Hello Alessandro,
You need to use eapol_test for eap test:
%eapol_test -c<config file> -a<IP of your RADIUS server> -p<Port> -s<SECRET>
Example config file:
network={
ssid="test"
key_mgmt=IEEE8021X
eap=<PEAP or TTLS>
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
phase2="auth=MSCHAPV2"
identity="<username@realm>"
password="<PASSWORD>"
}
Regards
Fabrice
Le 2017-07-17 à 05:45, Alessandro Canella a écrit :
>
> Hello Fabrice,
>
>
>
> test are made with local radtest (I’ve switch configured
> and…unaccessible… and a Windows Radius test tool too) as I seen from log.
>
>
>
> (2) Thu Jul 13 15:27:49 2017: Debug: EXPAND %{Packet-Src-IP-Address}
>
> (2) Thu Jul 13 15:27:49 2017: Debug: --> 127.0.0.1
>
>
>
>
>
> *Da:*Durand fabrice via PacketFence-users
> [mailto:packetfence-users@lists.sourceforge.net]
> *Inviato:* venerdì 14 luglio 2017 02.29
> *A:* packetfence-users@lists.sourceforge.net
> *Cc:* Durand fabrice
> *Oggetto:* Re: [PacketFence-users] radius rejected.
>
>
>
> Hello Alessandro,
>
> does the request is coming from a switch ?
>
> It miss the Calling-Station-Id attribute.
>
> Regards
>
> Fabrice
>
>
>
>
>
> Le 2017-07-13 à 13:01, Alessandro Canella via PacketFence-users a écrit :
>
> Hello,
>
>
>
> I’m using ZEN, latest download from site. I do not plan to join
> AD/LDAP but only to use local users.
>
>
>
>
>
> I’ve created local users in RADDB but according to precedent posts
> in mailing lists I’ve deleted it and planned to use only “person”
> in web interface.
>
>
>
> Plaintext password are enabled in advanced config and I’ve added
> “packetfence-local-auth” both in
> /usr/local/pf/conf/radiusd/packetfence-tunnel and in in authorize
> section just after
>
> packetfence-eap-mac-policy in conf/radiusd/packetfence
>
>
>
> but debug still shows logs attached below…
>
>
>
> thanks in advance…
>
>
>
>
>
> (2) Thu Jul 13 15:27:49 2017: Debug: Received Access-Request Id 72
> from 127.0.0.
> 1:43886 to 127.0.0.1:18120 length 73
>
> (2) Thu Jul 13 15:27:49 2017: Debug: User-Name = "ale"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: User-Password = "pale"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: NAS-IP-Address = 153.47.30.99
>
> (2) Thu Jul 13 15:27:49 2017: Debug: NAS-Port = 12
>
> (2) Thu Jul 13 15:27:49 2017: Debug: Message-Authenticator =
> 0x952a6bbbaa25fb2
> f8c80772d743956be
>
> (2) Thu Jul 13 15:27:49 2017: Debug: # Executing section authorize
> from file
> /us
> r/local/pf/raddb/sites-enabled/packetfence
>
> (2) Thu Jul 13 15:27:49 2017: Debug: authorize {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: update {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: EXPAND
> %{Packet-Src-IP-Address}
>
> (2) Thu Jul 13 15:27:49 2017: Debug: --> 127.0.0.1
>
> (2) Thu Jul 13 15:27:49 2017: Debug: EXPAND %l
>
> (2) Thu Jul 13 15:27:49 2017: Debug: --> 1499959669
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: policy
> rewrite_calling_station_id {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&Calling-Station-Id
> &&
> (&Calling-
> Station-Id =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9
>
> a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
> {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&Calling-Station-Id
> &&
> (&Calling-
> Station-Id =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9
>
> a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
> -> FALSE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: else {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # else = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # policy
> rewrite_calling_station_id
> = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: policy
> rewrite_called_station_id {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if
> ((&Called-Station-Id) && (&Called-
> Station-Id =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9
>
>
> a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
> {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if
> ((&Called-Station-Id) &&
> (&Called-
> Station-Id =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9
>
>
> a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
> - > FALSE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: else {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # else = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # policy
> rewrite_called_station_id
> = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: policy filter_username {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name) -> TRUE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ / /) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~ /
> /) -> FALSE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~
> /@[^@]*@/ ) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~
> /@[^@]*@/ ) -> F
> ALSE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~
> /\.\./ ) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~
> /\.\./ ) -> FALS
> E
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if ((&User-Name =~
> /@/) &&
> (&User-N ame
> !~ /@(.+)\.(.+)$/)) <mailto:/@%28.+%29%5C.%28.+%29$/%29%29> {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if ((&User-Name =~
> /@/) &&
> (&User-N ame
> !~ /@(.+)\.(.+)$/)) <mailto:/@%28.+%29%5C.%28.+%29$/%29%29> -> FALSE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~
> /\.$/) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~
> /\.$/) -> FALSE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~
> /@\./ <mailto:/@%5C./>) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name =~
> /@\./ <mailto:/@%5C./>) -> FALSE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # if (&User-Name) = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # policy
> filter_username = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: policy filter_password {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Password
> &&
> (&Use
> r-Password != "%{string:User-Password}")) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: EXPAND
> %{string:User-Password}
>
> (2) Thu Jul 13 15:27:49 2017: Debug: --> pale
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Password
> && (&Use
> r-Password !=
> "%{string:User-Password}")) -> FALSE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # policy
> filter_password = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: [preprocess] = ok
>
> (2) Thu Jul 13 15:27:49 2017: Debug: suffix: Checking for suffix
> after "@"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: suffix: No '@' in User-Name =
> "ale",
> skippi ng
> NULL due to config.
>
> (2) Thu Jul 13 15:27:49 2017: Debug: [suffix] = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Checking for prefix
> before "\"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: No '\' in User-Name
> = "ale",
> look ing up
> realm NULL
>
> (2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Found realm "null"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Adding
> Stripped-User-Name = "ale"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Adding Realm = "null"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: ntdomain: Authentication
> realm is LOCAL
>
> (2) Thu Jul 13 15:27:49 2017: Debug: [ntdomain] = ok
>
> (2) Thu Jul 13 15:27:49 2017: Debug: eap: No EAP-Message, not
> doing EAP
>
> (2) Thu Jul 13 15:27:49 2017: Debug: [eap] = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if ( !EAP-Message ) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if ( !EAP-Message ) -> TRUE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if ( !EAP-Message ) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: update {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # if ( !EAP-Message )
> = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: policy
> packetfence-eap-mac-policy {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if ( &EAP-Type ) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if ( &EAP-Type ) -> FALSE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # policy
> packetfence-eap-mac-policy
> = noop
>
> (2) Thu Jul 13 15:27:49 2017: WARNING: pap:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
> !!!!!!!!!!!!!!!!!!!!!!!
>
> (2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! Ignoring
> control:User-Password.
> Update your !!!
>
> (2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! configuration so
> that the
> "known
> good" clear text !!!
>
> (2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!! password is in
> Cleartext-Passwor
> d and NOT in !!!
>
> (2) Thu Jul 13 15:27:49 2017: WARNING: pap: !!!
> User-Password.
>
> !!!
>
> (2) Thu Jul 13 15:27:49 2017: WARNING: pap:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
> !!!!!!!!!!!!!!!!!!!!!!!
>
> (2) Thu Jul 13 15:27:49 2017: WARNING: pap: Auth-Type already
> set. Not setting
> to PAP
>
> (2) Thu Jul 13 15:27:49 2017: Debug: [pap] = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # authorize = ok
>
> (2) Thu Jul 13 15:27:49 2017: Debug: Found Auth-Type = Accept
>
> (2) Thu Jul 13 15:27:49 2017: Debug: Auth-Type = Accept, accepting
> the user
>
> (2) Thu Jul 13 15:27:49 2017: Debug: # Executing section post-auth
> from file
> /us
> r/local/pf/raddb/sites-enabled/packetfence
>
> (2) Thu Jul 13 15:27:49 2017: Debug: post-auth {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: update {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: EXPAND
> %{Packet-Src-IP-Address}
>
> (2) Thu Jul 13 15:27:49 2017: Debug: --> 127.0.0.1
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type ||
> (EAP-Type != TTLS
> && EAP-Type
> != PEAP) ) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type ||
> (EAP-Type != TTLS
> && EAP-Type
> != PEAP) ) -> TRUE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type ||
> (EAP-Type != TTLS
> && EAP-Type
> != PEAP) ) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Expanding URI components
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: EXPAND
> http://127.0.0.1:7070
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: -->
> http://127.0.0.1:7070
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: EXPAND
> //radius/rest/authorize
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: -->
> //radius/rest/authorize
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Sending HTTP POST to
> "http://127.0.0.
> 1:7070//radius/rest/authorize"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
> "User-Name"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
> "User-Password"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
> "NAS-IP-Address"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
> "NAS-Port"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
> "Event-Timestamp"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
> "Message-Authentic
> ator"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
> "Stripped-User-Nam
> e"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute "Realm"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Encoding attribute
> "FreeRADIUS-Client
> -IP-Address"
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Processing response header
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Status : 401
> (Unauthorized)
>
> (2) Thu Jul 13 15:27:49 2017: Debug: rest: Type : json
> (application/json)
>
> (2) Thu Jul 13 15:27:49 2017: ERROR: rest: Server returned:
>
> (2) Thu Jul 13 15:27:49 2017: ERROR: rest:
> {"control:PacketFence-Authorization-S
>
> tatus":"allow","Reply-Message":"CLI
> Access is not allowed by PacketFence on
> this switch"}
>
> (2) Thu Jul 13 15:27:49 2017: Debug: [rest] = invalid
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # if (! EAP-Type ||
> (EAP-Type !=
> TTLS &&
> EAP-Type != PEAP) ) = invalid
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # post-auth = invalid
>
> (2) Thu Jul 13 15:27:49 2017: Debug: Using Post-Auth-Type Reject
>
> (2) Thu Jul 13 15:27:49 2017: Debug: # Executing group from file
> /usr/local/pf/r
> addb/sites-enabled/packetfence
>
> (2) Thu Jul 13 15:27:49 2017: Debug: Post-Auth-Type REJECT {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: update {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # update = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type ||
> (EAP-Type != TTLS
> && EAP-Type
> != PEAP) ) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type ||
> (EAP-Type != TTLS
> && EAP-Type
> != PEAP) ) -> TRUE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (! EAP-Type ||
> (EAP-Type != TTLS
> && EAP-Type
> != PEAP) ) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: policy
> packetfence-audit-log-reject {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name !=
> "dummy") {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name !=
> "dummy") -> TRUE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&User-Name !=
> "dummy") {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: policy request-timing {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if
> (control:PacketFence-Request
>
> -Time != 0) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if
> (control:PacketFence-Request
>
> -Time != 0) -> FALSE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # policy
> request-timing = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: EXPAND
> type.reject.query
>
> (2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: -->
> type.reject.query
>
> (2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: Using query
> template 'query'
>
> (2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: EXPAND %{User-Name}
>
> (2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: --> ale
>
> (2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: SQL-User-Name set
> to 'ale'
>
> (2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: EXPAND INSERT
> INTO
> radius_audit
> _log ( mac, ip, computer_name,
> user_name, stripped_
> user_name, realm,
> event_type, switch_id, switch_mac,
> switch_ip_a
> ddress, radius_source_ip_address,
> called_station_id, calling_stat
> ion_id,
> nas_port_type, ssid, nas_port_id,
> ifindex,
> nas_port, connection_type, nas_ip_address,
> nas_identifier,
> auth_
> status, reason, auth_type, eap_type,
> role,
> node_st
> atus, profile, source, auto_reg, is_phone,
> pf_doma
> in, uuid, radius_request, radius_reply,
> request_time)
>
> VALUES ( '%{request:Calling-Station-Id}',
> '%{request:Framed-IP-A
>
> ddress}', '%{%{control:PacketFence-Computer-Name}:-N/A}',
> '%{request:User-Name}'
>
> , '%{request:Stripped-User-Name}',
> '%{request:Realm}',
> 'Radius-Ac
> cess-Request',
> '%{%{control:PacketFence-Switch-Id}:-N/A}',
> '%{%{c
> ontrol:PacketFence-Switch-Mac}:-N/A}',
> '%{%{control:PacketFence-Switch-Ip-Addres
>
> s}:-N/A}', '%{Packet-Src-IP-Address}',
> '%{request:Called-Station-
>
> Id}', '%{request:Calling-Station-Id}',
> '%{request:NAS-Port-Type}'
>
> , '%{request:Called-Station-SSID}',
> '%{request:NAS-Port-Id}',
> '%{
> %{control:PacketFence-IfIndex}:-N/A}', '%{request:NAS-Port}',
> '%{%{control:Packe
> tFence-Connection-Type}:-N/A}',
> '%{request:NAS-IP-Address}',
> '%{r
> equest:NAS-Identifier}',
> 'Reject',
> '%{request:Module-Failure-Me
>
> ssage}', '%{control:Auth-Type}',
> '%{request:EAP-Type}',
> '%{%{cont
> rol:PacketFence-Role}:-N/A}',
> '%{%{control:PacketFence-Status}:-N/A}',
> '%{%{cont
> rol:PacketFence-Profile}:-N/A}',
> '%{%{control:PacketFence-Source}
> :-N/A}',
> '%{%{control:PacketFence-AutoReg}:-N/A}',
> '%{%{control:PacketFence-IsPh
>
> one}:-N/A}', '%{request:PacketFence-Domain}', '',
> '%{pairs:&reque
> st:[*]}','%{pairs:&reply:[*]}',
> '%{%{control:PacketFence-Request-Time}:-N/A}')
>
> (2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: --> INSERT
> INTO radius_audit
> _log ( mac, ip, computer_name,
> user_name,
> stripped_
> user_name, realm, event_type, switch_id,
> switch_mac, switch_ip_a
> ddress,
> radius_source_ip_address, called_station_id,
> calling_stat
> ion_id, nas_port_type, ssid,
> nas_port_id, ifindex,
> nas_port,
> connection_type, nas_ip_address, nas_identifier,
> auth_
> status, reason, auth_type, eap_type,
> role,
> node_st
> atus, profile, source, auto_reg,
> is_phone,
> pf_doma in,
> uuid, radius_request, radius_reply,
> request_time)
>
> VALUES ( '', '', 'N/A', 'ale', 'ale',
> 'null', 'Ra
> dius-Access-Request', 'N/A', 'N/A',
> 'N/A',
> '127.0.
> 0.1', '', '', '', '', '', 'N/A',
> '12',
> 'N/A',
>
> '153.47.30.99', '', 'Reject', 'rest: Server
> returned :',
> 'Accept', '', 'N/A', 'N/A', 'N/A',
> 'N/A', 'N/A
> ', 'N/A', '', '', 'User-Name =3D =22ale=22=2C
> User-Password =3D
> =
> 22=2A=2A=2A=2A=2A=2A=22=2C NAS-IP-Address =3D 153.47.30.99=2C
> NAS-Port =3D
> 12=2C
> Event-Timestamp =3D =22Jul 13 2017 15:27:49 UTC=22=2C
> Message-Authenticator
> =3D
> 0x952a6bbbaa25fb2f8c80772d743956be=2C Stripped-User-Name =3D
> =22ale=22=2C Realm
> =3D =22null=22=2C FreeRADIUS-Client-IP-Address =3D
> 127.0.0.1=2C
> Module-Failure-
> Message =3D =22rest: Server returned:=22=2C Module-Failure-Message
> =3D =22rest:
>
> =7B=5C=22control:PacketFence-Authorization-Status=5C=22:=5C=22allow=5C=22=2C=5C=
>
> 22Reply-Message=5C=22:=5C=22CLI Access is not allowed by
> PacketFence on this swi
> tch=5C=22=7D=22=2C
> SQL-User-Name =3D =22ale=22','', '0')
>
> (2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: Executing query:
> INSERT INTO
> ra
> dius_audit_log ( mac, ip, computer_name,
> user_name,
>
> stripped_user_name, realm, event_type, switch_id,
> switch_mac,
> s
> witch_ip_address, radius_source_ip_address,
> called_station_id,
> ca
> lling_station_id, nas_port_type, ssid,
> nas_port_id,
>
> ifindex, nas_port, connection_type,
> nas_ip_address,
> nas_identif
> ier, auth_status, reason, auth_type,
> eap_type, rol
> e, node_status, profile, source,
> auto_reg,
> is_phone,
>
> pf_domain, uuid, radius_request, radius_reply,
> request_time)
> VALUES (
> '', '', 'N/A', 'ale', 'ale',
> ' null',
> 'Radius-Access-Request', 'N/A', 'N/A',
> 'N/A',
> '127.0.0.1', '',
> '', '', '', '', 'N/A', '12',
> '
> N/A', '153.47.30.99', '',
> 'Reject', 'rest:
> Serve r
> returned:', 'Accept', '', 'N/A', 'N/A',
> 'N/A',
> ' N/A',
> 'N/A', 'N/A', '', '', 'User-Name =3D =22ale=22=2C
> User-Pass
> word =3D =22=2A=2A=2A=2A=2A=2A=22=2C NAS-IP-Address =3D
> 153.47.30.99=2C
> NAS-Port
> =3D 12=2C Event-Timestamp =3D =22Jul 13 2017 15:27:49 UTC=22=2C
> Message-Authent
> icator =3D 0x952a6bbbaa25fb2f8c80772d743956be=2C
> Stripped-User-Name =3D
> =22ale=2
> 2=2C Realm =3D =22null=22=2C FreeRADIUS-Client-IP-Address =3D
> 127.0.0.1=2C
> Modul
> e-Failure-Message =3D =22rest: Server returned:=22=2C
> Module-Failure-Message
> =3D
> =22rest:
> =7B=5C=22control:PacketFence-Authorization-Status=5C=22:=5C=22allow=5C
>
> =22=2C=5C=22Reply-Message=5C=22:=5C=22CLI Access is not allowed by
> PacketFence
> o n this
> switch=5C=22=7D=22=2C SQL-User-Name =3D =22ale=22','', '0')
>
> (2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: SQL query
> returned: success
>
> (2) Thu Jul 13 15:27:49 2017: Debug: sql_reject: 1 record(s) updated
>
> (2) Thu Jul 13 15:27:49 2017: Debug: [sql_reject] = ok
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # if (&User-Name !=
> "dummy") = o k
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # policy
> packetfence-audit-log-reje
> ct = ok
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # if (! EAP-Type ||
> (EAP-Type !=
> TTLS &&
> EAP-Type != PEAP) ) = ok
>
> (2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.access_reject:
> EXPAND
> %{User-Na me}
>
> (2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.access_reject:
> --> ale
>
> (2) Thu Jul 13 15:27:49 2017: Debug: attr_filter.access_reject:
> Matched entry DE
> FAULT at line 11
>
> (2) Thu Jul 13 15:27:49 2017: Debug:
> [attr_filter.access_reject] = updated
>
> (2) Thu Jul 13 15:27:49 2017: Debug:
> attr_filter.packetfence_post_auth: EXPAND
> % {User-Name}
>
> (2) Thu Jul 13 15:27:49 2017: Debug:
> attr_filter.packetfence_post_auth: -->
> a le
>
> (2) Thu Jul 13 15:27:49 2017: Debug:
> attr_filter.packetfence_post_auth: Matched
> entry DEFAULT at
> line 10
>
> (2) Thu Jul 13 15:27:49 2017: Debug:
> [attr_filter.packetfence_post_auth] =
> u pdated
>
> (2) Thu Jul 13 15:27:49 2017: Debug: [eap] = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: policy
> remove_reply_message_if_eap {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&reply:EAP-Message
> &&
> &reply:Repl
> y-Message) {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: if (&reply:EAP-Message
> &&
> &reply:Repl
> y-Message) -> FALSE
>
> (2) Thu Jul 13 15:27:49 2017: Debug: else {
>
> (2) Thu Jul 13 15:27:49 2017: Debug: [noop] = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # else = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # policy
> remove_reply_message_if_eap
>
> = noop
>
> (2) Thu Jul 13 15:27:49 2017: Debug: linelog: EXPAND
> messages.%{%{reply:Packet-T
>
> ype}:-default}
>
> (2) Thu Jul 13 15:27:49 2017: Debug: linelog: -->
> messages.Access-Reject
>
> (2) Thu Jul 13 15:27:49 2017: Debug: linelog: EXPAND %t :
> [mac:%{Calling-Station
> -Id}] Rejected user:
> %{User-Name}
>
> (2) Thu Jul 13 15:27:49 2017: Debug: linelog: --> Thu Jul 13
> 15:27:49 2017
> : [mac:]
> Rejected user: ale
>
> (2) Thu Jul 13 15:27:49 2017: Debug: [linelog] = ok
>
> (2) Thu Jul 13 15:27:49 2017: Debug: } # Post-Auth-Type REJECT =
> updated
>
> (2) Thu Jul 13 15:27:49 2017: Debug: Delaying response for
> 1.000000 seconds
>
> (2) Thu Jul 13 15:27:50 2017: Debug: Sending delayed response
>
> (2) Thu Jul 13 15:27:50 2017: Debug: Sent Access-Reject Id 72 from
> 127.0.0.1:181
> 20 to 127.0.0.1:43886 length 20
>
> (2) Thu Jul 13 15:27:54 2017: Debug: Cleaning up request packet ID
> 72 with times
> tamp +459
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's most
>
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
>
> _______________________________________________
>
> PacketFence-users mailing list
>
> PacketFence-users@lists.sourceforge.net
> <mailto:PacketFence-users@lists.sourceforge.net>
>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
