Unable to authenticate to 10.5.4 open directory
Thomas von Eyben
thomasvoneyben at gmail.com
Fri Aug 29 22:06:23 CEST 2008
Hi there,
I have been googling and searching the archives for help - no luck so far.
I am trying to get Mac OS X 10.5.4 Server to authenticate against the
Open Directory in order to provide "http://eduroam.org" service - so
far with no luck.
I AM able to authenticate against my hardcoded users in the /users
file so I know that part (most?) of the setup is working (firewall,
proxying etc).
Running radiusd in debug mode: (sudo /usr/sbin/radiusd -X -f) gives
this good debug info (please help me find my problem as I am not yet
an expert within the RADIUS - yet :-)
Testclient is also Mac OS X 10.5.4 though a Client - not a Server :)
rad_recv: Access-Request packet from host 130.225.242.107:1814, id=26,
length=201
Received packet from 130.225.242.107 with invalid
Message-Authenticator! (Shared secret is incorrect.) Dropping packet
without response.
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 130.225.242.107:1814, id=27,
length=201
Received packet from 130.225.242.107 with invalid
Message-Authenticator! (Shared secret is incorrect.) Dropping packet
without response.
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 130.225.242.107:1814, id=28,
length=201
Received packet from 130.225.242.107 with invalid
Message-Authenticator! (Shared secret is incorrect.) Dropping packet
without response.
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 26 with timestamp 48b8514f
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 27 with timestamp 48b85151
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 28 with timestamp 48b85153
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 130.225.242.106:1814, id=19,
length=201
User-Name = "testuser at bric.dk"
Calling-Station-Id = "00-14-51-7F-C3-A2"
Called-Station-Id = "00-0B-85-84-19-E0:eduroam"
NAS-Port = 29
NAS-IP-Address = 172.17.1.4
NAS-Identifier = "Cisco_ea:68:a3"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "\000800"
EAP-Message = 0x0203001501746573747573657240627269632e646b
Message-Authenticator = 0x5216ae078ddb62a4e787498caba6c2f6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: Looking up realm "bric.dk" for User-Name = "testuser at bric.dk"
rlm_realm: Found realm "bric.dk"
rlm_realm: Adding Stripped-User-Name = "testuser"
rlm_realm: Proxying request from user testuser to realm bric.dk
rlm_realm: Adding Realm = "bric.dk"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 3 length 21
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module "files" returns ok for request 3
rlm_opendirectory: The SACL group "com.apple.access_radius" does not
exist on this system.
rlm_opendirectory: The host 130.225.242.106 does not have an access group.
rlm_opendirectory: no access control groups, all users allowed.
modcall[authorize]: module "opendirectory" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 19 to 130.225.242.106 port 1814
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010400061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6b55b82a65c27423545059bd72c3a1a3
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 130.225.242.106:1814, id=20,
length=310
User-Name = "testuser at bric.dk"
Calling-Station-Id = "00-14-51-7F-C3-A2"
Called-Station-Id = "00-0B-85-84-19-E0:eduroam"
NAS-Port = 29
NAS-IP-Address = 172.17.1.4
NAS-Identifier = "Cisco_ea:68:a3"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "\000800"
EAP-Message = 0x0204007015800000006616030100610100005d030148b8515f5a170a84693976f3002d3d2f17b996dfb6a11461d76e12aa04c823b1000036002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a0017001900010100
State = 0x6b55b82a65c27423545059bd72c3a1a3
Message-Authenticator = 0x2290f9444384fa8a336e277b8f63f4a5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: Looking up realm "bric.dk" for User-Name = "testuser at bric.dk"
rlm_realm: Found realm "bric.dk"
rlm_realm: Adding Stripped-User-Name = "testuser"
rlm_realm: Proxying request from user testuser to realm bric.dk
rlm_realm: Adding Realm = "bric.dk"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 4 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module "files" returns ok for request 4
rlm_opendirectory: The SACL group "com.apple.access_radius" does not
exist on this system.
rlm_opendirectory: The host 130.225.242.106 does not have an access group.
rlm_opendirectory: no access control groups, all users allowed.
modcall[authorize]: module "opendirectory" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0205], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 20 to 130.225.242.106 port 1814
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x0105026c158000000262160301004a02000046030148b8515fe87904cb4446203056b73fd1aa5ba41024828ee331b8ec32a39a1e5b20cef766ec6a5dce450efd2bb291ec7b40b0f4030813d956b6caf6653d6165e6f8002f0016030102050b0002010001fe0001fb308201f730820160a00302010202043d6c7d37300b06092a864886f70d0101053030310d300b06035504030c0474657374310d300b060355040a0c04427269633110300e060355040b0c07627269632e646b301e170d3037313232303030313935355a170d3038313131383231303734305a3030310d300b06035504030c0474657374310d300b060355040a0c0442726963311030
EAP-Message = 0x0e060355040b0c07627269632e646b30819f300d06092a864886f70d010101050003818d0030818902818100b528df96ddfa57a15ea58d4e10a91abaf7593617eb2678914c78a75f7a46f1871b1f6ed38cd1cfa5f6f98cb40d439d8b065dab0225408e6e5089b6bff5a5f8188d9ed6e48eb7890c1a05d38babe9d5f7e8824400e8d84713c1eb3bed51958cec1f2bffd25c58ee07f0c8c86ba191bdeae66859cde52751dc3679d4363a0e75170203010001a320301e300b0603551d0f0404030202b4300f0603551d130101ff04053003010100300d06092a864886f70d010105050003818100174fa69b358ee0e1e5334a00b51cbe7544cde878d7c81e
EAP-Message = 0x8f7f6e4baf89af1d373dbfe40df55287642014d4918bec674b195de4d5ebcd57496fb21acffdcc4947db69f77a837ff8337c302cb8daef2c2273b33f92d0b5565939dc09fadd01e3bac3f88eb1a14e3d18aa2f66fedac03fda91cc14e9bc346acce1dc7295f117ef3316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa7a08498b7d8fd373619e637a6b9497f
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 130.225.242.106:1814, id=21,
length=406
User-Name = "testuser at bric.dk"
Calling-Station-Id = "00-14-51-7F-C3-A2"
Called-Station-Id = "00-0B-85-84-19-E0:eduroam"
NAS-Port = 29
NAS-IP-Address = 172.17.1.4
NAS-Identifier = "Cisco_ea:68:a3"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "\000800"
EAP-Message = 0x020500d01580000000c616030100861000008200809c6256be59d58444084217ef937e20ab4e9addb1d7a71164b4bdb4dd90f9c51cebc2c3d0f966d9ae13036119cf961595f38b28ea311c563f363836b99c0eff13b77e110076d212203447dcd9889852f9f8d2b00a161bebe33abca071a91f9020d16a4493c0f823809ad6c3f27235f881029ca6dbe15ccef1c1ee9fd8b7e01e5a14030100010116030100309904a5ef25e86c0ff9c272ad5540fc6e6c9cb1c478a821a9e403953262bd772da137dd3360670763c1b23de636783813
State = 0xa7a08498b7d8fd373619e637a6b9497f
Message-Authenticator = 0xa300f3c74dfa418d42a8476478f7004f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: Looking up realm "bric.dk" for User-Name = "testuser at bric.dk"
rlm_realm: Found realm "bric.dk"
rlm_realm: Adding Stripped-User-Name = "testuser"
rlm_realm: Proxying request from user testuser to realm bric.dk
rlm_realm: Adding Realm = "bric.dk"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 5 length 208
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module "files" returns ok for request 5
rlm_opendirectory: The SACL group "com.apple.access_radius" does not
exist on this system.
rlm_opendirectory: The host 130.225.242.106 does not have an access group.
rlm_opendirectory: no access control groups, all users allowed.
modcall[authorize]: module "opendirectory" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 21 to 130.225.242.106 port 1814
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x0106004515800000003b14030100010116030100307324aca9a0624587c31701d7b81b24d1e2c097d5ce09f15c0453da9c701026b1becb4154c55342e02d2ce85c2b40ea23
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcfb62e9c7f0b887914d1f617cc70a339
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 130.225.242.106:1814, id=22,
length=357
User-Name = "testuser at bric.dk"
Calling-Station-Id = "00-14-51-7F-C3-A2"
Called-Station-Id = "00-0B-85-84-19-E0:eduroam"
NAS-Port = 29
NAS-IP-Address = 172.17.1.4
NAS-Identifier = "Cisco_ea:68:a3"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "\000800"
EAP-Message = 0x0206009f1580000000951703010090b7d3eb1b77b7775c8190cebfb411d21e6627e9821f86d356f60efbea7c6497dc66664ceb21febfbf59b80227b6cb777d2e4c6051e8af54229d35c254d796f4d6f0e1bfe716919511042be43818729094631ebcff50c771ffc2e6df73e0c709c28830d6b82db4df8110839e0c4b153b28030486f23d112d509b68e612d592eabf5f202b68c70ddfaf2da06d3e441a8eff
State = 0xcfb62e9c7f0b887914d1f617cc70a339
Message-Authenticator = 0x4d0c9e4196d02fceeaf413d2586fefbf
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: Looking up realm "bric.dk" for User-Name = "testuser at bric.dk"
rlm_realm: Found realm "bric.dk"
rlm_realm: Adding Stripped-User-Name = "testuser"
rlm_realm: Proxying request from user testuser to realm bric.dk
rlm_realm: Adding Realm = "bric.dk"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 6 length 159
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module "files" returns ok for request 6
rlm_opendirectory: The SACL group "com.apple.access_radius" does not
exist on this system.
rlm_opendirectory: The host 130.225.242.106 does not have an access group.
rlm_opendirectory: no access control groups, all users allowed.
modcall[authorize]: module "opendirectory" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes.
TTLS: Got tunneled request
User-Name = "testuser at bric.dk"
MS-CHAP-Challenge = 0x63a3c34cf7df7e1ce1847c548b4c01c7
MS-CHAP2-Response =
0xe1006877cd5e3a28368d5bf9531c77e811a700000000000000004016c5470ee27eb869fd7d9d0093ffa247bdb4e6a2b89fe4
FreeRADIUS-Proxied-To = 127.0.0.1
TTLS: Sending tunneled request
User-Name = "testuser at bric.dk"
MS-CHAP-Challenge = 0x63a3c34cf7df7e1ce1847c548b4c01c7
MS-CHAP2-Response =
0xe1006877cd5e3a28368d5bf9531c77e811a700000000000000004016c5470ee27eb869fd7d9d0093ffa247bdb4e6a2b89fe4
FreeRADIUS-Proxied-To = 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 6
rlm_realm: Looking up realm "bric.dk" for User-Name = "testuser at bric.dk"
rlm_realm: Found realm "bric.dk"
rlm_realm: Adding Stripped-User-Name = "testuser"
rlm_realm: Proxying request from user testuser to realm bric.dk
rlm_realm: Adding Realm = "bric.dk"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 6
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 236
radius_xlat: 'testuser at bric.dk'
modcall[authorize]: module "files" returns ok for request 6
rlm_opendirectory: The SACL group "com.apple.access_radius" does not
exist on this system.
rlm_opendirectory: The host 127.0.0.1 does not have an access group.
rlm_opendirectory: no access control groups, all users allowed.
modcall[authorize]: module "opendirectory" returns ok for request 6
modcall: leaving group authorize (returns ok) for request 6
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 6
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for testuser at bric.dk with NT-Password
rlm_mschap: No NT-Password configured. Trying DirectoryService Authentication.
rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0
rlm_osx_od: ds_mschap_auth: getUserNodeRef failed
modcall[authenticate]: module "mschap" returns fail for request 6
modcall: leaving group MS-CHAP (returns fail) for request 6
auth: Failed to validate the user.
Login incorrect: [testuser at bric.dk/<no User-Password attribute>] (from
client localhost port 0)
TTLS: Got tunneled reply RADIUS code 3
User-Name = "testuser at bric.dk"
TTLS: Got tunneled Access-Reject
rlm_eap: Handler failed in EAP/ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 6
modcall: leaving group authenticate (returns invalid) for request 6
auth: Failed to validate the user.
Login incorrect: [testuser at bric.dk/<no User-Password attribute>] (from
client tld-1 port 29 cli 00-14-51-7F-C3-A2)
Delaying request 6 for 1 seconds
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 130.225.242.106:1814, id=23,
length=357
User-Name = "testuser at bric.dk"
Calling-Station-Id = "00-14-51-7F-C3-A2"
Called-Station-Id = "00-0B-85-84-19-E0:eduroam"
NAS-Port = 29
NAS-IP-Address = 172.17.1.4
NAS-Identifier = "Cisco_ea:68:a3"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "\000800"
EAP-Message = 0x0206009f1580000000951703010090b7d3eb1b77b7775c8190cebfb411d21e6627e9821f86d356f60efbea7c6497dc66664ceb21febfbf59b80227b6cb777d2e4c6051e8af54229d35c254d796f4d6f0e1bfe716919511042be43818729094631ebcff50c771ffc2e6df73e0c709c28830d6b82db4df8110839e0c4b153b28030486f23d112d509b68e612d592eabf5f202b68c70ddfaf2da06d3e441a8eff
State = 0xcfb62e9c7f0b887914d1f617cc70a339
Message-Authenticator = 0x2535af39d3c8b25b89693657df5323ba
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: Looking up realm "bric.dk" for User-Name = "testuser at bric.dk"
rlm_realm: Found realm "bric.dk"
rlm_realm: Adding Stripped-User-Name = "testuser"
rlm_realm: Proxying request from user testuser to realm bric.dk
rlm_realm: Adding Realm = "bric.dk"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 6 length 159
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 172
modcall[authorize]: module "files" returns ok for request 7
rlm_opendirectory: The SACL group "com.apple.access_radius" does not
exist on this system.
rlm_opendirectory: The host 130.225.242.106 does not have an access group.
rlm_opendirectory: no access control groups, all users allowed.
modcall[authorize]: module "opendirectory" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: leaving group authenticate (returns invalid) for request 7
auth: Failed to validate the user.
Login incorrect: [testuser at bric.dk/<no User-Password attribute>] (from
client tld-1 port 29 cli 00-14-51-7F-C3-A2)
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
--- Walking the entire request list ---
Sending Access-Reject of id 22 to 130.225.242.106 port 1814
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 19 with timestamp 48b8515f
Cleaning up request 4 ID 20 with timestamp 48b8515f
Cleaning up request 5 ID 21 with timestamp 48b8515f
Sending Access-Reject of id 23 to 130.225.242.106 port 1814
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 22 with timestamp 48b85161
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 7 ID 23 with timestamp 48b85163
Nothing to do. Sleeping until we see a request.
Any suggestion are more than welcome(!)
TvE
More information about the Freeradius-Users
mailing list