Fwd: help

valeriobaroni valerio.baroni at gmail.com
Fri Jan 22 10:46:39 CET 2021


HELP
Hi all, im trying to setup freeradius witch WLC cisco, but when i trying to
connect i cannot receive any IP from the vlan 102, can you help me?

 # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
   authorize {
     policy filter_username {
       if (&User-Name) {
       if (&User-Name)  -TRUE
       if (&User-Name)  {
         if (&User-Name =~ / /) {
         if (&User-Name =~ / /)  -FALSE
         if (&User-Name =~ /@[^@]*@/ ) {
         if (&User-Name =~ /@[^@]*@/ )  -FALSE
         if (&User-Name =~ /\.\./ ) {
         if (&User-Name =~ /\.\./ )  -FALSE
         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -FALSE
         if (&User-Name =~ /\.$/)  {
         if (&User-Name =~ /\.$/)   -FALSE
         if (&User-Name =~ /@\./)  {
         if (&User-Name =~ /@\./)   -FALSE
       } # if (&User-Name)  = notfound
     } # policy filter_username = notfound
     [preprocess] = ok
     [chap] = noop
     [mschap] = noop
     [digest] = noop
 suffix: Checking for suffix after "@"
 suffix: No '@' in User-Name = "antonio.spagnolo", looking up realm NULL
 suffix: No such realm "NULL"
     [suffix] = noop
 eap: Peer sent EAP Response (code 2) ID 8 length 46
 eap: Continuing tunnel setup
     [eap] = ok
   } # authorize = ok
 Found Auth-Type = eap
 # Executing group from file /etc/freeradius/3.0/sites-enabled/default
   authenticate {
 eap: Expiring EAP session with state 0x15e01da017e4042c
 eap: Finished EAP session with state 0xb7b3f30ab1bbeaee
 eap: Previous EAP request found for state 0xb7b3f30ab1bbeaee, released
from the list
 eap: Peer sent packet with method EAP PEAP (25)
 eap: Calling submodule eap_peap to process data
 eap_peap: Continuing EAP-TLS
 eap_peap: [eaptls verify] = ok
 eap_peap: Done initial handshake
 eap_peap: [eaptls process] = ok
 eap_peap: Session established.  Decoding tunneled attributes
 eap_peap: PEAP state send tlv success
 eap_peap: Received EAP-TLV response
 eap_peap: Success
 eap_peap: Using saved attributes from the original Access-Accept
 eap_peap:   Cleartext-Password = "l63dJ2Ye"
 eap_peap:   Tunnel-Type = VLAN
 eap_peap:   Tunnel-Medium-Type = IEEE-802
 eap_peap:   Tunnel-Private-Group-Id = "102"
 eap: Sending EAP Success (code 3) ID 8 length 4
 eap: Freeing handler
     [eap] = ok
   } # authenticate = ok
 # Executing section post-auth from file
/etc/freeradius/3.0/sites-enabled/default
   post-auth {
     if (session-state:User-Name && reply:User-Name && request:User-Name &&
(reply:User-Name == request:User-Name)) {
     if (session-state:User-Name && reply:User-Name && request:User-Name &&
(reply:User-Name == request:User-Name))  -FALSE
     update {
       &reply::TLS-Session-Cipher-Suite +=
&session-state:TLS-Session-Cipher-Suite[*] -'ECDHE-RSA-AES256-GCM-SHA384'
       &reply::TLS-Session-Version += &session-state:TLS-Session-Version[*]
-'TLS 1.2'
     } # update = noop
 sql: EXPAND .query
 sql:    --.query
 sql: Using query template 'query'
rlm_sql (sql): Reserved connection (14)
 sql: EXPAND %{User-Name}
 sql:    --antonio.spagnolo
 sql: SQL-User-Name set to 'antonio.spagnolo'
 sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S.%M')
 sql:    --INSERT INTO radpostauth (username, pass, reply, authdate) VALUES
( 'antonio.spagnolo', '', 'Access-Accept', '2021-01-21 16:11:14.451111')
 sql: EXPAND /var/log/freeradius/sqllog.sql
 sql:    --/var/log/freeradius/sqllog.sql
 sql: Executing query: INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( 'antonio.spagnolo', '', 'Access-Accept', '2021-01-21
16:11:14.451111')
 sql: SQL query returned: success
 sql: 1 record(s) updated
rlm_sql (sql): Released connection (14)
     [sql] = ok
     [exec] = noop
     policy remove_reply_message_if_eap {
       if (&reply:EAP-Message && &reply:Reply-Message) {
       if (&reply:EAP-Message && &reply:Reply-Message)  -FALSE
       else {
         [noop] = noop
       } # else = noop
     } # policy remove_reply_message_if_eap = noop
   } # post-auth = ok
 Sent Access-Accept Id 34 from 192.168.11.5:1812 to 192.168.14.250:50788
length 0
   Tunnel-Type = VLAN
   Tunnel-Medium-Type = IEEE-802
   Tunnel-Private-Group-Id = "102"
   MS-MPPE-Recv-Key =
0x7271712b4d569cfb7ca3339e0a7b56057fbb82f2d1c0571a16de929285a7b101
   MS-MPPE-Send-Key =
0x43dd9dbc85f67a42325568da028912e22fc1587cb3d2df3ed4c5b076731f8e85
   EAP-Message = 0x03080004
   Message-Authenticator = 0x00000000000000000000000000000000
   User-Name = "antonio.spagnolo"
 Finished request


More information about the Freeradius-Users mailing list