On your first screenshot, the Fortinet::Fortigate redirection, where did you set that?
Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Oct 16, 2020, at 2:15 PM, rahim damji <[email protected]> wrote: > > Captive portal from fortinet wireless access point. > > The portal launches no issues there I hit submit then I get the error. > > I have attached the screen caps from my phone > > Thx > > Rahim > > > > On Friday, October 16, 2020, 01:57:56 PM EDT, Ludovic Zammit > <[email protected]> wrote: > > > What are you trying to achieve there ? > > Give a bit of context. > > Thanks, > > Ludovic Zammit > [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: > www.inverse.ca <http://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > >> On Oct 16, 2020, at 1:54 PM, rahim damji <[email protected] >> <mailto:[email protected]>> wrote: >> >> Thank U here u go >> >> root@packetfence ~]# raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000 >> (703) Thu Oct 15 10:35:30 2020: Debug: Received Status-Server Id 172 from >> 127.0.0.1:56048 to 127.0.0.1:18121 length 50 >> (703) Thu Oct 15 10:35:30 2020: Debug: Message-Authenticator = >> 0x29f77e107025d985d90537b9c9854276 >> (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Statistics-Type = 15 >> (703) Thu Oct 15 10:35:30 2020: Debug: # Executing group from file >> /usr/local/pf/raddb/sites-enabled/status >> (703) Thu Oct 15 10:35:30 2020: Debug: Autz-Type Status-Server { >> (703) Thu Oct 15 10:35:30 2020: Debug: [ok] = ok >> (703) Thu Oct 15 10:35:30 2020: Debug: } # Autz-Type Status-Server = ok >> (703) Thu Oct 15 10:35:30 2020: Debug: Sent Access-Accept Id 172 from >> 127.0.0.1:18121 to 127.0.0.1:56048 length 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Access-Requests = >> 707 >> (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Access-Accepts = 15 >> (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Access-Rejects = 4 >> (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Access-Challenges >> = 112 >> (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Auth-Responses = >> 131 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Auth-Duplicate-Requests = 3 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Auth-Malformed-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Auth-Invalid-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Auth-Dropped-Requests = 3 >> (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Auth-Unknown-Types >> = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Accounting-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Accounting-Responses = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Acct-Duplicate-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Acct-Malformed-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Acct-Invalid-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Acct-Dropped-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: FreeRADIUS-Total-Acct-Unknown-Types >> = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Access-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Access-Accepts = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Access-Rejects = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Access-Challenges = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Auth-Responses = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Auth-Duplicate-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Auth-Malformed-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Auth-Invalid-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Auth-Dropped-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Auth-Unknown-Types = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Accounting-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Accounting-Responses = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: >> FreeRADIUS-Total-Proxy-Acct-Unknown-Types = 0 >> (703) Thu Oct 15 10:35:30 2020: Debug: Finished request >> (704) Thu Oct 15 10:35:31 2020: Debug: Received Access-Request Id 3 from >> 10.0.0.229:3495 to 10.0.0.234:1812 length 220 >> (704) Thu Oct 15 10:35:31 2020: Debug: NAS-Identifier = "damji60E" >> (704) Thu Oct 15 10:35:31 2020: Debug: User-Name = "b0:35:b5:b9:fb:aa" >> (704) Thu Oct 15 10:35:31 2020: Debug: User-Password = "b0:35:b5:b9:fb:aa" >> (704) Thu Oct 15 10:35:31 2020: Debug: NAS-IP-Address = 10.0.0.229 >> (704) Thu Oct 15 10:35:31 2020: Debug: NAS-Port-Type = Virtual >> (704) Thu Oct 15 10:35:31 2020: Debug: Called-Station-Id = >> "08-5B-0E-0E-35-C4:FDTUNNEL" >> (704) Thu Oct 15 10:35:31 2020: Debug: Calling-Station-Id = >> "B0-35-B5-B9-FB-AA" >> (704) Thu Oct 15 10:35:31 2020: Debug: Fortinet-SSID = "FDTUNNEL" >> (704) Thu Oct 15 10:35:31 2020: Debug: Fortinet-AP-Name = >> "FAP11C3X13002176" >> (704) Thu Oct 15 10:35:31 2020: Debug: Acct-Session-Id = "5c191ef8" >> (704) Thu Oct 15 10:35:31 2020: Debug: Connect-Info = "web-auth" >> (704) Thu Oct 15 10:35:31 2020: Debug: Fortinet-Vdom-Name = "root" >> (704) Thu Oct 15 10:35:31 2020: Debug: Service-Type = Login-User >> (704) Thu Oct 15 10:35:31 2020: Debug: # Executing section authorize from >> file /usr/local/pf/raddb/sites-enabled/packetfence >> (704) Thu Oct 15 10:35:31 2020: Debug: authorize { >> (704) Thu Oct 15 10:35:31 2020: Debug: update { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{Packet-Src-IP-Address} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> 10.0.0.229 >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{Packet-Dst-IP-Address} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> 10.0.0.234 >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %l >> (704) Thu Oct 15 10:35:31 2020: Debug: --> 1602772531 >> (704) Thu Oct 15 10:35:31 2020: Debug: } # update = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: policy >> packetfence-set-realm-if-machine { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (User-Name =~ >> /host\/([a-z0-9_-]*)[\.](.*)/i) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (User-Name =~ >> /host\/([a-z0-9_-]*)[\.](.*)/i) -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: } # policy >> packetfence-set-realm-if-machine = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: policy >> packetfence-balanced-key-policy { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&PacketFence-KeyBalanced && >> (&PacketFence-KeyBalanced =~ /^(.*)(.)$/i)) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&PacketFence-KeyBalanced && >> (&PacketFence-KeyBalanced =~ /^(.*)(.)$/i)) -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: else { >> (704) Thu Oct 15 10:35:31 2020: Debug: update { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND >> %{md5:%{Calling-Station-Id}%{User-Name}} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> >> dc41feae55319aa1564020b73056c100 >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND >> %{md5:%{Calling-Station-Id}%{User-Name}} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> >> dc41feae55319aa1564020b73056c100 >> (704) Thu Oct 15 10:35:31 2020: Debug: } # update = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: } # else = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: } # policy >> packetfence-balanced-key-policy = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: policy packetfence-set-tenant-id { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (!NAS-IP-Address || >> NAS-IP-Address == "0.0.0.0"){ >> (704) Thu Oct 15 10:35:31 2020: Debug: if (!NAS-IP-Address || >> NAS-IP-Address == "0.0.0.0") -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND >> %{%{control:PacketFence-Tenant-Id}:-0} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> 0 >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { >> (704) Thu Oct 15 10:35:31 2020: Debug: update control { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{User-Name} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> b0:35:b5:b9:fb:aa >> (704) Thu Oct 15 10:35:31 2020: Debug: SQL-User-Name set to >> 'b0:35:b5:b9:fb:aa' >> (704) Thu Oct 15 10:35:31 2020: Debug: Executing select query: >> SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = >> '10.0.0.229'), 0) >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{sql: SELECT >> IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = >> '%{NAS-IP-Address}'), 0)} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> 0 >> (704) Thu Oct 15 10:35:31 2020: Debug: } # update control = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: } # if ( >> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> &control:PacketFence-Tenant-Id == 0 ) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> &control:PacketFence-Tenant-Id == 0 ) -> TRUE >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> &control:PacketFence-Tenant-Id == 0 ) { >> (704) Thu Oct 15 10:35:31 2020: Debug: update control { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{User-Name} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> b0:35:b5:b9:fb:aa >> (704) Thu Oct 15 10:35:31 2020: Debug: SQL-User-Name set to >> 'b0:35:b5:b9:fb:aa' >> (704) Thu Oct 15 10:35:31 2020: Debug: Executing select query: >> SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= >> INET_ATON('10.0.0.229') and INET_ATON('10.0.0.229') <= end_ip order by >> range_length limit 1), 1) >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{sql: SELECT >> IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= >> INET_ATON('%{NAS-IP-Address}') and INET_ATON('%{NAS-IP-Address}') <= end_ip >> order by range_length limit 1), 1)}(704) Thu Oct 15 10:35:31 2020: Debug: >> --> 1 >> (704) Thu Oct 15 10:35:31 2020: Debug: } # update control = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: } # if ( >> &control:PacketFence-Tenant-Id == 0 ) = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: } # policy >> packetfence-set-tenant-id = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: policy rewrite_calling_station_id >> { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&Calling-Station-Id && >> (&Calling-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) >> { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&Calling-Station-Id && >> (&Calling-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) >> -> TRUE(704) Thu Oct 15 10:35:31 2020: Debug: if >> (&Calling-Station-Id && (&Calling-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) >> { >> (704) Thu Oct 15 10:35:31 2020: Debug: update request { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND >> %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> b0:35:b5:b9:fb:aa >> (704) Thu Oct 15 10:35:31 2020: Debug: } # update request = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: [updated] = updated >> (704) Thu Oct 15 10:35:31 2020: Debug: } # if (&Calling-Station-Id && >> (&Calling-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) >> = updated >> (704) Thu Oct 15 10:35:31 2020: Debug: ... skipping else: Preceding >> "if" was taken >> (704) Thu Oct 15 10:35:31 2020: Debug: } # policy >> rewrite_calling_station_id = updated >> (704) Thu Oct 15 10:35:31 2020: Debug: policy rewrite_called_station_id { >> (704) Thu Oct 15 10:35:31 2020: Debug: if ((&Called-Station-Id) && >> (&Called-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) >> { >> (704) Thu Oct 15 10:35:31 2020: Debug: if ((&Called-Station-Id) && >> (&Called-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) >> -> TRUE >> (704) Thu Oct 15 10:35:31 2020: Debug: if ((&Called-Station-Id) && >> (&Called-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) >> { >> (704) Thu Oct 15 10:35:31 2020: Debug: update request { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND >> %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> 08:5b:0e:0e:35:c4 >> (704) Thu Oct 15 10:35:31 2020: Debug: } # update request = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: if ("%{8}") { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{8} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> FDTUNNEL >> (704) Thu Oct 15 10:35:31 2020: Debug: if ("%{8}") -> TRUE >> (704) Thu Oct 15 10:35:31 2020: Debug: if ("%{8}") { >> (704) Thu Oct 15 10:35:31 2020: Debug: update request { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND >> %{Called-Station-Id}:%{8} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> >> 08:5b:0e:0e:35:c4:FDTUNNEL >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{8} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> FDTUNNEL >> (704) Thu Oct 15 10:35:31 2020: Debug: } # update request = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: } # if ("%{8}") = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: ... skipping elsif: Preceding >> "if" was taken >> (704) Thu Oct 15 10:35:31 2020: Debug: ... skipping elsif: Preceding >> "if" was taken >> (704) Thu Oct 15 10:35:31 2020: Debug: ... skipping elsif: Preceding >> "if" was taken >> (704) Thu Oct 15 10:35:31 2020: Debug: [updated] = updated >> (704) Thu Oct 15 10:35:31 2020: Debug: } # if ((&Called-Station-Id) && >> (&Called-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) >> = updated >> (704) Thu Oct 15 10:35:31 2020: Debug: ... skipping else: Preceding >> "if" was taken >> (704) Thu Oct 15 10:35:31 2020: Debug: } # policy >> rewrite_called_station_id = updated >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( "%{client:shortname}" =~ >> /eduroam_tlrs/ ) { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{client:shortname} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> 10.0.0.229/32 >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( "%{client:shortname}" =~ >> /eduroam_tlrs/ ) -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: policy filter_username { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name) -> TRUE >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ / /) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ / /) -> >> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /@[^@]*@/ ) >> { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /@[^@]*@/ ) >> -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /\.\./ ) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /\.\./ ) >> -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: if ((&User-Name =~ /@/) && >> (&User-Name !~ /@(.+)\.(.+)$/)) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if ((&User-Name =~ /@/) && >> (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /\.$/) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /\.$/) -> >> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /@\./) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name =~ /@\./) -> >> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: } # if (&User-Name) = updated >> (704) Thu Oct 15 10:35:31 2020: Debug: } # policy filter_username = >> updated >> (704) Thu Oct 15 10:35:31 2020: Debug: policy filter_password { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Password && >> (&User-Password != "%{string:User-Password}")) { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{string:User-Password} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> b0:35:b5:b9:fb:aa >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Password && >> (&User-Password != "%{string:User-Password}")) -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: } # policy filter_password = >> updated >> (704) Thu Oct 15 10:35:31 2020: Debug: [preprocess] = ok >> (704) Thu Oct 15 10:35:31 2020: Debug: [mschap] = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: suffix: Checking for suffix after "@" >> (704) Thu Oct 15 10:35:31 2020: Debug: suffix: No '@' in User-Name = >> "b0:35:b5:b9:fb:aa", skipping NULL due to config. >> (704) Thu Oct 15 10:35:31 2020: Debug: [suffix] = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: ntdomain: Checking for prefix before >> "\" >> (704) Thu Oct 15 10:35:31 2020: Debug: ntdomain: No '\' in User-Name = >> "b0:35:b5:b9:fb:aa", looking up realm NULL >> (704) Thu Oct 15 10:35:31 2020: Debug: ntdomain: Found realm "null" >> (704) Thu Oct 15 10:35:31 2020: Debug: ntdomain: Adding Stripped-User-Name = >> "b0:35:b5:b9:fb:aa" >> (704) Thu Oct 15 10:35:31 2020: Debug: ntdomain: Adding Realm = "null" >> (704) Thu Oct 15 10:35:31 2020: Debug: ntdomain: Authentication realm is >> LOCAL >> (704) Thu Oct 15 10:35:31 2020: Debug: [ntdomain] = ok >> (704) Thu Oct 15 10:35:31 2020: Debug: eap: No EAP-Message, not doing EAP >> (704) Thu Oct 15 10:35:31 2020: Debug: [eap] = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( !EAP-Message && >> "%{%{Control:Auth-type}:-No-MS_CHAP}" != "MS-CHAP") { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND >> %{%{Control:Auth-type}:-No-MS_CHAP} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> No-MS_CHAP >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( !EAP-Message && >> "%{%{Control:Auth-type}:-No-MS_CHAP}" != "MS-CHAP") -> TRUE >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( !EAP-Message && >> "%{%{Control:Auth-type}:-No-MS_CHAP}" != "MS-CHAP") { >> (704) Thu Oct 15 10:35:31 2020: Debug: update { >> (704) Thu Oct 15 10:35:31 2020: Debug: } # update = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: } # if ( !EAP-Message && >> "%{%{Control:Auth-type}:-No-MS_CHAP}" != "MS-CHAP") = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: if (Control:Auth-type == >> "MS-CHAP") { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (Control:Auth-type == >> "MS-CHAP") -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: policy packetfence-eap-mac-policy >> { >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( &EAP-Type ) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( &EAP-Type ) -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: [noop] = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: } # policy >> packetfence-eap-mac-policy = noop >> (704) Thu Oct 15 10:35:31 2020: WARNING: pap: >> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! >> (704) Thu Oct 15 10:35:31 2020: WARNING: pap: !!! Ignoring >> control:User-Password. Update your !!! >> (704) Thu Oct 15 10:35:31 2020: WARNING: pap: !!! configuration so that the >> "known good" clear text !!! >> (704) Thu Oct 15 10:35:31 2020: WARNING: pap: !!! password is in >> Cleartext-Password and NOT in !!! >> (704) Thu Oct 15 10:35:31 2020: WARNING: pap: !!! User-Password. >> !!! >> (704) Thu Oct 15 10:35:31 2020: WARNING: pap: >> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! >> (704) Thu Oct 15 10:35:31 2020: WARNING: pap: Auth-Type already set. Not >> setting to PAP >> (704) Thu Oct 15 10:35:31 2020: Debug: [pap] = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: } # authorize = updated >> (704) Thu Oct 15 10:35:31 2020: Debug: Found Auth-Type = Accept >> (704) Thu Oct 15 10:35:31 2020: Debug: Auth-Type = Accept, accepting the user >> (704) Thu Oct 15 10:35:31 2020: Debug: # Executing section post-auth from >> file /usr/local/pf/raddb/sites-enabled/packetfence >> (704) Thu Oct 15 10:35:31 2020: Debug: post-auth { >> (704) Thu Oct 15 10:35:31 2020: Debug: update { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{Packet-Src-IP-Address} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> 10.0.0.229 >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND %{Packet-Dst-IP-Address} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> 10.0.0.234 >> (704) Thu Oct 15 10:35:31 2020: Debug: } # update = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: policy packetfence-set-tenant-id { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (!NAS-IP-Address || >> NAS-IP-Address == "0.0.0.0"){ >> (704) Thu Oct 15 10:35:31 2020: Debug: if (!NAS-IP-Address || >> NAS-IP-Address == "0.0.0.0") -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND >> %{%{control:PacketFence-Tenant-Id}:-0} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> 1 >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> &control:PacketFence-Tenant-Id == 0 ) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> &control:PacketFence-Tenant-Id == 0 ) -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: } # policy >> packetfence-set-tenant-id = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: if >> ("%{%{control:PacketFence-Proxied-From}:-False}" == "True") { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND >> %{%{control:PacketFence-Proxied-From}:-False} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> False >> (704) Thu Oct 15 10:35:31 2020: Debug: if >> ("%{%{control:PacketFence-Proxied-From}:-False}" == "True") -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: if (! EAP-Type || (EAP-Type != >> TTLS && EAP-Type != PEAP) ) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (! EAP-Type || (EAP-Type != >> TTLS && EAP-Type != PEAP) ) -> TRUE >> (704) Thu Oct 15 10:35:31 2020: Debug: if (! EAP-Type || (EAP-Type != >> TTLS && EAP-Type != PEAP) ) { >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Expanding URI components >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: EXPAND http://127.0.0.1:7070 >> <http://127.0.0.1:7070/> >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: --> http://127.0.0.1:7070 >> <http://127.0.0.1:7070/> >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: EXPAND //radius/rest/authorize >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: --> //radius/rest/authorize >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Sending HTTP POST to >> "http://127.0.0.1:7070//radius/rest/authorize >> <http://127.0.0.1:7070//radius/rest/authorize>" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute "User-Name" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "User-Password" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "NAS-IP-Address" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "Service-Type" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "Called-Station-Id" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "Calling-Station-Id" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "NAS-Identifier" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "NAS-Port-Type" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "Acct-Session-Id" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "Event-Timestamp" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "Connect-Info" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "Fortinet-Vdom-Name" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "Fortinet-SSID" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "Fortinet-AP-Name" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "Stripped-User-Name" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute "Realm" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "SQL-User-Name" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "FreeRADIUS-Client-IP-Address" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "Called-Station-SSID" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "PacketFence-KeyBalanced" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Encoding attribute >> "PacketFence-Radius-Ip" >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Processing response header >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Status : 100 (Continue) >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Continuing... >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Processing response header >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Status : 401 (Unauthorized) >> (704) Thu Oct 15 10:35:31 2020: Debug: rest: Type : json >> (application/json) >> (704) Thu Oct 15 10:35:31 2020: ERROR: rest: Server returned: >> (704) Thu Oct 15 10:35:31 2020: ERROR: rest: {"Reply-Message":"Network >> device does not support this mode of >> operation","control:PacketFence-Eap-Type":0,"control:PacketFence-Authorization-Status":"allow","control:PacketFence-Mac":"b0:35:b5:b9:fb:aa","control:PacketFence-Request-Time":1602772531,"control:PacketFence-Switch-Ip-Address":"10.0.0.229","control:PacketFence-IfIndex":"external","control:PacketFence-UserName":"b0:35:b5:b9:fb:aa","control:PacketFence-Connection-Type":"CLI-Access","control:PacketFence-Switch-Id":"10.0.0.229","control:PacketFence-Switch-Mac":"08:5b:0e:0e:35:c4"} >> (704) Thu Oct 15 10:35:31 2020: Debug: [rest] = invalid >> (704) Thu Oct 15 10:35:31 2020: Debug: } # if (! EAP-Type || (EAP-Type >> != TTLS && EAP-Type != PEAP) ) = invalid >> (704) Thu Oct 15 10:35:31 2020: Debug: } # post-auth = invalid >> (704) Thu Oct 15 10:35:31 2020: Debug: Using Post-Auth-Type Reject >> (704) Thu Oct 15 10:35:31 2020: Debug: # Executing group from file >> /usr/local/pf/raddb/sites-enabled/packetfence >> (704) Thu Oct 15 10:35:31 2020: Debug: Post-Auth-Type REJECT { >> (704) Thu Oct 15 10:35:31 2020: Debug: policy packetfence-set-tenant-id { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (!NAS-IP-Address || >> NAS-IP-Address == "0.0.0.0"){ >> (704) Thu Oct 15 10:35:31 2020: Debug: if (!NAS-IP-Address || >> NAS-IP-Address == "0.0.0.0") -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND >> %{%{control:PacketFence-Tenant-Id}:-0} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> 1 >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> &control:PacketFence-Tenant-Id == 0 ) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if ( >> &control:PacketFence-Tenant-Id == 0 ) -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: } # policy >> packetfence-set-tenant-id = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: update { >> (704) Thu Oct 15 10:35:31 2020: Debug: } # update = noop >> (704) Thu Oct 15 10:35:31 2020: Debug: if (! EAP-Type || (EAP-Type != >> TTLS && EAP-Type != PEAP) ) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (! EAP-Type || (EAP-Type != >> TTLS && EAP-Type != PEAP) ) -> TRUE >> (704) Thu Oct 15 10:35:31 2020: Debug: if (! EAP-Type || (EAP-Type != >> TTLS && EAP-Type != PEAP) ) { >> (704) Thu Oct 15 10:35:31 2020: Debug: policy >> packetfence-audit-log-reject { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name && (&User-Name >> == "dummy")) { >> (704) Thu Oct 15 10:35:31 2020: Debug: if (&User-Name && (&User-Name >> == "dummy")) -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: else { >> (704) Thu Oct 15 10:35:31 2020: Debug: policy request-timing { >> (704) Thu Oct 15 10:35:31 2020: Debug: if >> ("%{%{control:PacketFence-Request-Time}:-0}" != 0) { >> (704) Thu Oct 15 10:35:31 2020: Debug: EXPAND >> %{%{control:PacketFence-Request-Time}:-0} >> (704) Thu Oct 15 10:35:31 2020: Debug: --> 0 >> (704) Thu Oct 15 10:35:31 2020: Debug: if >> ("%{%{control:PacketFence-Request-Time}:-0}" != 0) -> FALSE >> (704) Thu Oct 15 10:35:31 2020: Debug: } # policy request-timing = >> noop >> (704) Thu Oct 15 10:35:31 2020: Debug: sql_reject: EXPAND type.reject.query >> (704) Thu Oct 15 10:35:31 2020: Debug: sql_reject: --> type.reject.query >> (704) Thu Oct 15 10:35:31 2020: Debug: sql_reject: Using query template >> 'query' >> (704) Thu Oct 15 10:35:31 2020: Debug: sql_reject: EXPAND %{User-Name} >> (704) Thu Oct 15 10:35:31 2020: Debug: sql_reject: --> b0:35:b5:b9:fb:aa >> (704) Thu Oct 15 10:35:31 2020: Debug: sql_reject: SQL-User-Name set to >> 'b0:35:b5:b9:fb:aa' >> >> >> On Friday, October 16, 2020, 01:43:44 PM EDT, Ludovic Zammit >> <[email protected] <mailto:[email protected]>> wrote: >> >> >> Hello, >> >> Yes please, could you send the output of the command: >> >> raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600 | tee raddebug.log >> >> Thanks, >> >> Ludovic Zammit >> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: >> www.inverse.ca <http://www.inverse.ca/> >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >> <http://packetfence.org/>) >> >> >> >> >>> On Oct 15, 2020, at 11:23 AM, rahim damji via PacketFence-users >>> <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> I can post my debug if needed >>> >>> Thanks >>> >>> Rahim >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >> > > <20201016_181043000_iOS.png><20201016_181048000_iOS.png>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
