What are you trying to achieve there ? Give a bit of context.
Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Oct 16, 2020, at 1:54 PM, rahim damji <[email protected]> wrote: > > Thank U here u go > > root@packetfence ~]# raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000 > (703) Thu Oct 15 10:35:30 2020: Debug: Received Status-Server Id 172 from > 127.0.0.1:56048 to 127.0.0.1:18121 length 50 > (703) Thu Oct 15 10:35:30 2020: Debug: Message-Authenticator = > 0x29f77e107025d985d90537b9c9854276 > (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Statistics-Type = 15 > (703) Thu Oct 15 10:35:30 2020: Debug: # Executing group from file > /usr/local/pf/raddb/sites-enabled/status > (703) Thu Oct 15 10:35:30 2020: Debug: Autz-Type Status-Server { > (703) Thu Oct 15 10:35:30 2020: Debug: [ok] = ok > (703) Thu Oct 15 10:35:30 2020: Debug: } # Autz-Type Status-Server = ok > (703) Thu Oct 15 10:35:30 2020: Debug: Sent Access-Accept Id 172 from > 127.0.0.1:18121 to 127.0.0.1:56048 length 0 > (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Access-Requests = > 707 > (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Access-Accepts = 15 > (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Access-Rejects = 4 > (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Access-Challenges = > 112 > (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Auth-Responses = 131 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Auth-Duplicate-Requests = 3 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Auth-Malformed-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Auth-Invalid-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Auth-Dropped-Requests = 3 > (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Auth-Unknown-Types > = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Accounting-Requests > = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Accounting-Responses = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Acct-Duplicate-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Acct-Malformed-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Acct-Invalid-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Acct-Dropped-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Acct-Unknown-Types > = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Access-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Access-Accepts = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Access-Rejects = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Access-Challenges = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Auth-Responses = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Auth-Duplicate-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Auth-Malformed-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Auth-Invalid-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Auth-Dropped-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Auth-Unknown-Types = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Accounting-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Accounting-Responses = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: > FreeRADIUS-Total-Proxy-Acct-Unknown-Types = 0 > (703) Thu Oct 15 10:35:30 2020: Debug: Finished request > (704) Thu Oct 15 10:35:31 2020: Debug: Received Access-Request Id 3 from > 10.0.0.229:3495 to 10.0.0.234:1812 length 220 > (704) Thu Oct 15 10:35:31 2020: Debug: NAS-Identifier = "damji60E" > (704) Thu Oct 15 10:35:31 2020: Debug: User-Name = "b0:35:b5:b9:fb:aa" > (704) Thu Oct 15 10:35:31 2020: Debug: User-Password = "b0:35:b5:b9:fb:aa" > (704) Thu Oct 15 10:35:31 2020: Debug: NAS-IP-Address = 10.0.0.229 > (704) Thu Oct 15 10:35:31 2020: Debug: NAS-Port-Type = Virtual > (704) Thu Oct 15 10:35:31 2020: Debug: Called-Station-Id = > "08-5B-0E-0E-35-C4:FDTUNNEL" > (704) Thu Oct 15 10:35:31 2020: Debug: Calling-Station-Id = > "B0-35-B5-B9-FB-AA" > (704) Thu Oct 15 10:35:31 2020: Debug: Fortinet-SSID = "FDTUNNEL" > (704) Thu Oct 15 10:35:31 2020: Debug: Fortinet-AP-Name = "FAP11C3X13002176" > (704) Thu Oct 15 10:35:31 2020: Debug: Acct-Session-Id = "5c191ef8" > (704) Thu Oct 15 10:35:31 2020: Debug: Connect-Info = "web-auth" > (704) Thu Oct 15 10:35:31 2020: Debug: Fortinet-Vdom-Name = "root" > (704) Thu Oct 15 10:35:31 2020: Debug: Service-Type = Login-User > (704) Thu Oct 15 10:35:31 2020: Debug: # Executing section authorize from > file /usr/local/pf/raddb/sites-enabled/packetfence > (704) Thu Oct 15 10:35:31 2020: Debug: authorize { > (704) Thu Oct 15 10:35:31 2020: Debug: update { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{Packet-Src-IP-Address} > (704) Thu Oct 15 10:35:31 2020: Debug: --> 10.0.0.229 > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{Packet-Dst-IP-Address} > (704) Thu Oct 15 10:35:31 2020: Debug: --> 10.0.0.234 > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %l > (704) Thu Oct 15 10:35:31 2020: Debug: --> 1602772531 > (704) Thu Oct 15 10:35:31 2020: Debug: } # update = noop > (704) Thu Oct 15 10:35:31 2020: Debug: policy > packetfence-set-realm-if-machine { > (704) Thu Oct 15 10:35:31 2020: Debug: if (User-Name =~ > /host\/([a-z0-9_-]*)[\.](.*)/i) { > (704) Thu Oct 15 10:35:31 2020: Debug: if (User-Name =~ > /host\/([a-z0-9_-]*)[\.](.*)/i) -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: } # policy > packetfence-set-realm-if-machine = noop > (704) Thu Oct 15 10:35:31 2020: Debug: policy > packetfence-balanced-key-policy { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&PacketFence-KeyBalanced && > (&PacketFence-KeyBalanced =~ /^(.*)(.)$/i)) { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&PacketFence-KeyBalanced && > (&PacketFence-KeyBalanced =~ /^(.*)(.)$/i)) -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: else { > (704) Thu Oct 15 10:35:31 2020: Debug: update { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND > %{md5:%{Calling-Station-Id}%{User-Name}} > (704) Thu Oct 15 10:35:31 2020: Debug: --> > dc41feae55319aa1564020b73056c100 > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND > %{md5:%{Calling-Station-Id}%{User-Name}} > (704) Thu Oct 15 10:35:31 2020: Debug: --> > dc41feae55319aa1564020b73056c100 > (704) Thu Oct 15 10:35:31 2020: Debug: } # update = noop > (704) Thu Oct 15 10:35:31 2020: Debug: } # else = noop > (704) Thu Oct 15 10:35:31 2020: Debug: } # policy > packetfence-balanced-key-policy = noop > (704) Thu Oct 15 10:35:31 2020: Debug: policy packetfence-set-tenant-id { > (704) Thu Oct 15 10:35:31 2020: Debug: if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0"){ > (704) Thu Oct 15 10:35:31 2020: Debug: if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0") -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND > %{%{control:PacketFence-Tenant-Id}:-0} > (704) Thu Oct 15 10:35:31 2020: Debug: --> 0 > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { > (704) Thu Oct 15 10:35:31 2020: Debug: update control { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{User-Name} > (704) Thu Oct 15 10:35:31 2020: Debug: --> b0:35:b5:b9:fb:aa > (704) Thu Oct 15 10:35:31 2020: Debug: SQL-User-Name set to > 'b0:35:b5:b9:fb:aa' > (704) Thu Oct 15 10:35:31 2020: Debug: Executing select query: > SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = > '10.0.0.229'), 0) > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{sql: SELECT > IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = > '%{NAS-IP-Address}'), 0)} > (704) Thu Oct 15 10:35:31 2020: Debug: --> 0 > (704) Thu Oct 15 10:35:31 2020: Debug: } # update control = noop > (704) Thu Oct 15 10:35:31 2020: Debug: } # if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > &control:PacketFence-Tenant-Id == 0 ) { > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > &control:PacketFence-Tenant-Id == 0 ) -> TRUE > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > &control:PacketFence-Tenant-Id == 0 ) { > (704) Thu Oct 15 10:35:31 2020: Debug: update control { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{User-Name} > (704) Thu Oct 15 10:35:31 2020: Debug: --> b0:35:b5:b9:fb:aa > (704) Thu Oct 15 10:35:31 2020: Debug: SQL-User-Name set to > 'b0:35:b5:b9:fb:aa' > (704) Thu Oct 15 10:35:31 2020: Debug: Executing select query: > SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= > INET_ATON('10.0.0.229') and INET_ATON('10.0.0.229') <= end_ip order by > range_length limit 1), 1) > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{sql: SELECT > IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= > INET_ATON('%{NAS-IP-Address}') and INET_ATON('%{NAS-IP-Address}') <= end_ip > order by range_length limit 1), 1)}(704) Thu Oct 15 10:35:31 2020: Debug: > --> 1 > (704) Thu Oct 15 10:35:31 2020: Debug: } # update control = noop > (704) Thu Oct 15 10:35:31 2020: Debug: } # if ( > &control:PacketFence-Tenant-Id == 0 ) = noop > (704) Thu Oct 15 10:35:31 2020: Debug: } # policy > packetfence-set-tenant-id = noop > (704) Thu Oct 15 10:35:31 2020: Debug: policy rewrite_calling_station_id { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&Calling-Station-Id && > (&Calling-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) > { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&Calling-Station-Id && > (&Calling-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) > -> TRUE(704) Thu Oct 15 10:35:31 2020: Debug: if (&Calling-Station-Id > && (&Calling-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) > { > (704) Thu Oct 15 10:35:31 2020: Debug: update request { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND > %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} > (704) Thu Oct 15 10:35:31 2020: Debug: --> b0:35:b5:b9:fb:aa > (704) Thu Oct 15 10:35:31 2020: Debug: } # update request = noop > (704) Thu Oct 15 10:35:31 2020: Debug: [updated] = updated > (704) Thu Oct 15 10:35:31 2020: Debug: } # if (&Calling-Station-Id && > (&Calling-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) > = updated > (704) Thu Oct 15 10:35:31 2020: Debug: ... skipping else: Preceding > "if" was taken > (704) Thu Oct 15 10:35:31 2020: Debug: } # policy > rewrite_calling_station_id = updated > (704) Thu Oct 15 10:35:31 2020: Debug: policy rewrite_called_station_id { > (704) Thu Oct 15 10:35:31 2020: Debug: if ((&Called-Station-Id) && > (&Called-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) > { > (704) Thu Oct 15 10:35:31 2020: Debug: if ((&Called-Station-Id) && > (&Called-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) > -> TRUE > (704) Thu Oct 15 10:35:31 2020: Debug: if ((&Called-Station-Id) && > (&Called-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) > { > (704) Thu Oct 15 10:35:31 2020: Debug: update request { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND > %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} > (704) Thu Oct 15 10:35:31 2020: Debug: --> 08:5b:0e:0e:35:c4 > (704) Thu Oct 15 10:35:31 2020: Debug: } # update request = noop > (704) Thu Oct 15 10:35:31 2020: Debug: if ("%{8}") { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{8} > (704) Thu Oct 15 10:35:31 2020: Debug: --> FDTUNNEL > (704) Thu Oct 15 10:35:31 2020: Debug: if ("%{8}") -> TRUE > (704) Thu Oct 15 10:35:31 2020: Debug: if ("%{8}") { > (704) Thu Oct 15 10:35:31 2020: Debug: update request { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND > %{Called-Station-Id}:%{8} > (704) Thu Oct 15 10:35:31 2020: Debug: --> > 08:5b:0e:0e:35:c4:FDTUNNEL > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{8} > (704) Thu Oct 15 10:35:31 2020: Debug: --> FDTUNNEL > (704) Thu Oct 15 10:35:31 2020: Debug: } # update request = noop > (704) Thu Oct 15 10:35:31 2020: Debug: } # if ("%{8}") = noop > (704) Thu Oct 15 10:35:31 2020: Debug: ... skipping elsif: Preceding > "if" was taken > (704) Thu Oct 15 10:35:31 2020: Debug: ... skipping elsif: Preceding > "if" was taken > (704) Thu Oct 15 10:35:31 2020: Debug: ... skipping elsif: Preceding > "if" was taken > (704) Thu Oct 15 10:35:31 2020: Debug: [updated] = updated > (704) Thu Oct 15 10:35:31 2020: Debug: } # if ((&Called-Station-Id) && > (&Called-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) > = updated > (704) Thu Oct 15 10:35:31 2020: Debug: ... skipping else: Preceding > "if" was taken > (704) Thu Oct 15 10:35:31 2020: Debug: } # policy > rewrite_called_station_id = updated > (704) Thu Oct 15 10:35:31 2020: Debug: if ( "%{client:shortname}" =~ > /eduroam_tlrs/ ) { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{client:shortname} > (704) Thu Oct 15 10:35:31 2020: Debug: --> 10.0.0.229/32 > (704) Thu Oct 15 10:35:31 2020: Debug: if ( "%{client:shortname}" =~ > /eduroam_tlrs/ ) -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: policy filter_username { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name) { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name) -> TRUE > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name) { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ / /) { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ / /) -> > FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /@[^@]*@/ ) { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /@[^@]*@/ ) > -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /\.\./ ) { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /\.\./ ) -> > FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: if ((&User-Name =~ /@/) && > (&User-Name !~ /@(.+)\.(.+)$/)) { > (704) Thu Oct 15 10:35:31 2020: Debug: if ((&User-Name =~ /@/) && > (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /\.$/) { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /\.$/) -> > FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /@\./) { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /@\./) -> > FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: } # if (&User-Name) = updated > (704) Thu Oct 15 10:35:31 2020: Debug: } # policy filter_username = > updated > (704) Thu Oct 15 10:35:31 2020: Debug: policy filter_password { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Password && > (&User-Password != "%{string:User-Password}")) { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{string:User-Password} > (704) Thu Oct 15 10:35:31 2020: Debug: --> b0:35:b5:b9:fb:aa > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Password && > (&User-Password != "%{string:User-Password}")) -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: } # policy filter_password = > updated > (704) Thu Oct 15 10:35:31 2020: Debug: [preprocess] = ok > (704) Thu Oct 15 10:35:31 2020: Debug: [mschap] = noop > (704) Thu Oct 15 10:35:31 2020: Debug: suffix: Checking for suffix after "@" > (704) Thu Oct 15 10:35:31 2020: Debug: suffix: No '@' in User-Name = > "b0:35:b5:b9:fb:aa", skipping NULL due to config. > (704) Thu Oct 15 10:35:31 2020: Debug: [suffix] = noop > (704) Thu Oct 15 10:35:31 2020: Debug: ntdomain: Checking for prefix before > "\" > (704) Thu Oct 15 10:35:31 2020: Debug: ntdomain: No '\' in User-Name = > "b0:35:b5:b9:fb:aa", looking up realm NULL > (704) Thu Oct 15 10:35:31 2020: Debug: ntdomain: Found realm "null" > (704) Thu Oct 15 10:35:31 2020: Debug: ntdomain: Adding Stripped-User-Name = > "b0:35:b5:b9:fb:aa" > (704) Thu Oct 15 10:35:31 2020: Debug: ntdomain: Adding Realm = "null" > (704) Thu Oct 15 10:35:31 2020: Debug: ntdomain: Authentication realm is LOCAL > (704) Thu Oct 15 10:35:31 2020: Debug: [ntdomain] = ok > (704) Thu Oct 15 10:35:31 2020: Debug: eap: No EAP-Message, not doing EAP > (704) Thu Oct 15 10:35:31 2020: Debug: [eap] = noop > (704) Thu Oct 15 10:35:31 2020: Debug: if ( !EAP-Message && > "%{%{Control:Auth-type}:-No-MS_CHAP}" != "MS-CHAP") { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND > %{%{Control:Auth-type}:-No-MS_CHAP} > (704) Thu Oct 15 10:35:31 2020: Debug: --> No-MS_CHAP > (704) Thu Oct 15 10:35:31 2020: Debug: if ( !EAP-Message && > "%{%{Control:Auth-type}:-No-MS_CHAP}" != "MS-CHAP") -> TRUE > (704) Thu Oct 15 10:35:31 2020: Debug: if ( !EAP-Message && > "%{%{Control:Auth-type}:-No-MS_CHAP}" != "MS-CHAP") { > (704) Thu Oct 15 10:35:31 2020: Debug: update { > (704) Thu Oct 15 10:35:31 2020: Debug: } # update = noop > (704) Thu Oct 15 10:35:31 2020: Debug: } # if ( !EAP-Message && > "%{%{Control:Auth-type}:-No-MS_CHAP}" != "MS-CHAP") = noop > (704) Thu Oct 15 10:35:31 2020: Debug: if (Control:Auth-type == > "MS-CHAP") { > (704) Thu Oct 15 10:35:31 2020: Debug: if (Control:Auth-type == > "MS-CHAP") -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: policy packetfence-eap-mac-policy { > (704) Thu Oct 15 10:35:31 2020: Debug: if ( &EAP-Type ) { > (704) Thu Oct 15 10:35:31 2020: Debug: if ( &EAP-Type ) -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: [noop] = noop > (704) Thu Oct 15 10:35:31 2020: Debug: } # policy > packetfence-eap-mac-policy = noop > (704) Thu Oct 15 10:35:31 2020: WARNING: pap: > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > (704) Thu Oct 15 10:35:31 2020: WARNING: pap: !!! Ignoring > control:User-Password. Update your !!! > (704) Thu Oct 15 10:35:31 2020: WARNING: pap: !!! configuration so that the > "known good" clear text !!! > (704) Thu Oct 15 10:35:31 2020: WARNING: pap: !!! password is in > Cleartext-Password and NOT in !!! > (704) Thu Oct 15 10:35:31 2020: WARNING: pap: !!! User-Password. > !!! > (704) Thu Oct 15 10:35:31 2020: WARNING: pap: > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > (704) Thu Oct 15 10:35:31 2020: WARNING: pap: Auth-Type already set. Not > setting to PAP > (704) Thu Oct 15 10:35:31 2020: Debug: [pap] = noop > (704) Thu Oct 15 10:35:31 2020: Debug: } # authorize = updated > (704) Thu Oct 15 10:35:31 2020: Debug: Found Auth-Type = Accept > (704) Thu Oct 15 10:35:31 2020: Debug: Auth-Type = Accept, accepting the user > (704) Thu Oct 15 10:35:31 2020: Debug: # Executing section post-auth from > file /usr/local/pf/raddb/sites-enabled/packetfence > (704) Thu Oct 15 10:35:31 2020: Debug: post-auth { > (704) Thu Oct 15 10:35:31 2020: Debug: update { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{Packet-Src-IP-Address} > (704) Thu Oct 15 10:35:31 2020: Debug: --> 10.0.0.229 > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{Packet-Dst-IP-Address} > (704) Thu Oct 15 10:35:31 2020: Debug: --> 10.0.0.234 > (704) Thu Oct 15 10:35:31 2020: Debug: } # update = noop > (704) Thu Oct 15 10:35:31 2020: Debug: policy packetfence-set-tenant-id { > (704) Thu Oct 15 10:35:31 2020: Debug: if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0"){ > (704) Thu Oct 15 10:35:31 2020: Debug: if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0") -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND > %{%{control:PacketFence-Tenant-Id}:-0} > (704) Thu Oct 15 10:35:31 2020: Debug: --> 1 > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > &control:PacketFence-Tenant-Id == 0 ) { > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > &control:PacketFence-Tenant-Id == 0 ) -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: } # policy > packetfence-set-tenant-id = noop > (704) Thu Oct 15 10:35:31 2020: Debug: if > ("%{%{control:PacketFence-Proxied-From}:-False}" == "True") { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND > %{%{control:PacketFence-Proxied-From}:-False} > (704) Thu Oct 15 10:35:31 2020: Debug: --> False > (704) Thu Oct 15 10:35:31 2020: Debug: if > ("%{%{control:PacketFence-Proxied-From}:-False}" == "True") -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: if (! EAP-Type || (EAP-Type != > TTLS && EAP-Type != PEAP) ) { > (704) Thu Oct 15 10:35:31 2020: Debug: if (! EAP-Type || (EAP-Type != > TTLS && EAP-Type != PEAP) ) -> TRUE > (704) Thu Oct 15 10:35:31 2020: Debug: if (! EAP-Type || (EAP-Type != > TTLS && EAP-Type != PEAP) ) { > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Expanding URI components > (704) Thu Oct 15 10:35:31 2020: Debug: rest: EXPAND http://127.0.0.1:7070 > (704) Thu Oct 15 10:35:31 2020: Debug: rest: --> http://127.0.0.1:7070 > (704) Thu Oct 15 10:35:31 2020: Debug: rest: EXPAND //radius/rest/authorize > (704) Thu Oct 15 10:35:31 2020: Debug: rest: --> //radius/rest/authorize > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Sending HTTP POST to > "http://127.0.0.1:7070//radius/rest/authorize"; > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute "User-Name" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "User-Password" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "NAS-IP-Address" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute "Service-Type" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "Called-Station-Id" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "Calling-Station-Id" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "NAS-Identifier" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "NAS-Port-Type" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "Acct-Session-Id" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "Event-Timestamp" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute "Connect-Info" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "Fortinet-Vdom-Name" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "Fortinet-SSID" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "Fortinet-AP-Name" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "Stripped-User-Name" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute "Realm" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "SQL-User-Name" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "FreeRADIUS-Client-IP-Address" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "Called-Station-SSID" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "PacketFence-KeyBalanced" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute > "PacketFence-Radius-Ip" > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Processing response header > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Status : 100 (Continue) > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Continuing... > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Processing response header > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Status : 401 (Unauthorized) > (704) Thu Oct 15 10:35:31 2020: Debug: rest: Type : json > (application/json) > (704) Thu Oct 15 10:35:31 2020: ERROR: rest: Server returned: > (704) Thu Oct 15 10:35:31 2020: ERROR: rest: {"Reply-Message":"Network device > does not support this mode of > operation","control:PacketFence-Eap-Type":0,"control:PacketFence-Authorization-Status":"allow","control:PacketFence-Mac":"b0:35:b5:b9:fb:aa","control:PacketFence-Request-Time":1602772531,"control:PacketFence-Switch-Ip-Address":"10.0.0.229","control:PacketFence-IfIndex":"external","control:PacketFence-UserName":"b0:35:b5:b9:fb:aa","control:PacketFence-Connection-Type":"CLI-Access","control:PacketFence-Switch-Id":"10.0.0.229","control:PacketFence-Switch-Mac":"08:5b:0e:0e:35:c4"} > (704) Thu Oct 15 10:35:31 2020: Debug: [rest] = invalid > (704) Thu Oct 15 10:35:31 2020: Debug: } # if (! EAP-Type || (EAP-Type != > TTLS && EAP-Type != PEAP) ) = invalid > (704) Thu Oct 15 10:35:31 2020: Debug: } # post-auth = invalid > (704) Thu Oct 15 10:35:31 2020: Debug: Using Post-Auth-Type Reject > (704) Thu Oct 15 10:35:31 2020: Debug: # Executing group from file > /usr/local/pf/raddb/sites-enabled/packetfence > (704) Thu Oct 15 10:35:31 2020: Debug: Post-Auth-Type REJECT { > (704) Thu Oct 15 10:35:31 2020: Debug: policy packetfence-set-tenant-id { > (704) Thu Oct 15 10:35:31 2020: Debug: if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0"){ > (704) Thu Oct 15 10:35:31 2020: Debug: if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0") -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND > %{%{control:PacketFence-Tenant-Id}:-0} > (704) Thu Oct 15 10:35:31 2020: Debug: --> 1 > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > &control:PacketFence-Tenant-Id == 0 ) { > (704) Thu Oct 15 10:35:31 2020: Debug: if ( > &control:PacketFence-Tenant-Id == 0 ) -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: } # policy > packetfence-set-tenant-id = noop > (704) Thu Oct 15 10:35:31 2020: Debug: update { > (704) Thu Oct 15 10:35:31 2020: Debug: } # update = noop > (704) Thu Oct 15 10:35:31 2020: Debug: if (! EAP-Type || (EAP-Type != > TTLS && EAP-Type != PEAP) ) { > (704) Thu Oct 15 10:35:31 2020: Debug: if (! EAP-Type || (EAP-Type != > TTLS && EAP-Type != PEAP) ) -> TRUE > (704) Thu Oct 15 10:35:31 2020: Debug: if (! EAP-Type || (EAP-Type != > TTLS && EAP-Type != PEAP) ) { > (704) Thu Oct 15 10:35:31 2020: Debug: policy > packetfence-audit-log-reject { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name && (&User-Name > == "dummy")) { > (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name && (&User-Name > == "dummy")) -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: else { > (704) Thu Oct 15 10:35:31 2020: Debug: policy request-timing { > (704) Thu Oct 15 10:35:31 2020: Debug: if > ("%{%{control:PacketFence-Request-Time}:-0}" != 0) { > (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND > %{%{control:PacketFence-Request-Time}:-0} > (704) Thu Oct 15 10:35:31 2020: Debug: --> 0 > (704) Thu Oct 15 10:35:31 2020: Debug: if > ("%{%{control:PacketFence-Request-Time}:-0}" != 0) -> FALSE > (704) Thu Oct 15 10:35:31 2020: Debug: } # policy request-timing = > noop > (704) Thu Oct 15 10:35:31 2020: Debug: sql_reject: EXPAND type.reject.query > (704) Thu Oct 15 10:35:31 2020: Debug: sql_reject: --> type.reject.query > (704) Thu Oct 15 10:35:31 2020: Debug: sql_reject: Using query template > 'query' > (704) Thu Oct 15 10:35:31 2020: Debug: sql_reject: EXPAND %{User-Name} > (704) Thu Oct 15 10:35:31 2020: Debug: sql_reject: --> b0:35:b5:b9:fb:aa > (704) Thu Oct 15 10:35:31 2020: Debug: sql_reject: SQL-User-Name set to > 'b0:35:b5:b9:fb:aa' > > > On Friday, October 16, 2020, 01:43:44 PM EDT, Ludovic Zammit > <[email protected]> wrote: > > > Hello, > > Yes please, could you send the output of the command: > > raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600 | tee raddebug.log > > Thanks, > > Ludovic Zammit > [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: > www.inverse.ca <http://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > >> On Oct 15, 2020, at 11:23 AM, rahim damji via PacketFence-users >> <[email protected] >> <mailto:[email protected]>> wrote: >> >> I can post my debug if needed >> >> Thanks >> >> Rahim >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
