Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- (0) Thu May 24 17:30:29 2018: Debug: Received Access-Request Id 25 from 172.20.5.79:52628 to 172.20.5.3:1812 length 372
- (0) Thu May 24 17:30:29 2018: Debug: Framed-MTU = 1480
- (0) Thu May 24 17:30:29 2018: Debug: NAS-IP-Address = 172.20.9.150
- (0) Thu May 24 17:30:29 2018: Debug: NAS-Identifier = "Test"
- (0) Thu May 24 17:30:29 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (0) Thu May 24 17:30:29 2018: Debug: Service-Type = Framed-User
- (0) Thu May 24 17:30:29 2018: Debug: Framed-Protocol = PPP
- (0) Thu May 24 17:30:29 2018: Debug: NAS-Port = 1
- (0) Thu May 24 17:30:29 2018: Debug: NAS-Port-Type = Ethernet
- (0) Thu May 24 17:30:29 2018: Debug: NAS-Port-Id = "1"
- (0) Thu May 24 17:30:29 2018: Debug: Called-Station-Id = "94-18-82-b9-32-80"
- (0) Thu May 24 17:30:29 2018: Debug: Calling-Station-Id = "00-e0-4c-60-43-20"
- (0) Thu May 24 17:30:29 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (0) Thu May 24 17:30:29 2018: Debug: Tunnel-Type:0 = VLAN
- (0) Thu May 24 17:30:29 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (0) Thu May 24 17:30:29 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (0) Thu May 24 17:30:29 2018: Debug: EAP-Message = 0x0201002401686f73742f41646d696e2d31352d4e422e504552534f4e414c414d542e4445
- (0) Thu May 24 17:30:29 2018: Debug: Message-Authenticator = 0x6617fad777f9bd50b77d4b3fbe07f915
- (0) Thu May 24 17:30:29 2018: Debug: MS-RAS-Vendor = 11
- (0) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (0) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (0) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (0) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (0) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0138
- (0) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x013a
- (0) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0140
- (0) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0141
- (0) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0151
- (0) Thu May 24 17:30:29 2018: Debug: Proxy-State = 0x3134
- (0) Thu May 24 17:30:29 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence
- (0) Thu May 24 17:30:29 2018: Debug: authorize {
- (0) Thu May 24 17:30:29 2018: Debug: update {
- (0) Thu May 24 17:30:29 2018: Debug: EXPAND %{Packet-Src-IP-Address}
- (0) Thu May 24 17:30:29 2018: Debug: --> 172.20.5.79
- (0) Thu May 24 17:30:29 2018: Debug: EXPAND %l
- (0) Thu May 24 17:30:29 2018: Debug: --> 1527175829
- (0) Thu May 24 17:30:29 2018: Debug: } # update = noop
- (0) Thu May 24 17:30:29 2018: Debug: policy packetfence-set-tenant-id {
- (0) Thu May 24 17:30:29 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (0) Thu May 24 17:30:29 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0}
- (0) Thu May 24 17:30:29 2018: Debug: --> 0
- (0) Thu May 24 17:30:29 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
- (0) Thu May 24 17:30:29 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (0) Thu May 24 17:30:29 2018: Debug: update control {
- (0) Thu May 24 17:30:29 2018: Debug: EXPAND %{User-Name}
- (0) Thu May 24 17:30:29 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (0) Thu May 24 17:30:29 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (0) Thu May 24 17:30:29 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '172.20.5.79'), 0)
- (0) Thu May 24 17:30:29 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)}
- (0) Thu May 24 17:30:29 2018: Debug: --> 0
- (0) Thu May 24 17:30:29 2018: Debug: } # update control = noop
- (0) Thu May 24 17:30:29 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
- (0) Thu May 24 17:30:29 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (0) Thu May 24 17:30:29 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> TRUE
- (0) Thu May 24 17:30:29 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (0) Thu May 24 17:30:29 2018: Debug: update control {
- (0) Thu May 24 17:30:29 2018: Debug: EXPAND %{User-Name}
- (0) Thu May 24 17:30:29 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (0) Thu May 24 17:30:29 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (0) Thu May 24 17:30:29 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('172.20.5.79') and INET_ATON('172.20.5.79') <= end_ip order by range_length limit 1), 1)
- (0) Thu May 24 17:30:29 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('%{Packet-Src-IP-Address}') and INET_ATON('%{Packet-Src-IP-Address}') <= end_ip order by range_length limit 1), 1)}
- (0) Thu May 24 17:30:29 2018: Debug: --> 1
- (0) Thu May 24 17:30:29 2018: Debug: } # update control = noop
- (0) Thu May 24 17:30:29 2018: Debug: } # if ( &control:PacketFence-Tenant-Id == 0 ) = noop
- (0) Thu May 24 17:30:29 2018: Debug: } # policy packetfence-set-tenant-id = noop
- (0) Thu May 24 17:30:29 2018: Debug: policy rewrite_calling_station_id {
- (0) Thu May 24 17:30:29 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (0) Thu May 24 17:30:29 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
- (0) Thu May 24 17:30:29 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (0) Thu May 24 17:30:29 2018: Debug: update request {
- (0) Thu May 24 17:30:29 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (0) Thu May 24 17:30:29 2018: Debug: --> 00:e0:4c:60:43:20
- (0) Thu May 24 17:30:29 2018: Debug: } # update request = noop
- (0) Thu May 24 17:30:29 2018: Debug: [updated] = updated
- (0) Thu May 24 17:30:29 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
- (0) Thu May 24 17:30:29 2018: Debug: ... skipping else: Preceding "if" was taken
- (0) Thu May 24 17:30:29 2018: Debug: } # policy rewrite_calling_station_id = updated
- (0) Thu May 24 17:30:29 2018: Debug: policy rewrite_called_station_id {
- (0) Thu May 24 17:30:29 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (0) Thu May 24 17:30:29 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE
- (0) Thu May 24 17:30:29 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (0) Thu May 24 17:30:29 2018: Debug: update request {
- (0) Thu May 24 17:30:29 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (0) Thu May 24 17:30:29 2018: Debug: --> 94:18:82:b9:32:80
- (0) Thu May 24 17:30:29 2018: Debug: } # update request = noop
- (0) Thu May 24 17:30:29 2018: Debug: if ("%{8}") {
- (0) Thu May 24 17:30:29 2018: Debug: EXPAND %{8}
- (0) Thu May 24 17:30:29 2018: Debug: -->
- (0) Thu May 24 17:30:29 2018: Debug: if ("%{8}") -> FALSE
- (0) Thu May 24 17:30:29 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
- (0) Thu May 24 17:30:29 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (0) Thu May 24 17:30:29 2018: Debug: elsif (Aruba-Essid-Name) {
- (0) Thu May 24 17:30:29 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE
- (0) Thu May 24 17:30:29 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
- (0) Thu May 24 17:30:29 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (0) Thu May 24 17:30:29 2018: Debug: [updated] = updated
- (0) Thu May 24 17:30:29 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated
- (0) Thu May 24 17:30:29 2018: Debug: ... skipping else: Preceding "if" was taken
- (0) Thu May 24 17:30:29 2018: Debug: } # policy rewrite_called_station_id = updated
- (0) Thu May 24 17:30:29 2018: Debug: policy filter_username {
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Name) {
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Name) -> TRUE
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Name) {
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ / /) {
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (0) Thu May 24 17:30:29 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (0) Thu May 24 17:30:29 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.$/) {
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@\./) {
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (0) Thu May 24 17:30:29 2018: Debug: } # if (&User-Name) = updated
- (0) Thu May 24 17:30:29 2018: Debug: } # policy filter_username = updated
- (0) Thu May 24 17:30:29 2018: Debug: policy filter_password {
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) {
- (0) Thu May 24 17:30:29 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE
- (0) Thu May 24 17:30:29 2018: Debug: } # policy filter_password = updated
- (0) Thu May 24 17:30:29 2018: Debug: [preprocess] = ok
- (0) Thu May 24 17:30:29 2018: Debug: suffix: Checking for suffix after "@"
- (0) Thu May 24 17:30:29 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (0) Thu May 24 17:30:29 2018: Debug: [suffix] = noop
- (0) Thu May 24 17:30:29 2018: Debug: ntdomain: Checking for prefix before "\"
- (0) Thu May 24 17:30:29 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (0) Thu May 24 17:30:29 2018: Debug: ntdomain: Found realm "null"
- (0) Thu May 24 17:30:29 2018: Debug: ntdomain: Adding Realm = "null"
- (0) Thu May 24 17:30:29 2018: Debug: ntdomain: Authentication realm is LOCAL
- (0) Thu May 24 17:30:29 2018: Debug: [ntdomain] = ok
- (0) Thu May 24 17:30:29 2018: Debug: eap: Peer sent EAP Response (code 2) ID 1 length 36
- (0) Thu May 24 17:30:29 2018: Debug: eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (0) Thu May 24 17:30:29 2018: Debug: [eap] = ok
- (0) Thu May 24 17:30:29 2018: Debug: } # authorize = ok
- (0) Thu May 24 17:30:29 2018: Debug: Found Auth-Type = eap
- (0) Thu May 24 17:30:29 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (0) Thu May 24 17:30:29 2018: Debug: authenticate {
- (0) Thu May 24 17:30:29 2018: Debug: eap: Peer sent packet with method EAP Identity (1)
- (0) Thu May 24 17:30:29 2018: Debug: eap: Calling submodule eap_peap to process data
- (0) Thu May 24 17:30:29 2018: Debug: eap_peap: Initiating new EAP-TLS session
- (0) Thu May 24 17:30:29 2018: Debug: eap_peap: [eaptls start] = request
- (0) Thu May 24 17:30:29 2018: Debug: eap: Sending EAP Request (code 1) ID 2 length 6
- (0) Thu May 24 17:30:29 2018: Debug: eap: EAP session adding &reply:State = 0x49c411c249c6082f
- (0) Thu May 24 17:30:29 2018: Debug: [eap] = handled
- (0) Thu May 24 17:30:29 2018: Debug: } # authenticate = handled
- (0) Thu May 24 17:30:29 2018: Debug: Using Post-Auth-Type Challenge
- (0) Thu May 24 17:30:29 2018: Debug: Post-Auth-Type sub-section not found. Ignoring.
- (0) Thu May 24 17:30:29 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (0) Thu May 24 17:30:29 2018: Debug: Sent Access-Challenge Id 25 from 172.20.5.3:1812 to 172.20.5.79:52628 length 0
- (0) Thu May 24 17:30:29 2018: Debug: EAP-Message = 0x010200061920
- (0) Thu May 24 17:30:29 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (0) Thu May 24 17:30:29 2018: Debug: State = 0x49c411c249c6082fb3b3797cce5894f4
- (0) Thu May 24 17:30:29 2018: Debug: Proxy-State = 0x3134
- (0) Thu May 24 17:30:29 2018: Debug: Finished request
- (1) Thu May 24 17:30:29 2018: Debug: Received Access-Request Id 8 from 172.20.5.79:52628 to 172.20.5.3:1812 length 520
- (1) Thu May 24 17:30:29 2018: Debug: Framed-MTU = 1480
- (1) Thu May 24 17:30:29 2018: Debug: NAS-IP-Address = 172.20.9.150
- (1) Thu May 24 17:30:29 2018: Debug: NAS-Identifier = "Test"
- (1) Thu May 24 17:30:29 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (1) Thu May 24 17:30:29 2018: Debug: Service-Type = Framed-User
- (1) Thu May 24 17:30:29 2018: Debug: Framed-Protocol = PPP
- (1) Thu May 24 17:30:29 2018: Debug: NAS-Port = 1
- (1) Thu May 24 17:30:29 2018: Debug: NAS-Port-Type = Ethernet
- (1) Thu May 24 17:30:29 2018: Debug: NAS-Port-Id = "1"
- (1) Thu May 24 17:30:29 2018: Debug: Called-Station-Id = "94-18-82-b9-32-80"
- (1) Thu May 24 17:30:29 2018: Debug: Calling-Station-Id = "00-e0-4c-60-43-20"
- (1) Thu May 24 17:30:29 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (1) Thu May 24 17:30:29 2018: Debug: Tunnel-Type:0 = VLAN
- (1) Thu May 24 17:30:29 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (1) Thu May 24 17:30:29 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (1) Thu May 24 17:30:29 2018: Debug: State = 0x49c411c249c6082fb3b3797cce5894f4
- (1) Thu May 24 17:30:29 2018: Debug: EAP-Message = 0x020200a619800000009c16030300970100009303035b06da94218ad8be62e68a5597bfdebed186a04d4b719f26cb30cf87486b51c200002ac02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a01000040000500050100000000000a00080006001d
- (1) Thu May 24 17:30:29 2018: Debug: Message-Authenticator = 0x95f7b8858d65bd7c000a05026301c991
- (1) Thu May 24 17:30:29 2018: Debug: MS-RAS-Vendor = 11
- (1) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (1) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (1) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (1) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (1) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0138
- (1) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x013a
- (1) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0140
- (1) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0141
- (1) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0151
- (1) Thu May 24 17:30:29 2018: Debug: Proxy-State = 0x3135
- (1) Thu May 24 17:30:29 2018: Debug: session-state: No cached attributes
- (1) Thu May 24 17:30:29 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence
- (1) Thu May 24 17:30:29 2018: Debug: authorize {
- (1) Thu May 24 17:30:29 2018: Debug: update {
- (1) Thu May 24 17:30:29 2018: Debug: EXPAND %{Packet-Src-IP-Address}
- (1) Thu May 24 17:30:29 2018: Debug: --> 172.20.5.79
- (1) Thu May 24 17:30:29 2018: Debug: EXPAND %l
- (1) Thu May 24 17:30:29 2018: Debug: --> 1527175829
- (1) Thu May 24 17:30:29 2018: Debug: } # update = noop
- (1) Thu May 24 17:30:29 2018: Debug: policy packetfence-set-tenant-id {
- (1) Thu May 24 17:30:29 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (1) Thu May 24 17:30:29 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0}
- (1) Thu May 24 17:30:29 2018: Debug: --> 0
- (1) Thu May 24 17:30:29 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
- (1) Thu May 24 17:30:29 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (1) Thu May 24 17:30:29 2018: Debug: update control {
- (1) Thu May 24 17:30:29 2018: Debug: EXPAND %{User-Name}
- (1) Thu May 24 17:30:29 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (1) Thu May 24 17:30:29 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (1) Thu May 24 17:30:29 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '172.20.5.79'), 0)
- (1) Thu May 24 17:30:29 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)}
- (1) Thu May 24 17:30:29 2018: Debug: --> 0
- (1) Thu May 24 17:30:29 2018: Debug: } # update control = noop
- (1) Thu May 24 17:30:29 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
- (1) Thu May 24 17:30:29 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (1) Thu May 24 17:30:29 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> TRUE
- (1) Thu May 24 17:30:29 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (1) Thu May 24 17:30:29 2018: Debug: update control {
- (1) Thu May 24 17:30:29 2018: Debug: EXPAND %{User-Name}
- (1) Thu May 24 17:30:29 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (1) Thu May 24 17:30:29 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (1) Thu May 24 17:30:29 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('172.20.5.79') and INET_ATON('172.20.5.79') <= end_ip order by range_length limit 1), 1)
- (1) Thu May 24 17:30:29 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('%{Packet-Src-IP-Address}') and INET_ATON('%{Packet-Src-IP-Address}') <= end_ip order by range_length limit 1), 1)}
- (1) Thu May 24 17:30:29 2018: Debug: --> 1
- (1) Thu May 24 17:30:29 2018: Debug: } # update control = noop
- (1) Thu May 24 17:30:29 2018: Debug: } # if ( &control:PacketFence-Tenant-Id == 0 ) = noop
- (1) Thu May 24 17:30:29 2018: Debug: } # policy packetfence-set-tenant-id = noop
- (1) Thu May 24 17:30:29 2018: Debug: policy rewrite_calling_station_id {
- (1) Thu May 24 17:30:29 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (1) Thu May 24 17:30:29 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
- (1) Thu May 24 17:30:29 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (1) Thu May 24 17:30:29 2018: Debug: update request {
- (1) Thu May 24 17:30:29 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (1) Thu May 24 17:30:29 2018: Debug: --> 00:e0:4c:60:43:20
- (1) Thu May 24 17:30:29 2018: Debug: } # update request = noop
- (1) Thu May 24 17:30:29 2018: Debug: [updated] = updated
- (1) Thu May 24 17:30:29 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
- (1) Thu May 24 17:30:29 2018: Debug: ... skipping else: Preceding "if" was taken
- (1) Thu May 24 17:30:29 2018: Debug: } # policy rewrite_calling_station_id = updated
- (1) Thu May 24 17:30:29 2018: Debug: policy rewrite_called_station_id {
- (1) Thu May 24 17:30:29 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (1) Thu May 24 17:30:29 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE
- (1) Thu May 24 17:30:29 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (1) Thu May 24 17:30:29 2018: Debug: update request {
- (1) Thu May 24 17:30:29 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (1) Thu May 24 17:30:29 2018: Debug: --> 94:18:82:b9:32:80
- (1) Thu May 24 17:30:29 2018: Debug: } # update request = noop
- (1) Thu May 24 17:30:29 2018: Debug: if ("%{8}") {
- (1) Thu May 24 17:30:29 2018: Debug: EXPAND %{8}
- (1) Thu May 24 17:30:29 2018: Debug: -->
- (1) Thu May 24 17:30:29 2018: Debug: if ("%{8}") -> FALSE
- (1) Thu May 24 17:30:29 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
- (1) Thu May 24 17:30:29 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (1) Thu May 24 17:30:29 2018: Debug: elsif (Aruba-Essid-Name) {
- (1) Thu May 24 17:30:29 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE
- (1) Thu May 24 17:30:29 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
- (1) Thu May 24 17:30:29 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (1) Thu May 24 17:30:29 2018: Debug: [updated] = updated
- (1) Thu May 24 17:30:29 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated
- (1) Thu May 24 17:30:29 2018: Debug: ... skipping else: Preceding "if" was taken
- (1) Thu May 24 17:30:29 2018: Debug: } # policy rewrite_called_station_id = updated
- (1) Thu May 24 17:30:29 2018: Debug: policy filter_username {
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Name) {
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Name) -> TRUE
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Name) {
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ / /) {
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (1) Thu May 24 17:30:29 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (1) Thu May 24 17:30:29 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.$/) {
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@\./) {
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (1) Thu May 24 17:30:29 2018: Debug: } # if (&User-Name) = updated
- (1) Thu May 24 17:30:29 2018: Debug: } # policy filter_username = updated
- (1) Thu May 24 17:30:29 2018: Debug: policy filter_password {
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) {
- (1) Thu May 24 17:30:29 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE
- (1) Thu May 24 17:30:29 2018: Debug: } # policy filter_password = updated
- (1) Thu May 24 17:30:29 2018: Debug: [preprocess] = ok
- (1) Thu May 24 17:30:29 2018: Debug: suffix: Checking for suffix after "@"
- (1) Thu May 24 17:30:29 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (1) Thu May 24 17:30:29 2018: Debug: [suffix] = noop
- (1) Thu May 24 17:30:29 2018: Debug: ntdomain: Checking for prefix before "\"
- (1) Thu May 24 17:30:29 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (1) Thu May 24 17:30:29 2018: Debug: ntdomain: Found realm "null"
- (1) Thu May 24 17:30:29 2018: Debug: ntdomain: Adding Realm = "null"
- (1) Thu May 24 17:30:29 2018: Debug: ntdomain: Authentication realm is LOCAL
- (1) Thu May 24 17:30:29 2018: Debug: [ntdomain] = ok
- (1) Thu May 24 17:30:29 2018: Debug: eap: Peer sent EAP Response (code 2) ID 2 length 166
- (1) Thu May 24 17:30:29 2018: Debug: eap: Continuing tunnel setup
- (1) Thu May 24 17:30:29 2018: Debug: [eap] = ok
- (1) Thu May 24 17:30:29 2018: Debug: } # authorize = ok
- (1) Thu May 24 17:30:29 2018: Debug: Found Auth-Type = eap
- (1) Thu May 24 17:30:29 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (1) Thu May 24 17:30:29 2018: Debug: authenticate {
- (1) Thu May 24 17:30:29 2018: Debug: eap: Expiring EAP session with state 0x49c411c249c6082f
- (1) Thu May 24 17:30:29 2018: Debug: eap: Finished EAP session with state 0x49c411c249c6082f
- (1) Thu May 24 17:30:29 2018: Debug: eap: Previous EAP request found for state 0x49c411c249c6082f, released from the list
- (1) Thu May 24 17:30:29 2018: Debug: eap: Peer sent packet with method EAP PEAP (25)
- (1) Thu May 24 17:30:29 2018: Debug: eap: Calling submodule eap_peap to process data
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: Continuing EAP-TLS
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: Peer indicated complete TLS record size will be 156 bytes
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: Got complete TLS record (156 bytes)
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: [eaptls verify] = length included
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: (other): before/accept initialization
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: TLS_accept: before/accept initialization
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: TLS_accept: SSLv3 read client hello A
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: TLS_accept: SSLv3 write server hello A
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: TLS_accept: SSLv3 write certificate A
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: TLS_accept: SSLv3 write key exchange A
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: TLS_accept: SSLv3 write server done A
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: TLS_accept: SSLv3 flush data
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: TLS_accept: SSLv3 read client certificate A
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: TLS_accept: Need to read more data: SSLv3 read client key exchange A
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: TLS_accept: Need to read more data: SSLv3 read client key exchange A
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: In SSL Handshake Phase
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: In SSL Accept mode
- (1) Thu May 24 17:30:29 2018: Debug: eap_peap: [eaptls process] = handled
- (1) Thu May 24 17:30:29 2018: Debug: eap: Sending EAP Request (code 1) ID 3 length 1004
- (1) Thu May 24 17:30:29 2018: Debug: eap: EAP session adding &reply:State = 0x49c411c248c7082f
- (1) Thu May 24 17:30:29 2018: Debug: [eap] = handled
- (1) Thu May 24 17:30:29 2018: Debug: } # authenticate = handled
- (1) Thu May 24 17:30:29 2018: Debug: Using Post-Auth-Type Challenge
- (1) Thu May 24 17:30:29 2018: Debug: Post-Auth-Type sub-section not found. Ignoring.
- (1) Thu May 24 17:30:29 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (1) Thu May 24 17:30:29 2018: Debug: Sent Access-Challenge Id 8 from 172.20.5.3:1812 to 172.20.5.79:52628 length 0
- (1) Thu May 24 17:30:29 2018: Debug: EAP-Message = 0x010303ec19c000000ef11603030039020000350303b92d82b691d11d3e346c50cb14b78f557a46944605b693a7f89d9c0f431797ea00c03000000dff01000100000b0004030001021603030d530b000d4f000d4c0006723082066e30820456a00302010202131c00000069cf888ce5f58d0c7b00040000
- (1) Thu May 24 17:30:29 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (1) Thu May 24 17:30:29 2018: Debug: State = 0x49c411c248c7082fb3b3797cce5894f4
- (1) Thu May 24 17:30:29 2018: Debug: Proxy-State = 0x3135
- (1) Thu May 24 17:30:29 2018: Debug: Finished request
- (2) Thu May 24 17:30:29 2018: Debug: Received Access-Request Id 98 from 172.20.5.79:52628 to 172.20.5.3:1812 length 360
- (2) Thu May 24 17:30:29 2018: Debug: Framed-MTU = 1480
- (2) Thu May 24 17:30:29 2018: Debug: NAS-IP-Address = 172.20.9.150
- (2) Thu May 24 17:30:29 2018: Debug: NAS-Identifier = "Test"
- (2) Thu May 24 17:30:29 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (2) Thu May 24 17:30:29 2018: Debug: Service-Type = Framed-User
- (2) Thu May 24 17:30:29 2018: Debug: Framed-Protocol = PPP
- (2) Thu May 24 17:30:29 2018: Debug: NAS-Port = 1
- (2) Thu May 24 17:30:29 2018: Debug: NAS-Port-Type = Ethernet
- (2) Thu May 24 17:30:29 2018: Debug: NAS-Port-Id = "1"
- (2) Thu May 24 17:30:29 2018: Debug: Called-Station-Id = "94-18-82-b9-32-80"
- (2) Thu May 24 17:30:29 2018: Debug: Calling-Station-Id = "00-e0-4c-60-43-20"
- (2) Thu May 24 17:30:29 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (2) Thu May 24 17:30:29 2018: Debug: Tunnel-Type:0 = VLAN
- (2) Thu May 24 17:30:29 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (2) Thu May 24 17:30:29 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (2) Thu May 24 17:30:29 2018: Debug: State = 0x49c411c248c7082fb3b3797cce5894f4
- (2) Thu May 24 17:30:29 2018: Debug: EAP-Message = 0x020300061900
- (2) Thu May 24 17:30:29 2018: Debug: Message-Authenticator = 0xdfa0273502264dfec8a6595aeaf12f71
- (2) Thu May 24 17:30:29 2018: Debug: MS-RAS-Vendor = 11
- (2) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (2) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (2) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (2) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (2) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0138
- (2) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x013a
- (2) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0140
- (2) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0141
- (2) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0151
- (2) Thu May 24 17:30:29 2018: Debug: Proxy-State = 0x3136
- (2) Thu May 24 17:30:29 2018: Debug: session-state: No cached attributes
- (2) Thu May 24 17:30:29 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence
- (2) Thu May 24 17:30:29 2018: Debug: authorize {
- (2) Thu May 24 17:30:29 2018: Debug: update {
- (2) Thu May 24 17:30:29 2018: Debug: EXPAND %{Packet-Src-IP-Address}
- (2) Thu May 24 17:30:29 2018: Debug: --> 172.20.5.79
- (2) Thu May 24 17:30:29 2018: Debug: EXPAND %l
- (2) Thu May 24 17:30:29 2018: Debug: --> 1527175829
- (2) Thu May 24 17:30:29 2018: Debug: } # update = noop
- (2) Thu May 24 17:30:29 2018: Debug: policy packetfence-set-tenant-id {
- (2) Thu May 24 17:30:29 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (2) Thu May 24 17:30:29 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0}
- (2) Thu May 24 17:30:29 2018: Debug: --> 0
- (2) Thu May 24 17:30:29 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
- (2) Thu May 24 17:30:29 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (2) Thu May 24 17:30:29 2018: Debug: update control {
- (2) Thu May 24 17:30:29 2018: Debug: EXPAND %{User-Name}
- (2) Thu May 24 17:30:29 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (2) Thu May 24 17:30:29 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (2) Thu May 24 17:30:29 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '172.20.5.79'), 0)
- (2) Thu May 24 17:30:29 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)}
- (2) Thu May 24 17:30:29 2018: Debug: --> 0
- (2) Thu May 24 17:30:29 2018: Debug: } # update control = noop
- (2) Thu May 24 17:30:29 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
- (2) Thu May 24 17:30:29 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (2) Thu May 24 17:30:29 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> TRUE
- (2) Thu May 24 17:30:29 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (2) Thu May 24 17:30:29 2018: Debug: update control {
- (2) Thu May 24 17:30:29 2018: Debug: EXPAND %{User-Name}
- (2) Thu May 24 17:30:29 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (2) Thu May 24 17:30:29 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (2) Thu May 24 17:30:29 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('172.20.5.79') and INET_ATON('172.20.5.79') <= end_ip order by range_length limit 1), 1)
- (2) Thu May 24 17:30:29 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('%{Packet-Src-IP-Address}') and INET_ATON('%{Packet-Src-IP-Address}') <= end_ip order by range_length limit 1), 1)}
- (2) Thu May 24 17:30:29 2018: Debug: --> 1
- (2) Thu May 24 17:30:29 2018: Debug: } # update control = noop
- (2) Thu May 24 17:30:29 2018: Debug: } # if ( &control:PacketFence-Tenant-Id == 0 ) = noop
- (2) Thu May 24 17:30:29 2018: Debug: } # policy packetfence-set-tenant-id = noop
- (2) Thu May 24 17:30:29 2018: Debug: policy rewrite_calling_station_id {
- (2) Thu May 24 17:30:29 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (2) Thu May 24 17:30:29 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
- (2) Thu May 24 17:30:29 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (2) Thu May 24 17:30:29 2018: Debug: update request {
- (2) Thu May 24 17:30:29 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (2) Thu May 24 17:30:29 2018: Debug: --> 00:e0:4c:60:43:20
- (2) Thu May 24 17:30:29 2018: Debug: } # update request = noop
- (2) Thu May 24 17:30:29 2018: Debug: [updated] = updated
- (2) Thu May 24 17:30:29 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
- (2) Thu May 24 17:30:29 2018: Debug: ... skipping else: Preceding "if" was taken
- (2) Thu May 24 17:30:29 2018: Debug: } # policy rewrite_calling_station_id = updated
- (2) Thu May 24 17:30:29 2018: Debug: policy rewrite_called_station_id {
- (2) Thu May 24 17:30:29 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (2) Thu May 24 17:30:29 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE
- (2) Thu May 24 17:30:29 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (2) Thu May 24 17:30:29 2018: Debug: update request {
- (2) Thu May 24 17:30:29 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (2) Thu May 24 17:30:29 2018: Debug: --> 94:18:82:b9:32:80
- (2) Thu May 24 17:30:29 2018: Debug: } # update request = noop
- (2) Thu May 24 17:30:29 2018: Debug: if ("%{8}") {
- (2) Thu May 24 17:30:29 2018: Debug: EXPAND %{8}
- (2) Thu May 24 17:30:29 2018: Debug: -->
- (2) Thu May 24 17:30:29 2018: Debug: if ("%{8}") -> FALSE
- (2) Thu May 24 17:30:29 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
- (2) Thu May 24 17:30:29 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (2) Thu May 24 17:30:29 2018: Debug: elsif (Aruba-Essid-Name) {
- (2) Thu May 24 17:30:29 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE
- (2) Thu May 24 17:30:29 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
- (2) Thu May 24 17:30:29 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (2) Thu May 24 17:30:29 2018: Debug: [updated] = updated
- (2) Thu May 24 17:30:29 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated
- (2) Thu May 24 17:30:29 2018: Debug: ... skipping else: Preceding "if" was taken
- (2) Thu May 24 17:30:29 2018: Debug: } # policy rewrite_called_station_id = updated
- (2) Thu May 24 17:30:29 2018: Debug: policy filter_username {
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Name) {
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Name) -> TRUE
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Name) {
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ / /) {
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (2) Thu May 24 17:30:29 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (2) Thu May 24 17:30:29 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.$/) {
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@\./) {
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (2) Thu May 24 17:30:29 2018: Debug: } # if (&User-Name) = updated
- (2) Thu May 24 17:30:29 2018: Debug: } # policy filter_username = updated
- (2) Thu May 24 17:30:29 2018: Debug: policy filter_password {
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) {
- (2) Thu May 24 17:30:29 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE
- (2) Thu May 24 17:30:29 2018: Debug: } # policy filter_password = updated
- (2) Thu May 24 17:30:29 2018: Debug: [preprocess] = ok
- (2) Thu May 24 17:30:29 2018: Debug: suffix: Checking for suffix after "@"
- (2) Thu May 24 17:30:29 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (2) Thu May 24 17:30:29 2018: Debug: [suffix] = noop
- (2) Thu May 24 17:30:29 2018: Debug: ntdomain: Checking for prefix before "\"
- (2) Thu May 24 17:30:29 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (2) Thu May 24 17:30:29 2018: Debug: ntdomain: Found realm "null"
- (2) Thu May 24 17:30:29 2018: Debug: ntdomain: Adding Realm = "null"
- (2) Thu May 24 17:30:29 2018: Debug: ntdomain: Authentication realm is LOCAL
- (2) Thu May 24 17:30:29 2018: Debug: [ntdomain] = ok
- (2) Thu May 24 17:30:29 2018: Debug: eap: Peer sent EAP Response (code 2) ID 3 length 6
- (2) Thu May 24 17:30:29 2018: Debug: eap: Continuing tunnel setup
- (2) Thu May 24 17:30:29 2018: Debug: [eap] = ok
- (2) Thu May 24 17:30:29 2018: Debug: } # authorize = ok
- (2) Thu May 24 17:30:29 2018: Debug: Found Auth-Type = eap
- (2) Thu May 24 17:30:29 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (2) Thu May 24 17:30:29 2018: Debug: authenticate {
- (2) Thu May 24 17:30:29 2018: Debug: eap: Expiring EAP session with state 0x49c411c248c7082f
- (2) Thu May 24 17:30:29 2018: Debug: eap: Finished EAP session with state 0x49c411c248c7082f
- (2) Thu May 24 17:30:29 2018: Debug: eap: Previous EAP request found for state 0x49c411c248c7082f, released from the list
- (2) Thu May 24 17:30:29 2018: Debug: eap: Peer sent packet with method EAP PEAP (25)
- (2) Thu May 24 17:30:29 2018: Debug: eap: Calling submodule eap_peap to process data
- (2) Thu May 24 17:30:29 2018: Debug: eap_peap: Continuing EAP-TLS
- (2) Thu May 24 17:30:29 2018: Debug: eap_peap: Peer ACKed our handshake fragment
- (2) Thu May 24 17:30:29 2018: Debug: eap_peap: [eaptls verify] = request
- (2) Thu May 24 17:30:29 2018: Debug: eap_peap: [eaptls process] = handled
- (2) Thu May 24 17:30:29 2018: Debug: eap: Sending EAP Request (code 1) ID 4 length 1000
- (2) Thu May 24 17:30:29 2018: Debug: eap: EAP session adding &reply:State = 0x49c411c24bc0082f
- (2) Thu May 24 17:30:29 2018: Debug: [eap] = handled
- (2) Thu May 24 17:30:29 2018: Debug: } # authenticate = handled
- (2) Thu May 24 17:30:29 2018: Debug: Using Post-Auth-Type Challenge
- (2) Thu May 24 17:30:29 2018: Debug: Post-Auth-Type sub-section not found. Ignoring.
- (2) Thu May 24 17:30:29 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (2) Thu May 24 17:30:29 2018: Debug: Sent Access-Challenge Id 98 from 172.20.5.3:1812 to 172.20.5.79:52628 length 0
- (2) Thu May 24 17:30:29 2018: Debug: EAP-Message = 0x010403e81940412c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d504552534f4e414c414d542c44433d44453f634143657274696669636174653f626173653f6f626a656374436c6173733d636572
- (2) Thu May 24 17:30:29 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (2) Thu May 24 17:30:29 2018: Debug: State = 0x49c411c24bc0082fb3b3797cce5894f4
- (2) Thu May 24 17:30:29 2018: Debug: Proxy-State = 0x3136
- (2) Thu May 24 17:30:29 2018: Debug: Finished request
- (3) Thu May 24 17:30:29 2018: Debug: Received Access-Request Id 46 from 172.20.5.79:52628 to 172.20.5.3:1812 length 360
- (3) Thu May 24 17:30:29 2018: Debug: Framed-MTU = 1480
- (3) Thu May 24 17:30:29 2018: Debug: NAS-IP-Address = 172.20.9.150
- (3) Thu May 24 17:30:29 2018: Debug: NAS-Identifier = "Test"
- (3) Thu May 24 17:30:29 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (3) Thu May 24 17:30:29 2018: Debug: Service-Type = Framed-User
- (3) Thu May 24 17:30:29 2018: Debug: Framed-Protocol = PPP
- (3) Thu May 24 17:30:29 2018: Debug: NAS-Port = 1
- (3) Thu May 24 17:30:29 2018: Debug: NAS-Port-Type = Ethernet
- (3) Thu May 24 17:30:29 2018: Debug: NAS-Port-Id = "1"
- (3) Thu May 24 17:30:29 2018: Debug: Called-Station-Id = "94-18-82-b9-32-80"
- (3) Thu May 24 17:30:29 2018: Debug: Calling-Station-Id = "00-e0-4c-60-43-20"
- (3) Thu May 24 17:30:29 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (3) Thu May 24 17:30:29 2018: Debug: Tunnel-Type:0 = VLAN
- (3) Thu May 24 17:30:29 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (3) Thu May 24 17:30:29 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (3) Thu May 24 17:30:29 2018: Debug: State = 0x49c411c24bc0082fb3b3797cce5894f4
- (3) Thu May 24 17:30:29 2018: Debug: EAP-Message = 0x020400061900
- (3) Thu May 24 17:30:29 2018: Debug: Message-Authenticator = 0x5b12c3df57f3f0f4904afac48a2d58c9
- (3) Thu May 24 17:30:29 2018: Debug: MS-RAS-Vendor = 11
- (3) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (3) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (3) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (3) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (3) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0138
- (3) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x013a
- (3) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0140
- (3) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0141
- (3) Thu May 24 17:30:29 2018: Debug: HP-Capability-Advert = 0x0151
- (3) Thu May 24 17:30:29 2018: Debug: Proxy-State = 0x3137
- (3) Thu May 24 17:30:29 2018: Debug: session-state: No cached attributes
- (3) Thu May 24 17:30:29 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence
- (3) Thu May 24 17:30:29 2018: Debug: authorize {
- (3) Thu May 24 17:30:29 2018: Debug: update {
- (3) Thu May 24 17:30:29 2018: Debug: EXPAND %{Packet-Src-IP-Address}
- (3) Thu May 24 17:30:29 2018: Debug: --> 172.20.5.79
- (3) Thu May 24 17:30:29 2018: Debug: EXPAND %l
- (3) Thu May 24 17:30:29 2018: Debug: --> 1527175829
- (3) Thu May 24 17:30:29 2018: Debug: } # update = noop
- (3) Thu May 24 17:30:29 2018: Debug: policy packetfence-set-tenant-id {
- (3) Thu May 24 17:30:29 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (3) Thu May 24 17:30:29 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0}
- (3) Thu May 24 17:30:29 2018: Debug: --> 0
- (3) Thu May 24 17:30:29 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
- (3) Thu May 24 17:30:29 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (3) Thu May 24 17:30:29 2018: Debug: update control {
- (3) Thu May 24 17:30:29 2018: Debug: EXPAND %{User-Name}
- (3) Thu May 24 17:30:29 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (3) Thu May 24 17:30:29 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (3) Thu May 24 17:30:29 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '172.20.5.79'), 0)
- (3) Thu May 24 17:30:29 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)}
- (3) Thu May 24 17:30:29 2018: Debug: --> 0
- (3) Thu May 24 17:30:29 2018: Debug: } # update control = noop
- (3) Thu May 24 17:30:29 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
- (3) Thu May 24 17:30:29 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (3) Thu May 24 17:30:29 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> TRUE
- (3) Thu May 24 17:30:29 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (3) Thu May 24 17:30:29 2018: Debug: update control {
- (3) Thu May 24 17:30:29 2018: Debug: EXPAND %{User-Name}
- (3) Thu May 24 17:30:29 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (3) Thu May 24 17:30:29 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (3) Thu May 24 17:30:29 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('172.20.5.79') and INET_ATON('172.20.5.79') <= end_ip order by range_length limit 1), 1)
- (3) Thu May 24 17:30:29 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('%{Packet-Src-IP-Address}') and INET_ATON('%{Packet-Src-IP-Address}') <= end_ip order by range_length limit 1), 1)}
- (3) Thu May 24 17:30:29 2018: Debug: --> 1
- (3) Thu May 24 17:30:29 2018: Debug: } # update control = noop
- (3) Thu May 24 17:30:29 2018: Debug: } # if ( &control:PacketFence-Tenant-Id == 0 ) = noop
- (3) Thu May 24 17:30:29 2018: Debug: } # policy packetfence-set-tenant-id = noop
- (3) Thu May 24 17:30:29 2018: Debug: policy rewrite_calling_station_id {
- (3) Thu May 24 17:30:29 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (3) Thu May 24 17:30:29 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
- (3) Thu May 24 17:30:29 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (3) Thu May 24 17:30:29 2018: Debug: update request {
- (3) Thu May 24 17:30:29 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (3) Thu May 24 17:30:29 2018: Debug: --> 00:e0:4c:60:43:20
- (3) Thu May 24 17:30:29 2018: Debug: } # update request = noop
- (3) Thu May 24 17:30:29 2018: Debug: [updated] = updated
- (3) Thu May 24 17:30:29 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
- (3) Thu May 24 17:30:29 2018: Debug: ... skipping else: Preceding "if" was taken
- (3) Thu May 24 17:30:29 2018: Debug: } # policy rewrite_calling_station_id = updated
- (3) Thu May 24 17:30:29 2018: Debug: policy rewrite_called_station_id {
- (3) Thu May 24 17:30:29 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (3) Thu May 24 17:30:29 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE
- (3) Thu May 24 17:30:29 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (3) Thu May 24 17:30:29 2018: Debug: update request {
- (3) Thu May 24 17:30:29 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (3) Thu May 24 17:30:29 2018: Debug: --> 94:18:82:b9:32:80
- (3) Thu May 24 17:30:29 2018: Debug: } # update request = noop
- (3) Thu May 24 17:30:29 2018: Debug: if ("%{8}") {
- (3) Thu May 24 17:30:29 2018: Debug: EXPAND %{8}
- (3) Thu May 24 17:30:29 2018: Debug: -->
- (3) Thu May 24 17:30:29 2018: Debug: if ("%{8}") -> FALSE
- (3) Thu May 24 17:30:29 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
- (3) Thu May 24 17:30:29 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (3) Thu May 24 17:30:29 2018: Debug: elsif (Aruba-Essid-Name) {
- (3) Thu May 24 17:30:29 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE
- (3) Thu May 24 17:30:29 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
- (3) Thu May 24 17:30:29 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (3) Thu May 24 17:30:29 2018: Debug: [updated] = updated
- (3) Thu May 24 17:30:29 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated
- (3) Thu May 24 17:30:29 2018: Debug: ... skipping else: Preceding "if" was taken
- (3) Thu May 24 17:30:29 2018: Debug: } # policy rewrite_called_station_id = updated
- (3) Thu May 24 17:30:29 2018: Debug: policy filter_username {
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Name) {
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Name) -> TRUE
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Name) {
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ / /) {
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (3) Thu May 24 17:30:29 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (3) Thu May 24 17:30:29 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.$/) {
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@\./) {
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (3) Thu May 24 17:30:29 2018: Debug: } # if (&User-Name) = updated
- (3) Thu May 24 17:30:29 2018: Debug: } # policy filter_username = updated
- (3) Thu May 24 17:30:29 2018: Debug: policy filter_password {
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) {
- (3) Thu May 24 17:30:29 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE
- (3) Thu May 24 17:30:29 2018: Debug: } # policy filter_password = updated
- (3) Thu May 24 17:30:29 2018: Debug: [preprocess] = ok
- (3) Thu May 24 17:30:29 2018: Debug: suffix: Checking for suffix after "@"
- (3) Thu May 24 17:30:29 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (3) Thu May 24 17:30:29 2018: Debug: [suffix] = noop
- (3) Thu May 24 17:30:29 2018: Debug: ntdomain: Checking for prefix before "\"
- (3) Thu May 24 17:30:29 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (3) Thu May 24 17:30:29 2018: Debug: ntdomain: Found realm "null"
- (3) Thu May 24 17:30:29 2018: Debug: ntdomain: Adding Realm = "null"
- (3) Thu May 24 17:30:29 2018: Debug: ntdomain: Authentication realm is LOCAL
- (3) Thu May 24 17:30:29 2018: Debug: [ntdomain] = ok
- (3) Thu May 24 17:30:29 2018: Debug: eap: Peer sent EAP Response (code 2) ID 4 length 6
- (3) Thu May 24 17:30:29 2018: Debug: eap: Continuing tunnel setup
- (3) Thu May 24 17:30:29 2018: Debug: [eap] = ok
- (3) Thu May 24 17:30:29 2018: Debug: } # authorize = ok
- (3) Thu May 24 17:30:29 2018: Debug: Found Auth-Type = eap
- (3) Thu May 24 17:30:29 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (3) Thu May 24 17:30:29 2018: Debug: authenticate {
- (3) Thu May 24 17:30:29 2018: Debug: eap: Expiring EAP session with state 0x49c411c24bc0082f
- (3) Thu May 24 17:30:29 2018: Debug: eap: Finished EAP session with state 0x49c411c24bc0082f
- (3) Thu May 24 17:30:29 2018: Debug: eap: Previous EAP request found for state 0x49c411c24bc0082f, released from the list
- (3) Thu May 24 17:30:29 2018: Debug: eap: Peer sent packet with method EAP PEAP (25)
- (3) Thu May 24 17:30:29 2018: Debug: eap: Calling submodule eap_peap to process data
- (3) Thu May 24 17:30:29 2018: Debug: eap_peap: Continuing EAP-TLS
- (3) Thu May 24 17:30:29 2018: Debug: eap_peap: Peer ACKed our handshake fragment
- (3) Thu May 24 17:30:29 2018: Debug: eap_peap: [eaptls verify] = request
- (3) Thu May 24 17:30:29 2018: Debug: eap_peap: [eaptls process] = handled
- (3) Thu May 24 17:30:29 2018: Debug: eap: Sending EAP Request (code 1) ID 5 length 1000
- (3) Thu May 24 17:30:29 2018: Debug: eap: EAP session adding &reply:State = 0x49c411c24ac1082f
- (3) Thu May 24 17:30:29 2018: Debug: [eap] = handled
- (3) Thu May 24 17:30:29 2018: Debug: } # authenticate = handled
- (3) Thu May 24 17:30:29 2018: Debug: Using Post-Auth-Type Challenge
- (3) Thu May 24 17:30:29 2018: Debug: Post-Auth-Type sub-section not found. Ignoring.
- (3) Thu May 24 17:30:29 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (3) Thu May 24 17:30:29 2018: Debug: Sent Access-Challenge Id 46 from 172.20.5.3:1812 to 172.20.5.79:52628 length 0
- (3) Thu May 24 17:30:29 2018: Debug: EAP-Message = 0x010503e81940857fb02e359be06bba356a6ddeee561f174e4574ba18734e04703fe2439d7059336b92dfc9c6e4a42fd6832f045572ea2bd3424158f0059d1d69794f39d849cb93d4e849a9f645afc696f5c4bba51abd52c560313d10c35497a721d195168c4b97c7b87a40e8ebcf2d761663cdaccc0cb8
- (3) Thu May 24 17:30:29 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (3) Thu May 24 17:30:29 2018: Debug: State = 0x49c411c24ac1082fb3b3797cce5894f4
- (3) Thu May 24 17:30:29 2018: Debug: Proxy-State = 0x3137
- (3) Thu May 24 17:30:29 2018: Debug: Finished request
- (4) Thu May 24 17:30:30 2018: Debug: Received Access-Request Id 200 from 172.20.5.79:52628 to 172.20.5.3:1812 length 360
- (4) Thu May 24 17:30:30 2018: Debug: Framed-MTU = 1480
- (4) Thu May 24 17:30:30 2018: Debug: NAS-IP-Address = 172.20.9.150
- (4) Thu May 24 17:30:30 2018: Debug: NAS-Identifier = "Test"
- (4) Thu May 24 17:30:30 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (4) Thu May 24 17:30:30 2018: Debug: Service-Type = Framed-User
- (4) Thu May 24 17:30:30 2018: Debug: Framed-Protocol = PPP
- (4) Thu May 24 17:30:30 2018: Debug: NAS-Port = 1
- (4) Thu May 24 17:30:30 2018: Debug: NAS-Port-Type = Ethernet
- (4) Thu May 24 17:30:30 2018: Debug: NAS-Port-Id = "1"
- (4) Thu May 24 17:30:30 2018: Debug: Called-Station-Id = "94-18-82-b9-32-80"
- (4) Thu May 24 17:30:30 2018: Debug: Calling-Station-Id = "00-e0-4c-60-43-20"
- (4) Thu May 24 17:30:30 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (4) Thu May 24 17:30:30 2018: Debug: Tunnel-Type:0 = VLAN
- (4) Thu May 24 17:30:30 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (4) Thu May 24 17:30:30 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (4) Thu May 24 17:30:30 2018: Debug: State = 0x49c411c24ac1082fb3b3797cce5894f4
- (4) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x020500061900
- (4) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0xe4777662f43f9f986461b2fe572c90c2
- (4) Thu May 24 17:30:30 2018: Debug: MS-RAS-Vendor = 11
- (4) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (4) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (4) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (4) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (4) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0138
- (4) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x013a
- (4) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0140
- (4) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0141
- (4) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0151
- (4) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3138
- (4) Thu May 24 17:30:30 2018: Debug: session-state: No cached attributes
- (4) Thu May 24 17:30:30 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence
- (4) Thu May 24 17:30:30 2018: Debug: authorize {
- (4) Thu May 24 17:30:30 2018: Debug: update {
- (4) Thu May 24 17:30:30 2018: Debug: EXPAND %{Packet-Src-IP-Address}
- (4) Thu May 24 17:30:30 2018: Debug: --> 172.20.5.79
- (4) Thu May 24 17:30:30 2018: Debug: EXPAND %l
- (4) Thu May 24 17:30:30 2018: Debug: --> 1527175830
- (4) Thu May 24 17:30:30 2018: Debug: } # update = noop
- (4) Thu May 24 17:30:30 2018: Debug: policy packetfence-set-tenant-id {
- (4) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (4) Thu May 24 17:30:30 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0}
- (4) Thu May 24 17:30:30 2018: Debug: --> 0
- (4) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
- (4) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (4) Thu May 24 17:30:30 2018: Debug: update control {
- (4) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (4) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (4) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (4) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '172.20.5.79'), 0)
- (4) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)}
- (4) Thu May 24 17:30:30 2018: Debug: --> 0
- (4) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (4) Thu May 24 17:30:30 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
- (4) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (4) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> TRUE
- (4) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (4) Thu May 24 17:30:30 2018: Debug: update control {
- (4) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (4) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (4) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (4) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('172.20.5.79') and INET_ATON('172.20.5.79') <= end_ip order by range_length limit 1), 1)
- (4) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('%{Packet-Src-IP-Address}') and INET_ATON('%{Packet-Src-IP-Address}') <= end_ip order by range_length limit 1), 1)}
- (4) Thu May 24 17:30:30 2018: Debug: --> 1
- (4) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (4) Thu May 24 17:30:30 2018: Debug: } # if ( &control:PacketFence-Tenant-Id == 0 ) = noop
- (4) Thu May 24 17:30:30 2018: Debug: } # policy packetfence-set-tenant-id = noop
- (4) Thu May 24 17:30:30 2018: Debug: policy rewrite_calling_station_id {
- (4) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (4) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
- (4) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (4) Thu May 24 17:30:30 2018: Debug: update request {
- (4) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (4) Thu May 24 17:30:30 2018: Debug: --> 00:e0:4c:60:43:20
- (4) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (4) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (4) Thu May 24 17:30:30 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
- (4) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (4) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_calling_station_id = updated
- (4) Thu May 24 17:30:30 2018: Debug: policy rewrite_called_station_id {
- (4) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (4) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE
- (4) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (4) Thu May 24 17:30:30 2018: Debug: update request {
- (4) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (4) Thu May 24 17:30:30 2018: Debug: --> 94:18:82:b9:32:80
- (4) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (4) Thu May 24 17:30:30 2018: Debug: if ("%{8}") {
- (4) Thu May 24 17:30:30 2018: Debug: EXPAND %{8}
- (4) Thu May 24 17:30:30 2018: Debug: -->
- (4) Thu May 24 17:30:30 2018: Debug: if ("%{8}") -> FALSE
- (4) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
- (4) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (4) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) {
- (4) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE
- (4) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
- (4) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (4) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (4) Thu May 24 17:30:30 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated
- (4) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (4) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_called_station_id = updated
- (4) Thu May 24 17:30:30 2018: Debug: policy filter_username {
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Name) -> TRUE
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) {
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (4) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (4) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) {
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) {
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (4) Thu May 24 17:30:30 2018: Debug: } # if (&User-Name) = updated
- (4) Thu May 24 17:30:30 2018: Debug: } # policy filter_username = updated
- (4) Thu May 24 17:30:30 2018: Debug: policy filter_password {
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) {
- (4) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE
- (4) Thu May 24 17:30:30 2018: Debug: } # policy filter_password = updated
- (4) Thu May 24 17:30:30 2018: Debug: [preprocess] = ok
- (4) Thu May 24 17:30:30 2018: Debug: suffix: Checking for suffix after "@"
- (4) Thu May 24 17:30:30 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (4) Thu May 24 17:30:30 2018: Debug: [suffix] = noop
- (4) Thu May 24 17:30:30 2018: Debug: ntdomain: Checking for prefix before "\"
- (4) Thu May 24 17:30:30 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (4) Thu May 24 17:30:30 2018: Debug: ntdomain: Found realm "null"
- (4) Thu May 24 17:30:30 2018: Debug: ntdomain: Adding Realm = "null"
- (4) Thu May 24 17:30:30 2018: Debug: ntdomain: Authentication realm is LOCAL
- (4) Thu May 24 17:30:30 2018: Debug: [ntdomain] = ok
- (4) Thu May 24 17:30:30 2018: Debug: eap: Peer sent EAP Response (code 2) ID 5 length 6
- (4) Thu May 24 17:30:30 2018: Debug: eap: Continuing tunnel setup
- (4) Thu May 24 17:30:30 2018: Debug: [eap] = ok
- (4) Thu May 24 17:30:30 2018: Debug: } # authorize = ok
- (4) Thu May 24 17:30:30 2018: Debug: Found Auth-Type = eap
- (4) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (4) Thu May 24 17:30:30 2018: Debug: authenticate {
- (4) Thu May 24 17:30:30 2018: Debug: eap: Expiring EAP session with state 0x49c411c24ac1082f
- (4) Thu May 24 17:30:30 2018: Debug: eap: Finished EAP session with state 0x49c411c24ac1082f
- (4) Thu May 24 17:30:30 2018: Debug: eap: Previous EAP request found for state 0x49c411c24ac1082f, released from the list
- (4) Thu May 24 17:30:30 2018: Debug: eap: Peer sent packet with method EAP PEAP (25)
- (4) Thu May 24 17:30:30 2018: Debug: eap: Calling submodule eap_peap to process data
- (4) Thu May 24 17:30:30 2018: Debug: eap_peap: Continuing EAP-TLS
- (4) Thu May 24 17:30:30 2018: Debug: eap_peap: Peer ACKed our handshake fragment
- (4) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls verify] = request
- (4) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls process] = handled
- (4) Thu May 24 17:30:30 2018: Debug: eap: Sending EAP Request (code 1) ID 6 length 849
- (4) Thu May 24 17:30:30 2018: Debug: eap: EAP session adding &reply:State = 0x49c411c24dc2082f
- (4) Thu May 24 17:30:30 2018: Debug: [eap] = handled
- (4) Thu May 24 17:30:30 2018: Debug: } # authenticate = handled
- (4) Thu May 24 17:30:30 2018: Debug: Using Post-Auth-Type Challenge
- (4) Thu May 24 17:30:30 2018: Debug: Post-Auth-Type sub-section not found. Ignoring.
- (4) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (4) Thu May 24 17:30:30 2018: Debug: Sent Access-Challenge Id 200 from 172.20.5.3:1812 to 172.20.5.79:52628 length 0
- (4) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x010603511900a5c818e32bb9ae33a322fd61cd5755b68853dd9ccbb6d3a16fb3a4128bea0fbf2c9703ed5d8543d0274ae47cbfb3a9350eca86224e212354d0f5757d95c75c3604b636f7def58ee79640d07a8e92d6d283cfe481f5ab13dd5e2b69a7d3fef209d339cab685bdb44726bfafa18faa078d07
- (4) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (4) Thu May 24 17:30:30 2018: Debug: State = 0x49c411c24dc2082fb3b3797cce5894f4
- (4) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3138
- (4) Thu May 24 17:30:30 2018: Debug: Finished request
- (5) Thu May 24 17:30:30 2018: Debug: Received Access-Request Id 58 from 172.20.5.79:52628 to 172.20.5.3:1812 length 490
- (5) Thu May 24 17:30:30 2018: Debug: Framed-MTU = 1480
- (5) Thu May 24 17:30:30 2018: Debug: NAS-IP-Address = 172.20.9.150
- (5) Thu May 24 17:30:30 2018: Debug: NAS-Identifier = "Test"
- (5) Thu May 24 17:30:30 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (5) Thu May 24 17:30:30 2018: Debug: Service-Type = Framed-User
- (5) Thu May 24 17:30:30 2018: Debug: Framed-Protocol = PPP
- (5) Thu May 24 17:30:30 2018: Debug: NAS-Port = 1
- (5) Thu May 24 17:30:30 2018: Debug: NAS-Port-Type = Ethernet
- (5) Thu May 24 17:30:30 2018: Debug: NAS-Port-Id = "1"
- (5) Thu May 24 17:30:30 2018: Debug: Called-Station-Id = "94-18-82-b9-32-80"
- (5) Thu May 24 17:30:30 2018: Debug: Calling-Station-Id = "00-e0-4c-60-43-20"
- (5) Thu May 24 17:30:30 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (5) Thu May 24 17:30:30 2018: Debug: Tunnel-Type:0 = VLAN
- (5) Thu May 24 17:30:30 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (5) Thu May 24 17:30:30 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (5) Thu May 24 17:30:30 2018: Debug: State = 0x49c411c24dc2082fb3b3797cce5894f4
- (5) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x0206008819800000007e1603030046100000424104ce352eced3447730353b40337d70531fcfbe117630605c68bb0487e0eb71ecd5596dd1ef415501a624645f16c29017567c0c86fc963eb5177fa9489f05bbe26414030300010116030300280000000000000000e4c6ec892ed54c3945a18cf995cee9
- (5) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x863c0f59d9f13c57e96a1cd8812c2d54
- (5) Thu May 24 17:30:30 2018: Debug: MS-RAS-Vendor = 11
- (5) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (5) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (5) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (5) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (5) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0138
- (5) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x013a
- (5) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0140
- (5) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0141
- (5) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0151
- (5) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3139
- (5) Thu May 24 17:30:30 2018: Debug: session-state: No cached attributes
- (5) Thu May 24 17:30:30 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence
- (5) Thu May 24 17:30:30 2018: Debug: authorize {
- (5) Thu May 24 17:30:30 2018: Debug: update {
- (5) Thu May 24 17:30:30 2018: Debug: EXPAND %{Packet-Src-IP-Address}
- (5) Thu May 24 17:30:30 2018: Debug: --> 172.20.5.79
- (5) Thu May 24 17:30:30 2018: Debug: EXPAND %l
- (5) Thu May 24 17:30:30 2018: Debug: --> 1527175830
- (5) Thu May 24 17:30:30 2018: Debug: } # update = noop
- (5) Thu May 24 17:30:30 2018: Debug: policy packetfence-set-tenant-id {
- (5) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (5) Thu May 24 17:30:30 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0}
- (5) Thu May 24 17:30:30 2018: Debug: --> 0
- (5) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
- (5) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (5) Thu May 24 17:30:30 2018: Debug: update control {
- (5) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (5) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (5) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (5) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '172.20.5.79'), 0)
- (5) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)}
- (5) Thu May 24 17:30:30 2018: Debug: --> 0
- (5) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (5) Thu May 24 17:30:30 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
- (5) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (5) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> TRUE
- (5) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (5) Thu May 24 17:30:30 2018: Debug: update control {
- (5) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (5) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (5) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (5) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('172.20.5.79') and INET_ATON('172.20.5.79') <= end_ip order by range_length limit 1), 1)
- (5) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('%{Packet-Src-IP-Address}') and INET_ATON('%{Packet-Src-IP-Address}') <= end_ip order by range_length limit 1), 1)}
- (5) Thu May 24 17:30:30 2018: Debug: --> 1
- (5) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (5) Thu May 24 17:30:30 2018: Debug: } # if ( &control:PacketFence-Tenant-Id == 0 ) = noop
- (5) Thu May 24 17:30:30 2018: Debug: } # policy packetfence-set-tenant-id = noop
- (5) Thu May 24 17:30:30 2018: Debug: policy rewrite_calling_station_id {
- (5) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (5) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
- (5) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (5) Thu May 24 17:30:30 2018: Debug: update request {
- (5) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (5) Thu May 24 17:30:30 2018: Debug: --> 00:e0:4c:60:43:20
- (5) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (5) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (5) Thu May 24 17:30:30 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
- (5) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (5) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_calling_station_id = updated
- (5) Thu May 24 17:30:30 2018: Debug: policy rewrite_called_station_id {
- (5) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (5) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE
- (5) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (5) Thu May 24 17:30:30 2018: Debug: update request {
- (5) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (5) Thu May 24 17:30:30 2018: Debug: --> 94:18:82:b9:32:80
- (5) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (5) Thu May 24 17:30:30 2018: Debug: if ("%{8}") {
- (5) Thu May 24 17:30:30 2018: Debug: EXPAND %{8}
- (5) Thu May 24 17:30:30 2018: Debug: -->
- (5) Thu May 24 17:30:30 2018: Debug: if ("%{8}") -> FALSE
- (5) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
- (5) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (5) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) {
- (5) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE
- (5) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
- (5) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (5) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (5) Thu May 24 17:30:30 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated
- (5) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (5) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_called_station_id = updated
- (5) Thu May 24 17:30:30 2018: Debug: policy filter_username {
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Name) -> TRUE
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) {
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (5) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (5) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) {
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) {
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (5) Thu May 24 17:30:30 2018: Debug: } # if (&User-Name) = updated
- (5) Thu May 24 17:30:30 2018: Debug: } # policy filter_username = updated
- (5) Thu May 24 17:30:30 2018: Debug: policy filter_password {
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) {
- (5) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE
- (5) Thu May 24 17:30:30 2018: Debug: } # policy filter_password = updated
- (5) Thu May 24 17:30:30 2018: Debug: [preprocess] = ok
- (5) Thu May 24 17:30:30 2018: Debug: suffix: Checking for suffix after "@"
- (5) Thu May 24 17:30:30 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (5) Thu May 24 17:30:30 2018: Debug: [suffix] = noop
- (5) Thu May 24 17:30:30 2018: Debug: ntdomain: Checking for prefix before "\"
- (5) Thu May 24 17:30:30 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (5) Thu May 24 17:30:30 2018: Debug: ntdomain: Found realm "null"
- (5) Thu May 24 17:30:30 2018: Debug: ntdomain: Adding Realm = "null"
- (5) Thu May 24 17:30:30 2018: Debug: ntdomain: Authentication realm is LOCAL
- (5) Thu May 24 17:30:30 2018: Debug: [ntdomain] = ok
- (5) Thu May 24 17:30:30 2018: Debug: eap: Peer sent EAP Response (code 2) ID 6 length 136
- (5) Thu May 24 17:30:30 2018: Debug: eap: Continuing tunnel setup
- (5) Thu May 24 17:30:30 2018: Debug: [eap] = ok
- (5) Thu May 24 17:30:30 2018: Debug: } # authorize = ok
- (5) Thu May 24 17:30:30 2018: Debug: Found Auth-Type = eap
- (5) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (5) Thu May 24 17:30:30 2018: Debug: authenticate {
- (5) Thu May 24 17:30:30 2018: Debug: eap: Expiring EAP session with state 0x49c411c24dc2082f
- (5) Thu May 24 17:30:30 2018: Debug: eap: Finished EAP session with state 0x49c411c24dc2082f
- (5) Thu May 24 17:30:30 2018: Debug: eap: Previous EAP request found for state 0x49c411c24dc2082f, released from the list
- (5) Thu May 24 17:30:30 2018: Debug: eap: Peer sent packet with method EAP PEAP (25)
- (5) Thu May 24 17:30:30 2018: Debug: eap: Calling submodule eap_peap to process data
- (5) Thu May 24 17:30:30 2018: Debug: eap_peap: Continuing EAP-TLS
- (5) Thu May 24 17:30:30 2018: Debug: eap_peap: Peer indicated complete TLS record size will be 126 bytes
- (5) Thu May 24 17:30:30 2018: Debug: eap_peap: Got complete TLS record (126 bytes)
- (5) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls verify] = length included
- (5) Thu May 24 17:30:30 2018: Debug: eap_peap: TLS_accept: SSLv3 read client key exchange A
- (5) Thu May 24 17:30:30 2018: Debug: eap_peap: TLS_accept: SSLv3 read certificate verify A
- (5) Thu May 24 17:30:30 2018: Debug: eap_peap: TLS_accept: SSLv3 read finished A
- (5) Thu May 24 17:30:30 2018: Debug: eap_peap: TLS_accept: SSLv3 write change cipher spec A
- (5) Thu May 24 17:30:30 2018: Debug: eap_peap: TLS_accept: SSLv3 write finished A
- (5) Thu May 24 17:30:30 2018: Debug: eap_peap: TLS_accept: SSLv3 flush data
- (5) Thu May 24 17:30:30 2018: Debug: eap_peap: (other): SSL negotiation finished successfully
- (5) Thu May 24 17:30:30 2018: Debug: eap_peap: SSL Connection Established
- (5) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls process] = handled
- (5) Thu May 24 17:30:30 2018: Debug: eap: Sending EAP Request (code 1) ID 7 length 57
- (5) Thu May 24 17:30:30 2018: Debug: eap: EAP session adding &reply:State = 0x49c411c24cc3082f
- (5) Thu May 24 17:30:30 2018: Debug: [eap] = handled
- (5) Thu May 24 17:30:30 2018: Debug: } # authenticate = handled
- (5) Thu May 24 17:30:30 2018: Debug: Using Post-Auth-Type Challenge
- (5) Thu May 24 17:30:30 2018: Debug: Post-Auth-Type sub-section not found. Ignoring.
- (5) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (5) Thu May 24 17:30:30 2018: Debug: Sent Access-Challenge Id 58 from 172.20.5.3:1812 to 172.20.5.79:52628 length 0
- (5) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x0107003919001403030001011603030028c204d6dc726b81da71a67e708091ab875e0c5756c6a0bef05bcc116c35b2ad4068bbd39829055953
- (5) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (5) Thu May 24 17:30:30 2018: Debug: State = 0x49c411c24cc3082fb3b3797cce5894f4
- (5) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3139
- (5) Thu May 24 17:30:30 2018: Debug: Finished request
- (6) Thu May 24 17:30:30 2018: Debug: Received Access-Request Id 109 from 172.20.5.79:52628 to 172.20.5.3:1812 length 360
- (6) Thu May 24 17:30:30 2018: Debug: Framed-MTU = 1480
- (6) Thu May 24 17:30:30 2018: Debug: NAS-IP-Address = 172.20.9.150
- (6) Thu May 24 17:30:30 2018: Debug: NAS-Identifier = "Test"
- (6) Thu May 24 17:30:30 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (6) Thu May 24 17:30:30 2018: Debug: Service-Type = Framed-User
- (6) Thu May 24 17:30:30 2018: Debug: Framed-Protocol = PPP
- (6) Thu May 24 17:30:30 2018: Debug: NAS-Port = 1
- (6) Thu May 24 17:30:30 2018: Debug: NAS-Port-Type = Ethernet
- (6) Thu May 24 17:30:30 2018: Debug: NAS-Port-Id = "1"
- (6) Thu May 24 17:30:30 2018: Debug: Called-Station-Id = "94-18-82-b9-32-80"
- (6) Thu May 24 17:30:30 2018: Debug: Calling-Station-Id = "00-e0-4c-60-43-20"
- (6) Thu May 24 17:30:30 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (6) Thu May 24 17:30:30 2018: Debug: Tunnel-Type:0 = VLAN
- (6) Thu May 24 17:30:30 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (6) Thu May 24 17:30:30 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (6) Thu May 24 17:30:30 2018: Debug: State = 0x49c411c24cc3082fb3b3797cce5894f4
- (6) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x020700061900
- (6) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x5c999f89a3773ffa1a1be600c701a541
- (6) Thu May 24 17:30:30 2018: Debug: MS-RAS-Vendor = 11
- (6) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (6) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (6) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (6) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (6) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0138
- (6) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x013a
- (6) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0140
- (6) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0141
- (6) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0151
- (6) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3230
- (6) Thu May 24 17:30:30 2018: Debug: session-state: No cached attributes
- (6) Thu May 24 17:30:30 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence
- (6) Thu May 24 17:30:30 2018: Debug: authorize {
- (6) Thu May 24 17:30:30 2018: Debug: update {
- (6) Thu May 24 17:30:30 2018: Debug: EXPAND %{Packet-Src-IP-Address}
- (6) Thu May 24 17:30:30 2018: Debug: --> 172.20.5.79
- (6) Thu May 24 17:30:30 2018: Debug: EXPAND %l
- (6) Thu May 24 17:30:30 2018: Debug: --> 1527175830
- (6) Thu May 24 17:30:30 2018: Debug: } # update = noop
- (6) Thu May 24 17:30:30 2018: Debug: policy packetfence-set-tenant-id {
- (6) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (6) Thu May 24 17:30:30 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0}
- (6) Thu May 24 17:30:30 2018: Debug: --> 0
- (6) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
- (6) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (6) Thu May 24 17:30:30 2018: Debug: update control {
- (6) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (6) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (6) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (6) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '172.20.5.79'), 0)
- (6) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)}
- (6) Thu May 24 17:30:30 2018: Debug: --> 0
- (6) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (6) Thu May 24 17:30:30 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
- (6) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (6) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> TRUE
- (6) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (6) Thu May 24 17:30:30 2018: Debug: update control {
- (6) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (6) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (6) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (6) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('172.20.5.79') and INET_ATON('172.20.5.79') <= end_ip order by range_length limit 1), 1)
- (6) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('%{Packet-Src-IP-Address}') and INET_ATON('%{Packet-Src-IP-Address}') <= end_ip order by range_length limit 1), 1)}
- (6) Thu May 24 17:30:30 2018: Debug: --> 1
- (6) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (6) Thu May 24 17:30:30 2018: Debug: } # if ( &control:PacketFence-Tenant-Id == 0 ) = noop
- (6) Thu May 24 17:30:30 2018: Debug: } # policy packetfence-set-tenant-id = noop
- (6) Thu May 24 17:30:30 2018: Debug: policy rewrite_calling_station_id {
- (6) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (6) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
- (6) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (6) Thu May 24 17:30:30 2018: Debug: update request {
- (6) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (6) Thu May 24 17:30:30 2018: Debug: --> 00:e0:4c:60:43:20
- (6) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (6) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (6) Thu May 24 17:30:30 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
- (6) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (6) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_calling_station_id = updated
- (6) Thu May 24 17:30:30 2018: Debug: policy rewrite_called_station_id {
- (6) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (6) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE
- (6) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (6) Thu May 24 17:30:30 2018: Debug: update request {
- (6) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (6) Thu May 24 17:30:30 2018: Debug: --> 94:18:82:b9:32:80
- (6) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (6) Thu May 24 17:30:30 2018: Debug: if ("%{8}") {
- (6) Thu May 24 17:30:30 2018: Debug: EXPAND %{8}
- (6) Thu May 24 17:30:30 2018: Debug: -->
- (6) Thu May 24 17:30:30 2018: Debug: if ("%{8}") -> FALSE
- (6) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
- (6) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (6) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) {
- (6) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE
- (6) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
- (6) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (6) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (6) Thu May 24 17:30:30 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated
- (6) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (6) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_called_station_id = updated
- (6) Thu May 24 17:30:30 2018: Debug: policy filter_username {
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Name) -> TRUE
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) {
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (6) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (6) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) {
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) {
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (6) Thu May 24 17:30:30 2018: Debug: } # if (&User-Name) = updated
- (6) Thu May 24 17:30:30 2018: Debug: } # policy filter_username = updated
- (6) Thu May 24 17:30:30 2018: Debug: policy filter_password {
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) {
- (6) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE
- (6) Thu May 24 17:30:30 2018: Debug: } # policy filter_password = updated
- (6) Thu May 24 17:30:30 2018: Debug: [preprocess] = ok
- (6) Thu May 24 17:30:30 2018: Debug: suffix: Checking for suffix after "@"
- (6) Thu May 24 17:30:30 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (6) Thu May 24 17:30:30 2018: Debug: [suffix] = noop
- (6) Thu May 24 17:30:30 2018: Debug: ntdomain: Checking for prefix before "\"
- (6) Thu May 24 17:30:30 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (6) Thu May 24 17:30:30 2018: Debug: ntdomain: Found realm "null"
- (6) Thu May 24 17:30:30 2018: Debug: ntdomain: Adding Realm = "null"
- (6) Thu May 24 17:30:30 2018: Debug: ntdomain: Authentication realm is LOCAL
- (6) Thu May 24 17:30:30 2018: Debug: [ntdomain] = ok
- (6) Thu May 24 17:30:30 2018: Debug: eap: Peer sent EAP Response (code 2) ID 7 length 6
- (6) Thu May 24 17:30:30 2018: Debug: eap: Continuing tunnel setup
- (6) Thu May 24 17:30:30 2018: Debug: [eap] = ok
- (6) Thu May 24 17:30:30 2018: Debug: } # authorize = ok
- (6) Thu May 24 17:30:30 2018: Debug: Found Auth-Type = eap
- (6) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (6) Thu May 24 17:30:30 2018: Debug: authenticate {
- (6) Thu May 24 17:30:30 2018: Debug: eap: Expiring EAP session with state 0x49c411c24cc3082f
- (6) Thu May 24 17:30:30 2018: Debug: eap: Finished EAP session with state 0x49c411c24cc3082f
- (6) Thu May 24 17:30:30 2018: Debug: eap: Previous EAP request found for state 0x49c411c24cc3082f, released from the list
- (6) Thu May 24 17:30:30 2018: Debug: eap: Peer sent packet with method EAP PEAP (25)
- (6) Thu May 24 17:30:30 2018: Debug: eap: Calling submodule eap_peap to process data
- (6) Thu May 24 17:30:30 2018: Debug: eap_peap: Continuing EAP-TLS
- (6) Thu May 24 17:30:30 2018: Debug: eap_peap: Peer ACKed our handshake fragment. handshake is finished
- (6) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls verify] = success
- (6) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls process] = success
- (6) Thu May 24 17:30:30 2018: Debug: eap_peap: Session established. Decoding tunneled attributes
- (6) Thu May 24 17:30:30 2018: Debug: eap_peap: PEAP state TUNNEL ESTABLISHED
- (6) Thu May 24 17:30:30 2018: Debug: eap: Sending EAP Request (code 1) ID 8 length 40
- (6) Thu May 24 17:30:30 2018: Debug: eap: EAP session adding &reply:State = 0x49c411c24fcc082f
- (6) Thu May 24 17:30:30 2018: Debug: [eap] = handled
- (6) Thu May 24 17:30:30 2018: Debug: } # authenticate = handled
- (6) Thu May 24 17:30:30 2018: Debug: Using Post-Auth-Type Challenge
- (6) Thu May 24 17:30:30 2018: Debug: Post-Auth-Type sub-section not found. Ignoring.
- (6) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (6) Thu May 24 17:30:30 2018: Debug: Sent Access-Challenge Id 109 from 172.20.5.3:1812 to 172.20.5.79:52628 length 0
- (6) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x010800281900170303001dc204d6dc726b81db8a469ae587be1edde1f1702951d298552627b74f15
- (6) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (6) Thu May 24 17:30:30 2018: Debug: State = 0x49c411c24fcc082fb3b3797cce5894f4
- (6) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3230
- (6) Thu May 24 17:30:30 2018: Debug: Finished request
- (7) Thu May 24 17:30:30 2018: Debug: Received Access-Request Id 213 from 172.20.5.79:52628 to 172.20.5.3:1812 length 421
- (7) Thu May 24 17:30:30 2018: Debug: Framed-MTU = 1480
- (7) Thu May 24 17:30:30 2018: Debug: NAS-IP-Address = 172.20.9.150
- (7) Thu May 24 17:30:30 2018: Debug: NAS-Identifier = "Test"
- (7) Thu May 24 17:30:30 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (7) Thu May 24 17:30:30 2018: Debug: Service-Type = Framed-User
- (7) Thu May 24 17:30:30 2018: Debug: Framed-Protocol = PPP
- (7) Thu May 24 17:30:30 2018: Debug: NAS-Port = 1
- (7) Thu May 24 17:30:30 2018: Debug: NAS-Port-Type = Ethernet
- (7) Thu May 24 17:30:30 2018: Debug: NAS-Port-Id = "1"
- (7) Thu May 24 17:30:30 2018: Debug: Called-Station-Id = "94-18-82-b9-32-80"
- (7) Thu May 24 17:30:30 2018: Debug: Calling-Station-Id = "00-e0-4c-60-43-20"
- (7) Thu May 24 17:30:30 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (7) Thu May 24 17:30:30 2018: Debug: Tunnel-Type:0 = VLAN
- (7) Thu May 24 17:30:30 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (7) Thu May 24 17:30:30 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (7) Thu May 24 17:30:30 2018: Debug: State = 0x49c411c24fcc082fb3b3797cce5894f4
- (7) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x0208004319001703030038000000000000000136a4dbac58bd2162f5d7e53a853d094521715a022e1e966ac88f81da70ab5f61b4c725ffab5824956fb62a49d8fb96b8
- (7) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x5e78675bf103d85dff0c18c3ef6d31b8
- (7) Thu May 24 17:30:30 2018: Debug: MS-RAS-Vendor = 11
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0138
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x013a
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0140
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0141
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0151
- (7) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3231
- (7) Thu May 24 17:30:30 2018: Debug: session-state: No cached attributes
- (7) Thu May 24 17:30:30 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence
- (7) Thu May 24 17:30:30 2018: Debug: authorize {
- (7) Thu May 24 17:30:30 2018: Debug: update {
- (7) Thu May 24 17:30:30 2018: Debug: EXPAND %{Packet-Src-IP-Address}
- (7) Thu May 24 17:30:30 2018: Debug: --> 172.20.5.79
- (7) Thu May 24 17:30:30 2018: Debug: EXPAND %l
- (7) Thu May 24 17:30:30 2018: Debug: --> 1527175830
- (7) Thu May 24 17:30:30 2018: Debug: } # update = noop
- (7) Thu May 24 17:30:30 2018: Debug: policy packetfence-set-tenant-id {
- (7) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (7) Thu May 24 17:30:30 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0}
- (7) Thu May 24 17:30:30 2018: Debug: --> 0
- (7) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
- (7) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (7) Thu May 24 17:30:30 2018: Debug: update control {
- (7) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (7) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (7) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (7) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '172.20.5.79'), 0)
- (7) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)}
- (7) Thu May 24 17:30:30 2018: Debug: --> 0
- (7) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (7) Thu May 24 17:30:30 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
- (7) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (7) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> TRUE
- (7) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (7) Thu May 24 17:30:30 2018: Debug: update control {
- (7) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (7) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (7) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (7) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('172.20.5.79') and INET_ATON('172.20.5.79') <= end_ip order by range_length limit 1), 1)
- (7) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('%{Packet-Src-IP-Address}') and INET_ATON('%{Packet-Src-IP-Address}') <= end_ip order by range_length limit 1), 1)}
- (7) Thu May 24 17:30:30 2018: Debug: --> 1
- (7) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (7) Thu May 24 17:30:30 2018: Debug: } # if ( &control:PacketFence-Tenant-Id == 0 ) = noop
- (7) Thu May 24 17:30:30 2018: Debug: } # policy packetfence-set-tenant-id = noop
- (7) Thu May 24 17:30:30 2018: Debug: policy rewrite_calling_station_id {
- (7) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
- (7) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (7) Thu May 24 17:30:30 2018: Debug: update request {
- (7) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (7) Thu May 24 17:30:30 2018: Debug: --> 00:e0:4c:60:43:20
- (7) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (7) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (7) Thu May 24 17:30:30 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
- (7) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (7) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_calling_station_id = updated
- (7) Thu May 24 17:30:30 2018: Debug: policy rewrite_called_station_id {
- (7) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (7) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE
- (7) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (7) Thu May 24 17:30:30 2018: Debug: update request {
- (7) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (7) Thu May 24 17:30:30 2018: Debug: --> 94:18:82:b9:32:80
- (7) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (7) Thu May 24 17:30:30 2018: Debug: if ("%{8}") {
- (7) Thu May 24 17:30:30 2018: Debug: EXPAND %{8}
- (7) Thu May 24 17:30:30 2018: Debug: -->
- (7) Thu May 24 17:30:30 2018: Debug: if ("%{8}") -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
- (7) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) {
- (7) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
- (7) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (7) Thu May 24 17:30:30 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated
- (7) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (7) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_called_station_id = updated
- (7) Thu May 24 17:30:30 2018: Debug: policy filter_username {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name) -> TRUE
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (7) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: } # if (&User-Name) = updated
- (7) Thu May 24 17:30:30 2018: Debug: } # policy filter_username = updated
- (7) Thu May 24 17:30:30 2018: Debug: policy filter_password {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: } # policy filter_password = updated
- (7) Thu May 24 17:30:30 2018: Debug: [preprocess] = ok
- (7) Thu May 24 17:30:30 2018: Debug: suffix: Checking for suffix after "@"
- (7) Thu May 24 17:30:30 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (7) Thu May 24 17:30:30 2018: Debug: [suffix] = noop
- (7) Thu May 24 17:30:30 2018: Debug: ntdomain: Checking for prefix before "\"
- (7) Thu May 24 17:30:30 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (7) Thu May 24 17:30:30 2018: Debug: ntdomain: Found realm "null"
- (7) Thu May 24 17:30:30 2018: Debug: ntdomain: Adding Realm = "null"
- (7) Thu May 24 17:30:30 2018: Debug: ntdomain: Authentication realm is LOCAL
- (7) Thu May 24 17:30:30 2018: Debug: [ntdomain] = ok
- (7) Thu May 24 17:30:30 2018: Debug: eap: Peer sent EAP Response (code 2) ID 8 length 67
- (7) Thu May 24 17:30:30 2018: Debug: eap: Continuing tunnel setup
- (7) Thu May 24 17:30:30 2018: Debug: [eap] = ok
- (7) Thu May 24 17:30:30 2018: Debug: } # authorize = ok
- (7) Thu May 24 17:30:30 2018: Debug: Found Auth-Type = eap
- (7) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (7) Thu May 24 17:30:30 2018: Debug: authenticate {
- (7) Thu May 24 17:30:30 2018: Debug: eap: Expiring EAP session with state 0x49c411c24fcc082f
- (7) Thu May 24 17:30:30 2018: Debug: eap: Finished EAP session with state 0x49c411c24fcc082f
- (7) Thu May 24 17:30:30 2018: Debug: eap: Previous EAP request found for state 0x49c411c24fcc082f, released from the list
- (7) Thu May 24 17:30:30 2018: Debug: eap: Peer sent packet with method EAP PEAP (25)
- (7) Thu May 24 17:30:30 2018: Debug: eap: Calling submodule eap_peap to process data
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Continuing EAP-TLS
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls verify] = ok
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Done initial handshake
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls process] = ok
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Session established. Decoding tunneled attributes
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: PEAP state WAITING FOR INNER IDENTITY
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Identity - host/Admin-15-NB.PERSONALAMT.DE
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Got inner identity 'host/Admin-15-NB.PERSONALAMT.DE'
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Setting default EAP type for tunneled EAP session
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Got tunneled request
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: EAP-Message = 0x0208002401686f73742f41646d696e2d31352d4e422e504552534f4e414c414d542e4445
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Setting User-Name to host/Admin-15-NB.PERSONALAMT.DE
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Sending tunneled request to packetfence-tunnel
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: EAP-Message = 0x0208002401686f73742f41646d696e2d31352d4e422e504552534f4e414c414d542e4445
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Framed-MTU = 1480
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-IP-Address = 172.20.9.150
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-Identifier = "Test"
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Service-Type = Framed-User
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Framed-Protocol = PPP
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-Port = 1
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-Port-Type = Ethernet
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-Port-Id = "1"
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Calling-Station-Id := "00:e0:4c:60:43:20"
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Type:0 = VLAN
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Medium-Type:0 = IEEE-802
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Private-Group-Id:0 = "1"
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: MS-RAS-Vendor = 11
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x011a0000000b28
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x011a0000000b2e
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x011a0000000b30
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x011a0000000b3d
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x0138
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x013a
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x0140
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x0141
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x0151
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Called-Station-Id := "94:18:82:b9:32:80"
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Event-Timestamp = "Mai 24 2018 17:30:30 CEST"
- (7) Thu May 24 17:30:30 2018: Debug: Virtual server packetfence-tunnel received request
- (7) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x0208002401686f73742f41646d696e2d31352d4e422e504552534f4e414c414d542e4445
- (7) Thu May 24 17:30:30 2018: Debug: FreeRADIUS-Proxied-To = 127.0.0.1
- (7) Thu May 24 17:30:30 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (7) Thu May 24 17:30:30 2018: Debug: Framed-MTU = 1480
- (7) Thu May 24 17:30:30 2018: Debug: NAS-IP-Address = 172.20.9.150
- (7) Thu May 24 17:30:30 2018: Debug: NAS-Identifier = "Test"
- (7) Thu May 24 17:30:30 2018: Debug: Service-Type = Framed-User
- (7) Thu May 24 17:30:30 2018: Debug: Framed-Protocol = PPP
- (7) Thu May 24 17:30:30 2018: Debug: NAS-Port = 1
- (7) Thu May 24 17:30:30 2018: Debug: NAS-Port-Type = Ethernet
- (7) Thu May 24 17:30:30 2018: Debug: NAS-Port-Id = "1"
- (7) Thu May 24 17:30:30 2018: Debug: Calling-Station-Id := "00:e0:4c:60:43:20"
- (7) Thu May 24 17:30:30 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (7) Thu May 24 17:30:30 2018: Debug: Tunnel-Type:0 = VLAN
- (7) Thu May 24 17:30:30 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (7) Thu May 24 17:30:30 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (7) Thu May 24 17:30:30 2018: Debug: MS-RAS-Vendor = 11
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0138
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x013a
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0140
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0141
- (7) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0151
- (7) Thu May 24 17:30:30 2018: Debug: Called-Station-Id := "94:18:82:b9:32:80"
- (7) Thu May 24 17:30:30 2018: Debug: Event-Timestamp = "Mai 24 2018 17:30:30 CEST"
- (7) Thu May 24 17:30:30 2018: WARNING: Outer and inner identities are the same. User privacy is compromised.
- (7) Thu May 24 17:30:30 2018: Debug: server packetfence-tunnel {
- (7) Thu May 24 17:30:30 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel
- (7) Thu May 24 17:30:30 2018: Debug: authorize {
- (7) Thu May 24 17:30:30 2018: Debug: if ( outer.EAP-Type == TTLS) {
- (7) Thu May 24 17:30:30 2018: Debug: if ( outer.EAP-Type == TTLS) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: policy filter_username {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name) -> TRUE
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (7) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) {
- (7) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (7) Thu May 24 17:30:30 2018: Debug: } # if (&User-Name) = notfound
- (7) Thu May 24 17:30:30 2018: Debug: } # policy filter_username = notfound
- (7) Thu May 24 17:30:30 2018: Debug: [mschap] = noop
- (7) Thu May 24 17:30:30 2018: Debug: suffix: Checking for suffix after "@"
- (7) Thu May 24 17:30:30 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (7) Thu May 24 17:30:30 2018: Debug: [suffix] = noop
- (7) Thu May 24 17:30:30 2018: Debug: ntdomain: Checking for prefix before "\"
- (7) Thu May 24 17:30:30 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (7) Thu May 24 17:30:30 2018: Debug: ntdomain: Found realm "null"
- (7) Thu May 24 17:30:30 2018: Debug: ntdomain: Adding Realm = "null"
- (7) Thu May 24 17:30:30 2018: Debug: ntdomain: Authentication realm is LOCAL
- (7) Thu May 24 17:30:30 2018: Debug: [ntdomain] = ok
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'host/Admin-15-NB.PERSONALAMT.DE'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.20.9.150'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '1'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Framed-User'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Framed-Protocol'} = &request:Framed-Protocol -> 'PPP'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1480'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '94:18:82:b9:32:80'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '00:e0:4c:60:43:20'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'Test'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Ethernet'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Tunnel-Type'} = &request:Tunnel-Type -> 'VLAN'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Tunnel-Medium-Type'} = &request:Tunnel-Medium-Type -> 'IEEE-802'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Tunnel-Private-Group-Id'} = &request:Tunnel-Private-Group-Id -> '1'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Mai 24 2018 17:30:30 CEST'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Connect-Info'} = &request:Connect-Info -> 'CONNECT Ethernet 1000Mbps Full duplex'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x0208002401686f73742f41646d696e2d31352d4e422e504552534f4e414c414d542e4445'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id -> '1'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} = &request:FreeRADIUS-Proxied-To -> '127.0.0.1'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[0] = &request:HP-Capability-Advert -> '0x011a0000000b28'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[1] = &request:HP-Capability-Advert -> '0x011a0000000b2e'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[2] = &request:HP-Capability-Advert -> '0x011a0000000b30'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[3] = &request:HP-Capability-Advert -> '0x011a0000000b3d'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[4] = &request:HP-Capability-Advert -> '0x0138'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[5] = &request:HP-Capability-Advert -> '0x013a'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[6] = &request:HP-Capability-Advert -> '0x0140'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[7] = &request:HP-Capability-Advert -> '0x0141'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[8] = &request:HP-Capability-Advert -> '0x0151'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'MS-RAS-Vendor'} = &request:MS-RAS-Vendor -> '11'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Realm'} = &request:Realm -> 'null'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_CHECK{'EAP-Type'} = &control:EAP-Type -> 'MSCHAPv2'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_CONFIG{'EAP-Type'} = &control:EAP-Type -> 'MSCHAPv2'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b28'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b2e'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b30'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b3d'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0138'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x013a'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0140'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0141'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0151'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Ethernet'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:MS-RAS-Vendor = $RAD_REQUEST{'MS-RAS-Vendor'} -> '11'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Framed-User'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '94:18:82:b9:32:80'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:FreeRADIUS-Proxied-To = $RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Tunnel-Type:0 = $RAD_REQUEST{'Tunnel-Type:0'} -> 'VLAN'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Connect-Info = $RAD_REQUEST{'Connect-Info'} -> 'CONNECT Ethernet 1000Mbps Full duplex'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Realm = $RAD_REQUEST{'Realm'} -> 'null'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.20.9.150'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} -> '1'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Tunnel-Medium-Type:0 = $RAD_REQUEST{'Tunnel-Medium-Type:0'} -> 'IEEE-802'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '00:e0:4c:60:43:20'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:PacketFence-Domain = $RAD_REQUEST{'PacketFence-Domain'} -> 'LKMRBI'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Framed-Protocol = $RAD_REQUEST{'Framed-Protocol'} -> 'PPP'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Tunnel-Private-Group-Id:0 = $RAD_REQUEST{'Tunnel-Private-Group-Id:0'} -> '1'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'host/Admin-15-NB.PERSONALAMT.DE'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'Test'
- (7) Thu May 24 17:30:30 2018: ERROR: packetfence-multi-domain: Failed to create pair - failed to parse time string "Mai 24 2018 17:30:30 CEST"
- (7) Thu May 24 17:30:30 2018: ERROR: packetfence-multi-domain: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Mai 24 2018 17:30:30 CEST'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x0208002401686f73742f41646d696e2d31352d4e422e504552534f4e414c414d542e4445'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '1'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1480'
- (7) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &control:EAP-Type = $RAD_CHECK{'EAP-Type'} -> 'MSCHAPv2'
- (7) Thu May 24 17:30:30 2018: Debug: [packetfence-multi-domain] = updated
- (7) Thu May 24 17:30:30 2018: Debug: update control {
- (7) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (7) Thu May 24 17:30:30 2018: Debug: eap: Peer sent EAP Response (code 2) ID 8 length 36
- (7) Thu May 24 17:30:30 2018: Debug: eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (7) Thu May 24 17:30:30 2018: Debug: [eap] = ok
- (7) Thu May 24 17:30:30 2018: Debug: } # authorize = ok
- (7) Thu May 24 17:30:30 2018: WARNING: You set Proxy-To-Realm = local, but it is a LOCAL realm! Cancelling proxy request.
- (7) Thu May 24 17:30:30 2018: Debug: Found Auth-Type = eap
- (7) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel
- (7) Thu May 24 17:30:30 2018: Debug: authenticate {
- (7) Thu May 24 17:30:30 2018: Debug: eap: Peer sent packet with method EAP Identity (1)
- (7) Thu May 24 17:30:30 2018: Debug: eap: Calling submodule eap_mschapv2 to process data
- (7) Thu May 24 17:30:30 2018: Debug: eap_mschapv2: Issuing Challenge
- (7) Thu May 24 17:30:30 2018: Debug: eap: Sending EAP Request (code 1) ID 9 length 43
- (7) Thu May 24 17:30:30 2018: Debug: eap: EAP session adding &reply:State = 0x3c540b463c5d11bc
- (7) Thu May 24 17:30:30 2018: Debug: [eap] = handled
- (7) Thu May 24 17:30:30 2018: Debug: } # authenticate = handled
- (7) Thu May 24 17:30:30 2018: Debug: } # server packetfence-tunnel
- (7) Thu May 24 17:30:30 2018: Debug: Virtual server sending reply
- (7) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x0109002b1a0109002610cdf91c10176e1e591aaaba0ec7e8ec7c667265657261646975732d332e302e3135
- (7) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (7) Thu May 24 17:30:30 2018: Debug: State = 0x3c540b463c5d11bc9b9de9eca83b76bb
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Got tunneled reply code 11
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: EAP-Message = 0x0109002b1a0109002610cdf91c10176e1e591aaaba0ec7e8ec7c667265657261646975732d332e302e3135
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: State = 0x3c540b463c5d11bc9b9de9eca83b76bb
- (7) Thu May 24 17:30:30 2018: Debug: eap_peap: Got tunneled Access-Challenge
- (7) Thu May 24 17:30:30 2018: Debug: eap: Sending EAP Request (code 1) ID 9 length 74
- (7) Thu May 24 17:30:30 2018: Debug: eap: EAP session adding &reply:State = 0x49c411c24ecd082f
- (7) Thu May 24 17:30:30 2018: Debug: [eap] = handled
- (7) Thu May 24 17:30:30 2018: Debug: } # authenticate = handled
- (7) Thu May 24 17:30:30 2018: Debug: Using Post-Auth-Type Challenge
- (7) Thu May 24 17:30:30 2018: Debug: Post-Auth-Type sub-section not found. Ignoring.
- (7) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (7) Thu May 24 17:30:30 2018: Debug: Sent Access-Challenge Id 213 from 172.20.5.3:1812 to 172.20.5.79:52628 length 0
- (7) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x0109004a1900170303003fc204d6dc726b81dcc38d0d7620d43ee6de16f96200d67e765fc7bb27f998ee98c0f5f5354569f64774c4e71fff345b908044d152a3c9f1e873fd6168148cfe
- (7) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (7) Thu May 24 17:30:30 2018: Debug: State = 0x49c411c24ecd082fb3b3797cce5894f4
- (7) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3231
- (7) Thu May 24 17:30:30 2018: Debug: Finished request
- (8) Thu May 24 17:30:30 2018: Debug: Received Access-Request Id 45 from 172.20.5.79:52628 to 172.20.5.3:1812 length 475
- (8) Thu May 24 17:30:30 2018: Debug: Framed-MTU = 1480
- (8) Thu May 24 17:30:30 2018: Debug: NAS-IP-Address = 172.20.9.150
- (8) Thu May 24 17:30:30 2018: Debug: NAS-Identifier = "Test"
- (8) Thu May 24 17:30:30 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (8) Thu May 24 17:30:30 2018: Debug: Service-Type = Framed-User
- (8) Thu May 24 17:30:30 2018: Debug: Framed-Protocol = PPP
- (8) Thu May 24 17:30:30 2018: Debug: NAS-Port = 1
- (8) Thu May 24 17:30:30 2018: Debug: NAS-Port-Type = Ethernet
- (8) Thu May 24 17:30:30 2018: Debug: NAS-Port-Id = "1"
- (8) Thu May 24 17:30:30 2018: Debug: Called-Station-Id = "94-18-82-b9-32-80"
- (8) Thu May 24 17:30:30 2018: Debug: Calling-Station-Id = "00-e0-4c-60-43-20"
- (8) Thu May 24 17:30:30 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (8) Thu May 24 17:30:30 2018: Debug: Tunnel-Type:0 = VLAN
- (8) Thu May 24 17:30:30 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (8) Thu May 24 17:30:30 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (8) Thu May 24 17:30:30 2018: Debug: State = 0x49c411c24ecd082fb3b3797cce5894f4
- (8) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x020900791900170303006e0000000000000002a78ef4f10e50144dbc569670d2043607c8b6d6c274870853ca9edcdb980828dd20f4f9fcb6688dd0341132568c405fc296ce490f5d3c4e69b080f795b66b51262d6a50103c60f728f1cd51f5111530a6cf80a208d6943cafd1270353ba40124e28ef6028
- (8) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x4d4f3198399a23f5b92ece5023620b1a
- (8) Thu May 24 17:30:30 2018: Debug: MS-RAS-Vendor = 11
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0138
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x013a
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0140
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0141
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0151
- (8) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3232
- (8) Thu May 24 17:30:30 2018: Debug: session-state: No cached attributes
- (8) Thu May 24 17:30:30 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence
- (8) Thu May 24 17:30:30 2018: Debug: authorize {
- (8) Thu May 24 17:30:30 2018: Debug: update {
- (8) Thu May 24 17:30:30 2018: Debug: EXPAND %{Packet-Src-IP-Address}
- (8) Thu May 24 17:30:30 2018: Debug: --> 172.20.5.79
- (8) Thu May 24 17:30:30 2018: Debug: EXPAND %l
- (8) Thu May 24 17:30:30 2018: Debug: --> 1527175830
- (8) Thu May 24 17:30:30 2018: Debug: } # update = noop
- (8) Thu May 24 17:30:30 2018: Debug: policy packetfence-set-tenant-id {
- (8) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (8) Thu May 24 17:30:30 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0}
- (8) Thu May 24 17:30:30 2018: Debug: --> 0
- (8) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
- (8) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (8) Thu May 24 17:30:30 2018: Debug: update control {
- (8) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (8) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (8) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (8) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '172.20.5.79'), 0)
- (8) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)}
- (8) Thu May 24 17:30:30 2018: Debug: --> 0
- (8) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (8) Thu May 24 17:30:30 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
- (8) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (8) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> TRUE
- (8) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (8) Thu May 24 17:30:30 2018: Debug: update control {
- (8) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (8) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (8) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (8) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('172.20.5.79') and INET_ATON('172.20.5.79') <= end_ip order by range_length limit 1), 1)
- (8) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('%{Packet-Src-IP-Address}') and INET_ATON('%{Packet-Src-IP-Address}') <= end_ip order by range_length limit 1), 1)}
- (8) Thu May 24 17:30:30 2018: Debug: --> 1
- (8) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (8) Thu May 24 17:30:30 2018: Debug: } # if ( &control:PacketFence-Tenant-Id == 0 ) = noop
- (8) Thu May 24 17:30:30 2018: Debug: } # policy packetfence-set-tenant-id = noop
- (8) Thu May 24 17:30:30 2018: Debug: policy rewrite_calling_station_id {
- (8) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
- (8) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (8) Thu May 24 17:30:30 2018: Debug: update request {
- (8) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (8) Thu May 24 17:30:30 2018: Debug: --> 00:e0:4c:60:43:20
- (8) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (8) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (8) Thu May 24 17:30:30 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
- (8) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (8) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_calling_station_id = updated
- (8) Thu May 24 17:30:30 2018: Debug: policy rewrite_called_station_id {
- (8) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (8) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE
- (8) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (8) Thu May 24 17:30:30 2018: Debug: update request {
- (8) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (8) Thu May 24 17:30:30 2018: Debug: --> 94:18:82:b9:32:80
- (8) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (8) Thu May 24 17:30:30 2018: Debug: if ("%{8}") {
- (8) Thu May 24 17:30:30 2018: Debug: EXPAND %{8}
- (8) Thu May 24 17:30:30 2018: Debug: -->
- (8) Thu May 24 17:30:30 2018: Debug: if ("%{8}") -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
- (8) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) {
- (8) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
- (8) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (8) Thu May 24 17:30:30 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated
- (8) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (8) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_called_station_id = updated
- (8) Thu May 24 17:30:30 2018: Debug: policy filter_username {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name) -> TRUE
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (8) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: } # if (&User-Name) = updated
- (8) Thu May 24 17:30:30 2018: Debug: } # policy filter_username = updated
- (8) Thu May 24 17:30:30 2018: Debug: policy filter_password {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: } # policy filter_password = updated
- (8) Thu May 24 17:30:30 2018: Debug: [preprocess] = ok
- (8) Thu May 24 17:30:30 2018: Debug: suffix: Checking for suffix after "@"
- (8) Thu May 24 17:30:30 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (8) Thu May 24 17:30:30 2018: Debug: [suffix] = noop
- (8) Thu May 24 17:30:30 2018: Debug: ntdomain: Checking for prefix before "\"
- (8) Thu May 24 17:30:30 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (8) Thu May 24 17:30:30 2018: Debug: ntdomain: Found realm "null"
- (8) Thu May 24 17:30:30 2018: Debug: ntdomain: Adding Realm = "null"
- (8) Thu May 24 17:30:30 2018: Debug: ntdomain: Authentication realm is LOCAL
- (8) Thu May 24 17:30:30 2018: Debug: [ntdomain] = ok
- (8) Thu May 24 17:30:30 2018: Debug: eap: Peer sent EAP Response (code 2) ID 9 length 121
- (8) Thu May 24 17:30:30 2018: Debug: eap: Continuing tunnel setup
- (8) Thu May 24 17:30:30 2018: Debug: [eap] = ok
- (8) Thu May 24 17:30:30 2018: Debug: } # authorize = ok
- (8) Thu May 24 17:30:30 2018: Debug: Found Auth-Type = eap
- (8) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (8) Thu May 24 17:30:30 2018: Debug: authenticate {
- (8) Thu May 24 17:30:30 2018: Debug: eap: Expiring EAP session with state 0x3c540b463c5d11bc
- (8) Thu May 24 17:30:30 2018: Debug: eap: Finished EAP session with state 0x49c411c24ecd082f
- (8) Thu May 24 17:30:30 2018: Debug: eap: Previous EAP request found for state 0x49c411c24ecd082f, released from the list
- (8) Thu May 24 17:30:30 2018: Debug: eap: Peer sent packet with method EAP PEAP (25)
- (8) Thu May 24 17:30:30 2018: Debug: eap: Calling submodule eap_peap to process data
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Continuing EAP-TLS
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls verify] = ok
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Done initial handshake
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls process] = ok
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Session established. Decoding tunneled attributes
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: PEAP state phase2
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: EAP method MSCHAPv2 (26)
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Got tunneled request
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: EAP-Message = 0x0209005a1a02090055316159b5ecaefb2209298539b2a82fc5ad0000000000000000bee84769b24f2eb26a8e3902bb9448be4a3371baa932ccef00686f73742f41646d696e2d31352d4e422e504552534f4e414c414d542e4445
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Setting User-Name to host/Admin-15-NB.PERSONALAMT.DE
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Sending tunneled request to packetfence-tunnel
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: EAP-Message = 0x0209005a1a02090055316159b5ecaefb2209298539b2a82fc5ad0000000000000000bee84769b24f2eb26a8e3902bb9448be4a3371baa932ccef00686f73742f41646d696e2d31352d4e422e504552534f4e414c414d542e4445
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: State = 0x3c540b463c5d11bc9b9de9eca83b76bb
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Framed-MTU = 1480
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-IP-Address = 172.20.9.150
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-Identifier = "Test"
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Service-Type = Framed-User
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Framed-Protocol = PPP
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-Port = 1
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-Port-Type = Ethernet
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-Port-Id = "1"
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Calling-Station-Id := "00:e0:4c:60:43:20"
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Type:0 = VLAN
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Medium-Type:0 = IEEE-802
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Private-Group-Id:0 = "1"
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: MS-RAS-Vendor = 11
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x011a0000000b28
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x011a0000000b2e
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x011a0000000b30
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x011a0000000b3d
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x0138
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x013a
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x0140
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x0141
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x0151
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Called-Station-Id := "94:18:82:b9:32:80"
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Event-Timestamp = "Mai 24 2018 17:30:30 CEST"
- (8) Thu May 24 17:30:30 2018: Debug: Virtual server packetfence-tunnel received request
- (8) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x0209005a1a02090055316159b5ecaefb2209298539b2a82fc5ad0000000000000000bee84769b24f2eb26a8e3902bb9448be4a3371baa932ccef00686f73742f41646d696e2d31352d4e422e504552534f4e414c414d542e4445
- (8) Thu May 24 17:30:30 2018: Debug: FreeRADIUS-Proxied-To = 127.0.0.1
- (8) Thu May 24 17:30:30 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (8) Thu May 24 17:30:30 2018: Debug: State = 0x3c540b463c5d11bc9b9de9eca83b76bb
- (8) Thu May 24 17:30:30 2018: Debug: Framed-MTU = 1480
- (8) Thu May 24 17:30:30 2018: Debug: NAS-IP-Address = 172.20.9.150
- (8) Thu May 24 17:30:30 2018: Debug: NAS-Identifier = "Test"
- (8) Thu May 24 17:30:30 2018: Debug: Service-Type = Framed-User
- (8) Thu May 24 17:30:30 2018: Debug: Framed-Protocol = PPP
- (8) Thu May 24 17:30:30 2018: Debug: NAS-Port = 1
- (8) Thu May 24 17:30:30 2018: Debug: NAS-Port-Type = Ethernet
- (8) Thu May 24 17:30:30 2018: Debug: NAS-Port-Id = "1"
- (8) Thu May 24 17:30:30 2018: Debug: Calling-Station-Id := "00:e0:4c:60:43:20"
- (8) Thu May 24 17:30:30 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (8) Thu May 24 17:30:30 2018: Debug: Tunnel-Type:0 = VLAN
- (8) Thu May 24 17:30:30 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (8) Thu May 24 17:30:30 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (8) Thu May 24 17:30:30 2018: Debug: MS-RAS-Vendor = 11
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0138
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x013a
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0140
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0141
- (8) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0151
- (8) Thu May 24 17:30:30 2018: Debug: Called-Station-Id := "94:18:82:b9:32:80"
- (8) Thu May 24 17:30:30 2018: Debug: Event-Timestamp = "Mai 24 2018 17:30:30 CEST"
- (8) Thu May 24 17:30:30 2018: WARNING: Outer and inner identities are the same. User privacy is compromised.
- (8) Thu May 24 17:30:30 2018: Debug: server packetfence-tunnel {
- (8) Thu May 24 17:30:30 2018: Debug: session-state: No cached attributes
- (8) Thu May 24 17:30:30 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel
- (8) Thu May 24 17:30:30 2018: Debug: authorize {
- (8) Thu May 24 17:30:30 2018: Debug: if ( outer.EAP-Type == TTLS) {
- (8) Thu May 24 17:30:30 2018: Debug: if ( outer.EAP-Type == TTLS) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: policy filter_username {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name) -> TRUE
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (8) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) {
- (8) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: } # if (&User-Name) = notfound
- (8) Thu May 24 17:30:30 2018: Debug: } # policy filter_username = notfound
- (8) Thu May 24 17:30:30 2018: Debug: [mschap] = noop
- (8) Thu May 24 17:30:30 2018: Debug: suffix: Checking for suffix after "@"
- (8) Thu May 24 17:30:30 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (8) Thu May 24 17:30:30 2018: Debug: [suffix] = noop
- (8) Thu May 24 17:30:30 2018: Debug: ntdomain: Checking for prefix before "\"
- (8) Thu May 24 17:30:30 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (8) Thu May 24 17:30:30 2018: Debug: ntdomain: Found realm "null"
- (8) Thu May 24 17:30:30 2018: Debug: ntdomain: Adding Realm = "null"
- (8) Thu May 24 17:30:30 2018: Debug: ntdomain: Authentication realm is LOCAL
- (8) Thu May 24 17:30:30 2018: Debug: [ntdomain] = ok
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'host/Admin-15-NB.PERSONALAMT.DE'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.20.9.150'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Framed-User'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Framed-Protocol'} = &request:Framed-Protocol -> 'PPP'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1480'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'State'} = &request:State -> '0x3c540b463c5d11bc9b9de9eca83b76bb'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '94:18:82:b9:32:80'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '00:e0:4c:60:43:20'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'Test'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Ethernet'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Tunnel-Type'} = &request:Tunnel-Type -> 'VLAN'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Tunnel-Medium-Type'} = &request:Tunnel-Medium-Type -> 'IEEE-802'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Tunnel-Private-Group-Id'} = &request:Tunnel-Private-Group-Id -> '1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Mai 24 2018 17:30:30 CEST'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Connect-Info'} = &request:Connect-Info -> 'CONNECT Ethernet 1000Mbps Full duplex'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x0209005a1a02090055316159b5ecaefb2209298539b2a82fc5ad0000000000000000bee84769b24f2eb26a8e3902bb9448be4a3371baa932ccef00686f73742f41646d696e2d31352d4e422e504552534f4e414c414d542e4445'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id -> '1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} = &request:FreeRADIUS-Proxied-To -> '127.0.0.1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[0] = &request:HP-Capability-Advert -> '0x011a0000000b28'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[1] = &request:HP-Capability-Advert -> '0x011a0000000b2e'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[2] = &request:HP-Capability-Advert -> '0x011a0000000b30'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[3] = &request:HP-Capability-Advert -> '0x011a0000000b3d'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[4] = &request:HP-Capability-Advert -> '0x0138'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[5] = &request:HP-Capability-Advert -> '0x013a'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[6] = &request:HP-Capability-Advert -> '0x0140'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[7] = &request:HP-Capability-Advert -> '0x0141'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[8] = &request:HP-Capability-Advert -> '0x0151'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'MS-RAS-Vendor'} = &request:MS-RAS-Vendor -> '11'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Realm'} = &request:Realm -> 'null'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b28'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b2e'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b30'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b3d'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0138'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x013a'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0140'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0141'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0151'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Ethernet'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:MS-RAS-Vendor = $RAD_REQUEST{'MS-RAS-Vendor'} -> '11'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Framed-User'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '94:18:82:b9:32:80'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:State = $RAD_REQUEST{'State'} -> '0x3c540b463c5d11bc9b9de9eca83b76bb'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:FreeRADIUS-Proxied-To = $RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Tunnel-Type:0 = $RAD_REQUEST{'Tunnel-Type:0'} -> 'VLAN'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Connect-Info = $RAD_REQUEST{'Connect-Info'} -> 'CONNECT Ethernet 1000Mbps Full duplex'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Realm = $RAD_REQUEST{'Realm'} -> 'null'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.20.9.150'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} -> '1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Tunnel-Medium-Type:0 = $RAD_REQUEST{'Tunnel-Medium-Type:0'} -> 'IEEE-802'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '00:e0:4c:60:43:20'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:PacketFence-Domain = $RAD_REQUEST{'PacketFence-Domain'} -> 'LKMRBI'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Framed-Protocol = $RAD_REQUEST{'Framed-Protocol'} -> 'PPP'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Tunnel-Private-Group-Id:0 = $RAD_REQUEST{'Tunnel-Private-Group-Id:0'} -> '1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'host/Admin-15-NB.PERSONALAMT.DE'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'Test'
- (8) Thu May 24 17:30:30 2018: ERROR: packetfence-multi-domain: Failed to create pair - failed to parse time string "Mai 24 2018 17:30:30 CEST"
- (8) Thu May 24 17:30:30 2018: ERROR: packetfence-multi-domain: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Mai 24 2018 17:30:30 CEST'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x0209005a1a02090055316159b5ecaefb2209298539b2a82fc5ad0000000000000000bee84769b24f2eb26a8e3902bb9448be4a3371baa932ccef00686f73742f41646d696e2d31352d4e422e504552534f4e414c414d542e4445'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1480'
- (8) Thu May 24 17:30:30 2018: Debug: [packetfence-multi-domain] = updated
- (8) Thu May 24 17:30:30 2018: Debug: update control {
- (8) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (8) Thu May 24 17:30:30 2018: Debug: eap: Peer sent EAP Response (code 2) ID 9 length 90
- (8) Thu May 24 17:30:30 2018: Debug: eap: No EAP Start, assuming it's an on-going EAP conversation
- (8) Thu May 24 17:30:30 2018: Debug: [eap] = updated
- (8) Thu May 24 17:30:30 2018: Debug: policy rewrite_called_station_id {
- (8) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (8) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE
- (8) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (8) Thu May 24 17:30:30 2018: Debug: update request {
- (8) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (8) Thu May 24 17:30:30 2018: Debug: --> 94:18:82:b9:32:80
- (8) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (8) Thu May 24 17:30:30 2018: Debug: if ("%{8}") {
- (8) Thu May 24 17:30:30 2018: Debug: EXPAND %{8}
- (8) Thu May 24 17:30:30 2018: Debug: -->
- (8) Thu May 24 17:30:30 2018: Debug: if ("%{8}") -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
- (8) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) {
- (8) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
- (8) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (8) Thu May 24 17:30:30 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated
- (8) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (8) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_called_station_id = updated
- (8) Thu May 24 17:30:30 2018: Debug: [pap] = noop
- (8) Thu May 24 17:30:30 2018: Debug: } # authorize = updated
- (8) Thu May 24 17:30:30 2018: WARNING: You set Proxy-To-Realm = local, but it is a LOCAL realm! Cancelling proxy request.
- (8) Thu May 24 17:30:30 2018: Debug: Found Auth-Type = eap
- (8) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel
- (8) Thu May 24 17:30:30 2018: Debug: authenticate {
- (8) Thu May 24 17:30:30 2018: Debug: eap: Expiring EAP session with state 0x3c540b463c5d11bc
- (8) Thu May 24 17:30:30 2018: Debug: eap: Finished EAP session with state 0x3c540b463c5d11bc
- (8) Thu May 24 17:30:30 2018: Debug: eap: Previous EAP request found for state 0x3c540b463c5d11bc, released from the list
- (8) Thu May 24 17:30:30 2018: Debug: eap: Peer sent packet with method EAP MSCHAPv2 (26)
- (8) Thu May 24 17:30:30 2018: Debug: eap: Calling submodule eap_mschapv2 to process data
- (8) Thu May 24 17:30:30 2018: Debug: eap_mschapv2: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel
- (8) Thu May 24 17:30:30 2018: Debug: eap_mschapv2: Auth-Type MS-CHAP {
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'host/Admin-15-NB.PERSONALAMT.DE'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.20.9.150'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Framed-User'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'Framed-Protocol'} = &request:Framed-Protocol -> 'PPP'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1480'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'State'} = &request:State -> '0x3c540b463c5d11bc9b9de9eca83b76bb'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '94:18:82:b9:32:80'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '00:e0:4c:60:43:20'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'Test'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Ethernet'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'Tunnel-Type'} = &request:Tunnel-Type -> 'VLAN'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'Tunnel-Medium-Type'} = &request:Tunnel-Medium-Type -> 'IEEE-802'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'Tunnel-Private-Group-Id'} = &request:Tunnel-Private-Group-Id -> '1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Jan 1 1970 01:00:00 CET'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'Connect-Info'} = &request:Connect-Info -> 'CONNECT Ethernet 1000Mbps Full duplex'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x0209005a1a02090055316159b5ecaefb2209298539b2a82fc5ad0000000000000000bee84769b24f2eb26a8e3902bb9448be4a3371baa932ccef00686f73742f41646d696e2d31352d4e422e504552534f4e414c414d542e4445'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id -> '1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} = &request:FreeRADIUS-Proxied-To -> '127.0.0.1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'HP-Capability-Advert'}[0] = &request:HP-Capability-Advert -> '0x011a0000000b28'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'HP-Capability-Advert'}[1] = &request:HP-Capability-Advert -> '0x011a0000000b2e'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'HP-Capability-Advert'}[2] = &request:HP-Capability-Advert -> '0x011a0000000b30'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'HP-Capability-Advert'}[3] = &request:HP-Capability-Advert -> '0x011a0000000b3d'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'HP-Capability-Advert'}[4] = &request:HP-Capability-Advert -> '0x0138'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'HP-Capability-Advert'}[5] = &request:HP-Capability-Advert -> '0x013a'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'HP-Capability-Advert'}[6] = &request:HP-Capability-Advert -> '0x0140'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'HP-Capability-Advert'}[7] = &request:HP-Capability-Advert -> '0x0141'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'HP-Capability-Advert'}[8] = &request:HP-Capability-Advert -> '0x0151'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'MS-RAS-Vendor'} = &request:MS-RAS-Vendor -> '11'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'MS-CHAP-Challenge'} = &request:MS-CHAP-Challenge -> '0xcdf91c10176e1e591aaaba0ec7e8ec7c'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'MS-CHAP2-Response'} = &request:MS-CHAP2-Response -> '0x096f6159b5ecaefb2209298539b2a82fc5ad0000000000000000bee84769b24f2eb26a8e3902bb9448be4a3371baa932ccef'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'EAP-Type'} = &request:EAP-Type -> 'MSCHAPv2'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'Realm'} = &request:Realm -> 'null'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'MS-CHAP-User-Name'} = &request:MS-CHAP-User-Name -> 'host/Admin-15-NB.PERSONALAMT.DE'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_REQUEST{'PacketFence-Domain'} = &request:PacketFence-Domain -> 'LKMRBI'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'eap'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_CHECK{'Proxy-To-Realm'} = &control:Proxy-To-Realm -> 'LOCAL'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'eap'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: $RAD_CONFIG{'Proxy-To-Realm'} = &control:Proxy-To-Realm -> 'LOCAL'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b28'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b2e'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b30'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b3d'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0138'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x013a'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0140'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0141'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0151'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Ethernet'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:MS-RAS-Vendor = $RAD_REQUEST{'MS-RAS-Vendor'} -> '11'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Framed-User'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '94:18:82:b9:32:80'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:State = $RAD_REQUEST{'State'} -> '0x3c540b463c5d11bc9b9de9eca83b76bb'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:FreeRADIUS-Proxied-To = $RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:Tunnel-Type:0 = $RAD_REQUEST{'Tunnel-Type:0'} -> 'VLAN'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:Connect-Info = $RAD_REQUEST{'Connect-Info'} -> 'CONNECT Ethernet 1000Mbps Full duplex'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:Realm = $RAD_REQUEST{'Realm'} -> 'null'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:EAP-Type = $RAD_REQUEST{'EAP-Type'} -> 'MSCHAPv2'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.20.9.150'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} -> '1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:Tunnel-Medium-Type:0 = $RAD_REQUEST{'Tunnel-Medium-Type:0'} -> 'IEEE-802'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '00:e0:4c:60:43:20'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:MS-CHAP-User-Name = $RAD_REQUEST{'MS-CHAP-User-Name'} -> 'host/Admin-15-NB.PERSONALAMT.DE'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:MS-CHAP-Challenge = $RAD_REQUEST{'MS-CHAP-Challenge'} -> '0xcdf91c10176e1e591aaaba0ec7e8ec7c'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:PacketFence-Domain = $RAD_REQUEST{'PacketFence-Domain'} -> 'LKMRBI'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:Framed-Protocol = $RAD_REQUEST{'Framed-Protocol'} -> 'PPP'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:Tunnel-Private-Group-Id:0 = $RAD_REQUEST{'Tunnel-Private-Group-Id:0'} -> '1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'host/Admin-15-NB.PERSONALAMT.DE'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'Test'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Jan 1 1970 01:00:00 CET'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x0209005a1a02090055316159b5ecaefb2209298539b2a82fc5ad0000000000000000bee84769b24f2eb26a8e3902bb9448be4a3371baa932ccef00686f73742f41646d696e2d31352d4e422e504552534f4e414c414d542e4445'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:MS-CHAP2-Response = $RAD_REQUEST{'MS-CHAP2-Response'} -> '0x096f6159b5ecaefb2209298539b2a82fc5ad0000000000000000bee84769b24f2eb26a8e3902bb9448be4a3371baa932ccef'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '1'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1480'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'eap'
- (8) Thu May 24 17:30:30 2018: Debug: packetfence: &control:Proxy-To-Realm = $RAD_CHECK{'Proxy-To-Realm'} -> 'LOCAL'
- (8) Thu May 24 17:30:30 2018: Debug: [packetfence] = noop
- (8) Thu May 24 17:30:30 2018: Debug: if (&control:NT-Password && &control:NT-Password != "") {
- (8) Thu May 24 17:30:30 2018: Debug: if (&control:NT-Password && &control:NT-Password != "") -> FALSE
- (8) Thu May 24 17:30:30 2018: Debug: else {
- (8) Thu May 24 17:30:30 2018: Debug: policy packetfence-mschap-authenticate {
- (8) Thu May 24 17:30:30 2018: Debug: if (PacketFence-Domain) {
- (8) Thu May 24 17:30:30 2018: Debug: if (PacketFence-Domain) -> TRUE
- (8) Thu May 24 17:30:30 2018: Debug: if (PacketFence-Domain) {
- (8) Thu May 24 17:30:30 2018: Debug: if ( "%{User-Name}" =~ /^host\/.*/) {
- (8) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (8) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (8) Thu May 24 17:30:30 2018: Debug: if ( "%{User-Name}" =~ /^host\/.*/) -> TRUE
- (8) Thu May 24 17:30:30 2018: Debug: if ( "%{User-Name}" =~ /^host\/.*/) {
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: Creating challenge hash with username: host/Admin-15-NB.PERSONALAMT.DE
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: Client is using MS-CHAPv2
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: Executing: /usr/bin/sudo /usr/sbin/chroot /chroots/%{PacketFence-Domain} /usr/local/pf/bin/ntlm_auth_wrapper -- Â Â Â Â --request-nt-key --username=%{mschap:User-Name:-None} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}:
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: EXPAND /chroots/%{PacketFence-Domain}
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: --> /chroots/LKMRBI
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: EXPAND --username=%{mschap:User-Name:-None}
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: --> --username=Admin-15-NB$
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: Creating challenge hash with username: host/Admin-15-NB.PERSONALAMT.DE
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: EXPAND --challenge=%{mschap:Challenge:-00}
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: --> --challenge=0d1410748d2ee087
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: EXPAND --nt-response=%{mschap:NT-Response:-00}
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: --> --nt-response=bee84769b24f2eb26a8e3902bb9448be4a3371baa932ccef
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: Program returned code (0) and output 'NT_KEY: 9238003533F2707D4BA51680D501B17B'
- (8) Thu May 24 17:30:30 2018: Debug: chrooted_mschap_machine: Adding MS-CHAPv2 MPPE keys
- (8) Thu May 24 17:30:30 2018: Debug: [chrooted_mschap_machine] = ok
- (8) Thu May 24 17:30:30 2018: Debug: } # if ( "%{User-Name}" =~ /^host\/.*/) = ok
- (8) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (8) Thu May 24 17:30:30 2018: Debug: } # if (PacketFence-Domain) = ok
- (8) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (8) Thu May 24 17:30:30 2018: Debug: } # policy packetfence-mschap-authenticate = ok
- (8) Thu May 24 17:30:30 2018: Debug: } # else = ok
- (8) Thu May 24 17:30:30 2018: Debug: } # Auth-Type MS-CHAP = ok
- (8) Thu May 24 17:30:30 2018: Debug: MSCHAP Success
- (8) Thu May 24 17:30:30 2018: Debug: eap: Sending EAP Request (code 1) ID 10 length 51
- (8) Thu May 24 17:30:30 2018: Debug: eap: EAP session adding &reply:State = 0x3c540b463d5e11bc
- (8) Thu May 24 17:30:30 2018: Debug: [eap] = handled
- (8) Thu May 24 17:30:30 2018: Debug: } # authenticate = handled
- (8) Thu May 24 17:30:30 2018: Debug: } # server packetfence-tunnel
- (8) Thu May 24 17:30:30 2018: Debug: Virtual server sending reply
- (8) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x010a00331a0309002e533d30394632373546394339393343453935314134424530343143343544313131333939454439443145
- (8) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (8) Thu May 24 17:30:30 2018: Debug: State = 0x3c540b463d5e11bc9b9de9eca83b76bb
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Got tunneled reply code 11
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: EAP-Message = 0x010a00331a0309002e533d30394632373546394339393343453935314134424530343143343544313131333939454439443145
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: State = 0x3c540b463d5e11bc9b9de9eca83b76bb
- (8) Thu May 24 17:30:30 2018: Debug: eap_peap: Got tunneled Access-Challenge
- (8) Thu May 24 17:30:30 2018: Debug: eap: Sending EAP Request (code 1) ID 10 length 82
- (8) Thu May 24 17:30:30 2018: Debug: eap: EAP session adding &reply:State = 0x49c411c241ce082f
- (8) Thu May 24 17:30:30 2018: Debug: [eap] = handled
- (8) Thu May 24 17:30:30 2018: Debug: } # authenticate = handled
- (8) Thu May 24 17:30:30 2018: Debug: Using Post-Auth-Type Challenge
- (8) Thu May 24 17:30:30 2018: Debug: Post-Auth-Type sub-section not found. Ignoring.
- (8) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (8) Thu May 24 17:30:30 2018: Debug: Sent Access-Challenge Id 45 from 172.20.5.3:1812 to 172.20.5.79:52628 length 0
- (8) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x010a005219001703030047c204d6dc726b81dd07bdc2f29d1b871755f0e3c2803973b98daa082477ae639163c200fb1056db60fca4f92576f381118b5e69f851e4d690c42ecec8446757950ef1df41010fa0
- (8) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (8) Thu May 24 17:30:30 2018: Debug: State = 0x49c411c241ce082fb3b3797cce5894f4
- (8) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3232
- (8) Thu May 24 17:30:30 2018: Debug: Finished request
- (9) Thu May 24 17:30:30 2018: Debug: Received Access-Request Id 195 from 172.20.5.79:52628 to 172.20.5.3:1812 length 391
- (9) Thu May 24 17:30:30 2018: Debug: Framed-MTU = 1480
- (9) Thu May 24 17:30:30 2018: Debug: NAS-IP-Address = 172.20.9.150
- (9) Thu May 24 17:30:30 2018: Debug: NAS-Identifier = "Test"
- (9) Thu May 24 17:30:30 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (9) Thu May 24 17:30:30 2018: Debug: Service-Type = Framed-User
- (9) Thu May 24 17:30:30 2018: Debug: Framed-Protocol = PPP
- (9) Thu May 24 17:30:30 2018: Debug: NAS-Port = 1
- (9) Thu May 24 17:30:30 2018: Debug: NAS-Port-Type = Ethernet
- (9) Thu May 24 17:30:30 2018: Debug: NAS-Port-Id = "1"
- (9) Thu May 24 17:30:30 2018: Debug: Called-Station-Id = "94-18-82-b9-32-80"
- (9) Thu May 24 17:30:30 2018: Debug: Calling-Station-Id = "00-e0-4c-60-43-20"
- (9) Thu May 24 17:30:30 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (9) Thu May 24 17:30:30 2018: Debug: Tunnel-Type:0 = VLAN
- (9) Thu May 24 17:30:30 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (9) Thu May 24 17:30:30 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (9) Thu May 24 17:30:30 2018: Debug: State = 0x49c411c241ce082fb3b3797cce5894f4
- (9) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x020a00251900170303001a0000000000000003f85f904f5b005d854c2ef032be778bffdd0e
- (9) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x02de20183a7587ca0dbadf2398e2e22b
- (9) Thu May 24 17:30:30 2018: Debug: MS-RAS-Vendor = 11
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0138
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x013a
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0140
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0141
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0151
- (9) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3233
- (9) Thu May 24 17:30:30 2018: Debug: session-state: No cached attributes
- (9) Thu May 24 17:30:30 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence
- (9) Thu May 24 17:30:30 2018: Debug: authorize {
- (9) Thu May 24 17:30:30 2018: Debug: update {
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{Packet-Src-IP-Address}
- (9) Thu May 24 17:30:30 2018: Debug: --> 172.20.5.79
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %l
- (9) Thu May 24 17:30:30 2018: Debug: --> 1527175830
- (9) Thu May 24 17:30:30 2018: Debug: } # update = noop
- (9) Thu May 24 17:30:30 2018: Debug: policy packetfence-set-tenant-id {
- (9) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0}
- (9) Thu May 24 17:30:30 2018: Debug: --> 0
- (9) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
- (9) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (9) Thu May 24 17:30:30 2018: Debug: update control {
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (9) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (9) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (9) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '172.20.5.79'), 0)
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)}
- (9) Thu May 24 17:30:30 2018: Debug: --> 0
- (9) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (9) Thu May 24 17:30:30 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
- (9) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (9) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> TRUE
- (9) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (9) Thu May 24 17:30:30 2018: Debug: update control {
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (9) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (9) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (9) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('172.20.5.79') and INET_ATON('172.20.5.79') <= end_ip order by range_length limit 1), 1)
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('%{Packet-Src-IP-Address}') and INET_ATON('%{Packet-Src-IP-Address}') <= end_ip order by range_length limit 1), 1)}
- (9) Thu May 24 17:30:30 2018: Debug: --> 1
- (9) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (9) Thu May 24 17:30:30 2018: Debug: } # if ( &control:PacketFence-Tenant-Id == 0 ) = noop
- (9) Thu May 24 17:30:30 2018: Debug: } # policy packetfence-set-tenant-id = noop
- (9) Thu May 24 17:30:30 2018: Debug: policy rewrite_calling_station_id {
- (9) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
- (9) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (9) Thu May 24 17:30:30 2018: Debug: update request {
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (9) Thu May 24 17:30:30 2018: Debug: --> 00:e0:4c:60:43:20
- (9) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (9) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (9) Thu May 24 17:30:30 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
- (9) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (9) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_calling_station_id = updated
- (9) Thu May 24 17:30:30 2018: Debug: policy rewrite_called_station_id {
- (9) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (9) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE
- (9) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (9) Thu May 24 17:30:30 2018: Debug: update request {
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (9) Thu May 24 17:30:30 2018: Debug: --> 94:18:82:b9:32:80
- (9) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (9) Thu May 24 17:30:30 2018: Debug: if ("%{8}") {
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{8}
- (9) Thu May 24 17:30:30 2018: Debug: -->
- (9) Thu May 24 17:30:30 2018: Debug: if ("%{8}") -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
- (9) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) {
- (9) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
- (9) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (9) Thu May 24 17:30:30 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated
- (9) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (9) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_called_station_id = updated
- (9) Thu May 24 17:30:30 2018: Debug: policy filter_username {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name) -> TRUE
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (9) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: } # if (&User-Name) = updated
- (9) Thu May 24 17:30:30 2018: Debug: } # policy filter_username = updated
- (9) Thu May 24 17:30:30 2018: Debug: policy filter_password {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: } # policy filter_password = updated
- (9) Thu May 24 17:30:30 2018: Debug: [preprocess] = ok
- (9) Thu May 24 17:30:30 2018: Debug: suffix: Checking for suffix after "@"
- (9) Thu May 24 17:30:30 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (9) Thu May 24 17:30:30 2018: Debug: [suffix] = noop
- (9) Thu May 24 17:30:30 2018: Debug: ntdomain: Checking for prefix before "\"
- (9) Thu May 24 17:30:30 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (9) Thu May 24 17:30:30 2018: Debug: ntdomain: Found realm "null"
- (9) Thu May 24 17:30:30 2018: Debug: ntdomain: Adding Realm = "null"
- (9) Thu May 24 17:30:30 2018: Debug: ntdomain: Authentication realm is LOCAL
- (9) Thu May 24 17:30:30 2018: Debug: [ntdomain] = ok
- (9) Thu May 24 17:30:30 2018: Debug: eap: Peer sent EAP Response (code 2) ID 10 length 37
- (9) Thu May 24 17:30:30 2018: Debug: eap: Continuing tunnel setup
- (9) Thu May 24 17:30:30 2018: Debug: [eap] = ok
- (9) Thu May 24 17:30:30 2018: Debug: } # authorize = ok
- (9) Thu May 24 17:30:30 2018: Debug: Found Auth-Type = eap
- (9) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (9) Thu May 24 17:30:30 2018: Debug: authenticate {
- (9) Thu May 24 17:30:30 2018: Debug: eap: Expiring EAP session with state 0x3c540b463d5e11bc
- (9) Thu May 24 17:30:30 2018: Debug: eap: Finished EAP session with state 0x49c411c241ce082f
- (9) Thu May 24 17:30:30 2018: Debug: eap: Previous EAP request found for state 0x49c411c241ce082f, released from the list
- (9) Thu May 24 17:30:30 2018: Debug: eap: Peer sent packet with method EAP PEAP (25)
- (9) Thu May 24 17:30:30 2018: Debug: eap: Calling submodule eap_peap to process data
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Continuing EAP-TLS
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls verify] = ok
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Done initial handshake
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls process] = ok
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Session established. Decoding tunneled attributes
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: PEAP state phase2
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: EAP method MSCHAPv2 (26)
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Got tunneled request
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: EAP-Message = 0x020a00061a03
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Setting User-Name to host/Admin-15-NB.PERSONALAMT.DE
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Sending tunneled request to packetfence-tunnel
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: EAP-Message = 0x020a00061a03
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: State = 0x3c540b463d5e11bc9b9de9eca83b76bb
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Framed-MTU = 1480
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-IP-Address = 172.20.9.150
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-Identifier = "Test"
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Service-Type = Framed-User
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Framed-Protocol = PPP
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-Port = 1
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-Port-Type = Ethernet
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: NAS-Port-Id = "1"
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Calling-Station-Id := "00:e0:4c:60:43:20"
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Type:0 = VLAN
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Medium-Type:0 = IEEE-802
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Private-Group-Id:0 = "1"
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: MS-RAS-Vendor = 11
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x011a0000000b28
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x011a0000000b2e
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x011a0000000b30
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x011a0000000b3d
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x0138
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x013a
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x0140
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x0141
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: HP-Capability-Advert = 0x0151
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Called-Station-Id := "94:18:82:b9:32:80"
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Event-Timestamp = "Mai 24 2018 17:30:30 CEST"
- (9) Thu May 24 17:30:30 2018: Debug: Virtual server packetfence-tunnel received request
- (9) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x020a00061a03
- (9) Thu May 24 17:30:30 2018: Debug: FreeRADIUS-Proxied-To = 127.0.0.1
- (9) Thu May 24 17:30:30 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (9) Thu May 24 17:30:30 2018: Debug: State = 0x3c540b463d5e11bc9b9de9eca83b76bb
- (9) Thu May 24 17:30:30 2018: Debug: Framed-MTU = 1480
- (9) Thu May 24 17:30:30 2018: Debug: NAS-IP-Address = 172.20.9.150
- (9) Thu May 24 17:30:30 2018: Debug: NAS-Identifier = "Test"
- (9) Thu May 24 17:30:30 2018: Debug: Service-Type = Framed-User
- (9) Thu May 24 17:30:30 2018: Debug: Framed-Protocol = PPP
- (9) Thu May 24 17:30:30 2018: Debug: NAS-Port = 1
- (9) Thu May 24 17:30:30 2018: Debug: NAS-Port-Type = Ethernet
- (9) Thu May 24 17:30:30 2018: Debug: NAS-Port-Id = "1"
- (9) Thu May 24 17:30:30 2018: Debug: Calling-Station-Id := "00:e0:4c:60:43:20"
- (9) Thu May 24 17:30:30 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (9) Thu May 24 17:30:30 2018: Debug: Tunnel-Type:0 = VLAN
- (9) Thu May 24 17:30:30 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (9) Thu May 24 17:30:30 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (9) Thu May 24 17:30:30 2018: Debug: MS-RAS-Vendor = 11
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0138
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x013a
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0140
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0141
- (9) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0151
- (9) Thu May 24 17:30:30 2018: Debug: Called-Station-Id := "94:18:82:b9:32:80"
- (9) Thu May 24 17:30:30 2018: Debug: Event-Timestamp = "Mai 24 2018 17:30:30 CEST"
- (9) Thu May 24 17:30:30 2018: WARNING: Outer and inner identities are the same. User privacy is compromised.
- (9) Thu May 24 17:30:30 2018: Debug: server packetfence-tunnel {
- (9) Thu May 24 17:30:30 2018: Debug: session-state: No cached attributes
- (9) Thu May 24 17:30:30 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel
- (9) Thu May 24 17:30:30 2018: Debug: authorize {
- (9) Thu May 24 17:30:30 2018: Debug: if ( outer.EAP-Type == TTLS) {
- (9) Thu May 24 17:30:30 2018: Debug: if ( outer.EAP-Type == TTLS) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: policy filter_username {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name) -> TRUE
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (9) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: } # if (&User-Name) = notfound
- (9) Thu May 24 17:30:30 2018: Debug: } # policy filter_username = notfound
- (9) Thu May 24 17:30:30 2018: Debug: [mschap] = noop
- (9) Thu May 24 17:30:30 2018: Debug: suffix: Checking for suffix after "@"
- (9) Thu May 24 17:30:30 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (9) Thu May 24 17:30:30 2018: Debug: [suffix] = noop
- (9) Thu May 24 17:30:30 2018: Debug: ntdomain: Checking for prefix before "\"
- (9) Thu May 24 17:30:30 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (9) Thu May 24 17:30:30 2018: Debug: ntdomain: Found realm "null"
- (9) Thu May 24 17:30:30 2018: Debug: ntdomain: Adding Realm = "null"
- (9) Thu May 24 17:30:30 2018: Debug: ntdomain: Authentication realm is LOCAL
- (9) Thu May 24 17:30:30 2018: Debug: [ntdomain] = ok
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'host/Admin-15-NB.PERSONALAMT.DE'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '172.20.9.150'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '1'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Framed-User'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Framed-Protocol'} = &request:Framed-Protocol -> 'PPP'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Framed-MTU'} = &request:Framed-MTU -> '1480'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'State'} = &request:State -> '0x3c540b463d5e11bc9b9de9eca83b76bb'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Called-Station-Id'} = &request:Called-Station-Id -> '94:18:82:b9:32:80'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '00:e0:4c:60:43:20'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'Test'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Ethernet'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Tunnel-Type'} = &request:Tunnel-Type -> 'VLAN'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Tunnel-Medium-Type'} = &request:Tunnel-Medium-Type -> 'IEEE-802'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Tunnel-Private-Group-Id'} = &request:Tunnel-Private-Group-Id -> '1'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Mai 24 2018 17:30:30 CEST'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Connect-Info'} = &request:Connect-Info -> 'CONNECT Ethernet 1000Mbps Full duplex'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020a00061a03'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id -> '1'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} = &request:FreeRADIUS-Proxied-To -> '127.0.0.1'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[0] = &request:HP-Capability-Advert -> '0x011a0000000b28'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[1] = &request:HP-Capability-Advert -> '0x011a0000000b2e'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[2] = &request:HP-Capability-Advert -> '0x011a0000000b30'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[3] = &request:HP-Capability-Advert -> '0x011a0000000b3d'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[4] = &request:HP-Capability-Advert -> '0x0138'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[5] = &request:HP-Capability-Advert -> '0x013a'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[6] = &request:HP-Capability-Advert -> '0x0140'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[7] = &request:HP-Capability-Advert -> '0x0141'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'HP-Capability-Advert'}[8] = &request:HP-Capability-Advert -> '0x0151'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'MS-RAS-Vendor'} = &request:MS-RAS-Vendor -> '11'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: $RAD_REQUEST{'Realm'} = &request:Realm -> 'null'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b28'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b2e'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b30'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x011a0000000b3d'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0138'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x013a'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0140'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0141'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:HP-Capability-Advert += $RAD_REQUEST{'HP-Capability-Advert'} -> '0x0151'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Ethernet'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:MS-RAS-Vendor = $RAD_REQUEST{'MS-RAS-Vendor'} -> '11'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Framed-User'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} -> '94:18:82:b9:32:80'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:State = $RAD_REQUEST{'State'} -> '0x3c540b463d5e11bc9b9de9eca83b76bb'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:FreeRADIUS-Proxied-To = $RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Tunnel-Type:0 = $RAD_REQUEST{'Tunnel-Type:0'} -> 'VLAN'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Connect-Info = $RAD_REQUEST{'Connect-Info'} -> 'CONNECT Ethernet 1000Mbps Full duplex'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Realm = $RAD_REQUEST{'Realm'} -> 'null'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '172.20.9.150'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} -> '1'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Tunnel-Medium-Type:0 = $RAD_REQUEST{'Tunnel-Medium-Type:0'} -> 'IEEE-802'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '00:e0:4c:60:43:20'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:PacketFence-Domain = $RAD_REQUEST{'PacketFence-Domain'} -> 'LKMRBI'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Framed-Protocol = $RAD_REQUEST{'Framed-Protocol'} -> 'PPP'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Tunnel-Private-Group-Id:0 = $RAD_REQUEST{'Tunnel-Private-Group-Id:0'} -> '1'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'host/Admin-15-NB.PERSONALAMT.DE'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'Test'
- (9) Thu May 24 17:30:30 2018: ERROR: packetfence-multi-domain: Failed to create pair - failed to parse time string "Mai 24 2018 17:30:30 CEST"
- (9) Thu May 24 17:30:30 2018: ERROR: packetfence-multi-domain: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Mai 24 2018 17:30:30 CEST'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020a00061a03'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '1'
- (9) Thu May 24 17:30:30 2018: Debug: packetfence-multi-domain: &request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1480'
- (9) Thu May 24 17:30:30 2018: Debug: [packetfence-multi-domain] = updated
- (9) Thu May 24 17:30:30 2018: Debug: update control {
- (9) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (9) Thu May 24 17:30:30 2018: Debug: eap: Peer sent EAP Response (code 2) ID 10 length 6
- (9) Thu May 24 17:30:30 2018: Debug: eap: No EAP Start, assuming it's an on-going EAP conversation
- (9) Thu May 24 17:30:30 2018: Debug: [eap] = updated
- (9) Thu May 24 17:30:30 2018: Debug: policy rewrite_called_station_id {
- (9) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (9) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE
- (9) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (9) Thu May 24 17:30:30 2018: Debug: update request {
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (9) Thu May 24 17:30:30 2018: Debug: --> 94:18:82:b9:32:80
- (9) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (9) Thu May 24 17:30:30 2018: Debug: if ("%{8}") {
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{8}
- (9) Thu May 24 17:30:30 2018: Debug: -->
- (9) Thu May 24 17:30:30 2018: Debug: if ("%{8}") -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
- (9) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) {
- (9) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
- (9) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (9) Thu May 24 17:30:30 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated
- (9) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (9) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_called_station_id = updated
- (9) Thu May 24 17:30:30 2018: Debug: [pap] = noop
- (9) Thu May 24 17:30:30 2018: Debug: } # authorize = updated
- (9) Thu May 24 17:30:30 2018: WARNING: You set Proxy-To-Realm = local, but it is a LOCAL realm! Cancelling proxy request.
- (9) Thu May 24 17:30:30 2018: Debug: Found Auth-Type = eap
- (9) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel
- (9) Thu May 24 17:30:30 2018: Debug: authenticate {
- (9) Thu May 24 17:30:30 2018: Debug: eap: Expiring EAP session with state 0x3c540b463d5e11bc
- (9) Thu May 24 17:30:30 2018: Debug: eap: Finished EAP session with state 0x3c540b463d5e11bc
- (9) Thu May 24 17:30:30 2018: Debug: eap: Previous EAP request found for state 0x3c540b463d5e11bc, released from the list
- (9) Thu May 24 17:30:30 2018: Debug: eap: Peer sent packet with method EAP MSCHAPv2 (26)
- (9) Thu May 24 17:30:30 2018: Debug: eap: Calling submodule eap_mschapv2 to process data
- (9) Thu May 24 17:30:30 2018: Debug: eap: Sending EAP Success (code 3) ID 10 length 4
- (9) Thu May 24 17:30:30 2018: Debug: eap: Freeing handler
- (9) Thu May 24 17:30:30 2018: Debug: [eap] = ok
- (9) Thu May 24 17:30:30 2018: Debug: } # authenticate = ok
- (9) Thu May 24 17:30:30 2018: Debug: # Executing section post-auth from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel
- (9) Thu May 24 17:30:30 2018: Debug: post-auth {
- (9) Thu May 24 17:30:30 2018: Debug: policy packetfence-set-tenant-id {
- (9) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0}
- (9) Thu May 24 17:30:30 2018: Debug: --> 0
- (9) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
- (9) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (9) Thu May 24 17:30:30 2018: Debug: update control {
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (9) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (9) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (9) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '172.20.5.79'), 0)
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)}
- (9) Thu May 24 17:30:30 2018: Debug: --> 0
- (9) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (9) Thu May 24 17:30:30 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
- (9) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (9) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> TRUE
- (9) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (9) Thu May 24 17:30:30 2018: Debug: update control {
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (9) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (9) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (9) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('172.20.5.79') and INET_ATON('172.20.5.79') <= end_ip order by range_length limit 1), 1)
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('%{Packet-Src-IP-Address}') and INET_ATON('%{Packet-Src-IP-Address}') <= end_ip order by range_length limit 1), 1)}
- (9) Thu May 24 17:30:30 2018: Debug: --> 1
- (9) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (9) Thu May 24 17:30:30 2018: Debug: } # if ( &control:PacketFence-Tenant-Id == 0 ) = noop
- (9) Thu May 24 17:30:30 2018: Debug: } # policy packetfence-set-tenant-id = noop
- (9) Thu May 24 17:30:30 2018: Debug: rest: Expanding URI components
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND http://127.0.0.1:7070
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> http://127.0.0.1:7070
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND //radius/rest/authorize
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> //radius/rest/authorize
- (9) Thu May 24 17:30:30 2018: Debug: rest: Sending HTTP POST to "http://127.0.0.1:7070//radius/rest/authorize"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "User-Name"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "NAS-IP-Address"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "NAS-Port"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "Service-Type"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "Framed-Protocol"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "Framed-MTU"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "State"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "Called-Station-Id"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "Calling-Station-Id"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "NAS-Identifier"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "NAS-Port-Type"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "Tunnel-Type"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "Tunnel-Medium-Type"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "Tunnel-Private-Group-Id"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "Event-Timestamp"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "Connect-Info"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "EAP-Message"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "NAS-Port-Id"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Returning 1012 bytes of JSON data (buffer full or chunk exceeded)
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "NAS-Port-Id"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "FreeRADIUS-Proxied-To"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "HP-Capability-Advert"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "MS-RAS-Vendor"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "EAP-Type"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "Realm"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "SQL-User-Name"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Encoding attribute "PacketFence-Domain"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Processing response header
- (9) Thu May 24 17:30:30 2018: Debug: rest: Status : 100 (Continue)
- (9) Thu May 24 17:30:30 2018: Debug: rest: Continuing...
- (9) Thu May 24 17:30:30 2018: Debug: rest: Processing response header
- (9) Thu May 24 17:30:30 2018: Debug: rest: Status : 200 (OK)
- (9) Thu May 24 17:30:30 2018: Debug: rest: Type : json (application/json)
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-Profile"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND AD
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> AD
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-Profile := "AD"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-Role"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND default
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> default
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-Role := "default"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-Eap-Type"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND 26
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> 26
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-Eap-Type := "26"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "Tunnel-Type"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND 13
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> 13
- (9) Thu May 24 17:30:30 2018: Debug: rest: Tunnel-Type := VLAN
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-AutoReg"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND 1
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> 1
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-AutoReg := "1"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-Authorization-Status"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND allow
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> allow
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-Authorization-Status := "allow"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "Tunnel-Private-Group-ID"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND 1
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> 1
- (9) Thu May 24 17:30:30 2018: Debug: rest: Tunnel-Private-Group-Id := "1"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-Request-Time"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND 1527175830
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> 1527175830
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-Request-Time := 1527175830
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-Switch-Ip-Address"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND 172.20.9.150
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> 172.20.9.150
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-Switch-Ip-Address := "172.20.9.150"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-IsPhone"
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-IsPhone := ""
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-UserName"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND host/Admin-15-NB.PERSONALAMT.DE
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> host/Admin-15-NB.PERSONALAMT.DE
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-UserName := "host/Admin-15-NB.PERSONALAMT.DE"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-Switch-Mac"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND 94:18:82:b9:32:80
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> 94:18:82:b9:32:80
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-Switch-Mac := "94:18:82:b9:32:80"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-Switch-Id"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND 172.20.9.150
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> 172.20.9.150
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-Switch-Id := "172.20.9.150"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "Tunnel-Medium-Type"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND 6
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> 6
- (9) Thu May 24 17:30:30 2018: Debug: rest: Tunnel-Medium-Type := IEEE-802
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-Computer-Name"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND Admin-15-NB
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> Admin-15-NB
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-Computer-Name := "Admin-15-NB"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-Mac"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND 00:e0:4c:60:43:20
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> 00:e0:4c:60:43:20
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-Mac := "00:e0:4c:60:43:20"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-IfIndex"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND 1
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> 1
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-IfIndex := "1"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-Connection-Type"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND Ethernet-EAP
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> Ethernet-EAP
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-Connection-Type := "Ethernet-EAP"
- (9) Thu May 24 17:30:30 2018: Debug: rest: Parsing attribute "control:PacketFence-Status"
- (9) Thu May 24 17:30:30 2018: Debug: rest: EXPAND reg
- (9) Thu May 24 17:30:30 2018: Debug: rest: --> reg
- (9) Thu May 24 17:30:30 2018: Debug: rest: PacketFence-Status := "reg"
- (9) Thu May 24 17:30:30 2018: Debug: [rest] = updated
- (9) Thu May 24 17:30:30 2018: Debug: update {
- (9) Thu May 24 17:30:30 2018: Debug: } # update = noop
- (9) Thu May 24 17:30:30 2018: Debug: if (&control:PacketFence-Authorization-Status == "deny") {
- (9) Thu May 24 17:30:30 2018: Debug: if (&control:PacketFence-Authorization-Status == "deny") -> FALSE
- (9) Thu May 24 17:30:30 2018: Debug: else {
- (9) Thu May 24 17:30:30 2018: Debug: policy packetfence-audit-log-accept {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name != "dummy") {
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name != "dummy") -> TRUE
- (9) Thu May 24 17:30:30 2018: Debug: if (&User-Name != "dummy") {
- (9) Thu May 24 17:30:30 2018: Debug: policy request-timing {
- (9) Thu May 24 17:30:30 2018: Debug: if (control:PacketFence-Request-Time != 0) {
- (9) Thu May 24 17:30:30 2018: Debug: if (control:PacketFence-Request-Time != 0) -> TRUE
- (9) Thu May 24 17:30:30 2018: Debug: if (control:PacketFence-Request-Time != 0) {
- (9) Thu May 24 17:30:30 2018: Debug: update control {
- (9) Thu May 24 17:30:30 2018: Debug: Not a number at ""
- (9) Thu May 24 17:30:30 2018: Debug: EXPAND %{expr: %{control:PacketFence-Request-Time} - %{control:Tmp-Integer-0}}
- (9) Thu May 24 17:30:30 2018: Debug: -->
- (9) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (9) Thu May 24 17:30:30 2018: Debug: } # if (control:PacketFence-Request-Time != 0) = noop
- (9) Thu May 24 17:30:30 2018: Debug: } # policy request-timing = noop
- (9) Thu May 24 17:30:30 2018: Debug: sql: EXPAND type.accept.query
- (9) Thu May 24 17:30:30 2018: Debug: sql: --> type.accept.query
- (9) Thu May 24 17:30:30 2018: Debug: sql: Using query template 'query'
- (9) Thu May 24 17:30:30 2018: Debug: sql: EXPAND %{User-Name}
- (9) Thu May 24 17:30:30 2018: Debug: sql: --> host/Admin-15-NB.PERSONALAMT.DE
- (9) Thu May 24 17:30:30 2018: Debug: sql: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (9) Thu May 24 17:30:30 2018: Debug: sql: EXPAND INSERT INTO radius_audit_log ( mac, ip, computer_name, user_name, stripped_user_name, realm, event_type, switch_id, switch_mac, switch_ip_address, radius_source_ip_address, called_station_id, calling_station_id, nas_port_type, ssid, nas_port_id, ifindex, nas_port, connection_type, nas_ip_address, nas_identifier, auth_status, reason, auth_type, eap_type, role, node_status, profile, source, auto_reg, is_phone, pf_domain, uuid, radius_request, radius_reply, request_time, tenant_id) VALUES ( '%{request:Calling-Station-Id}', '%{request:Framed-IP-Address}', '%{%{control:PacketFence-Computer-Name}:-N/A}', '%{request:User-Name}', '%{request:Stripped-User-Name}', '%{request:Realm}', 'Radius-Access-Request', '%{%{control:PacketFence-Switch-Id}:-N/A}', '%{%{control:PacketFence-Switch-Mac}:-N/A}', '%{%{control:PacketFence-Switch-Ip-Address}:-N/A}', '%{Packet-Src-IP-Address}', '%{request:Called-Station-Id}', '%{request:Calling-Station-Id}', '%{request:NAS-Port-Type}', '%{request:Called-Station-SSID}', '%{request:NAS-Port-Id}', '%{%{control:PacketFence-IfIndex}:-N/A}', '%{request:NAS-Port}', '%{%{control:PacketFence-Connection-Type}:-N/A}', '%{request:NAS-IP-Address}', '%{request:NAS-Identifier}', 'Accept', '%{request:Module-Failure-Message}', '%{control:Auth-Type}', '%{request:EAP-Type}', '%{%{control:PacketFence-Role}:-N/A}', '%{%{control:PacketFence-Status}:-N/A}', '%{%{control:PacketFence-Profile}:-N/A}', '%{%{control:PacketFence-Source}:-N/A}', '%{%{control:PacketFence-AutoReg}:-0}', '%{%{control:PacketFence-IsPhone}:-0}', '%{request:PacketFence-Domain}', '', '%{pairs:&request:[*]}','%{pairs:&reply:[*]}', '%{control:PacketFence-Request-Time}', '%{control:PacketFence-Tenant-Id}')
- (9) Thu May 24 17:30:30 2018: Debug: sql: --> INSERT INTO radius_audit_log ( mac, ip, computer_name, user_name, stripped_user_name, realm, event_type, switch_id, switch_mac, switch_ip_address, radius_source_ip_address, called_station_id, calling_station_id, nas_port_type, ssid, nas_port_id, ifindex, nas_port, connection_type, nas_ip_address, nas_identifier, auth_status, reason, auth_type, eap_type, role, node_status, profile, source, auto_reg, is_phone, pf_domain, uuid, radius_request, radius_reply, request_time, tenant_id) VALUES ( '00:e0:4c:60:43:20', '', 'Admin-15-NB', 'host/Admin-15-NB.PERSONALAMT.DE', '', 'null', 'Radius-Access-Request', '172.20.9.150', '94:18:82:b9:32:80', '172.20.9.150', '172.20.5.79', '94:18:82:b9:32:80', '00:e0:4c:60:43:20', 'Ethernet', '', '1', '1', '1', 'Ethernet-EAP', '172.20.9.150', 'Test', 'Accept', '', 'eap', 'MSCHAPv2', 'default', 'reg', 'AD', 'N/A', '1', '0', 'LKMRBI', '', 'User-Name =3D =22host/Admin-15-NB.PERSONALAMT.DE=22=2C NAS-IP-Address =3D 172.20.9.150=2C NAS-Port =3D 1=2C Service-Type =3D Framed-User=2C Framed-Protocol =3D PPP=2C Framed-MTU =3D 1480=2C State =3D 0x3c540b463d5e11bc9b9de9eca83b76bb=2C Called-Station-Id =3D =2294:18:82:b9:32:80=22=2C Calling-Station-Id =3D =2200:e0:4c:60:43:20=22=2C NAS-Identifier =3D =22Test=22=2C NAS-Port-Type =3D Ethernet=2C Tunnel-Type:0 =3D VLAN=2C Tunnel-Medium-Type:0 =3D IEEE-802=2C Tunnel-Private-Group-Id:0 =3D =221=22=2C Event-Timestamp =3D =22Jan 1 1970 01:00:00 CET=22=2C Connect-Info =3D =22CONNECT Ethernet 1000Mbps Full duplex=22=2C EAP-Message =3D 0x020a00061a03=2C NAS-Port-Id =3D =221=22=2C FreeRADIUS-Proxied-To =3D 127.0.0.1=2C HP-Capability-Advert =3D 0x011a0000000b28=2C HP-Capability-Advert =3D 0x011a0000000b2e=2C HP-Capability-Advert =3D 0x011a0000000b30=2C HP-Capability-Advert =3D 0x011a0000000b3d=2C HP-Capability-Advert =3D 0x0138=2C HP-Capability-Advert =3D 0x013a=2C HP-Capability-Advert =3D 0x0140=2C HP-Capability-Advert =3D 0x0141=2C HP-Capability-Advert =3D 0x0151=2C MS-RAS-Vendor =3D 11=2C EAP-Type =3D MSCHAPv2=2C Realm =3D =22null=22=2C PacketFence-Domain =3D =22LKMRBI=22=2C User-Password =3D =22=2A=2A=2A=2A=2A=2A=22=2C SQL-User-Name =3D =22host/Admin-15-NB.PERSONALAMT.DE=22','MS-MPPE-Encryption-Policy =3D Encryption-Required=2C MS-MPPE-Encryption-Types =3D 4=2C MS-MPPE-Send-Key =3D 0x35ed63e74ce1691755c714e79b7a0ede=2C MS-MPPE-Recv-Key =3D 0x7e7adfcaee73aa321bb088e4d809fd78=2C EAP-Message =3D 0x030a0004=2C Message-Authenticator =3D 0x00000000000000000000000000000000=2C User-Name =3D =22host/Admin-15-NB.PERSONALAMT.DE=22=2C Tunnel-Type =3D VLAN=2C Tunnel-Private-Group-Id =3D =221=22=2C Tunnel-Medium-Type =3D IEEE-802', '0', '1')
- (9) Thu May 24 17:30:30 2018: Debug: sql: Executing query: INSERT INTO radius_audit_log ( mac, ip, computer_name, user_name, stripped_user_name, realm, event_type, switch_id, switch_mac, switch_ip_address, radius_source_ip_address, called_station_id, calling_station_id, nas_port_type, ssid, nas_port_id, ifindex, nas_port, connection_type, nas_ip_address, nas_identifier, auth_status, reason, auth_type, eap_type, role, node_status, profile, source, auto_reg, is_phone, pf_domain, uuid, radius_request, radius_reply, request_time, tenant_id) VALUES ( '00:e0:4c:60:43:20', '', 'Admin-15-NB', 'host/Admin-15-NB.PERSONALAMT.DE', '', 'null', 'Radius-Access-Request', '172.20.9.150', '94:18:82:b9:32:80', '172.20.9.150', '172.20.5.79', '94:18:82:b9:32:80', '00:e0:4c:60:43:20', 'Ethernet', '', '1', '1', '1', 'Ethernet-EAP', '172.20.9.150', 'Test', 'Accept', '', 'eap', 'MSCHAPv2', 'default', 'reg', 'AD', 'N/A', '1', '0', 'LKMRBI', '', 'User-Name =3D =22host/Admin-15-NB.PERSONALAMT.DE=22=2C NAS-IP-Address =3D 172.20.9.150=2C NAS-Port =3D 1=2C Service-Type =3D Framed-User=2C Framed-Protocol =3D PPP=2C Framed-MTU =3D 1480=2C State =3D 0x3c540b463d5e11bc9b9de9eca83b76bb=2C Called-Station-Id =3D =2294:18:82:b9:32:80=22=2C Calling-Station-Id =3D =2200:e0:4c:60:43:20=22=2C NAS-Identifier =3D =22Test=22=2C NAS-Port-Type =3D Ethernet=2C Tunnel-Type:0 =3D VLAN=2C Tunnel-Medium-Type:0 =3D IEEE-802=2C Tunnel-Private-Group-Id:0 =3D =221=22=2C Event-Timestamp =3D =22Jan 1 1970 01:00:00 CET=22=2C Connect-Info =3D =22CONNECT Ethernet 1000Mbps Full duplex=22=2C EAP-Message =3D 0x020a00061a03=2C NAS-Port-Id =3D =221=22=2C FreeRADIUS-Proxied-To =3D 127.0.0.1=2C HP-Capability-Advert =3D 0x011a0000000b28=2C HP-Capability-Advert =3D 0x011a0000000b2e=2C HP-Capability-Advert =3D 0x011a0000000b30=2C HP-Capability-Advert =3D 0x011a0000000b3d=2C HP-Capability-Advert =3D 0x0138=2C HP-Capability-Advert =3D 0x013a=2C HP-Capability-Advert =3D 0x0140=2C HP-Capability-Advert =3D 0x0141=2C HP-Capability-Advert =3D 0x0151=2C MS-RAS-Vendor =3D 11=2C EAP-Type =3D MSCHAPv2=2C Realm =3D =22null=22=2C PacketFence-Domain =3D =22LKMRBI=22=2C User-Password =3D =22=2A=2A=2A=2A=2A=2A=22=2C SQL-User-Name =3D =22host/Admin-15-NB.PERSONALAMT.DE=22','MS-MPPE-Encryption-Policy =3D Encryption-Required=2C MS-MPPE-Encryption-Types =3D 4=2C MS-MPPE-Send-Key =3D 0x35ed63e74ce1691755c714e79b7a0ede=2C MS-MPPE-Recv-Key =3D 0x7e7adfcaee73aa321bb088e4d809fd78=2C EAP-Message =3D 0x030a0004=2C Message-Authenticator =3D 0x00000000000000000000000000000000=2C User-Name =3D =22host/Admin-15-NB.PERSONALAMT.DE=22=2C Tunnel-Type =3D VLAN=2C Tunnel-Private-Group-Id =3D =221=22=2C Tunnel-Medium-Type =3D IEEE-802', '0', '1')
- (9) Thu May 24 17:30:30 2018: Debug: sql: SQL query returned: success
- (9) Thu May 24 17:30:30 2018: Debug: sql: 1 record(s) updated
- (9) Thu May 24 17:30:30 2018: Debug: [sql] = ok
- (9) Thu May 24 17:30:30 2018: Debug: } # if (&User-Name != "dummy") = ok
- (9) Thu May 24 17:30:30 2018: Debug: } # policy packetfence-audit-log-accept = ok
- (9) Thu May 24 17:30:30 2018: Debug: } # else = ok
- (9) Thu May 24 17:30:30 2018: Debug: update outer.session-state {
- (9) Thu May 24 17:30:30 2018: Debug: } # update outer.session-state = noop
- (9) Thu May 24 17:30:30 2018: Debug: } # post-auth = updated
- (9) Thu May 24 17:30:30 2018: Debug: } # server packetfence-tunnel
- (9) Thu May 24 17:30:30 2018: Debug: Virtual server sending reply
- (9) Thu May 24 17:30:30 2018: Debug: MS-MPPE-Encryption-Policy = Encryption-Required
- (9) Thu May 24 17:30:30 2018: Debug: MS-MPPE-Encryption-Types = 4
- (9) Thu May 24 17:30:30 2018: Debug: MS-MPPE-Send-Key = 0x35ed63e74ce1691755c714e79b7a0ede
- (9) Thu May 24 17:30:30 2018: Debug: MS-MPPE-Recv-Key = 0x7e7adfcaee73aa321bb088e4d809fd78
- (9) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x030a0004
- (9) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (9) Thu May 24 17:30:30 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (9) Thu May 24 17:30:30 2018: Debug: Tunnel-Type = VLAN
- (9) Thu May 24 17:30:30 2018: Debug: Tunnel-Private-Group-Id = "1"
- (9) Thu May 24 17:30:30 2018: Debug: Tunnel-Medium-Type = IEEE-802
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Got tunneled reply code 2
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: MS-MPPE-Encryption-Policy = Encryption-Required
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: MS-MPPE-Encryption-Types = 4
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: MS-MPPE-Send-Key = 0x35ed63e74ce1691755c714e79b7a0ede
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: MS-MPPE-Recv-Key = 0x7e7adfcaee73aa321bb088e4d809fd78
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: EAP-Message = 0x030a0004
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Type = VLAN
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Private-Group-Id = "1"
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Medium-Type = IEEE-802
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunneled authentication was successful
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: SUCCESS
- (9) Thu May 24 17:30:30 2018: Debug: eap_peap: Saving tunneled attributes for later
- (9) Thu May 24 17:30:30 2018: Debug: eap: Sending EAP Request (code 1) ID 11 length 46
- (9) Thu May 24 17:30:30 2018: Debug: eap: EAP session adding &reply:State = 0x49c411c240cf082f
- (9) Thu May 24 17:30:30 2018: Debug: [eap] = handled
- (9) Thu May 24 17:30:30 2018: Debug: } # authenticate = handled
- (9) Thu May 24 17:30:30 2018: Debug: Using Post-Auth-Type Challenge
- (9) Thu May 24 17:30:30 2018: Debug: Post-Auth-Type sub-section not found. Ignoring.
- (9) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (9) Thu May 24 17:30:30 2018: Debug: Sent Access-Challenge Id 195 from 172.20.5.3:1812 to 172.20.5.79:52628 length 0
- (9) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x010b002e19001703030023c204d6dc726b81dea460e72a3058f76c0954f167b05ed831daa346a94cdf054fec3c1d
- (9) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (9) Thu May 24 17:30:30 2018: Debug: State = 0x49c411c240cf082fb3b3797cce5894f4
- (9) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3233
- (9) Thu May 24 17:30:30 2018: Debug: Finished request
- (10) Thu May 24 17:30:30 2018: Debug: Received Access-Request Id 153 from 172.20.5.79:52628 to 172.20.5.3:1812 length 400
- (10) Thu May 24 17:30:30 2018: Debug: Framed-MTU = 1480
- (10) Thu May 24 17:30:30 2018: Debug: NAS-IP-Address = 172.20.9.150
- (10) Thu May 24 17:30:30 2018: Debug: NAS-Identifier = "Test"
- (10) Thu May 24 17:30:30 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (10) Thu May 24 17:30:30 2018: Debug: Service-Type = Framed-User
- (10) Thu May 24 17:30:30 2018: Debug: Framed-Protocol = PPP
- (10) Thu May 24 17:30:30 2018: Debug: NAS-Port = 1
- (10) Thu May 24 17:30:30 2018: Debug: NAS-Port-Type = Ethernet
- (10) Thu May 24 17:30:30 2018: Debug: NAS-Port-Id = "1"
- (10) Thu May 24 17:30:30 2018: Debug: Called-Station-Id = "94-18-82-b9-32-80"
- (10) Thu May 24 17:30:30 2018: Debug: Calling-Station-Id = "00-e0-4c-60-43-20"
- (10) Thu May 24 17:30:30 2018: Debug: Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
- (10) Thu May 24 17:30:30 2018: Debug: Tunnel-Type:0 = VLAN
- (10) Thu May 24 17:30:30 2018: Debug: Tunnel-Medium-Type:0 = IEEE-802
- (10) Thu May 24 17:30:30 2018: Debug: Tunnel-Private-Group-Id:0 = "1"
- (10) Thu May 24 17:30:30 2018: Debug: State = 0x49c411c240cf082fb3b3797cce5894f4
- (10) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x020b002e190017030300230000000000000004b77df085fba8258708e81f575620c8b880eefae106a939fc14e2cb
- (10) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x8b8a73f4165251a5ad7912c2f4cb0dee
- (10) Thu May 24 17:30:30 2018: Debug: MS-RAS-Vendor = 11
- (10) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b28
- (10) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b2e
- (10) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b30
- (10) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x011a0000000b3d
- (10) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0138
- (10) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x013a
- (10) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0140
- (10) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0141
- (10) Thu May 24 17:30:30 2018: Debug: HP-Capability-Advert = 0x0151
- (10) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3234
- (10) Thu May 24 17:30:30 2018: Debug: session-state: No cached attributes
- (10) Thu May 24 17:30:30 2018: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence
- (10) Thu May 24 17:30:30 2018: Debug: authorize {
- (10) Thu May 24 17:30:30 2018: Debug: update {
- (10) Thu May 24 17:30:30 2018: Debug: EXPAND %{Packet-Src-IP-Address}
- (10) Thu May 24 17:30:30 2018: Debug: --> 172.20.5.79
- (10) Thu May 24 17:30:30 2018: Debug: EXPAND %l
- (10) Thu May 24 17:30:30 2018: Debug: --> 1527175830
- (10) Thu May 24 17:30:30 2018: Debug: } # update = noop
- (10) Thu May 24 17:30:30 2018: Debug: policy packetfence-set-tenant-id {
- (10) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (10) Thu May 24 17:30:30 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0}
- (10) Thu May 24 17:30:30 2018: Debug: --> 0
- (10) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE
- (10) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (10) Thu May 24 17:30:30 2018: Debug: update control {
- (10) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (10) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (10) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (10) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '172.20.5.79'), 0)
- (10) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'), 0)}
- (10) Thu May 24 17:30:30 2018: Debug: --> 0
- (10) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (10) Thu May 24 17:30:30 2018: Debug: } # if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop
- (10) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (10) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> TRUE
- (10) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (10) Thu May 24 17:30:30 2018: Debug: update control {
- (10) Thu May 24 17:30:30 2018: Debug: EXPAND %{User-Name}
- (10) Thu May 24 17:30:30 2018: Debug: --> host/Admin-15-NB.PERSONALAMT.DE
- (10) Thu May 24 17:30:30 2018: Debug: SQL-User-Name set to 'host/Admin-15-NB.PERSONALAMT.DE'
- (10) Thu May 24 17:30:30 2018: Debug: Executing select query: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('172.20.5.79') and INET_ATON('172.20.5.79') <= end_ip order by range_length limit 1), 1)
- (10) Thu May 24 17:30:30 2018: Debug: EXPAND %{sql: SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= INET_ATON('%{Packet-Src-IP-Address}') and INET_ATON('%{Packet-Src-IP-Address}') <= end_ip order by range_length limit 1), 1)}
- (10) Thu May 24 17:30:30 2018: Debug: --> 1
- (10) Thu May 24 17:30:30 2018: Debug: } # update control = noop
- (10) Thu May 24 17:30:30 2018: Debug: } # if ( &control:PacketFence-Tenant-Id == 0 ) = noop
- (10) Thu May 24 17:30:30 2018: Debug: } # policy packetfence-set-tenant-id = noop
- (10) Thu May 24 17:30:30 2018: Debug: policy rewrite_calling_station_id {
- (10) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (10) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
- (10) Thu May 24 17:30:30 2018: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
- (10) Thu May 24 17:30:30 2018: Debug: update request {
- (10) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (10) Thu May 24 17:30:30 2018: Debug: --> 00:e0:4c:60:43:20
- (10) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (10) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (10) Thu May 24 17:30:30 2018: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
- (10) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (10) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_calling_station_id = updated
- (10) Thu May 24 17:30:30 2018: Debug: policy rewrite_called_station_id {
- (10) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (10) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE
- (10) Thu May 24 17:30:30 2018: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) {
- (10) Thu May 24 17:30:30 2018: Debug: update request {
- (10) Thu May 24 17:30:30 2018: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
- (10) Thu May 24 17:30:30 2018: Debug: --> 94:18:82:b9:32:80
- (10) Thu May 24 17:30:30 2018: Debug: } # update request = noop
- (10) Thu May 24 17:30:30 2018: Debug: if ("%{8}") {
- (10) Thu May 24 17:30:30 2018: Debug: EXPAND %{8}
- (10) Thu May 24 17:30:30 2018: Debug: -->
- (10) Thu May 24 17:30:30 2018: Debug: if ("%{8}") -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
- (10) Thu May 24 17:30:30 2018: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) {
- (10) Thu May 24 17:30:30 2018: Debug: elsif (Aruba-Essid-Name) -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
- (10) Thu May 24 17:30:30 2018: Debug: elsif ( (Cisco-AVPair) && "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: [updated] = updated
- (10) Thu May 24 17:30:30 2018: Debug: } # if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) = updated
- (10) Thu May 24 17:30:30 2018: Debug: ... skipping else: Preceding "if" was taken
- (10) Thu May 24 17:30:30 2018: Debug: } # policy rewrite_called_station_id = updated
- (10) Thu May 24 17:30:30 2018: Debug: policy filter_username {
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Name) -> TRUE
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Name) {
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) {
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ / /) -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) {
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) {
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.\./ ) -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (10) Thu May 24 17:30:30 2018: Debug: if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) {
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /\.$/) -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) {
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Name =~ /@\./) -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: } # if (&User-Name) = updated
- (10) Thu May 24 17:30:30 2018: Debug: } # policy filter_username = updated
- (10) Thu May 24 17:30:30 2018: Debug: policy filter_password {
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) {
- (10) Thu May 24 17:30:30 2018: Debug: if (&User-Password && (&User-Password != "%{string:User-Password}")) -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: } # policy filter_password = updated
- (10) Thu May 24 17:30:30 2018: Debug: [preprocess] = ok
- (10) Thu May 24 17:30:30 2018: Debug: suffix: Checking for suffix after "@"
- (10) Thu May 24 17:30:30 2018: Debug: suffix: No '@' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", skipping NULL due to config.
- (10) Thu May 24 17:30:30 2018: Debug: [suffix] = noop
- (10) Thu May 24 17:30:30 2018: Debug: ntdomain: Checking for prefix before "\"
- (10) Thu May 24 17:30:30 2018: Debug: ntdomain: No '\' in User-Name = "host/Admin-15-NB.PERSONALAMT.DE", looking up realm NULL
- (10) Thu May 24 17:30:30 2018: Debug: ntdomain: Found realm "null"
- (10) Thu May 24 17:30:30 2018: Debug: ntdomain: Adding Realm = "null"
- (10) Thu May 24 17:30:30 2018: Debug: ntdomain: Authentication realm is LOCAL
- (10) Thu May 24 17:30:30 2018: Debug: [ntdomain] = ok
- (10) Thu May 24 17:30:30 2018: Debug: eap: Peer sent EAP Response (code 2) ID 11 length 46
- (10) Thu May 24 17:30:30 2018: Debug: eap: Continuing tunnel setup
- (10) Thu May 24 17:30:30 2018: Debug: [eap] = ok
- (10) Thu May 24 17:30:30 2018: Debug: } # authorize = ok
- (10) Thu May 24 17:30:30 2018: Debug: Found Auth-Type = eap
- (10) Thu May 24 17:30:30 2018: Debug: # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
- (10) Thu May 24 17:30:30 2018: Debug: authenticate {
- (10) Thu May 24 17:30:30 2018: Debug: eap: Expiring EAP session with state 0x49c411c240cf082f
- (10) Thu May 24 17:30:30 2018: Debug: eap: Finished EAP session with state 0x49c411c240cf082f
- (10) Thu May 24 17:30:30 2018: Debug: eap: Previous EAP request found for state 0x49c411c240cf082f, released from the list
- (10) Thu May 24 17:30:30 2018: Debug: eap: Peer sent packet with method EAP PEAP (25)
- (10) Thu May 24 17:30:30 2018: Debug: eap: Calling submodule eap_peap to process data
- (10) Thu May 24 17:30:30 2018: Debug: eap_peap: Continuing EAP-TLS
- (10) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls verify] = ok
- (10) Thu May 24 17:30:30 2018: Debug: eap_peap: Done initial handshake
- (10) Thu May 24 17:30:30 2018: Debug: eap_peap: [eaptls process] = ok
- (10) Thu May 24 17:30:30 2018: Debug: eap_peap: Session established. Decoding tunneled attributes
- (10) Thu May 24 17:30:30 2018: Debug: eap_peap: PEAP state send tlv success
- (10) Thu May 24 17:30:30 2018: Debug: eap_peap: Received EAP-TLV response
- (10) Thu May 24 17:30:30 2018: Debug: eap_peap: Success
- (10) Thu May 24 17:30:30 2018: Debug: eap_peap: Using saved attributes from the original Access-Accept
- (10) Thu May 24 17:30:30 2018: Debug: eap_peap: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (10) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Type = VLAN
- (10) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Private-Group-Id = "1"
- (10) Thu May 24 17:30:30 2018: Debug: eap_peap: Tunnel-Medium-Type = IEEE-802
- (10) Thu May 24 17:30:30 2018: Debug: eap: Sending EAP Success (code 3) ID 11 length 4
- (10) Thu May 24 17:30:30 2018: Debug: eap: Freeing handler
- (10) Thu May 24 17:30:30 2018: Debug: [eap] = ok
- (10) Thu May 24 17:30:30 2018: Debug: } # authenticate = ok
- (10) Thu May 24 17:30:30 2018: Debug: # Executing section post-auth from file /usr/local/pf/raddb/sites-enabled/packetfence
- (10) Thu May 24 17:30:30 2018: Debug: post-auth {
- (10) Thu May 24 17:30:30 2018: Debug: update {
- (10) Thu May 24 17:30:30 2018: Debug: EXPAND %{Packet-Src-IP-Address}
- (10) Thu May 24 17:30:30 2018: Debug: --> 172.20.5.79
- (10) Thu May 24 17:30:30 2018: Debug: } # update = noop
- (10) Thu May 24 17:30:30 2018: Debug: policy packetfence-set-tenant-id {
- (10) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
- (10) Thu May 24 17:30:30 2018: Debug: EXPAND %{%{control:PacketFence-Tenant-Id}:-0}
- (10) Thu May 24 17:30:30 2018: Debug: --> 1
- (10) Thu May 24 17:30:30 2018: Debug: if ( "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) {
- (10) Thu May 24 17:30:30 2018: Debug: if ( &control:PacketFence-Tenant-Id == 0 ) -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: } # policy packetfence-set-tenant-id = noop
- (10) Thu May 24 17:30:30 2018: Debug: if (! EAP-Type || (EAP-Type != TTLS && EAP-Type != PEAP) ) {
- (10) Thu May 24 17:30:30 2018: Debug: if (! EAP-Type || (EAP-Type != TTLS && EAP-Type != PEAP) ) -> FALSE
- (10) Thu May 24 17:30:30 2018: Debug: attr_filter.packetfence_post_auth: EXPAND %{User-Name}
- (10) Thu May 24 17:30:30 2018: Debug: attr_filter.packetfence_post_auth: --> host/Admin-15-NB.PERSONALAMT.DE
- (10) Thu May 24 17:30:30 2018: Debug: attr_filter.packetfence_post_auth: Matched entry DEFAULT at line 10
- (10) Thu May 24 17:30:30 2018: Debug: [attr_filter.packetfence_post_auth] = updated
- (10) Thu May 24 17:30:30 2018: Debug: linelog: EXPAND messages.%{%{reply:Packet-Type}:-default}
- (10) Thu May 24 17:30:30 2018: Debug: linelog: --> messages.Access-Accept
- (10) Thu May 24 17:30:30 2018: Debug: linelog: EXPAND [mac:%{Calling-Station-Id}] Accepted user: %{reply:User-Name} and returned VLAN %{reply:Tunnel-Private-Group-ID}
- (10) Thu May 24 17:30:30 2018: Debug: linelog: --> [mac:00:e0:4c:60:43:20] Accepted user: host/Admin-15-NB.PERSONALAMT.DE and returned VLAN 1
- (10) Thu May 24 17:30:30 2018: Debug: [linelog] = ok
- (10) Thu May 24 17:30:30 2018: Debug: } # post-auth = updated
- (10) Thu May 24 17:30:30 2018: Debug: Sent Access-Accept Id 153 from 172.20.5.3:1812 to 172.20.5.79:52628 length 0
- (10) Thu May 24 17:30:30 2018: Debug: User-Name = "host/Admin-15-NB.PERSONALAMT.DE"
- (10) Thu May 24 17:30:30 2018: Debug: Tunnel-Type = VLAN
- (10) Thu May 24 17:30:30 2018: Debug: Tunnel-Private-Group-Id = "1"
- (10) Thu May 24 17:30:30 2018: Debug: Tunnel-Medium-Type = IEEE-802
- (10) Thu May 24 17:30:30 2018: Debug: MS-MPPE-Recv-Key = 0x2db6a2bc6e32acd329e3226d0c9168e0059bb49a5c5aa598555418d839ff1fe5
- (10) Thu May 24 17:30:30 2018: Debug: MS-MPPE-Send-Key = 0x3b4631a53e7ad98da55ea9d10351fd61b79b58d12ba675eca644839050883a59
- (10) Thu May 24 17:30:30 2018: Debug: EAP-Message = 0x030b0004
- (10) Thu May 24 17:30:30 2018: Debug: Message-Authenticator = 0x00000000000000000000000000000000
- (10) Thu May 24 17:30:30 2018: Debug: Proxy-State = 0x3234
- (10) Thu May 24 17:30:30 2018: Debug: Finished request
- (0) Thu May 24 17:30:34 2018: Debug: Cleaning up request packet ID 25 with timestamp +56
- (1) Thu May 24 17:30:34 2018: Debug: Cleaning up request packet ID 8 with timestamp +56
- (2) Thu May 24 17:30:34 2018: Debug: Cleaning up request packet ID 98 with timestamp +56
- (3) Thu May 24 17:30:34 2018: Debug: Cleaning up request packet ID 46 with timestamp +56
- (4) Thu May 24 17:30:35 2018: Debug: Cleaning up request packet ID 200 with timestamp +57
- (5) Thu May 24 17:30:35 2018: Debug: Cleaning up request packet ID 58 with timestamp +57
- (6) Thu May 24 17:30:35 2018: Debug: Cleaning up request packet ID 109 with timestamp +57
- (7) Thu May 24 17:30:35 2018: Debug: Cleaning up request packet ID 213 with timestamp +57
- (8) Thu May 24 17:30:35 2018: Debug: Cleaning up request packet ID 45 with timestamp +57
- (9) Thu May 24 17:30:35 2018: Debug: Cleaning up request packet ID 195 with timestamp +57
- (10) Thu May 24 17:30:35 2018: Debug: Cleaning up request packet ID 153 with timestamp +57
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement