attributes lost

Marc Boisis-Delavaud <mdelavau@univ-lr.fr> · Mon, 14 Apr 2008 10:34:09 +0200

Hello,

When I authenticate in PEAP, my ldap attributes (ex Tunnel-Private- 

Group-Id)  aren't send to the client, why ?

Here is my debug:

rlm_ldap: looking for reply items in directory...

rlm_ldap: LDAP attribute radiusClass as RADIUS attribute Class =  

0x4f553d61646d696e3b

rlm_ldap: LDAP attribute radiusClass as RADIUS attribute Class =  

0x4f553d61646d696e3b

rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS  

attribute Tunnel-Private-Group-Id:0 = "1"

rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute  

Tunnel-Medium-Type:0 = IEEE-802

rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute Tunnel- 

Type:0 = VLAN

WARNING: No "known good" password was found in LDAP.  Are you sure  

that the user is configured correctly?

rlm_ldap: user mdelavau authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_prof] returns ok
++- group  returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  rlm_eap: Freeing handler
++[eap] returns ok
+- entering group session

	expand: /opt/freeradius/radium/var/log/radius/radutmp -> /opt/ 

freeradius/radium/var/log/radius/radutmp

	expand: %{User-Name} -> mdelavau@univ-lr.fr
++[radutmp] returns ok

Login OK: [mdelavau@univ-lr.fr/<via Auth-Type = EAP>] (from client  

heros59 port 0)

+- entering group post-auth

	expand: /opt/freeradius/radium/var/log/radius/radacct/%{Client-IP- 

Address}/reply-detail-%Y%m%d -> /opt/freeradius/radium/var/log/radius/ 

radacct/10.14.0.59/reply-detail-20080414

rlm_detail: /opt/freeradius/radium/var/log/radius/radacct/%{Client-IP- 

Address}/reply-detail-%Y%m%d expands to /opt/freeradius/radium/var/log/ 

radius/radacct/10.14.0.59/reply-detail-20080414

	expand: %t -> Mon Apr 14 10:04:29 2008
++[reply_log] returns ok
} # server inner-tunnel
  PEAP: Got tunneled reply RADIUS code 2
	Class = 0x4f553d61646d696e3b
	Tunnel-Private-Group-Id:0 = "1"
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Type:0 = VLAN
	EAP-Message = 0x03090004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "mdelavau"
  PEAP: Processing from tunneled session code 0x730f30 2
	Class = 0x4f553d61646d696e3b
	Tunnel-Private-Group-Id:0 = "1"
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Type:0 = VLAN
	EAP-Message = 0x03090004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "mdelavau"
  PEAP: Tunneled authentication was successful.
  rlm_eap_peap: SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 233 to 10.14.0.59 port 1645

	EAP-Message =  

0x010a002b1900170301002091080b47d0c51811b6674b7a649bd231e1f5fea643dd96b28362ea273fe51553

	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe5e74631eded5f77803ca60988c6d413
Finished request 22.
Going to the next request
Waking up in 4.6 seconds.

rad_recv: Access-Request packet from host 10.14.0.59 port 1645,  

id=234, length=243

	User-Name = "mdelavau@univ-lr.fr"
	Framed-MTU = 1400
	Called-Station-Id = "0012.44bd.0b03"
	Calling-Station-Id = "0019.e304.476e"
	Cisco-AVPair = "ssid=eduroam"
	WISPr-Location-Name = "CRI Arpae"
	Service-Type = Authenticate-Only
	Message-Authenticator = 0x8cefe9357b38e5f0a52c291945837712

	EAP-Message =  

0x020a002b19001703010020dc122ffd1ad0290d995b344b65adbda0824e52829616cca6dfb590d9b510b732

	NAS-Port-Type = Wireless-802.11
	Cisco-NAS-Port = "36654"
	NAS-Port = 36654
	State = 0xe5e74631eded5f77803ca60988c6d413
	NAS-IP-Address = 10.14.0.59
	NAS-Identifier = "heros59"
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop

    rlm_realm: Looking up realm "univ-lr.fr" for User-Name = "mdelavau@univ-lr.fr 

"

    rlm_realm: Found realm "univ-lr.fr"
    rlm_realm: Adding Stripped-User-Name = "mdelavau"
    rlm_realm: Proxying request from user mdelavau to realm univ-lr.fr
    rlm_realm: Adding Realm = "univ-lr.fr"
    rlm_realm: Authentication realm is LOCAL.
++[suffix] returns noop
  rlm_eap: EAP packet type response id 10 length 43
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Success
  rlm_eap: Freeing handler
++[eap] returns ok

Login OK: [mdelavau@univ-lr.fr/<via Auth-Type = EAP>] (from client  

heros59 port 36654 cli 0019.e304.476e)

+- entering group post-auth
++[exec] returns noop
Sending Access-Accept of id 234 to 10.14.0.59 port 1645

	MS-MPPE-Recv-Key =  

0xbf9d41342546813406854e35cabdf79521b33e2c316aff8d599716484cc18c20

	MS-MPPE-Send-Key =  

0xaff6c3d06041e693b8acb1067d382699f150da706b799e4960ab82be1f25a96a

	EAP-Message = 0x030a0004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "mdelavau"