Hello Fabrice
The error is:
Module-Failure-Message = "eap_md5: Cleartext-Password is required for
EAP-MD5 authentication" Module-Failure-Message = "eap: Failed continuing
EAP MD5 (4) session. EAP sub-module failed"
My database password hashing is set to plaintext, and I set MD5 on the
client PC (linux machine) for 802.1X connection.
I have uncommented *packetfence-local-auth.*
The connection profile filter is EAP-Ethernet and source is local
The username password is added to PF database, by the way, the same client
works without problems when I chose PEAP on the client machine.
Below is the raddebug output in full detail:
(28137) Mon Nov 26 10:42:36 2018: Debug: Received Access-Request Id 4 from
10.10.51.224:1812 to 10.10.50.204:1812 length 119
(28137) Mon Nov 26 10:42:36 2018: Debug: User-Name = "pica8"
(28137) Mon Nov 26 10:42:36 2018: Debug: NAS-IP-Address = 0.0.0.0
(28137) Mon Nov 26 10:42:36 2018: Debug: NAS-Port-Type = Ethernet
(28137) Mon Nov 26 10:42:36 2018: Debug: NAS-Port = 23
(28137) Mon Nov 26 10:42:36 2018: Debug: Called-Station-Id =
"A8-2B-B5-F6-CA-01"
(28137) Mon Nov 26 10:42:36 2018: Debug: Calling-Station-Id =
"08-9E-01-9E-CC-FE"
(28137) Mon Nov 26 10:42:36 2018: Debug: Framed-MTU = 1500
(28137) Mon Nov 26 10:42:36 2018: Debug: EAP-Message =
0x02d0000a017069636138
(28137) Mon Nov 26 10:42:36 2018: Debug: Message-Authenticator =
0xe8c76845b7dd499ff147277f9a3f4443
(28137) Mon Nov 26 10:42:36 2018: Debug: # Executing section authorize from
file /usr/local/pf/raddb/sites-enabled/packetfence
(28137) Mon Nov 26 10:42:36 2018: Debug: authorize {
(28137) Mon Nov 26 10:42:36 2018: Debug: update {
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{Packet-Src-IP-Address}
(28137) Mon Nov 26 10:42:36 2018: Debug: --> 10.10.51.224
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %l
(28137) Mon Nov 26 10:42:36 2018: Debug: --> 1543200156
(28137) Mon Nov 26 10:42:36 2018: Debug: } # update = noop
(28137) Mon Nov 26 10:42:36 2018: Debug: policy
packetfence-set-tenant-id {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{%{control:PacketFence-Tenant-Id}:-0}
(28137) Mon Nov 26 10:42:36 2018: Debug: --> 0
(28137) Mon Nov 26 10:42:36 2018: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
(28137) Mon Nov 26 10:42:36 2018: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(28137) Mon Nov 26 10:42:36 2018: Debug: update control {
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{User-Name}
(28137) Mon Nov 26 10:42:36 2018: Debug: --> pica8
(28137) Mon Nov 26 10:42:36 2018: Debug: SQL-User-Name set to
'pica8'
(28137) Mon Nov 26 10:42:36 2018: Debug: Executing select query:
SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'10.10.51.224'), 0)
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{sql: SELECT
IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'%{Packet-Src-IP-Address}'), 0)}
(28137) Mon Nov 26 10:42:36 2018: Debug: --> 1
(28137) Mon Nov 26 10:42:36 2018: Debug: } # update control = noop
(28137) Mon Nov 26 10:42:36 2018: Debug: } # if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
(28137) Mon Nov 26 10:42:36 2018: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) -> FALSE
(28137) Mon Nov 26 10:42:36 2018: Debug: } # policy
packetfence-set-tenant-id = noop
(28137) Mon Nov 26 10:42:36 2018: Debug: policy
rewrite_calling_station_id {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
-> TRUE
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(28137) Mon Nov 26 10:42:36 2018: Debug: update request {
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
(28137) Mon Nov 26 10:42:36 2018: Debug: --> 08:9e:01:9e:cc:fe
(28137) Mon Nov 26 10:42:36 2018: Debug: } # update request = noop
(28137) Mon Nov 26 10:42:36 2018: Debug: [updated] = updated
(28137) Mon Nov 26 10:42:36 2018: Debug: } # if (&Calling-Station-Id
&& (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
= updated
(28137) Mon Nov 26 10:42:36 2018: Debug: ... skipping else: Preceding
"if" was taken
(28137) Mon Nov 26 10:42:36 2018: Debug: } # policy
rewrite_calling_station_id = updated
(28137) Mon Nov 26 10:42:36 2018: Debug: policy
rewrite_called_station_id {
(28137) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
{
(28137) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
-> TRUE
(28137) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
{
(28137) Mon Nov 26 10:42:36 2018: Debug: update request {
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
(28137) Mon Nov 26 10:42:36 2018: Debug: --> a8:2b:b5:f6:ca:01
(28137) Mon Nov 26 10:42:36 2018: Debug: } # update request = noop
(28137) Mon Nov 26 10:42:36 2018: Debug: if ("%{8}") {
(28137) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{8}
(28137) Mon Nov 26 10:42:36 2018: Debug: -->
(28137) Mon Nov 26 10:42:36 2018: Debug: if ("%{8}") -> FALSE
(28137) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Colubris-AVPair)
&& "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
(28137) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Colubris-AVPair)
&& "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
(28137) Mon Nov 26 10:42:36 2018: Debug: elsif (Aruba-Essid-Name) {
(28137) Mon Nov 26 10:42:36 2018: Debug: elsif (Aruba-Essid-Name)
-> FALSE
(28137) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Cisco-AVPair) &&
"%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
(28137) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Cisco-AVPair) &&
"%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
(28137) Mon Nov 26 10:42:36 2018: Debug: [updated] = updated
(28137) Mon Nov 26 10:42:36 2018: Debug: } # if ((&Called-Station-Id)
&& (&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
= updated
(28137) Mon Nov 26 10:42:36 2018: Debug: ... skipping else: Preceding
"if" was taken
(28137) Mon Nov 26 10:42:36 2018: Debug: } # policy
rewrite_called_station_id = updated
(28137) Mon Nov 26 10:42:36 2018: Debug: policy filter_username {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) -> TRUE
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ / /) {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ / /) ->
FALSE
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.\./ )
{
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.\./
) -> FALSE
(28137) Mon Nov 26 10:42:36 2018: Debug: if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) {
(28137) Mon Nov 26 10:42:36 2018: Debug: if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.$/) {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.$/)
-> FALSE
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@\./) {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@\./)
-> FALSE
(28137) Mon Nov 26 10:42:36 2018: Debug: } # if (&User-Name) =
updated
(28137) Mon Nov 26 10:42:36 2018: Debug: } # policy filter_username =
updated
(28137) Mon Nov 26 10:42:36 2018: Debug: policy filter_password {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Password &&
(&User-Password != "%{string:User-Password}")) {
(28137) Mon Nov 26 10:42:36 2018: Debug: if (&User-Password &&
(&User-Password != "%{string:User-Password}")) -> FALSE
(28137) Mon Nov 26 10:42:36 2018: Debug: } # policy filter_password =
updated
(28137) Mon Nov 26 10:42:36 2018: Debug: [preprocess] = ok
(28137) Mon Nov 26 10:42:36 2018: Debug: suffix: Checking for suffix after
"@"
(28137) Mon Nov 26 10:42:36 2018: Debug: suffix: No '@' in User-Name =
"pica8", skipping NULL due to config.
(28137) Mon Nov 26 10:42:36 2018: Debug: [suffix] = noop
(28137) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Checking for prefix
before "\"
(28137) Mon Nov 26 10:42:36 2018: Debug: ntdomain: No '\' in User-Name =
"pica8", looking up realm NULL
(28137) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Found realm "null"
(28137) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Adding
Stripped-User-Name = "pica8"
(28137) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Adding Realm = "null"
(28137) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Authentication realm is
LOCAL
(28137) Mon Nov 26 10:42:36 2018: Debug: [ntdomain] = ok
(28137) Mon Nov 26 10:42:36 2018: Debug: eap: Peer sent EAP Response (code
2) ID 208 length 10
(28137) Mon Nov 26 10:42:36 2018: Debug: eap: EAP-Identity reply, returning
'ok' so we can short-circuit the rest of authorize
(28137) Mon Nov 26 10:42:36 2018: Debug: [eap] = ok
(28137) Mon Nov 26 10:42:36 2018: Debug: } # authorize = ok
(28137) Mon Nov 26 10:42:36 2018: Debug: Found Auth-Type = eap
(28137) Mon Nov 26 10:42:36 2018: Debug: # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence
(28137) Mon Nov 26 10:42:36 2018: Debug: authenticate {
(28137) Mon Nov 26 10:42:36 2018: Debug: eap: Peer sent packet with method
EAP Identity (1)
(28137) Mon Nov 26 10:42:36 2018: Debug: eap: Calling submodule eap_peap to
process data
(28137) Mon Nov 26 10:42:36 2018: Debug: eap_peap: Initiating new EAP-TLS
session
(28137) Mon Nov 26 10:42:36 2018: Debug: eap_peap: [eaptls start] = request
(28137) Mon Nov 26 10:42:36 2018: Debug: eap: Sending EAP Request (code 1)
ID 209 length 6
(28137) Mon Nov 26 10:42:36 2018: Debug: eap: EAP session adding
&reply:State = 0x27b6a33c2767baca
(28137) Mon Nov 26 10:42:36 2018: Debug: [eap] = handled
(28137) Mon Nov 26 10:42:36 2018: Debug: } # authenticate = handled
(28137) Mon Nov 26 10:42:36 2018: Debug: Using Post-Auth-Type Challenge
(28137) Mon Nov 26 10:42:36 2018: Debug: Post-Auth-Type sub-section not
found. Ignoring.
(28137) Mon Nov 26 10:42:36 2018: Debug: # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence
(28137) Mon Nov 26 10:42:36 2018: Debug: Sent Access-Challenge Id 4 from
10.10.50.204:1812 to 10.10.51.224:1812 length 0
(28137) Mon Nov 26 10:42:36 2018: Debug: EAP-Message = 0x01d100061920
(28137) Mon Nov 26 10:42:36 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(28137) Mon Nov 26 10:42:36 2018: Debug: State =
0x27b6a33c2767bacacd0091342714d737
(28137) Mon Nov 26 10:42:36 2018: Debug: Finished request
(28138) Mon Nov 26 10:42:36 2018: Debug: Received Access-Request Id 5 from
10.10.51.224:1812 to 10.10.50.204:1812 length 133
(28138) Mon Nov 26 10:42:36 2018: Debug: User-Name = "pica8"
(28138) Mon Nov 26 10:42:36 2018: Debug: NAS-IP-Address = 0.0.0.0
(28138) Mon Nov 26 10:42:36 2018: Debug: NAS-Port-Type = Ethernet
(28138) Mon Nov 26 10:42:36 2018: Debug: NAS-Port = 23
(28138) Mon Nov 26 10:42:36 2018: Debug: Called-Station-Id =
"A8-2B-B5-F6-CA-01"
(28138) Mon Nov 26 10:42:36 2018: Debug: Calling-Station-Id =
"08-9E-01-9E-CC-FE"
(28138) Mon Nov 26 10:42:36 2018: Debug: Framed-MTU = 1500
(28138) Mon Nov 26 10:42:36 2018: Debug: EAP-Message = 0x02d100060304
(28138) Mon Nov 26 10:42:36 2018: Debug: State =
0x27b6a33c2767bacacd0091342714d737
(28138) Mon Nov 26 10:42:36 2018: Debug: Message-Authenticator =
0x744294743dd7d50db72851b55300f361
(28138) Mon Nov 26 10:42:36 2018: Debug: session-state: No cached attributes
(28138) Mon Nov 26 10:42:36 2018: Debug: # Executing section authorize from
file /usr/local/pf/raddb/sites-enabled/packetfence
(28138) Mon Nov 26 10:42:36 2018: Debug: authorize {
(28138) Mon Nov 26 10:42:36 2018: Debug: update {
(28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{Packet-Src-IP-Address}
(28138) Mon Nov 26 10:42:36 2018: Debug: --> 10.10.51.224
(28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %l
(28138) Mon Nov 26 10:42:36 2018: Debug: --> 1543200156
(28138) Mon Nov 26 10:42:36 2018: Debug: } # update = noop
(28138) Mon Nov 26 10:42:36 2018: Debug: policy
packetfence-set-tenant-id {
(28138) Mon Nov 26 10:42:36 2018: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{%{control:PacketFence-Tenant-Id}:-0}
(28138) Mon Nov 26 10:42:36 2018: Debug: --> 0
(28138) Mon Nov 26 10:42:36 2018: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
(28138) Mon Nov 26 10:42:36 2018: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(28138) Mon Nov 26 10:42:36 2018: Debug: update control {
(28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{User-Name}
(28138) Mon Nov 26 10:42:36 2018: Debug: --> pica8
(28138) Mon Nov 26 10:42:36 2018: Debug: SQL-User-Name set to
'pica8'
(28138) Mon Nov 26 10:42:36 2018: Debug: Executing select query:
SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'10.10.51.224'), 0)
(28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{sql: SELECT
IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'%{Packet-Src-IP-Address}'), 0)}
(28138) Mon Nov 26 10:42:36 2018: Debug: --> 1
(28138) Mon Nov 26 10:42:36 2018: Debug: } # update control = noop
(28138) Mon Nov 26 10:42:36 2018: Debug: } # if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
(28138) Mon Nov 26 10:42:36 2018: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) {
(28138) Mon Nov 26 10:42:36 2018: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) -> FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: } # policy
packetfence-set-tenant-id = noop
(28138) Mon Nov 26 10:42:36 2018: Debug: policy
rewrite_calling_station_id {
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
-> TRUE
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(28138) Mon Nov 26 10:42:36 2018: Debug: update request {
(28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
(28138) Mon Nov 26 10:42:36 2018: Debug: --> 08:9e:01:9e:cc:fe
(28138) Mon Nov 26 10:42:36 2018: Debug: } # update request = noop
(28138) Mon Nov 26 10:42:36 2018: Debug: [updated] = updated
(28138) Mon Nov 26 10:42:36 2018: Debug: } # if (&Calling-Station-Id
&& (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
= updated
(28138) Mon Nov 26 10:42:36 2018: Debug: ... skipping else: Preceding
"if" was taken
(28138) Mon Nov 26 10:42:36 2018: Debug: } # policy
rewrite_calling_station_id = updated
(28138) Mon Nov 26 10:42:36 2018: Debug: policy
rewrite_called_station_id {
(28138) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
{
(28138) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
-> TRUE
(28138) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
{
(28138) Mon Nov 26 10:42:36 2018: Debug: update request {
(28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
(28138) Mon Nov 26 10:42:36 2018: Debug: --> a8:2b:b5:f6:ca:01
(28138) Mon Nov 26 10:42:36 2018: Debug: } # update request = noop
(28138) Mon Nov 26 10:42:36 2018: Debug: if ("%{8}") {
(28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{8}
(28138) Mon Nov 26 10:42:36 2018: Debug: -->
(28138) Mon Nov 26 10:42:36 2018: Debug: if ("%{8}") -> FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Colubris-AVPair)
&& "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
(28138) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Colubris-AVPair)
&& "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: elsif (Aruba-Essid-Name) {
(28138) Mon Nov 26 10:42:36 2018: Debug: elsif (Aruba-Essid-Name)
-> FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Cisco-AVPair) &&
"%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
(28138) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Cisco-AVPair) &&
"%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: [updated] = updated
(28138) Mon Nov 26 10:42:36 2018: Debug: } # if ((&Called-Station-Id)
&& (&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
= updated
(28138) Mon Nov 26 10:42:36 2018: Debug: ... skipping else: Preceding
"if" was taken
(28138) Mon Nov 26 10:42:36 2018: Debug: } # policy
rewrite_called_station_id = updated
(28138) Mon Nov 26 10:42:36 2018: Debug: policy filter_username {
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) {
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) -> TRUE
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) {
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ / /) {
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ / /) ->
FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.\./ )
{
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.\./
) -> FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) {
(28138) Mon Nov 26 10:42:36 2018: Debug: if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.$/) {
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.$/)
-> FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@\./) {
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@\./)
-> FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: } # if (&User-Name) =
updated
(28138) Mon Nov 26 10:42:36 2018: Debug: } # policy filter_username =
updated
(28138) Mon Nov 26 10:42:36 2018: Debug: policy filter_password {
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Password &&
(&User-Password != "%{string:User-Password}")) {
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&User-Password &&
(&User-Password != "%{string:User-Password}")) -> FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: } # policy filter_password =
updated
(28138) Mon Nov 26 10:42:36 2018: Debug: [preprocess] = ok
(28138) Mon Nov 26 10:42:36 2018: Debug: suffix: Checking for suffix after
"@"
(28138) Mon Nov 26 10:42:36 2018: Debug: suffix: No '@' in User-Name =
"pica8", skipping NULL due to config.
(28138) Mon Nov 26 10:42:36 2018: Debug: [suffix] = noop
(28138) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Checking for prefix
before "\"
(28138) Mon Nov 26 10:42:36 2018: Debug: ntdomain: No '\' in User-Name =
"pica8", looking up realm NULL
(28138) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Found realm "null"
(28138) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Adding
Stripped-User-Name = "pica8"
(28138) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Adding Realm = "null"
(28138) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Authentication realm is
LOCAL
(28138) Mon Nov 26 10:42:36 2018: Debug: [ntdomain] = ok
(28138) Mon Nov 26 10:42:36 2018: Debug: eap: Peer sent EAP Response (code
2) ID 209 length 6
(28138) Mon Nov 26 10:42:36 2018: Debug: eap: No EAP Start, assuming it's
an on-going EAP conversation
(28138) Mon Nov 26 10:42:36 2018: Debug: [eap] = updated
(28138) Mon Nov 26 10:42:36 2018: Debug: if ( !EAP-Message ) {
(28138) Mon Nov 26 10:42:36 2018: Debug: if ( !EAP-Message ) -> FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: policy
packetfence-eap-mac-policy {
(28138) Mon Nov 26 10:42:36 2018: Debug: if ( &EAP-Type ) {
(28138) Mon Nov 26 10:42:36 2018: Debug: if ( &EAP-Type ) -> TRUE
(28138) Mon Nov 26 10:42:36 2018: Debug: if ( &EAP-Type ) {
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
-> TRUE
(28138) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(28138) Mon Nov 26 10:42:36 2018: Debug: update {
(28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{tolower:%{1}%{2}%{3}%{4}%{5}%{6}}
(28138) Mon Nov 26 10:42:36 2018: Debug: --> 089e019eccfe
(28138) Mon Nov 26 10:42:36 2018: Debug: } # update = noop
(28138) Mon Nov 26 10:42:36 2018: Debug: if ( &Tmp-String-1 ==
"%{tolower:%{User-Name}}" ) {
(28138) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{tolower:%{User-Name}}
(28138) Mon Nov 26 10:42:36 2018: Debug: --> pica8
(28138) Mon Nov 26 10:42:36 2018: Debug: if ( &Tmp-String-1 ==
"%{tolower:%{User-Name}}" ) -> FALSE
(28138) Mon Nov 26 10:42:36 2018: Debug: } # if
(&Calling-Station-Id && (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
= noop
(28138) Mon Nov 26 10:42:36 2018: Debug: } # if ( &EAP-Type ) = noop
(28138) Mon Nov 26 10:42:36 2018: Debug: [noop] = noop
(28138) Mon Nov 26 10:42:36 2018: Debug: } # policy
packetfence-eap-mac-policy = noop
(28138) Mon Nov 26 10:42:36 2018: WARNING: pap:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(28138) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! Ignoring
control:User-Password. Update your !!!
(28138) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! configuration so that
the "known good" clear text !!!
(28138) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! password is in
Cleartext-Password and NOT in !!!
(28138) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! User-Password.
!!!
(28138) Mon Nov 26 10:42:36 2018: WARNING: pap:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(28138) Mon Nov 26 10:42:36 2018: WARNING: pap: No "known good" password
found for the user. Not setting Auth-Type
(28138) Mon Nov 26 10:42:36 2018: WARNING: pap: Authentication will fail
unless a "known good" password is available
(28138) Mon Nov 26 10:42:36 2018: Debug: [pap] = noop
(28138) Mon Nov 26 10:42:36 2018: Debug: } # authorize = updated
(28138) Mon Nov 26 10:42:36 2018: Debug: Found Auth-Type = eap
(28138) Mon Nov 26 10:42:36 2018: Debug: # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence
(28138) Mon Nov 26 10:42:36 2018: Debug: authenticate {
(28138) Mon Nov 26 10:42:36 2018: Debug: eap: Expiring EAP session with
state 0x27b6a33c2767baca
(28138) Mon Nov 26 10:42:36 2018: Debug: eap: Finished EAP session with
state 0x27b6a33c2767baca
(28138) Mon Nov 26 10:42:36 2018: Debug: eap: Previous EAP request found
for state 0x27b6a33c2767baca, released from the list
(28138) Mon Nov 26 10:42:36 2018: Debug: eap: Peer sent packet with method
EAP NAK (3)
(28138) Mon Nov 26 10:42:36 2018: Debug: eap: Found mutually acceptable
type MD5 (4)
(28138) Mon Nov 26 10:42:36 2018: Debug: eap: Calling submodule eap_md5 to
process data
(28138) Mon Nov 26 10:42:36 2018: Debug: eap_md5: Issuing MD5 Challenge
(28138) Mon Nov 26 10:42:36 2018: Debug: eap: Sending EAP Request (code 1)
ID 210 length 22
(28138) Mon Nov 26 10:42:36 2018: Debug: eap: EAP session adding
&reply:State = 0x27b6a33c2664a7ca
(28138) Mon Nov 26 10:42:36 2018: Debug: [eap] = handled
(28138) Mon Nov 26 10:42:36 2018: Debug: } # authenticate = handled
(28138) Mon Nov 26 10:42:36 2018: Debug: Using Post-Auth-Type Challenge
(28138) Mon Nov 26 10:42:36 2018: Debug: Post-Auth-Type sub-section not
found. Ignoring.
(28138) Mon Nov 26 10:42:36 2018: Debug: # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence
(28138) Mon Nov 26 10:42:36 2018: Debug: Sent Access-Challenge Id 5 from
10.10.50.204:1812 to 10.10.51.224:1812 length 0
(28138) Mon Nov 26 10:42:36 2018: Debug: EAP-Message =
0x01d20016041086f49986e4d242c6ff367ce012fbb646
(28138) Mon Nov 26 10:42:36 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(28138) Mon Nov 26 10:42:36 2018: Debug: State =
0x27b6a33c2664a7cacd0091342714d737
(28138) Mon Nov 26 10:42:36 2018: Debug: Finished request
(28139) Mon Nov 26 10:42:36 2018: Debug: Received Access-Request Id 6 from
10.10.51.224:1812 to 10.10.50.204:1812 length 149
(28139) Mon Nov 26 10:42:36 2018: Debug: User-Name = "pica8"
(28139) Mon Nov 26 10:42:36 2018: Debug: NAS-IP-Address = 0.0.0.0
(28139) Mon Nov 26 10:42:36 2018: Debug: NAS-Port-Type = Ethernet
(28139) Mon Nov 26 10:42:36 2018: Debug: NAS-Port = 23
(28139) Mon Nov 26 10:42:36 2018: Debug: Called-Station-Id =
"A8-2B-B5-F6-CA-01"
(28139) Mon Nov 26 10:42:36 2018: Debug: Calling-Station-Id =
"08-9E-01-9E-CC-FE"
(28139) Mon Nov 26 10:42:36 2018: Debug: Framed-MTU = 1500
(28139) Mon Nov 26 10:42:36 2018: Debug: EAP-Message =
0x02d200160410f7cd748d9a9e9aac4a432e8f2474575d
(28139) Mon Nov 26 10:42:36 2018: Debug: State =
0x27b6a33c2664a7cacd0091342714d737
(28139) Mon Nov 26 10:42:36 2018: Debug: Message-Authenticator =
0xa01b4fc4fabd44ae90c589966f7d4782
(28139) Mon Nov 26 10:42:36 2018: Debug: session-state: No cached attributes
(28139) Mon Nov 26 10:42:36 2018: Debug: # Executing section authorize from
file /usr/local/pf/raddb/sites-enabled/packetfence
(28139) Mon Nov 26 10:42:36 2018: Debug: authorize {
(28139) Mon Nov 26 10:42:36 2018: Debug: update {
(28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{Packet-Src-IP-Address}
(28139) Mon Nov 26 10:42:36 2018: Debug: --> 10.10.51.224
(28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %l
(28139) Mon Nov 26 10:42:36 2018: Debug: --> 1543200156
(28139) Mon Nov 26 10:42:36 2018: Debug: } # update = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: policy
packetfence-set-tenant-id {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{%{control:PacketFence-Tenant-Id}:-0}
(28139) Mon Nov 26 10:42:36 2018: Debug: --> 0
(28139) Mon Nov 26 10:42:36 2018: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
(28139) Mon Nov 26 10:42:36 2018: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(28139) Mon Nov 26 10:42:36 2018: Debug: update control {
(28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{User-Name}
(28139) Mon Nov 26 10:42:36 2018: Debug: --> pica8
(28139) Mon Nov 26 10:42:36 2018: Debug: SQL-User-Name set to
'pica8'
(28139) Mon Nov 26 10:42:36 2018: Debug: Executing select query:
SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'10.10.51.224'), 0)
(28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{sql: SELECT
IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'%{Packet-Src-IP-Address}'), 0)}
(28139) Mon Nov 26 10:42:36 2018: Debug: --> 1
(28139) Mon Nov 26 10:42:36 2018: Debug: } # update control = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: } # if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) -> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: } # policy
packetfence-set-tenant-id = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: policy
rewrite_calling_station_id {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
-> TRUE
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(28139) Mon Nov 26 10:42:36 2018: Debug: update request {
(28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
(28139) Mon Nov 26 10:42:36 2018: Debug: --> 08:9e:01:9e:cc:fe
(28139) Mon Nov 26 10:42:36 2018: Debug: } # update request = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: [updated] = updated
(28139) Mon Nov 26 10:42:36 2018: Debug: } # if (&Calling-Station-Id
&& (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
= updated
(28139) Mon Nov 26 10:42:36 2018: Debug: ... skipping else: Preceding
"if" was taken
(28139) Mon Nov 26 10:42:36 2018: Debug: } # policy
rewrite_calling_station_id = updated
(28139) Mon Nov 26 10:42:36 2018: Debug: policy
rewrite_called_station_id {
(28139) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
{
(28139) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
-> TRUE
(28139) Mon Nov 26 10:42:36 2018: Debug: if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
{
(28139) Mon Nov 26 10:42:36 2018: Debug: update request {
(28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
(28139) Mon Nov 26 10:42:36 2018: Debug: --> a8:2b:b5:f6:ca:01
(28139) Mon Nov 26 10:42:36 2018: Debug: } # update request = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: if ("%{8}") {
(28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND %{8}
(28139) Mon Nov 26 10:42:36 2018: Debug: -->
(28139) Mon Nov 26 10:42:36 2018: Debug: if ("%{8}") -> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Colubris-AVPair)
&& "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
(28139) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Colubris-AVPair)
&& "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: elsif (Aruba-Essid-Name) {
(28139) Mon Nov 26 10:42:36 2018: Debug: elsif (Aruba-Essid-Name)
-> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Cisco-AVPair) &&
"%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
(28139) Mon Nov 26 10:42:36 2018: Debug: elsif ( (Cisco-AVPair) &&
"%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: [updated] = updated
(28139) Mon Nov 26 10:42:36 2018: Debug: } # if ((&Called-Station-Id)
&& (&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
= updated
(28139) Mon Nov 26 10:42:36 2018: Debug: ... skipping else: Preceding
"if" was taken
(28139) Mon Nov 26 10:42:36 2018: Debug: } # policy
rewrite_called_station_id = updated
(28139) Mon Nov 26 10:42:36 2018: Debug: policy filter_username {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) -> TRUE
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ / /) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ / /) ->
FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~
/@[^@]*@/ ) -> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.\./ )
{
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.\./
) -> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.$/) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /\.$/)
-> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@\./) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name =~ /@\./)
-> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: } # if (&User-Name) =
updated
(28139) Mon Nov 26 10:42:36 2018: Debug: } # policy filter_username =
updated
(28139) Mon Nov 26 10:42:36 2018: Debug: policy filter_password {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Password &&
(&User-Password != "%{string:User-Password}")) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Password &&
(&User-Password != "%{string:User-Password}")) -> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: } # policy filter_password =
updated
(28139) Mon Nov 26 10:42:36 2018: Debug: [preprocess] = ok
(28139) Mon Nov 26 10:42:36 2018: Debug: suffix: Checking for suffix after
"@"
(28139) Mon Nov 26 10:42:36 2018: Debug: suffix: No '@' in User-Name =
"pica8", skipping NULL due to config.
(28139) Mon Nov 26 10:42:36 2018: Debug: [suffix] = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Checking for prefix
before "\"
(28139) Mon Nov 26 10:42:36 2018: Debug: ntdomain: No '\' in User-Name =
"pica8", looking up realm NULL
(28139) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Found realm "null"
(28139) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Adding
Stripped-User-Name = "pica8"
(28139) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Adding Realm = "null"
(28139) Mon Nov 26 10:42:36 2018: Debug: ntdomain: Authentication realm is
LOCAL
(28139) Mon Nov 26 10:42:36 2018: Debug: [ntdomain] = ok
(28139) Mon Nov 26 10:42:36 2018: Debug: eap: Peer sent EAP Response (code
2) ID 210 length 22
(28139) Mon Nov 26 10:42:36 2018: Debug: eap: No EAP Start, assuming it's
an on-going EAP conversation
(28139) Mon Nov 26 10:42:36 2018: Debug: [eap] = updated
(28139) Mon Nov 26 10:42:36 2018: Debug: if ( !EAP-Message ) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if ( !EAP-Message ) -> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: policy
packetfence-eap-mac-policy {
(28139) Mon Nov 26 10:42:36 2018: Debug: if ( &EAP-Type ) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if ( &EAP-Type ) -> TRUE
(28139) Mon Nov 26 10:42:36 2018: Debug: if ( &EAP-Type ) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
-> TRUE
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(28139) Mon Nov 26 10:42:36 2018: Debug: update {
(28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{tolower:%{1}%{2}%{3}%{4}%{5}%{6}}
(28139) Mon Nov 26 10:42:36 2018: Debug: --> 089e019eccfe
(28139) Mon Nov 26 10:42:36 2018: Debug: } # update = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: if ( &Tmp-String-1 ==
"%{tolower:%{User-Name}}" ) {
(28139) Mon Nov 26 10:42:36 2018: Debug: EXPAND
%{tolower:%{User-Name}}
(28139) Mon Nov 26 10:42:36 2018: Debug: --> pica8
(28139) Mon Nov 26 10:42:36 2018: Debug: if ( &Tmp-String-1 ==
"%{tolower:%{User-Name}}" ) -> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: } # if
(&Calling-Station-Id && (&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
= noop
(28139) Mon Nov 26 10:42:36 2018: Debug: } # if ( &EAP-Type ) = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: [noop] = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: } # policy
packetfence-eap-mac-policy = noop
(28139) Mon Nov 26 10:42:36 2018: WARNING: pap:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(28139) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! Ignoring
control:User-Password. Update your !!!
(28139) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! configuration so that
the "known good" clear text !!!
(28139) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! password is in
Cleartext-Password and NOT in !!!
(28139) Mon Nov 26 10:42:36 2018: WARNING: pap: !!! User-Password.
!!!
(28139) Mon Nov 26 10:42:36 2018: WARNING: pap:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(28139) Mon Nov 26 10:42:36 2018: WARNING: pap: No "known good" password
found for the user. Not setting Auth-Type
(28139) Mon Nov 26 10:42:36 2018: WARNING: pap: Authentication will fail
unless a "known good" password is available
(28139) Mon Nov 26 10:42:36 2018: Debug: [pap] = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: } # authorize = updated
(28139) Mon Nov 26 10:42:36 2018: Debug: Found Auth-Type = eap
(28139) Mon Nov 26 10:42:36 2018: Debug: # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence
(28139) Mon Nov 26 10:42:36 2018: Debug: authenticate {
(28139) Mon Nov 26 10:42:36 2018: Debug: eap: Expiring EAP session with
state 0x27b6a33c2664a7ca
(28139) Mon Nov 26 10:42:36 2018: Debug: eap: Finished EAP session with
state 0x27b6a33c2664a7ca
(28139) Mon Nov 26 10:42:36 2018: Debug: eap: Previous EAP request found
for state 0x27b6a33c2664a7ca, released from the list
(28139) Mon Nov 26 10:42:36 2018: Debug: eap: Peer sent packet with method
EAP MD5 (4)
(28139) Mon Nov 26 10:42:36 2018: Debug: eap: Calling submodule eap_md5 to
process data
(28139) Mon Nov 26 10:42:36 2018: ERROR: eap_md5: Cleartext-Password is
required for EAP-MD5 authentication
(28139) Mon Nov 26 10:42:36 2018: ERROR: eap: Failed continuing EAP MD5 (4)
session. EAP sub-module failed
(28139) Mon Nov 26 10:42:36 2018: Debug: eap: Sending EAP Failure (code 4)
ID 210 length 4
(28139) Mon Nov 26 10:42:36 2018: Debug: eap: Failed in EAP select
(28139) Mon Nov 26 10:42:36 2018: Debug: [eap] = invalid
(28139) Mon Nov 26 10:42:36 2018: Debug: } # authenticate = invalid
(28139) Mon Nov 26 10:42:36 2018: Debug: Failed to authenticate the user
(28139) Mon Nov 26 10:42:36 2018: Debug: Using Post-Auth-Type Reject
(28139) Mon Nov 26 10:42:36 2018: Debug: # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence
(28139) Mon Nov 26 10:42:36 2018: Debug: Post-Auth-Type REJECT {
(28139) Mon Nov 26 10:42:36 2018: Debug: update {
(28139) Mon Nov 26 10:42:36 2018: Debug: } # update = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: if (! EAP-Type || (EAP-Type !=
TTLS && EAP-Type != PEAP) ) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (! EAP-Type || (EAP-Type !=
TTLS && EAP-Type != PEAP) ) -> TRUE
(28139) Mon Nov 26 10:42:36 2018: Debug: if (! EAP-Type || (EAP-Type !=
TTLS && EAP-Type != PEAP) ) {
(28139) Mon Nov 26 10:42:36 2018: Debug: policy
packetfence-audit-log-reject {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name != "dummy")
{
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name !=
"dummy") -> TRUE
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&User-Name !=
"dummy") {
(28139) Mon Nov 26 10:42:36 2018: Debug: policy request-timing {
(28139) Mon Nov 26 10:42:36 2018: Debug: if
(control:PacketFence-Request-Time != 0) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if
(control:PacketFence-Request-Time != 0) -> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: } # policy
request-timing = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: EXPAND
type.reject.query
(28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: -->
type.reject.query
(28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: Using query template
'query'
(28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: EXPAND %{User-Name}
(28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: --> pica8
(28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: SQL-User-Name set to
'pica8'
(28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: EXPAND INSERT INTO
radius_audit_log ( mac, ip, computer_name, user_name,
stripped_user_name, realm, event_type, switch_id,
switch_mac, switch_ip_address, radius_source_ip_address,
called_station_id, calling_station_id, nas_port_type, ssid,
nas_port_id, ifindex, nas_port, connection_type,
nas_ip_address, nas_identifier, auth_status, reason,
auth_type, eap_type, role, node_status, profile,
source, auto_reg, is_phone, pf_domain, uuid,
radius_request, radius_reply, request_time, tenant_id)
VALUES ( '%{request:Calling-Station-Id}',
'%{request:Framed-IP-Address}',
'%{%{control:PacketFence-Computer-Name}:-N/A}', '%{request:User-Name}',
'%{request:Stripped-User-Name}', '%{request:Realm}',
'Radius-Access-Request',
'%{%{control:PacketFence-Switch-Id}:-N/A}',
'%{%{control:PacketFence-Switch-Mac}:-N/A}',
'%{%{control:PacketFence-Switch-Ip-Address}:-N/A}',
'%{Packet-Src-IP-Address}', '%{request:Called-Station-Id}',
'%{request:Calling-Station-Id}', '%{request:NAS-Port-Type}',
'%{request:Called-Station-SSID}', '%{request:NAS-Port-Id}',
'%{%{control:PacketFence-IfIndex}:-N/A}', '%{request:NAS-Port}',
'%{%{control:PacketFence-Connection-Type}:-N/A}',
'%{request:NAS-IP-Address}', '%{request:NAS-Identifier}', 'Reject',
'%{request:Module-Failure-Message}', '%{control:Auth-Type}',
'%{request:EAP-Type}',
'%{%{control:PacketFence-Role}:-N/A}',
'%{%{control:PacketFence-Status}:-N/A}',
'%{%{control:PacketFence-Profile}:-N/A}',
'%{%{control:PacketFence-Source}:-N/A}',
'%{%{control:PacketFence-AutoReg}:-0}',
'%{%{control:PacketFence-IsPhone}:-0}',
'%{request:PacketFence-Domain}', '',
'%{pairs:&request:[*]}','%{pairs:&reply:[*]}',
'%{%{control:PacketFence-Request-Time}:-N/A}',
'%{control:PacketFence-Tenant-Id}')
(28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: --> INSERT INTO
radius_audit_log ( mac, ip, computer_name, user_name,
stripped_user_name, realm, event_type, switch_id,
switch_mac, switch_ip_address, radius_source_ip_address,
called_station_id, calling_station_id, nas_port_type, ssid,
nas_port_id, ifindex, nas_port, connection_type,
nas_ip_address, nas_identifier, auth_status, reason,
auth_type, eap_type, role, node_status, profile,
source, auto_reg, is_phone, pf_domain, uuid,
radius_request, radius_reply, request_time, tenant_id)
VALUES ( '08:9e:01:9e:cc:fe', '', 'N/A', 'pica8',
'pica8', 'null', 'Radius-Access-Request', 'N/A',
'N/A', 'N/A', '10.10.51.224', 'a8:2b:b5:f6:ca:01',
'08:9e:01:9e:cc:fe', 'Ethernet', '', '',
'N/A', '23', 'N/A', '0.0.0.0', '', 'Reject',
'eap_md5: Cleartext-Password is required for EAP-MD5 authentication',
'eap', 'MD5', 'N/A', 'N/A', 'N/A', 'N/A',
'0', '0', '', '', 'User-Name =3D =22pica8=22=2C
NAS-IP-Address =3D 0.0.0.0=2C NAS-Port-Type =3D Ethernet=2C NAS-Port =3D
23=2C Calling-Station-Id =3D =2208:9e:01:9e:cc:fe=22=2C Framed-MTU =3D
1500=2C EAP-Message =3D 0x02d200160410f7cd748d9a9e9aac4a432e8f2474575d=2C
State =3D 0x27b6a33c2664a7cacd0091342714d737=2C Message-Authenticator =3D
0xa01b4fc4fabd44ae90c589966f7d4782=2C FreeRADIUS-Client-IP-Address =3D
10.10.51.224=2C Called-Station-Id =3D =22a8:2b:b5:f6:ca:01=22=2C
Event-Timestamp =3D =22Nov 26 2018 10:42:36 HKT=22=2C Stripped-User-Name
=3D =22pica8=22=2C Realm =3D =22null=22=2C EAP-Type =3D MD5=2C Tmp-String-1
=3D =22089e019eccfe=22=2C Module-Failure-Message =3D =22eap_md5:
Cleartext-Password is required for EAP-MD5 authentication=22=2C
Module-Failure-Message =3D =22eap: Failed continuing EAP MD5 =284=29
session. EAP sub-module failed=22=2C User-Password =3D
=22=2A=2A=2A=2A=2A=2A=22=2C SQL-User-Name =3D =22pica8=22','EAP-Message =3D
0x04d20004=2C Message-Authenticator =3D
0x00000000000000000000000000000000', '0', '1')
(28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: Executing query:
INSERT INTO radius_audit_log ( mac, ip, computer_name,
user_name, stripped_user_name, realm, event_type,
switch_id, switch_mac, switch_ip_address,
radius_source_ip_address, called_station_id, calling_station_id,
nas_port_type, ssid, nas_port_id, ifindex, nas_port,
connection_type, nas_ip_address, nas_identifier,
auth_status, reason, auth_type, eap_type,
role, node_status, profile, source, auto_reg, is_phone,
pf_domain, uuid, radius_request, radius_reply,
request_time, tenant_id) VALUES (
'08:9e:01:9e:cc:fe', '', 'N/A', 'pica8', 'pica8', 'null',
'Radius-Access-Request', 'N/A', 'N/A', 'N/A',
'10.10.51.224', 'a8:2b:b5:f6:ca:01', '08:9e:01:9e:cc:fe',
'Ethernet', '', '', 'N/A', '23', 'N/A',
'0.0.0.0', '', 'Reject', 'eap_md5: Cleartext-Password is
required for EAP-MD5 authentication', 'eap', 'MD5', 'N/A',
'N/A', 'N/A', 'N/A', '0', '0', '', '',
'User-Name =3D =22pica8=22=2C NAS-IP-Address =3D 0.0.0.0=2C NAS-Port-Type
=3D Ethernet=2C NAS-Port =3D 23=2C Calling-Station-Id =3D
=2208:9e:01:9e:cc:fe=22=2C Framed-MTU =3D 1500=2C EAP-Message =3D
0x02d200160410f7cd748d9a9e9aac4a432e8f2474575d=2C State =3D
0x27b6a33c2664a7cacd0091342714d737=2C Message-Authenticator =3D
0xa01b4fc4fabd44ae90c589966f7d4782=2C FreeRADIUS-Client-IP-Address =3D
10.10.51.224=2C Called-Station-Id =3D =22a8:2b:b5:f6:ca:01=22=2C
Event-Timestamp =3D =22Nov 26 2018 10:42:36 HKT=22=2C Stripped-User-Name
=3D =22pica8=22=2C Realm =3D =22null=22=2C EAP-Type =3D MD5=2C Tmp-String-1
=3D =22089e019eccfe=22=2C Module-Failure-Message =3D =22eap_md5:
Cleartext-Password is required for EAP-MD5 authentication=22=2C
Module-Failure-Message =3D =22eap: Failed continuing EAP MD5 =284=29
session. EAP sub-module failed=22=2C User-Password =3D
=22=2A=2A=2A=2A=2A=2A=22=2C SQL-User-Name =3D =22pica8=22','EAP-Message =3D
0x04d20004=2C Message-Authenticator =3D
0x00000000000000000000000000000000', '0', '1')
(28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: SQL query returned:
success
(28139) Mon Nov 26 10:42:36 2018: Debug: sql_reject: 1 record(s) updated
(28139) Mon Nov 26 10:42:36 2018: Debug: [sql_reject] = ok
(28139) Mon Nov 26 10:42:36 2018: Debug: } # if (&User-Name !=
"dummy") = ok
(28139) Mon Nov 26 10:42:36 2018: Debug: } # policy
packetfence-audit-log-reject = ok
(28139) Mon Nov 26 10:42:36 2018: Debug: } # if (! EAP-Type ||
(EAP-Type != TTLS && EAP-Type != PEAP) ) = ok
(28139) Mon Nov 26 10:42:36 2018: Debug: attr_filter.access_reject: EXPAND
%{User-Name}
(28139) Mon Nov 26 10:42:36 2018: Debug: attr_filter.access_reject: -->
pica8
(28139) Mon Nov 26 10:42:36 2018: Debug: attr_filter.access_reject: Matched
entry DEFAULT at line 11
(28139) Mon Nov 26 10:42:36 2018: Debug: [attr_filter.access_reject] =
updated
(28139) Mon Nov 26 10:42:36 2018: Debug: attr_filter.packetfence_post_auth:
EXPAND %{User-Name}
(28139) Mon Nov 26 10:42:36 2018: Debug:
attr_filter.packetfence_post_auth: --> pica8
(28139) Mon Nov 26 10:42:36 2018: Debug: attr_filter.packetfence_post_auth:
Matched entry DEFAULT at line 10
(28139) Mon Nov 26 10:42:36 2018: Debug:
[attr_filter.packetfence_post_auth] = updated
(28139) Mon Nov 26 10:42:36 2018: Debug: [eap] = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: policy
remove_reply_message_if_eap {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&reply:EAP-Message &&
&reply:Reply-Message) {
(28139) Mon Nov 26 10:42:36 2018: Debug: if (&reply:EAP-Message &&
&reply:Reply-Message) -> FALSE
(28139) Mon Nov 26 10:42:36 2018: Debug: else {
(28139) Mon Nov 26 10:42:36 2018: Debug: [noop] = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: } # else = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: } # policy
remove_reply_message_if_eap = noop
(28139) Mon Nov 26 10:42:36 2018: Debug: linelog: EXPAND
messages.%{%{reply:Packet-Type}:-default}
(28139) Mon Nov 26 10:42:36 2018: Debug: linelog: -->
messages.Access-Reject
(28139) Mon Nov 26 10:42:36 2018: Debug: linelog: EXPAND
[mac:%{Calling-Station-Id}] Rejected user: %{User-Name}
(28139) Mon Nov 26 10:42:36 2018: Debug: linelog: -->
[mac:08:9e:01:9e:cc:fe] Rejected user: pica8
(28139) Mon Nov 26 10:42:36 2018: Debug: [linelog] = ok
(28139) Mon Nov 26 10:42:36 2018: Debug: } # Post-Auth-Type REJECT =
updated
(28139) Mon Nov 26 10:42:36 2018: Debug: Delaying response for 1.000000
seconds
(28139) Mon Nov 26 10:42:37 2018: Debug: (28139) Discarding duplicate
request from client 10.10.51.224 port 1812 - ID: 6 due to delayed response
(28139) Mon Nov 26 10:42:37 2018: Debug: Sending delayed response
(28139) Mon Nov 26 10:42:37 2018: Debug: Sent Access-Reject Id 6 from
10.10.50.204:1812 to 10.10.51.224:1812 length 44
(28139) Mon Nov 26 10:42:37 2018: Debug: EAP-Message = 0x04d20004
(28139) Mon Nov 26 10:42:37 2018: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(28137) Mon Nov 26 10:42:41 2018: Debug: Cleaning up request packet ID 4
with timestamp +414097
(28138) Mon Nov 26 10:42:41 2018: Debug: Cleaning up request packet ID 5
with timestamp +414097
(28139) Mon Nov 26 10:42:41 2018: Debug: Cleaning up request packet ID 6
with timestamp +41409
Please have a look and advise, thank you again.
Ali
On Fri, Nov 23, 2018 at 10:50 AM Durand fabrice via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:
> Hello Amjad,
>
> can you paste the raddebug output, it will help to understand what happen.
>
> Regards
>
> Fabrice
>
>
> Le 18-11-22 à 06 h 01, Amjad Ali via PacketFence-users a écrit :
>
> Hi All,
>
> Just want to know that WIRED 802.1X and WIRED MAC AUTH authentication
> works well with PEAP but is giving error with MD5,
> Is MD5 not supported for these two or do I need to change some
> configuration?
>
> Thanks
> Ali
>
> --
> Amjad Ali
>
>
> _______________________________________________
> PacketFence-users mailing
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
--
Amjad Ali
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
