Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ... new connection request on TCP socket
- Listening on auth+acct from client (10.0.191.188, 44882) -> (*, 2083, virtual-server=default)
- Waking up in 0.3 seconds.
- (0) Initiating new EAP-TLS session
- (0) Setting verify mode to require certificate from client
- (0) (other): before/accept initialization
- (0) TLS_accept: before/accept initialization
- (0) <<< recv TLS 1.2 [length 0122]
- (0) TLS_accept: SSLv3 read client hello A
- (0) >>> send TLS 1.2 [length 003e]
- (0) TLS_accept: SSLv3 write server hello A
- (0) >>> send TLS 1.2 [length 0893]
- (0) TLS_accept: SSLv3 write certificate A
- (0) >>> send TLS 1.2 [length 014d]
- (0) TLS_accept: SSLv3 write key exchange A
- (0) >>> send TLS 1.2 [length 00b8]
- (0) TLS_accept: SSLv3 write certificate request A
- (0) TLS_accept: SSLv3 flush data
- (0) TLS_accept: Need to read more data: SSLv3 read client certificate A
- (0) TLS_accept: Need to read more data: SSLv3 read client certificate A
- (0) In SSL Handshake Phase
- (0) In SSL Accept mode
- Waking up in 0.3 seconds.
- (0) TLS_accept: Need to read more data: SSLv3 read client certificate A
- (0) In SSL Handshake Phase
- (0) In SSL Accept mode
- (0) SSL Application Data
- (0) TLS_accept: Need to read more data: SSLv3 read client certificate A
- (0) SSL_read Error
- Error in fragmentation logic: SSL_WANT_READ
- (0) Application data status 10
- Waking up in 0.2 seconds.
- (0) <<< recv TLS 1.2 [length 0894]
- (0) Creating attributes from certificate OIDs
- (0) Creating attributes from certificate OIDs
- (0) TLS-Client-Cert-X509v3-Extended-Key-Usage += "TLS Web Client Authentication"
- (0) TLS_accept: SSLv3 read client certificate A
- (0) <<< recv TLS 1.2 [length 0046]
- (0) TLS_accept: SSLv3 read client key exchange A
- (0) <<< recv TLS 1.2 [length 0108]
- (0) TLS_accept: SSLv3 read certificate verify A
- (0) <<< recv TLS 1.2 [length 0001]
- (0) <<< recv TLS 1.2 [length 0010]
- (0) TLS_accept: SSLv3 read finished A
- (0) >>> send TLS 1.2 [length 0001]
- (0) TLS_accept: SSLv3 write change cipher spec A
- (0) >>> send TLS 1.2 [length 0010]
- (0) TLS_accept: SSLv3 write finished A
- (0) TLS_accept: SSLv3 flush data
- (0) (other): SSL negotiation finished successfully
- (0) SSL Connection Established
- Waking up in 0.2 seconds.
- (0) Application data status 7
- (0) tls_recv: Access-Request packet from host 10.0.191.188 port 44882, id=99, length=143
- Threads: total/active/spare threads = 5/0/5
- Waking up in 0.2 seconds.
- Thread 2 got semaphore
- Thread 2 handling request 0, (1 handled so far)
- (0) Received Access-Request Id 99 from 10.0.191.188:44882 to 0.0.0.0:2083 length 143
- (0) Service-Type = Login-User
- (0) User-Name = "test"
- (0) MS-CHAP-Challenge = 0xdfaaa35a81c0f92156a24b4526de1530
- (0) MS-CHAP2-Response = 0x0000498ac236ee8258d0787d2887175316970000000000000000d79dd3a26710c319636a7fed157b53fac18c89f336a11f8e
- (0) Calling-Station-Id = "10.255.64.197"
- (0) NAS-Identifier = "RADIUS"
- (0) NAS-IP-Address = 10.0.191.188
- (0) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (0) authorize {
- (0) policy filter_username {
- (0) if (&User-Name) {
- (0) if (&User-Name) -> TRUE
- (0) if (&User-Name) {
- (0) if (&User-Name =~ / /) {
- (0) if (&User-Name =~ / /) -> FALSE
- (0) if (&User-Name =~ /@[^@]*@/ ) {
- (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
- (0) if (&User-Name =~ /\.\./ ) {
- (0) if (&User-Name =~ /\.\./ ) -> FALSE
- (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
- (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
- (0) if (&User-Name =~ /\.$/) {
- (0) if (&User-Name =~ /\.$/) -> FALSE
- (0) if (&User-Name =~ /@\./) {
- (0) if (&User-Name =~ /@\./) -> FALSE
- (0) } # if (&User-Name) = notfound
- (0) } # policy filter_username = notfound
- (0) [preprocess] = ok
- (0) [chap] = noop
- (0) mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
- (0) [mschap] = ok
- (0) [digest] = noop
- (0) suffix: Checking for suffix after "@"
- (0) suffix: No '@' in User-Name = "test", looking up realm NULL
- (0) suffix: No such realm "NULL"
- (0) [suffix] = noop
- (0) eap: No EAP-Message, not doing EAP
- (0) [eap] = noop
- (0) [files] = noop
- (0) sql: EXPAND %{User-Name}
- (0) sql: --> test
- (0) sql: SQL-User-Name set to 'test'
- rlm_sql (sql): Reserved connection (0)
- (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
- (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id
- (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id
- (0) sql: User found in radcheck table
- (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
- (0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority
- (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority
- (0) sql: User not found in any groups
- rlm_sql (sql): Released connection (0)
- Need 5 more connections to reach 10 spares
- rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
- rlm_sql_mysql: Starting connect to MySQL server
- rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.68-MariaDB, protocol version 10
- (0) [sql] = noop
- (0) [expiration] = noop
- (0) [logintime] = noop
- (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
- (0) pap: WARNING: Authentication will fail unless a "known good" password is available
- (0) [pap] = noop
- (0) } # authorize = ok
- (0) Found Auth-Type = mschap
- (0) # Executing group from file /etc/raddb/sites-enabled/default
- (0) authenticate {
- (0) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
- (0) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password
- (0) mschap: Creating challenge hash with username: test
- (0) mschap: Client is using MS-CHAPv2
- (0) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication
- (0) mschap: ERROR: MS-CHAP2-Response is incorrect
- (0) [mschap] = reject
- (0) } # authenticate = reject
- (0) Failed to authenticate the user
- (0) Using Post-Auth-Type Reject
- (0) # Executing group from file /etc/raddb/sites-enabled/default
- (0) Post-Auth-Type REJECT {
- (0) sql: EXPAND .query
- (0) sql: --> .query
- (0) sql: Using query template 'query'
- rlm_sql (sql): Reserved connection (1)
- (0) sql: EXPAND %{User-Name}
- (0) sql: --> test
- (0) sql: SQL-User-Name set to 'test'
- (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
- (0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test', '', 'Access-Reject', '2021-01-14 21:22:18.708476')
- (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test', '', 'Access-Reject', '2021-01-14 21:22:18.708476')
- (0) sql: SQL query returned: success
- (0) sql: 1 record(s) updated
- rlm_sql (sql): Released connection (1)
- (0) [sql] = ok
- (0) attr_filter.access_reject: EXPAND %{User-Name}
- (0) attr_filter.access_reject: --> test
- (0) attr_filter.access_reject: Matched entry DEFAULT at line 11
- (0) [attr_filter.access_reject] = updated
- (0) [eap] = noop
- (0) policy remove_reply_message_if_eap {
- (0) if (&reply:EAP-Message && &reply:Reply-Message) {
- (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (0) else {
- (0) [noop] = noop
- (0) } # else = noop
- (0) } # policy remove_reply_message_if_eap = noop
- (0) } # Post-Auth-Type REJECT = updated
- (0) Delaying response for 1.000000 seconds
- Thread 2 waiting to be assigned a request
- Waking up in 0.6 seconds.
- (0) Sending delayed response
- (0) Sent Access-Reject Id 99 from 0.0.0.0:2083 to 10.0.191.188:44882 length 101
- (0) MS-CHAP-Error = "\000E=691 R=1 C=f1471b270f3ba350c402f0cb9103bc57 V=3 M=Authentication failed"
- Waking up in 3.9 seconds.
- (0) Cleaning up request packet ID 99 with timestamp +3
- Waking up in 24.7 seconds.
Add Comment
Please, Sign In to add comment