<div dir="ltr">rad_recv: Access-Request packet from host 10.77.95.10 port 35964, id=28, length=252<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>"<br>
NAS-Port-Id = "wlan1"<br> NAS-Port-Type = Wireless-802.11<br> Acct-Session-Id = "82400097"<br> Acct-Multi-Session-Id = "D4-CA-6D-E1-1A-49-38-AA-3C-5E-7E-40-82-40-00-00-00-00-00-96"<br>
Calling-Station-Id = "38-AA-3C-5E-7E-40"<br> Called-Station-Id = "D4-CA-6D-E1-1A-49:RadiusTest"<br> EAP-Message = 0x0200001b01726f62657274407a612e7577696e6977696e2e6e6574<br> Message-Authenticator = 0x44c926aeef619bcbf4405eb865f2db61<br>
NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 10.53.0.7<br># Executing section authorize from file /etc/raddb/sites-enabled/default<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.77.95.10/auth-detail-20140212">10.77.95.10/auth-detail-20140212</a><br>[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.77.95.10/auth-detail-20140212">10.77.95.10/auth-detail-20140212</a><br>
[auth_log] expand: %t -> Wed Feb 12 16:12:59 2014<br>++[auth_log] returns ok<br>++[mschap] returns noop<br>[suffix] Looking up realm "<a href="http://za.testrealm.net">za.testrealm.net</a>" for User-Name = "<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>"<br>
[suffix] Found realm "<a href="http://za.testrealm.net">za.testrealm.net</a>"<br>[suffix] Adding Realm = "<a href="http://za.testrealm.net">za.testrealm.net</a>"<br>[suffix] Proxying request from user robert to realm <a href="http://za.testrealm.net">za.testrealm.net</a><br>
[suffix] Preparing to proxy authentication request to realm "<a href="http://za.testrealm.net">za.testrealm.net</a>"<br>++[suffix] returns updated<br>++? if ("%{Realm}" == "<a href="http://za.testrealm.net">za.testrealm.net</a>")<br>
expand: %{Realm} -> <a href="http://za.testrealm.net">za.testrealm.net</a><br>? Evaluating ("%{Realm}" == "<a href="http://za.testrealm.net">za.testrealm.net</a>") -> TRUE<br>++? if ("%{Realm}" == "<a href="http://za.testrealm.net">za.testrealm.net</a>") -> TRUE<br>
++- entering if ("%{Realm}" == "<a href="http://za.testrealm.net">za.testrealm.net</a>") {...}<br>+++[control] returns updated<br>++- if ("%{Realm}" == "<a href="http://za.testrealm.net">za.testrealm.net</a>") returns updated<br>
[eap] Request is supposed to be proxied to Realm za..net. Not doing EAP.<br>++[eap] returns noop<br>[sql] expand: %{User-Name} -> <a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a><br>[sql] sql_set_user escaped user --> '<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>'<br>
rlm_sql (sql): Reserving sql socket id: 3<br>[sql] expand: SELECT <a href="http://radcheck.id">radcheck.id</a>, radcheck.UserName, radcheck.Attribute, radcheck.Value, radcheck.Op FROM radcheck inner join users on radcheck.username = users.strusername WHERE Username = '%{SQL-User-Name}' AND (users.imballowed + users.imbadded) > users.imbused AND users.dtExpire > now() ORDER BY <a href="http://radcheck.id">radcheck.id</a> -> SELECT <a href="http://radcheck.id">radcheck.id</a>, radcheck.UserName, radcheck.Attribute, radcheck.Value, radcheck.Op FROM radcheck inner join users on radcheck.username = users.strusername WHERE Username = '<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>' AND (users.imballowed + users.imbadded) > users.imbused AND users.dtExpire > now() ORDER BY <a href="http://radcheck.id">radcheck.id</a><br>
rlm_sql_postgresql: query: SELECT <a href="http://radcheck.id">radcheck.id</a>, radcheck.UserName, radcheck.Attribute, radcheck.Value, radcheck.Op FROM radcheck inner join users on radcheck.username = users.strusername WHERE Username = '<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>' AND (users.imballowed + users.imbadded) > users.imbused AND users.dtExpire > now() ORDER BY <a href="http://radcheck.id">radcheck.id</a><br>
rlm_sql_postgresql: Status: PGRES_TUPLES_OK<br>rlm_sql_postgresql: query affected rows = 0 , fields = 5<br>[sql] expand: SELECT GroupName FROM radhuntgroup WHERE nasipaddress='%{NAS-IP-Address}' -> SELECT GroupName FROM radhuntgroup WHERE nasipaddress='10.53.0.7'<br>
rlm_sql_postgresql: query: SELECT GroupName FROM radhuntgroup WHERE nasipaddress='10.53.0.7'<br>rlm_sql_postgresql: Status: PGRES_TUPLES_OK<br>rlm_sql_postgresql: query affected rows = 1 , fields = 1<br>[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'South Africa' ORDER BY id<br>
rlm_sql_postgresql: query: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'South Africa' ORDER BY id<br>rlm_sql_postgresql: Status: PGRES_TUPLES_OK<br>rlm_sql_postgresql: query affected rows = 1 , fields = 5<br>
[sql] User found in group South Africa<br>[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'South Africa' ORDER BY id<br>
rlm_sql_postgresql: query: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'South Africa' ORDER BY id<br>rlm_sql_postgresql: Status: PGRES_TUPLES_OK<br>rlm_sql_postgresql: query affected rows = 0 , fields = 5<br>
rlm_sql (sql): Released sql socket id: 3<br>++[sql] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br># Executing section pre-proxy from file /etc/raddb/sites-enabled/default<br>+- entering group pre-proxy {...}<br>
[attr_filter.pre-proxy] expand: %{Realm} -> <a href="http://za.testrealm.net">za.testrealm.net</a><br>attr_filter: Matched entry DEFAULT at line 49<br>++[attr_filter.pre-proxy] returns updated<br>Sending Access-Request of id 32 to 10.77.82.21 port 1812<br>
User-Name = "<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>"<br> EAP-Message = 0x0200001b01726f62657274407a612e7577696e6977696e2e6e6574<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 10.53.0.7<br> Proxy-State = 0x3238<br>Proxying request 0 to home server 10.77.82.21 port 1812<br>Sending Access-Request of id 32 to 10.77.82.21 port 1812<br>
User-Name = "<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>"<br> EAP-Message = 0x0200001b01726f62657274407a612e7577696e6977696e2e6e6574<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 10.53.0.7<br> Proxy-State = 0x3238<br>Going to the next request<br>Waking up in 0.9 seconds.<br>rad_recv: Access-Reject packet from host 10.77.82.21 port 1812, id=32, length=48<br>
Proxy-State = 0x3238<br> EAP-Message = 0x04000004<br> Message-Authenticator = 0x1998a50868057d003c4b22bd6fc4dfa6<br># Executing section post-proxy from file /etc/raddb/sites-enabled/default<br>+- entering group post-proxy {...}<br>
[eap] No pre-existing handler found<br>++[eap] returns noop<br>Login incorrect (Home Server says so): [<a href="http://robert@za.testrealm.net/">robert@za.testrealm.net/</a><no User-Password attribute>] (from client howifi port 0 cli 38-AA-3C-5E-7E-40)<br>
Using Post-Auth-Type Reject<br># Executing group from file /etc/raddb/sites-enabled/default<br>+- entering group REJECT {...}<br>[attr_filter.access_reject] expand: %{User-Name} -> <a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a><br>
attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Delaying reject of request 0 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>rad_recv: Access-Request packet from host 10.77.95.10 port 35964, id=28, length=252<br>
Waiting to send Access-Reject to client howifi port 35964 - ID: 28<br>Waking up in 0.7 seconds.<br>rad_recv: Access-Request packet from host 10.77.95.10 port 35964, id=28, length=252<br>Waiting to send Access-Reject to client howifi port 35964 - ID: 28<br>
Waking up in 0.4 seconds.<br>rad_recv: Access-Request packet from host 10.77.95.10 port 35638, id=29, length=252<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>"<br>
NAS-Port-Id = "wlan1"<br> NAS-Port-Type = Wireless-802.11<br> Acct-Session-Id = "82400097"<br> Acct-Multi-Session-Id = "D4-CA-6D-E1-1A-49-38-AA-3C-5E-7E-40-82-40-00-00-00-00-00-96"<br>
Calling-Station-Id = "38-AA-3C-5E-7E-40"<br> Called-Station-Id = "D4-CA-6D-E1-1A-49:RadiusTest"<br> EAP-Message = 0x0201001b01726f62657274407a612e7577696e6977696e2e6e6574<br> Message-Authenticator = 0xd56ecf33a92105224bd3fdd34260820b<br>
NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 10.53.0.7<br># Executing section authorize from file /etc/raddb/sites-enabled/default<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.77.95.10/auth-detail-20140212">10.77.95.10/auth-detail-20140212</a><br>[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.77.95.10/auth-detail-20140212">10.77.95.10/auth-detail-20140212</a><br>
[auth_log] expand: %t -> Wed Feb 12 16:13:00 2014<br>++[auth_log] returns ok<br>++[mschap] returns noop<br>[suffix] Looking up realm "<a href="http://za.testrealm.net">za.testrealm.net</a>" for User-Name = "<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>"<br>
[suffix] Found realm "<a href="http://za.testrealm.net">za.testrealm.net</a>"<br>[suffix] Adding Realm = "<a href="http://za.testrealm.net">za.testrealm.net</a>"<br>[suffix] Proxying request from user robert to realm <a href="http://za.testrealm.net">za.testrealm.net</a><br>
[suffix] Preparing to proxy authentication request to realm "<a href="http://za.testrealm.net">za.testrealm.net</a>"<br>++[suffix] returns updated<br>++? if ("%{Realm}" == "<a href="http://za.testrealm.net">za.testrealm.net</a>")<br>
expand: %{Realm} -> <a href="http://za.testrealm.net">za.testrealm.net</a><br>? Evaluating ("%{Realm}" == "<a href="http://za.testrealm.net">za.testrealm.net</a>") -> TRUE<br>++? if ("%{Realm}" == "<a href="http://za.testrealm.net">za.testrealm.net</a>") -> TRUE<br>
++- entering if ("%{Realm}" == "<a href="http://za.testrealm.net">za.testrealm.net</a>") {...}<br>+++[control] returns updated<br>++- if ("%{Realm}" == "<a href="http://za.testrealm.net">za.testrealm.net</a>") returns updated<br>
[eap] Request is supposed to be proxied to Realm <a href="http://za.testrealm.net">za.testrealm.net</a>. Not doing EAP.<br>++[eap] returns noop<br>[sql] expand: %{User-Name} -> <a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a><br>
[sql] sql_set_user escaped user --> '<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>'<br>rlm_sql (sql): Reserving sql socket id: 2<br>[sql] expand: SELECT <a href="http://radcheck.id">radcheck.id</a>, radcheck.UserName, radcheck.Attribute, radcheck.Value, radcheck.Op FROM radcheck inner join users on radcheck.username = users.strusername WHERE Username = '%{SQL-User-Name}' AND (users.imballowed + users.imbadded) > users.imbused AND users.dtExpire > now() ORDER BY <a href="http://radcheck.id">radcheck.id</a> -> SELECT <a href="http://radcheck.id">radcheck.id</a>, radcheck.UserName, radcheck.Attribute, radcheck.Value, radcheck.Op FROM radcheck inner join users on radcheck.username = users.strusername WHERE Username = '<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>' AND (users.imballowed + users.imbadded) > users.imbused AND users.dtExpire > now() ORDER BY <a href="http://radcheck.id">radcheck.id</a><br>
rlm_sql_postgresql: query: SELECT <a href="http://radcheck.id">radcheck.id</a>, radcheck.UserName, radcheck.Attribute, radcheck.Value, radcheck.Op FROM radcheck inner join users on radcheck.username = users.strusername WHERE Username = '<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>' AND (users.imballowed + users.imbadded) > users.imbused AND users.dtExpire > now() ORDER BY <a href="http://radcheck.id">radcheck.id</a><br>
rlm_sql_postgresql: Status: PGRES_TUPLES_OK<br>rlm_sql_postgresql: query affected rows = 0 , fields = 5<br>[sql] expand: SELECT GroupName FROM radhuntgroup WHERE nasipaddress='%{NAS-IP-Address}' -> SELECT GroupName FROM radhuntgroup WHERE nasipaddress='10.53.0.7'<br>
rlm_sql_postgresql: query: SELECT GroupName FROM radhuntgroup WHERE nasipaddress='10.53.0.7'<br>rlm_sql_postgresql: Status: PGRES_TUPLES_OK<br>rlm_sql_postgresql: query affected rows = 1 , fields = 1<br>[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'South Africa' ORDER BY id<br>
rlm_sql_postgresql: query: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'South Africa' ORDER BY id<br>rlm_sql_postgresql: Status: PGRES_TUPLES_OK<br>rlm_sql_postgresql: query affected rows = 1 , fields = 5<br>
[sql] User found in group South Africa<br>[sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'South Africa' ORDER BY id<br>
rlm_sql_postgresql: query: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'South Africa' ORDER BY id<br>rlm_sql_postgresql: Status: PGRES_TUPLES_OK<br>rlm_sql_postgresql: query affected rows = 0 , fields = 5<br>
rlm_sql (sql): Released sql socket id: 2<br>++[sql] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br># Executing section pre-proxy from file /etc/raddb/sites-enabled/default<br>+- entering group pre-proxy {...}<br>
[attr_filter.pre-proxy] expand: %{Realm} -> <a href="http://za.testrealm.net">za.testrealm.net</a><br>attr_filter: Matched entry DEFAULT at line 49<br>++[attr_filter.pre-proxy] returns updated<br>Sending Access-Request of id 102 to 10.77.82.21 port 1812<br>
User-Name = "<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>"<br> EAP-Message = 0x0201001b01726f62657274407a612e7577696e6977696e2e6e6574<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 10.53.0.7<br> Proxy-State = 0x3239<br>Proxying request 1 to home server 10.77.82.21 port 1812<br>Sending Access-Request of id 102 to 10.77.82.21 port 1812<br>
User-Name = "<a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a>"<br> EAP-Message = 0x0201001b01726f62657274407a612e7577696e6977696e2e6e6574<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 10.53.0.7<br> Proxy-State = 0x3239<br>Going to the next request<br>rad_recv: Access-Reject packet from host 10.77.82.21 port 1812, id=102, length=48<br>
Proxy-State = 0x3239<br> EAP-Message = 0x04010004<br> Message-Authenticator = 0x7efe32cfecd297b0390c734552907db7<br># Executing section post-proxy from file /etc/raddb/sites-enabled/default<br>+- entering group post-proxy {...}<br>
[eap] No pre-existing handler found<br>++[eap] returns noop<br>Login incorrect (Home Server says so): [<a href="http://robert@za.testrealm.net/">robert@za.testrealm.net/</a><no User-Password attribute>] (from client howifi port 0 cli 38-AA-3C-5E-7E-40)<br>
Using Post-Auth-Type Reject<br># Executing group from file /etc/raddb/sites-enabled/default<br>+- entering group REJECT {...}<br>[attr_filter.access_reject] expand: %{User-Name} -> <a href="mailto:robert@za.testrealm.net">robert@za.testrealm.net</a><br>
attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Delaying reject of request 1 for 1 seconds</div>