- добавляю вывод radiusd -X при попытке аутентификации пользователзанчени if 0 Re, Kovrevskii (ok), 12:53 , 07-Дек-22 (1)
добавляю вывод radiusd -X при попытке аутентификации пользователзанчени if (0) Ready to process requests (0) Received Access-Request Id 254 from 10.8.150.118:1645 to 10.70.42.77:1645 length 178 (0) User-Name = "host/WNAMTest.stand.ru" (0) Service-Type = Framed-User (0) Framed-MTU = 1504 (0) Called-Station-Id = "00-17-E0-1C-15-87" (0) Calling-Station-Id = "00-E0-4C-31-0E-67" (0) EAP-Message = 0x0201001b01686f73742f574e414d546573742e7374616e642e7275 (0) Message-Authenticator = 0x05f0beadc58cb570784f655631e40bff (0) NAS-Port-Type = Ethernet (0) NAS-Port = 50005 (0) NAS-Port-Id = "FastEthernet0/5" (0) NAS-IP-Address = 10.8.150.118 (0) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [chap] = noop (0) [mschap] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) update control { (0) &Proxy-To-Realm := LOCAL (0) } # update control = noop (0) eap: Peer sent EAP Response (code 2) ID 1 length 27 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_peap to process data (0) eap_peap: Initiating new TLS session (0) eap_peap: [eaptls start] = request (0) eap: Sending EAP Request (code 1) ID 2 length 6 (0) eap: EAP session adding &reply:State = 0x8e1144788e135d5a (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (0) Sent Access-Challenge Id 254 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 (0) EAP-Message = 0x010200061920 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x8e1144788e135d5aaaf63b261b53a370 (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 255 from 10.8.150.118:1645 to 10.70.42.77:1645 length 373 (1) User-Name = "host/WNAMTest.stand.ru" (1) Service-Type = Framed-User (1) Framed-MTU = 1504 (1) Called-Station-Id = "00-17-E0-1C-15-87" (1) Calling-Station-Id = "00-E0-4C-31-0E-67" (1) EAP-Message = 0x020200cc1980000000c216030300bd010000b90303639061b3946a0116999001e2cec4eebcc744aa45dd6d3db2d7101612d3e71cf720813f3268239d3d77179cefc9e73f95ba89586d214ebee8e831a945798c53993a002ac02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a01000046000500050100000000000a00080006001d00170018000b00020100000d001a00180804080508060401050102010403050302030202060106030023000000170000ff01000100 (1) Message-Authenticator = 0x57980fece321d5b7e48eb9f464877726 (1) NAS-Port-Type = Ethernet (1) NAS-Port = 50005 (1) NAS-Port-Id = "FastEthernet0/5" (1) State = 0x8e1144788e135d5aaaf63b261b53a370 (1) NAS-IP-Address = 10.8.150.118 (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [chap] = noop (1) [mschap] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) update control { (1) &Proxy-To-Realm := LOCAL (1) } # update control = noop (1) eap: Peer sent EAP Response (code 2) ID 2 length 204 (1) eap: Continuing tunnel setup (1) [eap] = ok (1) } # authorize = ok (1) Found Auth-Type = eap (1) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (1) authenticate { (1) eap: Expiring EAP session with state 0x8e1144788e135d5a (1) eap: Finished EAP session with state 0x8e1144788e135d5a (1) eap: Previous EAP request found for state 0x8e1144788e135d5a, released from the list (1) eap: Peer sent packet with method EAP PEAP (25) (1) eap: Calling submodule eap_peap to process data (1) eap_peap: Continuing EAP-TLS (1) eap_peap: Peer indicated complete TLS record size will be 194 bytes (1) eap_peap: Got complete TLS record (194 bytes) (1) eap_peap: [eaptls verify] = length included (1) eap_peap: (other): before SSL initialization (1) eap_peap: TLS_accept: before SSL initialization (1) eap_peap: TLS_accept: before SSL initialization (1) eap_peap: <<< recv TLS 1.3 [length 00bd] (1) eap_peap: TLS_accept: SSLv3/TLS read client hello (1) eap_peap: >>> send TLS 1.2 [length 003d] (1) eap_peap: TLS_accept: SSLv3/TLS write server hello (1) eap_peap: >>> send TLS 1.2 [length 0903] (1) eap_peap: TLS_accept: SSLv3/TLS write certificate (1) eap_peap: >>> send TLS 1.2 [length 014d] (1) eap_peap: TLS_accept: SSLv3/TLS write key exchange (1) eap_peap: >>> send TLS 1.2 [length 0004] (1) eap_peap: TLS_accept: SSLv3/TLS write server done (1) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done (1) eap_peap: TLS - In Handshake Phase (1) eap_peap: TLS - got 2725 bytes of data (1) eap_peap: [eaptls process] = handled (1) eap: Sending EAP Request (code 1) ID 3 length 1004 (1) eap: EAP session adding &reply:State = 0x8e1144788f125d5a (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) Post-Auth-Type sub-section not found. Ignoring. (1) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (1) Sent Access-Challenge Id 255 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 (1) EAP-Message = 0x010303ec19c000000aa5160303003d02000039030316a38bcccaf0c1f7195d6060cabc048b9ea13d100d40f6852eb16cf57da470ce00c030000011ff01000100000b0004030001020017000016030309030b0008ff0008fc0003f8308203f4308202dca003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3232313132383131333435385a170d3233303132373131333435385a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d70 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0x8e1144788f125d5aaaf63b261b53a370 (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 0 from 10.8.150.118:1645 to 10.70.42.77:1645 length 175 (2) User-Name = "host/WNAMTest.stand.ru" (2) Service-Type = Framed-User (2) Framed-MTU = 1504 (2) Called-Station-Id = "00-17-E0-1C-15-87" (2) Calling-Station-Id = "00-E0-4C-31-0E-67" (2) EAP-Message = 0x020300061900 (2) Message-Authenticator = 0xaf565cd95e610e00b93fc948a081b99d (2) NAS-Port-Type = Ethernet (2) NAS-Port = 50005 (2) NAS-Port-Id = "FastEthernet0/5" (2) State = 0x8e1144788f125d5aaaf63b261b53a370 (2) NAS-IP-Address = 10.8.150.118 (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (2) authorize { (2) policy filter_username { (2) if (&User-Name) { (2) if (&User-Name) -> TRUE (2) if (&User-Name) { (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@[^@]*@/ ) { (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # if (&User-Name) = notfound (2) } # policy filter_username = notfound (2) [chap] = noop (2) [mschap] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) update control { (2) &Proxy-To-Realm := LOCAL (2) } # update control = noop (2) eap: Peer sent EAP Response (code 2) ID 3 length 6 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = eap (2) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (2) authenticate { (2) eap: Expiring EAP session with state 0x8e1144788f125d5a (2) eap: Finished EAP session with state 0x8e1144788f125d5a (2) eap: Previous EAP request found for state 0x8e1144788f125d5a, released from the list (2) eap: Peer sent packet with method EAP PEAP (25) (2) eap: Calling submodule eap_peap to process data (2) eap_peap: Continuing EAP-TLS (2) eap_peap: Peer ACKed our handshake fragment (2) eap_peap: [eaptls verify] = request (2) eap_peap: [eaptls process] = handled (2) eap: Sending EAP Request (code 1) ID 4 length 1000 (2) eap: EAP session adding &reply:State = 0x8e1144788c155d5a (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (2) Sent Access-Challenge Id 0 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 (2) EAP-Message = 0x010403e819401fc7c5152c524cb8fae1e08afa965a924975fe798689c56b5f8ae875d147afe3077ed758c2804b1fd93d89c6b215d8195c9fb13218b78495e13bea9696902858d0ac9e091331e8078a7ef13799870cb0a0b1808c75e6ae1062eefc44d51f5410a3e9f84b4ccebd0004fe308204fa308203e2a0030201020214442cc1056ca0298b32cdbbe1cbe45e7490adc2eb300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3232313132383131333435385a170d3233303132373131333435385a308193310b3009060355040613024652310f300d06035504080c0652616469 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0x8e1144788c155d5aaaf63b261b53a370 (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 1 from 10.8.150.118:1645 to 10.70.42.77:1645 length 175 (3) User-Name = "host/WNAMTest.stand.ru" (3) Service-Type = Framed-User (3) Framed-MTU = 1504 (3) Called-Station-Id = "00-17-E0-1C-15-87" (3) Calling-Station-Id = "00-E0-4C-31-0E-67" (3) EAP-Message = 0x020400061900 (3) Message-Authenticator = 0x1f56bf12588e8191c2539fa98dc4746f (3) NAS-Port-Type = Ethernet (3) NAS-Port = 50005 (3) NAS-Port-Id = "FastEthernet0/5" (3) State = 0x8e1144788c155d5aaaf63b261b53a370 (3) NAS-IP-Address = 10.8.150.118 (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (3) authorize { (3) policy filter_username { (3) if (&User-Name) { (3) if (&User-Name) -> TRUE (3) if (&User-Name) { (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@[^@]*@/ ) { (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # if (&User-Name) = notfound (3) } # policy filter_username = notfound (3) [chap] = noop (3) [mschap] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) update control { (3) &Proxy-To-Realm := LOCAL (3) } # update control = noop (3) eap: Peer sent EAP Response (code 2) ID 4 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = eap (3) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (3) authenticate { (3) eap: Expiring EAP session with state 0x8e1144788c155d5a (3) eap: Finished EAP session with state 0x8e1144788c155d5a (3) eap: Previous EAP request found for state 0x8e1144788c155d5a, released from the list (3) eap: Peer sent packet with method EAP PEAP (25) (3) eap: Calling submodule eap_peap to process data (3) eap_peap: Continuing EAP-TLS (3) eap_peap: Peer ACKed our handshake fragment (3) eap_peap: [eaptls verify] = request (3) eap_peap: [eaptls process] = handled (3) eap: Sending EAP Request (code 1) ID 5 length 743 (3) eap: EAP session adding &reply:State = 0x8e1144788d145d5a (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (3) Sent Access-Challenge Id 1 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 (3) EAP-Message = 0x010502e7190072746966696361746520417574686f726974798214442cc1056ca0298b32cdbbe1cbe45e7490adc2eb300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101000f90c9bfa58166e202db547a485080f43eeb496d974779be4682989ea1aa2ed4392ee7ba208464a95021a2d9019bdd276ad97b0d7680f9dce4db059f5d3aee20589a5787ceca5dc3f2bac77b7e21cf9b1f7242684fa62b5cd23c4c20d98bc73b3f641a8a89e77b7048f2661f46f7222b644a7a23968041c8fea3d0dea25fd658875a06e7bca59c2769deca0debe1bb9b274d90d25652b43fc2693562765604e9592757c2c624419b1226f07f0d8cb443a355c7cdaacb444e1b8a6a123c9aed7d8949e9937a404e85f6a98695cbadc77d80dcdcaf215b7eb0fd15b4de5b061208f78da50c8479cd2d4f1dfa (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0x8e1144788d145d5aaaf63b261b53a370 (3) Finished request Waking up in 4.9 seconds.
|