Join Log in
Score:0
CHANDAN BR avatar Server

Regarding freeradius rlm_rest module configuration to authenticate user from elasticsearch

tf flag
CHANDAN BR

I'm trying to authenticate user using rest module in freeradius, user data is stored in elasticsearch database.

testing using: < radtest -x chandanbr 008627 localhost 0 testing123 >

i'm getting access-accept for all time, if i enter wrong password and user name im getting accept only,

please help me how to do configuration for authenticate user in freeradius with elasticsearch.

configuration file: mod-enable/rest

authorize {
        #uri = "${..connect_uri}/user/%{User-Name}/mac/%{Called-Station-ID}?action=authorize"
        #method = 'get'
        #tls = ${..tls}
        uri = "${..connect_uri}/authenticate/_search"
        method = 'post'
        body = 'json'
        data = '{"query":{"bool":{"must":[{"match": {"username": "%{User-Name}" }},{"match": {"password": "%{User-Password}" }}]}}}'
        tls = ${..tls}
}
authenticate {
        #uri = "${..connect_uri}/user/%{User-Name}/mac/%{Called-Station-ID}?action=authenticate"
        #method = 'get'
        #tls = ${..tls}
        uri = "${..connect_uri}/authenticate/_search"
        method = 'post'
        body = 'json'
        data = '{"query":{"bool":{"must":[{"match": {"username": "%{User-Name}" }},{"match": {"password": "%{User-Password}" }}]}}}'
        tls = ${..tls}
}

site-enable/default authorize { if (ok) { update control { Auth-Type := rest } } }

authenticate { Auth-Type rest { rest { updated = 1 } if (updated) { %{reply:Token} ok } i dont no this configuration is correct or not. please help me to configure rest with freeradius to use elastic search.

debug output: ..... # Loaded module rlm_rest # Loading module "rest" from file /etc/freeradius/3.0/mods-enabled/rest rest { connect_uri = "http://10.90.5.207:9200/" connect_timeout = 4.000000 } # Loaded module rlm_digest # Loading module "digest" from file /etc/freeradius/3.0/mods-enabled/digest # Loaded module rlm_cache # Loading module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no }

  # Loaded module rlm_files
  # Loading module "files" from file /etc/freeradius/3.0/mods-enabled/files
  files {
    filename = "/etc/freeradius/3.0/mods-config/files/authorize"
    acctusersfile = "/etc/freeradius/3.0/mods-config/files/accounting"
    preproxy_usersfile = "/etc/freeradius/3.0/mods-config/files/pre-proxy"
  }
  # Loaded module rlm_radutmp
  # Loading module "radutmp" from file /etc/freeradius/3.0/mods-enabled/radutmp
  radutmp {
    filename = "/var/log/freeradius/radutmp"
    username = "%{User-Name}"
    case_sensitive = yes
    check_with_nas = yes
    permissions = 384
    caller_id = yes
  }
  # Loaded module rlm_expiration
  # Loading module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration
  # Loaded module rlm_attr_filter
  # Loading module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  attr_filter attr_filter.post-proxy {
    filename = "/etc/freeradius/3.0/mods-config/attr_filter/post-proxy"
    key = "%{Realm}"
    relaxed = no
  }
  # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  attr_filter attr_filter.pre-proxy {
    filename = "/etc/freeradius/3.0/mods-config/attr_filter/pre-proxy"
    key = "%{Realm}"
    relaxed = no
  }
  # Loading module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  attr_filter attr_filter.access_reject {
    filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_reject"
    key = "%{User-Name}"
    relaxed = no
  }
  # Loading module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  attr_filter attr_filter.access_challenge {
    filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_challenge"
    key = "%{User-Name}"
    relaxed = no
  }
  # Loading module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter
  attr_filter attr_filter.accounting_response {
    filename = "/etc/freeradius/3.0/mods-config/attr_filter/accounting_response"
    key = "%{User-Name}"
    relaxed = no
  }
  # Loading module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  detail auth_log {
    filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
  }
  # Loading module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  detail reply_log {
    filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
  }
  # Loading module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  detail pre_proxy_log {
    filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
  }
  # Loading module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  detail post_proxy_log {
    filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    locking = no
    escape_filenames = no
    log_packet_header = no
  }
  # Loaded module rlm_mschap
  # Loading module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap
  mschap {
    use_mppe = yes
    require_encryption = no
    require_strong = no
    with_ntdomain_hack = yes
   passchange {
   }
    allow_retry = yes
    winbind_retry_with_normalised_username = no
  }
  # Loaded module rlm_unpack
  # Loading module "unpack" from file /etc/freeradius/3.0/mods-enabled/unpack
  # Loaded module rlm_pap
  # Loading module "pap" from file /etc/freeradius/3.0/mods-enabled/pap
  pap {
    normalise = yes
  }
  # Loaded module rlm_preprocess
  # Loading module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess
  preprocess {
    huntgroups = "/etc/freeradius/3.0/mods-config/preprocess/huntgroups"
    hints = "/etc/freeradius/3.0/mods-config/preprocess/hints"
    with_ascend_hack = no
    ascend_channels_per_line = 23
    with_ntdomain_hack = no
    with_specialix_jetstream_hack = no
    with_cisco_vsa_hack = no
    with_alvarion_vsa_hack = no
  }
  # Loading module "sradutmp" from file /etc/freeradius/3.0/mods-enabled/sradutmp
  radutmp sradutmp {
    filename = "/var/log/freeradius/sradutmp"
    username = "%{User-Name}"
    case_sensitive = yes
    check_with_nas = yes
    permissions = 420
    caller_id = no
  }
  # Loaded module rlm_always
  # Loading module "reject" from file /etc/freeradius/3.0/mods-enabled/always
  always reject {
    rcode = "reject"
    simulcount = 0
    mpp = no
  }
  # Loading module "fail" from file /etc/freeradius/3.0/mods-enabled/always
  always fail {
    rcode = "fail"
    simulcount = 0
    mpp = no
  }
  # Loading module "ok" from file /etc/freeradius/3.0/mods-enabled/always
  always ok {
    rcode = "ok"
    simulcount = 0
    mpp = no
  }
  # Loading module "handled" from file /etc/freeradius/3.0/mods-enabled/always
  always handled {
    rcode = "handled"
    simulcount = 0
    mpp = no
  }
  # Loading module "invalid" from file /etc/freeradius/3.0/mods-enabled/always
  always invalid {
    rcode = "invalid"
    simulcount = 0
    mpp = no
  }
  # Loading module "userlock" from file /etc/freeradius/3.0/mods-enabled/always
  always userlock {
    rcode = "userlock"
    simulcount = 0
    mpp = no
  }
  # Loading module "notfound" from file /etc/freeradius/3.0/mods-enabled/always
  always notfound {
    rcode = "notfound"
    simulcount = 0
    mpp = no
  }
  # Loading module "noop" from file /etc/freeradius/3.0/mods-enabled/always
  always noop {
    rcode = "noop"
    simulcount = 0
    mpp = no
  }
  # Loading module "updated" from file /etc/freeradius/3.0/mods-enabled/always
  always updated {
    rcode = "updated"
    simulcount = 0
    mpp = no
  }
  # Loading module "echo" from file /etc/freeradius/3.0/mods-enabled/echo
  exec echo {
    wait = yes
    program = "/bin/echo %{User-Name}"
    input_pairs = "request"
    output_pairs = "reply"
    shell_escape = yes
  }
  # Loaded module rlm_chap
  # Loading module "chap" from file /etc/freeradius/3.0/mods-enabled/chap
  # Loaded module rlm_soh
  # Loading module "soh" from file /etc/freeradius/3.0/mods-enabled/soh
  soh {
    dhcp = yes
  }
  instantiate {
  }
  # Instantiating module "detail" from file /etc/freeradius/3.0/mods-enabled/detail
  # Instantiating module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog
  # Instantiating module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog
  # Instantiating module "rest" from file /etc/freeradius/3.0/mods-enabled/rest
   authorize {
    uri = "http://10.90.5.207:9200//authenticate/_search"
    method = "post"
    body = "json"
    data = "{"query":{"bool":{"must":[{"match": {"username": "%{User-Name}" }},{"match": {"password": "%{User-Password}" }}]}}}"
    auth = "none"
    require_auth = no
    timeout = 4.000000
    chunk = 0
    tls {
        check_cert = yes
        check_cert_cn = yes
    }
   }
   authenticate {
    uri = "http://10.90.5.207:9200//authenticate/_search"
    method = "post"
    body = "json"
    data = "{"query":{"bool":{"must":[{"match": {"username": "%{User-Name}" }},{"match": {"password": "%{User-Password}" }}]}}}"
    auth = "none"
    require_auth = no
    timeout = 4.000000
    chunk = 0
    tls {
        check_cert = yes
        check_cert_cn = yes
    }
   }
   preacct {
    uri = "http://10.90.5.207:9200//user/%{User-Name}/sessions/%{Acct-Unique-Session-ID}?action=preacct"
    method = "post"
    body = "none"
    auth = "none"
    require_auth = no
    timeout = 4.000000
    chunk = 0
    tls {
        check_cert = yes
        check_cert_cn = yes
    }
   }
   accounting {
    uri = "http://10.90.5.207:9200//user/%{User-Name}/sessions/%{Acct-Unique-Session-ID}?action=accounting"
    method = "post"
    body = "none"
    auth = "none"
    require_auth = no
    timeout = 4.000000
    chunk = 0
    tls {
        check_cert = yes
        check_cert_cn = yes
    }
   }
   pre-proxy {
    uri = "http://10.90.5.207:9200//user/%{User-Name}/mac/%{Called-Station-ID}?action=pre-proxy"
    method = "post"
    body = "none"
    auth = "none"
    require_auth = no
    timeout = 4.000000
    chunk = 0
    tls {
        check_cert = yes
        check_cert_cn = yes
    }
   }
   post-proxy {
    uri = "http://10.90.5.207:9200//user/%{User-Name}/mac/%{Called-Station-ID}?action=post-proxy"
    method = "post"
    body = "none"
    auth = "none"
    require_auth = no
    timeout = 4.000000
    chunk = 0
    tls {
        check_cert = yes
        check_cert_cn = yes
    }
   }
   post-auth {
    uri = "http://10.90.5.207:9200//user/%{User-Name}/mac/%{Called-Station-ID}?action=post-auth"
    method = "post"
    body = "none"
    auth = "none"
    require_auth = no
    timeout = 4.000000
    chunk = 0
    tls {
        check_cert = yes
        check_cert_cn = yes
    }
   }
rlm_rest: libcurl version changed since the server was built
rlm_rest: linked: 7.68.0 built: 7.66.0
rlm_rest: libcurl version: libcurl/7.68.0 OpenSSL/1.1.1f zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.21.0 (+libidn2/2.2.0) libssh/0.9.3/openssl/zlib nghttp2/1.40.0 librtmp/2.3
rlm_rest (rest): Initialising connection pool
   pool {
    start = 5
    min = 3
    max = 32
    spare = 10
    uses = 0
    lifetime = 0
    cleanup_interval = 30
    idle_timeout = 60
    retry_delay = 30
    spread = no
   }
rlm_rest (rest): Opening additional connection (0), 1 of 32 pending slots used
rlm_rest (rest): Connecting to "http://10.90.5.207:9200/"
rlm_rest (rest): Opening additional connection (1), 1 of 31 pending slots used
rlm_rest (rest): Connecting to "http://10.90.5.207:9200/"
rlm_rest (rest): Opening additional connection (2), 1 of 30 pending slots used
rlm_rest (rest): Connecting to "http://10.90.5.207:9200/"
rlm_rest (rest): Opening additional connection (3), 1 of 29 pending slots used
rlm_rest (rest): Connecting to "http://10.90.5.207:9200/"
rlm_rest (rest): Opening additional connection (4), 1 of 28 pending slots used
rlm_rest (rest): Connecting to "http://10.90.5.207:9200/"
  # Instantiating module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap
rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
  # Instantiating module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  # Instantiating module "eap" from file /etc/freeradius/3.0/mods-enabled/eap
   # Linked to sub-module rlm_eap_md5
   # Linked to sub-module rlm_eap_leap
   # Linked to sub-module rlm_eap_gtc
   gtc {
    challenge = "Password: "
    auth_type = "PAP"
   }
   # Linked to sub-module rlm_eap_tls
   tls {
    tls = "tls-common"
   }
   tls-config tls-common {
    verify_depth = 0
    ca_path = "/etc/freeradius/3.0/certs"
    pem_file_type = yes
    private_key_file = "/etc/ssl/private/ssl-cert-snakeoil.key"
    certificate_file = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
    ca_file = "/etc/ssl/certs/ca-certificates.crt"
    private_key_password = <<< secret >>>
    dh_file = "/etc/freeradius/3.0/certs/dh"
    fragment_size = 1024
    include_length = yes
    auto_chain = yes
    check_crl = no
    check_all_crl = no
    cipher_list = "DEFAULT"
    cipher_server_preference = no
    ecdh_curve = "prime256v1"
    disable_tlsv1 = yes
    disable_tlsv1_1 = yes
    tls_max_version = "1.2"
    tls_min_version = "1.2"
    cache {
        enable = no
        lifetime = 24
        max_entries = 255
    }
    verify {
        skip_if_ocsp_ok = no
    }
    ocsp {
        enable = no
        override_cert_url = yes
        url = "http://127.0.0.1/ocsp/"
        use_nonce = yes
        timeout = 0
        softfail = no
    }
   }
Please use tls_min_version and tls_max_version instead of disable_tlsv1
Please use tls_min_version and tls_max_version instead of disable_tlsv1_2
   # Linked to sub-module rlm_eap_ttls
   ttls {
    tls = "tls-common"
    default_eap_type = "md5"
    copy_request_to_tunnel = no
    use_tunneled_reply = no
    virtual_server = "inner-tunnel"
    include_length = yes
    require_client_cert = no
   }
tls: Using cached TLS configuration from previous invocation
   # Linked to sub-module rlm_eap_peap
   peap {
    tls = "tls-common"
    default_eap_type = "mschapv2"
    copy_request_to_tunnel = no
    use_tunneled_reply = no
    proxy_tunneled_request_as_eap = yes
    virtual_server = "inner-tunnel"
    soh = no
    require_client_cert = no
   }
tls: Using cached TLS configuration from previous invocation
   # Linked to sub-module rlm_eap_mschapv2
   mschapv2 {
    with_ntdomain_hack = no
    send_error = no
   }
  # Instantiating module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime
  # Instantiating module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm
  # Instantiating module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm
  # Instantiating module "bangpath" from file /etc/freeradius/3.0/mods-enabled/realm
  # Instantiating module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm
  # Instantiating module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm
  # Instantiating module "files" from file /etc/freeradius/3.0/mods-enabled/files
reading pairlist file /etc/freeradius/3.0/mods-config/files/authorize
reading pairlist file /etc/freeradius/3.0/mods-config/files/accounting
reading pairlist file /etc/freeradius/3.0/mods-config/files/pre-proxy
  # Instantiating module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration
  # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/post-proxy
  # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/pre-proxy
  # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_reject
  # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_challenge
  # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/accounting_response
  # Instantiating module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  # Instantiating module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  # Instantiating module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  # Instantiating module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
  # Instantiating module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap
rlm_mschap (mschap): using internal authentication
  # Instantiating module "pap" from file /etc/freeradius/3.0/mods-enabled/pap
  # Instantiating module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess
reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/huntgroups
reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/hints
  # Instantiating module "reject" from file /etc/freeradius/3.0/mods-enabled/always
  # Instantiating module "fail" from file /etc/freeradius/3.0/mods-enabled/always
  # Instantiating module "ok" from file /etc/freeradius/3.0/mods-enabled/always
  # Instantiating module "handled" from file /etc/freeradius/3.0/mods-enabled/always
  # Instantiating module "invalid" from file /etc/freeradius/3.0/mods-enabled/always
  # Instantiating module "userlock" from file /etc/freeradius/3.0/mods-enabled/always
  # Instantiating module "notfound" from file /etc/freeradius/3.0/mods-enabled/always
  # Instantiating module "noop" from file /etc/freeradius/3.0/mods-enabled/always
  # Instantiating module "updated" from file /etc/freeradius/3.0/mods-enabled/always
 } # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/3.0/radiusd.conf
} # server
server inner-tunnel { # from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
 # Loading authenticate {...}
 # Loading authorize {...}
Ignoring "sql" (see raddb/mods-available/README.rst)
Ignoring "ldap" (see raddb/mods-available/README.rst)
 # Loading session {...}
 # Loading post-proxy {...}
 # Loading post-auth {...}
 # Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/3.0/sites-enabled/inner-tunnel:349
} # server inner-tunnel
server default { # from file /etc/freeradius/3.0/sites-enabled/default
 # Loading authenticate {...}
 # Loading authorize {...}
 # Loading preacct {...}
 # Loading accounting {...}
 # Loading post-proxy {...}
 # Loading post-auth {...}
} # server default
radiusd: #### Opening IP addresses and Ports ####
listen {
    type = "auth"
    ipaddr = 127.0.0.1
    port = 18120
}
listen {
    type = "auth"
    ipaddr = *
    port = 0
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout

Blockquote

= 30
   }
}
listen {
    type = "acct"
    ipaddr = *
    port = 0
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
}
listen {
    type = "auth"
    ipv6addr = ::
    port = 0
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
}
listen {
    type = "acct"
    ipv6addr = ::
    port = 0
   limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
   }
}
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on proxy address * port 50703
Listening on proxy address :: port 44900
Ready to process requests
(0) Received Access-Request Id 226 from 127.0.0.1:54128 to 127.0.0.1:1812 length 79
(0)   User-Name = "chandanbr"
(0)   User-Password = "008627"
(0)   NAS-IP-Address = 127.0.1.1
(0)   NAS-Port = 0
(0)   Message-Authenticator = 0xa6f661d3f962a4cff97a08e315c1e8f9
(0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(0)   authorize {
(0)     policy filter_username {
(0)       if (&User-Name) {
(0)       if (&User-Name)  -> TRUE
(0)       if (&User-Name)  {
(0)         if (&User-Name =~ / /) {
(0)         if (&User-Name =~ / /)  -> FALSE
(0)         if (&User-Name =~ /@[^@]*@/ ) {
(0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(0)         if (&User-Name =~ /\.\./ ) {
(0)         if (&User-Name =~ /\.\./ )  -> FALSE
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(0)         if (&User-Name =~ /\.$/)  {
(0)         if (&User-Name =~ /\.$/)   -> FALSE
(0)         if (&User-Name =~ /@\./)  {
(0)         if (&User-Name =~ /@\./)   -> FALSE
(0)       } # if (&User-Name)  = notfound
(0)     } # policy filter_username = notfound
(0)     [preprocess] = ok
(0)     [chap] = noop
(0)     [mschap] = noop
(0)     [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "chandanbr", looking up realm NULL
(0) suffix: No such realm "NULL"
(0)     [suffix] = noop
(0) eap: No EAP-Message, not doing EAP
(0)     [eap] = noop
(0) files: users: Matched entry DEFAULT at line 165
(0)     [files] = ok
(0)     if (ok) {
(0)     if (ok)  -> TRUE
(0)     if (ok)  {
(0)       update control {
(0)         Auth-Type := rest
(0)       } # update control = noop
(0)     } # if (ok)  = noop
(0)     [expiration] = noop
(0)     [logintime] = noop
Not doing PAP as Auth-Type is already set.
(0)     [pap] = noop
(0)   } # authorize = ok
(0) Found Auth-Type = rest
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0)   Auth-Type rest {
rlm_rest (rest): Reserved connection (0)
(0) rest: Expanding URI components
(0) rest: EXPAND http://10.90.5.207:9200
(0) rest:    --> http://10.90.5.207:9200
(0) rest: EXPAND //authenticate/_search
(0) rest:    --> //authenticate/_search
(0) rest: Sending HTTP POST to "http://10.90.5.207:9200//authenticate/_search"
(0) rest: EXPAND {"query":{"bool":{"must":[{"match": {"username": "%{User-Name}" }},{"match": {"password": "%{User-Password}" }}]}}}
(0) rest:    --> {"query":{"bool":{"must":[{"match": {"username": "chandanbr" }},{"match": {"password": "008627" }}]}}}
(0) rest: Processing response header
(0) rest:   Status : 200 (OK)
(0) rest:   Type   : json (application/json)
(0) rest: Parsing attribute "took"
(0) rest: WARNING: Failed parsing attribute: Invalid vendor name in attribute name "took", skipping...
(0) rest: Parsing attribute "timed_out"
(0) rest: WARNING: Failed parsing attribute: Invalid vendor name in attribute name "timed_out", skipping...
(0) rest: Parsing attribute "_shards"
(0) rest: WARNING: Failed parsing attribute: Invalid vendor name in attribute name "_shards", skipping...
(0) rest: Parsing attribute "hits"
(0) rest: WARNING: Failed parsing attribute: Invalid vendor name in attribute name "hits", skipping...
rlm_rest (rest): Released connection (0)
Need 5 more connections to reach 10 spares
rlm_rest (rest): Opening additional connection (5), 1 of 27 pending slots used
rlm_rest (rest): Connecting to "http://10.90.5.207:9200/"
(0)     [rest] = ok
(0)     if (updated) {
(0)     if (updated)  -> FALSE
(0)   } # Auth-Type rest = ok
(0) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default
(0)   post-auth {
(0)     if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
(0)     if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name))  -> FALSE
(0)     update {
(0)       No attributes updated for RHS &session-state:
(0)     } # update = noop
(0)     [exec] = noop
(0)     policy remove_reply_message_if_eap {
(0)       if (&reply:EAP-Message && &reply:Reply-Message) {
(0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(0)       else {
(0)         [noop] = noop
(0)       } # else = noop
(0)     } # policy remove_reply_message_if_eap = noop
(0)   } # post-auth = noop
(0) Sent Access-Accept Id 226 from 127.0.0.1:1812 to 127.0.0.1:54128 length 0
(0) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 226 with timestamp +5
Ready to process requests

please help me....

167
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.