API tools faq
paste
Sergey_Gorshkov

Untitled

Sergey_Gorshkov
Jan 14th, 2021
25
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.18 KB | None | 0 0
raw download clone embed print report
  1. ... new connection request on TCP socket
  2. Listening on auth+acct from client (10.0.191.188, 44882) -> (*, 2083, virtual-server=default)
  3. Waking up in 0.3 seconds.
  4. (0) Initiating new EAP-TLS session
  5. (0) Setting verify mode to require certificate from client
  6. (0) (other): before/accept initialization
  7. (0) TLS_accept: before/accept initialization
  8. (0) <<< recv TLS 1.2 [length 0122]
  9. (0) TLS_accept: SSLv3 read client hello A
  10. (0) >>> send TLS 1.2 [length 003e]
  11. (0) TLS_accept: SSLv3 write server hello A
  12. (0) >>> send TLS 1.2 [length 0893]
  13. (0) TLS_accept: SSLv3 write certificate A
  14. (0) >>> send TLS 1.2 [length 014d]
  15. (0) TLS_accept: SSLv3 write key exchange A
  16. (0) >>> send TLS 1.2 [length 00b8]
  17. (0) TLS_accept: SSLv3 write certificate request A
  18. (0) TLS_accept: SSLv3 flush data
  19. (0) TLS_accept: Need to read more data: SSLv3 read client certificate A
  20. (0) TLS_accept: Need to read more data: SSLv3 read client certificate A
  21. (0) In SSL Handshake Phase
  22. (0) In SSL Accept mode
  23. Waking up in 0.3 seconds.
  24. (0) TLS_accept: Need to read more data: SSLv3 read client certificate A
  25. (0) In SSL Handshake Phase
  26. (0) In SSL Accept mode
  27. (0) SSL Application Data
  28. (0) TLS_accept: Need to read more data: SSLv3 read client certificate A
  29. (0) SSL_read Error
  30. Error in fragmentation logic: SSL_WANT_READ
  31. (0) Application data status 10
  32. Waking up in 0.2 seconds.
  33. (0) <<< recv TLS 1.2 [length 0894]
  34. (0) Creating attributes from certificate OIDs
  35. (0) Creating attributes from certificate OIDs
  36. (0) TLS-Client-Cert-X509v3-Extended-Key-Usage += "TLS Web Client Authentication"
  37. (0) TLS_accept: SSLv3 read client certificate A
  38. (0) <<< recv TLS 1.2 [length 0046]
  39. (0) TLS_accept: SSLv3 read client key exchange A
  40. (0) <<< recv TLS 1.2 [length 0108]
  41. (0) TLS_accept: SSLv3 read certificate verify A
  42. (0) <<< recv TLS 1.2 [length 0001]
  43. (0) <<< recv TLS 1.2 [length 0010]
  44. (0) TLS_accept: SSLv3 read finished A
  45. (0) >>> send TLS 1.2 [length 0001]
  46. (0) TLS_accept: SSLv3 write change cipher spec A
  47. (0) >>> send TLS 1.2 [length 0010]
  48. (0) TLS_accept: SSLv3 write finished A
  49. (0) TLS_accept: SSLv3 flush data
  50. (0) (other): SSL negotiation finished successfully
  51. (0) SSL Connection Established
  52. Waking up in 0.2 seconds.
  53. (0) Application data status 7
  54. (0) tls_recv: Access-Request packet from host 10.0.191.188 port 44882, id=99, length=143
  55. Threads: total/active/spare threads = 5/0/5
  56. Waking up in 0.2 seconds.
  57. Thread 2 got semaphore
  58. Thread 2 handling request 0, (1 handled so far)
  59. (0) Received Access-Request Id 99 from 10.0.191.188:44882 to 0.0.0.0:2083 length 143
  60. (0) Service-Type = Login-User
  61. (0) User-Name = "test"
  62. (0) MS-CHAP-Challenge = 0xdfaaa35a81c0f92156a24b4526de1530
  63. (0) MS-CHAP2-Response = 0x0000498ac236ee8258d0787d2887175316970000000000000000d79dd3a26710c319636a7fed157b53fac18c89f336a11f8e
  64. (0) Calling-Station-Id = "10.255.64.197"
  65. (0) NAS-Identifier = "RADIUS"
  66. (0) NAS-IP-Address = 10.0.191.188
  67. (0) # Executing section authorize from file /etc/raddb/sites-enabled/default
  68. (0) authorize {
  69. (0) policy filter_username {
  70. (0) if (&User-Name) {
  71. (0) if (&User-Name) -> TRUE
  72. (0) if (&User-Name) {
  73. (0) if (&User-Name =~ / /) {
  74. (0) if (&User-Name =~ / /) -> FALSE
  75. (0) if (&User-Name =~ /@[^@]*@/ ) {
  76. (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
  77. (0) if (&User-Name =~ /\.\./ ) {
  78. (0) if (&User-Name =~ /\.\./ ) -> FALSE
  79. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
  80. (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
  81. (0) if (&User-Name =~ /\.$/) {
  82. (0) if (&User-Name =~ /\.$/) -> FALSE
  83. (0) if (&User-Name =~ /@\./) {
  84. (0) if (&User-Name =~ /@\./) -> FALSE
  85. (0) } # if (&User-Name) = notfound
  86. (0) } # policy filter_username = notfound
  87. (0) [preprocess] = ok
  88. (0) [chap] = noop
  89. (0) mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
  90. (0) [mschap] = ok
  91. (0) [digest] = noop
  92. (0) suffix: Checking for suffix after "@"
  93. (0) suffix: No '@' in User-Name = "test", looking up realm NULL
  94. (0) suffix: No such realm "NULL"
  95. (0) [suffix] = noop
  96. (0) eap: No EAP-Message, not doing EAP
  97. (0) [eap] = noop
  98. (0) [files] = noop
  99. (0) sql: EXPAND %{User-Name}
  100. (0) sql: --> test
  101. (0) sql: SQL-User-Name set to 'test'
  102. rlm_sql (sql): Reserved connection (0)
  103. (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
  104. (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id
  105. (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id
  106. (0) sql: User found in radcheck table
  107. (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
  108. (0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority
  109. (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority
  110. (0) sql: User not found in any groups
  111. rlm_sql (sql): Released connection (0)
  112. Need 5 more connections to reach 10 spares
  113. rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
  114. rlm_sql_mysql: Starting connect to MySQL server
  115. rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.68-MariaDB, protocol version 10
  116. (0) [sql] = noop
  117. (0) [expiration] = noop
  118. (0) [logintime] = noop
  119. (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
  120. (0) pap: WARNING: Authentication will fail unless a "known good" password is available
  121. (0) [pap] = noop
  122. (0) } # authorize = ok
  123. (0) Found Auth-Type = mschap
  124. (0) # Executing group from file /etc/raddb/sites-enabled/default
  125. (0) authenticate {
  126. (0) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
  127. (0) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password
  128. (0) mschap: Creating challenge hash with username: test
  129. (0) mschap: Client is using MS-CHAPv2
  130. (0) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication
  131. (0) mschap: ERROR: MS-CHAP2-Response is incorrect
  132. (0) [mschap] = reject
  133. (0) } # authenticate = reject
  134. (0) Failed to authenticate the user
  135. (0) Using Post-Auth-Type Reject
  136. (0) # Executing group from file /etc/raddb/sites-enabled/default
  137. (0) Post-Auth-Type REJECT {
  138. (0) sql: EXPAND .query
  139. (0) sql: --> .query
  140. (0) sql: Using query template 'query'
  141. rlm_sql (sql): Reserved connection (1)
  142. (0) sql: EXPAND %{User-Name}
  143. (0) sql: --> test
  144. (0) sql: SQL-User-Name set to 'test'
  145. (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
  146. (0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test', '', 'Access-Reject', '2021-01-14 21:22:18.708476')
  147. (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test', '', 'Access-Reject', '2021-01-14 21:22:18.708476')
  148. (0) sql: SQL query returned: success
  149. (0) sql: 1 record(s) updated
  150. rlm_sql (sql): Released connection (1)
  151. (0) [sql] = ok
  152. (0) attr_filter.access_reject: EXPAND %{User-Name}
  153. (0) attr_filter.access_reject: --> test
  154. (0) attr_filter.access_reject: Matched entry DEFAULT at line 11
  155. (0) [attr_filter.access_reject] = updated
  156. (0) [eap] = noop
  157. (0) policy remove_reply_message_if_eap {
  158. (0) if (&reply:EAP-Message && &reply:Reply-Message) {
  159. (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
  160. (0) else {
  161. (0) [noop] = noop
  162. (0) } # else = noop
  163. (0) } # policy remove_reply_message_if_eap = noop
  164. (0) } # Post-Auth-Type REJECT = updated
  165. (0) Delaying response for 1.000000 seconds
  166. Thread 2 waiting to be assigned a request
  167. Waking up in 0.6 seconds.
  168. (0) Sending delayed response
  169. (0) Sent Access-Reject Id 99 from 0.0.0.0:2083 to 10.0.191.188:44882 length 101
  170. (0) MS-CHAP-Error = "\000E=691 R=1 C=f1471b270f3ba350c402f0cb9103bc57 V=3 M=Authentication failed"
  171. Waking up in 3.9 seconds.
  172. (0) Cleaning up request packet ID 99 with timestamp +3
  173. Waking up in 24.7 seconds.
  174.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!