Re: IAS and Freeradius

[Artur Hayne <arturhayne@yahoo.com.br>]

HI,
 
 The freeradius is comunicate with the IAS through a proxy, but dont authenticate.
 The windows show me this error:
 
 "Event type: Error
 Source: IAS
 A malformed request was received from client XXXX. The data is the packet."
 
 The freeradius debug:
 
 modcall[authorize]: module "auth_log" returns ok for request 3
    modcall[authorize]: module "chap" returns noop for request 3
      rlm_realm: Looking up realm "voip.domain.br" for User-Name = 
 "teste@voip.domain.br"
      rlm_realm: Found realm  "DEFAULT"
      rlm_realm: Proxying request from user teste to realm DEFAULT
      rlm_realm: Adding
 Realm = "DEFAULT"
      rlm_realm: Preparing to proxy authentication request to realm 
 "DEFAULT"
    modcall[authorize]: module "suffix" returns updated for request 3
  rlm_digest: Adding Auth-Type = DIGEST
    modcall[authorize]: module "digest" returns ok for request 3
  rlm_ldap: - authorize
  rlm_ldap: performing user authorization for teste@voip.domain.br
  radius_xlat:  '(uid=teste@voip.domain.br)'
   radius_xlat: 
 'ou=users,dc=voip,dc=domain,dc=br'
  rlm_ldap: ldap_get_conn: Checking Id: 0
  rlm_ldap: ldap_get_conn: Got Id: 0
  rlm_ldap: performing search in ou=users,dc=voip,dc=domain,dc=br, with 
 filter (uid=teste@voip.domain.br)
  rlm_ldap: object not found or got ambiguous search result
  rlm_ldap: search failed
  rlm_ldap: ldap_release_conn: Release Id: 0
    modcall[authorize]: module "ldap" returns notfound for request 3
  modcall: leaving group authorize (returns notfound) for request 3
  Sending Access-Request of id 3 to 10.2.1.XY port 1600
          User-Name = "teste@voip.domain.br"
          Digest-Attributes = 0x0a077465737465
          Digest-Attributes = 0x010e766f69702e756662612e6272
          Digest-Attributes = 
 0x022a34353039343233343264313165616336306262366262633263373539643630666362383939656131
          Digest-Attributes = 0x04127369703a766f69702e756662612e6272
          Digest-Attributes = 0x030a5245474953544552
          Digest-Response = "4283445dcb36643dab5f437e10f692bf"
          Service-Type =  IAPP-Register
          X-Ascend-PW-Lifetime = 0x7465737465
          NAS-IP-Address = 10.2.1.XX
          NAS-Port = 5060
          Proxy-State = 0x323038
  Re-sending Access-Request of id 0 to 10.2.1.XX port 1600
          User-Name = "teste@voip.domain.br"
          Digest-Attributes = 0x0a077465737465
          Digest-Attributes = 0x010e766f69702e756662612e6272
          Digest-Attributes =  
 0x022a34353039343233343264313165616336306262366262633263373539643630666362383939656131
          Digest-Attributes = 0x04127369703a766f69702e756662612e6272
          Digest-Attributes = 0x030a5245474953544552
          Digest-Response = "4283445dcb36643dab5f437e10f692bf"
          Service-Type = IAPP-Register
          X-Ascend-PW-Lifetime = 0x7465737465
          NAS-IP-Address = 10.2.1.XX
          NAS-Port = 5060
          Client-IP-Address = 10.2.1.XX
          Realm = "DEFAULT"
          Module-Failure-Message = "rlm_ldap: User not  found"
          Realm = "DEFAULT"
          Proxy-State = 0x323035
  Waking up in 1 seconds...
  rad_recv: Access-Request packet from host 10.2.1.XX:33634, id=206, 
 length=200
  Ignoring duplicate packet from client OpenSER:33634 - ID: 206, due to 
 outstanding proxied request 1.
 
 What is worng? I dont undestand: freeradius and IAS use the same protocol... It is attribute question? Cryptografy?
 Please any Idea...  a tip?  anybody already had some similar experience?
 
 I tried in some ways:

|Openser| -> |Freeradius| -> |AD|

|Openser| -> |Radiusclient| -> |IAS| -> |AD|

|Openser| -> |Freeradius| -> |IAS| -> |AD|

help!

thanks...

---

O Yahoo! está de cara nova. Venha conferir!