(30) sql: Using query template 'query' rlm_sql (sql): Reserved connection (0) (30) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS')) (30) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.4.246', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:20','YYYY-MM-DDHH24:MI:SS')) (30) sql: EXPAND /usr/local/freeradius3/var/log/radius/sqllog.sql (30) sql: --> /usr/local/freeradius3/var/log/radius/sqllog.sql (30) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.4.246', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:20','YYYY-MM-DDHH24:MI:SS')) rlm_sql_oracle: execute query failed in sql_query rlm_sql_oracle: OCI_SERVER_NORMAL (30) sql: SQL query returned: (30) sql: 0 record(s) updated (30) sql: No additional queries configured rlm_sql (sql): Released connection (0) (30) [sql] = noop (30) attr_filter.access_reject: EXPAND %{User-Name} (30) attr_filter.access_reject: --> 10.10.4.246 (30) attr_filter.access_reject: Matched entry DEFAULT at line 11 (30) [attr_filter.access_reject] = updated (30) [eap] = noop (30) policy remove_reply_message_if_eap { (30) if (&reply:EAP-Message && &reply:Reply-Message) { (30) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (30) else { (30) [noop] = noop (30) } # else = noop (30) } # policy remove_reply_message_if_eap = noop (30) } # Post-Auth-Type REJECT = updated (30) Delaying response for 1.000000 seconds Waking up in 0.5 seconds. ^CWaking up in 0.5 seconds. Waking up in 0.4 seconds. (31) Received Access-Request Id 142 from 172.17.40.182:1645 to 0.0.0.0:1812 length 69 (31) NAS-IP-Address = 172.17.40.182 (31) NAS-Port-Type = Async (31) User-Name = "10.10.2.223" (31) User-Password = "cisco" (31) Service-Type = Outbound-User (31) # Executing section authorize from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (31) authorize { (31) policy filter_username { (31) if (&User-Name) { (31) if (&User-Name) -> TRUE (31) if (&User-Name) { (31) if (&User-Name =~ / /) { (31) if (&User-Name =~ / /) -> FALSE (31) if (&User-Name =~ /@[^@]*@/ ) { (31) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (31) if (&User-Name =~ /\.\./ ) { (31) if (&User-Name =~ /\.\./ ) -> FALSE (31) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (31) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (31) if (&User-Name =~ /\.$/) { (31) if (&User-Name =~ /\.$/) -> FALSE (31) if (&User-Name =~ /@\./) { (31) if (&User-Name =~ /@\./) -> FALSE (31) } # if (&User-Name) = notfound (31) } # policy filter_username = notfound (31) [preprocess] = ok (31) [chap] = noop (31) [mschap] = noop (31) [digest] = noop (31) suffix: Checking for suffix after "@" (31) suffix: No '@' in User-Name = "10.10.2.223", looking up realm NULL (31) suffix: No such realm "NULL" (31) [suffix] = noop (31) eap: No EAP-Message, not doing EAP (31) [eap] = noop (31) [files] = noop rlm_sql (sql): Reserved connection (9) (31) sql: EXPAND SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id (31) sql: --> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (31) sql: Executing select query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (31) sql: ERROR: Error fetching row (31) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (31) sql: EXPAND SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' (31) sql: --> SELECT GroupName FROM usergroup WHERE UserName='' (31) sql: Executing select query: SELECT GroupName FROM usergroup WHERE UserName='' (31) sql: ERROR: Error fetching row (31) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (31) sql: User not found in any groups rlm_sql (sql): Released connection (9) (31) [sql] = notfound (31) [expiration] = noop (31) [logintime] = noop (31) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (31) pap: WARNING: Authentication will fail unless a "known good" password is available (31) [pap] = noop (31) } # authorize = ok (31) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (31) Failed to authenticate the user (31) Using Post-Auth-Type Reject (31) # Executing group from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (31) Post-Auth-Type REJECT { (31) sql: EXPAND .query (31) sql: --> .query (31) sql: Using query template 'query' rlm_sql (sql): Reserved connection (5) (31) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS')) (31) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.2.223', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:20','YYYY-MM-DDHH24:MI:SS')) (31) sql: EXPAND /usr/local/freeradius3/var/log/radius/sqllog.sql (31) sql: --> /usr/local/freeradius3/var/log/radius/sqllog.sql (31) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.2.223', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:20','YYYY-MM-DDHH24:MI:SS')) rlm_sql_oracle: execute query failed in sql_query rlm_sql_oracle: OCI_SERVER_NORMAL (31) sql: SQL query returned: (31) sql: 0 record(s) updated (31) sql: No additional queries configured rlm_sql (sql): Released connection (5) (31) [sql] = noop (31) attr_filter.access_reject: EXPAND %{User-Name} (31) attr_filter.access_reject: --> 10.10.2.223 (31) attr_filter.access_reject: Matched entry DEFAULT at line 11 (31) [attr_filter.access_reject] = updated (31) [eap] = noop (31) policy remove_reply_message_if_eap { (31) if (&reply:EAP-Message && &reply:Reply-Message) { (31) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (31) else { (31) [noop] = noop (31) } # else = noop (31) } # policy remove_reply_message_if_eap = noop (31) } # Post-Auth-Type REJECT = updated (31) Delaying response for 1.000000 seconds (30) Sending delayed response (30) Sent Access-Reject Id 141 from 0.0.0.0:1812 to 172.17.40.182:1645 length 20 Waking up in 0.3 seconds. Waking up in 0.5 seconds. (31) Sending delayed response (31) Sent Access-Reject Id 142 from 0.0.0.0:1812 to 172.17.40.182:1645 length 20 Waking up in 0.9 seconds. (29) Cleaning up request packet ID 140 with timestamp +58 Waking up in 2.0 seconds. (32) Received Access-Request Id 143 from 172.17.40.182:1645 to 0.0.0.0:1812 length 69 (32) NAS-IP-Address = 172.17.40.182 (32) NAS-Port-Type = Async (32) User-Name = "10.10.8.141" (32) User-Password = "cisco" (32) Service-Type = Outbound-User (32) # Executing section authorize from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (32) authorize { (32) policy filter_username { (32) if (&User-Name) { (32) if (&User-Name) -> TRUE (32) if (&User-Name) { (32) if (&User-Name =~ / /) { (32) if (&User-Name =~ / /) -> FALSE (32) if (&User-Name =~ /@[^@]*@/ ) { (32) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (32) if (&User-Name =~ /\.\./ ) { (32) if (&User-Name =~ /\.\./ ) -> FALSE (32) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (32) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (32) if (&User-Name =~ /\.$/) { (32) if (&User-Name =~ /\.$/) -> FALSE (32) if (&User-Name =~ /@\./) { (32) if (&User-Name =~ /@\./) -> FALSE (32) } # if (&User-Name) = notfound (32) } # policy filter_username = notfound (32) [preprocess] = ok (32) [chap] = noop (32) [mschap] = noop (32) [digest] = noop (32) suffix: Checking for suffix after "@" (32) suffix: No '@' in User-Name = "10.10.8.141", looking up realm NULL (32) suffix: No such realm "NULL" (32) [suffix] = noop (32) eap: No EAP-Message, not doing EAP (32) [eap] = noop (32) [files] = noop rlm_sql (sql): Reserved connection (7) (32) sql: EXPAND SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id (32) sql: --> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (32) sql: Executing select query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (32) sql: ERROR: Error fetching row (32) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (32) sql: EXPAND SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' (32) sql: --> SELECT GroupName FROM usergroup WHERE UserName='' (32) sql: Executing select query: SELECT GroupName FROM usergroup WHERE UserName='' (32) sql: ERROR: Error fetching row (32) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (32) sql: User not found in any groups rlm_sql (sql): Released connection (7) (32) [sql] = notfound (32) [expiration] = noop (32) [logintime] = noop (32) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (32) pap: WARNING: Authentication will fail unless a "known good" password is available (32) [pap] = noop (32) } # authorize = ok (32) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (32) Failed to authenticate the user (32) Using Post-Auth-Type Reject (32) # Executing group from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (32) Post-Auth-Type REJECT { (32) sql: EXPAND .query (32) sql: --> .query (32) sql: Using query template 'query' rlm_sql (sql): Reserved connection (1) (32) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS')) (32) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.8.141', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:24','YYYY-MM-DDHH24:MI:SS')) (32) sql: EXPAND /usr/local/freeradius3/var/log/radius/sqllog.sql (32) sql: --> /usr/local/freeradius3/var/log/radius/sqllog.sql (32) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.8.141', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:24','YYYY-MM-DDHH24:MI:SS')) rlm_sql_oracle: execute query failed in sql_query rlm_sql_oracle: OCI_SERVER_NORMAL (32) sql: SQL query returned: (32) sql: 0 record(s) updated (32) sql: No additional queries configured rlm_sql (sql): Released connection (1) (32) [sql] = noop (32) attr_filter.access_reject: EXPAND %{User-Name} (32) attr_filter.access_reject: --> 10.10.8.141 (32) attr_filter.access_reject: Matched entry DEFAULT at line 11 (32) [attr_filter.access_reject] = updated (32) [eap] = noop (32) policy remove_reply_message_if_eap { (32) if (&reply:EAP-Message && &reply:Reply-Message) { (32) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (32) else { (32) [noop] = noop (32) } # else = noop (32) } # policy remove_reply_message_if_eap = noop (32) } # Post-Auth-Type REJECT = updated (32) Delaying response for 1.000000 seconds Waking up in 0.6 seconds. Waking up in 0.2 seconds. (30) Cleaning up request packet ID 141 with timestamp +60 Waking up in 0.1 seconds. (32) Sending delayed response (32) Sent Access-Reject Id 143 from 0.0.0.0:1812 to 172.17.40.182:1645 length 20 Waking up in 0.8 seconds. (31) Cleaning up request packet ID 142 with timestamp +60 Waking up in 3.1 seconds. (32) Cleaning up request packet ID 143 with timestamp +64 Ready to process requests (33) Received Access-Request Id 144 from 172.17.40.182:1645 to 0.0.0.0:1812 length 69 (33) NAS-IP-Address = 172.17.40.182 (33) NAS-Port-Type = Async (33) User-Name = "10.10.4.203" (33) User-Password = "cisco" (33) Service-Type = Outbound-User (33) # Executing section authorize from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (33) authorize { (33) policy filter_username { (33) if (&User-Name) { (33) if (&User-Name) -> TRUE (33) if (&User-Name) { (33) if (&User-Name =~ / /) { (33) if (&User-Name =~ / /) -> FALSE (33) if (&User-Name =~ /@[^@]*@/ ) { (33) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (33) if (&User-Name =~ /\.\./ ) { (33) if (&User-Name =~ /\.\./ ) -> FALSE (33) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (33) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (33) if (&User-Name =~ /\.$/) { (33) if (&User-Name =~ /\.$/) -> FALSE (33) if (&User-Name =~ /@\./) { (33) if (&User-Name =~ /@\./) -> FALSE (33) } # if (&User-Name) = notfound (33) } # policy filter_username = notfound (33) [preprocess] = ok (33) [chap] = noop (33) [mschap] = noop (33) [digest] = noop (33) suffix: Checking for suffix after "@" (33) suffix: No '@' in User-Name = "10.10.4.203", looking up realm NULL (33) suffix: No such realm "NULL" (33) [suffix] = noop (33) eap: No EAP-Message, not doing EAP (33) [eap] = noop (33) [files] = noop rlm_sql (sql): Reserved connection (2) (33) sql: EXPAND SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id (33) sql: --> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (33) sql: Executing select query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (33) sql: ERROR: Error fetching row (33) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (33) sql: EXPAND SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' (33) sql: --> SELECT GroupName FROM usergroup WHERE UserName='' (33) sql: Executing select query: SELECT GroupName FROM usergroup WHERE UserName='' (33) sql: ERROR: Error fetching row (33) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (33) sql: User not found in any groups rlm_sql (sql): Released connection (2) (33) [sql] = notfound (33) [expiration] = noop (33) [logintime] = noop (33) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (33) pap: WARNING: Authentication will fail unless a "known good" password is available (33) [pap] = noop (33) } # authorize = ok (33) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (33) Failed to authenticate the user (33) Using Post-Auth-Type Reject (33) # Executing group from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (33) Post-Auth-Type REJECT { (33) sql: EXPAND .query (33) sql: --> .query (33) sql: Using query template 'query' rlm_sql (sql): Reserved connection (3) (33) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS')) (33) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.4.203', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:32','YYYY-MM-DDHH24:MI:SS')) (33) sql: EXPAND /usr/local/freeradius3/var/log/radius/sqllog.sql (33) sql: --> /usr/local/freeradius3/var/log/radius/sqllog.sql (33) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.4.203', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:32','YYYY-MM-DDHH24:MI:SS')) rlm_sql_oracle: execute query failed in sql_query rlm_sql_oracle: OCI_SERVER_NORMAL (33) sql: SQL query returned: (33) sql: 0 record(s) updated (33) sql: No additional queries configured rlm_sql (sql): Released connection (3) (33) [sql] = noop (33) attr_filter.access_reject: EXPAND %{User-Name} (33) attr_filter.access_reject: --> 10.10.4.203 (33) attr_filter.access_reject: Matched entry DEFAULT at line 11 (33) [attr_filter.access_reject] = updated (33) [eap] = noop (33) policy remove_reply_message_if_eap { (33) if (&reply:EAP-Message && &reply:Reply-Message) { (33) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (33) else { (33) [noop] = noop (33) } # else = noop (33) } # policy remove_reply_message_if_eap = noop (33) } # Post-Auth-Type REJECT = updated (33) Delaying response for 1.000000 seconds Waking up in 0.4 seconds. (34) Received Access-Request Id 145 from 172.17.40.182:1645 to 0.0.0.0:1812 length 68 (34) NAS-IP-Address = 172.17.40.182 (34) NAS-Port-Type = Async (34) User-Name = "10.10.1.36" (34) User-Password = "cisco" (34) Service-Type = Outbound-User (34) # Executing section authorize from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (34) authorize { (34) policy filter_username { (34) if (&User-Name) { (34) if (&User-Name) -> TRUE (34) if (&User-Name) { (34) if (&User-Name =~ / /) { (34) if (&User-Name =~ / /) -> FALSE (34) if (&User-Name =~ /@[^@]*@/ ) { (34) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (34) if (&User-Name =~ /\.\./ ) { (34) if (&User-Name =~ /\.\./ ) -> FALSE (34) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (34) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (34) if (&User-Name =~ /\.$/) { (34) if (&User-Name =~ /\.$/) -> FALSE (34) if (&User-Name =~ /@\./) { (34) if (&User-Name =~ /@\./) -> FALSE (34) } # if (&User-Name) = notfound (34) } # policy filter_username = notfound (34) [preprocess] = ok (34) [chap] = noop (34) [mschap] = noop (34) [digest] = noop (34) suffix: Checking for suffix after "@" (34) suffix: No '@' in User-Name = "10.10.1.36", looking up realm NULL (34) suffix: No such realm "NULL" (34) [suffix] = noop (34) eap: No EAP-Message, not doing EAP (34) [eap] = noop (34) [files] = noop rlm_sql (sql): Reserved connection (4) (34) sql: EXPAND SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id (34) sql: --> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (34) sql: Executing select query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (34) sql: ERROR: Error fetching row (34) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (34) sql: EXPAND SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' (34) sql: --> SELECT GroupName FROM usergroup WHERE UserName='' (34) sql: Executing select query: SELECT GroupName FROM usergroup WHERE UserName='' (34) sql: ERROR: Error fetching row (34) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (34) sql: User not found in any groups rlm_sql (sql): Released connection (4) (34) [sql] = notfound (34) [expiration] = noop (34) [logintime] = noop (34) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (34) pap: WARNING: Authentication will fail unless a "known good" password is available (34) [pap] = noop (34) } # authorize = ok (34) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (34) Failed to authenticate the user (34) Using Post-Auth-Type Reject (34) # Executing group from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (34) Post-Auth-Type REJECT { (34) sql: EXPAND .query (34) sql: --> .query (34) sql: Using query template 'query' rlm_sql (sql): Reserved connection (8) (34) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS')) (34) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.1.36', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:32','YYYY-MM-DDHH24:MI:SS')) (34) sql: EXPAND /usr/local/freeradius3/var/log/radius/sqllog.sql (34) sql: --> /usr/local/freeradius3/var/log/radius/sqllog.sql (34) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.1.36', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:32','YYYY-MM-DDHH24:MI:SS')) rlm_sql_oracle: execute query failed in sql_query rlm_sql_oracle: OCI_SERVER_NORMAL (34) sql: SQL query returned: (34) sql: 0 record(s) updated (34) sql: No additional queries configured rlm_sql (sql): Released connection (8) (34) [sql] = noop (34) attr_filter.access_reject: EXPAND %{User-Name} (34) attr_filter.access_reject: --> 10.10.1.36 (34) attr_filter.access_reject: Matched entry DEFAULT at line 11 (34) [attr_filter.access_reject] = updated (34) [eap] = noop (34) policy remove_reply_message_if_eap { (34) if (&reply:EAP-Message && &reply:Reply-Message) { (34) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (34) else { (34) [noop] = noop (34) } # else = noop (34) } # policy remove_reply_message_if_eap = noop (34) } # Post-Auth-Type REJECT = updated (34) Delaying response for 1.000000 seconds Waking up in 0.2 seconds. Waking up in 0.3 seconds. (33) Sending delayed response (33) Sent Access-Reject Id 144 from 0.0.0.0:1812 to 172.17.40.182:1645 length 20 Waking up in 0.4 seconds. (34) Sending delayed response (34) Sent Access-Reject Id 145 from 0.0.0.0:1812 to 172.17.40.182:1645 length 20 Waking up in 3.5 seconds. (35) Received Access-Request Id 146 from 172.17.40.182:1645 to 0.0.0.0:1812 length 68 (35) NAS-IP-Address = 172.17.40.182 (35) NAS-Port-Type = Async (35) User-Name = "10.10.8.31" (35) User-Password = "cisco" (35) Service-Type = Outbound-User (35) # Executing section authorize from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (35) authorize { (35) policy filter_username { (35) if (&User-Name) { (35) if (&User-Name) -> TRUE (35) if (&User-Name) { (35) if (&User-Name =~ / /) { (35) if (&User-Name =~ / /) -> FALSE (35) if (&User-Name =~ /@[^@]*@/ ) { (35) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (35) if (&User-Name =~ /\.\./ ) { (35) if (&User-Name =~ /\.\./ ) -> FALSE (35) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (35) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (35) if (&User-Name =~ /\.$/) { (35) if (&User-Name =~ /\.$/) -> FALSE (35) if (&User-Name =~ /@\./) { (35) if (&User-Name =~ /@\./) -> FALSE (35) } # if (&User-Name) = notfound (35) } # policy filter_username = notfound (35) [preprocess] = ok (35) [chap] = noop (35) [mschap] = noop (35) [digest] = noop (35) suffix: Checking for suffix after "@" (35) suffix: No '@' in User-Name = "10.10.8.31", looking up realm NULL (35) suffix: No such realm "NULL" (35) [suffix] = noop (35) eap: No EAP-Message, not doing EAP (35) [eap] = noop (35) [files] = noop rlm_sql (sql): Reserved connection (6) (35) sql: EXPAND SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id (35) sql: --> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (35) sql: Executing select query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (35) sql: ERROR: Error fetching row (35) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (35) sql: EXPAND SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' (35) sql: --> SELECT GroupName FROM usergroup WHERE UserName='' (35) sql: Executing select query: SELECT GroupName FROM usergroup WHERE UserName='' (35) sql: ERROR: Error fetching row (35) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (35) sql: User not found in any groups rlm_sql (sql): Released connection (6) (35) [sql] = notfound (35) [expiration] = noop (35) [logintime] = noop (35) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (35) pap: WARNING: Authentication will fail unless a "known good" password is available (35) [pap] = noop (35) } # authorize = ok (35) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (35) Failed to authenticate the user (35) Using Post-Auth-Type Reject (35) # Executing group from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (35) Post-Auth-Type REJECT { (35) sql: EXPAND .query (35) sql: --> .query (35) sql: Using query template 'query' rlm_sql (sql): Reserved connection (0) (35) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS')) (35) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.8.31', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:34','YYYY-MM-DDHH24:MI:SS')) (35) sql: EXPAND /usr/local/freeradius3/var/log/radius/sqllog.sql (35) sql: --> /usr/local/freeradius3/var/log/radius/sqllog.sql (35) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.8.31', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:34','YYYY-MM-DDHH24:MI:SS')) rlm_sql_oracle: execute query failed in sql_query rlm_sql_oracle: OCI_SERVER_NORMAL (35) sql: SQL query returned: (35) sql: 0 record(s) updated (35) sql: No additional queries configured rlm_sql (sql): Released connection (0) (35) [sql] = noop (35) attr_filter.access_reject: EXPAND %{User-Name} (35) attr_filter.access_reject: --> 10.10.8.31 (35) attr_filter.access_reject: Matched entry DEFAULT at line 11 (35) [attr_filter.access_reject] = updated (35) [eap] = noop (35) policy remove_reply_message_if_eap { (35) if (&reply:EAP-Message && &reply:Reply-Message) { (35) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (35) else { (35) [noop] = noop (35) } # else = noop (35) } # policy remove_reply_message_if_eap = noop (35) } # Post-Auth-Type REJECT = updated (35) Delaying response for 1.000000 seconds Waking up in 0.4 seconds. Waking up in 0.5 seconds. (35) Sending delayed response (35) Sent Access-Reject Id 146 from 0.0.0.0:1812 to 172.17.40.182:1645 length 20 Waking up in 2.1 seconds. (33) Cleaning up request packet ID 144 with timestamp +72 Waking up in 0.4 seconds. (34) Cleaning up request packet ID 145 with timestamp +72 Waking up in 1.4 seconds. (36) Received Access-Request Id 147 from 172.17.40.182:1645 to 0.0.0.0:1812 length 68 (36) NAS-IP-Address = 172.17.40.182 (36) NAS-Port-Type = Async (36) User-Name = "10.10.8.31" (36) User-Password = "cisco" (36) Service-Type = Outbound-User (36) # Executing section authorize from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (36) authorize { (36) policy filter_username { (36) if (&User-Name) { (36) if (&User-Name) -> TRUE (36) if (&User-Name) { (36) if (&User-Name =~ / /) { (36) if (&User-Name =~ / /) -> FALSE (36) if (&User-Name =~ /@[^@]*@/ ) { (36) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (36) if (&User-Name =~ /\.\./ ) { (36) if (&User-Name =~ /\.\./ ) -> FALSE (36) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (36) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (36) if (&User-Name =~ /\.$/) { (36) if (&User-Name =~ /\.$/) -> FALSE (36) if (&User-Name =~ /@\./) { (36) if (&User-Name =~ /@\./) -> FALSE (36) } # if (&User-Name) = notfound (36) } # policy filter_username = notfound (36) [preprocess] = ok (36) [chap] = noop (36) [mschap] = noop (36) [digest] = noop (36) suffix: Checking for suffix after "@" (36) suffix: No '@' in User-Name = "10.10.8.31", looking up realm NULL (36) suffix: No such realm "NULL" (36) [suffix] = noop (36) eap: No EAP-Message, not doing EAP (36) [eap] = noop (36) [files] = noop rlm_sql (sql): Reserved connection (9) (36) sql: EXPAND SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id (36) sql: --> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (36) sql: Executing select query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (36) sql: ERROR: Error fetching row (36) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (36) sql: EXPAND SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' (36) sql: --> SELECT GroupName FROM usergroup WHERE UserName='' (36) sql: Executing select query: SELECT GroupName FROM usergroup WHERE UserName='' (36) sql: ERROR: Error fetching row (36) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (36) sql: User not found in any groups rlm_sql (sql): Released connection (9) (36) [sql] = notfound (36) [expiration] = noop (36) [logintime] = noop (36) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (36) pap: WARNING: Authentication will fail unless a "known good" password is available (36) [pap] = noop (36) } # authorize = ok (36) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (36) Failed to authenticate the user (36) Using Post-Auth-Type Reject (36) # Executing group from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (36) Post-Auth-Type REJECT { (36) sql: EXPAND .query (36) sql: --> .query (36) sql: Using query template 'query' rlm_sql (sql): Reserved connection (5) (36) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS')) (36) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.8.31', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:39','YYYY-MM-DDHH24:MI:SS')) (36) sql: EXPAND /usr/local/freeradius3/var/log/radius/sqllog.sql (36) sql: --> /usr/local/freeradius3/var/log/radius/sqllog.sql (36) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.8.31', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:39','YYYY-MM-DDHH24:MI:SS')) rlm_sql_oracle: execute query failed in sql_query rlm_sql_oracle: OCI_SERVER_NORMAL (36) sql: SQL query returned: (36) sql: 0 record(s) updated (36) sql: No additional queries configured rlm_sql (sql): Released connection (5) (36) [sql] = noop (36) attr_filter.access_reject: EXPAND %{User-Name} (36) attr_filter.access_reject: --> 10.10.8.31 (36) attr_filter.access_reject: Matched entry DEFAULT at line 11 (36) [attr_filter.access_reject] = updated (36) [eap] = noop (36) policy remove_reply_message_if_eap { (36) if (&reply:EAP-Message && &reply:Reply-Message) { (36) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (36) else { (36) [noop] = noop (36) } # else = noop (36) } # policy remove_reply_message_if_eap = noop (36) } # Post-Auth-Type REJECT = updated (36) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. (35) Cleaning up request packet ID 146 with timestamp +74 Waking up in 0.1 seconds. Waking up in 0.4 seconds. (36) Sending delayed response (36) Sent Access-Reject Id 147 from 0.0.0.0:1812 to 172.17.40.182:1645 length 20 Waking up in 3.9 seconds. (37) Received Access-Request Id 148 from 172.17.40.182:1645 to 0.0.0.0:1812 length 67 (37) NAS-IP-Address = 172.17.40.182 (37) NAS-Port-Type = Async (37) User-Name = "10.10.7.6" (37) User-Password = "cisco" (37) Service-Type = Outbound-User (37) # Executing section authorize from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (37) authorize { (37) policy filter_username { (37) if (&User-Name) { (37) if (&User-Name) -> TRUE (37) if (&User-Name) { (37) if (&User-Name =~ / /) { (37) if (&User-Name =~ / /) -> FALSE (37) if (&User-Name =~ /@[^@]*@/ ) { (37) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (37) if (&User-Name =~ /\.\./ ) { (37) if (&User-Name =~ /\.\./ ) -> FALSE (37) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (37) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (37) if (&User-Name =~ /\.$/) { (37) if (&User-Name =~ /\.$/) -> FALSE (37) if (&User-Name =~ /@\./) { (37) if (&User-Name =~ /@\./) -> FALSE (37) } # if (&User-Name) = notfound (37) } # policy filter_username = notfound (37) [preprocess] = ok (37) [chap] = noop (37) [mschap] = noop (37) [digest] = noop (37) suffix: Checking for suffix after "@" (37) suffix: No '@' in User-Name = "10.10.7.6", looking up realm NULL (37) suffix: No such realm "NULL" (37) [suffix] = noop (37) eap: No EAP-Message, not doing EAP (37) [eap] = noop (37) [files] = noop rlm_sql (sql): Reserved connection (7) (37) sql: EXPAND SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id (37) sql: --> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (37) sql: Executing select query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (37) sql: ERROR: Error fetching row (37) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (37) sql: EXPAND SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' (37) sql: --> SELECT GroupName FROM usergroup WHERE UserName='' (37) sql: Executing select query: SELECT GroupName FROM usergroup WHERE UserName='' (37) sql: ERROR: Error fetching row (37) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (37) sql: User not found in any groups rlm_sql (sql): Released connection (7) (37) [sql] = notfound (37) [expiration] = noop (37) [logintime] = noop (37) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (37) pap: WARNING: Authentication will fail unless a "known good" password is available (37) [pap] = noop (37) } # authorize = ok (37) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (37) Failed to authenticate the user (37) Using Post-Auth-Type Reject (37) # Executing group from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (37) Post-Auth-Type REJECT { (37) sql: EXPAND .query (37) sql: --> .query (37) sql: Using query template 'query' rlm_sql (sql): Reserved connection (1) (37) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS')) (37) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.7.6', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:42','YYYY-MM-DDHH24:MI:SS')) (37) sql: EXPAND /usr/local/freeradius3/var/log/radius/sqllog.sql (37) sql: --> /usr/local/freeradius3/var/log/radius/sqllog.sql (37) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.7.6', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:42','YYYY-MM-DDHH24:MI:SS')) rlm_sql_oracle: execute query failed in sql_query rlm_sql_oracle: OCI_SERVER_NORMAL (37) sql: SQL query returned: (37) sql: 0 record(s) updated (37) sql: No additional queries configured rlm_sql (sql): Released connection (1) (37) [sql] = noop (37) attr_filter.access_reject: EXPAND %{User-Name} (37) attr_filter.access_reject: --> 10.10.7.6 (37) attr_filter.access_reject: Matched entry DEFAULT at line 11 (37) [attr_filter.access_reject] = updated (37) [eap] = noop (37) policy remove_reply_message_if_eap { (37) if (&reply:EAP-Message && &reply:Reply-Message) { (37) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (37) else { (37) [noop] = noop (37) } # else = noop (37) } # policy remove_reply_message_if_eap = noop (37) } # Post-Auth-Type REJECT = updated (37) Delaying response for 1.000000 seconds Waking up in 0.6 seconds. Waking up in 0.3 seconds. (37) Sending delayed response (37) Sent Access-Reject Id 148 from 0.0.0.0:1812 to 172.17.40.182:1645 length 20 Waking up in 0.8 seconds. (36) Cleaning up request packet ID 147 with timestamp +79 Waking up in 3.1 seconds. (38) Received Access-Request Id 149 from 172.17.40.182:1645 to 0.0.0.0:1812 length 69 (38) NAS-IP-Address = 172.17.40.182 (38) NAS-Port-Type = Async (38) User-Name = "10.10.3.181" (38) User-Password = "cisco" (38) Service-Type = Outbound-User (38) # Executing section authorize from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (38) authorize { (38) policy filter_username { (38) if (&User-Name) { (38) if (&User-Name) -> TRUE (38) if (&User-Name) { (38) if (&User-Name =~ / /) { (38) if (&User-Name =~ / /) -> FALSE (38) if (&User-Name =~ /@[^@]*@/ ) { (38) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (38) if (&User-Name =~ /\.\./ ) { (38) if (&User-Name =~ /\.\./ ) -> FALSE (38) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (38) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (38) if (&User-Name =~ /\.$/) { (38) if (&User-Name =~ /\.$/) -> FALSE (38) if (&User-Name =~ /@\./) { (38) if (&User-Name =~ /@\./) -> FALSE (38) } # if (&User-Name) = notfound (38) } # policy filter_username = notfound (38) [preprocess] = ok (38) [chap] = noop (38) [mschap] = noop (38) [digest] = noop (38) suffix: Checking for suffix after "@" (38) suffix: No '@' in User-Name = "10.10.3.181", looking up realm NULL (38) suffix: No such realm "NULL" (38) [suffix] = noop (38) eap: No EAP-Message, not doing EAP (38) [eap] = noop (38) [files] = noop rlm_sql (sql): Reserved connection (2) (38) sql: EXPAND SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id (38) sql: --> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (38) sql: Executing select query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (38) sql: ERROR: Error fetching row (38) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (38) sql: EXPAND SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' (38) sql: --> SELECT GroupName FROM usergroup WHERE UserName='' (38) sql: Executing select query: SELECT GroupName FROM usergroup WHERE UserName='' (38) sql: ERROR: Error fetching row (38) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (38) sql: User not found in any groups rlm_sql (sql): Released connection (2) (38) [sql] = notfound (38) [expiration] = noop (38) [logintime] = noop (38) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (38) pap: WARNING: Authentication will fail unless a "known good" password is available (38) [pap] = noop (38) } # authorize = ok (38) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (38) Failed to authenticate the user (38) Using Post-Auth-Type Reject (38) # Executing group from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (38) Post-Auth-Type REJECT { (38) sql: EXPAND .query (38) sql: --> .query (38) sql: Using query template 'query' rlm_sql (sql): Reserved connection (3) (38) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS')) (38) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.3.181', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:44','YYYY-MM-DDHH24:MI:SS')) (38) sql: EXPAND /usr/local/freeradius3/var/log/radius/sqllog.sql (38) sql: --> /usr/local/freeradius3/var/log/radius/sqllog.sql (38) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.3.181', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:44','YYYY-MM-DDHH24:MI:SS')) rlm_sql_oracle: execute query failed in sql_query rlm_sql_oracle: OCI_SERVER_NORMAL (38) sql: SQL query returned: (38) sql: 0 record(s) updated (38) sql: No additional queries configured rlm_sql (sql): Released connection (3) (38) [sql] = noop (38) attr_filter.access_reject: EXPAND %{User-Name} (38) attr_filter.access_reject: --> 10.10.3.181 (38) attr_filter.access_reject: Matched entry DEFAULT at line 11 (38) [attr_filter.access_reject] = updated (38) [eap] = noop (38) policy remove_reply_message_if_eap { (38) if (&reply:EAP-Message && &reply:Reply-Message) { (38) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (38) else { (38) [noop] = noop (38) } # else = noop (38) } # policy remove_reply_message_if_eap = noop (38) } # Post-Auth-Type REJECT = updated (38) Delaying response for 1.000000 seconds Waking up in 0.5 seconds. Waking up in 0.4 seconds. (38) Sending delayed response (38) Sent Access-Reject Id 149 from 0.0.0.0:1812 to 172.17.40.182:1645 length 20 Waking up in 1.7 seconds. (37) Cleaning up request packet ID 148 with timestamp +82 Waking up in 2.2 seconds. (38) Cleaning up request packet ID 149 with timestamp +84 Ready to process requests (39) Received Access-Request Id 150 from 172.17.40.182:1645 to 0.0.0.0:1812 length 67 (39) NAS-IP-Address = 172.17.40.182 (39) NAS-Port-Type = Async (39) User-Name = "10.10.7.6" (39) User-Password = "cisco" (39) Service-Type = Outbound-User (39) # Executing section authorize from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (39) authorize { (39) policy filter_username { (39) if (&User-Name) { (39) if (&User-Name) -> TRUE (39) if (&User-Name) { (39) if (&User-Name =~ / /) { (39) if (&User-Name =~ / /) -> FALSE (39) if (&User-Name =~ /@[^@]*@/ ) { (39) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (39) if (&User-Name =~ /\.\./ ) { (39) if (&User-Name =~ /\.\./ ) -> FALSE (39) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (39) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (39) if (&User-Name =~ /\.$/) { (39) if (&User-Name =~ /\.$/) -> FALSE (39) if (&User-Name =~ /@\./) { (39) if (&User-Name =~ /@\./) -> FALSE (39) } # if (&User-Name) = notfound (39) } # policy filter_username = notfound (39) [preprocess] = ok (39) [chap] = noop (39) [mschap] = noop (39) [digest] = noop (39) suffix: Checking for suffix after "@" (39) suffix: No '@' in User-Name = "10.10.7.6", looking up realm NULL (39) suffix: No such realm "NULL" (39) [suffix] = noop (39) eap: No EAP-Message, not doing EAP (39) [eap] = noop (39) [files] = noop rlm_sql (sql): Reserved connection (4) (39) sql: EXPAND SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id (39) sql: --> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (39) sql: Executing select query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (39) sql: ERROR: Error fetching row (39) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (39) sql: EXPAND SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' (39) sql: --> SELECT GroupName FROM usergroup WHERE UserName='' (39) sql: Executing select query: SELECT GroupName FROM usergroup WHERE UserName='' (39) sql: ERROR: Error fetching row (39) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (39) sql: User not found in any groups rlm_sql (sql): Released connection (4) (39) [sql] = notfound (39) [expiration] = noop (39) [logintime] = noop (39) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (39) pap: WARNING: Authentication will fail unless a "known good" password is available (39) [pap] = noop (39) } # authorize = ok (39) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (39) Failed to authenticate the user (39) Using Post-Auth-Type Reject (39) # Executing group from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (39) Post-Auth-Type REJECT { (39) sql: EXPAND .query (39) sql: --> .query (39) sql: Using query template 'query' rlm_sql (sql): Reserved connection (8) (39) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS')) (39) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.7.6', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:51','YYYY-MM-DDHH24:MI:SS')) (39) sql: EXPAND /usr/local/freeradius3/var/log/radius/sqllog.sql (39) sql: --> /usr/local/freeradius3/var/log/radius/sqllog.sql (39) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.7.6', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:51','YYYY-MM-DDHH24:MI:SS')) rlm_sql_oracle: execute query failed in sql_query rlm_sql_oracle: OCI_SERVER_NORMAL (39) sql: SQL query returned: (39) sql: 0 record(s) updated (39) sql: No additional queries configured rlm_sql (sql): Released connection (8) (39) [sql] = noop (39) attr_filter.access_reject: EXPAND %{User-Name} (39) attr_filter.access_reject: --> 10.10.7.6 (39) attr_filter.access_reject: Matched entry DEFAULT at line 11 (39) [attr_filter.access_reject] = updated (39) [eap] = noop (39) policy remove_reply_message_if_eap { (39) if (&reply:EAP-Message && &reply:Reply-Message) { (39) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (39) else { (39) [noop] = noop (39) } # else = noop (39) } # policy remove_reply_message_if_eap = noop (39) } # Post-Auth-Type REJECT = updated (39) Delaying response for 1.000000 seconds Waking up in 0.5 seconds. Waking up in 0.4 seconds. (39) Sending delayed response (39) Sent Access-Reject Id 150 from 0.0.0.0:1812 to 172.17.40.182:1645 length 20 Waking up in 3.9 seconds. (40) Received Access-Request Id 151 from 172.17.40.182:1645 to 0.0.0.0:1812 length 69 (40) NAS-IP-Address = 172.17.40.182 (40) NAS-Port-Type = Async (40) User-Name = "10.10.9.116" (40) User-Password = "cisco" (40) Service-Type = Outbound-User (40) # Executing section authorize from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (40) authorize { (40) policy filter_username { (40) if (&User-Name) { (40) if (&User-Name) -> TRUE (40) if (&User-Name) { (40) if (&User-Name =~ / /) { (40) if (&User-Name =~ / /) -> FALSE (40) if (&User-Name =~ /@[^@]*@/ ) { (40) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (40) if (&User-Name =~ /\.\./ ) { (40) if (&User-Name =~ /\.\./ ) -> FALSE (40) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (40) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (40) if (&User-Name =~ /\.$/) { (40) if (&User-Name =~ /\.$/) -> FALSE (40) if (&User-Name =~ /@\./) { (40) if (&User-Name =~ /@\./) -> FALSE (40) } # if (&User-Name) = notfound (40) } # policy filter_username = notfound (40) [preprocess] = ok (40) [chap] = noop (40) [mschap] = noop (40) [digest] = noop (40) suffix: Checking for suffix after "@" (40) suffix: No '@' in User-Name = "10.10.9.116", looking up realm NULL (40) suffix: No such realm "NULL" (40) [suffix] = noop (40) eap: No EAP-Message, not doing EAP (40) [eap] = noop (40) [files] = noop rlm_sql (sql): Reserved connection (6) (40) sql: EXPAND SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id (40) sql: --> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (40) sql: Executing select query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (40) sql: ERROR: Error fetching row (40) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (40) sql: EXPAND SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' (40) sql: --> SELECT GroupName FROM usergroup WHERE UserName='' (40) sql: Executing select query: SELECT GroupName FROM usergroup WHERE UserName='' (40) sql: ERROR: Error fetching row (40) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (40) sql: User not found in any groups rlm_sql (sql): Released connection (6) (40) [sql] = notfound (40) [expiration] = noop (40) [logintime] = noop (40) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (40) pap: WARNING: Authentication will fail unless a "known good" password is available (40) [pap] = noop (40) } # authorize = ok (40) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (40) Failed to authenticate the user (40) Using Post-Auth-Type Reject (40) # Executing group from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (40) Post-Auth-Type REJECT { (40) sql: EXPAND .query (40) sql: --> .query (40) sql: Using query template 'query' rlm_sql (sql): Reserved connection (0) (40) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS')) (40) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.9.116', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:56','YYYY-MM-DDHH24:MI:SS')) (40) sql: EXPAND /usr/local/freeradius3/var/log/radius/sqllog.sql (40) sql: --> /usr/local/freeradius3/var/log/radius/sqllog.sql (40) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.9.116', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:56','YYYY-MM-DDHH24:MI:SS')) rlm_sql_oracle: execute query failed in sql_query rlm_sql_oracle: OCI_SERVER_NORMAL (40) sql: SQL query returned: (40) sql: 0 record(s) updated (40) sql: No additional queries configured rlm_sql (sql): Released connection (0) (40) [sql] = noop (40) attr_filter.access_reject: EXPAND %{User-Name} (40) attr_filter.access_reject: --> 10.10.9.116 (40) attr_filter.access_reject: Matched entry DEFAULT at line 11 (40) [attr_filter.access_reject] = updated (40) [eap] = noop (40) policy remove_reply_message_if_eap { (40) if (&reply:EAP-Message && &reply:Reply-Message) { (40) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (40) else { (40) [noop] = noop (40) } # else = noop (40) } # policy remove_reply_message_if_eap = noop (40) } # Post-Auth-Type REJECT = updated (40) Delaying response for 1.000000 seconds Waking up in 0.5 seconds. (39) Cleaning up request packet ID 150 with timestamp +91 Waking up in 0.3 seconds. (40) Sending delayed response (40) Sent Access-Reject Id 151 from 0.0.0.0:1812 to 172.17.40.182:1645 length 20 Waking up in 3.9 seconds. (41) Received Access-Request Id 152 from 172.17.40.182:1645 to 0.0.0.0:1812 length 68 (41) NAS-IP-Address = 172.17.40.182 (41) NAS-Port-Type = Async (41) User-Name = "10.10.1.40" (41) User-Password = "cisco" (41) Service-Type = Outbound-User (41) # Executing section authorize from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (41) authorize { (41) policy filter_username { (41) if (&User-Name) { (41) if (&User-Name) -> TRUE (41) if (&User-Name) { (41) if (&User-Name =~ / /) { (41) if (&User-Name =~ / /) -> FALSE (41) if (&User-Name =~ /@[^@]*@/ ) { (41) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (41) if (&User-Name =~ /\.\./ ) { (41) if (&User-Name =~ /\.\./ ) -> FALSE (41) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (41) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (41) if (&User-Name =~ /\.$/) { (41) if (&User-Name =~ /\.$/) -> FALSE (41) if (&User-Name =~ /@\./) { (41) if (&User-Name =~ /@\./) -> FALSE (41) } # if (&User-Name) = notfound (41) } # policy filter_username = notfound (41) [preprocess] = ok (41) [chap] = noop (41) [mschap] = noop (41) [digest] = noop (41) suffix: Checking for suffix after "@" (41) suffix: No '@' in User-Name = "10.10.1.40", looking up realm NULL (41) suffix: No such realm "NULL" (41) [suffix] = noop (41) eap: No EAP-Message, not doing EAP (41) [eap] = noop (41) [files] = noop rlm_sql (sql): Reserved connection (9) (41) sql: EXPAND SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id (41) sql: --> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (41) sql: Executing select query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '' ORDER BY id (41) sql: ERROR: Error fetching row (41) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (41) sql: EXPAND SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' (41) sql: --> SELECT GroupName FROM usergroup WHERE UserName='' (41) sql: Executing select query: SELECT GroupName FROM usergroup WHERE UserName='' (41) sql: ERROR: Error fetching row (41) sql: ERROR: rlm_sql_oracle: ORA-01403: no data found (41) sql: User not found in any groups rlm_sql (sql): Released connection (9) (41) [sql] = notfound (41) [expiration] = noop (41) [logintime] = noop (41) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (41) pap: WARNING: Authentication will fail unless a "known good" password is available (41) [pap] = noop (41) } # authorize = ok (41) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (41) Failed to authenticate the user (41) Using Post-Auth-Type Reject (41) # Executing group from file /usr/local/freeradius3/etc/raddb/sites-enabled/default (41) Post-Auth-Type REJECT { (41) sql: EXPAND .query (41) sql: --> .query (41) sql: Using query template 'query' rlm_sql (sql): Reserved connection (5) (41) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', TO_TIMESTAMP('%S','YYYY-MM-DDHH24:MI:SS')) (41) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.1.40', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:59','YYYY-MM-DDHH24:MI:SS')) (41) sql: EXPAND /usr/local/freeradius3/var/log/radius/sqllog.sql (41) sql: --> /usr/local/freeradius3/var/log/radius/sqllog.sql (41) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('10.10.1.40', 'cisco', 'Access-Reject', TO_TIMESTAMP('2016-11-05 19:04:59','YYYY-MM-DDHH24:MI:SS')) rlm_sql_oracle: execute query failed in sql_query rlm_sql_oracle: OCI_SERVER_NORMAL (41) sql: SQL query returned: (41) sql: 0 record(s) updated (41) sql: No additional queries configured rlm_sql (sql): Released connection (5) (41) [sql] = noop (41) attr_filter.access_reject: EXPAND %{User-Name} (41) attr_filter.access_reject: --> 10.10.1.40 (41) attr_filter.access_reject: Matched entry DEFAULT at line 11 (41) [attr_filter.access_reject] = updated (41) [eap] = noop (41) policy remove_reply_message_if_eap { (41) if (&reply:EAP-Message && &reply:Reply-Message) { (41) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (41) else { (41) [noop] = noop (41) } # else = noop