forum.opennet.ru

Составление сообщения

Исходное сообщение

"freeradius dot1x dynamic vlan assignment"
Отправлено Kovrevskii, 07-Дек-22 12:56

продолжение
(4) Received Access-Request Id 2 from 10.8.150.118:1645 to 10.70.42.77:1645 length 305
(4)   User-Name = "host/WNAMTest.stand.ru"
(4)   Service-Type = Framed-User
(4)   Framed-MTU = 1504
(4)   Called-Station-Id = "00-17-E0-1C-15-87"
(4)   Calling-Station-Id = "00-E0-4C-31-0E-67"
(4)   EAP-Message = 0x0205008819800000007e1603030046100000424104a7375d5a0b4cab49e9fec1125a800f8a23c26057dfd1f42d8ed06d30fc26a0ea775bafbe3e498651218316b113d020f7acf8c30b2a28774e6ca313eb61c6342714030300010116030300280000000000000000af23d74f75fbe62067fe01739e17ce88600ae6f610789121a25b0f666b425f6f
(4)   Message-Authenticator = 0x399081e9a1a5c11037d7dc6d3b08bc65
(4)   NAS-Port-Type = Ethernet
(4)   NAS-Port = 50005
(4)   NAS-Port-Id = "FastEthernet0/5"
(4)   State = 0x8e1144788d145d5aaaf63b261b53a370
(4)   NAS-IP-Address = 10.8.150.118
(4) session-state: No cached attributes
(4) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
(4)   authorize {
(4)     policy filter_username {
(4)       if (&User-Name) {
(4)       if (&User-Name)  -> TRUE
(4)       if (&User-Name)  {
(4)         if (&User-Name =~ / /) {
(4)         if (&User-Name =~ / /)  -> FALSE
(4)         if (&User-Name =~ /@[^@]*@/ ) {
(4)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(4)         if (&User-Name =~ /\.\./ ) {
(4)         if (&User-Name =~ /\.\./ )  -> FALSE
(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(4)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(4)         if (&User-Name =~ /\.$/)  {
(4)         if (&User-Name =~ /\.$/)   -> FALSE
(4)         if (&User-Name =~ /@\./)  {
(4)         if (&User-Name =~ /@\./)   -> FALSE
(4)       } # if (&User-Name)  = notfound
(4)     } # policy filter_username = notfound
(4)     [chap] = noop
(4)     [mschap] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL
(4) suffix: No such realm "NULL"
(4)     [suffix] = noop
(4)     update control {
(4)       &Proxy-To-Realm := LOCAL
(4)     } # update control = noop
(4) eap: Peer sent EAP Response (code 2) ID 5 length 136
(4) eap: Continuing tunnel setup
(4)     [eap] = ok
(4)   } # authorize = ok
(4) Found Auth-Type = eap
(4) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(4)   authenticate {
(4) eap: Expiring EAP session with state 0x8e1144788d145d5a
(4) eap: Finished EAP session with state 0x8e1144788d145d5a
(4) eap: Previous EAP request found for state 0x8e1144788d145d5a, released from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: Continuing EAP-TLS
(4) eap_peap: Peer indicated complete TLS record size will be 126 bytes
(4) eap_peap: Got complete TLS record (126 bytes)
(4) eap_peap: [eaptls verify] = length included
(4) eap_peap: TLS_accept: SSLv3/TLS write server done
(4) eap_peap: <<< recv TLS 1.2  [length 0046]
(4) eap_peap: TLS_accept: SSLv3/TLS read client key exchange
(4) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec
(4) eap_peap: <<< recv TLS 1.2  [length 0010]
(4) eap_peap: TLS_accept: SSLv3/TLS read finished
(4) eap_peap: >>> send TLS 1.2  [length 0001]
(4) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec
(4) eap_peap: >>> send TLS 1.2  [length 0010]
(4) eap_peap: TLS_accept: SSLv3/TLS write finished
(4) eap_peap: (other): SSL negotiation finished successfully
(4) eap_peap: TLS - Connection Established
(4) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(4) eap_peap: TLS-Session-Version = "TLS 1.2"
(4) eap_peap: TLS - got 51 bytes of data
(4) eap_peap: [eaptls process] = handled
(4) eap: Sending EAP Request (code 1) ID 6 length 57
(4) eap: EAP session adding &reply:State = 0x8e1144788a175d5a
(4)     [eap] = handled
(4)   } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) Post-Auth-Type sub-section not found.  Ignoring.
(4) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(4) session-state: Saving cached attributes
(4)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(4)   TLS-Session-Version = "TLS 1.2"
(4) Sent Access-Challenge Id 2 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0
(4)   EAP-Message = 0x01060039190014030300010116030300289251a406bf3dbfb03724ace561a3dd1a3295ed2c4d17b05d85670ecad49cb5873a6f8eb092810370
(4)   Message-Authenticator = 0x00000000000000000000000000000000
(4)   State = 0x8e1144788a175d5aaaf63b261b53a370
(4) Finished request
Waking up in 4.8 seconds.
(5) Received Access-Request Id 3 from 10.8.150.118:1645 to 10.70.42.77:1645 length 175
(5)   User-Name = "host/WNAMTest.stand.ru"
(5)   Service-Type = Framed-User
(5)   Framed-MTU = 1504
(5)   Called-Station-Id = "00-17-E0-1C-15-87"
(5)   Calling-Station-Id = "00-E0-4C-31-0E-67"
(5)   EAP-Message = 0x020600061900
(5)   Message-Authenticator = 0x325b51a8e67ce86e0d4401a06a1cadba
(5)   NAS-Port-Type = Ethernet
(5)   NAS-Port = 50005
(5)   NAS-Port-Id = "FastEthernet0/5"
(5)   State = 0x8e1144788a175d5aaaf63b261b53a370
(5)   NAS-IP-Address = 10.8.150.118
(5) Restoring &session-state
(5)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(5)   &session-state:TLS-Session-Version = "TLS 1.2"
(5) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
(5)   authorize {
(5)     policy filter_username {
(5)       if (&User-Name) {
(5)       if (&User-Name)  -> TRUE
(5)       if (&User-Name)  {
(5)         if (&User-Name =~ / /) {
(5)         if (&User-Name =~ / /)  -> FALSE
(5)         if (&User-Name =~ /@[^@]*@/ ) {
(5)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(5)         if (&User-Name =~ /\.\./ ) {
(5)         if (&User-Name =~ /\.\./ )  -> FALSE
(5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(5)         if (&User-Name =~ /\.$/)  {
(5)         if (&User-Name =~ /\.$/)   -> FALSE
(5)         if (&User-Name =~ /@\./)  {
(5)         if (&User-Name =~ /@\./)   -> FALSE
(5)       } # if (&User-Name)  = notfound
(5)     } # policy filter_username = notfound
(5)     [chap] = noop
(5)     [mschap] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL
(5) suffix: No such realm "NULL"
(5)     [suffix] = noop
(5)     update control {
(5)       &Proxy-To-Realm := LOCAL
(5)     } # update control = noop
(5) eap: Peer sent EAP Response (code 2) ID 6 length 6
(5) eap: Continuing tunnel setup
(5)     [eap] = ok
(5)   } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(5)   authenticate {
(5) eap: Expiring EAP session with state 0x8e1144788a175d5a
(5) eap: Finished EAP session with state 0x8e1144788a175d5a
(5) eap: Previous EAP request found for state 0x8e1144788a175d5a, released from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: Continuing EAP-TLS
(5) eap_peap: Peer ACKed our handshake fragment.  handshake is finished
(5) eap_peap: [eaptls verify] = success
(5) eap_peap: [eaptls process] = success
(5) eap_peap: Session established.  Decoding tunneled attributes
(5) eap_peap: PEAP state TUNNEL ESTABLISHED
(5) eap: Sending EAP Request (code 1) ID 7 length 40
(5) eap: EAP session adding &reply:State = 0x8e1144788b165d5a
(5)     [eap] = handled
(5)   } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) Post-Auth-Type sub-section not found.  Ignoring.
(5) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(5) session-state: Saving cached attributes
(5)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(5)   TLS-Session-Version = "TLS 1.2"
(5) Sent Access-Challenge Id 3 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0
(5)   EAP-Message = 0x010700281900170303001d9251a406bf3dbfb1c4883ad1165a072b12d250a2a4d4747b6748cd60ed
(5)   Message-Authenticator = 0x00000000000000000000000000000000
(5)   State = 0x8e1144788b165d5aaaf63b261b53a370
(5) Finished request
Waking up in 4.8 seconds.
(6) Received Access-Request Id 4 from 10.8.150.118:1645 to 10.70.42.77:1645 length 227
(6)   User-Name = "host/WNAMTest.stand.ru"
(6)   Service-Type = Framed-User
(6)   Framed-MTU = 1504
(6)   Called-Station-Id = "00-17-E0-1C-15-87"
(6)   Calling-Station-Id = "00-E0-4C-31-0E-67"
(6)   EAP-Message = 0x0207003a1900170303002f000000000000000155af9208b9017d53ad5ae04767876fbc5e85a534d96d067d5325b0772d3d76e28e379d081fb595
(6)   Message-Authenticator = 0xac48ac31824eed7ee4ef2c0c7cea5934
(6)   NAS-Port-Type = Ethernet
(6)   NAS-Port = 50005
(6)   NAS-Port-Id = "FastEthernet0/5"
(6)   State = 0x8e1144788b165d5aaaf63b261b53a370
(6)   NAS-IP-Address = 10.8.150.118
(6) Restoring &session-state
(6)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(6)   &session-state:TLS-Session-Version = "TLS 1.2"
(6) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
(6)   authorize {
(6)     policy filter_username {
(6)       if (&User-Name) {
(6)       if (&User-Name)  -> TRUE
(6)       if (&User-Name)  {
(6)         if (&User-Name =~ / /) {
(6)         if (&User-Name =~ / /)  -> FALSE
(6)         if (&User-Name =~ /@[^@]*@/ ) {
(6)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(6)         if (&User-Name =~ /\.\./ ) {
(6)         if (&User-Name =~ /\.\./ )  -> FALSE
(6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(6)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(6)         if (&User-Name =~ /\.$/)  {
(6)         if (&User-Name =~ /\.$/)   -> FALSE
(6)         if (&User-Name =~ /@\./)  {
(6)         if (&User-Name =~ /@\./)   -> FALSE
(6)       } # if (&User-Name)  = notfound
(6)     } # policy filter_username = notfound
(6)     [chap] = noop
(6)     [mschap] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL
(6) suffix: No such realm "NULL"
(6)     [suffix] = noop
(6)     update control {
(6)       &Proxy-To-Realm := LOCAL
(6)     } # update control = noop
(6) eap: Peer sent EAP Response (code 2) ID 7 length 58
(6) eap: Continuing tunnel setup
(6)     [eap] = ok
(6)   } # authorize = ok
(6) Found Auth-Type = eap
(6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(6)   authenticate {
(6) eap: Expiring EAP session with state 0x8e1144788b165d5a
(6) eap: Finished EAP session with state 0x8e1144788b165d5a
(6) eap: Previous EAP request found for state 0x8e1144788b165d5a, released from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: Continuing EAP-TLS
(6) eap_peap: [eaptls verify] = ok
(6) eap_peap: Done initial handshake
(6) eap_peap: [eaptls process] = ok
(6) eap_peap: Session established.  Decoding tunneled attributes
(6) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(6) eap_peap: Identity - host/WNAMTest.stand.ru
(6) eap_peap: Got inner identity 'host/WNAMTest.stand.ru'
(6) eap_peap: Setting default EAP type for tunneled EAP session
(6) eap_peap: Got tunneled request
(6) eap_peap:   EAP-Message = 0x0207001b01686f73742f574e414d546573742e7374616e642e7275
(6) eap_peap: Setting User-Name to host/WNAMTest.stand.ru
(6) eap_peap: Sending tunneled request to inner-tunnel
(6) eap_peap:   EAP-Message = 0x0207001b01686f73742f574e414d546573742e7374616e642e7275
(6) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
(6) eap_peap:   User-Name = "host/WNAMTest.stand.ru"
(6) Virtual server inner-tunnel received request
(6)   EAP-Message = 0x0207001b01686f73742f574e414d546573742e7374616e642e7275
(6)   FreeRADIUS-Proxied-To = 127.0.0.1
(6)   User-Name = "host/WNAMTest.stand.ru"
(6) WARNING: Outer and inner identities are the same.  User privacy is compromised.
(6) server inner-tunnel {
(6)   # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
(6)     authorize {
(6)       policy filter_username {
(6)         if (&User-Name) {
(6)         if (&User-Name)  -> TRUE
(6)         if (&User-Name)  {
(6)           if (&User-Name =~ / /) {
(6)           if (&User-Name =~ / /)  -> FALSE
(6)           if (&User-Name =~ /@[^@]*@/ ) {
(6)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(6)           if (&User-Name =~ /\.\./ ) {
(6)           if (&User-Name =~ /\.\./ )  -> FALSE
(6)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(6)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(6)           if (&User-Name =~ /\.$/)  {
(6)           if (&User-Name =~ /\.$/)   -> FALSE
(6)           if (&User-Name =~ /@\./)  {
(6)           if (&User-Name =~ /@\./)   -> FALSE
(6)         } # if (&User-Name)  = notfound
(6)       } # policy filter_username = notfound
(6)       [chap] = noop
(6)       [mschap] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL
(6) suffix: No such realm "NULL"
(6)       [suffix] = noop
(6)       update control {
(6)         &Proxy-To-Realm := LOCAL
(6)       } # update control = noop
(6) eap: Peer sent EAP Response (code 2) ID 7 length 27
(6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(6)       [eap] = ok
(6)     } # authorize = ok
(6)   Found Auth-Type = eap
(6)   # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(6)     authenticate {
(6) eap: Peer sent packet with method EAP Identity (1)
(6) eap: Calling submodule eap_mschapv2 to process data
(6) eap_mschapv2: Issuing Challenge
(6) eap: Sending EAP Request (code 1) ID 8 length 43
(6) eap: EAP session adding &reply:State = 0x80bfe1b680b7fb9c
(6)       [eap] = handled
(6)     } # authenticate = handled
(6) } # server inner-tunnel
(6) Virtual server sending reply
(6)   EAP-Message = 0x0108002b1a01080026106912a9030f5003beda5b4dec2f6730a8667265657261646975732d332e302e3231
(6)   Message-Authenticator = 0x00000000000000000000000000000000
(6)   State = 0x80bfe1b680b7fb9c548551106d70804b
(6) eap_peap: Got tunneled reply code 11
(6) eap_peap:   EAP-Message = 0x0108002b1a01080026106912a9030f5003beda5b4dec2f6730a8667265657261646975732d332e302e3231
(6) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(6) eap_peap:   State = 0x80bfe1b680b7fb9c548551106d70804b
(6) eap_peap: Got tunneled reply RADIUS code 11
(6) eap_peap:   EAP-Message = 0x0108002b1a01080026106912a9030f5003beda5b4dec2f6730a8667265657261646975732d332e302e3231
(6) eap_peap:   Message-Authenticator = 0x00000000000000000000000000000000
(6) eap_peap:   State = 0x80bfe1b680b7fb9c548551106d70804b
(6) eap_peap: Got tunneled Access-Challenge
(6) eap: Sending EAP Request (code 1) ID 8 length 74
(6) eap: EAP session adding &reply:State = 0x8e11447888195d5a
(6)     [eap] = handled
(6)   } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) Post-Auth-Type sub-section not found.  Ignoring.
(6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(6) session-state: Saving cached attributes
(6)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(6)   TLS-Session-Version = "TLS 1.2"
(6) Sent Access-Challenge Id 4 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0
(6)   EAP-Message = 0x0108004a1900170303003f9251a406bf3dbfb21ba0d54fc4fb678471339bd905a4d1efe72a529fbfa57ac4d537c3a217957d3ece4e5b8b66b75ccc379346f106da70cb435a9a8260dd81
(6)   Message-Authenticator = 0x00000000000000000000000000000000
(6)   State = 0x8e11447888195d5aaaf63b261b53a370
(6) Finished request
Waking up in 4.4 seconds.

Исходное сообщение
"freeradius dot1x dynamic vlan assignment" Отправлено Kovrevskii, 07-Дек-22 12:56
продолжение (4) Received Access-Request Id 2 from 10.8.150.118:1645 to 10.70.42.77:1645 length 305 (4) User-Name = "host/WNAMTest.stand.ru" (4) Service-Type = Framed-User (4) Framed-MTU = 1504 (4) Called-Station-Id = "00-17-E0-1C-15-87" (4) Calling-Station-Id = "00-E0-4C-31-0E-67" (4) EAP-Message = 0x0205008819800000007e1603030046100000424104a7375d5a0b4cab49e9fec1125a800f8a23c26057dfd1f42d8ed06d30fc26a0ea775bafbe3e498651218316b113d020f7acf8c30b2a28774e6ca313eb61c6342714030300010116030300280000000000000000af23d74f75fbe62067fe01739e17ce88600ae6f610789121a25b0f666b425f6f (4) Message-Authenticator = 0x399081e9a1a5c11037d7dc6d3b08bc65 (4) NAS-Port-Type = Ethernet (4) NAS-Port = 50005 (4) NAS-Port-Id = "FastEthernet0/5" (4) State = 0x8e1144788d145d5aaaf63b261b53a370 (4) NAS-IP-Address = 10.8.150.118 (4) session-state: No cached attributes (4) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (4) authorize { (4) policy filter_username { (4) if (&User-Name) { (4) if (&User-Name) -> TRUE (4) if (&User-Name) { (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@[^@]@/ ) { (4) if (&User-Name =~ /@[^@]@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # if (&User-Name) = notfound (4) } # policy filter_username = notfound (4) [chap] = noop (4) [mschap] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) update control { (4) &Proxy-To-Realm := LOCAL (4) } # update control = noop (4) eap: Peer sent EAP Response (code 2) ID 5 length 136 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = eap (4) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (4) authenticate { (4) eap: Expiring EAP session with state 0x8e1144788d145d5a (4) eap: Finished EAP session with state 0x8e1144788d145d5a (4) eap: Previous EAP request found for state 0x8e1144788d145d5a, released from the list (4) eap: Peer sent packet with method EAP PEAP (25) (4) eap: Calling submodule eap_peap to process data (4) eap_peap: Continuing EAP-TLS (4) eap_peap: Peer indicated complete TLS record size will be 126 bytes (4) eap_peap: Got complete TLS record (126 bytes) (4) eap_peap: [eaptls verify] = length included (4) eap_peap: TLS_accept: SSLv3/TLS write server done (4) eap_peap: <<< recv TLS 1.2 [length 0046] (4) eap_peap: TLS_accept: SSLv3/TLS read client key exchange (4) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec (4) eap_peap: <<< recv TLS 1.2 [length 0010] (4) eap_peap: TLS_accept: SSLv3/TLS read finished (4) eap_peap: >>> send TLS 1.2 [length 0001] (4) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec (4) eap_peap: >>> send TLS 1.2 [length 0010] (4) eap_peap: TLS_accept: SSLv3/TLS write finished (4) eap_peap: (other): SSL negotiation finished successfully (4) eap_peap: TLS - Connection Established (4) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (4) eap_peap: TLS-Session-Version = "TLS 1.2" (4) eap_peap: TLS - got 51 bytes of data (4) eap_peap: [eaptls process] = handled (4) eap: Sending EAP Request (code 1) ID 6 length 57 (4) eap: EAP session adding &reply:State = 0x8e1144788a175d5a (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) Post-Auth-Type sub-section not found. Ignoring. (4) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (4) session-state: Saving cached attributes (4) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (4) TLS-Session-Version = "TLS 1.2" (4) Sent Access-Challenge Id 2 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 (4) EAP-Message = 0x01060039190014030300010116030300289251a406bf3dbfb03724ace561a3dd1a3295ed2c4d17b05d85670ecad49cb5873a6f8eb092810370 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0x8e1144788a175d5aaaf63b261b53a370 (4) Finished request Waking up in 4.8 seconds. (5) Received Access-Request Id 3 from 10.8.150.118:1645 to 10.70.42.77:1645 length 175 (5) User-Name = "host/WNAMTest.stand.ru" (5) Service-Type = Framed-User (5) Framed-MTU = 1504 (5) Called-Station-Id = "00-17-E0-1C-15-87" (5) Calling-Station-Id = "00-E0-4C-31-0E-67" (5) EAP-Message = 0x020600061900 (5) Message-Authenticator = 0x325b51a8e67ce86e0d4401a06a1cadba (5) NAS-Port-Type = Ethernet (5) NAS-Port = 50005 (5) NAS-Port-Id = "FastEthernet0/5" (5) State = 0x8e1144788a175d5aaaf63b261b53a370 (5) NAS-IP-Address = 10.8.150.118 (5) Restoring &session-state (5) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (5) &session-state:TLS-Session-Version = "TLS 1.2" (5) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]@/ ) { (5) if (&User-Name =~ /@[^@]@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [chap] = noop (5) [mschap] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) update control { (5) &Proxy-To-Realm := LOCAL (5) } # update control = noop (5) eap: Peer sent EAP Response (code 2) ID 6 length 6 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = eap (5) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (5) authenticate { (5) eap: Expiring EAP session with state 0x8e1144788a175d5a (5) eap: Finished EAP session with state 0x8e1144788a175d5a (5) eap: Previous EAP request found for state 0x8e1144788a175d5a, released from the list (5) eap: Peer sent packet with method EAP PEAP (25) (5) eap: Calling submodule eap_peap to process data (5) eap_peap: Continuing EAP-TLS (5) eap_peap: Peer ACKed our handshake fragment. handshake is finished (5) eap_peap: [eaptls verify] = success (5) eap_peap: [eaptls process] = success (5) eap_peap: Session established. Decoding tunneled attributes (5) eap_peap: PEAP state TUNNEL ESTABLISHED (5) eap: Sending EAP Request (code 1) ID 7 length 40 (5) eap: EAP session adding &reply:State = 0x8e1144788b165d5a (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) Post-Auth-Type sub-section not found. Ignoring. (5) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (5) session-state: Saving cached attributes (5) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (5) TLS-Session-Version = "TLS 1.2" (5) Sent Access-Challenge Id 3 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 (5) EAP-Message = 0x010700281900170303001d9251a406bf3dbfb1c4883ad1165a072b12d250a2a4d4747b6748cd60ed (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0x8e1144788b165d5aaaf63b261b53a370 (5) Finished request Waking up in 4.8 seconds. (6) Received Access-Request Id 4 from 10.8.150.118:1645 to 10.70.42.77:1645 length 227 (6) User-Name = "host/WNAMTest.stand.ru" (6) Service-Type = Framed-User (6) Framed-MTU = 1504 (6) Called-Station-Id = "00-17-E0-1C-15-87" (6) Calling-Station-Id = "00-E0-4C-31-0E-67" (6) EAP-Message = 0x0207003a1900170303002f000000000000000155af9208b9017d53ad5ae04767876fbc5e85a534d96d067d5325b0772d3d76e28e379d081fb595 (6) Message-Authenticator = 0xac48ac31824eed7ee4ef2c0c7cea5934 (6) NAS-Port-Type = Ethernet (6) NAS-Port = 50005 (6) NAS-Port-Id = "FastEthernet0/5" (6) State = 0x8e1144788b165d5aaaf63b261b53a370 (6) NAS-IP-Address = 10.8.150.118 (6) Restoring &session-state (6) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (6) &session-state:TLS-Session-Version = "TLS 1.2" (6) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]@/ ) { (6) if (&User-Name =~ /@[^@]@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [chap] = noop (6) [mschap] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) update control { (6) &Proxy-To-Realm := LOCAL (6) } # update control = noop (6) eap: Peer sent EAP Response (code 2) ID 7 length 58 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = eap (6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (6) authenticate { (6) eap: Expiring EAP session with state 0x8e1144788b165d5a (6) eap: Finished EAP session with state 0x8e1144788b165d5a (6) eap: Previous EAP request found for state 0x8e1144788b165d5a, released from the list (6) eap: Peer sent packet with method EAP PEAP (25) (6) eap: Calling submodule eap_peap to process data (6) eap_peap: Continuing EAP-TLS (6) eap_peap: [eaptls verify] = ok (6) eap_peap: Done initial handshake (6) eap_peap: [eaptls process] = ok (6) eap_peap: Session established. Decoding tunneled attributes (6) eap_peap: PEAP state WAITING FOR INNER IDENTITY (6) eap_peap: Identity - host/WNAMTest.stand.ru (6) eap_peap: Got inner identity 'host/WNAMTest.stand.ru' (6) eap_peap: Setting default EAP type for tunneled EAP session (6) eap_peap: Got tunneled request (6) eap_peap: EAP-Message = 0x0207001b01686f73742f574e414d546573742e7374616e642e7275 (6) eap_peap: Setting User-Name to host/WNAMTest.stand.ru (6) eap_peap: Sending tunneled request to inner-tunnel (6) eap_peap: EAP-Message = 0x0207001b01686f73742f574e414d546573742e7374616e642e7275 (6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (6) eap_peap: User-Name = "host/WNAMTest.stand.ru" (6) Virtual server inner-tunnel received request (6) EAP-Message = 0x0207001b01686f73742f574e414d546573742e7374616e642e7275 (6) FreeRADIUS-Proxied-To = 127.0.0.1 (6) User-Name = "host/WNAMTest.stand.ru" (6) WARNING: Outer and inner identities are the same. User privacy is compromised. (6) server inner-tunnel { (6) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]@/ ) { (6) if (&User-Name =~ /@[^@]@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [chap] = noop (6) [mschap] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) update control { (6) &Proxy-To-Realm := LOCAL (6) } # update control = noop (6) eap: Peer sent EAP Response (code 2) ID 7 length 27 (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = eap (6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (6) authenticate { (6) eap: Peer sent packet with method EAP Identity (1) (6) eap: Calling submodule eap_mschapv2 to process data (6) eap_mschapv2: Issuing Challenge (6) eap: Sending EAP Request (code 1) ID 8 length 43 (6) eap: EAP session adding &reply:State = 0x80bfe1b680b7fb9c (6) [eap] = handled (6) } # authenticate = handled (6) } # server inner-tunnel (6) Virtual server sending reply (6) EAP-Message = 0x0108002b1a01080026106912a9030f5003beda5b4dec2f6730a8667265657261646975732d332e302e3231 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x80bfe1b680b7fb9c548551106d70804b (6) eap_peap: Got tunneled reply code 11 (6) eap_peap: EAP-Message = 0x0108002b1a01080026106912a9030f5003beda5b4dec2f6730a8667265657261646975732d332e302e3231 (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0x80bfe1b680b7fb9c548551106d70804b (6) eap_peap: Got tunneled reply RADIUS code 11 (6) eap_peap: EAP-Message = 0x0108002b1a01080026106912a9030f5003beda5b4dec2f6730a8667265657261646975732d332e302e3231 (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0x80bfe1b680b7fb9c548551106d70804b (6) eap_peap: Got tunneled Access-Challenge (6) eap: Sending EAP Request (code 1) ID 8 length 74 (6) eap: EAP session adding &reply:State = 0x8e11447888195d5a (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) Post-Auth-Type sub-section not found. Ignoring. (6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (6) session-state: Saving cached attributes (6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (6) TLS-Session-Version = "TLS 1.2" (6) Sent Access-Challenge Id 4 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 (6) EAP-Message = 0x0108004a1900170303003f9251a406bf3dbfb21ba0d54fc4fb678471339bd905a4d1efe72a529fbfa57ac4d537c3a217957d3ece4e5b8b66b75ccc379346f106da70cb435a9a8260dd81 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x8e11447888195d5aaaf63b261b53a370 (6) Finished request Waking up in 4.4 seconds.

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	> продолжение > (4) Received Access-Request Id 2 from 10.8.150.118:1645 to 10.70.42.77:1645 length 305 > (4) User-Name = "host/WNAMTest.stand.ru" > (4) Service-Type = Framed-User > (4) Framed-MTU = 1504 > (4) Called-Station-Id = "00-17-E0-1C-15-87" > (4) Calling-Station-Id = "00-E0-4C-31-0E-67" > (4) EAP-Message = 0x0205008819800000007e1603030046100000424104a7375d5a0b4cab49e9fec1125a800f8a23c26057dfd1f42d8ed06d30fc26a0ea775bafbe3e498651218316b113d020f7acf8c30b2a28774e6ca313eb61c6342714030300010116030300280000000000000000af23d74f75fbe62067fe01739e17ce88600ae6f610789121a25b0f666b425f6f > (4) Message-Authenticator = 0x399081e9a1a5c11037d7dc6d3b08bc65 > (4) NAS-Port-Type = Ethernet > (4) NAS-Port = 50005 > (4) NAS-Port-Id = "FastEthernet0/5" > (4) State = 0x8e1144788d145d5aaaf63b261b53a370 > (4) NAS-IP-Address = 10.8.150.118 > (4) session-state: No cached attributes > (4) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel > (4) authorize { > (4) policy filter_username { > (4) if (&User-Name) { > (4) if (&User-Name) -> TRUE > (4) if (&User-Name) { > (4) if (&User-Name =~ > / /) { > (4) if (&User-Name =~ > / /) -> FALSE > (4) if (&User-Name =~ > /@[^@]@/ ) { > (4) if (&User-Name =~ > /@[^@]@/ ) -> FALSE > (4) if (&User-Name =~ > /\.\./ ) { > (4) if (&User-Name =~ > /\.\./ ) -> FALSE > (4) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { > (4) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE > (4) if (&User-Name =~ > /\.$/) { > (4) if (&User-Name =~ > /\.$/) -> FALSE > (4) if (&User-Name =~ > /@\./) { > (4) if (&User-Name =~ > /@\./) -> FALSE > (4) } # if (&User-Name) > = notfound > (4) } # policy filter_username = notfound > (4) [chap] = noop > (4) [mschap] = noop > (4) suffix: Checking for suffix after "@" > (4) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL > (4) suffix: No such realm "NULL" > (4) [suffix] = noop > (4) update control { > (4) &Proxy-To-Realm := LOCAL > (4) } # update control = noop > (4) eap: Peer sent EAP Response (code 2) ID 5 length 136 > (4) eap: Continuing tunnel setup > (4) [eap] = ok > (4) } # authorize = ok > (4) Found Auth-Type = eap > (4) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (4) authenticate { > (4) eap: Expiring EAP session with state 0x8e1144788d145d5a > (4) eap: Finished EAP session with state 0x8e1144788d145d5a > (4) eap: Previous EAP request found for state 0x8e1144788d145d5a, released from the > list > (4) eap: Peer sent packet with method EAP PEAP (25) > (4) eap: Calling submodule eap_peap to process data > (4) eap_peap: Continuing EAP-TLS > (4) eap_peap: Peer indicated complete TLS record size will be 126 bytes > (4) eap_peap: Got complete TLS record (126 bytes) > (4) eap_peap: [eaptls verify] = length included > (4) eap_peap: TLS_accept: SSLv3/TLS write server done > (4) eap_peap: <<< recv TLS 1.2 [length 0046] > (4) eap_peap: TLS_accept: SSLv3/TLS read client key exchange > (4) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec > (4) eap_peap: <<< recv TLS 1.2 [length 0010] > (4) eap_peap: TLS_accept: SSLv3/TLS read finished > (4) eap_peap: >>> send TLS 1.2 [length 0001] > (4) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec > (4) eap_peap: >>> send TLS 1.2 [length 0010] > (4) eap_peap: TLS_accept: SSLv3/TLS write finished > (4) eap_peap: (other): SSL negotiation finished successfully > (4) eap_peap: TLS - Connection Established > (4) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" > (4) eap_peap: TLS-Session-Version = "TLS 1.2" > (4) eap_peap: TLS - got 51 bytes of data > (4) eap_peap: [eaptls process] = handled > (4) eap: Sending EAP Request (code 1) ID 6 length 57 > (4) eap: EAP session adding &reply:State = 0x8e1144788a175d5a > (4) [eap] = handled > (4) } # authenticate = handled > (4) Using Post-Auth-Type Challenge > (4) Post-Auth-Type sub-section not found. Ignoring. > (4) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (4) session-state: Saving cached attributes > (4) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" > (4) TLS-Session-Version = "TLS 1.2" > (4) Sent Access-Challenge Id 2 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 > (4) EAP-Message = 0x01060039190014030300010116030300289251a406bf3dbfb03724ace561a3dd1a3295ed2c4d17b05d85670ecad49cb5873a6f8eb092810370 > (4) Message-Authenticator = 0x00000000000000000000000000000000 > (4) State = 0x8e1144788a175d5aaaf63b261b53a370 > (4) Finished request > Waking up in 4.8 seconds. > (5) Received Access-Request Id 3 from 10.8.150.118:1645 to 10.70.42.77:1645 length 175 > (5) User-Name = "host/WNAMTest.stand.ru" > (5) Service-Type = Framed-User > (5) Framed-MTU = 1504 > (5) Called-Station-Id = "00-17-E0-1C-15-87" > (5) Calling-Station-Id = "00-E0-4C-31-0E-67" > (5) EAP-Message = 0x020600061900 > (5) Message-Authenticator = 0x325b51a8e67ce86e0d4401a06a1cadba > (5) NAS-Port-Type = Ethernet > (5) NAS-Port = 50005 > (5) NAS-Port-Id = "FastEthernet0/5" > (5) State = 0x8e1144788a175d5aaaf63b261b53a370 > (5) NAS-IP-Address = 10.8.150.118 > (5) Restoring &session-state > (5) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" > (5) &session-state:TLS-Session-Version = "TLS 1.2" > (5) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel > (5) authorize { > (5) policy filter_username { > (5) if (&User-Name) { > (5) if (&User-Name) -> TRUE > (5) if (&User-Name) { > (5) if (&User-Name =~ > / /) { > (5) if (&User-Name =~ > / /) -> FALSE > (5) if (&User-Name =~ > /@[^@]@/ ) { > (5) if (&User-Name =~ > /@[^@]@/ ) -> FALSE > (5) if (&User-Name =~ > /\.\./ ) { > (5) if (&User-Name =~ > /\.\./ ) -> FALSE > (5) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { > (5) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE > (5) if (&User-Name =~ > /\.$/) { > (5) if (&User-Name =~ > /\.$/) -> FALSE > (5) if (&User-Name =~ > /@\./) { > (5) if (&User-Name =~ > /@\./) -> FALSE > (5) } # if (&User-Name) > = notfound > (5) } # policy filter_username = notfound > (5) [chap] = noop > (5) [mschap] = noop > (5) suffix: Checking for suffix after "@" > (5) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL > (5) suffix: No such realm "NULL" > (5) [suffix] = noop > (5) update control { > (5) &Proxy-To-Realm := LOCAL > (5) } # update control = noop > (5) eap: Peer sent EAP Response (code 2) ID 6 length 6 > (5) eap: Continuing tunnel setup > (5) [eap] = ok > (5) } # authorize = ok > (5) Found Auth-Type = eap > (5) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (5) authenticate { > (5) eap: Expiring EAP session with state 0x8e1144788a175d5a > (5) eap: Finished EAP session with state 0x8e1144788a175d5a > (5) eap: Previous EAP request found for state 0x8e1144788a175d5a, released from the > list > (5) eap: Peer sent packet with method EAP PEAP (25) > (5) eap: Calling submodule eap_peap to process data > (5) eap_peap: Continuing EAP-TLS > (5) eap_peap: Peer ACKed our handshake fragment. handshake is finished > (5) eap_peap: [eaptls verify] = success > (5) eap_peap: [eaptls process] = success > (5) eap_peap: Session established. Decoding tunneled attributes > (5) eap_peap: PEAP state TUNNEL ESTABLISHED > (5) eap: Sending EAP Request (code 1) ID 7 length 40 > (5) eap: EAP session adding &reply:State = 0x8e1144788b165d5a > (5) [eap] = handled > (5) } # authenticate = handled > (5) Using Post-Auth-Type Challenge > (5) Post-Auth-Type sub-section not found. Ignoring. > (5) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (5) session-state: Saving cached attributes > (5) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" > (5) TLS-Session-Version = "TLS 1.2" > (5) Sent Access-Challenge Id 3 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 > (5) EAP-Message = 0x010700281900170303001d9251a406bf3dbfb1c4883ad1165a072b12d250a2a4d4747b6748cd60ed > (5) Message-Authenticator = 0x00000000000000000000000000000000 > (5) State = 0x8e1144788b165d5aaaf63b261b53a370 > (5) Finished request > Waking up in 4.8 seconds. > (6) Received Access-Request Id 4 from 10.8.150.118:1645 to 10.70.42.77:1645 length 227 > (6) User-Name = "host/WNAMTest.stand.ru" > (6) Service-Type = Framed-User > (6) Framed-MTU = 1504 > (6) Called-Station-Id = "00-17-E0-1C-15-87" > (6) Calling-Station-Id = "00-E0-4C-31-0E-67" > (6) EAP-Message = 0x0207003a1900170303002f000000000000000155af9208b9017d53ad5ae04767876fbc5e85a534d96d067d5325b0772d3d76e28e379d081fb595 > (6) Message-Authenticator = 0xac48ac31824eed7ee4ef2c0c7cea5934 > (6) NAS-Port-Type = Ethernet > (6) NAS-Port = 50005 > (6) NAS-Port-Id = "FastEthernet0/5" > (6) State = 0x8e1144788b165d5aaaf63b261b53a370 > (6) NAS-IP-Address = 10.8.150.118 > (6) Restoring &session-state > (6) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" > (6) &session-state:TLS-Session-Version = "TLS 1.2" > (6) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel > (6) authorize { > (6) policy filter_username { > (6) if (&User-Name) { > (6) if (&User-Name) -> TRUE > (6) if (&User-Name) { > (6) if (&User-Name =~ > / /) { > (6) if (&User-Name =~ > / /) -> FALSE > (6) if (&User-Name =~ > /@[^@]@/ ) { > (6) if (&User-Name =~ > /@[^@]@/ ) -> FALSE > (6) if (&User-Name =~ > /\.\./ ) { > (6) if (&User-Name =~ > /\.\./ ) -> FALSE > (6) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { > (6) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE > (6) if (&User-Name =~ > /\.$/) { > (6) if (&User-Name =~ > /\.$/) -> FALSE > (6) if (&User-Name =~ > /@\./) { > (6) if (&User-Name =~ > /@\./) -> FALSE > (6) } # if (&User-Name) > = notfound > (6) } # policy filter_username = notfound > (6) [chap] = noop > (6) [mschap] = noop > (6) suffix: Checking for suffix after "@" > (6) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL > (6) suffix: No such realm "NULL" > (6) [suffix] = noop > (6) update control { > (6) &Proxy-To-Realm := LOCAL > (6) } # update control = noop > (6) eap: Peer sent EAP Response (code 2) ID 7 length 58 > (6) eap: Continuing tunnel setup > (6) [eap] = ok > (6) } # authorize = ok > (6) Found Auth-Type = eap > (6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (6) authenticate { > (6) eap: Expiring EAP session with state 0x8e1144788b165d5a > (6) eap: Finished EAP session with state 0x8e1144788b165d5a > (6) eap: Previous EAP request found for state 0x8e1144788b165d5a, released from the > list > (6) eap: Peer sent packet with method EAP PEAP (25) > (6) eap: Calling submodule eap_peap to process data > (6) eap_peap: Continuing EAP-TLS > (6) eap_peap: [eaptls verify] = ok > (6) eap_peap: Done initial handshake > (6) eap_peap: [eaptls process] = ok > (6) eap_peap: Session established. Decoding tunneled attributes > (6) eap_peap: PEAP state WAITING FOR INNER IDENTITY > (6) eap_peap: Identity - host/WNAMTest.stand.ru > (6) eap_peap: Got inner identity 'host/WNAMTest.stand.ru' > (6) eap_peap: Setting default EAP type for tunneled EAP session > (6) eap_peap: Got tunneled request > (6) eap_peap: EAP-Message = 0x0207001b01686f73742f574e414d546573742e7374616e642e7275 > (6) eap_peap: Setting User-Name to host/WNAMTest.stand.ru > (6) eap_peap: Sending tunneled request to inner-tunnel > (6) eap_peap: EAP-Message = 0x0207001b01686f73742f574e414d546573742e7374616e642e7275 > (6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 > (6) eap_peap: User-Name = "host/WNAMTest.stand.ru" > (6) Virtual server inner-tunnel received request > (6) EAP-Message = 0x0207001b01686f73742f574e414d546573742e7374616e642e7275 > (6) FreeRADIUS-Proxied-To = 127.0.0.1 > (6) User-Name = "host/WNAMTest.stand.ru" > (6) WARNING: Outer and inner identities are the same. User privacy > is compromised. > (6) server inner-tunnel { > (6) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel > (6) authorize { > (6) policy filter_username { > (6) if (&User-Name) { > (6) if (&User-Name) > -> TRUE > (6) if (&User-Name) > { > (6) if > (&User-Name =~ / /) { > (6) if > (&User-Name =~ / /) -> FALSE > (6) if > (&User-Name =~ /@[^@]@/ ) { > (6) if > (&User-Name =~ /@[^@]@/ ) -> FALSE > (6) if > (&User-Name =~ /\.\./ ) { > (6) if > (&User-Name =~ /\.\./ ) -> FALSE > (6) if > ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { > (6) if > ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE > (6) if > (&User-Name =~ /\.$/) { > (6) if > (&User-Name =~ /\.$/) -> FALSE > (6) if > (&User-Name =~ /@\./) { > (6) if > (&User-Name =~ /@\./) -> FALSE > (6) } # if > (&User-Name) = notfound > (6) } # policy filter_username = > notfound > (6) [chap] = noop > (6) [mschap] = noop > (6) suffix: Checking for suffix after "@" > (6) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL > (6) suffix: No such realm "NULL" > (6) [suffix] = noop > (6) update control { > (6) &Proxy-To-Realm := LOCAL > (6) } # update control = > noop > (6) eap: Peer sent EAP Response (code 2) ID 7 length 27 > (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest > of authorize > (6) [eap] = ok > (6) } # authorize = ok > (6) Found Auth-Type = eap > (6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (6) authenticate { > (6) eap: Peer sent packet with method EAP Identity (1) > (6) eap: Calling submodule eap_mschapv2 to process data > (6) eap_mschapv2: Issuing Challenge > (6) eap: Sending EAP Request (code 1) ID 8 length 43 > (6) eap: EAP session adding &reply:State = 0x80bfe1b680b7fb9c > (6) [eap] = handled > (6) } # authenticate = handled > (6) } # server inner-tunnel > (6) Virtual server sending reply > (6) EAP-Message = 0x0108002b1a01080026106912a9030f5003beda5b4dec2f6730a8667265657261646975732d332e302e3231 > (6) Message-Authenticator = 0x00000000000000000000000000000000 > (6) State = 0x80bfe1b680b7fb9c548551106d70804b > (6) eap_peap: Got tunneled reply code 11 > (6) eap_peap: EAP-Message = 0x0108002b1a01080026106912a9030f5003beda5b4dec2f6730a8667265657261646975732d332e302e3231 > (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 > (6) eap_peap: State = 0x80bfe1b680b7fb9c548551106d70804b > (6) eap_peap: Got tunneled reply RADIUS code 11 > (6) eap_peap: EAP-Message = 0x0108002b1a01080026106912a9030f5003beda5b4dec2f6730a8667265657261646975732d332e302e3231 > (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 > (6) eap_peap: State = 0x80bfe1b680b7fb9c548551106d70804b > (6) eap_peap: Got tunneled Access-Challenge > (6) eap: Sending EAP Request (code 1) ID 8 length 74 > (6) eap: EAP session adding &reply:State = 0x8e11447888195d5a > (6) [eap] = handled > (6) } # authenticate = handled > (6) Using Post-Auth-Type Challenge > (6) Post-Auth-Type sub-section not found. Ignoring. > (6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (6) session-state: Saving cached attributes > (6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" > (6) TLS-Session-Version = "TLS 1.2" > (6) Sent Access-Challenge Id 4 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 > (6) EAP-Message = 0x0108004a1900170303003f9251a406bf3dbfb21ba0d54fc4fb678471339bd905a4d1efe72a529fbfa57ac4d537c3a217957d3ece4e5b8b66b75ccc379346f106da70cb435a9a8260dd81 > (6) Message-Authenticator = 0x00000000000000000000000000000000 > (6) State = 0x8e11447888195d5aaaf63b261b53a370 > (6) Finished request > Waking up in 4.4 seconds.
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру