Connect problem

Matthew Newton mcn4 at leicester.ac.uk
Fri Jul 1 16:21:07 CEST 2016 

On Fri, Jul 01, 2016 at 03:55:52PM +0200, Henrik Kressner wrote:
> Here it comes:
> 
> (8) Received Access-Request Id 91 from 192.168.1.60:35607 to
> 192.168.1.5:1812 length 296
> (8)   User-Name = "EUCNVS\\bob"

Your User-Name is "EUCNVS\bob", not "bob".


> (8) eap_peap:   User-Name = "EUCNVS\\bob"
> (8) eap_peap:   State = 0x7c2bf3237c59e97d257f0149afd6e24c
> (8) Virtual server inner-tunnel received request
> (8)   EAP-Message = 0x027200451a0272004031d62c503eb90b16d5031e912bfc00ed0800000000000000001b7b6fad2215fe2943abc2a9e2562984e93aaf8c19a3de75004555434e56535c626f62
> (8)   FreeRADIUS-Proxied-To = 127.0.0.1
> (8)   User-Name = "EUCNVS\\bob"

This is passed as-is through to the inner-tunnel.

> (8) server inner-tunnel {
> (8)   session-state: No cached attributes
> (8)   # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
> (8)     authorize {
> (8)       policy filter_username {
> (8)         if (&User-Name) {
> (8)         if (&User-Name)  -> TRUE
> (8)         if (&User-Name)  {
> (8)           if (&User-Name =~ / /) {
> (8)           if (&User-Name =~ / /)  -> FALSE
> (8)           if (&User-Name =~ /@[^@]*@/ ) {
> (8)           if (&User-Name =~ /@[^@]*@/ )  -> FALSE
> (8)           if (&User-Name =~ /\.\./ ) {
> (8)           if (&User-Name =~ /\.\./ )  -> FALSE
> (8)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
> (8)           if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))
> -> FALSE
> (8)           if (&User-Name =~ /\.$/)  {
> (8)           if (&User-Name =~ /\.$/)   -> FALSE
> (8)           if (&User-Name =~ /@\./)  {
> (8)           if (&User-Name =~ /@\./)   -> FALSE
> (8)         } # if (&User-Name)  = notfound
> (8)       } # policy filter_username = notfound
> (8)       [chap] = noop
> (8)       [mschap] = noop
> (8) suffix: Checking for suffix after "@"
> (8) suffix: No '@' in User-Name = "EUCNVS\bob", looking up realm NULL
> (8) suffix: No such realm "NULL"
> (8)       [suffix] = noop

You've not configured the realm module to handle "EUCNVS" as a
realm, or used any unlang config to do the same.

> (8)       [files] = noop

So the files module doesn't match. "EUCNVS\bob" is not "bob".

> (8) mschap: WARNING: No Cleartext-Password configured.  Cannot create
> NT-Password
> (8) mschap: WARNING: No Cleartext-Password configured.  Cannot create
> LM-Password

And therefore Cleartext-Password isn't defined when it needs to
be.


Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list