<span class="gmail_quote"></span>yeah upgrading is high on my list :)<br><br>rlm_passwd says it provides authorization via files but i need it via LDAP.<br>I didnt get much from your reply, here's what am doing presently
<br>plz suggest how should i proceed.
<br><br>*********************************************************************************************************<br>LDAP user:<br><br>dn: uid=ashimece,cn=Ece08,cn=Students,dc=itweb<br>uid: ashimece<br>userPassword: jindal
<br>objectClass: account<br>objectClass: simpleSecurityObject<br>objectClass: top<br>objectClass: radiusprofile<br>cn: Ashim Dutta<br>radiusCallingStationId: 00-90-4B-ED-AB-52<br><br>Logs of authentication :<br>*********************************************************************************************************
<br>when MAC ID is correct<br><br><br>Waking up in 6 seconds...<br>rad_recv: Access-Request packet from host <a href="http://10.9.1.2:1088" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">10.9.1.2:1088
</a>, id=8, length=249<br> Message-Authenticator = 0x1aefde709d0282b89e74ef5d2df3e4ac
<br> Service-Type = Framed-User<br> User-Name = "ashimece"<br> Framed-MTU = 1488<br> State = 0xefc4f78cf9a0a3f62c93cd748bf36547<br> Called-Station-Id = "00-15-E9-C9-5F-C0:
Dr.CVR24"<br> Calling-Station-Id = "<span style="font-weight: bold;">00-90-4B-ED-AB-52</span>"<br> NAS-Identifier = "D-link Corp. Access Point"<br> NAS-Port-Type = Wireless-802.11
<br> Connect-Info = "CONNECT 54Mbps 802.11g"<br> EAP-Message = 0x020800261900170301001bb0362047836069aff6d4a653b9d47e05dcaa105bfa0926b49c0ab2<br> NAS-IP-Address = <a href="http://10.9.1.2" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
10.9.1.2
</a><br> NAS-Port = 1<br> NAS-Port-Id = "STA port # 1"<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 18<br> modcall[authorize]: module "preprocess" returns ok for request 18
<br> modcall[authorize]: module "chap" returns noop for request 18<br> modcall[authorize]: module "mschap" returns noop for request 18<br> rlm_realm: No '@' in User-Name = "ashimece", looking up realm NULL
<br> rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 18<br> rlm_eap: EAP packet type response id 8 length 38<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
<br> modcall[authorize]: module "eap" returns updated for request 18<br> users: Matched DEFAULT at 152<br> users: Matched DEFAULT at 171<br> modcall[authorize]: module "files" returns ok for request 18
<br>rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for ashimece<br>radius_xlat: '(uid=ashimece)'<br>radius_xlat: 'dc=itweb'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0
<br>rlm_ldap: performing search in dc=itweb, with filter (uid=ashimece)<br>rlm_ldap: checking if remote access for ashimece is allowed by uid<br>rlm_ldap: looking for check items in directory...<br>rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
<span style="font-weight: bold;"> 00-90-4B-ED-AB-52 </span>& op=21<br>rlm_ldap: Adding userPassword as User-Password, value jindal & op=21<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: user ashimece authorized to use remote access
<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap" returns ok for request 18<br>modcall: group authorize returns updated for request 18<br> rad_check_password: Found Auth-Type EAP
<br>auth: type "EAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 18<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br>
rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br> eaptls_verify returned 7<br> rlm_eap_tls: Done initial handshake<br> eaptls_process returned 7<br> rlm_eap_peap: EAPTLS_OK
<br> rlm_eap_peap: Session established. Decoding tunneled attributes.<br> rlm_eap_peap: Received EAP-TLV response.<br> rlm_eap_peap: Tunneled data is valid.<br> rlm_eap_peap: Success<br> rlm_eap: Freeing handler<br>
modcall[authenticate]: module "eap" returns ok for request 18<br>modcall: group authenticate returns ok for request 18<br>Sending Access-Accept of id 8 to <a href="http://10.9.1.2:1088" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
10.9.1.2:1088</a><br> Framed-IP-Address =
<a href="http://255.255.255.254" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">255.255.255.254</a><br> Framed-MTU = 576<br> Service-Type = Framed-User<br> MS-MPPE-Recv-Key = 0xfdd87b133b79449727654aa3a681ee48d891ee6ff1685344159acbc3ff02d820
<br> MS-MPPE-Send-Key = 0xdcbb432b81d40d6e1d189527a911932a7b161f8b68ba2ee06e862c455967699e
<br> EAP-Message = 0x03080004<br> Message-Authenticator = 0x00000000000000000000000000000000<br> User-Name = "ashimece"<br>Finished request 18<br>Going to the next request<br>Waking up in 6 seconds...
<br><br><br>*********************************************************************************************************<br>when MAC ID is *NOT* correct but is authenticated successfully<br><br>Waking up in 5 seconds...<br>
rad_recv: Access-Request packet from host
<a href="http://10.9.1.2:1088" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">10.9.1.2:1088</a>, id=17, length=249<br> Message-Authenticator = 0xaab5be28b7a3198b4432458ae62e1905<br> Service-Type = Framed-User
<br> User-Name = "ashimece"<br>
Framed-MTU = 1488<br> State = 0xdfdb9e22d8d2452e0a4c3daf52e757f6<br> Called-Station-Id = "00-15-E9-C9-5F-C0:Dr.CVR24"<br> Calling-Station-Id = "<span style="font-weight: bold;">
00-90-4B-ED-AB-52</span>"<br> NAS-Identifier = "D-link Corp. Access Point"<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 54Mbps 802.11g"<br> EAP-Message = 0x021100261900170301001ba1bc4bf393dc67e00b5d456b4eda44e73fdef7b14ba0558ecbe493
<br> NAS-IP-Address = <a href="http://10.9.1.2" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">10.9.1.2</a><br> NAS-Port = 1<br> NAS-Port-Id = "STA port # 1"<br> Processing the authorize section of
radiusd.conf<br>modcall: entering group authorize for request 27
<br> modcall[authorize]: module "preprocess" returns ok for request 27<br> modcall[authorize]: module "chap" returns noop for request 27<br> modcall[authorize]: module "mschap" returns noop for request 27
<br> rlm_realm: No '@' in User-Name = "ashimece", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 27
<br>
rlm_eap: EAP packet type response id 17 length 38<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br> modcall[authorize]: module "eap" returns updated for request 27<br> users: Matched DEFAULT at 152
<br> users: Matched DEFAULT at 171<br> modcall[authorize]: module "files" returns ok for request 27<br>rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for ashimece<br>radius_xlat: '(uid=ashimece)'
<br>radius_xlat: 'dc=itweb'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in dc=itweb, with filter (uid=ashimece)<br>rlm_ldap: checking if remote access for ashimece is allowed by uid
<br>rlm_ldap: looking for check items in directory...<br>rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value <span style="font-weight: bold;">00-90-4B-ED-AB-00</span> & op=21<br>rlm_ldap: Adding userPassword as User-Password, value jindal & op=21
<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: user ashimece authorized to use remote access<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap" returns ok for request 27
<br>modcall: group authorize returns updated for request 27<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 27
<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br> eaptls_verify returned 7<br> rlm_eap_tls: Done initial handshake
<br> eaptls_process returned 7<br> rlm_eap_peap: EAPTLS_OK<br> rlm_eap_peap: Session established. Decoding tunneled attributes.<br> rlm_eap_peap: Received EAP-TLV response.<br> rlm_eap_peap: Tunneled data is valid.
<br>
rlm_eap_peap: Success<br> rlm_eap: Freeing handler<br> modcall[authenticate]: module "eap" returns ok for request 27<br>modcall: group authenticate returns ok for request 27<br>Sending Access-Accept of id 17 to
<a href="http://10.9.1.2:1088" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">10.9.1.2:1088</a><br> Framed-IP-Address = <a href="http://255.255.255.254" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
255.255.255.254</a><br> Framed-MTU = 576<br> Service-Type = Framed-User<br> MS-MPPE-Recv-Key = 0x777bb3e1d089ab4d06e5d17cc4e75e1ce71c8a31f7ac06cf193ac2aca893eca9
<br> MS-MPPE-Send-Key = 0x485bd639e4f35fb4fe39fe954d6a1959f3d25f149b53d22c180716bac82abac9<br> EAP-Message = 0x03110004<br> Message-Authenticator = 0x00000000000000000000000000000000<br> User-Name = "ashimece"
<br>Finished request 27<br>Going to the next request<br>Waking up in 5 seconds...<br><br>*********************************************************************************************************<br>when MAC ID is correct BUT ldap *filter* is changed from uid to radiusCallingStationId
<br>but is *NOT* authenticated<br><br>Waking up in 6 seconds...<br>rad_recv: Access-Request packet from host <a href="http://10.9.1.2:1089" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">10.9.1.2:1089
</a>, id=7, length=249<br> Message-Authenticator = 0xef805c6611b81ccd4e57f0a01b5a56b2
<br> Service-Type = Framed-User<br> User-Name = "ashimece"<br> Framed-MTU = 1488<br> State = 0xaf77bba9c6823b2507d129594c59a524<br> Called-Station-Id = "00-15-E9-C9-5F-C0:
Dr.CVR24"<br> Calling-Station-Id = "00-90-4B-ED-AB-52"<br> NAS-Identifier = "D-link Corp. Access Point"<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 54Mbps
802.11g"<br> EAP-Message = 0x020700261900170301001bd7bb65c7f80981315f61ec2779f602c81f4ec09c0c92babb82aacb<br> NAS-IP-Address = <a href="http://10.9.1.2" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
10.9.1.2</a><br> NAS-Port = 1<br> NAS-Port-Id = "STA port # 1"
<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 15<br> modcall[authorize]: module "preprocess" returns ok for request 15<br> modcall[authorize]: module "chap" returns noop for request 15
<br> modcall[authorize]: module "mschap" returns noop for request 15<br> rlm_realm: No '@' in User-Name = "ashimece", looking up realm NULL<br> rlm_realm: No such realm "NULL"
<br>
modcall[authorize]: module "suffix" returns noop for request 15<br> rlm_eap: EAP packet type response id 7 length 38<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br> modcall[authorize]: module "eap" returns updated for request 15
<br> users: Matched DEFAULT at 152<br> users: Matched DEFAULT at 171<br> modcall[authorize]: module "files" returns ok for request 15<br>rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for ashimece
<br>radius_xlat: '(radiusCallingStationId=00-90-4B-ED-AB-52)'<br>radius_xlat: 'dc=itweb'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in dc=itweb, with filter
<span style="font-weight: bold;"> (radiusCallingStationId=00-90-4B-ED-AB-52)</span><br>rlm_ldap: checking if remote access for ashimece is allowed by uid<br>rlm_ldap: looking for check items in directory...<br>rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-90-4B-ED-AB-52 & op=21
<br>rlm_ldap: Adding userPassword as User-Password, value jindal & op=21<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: user ashimece authorized to use remote access<br>rlm_ldap: ldap_release_conn: Release Id: 0
<br> modcall[authorize]: module "ldap" returns ok for request 15<br>modcall: group authorize returns updated for request 15<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br> Processing the authenticate section of
radiusd.conf<br>modcall: entering group authenticate for request 15<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS
<br> eaptls_verify returned 7<br> rlm_eap_tls: Done initial handshake<br> eaptls_process returned 7<br> rlm_eap_peap: EAPTLS_OK<br> rlm_eap_peap: Session established. Decoding tunneled attributes.<br> rlm_eap_peap: Received EAP-TLV response.
<br> rlm_eap_peap: Tunneled data is valid.<br> rlm_eap_peap: Had sent TLV failure, rejecting.<br> rlm_eap: Handler failed in EAP/peap<br> rlm_eap: Failed in EAP select<br> modcall[authenticate]: module "eap" returns invalid for request 15
<br>modcall: group authenticate returns invalid for request 15<br>auth: Failed to validate the user.<br>Delaying request 15 for 1 seconds<br>Finished request 15<br>Going to the next request<br>Waking up in 6 seconds...<br>
<br><br>-- <br>Registerd Linux User #426561<br>-<br>Shobhit Jindal<br>B.Tech. Part-III, <br>Department Of Electronics Engineering, ITBHU<br>INDIA