Re: Freeradius-Users Digest, Vol 22, Issue 66

Hi i dont get any answer till now, though i join ur list that i hope a help from someone.
please i need to decide what to use RED HAT OR SLACKWARE.


 
On 2/15/07, freeradius-users-request@lists.freeradius.org < freeradius-users-request@lists.freeradius.org> wrote:
Send Freeradius-Users mailing list submissions to
       freeradius-users@lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
       http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
       freeradius-users-request@lists.freeradius.org

You can reach the person managing the list at
       freeradius-users-owner@lists.freeradius.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

  1. Re: db.counter not found! (Alan DeKok)
  2. Re: VLAN assigment and Alcatel Omniswitch 7800 (Oxiel Contreras)
  3. [SOLVED] - Re: VLAN assigment and Alcatel Omniswitch 7800
     (Oxiel Contreras)
  4. Re: Simple security (Gaddis, Jeremy L.)
  5. NAS-IP-Address in mysql (VeNoMouS)
  6. Re: NAS-IP-Address in mysql (Dan Mahoney, System Admin)
  7. strip unwanted characters from reply message (Cory Robson)
  8. Re: a problem about radius and ldap [SOLVED] (Ramazan Ulker)


----------------------------------------------------------------------

Message: 1
Date: Thu, 15 Feb 2007 03:02:40 +0100
From: Alan DeKok < aland@deployingradius.com>
Subject: Re: db.counter not found!
To: FreeRadius users mailing list
       < freeradius-users@lists.freeradius.org>
Message-ID: <45D3BF40.30201@deployingradius.com">45D3BF40.30201@deployingradius.com>
Content-Type: text/plain; charset=ISO-8859-1

Enrique Llanos V. wrote:
> And of course in my raddb (freeradius) path:
>
> bash-2.05b# locate db.counter
> /usr/local/etc/raddb/db.counter

"locate" uses a database that is updated daily.  So if the file
disappears, locate doesn't notice.

Use "ls" instead.

> Yet when i start freeradius i obtain this error:
...
> Wed Feb 14 17:02:40 2007 : Error: rlm_counter: Failed to open file
> /usr/local/etc/raddb/db.counter: No such file or directory
...
> Any ideas in how to correct this error?

Ensure that the /usr/local/etc/raddb directory exists, and readable by
radiusd.

Alan DeKok.
--
http://deployingradius.com        - The web site of the book
http://deployingradius.com/blog/ - The blog


------------------------------

Message: 2
Date: Wed, 14 Feb 2007 22:08:57 -0400
From: Oxiel Contreras <oxielc@yahoo.it>
Subject: Re: VLAN assigment and Alcatel Omniswitch 7800
To: freeradius-users@lists.freeradius.org
Message-ID: <200702142208.57769.oxielc@yahoo.it">200702142208.57769.oxielc@yahoo.it>
Content-Type: text/plain;  charset="iso-8859-1"

Hello Marcel.

> I'm afraid you added it in the wrong place, dictionary.alcatel does not
> contain the VSAs for Omniswitches (Alcatel-Lucent has multiple
> dictionaries for different products, dictionary.alcatel appears to be
> for a BRAS, not for an enterprise switch).
> The dictionary you're looking for is dictionary.xylan; the easiest way
> is to use Xylan-Auth-Group for sending your VLAN (The name isn't really
> that important, what is important is that the number for the attribute
> is correct (1 in this case) and that it is defined with the proper
> vendor number (800 for Omniswitches)).

Right, indeed used Xylan-Auth-Group and worked perfectly, i'm so happy a tear
fell down :)

Many thanks.

Oxiel

Chiacchiera con i tuoi amici in tempo reale!
http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com


------------------------------

Message: 3
Date: Wed, 14 Feb 2007 22:30:17 -0400
From: Oxiel Contreras <oxielc@yahoo.it>
Subject: [SOLVED] - Re: VLAN assigment and Alcatel Omniswitch 7800
To: freeradius-users@lists.freeradius.org
Message-ID: <200702142230.18122.oxielc@yahoo.it">200702142230.18122.oxielc@yahoo.it>
Content-Type: text/plain;  charset="iso-8859-15"

Hello Santa.

This worked great!!!

I was doing 802.1x only, no AVLAN.

For any soul out there trying to implement 802.1x with FreeRadius on
OpenSuSE10.1 and Omniswitch 7800 and Active Directory as taught on:

http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO

Take note of the following points:

1) If you use PEAP, install the patch from MS to Radius as noted on the FAQ,
you need someone with Gold Support from M$ to get it or email me off the
list :)

http://wiki.freeradius.org/FreeRADIUS_Wiki:FAQ#PEAP_Doesn.27t_Work

2) If PEAP is your election, install the CA and generate the certificates on
the Radius server.

3) Modify the permissions of execution for the winbind daemon in order to
acomplish the ntlm_auth process, FIXME, now using root permissions.

4) Use Xylan-Auth-Group as VSA in /etc/raddb/users as the attribute for
assigning VLAN, or generate the new dictionary.alcatel as Santa Yeh described
below, and then use Alcatel-Auth-Group as the attribute for VLAN

5) Use the setup for omniswitch as described below by Santa Yeh

6) Thank all these great people who develop and support this great software.

Thanks Alan, A.L.M., Jeremy, Marcel and Santa.

Best regards

Oxiel

El Mi?rcoles, 14 de Febrero de 2007 11:19, Santa Yeh escribi?:

> Hello Oxiel,
>
> Are you doing AVLAN or 802.1x?
>
> 1. I created a new file - dictionary.alcatel
>
> #
> # dictionary.alcatel
> #
> #           Alcatel VSAs
> #
>
> VENDOR        Alcatel        800
>
> #
> # Standard attribute
> #
> ATTRIBUTE    Alcatel-Auth-Group    1    integer        Alcatel
> ATTRIBUTE    Alcatel-Slot-Port    2    string        Alcatel
> ATTRIBUTE    Alcatel-Time-of-Day    3    string        Alcatel
> ATTRIBUTE    Alcatel-Client-IP-Addr    4    ipaddr        Alcatel
> ATTRIBUTE    Alcatel-Group-Desc    5    string        Alcatel
> ATTRIBUTE    Alcatel-Port-Desc    6    string        Alcatel
>
> VALUE        Acct-Authentic        AUTH-AVCLIENT    4
> VALUE        Acct-Authentic        AUTH-TELNET    5
> VALUE        Acct-Authentic        AUTH-HTTP    6
>
> 2. For users file
>
> user1        Auth-Type := Local, Password = "user1"
>                 Alcatel-Auth-Group = 3
>
> 3. For AVLAN
>
> vlan 3 authentication enable
> vlan port mobile 1/1 bpdu ignore enable
> vlan port 1/1 authenticate enable
> ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3
> aaa radius-server rad1 host 192.168.10.211 key radkey
> aaa authentication vlan single-mode rad1
> aaa accounting vlan rad1
> aaa avlan default dhcp 192.168.11.254
> aaa avlan dns alcatel
> avlan 3 auth-ip 192.168.11.253
>
> 4. For 802.1x (Sorry, just from my memory)
>
> vlan 3 802.1x enable
> vlan port mobile 1/1 bpdu ignore enable
> vlan port 1/1 802.1x enable
> ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3
> aaa radius-server rad1 host 192.168.10.211 key radkey
> aaa authentication 802.1x rad1
> aaa accounting 802/1x rad1
Chiacchiera con i tuoi amici in tempo reale!
http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com



------------------------------

Message: 4
Date: Thu, 15 Feb 2007 00:07:42 -0500 (EST)
From: "Gaddis, Jeremy L." < jeremy@linuxwiz.net>
Subject: Re: Simple security
To: FreeRadius users mailing list
       <freeradius-users@lists.freeradius.org >
Message-ID: <Pine.LNX.4.64.0702150007130.26174@w00t.linuxwiz.net">Pine.LNX.4.64.0702150007130.26174@w00t.linuxwiz.net>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

On Wed, 14 Feb 2007, Scott Hughes wrote:
> I have friend that want some light security on the small network they have (15-25 PCs).
>
> What is the best way to secure his network so that someone can't just plug in his laptop and be on the network?  He would prefer to make this seamless to his users.

802.1X

--
Jeremy L. Gaddis, MCP, GCWN             jeremy@linuxwiz.net
LinuxWiz Consulting                     http://linuxwiz.net




------------------------------

Message: 5
Date: Thu, 15 Feb 2007 18:09:04 +1300
From: "VeNoMouS" <venom@gen-x.co.nz>
Subject: NAS-IP-Address in mysql
To: freeradius-users@lists.freeradius.org
Message-ID: <jdhnn4.lzlxf2@www.gen-x.co.nz">jdhnn4.lzlxf2@www.gen-x.co.nz>
Content-Type: text/plain; charset="iso-8859-1"

Hi guys After doing some tests, I just discovered that I cant have more then
one NAS-IP-Address in radgroupcheck (it seems to ignore the others) does
anyone know of a work around as i dont want to use the huntgroup file (makes
it kinda anonying since im doing a web frontend for administration).


Cheers




------------------------------

Message: 6
Date: Thu, 15 Feb 2007 01:09:41 -0500 (EST)
From: "Dan Mahoney, System Admin" < danm@prime.gushi.org>
Subject: Re: NAS-IP-Address in mysql
To: venom@gen-x.co.nz,  FreeRadius users mailing list
       < freeradius-users@lists.freeradius.org>
Message-ID: <20070215010842.M65264@prime.gushi.org">20070215010842.M65264@prime.gushi.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

On Thu, 15 Feb 2007, VeNoMouS wrote:

> Hi guys After doing some tests, I just discovered that I cant have more then
> one NAS-IP-Address in radgroupcheck (it seems to ignore the others) does
> anyone know of a work around as i dont want to use the huntgroup file (makes
> it kinda anonying since im doing a web frontend for administration).

this is getting to be a really common question :)

Yes, you need to embed the nas-ip-address as part of your query (in the
WHERE clause (same way as you match the username) so only the matching
items are returned.

-Dan

>
>
> Cheers
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--

"I can feel it, comin' back again...Like a rolling thunder chasin' the
wind..."

-Dan Mahoney, JS, JB & SL, May 10th, 1997, Approx 1AM

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------



------------------------------

Message: 7
Date: Thu, 15 Feb 2007 15:40:00 +0900
From: "Cory Robson" <cory@cmi.net.au>
Subject: strip unwanted characters from reply message
To: "'FreeRadius users mailing list'"
       <freeradius-users@lists.freeradius.org>
Message-ID: <20070215063635.3AAD5104464@poseidon.gateway.net.au">20070215063635.3AAD5104464@poseidon.gateway.net.au >
Content-Type: text/plain;       charset="us-ascii"

I have failed logins being dumped into a table in myslq and am getting a lot
of unwanted characters.

IE: Password Has Expired=5Cr=5Cn

Is there a way I can tell it to only supply the textual content


Thanks


Cory



------------------------------

Message: 8
Date: Thu, 15 Feb 2007 08:45:30 +0200
From: "Ramazan Ulker" < ulkerra@gmail.com>
Subject: Re: a problem about radius and ldap [SOLVED]
To: freeradius-users@lists.freeradius.org
Message-ID:
       <79b4f8410702142245j263beef5vd8f15e1794b8c187@mail.gmail.com">79b4f8410702142245j263beef5vd8f15e1794b8c187@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi
Sorry for too many mails. Problem solved by setting identity and password in
radius.conf with proper user in ldap. I managed to get User-Password from
ldap at the end as shown below.

rlm_ldap: Added password ramazan in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userpassword as User-Password, value ramazan & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id,
value 2 & op=11
rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6 &
op=11
rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN & op=11
rlm_ldap: Adding radiusClass as Class, value employee & op=11
rlm_ldap: user ramazan authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/md5
rlm_eap: processing type md5
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 1
modcall: leaving group authenticate (returns ok) for request 1
Login OK: [ramazan/<no User-Password attribute>] (from client ldapsrv port
50001 cli 00-12-79-AE-D2-4D)
On 1/29/07, Ramazan Ulker <ulkerra@gmail.com> wrote:
>
>
>
> Hi
>
> I'm working on 802.1x implementation(cisco 2950, freeradius, ldap), i face
a problem. First of all, defining users and passwords in users file in raddb
works well with md5 authentication. Then i tried to use ldap, then with
radtest i get accept-accept packet. But while authenticating from xp client
with md5-challenge, I got
>
> Auth:rlm_ldap:Attribute "User-Password" is required for authentication
>
> error. In one of the e-mail you said don't authenticate from ldap, but
with radtest function i get success!!! The passwords are kept clear text.
I'm looking forward to getting your help. I also send radius debug log.
>
> Best Regards
>
> Ramazan
>
>
>
>
>
> Starting - reading configuration files ...
>
> reread_config: reading radiusd.conf
>
> Config: including file: /etc/raddb/proxy.conf
>
> Config: including file: /etc/raddb/clients.conf
>
> Config: including file: /etc/raddb/snmp.conf
>
> Config: including file: /etc/raddb/sql.conf
>
> main: prefix = "/usr"
>
> main: localstatedir = "/var"
>
> main: logdir = "/var/log/radius"
>
> main: libdir = "/usr/lib/freeradius"
>
> main: radacctdir = "/var/log/radius/radacct"
>
> main: hostname_lookups = no
>
> main: max_request_time = 30
>
> main: cleanup_delay = 5
>
> main: max_requests = 1024
>
> main: delete_blocked_requests = 0
>
> main: port = 0
>
> main: allow_core_dumps = no
>
> main: log_stripped_names = yes
>
> main: log_file = "/var/log/radius/radius.log"
>
> main: log_auth = yes
>
> main: log_auth_badpass = yes
>
> main: log_auth_goodpass = yes
>
> main: pidfile = "/var/run/radiusd/radiusd.pid"
>
> main: user = "radiusd"
>
> main: group = "radiusd"
>
> main: usercollide = no
>
> main: lower_user = "no"
>
> main: lower_pass = "no"
>
> main: nospace_user = "no"
>
> main: nospace_pass = "no"
>
> main: checkrad = "/usr/sbin/checkrad"
>
> main: proxy_requests = yes
>
> proxy: retry_delay = 5
>
> proxy: retry_count = 3
>
> proxy: synchronous = no
>
> proxy: default_fallback = yes
>
> proxy: dead_time = 120
>
> proxy: post_proxy_authorize = yes
>
> proxy: wake_all_if_all_dead = no
>
> security: max_attributes = 200
>
> security: reject_delay = 1
>
> security: status_server = no
>
> main: debug_level = 0
>
> read_config_files: reading dictionary
>
> read_config_files: reading naslist
>
> read_config_files: reading clients
>
> read_config_files: reading realms
>
> radiusd: entering modules setup
>
> Module: Library search path is /usr/lib/freeradius
>
> Module: Loaded expr
>
> Module: Instantiated expr (expr)
>
> Module: Loaded PAP
>
> pap: encryption_scheme = "crypt"
>
> Module: Instantiated pap (pap)
>
> Module: Loaded CHAP
>
> Module: Instantiated chap (chap)
>
> Module: Loaded MS-CHAP
>
> mschap: use_mppe = yes
>
> mschap: require_encryption = no
>
> mschap: require_strong = no
>
> mschap: passwd = "(null)"
>
> mschap: authtype = "MS-CHAP"
>
> Module: Instantiated mschap (mschap)
>
> Module: Loaded System
>
> unix: cache = no
>
> unix: passwd = "(null)"
>
> unix: shadow = "(null)"
>
> unix: group = "(null)"
>
> unix: radwtmp = "/var/log/radius/radwtmp"
>
> unix: usegroup = no
>
> unix: cache_reload = 600
>
> Module: Instantiated unix (unix)
>
> Module: Loaded LDAP
>
> ldap: server = "192.168.100.18"
>
> ldap: port = 389
>
> ldap: net_timeout = 1
>
> ldap: timeout = 4
>
> ldap: timelimit = 3
>
> ldap: identity = ""
>
> ldap: start_tls = no
>
> ldap: password = ""
>
> ldap: basedn = "dc= dot1x.com"
>
> ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>
> ldap: default_profile = "(null)"
>
> ldap: profile_attribute = "(null)"
>
> ldap: password_header = "(null)"
>
> ldap: password_attribute = "userPassword"
>
> ldap: access_attr = "radiusgroupname"
>
> ldap: groupname_attribute = "cn"
>
> ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
>
> ldap: groupmembership_attribute = "radiusGroupName"
>
> ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap"
>
> ldap: ldap_debug = 0
>
> ldap: ldap_connections_number = 5
>
> ldap: compare_check_items = no
>
> ldap: access_attr_used_for_allow = yes
>
> conns: (nil)
>
> rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
>
> rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
>
> rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
>
> rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
>
> rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
>
> rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
>
> rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
>
> rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
>
> rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
>
> rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
>
> rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
>
> rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
>
> rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
>
> rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
>
> rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
>
> rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
>
> rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
>
> rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
>
> rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
>
> rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
>
> rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
>
> rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
>
> rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
>
> rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
>
> rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
>
> rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
>
> rlm_ldap: LDAP radiusClass mapped to RADIUS Class
>
> rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
>
> rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
>
> rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
>
> rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
>
> rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
>
> rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
>
> rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link
>
> rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
>
> rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
Framed-AppleTalk-Zone
>
> rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
>
> rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
>
> rlm_ldap: LDAP userPassword mapped to RADIUS User-Password
>
> rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
>
> rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
>
> rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS
Tunnel-Private-Group-Id
>
> conns: 0x8101f58
>
> Module: Instantiated ldap (ldap)
>
> Module: Loaded eap
>
> eap: default_eap_type = "md5"
>
> eap: timer_expire = 60
>
> rlm_eap: Loaded and initialized the type md5
>
> rlm_eap: Loaded and initialized the type leap
>
> Module: Instantiated eap (eap)
>
> Module: Loaded preprocess
>
> preprocess: huntgroups = "/etc/raddb/huntgroups"
>
> preprocess: hints = "/etc/raddb/hints"
>
> preprocess: with_ascend_hack = no
>
> preprocess: ascend_channels_per_line = 23
>
> preprocess: with_ntdomain_hack = no
>
> preprocess: with_specialix_jetstream_hack = no
>
> preprocess: with_cisco_vsa_hack = no
>
> Module: Instantiated preprocess (preprocess)
>
> Module: Loaded realm
>
> realm: format = "suffix"
>
> realm: delimiter = "@"
>
> Module: Instantiated realm (suffix)
>
> Module: Loaded files
>
> files: usersfile = "/etc/raddb/users"
>
> files: acctusersfile = "/etc/raddb/acct_users"
>
> files: preproxy_usersfile = "/etc/raddb/preproxy_users"
>
> files: compat = "no"
>
> Module: Instantiated files (files)
>
> Module: Loaded Acct-Unique-Session-Id
>
> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
>
> Module: Instantiated acct_unique (acct_unique)
>
> Module: Loaded detail
>
> detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
>
> detail: detailperm = 384
>
> detail: dirperm = 493
>
> detail: locking = no
>
> Module: Instantiated detail (detail)
>
> Module: Loaded radutmp
>
> radutmp: filename = "/var/log/radius/radutmp"
>
> radutmp: username = "%{User-Name}"
>
> radutmp: case_sensitive = yes
>
> radutmp: check_with_nas = yes
>
> radutmp: perm = 384
>
> radutmp: callerid = yes
>
> Module: Instantiated radutmp (radutmp)
>
> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
>
> Ready to process requests.
>
> rad_recv: Access-Request packet from host 192.168.100.17:1812, id=11,
length=129
>
> NAS-IP-Address = 192.168.100.17
>
> NAS-Port = 50001
>
> NAS-Port-Type = Ethernet
>
> User-Name = "ramazan"
>
> Called-Station-Id = "00-0F-8F-77-DB-81"
>
> Calling-Station-Id = "00-12-79-AE-D2-4D"
>
> Service-Type = Framed-User
>
> Framed-MTU = 1500
>
> EAP-Message = 0x0200000c0172616d617a616e
>
> Message-Authenticator = 0x68c41631d4feb2234d900b37a9845348
>
> modcall: entering group authorize for request 0
>
> modcall[authorize]: module "preprocess" returns ok for request 0
>
> modcall[authorize]: module "chap" returns noop for request 0
>
> rlm_eap: EAP packet type notification id 0 length 12
>
> rlm_eap: EAP Start not found
>
> modcall[authorize]: module "eap" returns updated for request 0
>
> rlm_realm: No '@' in User-Name = "ramazan", looking up realm NULL
>
> rlm_realm: No such realm "NULL"
>
> modcall[authorize]: module "suffix" returns noop for request 0
>
> users: Matched DEFAULT at 152
>
> rlm_ldap: Entering ldap_groupcmp()
>
> radius_xlat: 'dc=dot1x.com'
>
> radius_xlat: '(uid=ramazan)'
>
> ldap_get_conn: Got Id: 0
>
> rlm_ldap: attempting LDAP reconnection
>
> rlm_ldap: (re)connect to 192.168.100.18:389, authentication 0
>
> rlm_ldap: bind as / to 192.168.100.18:389
>
> rlm_ldap: waiting for bind result ...
>
> rlm_ldap: performing search in dc= dot1x.com, with filter (uid=ramazan)
>
> ldap_release_conn: Release Id: 0
>
> radius_xlat:
'(|(&(objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc=
dot1x.com))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc=
dot1x.com)))'
>
> ldap_get_conn: Got Id: 0
>
> rlm_ldap: performing search in dc= dot1x.com, with filter
(&(cn=VPN)(|(&(objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc=
dot1x.com))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc=
dot1x.com))))
>
> rlm_ldap: object not found or got ambiguous search result
>
> ldap_release_conn: Release Id: 0
>
> ldap_get_conn: Got Id: 0
>
> rlm_ldap: performing search in uid=ramazan,cn=users,cn=idc,dc=dot1x.com,
with filter (objectclass=*)
>
> rlm_ldap::ldap_groupcmp: User found in group VPN
>
> ldap_release_conn: Release Id: 0
>
> users: Matched DEFAULT at 171
>
> modcall[authorize]: module "files" returns ok for request 0
>
> modcall[authorize]: module "mschap" returns noop for request 0
>
> rlm_ldap: - authorize
>
> rlm_ldap: performing user authorization for ramazan
>
> radius_xlat: '(uid=ramazan)'
>
> radius_xlat: 'dc= dot1x.com'
>
> ldap_get_conn: Got Id: 0
>
> rlm_ldap: performing search in dc=dot1x.com, with filter (uid=ramazan)
>
> rlm_ldap: checking if remote access for ramazan is allowed by
radiusgroupname
>
> rlm_ldap: looking for check items in directory...
>
> rlm_ldap: Adding radiusAuthType as Auth-Type, value ldap & op=21
>
> rlm_ldap: looking for reply items in directory...
>
> rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id,
value 2 & op=11
>
> rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6 &
op=11
>
> rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN & op=11
>
> rlm_ldap: Adding radiusClass as Class, value group-net & op=11
>
> rlm_ldap: user ramazan authorized to use remote access
>
> ldap_release_conn: Release Id: 0
>
> modcall[authorize]: module "ldap" returns ok for request 0
>
> modcall: group authorize returns updated for request 0
>
> rad_check_password: Found Auth-Type ldap
>
> auth: type "LDAP"
>
> modcall: entering group Auth-Type for request 0
>
> rlm_ldap: - authenticate
>
> rlm_ldap: Attribute "User-Password" is required for authentication.
>
> modcall[authenticate]: module "ldap" returns invalid for request 0
>
> modcall: group Auth-Type returns invalid for request 0
>
> auth: Failed to validate the user.
>
> Login incorrect: [ramazan/<no User-Password attribute>] (from client
radius port 50001 cli 00-12-79-AE-D2-4D)
>
> Delaying request 0 for 1 seconds
>
> Finished request 0
>
> Going to the next request
>
> --- Walking the entire request list ---
>
> Waking up in 1 seconds...
>
> --- Walking the entire request list ---
>
> Waking up in 1 seconds...
>
> --- Walking the entire request list ---
>
> Sending Access-Reject of id 11 to 192.168.100.17:1812
>
> Waking up in 4 seconds...
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070215/4a084150/attachment.html

------------------------------

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


End of Freeradius-Users Digest, Vol 22, Issue 66
************************************************

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.