rad_recv: Access-Request packet from host 10.10.10.3 port 19835, id=197, length=642 User-Name = "mrogers" NAS-Port = 3342336 Called-Station-Id = "99.99.99.99" Calling-Station-Id = "88.88.88.88" NAS-Port-Type = Virtual Tunnel-Client-Endpoint:0 = "88.88.88.88" MS-CHAP-Challenge = 0x1e710c53edc262192691d3ceecbfaada MS-CHAP2-Response = 0x00002c19eb53acec328ff559b3c9152700b300000000000000004e62d95f81c65e46508bbebc93f7f1e6f8d0e1080317d578 Cisco-AVPair = "mdm-tlv=device-platform=win" Cisco-AVPair = "mdm-tlv=device-mac=00-15-5d-01-5a-10" Cisco-AVPair = "mdm-tlv=device-platform-version=6.3.9600 " Cisco-AVPair = "mdm-tlv=ac-user-agent=AnyConnect Windows 4.3.01095" Cisco-AVPair = "mdm-tlv=device-type=Microsoft Corporation Virtual Machine" Cisco-AVPair = "mdm-tlv=device-uid=23BED1B3F61D2BBD5321A2CED50BDE8A568FB796AE68D482ED957950597FA6D4" NAS-IP-Address = 10.10.10.3 Cisco-AVPair = "audit-session-id=ac191903003300005791240e" Cisco-AVPair = "ip:source-ip=88.88.88.88" Vendor-3076-Attr-146 = 0x6476662d6974 Vendor-3076-Attr-150 = 0x00000002 Cisco-AVPair = "coa-push=true" # Executing section authorize from file /etc/freeradius/sites-enabled/privacyidea +- entering group authorize {...} ++[preprocess] returns ok ++[digest] returns noop [suffix] No '@' in User-Name = "mrogers", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] No '\' in User-Name = "mrogers", looking up realm NULL [ntdomain] No such realm "NULL" ++[ntdomain] returns noop [files] users: Matched entry DEFAULT at line 1 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = Perl # Executing group from file /etc/freeradius/sites-enabled/privacyidea +- entering group Perl {...} rlm_perl: Config File /etc/privacyidea/rlm_perl.ini found! rlm_perl: Debugging config: rlm_perl: Default URL https://localhost/validate/check rlm_perl: Looking for config for auth-type Perl rlm_perl: Auth-Type: Perl rlm_perl: url: https://localhost/validate/check rlm_perl: user sent to privacyidea: mrogers rlm_perl: realm sent to privacyidea: rlm_perl: resolver sent to privacyidea: rlm_perl: client sent to privacyidea: 10.10.10.3 rlm_perl: state sent to privacyidea: rlm_perl: urlparam client rlm_perl: urlparam user rlm_perl: Not verifying SSL certificate! rlm_perl: privacyIDEA request failed: 400 BAD REQUEST rlm_perl: privacyIDEA Result status is false! rlm_perl: privacyIDEA access denied rlm_perl: return RLM_MODULE_REJECT rlm_perl: Added pair Vendor-3076-Attr-150 = 0x00000002 rlm_perl: Added pair Calling-Station-Id = 88.88.88.88 rlm_perl: Added pair Vendor-3076-Attr-146 = 0x6476662d6974 rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-platform=win rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-mac=00-15-5d-01-5a-10 rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-platform-version=6.3.9600 rlm_perl: Added pair Cisco-AVPair = mdm-tlv=ac-user-agent=AnyConnect Windows 4.3.01095 rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-type=Microsoft Corporation Virtual Machine rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-uid=23BED1B3F61D2BBD5321A2CED50BDE8A568FB796AE68D482ED957950597FA6D4 rlm_perl: Added pair Cisco-AVPair = audit-session-id=ac191903003300005791240e rlm_perl: Added pair Cisco-AVPair = ip:source-ip=88.88.88.88 rlm_perl: Added pair Cisco-AVPair = coa-push=true rlm_perl: Added pair MS-CHAP2-Response = 0x00002c19eb53acec328ff559b3c9152700b300000000000000004e62d95f81c65e46508bbebc93f7f1e6f8d0e1080317d578 rlm_perl: Added pair Called-Station-Id = 99.99.99.99 rlm_perl: Added pair MS-CHAP-Challenge = 0x1e710c53edc262192691d3ceecbfaada rlm_perl: Added pair NAS-Port-Type = Virtual rlm_perl: Added pair Tunnel-Client-Endpoint = 88.88.88.88 rlm_perl: Added pair NAS-IP-Address = 10.10.10.3 rlm_perl: Added pair User-Name = mrogers rlm_perl: Added pair NAS-Port = 3342336 rlm_perl: Added pair Reply-Message = ERR905: Missing parameter: 'pass' rlm_perl: Added pair Auth-Type = Perl ++[perl] returns reject Failed to authenticate the user. Delaying reject of request 7 for 1 seconds Going to the next request Waking up in 0.7 seconds. Sending delayed reject for request 7 Sending Access-Reject of id 197 to 10.10.10.3 port 19835 Reply-Message = "ERR905: Missing parameter: 'pass'" Waking up in 4.9 seconds. Cleaning up request 7 ID 197 with timestamp +2867 Ready to process requests.