How to set REST Module Attribute encoding to UTF-8?
남혁준
sawd1598 at gmail.com
Tue Jun 25 17:50:26 UTC 2024
>
>
> I guess my explanation was too concise.
>
>
> The REST setup differences are as follows:
>
>
> [Specify DATA directly]
> post-auth {
> uri = "${..connect_uri}/post-auth/user/%{User-Name}"
> method = 'post'
> body = 'json'
> data = '{ "reply": "%{reply:Packet-Type}", "replyMessage":
> "%{reply:Reply-Message}", "moduleFailureMessage" :
> "%{Module-Failure-Message}", \
> "callingStationId": "%{Calling-Station-Id}", "calledStationId":
> "%{Called-Station-Id}", "eapType": "%{EAP-Type}", "nasIpAddress": "%{
> NAS-IP-Address}" }'
> tls = ${..tls}
> }
>
>
> [Receive all available properties]
> post-auth {
> uri = "${..connect_uri}/post-auth/user/%{User-Name}"
> method = 'post'
> body = 'json'
> tls = ${..tls}
> }
>
>
> In other words, the difference is whether I wrote the data or not.
>
> If I wrote data, only the properties I wrote are sent.
>
> If I did not write the Data attribute, FreeRADIUS determines the
> attributes that can be transmitted and transmits them.
>
> The problem arises when I do not write data.
>
>
> And I'll post the debug contents.
>
(0) Received Access-Request Id 123 from 175.210.165.10:58812 to
10.10.10.244:1812 length 202
(0) User-Name = "maxtest"
(0) Calling-Station-Id = "36-D7-B2-E6-FA-80"
(0) NAS-IP-Address = 175.210.165.10
(0) NAS-Port = 70
(0) Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(0) Service-Type = Framed-User
(0) Framed-MTU = 1400
(0) NAS-Port-Type = Wireless-802.11
(0) NAS-Identifier = "80-03-84-B6-D0-CC"
(0) Connect-Info = "CONNECT 802.11a/n/ac/ax"
(0) EAP-Message = 0x0200000c016d617874657374
(0) Ruckus-SSID = "radius 122"
(0) Message-Authenticator = 0x1ca4474733509d1bade6deeba47b5274
(0) # Executing section authorize from file /etc/raddb/sites-enabled/default
(0) authorize {
(0) update {
(0) EXPAND %{Packet-Src-IP-Address}
(0) --> 175.210.165.10
(0) &FreeRADIUS-Client-IP-Address := 175.210.165.10
(0) } # update = noop
(0) eap: Peer sent EAP Response (code 2) ID 0 length 12
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0) authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_peap to process data
(0) eap_peap: (TLS) Initiating new session
(0) eap: Sending EAP Request (code 1) ID 1 length 6
(0) eap: EAP session adding &reply:State = 0xe9ee35bde9ef2c47
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0) Challenge { ... } # empty sub-section is ignored
(0) session-state: Saving cached attributes
(0) Framed-MTU = 994
(0) Sent Access-Challenge Id 123 from 10.10.10.244:1812 to
175.210.165.10:58812 length 64
(0) EAP-Message = 0x010100061920
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0xe9ee35bde9ef2c4724969f3f23e5bbf8
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 124 from 175.210.165.10:58812 to
10.10.10.244:1812 length 349
(1) User-Name = "maxtest"
(1) Calling-Station-Id = "36-D7-B2-E6-FA-80"
(1) NAS-IP-Address = 175.210.165.10
(1) NAS-Port = 70
(1) Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(1) Service-Type = Framed-User
(1) Framed-MTU = 1400
(1) NAS-Port-Type = Wireless-802.11
(1) NAS-Identifier = "80-03-84-B6-D0-CC"
(1) Connect-Info = "CONNECT 802.11a/n/ac/ax"
(1) EAP-Message =
0x0201008d198000000083160301007e0100007a0303f36ed3434734cf84e960507f5f2a12403307288c67fbc1317ff274381d96fb4f00001ec02bc02fc02cc030cca9cca8c009c013c00ac014009c009d002f0035000a0100003300170000ff01000100000a00080006001d00170018000b00020100000d00140012040308040401050308050501080606010201
(1) State = 0xe9ee35bde9ef2c4724969f3f23e5bbf8
(1) Ruckus-SSID = "radius 122"
(1) Message-Authenticator = 0xeadd8fe5dd24499ba069bdc361735562
(1) Restoring &session-state
(1) &session-state:Framed-MTU = 994
(1) # Executing section authorize from file /etc/raddb/sites-enabled/default
(1) authorize {
(1) update {
(1) EXPAND %{Packet-Src-IP-Address}
(1) --> 175.210.165.10
(1) &FreeRADIUS-Client-IP-Address := 175.210.165.10
(1) } # update = noop
(1) eap: Peer sent EAP Response (code 2) ID 1 length 141
(1) eap: Continuing tunnel setup
(1) [eap] = ok
(1) } # authorize = ok
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/raddb/sites-enabled/default
(1) authenticate {
(1) eap: Expiring EAP session with state 0xe9ee35bde9ef2c47
(1) eap: Finished EAP session with state 0xe9ee35bde9ef2c47
(1) eap: Previous EAP request found for state 0xe9ee35bde9ef2c47, released
from the list
(1) eap: Peer sent packet with method EAP PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: (TLS) EAP Peer says that the final record size will be 131
bytes
(1) eap_peap: (TLS) EAP Got all data (131 bytes)
(1) eap_peap: (TLS) Handshake state - before SSL initialization
(1) eap_peap: (TLS) Handshake state - Server before SSL initialization
(1) eap_peap: (TLS) Handshake state - Server before SSL initialization
(1) eap_peap: (TLS) recv TLS 1.3 Handshake, ClientHello
(1) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read client hello
(1) eap_peap: (TLS) send TLS 1.2 Handshake, ServerHello
(1) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write server hello
(1) eap_peap: (TLS) send TLS 1.2 Handshake, Certificate
(1) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write certificate
(1) eap_peap: (TLS) send TLS 1.2 Handshake, ServerKeyExchange
(1) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write key exchange
(1) eap_peap: (TLS) send TLS 1.2 Handshake, ServerHelloDone
(1) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write server done
(1) eap_peap: (TLS) Server : Need to read more data: SSLv3/TLS write server
done
(1) eap_peap: (TLS) In Handshake Phase
(1) eap: Sending EAP Request (code 1) ID 2 length 1004
(1) eap: EAP session adding &reply:State = 0xe9ee35bde8ec2c47
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file /etc/raddb/sites-enabled/default
(1) Challenge { ... } # empty sub-section is ignored
(1) session-state: Saving cached attributes
(1) Framed-MTU = 994
(1) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(1) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(1) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(1) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerKeyExchange"
(1) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerHelloDone"
(1) Sent Access-Challenge Id 124 from 10.10.10.244:1812 to
175.210.165.10:58812 length 1068
(1) EAP-Message =
0x010203ec19c000000d21160303003d020000390303c644698754dc096274be07adaf4a72ed4f507bdfdf5b2fc06f003b82769ac8f200c02f000011ff01000100000b000403000102001700001603030b200b000b1c000b1900052d3082052930820391a003020102020101300d06092a864886f70d01010c050030818b310b3009060355040613024b52310e300c06035504080c0553656f756c3114301206035504070c0b4765756d6368656f6e677531153013060355040a0c0c52656d6f6e6e20436f72702e3123302106092a864886f70d01090116146d61782e6e616d4072656d6f6e6e2e636f2e6b72311a301806035504030c11776966692e72656d6f6e6e2e636f2e6b72301e170d3234303632343035333530395a170d3236303532353035333530395a3077310b3009060355040613024b52310e300c06035504080c0553656f756c31153013060355040a0c0c52656d6f6e6e20436f72702e311c301a06035504030c137365727665722e72656d6f6e6e2e
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0xe9ee35bde8ec2c4724969f3f23e5bbf8
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 125 from 175.210.165.10:58812 to
10.10.10.244:1812 length 214
(2) User-Name = "maxtest"
(2) Calling-Station-Id = "36-D7-B2-E6-FA-80"
(2) NAS-IP-Address = 175.210.165.10
(2) NAS-Port = 70
(2) Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(2) Service-Type = Framed-User
(2) Framed-MTU = 1400
(2) NAS-Port-Type = Wireless-802.11
(2) NAS-Identifier = "80-03-84-B6-D0-CC"
(2) Connect-Info = "CONNECT 802.11a/n/ac/ax"
(2) EAP-Message = 0x020200061900
(2) State = 0xe9ee35bde8ec2c4724969f3f23e5bbf8
(2) Ruckus-SSID = "radius 122"
(2) Message-Authenticator = 0x632e668a70c0a92180ce0f0bff737264
(2) Restoring &session-state
(2) &session-state:Framed-MTU = 994
(2) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3
Handshake, ClientHello"
(2) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHello"
(2) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, Certificate"
(2) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerKeyExchange"
(2) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHelloDone"
(2) # Executing section authorize from file /etc/raddb/sites-enabled/default
(2) authorize {
(2) update {
(2) EXPAND %{Packet-Src-IP-Address}
(2) --> 175.210.165.10
(2) &FreeRADIUS-Client-IP-Address := 175.210.165.10
(2) } # update = noop
(2) eap: Peer sent EAP Response (code 2) ID 2 length 6
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/raddb/sites-enabled/default
(2) authenticate {
(2) eap: Expiring EAP session with state 0xe9ee35bde8ec2c47
(2) eap: Finished EAP session with state 0xe9ee35bde8ec2c47
(2) eap: Previous EAP request found for state 0xe9ee35bde8ec2c47, released
from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: (TLS) Peer ACKed our handshake fragment
(2) eap: Sending EAP Request (code 1) ID 3 length 1000
(2) eap: EAP session adding &reply:State = 0xe9ee35bdebed2c47
(2) [eap] = handled
(2) } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) # Executing group from file /etc/raddb/sites-enabled/default
(2) Challenge { ... } # empty sub-section is ignored
(2) session-state: Saving cached attributes
(2) Framed-MTU = 994
(2) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(2) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(2) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(2) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerKeyExchange"
(2) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerHelloDone"
(2) Sent Access-Challenge Id 125 from 10.10.10.244:1812 to
175.210.165.10:58812 length 1064
(2) EAP-Message =
0x010303e81940bae12fcf5e6a07c9300d06092a864886f70d01010c050003820181004a914505c53f7706215a7bb8415af7107989a331d2b76fb3b0d276a999daa75b6dd9831028593d1dedd8906c02f49dc86bc2acd8752ee90315198c751e55d68220fb7b670fc92c20cb6477c05034f7746d0a393857e6050d1cf3b4e6811300ed52c2260dde2b491bf1ecb0ddaa0b306c5cdb209c6b0de917615d308fcb705100713aee1a10355f7acad73c80f8bb092389d928d7fcb338f861f3bff9c9af237e76aa15ed5713fc3013c409e20c8bb4846047342559f2ac33e9da3321742f50b83ba56b4fcc930db1008afd8bef4c35e49f0d1fd091f3609ea43d44a245c0c5f05c9de5841300db3d14150edb931d1082307b9cf2b421a9048b2c808257327de23d03e9a784bf1253c05bab835dcd1f9dd10ba1f43b8586ceab09bf34981fb0339c880500e55527bbcf5e5ce408564f574044bfa8b797a0bf2e9dab2bd61c3ea1193a95ed922f09579b2692e8d60795269fd9f17b4a
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0xe9ee35bdebed2c4724969f3f23e5bbf8
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 126 from 175.210.165.10:58812 to
10.10.10.244:1812 length 214
(3) User-Name = "maxtest"
(3) Calling-Station-Id = "36-D7-B2-E6-FA-80"
(3) NAS-IP-Address = 175.210.165.10
(3) NAS-Port = 70
(3) Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(3) Service-Type = Framed-User
(3) Framed-MTU = 1400
(3) NAS-Port-Type = Wireless-802.11
(3) NAS-Identifier = "80-03-84-B6-D0-CC"
(3) Connect-Info = "CONNECT 802.11a/n/ac/ax"
(3) EAP-Message = 0x020300061900
(3) State = 0xe9ee35bdebed2c4724969f3f23e5bbf8
(3) Ruckus-SSID = "radius 122"
(3) Message-Authenticator = 0xaea672afe929db25c5a766e7f4ea8b27
(3) Restoring &session-state
(3) &session-state:Framed-MTU = 994
(3) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3
Handshake, ClientHello"
(3) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHello"
(3) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, Certificate"
(3) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerKeyExchange"
(3) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHelloDone"
(3) # Executing section authorize from file /etc/raddb/sites-enabled/default
(3) authorize {
(3) update {
(3) EXPAND %{Packet-Src-IP-Address}
(3) --> 175.210.165.10
(3) &FreeRADIUS-Client-IP-Address := 175.210.165.10
(3) } # update = noop
(3) eap: Peer sent EAP Response (code 2) ID 3 length 6
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) } # authorize = ok
(3) Found Auth-Type = eap
(3) # Executing group from file /etc/raddb/sites-enabled/default
(3) authenticate {
(3) eap: Expiring EAP session with state 0xe9ee35bdebed2c47
(3) eap: Finished EAP session with state 0xe9ee35bdebed2c47
(3) eap: Previous EAP request found for state 0xe9ee35bdebed2c47, released
from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: (TLS) Peer ACKed our handshake fragment
(3) eap: Sending EAP Request (code 1) ID 4 length 1000
(3) eap: EAP session adding &reply:State = 0xe9ee35bdeaea2c47
(3) [eap] = handled
(3) } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) # Executing group from file /etc/raddb/sites-enabled/default
(3) Challenge { ... } # empty sub-section is ignored
(3) session-state: Saving cached attributes
(3) Framed-MTU = 994
(3) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerKeyExchange"
(3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerHelloDone"
(3) Sent Access-Challenge Id 126 from 10.10.10.244:1812 to
175.210.165.10:58812 length 1064
(3) EAP-Message =
0x010403e81940ccfc3d34bc6cb5d398ad9cb0367cd6312e01c133caf41f4569c759ff56fc28b0d914c96c60f5ed09b57e16d8beff68568db30d224ed90617a475ecda05458f644d3243e1f1db66966a9f82e63e08b4bf67970f975c61dcc475975bc916bff684ca1e22735612e2dfa630d579d4f1d77ee211930958d1b7724f7ec08ad1d5089c55995bbf01a5709af056e072340ecc2418d60f11c836ac0951cccb59b5c5d1d0d68e314a82249649647f60a9250ae6e534022e0498663794a24a5149b3b47450836f6fbf8f71c125a8b3531f0203010001a382013a30820136301d0603551d0e041604147c4402c79caed9cc885c721abae12fcf5e6a07c93081cb0603551d230481c33081c080147c4402c79caed9cc885c721abae12fcf5e6a07c9a18191a4818e30818b310b3009060355040613024b52310e300c06035504080c0553656f756c3114301206035504070c0b4765756d6368656f6e677531153013060355040a0c0c52656d6f6e6e20436f72702e3123
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0xe9ee35bdeaea2c4724969f3f23e5bbf8
(3) Finished request
Waking up in 4.9 seconds.
(4) Received Access-Request Id 127 from 175.210.165.10:58812 to
10.10.10.244:1812 length 214
(4) User-Name = "maxtest"
(4) Calling-Station-Id = "36-D7-B2-E6-FA-80"
(4) NAS-IP-Address = 175.210.165.10
(4) NAS-Port = 70
(4) Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(4) Service-Type = Framed-User
(4) Framed-MTU = 1400
(4) NAS-Port-Type = Wireless-802.11
(4) NAS-Identifier = "80-03-84-B6-D0-CC"
(4) Connect-Info = "CONNECT 802.11a/n/ac/ax"
(4) EAP-Message = 0x020400061900
(4) State = 0xe9ee35bdeaea2c4724969f3f23e5bbf8
(4) Ruckus-SSID = "radius 122"
(4) Message-Authenticator = 0x088c439c217e982b18f92b178a42f40f
(4) Restoring &session-state
(4) &session-state:Framed-MTU = 994
(4) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3
Handshake, ClientHello"
(4) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHello"
(4) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, Certificate"
(4) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerKeyExchange"
(4) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHelloDone"
(4) # Executing section authorize from file /etc/raddb/sites-enabled/default
(4) authorize {
(4) update {
(4) EXPAND %{Packet-Src-IP-Address}
(4) --> 175.210.165.10
(4) &FreeRADIUS-Client-IP-Address := 175.210.165.10
(4) } # update = noop
(4) eap: Peer sent EAP Response (code 2) ID 4 length 6
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) } # authorize = ok
(4) Found Auth-Type = eap
(4) # Executing group from file /etc/raddb/sites-enabled/default
(4) authenticate {
(4) eap: Expiring EAP session with state 0xe9ee35bdeaea2c47
(4) eap: Finished EAP session with state 0xe9ee35bdeaea2c47
(4) eap: Previous EAP request found for state 0xe9ee35bdeaea2c47, released
from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: (TLS) Peer ACKed our handshake fragment
(4) eap: Sending EAP Request (code 1) ID 5 length 385
(4) eap: EAP session adding &reply:State = 0xe9ee35bdedeb2c47
(4) [eap] = handled
(4) } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) # Executing group from file /etc/raddb/sites-enabled/default
(4) Challenge { ... } # empty sub-section is ignored
(4) session-state: Saving cached attributes
(4) Framed-MTU = 994
(4) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerKeyExchange"
(4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerHelloDone"
(4) Sent Access-Challenge Id 127 from 10.10.10.244:1812 to
175.210.165.10:58812 length 445
(4) EAP-Message =
0x0105018119007ab009cc2f82047edd6bc5f8bce07f735d00a6f5a247bec4bae5f4bff95f3f58eb421dc6b46685f212f223768a12fa490ac20dc34526036bc7bf94f8d7b24d8dba118d35396d86c7461f97fc322d5ff7e2664cc6fa653ff868d67989be48fe38f03acfd1821e665d4d5f286ad53ee0f3ddecdc0e4afa6a7ab38a7605ef402ca16ae484b382c450fc904719e1039370c26a4370a4db9d84b7e444118c8f41b3b929375a028d18b15c8bd5c8c83036674699b3ba26a695a0853d7a1e329db6d77990d01d617602eb36d67316f4e5281a63849efc018610878ad336aa5ef11bf54bfde650818a0385e2c7ceee09d0e9b957b6e44478bbd52762206bba9ad126343dab03952d419abba4ccab6777582bd316fd93c59c23fb8ab2fdd2458aa162240a6a7d13a6ec9d83c67a3751bf76eece7dbe8d80e973e003580f01d26b0058f3a10cd7c172f13ffa09140c70c3d565d6e44fb4f75aa7878c167d7b8bea6acbed278c899daef5f30612e4724bb91d3e3ba491
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0xe9ee35bdedeb2c4724969f3f23e5bbf8
(4) Finished request
Waking up in 4.9 seconds.
(5) Received Access-Request Id 128 from 175.210.165.10:58812 to
10.10.10.244:1812 length 311
(5) User-Name = "maxtest"
(5) Calling-Station-Id = "36-D7-B2-E6-FA-80"
(5) NAS-IP-Address = 175.210.165.10
(5) NAS-Port = 70
(5) Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(5) Service-Type = Framed-User
(5) Framed-MTU = 1400
(5) NAS-Port-Type = Wireless-802.11
(5) NAS-Identifier = "80-03-84-B6-D0-CC"
(5) Connect-Info = "CONNECT 802.11a/n/ac/ax"
(5) EAP-Message =
0x0205006719800000005d16030300251000002120a37aa82754f3a510d9b591316fea831b8696c7b6bea7e22dbcca4e43e79c482314030300010116030300280000000000000000035649145112eae371253c5b12af493b3bff2f2cdcbaff3359bd8f4bf65a48f8
(5) State = 0xe9ee35bdedeb2c4724969f3f23e5bbf8
(5) Ruckus-SSID = "radius 122"
(5) Message-Authenticator = 0xdff61e1b111c15e93373974754818b58
(5) Restoring &session-state
(5) &session-state:Framed-MTU = 994
(5) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3
Handshake, ClientHello"
(5) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHello"
(5) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, Certificate"
(5) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerKeyExchange"
(5) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHelloDone"
(5) # Executing section authorize from file /etc/raddb/sites-enabled/default
(5) authorize {
(5) update {
(5) EXPAND %{Packet-Src-IP-Address}
(5) --> 175.210.165.10
(5) &FreeRADIUS-Client-IP-Address := 175.210.165.10
(5) } # update = noop
(5) eap: Peer sent EAP Response (code 2) ID 5 length 103
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /etc/raddb/sites-enabled/default
(5) authenticate {
(5) eap: Expiring EAP session with state 0xe9ee35bdedeb2c47
(5) eap: Finished EAP session with state 0xe9ee35bdedeb2c47
(5) eap: Previous EAP request found for state 0xe9ee35bdedeb2c47, released
from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: (TLS) EAP Peer says that the final record size will be 93
bytes
(5) eap_peap: (TLS) EAP Got all data (93 bytes)
(5) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write server done
(5) eap_peap: (TLS) recv TLS 1.2 Handshake, ClientKeyExchange
(5) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read client key
exchange
(5) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read change cipher
spec
(5) eap_peap: (TLS) recv TLS 1.2 Handshake, Finished
(5) eap_peap: (TLS) Handshake state - Server SSLv3/TLS read finished
(5) eap_peap: (TLS) send TLS 1.2 ChangeCipherSpec
(5) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write change cipher
spec
(5) eap_peap: (TLS) send TLS 1.2 Handshake, Finished
(5) eap_peap: (TLS) Handshake state - Server SSLv3/TLS write finished
(5) eap_peap: (TLS) Handshake state - SSL negotiation finished successfully
(5) eap_peap: (TLS) Connection Established
(5) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(5) eap_peap: TLS-Session-Version = "TLS 1.2"
(5) eap: Sending EAP Request (code 1) ID 6 length 57
(5) eap: EAP session adding &reply:State = 0xe9ee35bdece82c47
(5) [eap] = handled
(5) } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) # Executing group from file /etc/raddb/sites-enabled/default
(5) Challenge { ... } # empty sub-section is ignored
(5) session-state: Saving cached attributes
(5) Framed-MTU = 994
(5) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(5) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(5) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(5) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerKeyExchange"
(5) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerHelloDone"
(5) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake,
ClientKeyExchange"
(5) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
(5) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
(5) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
(5) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(5) TLS-Session-Version = "TLS 1.2"
(5) Sent Access-Challenge Id 128 from 10.10.10.244:1812 to
175.210.165.10:58812 length 115
(5) EAP-Message =
0x01060039190014030300010116030300285290e8c0f157684af3d9a69252b6d7cf4a3f0df22b82c75fd27385fade3f58e2c4ae76df3c4afd6a
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0xe9ee35bdece82c4724969f3f23e5bbf8
(5) Finished request
Waking up in 4.9 seconds.
(6) Received Access-Request Id 129 from 175.210.165.10:58812 to
10.10.10.244:1812 length 214
(6) User-Name = "maxtest"
(6) Calling-Station-Id = "36-D7-B2-E6-FA-80"
(6) NAS-IP-Address = 175.210.165.10
(6) NAS-Port = 70
(6) Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(6) Service-Type = Framed-User
(6) Framed-MTU = 1400
(6) NAS-Port-Type = Wireless-802.11
(6) NAS-Identifier = "80-03-84-B6-D0-CC"
(6) Connect-Info = "CONNECT 802.11a/n/ac/ax"
(6) EAP-Message = 0x020600061900
(6) State = 0xe9ee35bdece82c4724969f3f23e5bbf8
(6) Ruckus-SSID = "radius 122"
(6) Message-Authenticator = 0xf5e0141eb1e4c29513685b827e383d0e
(6) Restoring &session-state
(6) &session-state:Framed-MTU = 994
(6) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3
Handshake, ClientHello"
(6) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHello"
(6) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, Certificate"
(6) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerKeyExchange"
(6) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHelloDone"
(6) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2
Handshake, ClientKeyExchange"
(6) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2
Handshake, Finished"
(6) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
ChangeCipherSpec"
(6) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, Finished"
(6) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(6) &session-state:TLS-Session-Version = "TLS 1.2"
(6) # Executing section authorize from file /etc/raddb/sites-enabled/default
(6) authorize {
(6) update {
(6) EXPAND %{Packet-Src-IP-Address}
(6) --> 175.210.165.10
(6) &FreeRADIUS-Client-IP-Address := 175.210.165.10
(6) } # update = noop
(6) eap: Peer sent EAP Response (code 2) ID 6 length 6
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) } # authorize = ok
(6) Found Auth-Type = eap
(6) # Executing group from file /etc/raddb/sites-enabled/default
(6) authenticate {
(6) eap: Expiring EAP session with state 0xe9ee35bdece82c47
(6) eap: Finished EAP session with state 0xe9ee35bdece82c47
(6) eap: Previous EAP request found for state 0xe9ee35bdece82c47, released
from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: (TLS) Peer ACKed our handshake fragment. handshake is
finished
(6) eap_peap: Session established. Decoding tunneled attributes
(6) eap_peap: PEAP state TUNNEL ESTABLISHED
(6) eap: Sending EAP Request (code 1) ID 7 length 40
(6) eap: EAP session adding &reply:State = 0xe9ee35bdefe92c47
(6) [eap] = handled
(6) } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) # Executing group from file /etc/raddb/sites-enabled/default
(6) Challenge { ... } # empty sub-section is ignored
(6) session-state: Saving cached attributes
(6) Framed-MTU = 994
(6) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(6) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(6) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(6) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerKeyExchange"
(6) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerHelloDone"
(6) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake,
ClientKeyExchange"
(6) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
(6) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
(6) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
(6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(6) TLS-Session-Version = "TLS 1.2"
(6) Sent Access-Challenge Id 129 from 10.10.10.244:1812 to
175.210.165.10:58812 length 98
(6) EAP-Message =
0x010700281900170303001d5290e8c0f157684b6c2f43c8330fec371ce68d3fb0f73b851fea9017d1
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0xe9ee35bdefe92c4724969f3f23e5bbf8
(6) Finished request
Waking up in 4.8 seconds.
(7) Received Access-Request Id 130 from 175.210.165.10:58812 to
10.10.10.244:1812 length 251
(7) User-Name = "maxtest"
(7) Calling-Station-Id = "36-D7-B2-E6-FA-80"
(7) NAS-IP-Address = 175.210.165.10
(7) NAS-Port = 70
(7) Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(7) Service-Type = Framed-User
(7) Framed-MTU = 1400
(7) NAS-Port-Type = Wireless-802.11
(7) NAS-Identifier = "80-03-84-B6-D0-CC"
(7) Connect-Info = "CONNECT 802.11a/n/ac/ax"
(7) EAP-Message =
0x0207002b190017030300200000000000000001457892eb08520bdb2f0f9cd353de0561046f1c4a0adeccf4
(7) State = 0xe9ee35bdefe92c4724969f3f23e5bbf8
(7) Ruckus-SSID = "radius 122"
(7) Message-Authenticator = 0x7896ecf53384ed69b7a774afe45f1f88
(7) Restoring &session-state
(7) &session-state:Framed-MTU = 994
(7) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3
Handshake, ClientHello"
(7) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHello"
(7) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, Certificate"
(7) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHelloDone"
(7) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2
Handshake, ClientKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2
Handshake, Finished"
(7) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
ChangeCipherSpec"
(7) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, Finished"
(7) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(7) &session-state:TLS-Session-Version = "TLS 1.2"
(7) # Executing section authorize from file /etc/raddb/sites-enabled/default
(7) authorize {
(7) update {
(7) EXPAND %{Packet-Src-IP-Address}
(7) --> 175.210.165.10
(7) &FreeRADIUS-Client-IP-Address := 175.210.165.10
(7) } # update = noop
(7) eap: Peer sent EAP Response (code 2) ID 7 length 43
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file /etc/raddb/sites-enabled/default
(7) authenticate {
(7) eap: Expiring EAP session with state 0xe9ee35bdefe92c47
(7) eap: Finished EAP session with state 0xe9ee35bdefe92c47
(7) eap: Previous EAP request found for state 0xe9ee35bdefe92c47, released
from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: (TLS) EAP Done initial handshake
(7) eap_peap: Session established. Decoding tunneled attributes
(7) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(7) eap_peap: Identity - maxtest
(7) eap_peap: Got inner identity 'maxtest'
(7) eap_peap: Setting default EAP type for tunneled EAP session
(7) eap_peap: Got tunneled request
(7) eap_peap: EAP-Message = 0x0207000c016d617874657374
(7) eap_peap: Setting User-Name to maxtest
(7) eap_peap: Sending tunneled request to inner-tunnel
(7) eap_peap: EAP-Message = 0x0207000c016d617874657374
(7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(7) eap_peap: User-Name = "maxtest"
(7) eap_peap: Calling-Station-Id = "36-D7-B2-E6-FA-80"
(7) eap_peap: NAS-IP-Address = 175.210.165.10
(7) eap_peap: NAS-Port = 70
(7) eap_peap: Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(7) eap_peap: Service-Type = Framed-User
(7) eap_peap: Framed-MTU = 1400
(7) eap_peap: NAS-Port-Type = Wireless-802.11
(7) eap_peap: NAS-Identifier = "80-03-84-B6-D0-CC"
(7) eap_peap: Connect-Info = "CONNECT 802.11a/n/ac/ax"
(7) eap_peap: Ruckus-SSID = "radius 122"
(7) Virtual server inner-tunnel received request
(7) EAP-Message = 0x0207000c016d617874657374
(7) FreeRADIUS-Proxied-To = 127.0.0.1
(7) User-Name = "maxtest"
(7) Calling-Station-Id = "36-D7-B2-E6-FA-80"
(7) NAS-IP-Address = 175.210.165.10
(7) NAS-Port = 70
(7) Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(7) Service-Type = Framed-User
(7) Framed-MTU = 1400
(7) NAS-Port-Type = Wireless-802.11
(7) NAS-Identifier = "80-03-84-B6-D0-CC"
(7) Connect-Info = "CONNECT 802.11a/n/ac/ax"
(7) Ruckus-SSID = "radius 122"
(7) WARNING: Outer and inner identities are the same. User privacy is
compromised.
(7) server inner-tunnel {
(7) # Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
(7) authorize {
(7) update control {
(7) MS-CHAP-Use-NTLM-Auth := No
(7) } # update control = noop
(7) inner-eap: Peer sent EAP Response (code 2) ID 7 length 12
(7) inner-eap: EAP-Identity reply, returning 'ok' so we can short-circuit
the rest of authorize
(7) [inner-eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = inner-eap
(7) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(7) authenticate {
(7) inner-eap: Peer sent packet with method EAP Identity (1)
(7) inner-eap: Calling submodule eap_mschapv2 to process data
(7) eap_mschapv2: Issuing Challenge
(7) inner-eap: Sending EAP Request (code 1) ID 8 length 43
(7) inner-eap: EAP session adding &reply:State = 0xbd5639b8bd5e2319
(7) [inner-eap] = handled
(7) } # authenticate = handled
(7) } # server inner-tunnel
(7) Virtual server sending reply
(7) EAP-Message =
0x0108002b1a01080026100076da58077d6ab5ad7b0006d56842df667265657261646975732d332e302e3236
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0xbd5639b8bd5e2319a409320f2fa8aa30
(7) eap_peap: Got tunneled reply code 11
(7) eap_peap: EAP-Message =
0x0108002b1a01080026100076da58077d6ab5ad7b0006d56842df667265657261646975732d332e302e3236
(7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(7) eap_peap: State = 0xbd5639b8bd5e2319a409320f2fa8aa30
(7) eap_peap: Got tunneled reply RADIUS code 11
(7) eap_peap: EAP-Message =
0x0108002b1a01080026100076da58077d6ab5ad7b0006d56842df667265657261646975732d332e302e3236
(7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(7) eap_peap: State = 0xbd5639b8bd5e2319a409320f2fa8aa30
(7) eap_peap: Got tunneled Access-Challenge
(7) eap: Sending EAP Request (code 1) ID 8 length 74
(7) eap: EAP session adding &reply:State = 0xe9ee35bdeee62c47
(7) [eap] = handled
(7) } # authenticate = handled
(7) Using Post-Auth-Type Challenge
(7) # Executing group from file /etc/raddb/sites-enabled/default
(7) Challenge { ... } # empty sub-section is ignored
(7) session-state: Saving cached attributes
(7) Framed-MTU = 994
(7) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerKeyExchange"
(7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerHelloDone"
(7) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake,
ClientKeyExchange"
(7) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
(7) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
(7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
(7) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(7) TLS-Session-Version = "TLS 1.2"
(7) Sent Access-Challenge Id 130 from 10.10.10.244:1812 to
175.210.165.10:58812 length 132
(7) EAP-Message =
0x0108004a1900170303003f5290e8c0f157684c4a7ff8c090644026536cf43b19f450ecb9ff15cac7fed24da204bb55c5e7f6a0fbefe4c9b5c1d0926c7410f9ec3cfde52bbda921ffd4b2
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0xe9ee35bdeee62c4724969f3f23e5bbf8
(7) Finished request
Waking up in 4.8 seconds.
(8) Received Access-Request Id 131 from 175.210.165.10:58812 to
10.10.10.244:1812 length 305
(8) User-Name = "maxtest"
(8) Calling-Station-Id = "36-D7-B2-E6-FA-80"
(8) NAS-IP-Address = 175.210.165.10
(8) NAS-Port = 70
(8) Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(8) Service-Type = Framed-User
(8) Framed-MTU = 1400
(8) NAS-Port-Type = Wireless-802.11
(8) NAS-Identifier = "80-03-84-B6-D0-CC"
(8) Connect-Info = "CONNECT 802.11a/n/ac/ax"
(8) EAP-Message =
0x020800611900170303005600000000000000029ee99cc794c6d78d75324f1882a9679ee99e2e85b17a28b03b8cf5d4e4e3bd5d33c2222d69d0fef714faaab622e59d990bb5a9e9c4b2ade34203f8cc65612d4a2a67d3ea5e7fd05a02d48d6c0660
(8) State = 0xe9ee35bdeee62c4724969f3f23e5bbf8
(8) Ruckus-SSID = "radius 122"
(8) Message-Authenticator = 0xb12259c3a791c097d20cad0005e88e77
(8) Restoring &session-state
(8) &session-state:Framed-MTU = 994
(8) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3
Handshake, ClientHello"
(8) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHello"
(8) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, Certificate"
(8) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHelloDone"
(8) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2
Handshake, ClientKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2
Handshake, Finished"
(8) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
ChangeCipherSpec"
(8) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, Finished"
(8) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(8) &session-state:TLS-Session-Version = "TLS 1.2"
(8) # Executing section authorize from file /etc/raddb/sites-enabled/default
(8) authorize {
(8) update {
(8) EXPAND %{Packet-Src-IP-Address}
(8) --> 175.210.165.10
(8) &FreeRADIUS-Client-IP-Address := 175.210.165.10
(8) } # update = noop
(8) eap: Peer sent EAP Response (code 2) ID 8 length 97
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) } # authorize = ok
(8) Found Auth-Type = eap
(8) # Executing group from file /etc/raddb/sites-enabled/default
(8) authenticate {
(8) eap: Expiring EAP session with state 0xe9ee35bdeee62c47
(8) eap: Finished EAP session with state 0xe9ee35bdeee62c47
(8) eap: Previous EAP request found for state 0xe9ee35bdeee62c47, released
from the list
(8) eap: Peer sent packet with method EAP PEAP (25)
(8) eap: Calling submodule eap_peap to process data
(8) eap_peap: (TLS) EAP Done initial handshake
(8) eap_peap: Session established. Decoding tunneled attributes
(8) eap_peap: PEAP state phase2
(8) eap_peap: EAP method MSCHAPv2 (26)
(8) eap_peap: Got tunneled request
(8) eap_peap: EAP-Message =
0x020800421a0208003d318512314bf596c78b3371fdcf42de822a000000000000000082cf20b5df37ed30fcdd0b29d19d76a2bbc2b0536639a7a2006d617874657374
(8) eap_peap: Setting User-Name to maxtest
(8) eap_peap: Sending tunneled request to inner-tunnel
(8) eap_peap: EAP-Message =
0x020800421a0208003d318512314bf596c78b3371fdcf42de822a000000000000000082cf20b5df37ed30fcdd0b29d19d76a2bbc2b0536639a7a2006d617874657374
(8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(8) eap_peap: User-Name = "maxtest"
(8) eap_peap: State = 0xbd5639b8bd5e2319a409320f2fa8aa30
(8) eap_peap: Calling-Station-Id = "36-D7-B2-E6-FA-80"
(8) eap_peap: NAS-IP-Address = 175.210.165.10
(8) eap_peap: NAS-Port = 70
(8) eap_peap: Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(8) eap_peap: Service-Type = Framed-User
(8) eap_peap: Framed-MTU = 1400
(8) eap_peap: NAS-Port-Type = Wireless-802.11
(8) eap_peap: NAS-Identifier = "80-03-84-B6-D0-CC"
(8) eap_peap: Connect-Info = "CONNECT 802.11a/n/ac/ax"
(8) eap_peap: Ruckus-SSID = "radius 122"
(8) Virtual server inner-tunnel received request
(8) EAP-Message =
0x020800421a0208003d318512314bf596c78b3371fdcf42de822a000000000000000082cf20b5df37ed30fcdd0b29d19d76a2bbc2b0536639a7a2006d617874657374
(8) FreeRADIUS-Proxied-To = 127.0.0.1
(8) User-Name = "maxtest"
(8) State = 0xbd5639b8bd5e2319a409320f2fa8aa30
(8) Calling-Station-Id = "36-D7-B2-E6-FA-80"
(8) NAS-IP-Address = 175.210.165.10
(8) NAS-Port = 70
(8) Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(8) Service-Type = Framed-User
(8) Framed-MTU = 1400
(8) NAS-Port-Type = Wireless-802.11
(8) NAS-Identifier = "80-03-84-B6-D0-CC"
(8) Connect-Info = "CONNECT 802.11a/n/ac/ax"
(8) Ruckus-SSID = "radius 122"
(8) WARNING: Outer and inner identities are the same. User privacy is
compromised.
(8) server inner-tunnel {
(8) session-state: No cached attributes
(8) # Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
(8) authorize {
(8) update control {
(8) MS-CHAP-Use-NTLM-Auth := No
(8) } # update control = noop
(8) inner-eap: Peer sent EAP Response (code 2) ID 8 length 66
(8) inner-eap: No EAP Start, assuming it's an on-going EAP conversation
(8) [inner-eap] = updated
(8) if (!&outer.session-state:Done-Rest) {
(8) if (!&outer.session-state:Done-Rest) -> TRUE
(8) if (!&outer.session-state:Done-Rest) {
rlm_rest (rest): Reserved connection (0)
(8) rest: Expanding URI components
(8) rest: EXPAND http://220.79.39.2:9012
(8) rest: --> http://220.79.39.2:9012
(8) rest: EXPAND /auth/user/%{User-Name}
(8) rest: --> /auth/user/maxtest
(8) rest: Sending HTTP POST to "http://220.79.39.2:9012/auth/user/maxtest"
(8) rest: Encoding attribute "User-Name"
(8) rest: Encoding attribute "NAS-IP-Address"
(8) rest: Encoding attribute "NAS-Port"
(8) rest: Encoding attribute "Service-Type"
(8) rest: Encoding attribute "Framed-MTU"
(8) rest: Encoding attribute "State"
(8) rest: Encoding attribute "Called-Station-Id"
(8) rest: Encoding attribute "Calling-Station-Id"
(8) rest: Encoding attribute "NAS-Identifier"
(8) rest: Encoding attribute "NAS-Port-Type"
(8) rest: Encoding attribute "Connect-Info"
(8) rest: Encoding attribute "EAP-Message"
(8) rest: Encoding attribute "FreeRADIUS-Proxied-To"
(8) rest: Encoding attribute "Ruckus-SSID"
(8) rest: Encoding attribute "EAP-Type"
(8) rest: Returning 1018 bytes of JSON data (buffer full or chunk exceeded)
(8) rest: Processing response header
(8) rest: Status : 401 ()
(8) rest: Type : json (application/json)
(8) rest: Adding reply:REST-HTTP-Status-Code = "401"
(8) rest: Parsing attribute "request:Module-Failure-Message"
(8) rest: EXPAND rest: SSID 인증 실패 (CODE: FORBIDDEN_BY_SSID)
(8) rest: --> rest: SSID 인증 실패 (CODE: FORBIDDEN_BY_SSID)
(8) rest: Module-Failure-Message := "rest: SSID 인증 실패 (CODE:
FORBIDDEN_BY_SSID)"
(8) rest: Parsing attribute "request:Decide-SSID"
(8) rest: EXPAND radius 122
(8) rest: --> radius 122
(8) rest: Decide-SSID := "radius 122"
rlm_rest (rest): Released connection (0)
Need more connections to reach 10 spares
rlm_rest (rest): Opening additional connection (5), 1 of 27 pending slots
used
rlm_rest (rest): Connecting to "http://220.79.39.2:9012"
(8) [rest] = reject
(8) } # if (!&outer.session-state:Done-Rest) = reject
(8) } # authorize = reject
(8) Using Post-Auth-Type Reject
(8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(8) Post-Auth-Type REJECT {
(8) update outer.session-state {
(8) &Module-Failure-Message := &request:Module-Failure-Message ->
'rest: SSID 인증 실패 (CODE: FORBIDDEN_BY_SSID)'
(8) &Decide-SSID := &request:Decide-SSID -> 'radius 122'
(8) } # update outer.session-state = noop
(8) } # Post-Auth-Type REJECT = noop
(8) } # server inner-tunnel
(8) Virtual server sending reply
(8) REST-HTTP-Status-Code := 401
(8) eap_peap: Got tunneled reply code 3
(8) eap_peap: REST-HTTP-Status-Code := 401
(8) eap_peap: Got tunneled reply RADIUS code 3
(8) eap_peap: REST-HTTP-Status-Code := 401
(8) eap_peap: Tunneled authentication was rejected
(8) eap_peap: FAILURE
(8) eap: Sending EAP Request (code 1) ID 9 length 46
(8) eap: EAP session adding &reply:State = 0xe9ee35bde1e72c47
(8) [eap] = handled
(8) } # authenticate = handled
(8) Using Post-Auth-Type Challenge
(8) # Executing group from file /etc/raddb/sites-enabled/default
(8) Challenge { ... } # empty sub-section is ignored
(8) session-state: Saving cached attributes
(8) Framed-MTU = 994
(8) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(8) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(8) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(8) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerKeyExchange"
(8) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake,
ServerHelloDone"
(8) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake,
ClientKeyExchange"
(8) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
(8) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
(8) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
(8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(8) TLS-Session-Version = "TLS 1.2"
(8) Module-Failure-Message := "rest: SSID 인증 실패 (CODE: FORBIDDEN_BY_SSID)"
(8) Decide-SSID := "radius 122"
(8) Sent Access-Challenge Id 131 from 10.10.10.244:1812 to
175.210.165.10:58812 length 104
(8) EAP-Message =
0x0109002e190017030300235290e8c0f157684dd641a2f7b054f38f9b4bd54c391520973f218d63a24a015fe89216
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0xe9ee35bde1e72c4724969f3f23e5bbf8
(8) Finished request
Waking up in 4.8 seconds.
(9) Received Access-Request Id 132 from 175.210.165.10:58812 to
10.10.10.244:1812 length 254
(9) User-Name = "maxtest"
(9) Calling-Station-Id = "36-D7-B2-E6-FA-80"
(9) NAS-IP-Address = 175.210.165.10
(9) NAS-Port = 70
(9) Called-Station-Id = "80-03-84-B6-D0-CC:radius 122"
(9) Service-Type = Framed-User
(9) Framed-MTU = 1400
(9) NAS-Port-Type = Wireless-802.11
(9) NAS-Identifier = "80-03-84-B6-D0-CC"
(9) Connect-Info = "CONNECT 802.11a/n/ac/ax"
(9) EAP-Message =
0x0209002e19001703030023000000000000000379d9811e080749f7bcaf72336546ca9088de34bd80700f45219b4c
(9) State = 0xe9ee35bde1e72c4724969f3f23e5bbf8
(9) Ruckus-SSID = "radius 122"
(9) Message-Authenticator = 0x0016110877745695ed87613b85650aaf
(9) Restoring &session-state
(9) &session-state:Framed-MTU = 994
(9) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.3
Handshake, ClientHello"
(9) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHello"
(9) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, Certificate"
(9) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, ServerHelloDone"
(9) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2
Handshake, ClientKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) recv TLS 1.2
Handshake, Finished"
(9) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
ChangeCipherSpec"
(9) &session-state:TLS-Session-Information = "(TLS) send TLS 1.2
Handshake, Finished"
(9) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(9) &session-state:TLS-Session-Version = "TLS 1.2"
(9) &session-state:Module-Failure-Message := "rest: SSID 인증 실패 (CODE:
FORBIDDEN_BY_SSID)"
(9) &session-state:Decide-SSID := "radius 122"
(9) # Executing section authorize from file /etc/raddb/sites-enabled/default
(9) authorize {
(9) update {
(9) EXPAND %{Packet-Src-IP-Address}
(9) --> 175.210.165.10
(9) &FreeRADIUS-Client-IP-Address := 175.210.165.10
(9) } # update = noop
(9) eap: Peer sent EAP Response (code 2) ID 9 length 46
(9) eap: Continuing tunnel setup
(9) [eap] = ok
(9) } # authorize = ok
(9) Found Auth-Type = eap
(9) # Executing group from file /etc/raddb/sites-enabled/default
(9) authenticate {
(9) eap: Expiring EAP session with state 0xe9ee35bde1e72c47
(9) eap: Finished EAP session with state 0xe9ee35bde1e72c47
(9) eap: Previous EAP request found for state 0xe9ee35bde1e72c47, released
from the list
(9) eap: Peer sent packet with method EAP PEAP (25)
(9) eap: Calling submodule eap_peap to process data
(9) eap_peap: (TLS) EAP Done initial handshake
(9) eap_peap: Session established. Decoding tunneled attributes
(9) eap_peap: PEAP state send tlv failure
(9) eap_peap: Received EAP-TLV response
(9) eap_peap: ERROR: The users session was previously rejected: returning
reject (again.)
(9) eap_peap: This means you need to read the PREVIOUS messages in the
debug output
(9) eap_peap: to find out the reason why the user was rejected
(9) eap_peap: Look for "reject" or "fail". Those earlier messages will
tell you
(9) eap_peap: what went wrong, and how to fix the problem
(9) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module
failed
(9) eap: Sending EAP Failure (code 4) ID 9 length 4
(9) eap: Failed in EAP select
(9) [eap] = invalid
(9) } # authenticate = invalid
(9) Failed to authenticate the user
(9) Using Post-Auth-Type Reject
(9) # Executing group from file /etc/raddb/sites-enabled/default
(9) Post-Auth-Type REJECT {
(9) update {
(9) EXPAND %{reply:Packet-Type}
(9) --> Access-Reject
(9) &Packet-Type := Access-Reject
(9) &Decide-SSID := &session-state:Decide-SSID -> 'radius 122'
(9) } # update = noop
(9) if (session-state:Module-Failure-Message) {
(9) if (session-state:Module-Failure-Message) -> TRUE
(9) if (session-state:Module-Failure-Message) {
(9) update {
(9) &Module-Failure-Message :=
&session-state:Module-Failure-Message -> 'rest: SSID 인증 실패 (CODE:
FORBIDDEN_BY_SSID)'
(9) } # update = noop
(9) } # if (session-state:Module-Failure-Message) = noop
(9) attr_filter.access_reject: EXPAND %{User-Name}
(9) attr_filter.access_reject: --> maxtest
(9) attr_filter.access_reject: Matched entry DEFAULT at line 11
(9) [attr_filter.access_reject] = updated
rlm_rest (rest): Reserved connection (1)
(9) rest: Expanding URI components
(9) rest: EXPAND http://220.79.39.2:9012
(9) rest: --> http://220.79.39.2:9012
(9) rest: EXPAND /post-auth/user/%{User-Name}
(9) rest: --> /post-auth/user/maxtest
(9) rest: Sending HTTP POST to "
http://220.79.39.2:9012/post-auth/user/maxtest"
(9) rest: Encoding attribute "User-Name"
(9) rest: Encoding attribute "NAS-IP-Address"
(9) rest: Encoding attribute "NAS-Port"
(9) rest: Encoding attribute "Service-Type"
(9) rest: Encoding attribute "Framed-MTU"
(9) rest: Encoding attribute "State"
(9) rest: Encoding attribute "Called-Station-Id"
(9) rest: Encoding attribute "Calling-Station-Id"
(9) rest: Encoding attribute "NAS-Identifier"
(9) rest: Encoding attribute "NAS-Port-Type"
(9) rest: Encoding attribute "Connect-Info"
(9) rest: Encoding attribute "EAP-Message"
(9) rest: Encoding attribute "Message-Authenticator"
(9) rest: Encoding attribute "Ruckus-SSID"
(9) rest: Encoding attribute "EAP-Type"
(9) rest: Encoding attribute "Packet-Type"
(9) rest: Encoding attribute "Module-Failure-Message"
(9) rest: Encoding attribute "FreeRADIUS-Client-IP-Address"
(9) rest: Encoding attribute "Decide-SSID"
(9) rest: Processing response header
(9) rest: Status : 204 ()
(9) rest: Adding reply:REST-HTTP-Status-Code = "204"
rlm_rest (rest): Released connection (1)
(9) [rest] = ok
(9) } # Post-Auth-Type REJECT = updated
(9) Delaying response for 1.000000 seconds
Waking up in 0.2 seconds.
Waking up in 0.7 seconds.
(9) Sending delayed response
(9) Sent Access-Reject Id 132 from 10.10.10.244:1812 to 175.210.165.10:58812
length 44
(9) EAP-Message = 0x04090004
(9) Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.7 seconds.
(0) Cleaning up request packet ID 123 with timestamp +2 due to
cleanup_delay was reached
(1) Cleaning up request packet ID 124 with timestamp +2 due to
cleanup_delay was reached
(2) Cleaning up request packet ID 125 with timestamp +2 due to
cleanup_delay was reached
(3) Cleaning up request packet ID 126 with timestamp +2 due to
cleanup_delay was reached
(4) Cleaning up request packet ID 127 with timestamp +2 due to
cleanup_delay was reached
(5) Cleaning up request packet ID 128 with timestamp +2 due to
cleanup_delay was reached
(6) Cleaning up request packet ID 129 with timestamp +2 due to
cleanup_delay was reached
(7) Cleaning up request packet ID 130 with timestamp +2 due to
cleanup_delay was reached
(8) Cleaning up request packet ID 131 with timestamp +2 due to
cleanup_delay was reached
(9) Cleaning up request packet ID 132 with timestamp +2 due to
cleanup_delay was reached
Ready to process requests
The debug content above is the debug content for “a situation in which I
did not write a Data field.”
(9) &Module-Failure-Message := &session-state:Module-Failure-Message ->
'rest: SSID authentication failed (CODE: FORBIDDEN_BY_SSID)'
With this part,
(9) rest: Encoding attribute "Module-Failure-Message"
This part is key.
Korean is displayed correctly in the log.
However, the REST module is called after going through the Encoding
attribute, and then a broken string arrives at my REST server.
I am guessing that this part is converted to ISO-8859-1 encoding.
This is because if you decompose this broken string into ISO-8859-1 byte
format and then assemble it into UTF-8 format, the correct string will
appear.
If I specify "Module-Failure-Message" directly in the Data item of the Rest
module, the "Encoding attribute" is not visible.
And my Rest server also receives it correctly.
This is a problem that only occurs when “Encoding attribute” is enabled.
[image: image.png]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 17885 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20240626/b1a200c7/attachment-0001.png>
More information about the Freeradius-Users
mailing list