<div>Hi i dont get any answer till now, though i join ur list that i hope a help from someone.</div>
<div>please i need to decide what to use RED HAT OR SLACKWARE.</div>
<div><br><br> </div>
<div><span class="gmail_quote">On 2/15/07, <b class="gmail_sendername"><a href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a></b> <<a href="mailto:freeradius-users-request@lists.freeradius.org">
freeradius-users-request@lists.freeradius.org</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Send Freeradius-Users mailing list submissions to<br> <a href="mailto:freeradius-users@lists.freeradius.org">
freeradius-users@lists.freeradius.org</a><br><br>To subscribe or unsubscribe via the World Wide Web, visit<br> <a href="http://lists.freeradius.org/mailman/listinfo/freeradius-users">http://lists.freeradius.org/mailman/listinfo/freeradius-users
</a><br>or, via email, send a message with subject or body 'help' to<br> <a href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a><br><br>You can reach the person managing the list at
<br> <a href="mailto:freeradius-users-owner@lists.freeradius.org">freeradius-users-owner@lists.freeradius.org</a><br><br>When replying, please edit your Subject line so it is more specific<br>than "Re: Contents of Freeradius-Users digest..."
<br><br><br>Today's Topics:<br><br> 1. Re: db.counter not found! (Alan DeKok)<br> 2. Re: VLAN assigment and Alcatel Omniswitch 7800 (Oxiel Contreras)<br> 3. [SOLVED] - Re: VLAN assigment and Alcatel Omniswitch 7800
<br> (Oxiel Contreras)<br> 4. Re: Simple security (Gaddis, Jeremy L.)<br> 5. NAS-IP-Address in mysql (VeNoMouS)<br> 6. Re: NAS-IP-Address in mysql (Dan Mahoney, System Admin)<br> 7. strip unwanted characters from reply message (Cory Robson)
<br> 8. Re: a problem about radius and ldap [SOLVED] (Ramazan Ulker)<br><br><br>----------------------------------------------------------------------<br><br>Message: 1<br>Date: Thu, 15 Feb 2007 03:02:40 +0100<br>From: Alan DeKok <
<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>><br>Subject: Re: db.counter not found!<br>To: FreeRadius users mailing list<br> <<a href="mailto:freeradius-users@lists.freeradius.org">
freeradius-users@lists.freeradius.org</a>><br>Message-ID: <<a href="mailto:45D3BF40.30201@deployingradius.com">45D3BF40.30201@deployingradius.com</a>><br>Content-Type: text/plain; charset=ISO-8859-1<br><br>Enrique Llanos V. wrote:
<br>> And of course in my raddb (freeradius) path:<br>><br>> bash-2.05b# locate db.counter<br>> /usr/local/etc/raddb/db.counter<br><br>"locate" uses a database that is updated daily. So if the file<br>
disappears, locate doesn't notice.<br><br>Use "ls" instead.<br><br>> Yet when i start freeradius i obtain this error:<br>...<br>> Wed Feb 14 17:02:40 2007 : Error: rlm_counter: Failed to open file<br>> /usr/local/etc/raddb/db.counter: No such file or directory
<br>...<br>> Any ideas in how to correct this error?<br><br>Ensure that the /usr/local/etc/raddb directory exists, and readable by<br>radiusd.<br><br>Alan DeKok.<br>--<br><a href="http://deployingradius.com">http://deployingradius.com
</a> - The web site of the book<br><a href="http://deployingradius.com/blog/">http://deployingradius.com/blog/</a> - The blog<br><br><br>------------------------------<br><br>Message: 2<br>Date: Wed, 14 Feb 2007 22:08:57 -0400
<br>From: Oxiel Contreras <<a href="mailto:oxielc@yahoo.it">oxielc@yahoo.it</a>><br>Subject: Re: VLAN assigment and Alcatel Omniswitch 7800<br>To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org
</a><br>Message-ID: <<a href="mailto:200702142208.57769.oxielc@yahoo.it">200702142208.57769.oxielc@yahoo.it</a>><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>Hello Marcel.<br><br>> I'm afraid you added it in the wrong place,
dictionary.alcatel does not<br>> contain the VSAs for Omniswitches (Alcatel-Lucent has multiple<br>> dictionaries for different products, dictionary.alcatel appears to be<br>> for a BRAS, not for an enterprise switch).
<br>> The dictionary you're looking for is dictionary.xylan; the easiest way<br>> is to use Xylan-Auth-Group for sending your VLAN (The name isn't really<br>> that important, what is important is that the number for the attribute
<br>> is correct (1 in this case) and that it is defined with the proper<br>> vendor number (800 for Omniswitches)).<br><br>Right, indeed used Xylan-Auth-Group and worked perfectly, i'm so happy a tear<br>fell down :)
<br><br>Many thanks.<br><br>Oxiel<br><br>Chiacchiera con i tuoi amici in tempo reale!<br><a href="http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com">http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com
</a><br><br><br>------------------------------<br><br>Message: 3<br>Date: Wed, 14 Feb 2007 22:30:17 -0400<br>From: Oxiel Contreras <<a href="mailto:oxielc@yahoo.it">oxielc@yahoo.it</a>><br>Subject: [SOLVED] - Re: VLAN assigment and Alcatel Omniswitch 7800
<br>To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>Message-ID: <<a href="mailto:200702142230.18122.oxielc@yahoo.it">200702142230.18122.oxielc@yahoo.it</a>><br>
Content-Type: text/plain; charset="iso-8859-15"<br><br>Hello Santa.<br><br>This worked great!!!<br><br>I was doing 802.1x only, no AVLAN.<br><br>For any soul out there trying to implement 802.1x with FreeRadius on
<br>OpenSuSE10.1 and Omniswitch 7800 and Active Directory as taught on:<br><br><a href="http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO">http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
</a><br><br>Take note of the following points:<br><br>1) If you use PEAP, install the patch from MS to Radius as noted on the FAQ,<br>you need someone with Gold Support from M$ to get it or email me off the<br>list :)<br>
<br><a href="http://wiki.freeradius.org/FreeRADIUS_Wiki:FAQ#PEAP_Doesn.27t_Work">http://wiki.freeradius.org/FreeRADIUS_Wiki:FAQ#PEAP_Doesn.27t_Work</a><br><br>2) If PEAP is your election, install the CA and generate the certificates on
<br>the Radius server.<br><br>3) Modify the permissions of execution for the winbind daemon in order to<br>acomplish the ntlm_auth process, FIXME, now using root permissions.<br><br>4) Use Xylan-Auth-Group as VSA in /etc/raddb/users as the attribute for
<br>assigning VLAN, or generate the new dictionary.alcatel as Santa Yeh described<br>below, and then use Alcatel-Auth-Group as the attribute for VLAN<br><br>5) Use the setup for omniswitch as described below by Santa Yeh<br>
<br>6) Thank all these great people who develop and support this great software.<br><br>Thanks Alan, A.L.M., Jeremy, Marcel and Santa.<br><br>Best regards<br><br>Oxiel<br><br>El Mi?rcoles, 14 de Febrero de 2007 11:19, Santa Yeh escribi?:
<br><br>> Hello Oxiel,<br>><br>> Are you doing AVLAN or 802.1x?<br>><br>> 1. I created a new file - dictionary.alcatel<br>><br>> #<br>> # dictionary.alcatel<br>> #<br>> # Alcatel VSAs
<br>> #<br>><br>> VENDOR Alcatel 800<br>><br>> #<br>> # Standard attribute<br>> #<br>> ATTRIBUTE Alcatel-Auth-Group 1 integer Alcatel<br>> ATTRIBUTE Alcatel-Slot-Port 2 string Alcatel
<br>> ATTRIBUTE Alcatel-Time-of-Day 3 string Alcatel<br>> ATTRIBUTE Alcatel-Client-IP-Addr 4 ipaddr Alcatel<br>> ATTRIBUTE Alcatel-Group-Desc 5 string Alcatel<br>> ATTRIBUTE Alcatel-Port-Desc 6 string Alcatel
<br>><br>> VALUE Acct-Authentic AUTH-AVCLIENT 4<br>> VALUE Acct-Authentic AUTH-TELNET 5<br>> VALUE Acct-Authentic AUTH-HTTP 6<br>><br>> 2. For users file
<br>><br>> user1 Auth-Type := Local, Password = "user1"<br>> Alcatel-Auth-Group = 3<br>><br>> 3. For AVLAN<br>><br>> vlan 3 authentication enable<br>> vlan port mobile 1/1 bpdu ignore enable
<br>> vlan port 1/1 authenticate enable<br>> ip interface vlan3 address <a href="http://192.168.11.254">192.168.11.254</a> mask <a href="http://255.255.255.0">255.255.255.0</a> vlan 3<br>> aaa radius-server rad1 host
<a href="http://192.168.10.211">192.168.10.211</a> key radkey<br>> aaa authentication vlan single-mode rad1<br>> aaa accounting vlan rad1<br>> aaa avlan default dhcp <a href="http://192.168.11.254">192.168.11.254
</a><br>> aaa avlan dns alcatel<br>> avlan 3 auth-ip <a href="http://192.168.11.253">192.168.11.253</a><br>><br>> 4. For 802.1x (Sorry, just from my memory)<br>><br>> vlan 3 802.1x enable<br>> vlan port mobile 1/1 bpdu ignore enable
<br>> vlan port 1/1 802.1x enable<br>> ip interface vlan3 address <a href="http://192.168.11.254">192.168.11.254</a> mask <a href="http://255.255.255.0">255.255.255.0</a> vlan 3<br>> aaa radius-server rad1 host <a href="http://192.168.10.211">
192.168.10.211</a> key radkey<br>> aaa authentication 802.1x rad1<br>> aaa accounting 802/1x rad1<br>Chiacchiera con i tuoi amici in tempo reale!<br><a href="http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com">
http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com</a><br><br><br><br>------------------------------<br><br>Message: 4<br>Date: Thu, 15 Feb 2007 00:07:42 -0500 (EST)<br>From: "Gaddis, Jeremy L." <
<a href="mailto:jeremy@linuxwiz.net">jeremy@linuxwiz.net</a>><br>Subject: Re: Simple security<br>To: FreeRadius users mailing list<br> <<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org
</a>><br>Message-ID: <<a href="mailto:Pine.LNX.4.64.0702150007130.26174@w00t.linuxwiz.net">Pine.LNX.4.64.0702150007130.26174@w00t.linuxwiz.net</a>><br>Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed<br>
<br>On Wed, 14 Feb 2007, Scott Hughes wrote:<br>> I have friend that want some light security on the small network they have (15-25 PCs).<br>><br>> What is the best way to secure his network so that someone can't just plug in his laptop and be on the network? He would prefer to make this seamless to his users.
<br><br>802.1X<br><br>--<br>Jeremy L. Gaddis, MCP, GCWN <a href="mailto:jeremy@linuxwiz.net">jeremy@linuxwiz.net</a><br>LinuxWiz Consulting <a href="http://linuxwiz.net">http://linuxwiz.net
</a><br><br><br><br><br>------------------------------<br><br>Message: 5<br>Date: Thu, 15 Feb 2007 18:09:04 +1300<br>From: "VeNoMouS" <<a href="mailto:venom@gen-x.co.nz">venom@gen-x.co.nz</a>><br>Subject: NAS-IP-Address in mysql
<br>To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>Message-ID: <<a href="mailto:jdhnn4.lzlxf2@www.gen-x.co.nz">jdhnn4.lzlxf2@www.gen-x.co.nz</a>><br>Content-Type: text/plain; charset="iso-8859-1"
<br><br>Hi guys After doing some tests, I just discovered that I cant have more then<br>one NAS-IP-Address in radgroupcheck (it seems to ignore the others) does<br>anyone know of a work around as i dont want to use the huntgroup file (makes
<br>it kinda anonying since im doing a web frontend for administration).<br><br><br>Cheers<br><br><br><br><br>------------------------------<br><br>Message: 6<br>Date: Thu, 15 Feb 2007 01:09:41 -0500 (EST)<br>From: "Dan Mahoney, System Admin" <
<a href="mailto:danm@prime.gushi.org">danm@prime.gushi.org</a>><br>Subject: Re: NAS-IP-Address in mysql<br>To: <a href="mailto:venom@gen-x.co.nz">venom@gen-x.co.nz</a>, FreeRadius users mailing list<br> <<a href="mailto:freeradius-users@lists.freeradius.org">
freeradius-users@lists.freeradius.org</a>><br>Message-ID: <<a href="mailto:20070215010842.M65264@prime.gushi.org">20070215010842.M65264@prime.gushi.org</a>><br>Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
<br><br>On Thu, 15 Feb 2007, VeNoMouS wrote:<br><br>> Hi guys After doing some tests, I just discovered that I cant have more then<br>> one NAS-IP-Address in radgroupcheck (it seems to ignore the others) does<br>> anyone know of a work around as i dont want to use the huntgroup file (makes
<br>> it kinda anonying since im doing a web frontend for administration).<br><br>this is getting to be a really common question :)<br><br>Yes, you need to embed the nas-ip-address as part of your query (in the<br>WHERE clause (same way as you match the username) so only the matching
<br>items are returned.<br><br>-Dan<br><br>><br>><br>> Cheers<br>><br>><br>> -<br>> List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html
</a><br>><br><br>--<br><br>"I can feel it, comin' back again...Like a rolling thunder chasin' the<br>wind..."<br><br>-Dan Mahoney, JS, JB & SL, May 10th, 1997, Approx 1AM<br><br>--------Dan Mahoney--------
<br>Techie, Sysadmin, WebGeek<br>Gushi on efnet/undernet IRC<br>ICQ: 13735144 AIM: LarpGM<br>Site: <a href="http://www.gushi.org">http://www.gushi.org</a><br>---------------------------<br><br><br><br>------------------------------
<br><br>Message: 7<br>Date: Thu, 15 Feb 2007 15:40:00 +0900<br>From: "Cory Robson" <<a href="mailto:cory@cmi.net.au">cory@cmi.net.au</a>><br>Subject: strip unwanted characters from reply message<br>To: "'FreeRadius users mailing list'"
<br> <<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>Message-ID: <<a href="mailto:20070215063635.3AAD5104464@poseidon.gateway.net.au">20070215063635.3AAD5104464@poseidon.gateway.net.au
</a>><br>Content-Type: text/plain; charset="us-ascii"<br><br>I have failed logins being dumped into a table in myslq and am getting a lot<br>of unwanted characters.<br><br>IE: Password Has Expired=5Cr=5Cn
<br><br>Is there a way I can tell it to only supply the textual content<br><br><br>Thanks<br><br><br>Cory<br><br><br><br>------------------------------<br><br>Message: 8<br>Date: Thu, 15 Feb 2007 08:45:30 +0200<br>From: "Ramazan Ulker" <
<a href="mailto:ulkerra@gmail.com">ulkerra@gmail.com</a>><br>Subject: Re: a problem about radius and ldap [SOLVED]<br>To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>
<br>Message-ID:<br> <<a href="mailto:79b4f8410702142245j263beef5vd8f15e1794b8c187@mail.gmail.com">79b4f8410702142245j263beef5vd8f15e1794b8c187@mail.gmail.com</a>><br>Content-Type: text/plain; charset="iso-8859-1"
<br><br>Hi<br>Sorry for too many mails. Problem solved by setting identity and password in<br>radius.conf with proper user in ldap. I managed to get User-Password from<br>ldap at the end as shown below.<br><br>rlm_ldap: Added password ramazan in check items
<br>rlm_ldap: looking for check items in directory...<br>rlm_ldap: Adding userpassword as User-Password, value ramazan & op=21<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id,
<br>value 2 & op=11<br>rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6 &<br>op=11<br>rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN & op=11<br>rlm_ldap: Adding radiusClass as Class, value employee & op=11
<br>rlm_ldap: user ramazan authorized to use remote access<br>rlm_ldap: ldap_release_conn: Release Id: 0<br>modcall[authorize]: module "ldap" returns ok for request 1<br>modcall: leaving group authorize (returns updated) for request 1
<br>rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 1<br>rlm_eap: Request found, released from the list
<br>rlm_eap: EAP/md5<br>rlm_eap: processing type md5<br>rlm_eap: Freeing handler<br>modcall[authenticate]: module "eap" returns ok for request 1<br>modcall: leaving group authenticate (returns ok) for request 1<br>
Login OK: [ramazan/<no User-Password attribute>] (from client ldapsrv port<br>50001 cli 00-12-79-AE-D2-4D)<br>On 1/29/07, Ramazan Ulker <<a href="mailto:ulkerra@gmail.com">ulkerra@gmail.com</a>> wrote:<br>>
<br>><br>><br>> Hi<br>><br>> I'm working on 802.1x implementation(cisco 2950, freeradius, ldap), i face<br>a problem. First of all, defining users and passwords in users file in raddb<br>works well with md5 authentication. Then i tried to use ldap, then with
<br>radtest i get accept-accept packet. But while authenticating from xp client<br>with md5-challenge, I got<br>><br>> Auth:rlm_ldap:Attribute "User-Password" is required for authentication<br>><br>> error. In one of the e-mail you said don't authenticate from ldap, but
<br>with radtest function i get success!!! The passwords are kept clear text.<br>I'm looking forward to getting your help. I also send radius debug log.<br>><br>> Best Regards<br>><br>> Ramazan<br>><br>
><br>><br>><br>><br>> Starting - reading configuration files ...<br>><br>> reread_config: reading radiusd.conf<br>><br>> Config: including file: /etc/raddb/proxy.conf<br>><br>> Config: including file: /etc/raddb/clients.conf
<br>><br>> Config: including file: /etc/raddb/snmp.conf<br>><br>> Config: including file: /etc/raddb/sql.conf<br>><br>> main: prefix = "/usr"<br>><br>> main: localstatedir = "/var"
<br>><br>> main: logdir = "/var/log/radius"<br>><br>> main: libdir = "/usr/lib/freeradius"<br>><br>> main: radacctdir = "/var/log/radius/radacct"<br>><br>> main: hostname_lookups = no
<br>><br>> main: max_request_time = 30<br>><br>> main: cleanup_delay = 5<br>><br>> main: max_requests = 1024<br>><br>> main: delete_blocked_requests = 0<br>><br>> main: port = 0<br>><br>> main: allow_core_dumps = no
<br>><br>> main: log_stripped_names = yes<br>><br>> main: log_file = "/var/log/radius/radius.log"<br>><br>> main: log_auth = yes<br>><br>> main: log_auth_badpass = yes<br>><br>> main: log_auth_goodpass = yes
<br>><br>> main: pidfile = "/var/run/radiusd/radiusd.pid"<br>><br>> main: user = "radiusd"<br>><br>> main: group = "radiusd"<br>><br>> main: usercollide = no<br>><br>
> main: lower_user = "no"<br>><br>> main: lower_pass = "no"<br>><br>> main: nospace_user = "no"<br>><br>> main: nospace_pass = "no"<br>><br>> main: checkrad = "/usr/sbin/checkrad"
<br>><br>> main: proxy_requests = yes<br>><br>> proxy: retry_delay = 5<br>><br>> proxy: retry_count = 3<br>><br>> proxy: synchronous = no<br>><br>> proxy: default_fallback = yes<br>><br>> proxy: dead_time = 120
<br>><br>> proxy: post_proxy_authorize = yes<br>><br>> proxy: wake_all_if_all_dead = no<br>><br>> security: max_attributes = 200<br>><br>> security: reject_delay = 1<br>><br>> security: status_server = no
<br>><br>> main: debug_level = 0<br>><br>> read_config_files: reading dictionary<br>><br>> read_config_files: reading naslist<br>><br>> read_config_files: reading clients<br>><br>> read_config_files: reading realms
<br>><br>> radiusd: entering modules setup<br>><br>> Module: Library search path is /usr/lib/freeradius<br>><br>> Module: Loaded expr<br>><br>> Module: Instantiated expr (expr)<br>><br>> Module: Loaded PAP
<br>><br>> pap: encryption_scheme = "crypt"<br>><br>> Module: Instantiated pap (pap)<br>><br>> Module: Loaded CHAP<br>><br>> Module: Instantiated chap (chap)<br>><br>> Module: Loaded MS-CHAP
<br>><br>> mschap: use_mppe = yes<br>><br>> mschap: require_encryption = no<br>><br>> mschap: require_strong = no<br>><br>> mschap: passwd = "(null)"<br>><br>> mschap: authtype = "MS-CHAP"
<br>><br>> Module: Instantiated mschap (mschap)<br>><br>> Module: Loaded System<br>><br>> unix: cache = no<br>><br>> unix: passwd = "(null)"<br>><br>> unix: shadow = "(null)"
<br>><br>> unix: group = "(null)"<br>><br>> unix: radwtmp = "/var/log/radius/radwtmp"<br>><br>> unix: usegroup = no<br>><br>> unix: cache_reload = 600<br>><br>> Module: Instantiated unix (unix)
<br>><br>> Module: Loaded LDAP<br>><br>> ldap: server = "<a href="http://192.168.100.18">192.168.100.18</a>"<br>><br>> ldap: port = 389<br>><br>> ldap: net_timeout = 1<br>><br>> ldap: timeout = 4
<br>><br>> ldap: timelimit = 3<br>><br>> ldap: identity = ""<br>><br>> ldap: start_tls = no<br>><br>> ldap: password = ""<br>><br>> ldap: basedn = "dc=<a href="http://dot1x.com">
dot1x.com</a>"<br>><br>> ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"<br>><br>> ldap: default_profile = "(null)"<br>><br>> ldap: profile_attribute = "(null)"
<br>><br>> ldap: password_header = "(null)"<br>><br>> ldap: password_attribute = "userPassword"<br>><br>> ldap: access_attr = "radiusgroupname"<br>><br>> ldap: groupname_attribute = "cn"
<br>><br>> ldap: groupmembership_filter =<br>"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"<br>><br>> ldap: groupmembership_attribute = "radiusGroupName"
<br>><br>> ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap"<br>><br>> ldap: ldap_debug = 0<br>><br>> ldap: ldap_connections_number = 5<br>><br>> ldap: compare_check_items = no<br>>
<br>> ldap: access_attr_used_for_allow = yes<br>><br>> conns: (nil)<br>><br>> rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap<br>><br>> rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
<br>><br>> rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$<br>><br>> rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type<br>><br>> rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
<br>><br>> rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id<br>><br>> rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id<br>><br>> rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
<br>><br>> rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password<br>><br>> rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT<br>><br>> rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
<br>><br>> rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type<br>><br>> rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol<br>><br>> rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
<br>><br>> rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask<br>><br>> rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route<br>><br>> rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
<br>><br>> rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id<br>><br>> rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU<br>><br>> rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
<br>><br>> rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host<br>><br>> rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service<br>><br>> rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
<br>><br>> rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number<br>><br>> rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id<br>><br>> rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
<br>><br>> rlm_ldap: LDAP radiusClass mapped to RADIUS Class<br>><br>> rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout<br>><br>> rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
<br>><br>> rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action<br>><br>> rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service<br>><br>> rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
<br>><br>> rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group<br>><br>> rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS<br>Framed-AppleTalk-Link<br>><br>> rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
<br>Framed-AppleTalk-Network<br>><br>> rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS<br>Framed-AppleTalk-Zone<br>><br>> rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit<br>><br>> rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
<br>><br>> rlm_ldap: LDAP userPassword mapped to RADIUS User-Password<br>><br>> rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type<br>><br>> rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
<br>><br>> rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS<br>Tunnel-Private-Group-Id<br>><br>> conns: 0x8101f58<br>><br>> Module: Instantiated ldap (ldap)<br>><br>> Module: Loaded eap<br>
><br>> eap: default_eap_type = "md5"<br>><br>> eap: timer_expire = 60<br>><br>> rlm_eap: Loaded and initialized the type md5<br>><br>> rlm_eap: Loaded and initialized the type leap<br>>
<br>> Module: Instantiated eap (eap)<br>><br>> Module: Loaded preprocess<br>><br>> preprocess: huntgroups = "/etc/raddb/huntgroups"<br>><br>> preprocess: hints = "/etc/raddb/hints"
<br>><br>> preprocess: with_ascend_hack = no<br>><br>> preprocess: ascend_channels_per_line = 23<br>><br>> preprocess: with_ntdomain_hack = no<br>><br>> preprocess: with_specialix_jetstream_hack = no
<br>><br>> preprocess: with_cisco_vsa_hack = no<br>><br>> Module: Instantiated preprocess (preprocess)<br>><br>> Module: Loaded realm<br>><br>> realm: format = "suffix"<br>><br>> realm: delimiter = "@"
<br>><br>> Module: Instantiated realm (suffix)<br>><br>> Module: Loaded files<br>><br>> files: usersfile = "/etc/raddb/users"<br>><br>> files: acctusersfile = "/etc/raddb/acct_users"
<br>><br>> files: preproxy_usersfile = "/etc/raddb/preproxy_users"<br>><br>> files: compat = "no"<br>><br>> Module: Instantiated files (files)<br>><br>> Module: Loaded Acct-Unique-Session-Id
<br>><br>> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,<br>Client-IP-Address, NAS-Port-Id"<br>><br>> Module: Instantiated acct_unique (acct_unique)<br>><br>> Module: Loaded detail
<br>><br>> detail: detailfile =<br>"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"<br>><br>> detail: detailperm = 384<br>><br>> detail: dirperm = 493<br>><br>> detail: locking = no
<br>><br>> Module: Instantiated detail (detail)<br>><br>> Module: Loaded radutmp<br>><br>> radutmp: filename = "/var/log/radius/radutmp"<br>><br>> radutmp: username = "%{User-Name}"
<br>><br>> radutmp: case_sensitive = yes<br>><br>> radutmp: check_with_nas = yes<br>><br>> radutmp: perm = 384<br>><br>> radutmp: callerid = yes<br>><br>> Module: Instantiated radutmp (radutmp)
<br>><br>> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on<br>1814/udp.<br>><br>> Ready to process requests.<br>><br>> rad_recv: Access-Request packet from host <a href="http://192.168.100.17:1812">
192.168.100.17:1812</a>, id=11,<br>length=129<br>><br>> NAS-IP-Address = <a href="http://192.168.100.17">192.168.100.17</a><br>><br>> NAS-Port = 50001<br>><br>> NAS-Port-Type = Ethernet<br>><br>> User-Name = "ramazan"
<br>><br>> Called-Station-Id = "00-0F-8F-77-DB-81"<br>><br>> Calling-Station-Id = "00-12-79-AE-D2-4D"<br>><br>> Service-Type = Framed-User<br>><br>> Framed-MTU = 1500<br>><br>
> EAP-Message = 0x0200000c0172616d617a616e<br>><br>> Message-Authenticator = 0x68c41631d4feb2234d900b37a9845348<br>><br>> modcall: entering group authorize for request 0<br>><br>> modcall[authorize]: module "preprocess" returns ok for request 0
<br>><br>> modcall[authorize]: module "chap" returns noop for request 0<br>><br>> rlm_eap: EAP packet type notification id 0 length 12<br>><br>> rlm_eap: EAP Start not found<br>><br>> modcall[authorize]: module "eap" returns updated for request 0
<br>><br>> rlm_realm: No '@' in User-Name = "ramazan", looking up realm NULL<br>><br>> rlm_realm: No such realm "NULL"<br>><br>> modcall[authorize]: module "suffix" returns noop for request 0
<br>><br>> users: Matched DEFAULT at 152<br>><br>> rlm_ldap: Entering ldap_groupcmp()<br>><br>> radius_xlat: 'dc=<a href="http://dot1x.com">dot1x.com</a>'<br>><br>> radius_xlat: '(uid=ramazan)'
<br>><br>> ldap_get_conn: Got Id: 0<br>><br>> rlm_ldap: attempting LDAP reconnection<br>><br>> rlm_ldap: (re)connect to <a href="http://192.168.100.18:389">192.168.100.18:389</a>, authentication 0<br>>
<br>> rlm_ldap: bind as / to <a href="http://192.168.100.18:389">192.168.100.18:389</a><br>><br>> rlm_ldap: waiting for bind result ...<br>><br>> rlm_ldap: performing search in dc=<a href="http://dot1x.com">
dot1x.com</a>, with filter (uid=ramazan)<br>><br>> ldap_release_conn: Release Id: 0<br>><br>> radius_xlat:<br>'(|(&(objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc=<br><a href="http://dot1x.com">
dot1x.com</a>))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc=<br><a href="http://dot1x.com">dot1x.com</a>)))'<br>><br>> ldap_get_conn: Got Id: 0<br>><br>> rlm_ldap: performing search in dc=
<a href="http://dot1x.com">dot1x.com</a>, with filter<br>(&(cn=VPN)(|(&(objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc=<br><a href="http://dot1x.com">dot1x.com</a>))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc=
<br><a href="http://dot1x.com">dot1x.com</a>))))<br>><br>> rlm_ldap: object not found or got ambiguous search result<br>><br>> ldap_release_conn: Release Id: 0<br>><br>> ldap_get_conn: Got Id: 0<br>><br>
> rlm_ldap: performing search in uid=ramazan,cn=users,cn=idc,dc=<a href="http://dot1x.com">dot1x.com</a>,<br>with filter (objectclass=*)<br>><br>> rlm_ldap::ldap_groupcmp: User found in group VPN<br>><br>> ldap_release_conn: Release Id: 0
<br>><br>> users: Matched DEFAULT at 171<br>><br>> modcall[authorize]: module "files" returns ok for request 0<br>><br>> modcall[authorize]: module "mschap" returns noop for request 0
<br>><br>> rlm_ldap: - authorize<br>><br>> rlm_ldap: performing user authorization for ramazan<br>><br>> radius_xlat: '(uid=ramazan)'<br>><br>> radius_xlat: 'dc=<a href="http://dot1x.com">
dot1x.com</a>'<br>><br>> ldap_get_conn: Got Id: 0<br>><br>> rlm_ldap: performing search in dc=<a href="http://dot1x.com">dot1x.com</a>, with filter (uid=ramazan)<br>><br>> rlm_ldap: checking if remote access for ramazan is allowed by
<br>radiusgroupname<br>><br>> rlm_ldap: looking for check items in directory...<br>><br>> rlm_ldap: Adding radiusAuthType as Auth-Type, value ldap & op=21<br>><br>> rlm_ldap: looking for reply items in directory...
<br>><br>> rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id,<br>value 2 & op=11<br>><br>> rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6 &<br>op=11<br>>
<br>> rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN & op=11<br>><br>> rlm_ldap: Adding radiusClass as Class, value group-net & op=11<br>><br>> rlm_ldap: user ramazan authorized to use remote access
<br>><br>> ldap_release_conn: Release Id: 0<br>><br>> modcall[authorize]: module "ldap" returns ok for request 0<br>><br>> modcall: group authorize returns updated for request 0<br>><br>> rad_check_password: Found Auth-Type ldap
<br>><br>> auth: type "LDAP"<br>><br>> modcall: entering group Auth-Type for request 0<br>><br>> rlm_ldap: - authenticate<br>><br>> rlm_ldap: Attribute "User-Password" is required for authentication.
<br>><br>> modcall[authenticate]: module "ldap" returns invalid for request 0<br>><br>> modcall: group Auth-Type returns invalid for request 0<br>><br>> auth: Failed to validate the user.<br>>
<br>> Login incorrect: [ramazan/<no User-Password attribute>] (from client<br>radius port 50001 cli 00-12-79-AE-D2-4D)<br>><br>> Delaying request 0 for 1 seconds<br>><br>> Finished request 0<br>><br>
> Going to the next request<br>><br>> --- Walking the entire request list ---<br>><br>> Waking up in 1 seconds...<br>><br>> --- Walking the entire request list ---<br>><br>> Waking up in 1 seconds...
<br>><br>> --- Walking the entire request list ---<br>><br>> Sending Access-Reject of id 11 to <a href="http://192.168.100.17:1812">192.168.100.17:1812</a><br>><br>> Waking up in 4 seconds...<br>><br>
-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <a href="https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070215/4a084150/attachment.html">https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070215/4a084150/attachment.html
</a><br><br>------------------------------<br><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br><br><br>End of Freeradius-Users Digest, Vol 22, Issue 66
<br>************************************************<br></blockquote></div><br>