radlogin works, mobile device not

Mihajlo Joksimovic mihajlo.joksimovic at adfinis-sygroup.ch
Fri Sep 7 15:03:53 CEST 2012


Hi everybody,

I've a Problem with my freeradius installation.
In the office i have access points, which will authenticate over the
freeradius server. Freeradius should look in ldap for username and password.

Thats what i get when i try to login with an iphone or ipad.

rad_recv: Access-Request packet from host 10.119.12.3 port 1178, id=17,
length=199
    Message-Authenticator = 0x0842b4ee5b5b8aa8cdfd939570dc1cc3
    Service-Type = Framed-User
    User-Name = "test.user"
    Framed-MTU = 1488
    Called-Station-Id = "204E7FE98E93:test-int"
    Calling-Station-Id = "145A05C362D4"
    NAS-Identifier = "aptest03"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x0200001501646f6d696e697175652e6d6f747a6574
    NAS-IP-Address = 10.119.12.3
    NAS-Port = 2
    NAS-Port-Id = "STA port # 2"
+- entering group authorize
++[preprocess] returns ok
    rlm_realm: No '@' in User-Name = "test.user", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for dominique.motzet
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
details
    expand:
(&(objectClass=sambaSamAccount)(!(shadowExpire=1))(uid=%{Stripped-User-Name:-%{User-Name}}))
-> (&(objectClass=sambaSamAccount)(!(shadowExpire=1))(uid=test.user))
    expand: dc=test,dc=local -> dc=test,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: starting TLS
rlm_ldap: bind as cn=admin,dc=test,dc=local/Testing123 to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=test,dc=local, with filter
(&(objectClass=sambaSamAccount)(!(shadowExpire=1))(uid=test.user))
rlm_ldap: checking if remote access for dominique.motzet is allowed by uid
rlm_ldap: No default NMAS login sequence
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute userPassword as RADIUS attribute User-Password
== "{crypt}$1$cyxWDOrg$J0RAKfQ8wiqboGuKakbNx0"
rlm_ldap: LDAP attribute sambaNtPassword as RADIUS attribute NT-Password
== 0x3245453043333441393146393533443035414246463830413531433346433037
rlm_ldap: LDAP attribute sambaLmPassword as RADIUS attribute LM-Password
== 0x4633413830383632323945384445453438314645364439304239333331374342
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test.user authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with
Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good"               !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [test.user/<no User-Password attribute>] (from client
aptest03 port 2 cli 145A05C362D4)
  Found Post-Auth-Type Reject
+- entering group REJECT
    expand: %{User-Name} -> test.user
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.


Thx for help.

MJ

-- 
Adfinis SyGroup AG
Mihajlo Joksimovic, System Engineer

Güterstrasse 86 | CH-4053 Basel
Tel. 061 333 80 33

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120907/48eb81ad/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120907/48eb81ad/attachment-0001.pgp>


More information about the Freeradius-Users mailing list