It looks like the other test still showed the NAS IP as 192.168.1.5. I rebooted the switch and did another test.
Here is the raddebug from that... (38) Wed Nov 1 21:13:13 2017: Debug: Received Access-Request Id 201 from 192.168.1.12:42371 to 192.168.1.5:1812 length 158 (38) Wed Nov 1 21:13:13 2017: Debug: User-Name = "PFDOMAIN\\testme" (38) Wed Nov 1 21:13:13 2017: Debug: Called-Station-Id = "b0-b9-8a-46-3d-0e" (38) Wed Nov 1 21:13:13 2017: Debug: Calling-Station-Id = "00:21:70:d8:ac:45" (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Identifier = "b0-b9-8a-46-3d-0c" (38) Wed Nov 1 21:13:13 2017: Debug: NAS-IP-Address = 192.168.1.12 (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port = 1 (38) Wed Nov 1 21:13:13 2017: Debug: Framed-MTU = 1500 (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port-Type = Ethernet (38) Wed Nov 1 21:13:13 2017: Debug: EAP-Message = 0x02000014015046444f4d41494e5c746573746d65 (38) Wed Nov 1 21:13:13 2017: Debug: Message-Authenticator = 0x935d535299b823f31e7748c9271d6225 (38) Wed Nov 1 21:13:13 2017: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence (38) Wed Nov 1 21:13:13 2017: Debug: authorize { (38) Wed Nov 1 21:13:13 2017: Debug: update { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{Packet-Src-IP-Address} (38) Wed Nov 1 21:13:13 2017: Debug: --> 192.168.1.12 (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %l (38) Wed Nov 1 21:13:13 2017: Debug: --> 1509570793 (38) Wed Nov 1 21:13:13 2017: Debug: } # update = noop (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_calling_station_id { (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: update request { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (38) Wed Nov 1 21:13:13 2017: Debug: --> 00:21:70:d8:ac:45 (38) Wed Nov 1 21:13:13 2017: Debug: } # update request = noop (38) Wed Nov 1 21:13:13 2017: Debug: [updated] = updated (38) Wed Nov 1 21:13:13 2017: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (38) Wed Nov 1 21:13:13 2017: Debug: ... skipping else: Preceding "if" was taken (38) Wed Nov 1 21:13:13 2017: Debug: } # policy rewrite_calling_station_id = updated (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_called_station_id { (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: update request { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (38) Wed Nov 1 21:13:13 2017: Debug: --> b0:b9:8a:46:3d:0e (38) Wed Nov 1 21:13:13 2017: Debug: } # update request = noop (38) Wed Nov 1 21:13:13 2017: Debug: if ("%{8}") { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{8} (38) Wed Nov 1 21:13:13 2017: Debug: --> (38) Wed Nov 1 21:13:13 2017: Debug: if ("%{8}") -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) { (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: elsif (Aruba-Essid-Name) { (38) Wed Nov 1 21:13:13 2017: Debug: elsif (Aruba-Essid-Name) -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) { (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: [updated] = updated (38) Wed Nov 1 21:13:13 2017: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated (38) Wed Nov 1 21:13:13 2017: Debug: ... skipping else: Preceding "if" was taken (38) Wed Nov 1 21:13:13 2017: Debug: } # policy rewrite_called_station_id = updated (38) Wed Nov 1 21:13:13 2017: Debug: policy filter_username { (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name) { (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name) -> TRUE (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name) { (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ / /) { (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ / /) -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /@[^@]*@/ ) { (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /\.\./ ) { (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /\.\./ ) -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (38) Wed Nov 1 21:13:13 2017: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /\.$/) { (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /\.$/) -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /@\./) { (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /@\./) -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: } # if (&User-Name) = updated (38) Wed Nov 1 21:13:13 2017: Debug: } # policy filter_username = updated (38) Wed Nov 1 21:13:13 2017: Debug: policy filter_password { (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) { (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: } # policy filter_password = updated (38) Wed Nov 1 21:13:13 2017: Debug: [preprocess] = ok (38) Wed Nov 1 21:13:13 2017: Debug: suffix: Checking for suffix after "@" (38) Wed Nov 1 21:13:13 2017: Debug: suffix: No '@' in User-Name = "PFDOMAIN\testme", skipping NULL due to config. (38) Wed Nov 1 21:13:13 2017: Debug: [suffix] = noop (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Checking for prefix before "\" (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Looking up realm "PFDOMAIN" for User-Name = "PFDOMAIN\testme" (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Found realm "pfdomain" (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Adding Stripped-User-Name = "testme" (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Adding Realm = "pfdomain" (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Authentication realm is LOCAL (38) Wed Nov 1 21:13:13 2017: Debug: [ntdomain] = ok (38) Wed Nov 1 21:13:13 2017: Debug: eap: Peer sent EAP Response (code 2) ID 0 length 20 (38) Wed Nov 1 21:13:13 2017: Debug: eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (38) Wed Nov 1 21:13:13 2017: Debug: [eap] = ok (38) Wed Nov 1 21:13:13 2017: Debug: } # authorize = ok (38) Wed Nov 1 21:13:13 2017: Debug: Found Auth-Type = eap (38) Wed Nov 1 21:13:13 2017: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence (38) Wed Nov 1 21:13:13 2017: Debug: authenticate { (38) Wed Nov 1 21:13:13 2017: Debug: eap: Peer sent packet with method EAP Identity (1) (38) Wed Nov 1 21:13:13 2017: Debug: eap: Calling submodule eap_peap to process data (38) Wed Nov 1 21:13:13 2017: Debug: eap_peap: Initiating new EAP-TLS session (38) Wed Nov 1 21:13:13 2017: Debug: eap_peap: [eaptls start] = request (38) Wed Nov 1 21:13:13 2017: Debug: eap: Sending EAP Request (code 1) ID 1 length 6 (38) Wed Nov 1 21:13:13 2017: Debug: eap: EAP session adding &reply:State = 0x3e2077383e216e13 (38) Wed Nov 1 21:13:13 2017: Debug: [eap] = handled (38) Wed Nov 1 21:13:13 2017: Debug: } # authenticate = handled (38) Wed Nov 1 21:13:13 2017: Debug: Using Post-Auth-Type Challenge (38) Wed Nov 1 21:13:13 2017: Debug: Post-Auth-Type sub-section not found. Ignoring. (38) Wed Nov 1 21:13:13 2017: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence (38) Wed Nov 1 21:13:13 2017: Debug: Sent Access-Challenge Id 201 from 192.168.1.5:1812 to 192.168.1.12:42371 length 0 (38) Wed Nov 1 21:13:13 2017: Debug: EAP-Message = 0x010100061920 (38) Wed Nov 1 21:13:13 2017: Debug: Message-Authenticator = 0x00000000000000000000000000000000 (38) Wed Nov 1 21:13:13 2017: Debug: State = 0x3e2077383e216e134e967a956fd013fe (38) Wed Nov 1 21:13:13 2017: Debug: Finished request James Garcellano ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users