Hello Thomas,
this is normal since there is no Calling-Station-Id attribute in the
radius request.
So PacketFence think that the access from 192.168.4.148 is a cli access
and the switch module for 192.168.4.148 doesn't support the cli access.
Just explain me what you want to configure and then my answer will
probably more precise.
Regards
Fabrice
Le 2017-02-13 à 11:19, Thomas Massip a écrit :
> Hi Fabrice,
>
> Thank's for your fast answer, try with radtest but I have same issue :
>
> Mon Feb 13 17:16:34 2017 : Debug: (0) Received Access-Request Id 8
> from 192.168.10.21:51726 to 192.168.10.22:1812 length 78
> Mon Feb 13 17:16:34 2017 : Debug: (0) User-Name = "UserTest"
> Mon Feb 13 17:16:34 2017 : Debug: (0) User-Password = "p@55word"
> Mon Feb 13 17:16:34 2017 : Debug: (0) NAS-IP-Address = 192.168.4.148
> Mon Feb 13 17:16:34 2017 : Debug: (0) NAS-Port = 7070
> Mon Feb 13 17:16:34 2017 : Debug: (0) Message-Authenticator =
> 0xfba43f2e2676863ec538ad5c9b0d298e
> Mon Feb 13 17:16:34 2017 : Debug: (0) session-state: No State attribute
> Mon Feb 13 17:16:34 2017 : Debug: (0) # Executing section authorize
> from file /usr/local/pf/raddb/sites-enabled/packetfence
> Mon Feb 13 17:16:34 2017 : Debug: (0) authorize {
> Mon Feb 13 17:16:34 2017 : Debug: (0) update {
> Mon Feb 13 17:16:34 2017 : Debug: (0) EXPAND
> %{Packet-Src-IP-Address}
> Mon Feb 13 17:16:34 2017 : Debug: (0) --> 192.168.10.21
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> &request:FreeRADIUS-Client-IP-Address := 192.168.10.21
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> &control:PacketFence-RPC-Server = 127.0.0.1
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> &control:PacketFence-RPC-Port = 7070
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> &control:PacketFence-RPC-User =
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> &control:PacketFence-RPC-Pass =
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> &control:PacketFence-RPC-Proto = http
> Mon Feb 13 17:16:34 2017 : Debug: (0) EXPAND %l
> Mon Feb 13 17:16:34 2017 : Debug: (0) --> 1487002594
> Mon Feb 13 17:16:34 2017 : Debug: (0) &control:Tmp-Integer-0 :=
> 1487002594
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> &control:PacketFence-Request-Time := 0
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # update = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) policy
> rewrite_calling_station_id {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&Calling-Station-Id &&
> (&Calling-Station-Id =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
> {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&Calling-Station-Id &&
> (&Calling-Station-Id =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
>
> -> FALSE
> Mon Feb 13 17:16:34 2017 : Debug: (0) else {
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> calling noop (rlm_always)
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> returned from noop (rlm_always)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [noop] = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # else = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy
> rewrite_calling_station_id = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) policy
> rewrite_called_station_id {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if ((&Called-Station-Id)
> && (&Called-Station-Id =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
> {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if ((&Called-Station-Id)
> && (&Called-Station-Id =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
>
> -> FALSE
> Mon Feb 13 17:16:34 2017 : Debug: (0) else {
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> calling noop (rlm_always)
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> returned from noop (rlm_always)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [noop] = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # else = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy
> rewrite_called_station_id = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) policy filter_username {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name) {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name) -> TRUE
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name) {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ / /) {
> Mon Feb 13 17:16:34 2017 : Debug: No matches
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ / /)
> -> FALSE
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~
> /@[^@]*@/ ) {
> Mon Feb 13 17:16:34 2017 : Debug: No matches
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~
> /@[^@]*@/ ) -> FALSE
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ /\.\./ ) {
> Mon Feb 13 17:16:34 2017 : Debug: No matches
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ /\.\./
> ) -> FALSE
> Mon Feb 13 17:16:34 2017 : Debug: (0) if ((&User-Name =~ /@/)
> && (&User-Name !~ /@(.+)\.(.+)$/)) {
> Mon Feb 13 17:16:34 2017 : Debug: No matches
> Mon Feb 13 17:16:34 2017 : Debug: (0) if ((&User-Name =~ /@/)
> && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ /\.$/) {
> Mon Feb 13 17:16:34 2017 : Debug: No matches
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~
> /\.$/) -> FALSE
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~ /@\./) {
> Mon Feb 13 17:16:34 2017 : Debug: No matches
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name =~
> /@\./) -> FALSE
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # if (&User-Name) = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy filter_username =
> noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) policy filter_password {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Password &&
> (&User-Password != "%{string:User-Password}")) {
> Mon Feb 13 17:16:34 2017 : Debug: (0) EXPAND TMPL XLAT STRUCT
> Mon Feb 13 17:16:34 2017 : Debug: (0) EXPAND %{string:User-Password}
> Mon Feb 13 17:16:34 2017 : Debug: (0) --> p@55word
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Password &&
> (&User-Password != "%{string:User-Password}")) -> FALSE
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy filter_password =
> noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> calling preprocess (rlm_preprocess)
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> returned from preprocess (rlm_preprocess)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [preprocess] = ok
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> calling suffix (rlm_realm)
> Mon Feb 13 17:16:34 2017 : Debug: (0) suffix: Checking for suffix
> after "@"
> Mon Feb 13 17:16:34 2017 : Debug: (0) suffix: No '@' in User-Name =
> "UserTest", skipping NULL due to config.
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> returned from suffix (rlm_realm)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [suffix] = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> calling ntdomain (rlm_realm)
> Mon Feb 13 17:16:34 2017 : Debug: (0) ntdomain: Checking for prefix
> before "\"
> Mon Feb 13 17:16:34 2017 : Debug: (0) ntdomain: No '\' in User-Name =
> "UserTest", looking up realm NULL
> Mon Feb 13 17:16:34 2017 : Debug: (0) ntdomain: Found realm "null"
> Mon Feb 13 17:16:34 2017 : Debug: (0) ntdomain: Adding
> Stripped-User-Name = "UserTest"
> Mon Feb 13 17:16:34 2017 : Debug: (0) ntdomain: Adding Realm = "null"
> Mon Feb 13 17:16:34 2017 : Debug: (0) ntdomain: Authentication realm
> is LOCAL
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> returned from ntdomain (rlm_realm)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [ntdomain] = ok
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> calling eap (rlm_eap)
> Mon Feb 13 17:16:34 2017 : Debug: (0) eap: No EAP-Message, not doing EAP
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> returned from eap (rlm_eap)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [eap] = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) if ( !EAP-Message ) {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if ( !EAP-Message ) -> TRUE
> Mon Feb 13 17:16:34 2017 : Debug: (0) if ( !EAP-Message ) {
> Mon Feb 13 17:16:34 2017 : Debug: (0) update {
> Mon Feb 13 17:16:34 2017 : Debug: (0) &control:Auth-Type := Accept
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # update = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # if ( !EAP-Message ) = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) policy
> packetfence-eap-mac-policy {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if ( &EAP-Type ) {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if ( &EAP-Type ) -> FALSE
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> calling noop (rlm_always)
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> returned from noop (rlm_always)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [noop] = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy
> packetfence-eap-mac-policy = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> calling pap (rlm_pap)
> Mon Feb 13 17:16:34 2017 : WARNING: (0) pap:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> Mon Feb 13 17:16:34 2017 : WARNING: (0) pap: !!! Ignoring
> control:User-Password. Update your !!!
> Mon Feb 13 17:16:34 2017 : WARNING: (0) pap: !!! configuration so that
> the "known good" clear text !!!
> Mon Feb 13 17:16:34 2017 : WARNING: (0) pap: !!! password is in
> Cleartext-Password and NOT in !!!
> Mon Feb 13 17:16:34 2017 : WARNING: (0) pap: !!!
> User-Password. !!!
> Mon Feb 13 17:16:34 2017 : WARNING: (0) pap:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> Mon Feb 13 17:16:34 2017 : WARNING: (0) pap: Auth-Type already set.
> Not setting to PAP
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[authorize]:
> returned from pap (rlm_pap)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [pap] = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # authorize = ok
> Mon Feb 13 17:16:34 2017 : Debug: (0) Found Auth-Type = Accept
> Mon Feb 13 17:16:34 2017 : Debug: (0) Auth-Type = Accept, accepting
> the user
> Mon Feb 13 17:16:34 2017 : Debug: (0) # Executing section post-auth
> from file /usr/local/pf/raddb/sites-enabled/packetfence
> Mon Feb 13 17:16:34 2017 : Debug: (0) post-auth {
> Mon Feb 13 17:16:34 2017 : Debug: (0) update {
> Mon Feb 13 17:16:34 2017 : Debug: (0) EXPAND
> %{Packet-Src-IP-Address}
> Mon Feb 13 17:16:34 2017 : Debug: (0) --> 192.168.10.21
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> &request:FreeRADIUS-Client-IP-Address := 192.168.10.21
> Mon Feb 13 17:16:34 2017 : Debug: (0) Overwriting value
> "192.168.10.21" with "192.168.10.21"
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> &control:PacketFence-RPC-Server = 127.0.0.1
> Mon Feb 13 17:16:34 2017 : Debug: (0) Refusing to overwrite (use :=)
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> &control:PacketFence-RPC-Port = 7070
> Mon Feb 13 17:16:34 2017 : Debug: (0) Refusing to overwrite (use :=)
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> &control:PacketFence-RPC-User =
> Mon Feb 13 17:16:34 2017 : Debug: (0) Refusing to overwrite (use :=)
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> &control:PacketFence-RPC-Pass =
> Mon Feb 13 17:16:34 2017 : Debug: (0) Refusing to overwrite (use :=)
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> &control:PacketFence-RPC-Proto = http
> Mon Feb 13 17:16:34 2017 : Debug: (0) Refusing to overwrite (use :=)
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # update = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (! EAP-Type || (EAP-Type
> != TTLS && EAP-Type != PEAP) ) {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (! EAP-Type || (EAP-Type
> != TTLS && EAP-Type != PEAP) ) -> TRUE
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (! EAP-Type || (EAP-Type
> != TTLS && EAP-Type != PEAP) ) {
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> calling rest (rlm_rest)
> Mon Feb 13 17:16:34 2017 : Debug: rlm_rest (rest): Reserved connection (0)
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Expanding URI components
> Mon Feb 13 17:16:34 2017 : Debug: http://127.0.0.1:7070
> Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
> Mon Feb 13 17:16:34 2017 : Debug: literal --> http://127.0.0.1:7070
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: EXPAND http://127.0.0.1:7070
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: --> http://127.0.0.1:7070
> Mon Feb 13 17:16:34 2017 : Debug: //radius/rest/authorize
> Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
> Mon Feb 13 17:16:34 2017 : Debug: literal --> //radius/rest/authorize
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: EXPAND //radius/rest/authorize
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: --> //radius/rest/authorize
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Sending HTTP POST to
> "http://127.0.0.1:7070//radius/rest/authorize";
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Adding custom headers:
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: X-FreeRADIUS-Section:
> post-auth
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: X-FreeRADIUS-Server:
> packetfence
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Request body content-type
> will be "application/json"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute "User-Name"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : string
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 8
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "UserTest"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute
> "User-Password"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : string
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 8
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "p@55word"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute
> "NAS-IP-Address"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : ipaddr
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 13
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "192.168.4.148"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute "NAS-Port"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : integer
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 4
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : 7070
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute
> "Event-Timestamp"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : date
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 27
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "févr. 13 2017
> 17:16:34 CET"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute
> "Message-Authenticator"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : octets
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 34
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value :
> "0xfba43f2e2676863ec538ad5c9b0d298e"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute
> "Stripped-User-Name"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : string
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 8
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "UserTest"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute "Realm"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : string
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 4
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "null"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Encoding attribute
> "FreeRADIUS-Client-IP-Address"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : ipaddr
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Length : 13
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Value : "192.168.10.21"
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: JSON Data:
> {"User-Name":{"type":"string","value":["UserTest"]},"User-Password":{"type":"string","value":["p@55word"]},"NAS-IP-Address":{"type":"ipaddr","value":["192.168.4.148"]},"NAS-Port":{"type":"integer","value":[7070]},"Event-Timestamp":{"type":"date","value":["févr.
> 13 2017 17:16:34
> CET"]},"Message-Authenticator":{"type":"octets","value":["0xfba43f2e2676863ec538ad5c9b0d298e"]},"Stripped-User-Name":{"type":"string","value":["UserTest"]},"Realm":{"type":"string","value":["null"]},"FreeRADIUS-Client-IP-Address":{"type":"ipaddr","value":["192.168.10.21"]}}
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Returning 554 bytes of
> JSON data
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Processing response header
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Status : 401 (Unauthorized)
> Mon Feb 13 17:16:34 2017 : Debug: (0) rest: Type : json
> (application/json)
> Mon Feb 13 17:16:34 2017 : ERROR: (0) rest: Server returned:
> Mon Feb 13 17:16:34 2017 : ERROR: (0) rest:
> {"Reply-Message":"PacketFence does not support this switch for
> read/write access login","reply:PacketFence-Authorization-Status":"allow"}
> Mon Feb 13 17:16:34 2017 : Debug: rlm_rest (rest): Released connection (0)
> Mon Feb 13 17:16:34 2017 : Info: rlm_rest (rest): Need 5 more
> connections to reach 10 spares
> Mon Feb 13 17:16:34 2017 : Info: rlm_rest (rest): Opening additional
> connection (5), 1 of 59 pending slots used
> Mon Feb 13 17:16:34 2017 : Debug: rlm_rest (rest): Connecting to
> "http://127.0.0.1:7070/";
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> returned from rest (rlm_rest)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [rest] = invalid
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # if (! EAP-Type ||
> (EAP-Type != TTLS && EAP-Type != PEAP) ) = invalid
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # post-auth = invalid
> Mon Feb 13 17:16:34 2017 : Debug: (0) Using Post-Auth-Type Reject
> Mon Feb 13 17:16:34 2017 : Debug: (0) # Executing group from file
> /usr/local/pf/raddb/sites-enabled/packetfence
> Mon Feb 13 17:16:34 2017 : Debug: (0) Post-Auth-Type REJECT {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (! EAP-Type || (EAP-Type
> != TTLS && EAP-Type != PEAP) ) {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (! EAP-Type || (EAP-Type
> != TTLS && EAP-Type != PEAP) ) -> TRUE
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (! EAP-Type || (EAP-Type
> != TTLS && EAP-Type != PEAP) ) {
> Mon Feb 13 17:16:34 2017 : Debug: (0) policy
> packetfence-audit-log-reject {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name != "dummy") {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name !=
> "dummy") -> TRUE
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&User-Name !=
> "dummy") {
> Mon Feb 13 17:16:34 2017 : Debug: (0) policy request-timing {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if
> (control:PacketFence-Request-Time != 0) {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if
> (control:PacketFence-Request-Time != 0) -> FALSE
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy
> request-timing = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> calling sql_reject (rlm_sql)
> Mon Feb 13 17:16:34 2017 : Debug: type.reject.query
> Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
> Mon Feb 13 17:16:34 2017 : Debug: literal --> type.reject.query
> Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: EXPAND type.reject.query
> Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: --> type.reject.query
> Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: Using query template
> 'query'
> Mon Feb 13 17:16:34 2017 : Debug: rlm_sql (sql): Reserved connection (1)
> Mon Feb 13 17:16:34 2017 : Debug: %{User-Name}
> Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> User-Name
> Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: EXPAND %{User-Name}
> Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: --> UserTest
> Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: SQL-User-Name set to
> 'UserTest'
> Mon Feb 13 17:16:34 2017 : Debug: INSERT INTO
> radius_audit_log ( mac, ip, computer_name,
> user_name, stripped_user_name, realm,
> event_type, switch_id, switch_mac,
> switch_ip_address, radius_source_ip_address,
> called_station_id, calling_station_id, nas_port_type,
> ssid, nas_port_id, ifindex, nas_port,
> connection_type, nas_ip_address, nas_identifier,
> auth_status, reason, auth_type,
> eap_type, role, node_status, profile,
> source, auto_reg, is_phone, pf_domain, uuid,
> radius_request, radius_reply,
> request_time) VALUES (
> '%{request:Calling-Station-Id}', '%{request:Framed-IP-Address}',
> '%{%{control:PacketFence-Computer-Name}:-N/A}',
> '%{request:User-Name}',
> '%{request:Stripped-User-Name}', '%{request:Realm}',
> 'Radius-Access-Request',
> '%{%{control:PacketFence-Switch-Id}:-N/A}',
> '%{%{control:PacketFence-Switch-Mac}:-N/A}',
> '%{%{control:PacketFence-Switch-Ip-Address}:-N/A}',
> '%{Packet-Src-IP-Address}', '%{request:Called-Station-Id}',
> '%{request:Calling-Station-Id}',
> '%{request:NAS-Port-Type}', '%{request:Called-Station-SSID}',
> '%{request:NAS-Port-Id}',
> '%{%{control:PacketFence-IfIndex}:-N/A}', '%{request:NAS-Port}',
> '%{%{control:PacketFence-Connection-Type}:-N/A}',
> '%{request:NAS-IP-Address}', '%{request:NAS-Identifier}',
> 'Reject', '%{request:Module-Failure-Message}',
> '%{control:Auth-Type}', '%{request:EAP-Type}',
> '%{%{control:PacketFence-Role}:-N/A}',
> '%{%{control:PacketFence-Status}:-N/A}',
> '%{%{control:PacketFence-Profile}:-N/A}',
> '%{%{control:PacketFence-Source}:-N/A}',
> '%{%{control:PacketFence-AutoReg}:-N/A}',
> '%{%{control:PacketFence-IsPhone}:-N/A}',
> '%{request:PacketFence-Domain}', '',
> '%{pairs:&request:[*]}','%{pairs:&reply:[*]}',
> '%{%{control:PacketFence-Request-Time}:-N/A}')
> Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
> Mon Feb 13 17:16:34 2017 : Debug: literal --> INSERT INTO
> radius_audit_log ( mac, ip, computer_name,
> user_name, stripped_user_name, realm,
> event_type, switch_id, switch_mac,
> switch_ip_address, radius_source_ip_address,
> called_station_id, calling_station_id, nas_port_type,
> ssid, nas_port_id, ifindex, nas_port,
> connection_type, nas_ip_address, nas_identifier,
> auth_status, reason, auth_type,
> eap_type, role, node_status, profile,
> source, auto_reg, is_phone, pf_domain, uuid,
> radius_request, radius_reply,
> request_time) VALUES ( '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> Calling-Station-Id
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> Framed-IP-Address
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute -->
> PacketFence-Computer-Name
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> User-Name
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> Stripped-User-Name
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> Realm
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ',
> 'Radius-Access-Request', '
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Switch-Id
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Switch-Mac
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute -->
> PacketFence-Switch-Ip-Address
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> Packet-Src-IP-Address
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> Called-Station-Id
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> Calling-Station-Id
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> NAS-Port-Type
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> Called-Station-SSID
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> NAS-Port-Id
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-IfIndex
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> NAS-Port
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute -->
> PacketFence-Connection-Type
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> NAS-IP-Address
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> NAS-Identifier
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ',
> 'Reject', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> Module-Failure-Message
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> Auth-Type
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> EAP-Type
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Role
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Status
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Profile
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Source
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-AutoReg
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-IsPhone
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> PacketFence-Domain
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '', '
> Mon Feb 13 17:16:34 2017 : Debug: xlat --> pairs
> Mon Feb 13 17:16:34 2017 : Debug: {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> &request:[*]
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ','
> Mon Feb 13 17:16:34 2017 : Debug: xlat --> pairs
> Mon Feb 13 17:16:34 2017 : Debug: {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> &reply:[*]
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ', '
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute -->
> PacketFence-Request-Time
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> N/A
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ')
> Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: EXPAND INSERT INTO
> radius_audit_log ( mac, ip, computer_name,
> user_name, stripped_user_name, realm,
> event_type, switch_id, switch_mac,
> switch_ip_address, radius_source_ip_address,
> called_station_id, calling_station_id, nas_port_type,
> ssid, nas_port_id, ifindex, nas_port,
> connection_type, nas_ip_address, nas_identifier,
> auth_status, reason, auth_type,
> eap_type, role, node_status, profile,
> source, auto_reg, is_phone, pf_domain, uuid,
> radius_request, radius_reply,
> request_time) VALUES (
> '%{request:Calling-Station-Id}', '%{request:Framed-IP-Address}',
> '%{%{control:PacketFence-Computer-Name}:-N/A}',
> '%{request:User-Name}',
> '%{request:Stripped-User-Name}', '%{request:Realm}',
> 'Radius-Access-Request',
> '%{%{control:PacketFence-Switch-Id}:-N/A}',
> '%{%{control:PacketFence-Switch-Mac}:-N/A}',
> '%{%{control:PacketFence-Switch-Ip-Address}:-N/A}',
> '%{Packet-Src-IP-Address}', '%{request:Called-Station-Id}',
> '%{request:Calling-Station-Id}',
> '%{request:NAS-Port-Type}', '%{request:Called-Station-SSID}',
> '%{request:NAS-Port-Id}',
> '%{%{control:PacketFence-IfIndex}:-N/A}', '%{request:NAS-Port}',
> '%{%{control:PacketFence-Connection-Type}:-N/A}',
> '%{request:NAS-IP-Address}', '%{request:NAS-Identifier}',
> 'Reject', '%{request:Module-Failure-Message}',
> '%{control:Auth-Type}', '%{request:EAP-Type}',
> '%{%{control:PacketFence-Role}:-N/A}',
> '%{%{control:PacketFence-Status}:-N/A}',
> '%{%{control:PacketFence-Profile}:-N/A}',
> '%{%{control:PacketFence-Source}:-N/A}',
> '%{%{control:PacketFence-AutoReg}:-N/A}',
> '%{%{control:PacketFence-IsPhone}:-N/A}',
> '%{request:PacketFence-Domain}', '',
> '%{pairs:&request:[*]}','%{pairs:&reply:[*]}',
> '%{%{control:PacketFence-Request-Time}:-N/A}')
> Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: --> INSERT INTO
> radius_audit_log ( mac, ip, computer_name,
> user_name, stripped_user_name, realm,
> event_type, switch_id, switch_mac,
> switch_ip_address, radius_source_ip_address,
> called_station_id, calling_station_id, nas_port_type,
> ssid, nas_port_id, ifindex, nas_port,
> connection_type, nas_ip_address, nas_identifier,
> auth_status, reason, auth_type,
> eap_type, role, node_status, profile,
> source, auto_reg, is_phone, pf_domain, uuid,
> radius_request, radius_reply,
> request_time) VALUES ( '', '', 'N/A',
> 'UserTest', 'UserTest', 'null',
> 'Radius-Access-Request', 'N/A', 'N/A',
> 'N/A', '192.168.10.21', '', '', '', '',
> '', 'N/A', '7070', 'N/A',
> '192.168.4.148', '', 'Reject', 'rest: Server
> returned:', 'Accept', '', 'N/A', 'N/A',
> 'N/A', 'N/A', 'N/A', 'N/A', '', '',
> 'User-Name =3D =22UserTest=22=2C User-Password =3D =22p@55word=22=2C
> NAS-IP-Address =3D 192.168.4.148=2C NAS-Port =3D 7070=2C
> Event-Timestamp =3D =22févr. 13 2017 17:16:34 CET=22=2C
> Message-Authenticator =3D 0xfba43f2e2676863ec538ad5c9b0d298e=2C
> Stripped-User-Name =3D =22UserTest=22=2C Realm =3D =22null=22=2C
> FreeRADIUS-Client-IP-Address =3D 192.168.10.21=2C
> Module-Failure-Message =3D =22rest: Server returned:=22=2C
> Module-Failure-Message =3D =22rest:
> =7B=5C=22Reply-Message=5C=22:=5C=22PacketFence does not support this
> switch for read/write access
> login=5C=22=2C=5C=22reply:PacketFence-Authorization-Status=5C=22:=5C=22allow=5C=22=7D=22=2C
> SQL-User-Name =3D =22UserTest=22','', '0')
> Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: Executing query:
> INSERT INTO radius_audit_log ( mac, ip, computer_name,
> user_name, stripped_user_name, realm,
> event_type, switch_id, switch_mac,
> switch_ip_address, radius_source_ip_address,
> called_station_id, calling_station_id, nas_port_type,
> ssid, nas_port_id, ifindex, nas_port,
> connection_type, nas_ip_address, nas_identifier,
> auth_status, reason, auth_type,
> eap_type, role, node_status, profile,
> source, auto_reg, is_phone, pf_domain, uuid,
> radius_request, radius_reply,
> request_time) VALUES ( '', '', 'N/A',
> 'UserTest', 'UserTest', 'null',
> 'Radius-Access-Request', 'N/A', 'N/A',
> 'N/A', '192.168.10.21', '', '', '', '',
> '', 'N/A', '7070', 'N/A',
> '192.168.4.148', '', 'Reject', 'rest: Server
> returned:', 'Accept', '', 'N/A', 'N/A',
> 'N/A', 'N/A', 'N/A', 'N/A', '', '',
> 'User-Name =3D =22UserTest=22=2C User-Password =3D =22p@55word=22=2C
> NAS-IP-Address =3D 192.168.4.148=2C NAS-Port =3D 7070=2C
> Event-Timestamp =3D =22févr. 13 2017 17:16:34 CET=22=2C
> Message-Authenticator =3D 0xfba43f2e2676863ec538ad5c9b0d298e=2C
> Stripped-User-Name =3D =22UserTest=22=2C Realm =3D =22null=22=2C
> FreeRADIUS-Client-IP-Address =3D 192.168.10.21=2C
> Module-Failure-Message =3D =22rest: Server returned:=22=2C
> Module-Failure-Message =3D =22rest:
> =7B=5C=22Reply-Message=5C=22:=5C=22PacketFence does not support this
> switch for read/write access
> login=5C=22=2C=5C=22reply:PacketFence-Authorization-Status=5C=22:=5C=22allow=5C=22=7D=22=2C
> SQL-User-Name =3D =22UserTest=22','', '0')
> Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: SQL query returned:
> success
> Mon Feb 13 17:16:34 2017 : Debug: (0) sql_reject: 1 record(s) updated
> Mon Feb 13 17:16:34 2017 : Debug: rlm_sql (sql): Released connection (1)
> Mon Feb 13 17:16:34 2017 : Info: rlm_sql (sql): Need 4 more
> connections to reach 10 spares
> Mon Feb 13 17:16:34 2017 : Info: rlm_sql (sql): Opening additional
> connection (6), 1 of 58 pending slots used
> Mon Feb 13 17:16:34 2017 : Debug: rlm_sql_mysql: Starting connect to
> MySQL server
> Mon Feb 13 17:16:34 2017 : Debug: rlm_sql_mysql: Connected to database
> 'pf' on Localhost via UNIX socket, server version 5.5.52-MariaDB,
> protocol version 10
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> returned from sql_reject (rlm_sql)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [sql_reject] = ok
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # if (&User-Name !=
> "dummy") = ok
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy
> packetfence-audit-log-reject = ok
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # if (! EAP-Type ||
> (EAP-Type != TTLS && EAP-Type != PEAP) ) = ok
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> calling attr_filter.access_reject (rlm_attr_filter)
> Mon Feb 13 17:16:34 2017 : Debug: %{User-Name}
> Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> User-Name
> Mon Feb 13 17:16:34 2017 : Debug: (0) attr_filter.access_reject:
> EXPAND %{User-Name}
> Mon Feb 13 17:16:34 2017 : Debug: (0) attr_filter.access_reject:
> --> UserTest
> Mon Feb 13 17:16:34 2017 : Debug: (0) attr_filter.access_reject:
> Matched entry DEFAULT at line 11
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> returned from attr_filter.access_reject (rlm_attr_filter)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [attr_filter.access_reject]
> = updated
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> calling attr_filter.packetfence_post_auth (rlm_attr_filter)
> Mon Feb 13 17:16:34 2017 : Debug: %{User-Name}
> Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> User-Name
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> attr_filter.packetfence_post_auth: EXPAND %{User-Name}
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> attr_filter.packetfence_post_auth: --> UserTest
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> attr_filter.packetfence_post_auth: Matched entry DEFAULT at line 10
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> returned from attr_filter.packetfence_post_auth (rlm_attr_filter)
> Mon Feb 13 17:16:34 2017 : Debug: (0)
> [attr_filter.packetfence_post_auth] = updated
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> calling eap (rlm_eap)
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> returned from eap (rlm_eap)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [eap] = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) policy
> remove_reply_message_if_eap {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&reply:EAP-Message &&
> &reply:Reply-Message) {
> Mon Feb 13 17:16:34 2017 : Debug: (0) if (&reply:EAP-Message &&
> &reply:Reply-Message) -> FALSE
> Mon Feb 13 17:16:34 2017 : Debug: (0) else {
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> calling noop (rlm_always)
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> returned from noop (rlm_always)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [noop] = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # else = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # policy
> remove_reply_message_if_eap = noop
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> calling linelog (rlm_linelog)
> Mon Feb 13 17:16:34 2017 : Debug:
> messages.%{%{reply:Packet-Type}:-default}
> Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
> Mon Feb 13 17:16:34 2017 : Debug: literal --> messages.
> Mon Feb 13 17:16:34 2017 : Debug: if {
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> Packet-Type
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: else {
> Mon Feb 13 17:16:34 2017 : Debug: literal --> default
> Mon Feb 13 17:16:34 2017 : Debug: }
> Mon Feb 13 17:16:34 2017 : Debug: (0) linelog: EXPAND
> messages.%{%{reply:Packet-Type}:-default}
> Mon Feb 13 17:16:34 2017 : Debug: (0) linelog: -->
> messages.Access-Accept
> Mon Feb 13 17:16:34 2017 : Debug: %t : [mac:%{Calling-Station-Id}]
> Accepted user: %{reply:User-Name} and returned VLAN
> %{reply:Tunnel-Private-Group-ID}
> Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
> Mon Feb 13 17:16:34 2017 : Debug: percent --> t
> Mon Feb 13 17:16:34 2017 : Debug: literal --> : [mac:
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> Calling-Station-Id
> Mon Feb 13 17:16:34 2017 : Debug: literal --> ] Accepted user:
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> User-Name
> Mon Feb 13 17:16:34 2017 : Debug: literal --> and returned VLAN
> Mon Feb 13 17:16:34 2017 : Debug: attribute --> Tunnel-Private-Group-Id
> Mon Feb 13 17:16:34 2017 : Debug: (0) linelog: EXPAND %t :
> [mac:%{Calling-Station-Id}] Accepted user: %{reply:User-Name} and
> returned VLAN %{reply:Tunnel-Private-Group-ID}
> Mon Feb 13 17:16:34 2017 : Debug: (0) linelog: --> Mon Feb 13
> 17:16:34 2017 : [mac:] Accepted user: and returned VLAN
> Mon Feb 13 17:16:34 2017 : Debug: /usr/local/pf/logs/radius.log
> Mon Feb 13 17:16:34 2017 : Debug: Parsed xlat tree:
> Mon Feb 13 17:16:34 2017 : Debug: literal -->
> /usr/local/pf/logs/radius.log
> Mon Feb 13 17:16:34 2017 : Debug: (0) linelog: EXPAND
> /usr/local/pf/logs/radius.log
> Mon Feb 13 17:16:34 2017 : Debug: (0) linelog: -->
> /usr/local/pf/logs/radius.log
> Mon Feb 13 17:16:34 2017 : Debug: (0) modsingle[post-auth]:
> returned from linelog (rlm_linelog)
> Mon Feb 13 17:16:34 2017 : Debug: (0) [linelog] = ok
> Mon Feb 13 17:16:34 2017 : Debug: (0) } # Post-Auth-Type REJECT =
> updated
> Mon Feb 13 17:16:34 2017 : Auth: (0) Rejected in post-auth: [UserTest]
> (from client 192.168.10.0/24 port 7070)
> Mon Feb 13 17:16:34 2017 : Debug: (0) Delaying response for 1.000000
> seconds
> Mon Feb 13 17:16:34 2017 : Debug: Waking up in 0.9 seconds.
> Mon Feb 13 17:16:35 2017 : Debug: (0) Sending delayed response
> Mon Feb 13 17:16:35 2017 : Debug: (0) Sent Access-Reject Id 8 from
> 192.168.10.22:1812 to 192.168.10.21:51726 length 20
> Mon Feb 13 17:16:35 2017 : Debug: Waking up in 3.9 seconds.
>
>
> Le 13/02/2017 à 15:25, Fabrice Durand a écrit :
>>
>> Hello Thomas,
>>
>> you are using PPP on the port 1812.
>>
>> If there is no calling-station-id attribute then it suppose that it's
>> for cli access.
>>
>> May i ask you what sort of setup you try to achieve ?
>>
>> Regards
>>
>> Fabrice Durand
>>
>>
>> Le 2017-02-13 à 08:42, Thomas Massip a écrit :
>>> Hi all,
>>>
>>> I actually use FreeRADIUS Version 3.0.13 with PacketFence
>>>
>>> and I have an issue when I try the rlm_rest.
>>>
>>> If somoene Know why I have this issue :
>>>
>>> rest: ERROR: Server returned:
>>> (0) rest: ERROR: {"Reply-Message":"PacketFence does not support this
>>> switch for read/write access
>>> login","reply:PacketFence-Authorization-Status":"allow"}
>>>
>>> This is my output radius -x :
>>>
>>>
>>> Thanks for ur help
>>>
>>> Best regards
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>> --
>> Fabrice Durand
>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
