Radius not giving VLAN after reconnect
Matthew Pulis
mpulis at gmail.com
Mon Sep 25 22:39:58 CEST 2017
Dear Alan
Thanks for your suggestion. Indeed cache was on. I disabled it by enable =
no in /etc/freeradius/mods-enabled/eap
Anywhere else I need to disable it?
On another note, are those anonymous connections something which should
worry me please?
Pasting the log of me trying to connect from another client. First time it
connects it goes to VLAN 11 and second as you can see it goes haywire.
Thanks
Waking up in 4.9 seconds.
(96) Received Access-Request Id 240 from 192.168.100.109:39092 to
192.168.100.201:1812 length 317
(96) User-Name = "anonymous"
(96) NAS-IP-Address = 10.0.148.255
(96) NAS-Identifier = "802aa849cbfe"
(96) NAS-Port = 0
(96) Called-Station-Id = "80-2A-A8-4A-CB-FE:SeminaryWiFi"
(96) Calling-Station-Id = "08-11-96-10-3E-14"
(96) Framed-MTU = 1400
(96) NAS-Port-Type = Wireless-802.11
(96) Connect-Info = "CONNECT 0Mbps 802.11b"
(96) EAP-Message =
0x0280008815800000007e16030300461000004241044cb275f6fcf633ed05fe8ff5ca6954298c28f0eca0d5f52a17fd3967828032bb591f8de9f740fbc3503f15d22a1ee987f063ecf29b4ec20ab6df6a37b6eecc05140303000101160303002800000000000000004efd211e798f718ea73a96b4ead59e
(96) State = 0x66755a3e65f54f6d39985201a18178d8
(96) Message-Authenticator = 0x901592ede88efe274c6142b8f017adb2
(96) session-state: No cached attributes
(96) # Executing section authorize from file
/etc/freeradius/sites-enabled/default
(96) authorize {
(96) policy filter_username {
(96) if (&User-Name) {
(96) if (&User-Name) -> TRUE
(96) if (&User-Name) {
(96) if (&User-Name =~ /@[^@]*@/ ) {
(96) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(96) if (&User-Name =~ /\.\./ ) {
(96) if (&User-Name =~ /\.\./ ) -> FALSE
(96) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(96) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))
-> FALSE
(96) if (&User-Name =~ /\.$/) {
(96) if (&User-Name =~ /\.$/) -> FALSE
(96) if (&User-Name =~ /@\./) {
(96) if (&User-Name =~ /@\./) -> FALSE
(96) } # if (&User-Name) = notfound
(96) } # policy filter_username = notfound
(96) [preprocess] = ok
(96) [chap] = noop
(96) [mschap] = noop
(96) ntdomain: Checking for prefix before "\"
(96) ntdomain: No '\' in User-Name = "anonymous", looking up realm NULL
(96) ntdomain: No such realm "NULL"
(96) [ntdomain] = noop
(96) eap: Peer sent EAP Response (code 2) ID 128 length 136
(96) eap: Continuing tunnel setup
(96) [eap] = ok
(96) } # authorize = ok
(96) Found Auth-Type = eap
(96) # Executing group from file /etc/freeradius/sites-enabled/default
(96) authenticate {
(96) eap: Expiring EAP session with state 0x66755a3e65f54f6d
(96) eap: Finished EAP session with state 0x66755a3e65f54f6d
(96) eap: Previous EAP request found for state 0x66755a3e65f54f6d, released
from the list
(96) eap: Peer sent packet with method EAP TTLS (21)
(96) eap: Calling submodule eap_ttls to process data
(96) eap_ttls: Authenticate
(96) eap_ttls: Continuing EAP-TLS
(96) eap_ttls: Peer indicated complete TLS record size will be 126 bytes
(96) eap_ttls: Got complete TLS record (126 bytes)
(96) eap_ttls: [eaptls verify] = length included
(96) eap_ttls: <<< recv TLS 1.2 [length 0046]
(96) eap_ttls: TLS_accept: unknown state
(96) eap_ttls: TLS_accept: unknown state
(96) eap_ttls: <<< recv TLS 1.2 [length 0001]
(96) eap_ttls: <<< recv TLS 1.2 [length 0010]
(96) eap_ttls: TLS_accept: unknown state
(96) eap_ttls: >>> send TLS 1.2 [length 0001]
(96) eap_ttls: TLS_accept: unknown state
(96) eap_ttls: >>> send TLS 1.2 [length 0010]
(96) eap_ttls: TLS_accept: unknown state
(96) eap_ttls: TLS_accept: unknown state
(96) eap_ttls: (other): SSL negotiation finished successfully
(96) eap_ttls: SSL Connection Established
(96) eap_ttls: [eaptls process] = handled
(96) eap: Sending EAP Request (code 1) ID 129 length 61
(96) eap: EAP session adding &reply:State = 0x66755a3e62f44f6d
(96) [eap] = handled
(96) } # authenticate = handled
(96) Using Post-Auth-Type Challenge
(96) Post-Auth-Type sub-section not found. Ignoring.
(96) # Executing group from file /etc/freeradius/sites-enabled/default
(96) Sent Access-Challenge Id 240 from 192.168.100.201:1812 to
192.168.100.109:39092 length 0
(96) EAP-Message =
0x0181003d15800000003314030300010116030300280e51a3e7a6798a4b990b4ebfbbb4c12533451c5335012189ffca366de94f2c3d4e489f3a5be84620
(96) Message-Authenticator = 0x00000000000000000000000000000000
(96) State = 0x66755a3e62f44f6d39985201a18178d8
(96) Finished request
Waking up in 4.9 seconds.
(97) Received Access-Request Id 241 from 192.168.100.109:39092 to
192.168.100.201:1812 length 244
(97) User-Name = "anonymous"
(97) NAS-IP-Address = 10.0.148.255
(97) NAS-Identifier = "802aa849cbfe"
(97) NAS-Port = 0
(97) Called-Station-Id = "80-2A-A8-4A-CB-FE:SeminaryWiFi"
(97) Calling-Station-Id = "08-11-96-10-3E-14"
(97) Framed-MTU = 1400
(97) NAS-Port-Type = Wireless-802.11
(97) Connect-Info = "CONNECT 0Mbps 802.11b"
(97) EAP-Message =
0x0281003f15800000003517030300300000000000000001f4e09b67e72ff9aa43f89f7257edbfa01cdd7ee13e6cda560d9c10100aa501139e1e87b046a845d7
(97) State = 0x66755a3e62f44f6d39985201a18178d8
(97) Message-Authenticator = 0x829057918936a78bb34ff9798347607c
(97) session-state: No cached attributes
(97) # Executing section authorize from file
/etc/freeradius/sites-enabled/default
(97) authorize {
(97) policy filter_username {
(97) if (&User-Name) {
(97) if (&User-Name) -> TRUE
(97) if (&User-Name) {
(97) if (&User-Name =~ /@[^@]*@/ ) {
(97) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(97) if (&User-Name =~ /\.\./ ) {
(97) if (&User-Name =~ /\.\./ ) -> FALSE
(97) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(97) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))
-> FALSE
(97) if (&User-Name =~ /\.$/) {
(97) if (&User-Name =~ /\.$/) -> FALSE
(97) if (&User-Name =~ /@\./) {
(97) if (&User-Name =~ /@\./) -> FALSE
(97) } # if (&User-Name) = notfound
(97) } # policy filter_username = notfound
(97) [preprocess] = ok
(97) [chap] = noop
(97) [mschap] = noop
(97) ntdomain: Checking for prefix before "\"
(97) ntdomain: No '\' in User-Name = "anonymous", looking up realm NULL
(97) ntdomain: No such realm "NULL"
(97) [ntdomain] = noop
(97) eap: Peer sent EAP Response (code 2) ID 129 length 63
(97) eap: Continuing tunnel setup
(97) [eap] = ok
(97) } # authorize = ok
(97) Found Auth-Type = eap
(97) # Executing group from file /etc/freeradius/sites-enabled/default
(97) authenticate {
(97) eap: Expiring EAP session with state 0x66755a3e62f44f6d
(97) eap: Finished EAP session with state 0x66755a3e62f44f6d
(97) eap: Previous EAP request found for state 0x66755a3e62f44f6d, released
from the list
(97) eap: Peer sent packet with method EAP TTLS (21)
(97) eap: Calling submodule eap_ttls to process data
(97) eap_ttls: Authenticate
(97) eap_ttls: Continuing EAP-TLS
(97) eap_ttls: Peer indicated complete TLS record size will be 53 bytes
(97) eap_ttls: Got complete TLS record (53 bytes)
(97) eap_ttls: [eaptls verify] = length included
(97) eap_ttls: [eaptls process] = ok
(97) eap_ttls: Session established. Proceeding to decode tunneled
attributes
(97) eap_ttls: Got tunneled request
(97) eap_ttls: User-Name = "abc"
(97) eap_ttls: User-Password = "abcd"
(97) eap_ttls: FreeRADIUS-Proxied-To = 127.0.0.1
(97) eap_ttls: Sending tunneled request
(97) Virtual server inner-tunnel received request
(97) User-Name = "abc"
(97) User-Password = "abcd"
(97) FreeRADIUS-Proxied-To = 127.0.0.1
(97) server inner-tunnel {
(97) # Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
(97) authorize {
(97) policy filter_username {
(97) if (&User-Name) {
(97) if (&User-Name) -> TRUE
(97) if (&User-Name) {
(97) if (&User-Name =~ /@[^@]*@/ ) {
(97) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(97) if (&User-Name =~ /\.\./ ) {
(97) if (&User-Name =~ /\.\./ ) -> FALSE
(97) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(97) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))
-> FALSE
(97) if (&User-Name =~ /\.$/) {
(97) if (&User-Name =~ /\.$/) -> FALSE
(97) if (&User-Name =~ /@\./) {
(97) if (&User-Name =~ /@\./) -> FALSE
(97) } # if (&User-Name) = notfound
(97) } # policy filter_username = notfound
(97) [chap] = noop
(97) [mschap] = noop
(97) ntdomain: Checking for prefix before "\"
(97) ntdomain: No '\' in User-Name = "abc", looking up realm NULL
(97) ntdomain: No such realm "NULL"
(97) [ntdomain] = noop
(97) update control {
(97) &Proxy-To-Realm := LOCAL
(97) } # update control = noop
(97) eap: No EAP-Message, not doing EAP
(97) [eap] = noop
(97) [files] = noop
rlm_ldap (ldap): Closing connection (17): Hit idle_timeout, was idle for
240 seconds
rlm_ldap (ldap): You probably need to lower "min"
rlm_ldap (ldap): Closing connection (18): Hit idle_timeout, was idle for
240 seconds
rlm_ldap (ldap): You probably need to lower "min"
rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase
"spare"
rlm_ldap (ldap): Opening additional connection (19), 1 of 32 pending slots
used
rlm_ldap (ldap): Connecting to ldap://localhost:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Reserved connection (19)
(97) ldap: EXPAND (cn=%{%{Stripped-User-Name}:-%{User-Name}})
(97) ldap: --> (cn=abc)
(97) ldap: Performing search in "ou=SeminaryOU,dc=seminary,dc=local" with
filter "(cn=abc)", scope "sub"
(97) ldap: Waiting for search result...
(97) ldap: User object found at DN
"cn=abc,cn=Seminarians,ou=SeminaryOU,dc=seminary,dc=local"
(97) ldap: Processing user attributes
(97) ldap: control:Password-With-Header +=
'{ssha}dYlL9kdAZTjsDzkBHYg5bEJ6J+w6tm5V4pSR+A=='
(97) ldap: control:Password-With-Header += 'abcd'
rlm_ldap (ldap): Released connection (19)
Need 2 more connections to reach min connections (3)
rlm_ldap (ldap): Opening additional connection (20), 1 of 31 pending slots
used
rlm_ldap (ldap): Connecting to ldap://localhost:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
(97) [ldap] = updated
rlm_ldap (adldap): Closing connection (16): Hit idle_timeout, was idle for
240 seconds
rlm_ldap (adldap): You probably need to lower "min"
rlm_ldap (adldap): Closing connection (17): Hit idle_timeout, was idle for
240 seconds
rlm_ldap (adldap): You probably need to lower "min"
rlm_ldap (adldap): 0 of 0 connections in use. You may need to increase
"spare"
rlm_ldap (adldap): Opening additional connection (18), 1 of 32 pending
slots used
rlm_ldap (adldap): Connecting to ldap://localhost:389
rlm_ldap (adldap): Waiting for bind result...
rlm_ldap (adldap): Bind successful
rlm_ldap (adldap): Reserved connection (18)
(97) adldap: EXPAND (cn=%{%{Stripped-User-Name}:-%{User-Name}})
(97) adldap: --> (cn=abc)
(97) adldap: Performing search in "ou=School,dc=seminary,dc=ad" with filter
"(cn=abc)", scope "sub"
(97) adldap: Waiting for search result...
(97) adldap: The specified DN wasn't found
(97) adldap: Search returned no results
rlm_ldap (adldap): Released connection (18)
Need 2 more connections to reach min connections (3)
rlm_ldap (adldap): Opening additional connection (19), 1 of 31 pending
slots used
rlm_ldap (adldap): Connecting to ldap://localhost:389
rlm_ldap (adldap): Waiting for bind result...
rlm_ldap (adldap): Bind successful
(97) [adldap] = notfound
(97) [expiration] = noop
(97) [logintime] = noop
(97) pap: Converted: &control:Password-With-Header ->
&control:SSHA1-Password
(97) pap: Removing &control:Password-With-Header
(97) pap: No {...} in Password-With-Header, re-writing to Cleartext-Password
(97) pap: Removing &control:Password-With-Header
(97) pap: Normalizing SSHA1-Password from base64 encoding, 40 bytes -> 28
bytes
(97) [pap] = updated
(97) } # authorize = updated
(97) Found Auth-Type = PAP
(97) # Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel
(97) Auth-Type PAP {
(97) pap: Login attempt with password
(97) pap: Comparing with "known-good" SSHA-Password
(97) pap: User authenticated successfully
(97) [pap] = ok
(97) } # Auth-Type PAP = ok
(97) # Executing section post-auth from file
/etc/freeradius/sites-enabled/inner-tunnel
(97) post-auth {
(97) ldap: EXPAND .
(97) ldap: --> .
(97) ldap: EXPAND Authenticated at %S
(97) ldap: --> Authenticated at 2017-09-25 22:21:49
rlm_ldap (ldap): Reserved connection (19)
(97) ldap: Using user DN from request
"cn=abc,cn=Seminarians,ou=SeminaryOU,dc=seminary,dc=local"
(97) ldap: Modifying object with DN
"cn=abc,cn=Seminarians,ou=SeminaryOU,dc=seminary,dc=local"
(97) ldap: Waiting for modify result...
rlm_ldap (ldap): Released connection (19)
(97) [ldap] = ok
(97) } # post-auth = ok
(97) } # server inner-tunnel
(97) Virtual server sending reply
(97) eap_ttls: Got tunneled Access-Accept
(97) eap: Sending EAP Success (code 3) ID 129 length 4
(97) eap: Freeing handler
(97) [eap] = ok
(97) } # authenticate = ok
(97) # Executing section post-auth from file
/etc/freeradius/sites-enabled/default
(97) post-auth {
(97) update {
(97) No attributes updated
(97) } # update = noop
(97) if (Ldap-Group == "cn=Teachers,ou=School,dc=seminary,dc=ad") {
(97) Searching for user in group
"cn=Teachers,ou=School,dc=seminary,dc=ad"
rlm_ldap (ldap): Reserved connection (20)
(97) EXPAND (cn=%{%{Stripped-User-Name}:-%{User-Name}})
(97) --> (cn=anonymous)
(97) Performing search in "ou=SeminaryOU,dc=seminary,dc=local" with
filter "(cn=anonymous)", scope "sub"
(97) Waiting for search result...
(97) Search returned no results
rlm_ldap (ldap): Released connection (20)
(97) if (Ldap-Group == "cn=Teachers,ou=School,dc=seminary,dc=ad") ->
FALSE
(97) if (Ldap-Group ==
"cn=SeminaryAdmin,ou=SeminaryOU,dc=seminary,dc=local") {
(97) Searching for user in group
"cn=SeminaryAdmin,ou=SeminaryOU,dc=seminary,dc=local"
rlm_ldap (ldap): Reserved connection (19)
(97) EXPAND (cn=%{%{Stripped-User-Name}:-%{User-Name}})
(97) --> (cn=anonymous)
(97) Performing search in "ou=SeminaryOU,dc=seminary,dc=local" with
filter "(cn=anonymous)", scope "sub"
(97) Waiting for search result...
(97) Search returned no results
rlm_ldap (ldap): Released connection (19)
(97) if (Ldap-Group ==
"cn=SeminaryAdmin,ou=SeminaryOU,dc=seminary,dc=local") -> FALSE
(97) if (Ldap-Group ==
"cn=Formators,ou=SeminaryOU,dc=seminary,dc=local") {
(97) Searching for user in group
"cn=Formators,ou=SeminaryOU,dc=seminary,dc=local"
rlm_ldap (ldap): Reserved connection (20)
(97) EXPAND (cn=%{%{Stripped-User-Name}:-%{User-Name}})
(97) --> (cn=anonymous)
(97) Performing search in "ou=SeminaryOU,dc=seminary,dc=local" with
filter "(cn=anonymous)", scope "sub"
(97) Waiting for search result...
(97) Search returned no results
rlm_ldap (ldap): Released connection (20)
(97) if (Ldap-Group ==
"cn=Formators,ou=SeminaryOU,dc=seminary,dc=local") -> FALSE
(97) if (Ldap-Group ==
"cn=Seminarians,ou=SeminaryOU,dc=seminary,dc=local") {
(97) Searching for user in group
"cn=Seminarians,ou=SeminaryOU,dc=seminary,dc=local"
rlm_ldap (ldap): Reserved connection (19)
(97) EXPAND (cn=%{%{Stripped-User-Name}:-%{User-Name}})
(97) --> (cn=anonymous)
(97) Performing search in "ou=SeminaryOU,dc=seminary,dc=local" with
filter "(cn=anonymous)", scope "sub"
(97) Waiting for search result...
(97) Search returned no results
rlm_ldap (ldap): Released connection (19)
(97) if (Ldap-Group ==
"cn=Seminarians,ou=SeminaryOU,dc=seminary,dc=local") -> FALSE
(97) if (Ldap-Group == "cn=Staff,ou=SeminaryOU,dc=seminary,dc=local") {
(97) Searching for user in group
"cn=Staff,ou=SeminaryOU,dc=seminary,dc=local"
rlm_ldap (ldap): Reserved connection (20)
(97) EXPAND (cn=%{%{Stripped-User-Name}:-%{User-Name}})
(97) --> (cn=anonymous)
(97) Performing search in "ou=SeminaryOU,dc=seminary,dc=local" with
filter "(cn=anonymous)", scope "sub"
(97) Waiting for search result...
(97) Search returned no results
rlm_ldap (ldap): Released connection (20)
(97) if (Ldap-Group == "cn=Staff,ou=SeminaryOU,dc=seminary,dc=local")
-> FALSE
(97) if (Ldap-Group == "cn=School,ou=SeminaryOU,dc=seminary,dc=local") {
(97) Searching for user in group
"cn=School,ou=SeminaryOU,dc=seminary,dc=local"
rlm_ldap (ldap): Reserved connection (19)
(97) EXPAND (cn=%{%{Stripped-User-Name}:-%{User-Name}})
(97) --> (cn=anonymous)
(97) Performing search in "ou=SeminaryOU,dc=seminary,dc=local" with
filter "(cn=anonymous)", scope "sub"
(97) Waiting for search result...
(97) Search returned no results
rlm_ldap (ldap): Released connection (19)
(97) if (Ldap-Group == "cn=School,ou=SeminaryOU,dc=seminary,dc=local")
-> FALSE
(97) ldap: EXPAND .
(97) ldap: --> .
(97) ldap: EXPAND Authenticated at %S
(97) ldap: --> Authenticated at 2017-09-25 22:21:49
rlm_ldap (ldap): Reserved connection (20)
(97) ldap: EXPAND (cn=%{%{Stripped-User-Name}:-%{User-Name}})
(97) ldap: --> (cn=anonymous)
(97) ldap: Performing search in "ou=SeminaryOU,dc=seminary,dc=local" with
filter "(cn=anonymous)", scope "sub"
(97) ldap: Waiting for search result...
(97) ldap: Search returned no results
rlm_ldap (ldap): Released connection (20)
(97) [ldap] = notfound
(97) [exec] = noop
(97) policy remove_reply_message_if_eap {
(97) if (&reply:EAP-Message && &reply:Reply-Message) {
(97) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(97) else {
(97) [noop] = noop
(97) } # else = noop
(97) } # policy remove_reply_message_if_eap = noop
(97) } # post-auth = noop
(97) Sent Access-Accept Id 241 from 192.168.100.201:1812 to
192.168.100.109:39092 length 0
(97) MS-MPPE-Recv-Key =
0x95225afb6e71050f5c7671c0bf4f4dba41a04c22193da51689b298ddd7d8512b
(97) MS-MPPE-Send-Key =
0x77ab817b4619d5edf30293d205ed2d9f78ad3316cfb18cd600f338b6dcd99d94
(97) EAP-Message = 0x03810004
(97) Message-Authenticator = 0x00000000000000000000000000000000
(97) User-Name = "anonymous"
(97) Finished request
Waking up in 4.8 seconds.
(93) Cleaning up request packet ID 237 with timestamp +610
(94) Cleaning up request packet ID 238 with timestamp +610
(95) Cleaning up request packet ID 239 with timestamp +610
(96) Cleaning up request packet ID 240 with timestamp +610
(97) Cleaning up request packet ID 241 with timestamp +610
Waking up in 5.8 seconds.
(98) Received Accounting-Request Id 242 from 192.168.100.109:38125 to
192.168.100.201:1813 length 174
(98) Acct-Session-Id = "00000012-000000ED"
(98) Acct-Status-Type = Start
(98) Acct-Authentic = RADIUS
(98) User-Name = "anonymous"
(98) NAS-IP-Address = 10.0.148.255
(98) Framed-IP-Address = 192.168.100.36
(98) NAS-Identifier = "802aa849cbfe"
(98) NAS-Port = 0
(98) Called-Station-Id = "80-2A-A8-4A-CB-FE:SeminaryWiFi"
(98) Calling-Station-Id = "08-11-96-10-3E-14"
(98) NAS-Port-Type = Wireless-802.11
(98) Connect-Info = "CONNECT 0Mbps 802.11b"
(98) # Executing section preacct from file
/etc/freeradius/sites-enabled/default
(98) preacct {
(98) [preprocess] = ok
(98) policy acct_unique {
(98) update request {
(98) &Tmp-String-9 := "ai:"
(98) } # update request = noop
(98) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(98) EXPAND %{hex:&Class}
(98) -->
(98) EXPAND ^%{hex:&Tmp-String-9}
(98) --> ^61693a
(98) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) &&
("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(98) else {
(98) update request {
(98) EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(98) --> f6e43b70ba6c919feabc2c5ea73ddbe2
(98) &Acct-Unique-Session-Id := f6e43b70ba6c919feabc2c5ea73ddbe2
(98) } # update request = noop
(98) } # else = noop
(98) } # policy acct_unique = noop
(98) suffix: Checking for suffix after "@"
(98) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(98) suffix: No such realm "NULL"
(98) [suffix] = noop
(98) [files] = noop
(98) } # preacct = ok
(98) # Executing section accounting from file
/etc/freeradius/sites-enabled/default
(98) accounting {
(98) detail: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
(98) detail: --> /var/log/freeradius/radacct/
192.168.100.109/detail-20170925
(98) detail:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.100.109/detail-20170925
(98) detail: EXPAND %t
(98) detail: --> Mon Sep 25 22:21:59 2017
(98) [detail] = ok
(98) [unix] = ok
(98) [exec] = noop
(98) attr_filter.accounting_response: EXPAND %{User-Name}
(98) attr_filter.accounting_response: --> anonymous
(98) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(98) [attr_filter.accounting_response] = updated
(98) } # accounting = updated
(98) Sent Accounting-Response Id 242 from 192.168.100.201:1813 to
192.168.100.109:38125 length 0
(98) Finished request
(98) Cleaning up request packet ID 242 with timestamp +620
Waking up in 0.8 seconds.
--
Hi
Sounds like you've got the EAP caching enabled but are not populating the
vlan number you are returning in the cache object thus the next re-auth
uses cache but has no vlan value to reply with so you get the default vlan.
alan
More information about the Freeradius-Users
mailing list