You have been subscribed to a public bug:
I have been testing RADIUS change of authorization on Ubiquiti wireless.
I have tested this on Ubuntu 19.04 as well as Ubuntu 19.10 and the
behavior is the same on both as well as when testing on Debian or
Fedora. FWIW this is working with a Windows 10 or Android client
connected to the same wireless SSID on the same wireless AP, so this
does not seem to be a configuration issue on the AP from what I can see.
Below are the logs from the Ubuntu client as well as the RADIUS server.
Please let me know if any further info is needed or if this behavior is
expected. Log info is below. Thanks!
ubuntu@ubuntu:/var/log$ journalctl | grep -Ei 'dhcp'
Mar 26 21:28:30 ubuntu NetworkManager[1127]: <info> [1585258110.5810]
dhcp-init: Using DHCP client 'dhclient'
Client sends an Access-Request to RADIUS server:
Thu Mar 26 17:29:13 2020
Packet-Type = Access-Request
User-Name = "dshields"
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "ABB4DA79B50051CB"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message = 0x022900061500
State = 0x4cc366d24aea73b029eb30b6d6318ffc
Message-Authenticator = 0x48aef4abde67bc109ce1689d34b292cb
NAS-IP-Address = 10.100.10.235
Thu Mar 26 17:29:13 2020
Packet-Type = Access-Request
User-Name = "dshields"
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "ABB4DA79B50051CB"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message =
0x022a008415001603030046100000424104bbae17c4fd4f2c594c2fe9737cc7919914adc728c0c3080fcf9e0f4cec1e1baced618159446d056286c8ca54ab8eb9142a2b1cfd5c88e110e6a28edf4ce943ed1403030001011603030028c00e45cebb1752d0b5c6323f47be852483a27af729b82ee96e3139d24dfa485e8ffed35de2438d54
State = 0x4cc366d24be973b029eb30b6d6318ffc
Message-Authenticator = 0x5d0f1396a39e5b0e1e1a0c6118e1ebea
NAS-IP-Address = 10.100.10.235
Authentication succeeds and VLAN 230 is returned to client with Access-Accept:
Thu Mar 26 17:29:13 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 via TLS tunnel)
Thu Mar 26 17:29:13 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 cli 38-59-F9-81-5C-98)
Thu Mar 26 17:29:13 2020
Packet-Type = Access-Accept
User-Name = "dshields"
MS-MPPE-Recv-Key =
0x0e4b4cd48f891763a1f1792c71047066b1fd70914f7212cf011f1a367277cd02
MS-MPPE-Send-Key =
0xc81a04f1482a75cff7cac78876a95391ab9908d613dd2e2476def943bab5cf4c
EAP-MSK =
0x0e4b4cd48f891763a1f1792c71047066b1fd70914f7212cf011f1a367277cd02c81a04f1482a75cff7cac78876a95391ab9908d613dd2e2476def943bab5cf4c
EAP-EMSK =
0x55d0a72ab01bd0a5ec49a6e081fcecff37357ba89f8c25767d8033e529e45b116a9cec3044cef37c20297c60b8b3b345be1248859214586ad9e925545cf88c14
EAP-Session-Id =
0x15066089550d45a92a0c53f9280e765fbdcf813480da08fdbf5b33de44dd5dc9c15e7d1ea91e31c2135dd3b384f8d628548ab4beb299a79ee60836464d78cfcce5
EAP-Message = 0x032b0004
Message-Authenticator = 0x00000000000000000000000000000000
Calling-Station-Id = "38-59-F9-81-5C-98"
Tunnel-Type:0 += VLAN
Tunnel-Medium-Type:0 += IEEE-802
Tunnel-Private-Group-Id:0 += "230"
Laptop sends a DHCP request and gets an IP in VLAN 230:
Mar 26 21:29:13 ubuntu NetworkManager[1127]: <info> [1585258153.1150] dhcp4
(wlp2s0b1): activation: beginning transaction (timeout in 45 seconds)
Mar 26 21:29:13 ubuntu NetworkManager[1127]: <info> [1585258153.1352] dhcp4
(wlp2s0b1): dhclient started with pid 2626
Mar 26 21:29:13 ubuntu dhclient[2626]: DHCPDISCOVER on wlp2s0b1 to
255.255.255.255 port 67 interval 3 (xid=0x6bec8061)
Mar 26 21:29:13 ubuntu dhclient[2626]: DHCPOFFER of 10.103.230.59 from
10.103.230.1
Mar 26 21:29:13 ubuntu dhclient[2626]: DHCPREQUEST for 10.103.230.59 on
wlp2s0b1 to 255.255.255.255 port 67 (xid=0x6180ec6b)
Mar 26 21:29:13 ubuntu dhclient[2626]: DHCPACK of 10.103.230.59 from
10.103.230.1 (xid=0x6bec8061)
Mar 26 21:29:13 ubuntu NetworkManager[1127]: <info> [1585258153.7935] dhcp4
(wlp2s0b1): address 10.103.230.59
Mar 26 21:29:13 ubuntu NetworkManager[1127]: <info> [1585258153.7936] dhcp4
(wlp2s0b1): plen 24 (255.255.255.0)
Mar 26 21:29:13 ubuntu NetworkManager[1127]: <info> [1585258153.7936] dhcp4
(wlp2s0b1): gateway 10.103.230.1
Mar 26 21:29:13 ubuntu NetworkManager[1127]: <info> [1585258153.7936] dhcp4
(wlp2s0b1): lease time 43200
Mar 26 21:29:13 ubuntu NetworkManager[1127]: <info> [1585258153.7936] dhcp4
(wlp2s0b1): nameserver '10.101.3.3'
Mar 26 21:29:13 ubuntu NetworkManager[1127]: <info> [1585258153.7937] dhcp4
(wlp2s0b1): nameserver '8.8.8.8'
Mar 26 21:29:13 ubuntu NetworkManager[1127]: <info> [1585258153.7937] dhcp4
(wlp2s0b1): state changed unknown -> bound
Mar 26 21:32:15 ubuntu NetworkManager[1127]: <info> [1585258335.5457] dhcp4
(wlp2s0b1): canceled DHCP transaction, DHCP client pid 2626
Mar 26 21:32:15 ubuntu NetworkManager[1127]: <info> [1585258335.5458] dhcp4
(wlp2s0b1): state changed bound -> done
Thu Mar 26 17:32:27 2020
Packet-Type = Access-Request
User-Name = "dshields"
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "444FB4C30AF34419"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message =
0x02770084150016030300461000004241047c8435590017c1097b85fea5f1fc56f60d0fb11a9f4ccb90926ab6328d15ca23805414ea5bdd89a405ad11c0c442f45c6524206e2c96fb7778cf4b716fad5e0f14030300010116030300285f6dcdf55ab70cbaefbdfab8aa1528be435c55d27fb39920e8e384489d4c22ce5e072360e8122c72
State = 0xa57d9cc1a20a898c59aff0df9f8dfe43
Message-Authenticator = 0xf10eea7ba9c9834450a4e117dba4784c
NAS-IP-Address = 10.100.10.235
Thu Mar 26 17:32:27 2020
Packet-Type = Access-Request
User-Name = "dshields"
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "444FB4C30AF34419"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message =
0x0278004b150017030300405f6dcdf55ab70cbb6e27857a2ef52338282f7bc0955d1e907ab847a6452d0c4e276c945701a775e1c893375bdf39719ddde1a0fc17b38e4480a2c49702c3ae8f
State = 0xa57d9cc1ad05898c59aff0df9f8dfe43
Message-Authenticator = 0xc17ebf8458874b32795718cfbd9e2210
NAS-IP-Address = 10.100.10.235
Thu Mar 26 17:32:27 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 via TLS tunnel)
Thu Mar 26 17:32:27 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 cli 38-59-F9-81-5C-98)
Thu Mar 26 17:32:27 2020
Packet-Type = Access-Accept
User-Name = "dshields"
MS-MPPE-Recv-Key =
0x8be2c10500aea4eb50c8d04400c6b1a875328b71094d091b56feef10d3c35c32
MS-MPPE-Send-Key =
0x418822e1ec81caa957265129a30f05fdb51e5b75c8c3dab9b2b1087670de67e6
EAP-MSK =
0x8be2c10500aea4eb50c8d04400c6b1a875328b71094d091b56feef10d3c35c32418822e1ec81caa957265129a30f05fdb51e5b75c8c3dab9b2b1087670de67e6
EAP-EMSK =
0x04ba0ef6a922d56e84429099f6e8b4c095550f07e7545e3cfcc36e6ba3803e6d612df583eb77d8b847ed432c3c1a5fb19c95a33f16d50213d8ec0ae40fcbc6ad
EAP-Session-Id =
0x159450251fdfa2cad0d04d431e8d8bcc96d75eb8206b8850a286a579389d3c108c5e7d1f6b739ce2f606cf48329fa6047d670da2b8307cf6e5c31d4094f349c2ec
EAP-Message = 0x03780004
Message-Authenticator = 0x00000000000000000000000000000000
Calling-Station-Id = "38-59-F9-81-5C-98"
Tunnel-Type:0 += VLAN
Tunnel-Medium-Type:0 += IEEE-802
Tunnel-Private-Group-Id:0 += "230"
Mar 26 21:32:27 ubuntu NetworkManager[1127]: <info> [1585258347.4966] dhcp4
(wlp2s0b1): activation: beginning transaction (timeout in 45 seconds)
Mar 26 21:32:27 ubuntu NetworkManager[1127]: <info> [1585258347.5035] dhcp4
(wlp2s0b1): dhclient started with pid 4658
Mar 26 21:32:27 ubuntu dhclient[4658]: DHCPREQUEST for 10.103.230.59 on
wlp2s0b1 to 255.255.255.255 port 67 (xid=0x41dc1160)
Mar 26 21:32:27 ubuntu dhclient[4658]: DHCPACK of 10.103.230.59 from
10.103.230.1 (xid=0x6011dc41)
Mar 26 21:32:27 ubuntu NetworkManager[1127]: <info> [1585258347.5552] dhcp4
(wlp2s0b1): address 10.103.230.59
Mar 26 21:32:27 ubuntu NetworkManager[1127]: <info> [1585258347.5552] dhcp4
(wlp2s0b1): plen 24 (255.255.255.0)
Mar 26 21:32:27 ubuntu NetworkManager[1127]: <info> [1585258347.5552] dhcp4
(wlp2s0b1): gateway 10.103.230.1
Mar 26 21:32:27 ubuntu NetworkManager[1127]: <info> [1585258347.5553] dhcp4
(wlp2s0b1): lease time 43200
Mar 26 21:32:27 ubuntu NetworkManager[1127]: <info> [1585258347.5553] dhcp4
(wlp2s0b1): nameserver '10.101.3.3'
Mar 26 21:32:27 ubuntu NetworkManager[1127]: <info> [1585258347.5553] dhcp4
(wlp2s0b1): nameserver '8.8.8.8'
Mar 26 21:32:27 ubuntu NetworkManager[1127]: <info> [1585258347.5553] dhcp4
(wlp2s0b1): state changed unknown -> bound
COA disconnect is sent to NAS(access pouint) by RADIUS server:
2020-03-26 17:33:00 : Invoked with arguments -m 3859f9815c98 -o
SC_Compliant_Role -n SC_Quarantine_Test 10.100.10.235
2020-03-26 17:33:00 : Found username dshields for MAC address 3859f9815c98
2020-03-26 17:33:00 : Found NAS-Port 0 for MAC address 3859f9815c98
2020-03-26 17:33:00 : Found NAS-Identifier 7483c28d26de for MAC address
3859f9815c98
2020-03-26 17:33:00 : Sending disconnect for attributes
(User-Name=dshields,NAS-Identifier=7483c28d26de) to NAS 10.100.10.235
Sending Disconnect-Request of id 65 to 10.100.10.235 port 3799
User-Name = "dshields"
NAS-Identifier = "7483c28d26de"
rad_recv: Disconnect-ACK packet from host 10.100.10.235 port 3799, id=65,
length=44
Event-Timestamp = "Mar 26 2020 17:33:00 EDT"
Message-Authenticator = 0x7bca986b22d07324da7f42ee6bb4a136
2020-03-26 17:33:00 : Received positive response from NAS, not broadcasting
Client is disconnected and sends an Access-Request to RADIUS server:
Thu Mar 26 17:33:01 2020
Packet-Type = Access-Request
User-Name = "dshields"
Framed-IP-Address = 10.103.230.59
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "444FB4C30AF34419"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message =
0x02b40084150016030300461000004241042ee2617f689a6ffa0832e699d059622cd1663c1ef59b076ee9ca79b16b85b06612bb2cd72a81670c2baad27087905f386ce313881c93f5ebf6b24605a0b5f0571403030001011603030028240c74d5b394ca6001fc3895a4cb482ede2a158b5e4632c11907b5e9a8744c7a2c2ad9d4b607ced2
State = 0xe7f9d95be04dcc525194079a989fb5cf
Message-Authenticator = 0x1d219014a11a7934e7380376264e510b
NAS-IP-Address = 10.100.10.235
Thu Mar 26 17:33:01 2020
Packet-Type = Access-Request
User-Name = "dshields"
Framed-IP-Address = 10.103.230.59
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "444FB4C30AF34419"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message =
0x02b5004b15001703030040240c74d5b394ca61a6d7b0c7e0a320d44a30741998b19fd528d6be6a124c4a9797c3f8a544140666e99f71ad5684ed31dd06bc0a96df4f9cbf4144f07e16067a
State = 0xe7f9d95bef4ccc525194079a989fb5cf
Message-Authenticator = 0x28b26a37091097cf98936d40053bc24b
NAS-IP-Address = 10.100.10.235
Thu Mar 26 17:33:01 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 via TLS tunnel)
Thu Mar 26 17:33:01 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 cli 38-59-F9-81-5C-98)
Authentication succeeds and VLAN 240 is returned to client with Access-
Accept:
Thu Mar 26 17:33:01 2020
Packet-Type = Access-Accept
User-Name = "dshields"
MS-MPPE-Recv-Key =
0x67b4f84b9ad403fdc155e5734e5199ac1e89c3a6474dbcc2d6f1a799427bcd0d
MS-MPPE-Send-Key =
0x86ee0d0536eacc87939e586c04aa82e2c6009c0bbfb43d6e0fc2017029b77057
EAP-MSK =
0x67b4f84b9ad403fdc155e5734e5199ac1e89c3a6474dbcc2d6f1a799427bcd0d86ee0d0536eacc87939e586c04aa82e2c6009c0bbfb43d6e0fc2017029b77057
EAP-EMSK =
0x3ee38f76ab4198f3386f66487fc7bde5d2af3c30d6378efa2f75387af3f016588b325626dd5bf6328e29c9d1f3e2bd6c5122ab8832103ed8fc44d2f761e6f614
EAP-Session-Id =
0x15ebb830061c0662ab3c415f04952751e4357e148556e5fbb31d30d8cc9a1cd5475e7d1f8def61d4cc6f014abc46d5279b5ec199a095ef5e910ff48d17221777e8
EAP-Message = 0x03b50004
Message-Authenticator = 0x00000000000000000000000000000000
Calling-Station-Id = "38-59-F9-81-5C-98"
Tunnel-Type:0 += VLAN
Tunnel-Medium-Type:0 += IEEE-802
Tunnel-Private-Group-Id:0 += "240"
At this point I would expect the client to send a DHCPDISCOVER in order to
obtain an IP address, but this does not happen. The client retains the IP
address in VLAN 230 and therefore is unable to route as the AP has changed the
client's VLAN to 240 per the Access-Accept from the RADIUS server.
The same behavior is seen upon sending subsequent COA-disconnects to the
NAS (access-point), the AP applies the correct VLAN to the client per
the Access-Accept, but the client remains in VLAN 230 with the same IP
and cannot route when the AP applies VLAN 240.
2020-03-26 17:35:09 : Invoked with arguments -m 3859f9815c98 -o
SC_Quarantine_Test -n SC_Compliant_Role 10.100.10.235
2020-03-26 17:35:09 : Found username dshields for MAC address 3859f9815c98
2020-03-26 17:35:09 : Found NAS-Port 0 for MAC address 3859f9815c98
2020-03-26 17:35:09 : Found NAS-Identifier 7483c28d26de for MAC address
3859f9815c98
2020-03-26 17:35:09 : Sending disconnect for attributes
(User-Name=dshields,NAS-Identifier=7483c28d26de) to NAS 10.100.10.235
Sending Disconnect-Request of id 48 to 10.100.10.235 port 3799
User-Name = "dshields"
NAS-Identifier = "7483c28d26de"
rad_recv: Disconnect-ACK packet from host 10.100.10.235 port 3799, id=48,
length=44
Event-Timestamp = "Mar 26 2020 17:35:09 EDT"
Message-Authenticator = 0xff2e8e924ddb43d9263538bc8de551a2
2020-03-26 17:35:09 : Received positive response from NAS, not broadcasting
Thu Mar 26 17:35:10 2020
Packet-Type = Access-Request
User-Name = "dshields"
Framed-IP-Address = 10.103.230.59
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "444FB4C30AF34419"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message =
0x02ce008415001603030046100000424104020ed1ff0c5cbd092ef2fe3be99acb6b62822fdacdc8cdaaa427fa863880cf858df1b60b996db438452832e089259f3cb9eb0e7b05346e783980998ed0f5176d1403030001011603030028d1edcc23ac0f6f59501435f88cc0ef56299ea479991009f5da7da7fe55a8695e297d6d76a7e852bb
State = 0xa0891789a747022c6ce573d4adbb4733
Message-Authenticator = 0x9a7d1d52aadcf2c164cf33821ccc6e6a
NAS-IP-Address = 10.100.10.235
Thu Mar 26 17:35:10 2020
Packet-Type = Access-Request
User-Name = "dshields"
Framed-IP-Address = 10.103.230.59
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "444FB4C30AF34419"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message =
0x02cf004b15001703030040d1edcc23ac0f6f5af17d8019dac5f84c630cb42ee55a5f5198e808cf99a44cae31d83e8307b8391026ea8a35a55a46eb0d6443f2e7ae972fe959b07a4eeda01a
State = 0xa0891789a846022c6ce573d4adbb4733
Message-Authenticator = 0xf8ea8a7ae4f2e94b25875ae8f6359823
NAS-IP-Address = 10.100.10.235
Thu Mar 26 17:35:10 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 via TLS tunnel)
Thu Mar 26 17:35:10 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 cli 38-59-F9-81-5C-98)
Thu Mar 26 17:35:10 2020
Packet-Type = Access-Accept
User-Name = "dshields"
MS-MPPE-Recv-Key =
0xf7ef4d596eae8a14bf141874cc8c15234389e9f17ce675179bce3df0282db43c
MS-MPPE-Send-Key =
0x6b46fd98b26effd97261c850af51b1df0f4e61bf3a00b9462dc3d4e1fdb75d7b
EAP-MSK =
0xf7ef4d596eae8a14bf141874cc8c15234389e9f17ce675179bce3df0282db43c6b46fd98b26effd97261c850af51b1df0f4e61bf3a00b9462dc3d4e1fdb75d7b
EAP-EMSK =
0x426eec9a29886938dc247ab4098f4fae566df4fb20bc5047c2870770d0fccc21bb6c3f2dc33acd2d0056f2ec97c267e82f3a3446c01d8227c67fb64a67e8e5c1
EAP-Session-Id =
0x153fe0ac6906daae7dfcfbea9030243efb9126430de84250e7e7391ba8cbe32cb55e7d200ec6500135a913fcbf8724d41898bc807ec5e562a332e33f9d22d2ffe2
EAP-Message = 0x03cf0004
Message-Authenticator = 0x00000000000000000000000000000000
Calling-Station-Id = "38-59-F9-81-5C-98"
Tunnel-Type:0 += VLAN
Tunnel-Medium-Type:0 += IEEE-802
Tunnel-Private-Group-Id:0 += "230"
2020-03-26 17:41:33 : Invoked with arguments -m 3859f9815c98 -o
SC_Quarantine_Test -n SC_Compliant_Role 10.100.10.235
2020-03-26 17:41:33 : Found username dshields for MAC address 3859f9815c98
2020-03-26 17:41:33 : Found NAS-Port 0 for MAC address 3859f9815c98
2020-03-26 17:41:33 : Found NAS-Identifier 7483c28d26de for MAC address
3859f9815c98
2020-03-26 17:41:33 : Sending disconnect for attributes
(User-Name=dshields,NAS-Identifier=7483c28d26de) to NAS 10.100.10.235
Sending Disconnect-Request of id 12 to 10.100.10.235 port 3799
User-Name = "dshields"
NAS-Identifier = "7483c28d26de"
rad_recv: Disconnect-ACK packet from host 10.100.10.235 port 3799, id=12,
length=44
Event-Timestamp = "Mar 26 2020 17:41:33 EDT"
Message-Authenticator = 0x42ee50c1a8807189871a5792614b744e
2020-03-26 17:41:33 : Received positive response from NAS, not broadcasting
Thu Mar 26 17:41:34 2020
Packet-Type = Access-Request
User-Name = "dshields"
Framed-IP-Address = 10.103.230.59
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "444FB4C30AF34419"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message =
0x02c5008415001603030046100000424104153769a484653c1f2093edda9392641aabda6af34a119d1a6c6fb7b3908483bd635078cdf65ab6629a452e1e9adac37c46c8e96a7596e54072b050e28b01a9d4140303000101160303002877fd6678495b1ac3c62717ebb1f407ae262ac9d0c4a36247453c2c2c81ed52f028f8d588d4f44de3
State = 0x09d04bb20e155e0e7c41d1e6191aa9e3
Message-Authenticator = 0xfc9c3cb417286adfb2950bd89d539791
NAS-IP-Address = 10.100.10.235
Thu Mar 26 17:41:34 2020
Packet-Type = Access-Request
User-Name = "dshields"
Framed-IP-Address = 10.103.230.59
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "444FB4C30AF34419"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message =
0x02c6004b1500170303004077fd6678495b1ac46f5c33d6303c5d14d44d2e881e1437b0a35358027c4ce3ad21f4affcce51435a217a3f54fbdb85d9be0c7470f92af2f7673e2e3847c4877a
State = 0x09d04bb201165e0e7c41d1e6191aa9e3
Message-Authenticator = 0x6e408a2a340d2e5be900e5cb1d2ffb74
NAS-IP-Address = 10.100.10.235
Thu Mar 26 17:41:34 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 via TLS tunnel)
Thu Mar 26 17:41:34 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 cli 38-59-F9-81-5C-98)
Thu Mar 26 17:41:34 2020
Packet-Type = Access-Accept
User-Name = "dshields"
MS-MPPE-Recv-Key =
0xe232cdbc1a00f95526ed2532a3c9c1d65396b909739657fb8e46ac4799cba2e6
MS-MPPE-Send-Key =
0xd2e5933872a78ba342fc585e0e6fbc087d66025a2022c819f32e707733160f16
EAP-MSK =
0xe232cdbc1a00f95526ed2532a3c9c1d65396b909739657fb8e46ac4799cba2e6d2e5933872a78ba342fc585e0e6fbc087d66025a2022c819f32e707733160f16
EAP-EMSK =
0xcbe3e40deac3c06c4e7d6febf4a6cfa7c8f3bf033e672b10af0c03e487902b8827c35f8360dbdf3305c5a97b7ee06846dfd39c158c65c6bbfd6b8ddbe04dae9d
EAP-Session-Id =
0x1555a4ff8a3b1d9d76dfb951027687e8028d47e29a901abee009cd12efe78bbc535e7d218e790c0e97e716b776537cc2628b3a24a40bf4a1adde41bdfa89af99ff
EAP-Message = 0x03c60004
Message-Authenticator = 0x00000000000000000000000000000000
Calling-Station-Id = "38-59-F9-81-5C-98"
Tunnel-Type:0 += VLAN
Tunnel-Medium-Type:0 += IEEE-802
Tunnel-Private-Group-Id:0 += "230"
2020-03-26 17:42:46 : Invoked with arguments -m 3859f9815c98 -o
SC_Compliant_Role -n SC_Quarantine_Test 10.100.10.235
2020-03-26 17:42:46 : Found username dshields for MAC address 3859f9815c98
2020-03-26 17:42:46 : Found NAS-Port 0 for MAC address 3859f9815c98
2020-03-26 17:42:46 : Found NAS-Identifier 7483c28d26de for MAC address
3859f9815c98
2020-03-26 17:42:46 : Sending disconnect for attributes
(User-Name=dshields,NAS-Identifier=7483c28d26de) to NAS 10.100.10.235
Sending Disconnect-Request of id 29 to 10.100.10.235 port 3799
User-Name = "dshields"
NAS-Identifier = "7483c28d26de"
rad_recv: Disconnect-ACK packet from host 10.100.10.235 port 3799, id=29,
length=44
Event-Timestamp = "Mar 26 2020 17:42:46 EDT"
Message-Authenticator = 0x4a1557e3d226e742b9fa4e3689e7bb37
2020-03-26 17:42:46 : Received positive response from NAS, not broadcasting
Thu Mar 26 17:42:47 2020
Packet-Type = Access-Request
User-Name = "dshields"
Framed-IP-Address = 10.103.230.59
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "444FB4C30AF34419"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message =
0x02e70084150016030300461000004241042d85e9896668b1170da43af04080eb7a7904551fe3414a8aa62656fdd26505565a1023f888f8bf06078625defb7f111ab7d25b8e43caaafe7b413ebf731c0c051403030001011603030028055fb765a2d9801f397e3aaf619ef75ac5822d7660b421c36deb0a7518868f9d7e51d21a24548e6f
State = 0x8014591c87f34c8ed2b79bc3dbd2507f
Message-Authenticator = 0xf6bc563c725a4d3495f2ba0a1fe75a09
NAS-IP-Address = 10.100.10.235
Thu Mar 26 17:42:47 2020
Packet-Type = Access-Request
User-Name = "dshields"
Framed-IP-Address = 10.103.230.59
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "444FB4C30AF34419"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message =
0x02e8004b15001703030040055fb765a2d9802034d3e6472efeb26f135c5f6e7b2484d1f46be30f185eb739b0eb4d0e646bc7adc1cd8cf742f37e7f8741f0428bc5adf976040e075ef3a5d3
State = 0x8014591c88fc4c8ed2b79bc3dbd2507f
Message-Authenticator = 0x73ec5f2e203e4aab48ae726257babddb
NAS-IP-Address = 10.100.10.235
Thu Mar 26 17:42:47 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 via TLS tunnel)
Thu Mar 26 17:42:47 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 cli 38-59-F9-81-5C-98)
Thu Mar 26 17:42:47 2020
Packet-Type = Access-Accept
User-Name = "dshields"
MS-MPPE-Recv-Key =
0xac1fbcd292f1bcc8515114d713f59da3b2712fb4a598f9f094d8cf5a7a556ebf
MS-MPPE-Send-Key =
0x935a07684b32768b4bad05621fd1fa1dcd82570022d4d8fda870579e06c5d065
EAP-MSK =
0xac1fbcd292f1bcc8515114d713f59da3b2712fb4a598f9f094d8cf5a7a556ebf935a07684b32768b4bad05621fd1fa1dcd82570022d4d8fda870579e06c5d065
EAP-EMSK =
0xc0643be41db0849a106918ae56354e40e424c659a7c2f5ebe0157832bfb272594fdefddb6dda1aaff1f29edc595d00f901c8ab6b849456dbc68e96957a57ae26
EAP-Session-Id =
0x1597eb8e0898b4751da8503c357587886eaa091a382ccd1ae649b062fbb81b0b785e7d21d7ffefedd9408b481375261044ec31eb149a9f98e006468d14bc88d20f
EAP-Message = 0x03e80004
Message-Authenticator = 0x00000000000000000000000000000000
Calling-Station-Id = "38-59-F9-81-5C-98"
Tunnel-Type:0 += VLAN
Tunnel-Medium-Type:0 += IEEE-802
Tunnel-Private-Group-Id:0 += "240"
When the wireless connection to the AP is terminated and restarted, only then
does the client send a DHCPDISCOVER and an IP in the new VLAN is received.
Mar 26 21:44:38 ubuntu NetworkManager[1127]: <info> [1585259078.1590] dhcp4
(wlp2s0b1): canceled DHCP transaction, DHCP client pid 4658
Mar 26 21:44:38 ubuntu NetworkManager[1127]: <info> [1585259078.1591] dhcp4
(wlp2s0b1): state changed bound -> done
Thu Mar 26 17:44:45 2020
Packet-Type = Access-Request
User-Name = "dshields"
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "9B629866B005DFC7"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message =
0x02d000841500160303004610000042410448f40a18b53ddf787816bbd783e199a54d716e3800ddcbf0bd9d35b6abc2cf14608f0845dc033a8fb09a161992df5f978f0b5329eb7869b1c01eea2ab04c2571140303000101160303002878bdec75227aef1505736356cce293bd2be45777e9a1598fe413e9cdb8747cc116a8ab7a1d363d2b
State = 0xde704f4ad9a05a59dccd42aba3b9b626
Message-Authenticator = 0x2a75d8b39eb01bcf913cd5ba15e93d75
NAS-IP-Address = 10.100.10.235
Thu Mar 26 17:44:45 2020
Packet-Type = Access-Request
User-Name = "dshields"
NAS-Identifier = "7483c28d26de"
Called-Station-Id = "74-83-C2-8D-26-DE:DF-Ubiquiti-Test"
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
Calling-Station-Id = "38-59-F9-81-5C-98"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "9B629866B005DFC7"
WLAN-Pairwise-Cipher = 1027076
WLAN-Group-Cipher = 1027076
WLAN-AKM-Suite = 1027073
Framed-MTU = 1400
EAP-Message =
0x02d1004b1500170303004078bdec75227aef160b426145747b0baa4723fec8c95e6e8f7f358f7af094a12515c95679de9001e7644c20ce06f65aa437dc52a6c935e149f59f74acc23e85cb
State = 0xde704f4ad6a15a59dccd42aba3b9b626
Message-Authenticator = 0xe2c154a19ed864c67c6a87d98a8a5b83
NAS-IP-Address = 10.100.10.235
Thu Mar 26 17:44:45 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 via TLS tunnel)
Thu Mar 26 17:44:45 2020 : Auth: Login OK: [dshields] (from client
OPSWAT-AP-AC-PRO port 0 cli 38-59-F9-81-5C-98)
Thu Mar 26 17:44:45 2020
Packet-Type = Access-Accept
User-Name = "dshields"
MS-MPPE-Recv-Key =
0x805c3ac354b417d4afe8460122ccadd8b0a12c7c7f9e3a4f2a48f1c164305f9f
MS-MPPE-Send-Key =
0x2fa894f2c73cc0adb7dd9a206555095428ff29441ad6b1554b56c796ebfeae71
EAP-MSK =
0x805c3ac354b417d4afe8460122ccadd8b0a12c7c7f9e3a4f2a48f1c164305f9f2fa894f2c73cc0adb7dd9a206555095428ff29441ad6b1554b56c796ebfeae71
EAP-EMSK =
0x3e1b10ae20fe9a4327415558071ece62bb3b283687f3f2a9c00cf9a97a4d46cc729b1278d5b97f7e2846f624aeb5ab749d2fa9fe219576554b1449cb3b64ad31
EAP-Session-Id =
0x155a0d7198b91e71652901bd220de29a5e5ed27fd65fdb28febc7b3bef58d8614c5e7d224d4c76d85e188fda5429b2209806e51761b484ebb83f09a2de52a5a5dd
EAP-Message = 0x03d10004
Message-Authenticator = 0x00000000000000000000000000000000
Calling-Station-Id = "38-59-F9-81-5C-98"
Tunnel-Type:0 += VLAN
Tunnel-Medium-Type:0 += IEEE-802
Tunnel-Private-Group-Id:0 += "240"
Mar 26 21:44:45 ubuntu NetworkManager[1127]: <info> [1585259085.5670] dhcp4
(wlp2s0b1): activation: beginning transaction (timeout in 45 seconds)
Mar 26 21:44:45 ubuntu NetworkManager[1127]: <info> [1585259085.5743] dhcp4
(wlp2s0b1): dhclient started with pid 5188
Mar 26 21:44:45 ubuntu dhclient[5188]: DHCPREQUEST for 10.103.230.59 on
wlp2s0b1 to 255.255.255.255 port 67 (xid=0x77e7dffd)
Mar 26 21:44:45 ubuntu dhclient[5188]: DHCPNAK from 10.103.240.1
(xid=0xfddfe777)
Mar 26 21:44:45 ubuntu NetworkManager[1127]: <info> [1585259085.6370] dhcp4
(wlp2s0b1): state changed unknown -> expire
Mar 26 21:44:45 ubuntu NetworkManager[1127]: <info> [1585259085.6476] dhcp4
(wlp2s0b1): state changed expire -> unknown
Mar 26 21:44:45 ubuntu dhclient[5188]: DHCPDISCOVER on wlp2s0b1 to
255.255.255.255 port 67 interval 3 (xid=0xa64d391d)
Mar 26 21:44:46 ubuntu dhclient[5188]: DHCPOFFER of 10.103.240.56 from
10.103.240.1
Mar 26 21:44:46 ubuntu dhclient[5188]: DHCPREQUEST for 10.103.240.56 on
wlp2s0b1 to 255.255.255.255 port 67 (xid=0x1d394da6)
Mar 26 21:44:46 ubuntu dhclient[5188]: DHCPACK of 10.103.240.56 from
10.103.240.1 (xid=0xa64d391d)
Mar 26 21:44:46 ubuntu NetworkManager[1127]: <info> [1585259086.4782] dhcp4
(wlp2s0b1): address 10.103.240.56
Mar 26 21:44:46 ubuntu NetworkManager[1127]: <info> [1585259086.4782] dhcp4
(wlp2s0b1): plen 24 (255.255.255.0)
Mar 26 21:44:46 ubuntu NetworkManager[1127]: <info> [1585259086.4782] dhcp4
(wlp2s0b1): gateway 10.103.240.1
Mar 26 21:44:46 ubuntu NetworkManager[1127]: <info> [1585259086.4783] dhcp4
(wlp2s0b1): lease time 43200
Mar 26 21:44:46 ubuntu NetworkManager[1127]: <info> [1585259086.4783] dhcp4
(wlp2s0b1): nameserver '10.101.3.3'
Mar 26 21:44:46 ubuntu NetworkManager[1127]: <info> [1585259086.4783] dhcp4
(wlp2s0b1): nameserver '8.8.8.8'
Mar 26 21:44:46 ubuntu NetworkManager[1127]: <info> [1585259086.4783] dhcp4
(wlp2s0b1): state changed unknown -> bound
ubuntu@ubuntu:/var/log$
I have also tested this on Ruckus wireless with the same results, Widows
10 and Android devices renew the IP on COA-disconnect, but Linux devices
do not. Thanks.
** Affects: network-manager (Ubuntu)
Importance: Undecided
Status: New
** Tags: bot-comment
--
Client does not renew IP after RADIUS COA disconnect
https://bugs.launchpad.net/bugs/1870560
You received this bug notification because you are a member of Ubuntu Touch
seeded packages, which is subscribed to network-manager in Ubuntu.
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
