daily pastebin goal
93%
SHARE
TWEET

Untitled

a guest Oct 17th, 2017 86 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. (1) Received Access-Request Id 121 FROM 10.0.1.138:60734 TO 10.0.13.40:1812 LENGTH 186
  2. (1)   User-Name = "E8:9D:87:02:7D:2C"
  3. (1)   User-Password = ""
  4. (1)   Acct-Session-Id = "1A082C7D02879DE8"
  5. (1)   NAS-IP-Address = 10.29.11.3
  6. (1)   NAS-Port-TYPE = Virtual
  7. (1)   NAS-Port = 37
  8. (1)   VasExperts-Service-TYPE = DHCP
  9. (1)   VasExperts-DHCP-Request = Discover
  10. (1)   VasExperts-DHCP-Hostname = 0x776977692d74657374
  11. (1)   VasExperts-DHCP-ClientId = 0x01e89d87027d2c
  12. (1)   VasExperts-DHCP-ClassId = 0x4d53465420352e30
  13. (1)   Chargeable-User-IDENTITY = 0x00
  14. (1)   Message-Authenticator = 0x83d60f89585e1e9fe12c1b86ba8dd973
  15. (1) # Executing SECTION authorize FROM file /etc/freeradius/3.0/sites-enabled/SQL
  16. (1)   authorize {
  17. (1)     policy filter_username {
  18. (1)       IF (&User-Name) {
  19. (1)       IF (&User-Name)  -> TRUE
  20. (1)       IF (&User-Name)  {
  21. (1)         IF (&User-Name =~ / /) {
  22. (1)         IF (&User-Name =~ / /)  -> FALSE
  23. (1)         IF (&User-Name =~ /@[^@]*@/ ) {
  24. (1)         IF (&User-Name =~ /@[^@]*@/ )  -> FALSE
  25. (1)         IF (&User-Name =~ /\.\./ ) {
  26. (1)         IF (&User-Name =~ /\.\./ )  -> FALSE
  27. (1)         IF ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
  28. (1)         IF ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
  29. (1)         IF (&User-Name =~ /\.$/)  {
  30. (1)         IF (&User-Name =~ /\.$/)   -> FALSE
  31. (1)         IF (&User-Name =~ /@\./)  {
  32. (1)         IF (&User-Name =~ /@\./)   -> FALSE
  33. (1)       } # IF (&User-Name)  = notfound
  34. (1)     } # policy filter_username = notfound
  35. (1)     [preprocess] = ok
  36. (1)     [chap] = noop
  37. (1)     [mschap] = noop
  38. (1) suffix: Checking FOR suffix after "@"
  39. (1) suffix: No '@' IN User-Name = "E8:9D:87:02:7D:2C", looking up realm NULL
  40. (1) suffix: No such realm "NULL"
  41. (1)     [suffix] = noop
  42. (1) eap: No EAP-Message, NOT doing EAP
  43. (1)     [eap] = noop
  44. (1) SQL: EXPAND %{User-Name}
  45. (1) SQL:    --> E8:9D:87:02:7D:2C
  46. (1) SQL: SQL-User-Name SET TO 'E8:9D:87:02:7D:2C'
  47. rlm_sql (SQL): Reserved connection (3)
  48. (1) SQL: EXPAND SELECT id, username, attribute, VALUE, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
  49. (1) SQL:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'E8:9D:87:02:7D:2C' ORDER BY id
  50. (1) SQL: Executing SELECT query: SELECT id, username, attribute, VALUE, op FROM radcheck WHERE username = 'E8:9D:87:02:7D:2C' ORDER BY id
  51. (1) SQL: USER found IN radcheck TABLE
  52. (1) SQL: Conditional CHECK items matched, merging assignment CHECK items
  53. (1) SQL:   Cleartext-Password := "VasExperts.FastDPI"
  54. (1) SQL: EXPAND SELECT id, username, attribute, VALUE, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
  55. (1) SQL:    --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'E8:9D:87:02:7D:2C' ORDER BY id
  56. (1) SQL: Executing SELECT query: SELECT id, username, attribute, VALUE, op FROM radreply WHERE username = 'E8:9D:87:02:7D:2C' ORDER BY id
  57. (1) SQL: USER found IN radreply TABLE, merging reply items
  58. (1) SQL:   Framed-IP-Address = 10.230.51.15
  59. (1) SQL:   Framed-IP-Netmask = 255.255.255.0
  60. (1) SQL:   VasExperts-DHCP-Gateway = 10.230.51.1
  61. (1) SQL: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
  62. (1) SQL:    --> SELECT groupname FROM radusergroup WHERE username = 'E8:9D:87:02:7D:2C' ORDER BY priority
  63. (1) SQL: Executing SELECT query: SELECT groupname FROM radusergroup WHERE username = 'E8:9D:87:02:7D:2C' ORDER BY priority
  64. (1) SQL: USER found IN the GROUP TABLE
  65. (1) SQL: EXPAND SELECT id, groupname, attribute, VALUE, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
  66. (1) SQL:    --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'ips' ORDER BY id
  67. (1) SQL: Executing SELECT query: SELECT id, groupname, attribute, VALUE, op FROM radgroupcheck WHERE groupname = 'ips' ORDER BY id
  68. (1) SQL: GROUP "ips": Conditional CHECK items matched
  69. (1) SQL: GROUP "ips": Merging assignment CHECK items
  70. (1) SQL: EXPAND SELECT id, groupname, attribute, VALUE, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
  71. (1) SQL:    --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'ips' ORDER BY id
  72. (1) SQL: Executing SELECT query: SELECT id, groupname, attribute, VALUE, op FROM radgroupreply WHERE groupname = 'ips' ORDER BY id
  73. (1) SQL: GROUP "ips": Merging reply items
  74. (1) SQL:   VasExperts-DHCP-DNS = 10.0.2.2
  75. (1) SQL:   VasExperts-DHCP-DNS = 10.0.2.5
  76. (1) SQL:   Session-Timeout = 2592000
  77. rlm_sql (SQL): Released connection (3)
  78. (1)     [SQL] = ok
  79. (1)     [expiration] = noop
  80. (1)     [logintime] = noop
  81. (1)     [pap] = updated
  82. (1)   } # authorize = updated
  83. (1) Found Auth-TYPE = PAP
  84. (1) # Executing GROUP FROM file /etc/freeradius/3.0/sites-enabled/SQL
  85. (1)   Auth-TYPE PAP {
  86. (1) pap: ERROR: Password must NOT be empty
  87. (1)     [pap] = invalid
  88. (1)   } # Auth-TYPE PAP = invalid
  89. (1) Failed TO authenticate the USER
  90. (1) USING Post-Auth-TYPE Reject
  91. (1) # Executing GROUP FROM file /etc/freeradius/3.0/sites-enabled/SQL
  92. (1)   Post-Auth-TYPE REJECT {
  93. (1) SQL: EXPAND .query
  94. (1) SQL:    --> .query
  95. (1) SQL: USING query template 'query'
  96. rlm_sql (SQL): Reserved connection (4)
  97. (1) SQL: EXPAND %{User-Name}
  98. (1) SQL:    --> E8:9D:87:02:7D:2C
  99. (1) SQL: SQL-User-Name SET TO 'E8:9D:87:02:7D:2C'
  100. (1) SQL: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}
  101. (1) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'E8:9D:87:02:7D:2C', '', 'Access-Reject', '2017-10-17 15:56:44')
  102. (1) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'E8:9D:87:02:7D:2C', '', 'Access-Reject', '2017-10-17 15:56:44')
  103. (1) sql: SQL query returned: success
  104. (1) sql: 1 record(s) updated
  105. rlm_sql (sql): Released connection (4)
  106. (1)     [sql] = ok
  107. (1) attr_filter.access_reject: EXPAND %{User-Name}
  108. (1) attr_filter.access_reject:    --> E8:9D:87:02:7D:2C
  109. (1) attr_filter.access_reject: Matched entry DEFAULT at line 11
  110. (1)     [attr_filter.access_reject] = updated
  111. (1)     if ( &VasExperts-Service-Type == 0 ) {
  112. (1)     if ( &VasExperts-Service-Type == 0 )  -> FALSE
  113. (1)     [eap] = noop
  114. (1)     policy remove_reply_message_if_eap {
  115. (1)       if (&reply:EAP-Message && &reply:Reply-Message) {
  116. (1)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
  117. (1)       else {
  118. (1)         [noop] = noop
  119. (1)       } # else = noop
  120. (1)     } # policy remove_reply_message_if_eap = noop
  121. (1)   } # Post-Auth-Type REJECT = updated
  122. (1) Delaying response for 1.000000 seconds
  123. Waking up in 0.3 seconds.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top