I have for example collection with such data:
80 (0)
90 (0)
100 (0)
200 (0)
A2 (0)
A3 (0)
A4 (0)
A5 (0)
A6 (0)
A8 (0)
Allroad (0)
Cabriolet (0)
Coupe (0)
Q7 (0)
Quattro (0)
R8 (0)
RS4 (0)
RS6 (0)
S2 (0)
S3 (0)
S4 (0)
S5 (0)
S6 (0)
S8 (0)
TT (0)
V8 (D11) (0)
and such view:
.vip-offers#manufacturers-list
.man-area
%ul
- #models.each do |car|
%li
= link_to "#{car.name} (#{car.get_cars_model_count(car.id)})", advanced_search_show_path(by_model: car.id), id: "link-blue", data: { no_turbolink: true }
so as you can see - i display whole data as list, but i need to group it by first letter in name, for example:
8
80 (0)
9
90 (0)
1
100 (0)
2
200 (0)
A
A2 (0)
A3 (0)
A4 (0)
A5 (0)
A6 (0)
A8 (0)
Allroad (0)
etc...
i didn't imagine how to select first letter and group by it in view... Maybe somebody have ideas?
.group_by is your friend:
#grouped_cars = cars.group_by { |one_record| one_record.name[0].to_s # returns the first letter of the name }
This code should create a hash structured as following:
{
'0' => [<Car id:12, name: '007'>],
'A' => [<Car id:13, name: 'Audi'>, <Car id:14, name: 'Audi RS5'>],
# etc.
}
Then in you can do:
%ul
- #grouped_cars.each do |first_letter, cars|
%li.first_letter= first_letter
%ul
- cars.each do |car|
%li.one_car= car.name
You might want to add some stuff in the group_by block:
#grouped_cars = cars.group_by do |car|
car.name[0].to_s.upcase # transforms 'a' into 'A'
end
I also noticed that you will probably loose the alphabetical order, because Hashes are not ordered. To solve this, you can do as following:
%ul
- #grouped_cars.keys.sort.each do |letter|
%li.first_letter= first_letter
%ul
- #grouped_cars[letter].each do |car|
%li.one_car= car.name
Or check #DaniëlKnippers comment on my answer
Related
For example, I would like the formula to lookup the UID 4119.502914 and count the number of non-blank cells in the range C2:G2. The result would be 0 in this case.
Here is the data table:
UID
Active since
Level A1 result
Level A2 result
Level B1 result
Level B2 result
Level C1 result
4119.502914
16/03/2022
32502.84434
16/03/2022
3439.094252
21/03/2022
B
78344.29029
05/08/2022
82511.53052
24/05/2022
40939.00908
16/03/2022
A
A+
A
A+
19481.28071
30/03/2022
6259.532774
04/08/2022
13352.59697
04/08/2022
A+
C
54786.31186
18/03/2022
82548.2726
16/03/2022
B+
B+
50125.47835
04/08/2022
27984.35676
04/08/2022
A
Here is the expected result:
UID
Count
4119.502914
0
32502.84434
0
3439.094252
1
78344.29029
0
82511.53052
0
40939.00908
4
19481.28071
0
6259.532774
0
13352.59697
2
54786.31186
0
82548.2726
2
50125.47835
0
27984.35676
1
Could try the following formula-
=COUNTIFS(INDEX($C$3:$G$15,XMATCH(H3,$A$3:$A$15)),"<>")
I have an employees table with mutations to their contracts
EmpID Start End Function Hours SalesPercentage
1 01-01-2020 31-12-2020 FO Desk 40 1
1 01-01-2020 31-01-2021 FO Desk 32 1
1 01-02-2021 FO Desk 32 0.50
2 01-01-2021 31-01-2021 BO 32 0
2 01-02-2021 BO/FO 32 .25
For dynamic calculation of the amount of emplyees and their sales percentages I need to turn this into a tabel with an entry per month:
Year Month EmpID Hours SalesPercentage
2020 1 1 40 1
2020 2 1 40 1
..
2020 12 1 40 1
2021 1 1 32 1
2021 1 2 32 0
2021 2 1 32 0.50
2021 2 2 32 0.25
I have a simple Year Month table that I would like to append the mutation data to, but joining on multiple columns is not possible as far as I can tell. Is there a way around this?
Try this below
It generates a list of all year/month combinations for each row, then expands it and removes extra columns
let Source = Excel.CurrentWorkbook(){[Name="Table1"]}[Content],
#"Changed Type" = Table.TransformColumnTypes(Source,{ {"Start", type date}, {"End", type date}}),
#"Added Custom" = Table.AddColumn(
#"Changed Type",
"newcol",
each
let
begin = Date.StartOfMonth([Start]),
End2 = if [End] = null then [Start] else [End]
in
List.Accumulate(
{0..(Date.Year(End2)-Date.Year([Start]))*12+(Date.Month(End2)-Date.Month([Start]))},
{},
(s,c) => s&{Date.AddMonths(begin,c)}
)
),
#"Expanded newcol" = Table.ExpandListColumn(#"Added Custom", "newcol"),
#"Added Custom2" = Table.AddColumn(#"Expanded newcol", "Year", each Date.Year([newcol])),
#"Added Custom3" = Table.AddColumn(#"Added Custom2", "Month", each Date.Month([newcol])),
#"Removed Columns" = Table.RemoveColumns(#"Added Custom3",{"Start", "End", "Function", "newcol"})
in #"Removed Columns"
I was trying to test my freeRadius server in debug mode after building the source code on my Ubuntu VM.
I also use this official tutorial as the reference: https://wiki.freeradius.org/guide/basic-configuration-howto
My goal is:
Add a new user "testing", whose password is "password", to the freeradius config and successfully authenticate to the freeradius server as user "testing".
Below are the steps I have tried:
(1) I added the user info to the top line of "/usr/local/etc/raddb/users"
testing Cleartext-Password := "password"
I didn't make changes to "sudo nano /usr/local/etc/raddb/clients.conf"
(2) I started freeradius server in debug mode
sudo radiusd -X
and the server shows Ready to process requests
(3) I open a new terminal and tried to send the request with new user's info
radtest testing password localhost 0 testing123
The actual result is: Access-Reject
On the client side:
Sent Access-Request Id 128 from 0.0.0.0:41704 to 127.0.0.1:1812 length 77
User-Name = "testing"
User-Password = "password"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "password"
Received Access-Reject Id 128 from 127.0.0.1:1812 to 127.0.0.1:41704 length 20
(0) -: Expected Access-Accept got Access-Reject
On the server side:
(1) Received Access-Request Id 128 from 127.0.0.1:41704 to 127.0.0.1:1812 length 77
(1) User-Name = "testing"
(1) User-Password = "password"
(1) NAS-IP-Address = 127.0.1.1
(1) NAS-Port = 0
(1) Message-Authenticator = 0xaf245c154458b4236bcca590799eeef4
(1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /#[^#]*#/ ) {
(1) if (&User-Name =~ /#[^#]*#/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> TRUE
(1) if (&User-Name =~ /\.\./ ) {
(1) update request {
(1) &Module-Failure-Message += 'Rejected: User-Name contains multiple ..s'
(1) } # update request = noop
(1) [reject] = reject
(1) } # if (&User-Name =~ /\.\./ ) = reject
(1) } # if (&User-Name) = reject
(1) } # policy filter_username = reject
(1) } # authorize = reject
(1) Using Post-Auth-Type Reject
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1) Post-Auth-Type REJECT {
(1) attr_filter.access_reject: EXPAND %{User-Name}
(1) attr_filter.access_reject: --> testing
(1) attr_filter.access_reject: Matched entry DEFAULT at line 11
(1) [attr_filter.access_reject] = updated
(1) [eap] = noop
(1) policy remove_reply_message_if_eap {
(1) if (&reply:EAP-Message && &reply:Reply-Message) {
(1) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(1) else {
(1) [noop] = noop
(1) } # else = noop
(1) } # policy remove_reply_message_if_eap = noop
(1) } # Post-Auth-Type REJECT = updated
(1) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(1) Sending delayed response
(1) Sent Access-Reject Id 128 from 127.0.0.1:1812 to 127.0.0.1:41704 length 20
Waking up in 3.9 seconds.
(1) Cleaning up request packet ID 128 with timestamp +112
Can anyone tell me what is wrong with my steps?
Thanks!
I figured out that previously I messed up with the building process. I used `make deb' to build the package and then switch back to build from the source code. After a few hours and debug, now I finally get the expected output.
i configured my Freeradius 3.0 to authenticate a user by its username and password against our ActiveDirectory using the ntlm_auth module successful.
Then I added to following code to my default site:
if (!State) {
update control {
Auth-Type := ntlm_auth
}
}
else {
update control {
Auth-Type := pam
}
}
And changed to section for ntlm_auth in the same file to:
Auth-Type ntlm_auth {
ntlm_auth
if (ok) {
update reply {
# Create a random State attribute:
State := "%{randstr:aaaaaaaaaaaaaaaa}"
Reply-Message := "Bitte geben Sie die invenio OTP-PIN ein"
}
# Return Access-Challenge:
challenge
}
}
This worked fine, but used plaintext passwords.
So I changed to configuration on my Gateway (VPN) to send MSCHAPv2 instead of plaintext.
I changed the ntlm_auth to mschapv2 in the config, but now I get only MSCHAPv2 Response and no response with the OTP-PIN from the challende request.
Log (Debug):
(0) Received Access-Request Id 73 from 212.99.164.134:10057 to 10.1.56.3:1812 length 188
(0) NAS-Identifier = "HAM-FW-02"
(0) User-Name = "USERnameSent"
(0) MS-CHAP2-Response = 0x1c009ddc9d60c7a00ed267291e4049fe8cae0000000000000000dbfae0e612d97ccaf67c193ddd7f0b21244172c83af71d06
(0) MS-CHAP-Challenge = 0xe19eb24bf11796bbb66baab10741f1fb
(0) NAS-Port-Type = Virtual
(0) Calling-Station-Id = "46.114.1.229"
(0) Acct-Session-Id = "17f2146e"
(0) Connect-Info = "vpn-ssl"
(0) Fortinet-Vdom-Name = "0010647802"
(0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /#[^#]*#/ ) {
(0) if (&User-Name =~ /#[^#]*#/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /#/) && (&User-Name !~ /#(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /#/) && (&User-Name !~ /#(.+)\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /#\./) {
(0) if (&User-Name =~ /#\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(0) auth_log: --> /var/log/freeradius/radacct/212.99.164.134/auth-detail-20210326
(0) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/212.99.164.134/auth-detail-20210326
(0) auth_log: EXPAND %t
(0) auth_log: --> Fri Mar 26 06:36:08 2021
(0) [auth_log] = ok
(0) [chap] = noop
(0) mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
(0) [mschap] = ok
(0) [digest] = noop
(0) suffix: Checking for suffix after "#"
(0) suffix: No '#' in User-Name = "USERnameSent", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) eap: No EAP-Message, not doing EAP
(0) [eap] = noop
(0) files: users: Matched entry DEFAULT at line 202
(0) [files] = ok
(0) [expiration] = noop
(0) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(0) [pap] = noop
(0) if (!State) {
(0) if (!State) -> TRUE
(0) if (!State) {
(0) update control {
(0) Auth-Type := ntlm_auth
(0) } # update control = noop
(0) } # if (!State) = noop
(0) ... skipping else: Preceding "if" was taken
(0) } # authorize = ok
(0) Found Auth-Type = ntlm_auth
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0) Auth-Type ntlm_auth {
(0) mschap: Creating challenge hash with username: USERnameSent
(0) mschap: Client is using MS-CHAPv2
(0) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}:
(0) mschap: EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
(0) mschap: --> --username=USERnameSent
(0) mschap: Creating challenge hash with username: USERnameSent
(0) mschap: EXPAND --challenge=%{%{mschap:Challenge}:-00}
(0) mschap: --> --challenge=0b0349cd8aa9407c
(0) mschap: EXPAND --nt-response=%{%{mschap:NT-Response}:-00}
(0) mschap: --> --nt-response=dbfae0e612d97ccaf67c193ddd7f0b21244172c83af71d06
(0) mschap: Program returned code (0) and output 'NT_KEY: 5796EA7F02A7060169CD28DE40DD6165'
(0) mschap: Adding MS-CHAPv2 MPPE keys
(0) [mschap] = ok
(0) if (ok) {
(0) if (ok) -> TRUE
(0) if (ok) {
(0) update reply {
(0) EXPAND %{randstr:aaaaaaaaaaaaaaaa}
(0) --> 9o91xD3qIywz6TTH
(0) State := 0x396f3931784433714979777a36545448
(0) Reply-Message := "Bitte geben Sie die invenio OTP-PIN ein"
(0) } # update reply = noop
(0) policy challenge {
(0) update control {
(0) &Response-Packet-Type = Access-Challenge
(0) } # update control = noop
(0) [handled] = handled
(0) } # policy challenge = handled
(0) } # if (ok) = handled
(0) } # Auth-Type ntlm_auth = handled
(0) Using Post-Auth-Type Challenge
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0) Challenge { ... } # empty sub-section is ignored
(0) Sent Access-Challenge Id 73 from 10.1.56.3:1812 to 212.99.164.134:10057 length 0
(0) MS-CHAP2-Success = 0x1c533d33323442453233423243323435354244304539344338433737383335303142393346453232463037
(0) MS-MPPE-Recv-Key = 0x6d7dcf451b9c724308f1a01c9b1a7dcc
(0) MS-MPPE-Send-Key = 0xa993f3f27c1f6d5e8b192b9962de7bc4
(0) MS-MPPE-Encryption-Policy = Encryption-Allowed
(0) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(0) State := 0x396f3931784433714979777a36545448
(0) Reply-Message := "Bitte geben Sie die invenio OTP-PIN ein"
(0) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 73 with timestamp +11
Ready to process requests
(1) Received Access-Request Id 74 from 212.99.164.134:24581 to 10.1.56.3:1812 length 206
(1) NAS-Identifier = "HAM-FW-02"
(1) State = 0x396f3931784433714979777a36545448
(1) User-Name = "USERnameSent"
(1) MS-CHAP2-Response = 0x1c003635363333340ed267291e4049fe8cae0000000000000000dbfae0e612d97ccaf67c193ddd7f0b21244172c83af71d06
(1) MS-CHAP-Challenge = 0xe19eb24bf11796bbb66baab10741f1fb
(1) NAS-Port-Type = Virtual
(1) Calling-Station-Id = "46.114.1.229"
(1) Acct-Session-Id = "17f2146e"
(1) Connect-Info = "vpn-ssl"
(1) Fortinet-Vdom-Name = "0010647802"
(1) session-state: No cached attributes
(1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /#[^#]*#/ ) {
(1) if (&User-Name =~ /#[^#]*#/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /#/) && (&User-Name !~ /#(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /#/) && (&User-Name !~ /#(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /#\./) {
(1) if (&User-Name =~ /#\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(1) auth_log: --> /var/log/freeradius/radacct/212.99.164.134/auth-detail-20210326
(1) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/212.99.164.134/auth-detail-20210326
(1) auth_log: EXPAND %t
(1) auth_log: --> Fri Mar 26 06:36:16 2021
(1) [auth_log] = ok
(1) [chap] = noop
(1) mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
(1) [mschap] = ok
(1) [digest] = noop
(1) suffix: Checking for suffix after "#"
(1) suffix: No '#' in User-Name = "USERnameSent", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) eap: No EAP-Message, not doing EAP
(1) [eap] = noop
(1) files: users: Matched entry DEFAULT at line 202
(1) [files] = ok
(1) [expiration] = noop
(1) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(1) [pap] = noop
(1) if (!State) {
(1) if (!State) -> FALSE
(1) else {
(1) update control {
(1) Auth-Type := pam
(1) } # update control = noop
(1) } # else = noop
(1) } # authorize = ok
(1) Found Auth-Type = pam
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) Auth-Type pam {
(1) pam: Attribute "User-Password" is required for authentication
(1) [pam] = invalid
(1) } # Auth-Type pam = invalid
(1) Failed to authenticate the user
(1) Using Post-Auth-Type Reject
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) Post-Auth-Type REJECT {
(1) attr_filter.access_reject: EXPAND %{User-Name}
(1) attr_filter.access_reject: --> USERnameSent
(1) attr_filter.access_reject: Matched entry DEFAULT at line 11
(1) [attr_filter.access_reject] = updated
(1) [eap] = noop
(1) policy remove_reply_message_if_eap {
(1) if (&reply:EAP-Message && &reply:Reply-Message) {
(1) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(1) else {
(1) [noop] = noop
(1) } # else = noop
(1) } # policy remove_reply_message_if_eap = noop
(1) } # Post-Auth-Type REJECT = updated
(1) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(1) Sending delayed response
(1) Sent Access-Reject Id 74 from 10.1.56.3:1812 to 212.99.164.134:24581 length 20
Waking up in 3.9 seconds.
(1) Cleaning up request packet ID 74 with timestamp +19
Ready to process requests
Any ideas how I can send the challenge-respond to my pam module to authenticate this PIN to the google authenticator. The response seems to be missing or I may have to set {user-password} = {respone-value} somewhere??
Thanks a lot !
Best regards,
Andreas
I installed FreeRADIUS-3.0.15 in Ubuntu-16.04.2, and set the EAP-PWD configurations (files: eap, users).
With EAP-PWD,
I could get SUCCESS by eapol_test tool, but I could NOT get my Android phone (v5.1.1 & 7.1.2) passed the authentication processes.
With the same settings, I could get my Android phone passed the authentication through TTLS and PEAP.
I've read the post,
https://serverfault.com/questions/683897/eap-pwd-with-freeradius-3/683923#683923.
But, it doesn't appear if the EAP-PWD could finally work in Android phones with FreeRADIUS server.
Are there any configurations I missed ?
Does EAP-PWD need some specific devices (e.g. AP, Switch-Controller, etc..) to work with ?
The EAP-PWD settings in the file "eap" :
pwd {
group = 19
server_id = theserver#example.com
fragment_size = 1020
virtual_server = "inner-tunnel"
}
The fail RADIUS server logs using my Android phone :
Ready to process requests
(0) Received Access-Request Id 19 from 192.168.1.1:65514 to 192.168.1.48:1812 length 113
(0) User-Name = "steve"
(0) NAS-Port-Type = Wireless-802.11
(0) Called-Station-Id = "00-0A-79-98-19-1F"
(0) Calling-Station-Id = "90-B6-86-8E-8E-F2"
(0) NAS-IP-Address = 192.168.1.1
(0) Framed-MTU = 1400
(0) EAP-Message = 0x0201000a017374657665
(0) Message-Authenticator = 0xfc142f419a003e1f32c49845e2b47148
(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /#[^#]*#/ ) {
(0) if (&User-Name =~ /#[^#]*#/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /#/) && (&User-Name !~ /#(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /#/) && (&User-Name !~ /#(.+)\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /#\./) {
(0) if (&User-Name =~ /#\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "#"
(0) suffix: No '#' in User-Name = "steve", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) eap: Peer sent EAP Response (code 2) ID 1 length 10
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0) authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_md5 to process data
(0) eap_md5: Issuing MD5 Challenge
(0) eap: Sending EAP Request (code 1) ID 2 length 22
(0) eap: EAP session adding &reply:State = 0x0920d2120922d68e
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0) Challenge { ... } # empty sub-section is ignored
(0) Sent Access-Challenge Id 19 from 192.168.1.48:1812 to 192.168.1.1:65514 length 0
(0) EAP-Message = 0x01020016041003e295427e4313c871b5357ea94cb0cd
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0x0920d2120922d68e7c074922ee6197b2
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 20 from 192.168.1.1:65515 to 192.168.1.48:1812 length 127
(1) User-Name = "steve"
(1) NAS-Port-Type = Wireless-802.11
(1) Called-Station-Id = "00-0A-79-98-19-1F"
(1) Calling-Station-Id = "90-B6-86-8E-8E-F2"
(1) NAS-IP-Address = 192.168.1.1
(1) Framed-MTU = 1400
(1) State = 0x0920d2120922d68e7c074922ee6197b2
(1) EAP-Message = 0x020200060334
(1) Message-Authenticator = 0x957e6bdb393fe8c0829f734afa134684
(1) session-state: No cached attributes
(1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /#[^#]*#/ ) {
(1) if (&User-Name =~ /#[^#]*#/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /#/) && (&User-Name !~ /#(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /#/) && (&User-Name !~ /#(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /#\./) {
(1) if (&User-Name =~ /#\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "#"
(1) suffix: No '#' in User-Name = "steve", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) eap: Peer sent EAP Response (code 2) ID 2 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) files: users: Matched entry steve at line 73
(1) [files] = ok
(1) [expiration] = noop
(1) [logintime] = noop
(1) pap: WARNING: Auth-Type already set. Not setting to PAP
(1) [pap] = noop
(1) } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1) authenticate {
(1) eap: Expiring EAP session with state 0x0920d2120922d68e
(1) eap: Finished EAP session with state 0x0920d2120922d68e
(1) eap: Previous EAP request found for state 0x0920d2120922d68e, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type PWD (52)
(1) eap: Calling submodule eap_pwd to process data
(1) eap: Sending EAP Request (code 1) ID 3 length 36
(1) eap: EAP session adding &reply:State = 0x0920d2120823e68e
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1) Challenge { ... } # empty sub-section is ignored
(1) Sent Access-Challenge Id 20 from 192.168.1.48:1812 to 192.168.1.1:65515 length 0
(1) EAP-Message = 0x010300243401001301015bd0471300746865736572766572406578616d706c652e636f6d
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x0920d2120823e68e7c074922ee6197b2
(1) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 19 with timestamp +59
(1) Cleaning up request packet ID 20 with timestamp +59
Ready to process requests
I've solved the problem after a long test.
Within the same system settings and environments, just needed to replace the AP to another one (I thought that the problem was caused because some APs (or their firmwares) did not support the function of EAP-PWD), and the problem could be solved.