 
(&Calling-                                                       Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9              
                                         
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))  -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:       else {
(2) Thu Jul 13 15:27:49 2017: Debug:         [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug:       } # else = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     } # policy rewrite_calling_station_id 
=                                                        noop
(2) Thu Jul 13 15:27:49 2017: Debug:     policy rewrite_called_station_id {
(2) Thu Jul 13 15:27:49 2017: Debug:       if ((&Called-Station-Id) && 
(&Called-                                                       Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9              
                                         
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
(2) Thu Jul 13 15:27:49 2017: Debug:       if ((&Called-Station-Id) && 
(&Called-                                                       Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9              
                                         
a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))  
-                                                       > FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:       else {
(2) Thu Jul 13 15:27:49 2017: Debug:         [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug:       } # else = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     } # policy rewrite_called_station_id = 
                                                       noop
(2) Thu Jul 13 15:27:49 2017: Debug:     policy filter_username {
(2) Thu Jul 13 15:27:49 2017: Debug:       if (&User-Name) {
(2) Thu Jul 13 15:27:49 2017: Debug:       if (&User-Name)  -> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug:       if (&User-Name)  {
(2) Thu Jul 13 15:27:49 2017: Debug:         if (&User-Name =~ / /) {
(2) Thu Jul 13 15:27:49 2017: Debug:         if (&User-Name =~ / /)  -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:         if (&User-Name =~ /@[^@]*@/ ) {
(2) Thu Jul 13 15:27:49 2017: Debug:         if (&User-Name =~ /@[^@]*@/ )  -> 
F                                                       ALSE
(2) Thu Jul 13 15:27:49 2017: Debug:         if (&User-Name =~ /\.\./ ) {
(2) Thu Jul 13 15:27:49 2017: Debug:         if (&User-Name =~ /\.\./ )  -> 
FALS                                                       E
(2) Thu Jul 13 15:27:49 2017: Debug:         if ((&User-Name =~ /@/) && 
(&User-N                                                       ame !~ 
/@(.+)\.(.+)$/))<mailto:/@(.+)\.(.+)$/))>  {
(2) Thu Jul 13 15:27:49 2017: Debug:         if ((&User-Name =~ /@/) && 
(&User-N                                                       ame !~ 
/@(.+)\.(.+)$/))<mailto:/@(.+)\.(.+)$/))>   -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:         if (&User-Name =~ /\.$/)  {
(2) Thu Jul 13 15:27:49 2017: Debug:         if (&User-Name =~ /\.$/)   -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:         if (&User-Name =~ 
/@\./<mailto:/@\./>)  {
(2) Thu Jul 13 15:27:49 2017: Debug:         if (&User-Name =~ 
/@\./<mailto:/@\./>)   -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:       } # if (&User-Name)  = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     } # policy filter_username = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     policy filter_password {
(2) Thu Jul 13 15:27:49 2017: Debug:       if (&User-Password &&           
(&Use                                                       r-Password != 
"%{string:User-Password}")) {
(2) Thu Jul 13 15:27:49 2017: Debug:       EXPAND %{string:User-Password}
(2) Thu Jul 13 15:27:49 2017: Debug:          --> pale
(2) Thu Jul 13 15:27:49 2017: Debug:       if (&User-Password &&           
(&Use                                                       r-Password != 
"%{string:User-Password}"))  -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:     } # policy filter_password = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     [preprocess] = ok
(2) Thu Jul 13 15:27:49 2017: Debug: suffix: Checking for suffix after "@"
(2) Thu Jul 13 15:27:49 2017: Debug: suffix: No '@' in User-Name = "ale", 
skippi                                                       ng NULL due to 
config.
(2) Thu Jul 13 15:27:49 2017: Debug:     [suffix] = noop
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Checking for prefix before "\"
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: No '\' in User-Name = "ale", 
look                                                       ing up realm NULL
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Found realm "null"
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Adding Stripped-User-Name = "ale"
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Adding Realm = "null"
(2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Authentication realm is LOCAL
(2) Thu Jul 13 15:27:49 2017: Debug:     [ntdomain] = ok
(2) Thu Jul 13 15:27:49 2017: Debug: eap: No EAP-Message, not doing EAP
(2) Thu Jul 13 15:27:49 2017: Debug:     [eap] = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     if ( !EAP-Message ) {
(2) Thu Jul 13 15:27:49 2017: Debug:     if ( !EAP-Message )  -> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug:     if ( !EAP-Message )  {
(2) Thu Jul 13 15:27:49 2017: Debug:       update {
(2) Thu Jul 13 15:27:49 2017: Debug:       } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     } # if ( !EAP-Message )  = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     policy packetfence-eap-mac-policy {
(2) Thu Jul 13 15:27:49 2017: Debug:       if ( &EAP-Type ) {
(2) Thu Jul 13 15:27:49 2017: Debug:       if ( &EAP-Type )  -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:       [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     } # policy packetfence-eap-mac-policy 
=                                                        noop
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!                                            
           !!!!!!!!!!!!!!!!!!!!!!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! Ignoring control:User-Password. 
                                                        Update your        !!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! configuration so that the 
"known                                                        good" clear text 
!!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! password is in 
Cleartext-Passwor                                                       d and 
NOT in        !!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! User-Password.                  
                                                                           !!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!                                            
           !!!!!!!!!!!!!!!!!!!!!!!
(2) Thu Jul 13 15:27:49 2017: WARNING: pap: Auth-Type already set.  Not setting 
                                                       to PAP
(2) Thu Jul 13 15:27:49 2017: Debug:     [pap] = noop
(2) Thu Jul 13 15:27:49 2017: Debug:   } # authorize = ok
(2) Thu Jul 13 15:27:49 2017: Debug: Found Auth-Type = Accept
(2) Thu Jul 13 15:27:49 2017: Debug: Auth-Type = Accept, accepting the user
(2) Thu Jul 13 15:27:49 2017: Debug: # Executing section post-auth from file 
/us                                                       
r/local/pf/raddb/sites-enabled/packetfence
(2) Thu Jul 13 15:27:49 2017: Debug:   post-auth {
(2) Thu Jul 13 15:27:49 2017: Debug:     update {
(2) Thu Jul 13 15:27:49 2017: Debug:       EXPAND %{Packet-Src-IP-Address}
(2) Thu Jul 13 15:27:49 2017: Debug:          --> 127.0.0.1
(2) Thu Jul 13 15:27:49 2017: Debug:     } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     if (! EAP-Type || (EAP-Type != TTLS  
&&                                                        EAP-Type != PEAP) ) {
(2) Thu Jul 13 15:27:49 2017: Debug:     if (! EAP-Type || (EAP-Type != TTLS  
&&                                                        EAP-Type != PEAP) )  
-> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug:     if (! EAP-Type || (EAP-Type != TTLS  
&&                                                        EAP-Type != PEAP) )  {
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Expanding URI components
(2) Thu Jul 13 15:27:49 2017: Debug: rest: EXPAND http://127.0.0.1:7070
(2) Thu Jul 13 15:27:49 2017: Debug: rest:    --> http://127.0.0.1:7070
(2) Thu Jul 13 15:27:49 2017: Debug: rest: EXPAND //radius/rest/authorize
(2) Thu Jul 13 15:27:49 2017: Debug: rest:    --> //radius/rest/authorize
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Sending HTTP POST to 
"http://127.0.0.                                                       
1:7070//radius/rest/authorize"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "User-Name"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "User-Password"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "NAS-IP-Address"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "NAS-Port"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "Event-Timestamp"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute 
"Message-Authentic                                                       ator"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute 
"Stripped-User-Nam                                                       e"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "Realm"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute 
"FreeRADIUS-Client                                                       
-IP-Address"
(2) Thu Jul 13 15:27:49 2017: Debug: rest: Processing response header
(2) Thu Jul 13 15:27:49 2017: Debug: rest:   Status : 401 (Unauthorized)
(2) Thu Jul 13 15:27:49 2017: Debug: rest:   Type   : json (application/json)
(2) Thu Jul 13 15:27:49 2017: ERROR: rest: Server returned:
(2) Thu Jul 13 15:27:49 2017: ERROR: rest: 
{"control:PacketFence-Authorization-S                                           
            tatus":"allow","Reply-Message":"CLI Access is not allowed by 
PacketFence on this                                                        
switch"}
(2) Thu Jul 13 15:27:49 2017: Debug:       [rest] = invalid
(2) Thu Jul 13 15:27:49 2017: Debug:     } # if (! EAP-Type || (EAP-Type != 
TTLS                                                         && EAP-Type != 
PEAP) )  = invalid
(2) Thu Jul 13 15:27:49 2017: Debug:   } # post-auth = invalid
(2) Thu Jul 13 15:27:49 2017: Debug: Using Post-Auth-Type Reject
(2) Thu Jul 13 15:27:49 2017: Debug: # Executing group from file 
/usr/local/pf/r                                                       
addb/sites-enabled/packetfence
(2) Thu Jul 13 15:27:49 2017: Debug:   Post-Auth-Type REJECT {
(2) Thu Jul 13 15:27:49 2017: Debug:     update {
(2) Thu Jul 13 15:27:49 2017: Debug:     } # update = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     if (! EAP-Type || (EAP-Type != TTLS  
&&                                                        EAP-Type != PEAP) ) {
(2) Thu Jul 13 15:27:49 2017: Debug:     if (! EAP-Type || (EAP-Type != TTLS  
&&                                                        EAP-Type != PEAP) )  
-> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug:     if (! EAP-Type || (EAP-Type != TTLS  
&&                                                        EAP-Type != PEAP) )  {
(2) Thu Jul 13 15:27:49 2017: Debug:       policy packetfence-audit-log-reject {
(2) Thu Jul 13 15:27:49 2017: Debug:         if (&User-Name != "dummy") {
(2) Thu Jul 13 15:27:49 2017: Debug:         if (&User-Name != "dummy")  -> TRUE
(2) Thu Jul 13 15:27:49 2017: Debug:         if (&User-Name != "dummy")  {
(2) Thu Jul 13 15:27:49 2017: Debug:           policy request-timing {
(2) Thu Jul 13 15:27:49 2017: Debug:             if 
(control:PacketFence-Request                                                    
   -Time != 0) {
(2) Thu Jul 13 15:27:49 2017: Debug:             if 
(control:PacketFence-Request                                                    
   -Time != 0)  -> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:           } # policy request-timing = noop
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: EXPAND type.reject.query
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject:    --> type.reject.query
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: Using query template 'query'
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: EXPAND %{User-Name}
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject:    --> ale
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: SQL-User-Name set to 'ale'
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: EXPAND INSERT INTO 
radius_audit                                                       _log         
      ( mac, ip, computer_name, user_name,                stripped_             
                                          user_name,  realm, event_type,        
        switch_id, switch_mac, switch_ip_a                                      
                 ddress,                radius_source_ip_address, 
called_station_id, calling_stat                                                 
      ion_id,                nas_port_type, ssid, nas_port_id,                
ifindex,                                                        nas_port, 
connection_type,                nas_ip_address, nas_identifier, auth_           
                                            status,                reason, 
auth_type, eap_type,                role, node_st                               
                        atus, profile,                source, auto_reg, 
is_phone,                pf_doma                                                
       in, uuid, radius_request,                radius_reply, request_time)     
                                                                VALUES          
     ( '%{request:Calling-Station-Id}', '%{request:Framed-IP-A                  
                                     ddress}', 
'%{%{control:PacketFence-Computer-Name}:-N/A}', '%{request:User-Name}'          
                                             ,                
'%{request:Stripped-User-Name}', '%{request:Realm}', 'Radius-Ac                 
                                      cess-Request',                
'%{%{control:PacketFence-Switch-Id}:-N/A}', '%{%{c                              
                         ontrol:PacketFence-Switch-Mac}:-N/A}', 
'%{%{control:PacketFence-Switch-Ip-Addres                                       
                s}:-N/A}',                '%{Packet-Src-IP-Address}', 
'%{request:Called-Station-                                                      
 Id}', '%{request:Calling-Station-Id}',                
'%{request:NAS-Port-Type}'                                                      
 , '%{request:Called-Station-SSID}', '%{request:NAS-Port-Id}',                
'%{                                                       
%{control:PacketFence-IfIndex}:-N/A}', '%{request:NAS-Port}', 
'%{%{control:Packe                                                       
tFence-Connection-Type}:-N/A}',                '%{request:NAS-IP-Address}', 
'%{r                                                       
equest:NAS-Identifier}',  'Reject',                 
'%{request:Module-Failure-Me                                                    
   ssage}', '%{control:Auth-Type}', '%{request:EAP-Type}',                
'%{%{cont                                                       
rol:PacketFence-Role}:-N/A}', '%{%{control:PacketFence-Status}:-N/A}', 
'%{%{cont                                                       
rol:PacketFence-Profile}:-N/A}',                
'%{%{control:PacketFence-Source}                                                
       :-N/A}', '%{%{control:PacketFence-AutoReg}:-N/A}', 
'%{%{control:PacketFence-IsPh                                                   
    one}:-N/A}',                '%{request:PacketFence-Domain}', '', 
'%{pairs:&reque                                                       
st:[*]}','%{pairs:&reply:[*]}', '%{%{control:PacketFence-Request-Time}:-N/A}')
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject:    --> INSERT INTO 
radius_audit                                                       _log         
      ( mac, ip, computer_name, user_name,                stripped_             
                                          user_name,  realm, event_type,        
        switch_id, switch_mac, switch_ip_a                                      
                 ddress,                radius_source_ip_address, 
called_station_id, calling_stat                                                 
      ion_id,                nas_port_type, ssid, nas_port_id,                
ifindex,                                                        nas_port, 
connection_type,                nas_ip_address, nas_identifier, auth_           
                                            status,                reason, 
auth_type, eap_type,                role, node_st                               
                        atus, profile,                source, auto_reg, 
is_phone,                pf_doma                                                
       in, uuid, radius_request,                radius_reply, request_time)     
                                                                VALUES          
     ( '', '', 'N/A', 'ale',                'ale', 'null', 'Ra                  
                                     dius-Access-Request',                
'N/A', 'N/A', 'N/A',                '127.0.                                     
                  0.1', '', '',                '', '', '',                
'N/A', '12', 'N/A',                                                             
          '153.47.30.99', '',  'Reject',                 'rest: Server returned 
                                                      :', 'Accept', '',         
       'N/A', 'N/A', 'N/A',                'N/A', 'N/A                          
                             ', 'N/A',                '', '', 'User-Name =3D 
=22ale=22=2C User-Password =3D =                                                
       22=2A=2A=2A=2A=2A=2A=22=2C NAS-IP-Address =3D 153.47.30.99=2C NAS-Port 
=3D 12=2C                                                        
Event-Timestamp =3D =22Jul 13 2017 15:27:49 UTC=22=2C Message-Authenticator =3D 
                                                       
0x952a6bbbaa25fb2f8c80772d743956be=2C Stripped-User-Name =3D =22ale=22=2C Realm 
                                                       =3D =22null=22=2C 
FreeRADIUS-Client-IP-Address =3D 127.0.0.1=2C Module-Failure-                   
                                    Message =3D =22rest: Server returned:=22=2C 
Module-Failure-Message =3D =22rest:                                             
           
=7B=5C=22control:PacketFence-Authorization-Status=5C=22:=5C=22allow=5C=22=2C=5C=
                                                       
22Reply-Message=5C=22:=5C=22CLI Access is not allowed by PacketFence on this 
swi                                                       tch=5C=22=7D=22=2C 
SQL-User-Name =3D =22ale=22','', '0')
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: Executing query: INSERT INTO 
ra                                                       dius_audit_log         
      ( mac, ip, computer_name, user_name,                                      
                                 stripped_user_name,  realm, event_type,        
        switch_id, switch_mac, s                                                
       witch_ip_address,                radius_source_ip_address, 
called_station_id, ca                                                       
lling_station_id,                nas_port_type, ssid, nas_port_id,              
                                                         ifindex, nas_port, 
connection_type,                nas_ip_address, nas_identif                     
                                  ier, auth_status,                reason, 
auth_type, eap_type,                rol                                         
              e, node_status, profile,                source, auto_reg, 
is_phone,                                                                       
pf_domain, uuid, radius_request,                radius_reply, request_time)     
                                                                VALUES          
     ( '', '', 'N/A', 'ale',                'ale', '                            
                           null', 'Radius-Access-Request',                
'N/A', 'N/A', 'N/A',                                                            
           '127.0.0.1', '', '',                '', '', '',                
'N/A', '12', '                                                       N/A',      
          '153.47.30.99', '',  'Reject',                 'rest: Serve           
                                            r returned:', 'Accept', '',         
       'N/A', 'N/A', 'N/A',                '                                    
                   N/A', 'N/A', 'N/A',                '', '', 'User-Name =3D 
=22ale=22=2C User-Pass                                                       
word =3D =22=2A=2A=2A=2A=2A=2A=22=2C NAS-IP-Address =3D 153.47.30.99=2C 
NAS-Port                                                        =3D 12=2C 
Event-Timestamp =3D =22Jul 13 2017 15:27:49 UTC=22=2C Message-Authent           
                                            icator =3D 
0x952a6bbbaa25fb2f8c80772d743956be=2C Stripped-User-Name =3D =22ale=2           
                                            2=2C Realm =3D =22null=22=2C 
FreeRADIUS-Client-IP-Address =3D 127.0.0.1=2C Modul                             
                          e-Failure-Message =3D =22rest: Server returned:=22=2C 
Module-Failure-Message =3D                                                      
  =22rest: 
=7B=5C=22control:PacketFence-Authorization-Status=5C=22:=5C=22allow=5C          
                                             
=22=2C=5C=22Reply-Message=5C=22:=5C=22CLI Access is not allowed by PacketFence 
o                                                       n this 
switch=5C=22=7D=22=2C SQL-User-Name =3D =22ale=22','', '0')
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: SQL query returned: success
(2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: 1 record(s) updated
(2) Thu Jul 13 15:27:49 2017: Debug:           [sql_reject] = ok
(2) Thu Jul 13 15:27:49 2017: Debug:         } # if (&User-Name != "dummy")  = 
o                                                       k
(2) Thu Jul 13 15:27:49 2017: Debug:       } # policy 
packetfence-audit-log-reje                                                      
 ct = ok
(2) Thu Jul 13 15:27:49 2017: Debug:     } # if (! EAP-Type || (EAP-Type != 
TTLS                                                         && EAP-Type != 
PEAP) )  = ok
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.access_reject: EXPAND 
%{User-Na                                                       me}
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.access_reject:    --> ale
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.access_reject: Matched entry 
DE                                                       FAULT at line 11
(2) Thu Jul 13 15:27:49 2017: Debug:     [attr_filter.access_reject] = updated
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.packetfence_post_auth: EXPAND 
%                                                       {User-Name}
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.packetfence_post_auth:    --> 
a                                                       le
(2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.packetfence_post_auth: Matched 
                                                       entry DEFAULT at line 10
(2) Thu Jul 13 15:27:49 2017: Debug:     [attr_filter.packetfence_post_auth] = 
u                                                       pdated
(2) Thu Jul 13 15:27:49 2017: Debug:     [eap] = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     policy remove_reply_message_if_eap {
(2) Thu Jul 13 15:27:49 2017: Debug:       if (&reply:EAP-Message && 
&reply:Repl                                                       y-Message) {
(2) Thu Jul 13 15:27:49 2017: Debug:       if (&reply:EAP-Message && 
&reply:Repl                                                       y-Message)  
-> FALSE
(2) Thu Jul 13 15:27:49 2017: Debug:       else {
(2) Thu Jul 13 15:27:49 2017: Debug:         [noop] = noop
(2) Thu Jul 13 15:27:49 2017: Debug:       } # else = noop
(2) Thu Jul 13 15:27:49 2017: Debug:     } # policy remove_reply_message_if_eap 
                                                       = noop
(2) Thu Jul 13 15:27:49 2017: Debug: linelog: EXPAND 
messages.%{%{reply:Packet-T                                                     
  ype}:-default}
(2) Thu Jul 13 15:27:49 2017: Debug: linelog:    --> messages.Access-Reject
(2) Thu Jul 13 15:27:49 2017: Debug: linelog: EXPAND %t : 
[mac:%{Calling-Station                                                       
-Id}] Rejected user: %{User-Name}
(2) Thu Jul 13 15:27:49 2017: Debug: linelog:    --> Thu Jul 13 15:27:49 2017 : 
                                                       [mac:] Rejected user: ale
(2) Thu Jul 13 15:27:49 2017: Debug:     [linelog] = ok
(2) Thu Jul 13 15:27:49 2017: Debug:   } # Post-Auth-Type REJECT = updated
(2) Thu Jul 13 15:27:49 2017: Debug: Delaying response for 1.000000 seconds
(2) Thu Jul 13 15:27:50 2017: Debug: Sending delayed response
(2) Thu Jul 13 15:27:50 2017: Debug: Sent Access-Reject Id 72 from 
127.0.0.1:181                                                       20 to 
127.0.0.1:43886 length 20
(2) Thu Jul 13 15:27:54 2017: Debug: Cleaning up request packet ID 72 with 
times                                                       tamp +459




------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot




_______________________________________________

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users