Re: [PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support

Wed, 01 Nov 2017 14:44:43 -0700 

It looks like the other test still showed the NAS IP as 192.168.1.5.

I rebooted the switch and did another test.

Here is the raddebug from that...

(38) Wed Nov  1 21:13:13 2017: Debug: Received Access-Request Id 201 from 
192.168.1.12:42371 to 192.168.1.5:1812 length 158
(38) Wed Nov  1 21:13:13 2017: Debug:   User-Name = "PFDOMAIN\\testme"
(38) Wed Nov  1 21:13:13 2017: Debug:   Called-Station-Id = "b0-b9-8a-46-3d-0e"
(38) Wed Nov  1 21:13:13 2017: Debug:   Calling-Station-Id = "00:21:70:d8:ac:45"
(38) Wed Nov  1 21:13:13 2017: Debug:   NAS-Identifier = "b0-b9-8a-46-3d-0c"
(38) Wed Nov  1 21:13:13 2017: Debug:   NAS-IP-Address = 192.168.1.12
(38) Wed Nov  1 21:13:13 2017: Debug:   NAS-Port = 1
(38) Wed Nov  1 21:13:13 2017: Debug:   Framed-MTU = 1500
(38) Wed Nov  1 21:13:13 2017: Debug:   NAS-Port-Type = Ethernet
(38) Wed Nov  1 21:13:13 2017: Debug:   EAP-Message = 
0x02000014015046444f4d41494e5c746573746d65
(38) Wed Nov  1 21:13:13 2017: Debug:   Message-Authenticator = 
0x935d535299b823f31e7748c9271d6225
(38) Wed Nov  1 21:13:13 2017: Debug: # Executing section authorize from file 
/usr/local/pf/raddb/sites-enabled/packetfence
(38) Wed Nov  1 21:13:13 2017: Debug:   authorize {
(38) Wed Nov  1 21:13:13 2017: Debug:     update {
(38) Wed Nov  1 21:13:13 2017: Debug:       EXPAND %{Packet-Src-IP-Address}
(38) Wed Nov  1 21:13:13 2017: Debug:          --> 192.168.1.12
(38) Wed Nov  1 21:13:13 2017: Debug:       EXPAND %l
(38) Wed Nov  1 21:13:13 2017: Debug:          --> 1509570793
(38) Wed Nov  1 21:13:13 2017: Debug:     } # update = noop
(38) Wed Nov  1 21:13:13 2017: Debug:     policy rewrite_calling_station_id {
(38) Wed Nov  1 21:13:13 2017: Debug:       if (&Calling-Station-Id && 
(&Calling-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
 {
(38) Wed Nov  1 21:13:13 2017: Debug:       if (&Calling-Station-Id && 
(&Calling-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
  -> TRUE
(38) Wed Nov  1 21:13:13 2017: Debug:       if (&Calling-Station-Id && 
(&Calling-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
  {
(38) Wed Nov  1 21:13:13 2017: Debug:         update request {
(38) Wed Nov  1 21:13:13 2017: Debug:           EXPAND 
%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
(38) Wed Nov  1 21:13:13 2017: Debug:              --> 00:21:70:d8:ac:45
(38) Wed Nov  1 21:13:13 2017: Debug:         } # update request = noop
(38) Wed Nov  1 21:13:13 2017: Debug:         [updated] = updated
(38) Wed Nov  1 21:13:13 2017: Debug:       } # if (&Calling-Station-Id && 
(&Calling-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
  = updated
(38) Wed Nov  1 21:13:13 2017: Debug:       ... skipping else: Preceding "if" 
was taken
(38) Wed Nov  1 21:13:13 2017: Debug:     } # policy rewrite_calling_station_id 
= updated
(38) Wed Nov  1 21:13:13 2017: Debug:     policy rewrite_called_station_id {
(38) Wed Nov  1 21:13:13 2017: Debug:       if ((&Called-Station-Id) && 
(&Called-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
 {
(38) Wed Nov  1 21:13:13 2017: Debug:       if ((&Called-Station-Id) && 
(&Called-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
  -> TRUE
(38) Wed Nov  1 21:13:13 2017: Debug:       if ((&Called-Station-Id) && 
(&Called-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
  {
(38) Wed Nov  1 21:13:13 2017: Debug:         update request {
(38) Wed Nov  1 21:13:13 2017: Debug:           EXPAND 
%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
(38) Wed Nov  1 21:13:13 2017: Debug:              --> b0:b9:8a:46:3d:0e
(38) Wed Nov  1 21:13:13 2017: Debug:         } # update request = noop
(38) Wed Nov  1 21:13:13 2017: Debug:         if ("%{8}") {
(38) Wed Nov  1 21:13:13 2017: Debug:         EXPAND %{8}
(38) Wed Nov  1 21:13:13 2017: Debug:            -->
(38) Wed Nov  1 21:13:13 2017: Debug:         if ("%{8}")  -> FALSE
(38) Wed Nov  1 21:13:13 2017: Debug:         elsif ( (Colubris-AVPair) && 
"%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
(38) Wed Nov  1 21:13:13 2017: Debug:         elsif ( (Colubris-AVPair) && 
"%{Colubris-AVPair}" =~ /^ssid=(.*)$/i)  -> FALSE
(38) Wed Nov  1 21:13:13 2017: Debug:         elsif (Aruba-Essid-Name) {
(38) Wed Nov  1 21:13:13 2017: Debug:         elsif (Aruba-Essid-Name)  -> FALSE
(38) Wed Nov  1 21:13:13 2017: Debug:         elsif ( (Cisco-AVPair)  && 
"%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
(38) Wed Nov  1 21:13:13 2017: Debug:         elsif ( (Cisco-AVPair)  && 
"%{Cisco-AVPair}" =~ /^ssid=(.*)$/i)  -> FALSE
(38) Wed Nov  1 21:13:13 2017: Debug:         [updated] = updated
(38) Wed Nov  1 21:13:13 2017: Debug:       } # if ((&Called-Station-Id) && 
(&Called-Station-Id =~ 
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
  = updated
(38) Wed Nov  1 21:13:13 2017: Debug:       ... skipping else: Preceding "if" 
was taken
(38) Wed Nov  1 21:13:13 2017: Debug:     } # policy rewrite_called_station_id 
= updated
(38) Wed Nov  1 21:13:13 2017: Debug:     policy filter_username {
(38) Wed Nov  1 21:13:13 2017: Debug:       if (&User-Name) {
(38) Wed Nov  1 21:13:13 2017: Debug:       if (&User-Name)  -> TRUE
(38) Wed Nov  1 21:13:13 2017: Debug:       if (&User-Name)  {
(38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ / /) {
(38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ / /)  -> FALSE
(38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /@[^@]*@/ ) {
(38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /@[^@]*@/ )  -> 
FALSE
(38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /\.\./ ) {
(38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /\.\./ )  -> 
FALSE
(38) Wed Nov  1 21:13:13 2017: Debug:         if ((&User-Name =~ /@/) && 
(&User-Name !~ /@(.+)\.(.+)$/))  {
(38) Wed Nov  1 21:13:13 2017: Debug:         if ((&User-Name =~ /@/) && 
(&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /\.$/)  {
(38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /\.$/)   -> 
FALSE
(38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /@\./)  {
(38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /@\./)   -> 
FALSE
(38) Wed Nov  1 21:13:13 2017: Debug:       } # if (&User-Name)  = updated
(38) Wed Nov  1 21:13:13 2017: Debug:     } # policy filter_username = updated
(38) Wed Nov  1 21:13:13 2017: Debug:     policy filter_password {
(38) Wed Nov  1 21:13:13 2017: Debug:       if (&User-Password &&          
(&User-Password != "%{string:User-Password}")) {
(38) Wed Nov  1 21:13:13 2017: Debug:       if (&User-Password &&          
(&User-Password != "%{string:User-Password}"))  -> FALSE
(38) Wed Nov  1 21:13:13 2017: Debug:     } # policy filter_password = updated
(38) Wed Nov  1 21:13:13 2017: Debug:     [preprocess] = ok
(38) Wed Nov  1 21:13:13 2017: Debug: suffix: Checking for suffix after "@"
(38) Wed Nov  1 21:13:13 2017: Debug: suffix: No '@' in User-Name = 
"PFDOMAIN\testme", skipping NULL due to config.
(38) Wed Nov  1 21:13:13 2017: Debug:     [suffix] = noop
(38) Wed Nov  1 21:13:13 2017: Debug: ntdomain: Checking for prefix before "\"
(38) Wed Nov  1 21:13:13 2017: Debug: ntdomain: Looking up realm "PFDOMAIN" for 
User-Name = "PFDOMAIN\testme"
(38) Wed Nov  1 21:13:13 2017: Debug: ntdomain: Found realm "pfdomain"
(38) Wed Nov  1 21:13:13 2017: Debug: ntdomain: Adding Stripped-User-Name = 
"testme"
(38) Wed Nov  1 21:13:13 2017: Debug: ntdomain: Adding Realm = "pfdomain"
(38) Wed Nov  1 21:13:13 2017: Debug: ntdomain: Authentication realm is LOCAL
(38) Wed Nov  1 21:13:13 2017: Debug:     [ntdomain] = ok
(38) Wed Nov  1 21:13:13 2017: Debug: eap: Peer sent EAP Response (code 2) ID 0 
length 20
(38) Wed Nov  1 21:13:13 2017: Debug: eap: EAP-Identity reply, returning 'ok' 
so we can short-circuit the rest of authorize
(38) Wed Nov  1 21:13:13 2017: Debug:     [eap] = ok
(38) Wed Nov  1 21:13:13 2017: Debug:   } # authorize = ok
(38) Wed Nov  1 21:13:13 2017: Debug: Found Auth-Type = eap
(38) Wed Nov  1 21:13:13 2017: Debug: # Executing group from file 
/usr/local/pf/raddb/sites-enabled/packetfence
(38) Wed Nov  1 21:13:13 2017: Debug:   authenticate {
(38) Wed Nov  1 21:13:13 2017: Debug: eap: Peer sent packet with method EAP 
Identity (1)
(38) Wed Nov  1 21:13:13 2017: Debug: eap: Calling submodule eap_peap to 
process data
(38) Wed Nov  1 21:13:13 2017: Debug: eap_peap: Initiating new EAP-TLS session
(38) Wed Nov  1 21:13:13 2017: Debug: eap_peap: [eaptls start] = request
(38) Wed Nov  1 21:13:13 2017: Debug: eap: Sending EAP Request (code 1) ID 1 
length 6
(38) Wed Nov  1 21:13:13 2017: Debug: eap: EAP session adding &reply:State = 
0x3e2077383e216e13
(38) Wed Nov  1 21:13:13 2017: Debug:     [eap] = handled
(38) Wed Nov  1 21:13:13 2017: Debug:   } # authenticate = handled
(38) Wed Nov  1 21:13:13 2017: Debug: Using Post-Auth-Type Challenge
(38) Wed Nov  1 21:13:13 2017: Debug: Post-Auth-Type sub-section not found.  
Ignoring.
(38) Wed Nov  1 21:13:13 2017: Debug: # Executing group from file 
/usr/local/pf/raddb/sites-enabled/packetfence
(38) Wed Nov  1 21:13:13 2017: Debug: Sent Access-Challenge Id 201 from 
192.168.1.5:1812 to 192.168.1.12:42371 length 0
(38) Wed Nov  1 21:13:13 2017: Debug:   EAP-Message = 0x010100061920
(38) Wed Nov  1 21:13:13 2017: Debug:   Message-Authenticator = 
0x00000000000000000000000000000000
(38) Wed Nov  1 21:13:13 2017: Debug:   State = 
0x3e2077383e216e134e967a956fd013fe
(38) Wed Nov  1 21:13:13 2017: Debug: Finished request

James Garcellano


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to