Hello Ludovic,
OK, I made those changes, then did a "pfcmd service pf restart".
No dice. Exact same results. Here's the end of the raddebug again in case
that helps. Still nothing in packetfence.log.
(17) Mon Apr 26 15:46:04 2021: Debug: Received Access-Request Id 93 from
172.20.50.76:43555 to 172.20.104.31:1812 length 277
(17) Mon Apr 26 15:46:04 2021: Debug: User-Name = "josh.nathan"
(17) Mon Apr 26 15:46:04 2021: Debug: NAS-Identifier = "66d9e7f8b8a4"
(17) Mon Apr 26 15:46:04 2021: Debug: Called-Station-Id =
"66-D9-E7-F8-B8-A4:BFA-EAP-Test"
(17) Mon Apr 26 15:46:04 2021: Debug: NAS-Port-Type = Wireless-802.11
(17) Mon Apr 26 15:46:04 2021: Debug: Service-Type = Framed-User
(17) Mon Apr 26 15:46:04 2021: Debug: Calling-Station-Id =
"58-CB-52-37-5D-AB"
(17) Mon Apr 26 15:46:04 2021: Debug: Connect-Info = "CONNECT 0Mbps
802.11b"
(17) Mon Apr 26 15:46:04 2021: Debug: Acct-Session-Id = "52DAD7D4BB763411"
(17) Mon Apr 26 15:46:04 2021: Debug: Acct-Multi-Session-Id =
"DBEED5366DD430AE"
(17) Mon Apr 26 15:46:04 2021: Debug: WLAN-Pairwise-Cipher = 1027076
(17) Mon Apr 26 15:46:04 2021: Debug: WLAN-Group-Cipher = 1027076
(17) Mon Apr 26 15:46:04 2021: Debug: WLAN-AKM-Suite = 1027073
(17) Mon Apr 26 15:46:04 2021: Debug: Framed-MTU = 1400
(17) Mon Apr 26 15:46:04 2021: Debug: EAP-Message =
0x02e4002e1900170303002300000000000000057749b9bde9be1ec64f7c9567e2867e5dc1d76f261821842d90f500
(17) Mon Apr 26 15:46:04 2021: Debug: State =
0xacaf705da54b69970120abcaacda4228
(17) Mon Apr 26 15:46:04 2021: Debug: Message-Authenticator =
0x0bed628cf8ff12e2250c3de6e9c1cc45
(17) Mon Apr 26 15:46:04 2021: Debug: Restoring &session-state
(17) Mon Apr 26 15:46:04 2021: Debug:
&session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(17) Mon Apr 26 15:46:04 2021: Debug: &session-state:TLS-Session-Version
= "TLS 1.2"
(17) Mon Apr 26 15:46:04 2021: Debug: # Executing section authorize from
file /usr/local/pf/raddb/sites-enabled/packetfence
(17) Mon Apr 26 15:46:04 2021: Debug: authorize {
(17) Mon Apr 26 15:46:04 2021: Debug: policy packetfence-nas-ip-address
{
(17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0"){
(17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0") -> TRUE
(17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0") {
(17) Mon Apr 26 15:46:04 2021: Debug: update request {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND
%{Packet-Src-IP-Address}
(17) Mon Apr 26 15:46:04 2021: Debug: --> 172.20.50.76
(17) Mon Apr 26 15:46:04 2021: Debug: } # update request = noop
(17) Mon Apr 26 15:46:04 2021: Debug: } # if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0") = noop
(17) Mon Apr 26 15:46:04 2021: Debug: } # policy
packetfence-nas-ip-address = noop
(17) Mon Apr 26 15:46:04 2021: Debug: update {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{Packet-Src-IP-Address}
(17) Mon Apr 26 15:46:04 2021: Debug: --> 172.20.50.76
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{Packet-Dst-IP-Address}
(17) Mon Apr 26 15:46:04 2021: Debug: --> 172.20.104.31
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %l
(17) Mon Apr 26 15:46:04 2021: Debug: --> 1619444764
(17) Mon Apr 26 15:46:04 2021: Debug: } # update = noop
(17) Mon Apr 26 15:46:04 2021: Debug: policy
packetfence-set-realm-if-machine {
(17) Mon Apr 26 15:46:04 2021: Debug: if (User-Name =~
/host\/([a-z0-9_-]*)[\.](.*)/i) {
(17) Mon Apr 26 15:46:04 2021: Debug: if (User-Name =~
/host\/([a-z0-9_-]*)[\.](.*)/i) -> FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: } # policy
packetfence-set-realm-if-machine = noop
(17) Mon Apr 26 15:46:04 2021: Debug: policy
packetfence-balanced-key-policy {
(17) Mon Apr 26 15:46:04 2021: Debug: if (&PacketFence-KeyBalanced &&
(&PacketFence-KeyBalanced =~ /^(.*)(.)$/i)) {
(17) Mon Apr 26 15:46:04 2021: Debug: if (&PacketFence-KeyBalanced &&
(&PacketFence-KeyBalanced =~ /^(.*)(.)$/i)) -> FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: else {
(17) Mon Apr 26 15:46:04 2021: Debug: update {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND
%{md5:%{Calling-Station-Id}%{User-Name}}
(17) Mon Apr 26 15:46:04 2021: Debug: -->
50bc5046614b032967fc88f562a08c92
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND
%{md5:%{Calling-Station-Id}%{User-Name}}
(17) Mon Apr 26 15:46:04 2021: Debug: -->
50bc5046614b032967fc88f562a08c92
(17) Mon Apr 26 15:46:04 2021: Debug: } # update = noop
(17) Mon Apr 26 15:46:04 2021: Debug: } # else = noop
(17) Mon Apr 26 15:46:04 2021: Debug: } # policy
packetfence-balanced-key-policy = noop
(17) Mon Apr 26 15:46:04 2021: Debug: policy packetfence-set-tenant-id {
(17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0"){
(17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0") -> FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND
%{%{control:PacketFence-Tenant-Id}:-0}
(17) Mon Apr 26 15:46:04 2021: Debug: --> 0
(17) Mon Apr 26 15:46:04 2021: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
(17) Mon Apr 26 15:46:04 2021: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(17) Mon Apr 26 15:46:04 2021: Debug: update control {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{User-Name}
(17) Mon Apr 26 15:46:04 2021: Debug: --> josh.nathan
(17) Mon Apr 26 15:46:04 2021: Debug: SQL-User-Name set to
'josh.nathan'
(17) Mon Apr 26 15:46:04 2021: Debug: Executing select query:
SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'172.20.50.76'), 0)
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{sql: SELECT
IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname =
'%{NAS-IP-Address}'), 0)}
(17) Mon Apr 26 15:46:04 2021: Debug: --> 0
(17) Mon Apr 26 15:46:04 2021: Debug: } # update control = noop
(17) Mon Apr 26 15:46:04 2021: Debug: } # if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
(17) Mon Apr 26 15:46:04 2021: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) {
(17) Mon Apr 26 15:46:04 2021: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) -> TRUE
(17) Mon Apr 26 15:46:04 2021: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) {
(17) Mon Apr 26 15:46:04 2021: Debug: update control {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{User-Name}
(17) Mon Apr 26 15:46:04 2021: Debug: --> josh.nathan
(17) Mon Apr 26 15:46:04 2021: Debug: SQL-User-Name set to
'josh.nathan'
(17) Mon Apr 26 15:46:04 2021: Debug: Executing select query:
SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <=
INET_ATON('172.20.50.76') and INET_ATON('172.20.50.76') <= end_ip order by
range_length limit 1), 1)
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{sql: SELECT
IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <=
INET_ATON('%{NAS-IP-Address}') and INET_ATON('%{NAS-IP-Address}') <= end_ip
order by range_length limit 1), 1)}
(17) Mon Apr 26 15:46:04 2021: Debug: --> 1
(17) Mon Apr 26 15:46:04 2021: Debug: } # update control = noop
(17) Mon Apr 26 15:46:04 2021: Debug: } # if (
&control:PacketFence-Tenant-Id == 0 ) = noop
(17) Mon Apr 26 15:46:04 2021: Debug: } # policy
packetfence-set-tenant-id = noop
(17) Mon Apr 26 15:46:04 2021: Debug: policy rewrite_calling_station_id
{
(17) Mon Apr 26 15:46:04 2021: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(17) Mon Apr 26 15:46:04 2021: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
-> TRUE
(17) Mon Apr 26 15:46:04 2021: Debug: if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
{
(17) Mon Apr 26 15:46:04 2021: Debug: update request {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND
%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
(17) Mon Apr 26 15:46:04 2021: Debug: --> 58:cb:52:37:5d:ab
(17) Mon Apr 26 15:46:04 2021: Debug: } # update request = noop
(17) Mon Apr 26 15:46:04 2021: Debug: [updated] = updated
(17) Mon Apr 26 15:46:04 2021: Debug: } # if (&Calling-Station-Id &&
(&Calling-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
= updated
(17) Mon Apr 26 15:46:04 2021: Debug: ... skipping else: Preceding
"if" was taken
(17) Mon Apr 26 15:46:04 2021: Debug: } # policy
rewrite_calling_station_id = updated
(17) Mon Apr 26 15:46:04 2021: Debug: policy rewrite_called_station_id {
(17) Mon Apr 26 15:46:04 2021: Debug: if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
{
(17) Mon Apr 26 15:46:04 2021: Debug: if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
-> TRUE
(17) Mon Apr 26 15:46:04 2021: Debug: if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
{
(17) Mon Apr 26 15:46:04 2021: Debug: update request {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND
%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
(17) Mon Apr 26 15:46:04 2021: Debug: --> 66:d9:e7:f8:b8:a4
(17) Mon Apr 26 15:46:04 2021: Debug: } # update request = noop
(17) Mon Apr 26 15:46:04 2021: Debug: if ("%{8}") {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{8}
(17) Mon Apr 26 15:46:04 2021: Debug: --> BFA-EAP-Test
(17) Mon Apr 26 15:46:04 2021: Debug: if ("%{8}") -> TRUE
(17) Mon Apr 26 15:46:04 2021: Debug: if ("%{8}") {
(17) Mon Apr 26 15:46:04 2021: Debug: update request {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND
%{Called-Station-Id}:%{8}
(17) Mon Apr 26 15:46:04 2021: Debug: -->
66:d9:e7:f8:b8:a4:BFA-EAP-Test
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{8}
(17) Mon Apr 26 15:46:04 2021: Debug: --> BFA-EAP-Test
(17) Mon Apr 26 15:46:04 2021: Debug: } # update request = noop
(17) Mon Apr 26 15:46:04 2021: Debug: } # if ("%{8}") = noop
(17) Mon Apr 26 15:46:04 2021: Debug: ... skipping elsif: Preceding
"if" was taken
(17) Mon Apr 26 15:46:04 2021: Debug: ... skipping elsif: Preceding
"if" was taken
(17) Mon Apr 26 15:46:04 2021: Debug: ... skipping elsif: Preceding
"if" was taken
(17) Mon Apr 26 15:46:04 2021: Debug: [updated] = updated
(17) Mon Apr 26 15:46:04 2021: Debug: } # if ((&Called-Station-Id) &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
= updated
(17) Mon Apr 26 15:46:04 2021: Debug: ... skipping else: Preceding
"if" was taken
(17) Mon Apr 26 15:46:04 2021: Debug: } # policy
rewrite_called_station_id = updated
(17) Mon Apr 26 15:46:04 2021: Debug: if ( "%{client:shortname}" =~
/eduroam_tlrs/ ) {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{client:shortname}
(17) Mon Apr 26 15:46:04 2021: Debug: --> 172.20.50.76/32
(17) Mon Apr 26 15:46:04 2021: Debug: if ( "%{client:shortname}" =~
/eduroam_tlrs/ ) -> FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: policy filter_username {
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name) {
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name) -> TRUE
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name) {
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ / /) {
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ / /) ->
FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /@[^@]*@/ )
{
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /@[^@]*@/ )
-> FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /\.\./ ) {
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /\.\./ )
-> FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) {
(17) Mon Apr 26 15:46:04 2021: Debug: if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /\.$/) {
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /\.$/) ->
FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /@\./) {
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /@\./) ->
FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: } # if (&User-Name) = updated
(17) Mon Apr 26 15:46:04 2021: Debug: } # policy filter_username =
updated
(17) Mon Apr 26 15:46:04 2021: Debug: policy filter_password {
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Password &&
(&User-Password != "%{string:User-Password}")) {
(17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Password &&
(&User-Password != "%{string:User-Password}")) -> FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: } # policy filter_password =
updated
(17) Mon Apr 26 15:46:04 2021: Debug: [preprocess] = ok
(17) Mon Apr 26 15:46:04 2021: Debug: [mschap] = noop
(17) Mon Apr 26 15:46:04 2021: Debug: suffix: Checking for suffix after "@"
(17) Mon Apr 26 15:46:04 2021: Debug: suffix: No '@' in User-Name =
"josh.nathan", skipping NULL due to config.
(17) Mon Apr 26 15:46:04 2021: Debug: [suffix] = noop
(17) Mon Apr 26 15:46:04 2021: Debug: ntdomain: Checking for prefix before
"\"
(17) Mon Apr 26 15:46:04 2021: Debug: ntdomain: No '\' in User-Name =
"josh.nathan", looking up realm NULL
(17) Mon Apr 26 15:46:04 2021: Debug: ntdomain: Found realm "null"
(17) Mon Apr 26 15:46:04 2021: Debug: ntdomain: Adding Stripped-User-Name =
"josh.nathan"
(17) Mon Apr 26 15:46:04 2021: Debug: ntdomain: Adding Realm = "null"
(17) Mon Apr 26 15:46:04 2021: Debug: ntdomain: Authentication realm is
LOCAL
(17) Mon Apr 26 15:46:04 2021: Debug: [ntdomain] = ok
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Expanding URI components
(17) Mon Apr 26 15:46:04 2021: Debug: rest: EXPAND http://127.0.0.1:7070
(17) Mon Apr 26 15:46:04 2021: Debug: rest: --> http://127.0.0.1:7070
(17) Mon Apr 26 15:46:04 2021: Debug: rest: EXPAND //radius/rest/filter
(17) Mon Apr 26 15:46:04 2021: Debug: rest: --> //radius/rest/filter
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Sending HTTP POST to "
http://127.0.0.1:7070//radius/rest/filter";
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute "User-Name"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"NAS-IP-Address"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"Service-Type"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute "Framed-MTU"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute "State"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"Called-Station-Id"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"Calling-Station-Id"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"NAS-Identifier"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"NAS-Port-Type"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"Acct-Session-Id"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"Acct-Multi-Session-Id"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"Event-Timestamp"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"Connect-Info"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute "EAP-Message"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"Message-Authenticator"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"WLAN-Pairwise-Cipher"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"WLAN-Group-Cipher"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"WLAN-AKM-Suite"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"Stripped-User-Name"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute "Realm"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"SQL-User-Name"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"FreeRADIUS-Client-IP-Address"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"Called-Station-SSID"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"PacketFence-KeyBalanced"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute
"PacketFence-Radius-Ip"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Processing response header
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Status : 100 (Continue)
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Continuing...
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Processing response header
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Status : 200 (OK)
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Type : json
(application/json)
(17) Mon Apr 26 15:46:04 2021: Debug: rest: Parsing attribute
"control:PacketFence-Authorization-Status"
(17) Mon Apr 26 15:46:04 2021: Debug: rest: EXPAND allow
(17) Mon Apr 26 15:46:04 2021: Debug: rest: --> allow
(17) Mon Apr 26 15:46:04 2021: Debug: rest:
PacketFence-Authorization-Status := "allow"
(17) Mon Apr 26 15:46:04 2021: Debug: [rest] = updated
(17) Mon Apr 26 15:46:04 2021: Debug: eap: Peer sent EAP Response (code 2)
ID 228 length 46
(17) Mon Apr 26 15:46:04 2021: Debug: eap: Continuing tunnel setup
(17) Mon Apr 26 15:46:04 2021: Debug: [eap] = ok
(17) Mon Apr 26 15:46:04 2021: Debug: } # authorize = ok
(17) Mon Apr 26 15:46:04 2021: Debug: Found Auth-Type = eap
(17) Mon Apr 26 15:46:04 2021: Debug: # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence
(17) Mon Apr 26 15:46:04 2021: Debug: authenticate {
(17) Mon Apr 26 15:46:04 2021: Debug: eap: Expiring EAP session with state
0xacaf705da54b6997
(17) Mon Apr 26 15:46:04 2021: Debug: eap: Finished EAP session with state
0xacaf705da54b6997
(17) Mon Apr 26 15:46:04 2021: Debug: eap: Previous EAP request found for
state 0xacaf705da54b6997, released from the list
(17) Mon Apr 26 15:46:04 2021: Debug: eap: Peer sent packet with method EAP
PEAP (25)
(17) Mon Apr 26 15:46:04 2021: Debug: eap: Calling submodule eap_peap to
process data
(17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: Continuing EAP-TLS
(17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: [eaptls verify] = ok
(17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: Done initial handshake
(17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: [eaptls process] = ok
(17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: Session established.
Decoding tunneled attributes
(17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: PEAP state send tlv success
(17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: Received EAP-TLV response
(17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: Success
(17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: Using saved attributes from
the original Access-Accept
(17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: User-Name = "josh.nathan"
(17) Mon Apr 26 15:46:04 2021: Debug: eap: Sending EAP Success (code 3) ID
228 length 4
(17) Mon Apr 26 15:46:04 2021: Debug: eap: Freeing handler
(17) Mon Apr 26 15:46:04 2021: Debug: [eap] = ok
(17) Mon Apr 26 15:46:04 2021: Debug: } # authenticate = ok
(17) Mon Apr 26 15:46:04 2021: Debug: # Executing section post-auth from
file /usr/local/pf/raddb/sites-enabled/packetfence
(17) Mon Apr 26 15:46:04 2021: Debug: post-auth {
(17) Mon Apr 26 15:46:04 2021: Debug: update {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{Packet-Src-IP-Address}
(17) Mon Apr 26 15:46:04 2021: Debug: --> 172.20.50.76
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{Packet-Dst-IP-Address}
(17) Mon Apr 26 15:46:04 2021: Debug: --> 172.20.104.31
(17) Mon Apr 26 15:46:04 2021: Debug: } # update = noop
(17) Mon Apr 26 15:46:04 2021: Debug: policy packetfence-set-tenant-id {
(17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0"){
(17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address ||
NAS-IP-Address == "0.0.0.0") -> FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND
%{%{control:PacketFence-Tenant-Id}:-0}
(17) Mon Apr 26 15:46:04 2021: Debug: --> 1
(17) Mon Apr 26 15:46:04 2021: Debug: if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) {
(17) Mon Apr 26 15:46:04 2021: Debug: if (
&control:PacketFence-Tenant-Id == 0 ) -> FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: } # policy
packetfence-set-tenant-id = noop
(17) Mon Apr 26 15:46:04 2021: Debug: if
("%{%{control:PacketFence-Proxied-From}:-False}" == "True") {
(17) Mon Apr 26 15:46:04 2021: Debug: EXPAND
%{%{control:PacketFence-Proxied-From}:-False}
(17) Mon Apr 26 15:46:04 2021: Debug: --> False
(17) Mon Apr 26 15:46:04 2021: Debug: if
("%{%{control:PacketFence-Proxied-From}:-False}" == "True") -> FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: if (! EAP-Type || (EAP-Type !=
TTLS && EAP-Type != PEAP) ) {
(17) Mon Apr 26 15:46:04 2021: Debug: if (! EAP-Type || (EAP-Type !=
TTLS && EAP-Type != PEAP) ) -> FALSE
(17) Mon Apr 26 15:46:04 2021: Debug: attr_filter.packetfence_post_auth:
EXPAND %{User-Name}
(17) Mon Apr 26 15:46:04 2021: Debug: attr_filter.packetfence_post_auth:
--> josh.nathan
(17) Mon Apr 26 15:46:04 2021: Debug: attr_filter.packetfence_post_auth:
Matched entry DEFAULT at line 10
(17) Mon Apr 26 15:46:04 2021: Debug:
[attr_filter.packetfence_post_auth] = updated
(17) Mon Apr 26 15:46:04 2021: Debug: linelog: EXPAND
messages.%{%{reply:Packet-Type}:-default}
(17) Mon Apr 26 15:46:04 2021: Debug: linelog: --> messages.Access-Accept
(17) Mon Apr 26 15:46:04 2021: Debug: linelog: EXPAND
[mac:%{Calling-Station-Id}] Accepted user: %{reply:User-Name} and returned
VLAN %{reply:Tunnel-Private-Group-ID}
(17) Mon Apr 26 15:46:04 2021: Debug: linelog: -->
[mac:58:cb:52:37:5d:ab] Accepted user: josh.nathan and returned VLAN
(17) Mon Apr 26 15:46:04 2021: Debug: [linelog] = ok
(17) Mon Apr 26 15:46:04 2021: Debug: } # post-auth = updated
(17) Mon Apr 26 15:46:04 2021: Debug: Sent Access-Accept Id 93 from
172.20.104.31:1812 to 172.20.50.76:43555 length 0
(17) Mon Apr 26 15:46:04 2021: Debug: User-Name = "josh.nathan"
(17) Mon Apr 26 15:46:04 2021: Debug: MS-MPPE-Recv-Key =
0x7c0a1d6d086882905490447f73c59438006b8fb7a497cd446582272729ff160a
(17) Mon Apr 26 15:46:04 2021: Debug: MS-MPPE-Send-Key =
0xaf527d253335b877cd2073364c49c1e79a15da97037db30b95de703b20fe0aa3
(17) Mon Apr 26 15:46:04 2021: Debug: EAP-Message = 0x03e40004
(17) Mon Apr 26 15:46:04 2021: Debug: Message-Authenticator =
0x00000000000000000000000000000000
(17) Mon Apr 26 15:46:04 2021: Debug: Finished request
(6) Mon Apr 26 15:46:05 2021: Debug: Cleaning up request packet ID 14 with
timestamp +93
Joshua Nathan
*IT Supervisor*
Black Forest Academy
p: +49 (0) 7626 9161 631 m: +49 (0) 152 3452 0056
a:
w: Hammersteiner Straße 50, 79400 Kandern
bfacademy.de
On Mon, Apr 26, 2021 at 3:31 PM Zammit, Ludovic <luza...@akamai.com> wrote:
> Hello Josh,
>
> In authentication.conf remove all realm configuration related to all
> sources, leave the automatic selection to happen.
>
> I’m assuming your are using that connection profile "BFA-WiFi”. Add the
> "JumpCloud-RADIUS” source.
>
> Try again and let me know.
>
> Thanks,
>
> *Ludovic Zammit*
> *Product Support Engineer Principal*
> *Cell:* +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com>
> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies>
> <http://www.linkedin.com/company/akamai-technologies>
> <http://www.youtube.com/user/akamaitechnologies?feature=results_main>
>
>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
