rad_recv: Access-Request packet from host w.x.y.z port 38107, id=35, length=68 User-Name = "my.user@my.dom.ain" User-Password = "password" NAS-IP-Address = w.x.y.z server packetfence { # Executing section authorize from file /usr/local/pf/raddb//sites-enabled/packetfence +- entering group authorize {...} [suffix] Looking up realm "my.dom.ain" for User-Name = "my.user@my.dom.ain" [suffix] No such realm "my.dom.ain" ++[suffix] returns noop ++[preprocess] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 1 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_perl: Added pair User-Name = my.user@my.dom.ain rlm_perl: Added pair User-Password = password rlm_perl: Added pair NAS-IP-Address = w.x.y.z rlm_perl: Added pair Auth-Type = Accept ++[packetfence] returns noop Found Auth-Type = Accept Auth-Type = Accept, accepting the user Login OK: [my.user@my.dom.ain] (from client packetfence port 0) # Executing section post-auth from file /usr/local/pf/raddb//sites-enabled/packetfence +- entering group post-auth {...} ++[exec] returns noop ++? if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) ? Evaluating !(EAP-Type ) -> TRUE ?? Skipping (EAP-Type != 21 ) ?? Skipping (EAP-Type != 25) ++? if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) -> TRUE ++- entering if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) {...} rlm_perl: MAC address is empty or invalid in this request. It could be normal on certain radius calls rlm_perl: Added pair User-Name = my.user@my.dom.ain rlm_perl: Added pair User-Password = password rlm_perl: Added pair NAS-IP-Address = w.x.y.z rlm_perl: Added pair Auth-Type = Accept +++[packetfence] returns reject ++- if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) returns reject } # server packetfence Using Post-Auth-Type REJECT # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> my.user@my.dom.ain attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 35 to w.x.y.z port 38107 Waking up in 4.9 seconds. Cleaning up request 1 ID 35 with timestamp +28 Ready to process requests.