AW: Additional reply attributes via eap-pwd possible?
denny.friebe at icera-network.de
denny.friebe at icera-network.de
Tue Jan 26 15:54:53 CET 2021
> Yes.
> Alan DeKok.
Thank you for your answer. I am still stuck with the problem. The radius server just does not want to send me the attributes.
I suspect a problem with the inner-tunnel. Maybe you could help me here?
Ready to process requests
(0) Received Access-Request Id 131 from 10.30.156.65:37368 to 10.15.0.136:1812 length 217
(0) User-Name = "5001"
(0) NAS-IP-Address = 10.30.156.65
(0) NAS-Identifier = "c0e4000b1733"
(0) Called-Station-Id = "C0-E4-00-0B-17-33:TestAuth"
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) Calling-Station-Id = "F6-1C-00-0B-07-03"
(0) Connect-Info = "CONNECT 0Mbps 802.11b"
(0) Acct-Session-Id = "212F019475EE742B"
(0) Acct-Multi-Session-Id = "140719517FC880F8"
(0) WLAN-Pairwise-Cipher = 1027076
(0) WLAN-Group-Cipher = 1027076
(0) WLAN-AKM-Suite = 1027073
(0) Framed-MTU = 1400
(0) EAP-Message = 0x026200090135303031
(0) Message-Authenticator = 0x40c853e732061fe7ef8b834200e86e85
(0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /@\./) {
(0) if (&User-Name =~ /@\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "5001", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) policy rewrite_calling_station_id {
(0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
(0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(0) update request {
(0) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(0) --> F6-1C-00-0B-07-03
(0) &Calling-Station-Id := F6-1C-00-0B-07-03
(0) } # update request = noop
(0) [updated] = updated
(0) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
(0) ... skipping else: Preceding "if" was taken
(0) } # policy rewrite_calling_station_id = updated
(0) eap: Peer sent EAP Response (code 2) ID 98 length 9
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0) authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_pwd to process data
(0) eap: Sending EAP Request (code 1) ID 99 length 46
(0) eap: EAP session adding &reply:State = 0x7746780c77254c9b
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0) Challenge { ... } # empty sub-section is ignored
(0) Sent Access-Challenge Id 131 from 10.15.0.136:1812 to 10.30.156.65:37368 length 0
(0) EAP-Message = 0x0163002e340100130101f04ae61e0066726565726164697573407372762d667265657261646975732d7664686f74
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0x7746780c77254c9bc64706082ad8092a
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 132 from 10.30.156.65:37368 to 10.15.0.136:1812 length 245
(1) User-Name = "5001"
(1) NAS-IP-Address = 10.30.156.65
(1) NAS-Identifier = "c0e4000b1733"
(1) Called-Station-Id = "C0-E4-00-0B-17-33:TestAuth"
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) Calling-Station-Id = "F6-1C-00-0B-07-03"
(1) Connect-Info = "CONNECT 0Mbps 802.11b"
(1) Acct-Session-Id = "212F019475EE742B"
(1) Acct-Multi-Session-Id = "140719517FC880F8"
(1) WLAN-Pairwise-Cipher = 1027076
(1) WLAN-Group-Cipher = 1027076
(1) WLAN-AKM-Suite = 1027073
(1) Framed-MTU = 1400
(1) EAP-Message = 0x02630013340100130101f04ae61e0035303031
(1) State = 0x7746780c77254c9bc64706082ad8092a
(1) Message-Authenticator = 0x7b79b35ea1f61596294cd984d984b446
(1) session-state: No cached attributes
(1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /@\./) {
(1) if (&User-Name =~ /@\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "5001", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) policy rewrite_calling_station_id {
(1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
(1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(1) update request {
(1) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(1) --> F6-1C-00-0B-07-03
(1) &Calling-Station-Id := F6-1C-00-0B-07-03
(1) } # update request = noop
(1) [updated] = updated
(1) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
(1) ... skipping else: Preceding "if" was taken
(1) } # policy rewrite_calling_station_id = updated
(1) eap: Peer sent EAP Response (code 2) ID 99 length 19
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) authenticate {
(1) eap: Expiring EAP session with state 0x7746780c77254c9b
(1) eap: Finished EAP session with state 0x7746780c77254c9b
(1) eap: Previous EAP request found for state 0x7746780c77254c9b, released from the list
(1) eap: Peer sent packet with method EAP PWD (52)
(1) eap: Calling submodule eap_pwd to process data
(1) eap_pwd: Sending tunneled request
(1) eap_pwd: User-Name = "5001"
(1) eap_pwd: server inner-tunnel {
(1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /@\./) {
(1) if (&User-Name =~ /@\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "5001", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) update control {
(1) &Proxy-To-Realm := LOCAL
(1) } # update control = noop
(1) eap: No EAP-Message, not doing EAP
(1) [eap] = noop
(1) sql: EXPAND %{User-Name}
(1) sql: --> 5001
(1) sql: SQL-User-Name set to '5001'
rlm_sql (sql): Reserved connection (0)
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '5001' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '5001' ORDER BY id
(1) sql: User found in radcheck table
(1) sql: Conditional check items matched, merging assignment check items
(1) sql: Cleartext-Password := "abc123"
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = '5001' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '5001' ORDER BY id
(1) sql: User found in radreply table, merging reply items
(1) sql: LCS-TxRateLimit = 10500
(1) sql: LCS-RxRateLimit = 3600
(1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(1) sql: --> SELECT groupname FROM radusergroup WHERE username = '5001' ORDER BY priority
(1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = '5001' ORDER BY priority
(1) sql: User not found in any groups
rlm_sql (sql): Released connection (0)
Need 5 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on 10.15.0.134 via TCP/IP, server version 5.7.30-log, protocol version 10
(1) [sql] = ok
(1) [logintime] = noop
(1) pap: No User-Password attribute in the request. Cannot do PAP
(1) [pap] = noop
(1) } # authorize = ok
(1) eap_pwd: } # server inner-tunnel
(1) eap_pwd: Got tunneled reply code 0
(1) eap_pwd: LCS-TxRateLimit = 10500
(1) eap_pwd: LCS-RxRateLimit = 3600
(1) eap: Sending EAP Request (code 1) ID 100 length 102
(1) eap: EAP session adding &reply:State = 0x7746780c76224c9b
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) Challenge { ... } # empty sub-section is ignored
(1) Sent Access-Challenge Id 132 from 10.15.0.136:1812 to 10.30.156.65:37368 length 0
(1) EAP-Message = 0x016400663402c2210083a3269c8fdc7a59bd8f948c417cf16e9e0766b4ffbb3cebffa97df893a7561900ca1e1919da6a33fa8a92339ec8010b44accf6c9d4a01e427fee1f152720b5b45d4f710ff0996339038c280c217db7061d1b6337ced479ecde0815022
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x7746780c76224c9bc64706082ad8092a
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 133 from 10.30.156.65:37368 to 10.15.0.136:1812 length 328
(2) User-Name = "5001"
(2) NAS-IP-Address = 10.30.156.65
(2) NAS-Identifier = "c0e4000b1733"
(2) Called-Station-Id = "C0-E4-00-0B-17-33:TestAuth"
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) Calling-Station-Id = "F6-1C-00-0B-07-03"
(2) Connect-Info = "CONNECT 0Mbps 802.11b"
(2) Acct-Session-Id = "212F019475EE742B"
(2) Acct-Multi-Session-Id = "140719517FC880F8"
(2) WLAN-Pairwise-Cipher = 1027076
(2) WLAN-Group-Cipher = 1027076
(2) WLAN-AKM-Suite = 1027073
(2) Framed-MTU = 1400
(2) EAP-Message = 0x026400663402e5ff4eb08991c163fd5128ce39375ab5aacf1e10cbc62d289e9cdec763bd51be0391bf4a4a550cefbd37564819fbee344376feaba44f726566f2f655b714c314c544af8bc9d0149f7fb6565ecbd5083d2f9c57f51431dce45488765ba1c987ea
(2) State = 0x7746780c76224c9bc64706082ad8092a
(2) Message-Authenticator = 0xa9f3aced80dc79fc22b8af1713a940e0
(2) session-state: No cached attributes
(2) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(2) authorize {
(2) policy filter_username {
(2) if (&User-Name) {
(2) if (&User-Name) -> TRUE
(2) if (&User-Name) {
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@[^@]*@/ ) {
(2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(2) if (&User-Name =~ /\.\./ ) {
(2) if (&User-Name =~ /\.\./ ) -> FALSE
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(2) if (&User-Name =~ /\.$/) {
(2) if (&User-Name =~ /\.$/) -> FALSE
(2) if (&User-Name =~ /@\./) {
(2) if (&User-Name =~ /@\./) -> FALSE
(2) } # if (&User-Name) = notfound
(2) } # policy filter_username = notfound
(2) [preprocess] = ok
(2) suffix: Checking for suffix after "@"
(2) suffix: No '@' in User-Name = "5001", looking up realm NULL
(2) suffix: No such realm "NULL"
(2) [suffix] = noop
(2) policy rewrite_calling_station_id {
(2) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(2) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
(2) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(2) update request {
(2) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(2) --> F6-1C-00-0B-07-03
(2) &Calling-Station-Id := F6-1C-00-0B-07-03
(2) } # update request = noop
(2) [updated] = updated
(2) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
(2) ... skipping else: Preceding "if" was taken
(2) } # policy rewrite_calling_station_id = updated
(2) eap: Peer sent EAP Response (code 2) ID 100 length 102
(2) eap: No EAP Start, assuming it's an on-going EAP conversation
(2) [eap] = updated
(2) } # authorize = updated
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2) authenticate {
(2) eap: Expiring EAP session with state 0x7746780c76224c9b
(2) eap: Finished EAP session with state 0x7746780c76224c9b
(2) eap: Previous EAP request found for state 0x7746780c76224c9b, released from the list
(2) eap: Peer sent packet with method EAP PWD (52)
(2) eap: Calling submodule eap_pwd to process data
(2) eap: Sending EAP Request (code 1) ID 101 length 38
(2) eap: EAP session adding &reply:State = 0x7746780c75234c9b
(2) [eap] = handled
(2) } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2) Challenge { ... } # empty sub-section is ignored
(2) Sent Access-Challenge Id 133 from 10.15.0.136:1812 to 10.30.156.65:37368 length 0
(2) EAP-Message = 0x0165002634037466e2384d2efd73818f0e4cdcc666a769a4bc85fe6895a78b0f5fc853d4e5cd
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0x7746780c75234c9bc64706082ad8092a
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 134 from 10.30.156.65:37368 to 10.15.0.136:1812 length 264
(3) User-Name = "5001"
(3) NAS-IP-Address = 10.30.156.65
(3) NAS-Identifier = "c0e4000b1733"
(3) Called-Station-Id = "C0-E4-00-0B-17-33:TestAuth"
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) Calling-Station-Id = "F6-1C-00-0B-07-03"
(3) Connect-Info = "CONNECT 0Mbps 802.11b"
(3) Acct-Session-Id = "212F019475EE742B"
(3) Acct-Multi-Session-Id = "140719517FC880F8"
(3) WLAN-Pairwise-Cipher = 1027076
(3) WLAN-Group-Cipher = 1027076
(3) WLAN-AKM-Suite = 1027073
(3) Framed-MTU = 1400
(3) EAP-Message = 0x026500263403bb6184d17965cbf286f91ab7a6bce8af297c878e5d4ef27995065b48833e06ce
(3) State = 0x7746780c75234c9bc64706082ad8092a
(3) Message-Authenticator = 0x68727675cf8809530dd137abdfbb4589
(3) session-state: No cached attributes
(3) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(3) authorize {
(3) policy filter_username {
(3) if (&User-Name) {
(3) if (&User-Name) -> TRUE
(3) if (&User-Name) {
(3) if (&User-Name =~ / /) {
(3) if (&User-Name =~ / /) -> FALSE
(3) if (&User-Name =~ /@[^@]*@/ ) {
(3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(3) if (&User-Name =~ /\.\./ ) {
(3) if (&User-Name =~ /\.\./ ) -> FALSE
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(3) if (&User-Name =~ /\.$/) {
(3) if (&User-Name =~ /\.$/) -> FALSE
(3) if (&User-Name =~ /@\./) {
(3) if (&User-Name =~ /@\./) -> FALSE
(3) } # if (&User-Name) = notfound
(3) } # policy filter_username = notfound
(3) [preprocess] = ok
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "5001", looking up realm NULL
(3) suffix: No such realm "NULL"
(3) [suffix] = noop
(3) policy rewrite_calling_station_id {
(3) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(3) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
(3) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(3) update request {
(3) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(3) --> F6-1C-00-0B-07-03
(3) &Calling-Station-Id := F6-1C-00-0B-07-03
(3) } # update request = noop
(3) [updated] = updated
(3) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
(3) ... skipping else: Preceding "if" was taken
(3) } # policy rewrite_calling_station_id = updated
(3) eap: Peer sent EAP Response (code 2) ID 101 length 38
(3) eap: No EAP Start, assuming it's an on-going EAP conversation
(3) [eap] = updated
(3) } # authorize = updated
(3) Found Auth-Type = eap
(3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(3) authenticate {
(3) eap: Expiring EAP session with state 0x7746780c75234c9b
(3) eap: Finished EAP session with state 0x7746780c75234c9b
(3) eap: Previous EAP request found for state 0x7746780c75234c9b, released from the list
(3) eap: Peer sent packet with method EAP PWD (52)
(3) eap: Calling submodule eap_pwd to process data
(3) eap: Sending EAP Success (code 3) ID 101 length 4
(3) eap: Freeing handler
(3) [eap] = ok
(3) } # authenticate = ok
(3) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default
(3) post-auth {
(3) update {
(3) No attributes updated
(3) } # update = noop
(3) sql: EXPAND .query
(3) sql: --> .query
(3) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (1)
(3) sql: EXPAND %{User-Name}
(3) sql: --> 5001
(3) sql: SQL-User-Name set to '5001'
(3) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(3) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '5001', '', 'Access-Accept', '2021-01-26 14:21:40')
(3) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '5001', '', 'Access-Accept', '2021-01-26 14:21:40')
(3) sql: SQL query returned: success
(3) sql: 1 record(s) updated
rlm_sql (sql): Released connection (1)
(3) [sql] = ok
(3) [exec] = noop
(3) } # post-auth = ok
(3) Sent Access-Accept Id 134 from 10.15.0.136:1812 to 10.30.156.65:37368 length 0
(3) MS-MPPE-Recv-Key = 0x54f1496249a0aeed71eebb1a9b0e0cff5a1f1992fb46553c655f308b108591cd
(3) MS-MPPE-Send-Key = 0x6fc7161e06565a9b0c1bb0d85559807aba0a65aa8accc2bec14a2fffa6835be4
(3) EAP-Message = 0x03650004
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) User-Name = "5001"
(3) Finished request
Waking up in 4.8 seconds.
More information about the Freeradius-Users
mailing list