forum.opennet.ru

Составление сообщения

Исходное сообщение

"freeradius dot1x dynamic vlan assignment"
Отправлено Kovrevskii, 07-Дек-22 13:07

если в разделе post auth прописать if (1)
то выходит ошибка
(8) Received Access-Request Id 16 from 10.8.150.118:1645 to 10.70.42.77:1645 length 206
(8)   User-Name = "host/WNAMTest.stand.ru"
(8)   Service-Type = Framed-User
(8)   Framed-MTU = 1504
(8)   Called-Station-Id = "00-17-E0-1C-15-87"
(8)   Calling-Station-Id = "00-E0-4C-31-0E-67"
(8)   EAP-Message = 0x020900251900170303001a0000000000000003bfc49b79f8e6a33b3dbb7bd7c40602262192
(8)   Message-Authenticator = 0x85293261230a81879ef33b04ef76807d
(8)   NAS-Port-Type = Ethernet
(8)   NAS-Port = 50005
(8)   NAS-Port-Id = "FastEthernet0/5"
(8)   State = 0x35db708332d269e6230a007503c37627
(8)   NAS-IP-Address = 10.8.150.118
(8) Restoring &session-state
(8)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(8)   &session-state:TLS-Session-Version = "TLS 1.2"
(8) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
(8)   authorize {
(8)     policy filter_username {
(8)       if (&User-Name) {
(8)       if (&User-Name)  -> TRUE
(8)       if (&User-Name)  {
(8)         if (&User-Name =~ / /) {
(8)         if (&User-Name =~ / /)  -> FALSE
(8)         if (&User-Name =~ /@[^@]*@/ ) {
(8)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(8)         if (&User-Name =~ /\.\./ ) {
(8)         if (&User-Name =~ /\.\./ )  -> FALSE
(8)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(8)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(8)         if (&User-Name =~ /\.$/)  {
(8)         if (&User-Name =~ /\.$/)   -> FALSE
(8)         if (&User-Name =~ /@\./)  {
(8)         if (&User-Name =~ /@\./)   -> FALSE
(8)       } # if (&User-Name)  = notfound
(8)     } # policy filter_username = notfound
(8)     [chap] = noop
(8)     [mschap] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL
(8) suffix: No such realm "NULL"
(8)     [suffix] = noop
(8)     update control {
(8)       &Proxy-To-Realm := LOCAL
(8)     } # update control = noop
(8) eap: Peer sent EAP Response (code 2) ID 9 length 37
(8) eap: Continuing tunnel setup
(8)     [eap] = ok
(8)   } # authorize = ok
(8) Found Auth-Type = eap
(8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(8)   authenticate {
(8) eap: Expiring EAP session with state 0xe0803171e1892b17
(8) eap: Finished EAP session with state 0x35db708332d269e6
(8) eap: Previous EAP request found for state 0x35db708332d269e6, released from the list
(8) eap: Peer sent packet with method EAP PEAP (25)
(8) eap: Calling submodule eap_peap to process data
(8) eap_peap: Continuing EAP-TLS
(8) eap_peap: [eaptls verify] = ok
(8) eap_peap: Done initial handshake
(8) eap_peap: [eaptls process] = ok
(8) eap_peap: Session established.  Decoding tunneled attributes
(8) eap_peap: PEAP state phase2
(8) eap_peap: EAP method MSCHAPv2 (26)
(8) eap_peap: Got tunneled request
(8) eap_peap:   EAP-Message = 0x020900061a03
(8) eap_peap: Setting User-Name to host/WNAMTest.stand.ru
(8) eap_peap: Sending tunneled request to inner-tunnel
(8) eap_peap:   EAP-Message = 0x020900061a03
(8) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
(8) eap_peap:   User-Name = "host/WNAMTest.stand.ru"
(8) eap_peap:   State = 0xe0803171e1892b17e57438631f9978dd
(8) Virtual server inner-tunnel received request
(8)   EAP-Message = 0x020900061a03
(8)   FreeRADIUS-Proxied-To = 127.0.0.1
(8)   User-Name = "host/WNAMTest.stand.ru"
(8)   State = 0xe0803171e1892b17e57438631f9978dd
(8) WARNING: Outer and inner identities are the same.  User privacy is compromised.
(8) server inner-tunnel {
(8)   session-state: No cached attributes
(8)   # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
(8)     authorize {
(8)       policy filter_username {
(8)         if (&User-Name) {
(8)         if (&User-Name)  -> TRUE
(8)         if (&User-Name)  {
(8)           if (&User-Name =~ / /) {
(8)           if (&User-Name =~ / /)  -> FALSE
(8)           if (&User-Name =~ /@[^@]*@/ ) {
(8)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(8)           if (&User-Name =~ /\.\./ ) {
(8)           if (&User-Name =~ /\.\./ )  -> FALSE
(8)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(8)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(8)           if (&User-Name =~ /\.$/)  {
(8)           if (&User-Name =~ /\.$/)   -> FALSE
(8)           if (&User-Name =~ /@\./)  {
(8)           if (&User-Name =~ /@\./)   -> FALSE
(8)         } # if (&User-Name)  = notfound
(8)       } # policy filter_username = notfound
(8)       [chap] = noop
(8)       [mschap] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL
(8) suffix: No such realm "NULL"
(8)       [suffix] = noop
(8)       update control {
(8)         &Proxy-To-Realm := LOCAL
(8)       } # update control = noop
(8) eap: Peer sent EAP Response (code 2) ID 9 length 6
(8) eap: No EAP Start, assuming it's an on-going EAP conversation
(8)       [eap] = updated
(8)       [files] = noop
(8)       [expiration] = noop
(8)       [logintime] = noop
(8)       [pap] = noop
(8)     } # authorize = updated
(8)   Found Auth-Type = eap
(8)   # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(8)     authenticate {
(8) eap: Expiring EAP session with state 0xe0803171e1892b17
(8) eap: Finished EAP session with state 0xe0803171e1892b17
(8) eap: Previous EAP request found for state 0xe0803171e1892b17, released from the list
(8) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(8) eap: Calling submodule eap_mschapv2 to process data
(8) eap: Sending EAP Success (code 3) ID 9 length 4
(8) eap: Freeing handler
(8)       [eap] = ok
(8)     } # authenticate = ok
(8)   # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel
(8)     post-auth {
(8)       if (1) {
(8)       if (1)  -> TRUE
(8)       if (1)  {
(8)         update reply {
(8)           User-Name !* ANY
(8)           Message-Authenticator !* ANY
(8)           EAP-Message !* ANY
(8)           Proxy-State !* ANY
(8)           MS-MPPE-Encryption-Types !* ANY
(8)           MS-MPPE-Encryption-Policy !* ANY
(8)           MS-MPPE-Send-Key !* ANY
(8)           MS-MPPE-Recv-Key !* ANY
(8)           Tunnel-Type = VLAN
(8)           Tunnel-Medium-Type = IEEE-802
(8)           Tunnel-Private-Group-Id = "150"
(8)         } # update reply = noop
(8)         update {
(8)           &outer.session-state::Tunnel-Type += &reply:Tunnel-Type[*] -> VLAN
(8)           &outer.session-state::Tunnel-Medium-Type += &reply:Tunnel-Medium-Type[*] -> IEEE-802
(8)           &outer.session-state::Tunnel-Private-Group-Id += &reply:Tunnel-Private-Group-Id[*] -> '150'
(8)         } # update = noop
(8)       } # if (1)  = noop
(8)     } # post-auth = noop
(8) } # server inner-tunnel
(8) Virtual server sending reply
(8)   Tunnel-Type = VLAN
(8)   Tunnel-Medium-Type = IEEE-802
(8)   Tunnel-Private-Group-Id = "150"
(8) eap_peap: Got tunneled reply code 2
(8) eap_peap:   Tunnel-Type = VLAN
(8) eap_peap:   Tunnel-Medium-Type = IEEE-802
(8) eap_peap:   Tunnel-Private-Group-Id = "150"
(8) eap_peap: Got tunneled reply RADIUS code 2
(8) eap_peap:   Tunnel-Type = VLAN
(8) eap_peap:   Tunnel-Medium-Type = IEEE-802
(8) eap_peap:   Tunnel-Private-Group-Id = "150"
(8) eap_peap: Tunneled authentication was successful
(8) eap_peap: SUCCESS
(8) eap_peap: Saving tunneled attributes for later
(8) eap: Sending EAP Request (code 1) ID 10 length 46
(8) eap: EAP session adding &reply:State = 0x35db70833dd169e6
(8)     [eap] = handled
(8)   } # authenticate = handled
(8) Using Post-Auth-Type Challenge
(8) Post-Auth-Type sub-section not found.  Ignoring.
(8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(8) session-state: Saving cached attributes
(8)   TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(8)   TLS-Session-Version = "TLS 1.2"
(8)   Tunnel-Type += VLAN
(8)   Tunnel-Medium-Type += IEEE-802
(8)   Tunnel-Private-Group-Id += "150"
(8) Sent Access-Challenge Id 16 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0
(8)   EAP-Message = 0x010a002e190017030300239656895d9d047f0c62289e622c8e69d1d72d7d601c1981ec4514bfc83655820d0b7eae
(8)   Message-Authenticator = 0x00000000000000000000000000000000
(8)   State = 0x35db70833dd169e6230a007503c37627
(8) Finished request
Waking up in 2.0 seconds.
(9) Received Access-Request Id 17 from 10.8.150.118:1645 to 10.70.42.77:1645 length 215
(9)   User-Name = "host/WNAMTest.stand.ru"
(9)   Service-Type = Framed-User
(9)   Framed-MTU = 1504
(9)   Called-Station-Id = "00-17-E0-1C-15-87"
(9)   Calling-Station-Id = "00-E0-4C-31-0E-67"
(9)   EAP-Message = 0x020a002e1900170303002300000000000000042f9e214e97dbecd34987e322d107aee761efe52b96b406123d7d9f
(9)   Message-Authenticator = 0x85051369b1f749095a19433c21200733
(9)   NAS-Port-Type = Ethernet
(9)   NAS-Port = 50005
(9)   NAS-Port-Id = "FastEthernet0/5"
(9)   State = 0x35db70833dd169e6230a007503c37627
(9)   NAS-IP-Address = 10.8.150.118
(9) Restoring &session-state
(9)   &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(9)   &session-state:TLS-Session-Version = "TLS 1.2"
(9)   &session-state:Tunnel-Type += VLAN
(9)   &session-state:Tunnel-Medium-Type += IEEE-802
(9)   &session-state:Tunnel-Private-Group-Id += "150"
(9) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
(9)   authorize {
(9)     policy filter_username {
(9)       if (&User-Name) {
(9)       if (&User-Name)  -> TRUE
(9)       if (&User-Name)  {
(9)         if (&User-Name =~ / /) {
(9)         if (&User-Name =~ / /)  -> FALSE
(9)         if (&User-Name =~ /@[^@]*@/ ) {
(9)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(9)         if (&User-Name =~ /\.\./ ) {
(9)         if (&User-Name =~ /\.\./ )  -> FALSE
(9)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(9)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(9)         if (&User-Name =~ /\.$/)  {
(9)         if (&User-Name =~ /\.$/)   -> FALSE
(9)         if (&User-Name =~ /@\./)  {
(9)         if (&User-Name =~ /@\./)   -> FALSE
(9)       } # if (&User-Name)  = notfound
(9)     } # policy filter_username = notfound
(9)     [chap] = noop
(9)     [mschap] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL
(9) suffix: No such realm "NULL"
(9)     [suffix] = noop
(9)     update control {
(9)       &Proxy-To-Realm := LOCAL
(9)     } # update control = noop
(9) eap: Peer sent EAP Response (code 2) ID 10 length 46
(9) eap: Continuing tunnel setup
(9)     [eap] = ok
(9)   } # authorize = ok
(9) Found Auth-Type = eap
(9) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(9)   authenticate {
(9) eap: Expiring EAP session with state 0x35db70833dd169e6
(9) eap: Finished EAP session with state 0x35db70833dd169e6
(9) eap: Previous EAP request found for state 0x35db70833dd169e6, released from the list
(9) eap: Peer sent packet with method EAP PEAP (25)
(9) eap: Calling submodule eap_peap to process data
(9) eap_peap: Continuing EAP-TLS
(9) eap_peap: [eaptls verify] = ok
(9) eap_peap: Done initial handshake
(9) eap_peap: [eaptls process] = ok
(9) eap_peap: Session established.  Decoding tunneled attributes
(9) eap_peap: PEAP state send tlv success
(9) eap_peap: Received EAP-TLV response
(9) eap_peap: Success
(9) eap_peap: Using saved attributes from the original Access-Accept
(9) eap_peap:   Tunnel-Type = VLAN
(9) eap_peap:   Tunnel-Medium-Type = IEEE-802
(9) eap_peap:   Tunnel-Private-Group-Id = "150"
(9) eap: Sending EAP Success (code 3) ID 10 length 4
(9) eap: Freeing handler
(9)     [eap] = ok
(9)   } # authenticate = ok
(9) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel
(9)   post-auth {
(9)     if (1) {
(9)     if (1)  -> TRUE
(9)     if (1)  {
(9)       update reply {
(9)         User-Name !* ANY
(9)         Message-Authenticator !* ANY
(9)         EAP-Message !* ANY
(9)         Proxy-State !* ANY
(9)         MS-MPPE-Encryption-Types !* ANY
(9)         MS-MPPE-Encryption-Policy !* ANY
(9)         MS-MPPE-Send-Key !* ANY
(9)         MS-MPPE-Recv-Key !* ANY
(9)         Tunnel-Type = VLAN
(9)         Tunnel-Medium-Type = IEEE-802
(9)         Tunnel-Private-Group-Id = "150"
(9)       } # update reply = noop
(9)       update {
(9)         ERROR: Mapping "&reply:" -> "&outer.session-state:" invalid in this context
(9)       } # update = invalid
(9)     } # if (1)  = invalid
(9)   } # post-auth = invalid
(9) Using Post-Auth-Type Reject
(9) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(9)   Post-Auth-Type REJECT {
(9) attr_filter.access_reject: EXPAND %{User-Name}
(9) attr_filter.access_reject:    --> host/WNAMTest.stand.ru
(9) attr_filter.access_reject: Matched entry DEFAULT at line 11
(9)     [attr_filter.access_reject] = updated
(9)     update outer.session-state {
(9)       ERROR: Mapping "&request:Module-Failure-Message" -> "&Module-Failure-Message" invalid in this context
(9)     } # update outer.session-state = invalid
(9)   } # Post-Auth-Type REJECT = invalid
(9) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.1 seconds.
(0) Cleaning up request packet ID 8 with timestamp +147
(1) Cleaning up request packet ID 9 with timestamp +147
(2) Cleaning up request packet ID 10 with timestamp +147
(3) Cleaning up request packet ID 11 with timestamp +147
(4) Cleaning up request packet ID 12 with timestamp +147
(5) Cleaning up request packet ID 13 with timestamp +147
Waking up in 0.2 seconds.
(9) Sending delayed response
(9) Sent Access-Reject Id 17 from 10.70.42.77:1645 to 10.8.150.118:1645 length 20
(6) Cleaning up request packet ID 14 with timestamp +148
Waking up in 0.7 seconds.
(7) Cleaning up request packet ID 15 with timestamp +148
Waking up in 1.6 seconds.
(8) Cleaning up request packet ID 16 with timestamp +150
Waking up in 1.5 seconds.
(9) Cleaning up request packet ID 17 with timestamp +152
Ready to process requests

Исходное сообщение
"freeradius dot1x dynamic vlan assignment" Отправлено Kovrevskii, 07-Дек-22 13:07
если в разделе post auth прописать if (1) то выходит ошибка (8) Received Access-Request Id 16 from 10.8.150.118:1645 to 10.70.42.77:1645 length 206 (8) User-Name = "host/WNAMTest.stand.ru" (8) Service-Type = Framed-User (8) Framed-MTU = 1504 (8) Called-Station-Id = "00-17-E0-1C-15-87" (8) Calling-Station-Id = "00-E0-4C-31-0E-67" (8) EAP-Message = 0x020900251900170303001a0000000000000003bfc49b79f8e6a33b3dbb7bd7c40602262192 (8) Message-Authenticator = 0x85293261230a81879ef33b04ef76807d (8) NAS-Port-Type = Ethernet (8) NAS-Port = 50005 (8) NAS-Port-Id = "FastEthernet0/5" (8) State = 0x35db708332d269e6230a007503c37627 (8) NAS-IP-Address = 10.8.150.118 (8) Restoring &session-state (8) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (8) &session-state:TLS-Session-Version = "TLS 1.2" (8) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (8) authorize { (8) policy filter_username { (8) if (&User-Name) { (8) if (&User-Name) -> TRUE (8) if (&User-Name) { (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@[^@]@/ ) { (8) if (&User-Name =~ /@[^@]@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ /@\./) { (8) if (&User-Name =~ /@\./) -> FALSE (8) } # if (&User-Name) = notfound (8) } # policy filter_username = notfound (8) [chap] = noop (8) [mschap] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) update control { (8) &Proxy-To-Realm := LOCAL (8) } # update control = noop (8) eap: Peer sent EAP Response (code 2) ID 9 length 37 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) } # authorize = ok (8) Found Auth-Type = eap (8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (8) authenticate { (8) eap: Expiring EAP session with state 0xe0803171e1892b17 (8) eap: Finished EAP session with state 0x35db708332d269e6 (8) eap: Previous EAP request found for state 0x35db708332d269e6, released from the list (8) eap: Peer sent packet with method EAP PEAP (25) (8) eap: Calling submodule eap_peap to process data (8) eap_peap: Continuing EAP-TLS (8) eap_peap: [eaptls verify] = ok (8) eap_peap: Done initial handshake (8) eap_peap: [eaptls process] = ok (8) eap_peap: Session established. Decoding tunneled attributes (8) eap_peap: PEAP state phase2 (8) eap_peap: EAP method MSCHAPv2 (26) (8) eap_peap: Got tunneled request (8) eap_peap: EAP-Message = 0x020900061a03 (8) eap_peap: Setting User-Name to host/WNAMTest.stand.ru (8) eap_peap: Sending tunneled request to inner-tunnel (8) eap_peap: EAP-Message = 0x020900061a03 (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (8) eap_peap: User-Name = "host/WNAMTest.stand.ru" (8) eap_peap: State = 0xe0803171e1892b17e57438631f9978dd (8) Virtual server inner-tunnel received request (8) EAP-Message = 0x020900061a03 (8) FreeRADIUS-Proxied-To = 127.0.0.1 (8) User-Name = "host/WNAMTest.stand.ru" (8) State = 0xe0803171e1892b17e57438631f9978dd (8) WARNING: Outer and inner identities are the same. User privacy is compromised. (8) server inner-tunnel { (8) session-state: No cached attributes (8) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (8) authorize { (8) policy filter_username { (8) if (&User-Name) { (8) if (&User-Name) -> TRUE (8) if (&User-Name) { (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@[^@]@/ ) { (8) if (&User-Name =~ /@[^@]@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ /@\./) { (8) if (&User-Name =~ /@\./) -> FALSE (8) } # if (&User-Name) = notfound (8) } # policy filter_username = notfound (8) [chap] = noop (8) [mschap] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) update control { (8) &Proxy-To-Realm := LOCAL (8) } # update control = noop (8) eap: Peer sent EAP Response (code 2) ID 9 length 6 (8) eap: No EAP Start, assuming it's an on-going EAP conversation (8) [eap] = updated (8) [files] = noop (8) [expiration] = noop (8) [logintime] = noop (8) [pap] = noop (8) } # authorize = updated (8) Found Auth-Type = eap (8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (8) authenticate { (8) eap: Expiring EAP session with state 0xe0803171e1892b17 (8) eap: Finished EAP session with state 0xe0803171e1892b17 (8) eap: Previous EAP request found for state 0xe0803171e1892b17, released from the list (8) eap: Peer sent packet with method EAP MSCHAPv2 (26) (8) eap: Calling submodule eap_mschapv2 to process data (8) eap: Sending EAP Success (code 3) ID 9 length 4 (8) eap: Freeing handler (8) [eap] = ok (8) } # authenticate = ok (8) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel (8) post-auth { (8) if (1) { (8) if (1) -> TRUE (8) if (1) { (8) update reply { (8) User-Name !* ANY (8) Message-Authenticator !* ANY (8) EAP-Message !* ANY (8) Proxy-State !* ANY (8) MS-MPPE-Encryption-Types !* ANY (8) MS-MPPE-Encryption-Policy !* ANY (8) MS-MPPE-Send-Key !* ANY (8) MS-MPPE-Recv-Key !* ANY (8) Tunnel-Type = VLAN (8) Tunnel-Medium-Type = IEEE-802 (8) Tunnel-Private-Group-Id = "150" (8) } # update reply = noop (8) update { (8) &outer.session-state::Tunnel-Type += &reply:Tunnel-Type[] -> VLAN (8) &outer.session-state::Tunnel-Medium-Type += &reply:Tunnel-Medium-Type[] -> IEEE-802 (8) &outer.session-state::Tunnel-Private-Group-Id += &reply:Tunnel-Private-Group-Id[] -> '150' (8) } # update = noop (8) } # if (1) = noop (8) } # post-auth = noop (8) } # server inner-tunnel (8) Virtual server sending reply (8) Tunnel-Type = VLAN (8) Tunnel-Medium-Type = IEEE-802 (8) Tunnel-Private-Group-Id = "150" (8) eap_peap: Got tunneled reply code 2 (8) eap_peap: Tunnel-Type = VLAN (8) eap_peap: Tunnel-Medium-Type = IEEE-802 (8) eap_peap: Tunnel-Private-Group-Id = "150" (8) eap_peap: Got tunneled reply RADIUS code 2 (8) eap_peap: Tunnel-Type = VLAN (8) eap_peap: Tunnel-Medium-Type = IEEE-802 (8) eap_peap: Tunnel-Private-Group-Id = "150" (8) eap_peap: Tunneled authentication was successful (8) eap_peap: SUCCESS (8) eap_peap: Saving tunneled attributes for later (8) eap: Sending EAP Request (code 1) ID 10 length 46 (8) eap: EAP session adding &reply:State = 0x35db70833dd169e6 (8) [eap] = handled (8) } # authenticate = handled (8) Using Post-Auth-Type Challenge (8) Post-Auth-Type sub-section not found. Ignoring. (8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (8) session-state: Saving cached attributes (8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (8) TLS-Session-Version = "TLS 1.2" (8) Tunnel-Type += VLAN (8) Tunnel-Medium-Type += IEEE-802 (8) Tunnel-Private-Group-Id += "150" (8) Sent Access-Challenge Id 16 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 (8) EAP-Message = 0x010a002e190017030300239656895d9d047f0c62289e622c8e69d1d72d7d601c1981ec4514bfc83655820d0b7eae (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0x35db70833dd169e6230a007503c37627 (8) Finished request Waking up in 2.0 seconds. (9) Received Access-Request Id 17 from 10.8.150.118:1645 to 10.70.42.77:1645 length 215 (9) User-Name = "host/WNAMTest.stand.ru" (9) Service-Type = Framed-User (9) Framed-MTU = 1504 (9) Called-Station-Id = "00-17-E0-1C-15-87" (9) Calling-Station-Id = "00-E0-4C-31-0E-67" (9) EAP-Message = 0x020a002e1900170303002300000000000000042f9e214e97dbecd34987e322d107aee761efe52b96b406123d7d9f (9) Message-Authenticator = 0x85051369b1f749095a19433c21200733 (9) NAS-Port-Type = Ethernet (9) NAS-Port = 50005 (9) NAS-Port-Id = "FastEthernet0/5" (9) State = 0x35db70833dd169e6230a007503c37627 (9) NAS-IP-Address = 10.8.150.118 (9) Restoring &session-state (9) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (9) &session-state:TLS-Session-Version = "TLS 1.2" (9) &session-state:Tunnel-Type += VLAN (9) &session-state:Tunnel-Medium-Type += IEEE-802 (9) &session-state:Tunnel-Private-Group-Id += "150" (9) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (9) authorize { (9) policy filter_username { (9) if (&User-Name) { (9) if (&User-Name) -> TRUE (9) if (&User-Name) { (9) if (&User-Name =~ / /) { (9) if (&User-Name =~ / /) -> FALSE (9) if (&User-Name =~ /@[^@]@/ ) { (9) if (&User-Name =~ /@[^@]@/ ) -> FALSE (9) if (&User-Name =~ /\.\./ ) { (9) if (&User-Name =~ /\.\./ ) -> FALSE (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (9) if (&User-Name =~ /\.$/) { (9) if (&User-Name =~ /\.$/) -> FALSE (9) if (&User-Name =~ /@\./) { (9) if (&User-Name =~ /@\./) -> FALSE (9) } # if (&User-Name) = notfound (9) } # policy filter_username = notfound (9) [chap] = noop (9) [mschap] = noop (9) suffix: Checking for suffix after "@" (9) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL (9) suffix: No such realm "NULL" (9) [suffix] = noop (9) update control { (9) &Proxy-To-Realm := LOCAL (9) } # update control = noop (9) eap: Peer sent EAP Response (code 2) ID 10 length 46 (9) eap: Continuing tunnel setup (9) [eap] = ok (9) } # authorize = ok (9) Found Auth-Type = eap (9) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (9) authenticate { (9) eap: Expiring EAP session with state 0x35db70833dd169e6 (9) eap: Finished EAP session with state 0x35db70833dd169e6 (9) eap: Previous EAP request found for state 0x35db70833dd169e6, released from the list (9) eap: Peer sent packet with method EAP PEAP (25) (9) eap: Calling submodule eap_peap to process data (9) eap_peap: Continuing EAP-TLS (9) eap_peap: [eaptls verify] = ok (9) eap_peap: Done initial handshake (9) eap_peap: [eaptls process] = ok (9) eap_peap: Session established. Decoding tunneled attributes (9) eap_peap: PEAP state send tlv success (9) eap_peap: Received EAP-TLV response (9) eap_peap: Success (9) eap_peap: Using saved attributes from the original Access-Accept (9) eap_peap: Tunnel-Type = VLAN (9) eap_peap: Tunnel-Medium-Type = IEEE-802 (9) eap_peap: Tunnel-Private-Group-Id = "150" (9) eap: Sending EAP Success (code 3) ID 10 length 4 (9) eap: Freeing handler (9) [eap] = ok (9) } # authenticate = ok (9) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel (9) post-auth { (9) if (1) { (9) if (1) -> TRUE (9) if (1) { (9) update reply { (9) User-Name ! ANY (9) Message-Authenticator !* ANY (9) EAP-Message !* ANY (9) Proxy-State !* ANY (9) MS-MPPE-Encryption-Types !* ANY (9) MS-MPPE-Encryption-Policy !* ANY (9) MS-MPPE-Send-Key !* ANY (9) MS-MPPE-Recv-Key !* ANY (9) Tunnel-Type = VLAN (9) Tunnel-Medium-Type = IEEE-802 (9) Tunnel-Private-Group-Id = "150" (9) } # update reply = noop (9) update { (9) ERROR: Mapping "&reply:" -> "&outer.session-state:" invalid in this context (9) } # update = invalid (9) } # if (1) = invalid (9) } # post-auth = invalid (9) Using Post-Auth-Type Reject (9) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (9) Post-Auth-Type REJECT { (9) attr_filter.access_reject: EXPAND %{User-Name} (9) attr_filter.access_reject: --> host/WNAMTest.stand.ru (9) attr_filter.access_reject: Matched entry DEFAULT at line 11 (9) [attr_filter.access_reject] = updated (9) update outer.session-state { (9) ERROR: Mapping "&request:Module-Failure-Message" -> "&Module-Failure-Message" invalid in this context (9) } # update outer.session-state = invalid (9) } # Post-Auth-Type REJECT = invalid (9) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.1 seconds. (0) Cleaning up request packet ID 8 with timestamp +147 (1) Cleaning up request packet ID 9 with timestamp +147 (2) Cleaning up request packet ID 10 with timestamp +147 (3) Cleaning up request packet ID 11 with timestamp +147 (4) Cleaning up request packet ID 12 with timestamp +147 (5) Cleaning up request packet ID 13 with timestamp +147 Waking up in 0.2 seconds. (9) Sending delayed response (9) Sent Access-Reject Id 17 from 10.70.42.77:1645 to 10.8.150.118:1645 length 20 (6) Cleaning up request packet ID 14 with timestamp +148 Waking up in 0.7 seconds. (7) Cleaning up request packet ID 15 with timestamp +148 Waking up in 1.6 seconds. (8) Cleaning up request packet ID 16 with timestamp +150 Waking up in 1.5 seconds. (9) Cleaning up request packet ID 17 with timestamp +152 Ready to process requests

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	> если в разделе post auth прописать if (1) > то выходит ошибка > (8) Received Access-Request Id 16 from 10.8.150.118:1645 to 10.70.42.77:1645 length 206 > (8) User-Name = "host/WNAMTest.stand.ru" > (8) Service-Type = Framed-User > (8) Framed-MTU = 1504 > (8) Called-Station-Id = "00-17-E0-1C-15-87" > (8) Calling-Station-Id = "00-E0-4C-31-0E-67" > (8) EAP-Message = 0x020900251900170303001a0000000000000003bfc49b79f8e6a33b3dbb7bd7c40602262192 > (8) Message-Authenticator = 0x85293261230a81879ef33b04ef76807d > (8) NAS-Port-Type = Ethernet > (8) NAS-Port = 50005 > (8) NAS-Port-Id = "FastEthernet0/5" > (8) State = 0x35db708332d269e6230a007503c37627 > (8) NAS-IP-Address = 10.8.150.118 > (8) Restoring &session-state > (8) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" > (8) &session-state:TLS-Session-Version = "TLS 1.2" > (8) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel > (8) authorize { > (8) policy filter_username { > (8) if (&User-Name) { > (8) if (&User-Name) -> TRUE > (8) if (&User-Name) { > (8) if (&User-Name =~ > / /) { > (8) if (&User-Name =~ > / /) -> FALSE > (8) if (&User-Name =~ > /@[^@]@/ ) { > (8) if (&User-Name =~ > /@[^@]@/ ) -> FALSE > (8) if (&User-Name =~ > /\.\./ ) { > (8) if (&User-Name =~ > /\.\./ ) -> FALSE > (8) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { > (8) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE > (8) if (&User-Name =~ > /\.$/) { > (8) if (&User-Name =~ > /\.$/) -> FALSE > (8) if (&User-Name =~ > /@\./) { > (8) if (&User-Name =~ > /@\./) -> FALSE > (8) } # if (&User-Name) > = notfound > (8) } # policy filter_username = notfound > (8) [chap] = noop > (8) [mschap] = noop > (8) suffix: Checking for suffix after "@" > (8) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL > (8) suffix: No such realm "NULL" > (8) [suffix] = noop > (8) update control { > (8) &Proxy-To-Realm := LOCAL > (8) } # update control = noop > (8) eap: Peer sent EAP Response (code 2) ID 9 length 37 > (8) eap: Continuing tunnel setup > (8) [eap] = ok > (8) } # authorize = ok > (8) Found Auth-Type = eap > (8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (8) authenticate { > (8) eap: Expiring EAP session with state 0xe0803171e1892b17 > (8) eap: Finished EAP session with state 0x35db708332d269e6 > (8) eap: Previous EAP request found for state 0x35db708332d269e6, released from the > list > (8) eap: Peer sent packet with method EAP PEAP (25) > (8) eap: Calling submodule eap_peap to process data > (8) eap_peap: Continuing EAP-TLS > (8) eap_peap: [eaptls verify] = ok > (8) eap_peap: Done initial handshake > (8) eap_peap: [eaptls process] = ok > (8) eap_peap: Session established. Decoding tunneled attributes > (8) eap_peap: PEAP state phase2 > (8) eap_peap: EAP method MSCHAPv2 (26) > (8) eap_peap: Got tunneled request > (8) eap_peap: EAP-Message = 0x020900061a03 > (8) eap_peap: Setting User-Name to host/WNAMTest.stand.ru > (8) eap_peap: Sending tunneled request to inner-tunnel > (8) eap_peap: EAP-Message = 0x020900061a03 > (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 > (8) eap_peap: User-Name = "host/WNAMTest.stand.ru" > (8) eap_peap: State = 0xe0803171e1892b17e57438631f9978dd > (8) Virtual server inner-tunnel received request > (8) EAP-Message = 0x020900061a03 > (8) FreeRADIUS-Proxied-To = 127.0.0.1 > (8) User-Name = "host/WNAMTest.stand.ru" > (8) State = 0xe0803171e1892b17e57438631f9978dd > (8) WARNING: Outer and inner identities are the same. User privacy > is compromised. > (8) server inner-tunnel { > (8) session-state: No cached attributes > (8) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel > (8) authorize { > (8) policy filter_username { > (8) if (&User-Name) { > (8) if (&User-Name) > -> TRUE > (8) if (&User-Name) > { > (8) if > (&User-Name =~ / /) { > (8) if > (&User-Name =~ / /) -> FALSE > (8) if > (&User-Name =~ /@[^@]@/ ) { > (8) if > (&User-Name =~ /@[^@]@/ ) -> FALSE > (8) if > (&User-Name =~ /\.\./ ) { > (8) if > (&User-Name =~ /\.\./ ) -> FALSE > (8) if > ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { > (8) if > ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE > (8) if > (&User-Name =~ /\.$/) { > (8) if > (&User-Name =~ /\.$/) -> FALSE > (8) if > (&User-Name =~ /@\./) { > (8) if > (&User-Name =~ /@\./) -> FALSE > (8) } # if > (&User-Name) = notfound > (8) } # policy filter_username = > notfound > (8) [chap] = noop > (8) [mschap] = noop > (8) suffix: Checking for suffix after "@" > (8) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL > (8) suffix: No such realm "NULL" > (8) [suffix] = noop > (8) update control { > (8) &Proxy-To-Realm := LOCAL > (8) } # update control = > noop > (8) eap: Peer sent EAP Response (code 2) ID 9 length 6 > (8) eap: No EAP Start, assuming it's an on-going EAP conversation > (8) [eap] = updated > (8) [files] = noop > (8) [expiration] = noop > (8) [logintime] = noop > (8) [pap] = noop > (8) } # authorize = updated > (8) Found Auth-Type = eap > (8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (8) authenticate { > (8) eap: Expiring EAP session with state 0xe0803171e1892b17 > (8) eap: Finished EAP session with state 0xe0803171e1892b17 > (8) eap: Previous EAP request found for state 0xe0803171e1892b17, released from the > list > (8) eap: Peer sent packet with method EAP MSCHAPv2 (26) > (8) eap: Calling submodule eap_mschapv2 to process data > (8) eap: Sending EAP Success (code 3) ID 9 length 4 > (8) eap: Freeing handler > (8) [eap] = ok > (8) } # authenticate = ok > (8) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel > (8) post-auth { > (8) if (1) { > (8) if (1) -> TRUE > (8) if (1) { > (8) update reply { > (8) User-Name > !* ANY > (8) Message-Authenticator > !* ANY > (8) EAP-Message > !* ANY > (8) Proxy-State > !* ANY > (8) MS-MPPE-Encryption-Types > !* ANY > (8) MS-MPPE-Encryption-Policy > !* ANY > (8) MS-MPPE-Send-Key > !* ANY > (8) MS-MPPE-Recv-Key > !* ANY > (8) Tunnel-Type > = VLAN > (8) Tunnel-Medium-Type > = IEEE-802 > (8) Tunnel-Private-Group-Id > = "150" > (8) } # update > reply = noop > (8) update { > (8) &outer.session-state::Tunnel-Type > += &reply:Tunnel-Type[] -> VLAN > (8) &outer.session-state::Tunnel-Medium-Type > += &reply:Tunnel-Medium-Type[] -> IEEE-802 > (8) &outer.session-state::Tunnel-Private-Group-Id > += &reply:Tunnel-Private-Group-Id[] -> '150' > (8) } # update > = noop > (8) } # if (1) > = noop > (8) } # post-auth = noop > (8) } # server inner-tunnel > (8) Virtual server sending reply > (8) Tunnel-Type = VLAN > (8) Tunnel-Medium-Type = IEEE-802 > (8) Tunnel-Private-Group-Id = "150" > (8) eap_peap: Got tunneled reply code 2 > (8) eap_peap: Tunnel-Type = VLAN > (8) eap_peap: Tunnel-Medium-Type = IEEE-802 > (8) eap_peap: Tunnel-Private-Group-Id = "150" > (8) eap_peap: Got tunneled reply RADIUS code 2 > (8) eap_peap: Tunnel-Type = VLAN > (8) eap_peap: Tunnel-Medium-Type = IEEE-802 > (8) eap_peap: Tunnel-Private-Group-Id = "150" > (8) eap_peap: Tunneled authentication was successful > (8) eap_peap: SUCCESS > (8) eap_peap: Saving tunneled attributes for later > (8) eap: Sending EAP Request (code 1) ID 10 length 46 > (8) eap: EAP session adding &reply:State = 0x35db70833dd169e6 > (8) [eap] = handled > (8) } # authenticate = handled > (8) Using Post-Auth-Type Challenge > (8) Post-Auth-Type sub-section not found. Ignoring. > (8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (8) session-state: Saving cached attributes > (8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" > (8) TLS-Session-Version = "TLS 1.2" > (8) Tunnel-Type += VLAN > (8) Tunnel-Medium-Type += IEEE-802 > (8) Tunnel-Private-Group-Id += "150" > (8) Sent Access-Challenge Id 16 from 10.70.42.77:1645 to 10.8.150.118:1645 length 0 > (8) EAP-Message = 0x010a002e190017030300239656895d9d047f0c62289e622c8e69d1d72d7d601c1981ec4514bfc83655820d0b7eae > (8) Message-Authenticator = 0x00000000000000000000000000000000 > (8) State = 0x35db70833dd169e6230a007503c37627 > (8) Finished request > Waking up in 2.0 seconds. > (9) Received Access-Request Id 17 from 10.8.150.118:1645 to 10.70.42.77:1645 length 215 > (9) User-Name = "host/WNAMTest.stand.ru" > (9) Service-Type = Framed-User > (9) Framed-MTU = 1504 > (9) Called-Station-Id = "00-17-E0-1C-15-87" > (9) Calling-Station-Id = "00-E0-4C-31-0E-67" > (9) EAP-Message = 0x020a002e1900170303002300000000000000042f9e214e97dbecd34987e322d107aee761efe52b96b406123d7d9f > (9) Message-Authenticator = 0x85051369b1f749095a19433c21200733 > (9) NAS-Port-Type = Ethernet > (9) NAS-Port = 50005 > (9) NAS-Port-Id = "FastEthernet0/5" > (9) State = 0x35db70833dd169e6230a007503c37627 > (9) NAS-IP-Address = 10.8.150.118 > (9) Restoring &session-state > (9) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" > (9) &session-state:TLS-Session-Version = "TLS 1.2" > (9) &session-state:Tunnel-Type += VLAN > (9) &session-state:Tunnel-Medium-Type += IEEE-802 > (9) &session-state:Tunnel-Private-Group-Id += "150" > (9) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel > (9) authorize { > (9) policy filter_username { > (9) if (&User-Name) { > (9) if (&User-Name) -> TRUE > (9) if (&User-Name) { > (9) if (&User-Name =~ > / /) { > (9) if (&User-Name =~ > / /) -> FALSE > (9) if (&User-Name =~ > /@[^@]@/ ) { > (9) if (&User-Name =~ > /@[^@]@/ ) -> FALSE > (9) if (&User-Name =~ > /\.\./ ) { > (9) if (&User-Name =~ > /\.\./ ) -> FALSE > (9) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { > (9) if ((&User-Name =~ > /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE > (9) if (&User-Name =~ > /\.$/) { > (9) if (&User-Name =~ > /\.$/) -> FALSE > (9) if (&User-Name =~ > /@\./) { > (9) if (&User-Name =~ > /@\./) -> FALSE > (9) } # if (&User-Name) > = notfound > (9) } # policy filter_username = notfound > (9) [chap] = noop > (9) [mschap] = noop > (9) suffix: Checking for suffix after "@" > (9) suffix: No '@' in User-Name = "host/WNAMTest.stand.ru", looking up realm NULL > (9) suffix: No such realm "NULL" > (9) [suffix] = noop > (9) update control { > (9) &Proxy-To-Realm := LOCAL > (9) } # update control = noop > (9) eap: Peer sent EAP Response (code 2) ID 10 length 46 > (9) eap: Continuing tunnel setup > (9) [eap] = ok > (9) } # authorize = ok > (9) Found Auth-Type = eap > (9) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (9) authenticate { > (9) eap: Expiring EAP session with state 0x35db70833dd169e6 > (9) eap: Finished EAP session with state 0x35db70833dd169e6 > (9) eap: Previous EAP request found for state 0x35db70833dd169e6, released from the > list > (9) eap: Peer sent packet with method EAP PEAP (25) > (9) eap: Calling submodule eap_peap to process data > (9) eap_peap: Continuing EAP-TLS > (9) eap_peap: [eaptls verify] = ok > (9) eap_peap: Done initial handshake > (9) eap_peap: [eaptls process] = ok > (9) eap_peap: Session established. Decoding tunneled attributes > (9) eap_peap: PEAP state send tlv success > (9) eap_peap: Received EAP-TLV response > (9) eap_peap: Success > (9) eap_peap: Using saved attributes from the original Access-Accept > (9) eap_peap: Tunnel-Type = VLAN > (9) eap_peap: Tunnel-Medium-Type = IEEE-802 > (9) eap_peap: Tunnel-Private-Group-Id = "150" > (9) eap: Sending EAP Success (code 3) ID 10 length 4 > (9) eap: Freeing handler > (9) [eap] = ok > (9) } # authenticate = ok > (9) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel > (9) post-auth { > (9) if (1) { > (9) if (1) -> TRUE > (9) if (1) { > (9) update reply { > (9) User-Name ! ANY > (9) Message-Authenticator !* ANY > (9) EAP-Message !* ANY > (9) Proxy-State !* ANY > (9) MS-MPPE-Encryption-Types !* ANY > (9) MS-MPPE-Encryption-Policy !* ANY > (9) MS-MPPE-Send-Key !* ANY > (9) MS-MPPE-Recv-Key !* ANY > (9) Tunnel-Type = VLAN > (9) Tunnel-Medium-Type = IEEE-802 > (9) Tunnel-Private-Group-Id = "150" > (9) } # update reply = > noop > (9) update { > (9) ERROR: Mapping "&reply:" > -> "&outer.session-state:" invalid in this context > (9) } # update = invalid > (9) } # if (1) = invalid > (9) } # post-auth = invalid > (9) Using Post-Auth-Type Reject > (9) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel > (9) Post-Auth-Type REJECT { > (9) attr_filter.access_reject: EXPAND %{User-Name} > (9) attr_filter.access_reject: --> host/WNAMTest.stand.ru > (9) attr_filter.access_reject: Matched entry DEFAULT at line 11 > (9) [attr_filter.access_reject] = updated > (9) update outer.session-state { > (9) ERROR: Mapping "&request:Module-Failure-Message" -> "&Module-Failure-Message" > invalid in this context > (9) } # update outer.session-state = invalid > (9) } # Post-Auth-Type REJECT = invalid > (9) Delaying response for 1.000000 seconds > Waking up in 0.3 seconds. > Waking up in 0.1 seconds. > (0) Cleaning up request packet ID 8 with timestamp +147 > (1) Cleaning up request packet ID 9 with timestamp +147 > (2) Cleaning up request packet ID 10 with timestamp +147 > (3) Cleaning up request packet ID 11 with timestamp +147 > (4) Cleaning up request packet ID 12 with timestamp +147 > (5) Cleaning up request packet ID 13 with timestamp +147 > Waking up in 0.2 seconds. > (9) Sending delayed response > (9) Sent Access-Reject Id 17 from 10.70.42.77:1645 to 10.8.150.118:1645 length 20 > (6) Cleaning up request packet ID 14 with timestamp +148 > Waking up in 0.7 seconds. > (7) Cleaning up request packet ID 15 with timestamp +148 > Waking up in 1.6 seconds. > (8) Cleaning up request packet ID 16 with timestamp +150 > Waking up in 1.5 seconds. > (9) Cleaning up request packet ID 17 with timestamp +152 > Ready to process requests
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру