Freeradius 2.0.4 + OpenLDAP Problem (Cleartext-Password)
Hello everybody!!
I have FreeRADIUS 1.1.7 + openldap using EAP-PEAP authentication, perfectly working.
Now, I want to use the same openldap database, but with FreeRADIUS 2.0.4, but I can't get success authentication.
is it necesary additional parameters of configuration for Freeradius 2.0.4?
How or Where can I configure User-Password instead Cleartext-Password?
OpenLDAP database needs changes for FreeRADIUS 2.0.4?
-----------------------
Similar error I got, when I configured EAP-PEAP without OpenLDAP database(Using users file), like in FreeRADIUS 1.1.7:
"temporal1" User-Password == "temporal1"
But, when I changed User-Password with Cleartext-Password:
"temporal1" Cleartext-Password := "temporal1"
I got success authentication.
-----------------------
But,I need to continue using my OpenLDAP database, somebody can help me how to achieve that?
Thanks in
advance!
German
Yahoo! Deportes Beta
¡No te pierdas lo último sobre el torneo clausura 2008!
Entérate aquí http://deportes.yahoo.comUser-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0202000e0174656d706f72616c31
Message-Authenticator = 0x55f6f02dad97274f983156eb619450fb
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
rlm_ldap: Entering ldap_groupcmp()
expand: ou=users,ou=radius,dc=wireless,dc=mired,dc=mx -> ou=users,ou=radius,dc=wireless,dc=mired,dc=mx
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=temporal1)
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.1.2:389, authentication 0
rlm_ldap: bind as uid=riu,ou=admin mail,dc=server,dc=mired,dc=mx/mypass to 192.168.1.2:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx, with filter (uid=temporal1)
rlm_ldap: ldap_release_conn: Release Id: 0
expand: (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx, with filter (&(cn=academicos)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=RETY750916,ou=users,ou=radius,dc=wireless,dc=mired,dc=mx, with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group academicos
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 139
++[files] returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for temporal1
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=temporal1)
expand: ou=users,ou=radius,dc=wireless,dc=mired,dc=mx -> ou=users,ou=radius,dc=wireless,dc=mired,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx, with filter (uid=temporal1)
rlm_ldap: Added User-Password = TEMPORAL1 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user temporal1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a73dd5c9876db8a2af8cd70725
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a73dd5c9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0203005019800000004616030100410100003d0301483350f485457ef321d7205f1d3f11970f19adf7ebc2d32dd5fe9d61348b073d00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xcdc119224a6d29ca585372b3f0012c87
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 70
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
EAP-Message = 0x0104040019c0000008bb160301004a020000460301483351a9de21a09971d6806ac111570bb67068775f5b7cb355d205df07a04a7120c185d9c8284e73c089835ce33f5016d405fa2977103be2fdc67e7f217d14a83d000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303531393232333931365a170d3039303531393232333931365a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100aefc44eb6a1faf3ffc80b7173e182478cf969ea5a6b85736363a5949f060
EAP-Message = 0xf2d0025f992bebe4372a32e13f3f4dfa44b06bc8557b551c09bd106ab680565a1a89492101573ec0debedb699bf16cee097dd36bd5144121f05bf76f68afba7b03efb9330b5774073da4974d385fc2996956b2a94b9515543523e27e8b5b7d93a01b6288b9b3b1ba65eae13ec1763e8cabb8f5f1ad1643d2c6268dc0cf5afa726dc133a10c34957b5bca0308e88f315966169eae2d2649cf679d017fa786bec3225d47614e15f4ea1e5cfda71ea827d61258fa132f73bddb0eafebc096b89ffa772cfe6aefa2285070a0f6aa850467ccb79c732979e5517ed7126da3787a7e7c77a30203010001a317301530130603551d25040c300a06082b06010505
EAP-Message = 0x070301300d06092a864886f70d01010405000382010100118cb9122ef424f0c7a440f733b07990001c1fb80ac009f9457638ac24564dd4c1731c9b2de99a2706e036b7cdb578847b1a48c88b4f4de9c54c034865788fe3d11269e1e56ae5ea0536aa3f9284fe272eba7d3ae7d5bb5a179a8e44b7f2569bac8a871ecaf3e7978f402f246c847db9ea337182451039bbd64c357af615c2ce2581ff660dcf3e3c1ea423c12081f58da942a5ea7c12a487843398f333f3f45f27042570ca7c5ede5e43a701330ee04970972a0c3df08ae158600d9525478885d53ea753fa3b9e91dccf8b548a1574ff24fb8cf053eb2d7eeeed705ee758769a820ea157b5b4
EAP-Message = 0xa0750995694ed4b3130eea99
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a73cd2c9876db8a2af8cd70725
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a73cd2c9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400061900
Message-Authenticator = 0xcc57a33616442858d1ff03ff4d392bf8
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
EAP-Message = 0x010503fc1940b3e10927517142d20aca8b6bfe8d0004ab308204a73082038fa003020102020900ad7745c335b8f9af300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303531393232333931355a170d3038303631383232333931355a308193310b30090603
EAP-Message = 0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c22b84747eb6dbffd145ad73ea401cadcd70928d7a20dd7ba4753cacad6eadc6723fd2c7fc1974248b66ebd0b760886b8e7e0faf3e88f3b5ca16a4ec5a44706250a8c2740589e7248402167cb6a440
EAP-Message = 0xe501c3dd2db58bac21122ba16db6f31ab3ed57f33fec53d3a7fe2b015be100e4feaa5c4e6d35fdc6a315e0d3297444f41f43116659f383e381c0d0d6d7425f1597699bc535b11f5c6bc3c72c72a8a72947b8e0fd0b0f67e2d43ce8bd3e70a93dababba8070c39e3178762704f42156813672a35f3b306ec994340c5a6290c6ca04ae2ff563b3670d3f898b8526df0ff73dbf470e6fe622db7e5a59fd709dfdb042fe352d1078b693c11b31ccccd5cb68190203010001a381fb3081f8301d0603551d0e04160414586bacb4f8629ef9bdd097817b29a258f15a050f3081c80603551d230481c03081bd8014586bacb4f8629ef9bdd097817b29a258f15a
EAP-Message = 0x050fa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900ad7745c335b8f9af300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100064c7c582032b2416ec0ca9ba609174071748b3a5a4723e8dbdc18c4514fa2f266f306f2c9f46b3bc37378b633045c4296db
EAP-Message = 0x9e5ee30aa059fc32
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a73fd3c9876db8a2af8cd70725
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a73fd3c9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020500061900
Message-Authenticator = 0x19e5d2c0dd47034a67366569932803d9
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
EAP-Message = 0x010600d51900fa20504c21743fdcb28c94527095e4bf87f8c9ebbba34400532e82551128434a2a68843619bcbe798630caaec366ec67991327067eb1777e1bcfc1cccc2fc0ec4b80943004ad7e80b9c4431ef84c990eac035d5f9c74b8555739fec5b1bc985fcd95769e31c854d7d61c2d82d97bdb776a153262f818e15c330b59d6e6c2d44cd2d73ee0fff9c4613d98f474a8555b2921f28181c03f803b8dcf740b18a1c13041a95bb3820bea7dfecffc8145308c5e95d161b51a33645bcaceafcb383c3ce03546e7b657bd16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a73ed0c9876db8a2af8cd70725
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a73ed0c9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02060140198000000136160301010610000102010088203cd15a638c3638db51513d27aea3f9c5998b101e07924c7d517cd0fab8898daeba330f704bd5b4fa9a8828c7953243d2b783656866a56d7f933e668d74a1252a8d86b817d1b59e1fddc96ba0f5a4949b5b94f75f024e765da8093100aa83f6cc70625c83f10f95836b0c6d4ced72d019a7a39fb09cd599706d993cdbb9c1ba3c5670825c9df790652c28435fd7023ddef755be876e81239e19cf7ee62bff25b5aac2256af336d38e10c4cb8e472564dc5f6f3b4ea012adfdd9101dea6d340581e574633fdb2cbe7204d36e9a027924b9a2955bbdf82204b4a6ef667c885a0a1ce1542ff1a1ff
EAP-Message = 0x3bfb40169caae4c580856ad2e941e127bff6a175b3c2a58114030100010116030100209df955e11155d458796366521047a8eaed81de51d31191e76245fc062c8e1b76
Message-Authenticator = 0x79a99d679c69ae0c9e1619f36db388ad
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 6 length 253
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 310
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
EAP-Message = 0x0107003119001403010001011603010020f54bae3cd49c93d813734f616a8c3201ebc9c26416e88382fd46c88db64ddc8d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a739d1c9876db8a2af8cd70725
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a739d1c9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020700061900
Message-Authenticator = 0xc88d46fc398be3abf214a9b1eb767756
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 7 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
EAP-Message = 0x01080020190017030100156ea40735a4cf89f4626ce63b4ce1cf092e6ad3eed1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a738dec9876db8a2af8cd70725
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a738dec9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020800251900170301001a4436081b763f21812f4545f999ac3ca58d64fa44bd807dfa391d
Message-Authenticator = 0xed2a31854da81f2c2607352f7038f884
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 8 length 37
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - temporal1
PEAP: Got tunneled identity of temporal1
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to temporal1
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 8 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: Entering ldap_groupcmp()
expand: ou=users,ou=radius,dc=wireless,dc=mired,dc=mx -> ou=users,ou=radius,dc=wireless,dc=mired,dc=mx
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=temporal1)
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx, with filter (uid=temporal1)
rlm_ldap: ldap_release_conn: Release Id: 0
expand: (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx, with filter (&(cn=academicos)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=RETY750916,ou=users,ou=radius,dc=wireless,dc=mired,dc=mx, with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group academicos
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 139
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
EAP-Message = 0x0109003a1900170301002f176828ea998680bf5cbb0a089f240536fd49f7a9984d36023a331abdf4af139efdf8ed5afbadd7ec7b926a1c86d530
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a73bdfc9876db8a2af8cd70725
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a73bdfc9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0209005b19001703010050056dc48b30e8cfce865753a81c19410868b44ccdc765162103a41cb362cbe3c0c3da3a0ba2e060f77d1914e2bbac6d1528650fa7b33eedd05d30623cd432cf9fb158e4ef5506d7fc6426b4adee4f5b4b
Message-Authenticator = 0xc20c98af65ea96e29c26cc568c9b668e
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 9 length 91
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to temporal1
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 9 length 68
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: Entering ldap_groupcmp()
expand: ou=users,ou=radius,dc=wireless,dc=mired,dc=mx -> ou=users,ou=radius,dc=wireless,dc=mired,dc=mx
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=temporal1)
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx, with filter (uid=temporal1)
rlm_ldap: ldap_release_conn: Release Id: 0
expand: (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx, with filter (&(cn=academicos)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=RETY750916,ou=users,ou=radius,dc=wireless,dc=mired,dc=mx, with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group academicos
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 139
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for temporal1 with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
Login incorrect: [temporal1/<via Auth-Type = EAP>] (from client WLAN port 0 via TLS tunnel)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
++[eap] returns handled
EAP-Message = 0x010a00261900170301001b1eb8a5f200d206368fbae80686e7042566c959114b2868fce2f0e0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a73adcc9876db8a2af8cd70725
Finished request 7.
Going to the next request
Waking up in 4.8 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a73adcc9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020a00261900170301001ba4d540bec66a46cd132819b8612d89fac136ed00afa7a8fd61e51e
Message-Authenticator = 0x28a2d71520b5d7318fe1bcb6df931269
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 10 length 38
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [temporal1/<via Auth-Type = EAP>] (from client WLAN port 0 cli 00-0e-9b-d3-72-7c)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> temporal1
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.8 seconds.
Cleaning up request 0 ID 232 with timestamp +39
Cleaning up request 1 ID 233 with timestamp +39
Cleaning up request 2 ID 234 with timestamp +39
Cleaning up request 3 ID 235 with timestamp +39
Waking up in 0.1 seconds.
Cleaning up request 4 ID 236 with timestamp +39
Cleaning up request 5 ID 237 with timestamp +39
Cleaning up request 6 ID 238 with timestamp +39
Cleaning up request 7 ID 239 with timestamp +39
Waking up in 1.0 seconds.
Cleaning up request 8 ID 240 with timestamp +39
Ready to process requests.
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.