Failed retrieving values required to evaluate condition

Christian Strauf strauf at rz.tu-clausthal.de
Tue Apr 30 11:50:24 CEST 2019 

Hi Christoph,

your log shows the cause of the problem:

--------8<--------8<--------8<--------8<--------
(8) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(8) ldap:    --> (uid=test)
(8) ldap: Performing search in "dc=uni-koblenz,dc=de" with filter "(uid=test)", scope "sub"
(8) ldap: Waiting for search result...
(8) ldap: Search returned no results
rlm_ldap (ldap): Released connection (0)
(8)           [ldap] = notfound
(8)         } # else = notfound
(8)       } # else = notfound
(8)       [expiration] = noop
(8)       [logintime] = noop
(8)       [pap] = noop
(8)     } # authorize = updated
(8)   Found Auth-Type = eapoldca
(8)   Auth-Type sub-section not found.  Ignoring.
(8)   # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(8)   Failed to authenticate the user
(8)   Using Post-Auth-Type Reject
--------8<--------8<--------8<--------8<--------

The user "test" is not found in your LDAP directory and is hence rejected. I haven't looked at the rest of the configuration but it's safe to say that for this particular connection attempt, that's the root cause of the client not being able to connect. The PEAP tunnel is established successfully, the inner authentication seems to run as well (though I don't understand why you need the "if (&User-Name == "eduroam...")" statement in the inner-tunnel configuration because you only need it for the TLS handshake of the outer tunnel).

Kind regards,
Christian Strauf
-- 
Dipl.-Math. Christian Strauf
Clausthal Univ. of Technology   E-Mail: strauf at rz.tu-clausthal.de
Rechenzentrum                   Web:    www.rz.tu-clausthal.de
Erzstraße 18                    Tel.:   +49-5323-72-2086 Fax: -992086
D-38678 Clausthal-Zellerfeld

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5279 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20190430/7450adb9/attachment.bin>

More information about the Freeradius-Users mailing list