eap-ttls proxy and ldap

basile bmathieu at siris.sorbonne.fr
Wed Feb 28 18:00:53 CET 2007 

i try with a user in the users file : same probleme
anonymous at etab1 and login at etab1 dont work ( proxy a request with
user-name = anonymous )
anonymous at etab2 and login at etab1 works

i have two differents versions of freeradius on the two server


> hi
> i try to proxy eap-ttls request from a freeradius server to another
> i use outer identity anonymous at domainename and username login at domainename
> first server proxy to the second  a request with anonymous as username
> so it don t work
>
> if i use outer identity anonymous at anoterdomain ( anoterdomain is local
> to the first server )
> all works fine , the proxy request is with login as username
> i use freeradius 1.1.3 on debian on this server
> here are my logs
> i have other proxy that works well
>
> thanks
>
> rad_recv: Access-Request packet from host xxx:1814, id=36, length=162
>         User-Name = "anonymous"
>         Framed-MTU = 1400
>         Called-Station-Id = "000d.eddf.7aa6"
>         Calling-Station-Id = "0002.2d70.02a2"
>         Service-Type = Login-User
>         Message-Authenticator = 0xdd3f8213af874ac3b02b2ad676fa70cc
>         EAP-Message =
> 0x0202001e01616e6f6e796d6f757340656e632e736f72626f6e6e652e6672
>         NAS-Port-Type = Wireless-802.11
>         NAS-Port = 165300
>         NAS-IP-Address = xxx
>         NAS-Identifier = "xxx"
>         Proxy-State = 0x3336
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 2
>   modcall[authorize]: module "preprocess" returns ok for request 2
>   rlm_eap: EAP packet type response id 2 length 30
>   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>   modcall[authorize]: module "eap" returns updated for request 2
>     users: Matched entry DEFAULT at line 14
>   modcall[authorize]: module "files" returns ok for request 2
> modcall: leaving group authorize (returns updated) for request 2
>   Found Autz-Type enc
>   Processing the authorize section of radiusd.conf
> modcall: entering group enc for request 2
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for anonymous
> radius_xlat:  '(uid=anonymous)'
> radius_xlat:  'dc=enc,dc=sorbonne,dc=fr'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in dc=enc,dc=sorbonne,dc=fr, with filter
> (uid=anonymous)
> rlm_ldap: object not found or got ambiguous search result
> rlm_ldap: search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "enc" returns notfound for request 2
> modcall: leaving group enc (returns notfound) for request 2
>   rad_check_password:  Found Auth-Type pap
> auth: type "PAP"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group PAP for request 2
> rlm_pap: Attribute "Password" is required for authentication.
>   modcall[authenticate]: module "pap" returns invalid for request 2
> modcall: leaving group PAP (returns invalid) for request 2
> auth: Failed to validate the user.
> Delaying request 2 for 1 seconds
> Finished request 2
> Going to the next request
> Waking up in 3 seconds...
>
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list