forum.opennet.ru

Составление сообщения

Исходное сообщение

"freeradius dot1x dynamic vlan assignment"
Отправлено Kovrevskii, 07-Дек-22 12:53

добавляю вывод radiusd -X при попытке аутентификации пользовател
занчени if (0)

Ready to process requests
(0) Received Access-Request Id 254 from 10.8.150.118:1645 to 10.70.42.77:1645 length 178
(0)   User-Name = "host/WNAMTest.stand.ru"
(0)   Service-Type = Framed-User
(0)   Framed-MTU = 1504
(0)   Called-Station-Id = "00-17-E0-1C-15-87"
(0)   Calling-Station-Id = "00-E0-4C-31-0E-67"
(0)   EAP-Message = 0x0201001b01686f73742f574e414d546573742e7374616e642e7275
(0)   Message-Authenticator = 0x05f0beadc58cb570784f655631e40bff
(0)   NAS-Port-Type = Ethernet
(0)   NAS-Port = 50005
(0)   NAS-Port-Id = "FastEthernet0/5"
(0)   NAS-IP-Address = 10.8.150.118
(0) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
(0)   authorize {
(0)     policy filter_username {
(0)       if (&User-Name) {
(0)       if (&User-Name)  -> TRUE
(0)       if (&User-Name)  {
(0)         if (&User-Name =~ / /) {
(0)         if (&User-Name =~ / /)  -> FALSE
(0)         if (&User-Name =~ /@[^@]*@/ ) {
(0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(0)         if (&User-Name =~ /\.\./ ) {
(0)         if (&User-Name =~ /\.\./ )  -> FALSE
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(0)         if (&User-Name =~ /\.$/)  {
(0)         if (&User-Name =~ /\.$/)   -> FALSE
(0)         if (&User-Name =~ /@\./)  {
(0)         if (&User-Name =~ /@\./)   -> FALSE
(0)       } # if (&User-Name)  = notfound
(0)     } # policy filter_username = notfound
(0)     [chap] = noop
(0)     [mschap] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL
(0) suffix: No such realm "NULL"
(0)     [suffix] = noop
(0)     update control {
(0)       &Proxy-To-Realm := LOCAL
(0)     } # update control = noop
(0) eap: Peer sent EAP Response (code 2) ID 1 length 27
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0)     [eap] = ok
(0)   } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(0)   authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_peap to process data
(0) eap_peap: Initiating new TLS session
(0) eap_peap: [eaptls start] = request
(0) eap: Sending EAP Request (code 1) ID 2 length 6
(0) eap: EAP session adding &reply:State = 0x8e1144788e135d5a
(0)     [eap] = handled
(0)   } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found.  Ignoring.
(0) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(0) Sent Access-Challenge Id 254 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0
(0)   EAP-Message = 0x010200061920
(0)   Message-Authenticator = 0x00000000000000000000000000000000
(0)   State = 0x8e1144788e135d5aaaf63b261b53a370
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 255 from 10.8.150.118:1645 to 10.70.42.77:1645 length 373
(1)   User-Name = "host/WNAMTest.stand.ru"
(1)   Service-Type = Framed-User
(1)   Framed-MTU = 1504
(1)   Called-Station-Id = "00-17-E0-1C-15-87"
(1)   Calling-Station-Id = "00-E0-4C-31-0E-67"
(1)   EAP-Message = 0x020200cc1980000000c216030300bd010000b90303639061b3946a0116999001e2cec4eebcc744aa45dd6d3db2d7101612d3e71cf720813f3268239d3d77179cefc9e73f95ba89586d214ebee8e831a945798c53993a002ac02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a01000046000500050100000000000a00080006001d00170018000b00020100000d001a00180804080508060401050102010403050302030202060106030023000000170000ff01000100
(1)   Message-Authenticator = 0x57980fece321d5b7e48eb9f464877726
(1)   NAS-Port-Type = Ethernet
(1)   NAS-Port = 50005
(1)   NAS-Port-Id = "FastEthernet0/5"
(1)   State = 0x8e1144788e135d5aaaf63b261b53a370
(1)   NAS-IP-Address = 10.8.150.118
(1) session-state: No cached attributes
(1) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
(1)   authorize {
(1)     policy filter_username {
(1)       if (&User-Name) {
(1)       if (&User-Name)  -> TRUE
(1)       if (&User-Name)  {
(1)         if (&User-Name =~ / /) {
(1)         if (&User-Name =~ / /)  -> FALSE
(1)         if (&User-Name =~ /@[^@]*@/ ) {
(1)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(1)         if (&User-Name =~ /\.\./ ) {
(1)         if (&User-Name =~ /\.\./ )  -> FALSE
(1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(1)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(1)         if (&User-Name =~ /\.$/)  {
(1)         if (&User-Name =~ /\.$/)   -> FALSE
(1)         if (&User-Name =~ /@\./)  {
(1)         if (&User-Name =~ /@\./)   -> FALSE
(1)       } # if (&User-Name)  = notfound
(1)     } # policy filter_username = notfound
(1)     [chap] = noop
(1)     [mschap] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL
(1) suffix: No such realm "NULL"
(1)     [suffix] = noop
(1)     update control {
(1)       &Proxy-To-Realm := LOCAL
(1)     } # update control = noop
(1) eap: Peer sent EAP Response (code 2) ID 2 length 204
(1) eap: Continuing tunnel setup
(1)     [eap] = ok
(1)   } # authorize = ok
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(1)   authenticate {
(1) eap: Expiring EAP session with state 0x8e1144788e135d5a
(1) eap: Finished EAP session with state 0x8e1144788e135d5a
(1) eap: Previous EAP request found for state 0x8e1144788e135d5a, released from the list
(1) eap: Peer sent packet with method EAP PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: Continuing EAP-TLS
(1) eap_peap: Peer indicated complete TLS record size will be 194 bytes
(1) eap_peap: Got complete TLS record (194 bytes)
(1) eap_peap: [eaptls verify] = length included
(1) eap_peap: (other): before SSL initialization
(1) eap_peap: TLS_accept: before SSL initialization
(1) eap_peap: TLS_accept: before SSL initialization
(1) eap_peap: <<< recv TLS 1.3  [length 00bd]
(1) eap_peap: TLS_accept: SSLv3/TLS read client hello
(1) eap_peap: >>> send TLS 1.2  [length 003d]
(1) eap_peap: TLS_accept: SSLv3/TLS write server hello
(1) eap_peap: >>> send TLS 1.2  [length 0903]
(1) eap_peap: TLS_accept: SSLv3/TLS write certificate
(1) eap_peap: >>> send TLS 1.2  [length 014d]
(1) eap_peap: TLS_accept: SSLv3/TLS write key exchange
(1) eap_peap: >>> send TLS 1.2  [length 0004]
(1) eap_peap: TLS_accept: SSLv3/TLS write server done
(1) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
(1) eap_peap: TLS - In Handshake Phase
(1) eap_peap: TLS - got 2725 bytes of data
(1) eap_peap: [eaptls process] = handled
(1) eap: Sending EAP Request (code 1) ID 3 length 1004
(1) eap: EAP session adding &reply:State = 0x8e1144788f125d5a
(1)     [eap] = handled
(1)   } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) Post-Auth-Type sub-section not found.  Ignoring.
(1) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(1) Sent Access-Challenge Id 255 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0
(1)   EAP-Message = 0x010303ec19c000000aa5160303003d02000039030316a38bcccaf0c1f7195d6060cabc048b9ea13d100d40f6852eb16cf57da470ce00c030000011ff01000100000b0004030001020017000016030309030b0008ff0008fc0003f8308203f4308202dca003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3232313132383131333435385a170d3233303132373131333435385a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d70
(1)   Message-Authenticator = 0x00000000000000000000000000000000
(1)   State = 0x8e1144788f125d5aaaf63b261b53a370
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 0 from 10.8.150.118:1645 to 10.70.42.77:1645 length 175
(2)   User-Name = "host/WNAMTest.stand.ru"
(2)   Service-Type = Framed-User
(2)   Framed-MTU = 1504
(2)   Called-Station-Id = "00-17-E0-1C-15-87"
(2)   Calling-Station-Id = "00-E0-4C-31-0E-67"
(2)   EAP-Message = 0x020300061900
(2)   Message-Authenticator = 0xaf565cd95e610e00b93fc948a081b99d
(2)   NAS-Port-Type = Ethernet
(2)   NAS-Port = 50005
(2)   NAS-Port-Id = "FastEthernet0/5"
(2)   State = 0x8e1144788f125d5aaaf63b261b53a370
(2)   NAS-IP-Address = 10.8.150.118
(2) session-state: No cached attributes
(2) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
(2)   authorize {
(2)     policy filter_username {
(2)       if (&User-Name) {
(2)       if (&User-Name)  -> TRUE
(2)       if (&User-Name)  {
(2)         if (&User-Name =~ / /) {
(2)         if (&User-Name =~ / /)  -> FALSE
(2)         if (&User-Name =~ /@[^@]*@/ ) {
(2)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(2)         if (&User-Name =~ /\.\./ ) {
(2)         if (&User-Name =~ /\.\./ )  -> FALSE
(2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(2)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(2)         if (&User-Name =~ /\.$/)  {
(2)         if (&User-Name =~ /\.$/)   -> FALSE
(2)         if (&User-Name =~ /@\./)  {
(2)         if (&User-Name =~ /@\./)   -> FALSE
(2)       } # if (&User-Name)  = notfound
(2)     } # policy filter_username = notfound
(2)     [chap] = noop
(2)     [mschap] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL
(2) suffix: No such realm "NULL"
(2)     [suffix] = noop
(2)     update control {
(2)       &Proxy-To-Realm := LOCAL
(2)     } # update control = noop
(2) eap: Peer sent EAP Response (code 2) ID 3 length 6
(2) eap: Continuing tunnel setup
(2)     [eap] = ok
(2)   } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(2)   authenticate {
(2) eap: Expiring EAP session with state 0x8e1144788f125d5a
(2) eap: Finished EAP session with state 0x8e1144788f125d5a
(2) eap: Previous EAP request found for state 0x8e1144788f125d5a, released from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: Continuing EAP-TLS
(2) eap_peap: Peer ACKed our handshake fragment
(2) eap_peap: [eaptls verify] = request
(2) eap_peap: [eaptls process] = handled
(2) eap: Sending EAP Request (code 1) ID 4 length 1000
(2) eap: EAP session adding &reply:State = 0x8e1144788c155d5a
(2)     [eap] = handled
(2)   } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) Post-Auth-Type sub-section not found.  Ignoring.
(2) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(2) Sent Access-Challenge Id 0 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0
(2)   EAP-Message = 0x010403e819401fc7c5152c524cb8fae1e08afa965a924975fe798689c56b5f8ae875d147afe3077ed758c2804b1fd93d89c6b215d8195c9fb13218b78495e13bea9696902858d0ac9e091331e8078a7ef13799870cb0a0b1808c75e6ae1062eefc44d51f5410a3e9f84b4ccebd0004fe308204fa308203e2a0030201020214442cc1056ca0298b32cdbbe1cbe45e7490adc2eb300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3232313132383131333435385a170d3233303132373131333435385a308193310b3009060355040613024652310f300d06035504080c0652616469
(2)   Message-Authenticator = 0x00000000000000000000000000000000
(2)   State = 0x8e1144788c155d5aaaf63b261b53a370
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 1 from 10.8.150.118:1645 to 10.70.42.77:1645 length 175
(3)   User-Name = "host/WNAMTest.stand.ru"
(3)   Service-Type = Framed-User
(3)   Framed-MTU = 1504
(3)   Called-Station-Id = "00-17-E0-1C-15-87"
(3)   Calling-Station-Id = "00-E0-4C-31-0E-67"
(3)   EAP-Message = 0x020400061900
(3)   Message-Authenticator = 0x1f56bf12588e8191c2539fa98dc4746f
(3)   NAS-Port-Type = Ethernet
(3)   NAS-Port = 50005
(3)   NAS-Port-Id = "FastEthernet0/5"
(3)   State = 0x8e1144788c155d5aaaf63b261b53a370
(3)   NAS-IP-Address = 10.8.150.118
(3) session-state: No cached attributes
(3) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
(3)   authorize {
(3)     policy filter_username {
(3)       if (&User-Name) {
(3)       if (&User-Name)  -> TRUE
(3)       if (&User-Name)  {
(3)         if (&User-Name =~ / /) {
(3)         if (&User-Name =~ / /)  -> FALSE
(3)         if (&User-Name =~ /@[^@]*@/ ) {
(3)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(3)         if (&User-Name =~ /\.\./ ) {
(3)         if (&User-Name =~ /\.\./ )  -> FALSE
(3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(3)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(3)         if (&User-Name =~ /\.$/)  {
(3)         if (&User-Name =~ /\.$/)   -> FALSE
(3)         if (&User-Name =~ /@\./)  {
(3)         if (&User-Name =~ /@\./)   -> FALSE
(3)       } # if (&User-Name)  = notfound
(3)     } # policy filter_username = notfound
(3)     [chap] = noop
(3)     [mschap] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL
(3) suffix: No such realm "NULL"
(3)     [suffix] = noop
(3)     update control {
(3)       &Proxy-To-Realm := LOCAL
(3)     } # update control = noop
(3) eap: Peer sent EAP Response (code 2) ID 4 length 6
(3) eap: Continuing tunnel setup
(3)     [eap] = ok
(3)   } # authorize = ok
(3) Found Auth-Type = eap
(3) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(3)   authenticate {
(3) eap: Expiring EAP session with state 0x8e1144788c155d5a
(3) eap: Finished EAP session with state 0x8e1144788c155d5a
(3) eap: Previous EAP request found for state 0x8e1144788c155d5a, released from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: Continuing EAP-TLS
(3) eap_peap: Peer ACKed our handshake fragment
(3) eap_peap: [eaptls verify] = request
(3) eap_peap: [eaptls process] = handled
(3) eap: Sending EAP Request (code 1) ID 5 length 743
(3) eap: EAP session adding &reply:State = 0x8e1144788d145d5a
(3)     [eap] = handled
(3)   } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) Post-Auth-Type sub-section not found.  Ignoring.
(3) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(3) Sent Access-Challenge Id 1 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0
(3)   EAP-Message = 0x010502e7190072746966696361746520417574686f726974798214442cc1056ca0298b32cdbbe1cbe45e7490adc2eb300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101000f90c9bfa58166e202db547a485080f43eeb496d974779be4682989ea1aa2ed4392ee7ba208464a95021a2d9019bdd276ad97b0d7680f9dce4db059f5d3aee20589a5787ceca5dc3f2bac77b7e21cf9b1f7242684fa62b5cd23c4c20d98bc73b3f641a8a89e77b7048f2661f46f7222b644a7a23968041c8fea3d0dea25fd658875a06e7bca59c2769deca0debe1bb9b274d90d25652b43fc2693562765604e9592757c2c624419b1226f07f0d8cb443a355c7cdaacb444e1b8a6a123c9aed7d8949e9937a404e85f6a98695cbadc77d80dcdcaf215b7eb0fd15b4de5b061208f78da50c8479cd2d4f1dfa
(3)   Message-Authenticator = 0x00000000000000000000000000000000
(3)   State = 0x8e1144788d145d5aaaf63b261b53a370
(3) Finished request
Waking up in 4.9 seconds.

Исходное сообщение
"freeradius dot1x dynamic vlan assignment" Отправлено Kovrevskii, 07-Дек-22 12:53
добавляю вывод radiusd -X при попытке аутентификации пользовател занчени if (0) Ready to process requests (0) Received Access-Request Id 254 from 10.8.150.118:1645 to 10.70.42.77:1645 length 178 (0) User-Name = "host/WNAMTest.stand.ru" (0) Service-Type = Framed-User (0) Framed-MTU = 1504 (0) Called-Station-Id = "00-17-E0-1C-15-87" (0) Calling-Station-Id = "00-E0-4C-31-0E-67" (0) EAP-Message = 0x0201001b01686f73742f574e414d546573742e7374616e642e7275 (0) Message-Authenticator = 0x05f0beadc58cb570784f655631e40bff (0) NAS-Port-Type = Ethernet (0) NAS-Port = 50005 (0) NAS-Port-Id = "FastEthernet0/5" (0) NAS-IP-Address = 10.8.150.118 (0) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]@/ ) { (0) if (&User-Name =~ /@[^@]@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [chap] = noop (0) [mschap] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) update control { (0) &Proxy-To-Realm := LOCAL (0) } # update control = noop (0) eap: Peer sent EAP Response (code 2) ID 1 length 27 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_peap to process data (0) eap_peap: Initiating new TLS session (0) eap_peap: [eaptls start] = request (0) eap: Sending EAP Request (code 1) ID 2 length 6 (0) eap: EAP session adding &reply:State = 0x8e1144788e135d5a (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (0) Sent Access-Challenge Id 254 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 (0) EAP-Message = 0x010200061920 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x8e1144788e135d5aaaf63b261b53a370 (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 255 from 10.8.150.118:1645 to 10.70.42.77:1645 length 373 (1) User-Name = "host/WNAMTest.stand.ru" (1) Service-Type = Framed-User (1) Framed-MTU = 1504 (1) Called-Station-Id = "00-17-E0-1C-15-87" (1) Calling-Station-Id = "00-E0-4C-31-0E-67" (1) EAP-Message = 0x020200cc1980000000c216030300bd010000b90303639061b3946a0116999001e2cec4eebcc744aa45dd6d3db2d7101612d3e71cf720813f3268239d3d77179cefc9e73f95ba89586d214ebee8e831a945798c53993a002ac02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a01000046000500050100000000000a00080006001d00170018000b00020100000d001a00180804080508060401050102010403050302030202060106030023000000170000ff01000100 (1) Message-Authenticator = 0x57980fece321d5b7e48eb9f464877726 (1) NAS-Port-Type = Ethernet (1) NAS-Port = 50005 (1) NAS-Port-Id = "FastEthernet0/5" (1) State = 0x8e1144788e135d5aaaf63b261b53a370 (1) NAS-IP-Address = 10.8.150.118 (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]@/ ) { (1) if (&User-Name =~ /@[^@]@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [chap] = noop (1) [mschap] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) update control { (1) &Proxy-To-Realm := LOCAL (1) } # update control = noop (1) eap: Peer sent EAP Response (code 2) ID 2 length 204 (1) eap: Continuing tunnel setup (1) [eap] = ok (1) } # authorize = ok (1) Found Auth-Type = eap (1) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (1) authenticate { (1) eap: Expiring EAP session with state 0x8e1144788e135d5a (1) eap: Finished EAP session with state 0x8e1144788e135d5a (1) eap: Previous EAP request found for state 0x8e1144788e135d5a, released from the list (1) eap: Peer sent packet with method EAP PEAP (25) (1) eap: Calling submodule eap_peap to process data (1) eap_peap: Continuing EAP-TLS (1) eap_peap: Peer indicated complete TLS record size will be 194 bytes (1) eap_peap: Got complete TLS record (194 bytes) (1) eap_peap: [eaptls verify] = length included (1) eap_peap: (other): before SSL initialization (1) eap_peap: TLS_accept: before SSL initialization (1) eap_peap: TLS_accept: before SSL initialization (1) eap_peap: <<< recv TLS 1.3 [length 00bd] (1) eap_peap: TLS_accept: SSLv3/TLS read client hello (1) eap_peap: >>> send TLS 1.2 [length 003d] (1) eap_peap: TLS_accept: SSLv3/TLS write server hello (1) eap_peap: >>> send TLS 1.2 [length 0903] (1) eap_peap: TLS_accept: SSLv3/TLS write certificate (1) eap_peap: >>> send TLS 1.2 [length 014d] (1) eap_peap: TLS_accept: SSLv3/TLS write key exchange (1) eap_peap: >>> send TLS 1.2 [length 0004] (1) eap_peap: TLS_accept: SSLv3/TLS write server done (1) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done (1) eap_peap: TLS - In Handshake Phase (1) eap_peap: TLS - got 2725 bytes of data (1) eap_peap: [eaptls process] = handled (1) eap: Sending EAP Request (code 1) ID 3 length 1004 (1) eap: EAP session adding &reply:State = 0x8e1144788f125d5a (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) Post-Auth-Type sub-section not found. Ignoring. (1) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (1) Sent Access-Challenge Id 255 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 (1) EAP-Message = 0x010303ec19c000000aa5160303003d02000039030316a38bcccaf0c1f7195d6060cabc048b9ea13d100d40f6852eb16cf57da470ce00c030000011ff01000100000b0004030001020017000016030309030b0008ff0008fc0003f8308203f4308202dca003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3232313132383131333435385a170d3233303132373131333435385a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d70 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0x8e1144788f125d5aaaf63b261b53a370 (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 0 from 10.8.150.118:1645 to 10.70.42.77:1645 length 175 (2) User-Name = "host/WNAMTest.stand.ru" (2) Service-Type = Framed-User (2) Framed-MTU = 1504 (2) Called-Station-Id = "00-17-E0-1C-15-87" (2) Calling-Station-Id = "00-E0-4C-31-0E-67" (2) EAP-Message = 0x020300061900 (2) Message-Authenticator = 0xaf565cd95e610e00b93fc948a081b99d (2) NAS-Port-Type = Ethernet (2) NAS-Port = 50005 (2) NAS-Port-Id = "FastEthernet0/5" (2) State = 0x8e1144788f125d5aaaf63b261b53a370 (2) NAS-IP-Address = 10.8.150.118 (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (2) authorize { (2) policy filter_username { (2) if (&User-Name) { (2) if (&User-Name) -> TRUE (2) if (&User-Name) { (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@[^@]@/ ) { (2) if (&User-Name =~ /@[^@]@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # if (&User-Name) = notfound (2) } # policy filter_username = notfound (2) [chap] = noop (2) [mschap] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) update control { (2) &Proxy-To-Realm := LOCAL (2) } # update control = noop (2) eap: Peer sent EAP Response (code 2) ID 3 length 6 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = eap (2) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (2) authenticate { (2) eap: Expiring EAP session with state 0x8e1144788f125d5a (2) eap: Finished EAP session with state 0x8e1144788f125d5a (2) eap: Previous EAP request found for state 0x8e1144788f125d5a, released from the list (2) eap: Peer sent packet with method EAP PEAP (25) (2) eap: Calling submodule eap_peap to process data (2) eap_peap: Continuing EAP-TLS (2) eap_peap: Peer ACKed our handshake fragment (2) eap_peap: [eaptls verify] = request (2) eap_peap: [eaptls process] = handled (2) eap: Sending EAP Request (code 1) ID 4 length 1000 (2) eap: EAP session adding &reply:State = 0x8e1144788c155d5a (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (2) Sent Access-Challenge Id 0 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 (2) EAP-Message = 0x010403e819401fc7c5152c524cb8fae1e08afa965a924975fe798689c56b5f8ae875d147afe3077ed758c2804b1fd93d89c6b215d8195c9fb13218b78495e13bea9696902858d0ac9e091331e8078a7ef13799870cb0a0b1808c75e6ae1062eefc44d51f5410a3e9f84b4ccebd0004fe308204fa308203e2a0030201020214442cc1056ca0298b32cdbbe1cbe45e7490adc2eb300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3232313132383131333435385a170d3233303132373131333435385a308193310b3009060355040613024652310f300d06035504080c0652616469 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0x8e1144788c155d5aaaf63b261b53a370 (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 1 from 10.8.150.118:1645 to 10.70.42.77:1645 length 175 (3) User-Name = "host/WNAMTest.stand.ru" (3) Service-Type = Framed-User (3) Framed-MTU = 1504 (3) Called-Station-Id = "00-17-E0-1C-15-87" (3) Calling-Station-Id = "00-E0-4C-31-0E-67" (3) EAP-Message = 0x020400061900 (3) Message-Authenticator = 0x1f56bf12588e8191c2539fa98dc4746f (3) NAS-Port-Type = Ethernet (3) NAS-Port = 50005 (3) NAS-Port-Id = "FastEthernet0/5" (3) State = 0x8e1144788c155d5aaaf63b261b53a370 (3) NAS-IP-Address = 10.8.150.118 (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (3) authorize { (3) policy filter_username { (3) if (&User-Name) { (3) if (&User-Name) -> TRUE (3) if (&User-Name) { (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@[^@]@/ ) { (3) if (&User-Name =~ /@[^@]@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ /@\./) { (3) if (&User-Name =~ /@\./) -> FALSE (3) } # if (&User-Name) = notfound (3) } # policy filter_username = notfound (3) [chap] = noop (3) [mschap] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) update control { (3) &Proxy-To-Realm := LOCAL (3) } # update control = noop (3) eap: Peer sent EAP Response (code 2) ID 4 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = eap (3) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (3) authenticate { (3) eap: Expiring EAP session with state 0x8e1144788c155d5a (3) eap: Finished EAP session with state 0x8e1144788c155d5a (3) eap: Previous EAP request found for state 0x8e1144788c155d5a, released from the list (3) eap: Peer sent packet with method EAP PEAP (25) (3) eap: Calling submodule eap_peap to process data (3) eap_peap: Continuing EAP-TLS (3) eap_peap: Peer ACKed our handshake fragment (3) eap_peap: [eaptls verify] = request (3) eap_peap: [eaptls process] = handled (3) eap: Sending EAP Request (code 1) ID 5 length 743 (3) eap: EAP session adding &reply:State = 0x8e1144788d145d5a (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (3) Sent Access-Challenge Id 1 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 (3) EAP-Message = 0x010502e7190072746966696361746520417574686f726974798214442cc1056ca0298b32cdbbe1cbe45e7490adc2eb300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101000f90c9bfa58166e202db547a485080f43eeb496d974779be4682989ea1aa2ed4392ee7ba208464a95021a2d9019bdd276ad97b0d7680f9dce4db059f5d3aee20589a5787ceca5dc3f2bac77b7e21cf9b1f7242684fa62b5cd23c4c20d98bc73b3f641a8a89e77b7048f2661f46f7222b644a7a23968041c8fea3d0dea25fd658875a06e7bca59c2769deca0debe1bb9b274d90d25652b43fc2693562765604e9592757c2c624419b1226f07f0d8cb443a355c7cdaacb444e1b8a6a123c9aed7d8949e9937a404e85f6a98695cbadc77d80dcdcaf215b7eb0fd15b4de5b061208f78da50c8479cd2d4f1dfa (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0x8e1144788d145d5aaaf63b261b53a370 (3) Finished request Waking up in 4.9 seconds.

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	> добавляю вывод radiusd -X при попытке аутентификации пользовател > занчени if (0) > Ready to process requests > (0) Received Access-Request Id 254 from 10.8.150.118:1645 to 10.70.42.77:1645 length 178 > (0) User-Name = "host/WNAMTest.stand.ru" > (0) Service-Type = Framed-User > (0) Framed-MTU = 1504 > (0) Called-Station-Id = "00-17-E0-1C-15-87" > (0) Calling-Station-Id = "00-E0-4C-31-0E-67" > (0) EAP-Message = 0x0201001b01686f73742f574e414d546573742e7374616e642e7275 > (0) Message-Authenticator = 0x05f0beadc58cb570784f655631e40bff > (0) NAS-Port-Type = Ethernet > (0) NAS-Port = 50005 > (0) NAS-Port-Id = "FastEthernet0/5" > (0) NAS-IP-Address = 10.8.150.118 > (0) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel > (0) authorize { > (0) policy filter_username { > (0) if (&User-Name) { > (0) if (&User-Name) -> TRUE > (0) if (&User-Name) { > (0) if (&User-Name =~ > / /) { > (0) if (&User-Name =~ > / /) -> FALSE > (0) if (&User-Name =~ > /@[^@]@/ ) { > (0) if (&User-Name =~ > /@[^@]@/ ) -> FALSE > (0) if (&User-Name =~ > /\.\./ ) { > (0) if (&User-Name =~ > /\.\./ ) -> FALSE > (0) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { > (0) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE > (0) if (&User-Name =~ > /\.$/) { > (0) if (&User-Name =~ > /\.$/) -> FALSE > (0) if (&User-Name =~ > /@\./) { > (0) if (&User-Name =~ > /@\./) -> FALSE > (0) } # if (&User-Name) > = notfound > (0) } # policy filter_username = notfound > (0) [chap] = noop > (0) [mschap] = noop > (0) suffix: Checking for suffix after "@" > (0) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL > (0) suffix: No such realm "NULL" > (0) [suffix] = noop > (0) update control { > (0) &Proxy-To-Realm := LOCAL > (0) } # update control = noop > (0) eap: Peer sent EAP Response (code 2) ID 1 length 27 > (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest > of authorize > (0) [eap] = ok > (0) } # authorize = ok > (0) Found Auth-Type = eap > (0) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (0) authenticate { > (0) eap: Peer sent packet with method EAP Identity (1) > (0) eap: Calling submodule eap_peap to process data > (0) eap_peap: Initiating new TLS session > (0) eap_peap: [eaptls start] = request > (0) eap: Sending EAP Request (code 1) ID 2 length 6 > (0) eap: EAP session adding &reply:State = 0x8e1144788e135d5a > (0) [eap] = handled > (0) } # authenticate = handled > (0) Using Post-Auth-Type Challenge > (0) Post-Auth-Type sub-section not found. Ignoring. > (0) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (0) Sent Access-Challenge Id 254 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 > (0) EAP-Message = 0x010200061920 > (0) Message-Authenticator = 0x00000000000000000000000000000000 > (0) State = 0x8e1144788e135d5aaaf63b261b53a370 > (0) Finished request > Waking up in 4.9 seconds. > (1) Received Access-Request Id 255 from 10.8.150.118:1645 to 10.70.42.77:1645 length 373 > (1) User-Name = "host/WNAMTest.stand.ru" > (1) Service-Type = Framed-User > (1) Framed-MTU = 1504 > (1) Called-Station-Id = "00-17-E0-1C-15-87" > (1) Calling-Station-Id = "00-E0-4C-31-0E-67" > (1) EAP-Message = 0x020200cc1980000000c216030300bd010000b90303639061b3946a0116999001e2cec4eebcc744aa45dd6d3db2d7101612d3e71cf720813f3268239d3d77179cefc9e73f95ba89586d214ebee8e831a945798c53993a002ac02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a01000046000500050100000000000a00080006001d00170018000b00020100000d001a00180804080508060401050102010403050302030202060106030023000000170000ff01000100 > (1) Message-Authenticator = 0x57980fece321d5b7e48eb9f464877726 > (1) NAS-Port-Type = Ethernet > (1) NAS-Port = 50005 > (1) NAS-Port-Id = "FastEthernet0/5" > (1) State = 0x8e1144788e135d5aaaf63b261b53a370 > (1) NAS-IP-Address = 10.8.150.118 > (1) session-state: No cached attributes > (1) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel > (1) authorize { > (1) policy filter_username { > (1) if (&User-Name) { > (1) if (&User-Name) -> TRUE > (1) if (&User-Name) { > (1) if (&User-Name =~ > / /) { > (1) if (&User-Name =~ > / /) -> FALSE > (1) if (&User-Name =~ > /@[^@]@/ ) { > (1) if (&User-Name =~ > /@[^@]@/ ) -> FALSE > (1) if (&User-Name =~ > /\.\./ ) { > (1) if (&User-Name =~ > /\.\./ ) -> FALSE > (1) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { > (1) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE > (1) if (&User-Name =~ > /\.$/) { > (1) if (&User-Name =~ > /\.$/) -> FALSE > (1) if (&User-Name =~ > /@\./) { > (1) if (&User-Name =~ > /@\./) -> FALSE > (1) } # if (&User-Name) > = notfound > (1) } # policy filter_username = notfound > (1) [chap] = noop > (1) [mschap] = noop > (1) suffix: Checking for suffix after "@" > (1) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL > (1) suffix: No such realm "NULL" > (1) [suffix] = noop > (1) update control { > (1) &Proxy-To-Realm := LOCAL > (1) } # update control = noop > (1) eap: Peer sent EAP Response (code 2) ID 2 length 204 > (1) eap: Continuing tunnel setup > (1) [eap] = ok > (1) } # authorize = ok > (1) Found Auth-Type = eap > (1) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (1) authenticate { > (1) eap: Expiring EAP session with state 0x8e1144788e135d5a > (1) eap: Finished EAP session with state 0x8e1144788e135d5a > (1) eap: Previous EAP request found for state 0x8e1144788e135d5a, released from the > list > (1) eap: Peer sent packet with method EAP PEAP (25) > (1) eap: Calling submodule eap_peap to process data > (1) eap_peap: Continuing EAP-TLS > (1) eap_peap: Peer indicated complete TLS record size will be 194 bytes > (1) eap_peap: Got complete TLS record (194 bytes) > (1) eap_peap: [eaptls verify] = length included > (1) eap_peap: (other): before SSL initialization > (1) eap_peap: TLS_accept: before SSL initialization > (1) eap_peap: TLS_accept: before SSL initialization > (1) eap_peap: <<< recv TLS 1.3 [length 00bd] > (1) eap_peap: TLS_accept: SSLv3/TLS read client hello > (1) eap_peap: >>> send TLS 1.2 [length 003d] > (1) eap_peap: TLS_accept: SSLv3/TLS write server hello > (1) eap_peap: >>> send TLS 1.2 [length 0903] > (1) eap_peap: TLS_accept: SSLv3/TLS write certificate > (1) eap_peap: >>> send TLS 1.2 [length 014d] > (1) eap_peap: TLS_accept: SSLv3/TLS write key exchange > (1) eap_peap: >>> send TLS 1.2 [length 0004] > (1) eap_peap: TLS_accept: SSLv3/TLS write server done > (1) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done > (1) eap_peap: TLS - In Handshake Phase > (1) eap_peap: TLS - got 2725 bytes of data > (1) eap_peap: [eaptls process] = handled > (1) eap: Sending EAP Request (code 1) ID 3 length 1004 > (1) eap: EAP session adding &reply:State = 0x8e1144788f125d5a > (1) [eap] = handled > (1) } # authenticate = handled > (1) Using Post-Auth-Type Challenge > (1) Post-Auth-Type sub-section not found. Ignoring. > (1) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (1) Sent Access-Challenge Id 255 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 > (1) EAP-Message = 0x010303ec19c000000aa5160303003d02000039030316a38bcccaf0c1f7195d6060cabc048b9ea13d100d40f6852eb16cf57da470ce00c030000011ff01000100000b0004030001020017000016030309030b0008ff0008fc0003f8308203f4308202dca003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3232313132383131333435385a170d3233303132373131333435385a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d70 > (1) Message-Authenticator = 0x00000000000000000000000000000000 > (1) State = 0x8e1144788f125d5aaaf63b261b53a370 > (1) Finished request > Waking up in 4.9 seconds. > (2) Received Access-Request Id 0 from 10.8.150.118:1645 to 10.70.42.77:1645 length 175 > (2) User-Name = "host/WNAMTest.stand.ru" > (2) Service-Type = Framed-User > (2) Framed-MTU = 1504 > (2) Called-Station-Id = "00-17-E0-1C-15-87" > (2) Calling-Station-Id = "00-E0-4C-31-0E-67" > (2) EAP-Message = 0x020300061900 > (2) Message-Authenticator = 0xaf565cd95e610e00b93fc948a081b99d > (2) NAS-Port-Type = Ethernet > (2) NAS-Port = 50005 > (2) NAS-Port-Id = "FastEthernet0/5" > (2) State = 0x8e1144788f125d5aaaf63b261b53a370 > (2) NAS-IP-Address = 10.8.150.118 > (2) session-state: No cached attributes > (2) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel > (2) authorize { > (2) policy filter_username { > (2) if (&User-Name) { > (2) if (&User-Name) -> TRUE > (2) if (&User-Name) { > (2) if (&User-Name =~ > / /) { > (2) if (&User-Name =~ > / /) -> FALSE > (2) if (&User-Name =~ > /@[^@]@/ ) { > (2) if (&User-Name =~ > /@[^@]@/ ) -> FALSE > (2) if (&User-Name =~ > /\.\./ ) { > (2) if (&User-Name =~ > /\.\./ ) -> FALSE > (2) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { > (2) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE > (2) if (&User-Name =~ > /\.$/) { > (2) if (&User-Name =~ > /\.$/) -> FALSE > (2) if (&User-Name =~ > /@\./) { > (2) if (&User-Name =~ > /@\./) -> FALSE > (2) } # if (&User-Name) > = notfound > (2) } # policy filter_username = notfound > (2) [chap] = noop > (2) [mschap] = noop > (2) suffix: Checking for suffix after "@" > (2) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL > (2) suffix: No such realm "NULL" > (2) [suffix] = noop > (2) update control { > (2) &Proxy-To-Realm := LOCAL > (2) } # update control = noop > (2) eap: Peer sent EAP Response (code 2) ID 3 length 6 > (2) eap: Continuing tunnel setup > (2) [eap] = ok > (2) } # authorize = ok > (2) Found Auth-Type = eap > (2) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (2) authenticate { > (2) eap: Expiring EAP session with state 0x8e1144788f125d5a > (2) eap: Finished EAP session with state 0x8e1144788f125d5a > (2) eap: Previous EAP request found for state 0x8e1144788f125d5a, released from the > list > (2) eap: Peer sent packet with method EAP PEAP (25) > (2) eap: Calling submodule eap_peap to process data > (2) eap_peap: Continuing EAP-TLS > (2) eap_peap: Peer ACKed our handshake fragment > (2) eap_peap: [eaptls verify] = request > (2) eap_peap: [eaptls process] = handled > (2) eap: Sending EAP Request (code 1) ID 4 length 1000 > (2) eap: EAP session adding &reply:State = 0x8e1144788c155d5a > (2) [eap] = handled > (2) } # authenticate = handled > (2) Using Post-Auth-Type Challenge > (2) Post-Auth-Type sub-section not found. Ignoring. > (2) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (2) Sent Access-Challenge Id 0 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 > (2) EAP-Message = 0x010403e819401fc7c5152c524cb8fae1e08afa965a924975fe798689c56b5f8ae875d147afe3077ed758c2804b1fd93d89c6b215d8195c9fb13218b78495e13bea9696902858d0ac9e091331e8078a7ef13799870cb0a0b1808c75e6ae1062eefc44d51f5410a3e9f84b4ccebd0004fe308204fa308203e2a0030201020214442cc1056ca0298b32cdbbe1cbe45e7490adc2eb300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3232313132383131333435385a170d3233303132373131333435385a308193310b3009060355040613024652310f300d06035504080c0652616469 > (2) Message-Authenticator = 0x00000000000000000000000000000000 > (2) State = 0x8e1144788c155d5aaaf63b261b53a370 > (2) Finished request > Waking up in 4.9 seconds. > (3) Received Access-Request Id 1 from 10.8.150.118:1645 to 10.70.42.77:1645 length 175 > (3) User-Name = "host/WNAMTest.stand.ru" > (3) Service-Type = Framed-User > (3) Framed-MTU = 1504 > (3) Called-Station-Id = "00-17-E0-1C-15-87" > (3) Calling-Station-Id = "00-E0-4C-31-0E-67" > (3) EAP-Message = 0x020400061900 > (3) Message-Authenticator = 0x1f56bf12588e8191c2539fa98dc4746f > (3) NAS-Port-Type = Ethernet > (3) NAS-Port = 50005 > (3) NAS-Port-Id = "FastEthernet0/5" > (3) State = 0x8e1144788c155d5aaaf63b261b53a370 > (3) NAS-IP-Address = 10.8.150.118 > (3) session-state: No cached attributes > (3) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel > (3) authorize { > (3) policy filter_username { > (3) if (&User-Name) { > (3) if (&User-Name) -> TRUE > (3) if (&User-Name) { > (3) if (&User-Name =~ > / /) { > (3) if (&User-Name =~ > / /) -> FALSE > (3) if (&User-Name =~ > /@[^@]@/ ) { > (3) if (&User-Name =~ > /@[^@]@/ ) -> FALSE > (3) if (&User-Name =~ > /\.\./ ) { > (3) if (&User-Name =~ > /\.\./ ) -> FALSE > (3) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { > (3) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE > (3) if (&User-Name =~ > /\.$/) { > (3) if (&User-Name =~ > /\.$/) -> FALSE > (3) if (&User-Name =~ > /@\./) { > (3) if (&User-Name =~ > /@\./) -> FALSE > (3) } # if (&User-Name) > = notfound > (3) } # policy filter_username = notfound > (3) [chap] = noop > (3) [mschap] = noop > (3) suffix: Checking for suffix after "@" > (3) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL > (3) suffix: No such realm "NULL" > (3) [suffix] = noop > (3) update control { > (3) &Proxy-To-Realm := LOCAL > (3) } # update control = noop > (3) eap: Peer sent EAP Response (code 2) ID 4 length 6 > (3) eap: Continuing tunnel setup > (3) [eap] = ok > (3) } # authorize = ok > (3) Found Auth-Type = eap > (3) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (3) authenticate { > (3) eap: Expiring EAP session with state 0x8e1144788c155d5a > (3) eap: Finished EAP session with state 0x8e1144788c155d5a > (3) eap: Previous EAP request found for state 0x8e1144788c155d5a, released from the > list > (3) eap: Peer sent packet with method EAP PEAP (25) > (3) eap: Calling submodule eap_peap to process data > (3) eap_peap: Continuing EAP-TLS > (3) eap_peap: Peer ACKed our handshake fragment > (3) eap_peap: [eaptls verify] = request > (3) eap_peap: [eaptls process] = handled > (3) eap: Sending EAP Request (code 1) ID 5 length 743 > (3) eap: EAP session adding &reply:State = 0x8e1144788d145d5a > (3) [eap] = handled > (3) } # authenticate = handled > (3) Using Post-Auth-Type Challenge > (3) Post-Auth-Type sub-section not found. Ignoring. > (3) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (3) Sent Access-Challenge Id 1 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 > (3) EAP-Message = 0x010502e7190072746966696361746520417574686f726974798214442cc1056ca0298b32cdbbe1cbe45e7490adc2eb300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101000f90c9bfa58166e202db547a485080f43eeb496d974779be4682989ea1aa2ed4392ee7ba208464a95021a2d9019bdd276ad97b0d7680f9dce4db059f5d3aee20589a5787ceca5dc3f2bac77b7e21cf9b1f7242684fa62b5cd23c4c20d98bc73b3f641a8a89e77b7048f2661f46f7222b644a7a23968041c8fea3d0dea25fd658875a06e7bca59c2769deca0debe1bb9b274d90d25652b43fc2693562765604e9592757c2c624419b1226f07f0d8cb443a355c7cdaacb444e1b8a6a123c9aed7d8949e9937a404e85f6a98695cbadc77d80dcdcaf215b7eb0fd15b4de5b061208f78da50c8479cd2d4f1dfa > (3) Message-Authenticator = 0x00000000000000000000000000000000 > (3) State = 0x8e1144788d145d5aaaf63b261b53a370 > (3) Finished request > Waking up in 4.9 seconds.
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру