Hello Fabrice The error is:
Module-Failure-Message = "eap_md5: Cleartext-Password is required for EAP-MD5 authentication" Module-Failure-Message = "eap: Failed continuing EAP MD5 (4) session. EAP sub-module failed" My database password hashing is set to plaintext, and I set MD5 on the client PC (linux machine) for 802.1X connection. I have uncommented *packetfence-local-auth.* The connection profile filter is EAP-Ethernet and source is local The username password is added to PF database, by the way, the same client works without problems when I chose PEAP on the client machine. Below is the raddebug output in full detail: (28137) Mon Nov 26 10:42:36 2018: Debug: Received Access-Request Id 4 from 10.10.51.224:1812 to 10.10.50.204:1812 length 119 (28137) Mon Nov 26 10:42:36 2018: Debug: User-Name = "pica8" (28137) Mon Nov 26 10:42:36 2018: Debug: NAS-IP-Address = 0.0.0.0 (28137) Mon Nov 26 10:42:36 2018: Debug: NAS-Port-Type = Ethernet (28137) Mon Nov 26 10:42:36 2018: Debug: NAS-Port = 23 (28137) Mon Nov 26 10:42:36 2018: Debug: Called-Station-Id = "A8-2B-B5-F6-CA-01" (28137) Mon Nov 26 10:42:36 2018: Debug: Calling-Station-Id = "08-9E-01-9E-CC-FE" (28137) Mon Nov 26 10:42:36 2018: Debug: Framed-MTU = 1500 (28137) Mon Nov 26 10:42:36 2018: Debug: EAP-Message = 0x02d0000a017069636138 (28137) Mon Nov 26 10:42:36 2018: Debug: Message-Authenticator = 0xe8c76845b7dd499ff147277f9a3f4443 (28137) Mon Nov 26 10:42:36 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence (28137) Mon Nov 26 10:42:36 2018: Debug: authorize { (28137) Mon Nov 26 10:42:36 2018: Debug: update { (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{Packet-Src-IP-Address} (28137) Mon Nov 26 10:42:36 2018: Debug: --> 10.10.51.224 (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %l (28137) Mon Nov 26 10:42:36 2018: Debug: --> 1543200156 (28137) Mon Nov 26 10:42:36 2018: Debug: } # update = noop (28137) Mon Nov 26 10:42:36 2018: Debug: policy packetfence-set-tenant-id { (28137) Mon Nov 26 10:42:36 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0} (28137) Mon Nov 26 10:42:36 2018: Debug: --> 0 (28137) Mon Nov 26 10:42:36 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE (28137) Mon Nov 26 10:42:36 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { (28137) Mon Nov 26 10:42:36 2018: Debug: update control { (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{User-Name} (28137) Mon Nov 26 10:42:36 2018: Debug: --> pica8 (28137) Mon Nov 26 10:42:36 2018: Debug: SQL-User-Name set to 'pica8' (28137) Mon Nov 26 10:42:36 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '10.10.51.224'), 0) (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)} (28137) Mon Nov 26 10:42:36 2018: Debug: --> 1 (28137) Mon Nov 26 10:42:36 2018: Debug: } # update control = noop (28137) Mon Nov 26 10:42:36 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop (28137) Mon Nov 26 10:42:36 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) { (28137) Mon Nov 26 10:42:36 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> FALSE (28137) Mon Nov 26 10:42:36 2018: Debug: } # policy packetfence-set-tenant-id = noop (28137) Mon Nov 26 10:42:36 2018: Debug: policy rewrite_calling_station_id { (28137) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (28137) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (28137) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (28137) Mon Nov 26 10:42:36 2018: Debug: update request { (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (28137) Mon Nov 26 10:42:36 2018: Debug: --> 08:9e:01:9e:cc:fe (28137) Mon Nov 26 10:42:36 2018: Debug: } # update request = noop (28137) Mon Nov 26 10:42:36 2018: Debug: [updated] = updated (28137) Mon Nov 26 10:42:36 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (28137) Mon Nov 26 10:42:36 2018: Debug: ... skipping else: Preceding "if" was taken (28137) Mon Nov 26 10:42:36 2018: Debug: } # policy rewrite_calling_station_id = updated (28137) Mon Nov 26 10:42:36 2018: Debug: policy rewrite_called_station_id { (28137) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (28137) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE (28137) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (28137) Mon Nov 26 10:42:36 2018: Debug: update request { (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (28137) Mon Nov 26 10:42:36 2018: Debug: --> a8:2b:b5:f6:ca:01 (28137) Mon Nov 26 10:42:36 2018: Debug: } # update request = noop (28137) Mon Nov 26 10:42:36 2018: Debug: if ("%{8}") { (28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{8} (28137) Mon Nov 26 10:42:36 2018: Debug: --> (28137) Mon Nov 26 10:42:36 2018: Debug: if ("%{8}") -> FALSE (28137) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) { (28137) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE (28137) Mon Nov 26 10:42:36 2018: Debug: elsif (Aruba-Essid-Name) { (28137) Mon Nov 26 10:42:36 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE (28137) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) { (28137) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE (28137) Mon Nov 26 10:42:36 2018: Debug: [updated] = updated (28137) Mon Nov 26 10:42:36 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated (28137) Mon Nov 26 10:42:36 2018: Debug: ... skipping else: Preceding "if" was taken (28137) Mon Nov 26 10:42:36 2018: Debug: } # policy rewrite_called_station_id = updated (28137) Mon Nov 26 10:42:36 2018: Debug: policy filter_username { (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) { (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) -> TRUE (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) { (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ / /) { (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ / /) -> FALSE (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) { (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.\./ ) { (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE (28137) Mon Nov 26 10:42:36 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (28137) Mon Nov 26 10:42:36 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.$/) { (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@\./) { (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@\./) -> FALSE (28137) Mon Nov 26 10:42:36 2018: Debug: } # if (&User-Name) = updated (28137) Mon Nov 26 10:42:36 2018: Debug: } # policy filter_username = updated (28137) Mon Nov 26 10:42:36 2018: Debug: policy filter_password { (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) { (28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE (28137) Mon Nov 26 10:42:36 2018: Debug: } # policy filter_password = updated (28137) Mon Nov 26 10:42:36 2018: Debug: [preprocess] = ok (28137) Mon Nov 26 10:42:36 2018: Debug: suffix: Checking for suffix after "@" (28137) Mon Nov 26 10:42:36 2018: Debug: suffix: No '@' in User-Name = "pica8", skipping NULL due to config. (28137) Mon Nov 26 10:42:36 2018: Debug: [suffix] = noop (28137) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Checking for prefix before "\" (28137) Mon Nov 26 10:42:36 2018: Debug: ntdomain: No '\' in User-Name = "pica8", looking up realm NULL (28137) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Found realm "null" (28137) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Adding Stripped-User-Name = "pica8" (28137) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Adding Realm = "null" (28137) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Authentication realm is LOCAL (28137) Mon Nov 26 10:42:36 2018: Debug: [ntdomain] = ok (28137) Mon Nov 26 10:42:36 2018: Debug: eap: Peer sent EAP Response (code 2) ID 208 length 10 (28137) Mon Nov 26 10:42:36 2018: Debug: eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (28137) Mon Nov 26 10:42:36 2018: Debug: [eap] = ok (28137) Mon Nov 26 10:42:36 2018: Debug: } # authorize = ok (28137) Mon Nov 26 10:42:36 2018: Debug: Found Auth-Type = eap (28137) Mon Nov 26 10:42:36 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence (28137) Mon Nov 26 10:42:36 2018: Debug: authenticate { (28137) Mon Nov 26 10:42:36 2018: Debug: eap: Peer sent packet with method EAP Identity (1) (28137) Mon Nov 26 10:42:36 2018: Debug: eap: Calling submodule eap_peap to process data (28137) Mon Nov 26 10:42:36 2018: Debug: eap_peap: Initiating new EAP-TLS session (28137) Mon Nov 26 10:42:36 2018: Debug: eap_peap: [eaptls start] = request (28137) Mon Nov 26 10:42:36 2018: Debug: eap: Sending EAP Request (code 1) ID 209 length 6 (28137) Mon Nov 26 10:42:36 2018: Debug: eap: EAP session adding &reply:State = 0x27b6a33c2767baca (28137) Mon Nov 26 10:42:36 2018: Debug: [eap] = handled (28137) Mon Nov 26 10:42:36 2018: Debug: } # authenticate = handled (28137) Mon Nov 26 10:42:36 2018: Debug: Using Post-Auth-Type Challenge (28137) Mon Nov 26 10:42:36 2018: Debug: Post-Auth-Type sub-section not found. Ignoring. (28137) Mon Nov 26 10:42:36 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence (28137) Mon Nov 26 10:42:36 2018: Debug: Sent Access-Challenge Id 4 from 10.10.50.204:1812 to 10.10.51.224:1812 length 0 (28137) Mon Nov 26 10:42:36 2018: Debug: EAP-Message = 0x01d100061920 (28137) Mon Nov 26 10:42:36 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000 (28137) Mon Nov 26 10:42:36 2018: Debug: State = 0x27b6a33c2767bacacd0091342714d737 (28137) Mon Nov 26 10:42:36 2018: Debug: Finished request (28138) Mon Nov 26 10:42:36 2018: Debug: Received Access-Request Id 5 from 10.10.51.224:1812 to 10.10.50.204:1812 length 133 (28138) Mon Nov 26 10:42:36 2018: Debug: User-Name = "pica8" (28138) Mon Nov 26 10:42:36 2018: Debug: NAS-IP-Address = 0.0.0.0 (28138) Mon Nov 26 10:42:36 2018: Debug: NAS-Port-Type = Ethernet (28138) Mon Nov 26 10:42:36 2018: Debug: NAS-Port = 23 (28138) Mon Nov 26 10:42:36 2018: Debug: Called-Station-Id = "A8-2B-B5-F6-CA-01" (28138) Mon Nov 26 10:42:36 2018: Debug: Calling-Station-Id = "08-9E-01-9E-CC-FE" (28138) Mon Nov 26 10:42:36 2018: Debug: Framed-MTU = 1500 (28138) Mon Nov 26 10:42:36 2018: Debug: EAP-Message = 0x02d100060304 (28138) Mon Nov 26 10:42:36 2018: Debug: State = 0x27b6a33c2767bacacd0091342714d737 (28138) Mon Nov 26 10:42:36 2018: Debug: Message-Authenticator = 0x744294743dd7d50db72851b55300f361 (28138) Mon Nov 26 10:42:36 2018: Debug: session-state: No cached attributes (28138) Mon Nov 26 10:42:36 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence (28138) Mon Nov 26 10:42:36 2018: Debug: authorize { (28138) Mon Nov 26 10:42:36 2018: Debug: update { (28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{Packet-Src-IP-Address} (28138) Mon Nov 26 10:42:36 2018: Debug: --> 10.10.51.224 (28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %l (28138) Mon Nov 26 10:42:36 2018: Debug: --> 1543200156 (28138) Mon Nov 26 10:42:36 2018: Debug: } # update = noop (28138) Mon Nov 26 10:42:36 2018: Debug: policy packetfence-set-tenant-id { (28138) Mon Nov 26 10:42:36 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { (28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0} (28138) Mon Nov 26 10:42:36 2018: Debug: --> 0 (28138) Mon Nov 26 10:42:36 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE (28138) Mon Nov 26 10:42:36 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { (28138) Mon Nov 26 10:42:36 2018: Debug: update control { (28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{User-Name} (28138) Mon Nov 26 10:42:36 2018: Debug: --> pica8 (28138) Mon Nov 26 10:42:36 2018: Debug: SQL-User-Name set to 'pica8' (28138) Mon Nov 26 10:42:36 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '10.10.51.224'), 0) (28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)} (28138) Mon Nov 26 10:42:36 2018: Debug: --> 1 (28138) Mon Nov 26 10:42:36 2018: Debug: } # update control = noop (28138) Mon Nov 26 10:42:36 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop (28138) Mon Nov 26 10:42:36 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) { (28138) Mon Nov 26 10:42:36 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: } # policy packetfence-set-tenant-id = noop (28138) Mon Nov 26 10:42:36 2018: Debug: policy rewrite_calling_station_id { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (28138) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (28138) Mon Nov 26 10:42:36 2018: Debug: update request { (28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (28138) Mon Nov 26 10:42:36 2018: Debug: --> 08:9e:01:9e:cc:fe (28138) Mon Nov 26 10:42:36 2018: Debug: } # update request = noop (28138) Mon Nov 26 10:42:36 2018: Debug: [updated] = updated (28138) Mon Nov 26 10:42:36 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (28138) Mon Nov 26 10:42:36 2018: Debug: ... skipping else: Preceding "if" was taken (28138) Mon Nov 26 10:42:36 2018: Debug: } # policy rewrite_calling_station_id = updated (28138) Mon Nov 26 10:42:36 2018: Debug: policy rewrite_called_station_id { (28138) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (28138) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE (28138) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (28138) Mon Nov 26 10:42:36 2018: Debug: update request { (28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (28138) Mon Nov 26 10:42:36 2018: Debug: --> a8:2b:b5:f6:ca:01 (28138) Mon Nov 26 10:42:36 2018: Debug: } # update request = noop (28138) Mon Nov 26 10:42:36 2018: Debug: if ("%{8}") { (28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{8} (28138) Mon Nov 26 10:42:36 2018: Debug: --> (28138) Mon Nov 26 10:42:36 2018: Debug: if ("%{8}") -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) { (28138) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: elsif (Aruba-Essid-Name) { (28138) Mon Nov 26 10:42:36 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) { (28138) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: [updated] = updated (28138) Mon Nov 26 10:42:36 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated (28138) Mon Nov 26 10:42:36 2018: Debug: ... skipping else: Preceding "if" was taken (28138) Mon Nov 26 10:42:36 2018: Debug: } # policy rewrite_called_station_id = updated (28138) Mon Nov 26 10:42:36 2018: Debug: policy filter_username { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) -> TRUE (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ / /) { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ / /) -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.\./ ) { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (28138) Mon Nov 26 10:42:36 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.$/) { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@\./) { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@\./) -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: } # if (&User-Name) = updated (28138) Mon Nov 26 10:42:36 2018: Debug: } # policy filter_username = updated (28138) Mon Nov 26 10:42:36 2018: Debug: policy filter_password { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: } # policy filter_password = updated (28138) Mon Nov 26 10:42:36 2018: Debug: [preprocess] = ok (28138) Mon Nov 26 10:42:36 2018: Debug: suffix: Checking for suffix after "@" (28138) Mon Nov 26 10:42:36 2018: Debug: suffix: No '@' in User-Name = "pica8", skipping NULL due to config. (28138) Mon Nov 26 10:42:36 2018: Debug: [suffix] = noop (28138) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Checking for prefix before "\" (28138) Mon Nov 26 10:42:36 2018: Debug: ntdomain: No '\' in User-Name = "pica8", looking up realm NULL (28138) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Found realm "null" (28138) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Adding Stripped-User-Name = "pica8" (28138) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Adding Realm = "null" (28138) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Authentication realm is LOCAL (28138) Mon Nov 26 10:42:36 2018: Debug: [ntdomain] = ok (28138) Mon Nov 26 10:42:36 2018: Debug: eap: Peer sent EAP Response (code 2) ID 209 length 6 (28138) Mon Nov 26 10:42:36 2018: Debug: eap: No EAP Start, assuming it's an on-going EAP conversation (28138) Mon Nov 26 10:42:36 2018: Debug: [eap] = updated (28138) Mon Nov 26 10:42:36 2018: Debug: if ( !EAP-Message ) { (28138) Mon Nov 26 10:42:36 2018: Debug: if ( !EAP-Message ) -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: policy packetfence-eap-mac-policy { (28138) Mon Nov 26 10:42:36 2018: Debug: if ( &EAP-Type ) { (28138) Mon Nov 26 10:42:36 2018: Debug: if ( &EAP-Type ) -> TRUE (28138) Mon Nov 26 10:42:36 2018: Debug: if ( &EAP-Type ) { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (28138) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (28138) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (28138) Mon Nov 26 10:42:36 2018: Debug: update { (28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{tolower:%{1}%{2}%{3}%{4}%{5}%{6}} (28138) Mon Nov 26 10:42:36 2018: Debug: --> 089e019eccfe (28138) Mon Nov 26 10:42:36 2018: Debug: } # update = noop (28138) Mon Nov 26 10:42:36 2018: Debug: if ( &Tmp-String-1 == "%{tolower:%{User-Name}}" ) { (28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{tolower:%{User-Name}} (28138) Mon Nov 26 10:42:36 2018: Debug: --> pica8 (28138) Mon Nov 26 10:42:36 2018: Debug: if ( &Tmp-String-1 == "%{tolower:%{User-Name}}" ) -> FALSE (28138) Mon Nov 26 10:42:36 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = noop (28138) Mon Nov 26 10:42:36 2018: Debug: } # if ( &EAP-Type ) = noop (28138) Mon Nov 26 10:42:36 2018: Debug: [noop] = noop (28138) Mon Nov 26 10:42:36 2018: Debug: } # policy packetfence-eap-mac-policy = noop (28138) Mon Nov 26 10:42:36 2018: WARNING: pap: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (28138) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! Ignoring control:User-Password. Update your !!! (28138) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! configuration so that the "known good" clear text !!! (28138) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! password is in Cleartext-Password and NOT in !!! (28138) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! User-Password. !!! (28138) Mon Nov 26 10:42:36 2018: WARNING: pap: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (28138) Mon Nov 26 10:42:36 2018: WARNING: pap: No "known good" password found for the user. Not setting Auth-Type (28138) Mon Nov 26 10:42:36 2018: WARNING: pap: Authentication will fail unless a "known good" password is available (28138) Mon Nov 26 10:42:36 2018: Debug: [pap] = noop (28138) Mon Nov 26 10:42:36 2018: Debug: } # authorize = updated (28138) Mon Nov 26 10:42:36 2018: Debug: Found Auth-Type = eap (28138) Mon Nov 26 10:42:36 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence (28138) Mon Nov 26 10:42:36 2018: Debug: authenticate { (28138) Mon Nov 26 10:42:36 2018: Debug: eap: Expiring EAP session with state 0x27b6a33c2767baca (28138) Mon Nov 26 10:42:36 2018: Debug: eap: Finished EAP session with state 0x27b6a33c2767baca (28138) Mon Nov 26 10:42:36 2018: Debug: eap: Previous EAP request found for state 0x27b6a33c2767baca, released from the list (28138) Mon Nov 26 10:42:36 2018: Debug: eap: Peer sent packet with method EAP NAK (3) (28138) Mon Nov 26 10:42:36 2018: Debug: eap: Found mutually acceptable type MD5 (4) (28138) Mon Nov 26 10:42:36 2018: Debug: eap: Calling submodule eap_md5 to process data (28138) Mon Nov 26 10:42:36 2018: Debug: eap_md5: Issuing MD5 Challenge (28138) Mon Nov 26 10:42:36 2018: Debug: eap: Sending EAP Request (code 1) ID 210 length 22 (28138) Mon Nov 26 10:42:36 2018: Debug: eap: EAP session adding &reply:State = 0x27b6a33c2664a7ca (28138) Mon Nov 26 10:42:36 2018: Debug: [eap] = handled (28138) Mon Nov 26 10:42:36 2018: Debug: } # authenticate = handled (28138) Mon Nov 26 10:42:36 2018: Debug: Using Post-Auth-Type Challenge (28138) Mon Nov 26 10:42:36 2018: Debug: Post-Auth-Type sub-section not found. Ignoring. (28138) Mon Nov 26 10:42:36 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence (28138) Mon Nov 26 10:42:36 2018: Debug: Sent Access-Challenge Id 5 from 10.10.50.204:1812 to 10.10.51.224:1812 length 0 (28138) Mon Nov 26 10:42:36 2018: Debug: EAP-Message = 0x01d20016041086f49986e4d242c6ff367ce012fbb646 (28138) Mon Nov 26 10:42:36 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000 (28138) Mon Nov 26 10:42:36 2018: Debug: State = 0x27b6a33c2664a7cacd0091342714d737 (28138) Mon Nov 26 10:42:36 2018: Debug: Finished request (28139) Mon Nov 26 10:42:36 2018: Debug: Received Access-Request Id 6 from 10.10.51.224:1812 to 10.10.50.204:1812 length 149 (28139) Mon Nov 26 10:42:36 2018: Debug: User-Name = "pica8" (28139) Mon Nov 26 10:42:36 2018: Debug: NAS-IP-Address = 0.0.0.0 (28139) Mon Nov 26 10:42:36 2018: Debug: NAS-Port-Type = Ethernet (28139) Mon Nov 26 10:42:36 2018: Debug: NAS-Port = 23 (28139) Mon Nov 26 10:42:36 2018: Debug: Called-Station-Id = "A8-2B-B5-F6-CA-01" (28139) Mon Nov 26 10:42:36 2018: Debug: Calling-Station-Id = "08-9E-01-9E-CC-FE" (28139) Mon Nov 26 10:42:36 2018: Debug: Framed-MTU = 1500 (28139) Mon Nov 26 10:42:36 2018: Debug: EAP-Message = 0x02d200160410f7cd748d9a9e9aac4a432e8f2474575d (28139) Mon Nov 26 10:42:36 2018: Debug: State = 0x27b6a33c2664a7cacd0091342714d737 (28139) Mon Nov 26 10:42:36 2018: Debug: Message-Authenticator = 0xa01b4fc4fabd44ae90c589966f7d4782 (28139) Mon Nov 26 10:42:36 2018: Debug: session-state: No cached attributes (28139) Mon Nov 26 10:42:36 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence (28139) Mon Nov 26 10:42:36 2018: Debug: authorize { (28139) Mon Nov 26 10:42:36 2018: Debug: update { (28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{Packet-Src-IP-Address} (28139) Mon Nov 26 10:42:36 2018: Debug: --> 10.10.51.224 (28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %l (28139) Mon Nov 26 10:42:36 2018: Debug: --> 1543200156 (28139) Mon Nov 26 10:42:36 2018: Debug: } # update = noop (28139) Mon Nov 26 10:42:36 2018: Debug: policy packetfence-set-tenant-id { (28139) Mon Nov 26 10:42:36 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { (28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0} (28139) Mon Nov 26 10:42:36 2018: Debug: --> 0 (28139) Mon Nov 26 10:42:36 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE (28139) Mon Nov 26 10:42:36 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { (28139) Mon Nov 26 10:42:36 2018: Debug: update control { (28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{User-Name} (28139) Mon Nov 26 10:42:36 2018: Debug: --> pica8 (28139) Mon Nov 26 10:42:36 2018: Debug: SQL-User-Name set to 'pica8' (28139) Mon Nov 26 10:42:36 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '10.10.51.224'), 0) (28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)} (28139) Mon Nov 26 10:42:36 2018: Debug: --> 1 (28139) Mon Nov 26 10:42:36 2018: Debug: } # update control = noop (28139) Mon Nov 26 10:42:36 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop (28139) Mon Nov 26 10:42:36 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) { (28139) Mon Nov 26 10:42:36 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: } # policy packetfence-set-tenant-id = noop (28139) Mon Nov 26 10:42:36 2018: Debug: policy rewrite_calling_station_id { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (28139) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (28139) Mon Nov 26 10:42:36 2018: Debug: update request { (28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (28139) Mon Nov 26 10:42:36 2018: Debug: --> 08:9e:01:9e:cc:fe (28139) Mon Nov 26 10:42:36 2018: Debug: } # update request = noop (28139) Mon Nov 26 10:42:36 2018: Debug: [updated] = updated (28139) Mon Nov 26 10:42:36 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (28139) Mon Nov 26 10:42:36 2018: Debug: ... skipping else: Preceding "if" was taken (28139) Mon Nov 26 10:42:36 2018: Debug: } # policy rewrite_calling_station_id = updated (28139) Mon Nov 26 10:42:36 2018: Debug: policy rewrite_called_station_id { (28139) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (28139) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE (28139) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (28139) Mon Nov 26 10:42:36 2018: Debug: update request { (28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (28139) Mon Nov 26 10:42:36 2018: Debug: --> a8:2b:b5:f6:ca:01 (28139) Mon Nov 26 10:42:36 2018: Debug: } # update request = noop (28139) Mon Nov 26 10:42:36 2018: Debug: if ("%{8}") { (28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{8} (28139) Mon Nov 26 10:42:36 2018: Debug: --> (28139) Mon Nov 26 10:42:36 2018: Debug: if ("%{8}") -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) { (28139) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: elsif (Aruba-Essid-Name) { (28139) Mon Nov 26 10:42:36 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) { (28139) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: [updated] = updated (28139) Mon Nov 26 10:42:36 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated (28139) Mon Nov 26 10:42:36 2018: Debug: ... skipping else: Preceding "if" was taken (28139) Mon Nov 26 10:42:36 2018: Debug: } # policy rewrite_called_station_id = updated (28139) Mon Nov 26 10:42:36 2018: Debug: policy filter_username { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) -> TRUE (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ / /) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ / /) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.\./ ) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (28139) Mon Nov 26 10:42:36 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.$/) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@\./) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@\./) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: } # if (&User-Name) = updated (28139) Mon Nov 26 10:42:36 2018: Debug: } # policy filter_username = updated (28139) Mon Nov 26 10:42:36 2018: Debug: policy filter_password { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: } # policy filter_password = updated (28139) Mon Nov 26 10:42:36 2018: Debug: [preprocess] = ok (28139) Mon Nov 26 10:42:36 2018: Debug: suffix: Checking for suffix after "@" (28139) Mon Nov 26 10:42:36 2018: Debug: suffix: No '@' in User-Name = "pica8", skipping NULL due to config. (28139) Mon Nov 26 10:42:36 2018: Debug: [suffix] = noop (28139) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Checking for prefix before "\" (28139) Mon Nov 26 10:42:36 2018: Debug: ntdomain: No '\' in User-Name = "pica8", looking up realm NULL (28139) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Found realm "null" (28139) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Adding Stripped-User-Name = "pica8" (28139) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Adding Realm = "null" (28139) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Authentication realm is LOCAL (28139) Mon Nov 26 10:42:36 2018: Debug: [ntdomain] = ok (28139) Mon Nov 26 10:42:36 2018: Debug: eap: Peer sent EAP Response (code 2) ID 210 length 22 (28139) Mon Nov 26 10:42:36 2018: Debug: eap: No EAP Start, assuming it's an on-going EAP conversation (28139) Mon Nov 26 10:42:36 2018: Debug: [eap] = updated (28139) Mon Nov 26 10:42:36 2018: Debug: if ( !EAP-Message ) { (28139) Mon Nov 26 10:42:36 2018: Debug: if ( !EAP-Message ) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: policy packetfence-eap-mac-policy { (28139) Mon Nov 26 10:42:36 2018: Debug: if ( &EAP-Type ) { (28139) Mon Nov 26 10:42:36 2018: Debug: if ( &EAP-Type ) -> TRUE (28139) Mon Nov 26 10:42:36 2018: Debug: if ( &EAP-Type ) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (28139) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (28139) Mon Nov 26 10:42:36 2018: Debug: update { (28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{tolower:%{1}%{2}%{3}%{4}%{5}%{6}} (28139) Mon Nov 26 10:42:36 2018: Debug: --> 089e019eccfe (28139) Mon Nov 26 10:42:36 2018: Debug: } # update = noop (28139) Mon Nov 26 10:42:36 2018: Debug: if ( &Tmp-String-1 == "%{tolower:%{User-Name}}" ) { (28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{tolower:%{User-Name}} (28139) Mon Nov 26 10:42:36 2018: Debug: --> pica8 (28139) Mon Nov 26 10:42:36 2018: Debug: if ( &Tmp-String-1 == "%{tolower:%{User-Name}}" ) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = noop (28139) Mon Nov 26 10:42:36 2018: Debug: } # if ( &EAP-Type ) = noop (28139) Mon Nov 26 10:42:36 2018: Debug: [noop] = noop (28139) Mon Nov 26 10:42:36 2018: Debug: } # policy packetfence-eap-mac-policy = noop (28139) Mon Nov 26 10:42:36 2018: WARNING: pap: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (28139) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! Ignoring control:User-Password. Update your !!! (28139) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! configuration so that the "known good" clear text !!! (28139) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! password is in Cleartext-Password and NOT in !!! (28139) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! User-Password. !!! (28139) Mon Nov 26 10:42:36 2018: WARNING: pap: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (28139) Mon Nov 26 10:42:36 2018: WARNING: pap: No "known good" password found for the user. Not setting Auth-Type (28139) Mon Nov 26 10:42:36 2018: WARNING: pap: Authentication will fail unless a "known good" password is available (28139) Mon Nov 26 10:42:36 2018: Debug: [pap] = noop (28139) Mon Nov 26 10:42:36 2018: Debug: } # authorize = updated (28139) Mon Nov 26 10:42:36 2018: Debug: Found Auth-Type = eap (28139) Mon Nov 26 10:42:36 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence (28139) Mon Nov 26 10:42:36 2018: Debug: authenticate { (28139) Mon Nov 26 10:42:36 2018: Debug: eap: Expiring EAP session with state 0x27b6a33c2664a7ca (28139) Mon Nov 26 10:42:36 2018: Debug: eap: Finished EAP session with state 0x27b6a33c2664a7ca (28139) Mon Nov 26 10:42:36 2018: Debug: eap: Previous EAP request found for state 0x27b6a33c2664a7ca, released from the list (28139) Mon Nov 26 10:42:36 2018: Debug: eap: Peer sent packet with method EAP MD5 (4) (28139) Mon Nov 26 10:42:36 2018: Debug: eap: Calling submodule eap_md5 to process data (28139) Mon Nov 26 10:42:36 2018: ERROR: eap_md5: Cleartext-Password is required for EAP-MD5 authentication (28139) Mon Nov 26 10:42:36 2018: ERROR: eap: Failed continuing EAP MD5 (4) session. EAP sub-module failed (28139) Mon Nov 26 10:42:36 2018: Debug: eap: Sending EAP Failure (code 4) ID 210 length 4 (28139) Mon Nov 26 10:42:36 2018: Debug: eap: Failed in EAP select (28139) Mon Nov 26 10:42:36 2018: Debug: [eap] = invalid (28139) Mon Nov 26 10:42:36 2018: Debug: } # authenticate = invalid (28139) Mon Nov 26 10:42:36 2018: Debug: Failed to authenticate the user (28139) Mon Nov 26 10:42:36 2018: Debug: Using Post-Auth-Type Reject (28139) Mon Nov 26 10:42:36 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence (28139) Mon Nov 26 10:42:36 2018: Debug: Post-Auth-Type REJECT { (28139) Mon Nov 26 10:42:36 2018: Debug: update { (28139) Mon Nov 26 10:42:36 2018: Debug: } # update = noop (28139) Mon Nov 26 10:42:36 2018: Debug: if (! EAP-Type || (EAP-Type != TTLS && EAP-Type != PEAP) ) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (! EAP-Type || (EAP-Type != TTLS && EAP-Type != PEAP) ) -> TRUE (28139) Mon Nov 26 10:42:36 2018: Debug: if (! EAP-Type || (EAP-Type != TTLS && EAP-Type != PEAP) ) { (28139) Mon Nov 26 10:42:36 2018: Debug: policy packetfence-audit-log-reject { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name != "dummy") { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name != "dummy") -> TRUE (28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name != "dummy") { (28139) Mon Nov 26 10:42:36 2018: Debug: policy request-timing { (28139) Mon Nov 26 10:42:36 2018: Debug: if (control:PacketFence-Request-Time != 0) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (control:PacketFence-Request-Time != 0) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: } # policy request-timing = noop (28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: EXPAND type.reject.query (28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: --> type.reject.query (28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: Using query template 'query' (28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: EXPAND %{User-Name} (28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: --> pica8 (28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: SQL-User-Name set to 'pica8' (28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: EXPAND INSERT INTO radius_audit_log ( mac, ip, computer_name, user_name, stripped_user_name, realm, event_type, switch_id, switch_mac, switch_ip_address, radius_source_ip_address, called_station_id, calling_station_id, nas_port_type, ssid, nas_port_id, ifindex, nas_port, connection_type, nas_ip_address, nas_identifier, auth_status, reason, auth_type, eap_type, role, node_status, profile, source, auto_reg, is_phone, pf_domain, uuid, radius_request, radius_reply, request_time, tenant_id) VALUES ( '%{request:Calling-Station-Id}', '%{request:Framed-IP-Address}', '%{%{control:PacketFence-Computer-Name}:-N/A}', '%{request:User-Name}', '%{request:Stripped-User-Name}', '%{request:Realm}', 'Radius-Access-Request', '%{%{control:PacketFence-Switch-Id}:-N/A}', '%{%{control:PacketFence-Switch-Mac}:-N/A}', '%{%{control:PacketFence-Switch-Ip-Address}:-N/A}', '%{Packet-Src-IP-Address}', '%{request:Called-Station-Id}', '%{request:Calling-Station-Id}', '%{request:NAS-Port-Type}', '%{request:Called-Station-SSID}', '%{request:NAS-Port-Id}', '%{%{control:PacketFence-IfIndex}:-N/A}', '%{request:NAS-Port}', '%{%{control:PacketFence-Connection-Type}:-N/A}', '%{request:NAS-IP-Address}', '%{request:NAS-Identifier}', 'Reject', '%{request:Module-Failure-Message}', '%{control:Auth-Type}', '%{request:EAP-Type}', '%{%{control:PacketFence-Role}:-N/A}', '%{%{control:PacketFence-Status}:-N/A}', '%{%{control:PacketFence-Profile}:-N/A}', '%{%{control:PacketFence-Source}:-N/A}', '%{%{control:PacketFence-AutoReg}:-0}', '%{%{control:PacketFence-IsPhone}:-0}', '%{request:PacketFence-Domain}', '', '%{pairs:&request:[*]}','%{pairs:&reply:[*]}', '%{%{control:PacketFence-Request-Time}:-N/A}', '%{control:PacketFence-Tenant-Id}') (28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: --> INSERT INTO radius_audit_log ( mac, ip, computer_name, user_name, stripped_user_name, realm, event_type, switch_id, switch_mac, switch_ip_address, radius_source_ip_address, called_station_id, calling_station_id, nas_port_type, ssid, nas_port_id, ifindex, nas_port, connection_type, nas_ip_address, nas_identifier, auth_status, reason, auth_type, eap_type, role, node_status, profile, source, auto_reg, is_phone, pf_domain, uuid, radius_request, radius_reply, request_time, tenant_id) VALUES ( '08:9e:01:9e:cc:fe', '', 'N/A', 'pica8', 'pica8', 'null', 'Radius-Access-Request', 'N/A', 'N/A', 'N/A', '10.10.51.224', 'a8:2b:b5:f6:ca:01', '08:9e:01:9e:cc:fe', 'Ethernet', '', '', 'N/A', '23', 'N/A', '0.0.0.0', '', 'Reject', 'eap_md5: Cleartext-Password is required for EAP-MD5 authentication', 'eap', 'MD5', 'N/A', 'N/A', 'N/A', 'N/A', '0', '0', '', '', 'User-Name =3D =22pica8=22=2C NAS-IP-Address =3D 0.0.0.0=2C NAS-Port-Type =3D Ethernet=2C NAS-Port =3D 23=2C Calling-Station-Id =3D =2208:9e:01:9e:cc:fe=22=2C Framed-MTU =3D 1500=2C EAP-Message =3D 0x02d200160410f7cd748d9a9e9aac4a432e8f2474575d=2C State =3D 0x27b6a33c2664a7cacd0091342714d737=2C Message-Authenticator =3D 0xa01b4fc4fabd44ae90c589966f7d4782=2C FreeRADIUS-Client-IP-Address =3D 10.10.51.224=2C Called-Station-Id =3D =22a8:2b:b5:f6:ca:01=22=2C Event-Timestamp =3D =22Nov 26 2018 10:42:36 HKT=22=2C Stripped-User-Name =3D =22pica8=22=2C Realm =3D =22null=22=2C EAP-Type =3D MD5=2C Tmp-String-1 =3D =22089e019eccfe=22=2C Module-Failure-Message =3D =22eap_md5: Cleartext-Password is required for EAP-MD5 authentication=22=2C Module-Failure-Message =3D =22eap: Failed continuing EAP MD5 =284=29 session. EAP sub-module failed=22=2C User-Password =3D =22=2A=2A=2A=2A=2A=2A=22=2C SQL-User-Name =3D =22pica8=22','EAP-Message =3D 0x04d20004=2C Message-Authenticator =3D 0x00000000000000000000000000000000', '0', '1') (28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: Executing query: INSERT INTO radius_audit_log ( mac, ip, computer_name, user_name, stripped_user_name, realm, event_type, switch_id, switch_mac, switch_ip_address, radius_source_ip_address, called_station_id, calling_station_id, nas_port_type, ssid, nas_port_id, ifindex, nas_port, connection_type, nas_ip_address, nas_identifier, auth_status, reason, auth_type, eap_type, role, node_status, profile, source, auto_reg, is_phone, pf_domain, uuid, radius_request, radius_reply, request_time, tenant_id) VALUES ( '08:9e:01:9e:cc:fe', '', 'N/A', 'pica8', 'pica8', 'null', 'Radius-Access-Request', 'N/A', 'N/A', 'N/A', '10.10.51.224', 'a8:2b:b5:f6:ca:01', '08:9e:01:9e:cc:fe', 'Ethernet', '', '', 'N/A', '23', 'N/A', '0.0.0.0', '', 'Reject', 'eap_md5: Cleartext-Password is required for EAP-MD5 authentication', 'eap', 'MD5', 'N/A', 'N/A', 'N/A', 'N/A', '0', '0', '', '', 'User-Name =3D =22pica8=22=2C NAS-IP-Address =3D 0.0.0.0=2C NAS-Port-Type =3D Ethernet=2C NAS-Port =3D 23=2C Calling-Station-Id =3D =2208:9e:01:9e:cc:fe=22=2C Framed-MTU =3D 1500=2C EAP-Message =3D 0x02d200160410f7cd748d9a9e9aac4a432e8f2474575d=2C State =3D 0x27b6a33c2664a7cacd0091342714d737=2C Message-Authenticator =3D 0xa01b4fc4fabd44ae90c589966f7d4782=2C FreeRADIUS-Client-IP-Address =3D 10.10.51.224=2C Called-Station-Id =3D =22a8:2b:b5:f6:ca:01=22=2C Event-Timestamp =3D =22Nov 26 2018 10:42:36 HKT=22=2C Stripped-User-Name =3D =22pica8=22=2C Realm =3D =22null=22=2C EAP-Type =3D MD5=2C Tmp-String-1 =3D =22089e019eccfe=22=2C Module-Failure-Message =3D =22eap_md5: Cleartext-Password is required for EAP-MD5 authentication=22=2C Module-Failure-Message =3D =22eap: Failed continuing EAP MD5 =284=29 session. EAP sub-module failed=22=2C User-Password =3D =22=2A=2A=2A=2A=2A=2A=22=2C SQL-User-Name =3D =22pica8=22','EAP-Message =3D 0x04d20004=2C Message-Authenticator =3D 0x00000000000000000000000000000000', '0', '1') (28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: SQL query returned: success (28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: 1 record(s) updated (28139) Mon Nov 26 10:42:36 2018: Debug: [sql_reject] = ok (28139) Mon Nov 26 10:42:36 2018: Debug: } # if (&User-Name != "dummy") = ok (28139) Mon Nov 26 10:42:36 2018: Debug: } # policy packetfence-audit-log-reject = ok (28139) Mon Nov 26 10:42:36 2018: Debug: } # if (! EAP-Type || (EAP-Type != TTLS && EAP-Type != PEAP) ) = ok (28139) Mon Nov 26 10:42:36 2018: Debug: attr_filter.access_reject: EXPAND %{User-Name} (28139) Mon Nov 26 10:42:36 2018: Debug: attr_filter.access_reject: --> pica8 (28139) Mon Nov 26 10:42:36 2018: Debug: attr_filter.access_reject: Matched entry DEFAULT at line 11 (28139) Mon Nov 26 10:42:36 2018: Debug: [attr_filter.access_reject] = updated (28139) Mon Nov 26 10:42:36 2018: Debug: attr_filter.packetfence_post_auth: EXPAND %{User-Name} (28139) Mon Nov 26 10:42:36 2018: Debug: attr_filter.packetfence_post_auth: --> pica8 (28139) Mon Nov 26 10:42:36 2018: Debug: attr_filter.packetfence_post_auth: Matched entry DEFAULT at line 10 (28139) Mon Nov 26 10:42:36 2018: Debug: [attr_filter.packetfence_post_auth] = updated (28139) Mon Nov 26 10:42:36 2018: Debug: [eap] = noop (28139) Mon Nov 26 10:42:36 2018: Debug: policy remove_reply_message_if_eap { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&reply:EAP-Message && &reply:Reply-Message) { (28139) Mon Nov 26 10:42:36 2018: Debug: if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (28139) Mon Nov 26 10:42:36 2018: Debug: else { (28139) Mon Nov 26 10:42:36 2018: Debug: [noop] = noop (28139) Mon Nov 26 10:42:36 2018: Debug: } # else = noop (28139) Mon Nov 26 10:42:36 2018: Debug: } # policy remove_reply_message_if_eap = noop (28139) Mon Nov 26 10:42:36 2018: Debug: linelog: EXPAND messages.%{%{reply:Packet-Type}:-default} (28139) Mon Nov 26 10:42:36 2018: Debug: linelog: --> messages.Access-Reject (28139) Mon Nov 26 10:42:36 2018: Debug: linelog: EXPAND [mac:%{Calling-Station-Id}] Rejected user: %{User-Name} (28139) Mon Nov 26 10:42:36 2018: Debug: linelog: --> [mac:08:9e:01:9e:cc:fe] Rejected user: pica8 (28139) Mon Nov 26 10:42:36 2018: Debug: [linelog] = ok (28139) Mon Nov 26 10:42:36 2018: Debug: } # Post-Auth-Type REJECT = updated (28139) Mon Nov 26 10:42:36 2018: Debug: Delaying response for 1.000000 seconds (28139) Mon Nov 26 10:42:37 2018: Debug: (28139) Discarding duplicate request from client 10.10.51.224 port 1812 - ID: 6 due to delayed response (28139) Mon Nov 26 10:42:37 2018: Debug: Sending delayed response (28139) Mon Nov 26 10:42:37 2018: Debug: Sent Access-Reject Id 6 from 10.10.50.204:1812 to 10.10.51.224:1812 length 44 (28139) Mon Nov 26 10:42:37 2018: Debug: EAP-Message = 0x04d20004 (28139) Mon Nov 26 10:42:37 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000 (28137) Mon Nov 26 10:42:41 2018: Debug: Cleaning up request packet ID 4 with timestamp +414097 (28138) Mon Nov 26 10:42:41 2018: Debug: Cleaning up request packet ID 5 with timestamp +414097 (28139) Mon Nov 26 10:42:41 2018: Debug: Cleaning up request packet ID 6 with timestamp +41409 Please have a look and advise, thank you again. Ali On Fri, Nov 23, 2018 at 10:50 AM Durand fabrice via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello Amjad, > > can you paste the raddebug output, it will help to understand what happen. > > Regards > > Fabrice > > > Le 18-11-22 à 06 h 01, Amjad Ali via PacketFence-users a écrit : > > Hi All, > > Just want to know that WIRED 802.1X and WIRED MAC AUTH authentication > works well with PEAP but is giving error with MD5, > Is MD5 not supported for these two or do I need to change some > configuration? > > Thanks > Ali > > -- > Amjad Ali > > > _______________________________________________ > PacketFence-users mailing > listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Amjad Ali
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users