Terminate EAP-PEAP client connection at FreeRadius Proxy and proxy(forward) request as PAP
Jayal1972
joakim.lindgren at gmail.com
Fri Feb 1 18:59:58 CET 2008
Hi again, sorry have read the FAQ ;-) thought that it didn´t needed, sorry.
Output below. All configurations as provided in earlier mail except users:
================================================
users
========
DEFAULT EAP-Type == PEAP, FreeRADIUS-Proxied-To !* 127.0.0.1,
Proxy-To-Realm := LOCAL
SECURACCESS FreeRADIUS-Proxied-To == 127.0.0.1, Auth-Type := PAP,
Proxy-To-Realm := "SECURACCESS"
Fall-Through := No
==ENDusers========================================
================================================
output:
========
osuse-freeradius:/ # radiusd -XX -A
Fri Feb 1 18:48:37 2008 : Info: Starting - reading configuration files ...
Fri Feb 1 18:48:37 2008 : Debug: reread_config: reading radiusd.conf
Fri Feb 1 18:48:37 2008 : Debug: Config: including file:
/etc/raddb/proxy.conf
Fri Feb 1 18:48:37 2008 : Debug: Config: including file:
/etc/raddb/clients.conf
Fri Feb 1 18:48:37 2008 : Debug: Config: including file:
/etc/raddb/snmp.conf
Fri Feb 1 18:48:37 2008 : Debug: Config: including file:
/etc/raddb/eap.conf
Fri Feb 1 18:48:37 2008 : Debug: Config: including file:
/etc/raddb/sql.conf
Fri Feb 1 18:48:37 2008 : Debug: main: prefix = "/usr"
Fri Feb 1 18:48:37 2008 : Debug: main: localstatedir = "/var"
Fri Feb 1 18:48:37 2008 : Debug: main: logdir = "/var/log/radius"
Fri Feb 1 18:48:37 2008 : Debug: main: libdir = "/usr/lib"
Fri Feb 1 18:48:37 2008 : Debug: main: radacctdir =
"/var/log/radius/radacct"
Fri Feb 1 18:48:37 2008 : Debug: main: hostname_lookups = no
Fri Feb 1 18:48:37 2008 : Debug: main: max_request_time = 30
Fri Feb 1 18:48:37 2008 : Debug: main: cleanup_delay = 5
Fri Feb 1 18:48:37 2008 : Debug: main: max_requests = 1024
Fri Feb 1 18:48:37 2008 : Debug: main: delete_blocked_requests = 0
Fri Feb 1 18:48:37 2008 : Debug: main: port = 0
Fri Feb 1 18:48:37 2008 : Debug: main: allow_core_dumps = no
Fri Feb 1 18:48:37 2008 : Debug: main: log_stripped_names = yes
Fri Feb 1 18:48:37 2008 : Debug: main: log_file =
"/var/log/radius/radius.log"
Fri Feb 1 18:48:37 2008 : Debug: main: log_auth = yes
Fri Feb 1 18:48:37 2008 : Debug: main: log_auth_badpass = yes
Fri Feb 1 18:48:37 2008 : Debug: main: log_auth_goodpass = yes
Fri Feb 1 18:48:37 2008 : Debug: main: pidfile =
"/var/run/radiusd/radiusd.pid"
Fri Feb 1 18:48:37 2008 : Debug: main: user = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: main: group = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: main: usercollide = no
Fri Feb 1 18:48:37 2008 : Debug: main: lower_user = "no"
Fri Feb 1 18:48:37 2008 : Debug: main: lower_pass = "no"
Fri Feb 1 18:48:37 2008 : Debug: main: nospace_user = "no"
Fri Feb 1 18:48:37 2008 : Debug: main: nospace_pass = "no"
Fri Feb 1 18:48:37 2008 : Debug: main: checkrad = "/usr/sbin/checkrad"
Fri Feb 1 18:48:37 2008 : Debug: main: proxy_requests = yes
Fri Feb 1 18:48:37 2008 : Debug: proxy: retry_delay = 5
Fri Feb 1 18:48:37 2008 : Debug: proxy: retry_count = 3
Fri Feb 1 18:48:37 2008 : Debug: proxy: synchronous = no
Fri Feb 1 18:48:37 2008 : Debug: proxy: default_fallback = yes
Fri Feb 1 18:48:37 2008 : Debug: proxy: dead_time = 120
Fri Feb 1 18:48:37 2008 : Debug: proxy: post_proxy_authorize = no
Fri Feb 1 18:48:37 2008 : Debug: proxy: wake_all_if_all_dead = no
Fri Feb 1 18:48:37 2008 : Debug: security: max_attributes = 200
Fri Feb 1 18:48:37 2008 : Debug: security: reject_delay = 1
Fri Feb 1 18:48:37 2008 : Debug: security: status_server = no
Fri Feb 1 18:48:37 2008 : Debug: main: debug_level = 0
Fri Feb 1 18:48:37 2008 : Debug: read_config_files: reading dictionary
Fri Feb 1 18:48:37 2008 : Debug: read_config_files: reading naslist
Fri Feb 1 18:48:37 2008 : Debug: read_config_files: reading clients
Fri Feb 1 18:48:37 2008 : Debug: read_config_files: reading realms
Fri Feb 1 18:48:37 2008 : Debug: radiusd: entering modules setup
Fri Feb 1 18:48:37 2008 : Debug: Module: Library search path is /usr/lib
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded exec
Fri Feb 1 18:48:37 2008 : Debug: exec: wait = yes
Fri Feb 1 18:48:37 2008 : Debug: exec: program = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: exec: input_pairs = "request"
Fri Feb 1 18:48:37 2008 : Debug: exec: output_pairs = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: exec: packet_type = "(null)"
Fri Feb 1 18:48:37 2008 : Info: rlm_exec: Wait=yes but no output defined.
Did you mean output=none?
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated exec (exec)
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded expr
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated expr (expr)
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded PAP
Fri Feb 1 18:48:37 2008 : Debug: pap: encryption_scheme = "crypt"
Fri Feb 1 18:48:37 2008 : Debug: pap: auto_header = yes
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated pap (pap)
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded CHAP
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated chap (chap)
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded MS-CHAP
Fri Feb 1 18:48:37 2008 : Debug: mschap: use_mppe = yes
Fri Feb 1 18:48:37 2008 : Debug: mschap: require_encryption = yes
Fri Feb 1 18:48:37 2008 : Debug: mschap: require_strong = yes
Fri Feb 1 18:48:37 2008 : Debug: mschap: with_ntdomain_hack = no
Fri Feb 1 18:48:37 2008 : Debug: mschap: passwd = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: mschap: ntlm_auth = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated mschap (mschap)
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded System
Fri Feb 1 18:48:37 2008 : Debug: unix: cache = no
Fri Feb 1 18:48:37 2008 : Debug: unix: passwd = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: unix: shadow = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: unix: group = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: unix: radwtmp = "/var/log/radius/radwtmp"
Fri Feb 1 18:48:37 2008 : Debug: unix: usegroup = no
Fri Feb 1 18:48:37 2008 : Debug: unix: cache_reload = 600
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated unix (unix)
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded LDAP
Fri Feb 1 18:48:37 2008 : Debug: ldap: server = "192.168.1.71"
Fri Feb 1 18:48:37 2008 : Debug: ldap: port = 389
Fri Feb 1 18:48:37 2008 : Debug: ldap: net_timeout = 1
Fri Feb 1 18:48:37 2008 : Debug: ldap: timeout = 4
Fri Feb 1 18:48:37 2008 : Debug: ldap: timelimit = 3
Fri Feb 1 18:48:37 2008 : Debug: ldap: identity = "cn=admin,o=Contonso"
Fri Feb 1 18:48:37 2008 : Debug: ldap: tls_mode = no
Fri Feb 1 18:48:37 2008 : Debug: ldap: start_tls = yes
Fri Feb 1 18:48:37 2008 : Debug: ldap: tls_cacertfile =
"/etc/raddb/certs/eDirCerts/edirectory_ROOT_Cert_DER.pem"
Fri Feb 1 18:48:37 2008 : Debug: ldap: tls_cacertdir = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: ldap: tls_certfile = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: ldap: tls_keyfile = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: ldap: tls_randfile = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: ldap: tls_require_cert = "allow"
Fri Feb 1 18:48:37 2008 : Debug: ldap: password = "toor"
Fri Feb 1 18:48:37 2008 : Debug: ldap: basedn = "o=Contonso"
Fri Feb 1 18:48:37 2008 : Debug: ldap: filter =
"(uid=%{Stripped-User-Name:-%{User-Name}})"
Fri Feb 1 18:48:37 2008 : Debug: ldap: base_filter =
"(objectclass=radiusprofile)"
Fri Feb 1 18:48:37 2008 : Debug: ldap: default_profile = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: ldap: profile_attribute = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: ldap: password_header = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: ldap: password_attribute = "nspmPassword"
Fri Feb 1 18:48:37 2008 : Debug: ldap: access_attr = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: ldap: groupname_attribute = "cn"
Fri Feb 1 18:48:37 2008 : Debug: ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
Fri Feb 1 18:48:37 2008 : Debug: ldap: groupmembership_attribute =
"(null)"
Fri Feb 1 18:48:37 2008 : Debug: ldap: dictionary_mapping =
"/etc/raddb/ldap.attrmap"
Fri Feb 1 18:48:37 2008 : Debug: ldap: ldap_debug = 0
Fri Feb 1 18:48:37 2008 : Debug: ldap: ldap_connections_number = 5
Fri Feb 1 18:48:37 2008 : Debug: ldap: compare_check_items = no
Fri Feb 1 18:48:37 2008 : Debug: ldap: access_attr_used_for_allow = yes
Fri Feb 1 18:48:37 2008 : Debug: ldap: do_xlat = yes
Fri Feb 1 18:48:37 2008 : Debug: ldap: edir_account_policy_check = yes
Fri Feb 1 18:48:37 2008 : Debug: ldap: set_auth_type = yes
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: Registering ldap_groupcmp for
Ldap-Group
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: Registering ldap_xlat with
xlat_name ldap
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: reading ldap<->radius mappings
from file /etc/raddb/ldap.attrmap
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to
RADIUS $GENERIC$
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to
RADIUS $GENERIC$
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusAuthType mapped to
RADIUS Auth-Type
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusSimultaneousUse
mapped to RADIUS Simultaneous-Use
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusCalledStationId
mapped to RADIUS Called-Station-Id
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusCallingStationId
mapped to RADIUS Calling-Station-Id
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP sambaLMPassword mapped to
RADIUS LM-Password
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP sambaNTPassword mapped to
RADIUS NT-Password
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP sambaAcctFlags mapped to
RADIUS SMB-Account-CTRL-TEXT
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusExpiration mapped to
RADIUS Expiration
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP userPassword mapped to
RADIUS User-Password
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusServiceType mapped to
RADIUS Service-Type
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped
to RADIUS Framed-Protocol
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusFramedIPAddress
mapped to RADIUS Framed-IP-Address
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask
mapped to RADIUS Framed-IP-Netmask
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to
RADIUS Framed-Route
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped
to RADIUS Framed-Routing
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusFilterId mapped to
RADIUS Filter-Id
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to
RADIUS Framed-MTU
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusFramedCompression
mapped to RADIUS Framed-Compression
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to
RADIUS Login-IP-Host
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusLoginService mapped
to RADIUS Login-Service
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped
to RADIUS Login-TCP-Port
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped
to RADIUS Callback-Number
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to
RADIUS Callback-Id
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork
mapped to RADIUS Framed-IPX-Network
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusClass mapped to
RADIUS Class
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped
to RADIUS Session-Timeout
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to
RADIUS Idle-Timeout
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusTerminationAction
mapped to RADIUS Termination-Action
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusLoginLATService
mapped to RADIUS Login-LAT-Service
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped
to RADIUS Login-LAT-Node
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped
to RADIUS Login-LAT-Group
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink
mapped to RADIUS Framed-AppleTalk-Link
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone
mapped to RADIUS Framed-AppleTalk-Zone
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to
RADIUS Port-Limit
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped
to RADIUS Login-LAT-Port
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusTunnelType mapped to
RADIUS Tunnel-Type
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusTunnelMediumType
mapped to RADIUS Tunnel-Medium-Type
Fri Feb 1 18:48:37 2008 : Debug: rlm_ldap: LDAP radiusTunnelPrivateGroupId
mapped to RADIUS Tunnel-Private-Group-Id
Fri Feb 1 18:48:37 2008 : Debug: conns: 0x801026e0
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated ldap (ldap)
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded eap
Fri Feb 1 18:48:37 2008 : Debug: eap: default_eap_type = "ttls"
Fri Feb 1 18:48:37 2008 : Debug: eap: timer_expire = 60
Fri Feb 1 18:48:37 2008 : Debug: eap: ignore_unknown_eap_types = no
Fri Feb 1 18:48:37 2008 : Debug: eap: cisco_accounting_username_bug = no
Fri Feb 1 18:48:37 2008 : Debug: rlm_eap: Loaded and initialized type md5
Fri Feb 1 18:48:37 2008 : Debug: rlm_eap: Loaded and initialized type leap
Fri Feb 1 18:48:37 2008 : Debug: gtc: challenge = "Password: "
Fri Feb 1 18:48:37 2008 : Debug: gtc: auth_type = "PAP"
Fri Feb 1 18:48:37 2008 : Debug: rlm_eap: Loaded and initialized type gtc
Fri Feb 1 18:48:37 2008 : Debug: tls: rsa_key_exchange = no
Fri Feb 1 18:48:37 2008 : Debug: tls: dh_key_exchange = yes
Fri Feb 1 18:48:37 2008 : Debug: tls: rsa_key_length = 512
Fri Feb 1 18:48:37 2008 : Debug: tls: dh_key_length = 512
Fri Feb 1 18:48:37 2008 : Debug: tls: verify_depth = 0
Fri Feb 1 18:48:37 2008 : Debug: tls: CA_path = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: tls: pem_file_type = yes
Fri Feb 1 18:48:37 2008 : Debug: tls: private_key_file =
"/etc/raddb/certs/jaysCA2/osuse-freeradius/server_keycert.pem"
Fri Feb 1 18:48:37 2008 : Debug: tls: certificate_file =
"/etc/raddb/certs/jaysCA2/osuse-freeradius/server_keycert.pem"
Fri Feb 1 18:48:37 2008 : Debug: tls: CA_file =
"/etc/raddb/certs/jaysCA2/cacert.pem"
Fri Feb 1 18:48:37 2008 : Debug: tls: private_key_password = "password"
Fri Feb 1 18:48:37 2008 : Debug: tls: dh_file = "/etc/raddb/certs/dh"
Fri Feb 1 18:48:37 2008 : Debug: tls: random_file =
"/etc/raddb/certs/random"
Fri Feb 1 18:48:37 2008 : Debug: tls: fragment_size = 1024
Fri Feb 1 18:48:37 2008 : Debug: tls: include_length = yes
Fri Feb 1 18:48:37 2008 : Debug: tls: check_crl = no
Fri Feb 1 18:48:37 2008 : Debug: tls: check_cert_cn = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: tls: cipher_list = "(null)"
Fri Feb 1 18:48:37 2008 : Debug: tls: check_cert_issuer = "(null)"
Fri Feb 1 18:48:37 2008 : Info: rlm_eap_tls: Loading the certificate file
as a chain
Fri Feb 1 18:48:37 2008 : Debug: rlm_eap: Loaded and initialized type tls
Fri Feb 1 18:48:37 2008 : Debug: ttls: default_eap_type = "md5"
Fri Feb 1 18:48:37 2008 : Debug: ttls: copy_request_to_tunnel = yes
Fri Feb 1 18:48:37 2008 : Debug: ttls: use_tunneled_reply = yes
Fri Feb 1 18:48:37 2008 : Debug: rlm_eap: Loaded and initialized type ttls
Fri Feb 1 18:48:37 2008 : Debug: peap: default_eap_type = "mschapv2"
Fri Feb 1 18:48:37 2008 : Debug: peap: copy_request_to_tunnel = no
Fri Feb 1 18:48:37 2008 : Debug: peap: use_tunneled_reply = no
Fri Feb 1 18:48:37 2008 : Debug: peap: proxy_tunneled_request_as_eap = no
Fri Feb 1 18:48:37 2008 : Debug: rlm_eap: Loaded and initialized type peap
Fri Feb 1 18:48:37 2008 : Debug: mschapv2: with_ntdomain_hack = no
Fri Feb 1 18:48:37 2008 : Debug: rlm_eap: Loaded and initialized type
mschapv2
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated eap (eap)
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded preprocess
Fri Feb 1 18:48:37 2008 : Debug: preprocess: huntgroups =
"/etc/raddb/huntgroups"
Fri Feb 1 18:48:37 2008 : Debug: preprocess: hints = "/etc/raddb/hints"
Fri Feb 1 18:48:37 2008 : Debug: preprocess: with_ascend_hack = no
Fri Feb 1 18:48:37 2008 : Debug: preprocess: ascend_channels_per_line = 23
Fri Feb 1 18:48:37 2008 : Debug: preprocess: with_ntdomain_hack = no
Fri Feb 1 18:48:37 2008 : Debug: preprocess: with_specialix_jetstream_hack
= no
Fri Feb 1 18:48:37 2008 : Debug: preprocess: with_cisco_vsa_hack = no
Fri Feb 1 18:48:37 2008 : Debug: preprocess: with_alvarion_vsa_hack = no
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated preprocess
(preprocess)
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded realm
Fri Feb 1 18:48:37 2008 : Debug: realm: format = "suffix"
Fri Feb 1 18:48:37 2008 : Debug: realm: delimiter = "@"
Fri Feb 1 18:48:37 2008 : Debug: realm: ignore_default = no
Fri Feb 1 18:48:37 2008 : Debug: realm: ignore_null = no
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated realm (suffix)
Fri Feb 1 18:48:37 2008 : Debug: realm: format = "prefix"
Fri Feb 1 18:48:37 2008 : Debug: realm: delimiter = "\"
Fri Feb 1 18:48:37 2008 : Debug: realm: ignore_default = no
Fri Feb 1 18:48:37 2008 : Debug: realm: ignore_null = no
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated realm (ntdomain)
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded files
Fri Feb 1 18:48:37 2008 : Debug: files: usersfile = "/etc/raddb/users"
Fri Feb 1 18:48:37 2008 : Debug: files: acctusersfile =
"/etc/raddb/acct_users"
Fri Feb 1 18:48:37 2008 : Debug: files: preproxy_usersfile =
"/etc/raddb/preproxy_users"
Fri Feb 1 18:48:37 2008 : Debug: files: compat = "no"
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated files (files)
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded Acct-Unique-Session-Id
Fri Feb 1 18:48:37 2008 : Debug: acct_unique: key = "User-Name,
Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated acct_unique
(acct_unique)
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded detail
Fri Feb 1 18:48:37 2008 : Debug: detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
Fri Feb 1 18:48:37 2008 : Debug: detail: detailperm = 384
Fri Feb 1 18:48:37 2008 : Debug: detail: dirperm = 493
Fri Feb 1 18:48:37 2008 : Debug: detail: locking = no
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated detail (detail)
Fri Feb 1 18:48:37 2008 : Debug: Module: Loaded radutmp
Fri Feb 1 18:48:37 2008 : Debug: radutmp: filename =
"/var/log/radius/radutmp"
Fri Feb 1 18:48:37 2008 : Debug: radutmp: username = "%{User-Name}"
Fri Feb 1 18:48:37 2008 : Debug: radutmp: case_sensitive = yes
Fri Feb 1 18:48:37 2008 : Debug: radutmp: check_with_nas = yes
Fri Feb 1 18:48:37 2008 : Debug: radutmp: perm = 384
Fri Feb 1 18:48:37 2008 : Debug: radutmp: callerid = yes
Fri Feb 1 18:48:37 2008 : Debug: Module: Instantiated radutmp (radutmp)
Fri Feb 1 18:48:37 2008 : Debug: Listening on authentication *:1812
Fri Feb 1 18:48:37 2008 : Debug: Listening on accounting *:1813
Fri Feb 1 18:48:37 2008 : Debug: Listening on proxy *:1814
Fri Feb 1 18:48:37 2008 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.150:32797, id=161,
length=199
User-Name = "joakimlindgren at SECURACCESS"
NAS-IP-Address = 192.168.1.73
NAS-Port = 1
NAS-Identifier = "10"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "0012793DFC0C"
Called-Station-Id = "000B86600A58"
Framed-MTU = 1100
EAP-Message =
0x0205001f016a6f616b696d6c696e646772656e405345435552414343455353
Aruba-Essid-Name = "demo-wpa-aes-eap-radius"
Aruba-Location-Id = "1.1.1"
Message-Authenticator = 0x47285cb5d34e8a387ef93f1e368b5b5e
Fri Feb 1 18:49:26 2008 : Debug: Processing the authorize section of
radiusd.conf
Fri Feb 1 18:49:26 2008 : Debug: modcall: entering group authorize for
request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modcall[authorize]: module "preprocess"
returns ok for request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: returned from chap
(rlm_chap) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modcall[authorize]: module "chap"
returns noop for request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modcall[authorize]: module "mschap"
returns noop for request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 0
Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Looking up realm
"SECURACCESS" for User-Name = "joakimlindgren at SECURACCESS"
Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Found realm "SECURACCESS"
Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Adding Stripped-User-Name =
"joakimlindgren"
Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Proxying request from user
joakimlindgren to realm SECURACCESS
Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Adding Realm =
"SECURACCESS"
Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Preparing to proxy
authentication request to realm "SECURACCESS"
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modcall[authorize]: module "suffix"
returns updated for request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: calling ntdomain
(rlm_realm) for request 0
Fri Feb 1 18:49:26 2008 : Debug: rlm_realm: Request already proxied.
Ignoring.
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: returned from
ntdomain (rlm_realm) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modcall[authorize]: module "ntdomain"
returns noop for request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 0
Fri Feb 1 18:49:26 2008 : Debug: rlm_eap: Request is supposed to be
proxied to Realm SECURACCESS. Not doing EAP.
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: returned from eap
(rlm_eap) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modcall[authorize]: module "eap" returns
noop for request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modcall[authorize]: module "files"
returns notfound for request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: calling ldap
(rlm_ldap) for request 0
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: - authorize
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: performing user authorization
for joakimlindgren
Fri Feb 1 18:49:26 2008 : Debug: radius_xlat: '(uid=joakimlindgren)'
Fri Feb 1 18:49:26 2008 : Debug: radius_xlat: 'o=Contonso'
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: attempting LDAP reconnection
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: (re)connect to 192.168.1.71:389,
authentication 0
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: setting TLS CACert File to
/etc/raddb/certs/eDirCerts/edirectory_ROOT_Cert_DER.pem
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: starting TLS
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: bind as cn=admin,o=Contonso/toor
to 192.168.1.71:389
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: waiting for bind result ...
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: Bind was successful
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: performing search in o=Contonso,
with filter (uid=joakimlindgren)
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: Added the eDirectory password in
check items
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: looking for check items in
directory...
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: looking for reply items in
directory...
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: user joakimlindgren authorized
to use remote access
Fri Feb 1 18:49:26 2008 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: returned from ldap
(rlm_ldap) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modcall[authorize]: module "ldap"
returns ok for request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: calling pap
(rlm_pap) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modsingle[authorize]: returned from pap
(rlm_pap) for request 0
Fri Feb 1 18:49:26 2008 : Debug: modcall[authorize]: module "pap" returns
noop for request 0
Fri Feb 1 18:49:26 2008 : Debug: modcall: leaving group authorize (returns
updated) for request 0
Fri Feb 1 18:49:26 2008 : Debug: proxy: creating 4b01a8c0:1812
Fri Feb 1 18:49:26 2008 : Debug: proxy: allocating 4b01a8c0:1812 0
Sending Access-Request of id 0 to 192.168.1.75 port 1812
User-Name = "joakimlindgren"
NAS-IP-Address = 192.168.1.73
NAS-Port = 1
NAS-Identifier = "10"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "0012793DFC0C"
Called-Station-Id = "000B86600A58"
Framed-MTU = 1100
EAP-Message =
0x0205001f016a6f616b696d6c696e646772656e405345435552414343455353
Aruba-Essid-Name = "demo-wpa-aes-eap-radius"
Aruba-Location-Id = "1.1.1"
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x313631
Fri Feb 1 18:49:26 2008 : Debug: --- Walking the entire request list ---
Fri Feb 1 18:49:26 2008 : Debug: Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.150:32797, id=161,
length=199
Fri Feb 1 18:49:31 2008 : Debug: Ignoring duplicate packet from client
Aruba-vlan-2:32797 - ID: 161, due to outstanding proxied request 0.
Fri Feb 1 18:49:31 2008 : Debug: --- Walking the entire request list ---
Fri Feb 1 18:49:31 2008 : Debug: Waking up in 1 seconds...
Fri Feb 1 18:49:32 2008 : Debug: --- Walking the entire request list ---
Re-sending Access-Request of id 0 to 192.168.1.75 port 1812
User-Name = "joakimlindgren"
NAS-IP-Address = 192.168.1.73
NAS-Port = 1
NAS-Identifier = "10"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "0012793DFC0C"
Called-Station-Id = "000B86600A58"
Framed-MTU = 1100
EAP-Message =
0x0205001f016a6f616b696d6c696e646772656e405345435552414343455353
Aruba-Essid-Name = "demo-wpa-aes-eap-radius"
Aruba-Location-Id = "1.1.1"
Message-Authenticator = 0x00000000000000000000000000000000
Client-IP-Address = 192.168.1.150
Stripped-User-Name = "joakimlindgren"
Realm = "SECURACCESS"
EAP-Type = Identity
Ldap-UserDn = "cn=joakimlindgren,o=Contonso"
Realm = "SECURACCESS"
Proxy-State = 0x313631
Fri Feb 1 18:49:32 2008 : Debug: Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.1.150:32797, id=161,
length=199
Fri Feb 1 18:49:36 2008 : Debug: Ignoring duplicate packet from client
Aruba-vlan-2:32797 - ID: 161, due to outstanding proxied request 0.
Fri Feb 1 18:49:36 2008 : Debug: --- Walking the entire request list ---
Fri Feb 1 18:49:36 2008 : Debug: Waking up in 1 seconds...
Fri Feb 1 18:49:37 2008 : Debug: --- Walking the entire request list ---
Re-sending Access-Request of id 0 to 192.168.1.75 port 1812
User-Name = "joakimlindgren"
NAS-IP-Address = 192.168.1.73
NAS-Port = 1
NAS-Identifier = "10"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "0012793DFC0C"
Called-Station-Id = "000B86600A58"
Framed-MTU = 1100
EAP-Message =
0x0205001f016a6f616b696d6c696e646772656e405345435552414343455353
Aruba-Essid-Name = "demo-wpa-aes-eap-radius"
Aruba-Location-Id = "1.1.1"
Message-Authenticator = 0x00000000000000000000000000000000
Client-IP-Address = 192.168.1.150
Stripped-User-Name = "joakimlindgren"
Realm = "SECURACCESS"
EAP-Type = Identity
Ldap-UserDn = "cn=joakimlindgren,o=Contonso"
Realm = "SECURACCESS"
Proxy-State = 0x313631
Fri Feb 1 18:49:37 2008 : Debug: Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.1.150:32797, id=161,
length=199
Fri Feb 1 18:49:41 2008 : Debug: Ignoring duplicate packet from client
Aruba-vlan-2:32797 - ID: 161, due to outstanding proxied request 0.
Fri Feb 1 18:49:41 2008 : Debug: --- Walking the entire request list ---
Fri Feb 1 18:49:41 2008 : Debug: Waking up in 1 seconds...
Fri Feb 1 18:49:42 2008 : Debug: --- Walking the entire request list ---
Fri Feb 1 18:49:42 2008 : Debug: Server rejecting request 0.
Fri Feb 1 18:49:42 2008 : Proxy: marking authentication server
192.168.1.75:1812 for realm SECURACCESS dead
Fri Feb 1 18:49:42 2008 : Debug: Waking up in 0 seconds...
Fri Feb 1 18:49:42 2008 : Debug: --- Walking the entire request list ---
Sending Access-Reject of id 161 to 192.168.1.150 port 32797
Fri Feb 1 18:49:42 2008 : Debug: Cleaning up request 0 ID 161 with
timestamp 47a35ba6
Fri Feb 1 18:49:42 2008 : Debug: proxy: de-allocating 4b01a8c0:1812 0
Fri Feb 1 18:49:42 2008 : Debug: Nothing to do. Sleeping until we see a
request.
===ENDoutput=============================================================================
// Thanks
Alan DeKok-4 wrote:
>
> Joakim Lindgren wrote:
>> EAP-TTLS/PAP is the defaultI tried configuring the TTLS-PAP inner and
>> outer tunnel but it will not work.
>
> <sigh>. Read the FAQ about "it doesn't work".
>
>> A. If an incoming user conn. against the FreeRadius Server (Nr1) is
>> belonging to "OTHER" (LOCAL) domain then
>> the EAP-TTLS tunnel is ended and validated against the LDAP.
>
>> B. If an incoming user conn. against the FreeRadius Server (Nr1) is
>> belonging to "SECURSERVER" domain then
>> the EAP-TTLS tunnel is ended and PAP is proxied to other Radius (Nr 2)
>
> This is pretty trivial to do in 2.0.1. You can configure the policy
> pretty much as you wrote it.
>
> Alan DeKok.
>
--
View this message in context: http://www.nabble.com/Terminate-EAP-PEAP-client-connection-at-FreeRadius-Proxy-and-proxy%28forward%29-request-as-PAP-tp15218593p15231836.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list