EAP Autentication OK but missing some user attributes to client

Davi Baldin davi at jvsinfo.com.br
Wed Jul 30 21:42:45 CEST 2008


List,

I was finished with successful FreeRadius 2 with EAP configuration and 
MSCHAP2. Everything OK, but when the Access-Accept package are sent back 
to client, we missing some attributes mapped from LDAP user account.

I need to sent attribute Expiration and Simultaneous-Use to client. How 
can I get this? This is a wrong configuration made by me, or a limitation 
of the EAP protocol?

Another symptom is the radhwo does not list the autenticated user from 
EAP, just from cisco client.

This is part of log:

rlm_ldap: LDAP attribute radiusExpiration as RADIUS attribute Expiration 
== "May 28 2009 00:00:00 BRT"
rlm_ldap: LDAP attribute sambaAcctFlags as RADIUS attribute 
SMB-Account-CTRL-TEXT == "[XU]"
rlm_ldap: LDAP attribute sambaNtPassword as RADIUS attribute NT-Password 
== 0x3335333030343442414443453434394536443045324434453445313530423444
rlm_ldap: LDAP attribute sambaLmPassword as RADIUS attribute LM-Password 
== 0x4133344533324230433035303233374641414433423433354235313430344545
rlm_ldap: LDAP attribute radiusSimultaneousUse as RADIUS attribute 
Simultaneous-Use == 1
++[ldap-eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Success
  Using saved attributes from the original Access-Accept
  rlm_eap: Freeing handler
++[eap] returns ok
+- entering group session
        expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
        expand: %{User-Name} -> bhsouza
++[radutmp] returns ok
Login OK: [dbht] (from client davi port 36 cli 0019d27646d4)
} # server test-eap
Sending Access-Accept of id 0 to 192.168.231.254 port 3074
        Idle-Timeout = 1800
        User-Name = "dbht"
        MS-MPPE-Recv-Key = 
0x8ddec5a7f80e852a6a74a4519becba99244be80b9f78e0a9ea0a8386ff1270c5
        MS-MPPE-Send-Key = 
0x42a07c62a4820564cae4a28c13bdc13d2f6e7a924b2bf794b21ef27520de7510
        EAP-Message = 0x03080004
        Message-Authenticator = 0x00000000000000000000000000000000
Finished request 8.

May anyone help me?

Regards,

Davi.

Davi Baldin
JVS do Brasil - IBM BP Premier
davi at jvsinfo.com.br
(19) 3211-1266
(19) 9266-6793 (JVS)
(19) 9615-6681
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080730/0518d256/attachment.html>


More information about the Freeradius-Users mailing list