Hi , Find logs captured from radius debug: Tue Mar 3 09:49:19 2015 : Debug: (0) Received Access-Request Id 188 from 127.0.0.1:36625 to 127.0.0.1:1812 length 161 Tue Mar 3 09:49:19 2015 : Debug: (0) User-Name = ' 1310260xxxxxxxxx@wlan.mnc260.mcc310.3gppnetwork.org' Tue Mar 3 09:49:19 2015 : Debug: (0) NAS-IP-Address = 127.0.0.1 Tue Mar 3 09:49:19 2015 : Debug: (0) Message-Authenticator = 0x00de7e3a6321fba27f27713901f8ec76 Tue Mar 3 09:49:19 2015 : Debug: (0) NAS-Port = 0 Tue Mar 3 09:49:19 2015 : Debug: (0) EAP-Message = 0x02bb0038013133313032363035383033353332363240776c616e2e6d6e633236302e6d63633331302e336770706e6574776f726b2e6f7267 Tue Mar 3 09:49:19 2015 : Debug: (0) session-state: No State attribute Tue Mar 3 09:49:19 2015 : Debug: (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Tue Mar 3 09:49:19 2015 : Debug: (0) authorize { Tue Mar 3 09:49:19 2015 : Debug: (0) policy filter_username { Tue Mar 3 09:49:19 2015 : Debug: (0) if (!&User-Name) { Tue Mar 3 09:49:19 2015 : Debug: (0) if (!&User-Name) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ / /) { Tue Mar 3 09:49:19 2015 : Debug: (0) No matches Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ / /) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /@.*@/ ) { Tue Mar 3 09:49:19 2015 : Debug: (0) No matches Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /@.*@/ ) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /\.\./ ) { Tue Mar 3 09:49:19 2015 : Debug: (0) No matches Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /\.\./ ) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { Tue Mar 3 09:49:19 2015 : Debug: (0) No matches Tue Mar 3 09:49:19 2015 : Debug: (0) Adding 1 matches Tue Mar 3 09:49:19 2015 : Debug: (0) Clearing 1 matches Tue Mar 3 09:49:19 2015 : Debug: (0) Adding 3 matches Tue Mar 3 09:49:19 2015 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /\.$/) { Tue Mar 3 09:49:19 2015 : Debug: (0) Clearing 3 matches Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /\.$/) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /@\./) { Tue Mar 3 09:49:19 2015 : Debug: (0) No matches Tue Mar 3 09:49:19 2015 : Debug: (0) if (&User-Name =~ /@\./) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) } # policy filter_username = notfound Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [preprocess] = ok Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling chap (rlm_chap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned from chap (rlm_chap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [chap] = noop Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [mschap] = noop Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling digest (rlm_digest) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned from digest (rlm_digest) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [digest] = noop Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling suffix (rlm_realm) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Checking for suffix after "@" Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Looking up realm " wlan.mnc260.mcc310.3gppnetwork.org" for User-Name = " 1310260580353262@wlan.mnc260.mcc310.3gppnetwork.org" Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Found realm " wlan.mnc260.mcc310.3gppnetwork.org" Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Adding Stripped-User-Name = "1310260580353262" Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Adding Realm = " wlan.mnc260.mcc310.3gppnetwork.org" Tue Mar 3 09:49:19 2015 : Debug: (0) suffix: Authentication realm is LOCAL Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [suffix] = ok Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: calling eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Peer sent code Response (2) ID 187 length 56 Tue Mar 3 09:49:19 2015 : Debug: (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authorize]: returned from eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [eap] = ok Tue Mar 3 09:49:19 2015 : Debug: (0) } # authorize = ok Tue Mar 3 09:49:19 2015 : Debug: (0) Found Auth-Type = EAP Tue Mar 3 09:49:19 2015 : Debug: (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Tue Mar 3 09:49:19 2015 : Debug: (0) authenticate { Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authenticate]: calling eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Peer sent method Identity (1) Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Calling eap_sim to process EAP data Tue Mar 3 09:49:19 2015 : ERROR: (0) eap_sim: ERROR: EAP-SIM-RAND1 not found Tue Mar 3 09:49:19 2015 : ERROR: (0) eap: ERROR: Failed starting EAP SIM (18) session. EAP sub-module failed Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Failed in EAP select Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [eap] = invalid Tue Mar 3 09:49:19 2015 : Debug: (0) } # authenticate = invalid Tue Mar 3 09:49:19 2015 : Debug: (0) Failed to authenticate the user Tue Mar 3 09:49:19 2015 : Debug: (0) Using Post-Auth-Type Reject Tue Mar 3 09:49:19 2015 : Debug: (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Tue Mar 3 09:49:19 2015 : Debug: (0) Post-Auth-Type REJECT { Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) for request 0 Tue Mar 3 09:49:19 2015 : Debug: %{User-Name} Tue Mar 3 09:49:19 2015 : Debug: Parsed xlat tree: Tue Mar 3 09:49:19 2015 : Debug: attribute --> User-Name Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: EXPAND %{User-Name} Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: --> 1310260580353262@wlan.mnc260.mcc310.3gppnetwork.org Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Matched entry DEFAULT at line 11 Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: EAP-Message = 0x04bb0004 allowed by EAP-Message =* 0x Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Attribute "EAP-Message" allowed by 1 rules, disallowed by 0 rules Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Message-Authenticator = 0x00000000000000000000000000000000 allowed by Message-Authenticator =* 0x Tue Mar 3 09:49:19 2015 : Debug: (0) attr_filter.access_reject: Attribute "Message-Authenticator" allowed by 1 rules, disallowed by 0 rules Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [attr_filter.access_reject] = updated Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: calling eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) eap: Reply already contained an EAP-Message, not inserting EAP-Failure Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: returned from eap (rlm_eap) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [eap] = noop Tue Mar 3 09:49:19 2015 : Debug: (0) policy remove_reply_message_if_eap { Tue Mar 3 09:49:19 2015 : Debug: (0) if (&reply:EAP-Message && &reply:Reply-Message) { Tue Mar 3 09:49:19 2015 : Debug: (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE Tue Mar 3 09:49:19 2015 : Debug: (0) else { Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: calling noop (rlm_always) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) modsingle[post-auth]: returned from noop (rlm_always) for request 0 Tue Mar 3 09:49:19 2015 : Debug: (0) [noop] = noop Tue Mar 3 09:49:19 2015 : Debug: (0) } # else = noop Tue Mar 3 09:49:19 2015 : Debug: (0) } # policy remove_reply_message_if_eap = noop Tue Mar 3 09:49:19 2015 : Debug: (0) } # Post-Auth-Type REJECT = updated Tue Mar 3 09:49:19 2015 : Debug: (0) Delaying response for 1.000000 seconds Tue Mar 3 09:49:19 2015 : Debug: Waking up in 0.3 seconds. Tue Mar 3 09:49:19 2015 : Debug: Waking up in 0.6 seconds. Tue Mar 3 09:49:20 2015 : Debug: (0) Sending delayed response Tue Mar 3 09:49:20 2015 : Debug: (0) Sent Access-Reject Id 188 from 127.0.0.1:1812 to 127.0.0.1:36625 length 44 Tue Mar 3 09:49:20 2015 : Debug: (0) EAP-Message = 0x04bb0004 Tue Mar 3 09:49:20 2015 : Debug: (0) Message-Authenticator = 0x00000000000000000000000000000000 Tue Mar 3 09:49:20 2015 : Debug: Waking up in 3.9 seconds. Tue Mar 3 09:49:24 2015 : Debug: (0) Cleaning up request packet ID 188 with timestamp +52 Tue Mar 3 09:49:24 2015 : Info: Ready to process requests On Mon, Mar 2, 2015 at 12:54 PM, Iliya Peregoudov <iperegudov@cboss.ru> wrote:
On 28.02.2015 12:14, Ankit Prajapati wrote:
Can some one help me ?
Post radius -X debug from server start till Access-Reject sent.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
-- -Thanks Ankit Prajapati