Broken proxy requests with 3.2.6 Docker Container image?
Hi, I am using official Freeradius Docker container for my custom container image: https://hub.docker.com/r/freeradius/freeradius-server Here is my DockerFile: FROM docker.io/freeradius/freeradius-server:3.2.6### Kullanmayacağımız Freeradius site ve modüllerini devre dışı bırakalımRUN rm -rf /etc/raddb/certs/* && \ rm -rf /etc/raddb/sites-enabled/* && \ rm -rf /etc/raddb/mods-enabled/eap && \ rm -rf /etc/raddb/mods-enabled/files && \ rm -rf /etc/raddb/mods-enabled/ldap && \ rm -rf /etc/raddb/mods-enabled/linelog && \ rm -rf /etc/raddb/mods-enabled/sql && \ rm -rf /etc/raddb/dictionaryRUN mv /etc/raddb/proxy.conf /etc/raddb/proxy.conf.orig && \ mv /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.orig && \ mv /etc/raddb/clients.conf /etc/raddb/clients.conf.orig### Bize ait özelleşmiş dosyaları yerlerine kopyalayalımWORKDIR /etc/raddbCOPY --chown=root:freerad --chmod=640 raddb/certs/* certs/COPY --chown=root:freerad --chmod=640 raddb/mods-available/* mods-available/COPY --chown=root:freerad --chmod=640 raddb/mods-config/files.etu/* mods-config/files.etu/COPY --chown=root:freerad --chmod=640 raddb/policy.d/* policy.d/COPY --chown=root:freerad --chmod=640 raddb/sites-available/* sites-available/COPY --chown=root:freerad --chmod=640 raddb/proxy.etu.conf ./COPY --chown=root:freerad --chmod=640 raddb/clients.etu.conf ./COPY --chown=root:freerad --chmod=640 raddb/dictionary ./COPY --chown=root:freerad --chmod=640 raddb/radiusd.etu.conf ./radiusd.confWORKDIR /etc/raddb/sites-enabledRUN ln -s ../sites-available/default.etu default.etu && \ ln -s ../sites-available/inner-tunnel.etu inner-tunnel.etuWORKDIR /etc/raddb/mods-enabledRUN ln -s ../mods-available/eap.etu eap.etu && \ ln -s ../mods-available/files.etu files.etu && \ ln -s ../mods-available/ldap.etu ldap.etu && \ ln -s ../mods-available/linelog.etu linelog.etu && \ ln -s ../mods-available/sql.etu sql.etuWORKDIR /etc/raddb/ It just disables unused things and copies over my custom config from my git repo. It was working without any problem until version 3.2.6. After I upgraded to 3.2.6 outgoing eduroam proxy requests all started to fail with same error: "Tue Dec 24 06:05:10 2024 : Auth: (1) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [test08@artvin.edu.tr] (from client etu_wifi_rektorluk port 0 cli 7e8623ae0401)" Returning back to the 3.2.5 version container fixes the problem. I just tried to debug the problem and started the 3.2.6 version container with "-X" but surprisingly it works ok in debug mode. It is reproducible every time. If I run the container normally without "-X" it all fails with the above error. If I run the same container with the same config with "-X" it all works as expected. Is this a known problem? I tried the official "freeradius/freeradius-dev" image with "v3.2.x" tag to see if the development image works and it works without any problem too in normal mode (without debug mode). I attach the 3.2.6 container debug mod logs if it has any value (as it is working in debug mode) Regards, Rahman Duran Bilgi İşlem Daire Başkanlığı Erzurum Teknik Üniversitesi 444 5 388 - 2730 [root@radius-test ~]# podman run --name etu-nac-debug -it -p 1812:1812/udp -p 1812:1812/udp gitlab.erzurum.edu.tr:5050/sysadmin/freeradius-nac:latest -X FreeRADIUS Version 3.2.6 Copyright (C) 1999-2023 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/share/freeradius/dictionary including dictionary file /usr/share/freeradius/dictionary.dhcp including dictionary file /usr/share/freeradius/dictionary.vqp including dictionary file /etc/freeradius/dictionary including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.etu.conf including configuration file /etc/freeradius/clients.etu.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/always including configuration file /etc/freeradius/mods-enabled/attr_filter including configuration file /etc/freeradius/mods-enabled/chap including configuration file /etc/freeradius/mods-enabled/date including configuration file /etc/freeradius/mods-enabled/detail including configuration file /etc/freeradius/mods-enabled/detail.log including configuration file /etc/freeradius/mods-enabled/digest including configuration file /etc/freeradius/mods-enabled/dynamic_clients including configuration file /etc/freeradius/mods-enabled/echo including configuration file /etc/freeradius/mods-enabled/exec including configuration file /etc/freeradius/mods-enabled/expiration including configuration file /etc/freeradius/mods-enabled/expr including configuration file /etc/freeradius/mods-enabled/logintime including configuration file /etc/freeradius/mods-enabled/mschap including configuration file /etc/freeradius/mods-enabled/ntlm_auth including configuration file /etc/freeradius/mods-enabled/pap including configuration file /etc/freeradius/mods-enabled/passwd including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/radutmp including configuration file /etc/freeradius/mods-enabled/realm including configuration file /etc/freeradius/mods-enabled/replicate including configuration file /etc/freeradius/mods-enabled/soh including configuration file /etc/freeradius/mods-enabled/sradutmp including configuration file /etc/freeradius/mods-enabled/totp including configuration file /etc/freeradius/mods-enabled/unix including configuration file /etc/freeradius/mods-enabled/unpack including configuration file /etc/freeradius/mods-enabled/utf8 including configuration file /etc/freeradius/mods-enabled/eap.etu including configuration file /etc/freeradius/mods-enabled/files.etu including configuration file /etc/freeradius/mods-enabled/ldap.etu including configuration file /etc/freeradius/mods-enabled/linelog.etu including configuration file /etc/freeradius/mods-enabled/sql.etu including configuration file /etc/freeradius/mods-config/sql/main/mysql/queries.conf including configuration file /etc/freeradius/policy.d/canonicalization including configuration file /etc/freeradius/policy.d/canonicalization.etu including files in directory /etc/freeradius/policy.d/ including configuration file /etc/freeradius/policy.d/abfab-tr including configuration file /etc/freeradius/policy.d/accounting including configuration file /etc/freeradius/policy.d/control including configuration file /etc/freeradius/policy.d/cui including configuration file /etc/freeradius/policy.d/debug including configuration file /etc/freeradius/policy.d/dhcp including configuration file /etc/freeradius/policy.d/eap including configuration file /etc/freeradius/policy.d/filter including configuration file /etc/freeradius/policy.d/moonshot-targeted-ids including configuration file /etc/freeradius/policy.d/operator-name including configuration file /etc/freeradius/policy.d/rfc7542 including configuration file /etc/freeradius/policy.d/policy.etu including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default.etu including configuration file /etc/freeradius/sites-enabled/inner-tunnel.etu main { security { user = "freerad" group = "freerad" allow_core_dumps = no } name = "freeradius" prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" } main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 proxy_dedup_window = 1 cleanup_delay = 5 max_requests = 16384 max_fds = 512 postauth_client_lost = yes pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes require_message_authenticator = "auto" limit_proxy_state = "auto" } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server trrad01 { nonblock = no ipaddr = 193.140.83.100 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 300 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server trrad02 { nonblock = no ipaddr = 193.140.100.35 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 300 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } realm LOCAL { nostrip } realm NULL { } realm DEFAULT { nostrip } home_server_pool eduroam_trrrad_pool { type = fail-over home_server = trrad01 home_server = trrad02 } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client localhost is short, and likely can be broken by an attacker. client localhost_ipv6 { ipv6addr = ::1 secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client localhost_ipv6 is short, and likely can be broken by an attacker. client ulakbim_eduroamtr_a { ipaddr = 193.140.83.100 limit_proxy_state = "no" secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client ulakbim_eduroamtr_b { ipaddr = 193.140.100.35 limit_proxy_state = "no" secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client ulakbim_eduroam_monitor { ipv4addr = 193.140.12.244 limit_proxy_state = "no" secret = <<< secret >>> shortname = "TRmonitor" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client etu_wifi_cisco5500 { ipaddr = 172.31.0.1 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_cisco5500 is short, and likely can be broken by an attacker. client etu_wifi_konukevi { ipaddr = 10.10.250.0/24 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_konukevi is short, and likely can be broken by an attacker. client etu_wifi_konukevi_captive { ipaddr = 10.0.10.182 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_konukevi_captive is short, and likely can be broken by an attacker. client etu_wifi_konukevi_captive { ipaddr = 10.0.10.181 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_konukevi_captive is short, and likely can be broken by an attacker. client etu_wifi_muhendislik { ipaddr = 10.10.249.0/24 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_muhendislik is short, and likely can be broken by an attacker. client etu_wifi_yutam { ipaddr = 10.10.248.0/24 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_yutam is short, and likely can be broken by an attacker. client etu_wifi_bakimatölyesi { ipaddr = 10.10.247.0/24 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_bakimatölyesi is short, and likely can be broken by an attacker. client etu_wifi_yemekhane { ipaddr = 10.10.246.0/24 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_yemekhane is short, and likely can be broken by an attacker. client etu_wifi_etukristal { ipaddr = 10.10.245.0/24 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_etukristal is short, and likely can be broken by an attacker. client etu_wifi_yasammerkezi { ipaddr = 10.10.244.0/24 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_yasammerkezi is short, and likely can be broken by an attacker. client etu_wifi_rektorluk { ipaddr = 10.10.243.0/24 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_rektorluk is short, and likely can be broken by an attacker. client etu_wifi_kutuphane { ipaddr = 10.10.242.0/24 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_kutuphane is short, and likely can be broken by an attacker. client etu_wifi_sporsalonu { ipaddr = 10.10.241.0/24 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_sporsalonu is short, and likely can be broken by an attacker. client etu_wifi_fenfakultesi { ipaddr = 10.10.238.0/24 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_fenfakultesi is short, and likely can be broken by an attacker. client etu_wifi_saglikbilimleri { ipaddr = 10.10.237.0/24 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client etu_wifi_saglikbilimleri is short, and likely can be broken by an attacker. client etu_wired { ipaddr = 192.168.10.0/24 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client etu_nms { ipaddr = 10.0.1.95/32 secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Debug state unknown (cap_sys_ptrace capability not set) systemd watchdog is disabled # Creating Auth-Type = mschap # Creating Auth-Type = eap.etu # Creating Auth-Type = PAP # Creating Auth-Type = MS-CHAP # Creating Auth-Type = eap # Creating Autz-Type = New-TLS-Connection radiusd: #### Instantiating modules #### modules { # Loaded module rlm_always # Loading module "reject" from file /etc/freeradius/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Loading module "fail" from file /etc/freeradius/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Loading module "ok" from file /etc/freeradius/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /etc/freeradius/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /etc/freeradius/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /etc/freeradius/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /etc/freeradius/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /etc/freeradius/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /etc/freeradius/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_attr_filter # Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/freeradius/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/freeradius/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/freeradius/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/freeradius/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.coa" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.coa { filename = "/etc/freeradius/mods-config/attr_filter/coa" key = "%{User-Name}" relaxed = no } # Loaded module rlm_chap # Loading module "chap" from file /etc/freeradius/mods-enabled/chap # Loaded module rlm_date # Loading module "date" from file /etc/freeradius/mods-enabled/date date { format = "%b %e %Y %H:%M:%S %Z" utc = no } # Loading module "wispr2date" from file /etc/freeradius/mods-enabled/date date wispr2date { format = "%Y-%m-%dT%H:%M:%S" utc = no } # Loaded module rlm_detail # Loading module "detail" from file /etc/freeradius/mods-enabled/detail detail { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no dates_as_integer = no escape_filenames = no log_packet_header = no } # Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log detail auth_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no dates_as_integer = no escape_filenames = no log_packet_header = no } # Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log detail reply_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no dates_as_integer = no escape_filenames = no log_packet_header = no } # Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no dates_as_integer = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no dates_as_integer = no escape_filenames = no log_packet_header = no } # Loaded module rlm_digest # Loading module "digest" from file /etc/freeradius/mods-enabled/digest # Loaded module rlm_dynamic_clients # Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients # Loaded module rlm_exec # Loading module "echo" from file /etc/freeradius/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Loading module "exec" from file /etc/freeradius/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_expiration # Loading module "expiration" from file /etc/freeradius/mods-enabled/expiration # Loaded module rlm_expr # Loading module "expr" from file /etc/freeradius/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" } # Loaded module rlm_logintime # Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_mschap # Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes winbind_retry_with_normalised_username = no } # Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_pap # Loading module "pap" from file /etc/freeradius/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_passwd # Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } # Loaded module rlm_preprocess # Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups" hints = "/etc/freeradius/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } # Loaded module rlm_radutmp # Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_realm # Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Loading module "suffix" from file /etc/freeradius/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "bangpath" from file /etc/freeradius/mods-enabled/realm realm bangpath { format = "prefix" delimiter = "!" ignore_default = no ignore_null = no } # Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_replicate # Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate # Loaded module rlm_soh # Loading module "soh" from file /etc/freeradius/mods-enabled/soh soh { dhcp = yes } # Loading module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp radutmp sradutmp { filename = "/var/log/freeradius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_totp # Loading module "totp" from file /etc/freeradius/mods-enabled/totp totp { time_step = 30 otp_length = 6 lookback_steps = 1 lookback_interval = 30 lookforward_steps = 0 } # Loaded module rlm_unix # Loading module "unix" from file /etc/freeradius/mods-enabled/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Creating attribute Unix-Group # Loaded module rlm_unpack # Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack # Loaded module rlm_utf8 # Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8 # Loaded module rlm_eap # Loading module "eap.etu" from file /etc/freeradius/mods-enabled/eap.etu eap eap.etu { default_eap_type = "peap" timer_expire = 60 max_eap_type = 52 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 16384 dedup_key = "" } # Loaded module rlm_files # Loading module "files_saglik_bilimleri_sim_lab_mac_list" from file /etc/freeradius/mods-enabled/files.etu files files_saglik_bilimleri_sim_lab_mac_list { filename = "/etc/freeradius/mods-config/files.etu/saglik_bilimleri_sim_lab_mac_list" } # Loading module "files_bidb_test_mac_list" from file /etc/freeradius/mods-enabled/files.etu files files_bidb_test_mac_list { filename = "/etc/freeradius/mods-config/files.etu/bidb_test_mac_list" } # Loading module "files_yutam_lab_cihaz_mac_list" from file /etc/freeradius/mods-enabled/files.etu files files_yutam_lab_cihaz_mac_list { filename = "/etc/freeradius/mods-config/files.etu/yutam_lab_cihaz_mac_list" } # Loaded module rlm_ldap # Loading module "ldap_tek_hesap" from file /etc/freeradius/mods-enabled/ldap.etu ldap ldap_tek_hesap { server = "ldaps://95.183.213.8" identity = "cn=ro,cn=admin,dc=etu" password = <<< secret >>> sasl { } user_dn = "ldap_tek_hesap-LDAP-UserDn" user { scope = "sub" access_positive = yes sasl { } } group { scope = "sub" name_attribute = "cn" cacheable_name = no cacheable_dn = no allow_dangling_group_ref = no } client { scope = "sub" base_dn = "" } profile { } options { ldap_debug = 40 chase_referrals = yes rebind = yes net_timeout = 1 res_timeout = 10 srv_timelimit = 3 idle = 60 probes = 3 interval = 3 } tls { ca_file = "/etc/freeradius/certs/ldap_ca.pem" ca_path = "/etc/freeradius/certs" tls_min_version = "1.2" cipher_list = "DEFAULT" check_crl = no start_tls = no require_cert = "demand" } } Creating attribute ldap_tek_hesap-LDAP-Group # Loading module "ldap_librenms_login" from file /etc/freeradius/mods-enabled/ldap.etu ldap ldap_librenms_login { server = "ldaps://95.183.213.8" identity = "cn=ro,cn=admin,dc=etu" password = <<< secret >>> sasl { } user_dn = "ldap_librenms_login-LDAP-UserDn" user { scope = "sub" access_positive = yes sasl { } } group { scope = "sub" name_attribute = "cn" cacheable_name = no cacheable_dn = no allow_dangling_group_ref = no } client { scope = "sub" base_dn = "" } profile { } options { ldap_debug = 40 chase_referrals = yes rebind = yes net_timeout = 1 res_timeout = 10 srv_timelimit = 3 idle = 60 probes = 3 interval = 3 } tls { ca_file = "/etc/freeradius/certs/ldap_ca.pem" ca_path = "/etc/freeradius/certs" tls_min_version = "1.2" cipher_list = "DEFAULT" check_crl = no start_tls = no require_cert = "demand" } } Creating attribute ldap_librenms_login-LDAP-Group # Loaded module rlm_linelog # Loading module "linelog.etu" from file /etc/freeradius/mods-enabled/linelog.etu linelog linelog.etu { filename = "/dev/stdout" escape_filenames = no syslog_severity = "info" permissions = 384 format = "This is a log message for %{User-Name}" reference = "Access-Request.%{%{reply:Packet-Type}:-default}" } # Loading module "linelog_accounting.etu" from file /etc/freeradius/mods-enabled/linelog.etu linelog linelog_accounting.etu { filename = "/dev/stdout" escape_filenames = no syslog_severity = "info" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loading module "linelog_client_lost.etu" from file /etc/freeradius/mods-enabled/linelog.etu linelog linelog_client_lost.etu { filename = "/dev/stdout" escape_filenames = no syslog_severity = "info" permissions = 384 format = "Client lost: [%{&session-state:ETU-Outer-User-Name}] calling_station_id: [%{&session-state:Calling-Station-Id}] called_station_id: [%{&session-state:Called-Station-Id}] ssid: [%{&session-state:Called-Station-SSID}] etu_service: [%{&session-state:ETU-Radius-Service-Name}]" } # Loaded module rlm_sql # Loading module "sql_konukevi" from file /etc/freeradius/mods-enabled/sql.etu sql sql_konukevi { driver = "rlm_sql_mysql" server = "maria.db.erzurum.edu.tr" port = 3306 login = "konukeviwifi" password = <<< secret >>> radius_db = "konukeviwifi" read_groups = yes read_profiles = yes read_clients = no delete_stale_sessions = yes sql_user_name = "%{User-Name}" default_user_profile = "" client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{sql_konukevi-SQL-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{sql_konukevi-SQL-Group}' ORDER BY id" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" simul_count_query = "SELECT COUNT(*) FROM radacct a LEFT OUTER JOIN nasreload n USING (nasipaddress) WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL AND (a.acctstarttime > n.reloadtime OR n.reloadtime IS NULL)" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct a LEFT OUTER JOIN nasreload n USING (nasipaddress) WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL AND (a.acctstarttime
n.reloadtime OR n.reloadtime IS NULL)" safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" auto_escape = no accounting { reference = "%{tolower:type.%{%{Acct-Status-Type}:-%{Request-Processing-Stage}}.query}" type { accounting-on { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), acctsessiontime = '%{%{integer:Event-Timestamp}:-%l}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l})" } accounting-off { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), acctsessiontime = '%{%{integer:Event-Timestamp}:-%l}' - UNIX_TIMESTAMP(acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l})" } start { query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, framedipv6address, framedipv6prefix, framedinterfaceid, delegatedipv6prefix ) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Framed-IPv6-Address}', '%{Framed-IPv6-Prefix}', '%{Framed-Interface-Id}', '%{Delegated-IPv6-Prefix}' )" } interim-update { query = "UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), acctinterval = %{%{integer:Event-Timestamp}:-%l} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', framedipv6address = '%{Framed-IPv6-Address}', framedipv6prefix = '%{Framed-IPv6-Prefix}', framedinterfaceid = '%{Framed-Interface-Id}', delegatedipv6prefix = '%{Delegated-IPv6-Prefix}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } stop { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{%{integer:Event-Timestamp}:-%l}), acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_stop = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } } } post-auth { reference = ".query" query = "INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S.%M' )" } } rlm_sql (sql_konukevi): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Creating attribute sql_konukevi-SQL-Group instantiate { } # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response # Instantiating module "attr_filter.coa" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/coa # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap rlm_mschap (mschap): using internal authentication # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius/mods-config/preprocess/hints # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm # Instantiating module "bangpath" from file /etc/freeradius/mods-enabled/realm # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm # Instantiating module "totp" from file /etc/freeradius/mods-enabled/totp # Instantiating module "eap.etu" from file /etc/freeradius/mods-enabled/eap.etu # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { verify_depth = 0 ca_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/etu.server.key" certificate_file = "/etc/freeradius/certs/etu.server.pem" ca_file = "/etc/freeradius/certs/etu.ca.pem" private_key_password = <<< secret >>> fragment_size = 1024 include_length = yes auto_chain = yes check_crl = no check_all_crl = no ca_path_reload_interval = 0 cipher_list = "DEFAULT@SECLEVEL=0" cipher_server_preference = no reject_unknown_intermediate_ca = no ecdh_curve = "" tls_max_version = "1.3" tls_min_version = "1.0" cache { enable = no lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = yes use_tunneled_reply = no virtual_server = "inner-tunnel.etu" include_length = yes require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel.etu" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Instantiating module "files_saglik_bilimleri_sim_lab_mac_list" from file /etc/freeradius/mods-enabled/files.etu reading pairlist file /etc/freeradius/mods-config/files.etu/saglik_bilimleri_sim_lab_mac_list # Instantiating module "files_bidb_test_mac_list" from file /etc/freeradius/mods-enabled/files.etu reading pairlist file /etc/freeradius/mods-config/files.etu/bidb_test_mac_list # Instantiating module "files_yutam_lab_cihaz_mac_list" from file /etc/freeradius/mods-enabled/files.etu reading pairlist file /etc/freeradius/mods-config/files.etu/yutam_lab_cihaz_mac_list # Instantiating module "ldap_tek_hesap" from file /etc/freeradius/mods-enabled/ldap.etu rlm_ldap: libldap vendor: OpenLDAP, version: 20518 accounting { reference = "." } post-auth { reference = "." } !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! libldap is using GnuTLS, while FreeRADIUS is using OpenSSL !! There may be random issues with TLS connections due to this conflict. !! The server may also crash. !! See https://wiki.freeradius.org/modules/Rlm_ldap for more information. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! rlm_ldap (ldap_tek_hesap): Initialising connection pool pool { start = 5 min = 3 max = 32 spare = 10 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 retry_delay = 30 max_retries = 5 spread = no } rlm_ldap (ldap_tek_hesap): Opening additional connection (0), 1 of 32 pending slots used rlm_ldap (ldap_tek_hesap): Connecting to ldaps://95.183.213.8:636 rlm_ldap (ldap_tek_hesap): Waiting for bind result... rlm_ldap (ldap_tek_hesap): Bind successful rlm_ldap (ldap_tek_hesap): Opening additional connection (1), 1 of 31 pending slots used rlm_ldap (ldap_tek_hesap): Connecting to ldaps://95.183.213.8:636 rlm_ldap (ldap_tek_hesap): Waiting for bind result... rlm_ldap (ldap_tek_hesap): Bind successful rlm_ldap (ldap_tek_hesap): Opening additional connection (2), 1 of 30 pending slots used rlm_ldap (ldap_tek_hesap): Connecting to ldaps://95.183.213.8:636 rlm_ldap (ldap_tek_hesap): Waiting for bind result... rlm_ldap (ldap_tek_hesap): Bind successful rlm_ldap (ldap_tek_hesap): Opening additional connection (3), 1 of 29 pending slots used rlm_ldap (ldap_tek_hesap): Connecting to ldaps://95.183.213.8:636 rlm_ldap (ldap_tek_hesap): Waiting for bind result... rlm_ldap (ldap_tek_hesap): Bind successful rlm_ldap (ldap_tek_hesap): Opening additional connection (4), 1 of 28 pending slots used rlm_ldap (ldap_tek_hesap): Connecting to ldaps://95.183.213.8:636 rlm_ldap (ldap_tek_hesap): Waiting for bind result... rlm_ldap (ldap_tek_hesap): Bind successful # Instantiating module "ldap_librenms_login" from file /etc/freeradius/mods-enabled/ldap.etu accounting { reference = "." } post-auth { reference = "." } !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! libldap is using GnuTLS, while FreeRADIUS is using OpenSSL !! There may be random issues with TLS connections due to this conflict. !! The server may also crash. !! See https://wiki.freeradius.org/modules/Rlm_ldap for more information. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! rlm_ldap (ldap_librenms_login): Initialising connection pool pool { start = 5 min = 3 max = 32 spare = 10 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 retry_delay = 30 max_retries = 5 spread = no } rlm_ldap (ldap_librenms_login): Opening additional connection (0), 1 of 32 pending slots used rlm_ldap (ldap_librenms_login): Connecting to ldaps://95.183.213.8:636 rlm_ldap (ldap_librenms_login): Waiting for bind result... rlm_ldap (ldap_librenms_login): Bind successful rlm_ldap (ldap_librenms_login): Opening additional connection (1), 1 of 31 pending slots used rlm_ldap (ldap_librenms_login): Connecting to ldaps://95.183.213.8:636 rlm_ldap (ldap_librenms_login): Waiting for bind result... rlm_ldap (ldap_librenms_login): Bind successful rlm_ldap (ldap_librenms_login): Opening additional connection (2), 1 of 30 pending slots used rlm_ldap (ldap_librenms_login): Connecting to ldaps://95.183.213.8:636 rlm_ldap (ldap_librenms_login): Waiting for bind result... rlm_ldap (ldap_librenms_login): Bind successful rlm_ldap (ldap_librenms_login): Opening additional connection (3), 1 of 29 pending slots used rlm_ldap (ldap_librenms_login): Connecting to ldaps://95.183.213.8:636 rlm_ldap (ldap_librenms_login): Waiting for bind result... rlm_ldap (ldap_librenms_login): Bind successful rlm_ldap (ldap_librenms_login): Opening additional connection (4), 1 of 28 pending slots used rlm_ldap (ldap_librenms_login): Connecting to ldaps://95.183.213.8:636 rlm_ldap (ldap_librenms_login): Waiting for bind result... rlm_ldap (ldap_librenms_login): Bind successful # Instantiating module "linelog.etu" from file /etc/freeradius/mods-enabled/linelog.etu # Instantiating module "linelog_accounting.etu" from file /etc/freeradius/mods-enabled/linelog.etu # Instantiating module "linelog_client_lost.etu" from file /etc/freeradius/mods-enabled/linelog.etu # Instantiating module "sql_konukevi" from file /etc/freeradius/mods-enabled/sql.etu rlm_sql_mysql: libmysql version: 8.0.39 mysql { tls { tls_required = no check_cert = no check_cert_cn = no } warnings = "auto" } rlm_sql (sql_konukevi): Attempting to connect to database "konukeviwifi" rlm_sql (sql_konukevi): Initialising connection pool pool { start = 5 min = 3 max = 32 spare = 10 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 retry_delay = 30 max_retries = 5 spread = no } rlm_sql (sql_konukevi): Opening additional connection (0), 1 of 32 pending slots used rlm_sql_mysql: Starting connect to MySQL server WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in a future version. rlm_sql_mysql: Connected to database 'konukeviwifi' on maria.db.erzurum.edu.tr via TCP/IP, server version 11.2.3-MariaDB-1:11.2.3+maria~ubu2204, protocol version 10 rlm_sql (sql_konukevi): Opening additional connection (1), 1 of 31 pending slots used rlm_sql_mysql: Starting connect to MySQL server WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in a future version. rlm_sql_mysql: Connected to database 'konukeviwifi' on maria.db.erzurum.edu.tr via TCP/IP, server version 11.2.3-MariaDB-1:11.2.3+maria~ubu2204, protocol version 10 rlm_sql (sql_konukevi): Opening additional connection (2), 1 of 30 pending slots used rlm_sql_mysql: Starting connect to MySQL server WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in a future version. rlm_sql_mysql: Connected to database 'konukeviwifi' on maria.db.erzurum.edu.tr via TCP/IP, server version 11.2.3-MariaDB-1:11.2.3+maria~ubu2204, protocol version 10 rlm_sql (sql_konukevi): Opening additional connection (3), 1 of 29 pending slots used rlm_sql_mysql: Starting connect to MySQL server WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in a future version. rlm_sql_mysql: Connected to database 'konukeviwifi' on maria.db.erzurum.edu.tr via TCP/IP, server version 11.2.3-MariaDB-1:11.2.3+maria~ubu2204, protocol version 10 rlm_sql (sql_konukevi): Opening additional connection (4), 1 of 28 pending slots used rlm_sql_mysql: Starting connect to MySQL server WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in a future version. rlm_sql_mysql: Connected to database 'konukeviwifi' on maria.db.erzurum.edu.tr via TCP/IP, server version 11.2.3-MariaDB-1:11.2.3+maria~ubu2204, protocol version 10 } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf } # server server default.etu { # from file /etc/freeradius/sites-enabled/default.etu # Loading authenticate {...} Compiling Auth-Type PAP for attr Auth-Type Compiling Auth-Type MS-CHAP for attr Auth-Type Compiling Auth-Type eap for attr Auth-Type # Loading authorize {...} Compiling Autz-Type New-TLS-Connection for attr Autz-Type # Loading preacct {...} # Loading accounting {...} # Loading post-proxy {...} Compiling Post-Proxy-Type Fail-Authentication for attr Post-Proxy-Type # Loading post-auth {...} Compiling Post-Auth-Type REJECT for attr Post-Auth-Type Compiling Post-Auth-Type Challenge for attr Post-Auth-Type Compiling Post-Auth-Type Client-Lost for attr Post-Auth-Type } # server default.etu server inner-tunnel.etu { # from file /etc/freeradius/sites-enabled/inner-tunnel.etu # Loading authenticate {...} Compiling Auth-Type PAP for attr Auth-Type Compiling Auth-Type MS-CHAP for attr Auth-Type # Loading authorize {...} # Loading post-auth {...} Compiling Post-Auth-Type REJECT for attr Post-Auth-Type } # server inner-tunnel.etu radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on auth address * port 1812 bound to server default.etu Listening on acct address * port 1813 bound to server default.etu Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel.etu Listening on proxy address * port 49432 Ready to process requests (0) Received Access-Request Id 109 from 10.10.243.69:50507 to 10.88.0.10:1812 length 233 (0) User-Name = "test08@artvin.edu.tr" (0) NAS-IP-Address = 10.10.243.69 (0) NAS-Port = 0 (0) NAS-Identifier = "10.10.243.69" (0) NAS-Port-Type = Wireless-802.11 (0) Calling-Station-Id = "7e8623ae0401" (0) Called-Station-Id = "a8bd27c5752c" (0) Service-Type = Login-User (0) Framed-MTU = 1100 (0) EAP-Message = 0x02010019017465737430384061727476696e2e6564752e7472 (0) Aruba-Essid-Name = "bidb-test" (0) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (0) Aruba-AP-Group = "Rektörlük" (0) Message-Authenticator = 0x05053dceaccd74ceb91725e22f1872f5 (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default.etu (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) policy etu_extract_ssid { (0) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) { (0) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) -> FALSE (0) elsif (&Aruba-Essid-Name) { (0) elsif (&Aruba-Essid-Name) -> TRUE (0) elsif (&Aruba-Essid-Name) { (0) update request { (0) EXPAND %{Aruba-Essid-Name} (0) --> bidb-test (0) &Called-Station-SSID := bidb-test (0) } # update request = noop (0) [updated] = updated (0) } # elsif (&Aruba-Essid-Name) = updated (0) ... skipping elsif: Preceding "if" was taken (0) ... skipping else: Preceding "if" was taken (0) } # policy etu_extract_ssid = updated (0) policy etu_policy_service_selector { (0) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) { (0) EXPAND %{client:shortname} (0) --> etu_wifi_rektorluk (0) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) -> FALSE (0) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (0) EXPAND %{client:shortname} (0) --> etu_wifi_rektorluk (0) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) -> TRUE (0) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (0) update request { (0) &ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (0) } # update request = noop (0) if (&Virtual-Server == "inner-tunnel.etu") { (0) EXPAND &Virtual-Server (0) --> default.etu (0) if (&Virtual-Server == "inner-tunnel.etu") -> FALSE (0) [updated] = updated (0) } # if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) = updated (0) ... skipping elsif: Preceding "if" was taken (0) ... skipping elsif: Preceding "if" was taken (0) ... skipping elsif: Preceding "if" was taken (0) ... skipping elsif: Preceding "if" was taken (0) ... skipping elsif: Preceding "if" was taken (0) ... skipping elsif: Preceding "if" was taken (0) ... skipping elsif: Preceding "if" was taken (0) ... skipping elsif: Preceding "if" was taken (0) ... skipping elsif: Preceding "if" was taken (0) ... skipping elsif: Preceding "if" was taken (0) ... skipping elsif: Preceding "if" was taken (0) ... skipping elsif: Preceding "if" was taken (0) ... skipping else: Preceding "if" was taken (0) } # policy etu_policy_service_selector = updated (0) policy etu_session_state_populate { (0) if (&Virtual-Server != "inner-tunnel.etu") { (0) EXPAND &Virtual-Server (0) --> default.etu (0) if (&Virtual-Server != "inner-tunnel.etu") -> TRUE (0) if (&Virtual-Server != "inner-tunnel.etu") { (0) if (!(&session-state:Calling-Station-Id)) { (0) if (!(&session-state:Calling-Station-Id)) -> TRUE (0) if (!(&session-state:Calling-Station-Id)) { (0) update session-state { (0) &Calling-Station-Id := request:Calling-Station-Id -> '7e8623ae0401' (0) } # update session-state = noop (0) } # if (!(&session-state:Calling-Station-Id)) = noop (0) if (!(&session-state:Called-Station-Id)) { (0) if (!(&session-state:Called-Station-Id)) -> TRUE (0) if (!(&session-state:Called-Station-Id)) { (0) update session-state { (0) &Called-Station-Id := request:Called-Station-Id -> 'a8bd27c5752c' (0) } # update session-state = noop (0) } # if (!(&session-state:Called-Station-Id)) = noop (0) if (!(&session-state:Called-Station-SSID)) { (0) if (!(&session-state:Called-Station-SSID)) -> TRUE (0) if (!(&session-state:Called-Station-SSID)) { (0) update session-state { (0) &Called-Station-SSID := request:Called-Station-SSID -> 'bidb-test' (0) } # update session-state = noop (0) } # if (!(&session-state:Called-Station-SSID)) = noop (0) if (!(&session-state:ETU-Radius-Service-Name)) { (0) if (!(&session-state:ETU-Radius-Service-Name)) -> TRUE (0) if (!(&session-state:ETU-Radius-Service-Name)) { (0) update session-state { (0) &ETU-Radius-Service-Name := request:ETU-Radius-Service-Name -> 'etu_service_bidb_test_eduroam' (0) } # update session-state = noop (0) } # if (!(&session-state:ETU-Radius-Service-Name)) = noop (0) if (!(&session-state:ETU-Outer-User-Name)) { (0) if (!(&session-state:ETU-Outer-User-Name)) -> TRUE (0) if (!(&session-state:ETU-Outer-User-Name)) { (0) update session-state { (0) &ETU-Outer-User-Name := request:User-Name -> ' test08@artvin.edu.tr' (0) } # update session-state = noop (0) } # if (!(&session-state:ETU-Outer-User-Name)) = noop (0) } # if (&Virtual-Server != "inner-tunnel.etu") = noop (0) } # policy etu_session_state_populate = noop (0) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) { (0) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) -> FALSE (0) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (0) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) -> TRUE (0) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (0) group { (0) policy etu_proxy_to_eduroam_trrad { (0) update control { (0) Home-Server-Pool = "eduroam_trrrad_pool" (0) } # update control = noop (0) [updated] = updated (0) } # policy etu_proxy_to_eduroam_trrad = updated (0) } # group = updated (0) etu_auth_modules { ... } # empty sub-section is ignored (0) return (0) } # if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) = updated (0) } # authorize = updated (0) Proxying due to Home-Server-Pool = "eduroam_trrrad_pool" (0) Starting proxy to home server 193.140.83.100 port 1812 (0) server default.etu { (0) } (0) Proxying request to home server 193.140.83.100 port 1812 timeout 20.000000 (0) Sent Access-Request Id 166 from 0.0.0.0:49432 to 193.140.83.100:1812 length 244 (0) User-Name = "test08@artvin.edu.tr" (0) NAS-IP-Address = 10.10.243.69 (0) NAS-Port = 0 (0) NAS-Identifier = "10.10.243.69" (0) NAS-Port-Type = Wireless-802.11 (0) Calling-Station-Id = "7e8623ae0401" (0) Called-Station-Id = "a8bd27c5752c" (0) Service-Type = Login-User (0) Framed-MTU = 1100 (0) EAP-Message = 0x02010019017465737430384061727476696e2e6564752e7472 (0) Aruba-Essid-Name = "bidb-test" (0) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (0) Aruba-AP-Group = "Rektörlük" (0) Message-Authenticator = 0x05053dceaccd74ceb91725e22f1872f5 (0) Event-Timestamp = "Dec 24 2024 06:14:06 UTC" (0) Proxy-State = 0x313039 Waking up in 0.3 seconds. (0) Marking home server 193.140.83.100 port 1812 alive (0) Clearing existing &reply: attributes (0) Received Access-Challenge Id 166 from 193.140.83.100:1812 to 10.88.0.10:49432 length 93 (0) Message-Authenticator = 0x8584a1cfa5969ec47be156cad9042152 (0) EAP-Message = 0x010200061921 (0) State = 0x414e774172514144414b7072536b3043506e3153544e346c34634a3075543153706a795657673d3d (0) Proxy-State = 0x313039 (0) server default.etu { (0) # Executing section post-proxy from file /etc/freeradius/sites-enabled/default.etu (0) post-proxy { (0) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ){ (0) EXPAND %{proxy-reply:Packet-Type} (0) --> Access-Challenge (0) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ) -> FALSE (0) } # post-proxy = noop (0) } (0) session-state: Saving cached attributes (0) Calling-Station-Id := "7e8623ae0401" (0) Called-Station-Id := "a8bd27c5752c" (0) Called-Station-SSID := "bidb-test" (0) ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (0) ETU-Outer-User-Name := "test08@artvin.edu.tr" (0) Using Post-Auth-Type Challenge (0) # Executing group from file /etc/freeradius/sites-enabled/default.etu (0) Challenge { ... } # empty sub-section is ignored (0) Sent Access-Challenge Id 109 from 10.88.0.10:1812 to 10.10.243.69:50507 length 88 (0) Message-Authenticator = 0x8584a1cfa5969ec47be156cad9042152 (0) EAP-Message = 0x010200061921 (0) State = 0x414e774172514144414b7072536b3043506e3153544e346c34634a3075543153706a795657673d3d (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 100 from 10.10.243.69:50507 to 10.88.0.10:1812 length 387 (1) User-Name = "test08@artvin.edu.tr" (1) NAS-IP-Address = 10.10.243.69 (1) NAS-Port = 0 (1) NAS-Identifier = "10.10.243.69" (1) NAS-Port-Type = Wireless-802.11 (1) Calling-Station-Id = "7e8623ae0401" (1) Called-Station-Id = "a8bd27c5752c" (1) Service-Type = Login-User (1) Framed-MTU = 1100 (1) EAP-Message = 0x020200891901160301007e0100007a030329622b9a892a27bb05701168ab1d2403bd515343d080acc995606e487db0f88200001ec02bc02fc02cc030cca9cca8c009c013c00ac014009c009d002f0035000a0100003300170000ff01000100000a00080006001d00170018000b00020100000d00140012040308040401050308050501080606010201 (1) State = 0x414e774172514144414b7072536b3043506e3153544e346c34634a3075543153706a795657673d3d (1) Aruba-Essid-Name = "bidb-test" (1) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (1) Aruba-AP-Group = "Rektörlük" (1) Message-Authenticator = 0x0897461dae4fdc947b7d149232280fca (1) Restoring &session-state (1) &session-state:Calling-Station-Id := "7e8623ae0401" (1) &session-state:Called-Station-Id := "a8bd27c5752c" (1) &session-state:Called-Station-SSID := "bidb-test" (1) &session-state:ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (1) &session-state:ETU-Outer-User-Name := "test08@artvin.edu.tr" (1) # Executing section authorize from file /etc/freeradius/sites-enabled/default.etu (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) policy etu_extract_ssid { (1) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) { (1) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) -> FALSE (1) elsif (&Aruba-Essid-Name) { (1) elsif (&Aruba-Essid-Name) -> TRUE (1) elsif (&Aruba-Essid-Name) { (1) update request { (1) EXPAND %{Aruba-Essid-Name} (1) --> bidb-test (1) &Called-Station-SSID := bidb-test (1) } # update request = noop (1) [updated] = updated (1) } # elsif (&Aruba-Essid-Name) = updated (1) ... skipping elsif: Preceding "if" was taken (1) ... skipping else: Preceding "if" was taken (1) } # policy etu_extract_ssid = updated (1) policy etu_policy_service_selector { (1) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) { (1) EXPAND %{client:shortname} (1) --> etu_wifi_rektorluk (1) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) -> FALSE (1) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (1) EXPAND %{client:shortname} (1) --> etu_wifi_rektorluk (1) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) -> TRUE (1) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (1) update request { (1) &ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (1) } # update request = noop (1) if (&Virtual-Server == "inner-tunnel.etu") { (1) EXPAND &Virtual-Server (1) --> default.etu (1) if (&Virtual-Server == "inner-tunnel.etu") -> FALSE (1) [updated] = updated (1) } # if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) = updated (1) ... skipping elsif: Preceding "if" was taken (1) ... skipping elsif: Preceding "if" was taken (1) ... skipping elsif: Preceding "if" was taken (1) ... skipping elsif: Preceding "if" was taken (1) ... skipping elsif: Preceding "if" was taken (1) ... skipping elsif: Preceding "if" was taken (1) ... skipping elsif: Preceding "if" was taken (1) ... skipping elsif: Preceding "if" was taken (1) ... skipping elsif: Preceding "if" was taken (1) ... skipping elsif: Preceding "if" was taken (1) ... skipping elsif: Preceding "if" was taken (1) ... skipping elsif: Preceding "if" was taken (1) ... skipping else: Preceding "if" was taken (1) } # policy etu_policy_service_selector = updated (1) policy etu_session_state_populate { (1) if (&Virtual-Server != "inner-tunnel.etu") { (1) EXPAND &Virtual-Server (1) --> default.etu (1) if (&Virtual-Server != "inner-tunnel.etu") -> TRUE (1) if (&Virtual-Server != "inner-tunnel.etu") { (1) if (!(&session-state:Calling-Station-Id)) { (1) if (!(&session-state:Calling-Station-Id)) -> FALSE (1) if (!(&session-state:Called-Station-Id)) { (1) if (!(&session-state:Called-Station-Id)) -> FALSE (1) if (!(&session-state:Called-Station-SSID)) { (1) if (!(&session-state:Called-Station-SSID)) -> FALSE (1) if (!(&session-state:ETU-Radius-Service-Name)) { (1) if (!(&session-state:ETU-Radius-Service-Name)) -> FALSE (1) if (!(&session-state:ETU-Outer-User-Name)) { (1) if (!(&session-state:ETU-Outer-User-Name)) -> FALSE (1) } # if (&Virtual-Server != "inner-tunnel.etu") = updated (1) } # policy etu_session_state_populate = updated (1) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) { (1) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) -> FALSE (1) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (1) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) -> TRUE (1) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (1) group { (1) policy etu_proxy_to_eduroam_trrad { (1) update control { (1) Home-Server-Pool = "eduroam_trrrad_pool" (1) } # update control = noop (1) [updated] = updated (1) } # policy etu_proxy_to_eduroam_trrad = updated (1) } # group = updated (1) etu_auth_modules { ... } # empty sub-section is ignored (1) return (1) } # if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) = updated (1) } # authorize = updated (1) Proxying due to Home-Server-Pool = "eduroam_trrrad_pool" (1) Starting proxy to home server 193.140.83.100 port 1812 (1) server default.etu { (1) } (1) Proxying request to home server 193.140.83.100 port 1812 timeout 20.000000 (1) Sent Access-Request Id 94 from 0.0.0.0:49432 to 193.140.83.100:1812 length 398 (1) User-Name = "test08@artvin.edu.tr" (1) NAS-IP-Address = 10.10.243.69 (1) NAS-Port = 0 (1) NAS-Identifier = "10.10.243.69" (1) NAS-Port-Type = Wireless-802.11 (1) Calling-Station-Id = "7e8623ae0401" (1) Called-Station-Id = "a8bd27c5752c" (1) Service-Type = Login-User (1) Framed-MTU = 1100 (1) EAP-Message = 0x020200891901160301007e0100007a030329622b9a892a27bb05701168ab1d2403bd515343d080acc995606e487db0f88200001ec02bc02fc02cc030cca9cca8c009c013c00ac014009c009d002f0035000a0100003300170000ff01000100000a00080006001d00170018000b00020100000d00140012040308040401050308050501080606010201 (1) State = 0x414e774172514144414b7072536b3043506e3153544e346c34634a3075543153706a795657673d3d (1) Aruba-Essid-Name = "bidb-test" (1) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (1) Aruba-AP-Group = "Rektörlük" (1) Message-Authenticator = 0x0897461dae4fdc947b7d149232280fca (1) Event-Timestamp = "Dec 24 2024 06:14:06 UTC" (1) Proxy-State = 0x313030 Waking up in 0.3 seconds. (1) Clearing existing &reply: attributes (1) Received Access-Challenge Id 94 from 193.140.83.100:1812 to 10.88.0.10:49432 length 1129 (1) Message-Authenticator = 0xe4ace9bc70bfefcd54c6c6c86b7599fb (1) EAP-Message = 0x0103040a19c100000e5a16030300540200005003034dc272c6e90197033657e046420ddbeb69528b4c2fece38b017fa43f2cb8c96520fb3e827412cd75542dd9e0d9243582b911635cc629cf28a2394a25e19e861adcc030000008000b0004030001021603030ca10b000c9d000c9a0006c7308206c3308204aba00302010202137500000003104e8caca674f11d000000000003300d06092a864886f70d01010b0500306b31123010060a0992268993f22c6401191602747231133011060a0992268993f22c640119160365647531163014060a0992268993f22c640119160661727476696e31123010060a0992268993f22c64011916026164311430120603550403130b6163754144526f6f744341301e170d3137313031313037303630325a170d3237313031313037313630325a3081bc310b3009060355040613025452310f300d0603550408130641727476696e310f300d0603550407130641727476696e31223020060355040a131941727476696e20436f72 (1) State = 0x414867413867425141437873536b3043423653384366306f5739557a6f62412f484d35696d773d3d (1) Proxy-State = 0x313030 (1) server default.etu { (1) # Executing section post-proxy from file /etc/freeradius/sites-enabled/default.etu (1) post-proxy { (1) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ){ (1) EXPAND %{proxy-reply:Packet-Type} (1) --> Access-Challenge (1) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ) -> FALSE (1) } # post-proxy = noop (1) } (1) session-state: Saving cached attributes (1) Calling-Station-Id := "7e8623ae0401" (1) Called-Station-Id := "a8bd27c5752c" (1) Called-Station-SSID := "bidb-test" (1) ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (1) ETU-Outer-User-Name := "test08@artvin.edu.tr" (1) Using Post-Auth-Type Challenge (1) # Executing group from file /etc/freeradius/sites-enabled/default.etu (1) Challenge { ... } # empty sub-section is ignored (1) Sent Access-Challenge Id 100 from 10.88.0.10:1812 to 10.10.243.69:50507 length 1124 (1) Message-Authenticator = 0xe4ace9bc70bfefcd54c6c6c86b7599fb (1) EAP-Message = 0x0103040a19c100000e5a16030300540200005003034dc272c6e90197033657e046420ddbeb69528b4c2fece38b017fa43f2cb8c96520fb3e827412cd75542dd9e0d9243582b911635cc629cf28a2394a25e19e861adcc030000008000b0004030001021603030ca10b000c9d000c9a0006c7308206c3308204aba00302010202137500000003104e8caca674f11d000000000003300d06092a864886f70d01010b0500306b31123010060a0992268993f22c6401191602747231133011060a0992268993f22c640119160365647531163014060a0992268993f22c640119160661727476696e31123010060a0992268993f22c64011916026164311430120603550403130b6163754144526f6f744341301e170d3137313031313037303630325a170d3237313031313037313630325a3081bc310b3009060355040613025452310f300d0603550408130641727476696e310f300d0603550407130641727476696e31223020060355040a131941727476696e20436f72 (1) State = 0x414867413867425141437873536b3043423653384366306f5739557a6f62412f484d35696d773d3d (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 110 from 10.10.243.69:50507 to 10.88.0.10:1812 length 256 (2) User-Name = "test08@artvin.edu.tr" (2) NAS-IP-Address = 10.10.243.69 (2) NAS-Port = 0 (2) NAS-Identifier = "10.10.243.69" (2) NAS-Port-Type = Wireless-802.11 (2) Calling-Station-Id = "7e8623ae0401" (2) Called-Station-Id = "a8bd27c5752c" (2) Service-Type = Login-User (2) Framed-MTU = 1100 (2) EAP-Message = 0x020300061901 (2) State = 0x414867413867425141437873536b3043423653384366306f5739557a6f62412f484d35696d773d3d (2) Aruba-Essid-Name = "bidb-test" (2) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (2) Aruba-AP-Group = "Rektörlük" (2) Message-Authenticator = 0x4fd35950ae854c104be9ab8eb17e5287 (2) Restoring &session-state (2) &session-state:Calling-Station-Id := "7e8623ae0401" (2) &session-state:Called-Station-Id := "a8bd27c5752c" (2) &session-state:Called-Station-SSID := "bidb-test" (2) &session-state:ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (2) &session-state:ETU-Outer-User-Name := "test08@artvin.edu.tr" (2) # Executing section authorize from file /etc/freeradius/sites-enabled/default.etu (2) authorize { (2) policy filter_username { (2) if (&User-Name) { (2) if (&User-Name) -> TRUE (2) if (&User-Name) { (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@[^@]*@/ ) { (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # if (&User-Name) = notfound (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) policy etu_extract_ssid { (2) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) { (2) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) -> FALSE (2) elsif (&Aruba-Essid-Name) { (2) elsif (&Aruba-Essid-Name) -> TRUE (2) elsif (&Aruba-Essid-Name) { (2) update request { (2) EXPAND %{Aruba-Essid-Name} (2) --> bidb-test (2) &Called-Station-SSID := bidb-test (2) } # update request = noop (2) [updated] = updated (2) } # elsif (&Aruba-Essid-Name) = updated (2) ... skipping elsif: Preceding "if" was taken (2) ... skipping else: Preceding "if" was taken (2) } # policy etu_extract_ssid = updated (2) policy etu_policy_service_selector { (2) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) { (2) EXPAND %{client:shortname} (2) --> etu_wifi_rektorluk (2) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) -> FALSE (2) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (2) EXPAND %{client:shortname} (2) --> etu_wifi_rektorluk (2) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) -> TRUE (2) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (2) update request { (2) &ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (2) } # update request = noop (2) if (&Virtual-Server == "inner-tunnel.etu") { (2) EXPAND &Virtual-Server (2) --> default.etu (2) if (&Virtual-Server == "inner-tunnel.etu") -> FALSE (2) [updated] = updated (2) } # if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) = updated (2) ... skipping elsif: Preceding "if" was taken (2) ... skipping elsif: Preceding "if" was taken (2) ... skipping elsif: Preceding "if" was taken (2) ... skipping elsif: Preceding "if" was taken (2) ... skipping elsif: Preceding "if" was taken (2) ... skipping elsif: Preceding "if" was taken (2) ... skipping elsif: Preceding "if" was taken (2) ... skipping elsif: Preceding "if" was taken (2) ... skipping elsif: Preceding "if" was taken (2) ... skipping elsif: Preceding "if" was taken (2) ... skipping elsif: Preceding "if" was taken (2) ... skipping elsif: Preceding "if" was taken (2) ... skipping else: Preceding "if" was taken (2) } # policy etu_policy_service_selector = updated (2) policy etu_session_state_populate { (2) if (&Virtual-Server != "inner-tunnel.etu") { (2) EXPAND &Virtual-Server (2) --> default.etu (2) if (&Virtual-Server != "inner-tunnel.etu") -> TRUE (2) if (&Virtual-Server != "inner-tunnel.etu") { (2) if (!(&session-state:Calling-Station-Id)) { (2) if (!(&session-state:Calling-Station-Id)) -> FALSE (2) if (!(&session-state:Called-Station-Id)) { (2) if (!(&session-state:Called-Station-Id)) -> FALSE (2) if (!(&session-state:Called-Station-SSID)) { (2) if (!(&session-state:Called-Station-SSID)) -> FALSE (2) if (!(&session-state:ETU-Radius-Service-Name)) { (2) if (!(&session-state:ETU-Radius-Service-Name)) -> FALSE (2) if (!(&session-state:ETU-Outer-User-Name)) { (2) if (!(&session-state:ETU-Outer-User-Name)) -> FALSE (2) } # if (&Virtual-Server != "inner-tunnel.etu") = updated (2) } # policy etu_session_state_populate = updated (2) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) { (2) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) -> FALSE (2) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (2) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) -> TRUE (2) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (2) group { (2) policy etu_proxy_to_eduroam_trrad { (2) update control { (2) Home-Server-Pool = "eduroam_trrrad_pool" (2) } # update control = noop (2) [updated] = updated (2) } # policy etu_proxy_to_eduroam_trrad = updated (2) } # group = updated (2) etu_auth_modules { ... } # empty sub-section is ignored (2) return (2) } # if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) = updated (2) } # authorize = updated (2) Proxying due to Home-Server-Pool = "eduroam_trrrad_pool" (2) Starting proxy to home server 193.140.83.100 port 1812 (2) server default.etu { (2) } (2) Proxying request to home server 193.140.83.100 port 1812 timeout 20.000000 (2) Sent Access-Request Id 209 from 0.0.0.0:49432 to 193.140.83.100:1812 length 267 (2) User-Name = "test08@artvin.edu.tr" (2) NAS-IP-Address = 10.10.243.69 (2) NAS-Port = 0 (2) NAS-Identifier = "10.10.243.69" (2) NAS-Port-Type = Wireless-802.11 (2) Calling-Station-Id = "7e8623ae0401" (2) Called-Station-Id = "a8bd27c5752c" (2) Service-Type = Login-User (2) Framed-MTU = 1100 (2) EAP-Message = 0x020300061901 (2) State = 0x414867413867425141437873536b3043423653384366306f5739557a6f62412f484d35696d773d3d (2) Aruba-Essid-Name = "bidb-test" (2) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (2) Aruba-AP-Group = "Rektörlük" (2) Message-Authenticator = 0x4fd35950ae854c104be9ab8eb17e5287 (2) Event-Timestamp = "Dec 24 2024 06:14:06 UTC" (2) Proxy-State = 0x313130 Waking up in 0.3 seconds. (2) Clearing existing &reply: attributes (2) Received Access-Challenge Id 209 from 193.140.83.100:1812 to 10.88.0.10:49432 length 1125 (2) Message-Authenticator = 0x02c3c8ac71afafc1e8b4cc4723fab5c6 (2) EAP-Message = 0x010404061941696f6e4c6973743f626173653f6f626a656374436c6173733d63524c446973747269627574696f6e506f696e743081c806082b060105050701010481bb3081b83081b506082b060105050730028681a86c6461703a2f2f2f434e3d6163754144526f6f7443412c434e3d4149412c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d61642c44433d61727476696e2c44433d6564752c44433d74723f634143657274696669636174653f626173653f6f626a656374436c6173733d63657274696669636174696f6e417574686f72697479300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070301300d06092a864886f70d01010b050003820201002497742a9faca4a2fe689bc265e37f3adeda2e66ed32491a99e85026a879d10e97513940d36f4eafd397fb0d95ad458757e2ca94f4dee5ecaffb8d20e882829ed7be (2) State = 0x414a59416967417741454a74536b304371624c2f3455615536684c395345356b5953344370513d3d (2) Proxy-State = 0x313130 (2) server default.etu { (2) # Executing section post-proxy from file /etc/freeradius/sites-enabled/default.etu (2) post-proxy { (2) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ){ (2) EXPAND %{proxy-reply:Packet-Type} (2) --> Access-Challenge (2) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ) -> FALSE (2) } # post-proxy = noop (2) } (2) session-state: Saving cached attributes (2) Calling-Station-Id := "7e8623ae0401" (2) Called-Station-Id := "a8bd27c5752c" (2) Called-Station-SSID := "bidb-test" (2) ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (2) ETU-Outer-User-Name := "test08@artvin.edu.tr" (2) Using Post-Auth-Type Challenge (2) # Executing group from file /etc/freeradius/sites-enabled/default.etu (2) Challenge { ... } # empty sub-section is ignored (2) Sent Access-Challenge Id 110 from 10.88.0.10:1812 to 10.10.243.69:50507 length 1120 (2) Message-Authenticator = 0x02c3c8ac71afafc1e8b4cc4723fab5c6 (2) EAP-Message = 0x010404061941696f6e4c6973743f626173653f6f626a656374436c6173733d63524c446973747269627574696f6e506f696e743081c806082b060105050701010481bb3081b83081b506082b060105050730028681a86c6461703a2f2f2f434e3d6163754144526f6f7443412c434e3d4149412c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d61642c44433d61727476696e2c44433d6564752c44433d74723f634143657274696669636174653f626173653f6f626a656374436c6173733d63657274696669636174696f6e417574686f72697479300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070301300d06092a864886f70d01010b050003820201002497742a9faca4a2fe689bc265e37f3adeda2e66ed32491a99e85026a879d10e97513940d36f4eafd397fb0d95ad458757e2ca94f4dee5ecaffb8d20e882829ed7be (2) State = 0x414a59416967417741454a74536b304371624c2f3455615536684c395345356b5953344370513d3d (2) Finished request Waking up in 4.8 seconds. (3) Received Access-Request Id 112 from 10.10.243.69:50507 to 10.88.0.10:1812 length 256 (3) User-Name = "test08@artvin.edu.tr" (3) NAS-IP-Address = 10.10.243.69 (3) NAS-Port = 0 (3) NAS-Identifier = "10.10.243.69" (3) NAS-Port-Type = Wireless-802.11 (3) Calling-Station-Id = "7e8623ae0401" (3) Called-Station-Id = "a8bd27c5752c" (3) Service-Type = Login-User (3) Framed-MTU = 1100 (3) EAP-Message = 0x020400061901 (3) State = 0x414a59416967417741454a74536b304371624c2f3455615536684c395345356b5953344370513d3d (3) Aruba-Essid-Name = "bidb-test" (3) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (3) Aruba-AP-Group = "Rektörlük" (3) Message-Authenticator = 0xc08719c46cf552296574e1603c4cab4e (3) Restoring &session-state (3) &session-state:Calling-Station-Id := "7e8623ae0401" (3) &session-state:Called-Station-Id := "a8bd27c5752c" (3) &session-state:Called-Station-SSID := "bidb-test" (3) &session-state:ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (3) &session-state:ETU-Outer-User-Name := "test08@artvin.edu.tr" (3) # Executing section authorize from file /etc/freeradius/sites-enabled/default.etu (3) authorize { (3) policy filter_username { (3) if (&User-Name) { (3) if (&User-Name) -> TRUE (3) if (&User-Name) { (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@[^@]*@/ ) { (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # if (&User-Name) = notfound (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) policy etu_extract_ssid { (3) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) { (3) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) -> FALSE (3) elsif (&Aruba-Essid-Name) { (3) elsif (&Aruba-Essid-Name) -> TRUE (3) elsif (&Aruba-Essid-Name) { (3) update request { (3) EXPAND %{Aruba-Essid-Name} (3) --> bidb-test (3) &Called-Station-SSID := bidb-test (3) } # update request = noop (3) [updated] = updated (3) } # elsif (&Aruba-Essid-Name) = updated (3) ... skipping elsif: Preceding "if" was taken (3) ... skipping else: Preceding "if" was taken (3) } # policy etu_extract_ssid = updated (3) policy etu_policy_service_selector { (3) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) { (3) EXPAND %{client:shortname} (3) --> etu_wifi_rektorluk (3) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) -> FALSE (3) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (3) EXPAND %{client:shortname} (3) --> etu_wifi_rektorluk (3) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) -> TRUE (3) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (3) update request { (3) &ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (3) } # update request = noop (3) if (&Virtual-Server == "inner-tunnel.etu") { (3) EXPAND &Virtual-Server (3) --> default.etu (3) if (&Virtual-Server == "inner-tunnel.etu") -> FALSE (3) [updated] = updated (3) } # if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) = updated (3) ... skipping elsif: Preceding "if" was taken (3) ... skipping elsif: Preceding "if" was taken (3) ... skipping elsif: Preceding "if" was taken (3) ... skipping elsif: Preceding "if" was taken (3) ... skipping elsif: Preceding "if" was taken (3) ... skipping elsif: Preceding "if" was taken (3) ... skipping elsif: Preceding "if" was taken (3) ... skipping elsif: Preceding "if" was taken (3) ... skipping elsif: Preceding "if" was taken (3) ... skipping elsif: Preceding "if" was taken (3) ... skipping elsif: Preceding "if" was taken (3) ... skipping elsif: Preceding "if" was taken (3) ... skipping else: Preceding "if" was taken (3) } # policy etu_policy_service_selector = updated (3) policy etu_session_state_populate { (3) if (&Virtual-Server != "inner-tunnel.etu") { (3) EXPAND &Virtual-Server (3) --> default.etu (3) if (&Virtual-Server != "inner-tunnel.etu") -> TRUE (3) if (&Virtual-Server != "inner-tunnel.etu") { (3) if (!(&session-state:Calling-Station-Id)) { (3) if (!(&session-state:Calling-Station-Id)) -> FALSE (3) if (!(&session-state:Called-Station-Id)) { (3) if (!(&session-state:Called-Station-Id)) -> FALSE (3) if (!(&session-state:Called-Station-SSID)) { (3) if (!(&session-state:Called-Station-SSID)) -> FALSE (3) if (!(&session-state:ETU-Radius-Service-Name)) { (3) if (!(&session-state:ETU-Radius-Service-Name)) -> FALSE (3) if (!(&session-state:ETU-Outer-User-Name)) { (3) if (!(&session-state:ETU-Outer-User-Name)) -> FALSE (3) } # if (&Virtual-Server != "inner-tunnel.etu") = updated (3) } # policy etu_session_state_populate = updated (3) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) { (3) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) -> FALSE (3) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (3) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) -> TRUE (3) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (3) group { (3) policy etu_proxy_to_eduroam_trrad { (3) update control { (3) Home-Server-Pool = "eduroam_trrrad_pool" (3) } # update control = noop (3) [updated] = updated (3) } # policy etu_proxy_to_eduroam_trrad = updated (3) } # group = updated (3) etu_auth_modules { ... } # empty sub-section is ignored (3) return (3) } # if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) = updated (3) } # authorize = updated (3) Proxying due to Home-Server-Pool = "eduroam_trrrad_pool" (3) Starting proxy to home server 193.140.83.100 port 1812 (3) server default.etu { (3) } (3) Proxying request to home server 193.140.83.100 port 1812 timeout 20.000000 (3) Sent Access-Request Id 27 from 0.0.0.0:49432 to 193.140.83.100:1812 length 267 (3) User-Name = "test08@artvin.edu.tr" (3) NAS-IP-Address = 10.10.243.69 (3) NAS-Port = 0 (3) NAS-Identifier = "10.10.243.69" (3) NAS-Port-Type = Wireless-802.11 (3) Calling-Station-Id = "7e8623ae0401" (3) Called-Station-Id = "a8bd27c5752c" (3) Service-Type = Login-User (3) Framed-MTU = 1100 (3) EAP-Message = 0x020400061901 (3) State = 0x414a59416967417741454a74536b304371624c2f3455615536684c395345356b5953344370513d3d (3) Aruba-Essid-Name = "bidb-test" (3) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (3) Aruba-AP-Group = "Rektörlük" (3) Message-Authenticator = 0xc08719c46cf552296574e1603c4cab4e (3) Event-Timestamp = "Dec 24 2024 06:14:06 UTC" (3) Proxy-State = 0x313132 Waking up in 0.3 seconds. (3) Clearing existing &reply: attributes (3) Received Access-Challenge Id 27 from 193.140.83.100:1812 to 10.88.0.10:49432 length 1125 (3) Message-Authenticator = 0x4e8e6e7e2094ac20cd23e893c35983dd (3) EAP-Message = 0x01050406194102747231133011060a0992268993f22c640119160365647531163014060a0992268993f22c640119160661727476696e31123010060a0992268993f22c64011916026164311430120603550403130b6163754144526f6f74434130820222300d06092a864886f70d01010105000382020f003082020a028202010099f0addf573c39633b5eb931112970675f658b57fc80a063f8b9c25946af5f46b38d45b39fc748445e14a71e39a9bf37dbc9a7809cbacd31cbbeeec695a778df60852ec97147b7a9834e4aa6919c671604eb74e62b0d7b472743c855c49958edfef0917135b482f2928a7bb32f3705056b1cd3a7e001ea60502e1c5df78adb3c4ac56494bf4b53ade9a4a30f162cd031a7633c9ae5efb54b3193f7a28bb03f44604120f4eddf0a82e0dfcaf8b92bd76ac89226e9f37c2aab5779330e70e09da117b6affaca6683fbd14f069148d6b9479442ab942cf6f34a7d33f7ad55101841fe9d584c11b46af461efb66bb025a5f284f06c75de43 (3) State = 0x414a59416f41426d414e4a75536b30434f4d3376384d417a74456e2f30756f6e76574c7a66413d3d (3) Proxy-State = 0x313132 (3) server default.etu { (3) # Executing section post-proxy from file /etc/freeradius/sites-enabled/default.etu (3) post-proxy { (3) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ){ (3) EXPAND %{proxy-reply:Packet-Type} (3) --> Access-Challenge (3) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ) -> FALSE (3) } # post-proxy = noop (3) } (3) session-state: Saving cached attributes (3) Calling-Station-Id := "7e8623ae0401" (3) Called-Station-Id := "a8bd27c5752c" (3) Called-Station-SSID := "bidb-test" (3) ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (3) ETU-Outer-User-Name := "test08@artvin.edu.tr" (3) Using Post-Auth-Type Challenge (3) # Executing group from file /etc/freeradius/sites-enabled/default.etu (3) Challenge { ... } # empty sub-section is ignored (3) Sent Access-Challenge Id 112 from 10.88.0.10:1812 to 10.10.243.69:50507 length 1120 (3) Message-Authenticator = 0x4e8e6e7e2094ac20cd23e893c35983dd (3) EAP-Message = 0x01050406194102747231133011060a0992268993f22c640119160365647531163014060a0992268993f22c640119160661727476696e31123010060a0992268993f22c64011916026164311430120603550403130b6163754144526f6f74434130820222300d06092a864886f70d01010105000382020f003082020a028202010099f0addf573c39633b5eb931112970675f658b57fc80a063f8b9c25946af5f46b38d45b39fc748445e14a71e39a9bf37dbc9a7809cbacd31cbbeeec695a778df60852ec97147b7a9834e4aa6919c671604eb74e62b0d7b472743c855c49958edfef0917135b482f2928a7bb32f3705056b1cd3a7e001ea60502e1c5df78adb3c4ac56494bf4b53ade9a4a30f162cd031a7633c9ae5efb54b3193f7a28bb03f44604120f4eddf0a82e0dfcaf8b92bd76ac89226e9f37c2aab5779330e70e09da117b6affaca6683fbd14f069148d6b9479442ab942cf6f34a7d33f7ad55101841fe9d584c11b46af461efb66bb025a5f284f06c75de43 (3) State = 0x414a59416f41426d414e4a75536b30434f4d3376384d417a74456e2f30756f6e76574c7a66413d3d (3) Finished request Waking up in 4.8 seconds. (4) Received Access-Request Id 117 from 10.10.243.69:50507 to 10.88.0.10:1812 length 256 (4) User-Name = "test08@artvin.edu.tr" (4) NAS-IP-Address = 10.10.243.69 (4) NAS-Port = 0 (4) NAS-Identifier = "10.10.243.69" (4) NAS-Port-Type = Wireless-802.11 (4) Calling-Station-Id = "7e8623ae0401" (4) Called-Station-Id = "a8bd27c5752c" (4) Service-Type = Login-User (4) Framed-MTU = 1100 (4) EAP-Message = 0x020500061901 (4) State = 0x414a59416f41426d414e4a75536b30434f4d3376384d417a74456e2f30756f6e76574c7a66413d3d (4) Aruba-Essid-Name = "bidb-test" (4) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (4) Aruba-AP-Group = "Rektörlük" (4) Message-Authenticator = 0x55b615610933ad424a669c0591d03c35 (4) Restoring &session-state (4) &session-state:Calling-Station-Id := "7e8623ae0401" (4) &session-state:Called-Station-Id := "a8bd27c5752c" (4) &session-state:Called-Station-SSID := "bidb-test" (4) &session-state:ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (4) &session-state:ETU-Outer-User-Name := "test08@artvin.edu.tr" (4) # Executing section authorize from file /etc/freeradius/sites-enabled/default.etu (4) authorize { (4) policy filter_username { (4) if (&User-Name) { (4) if (&User-Name) -> TRUE (4) if (&User-Name) { (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@[^@]*@/ ) { (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # if (&User-Name) = notfound (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) policy etu_extract_ssid { (4) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) { (4) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) -> FALSE (4) elsif (&Aruba-Essid-Name) { (4) elsif (&Aruba-Essid-Name) -> TRUE (4) elsif (&Aruba-Essid-Name) { (4) update request { (4) EXPAND %{Aruba-Essid-Name} (4) --> bidb-test (4) &Called-Station-SSID := bidb-test (4) } # update request = noop (4) [updated] = updated (4) } # elsif (&Aruba-Essid-Name) = updated (4) ... skipping elsif: Preceding "if" was taken (4) ... skipping else: Preceding "if" was taken (4) } # policy etu_extract_ssid = updated (4) policy etu_policy_service_selector { (4) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) { (4) EXPAND %{client:shortname} (4) --> etu_wifi_rektorluk (4) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) -> FALSE (4) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (4) EXPAND %{client:shortname} (4) --> etu_wifi_rektorluk (4) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) -> TRUE (4) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (4) update request { (4) &ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (4) } # update request = noop (4) if (&Virtual-Server == "inner-tunnel.etu") { (4) EXPAND &Virtual-Server (4) --> default.etu (4) if (&Virtual-Server == "inner-tunnel.etu") -> FALSE (4) [updated] = updated (4) } # if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) = updated (4) ... skipping elsif: Preceding "if" was taken (4) ... skipping elsif: Preceding "if" was taken (4) ... skipping elsif: Preceding "if" was taken (4) ... skipping elsif: Preceding "if" was taken (4) ... skipping elsif: Preceding "if" was taken (4) ... skipping elsif: Preceding "if" was taken (4) ... skipping elsif: Preceding "if" was taken (4) ... skipping elsif: Preceding "if" was taken (4) ... skipping elsif: Preceding "if" was taken (4) ... skipping elsif: Preceding "if" was taken (4) ... skipping elsif: Preceding "if" was taken (4) ... skipping elsif: Preceding "if" was taken (4) ... skipping else: Preceding "if" was taken (4) } # policy etu_policy_service_selector = updated (4) policy etu_session_state_populate { (4) if (&Virtual-Server != "inner-tunnel.etu") { (4) EXPAND &Virtual-Server (4) --> default.etu (4) if (&Virtual-Server != "inner-tunnel.etu") -> TRUE (4) if (&Virtual-Server != "inner-tunnel.etu") { (4) if (!(&session-state:Calling-Station-Id)) { (4) if (!(&session-state:Calling-Station-Id)) -> FALSE (4) if (!(&session-state:Called-Station-Id)) { (4) if (!(&session-state:Called-Station-Id)) -> FALSE (4) if (!(&session-state:Called-Station-SSID)) { (4) if (!(&session-state:Called-Station-SSID)) -> FALSE (4) if (!(&session-state:ETU-Radius-Service-Name)) { (4) if (!(&session-state:ETU-Radius-Service-Name)) -> FALSE (4) if (!(&session-state:ETU-Outer-User-Name)) { (4) if (!(&session-state:ETU-Outer-User-Name)) -> FALSE (4) } # if (&Virtual-Server != "inner-tunnel.etu") = updated (4) } # policy etu_session_state_populate = updated (4) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) { (4) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) -> FALSE (4) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (4) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) -> TRUE (4) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (4) group { (4) policy etu_proxy_to_eduroam_trrad { (4) update control { (4) Home-Server-Pool = "eduroam_trrrad_pool" (4) } # update control = noop (4) [updated] = updated (4) } # policy etu_proxy_to_eduroam_trrad = updated (4) } # group = updated (4) etu_auth_modules { ... } # empty sub-section is ignored (4) return (4) } # if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) = updated (4) } # authorize = updated (4) Proxying due to Home-Server-Pool = "eduroam_trrrad_pool" (4) Starting proxy to home server 193.140.83.100 port 1812 (4) server default.etu { (4) } (4) Proxying request to home server 193.140.83.100 port 1812 timeout 20.000000 (4) Sent Access-Request Id 75 from 0.0.0.0:49432 to 193.140.83.100:1812 length 267 (4) User-Name = "test08@artvin.edu.tr" (4) NAS-IP-Address = 10.10.243.69 (4) NAS-Port = 0 (4) NAS-Identifier = "10.10.243.69" (4) NAS-Port-Type = Wireless-802.11 (4) Calling-Station-Id = "7e8623ae0401" (4) Called-Station-Id = "a8bd27c5752c" (4) Service-Type = Login-User (4) Framed-MTU = 1100 (4) EAP-Message = 0x020500061901 (4) State = 0x414a59416f41426d414e4a75536b30434f4d3376384d417a74456e2f30756f6e76574c7a66413d3d (4) Aruba-Essid-Name = "bidb-test" (4) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (4) Aruba-AP-Group = "Rektörlük" (4) Message-Authenticator = 0x55b615610933ad424a669c0591d03c35 (4) Event-Timestamp = "Dec 24 2024 06:14:06 UTC" (4) Proxy-State = 0x313137 Waking up in 0.3 seconds. (4) Clearing existing &reply: attributes (4) Received Access-Challenge Id 75 from 193.140.83.100:1812 to 10.88.0.10:49432 length 699 (4) Message-Authenticator = 0x88fb5ab7dbb8242734f5286eaa6aa3a1 (4) EAP-Message = 0x010602601901205506965200034e766a6f39c94875d01ddd1094e2c0c538a3ee12fc8027d03c185d378acb6b7b89b065bde63201a41c29f91cfc20605ad42527d17fbb658793776fed289a5fa1fdb0cd6d885ff05affcc7830f1bc6ec5e8ad47f3bbe26ca6d3cf4c1512545c07f2624b75bf242421fe4a95f00e7661c5278d446b8fef734b1796ea2170113d660a6ed179d2d1828c7b98506c372941ad7401ddab9f4a35933c3c6b6b082308a2b80fa2635c1d7a4ca6a264a360b7a9ed9dfec73c4a338872245d540ca4a28e8f643a705d7dbeb137f7baca10915991d9ff582abeefa2aca85b10f422e5a3e3a8da23299fb4d0220770dbf15052bb4f823949db2f209750a8160303014d0c0001490300174104106eaf3e1c6ef74030e81596eaa653b6a86c5fb632c081b5abb4af86ea29eebbcef582be8f27c97706cfe5af2b2f6c1cdff1a8da440ac5655a6e32f0454323dc0601010087f5cbac588f425db24105f8277b656333d4150fff17547dea2ddc711743e25e (4) State = 0x414a6b417351442b414f3576536b30434c6f677571567971763350616e61446e4b68766176673d3d (4) Proxy-State = 0x313137 (4) server default.etu { (4) # Executing section post-proxy from file /etc/freeradius/sites-enabled/default.etu (4) post-proxy { (4) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ){ (4) EXPAND %{proxy-reply:Packet-Type} (4) --> Access-Challenge (4) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ) -> FALSE (4) } # post-proxy = noop (4) } (4) session-state: Saving cached attributes (4) Calling-Station-Id := "7e8623ae0401" (4) Called-Station-Id := "a8bd27c5752c" (4) Called-Station-SSID := "bidb-test" (4) ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (4) ETU-Outer-User-Name := "test08@artvin.edu.tr" (4) Using Post-Auth-Type Challenge (4) # Executing group from file /etc/freeradius/sites-enabled/default.etu (4) Challenge { ... } # empty sub-section is ignored (4) Sent Access-Challenge Id 117 from 10.88.0.10:1812 to 10.10.243.69:50507 length 694 (4) Message-Authenticator = 0x88fb5ab7dbb8242734f5286eaa6aa3a1 (4) EAP-Message = 0x010602601901205506965200034e766a6f39c94875d01ddd1094e2c0c538a3ee12fc8027d03c185d378acb6b7b89b065bde63201a41c29f91cfc20605ad42527d17fbb658793776fed289a5fa1fdb0cd6d885ff05affcc7830f1bc6ec5e8ad47f3bbe26ca6d3cf4c1512545c07f2624b75bf242421fe4a95f00e7661c5278d446b8fef734b1796ea2170113d660a6ed179d2d1828c7b98506c372941ad7401ddab9f4a35933c3c6b6b082308a2b80fa2635c1d7a4ca6a264a360b7a9ed9dfec73c4a338872245d540ca4a28e8f643a705d7dbeb137f7baca10915991d9ff582abeefa2aca85b10f422e5a3e3a8da23299fb4d0220770dbf15052bb4f823949db2f209750a8160303014d0c0001490300174104106eaf3e1c6ef74030e81596eaa653b6a86c5fb632c081b5abb4af86ea29eebbcef582be8f27c97706cfe5af2b2f6c1cdff1a8da440ac5655a6e32f0454323dc0601010087f5cbac588f425db24105f8277b656333d4150fff17547dea2ddc711743e25e (4) State = 0x414a6b417351442b414f3576536b30434c6f677571567971763350616e61446e4b68766176673d3d (4) Finished request Waking up in 4.7 seconds. (5) Received Access-Request Id 118 from 10.10.243.69:50507 to 10.88.0.10:1812 length 382 (5) User-Name = "test08@artvin.edu.tr" (5) NAS-IP-Address = 10.10.243.69 (5) NAS-Port = 0 (5) NAS-Identifier = "10.10.243.69" (5) NAS-Port-Type = Wireless-802.11 (5) Calling-Station-Id = "7e8623ae0401" (5) Called-Station-Id = "a8bd27c5752c" (5) Service-Type = Login-User (5) Framed-MTU = 1100 (5) EAP-Message = 0x02060084190116030300461000004241048079a7f4a60a8433cb6d2315436400d8eab4c80993e103cfe7a2ddbf574549f2d6a212fbe90ef4fc11777976cb9e66a4068aaa304a1092300dd4dd996dcb720714030300010116030300280000000000000000d4887f60ad67b5d1b91f0ea200ed18bc5c928a58b13f20b19a282796262fdba9 (5) State = 0x414a6b417351442b414f3576536b30434c6f677571567971763350616e61446e4b68766176673d3d (5) Aruba-Essid-Name = "bidb-test" (5) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (5) Aruba-AP-Group = "Rektörlük" (5) Message-Authenticator = 0xc30601e67af6d63784abb654cf80f06b (5) Restoring &session-state (5) &session-state:Calling-Station-Id := "7e8623ae0401" (5) &session-state:Called-Station-Id := "a8bd27c5752c" (5) &session-state:Called-Station-SSID := "bidb-test" (5) &session-state:ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (5) &session-state:ETU-Outer-User-Name := "test08@artvin.edu.tr" (5) # Executing section authorize from file /etc/freeradius/sites-enabled/default.etu (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) policy etu_extract_ssid { (5) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) { (5) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) -> FALSE (5) elsif (&Aruba-Essid-Name) { (5) elsif (&Aruba-Essid-Name) -> TRUE (5) elsif (&Aruba-Essid-Name) { (5) update request { (5) EXPAND %{Aruba-Essid-Name} (5) --> bidb-test (5) &Called-Station-SSID := bidb-test (5) } # update request = noop (5) [updated] = updated (5) } # elsif (&Aruba-Essid-Name) = updated (5) ... skipping elsif: Preceding "if" was taken (5) ... skipping else: Preceding "if" was taken (5) } # policy etu_extract_ssid = updated (5) policy etu_policy_service_selector { (5) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) { (5) EXPAND %{client:shortname} (5) --> etu_wifi_rektorluk (5) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) -> FALSE (5) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (5) EXPAND %{client:shortname} (5) --> etu_wifi_rektorluk (5) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) -> TRUE (5) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (5) update request { (5) &ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (5) } # update request = noop (5) if (&Virtual-Server == "inner-tunnel.etu") { (5) EXPAND &Virtual-Server (5) --> default.etu (5) if (&Virtual-Server == "inner-tunnel.etu") -> FALSE (5) [updated] = updated (5) } # if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) = updated (5) ... skipping elsif: Preceding "if" was taken (5) ... skipping elsif: Preceding "if" was taken (5) ... skipping elsif: Preceding "if" was taken (5) ... skipping elsif: Preceding "if" was taken (5) ... skipping elsif: Preceding "if" was taken (5) ... skipping elsif: Preceding "if" was taken (5) ... skipping elsif: Preceding "if" was taken (5) ... skipping elsif: Preceding "if" was taken (5) ... skipping elsif: Preceding "if" was taken (5) ... skipping elsif: Preceding "if" was taken (5) ... skipping elsif: Preceding "if" was taken (5) ... skipping elsif: Preceding "if" was taken (5) ... skipping else: Preceding "if" was taken (5) } # policy etu_policy_service_selector = updated (5) policy etu_session_state_populate { (5) if (&Virtual-Server != "inner-tunnel.etu") { (5) EXPAND &Virtual-Server (5) --> default.etu (5) if (&Virtual-Server != "inner-tunnel.etu") -> TRUE (5) if (&Virtual-Server != "inner-tunnel.etu") { (5) if (!(&session-state:Calling-Station-Id)) { (5) if (!(&session-state:Calling-Station-Id)) -> FALSE (5) if (!(&session-state:Called-Station-Id)) { (5) if (!(&session-state:Called-Station-Id)) -> FALSE (5) if (!(&session-state:Called-Station-SSID)) { (5) if (!(&session-state:Called-Station-SSID)) -> FALSE (5) if (!(&session-state:ETU-Radius-Service-Name)) { (5) if (!(&session-state:ETU-Radius-Service-Name)) -> FALSE (5) if (!(&session-state:ETU-Outer-User-Name)) { (5) if (!(&session-state:ETU-Outer-User-Name)) -> FALSE (5) } # if (&Virtual-Server != "inner-tunnel.etu") = updated (5) } # policy etu_session_state_populate = updated (5) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) { (5) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) -> FALSE (5) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (5) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) -> TRUE (5) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (5) group { (5) policy etu_proxy_to_eduroam_trrad { (5) update control { (5) Home-Server-Pool = "eduroam_trrrad_pool" (5) } # update control = noop (5) [updated] = updated (5) } # policy etu_proxy_to_eduroam_trrad = updated (5) } # group = updated (5) etu_auth_modules { ... } # empty sub-section is ignored (5) return (5) } # if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) = updated (5) } # authorize = updated (5) Proxying due to Home-Server-Pool = "eduroam_trrrad_pool" (5) Starting proxy to home server 193.140.83.100 port 1812 (5) server default.etu { (5) } (5) Proxying request to home server 193.140.83.100 port 1812 timeout 20.000000 (5) Sent Access-Request Id 186 from 0.0.0.0:49432 to 193.140.83.100:1812 length 393 (5) User-Name = "test08@artvin.edu.tr" (5) NAS-IP-Address = 10.10.243.69 (5) NAS-Port = 0 (5) NAS-Identifier = "10.10.243.69" (5) NAS-Port-Type = Wireless-802.11 (5) Calling-Station-Id = "7e8623ae0401" (5) Called-Station-Id = "a8bd27c5752c" (5) Service-Type = Login-User (5) Framed-MTU = 1100 (5) EAP-Message = 0x02060084190116030300461000004241048079a7f4a60a8433cb6d2315436400d8eab4c80993e103cfe7a2ddbf574549f2d6a212fbe90ef4fc11777976cb9e66a4068aaa304a1092300dd4dd996dcb720714030300010116030300280000000000000000d4887f60ad67b5d1b91f0ea200ed18bc5c928a58b13f20b19a282796262fdba9 (5) State = 0x414a6b417351442b414f3576536b30434c6f677571567971763350616e61446e4b68766176673d3d (5) Aruba-Essid-Name = "bidb-test" (5) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (5) Aruba-AP-Group = "Rektörlük" (5) Message-Authenticator = 0xc30601e67af6d63784abb654cf80f06b (5) Event-Timestamp = "Dec 24 2024 06:14:06 UTC" (5) Proxy-State = 0x313138 Waking up in 0.3 seconds. (5) Clearing existing &reply: attributes (5) Received Access-Challenge Id 186 from 193.140.83.100:1812 to 10.88.0.10:49432 length 148 (5) Message-Authenticator = 0xaac7c43ac3b3aa592ef027d5f2b66267 (5) EAP-Message = 0x0107003d1981000000331403030001011603030028523415c4b57440d875377c81cd5aabb426c6f531205df1b99a1b9538107ac7c67b46c3ea9e8e3365 (5) State = 0x414751416c41437641414a77536b3043523672515530756d5a706d75627746387453744a53773d3d (5) Proxy-State = 0x313138 (5) server default.etu { (5) # Executing section post-proxy from file /etc/freeradius/sites-enabled/default.etu (5) post-proxy { (5) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ){ (5) EXPAND %{proxy-reply:Packet-Type} (5) --> Access-Challenge (5) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ) -> FALSE (5) } # post-proxy = noop (5) } (5) session-state: Saving cached attributes (5) Calling-Station-Id := "7e8623ae0401" (5) Called-Station-Id := "a8bd27c5752c" (5) Called-Station-SSID := "bidb-test" (5) ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (5) ETU-Outer-User-Name := "test08@artvin.edu.tr" (5) Using Post-Auth-Type Challenge (5) # Executing group from file /etc/freeradius/sites-enabled/default.etu (5) Challenge { ... } # empty sub-section is ignored (5) Sent Access-Challenge Id 118 from 10.88.0.10:1812 to 10.10.243.69:50507 length 143 (5) Message-Authenticator = 0xaac7c43ac3b3aa592ef027d5f2b66267 (5) EAP-Message = 0x0107003d1981000000331403030001011603030028523415c4b57440d875377c81cd5aabb426c6f531205df1b99a1b9538107ac7c67b46c3ea9e8e3365 (5) State = 0x414751416c41437641414a77536b3043523672515530756d5a706d75627746387453744a53773d3d (5) Finished request Waking up in 4.7 seconds. (6) Received Access-Request Id 119 from 10.10.243.69:50507 to 10.88.0.10:1812 length 256 (6) User-Name = "test08@artvin.edu.tr" (6) NAS-IP-Address = 10.10.243.69 (6) NAS-Port = 0 (6) NAS-Identifier = "10.10.243.69" (6) NAS-Port-Type = Wireless-802.11 (6) Calling-Station-Id = "7e8623ae0401" (6) Called-Station-Id = "a8bd27c5752c" (6) Service-Type = Login-User (6) Framed-MTU = 1100 (6) EAP-Message = 0x020700061901 (6) State = 0x414751416c41437641414a77536b3043523672515530756d5a706d75627746387453744a53773d3d (6) Aruba-Essid-Name = "bidb-test" (6) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (6) Aruba-AP-Group = "Rektörlük" (6) Message-Authenticator = 0xc6a2458f05043e36649bcd9d50b0e010 (6) Restoring &session-state (6) &session-state:Calling-Station-Id := "7e8623ae0401" (6) &session-state:Called-Station-Id := "a8bd27c5752c" (6) &session-state:Called-Station-SSID := "bidb-test" (6) &session-state:ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (6) &session-state:ETU-Outer-User-Name := "test08@artvin.edu.tr" (6) # Executing section authorize from file /etc/freeradius/sites-enabled/default.etu (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) policy etu_extract_ssid { (6) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) { (6) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) -> FALSE (6) elsif (&Aruba-Essid-Name) { (6) elsif (&Aruba-Essid-Name) -> TRUE (6) elsif (&Aruba-Essid-Name) { (6) update request { (6) EXPAND %{Aruba-Essid-Name} (6) --> bidb-test (6) &Called-Station-SSID := bidb-test (6) } # update request = noop (6) [updated] = updated (6) } # elsif (&Aruba-Essid-Name) = updated (6) ... skipping elsif: Preceding "if" was taken (6) ... skipping else: Preceding "if" was taken (6) } # policy etu_extract_ssid = updated (6) policy etu_policy_service_selector { (6) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) { (6) EXPAND %{client:shortname} (6) --> etu_wifi_rektorluk (6) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) -> FALSE (6) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (6) EXPAND %{client:shortname} (6) --> etu_wifi_rektorluk (6) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) -> TRUE (6) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (6) update request { (6) &ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (6) } # update request = noop (6) if (&Virtual-Server == "inner-tunnel.etu") { (6) EXPAND &Virtual-Server (6) --> default.etu (6) if (&Virtual-Server == "inner-tunnel.etu") -> FALSE (6) [updated] = updated (6) } # if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) = updated (6) ... skipping elsif: Preceding "if" was taken (6) ... skipping elsif: Preceding "if" was taken (6) ... skipping elsif: Preceding "if" was taken (6) ... skipping elsif: Preceding "if" was taken (6) ... skipping elsif: Preceding "if" was taken (6) ... skipping elsif: Preceding "if" was taken (6) ... skipping elsif: Preceding "if" was taken (6) ... skipping elsif: Preceding "if" was taken (6) ... skipping elsif: Preceding "if" was taken (6) ... skipping elsif: Preceding "if" was taken (6) ... skipping elsif: Preceding "if" was taken (6) ... skipping elsif: Preceding "if" was taken (6) ... skipping else: Preceding "if" was taken (6) } # policy etu_policy_service_selector = updated (6) policy etu_session_state_populate { (6) if (&Virtual-Server != "inner-tunnel.etu") { (6) EXPAND &Virtual-Server (6) --> default.etu (6) if (&Virtual-Server != "inner-tunnel.etu") -> TRUE (6) if (&Virtual-Server != "inner-tunnel.etu") { (6) if (!(&session-state:Calling-Station-Id)) { (6) if (!(&session-state:Calling-Station-Id)) -> FALSE (6) if (!(&session-state:Called-Station-Id)) { (6) if (!(&session-state:Called-Station-Id)) -> FALSE (6) if (!(&session-state:Called-Station-SSID)) { (6) if (!(&session-state:Called-Station-SSID)) -> FALSE (6) if (!(&session-state:ETU-Radius-Service-Name)) { (6) if (!(&session-state:ETU-Radius-Service-Name)) -> FALSE (6) if (!(&session-state:ETU-Outer-User-Name)) { (6) if (!(&session-state:ETU-Outer-User-Name)) -> FALSE (6) } # if (&Virtual-Server != "inner-tunnel.etu") = updated (6) } # policy etu_session_state_populate = updated (6) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) { (6) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) -> FALSE (6) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (6) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) -> TRUE (6) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (6) group { (6) policy etu_proxy_to_eduroam_trrad { (6) update control { (6) Home-Server-Pool = "eduroam_trrrad_pool" (6) } # update control = noop (6) [updated] = updated (6) } # policy etu_proxy_to_eduroam_trrad = updated (6) } # group = updated (6) etu_auth_modules { ... } # empty sub-section is ignored (6) return (6) } # if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) = updated (6) } # authorize = updated (6) Proxying due to Home-Server-Pool = "eduroam_trrrad_pool" (6) Starting proxy to home server 193.140.83.100 port 1812 (6) server default.etu { (6) } (6) Proxying request to home server 193.140.83.100 port 1812 timeout 20.000000 (6) Sent Access-Request Id 184 from 0.0.0.0:49432 to 193.140.83.100:1812 length 267 (6) User-Name = "test08@artvin.edu.tr" (6) NAS-IP-Address = 10.10.243.69 (6) NAS-Port = 0 (6) NAS-Identifier = "10.10.243.69" (6) NAS-Port-Type = Wireless-802.11 (6) Calling-Station-Id = "7e8623ae0401" (6) Called-Station-Id = "a8bd27c5752c" (6) Service-Type = Login-User (6) Framed-MTU = 1100 (6) EAP-Message = 0x020700061901 (6) State = 0x414751416c41437641414a77536b3043523672515530756d5a706d75627746387453744a53773d3d (6) Aruba-Essid-Name = "bidb-test" (6) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (6) Aruba-AP-Group = "Rektörlük" (6) Message-Authenticator = 0xc6a2458f05043e36649bcd9d50b0e010 (6) Event-Timestamp = "Dec 24 2024 06:14:06 UTC" (6) Proxy-State = 0x313139 Waking up in 0.3 seconds. (6) Clearing existing &reply: attributes (6) Received Access-Challenge Id 184 from 193.140.83.100:1812 to 10.88.0.10:49432 length 127 (6) Message-Authenticator = 0x78cd5ca47cf7432584122dee26601d6b (6) EAP-Message = 0x010800281901170303001d523415c4b57440d94bd61f2a9284330698b4680f8cbac64031a647494f (6) State = 0x414434413967434a414d4e78536b3043672b684c4f364a6d2f44704b735948506568574750513d3d (6) Proxy-State = 0x313139 (6) server default.etu { (6) # Executing section post-proxy from file /etc/freeradius/sites-enabled/default.etu (6) post-proxy { (6) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ){ (6) EXPAND %{proxy-reply:Packet-Type} (6) --> Access-Challenge (6) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ) -> FALSE (6) } # post-proxy = noop (6) } (6) session-state: Saving cached attributes (6) Calling-Station-Id := "7e8623ae0401" (6) Called-Station-Id := "a8bd27c5752c" (6) Called-Station-SSID := "bidb-test" (6) ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (6) ETU-Outer-User-Name := "test08@artvin.edu.tr" (6) Using Post-Auth-Type Challenge (6) # Executing group from file /etc/freeradius/sites-enabled/default.etu (6) Challenge { ... } # empty sub-section is ignored (6) Sent Access-Challenge Id 119 from 10.88.0.10:1812 to 10.10.243.69:50507 length 122 (6) Message-Authenticator = 0x78cd5ca47cf7432584122dee26601d6b (6) EAP-Message = 0x010800281901170303001d523415c4b57440d94bd61f2a9284330698b4680f8cbac64031a647494f (6) State = 0x414434413967434a414d4e78536b3043672b684c4f364a6d2f44704b735948506568574750513d3d (6) Finished request Waking up in 4.6 seconds. (7) Received Access-Request Id 120 from 10.10.243.69:50507 to 10.88.0.10:1812 length 310 (7) User-Name = "test08@artvin.edu.tr" (7) NAS-IP-Address = 10.10.243.69 (7) NAS-Port = 0 (7) NAS-Identifier = "10.10.243.69" (7) NAS-Port-Type = Wireless-802.11 (7) Calling-Station-Id = "7e8623ae0401" (7) Called-Station-Id = "a8bd27c5752c" (7) Service-Type = Login-User (7) Framed-MTU = 1100 (7) EAP-Message = 0x0208003c19011703030031000000000000000131022bcc5af23b15b2c9b2aa206c16386816b3260591e18ecb3ec6916eea86c8aee4d37f8a5beb999e (7) State = 0x414434413967434a414d4e78536b3043672b684c4f364a6d2f44704b735948506568574750513d3d (7) Aruba-Essid-Name = "bidb-test" (7) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (7) Aruba-AP-Group = "Rektörlük" (7) Message-Authenticator = 0x2724e90a42f763a0c9c93513355ff95f (7) Restoring &session-state (7) &session-state:Calling-Station-Id := "7e8623ae0401" (7) &session-state:Called-Station-Id := "a8bd27c5752c" (7) &session-state:Called-Station-SSID := "bidb-test" (7) &session-state:ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (7) &session-state:ETU-Outer-User-Name := "test08@artvin.edu.tr" (7) # Executing section authorize from file /etc/freeradius/sites-enabled/default.etu (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) [preprocess] = ok (7) policy etu_extract_ssid { (7) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) { (7) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) -> FALSE (7) elsif (&Aruba-Essid-Name) { (7) elsif (&Aruba-Essid-Name) -> TRUE (7) elsif (&Aruba-Essid-Name) { (7) update request { (7) EXPAND %{Aruba-Essid-Name} (7) --> bidb-test (7) &Called-Station-SSID := bidb-test (7) } # update request = noop (7) [updated] = updated (7) } # elsif (&Aruba-Essid-Name) = updated (7) ... skipping elsif: Preceding "if" was taken (7) ... skipping else: Preceding "if" was taken (7) } # policy etu_extract_ssid = updated (7) policy etu_policy_service_selector { (7) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) { (7) EXPAND %{client:shortname} (7) --> etu_wifi_rektorluk (7) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) -> FALSE (7) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (7) EXPAND %{client:shortname} (7) --> etu_wifi_rektorluk (7) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) -> TRUE (7) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (7) update request { (7) &ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (7) } # update request = noop (7) if (&Virtual-Server == "inner-tunnel.etu") { (7) EXPAND &Virtual-Server (7) --> default.etu (7) if (&Virtual-Server == "inner-tunnel.etu") -> FALSE (7) [updated] = updated (7) } # if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) = updated (7) ... skipping elsif: Preceding "if" was taken (7) ... skipping elsif: Preceding "if" was taken (7) ... skipping elsif: Preceding "if" was taken (7) ... skipping elsif: Preceding "if" was taken (7) ... skipping elsif: Preceding "if" was taken (7) ... skipping elsif: Preceding "if" was taken (7) ... skipping elsif: Preceding "if" was taken (7) ... skipping elsif: Preceding "if" was taken (7) ... skipping elsif: Preceding "if" was taken (7) ... skipping elsif: Preceding "if" was taken (7) ... skipping elsif: Preceding "if" was taken (7) ... skipping elsif: Preceding "if" was taken (7) ... skipping else: Preceding "if" was taken (7) } # policy etu_policy_service_selector = updated (7) policy etu_session_state_populate { (7) if (&Virtual-Server != "inner-tunnel.etu") { (7) EXPAND &Virtual-Server (7) --> default.etu (7) if (&Virtual-Server != "inner-tunnel.etu") -> TRUE (7) if (&Virtual-Server != "inner-tunnel.etu") { (7) if (!(&session-state:Calling-Station-Id)) { (7) if (!(&session-state:Calling-Station-Id)) -> FALSE (7) if (!(&session-state:Called-Station-Id)) { (7) if (!(&session-state:Called-Station-Id)) -> FALSE (7) if (!(&session-state:Called-Station-SSID)) { (7) if (!(&session-state:Called-Station-SSID)) -> FALSE (7) if (!(&session-state:ETU-Radius-Service-Name)) { (7) if (!(&session-state:ETU-Radius-Service-Name)) -> FALSE (7) if (!(&session-state:ETU-Outer-User-Name)) { (7) if (!(&session-state:ETU-Outer-User-Name)) -> FALSE (7) } # if (&Virtual-Server != "inner-tunnel.etu") = updated (7) } # policy etu_session_state_populate = updated (7) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) { (7) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) -> FALSE (7) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (7) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) -> TRUE (7) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (7) group { (7) policy etu_proxy_to_eduroam_trrad { (7) update control { (7) Home-Server-Pool = "eduroam_trrrad_pool" (7) } # update control = noop (7) [updated] = updated (7) } # policy etu_proxy_to_eduroam_trrad = updated (7) } # group = updated (7) etu_auth_modules { ... } # empty sub-section is ignored (7) return (7) } # if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) = updated (7) } # authorize = updated (7) Proxying due to Home-Server-Pool = "eduroam_trrrad_pool" (7) Starting proxy to home server 193.140.83.100 port 1812 (7) server default.etu { (7) } (7) Proxying request to home server 193.140.83.100 port 1812 timeout 20.000000 (7) Sent Access-Request Id 209 from 0.0.0.0:49432 to 193.140.83.100:1812 length 321 (7) User-Name = "test08@artvin.edu.tr" (7) NAS-IP-Address = 10.10.243.69 (7) NAS-Port = 0 (7) NAS-Identifier = "10.10.243.69" (7) NAS-Port-Type = Wireless-802.11 (7) Calling-Station-Id = "7e8623ae0401" (7) Called-Station-Id = "a8bd27c5752c" (7) Service-Type = Login-User (7) Framed-MTU = 1100 (7) EAP-Message = 0x0208003c19011703030031000000000000000131022bcc5af23b15b2c9b2aa206c16386816b3260591e18ecb3ec6916eea86c8aee4d37f8a5beb999e (7) State = 0x414434413967434a414d4e78536b3043672b684c4f364a6d2f44704b735948506568574750513d3d (7) Aruba-Essid-Name = "bidb-test" (7) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (7) Aruba-AP-Group = "Rektörlük" (7) Message-Authenticator = 0x2724e90a42f763a0c9c93513355ff95f (7) Event-Timestamp = "Dec 24 2024 06:14:06 UTC" (7) Proxy-State = 0x313230 Waking up in 0.3 seconds. (7) Clearing existing &reply: attributes (7) Received Access-Challenge Id 209 from 193.140.83.100:1812 to 10.88.0.10:49432 length 168 (7) Message-Authenticator = 0x9a32743d40407b035ecfc0f0ad080dea (7) EAP-Message = 0x0109005119011703030046523415c4b57440da4ce72a8d062129ea3ec0f02f435f757067200c2775411e4a4f99a7e1abb84d8501e14bd809978f532a06761a62d438ca8fb162e54b79823812fe159690b4 (7) State = 0x414751416d41446d41494a79536b3043716d5033366c485564794b5854652f67533631616e513d3d (7) Proxy-State = 0x313230 (7) server default.etu { (7) # Executing section post-proxy from file /etc/freeradius/sites-enabled/default.etu (7) post-proxy { (7) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ){ (7) EXPAND %{proxy-reply:Packet-Type} (7) --> Access-Challenge (7) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ) -> FALSE (7) } # post-proxy = noop (7) } (7) session-state: Saving cached attributes (7) Calling-Station-Id := "7e8623ae0401" (7) Called-Station-Id := "a8bd27c5752c" (7) Called-Station-SSID := "bidb-test" (7) ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (7) ETU-Outer-User-Name := "test08@artvin.edu.tr" (7) Using Post-Auth-Type Challenge (7) # Executing group from file /etc/freeradius/sites-enabled/default.etu (7) Challenge { ... } # empty sub-section is ignored (7) Sent Access-Challenge Id 120 from 10.88.0.10:1812 to 10.10.243.69:50507 length 163 (7) Message-Authenticator = 0x9a32743d40407b035ecfc0f0ad080dea (7) EAP-Message = 0x0109005119011703030046523415c4b57440da4ce72a8d062129ea3ec0f02f435f757067200c2775411e4a4f99a7e1abb84d8501e14bd809978f532a06761a62d438ca8fb162e54b79823812fe159690b4 (7) State = 0x414751416d41446d41494a79536b3043716d5033366c485564794b5854652f67533631616e513d3d (7) Finished request Waking up in 4.6 seconds. (8) Received Access-Request Id 121 from 10.10.243.69:50507 to 10.88.0.10:1812 length 364 (8) User-Name = "test08@artvin.edu.tr" (8) NAS-IP-Address = 10.10.243.69 (8) NAS-Port = 0 (8) NAS-Identifier = "10.10.243.69" (8) NAS-Port-Type = Wireless-802.11 (8) Calling-Station-Id = "7e8623ae0401" (8) Called-Station-Id = "a8bd27c5752c" (8) Service-Type = Login-User (8) Framed-MTU = 1100 (8) EAP-Message = 0x020900721901170303006700000000000000023435030f1fa96386e17e24bb3b1b1ff1d0946744d376682043871611dba4fbc6089870254bfb6ea52aec1fe93fb1dce6f75e8a82c4f52cf5256b51ea078e2a5a5cfd7df478092b59e51372aa0ac819f4d0981fc12f2fb6d498513b950120ac (8) State = 0x414751416d41446d41494a79536b3043716d5033366c485564794b5854652f67533631616e513d3d (8) Aruba-Essid-Name = "bidb-test" (8) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (8) Aruba-AP-Group = "Rektörlük" (8) Message-Authenticator = 0x0a8b666de49d1dd89e5156060efc053d (8) Restoring &session-state (8) &session-state:Calling-Station-Id := "7e8623ae0401" (8) &session-state:Called-Station-Id := "a8bd27c5752c" (8) &session-state:Called-Station-SSID := "bidb-test" (8) &session-state:ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (8) &session-state:ETU-Outer-User-Name := "test08@artvin.edu.tr" (8) # Executing section authorize from file /etc/freeradius/sites-enabled/default.etu (8) authorize { (8) policy filter_username { (8) if (&User-Name) { (8) if (&User-Name) -> TRUE (8) if (&User-Name) { (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@[^@]*@/ ) { (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ /@\./) { (8) if (&User-Name =~ /@\./) -> FALSE (8) } # if (&User-Name) = notfound (8) } # policy filter_username = notfound (8) [preprocess] = ok (8) policy etu_extract_ssid { (8) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) { (8) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) -> FALSE (8) elsif (&Aruba-Essid-Name) { (8) elsif (&Aruba-Essid-Name) -> TRUE (8) elsif (&Aruba-Essid-Name) { (8) update request { (8) EXPAND %{Aruba-Essid-Name} (8) --> bidb-test (8) &Called-Station-SSID := bidb-test (8) } # update request = noop (8) [updated] = updated (8) } # elsif (&Aruba-Essid-Name) = updated (8) ... skipping elsif: Preceding "if" was taken (8) ... skipping else: Preceding "if" was taken (8) } # policy etu_extract_ssid = updated (8) policy etu_policy_service_selector { (8) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) { (8) EXPAND %{client:shortname} (8) --> etu_wifi_rektorluk (8) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) -> FALSE (8) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (8) EXPAND %{client:shortname} (8) --> etu_wifi_rektorluk (8) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) -> TRUE (8) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (8) update request { (8) &ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (8) } # update request = noop (8) if (&Virtual-Server == "inner-tunnel.etu") { (8) EXPAND &Virtual-Server (8) --> default.etu (8) if (&Virtual-Server == "inner-tunnel.etu") -> FALSE (8) [updated] = updated (8) } # if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) = updated (8) ... skipping elsif: Preceding "if" was taken (8) ... skipping elsif: Preceding "if" was taken (8) ... skipping elsif: Preceding "if" was taken (8) ... skipping elsif: Preceding "if" was taken (8) ... skipping elsif: Preceding "if" was taken (8) ... skipping elsif: Preceding "if" was taken (8) ... skipping elsif: Preceding "if" was taken (8) ... skipping elsif: Preceding "if" was taken (8) ... skipping elsif: Preceding "if" was taken (8) ... skipping elsif: Preceding "if" was taken (8) ... skipping elsif: Preceding "if" was taken (8) ... skipping elsif: Preceding "if" was taken (8) ... skipping else: Preceding "if" was taken (8) } # policy etu_policy_service_selector = updated (8) policy etu_session_state_populate { (8) if (&Virtual-Server != "inner-tunnel.etu") { (8) EXPAND &Virtual-Server (8) --> default.etu (8) if (&Virtual-Server != "inner-tunnel.etu") -> TRUE (8) if (&Virtual-Server != "inner-tunnel.etu") { (8) if (!(&session-state:Calling-Station-Id)) { (8) if (!(&session-state:Calling-Station-Id)) -> FALSE (8) if (!(&session-state:Called-Station-Id)) { (8) if (!(&session-state:Called-Station-Id)) -> FALSE (8) if (!(&session-state:Called-Station-SSID)) { (8) if (!(&session-state:Called-Station-SSID)) -> FALSE (8) if (!(&session-state:ETU-Radius-Service-Name)) { (8) if (!(&session-state:ETU-Radius-Service-Name)) -> FALSE (8) if (!(&session-state:ETU-Outer-User-Name)) { (8) if (!(&session-state:ETU-Outer-User-Name)) -> FALSE (8) } # if (&Virtual-Server != "inner-tunnel.etu") = updated (8) } # policy etu_session_state_populate = updated (8) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) { (8) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) -> FALSE (8) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (8) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) -> TRUE (8) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (8) group { (8) policy etu_proxy_to_eduroam_trrad { (8) update control { (8) Home-Server-Pool = "eduroam_trrrad_pool" (8) } # update control = noop (8) [updated] = updated (8) } # policy etu_proxy_to_eduroam_trrad = updated (8) } # group = updated (8) etu_auth_modules { ... } # empty sub-section is ignored (8) return (8) } # if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) = updated (8) } # authorize = updated (8) Proxying due to Home-Server-Pool = "eduroam_trrrad_pool" (8) Starting proxy to home server 193.140.83.100 port 1812 (8) server default.etu { (8) } (8) Proxying request to home server 193.140.83.100 port 1812 timeout 20.000000 (8) Sent Access-Request Id 199 from 0.0.0.0:49432 to 193.140.83.100:1812 length 375 (8) User-Name = "test08@artvin.edu.tr" (8) NAS-IP-Address = 10.10.243.69 (8) NAS-Port = 0 (8) NAS-Identifier = "10.10.243.69" (8) NAS-Port-Type = Wireless-802.11 (8) Calling-Station-Id = "7e8623ae0401" (8) Called-Station-Id = "a8bd27c5752c" (8) Service-Type = Login-User (8) Framed-MTU = 1100 (8) EAP-Message = 0x020900721901170303006700000000000000023435030f1fa96386e17e24bb3b1b1ff1d0946744d376682043871611dba4fbc6089870254bfb6ea52aec1fe93fb1dce6f75e8a82c4f52cf5256b51ea078e2a5a5cfd7df478092b59e51372aa0ac819f4d0981fc12f2fb6d498513b950120ac (8) State = 0x414751416d41446d41494a79536b3043716d5033366c485564794b5854652f67533631616e513d3d (8) Aruba-Essid-Name = "bidb-test" (8) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (8) Aruba-AP-Group = "Rektörlük" (8) Message-Authenticator = 0x0a8b666de49d1dd89e5156060efc053d (8) Event-Timestamp = "Dec 24 2024 06:14:06 UTC" (8) Proxy-State = 0x313231 Waking up in 0.3 seconds. (8) Clearing existing &reply: attributes (8) Received Access-Challenge Id 199 from 193.140.83.100:1812 to 10.88.0.10:49432 length 173 (8) Message-Authenticator = 0xc71cae897bd4e0269f450c7b08b52659 (8) EAP-Message = 0x010a00561901170303004b523415c4b57440dbbc93a53440d436b6d0cddb1fb1f33561ef180e39e56345f76fbe5b7206fa02d20c65bda2b1551e47372dc17b2338fd03d55efca255df3284d385e2f199c4ebca29cc89 (8) State = 0x41434d412b67416f41414e30536b30434352496a384137426a536e79716775626b4a66476a773d3d (8) Proxy-State = 0x313231 (8) server default.etu { (8) # Executing section post-proxy from file /etc/freeradius/sites-enabled/default.etu (8) post-proxy { (8) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ){ (8) EXPAND %{proxy-reply:Packet-Type} (8) --> Access-Challenge (8) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ) -> FALSE (8) } # post-proxy = noop (8) } (8) session-state: Saving cached attributes (8) Calling-Station-Id := "7e8623ae0401" (8) Called-Station-Id := "a8bd27c5752c" (8) Called-Station-SSID := "bidb-test" (8) ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (8) ETU-Outer-User-Name := "test08@artvin.edu.tr" (8) Using Post-Auth-Type Challenge (8) # Executing group from file /etc/freeradius/sites-enabled/default.etu (8) Challenge { ... } # empty sub-section is ignored (8) Sent Access-Challenge Id 121 from 10.88.0.10:1812 to 10.10.243.69:50507 length 168 (8) Message-Authenticator = 0xc71cae897bd4e0269f450c7b08b52659 (8) EAP-Message = 0x010a00561901170303004b523415c4b57440dbbc93a53440d436b6d0cddb1fb1f33561ef180e39e56345f76fbe5b7206fa02d20c65bda2b1551e47372dc17b2338fd03d55efca255df3284d385e2f199c4ebca29cc89 (8) State = 0x41434d412b67416f41414e30536b30434352496a384137426a536e79716775626b4a66476a773d3d (8) Finished request Waking up in 4.5 seconds. (9) Received Access-Request Id 122 from 10.10.243.69:50507 to 10.88.0.10:1812 length 291 (9) User-Name = "test08@artvin.edu.tr" (9) NAS-IP-Address = 10.10.243.69 (9) NAS-Port = 0 (9) NAS-Identifier = "10.10.243.69" (9) NAS-Port-Type = Wireless-802.11 (9) Calling-Station-Id = "7e8623ae0401" (9) Called-Station-Id = "a8bd27c5752c" (9) Service-Type = Login-User (9) Framed-MTU = 1100 (9) EAP-Message = 0x020a00291901170303001e00000000000000034d487aa5283e7ba8a9ee2c69db4fb9dda4b05aa9f7a6 (9) State = 0x41434d412b67416f41414e30536b30434352496a384137426a536e79716775626b4a66476a773d3d (9) Aruba-Essid-Name = "bidb-test" (9) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (9) Aruba-AP-Group = "Rektörlük" (9) Message-Authenticator = 0xd20c5940437d0f8fed6d116710d0047e (9) Restoring &session-state (9) &session-state:Calling-Station-Id := "7e8623ae0401" (9) &session-state:Called-Station-Id := "a8bd27c5752c" (9) &session-state:Called-Station-SSID := "bidb-test" (9) &session-state:ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (9) &session-state:ETU-Outer-User-Name := "test08@artvin.edu.tr" (9) # Executing section authorize from file /etc/freeradius/sites-enabled/default.etu (9) authorize { (9) policy filter_username { (9) if (&User-Name) { (9) if (&User-Name) -> TRUE (9) if (&User-Name) { (9) if (&User-Name =~ / /) { (9) if (&User-Name =~ / /) -> FALSE (9) if (&User-Name =~ /@[^@]*@/ ) { (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (9) if (&User-Name =~ /\.\./ ) { (9) if (&User-Name =~ /\.\./ ) -> FALSE (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (9) if (&User-Name =~ /\.$/) { (9) if (&User-Name =~ /\.$/) -> FALSE (9) if (&User-Name =~ /@\./) { (9) if (&User-Name =~ /@\./) -> FALSE (9) } # if (&User-Name) = notfound (9) } # policy filter_username = notfound (9) [preprocess] = ok (9) policy etu_extract_ssid { (9) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) { (9) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) -> FALSE (9) elsif (&Aruba-Essid-Name) { (9) elsif (&Aruba-Essid-Name) -> TRUE (9) elsif (&Aruba-Essid-Name) { (9) update request { (9) EXPAND %{Aruba-Essid-Name} (9) --> bidb-test (9) &Called-Station-SSID := bidb-test (9) } # update request = noop (9) [updated] = updated (9) } # elsif (&Aruba-Essid-Name) = updated (9) ... skipping elsif: Preceding "if" was taken (9) ... skipping else: Preceding "if" was taken (9) } # policy etu_extract_ssid = updated (9) policy etu_policy_service_selector { (9) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) { (9) EXPAND %{client:shortname} (9) --> etu_wifi_rektorluk (9) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) -> FALSE (9) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (9) EXPAND %{client:shortname} (9) --> etu_wifi_rektorluk (9) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) -> TRUE (9) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (9) update request { (9) &ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (9) } # update request = noop (9) if (&Virtual-Server == "inner-tunnel.etu") { (9) EXPAND &Virtual-Server (9) --> default.etu (9) if (&Virtual-Server == "inner-tunnel.etu") -> FALSE (9) [updated] = updated (9) } # if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) = updated (9) ... skipping elsif: Preceding "if" was taken (9) ... skipping elsif: Preceding "if" was taken (9) ... skipping elsif: Preceding "if" was taken (9) ... skipping elsif: Preceding "if" was taken (9) ... skipping elsif: Preceding "if" was taken (9) ... skipping elsif: Preceding "if" was taken (9) ... skipping elsif: Preceding "if" was taken (9) ... skipping elsif: Preceding "if" was taken (9) ... skipping elsif: Preceding "if" was taken (9) ... skipping elsif: Preceding "if" was taken (9) ... skipping elsif: Preceding "if" was taken (9) ... skipping elsif: Preceding "if" was taken (9) ... skipping else: Preceding "if" was taken (9) } # policy etu_policy_service_selector = updated (9) policy etu_session_state_populate { (9) if (&Virtual-Server != "inner-tunnel.etu") { (9) EXPAND &Virtual-Server (9) --> default.etu (9) if (&Virtual-Server != "inner-tunnel.etu") -> TRUE (9) if (&Virtual-Server != "inner-tunnel.etu") { (9) if (!(&session-state:Calling-Station-Id)) { (9) if (!(&session-state:Calling-Station-Id)) -> FALSE (9) if (!(&session-state:Called-Station-Id)) { (9) if (!(&session-state:Called-Station-Id)) -> FALSE (9) if (!(&session-state:Called-Station-SSID)) { (9) if (!(&session-state:Called-Station-SSID)) -> FALSE (9) if (!(&session-state:ETU-Radius-Service-Name)) { (9) if (!(&session-state:ETU-Radius-Service-Name)) -> FALSE (9) if (!(&session-state:ETU-Outer-User-Name)) { (9) if (!(&session-state:ETU-Outer-User-Name)) -> FALSE (9) } # if (&Virtual-Server != "inner-tunnel.etu") = updated (9) } # policy etu_session_state_populate = updated (9) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) { (9) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) -> FALSE (9) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (9) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) -> TRUE (9) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (9) group { (9) policy etu_proxy_to_eduroam_trrad { (9) update control { (9) Home-Server-Pool = "eduroam_trrrad_pool" (9) } # update control = noop (9) [updated] = updated (9) } # policy etu_proxy_to_eduroam_trrad = updated (9) } # group = updated (9) etu_auth_modules { ... } # empty sub-section is ignored (9) return (9) } # if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) = updated (9) } # authorize = updated (9) Proxying due to Home-Server-Pool = "eduroam_trrrad_pool" (9) Starting proxy to home server 193.140.83.100 port 1812 (9) server default.etu { (9) } (9) Proxying request to home server 193.140.83.100 port 1812 timeout 20.000000 (9) Sent Access-Request Id 249 from 0.0.0.0:49432 to 193.140.83.100:1812 length 302 (9) User-Name = "test08@artvin.edu.tr" (9) NAS-IP-Address = 10.10.243.69 (9) NAS-Port = 0 (9) NAS-Identifier = "10.10.243.69" (9) NAS-Port-Type = Wireless-802.11 (9) Calling-Station-Id = "7e8623ae0401" (9) Called-Station-Id = "a8bd27c5752c" (9) Service-Type = Login-User (9) Framed-MTU = 1100 (9) EAP-Message = 0x020a00291901170303001e00000000000000034d487aa5283e7ba8a9ee2c69db4fb9dda4b05aa9f7a6 (9) State = 0x41434d412b67416f41414e30536b30434352496a384137426a536e79716775626b4a66476a773d3d (9) Aruba-Essid-Name = "bidb-test" (9) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (9) Aruba-AP-Group = "Rektörlük" (9) Message-Authenticator = 0xd20c5940437d0f8fed6d116710d0047e (9) Event-Timestamp = "Dec 24 2024 06:14:06 UTC" (9) Proxy-State = 0x313232 Waking up in 0.3 seconds. (9) Clearing existing &reply: attributes (9) Received Access-Challenge Id 249 from 193.140.83.100:1812 to 10.88.0.10:49432 length 133 (9) Message-Authenticator = 0xcc65c8a2f24214535fab887dc067d896 (9) EAP-Message = 0x010b002e19011703030023523415c4b57440dc31661c5ce8d020ad2e80f4346f618aac2276f241e626562b40ad06 (9) State = 0x414e38414567433241497031536b304372686144594c314f394c34384274726b4e5a753273413d3d (9) Proxy-State = 0x313232 (9) server default.etu { (9) # Executing section post-proxy from file /etc/freeradius/sites-enabled/default.etu (9) post-proxy { (9) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ){ (9) EXPAND %{proxy-reply:Packet-Type} (9) --> Access-Challenge (9) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ) -> FALSE (9) } # post-proxy = noop (9) } (9) session-state: Saving cached attributes (9) Calling-Station-Id := "7e8623ae0401" (9) Called-Station-Id := "a8bd27c5752c" (9) Called-Station-SSID := "bidb-test" (9) ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (9) ETU-Outer-User-Name := "test08@artvin.edu.tr" (9) Using Post-Auth-Type Challenge (9) # Executing group from file /etc/freeradius/sites-enabled/default.etu (9) Challenge { ... } # empty sub-section is ignored (9) Sent Access-Challenge Id 122 from 10.88.0.10:1812 to 10.10.243.69:50507 length 128 (9) Message-Authenticator = 0xcc65c8a2f24214535fab887dc067d896 (9) EAP-Message = 0x010b002e19011703030023523415c4b57440dc31661c5ce8d020ad2e80f4346f618aac2276f241e626562b40ad06 (9) State = 0x414e38414567433241497031536b304372686144594c314f394c34384274726b4e5a753273413d3d (9) Finished request Waking up in 4.5 seconds. (10) Received Access-Request Id 123 from 10.10.243.69:50507 to 10.88.0.10:1812 length 296 (10) User-Name = "test08@artvin.edu.tr" (10) NAS-IP-Address = 10.10.243.69 (10) NAS-Port = 0 (10) NAS-Identifier = "10.10.243.69" (10) NAS-Port-Type = Wireless-802.11 (10) Calling-Station-Id = "7e8623ae0401" (10) Called-Station-Id = "a8bd27c5752c" (10) Service-Type = Login-User (10) Framed-MTU = 1100 (10) EAP-Message = 0x020b002e1901170303002300000000000000041a44bc16151694944560b2f44528e897698ca7d86b1c16789cbfa7 (10) State = 0x414e38414567433241497031536b304372686144594c314f394c34384274726b4e5a753273413d3d (10) Aruba-Essid-Name = "bidb-test" (10) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (10) Aruba-AP-Group = "Rektörlük" (10) Message-Authenticator = 0x7e5959ad67099edbc30c8e02a8dffb43 (10) Restoring &session-state (10) &session-state:Calling-Station-Id := "7e8623ae0401" (10) &session-state:Called-Station-Id := "a8bd27c5752c" (10) &session-state:Called-Station-SSID := "bidb-test" (10) &session-state:ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (10) &session-state:ETU-Outer-User-Name := "test08@artvin.edu.tr" (10) # Executing section authorize from file /etc/freeradius/sites-enabled/default.etu (10) authorize { (10) policy filter_username { (10) if (&User-Name) { (10) if (&User-Name) -> TRUE (10) if (&User-Name) { (10) if (&User-Name =~ / /) { (10) if (&User-Name =~ / /) -> FALSE (10) if (&User-Name =~ /@[^@]*@/ ) { (10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (10) if (&User-Name =~ /\.\./ ) { (10) if (&User-Name =~ /\.\./ ) -> FALSE (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (10) if (&User-Name =~ /\.$/) { (10) if (&User-Name =~ /\.$/) -> FALSE (10) if (&User-Name =~ /@\./) { (10) if (&User-Name =~ /@\./) -> FALSE (10) } # if (&User-Name) = notfound (10) } # policy filter_username = notfound (10) [preprocess] = ok (10) policy etu_extract_ssid { (10) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) { (10) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))$/i)) -> FALSE (10) elsif (&Aruba-Essid-Name) { (10) elsif (&Aruba-Essid-Name) -> TRUE (10) elsif (&Aruba-Essid-Name) { (10) update request { (10) EXPAND %{Aruba-Essid-Name} (10) --> bidb-test (10) &Called-Station-SSID := bidb-test (10) } # update request = noop (10) [updated] = updated (10) } # elsif (&Aruba-Essid-Name) = updated (10) ... skipping elsif: Preceding "if" was taken (10) ... skipping else: Preceding "if" was taken (10) } # policy etu_extract_ssid = updated (10) policy etu_policy_service_selector { (10) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) { (10) EXPAND %{client:shortname} (10) --> etu_wifi_rektorluk (10) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name =~ /^.+@erzurum\.edu\.tr$/i) ) -> FALSE (10) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (10) EXPAND %{client:shortname} (10) --> etu_wifi_rektorluk (10) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) -> TRUE (10) if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) { (10) update request { (10) &ETU-Radius-Service-Name := "etu_service_bidb_test_eduroam" (10) } # update request = noop (10) if (&Virtual-Server == "inner-tunnel.etu") { (10) EXPAND &Virtual-Server (10) --> default.etu (10) if (&Virtual-Server == "inner-tunnel.etu") -> FALSE (10) [updated] = updated (10) } # if ( ("%{client:shortname}" == "etu_wifi_rektorluk") && (&Called-Station-SSID == "bidb-test") && (&User-Name !~ /^.+@erzurum\.edu\.tr$/i) ) = updated (10) ... skipping elsif: Preceding "if" was taken (10) ... skipping elsif: Preceding "if" was taken (10) ... skipping elsif: Preceding "if" was taken (10) ... skipping elsif: Preceding "if" was taken (10) ... skipping elsif: Preceding "if" was taken (10) ... skipping elsif: Preceding "if" was taken (10) ... skipping elsif: Preceding "if" was taken (10) ... skipping elsif: Preceding "if" was taken (10) ... skipping elsif: Preceding "if" was taken (10) ... skipping elsif: Preceding "if" was taken (10) ... skipping elsif: Preceding "if" was taken (10) ... skipping elsif: Preceding "if" was taken (10) ... skipping else: Preceding "if" was taken (10) } # policy etu_policy_service_selector = updated (10) policy etu_session_state_populate { (10) if (&Virtual-Server != "inner-tunnel.etu") { (10) EXPAND &Virtual-Server (10) --> default.etu (10) if (&Virtual-Server != "inner-tunnel.etu") -> TRUE (10) if (&Virtual-Server != "inner-tunnel.etu") { (10) if (!(&session-state:Calling-Station-Id)) { (10) if (!(&session-state:Calling-Station-Id)) -> FALSE (10) if (!(&session-state:Called-Station-Id)) { (10) if (!(&session-state:Called-Station-Id)) -> FALSE (10) if (!(&session-state:Called-Station-SSID)) { (10) if (!(&session-state:Called-Station-SSID)) -> FALSE (10) if (!(&session-state:ETU-Radius-Service-Name)) { (10) if (!(&session-state:ETU-Radius-Service-Name)) -> FALSE (10) if (!(&session-state:ETU-Outer-User-Name)) { (10) if (!(&session-state:ETU-Outer-User-Name)) -> FALSE (10) } # if (&Virtual-Server != "inner-tunnel.etu") = updated (10) } # policy etu_session_state_populate = updated (10) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) { (10) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test" ) -> FALSE (10) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (10) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) -> TRUE (10) if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) { (10) group { (10) policy etu_proxy_to_eduroam_trrad { (10) update control { (10) Home-Server-Pool = "eduroam_trrrad_pool" (10) } # update control = noop (10) [updated] = updated (10) } # policy etu_proxy_to_eduroam_trrad = updated (10) } # group = updated (10) etu_auth_modules { ... } # empty sub-section is ignored (10) return (10) } # if ( &ETU-Radius-Service-Name == "etu_service_bidb_test_eduroam" ) = updated (10) } # authorize = updated (10) Proxying due to Home-Server-Pool = "eduroam_trrrad_pool" (10) Starting proxy to home server 193.140.83.100 port 1812 (10) server default.etu { (10) } (10) Proxying request to home server 193.140.83.100 port 1812 timeout 20.000000 (10) Sent Access-Request Id 162 from 0.0.0.0:49432 to 193.140.83.100:1812 length 307 (10) User-Name = "test08@artvin.edu.tr" (10) NAS-IP-Address = 10.10.243.69 (10) NAS-Port = 0 (10) NAS-Identifier = "10.10.243.69" (10) NAS-Port-Type = Wireless-802.11 (10) Calling-Station-Id = "7e8623ae0401" (10) Called-Station-Id = "a8bd27c5752c" (10) Service-Type = Login-User (10) Framed-MTU = 1100 (10) EAP-Message = 0x020b002e1901170303002300000000000000041a44bc16151694944560b2f44528e897698ca7d86b1c16789cbfa7 (10) State = 0x414e38414567433241497031536b304372686144594c314f394c34384274726b4e5a753273413d3d (10) Aruba-Essid-Name = "bidb-test" (10) Aruba-Location-Id = "REKTORLUK_KAT1R_MEHMETRASIMODA" (10) Aruba-AP-Group = "Rektörlük" (10) Message-Authenticator = 0x7e5959ad67099edbc30c8e02a8dffb43 (10) Event-Timestamp = "Dec 24 2024 06:14:06 UTC" (10) Proxy-State = 0x313233 Waking up in 0.3 seconds. (10) Clearing existing &reply: attributes (10) Received Access-Accept Id 162 from 193.140.83.100:1812 to 10.88.0.10:49432 length 245 (10) Message-Authenticator = 0x9385aded1da22d5f6f533dfadfba9c9c (10) MS-MPPE-Recv-Key = 0xff88e7d4c208bc8463110bba631d038923b67c9c7491af2e8f4cbce3789f27bf (10) MS-MPPE-Send-Key = 0x1343bd646b3147637a027e8771e73900570b0623e1a80563ab2ca13b0d2ddd57 (10) EAP-Message = 0x030b0004 (10) User-Name = "test08@artvin.edu.tr" (10) Class = 0xe4481107c4884866a175696050857992ba0b0000000000005230303566356161622d30312d36373661353265380000000000000000000000 (10) Proxy-State = 0x313233 (10) server default.etu { (10) # Executing section post-proxy from file /etc/freeradius/sites-enabled/default.etu (10) post-proxy { (10) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ){ (10) EXPAND %{proxy-reply:Packet-Type} (10) --> Access-Accept (10) if ("%{proxy-reply:Packet-Type}" == "Access-Reject" ) -> FALSE (10) } # post-proxy = noop (10) } (10) Found Auth-Type = Accept (10) Auth-Type = Accept, accepting the user (10) # Executing section post-auth from file /etc/freeradius/sites-enabled/default.etu (10) post-auth { (10) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) { (10) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) -> FALSE (10) update { (10) &reply::Calling-Station-Id += &session-state:Calling-Station-Id[*] -> '7e8623ae0401' (10) &reply::Called-Station-Id += &session-state:Called-Station-Id[*] -> 'a8bd27c5752c' (10) &reply::Called-Station-SSID += &session-state:Called-Station-SSID[*] -> 'bidb-test' (10) &reply::ETU-Radius-Service-Name += &session-state:ETU-Radius-Service-Name[*] -> 'etu_service_bidb_test_eduroam' (10) &reply::ETU-Outer-User-Name += &session-state:ETU-Outer-User-Name[*] -> 'test08@artvin.edu.tr' (10) } # update = noop (10) policy insert_acct_class { (10) update reply { (10) EXPAND ai:%{md5:%t,%{Packet-Src-Port},%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}},%{NAS-IP-Address},%{Calling-Station-ID},%{User-Name},%{session-state:User-Name} } (10) --> ai:d4600a42f67f9997a9d4ac60e6479048 (10) &Class = 0x61693a6434363030613432663637663939393761396434616336306536343739303438 (10) } # update reply = noop (10) } # policy insert_acct_class = noop (10) policy remove_reply_message_if_eap { (10) if (&reply:EAP-Message && &reply:Reply-Message) { (10) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (10) else { (10) [noop] = noop (10) } # else = noop (10) } # policy remove_reply_message_if_eap = noop (10) linelog.etu: EXPAND Access-Request.%{%{reply:Packet-Type}:-default} (10) linelog.etu: --> Access-Request.Access-Accept (10) linelog.etu: EXPAND Accepted User: [%{User-Name}] inner_username: [%{session-state:ETU-Inner-User-Name}] event_timestamp: [%T] calling_station_id: [%{Calling-Station-Id}] called_station_id: [%{Called-Station-Id}] ssid: [%{Called-Station-SSID}] srcip: [%{Packet-Src-IP-Address}] nas_name: [%{NAS-Identifier}] client_location: [%{ETU-Client-Location}] etu_service: [%{ETU-Radius-Service-Name}] auth_type: [%{control:Auth-Type}] eap_type: [%{EAP-Type}] tls_version: [%{&session-state:TLS-Session-Version}] (10) linelog.etu: --> Accepted User: [test08@artvin.edu.tr] inner_username: [] event_timestamp: [2024-12-24-06.14.06.688852] calling_station_id: [7e8623ae0401] called_station_id: [a8bd27c5752c] ssid: [bidb-test] srcip: [10.10.243.69] nas_name: [10.10.243.69] client_location: [] etu_service: [etu_service_bidb_test_eduroam] auth_type: [Accept] eap_type: [] tls_version: [] (10) linelog.etu: EXPAND /dev/stdout (10) linelog.etu: --> /dev/stdout Accepted User: [test08@artvin.edu.tr] inner_username: [] event_timestamp: [2024-12-24-06.14.06.688852] calling_station_id: [7e8623ae0401] called_station_id: [a8bd27c5752c] ssid: [bidb-test] srcip: [10.10.243.69] nas_name: [10.10.243.69] client_location: [] etu_service: [etu_service_bidb_test_eduroam] auth_type: [Accept] eap_type: [] tls_version: [] (10) [linelog.etu] = ok (10) if (EAP-Key-Name && &reply:EAP-Session-Id) { (10) if (EAP-Key-Name && &reply:EAP-Session-Id) -> FALSE (10) } # post-auth = ok (10) Login OK: [test08@artvin.edu.tr] (from client etu_wifi_rektorluk port 0 cli 7e8623ae0401) (10) Sent Access-Accept Id 123 from 10.88.0.10:1812 to 10.10.243.69:50507 length 268 (10) Message-Authenticator = 0x9385aded1da22d5f6f533dfadfba9c9c (10) MS-MPPE-Recv-Key = 0xff88e7d4c208bc8463110bba631d038923b67c9c7491af2e8f4cbce3789f27bf (10) MS-MPPE-Send-Key = 0x1343bd646b3147637a027e8771e73900570b0623e1a80563ab2ca13b0d2ddd57 (10) EAP-Message = 0x030b0004 (10) User-Name = "test08@artvin.edu.tr" (10) Class = 0xe4481107c4884866a175696050857992ba0b0000000000005230303566356161622d30312d36373661353265380000000000000000000000 (10) Calling-Station-Id += "7e8623ae0401" (10) Called-Station-Id += "a8bd27c5752c" (10) Finished request Waking up in 4.4 seconds. (0) Cleaning up request packet ID 109 with timestamp +11 due to cleanup_delay was reached (1) Cleaning up request packet ID 100 with timestamp +11 due to cleanup_delay was reached (2) Cleaning up request packet ID 110 with timestamp +11 due to cleanup_delay was reached (3) Cleaning up request packet ID 112 with timestamp +11 due to cleanup_delay was reached (4) Cleaning up request packet ID 117 with timestamp +11 due to cleanup_delay was reached (5) Cleaning up request packet ID 118 with timestamp +11 due to cleanup_delay was reached (6) Cleaning up request packet ID 119 with timestamp +11 due to cleanup_delay was reached (7) Cleaning up request packet ID 120 with timestamp +11 due to cleanup_delay was reached (8) Cleaning up request packet ID 121 with timestamp +11 due to cleanup_delay was reached (9) Cleaning up request packet ID 122 with timestamp +11 due to cleanup_delay was reached (10) Cleaning up request packet ID 123 with timestamp +11 due to cleanup_delay was reached Ready to process requests
On 24/12/2024 10:46, Rahman DURAN via Freeradius-Users wrote:
It just disables unused things and copies over my custom config from my git repo. It was working without any problem until version 3.2.6. After I upgraded to 3.2.6 outgoing eduroam proxy requests all started to fail with same error:
"Tue Dec 24 06:05:10 2024 : Auth: (1) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [test08@artvin.edu.tr] (from client etu_wifi_rektorluk port 0 cli 7e8623ae0401)"
Returning back to the 3.2.5 version container fixes the problem.
I just tried to debug the problem and started the 3.2.6 version container with "-X" but surprisingly it works ok in debug mode. It is reproducible every time. If I run the container normally without "-X" it all fails with the above error. If I run the same container with the same config with "-X" it all works as expected.
Is this a known problem? I tried the official "freeradius/freeradius-dev" image with "v3.2.x" tag to see if the development image works and it works without any problem too in normal mode (without debug mode).
There is a known issue in 3.2.6 where proxying uses Home-Server-Pool or Home-Server-Name to direct the proxying - using Proxy-To-Realm works as expected. The issue will be resolved in 3.2.7 - hence the dev image working. Nick -- Nick Porter Porter Computing Ltd Registered in England No 12659380
participants (2)
-
Nick Porter -
Rahman DURAN