attributes lost

Marc Boisis-Delavaud mdelavau at univ-lr.fr
Mon Apr 14 10:34:09 CEST 2008 

Hello,

When I authenticate in PEAP, my ldap attributes (ex Tunnel-Private- 
Group-Id)  aren't send to the client, why ?

Here is my debug:

rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusClass as RADIUS attribute Class =  
0x4f553d61646d696e3b
rlm_ldap: LDAP attribute radiusClass as RADIUS attribute Class =  
0x4f553d61646d696e3b
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS  
attribute Tunnel-Private-Group-Id:0 = "1"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute  
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute Tunnel- 
Type:0 = VLAN
WARNING: No "known good" password was found in LDAP.  Are you sure  
that the user is configured correctly?
rlm_ldap: user mdelavau authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_prof] returns ok
++- group  returns ok
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/mschapv2
   rlm_eap: processing type mschapv2
   rlm_eap: Freeing handler
++[eap] returns ok
+- entering group session
	expand: /opt/freeradius/radium/var/log/radius/radutmp -> /opt/ 
freeradius/radium/var/log/radius/radutmp
	expand: %{User-Name} -> mdelavau at univ-lr.fr
++[radutmp] returns ok
Login OK: [mdelavau at univ-lr.fr/<via Auth-Type = EAP>] (from client  
heros59 port 0)
+- entering group post-auth
	expand: /opt/freeradius/radium/var/log/radius/radacct/%{Client-IP- 
Address}/reply-detail-%Y%m%d -> /opt/freeradius/radium/var/log/radius/ 
radacct/10.14.0.59/reply-detail-20080414
rlm_detail: /opt/freeradius/radium/var/log/radius/radacct/%{Client-IP- 
Address}/reply-detail-%Y%m%d expands to /opt/freeradius/radium/var/log/ 
radius/radacct/10.14.0.59/reply-detail-20080414
	expand: %t -> Mon Apr 14 10:04:29 2008
++[reply_log] returns ok
} # server inner-tunnel
   PEAP: Got tunneled reply RADIUS code 2
	Class = 0x4f553d61646d696e3b
	Tunnel-Private-Group-Id:0 = "1"
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Type:0 = VLAN
	EAP-Message = 0x03090004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "mdelavau"
   PEAP: Processing from tunneled session code 0x730f30 2
	Class = 0x4f553d61646d696e3b
	Tunnel-Private-Group-Id:0 = "1"
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Type:0 = VLAN
	EAP-Message = 0x03090004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "mdelavau"
   PEAP: Tunneled authentication was successful.
   rlm_eap_peap: SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 233 to 10.14.0.59 port 1645
	EAP-Message =  
0x010a002b1900170301002091080b47d0c51811b6674b7a649bd231e1f5fea643dd96b28362ea273fe51553
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe5e74631eded5f77803ca60988c6d413
Finished request 22.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 10.14.0.59 port 1645,  
id=234, length=243
	User-Name = "mdelavau at univ-lr.fr"
	Framed-MTU = 1400
	Called-Station-Id = "0012.44bd.0b03"
	Calling-Station-Id = "0019.e304.476e"
	Cisco-AVPair = "ssid=eduroam"
	WISPr-Location-Name = "CRI Arpae"
	Service-Type = Authenticate-Only
	Message-Authenticator = 0x8cefe9357b38e5f0a52c291945837712
	EAP-Message =  
0x020a002b19001703010020dc122ffd1ad0290d995b344b65adbda0824e52829616cca6dfb590d9b510b732
	NAS-Port-Type = Wireless-802.11
	Cisco-NAS-Port = "36654"
	NAS-Port = 36654
	State = 0xe5e74631eded5f77803ca60988c6d413
	NAS-IP-Address = 10.14.0.59
	NAS-Identifier = "heros59"
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop
     rlm_realm: Looking up realm "univ-lr.fr" for User-Name = "mdelavau at univ-lr.fr 
"
     rlm_realm: Found realm "univ-lr.fr"
     rlm_realm: Adding Stripped-User-Name = "mdelavau"
     rlm_realm: Proxying request from user mdelavau to realm univ-lr.fr
     rlm_realm: Adding Realm = "univ-lr.fr"
     rlm_realm: Authentication realm is LOCAL.
++[suffix] returns noop
   rlm_eap: EAP packet type response id 10 length 43
   rlm_eap: Continuing tunnel setup.
++[eap] returns ok
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/peap
   rlm_eap: processing type peap
   rlm_eap_peap: Authenticate
   rlm_eap_tls: processing TLS
   eaptls_verify returned 7
   rlm_eap_tls: Done initial handshake
   eaptls_process returned 7
   rlm_eap_peap: EAPTLS_OK
   rlm_eap_peap: Session established.  Decoding tunneled attributes.
   rlm_eap_peap: Received EAP-TLV response.
   rlm_eap_peap: Success
   rlm_eap: Freeing handler
++[eap] returns ok
Login OK: [mdelavau at univ-lr.fr/<via Auth-Type = EAP>] (from client  
heros59 port 36654 cli 0019.e304.476e)
+- entering group post-auth
++[exec] returns noop
Sending Access-Accept of id 234 to 10.14.0.59 port 1645
	MS-MPPE-Recv-Key =  
0xbf9d41342546813406854e35cabdf79521b33e2c316aff8d599716484cc18c20
	MS-MPPE-Send-Key =  
0xaff6c3d06041e693b8acb1067d382699f150da706b799e4960ab82be1f25a96a
	EAP-Message = 0x030a0004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "mdelavau"

More information about the Freeradius-Users mailing list