<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-2">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
p
{mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=DE link=blue vlink=blue>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><a
href="http://wiki.freeradius.org/Operators">http://wiki.freeradius.org/Operators</a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hint += <<<< for Tunnel-Type
!<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Regards,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>E:S<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span lang=EN-US
style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>
freeradius-users-bounces+edvin.seferovic=kolp.at@lists.freeradius.org
[mailto:freeradius-users-bounces+edvin.seferovic=kolp.at@lists.freeradius.org] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Bruno Mardirossian<br>
<b><span style='font-weight:bold'>Sent:</span></b> Freitag, 09. März 2007 03:49<br>
<b><span style='font-weight:bold'>To:</span></b>
freeradius-users@lists.freeradius.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> Freeradius and vlan
assignment</span></font><span lang=EN-US><o:p></o:p></span></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<div>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>Hello! <o:p></o:p></span></font></p>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>I am
working on implementing <b><font color=black><span style='color:black;
background:#FFFF66;font-weight:bold'>freeradius</span></font></b> with a cisco
3750 switch <br>
connected to <b><font color=black><span style='color:black;background:#FFFF66;
font-weight:bold'>freeradius</span></font></b> , which then talks to
AD. (The linux box is on the <br>
AD domain) <o:p></o:p></span></font></p>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>Anyway,
we try to make vlan assignment by using the 'users' file .<o:p></o:p></span></font></p>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>We create
a user named 'test' on my AD server , and we created this section in the file
users :<o:p></o:p></span></font></p>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>test
Auth-Type := MS-CHAP<br>
Tunnel-Type = 13,<br>
Tunnel-Medium-Type = 6,<br>
Tunnel-Private-Group-Id = 2<o:p></o:p></span></font></p>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>The user
is correctly authenticated by AD , but he is put in the default vlan
( id 1 ) and not in the vlan defined in the file 'users' ( id 2 ) .<o:p></o:p></span></font></p>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>By the
way, readind the radiusd output , i think that freeradius does not read my
users file...i didn't see int he log anything about the Tunnel-Type or
Tunnel-Private-Group-Id informations....<o:p></o:p></span></font></p>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>Anyone
have any thoughts? <o:p></o:p></span></font></p>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>Regards<o:p></o:p></span></font></p>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>Bruno<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>Message-Authenticator = 0xa309657e84ce8131d67aa64d9a491059<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 6<br>
modcall[authorize]: module "preprocess" returns ok for request
6 <br>
modcall[authorize]: module "chap" returns noop for request 6<br>
rlm_realm: No <a href="mailto:'@'">'@'</a> in User-Name =
"CSB\test", looking up realm NULL<br>
rlm_realm: No such realm "NULL" <br>
modcall[authorize]: module "suffix" returns noop for request 6<br>
users: Matched entry DEFAULT at line 165<br>
users: Matched entry DEFAULT at line 184<br>
modcall[authorize]: module "files" returns ok for request 6 <br>
rlm_eap: EAP packet type response id 6 length 90<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
modcall[authorize]: module "eap" returns updated for request 6<br>
modcall[authorize]: module "mschap" returns noop for request 6
<br>
modcall: group authorize returns updated for request 6<br>
rad_check_password: Found Auth-Type MS-CHAP<br>
rad_check_password: Found Auth-Type EAP<br>
Warning: Found 2 auth-types on request for user 'CSB\test' <br>
auth: type "EAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 6<br>
rlm_eap: Request found, released from the list<br>
rlm_eap: EAP/peap<br>
rlm_eap: processing type peap <br>
rlm_eap_peap: Authenticate<br>
rlm_eap_tls: processing TLS<br>
eaptls_verify returned 7<br>
rlm_eap_tls: Done initial handshake<br>
eaptls_process returned 7<br>
rlm_eap_peap: EAPTLS_OK<br>
rlm_eap_peap: Session established. Decoding tunneled attributes. <br>
rlm_eap_peap: EAP type mschapv2<br>
rlm_eap_peap: Tunneled data is valid.<br>
PEAP: Setting User-Name to CSB\test<br>
PEAP: Adding old state with 86 79<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 6 <br>
modcall[authorize]: module "preprocess" returns ok for request
6<br>
modcall[authorize]: module "chap" returns noop for request 6<br>
rlm_realm: No <a href="mailto:'@'">'@'</a> in User-Name =
"CSB\test", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "suffix" returns noop for request 6<br>
users: Matched entry DEFAULT at line 165 <br>
modcall[authorize]: module "files" returns ok for request 6<br>
rlm_eap: EAP packet type response id 6 length 67<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
modcall[authorize]: module "eap" returns updated for request 6
<br>
modcall[authorize]: module "mschap" returns noop for request 6<br>
modcall: group authorize returns updated for request 6<br>
rad_check_password: Found Auth-Type MS-CHAP<br>
rad_check_password: Found Auth-Type EAP <br>
Warning: Found 2 auth-types on request for user 'CSB\test'<br>
auth: type "EAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 6<br>
rlm_eap: Request found, released from the list <br>
rlm_eap: EAP/mschapv2<br>
rlm_eap: processing type mschapv2<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group Auth-Type for request 6<br>
rlm_mschap: No User-Password configured. Cannot create
LM-Password. <br>
rlm_mschap: No User-Password configured. Cannot create NT-Password.<br>
rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password<br>
radius_xlat: Running registered xlat function of module mschap for string
'NT-Domain' <br>
radius_xlat: Running registered xlat function of module mschap for string
'User-Name'<br>
radius_xlat: Running registered xlat function of module mschap for string
'Challenge'<br>
mschap2: 9a<br>
radius_xlat: Running registered xlat function of module mschap for string
'NT-Response' <br>
radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --domain=CSB
--username=test --challenge=0529c10bac22a3fa
--nt-response=4b1e21679b85263858da26874073491971a58f8bfc024456'<br>
Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=CSB --username=test
--challenge=0529c10bac22a3fa
--nt-response=4b1e21679b85263858da26874073491971a58f8bfc024456 <br>
Exec-Program output: NT_KEY: 2066656E05C22F3A995AD9ECFED913D6<br>
Exec-Program-Wait: plaintext: NT_KEY: 2066656E05C22F3A995AD9ECFED913D6<br>
Exec-Program: returned: 0<br>
rlm_mschap: adding MS-CHAPv2 MPPE keys<br>
modcall[authenticate]: module "mschap" returns ok for request
6 <br>
modcall: group Auth-Type returns ok for request 6<br>
MSCHAP Success<br>
modcall[authenticate]: module "eap" returns handled for
request 6<br>
modcall: group authenticate returns handled for request 6<br>
PEAP: Got tunneled Access-Challenge <br>
modcall[authenticate]: module "eap" returns handled for
request 6<br>
modcall: group authenticate returns handled for request 6<br>
Sending Access-Challenge of id 138 to <a href="http://192.168.16.1:1645">192.168.16.1:1645
</a><br>
Framed-IP-Address = <a
href="http://255.255.255.254">255.255.255.254</a><br>
Framed-MTU = 576<br>
Service-Type = Framed-User<br>
EAP-Message =
0x0107004a1900170301003f58b6111cc333922058a5d79f63641e19ae7154e3504573da98346c88f080fe8ee04ad4b50f3cdc52fd02e8909b9f8f9a439730b7cee4654c18135432e651e7
<br>
Message-Authenticator =
0x00000000000000000000000000000000<br>
State =
0x1f45be689bd5bd8a6d8ace2af886bb6c<br>
Finished request 6<br>
Going to the next request<br>
Waking up in 6 seconds...<br>
rad_recv: Access-Request packet from host <a href="http://192.168.16.1:1645">192.168.16.1:1645</a>,
id=139, length=165<br>
NAS-IP-Address = <a
href="http://192.168.16.1">192.168.16.1</a><br>
NAS-Port = 50147<br>
NAS-Port-Type = Ethernet<br>
User-Name = "CSB\\test" <br>
Called-Station-Id =
"00-17-5A-1B-28-B3"<br>
Calling-Station-Id =
"00-04-75-85-8F-61"<br>
Service-Type = Framed-User<br>
Framed-MTU = 1500<br>
State =
0x1f45be689bd5bd8a6d8ace2af886bb6c <br>
EAP-Message =
0x0207001d19001703010012b8f868205426ef722e2433e5defa62455113<br>
Message-Authenticator =
0x2e5a0be42b038b2404f5c93ea27d5387<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 7 <br>
modcall[authorize]: module "preprocess" returns ok for request
7<br>
modcall[authorize]: module "chap" returns noop for request 7<br>
rlm_realm: No <a href="mailto:'@'">'@'</a> in User-Name =
"CSB\test", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "suffix" returns noop for request 7<br>
users: Matched entry DEFAULT at line 165 <br>
users: Matched entry DEFAULT at line 184<br>
modcall[authorize]: module "files" returns ok for request 7<br>
rlm_eap: EAP packet type response id 7 length 29<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation <br>
modcall[authorize]: module "eap" returns updated for request 7<br>
modcall[authorize]: module "mschap" returns noop for request 7<br>
modcall: group authorize returns updated for request 7<br>
rad_check_password: Found Auth-Type MS-CHAP <br>
rad_check_password: Found Auth-Type EAP<br>
Warning: Found 2 auth-types on request for user 'CSB\test'<br>
auth: type "EAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 7 <br>
rlm_eap: Request found, released from the list<br>
rlm_eap: EAP/peap<br>
rlm_eap: processing type peap<br>
rlm_eap_peap: Authenticate<br>
rlm_eap_tls: processing TLS<br>
eaptls_verify returned 7<br>
rlm_eap_tls: Done initial handshake <br>
eaptls_process returned 7<br>
rlm_eap_peap: EAPTLS_OK<br>
rlm_eap_peap: Session established. Decoding tunneled attributes.<br>
rlm_eap_peap: EAP type mschapv2<br>
rlm_eap_peap: Tunneled data is valid.<br>
PEAP: Setting User-Name to CSB\test <br>
PEAP: Adding old state with a8 0f<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 7<br>
modcall[authorize]: module "preprocess" returns ok for request
7 <br>
modcall[authorize]: module "chap" returns noop for request 7<br>
rlm_realm: No <a href="mailto:'@'">'@'</a> in User-Name =
"CSB\test", looking up realm NULL<br>
rlm_realm: No such realm "NULL" <br>
modcall[authorize]: module "suffix" returns noop for request 7<br>
users: Matched entry DEFAULT at line 165<br>
modcall[authorize]: module "files" returns ok for request 7<br>
rlm_eap: EAP packet type response id 7 length 6 <br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
modcall[authorize]: module "eap" returns updated for request 7<br>
modcall[authorize]: module "mschap" returns noop for request 7
<br>
modcall: group authorize returns updated for request 7<br>
rad_check_password: Found Auth-Type MS-CHAP<br>
rad_check_password: Found Auth-Type EAP<br>
Warning: Found 2 auth-types on request for user 'CSB\test' <br>
auth: type "EAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 7<br>
rlm_eap: Request found, released from the list<br>
rlm_eap: EAP/mschapv2<br>
rlm_eap: processing type mschapv2<br>
rlm_eap: Freeing handler<br>
modcall[authenticate]: module "eap" returns ok for request 7<br>
modcall: group authenticate returns ok for request 7<br>
Trying to look up name of unknown client <a href="http://127.0.0.1">127.0.0.1</a>.<br>
Login OK: [CSB\\test/<no User-Password attribute>] (from client
UNKNOWN-CLIENT port 0)<br>
PEAP: Tunneled authentication was successful.<br>
rlm_eap_peap: SUCCESS<br>
modcall[authenticate]: module "eap" returns handled for
request 7 <br>
modcall: group authenticate returns handled for request 7<br>
Sending Access-Challenge of id 139 to <a href="http://192.168.16.1:1645">192.168.16.1:1645</a><br>
Framed-IP-Address = <a
href="http://255.255.255.254">255.255.255.254</a><br>
Framed-MTU = 576<br>
Service-Type = Framed-User<br>
EAP-Message =
0x010800261900170301001b8d03a63c700234ed33060b7b6b9274d27b9e872a002e885ab9ebf3<br>
Message-Authenticator =
0x00000000000000000000000000000000 <br>
State =
0x5a28f8fd3d7fde4a88411d022625e022<br>
Finished request 7<br>
Going to the next request<br>
Waking up in 6 seconds...<br>
rad_recv: Access-Request packet from host <a href="http://192.168.16.1:1645">192.168.16.1:1645
</a>, id=140, length=174<br>
NAS-IP-Address = <a
href="http://192.168.16.1">192.168.16.1</a><br>
NAS-Port = 50147<br>
NAS-Port-Type = Ethernet<br>
User-Name = "CSB\\test"<br>
Called-Station-Id =
"00-17-5A-1B-28-B3" <br>
Calling-Station-Id =
"00-04-75-85-8F-61"<br>
Service-Type = Framed-User<br>
Framed-MTU = 1500<br>
State =
0x5a28f8fd3d7fde4a88411d022625e022<br>
EAP-Message =
0x020800261900170301001b44c1c9880e33cd6e472ba624ff53ee4f53e1588d0da394c02c0522 <br>
Message-Authenticator =
0x50fd41edb7beeee318cfd915201602f4<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 8<br>
modcall[authorize]: module "preprocess" returns ok for request
8 <br>
modcall[authorize]: module "chap" returns noop for request 8<br>
rlm_realm: No <a href="mailto:'@'">'@'</a> in User-Name =
"CSB\test", looking up realm NULL<br>
rlm_realm: No such realm "NULL" <br>
modcall[authorize]: module "suffix" returns noop for request 8<br>
users: Matched entry DEFAULT at line 165<br>
users: Matched entry DEFAULT at line 184<br>
modcall[authorize]: module "files" returns ok for request 8 <br>
rlm_eap: EAP packet type response id 8 length 38<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
modcall[authorize]: module "eap" returns updated for request 8<br>
modcall[authorize]: module "mschap" returns noop for request 8
<br>
modcall: group authorize returns updated for request 8<br>
rad_check_password: Found Auth-Type MS-CHAP<br>
rad_check_password: Found Auth-Type EAP<br>
Warning: Found 2 auth-types on request for user 'CSB\test' <br>
auth: type "EAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 8<br>
rlm_eap: Request found, released from the list<br>
rlm_eap: EAP/peap<br>
rlm_eap: processing type peap <br>
rlm_eap_peap: Authenticate<br>
rlm_eap_tls: processing TLS<br>
eaptls_verify returned 7<br>
rlm_eap_tls: Done initial handshake<br>
eaptls_process returned 7<br>
rlm_eap_peap: EAPTLS_OK<br>
rlm_eap_peap: Session established. Decoding tunneled attributes. <br>
rlm_eap_peap: Received EAP-TLV response.<br>
rlm_eap_peap: Tunneled data is valid.<br>
rlm_eap_peap: Success<br>
rlm_eap: Freeing handler<br>
modcall[authenticate]: module "eap" returns ok for request 8 <br>
modcall: group authenticate returns ok for request 8<br>
Login OK: [CSB\\test/<no User-Password attribute>] (from client reseau16
port 50147 cli 00-04-75-85-8F-61)<br>
Sending Access-Accept of id 140 to <a href="http://192.168.16.1:1645">192.168.16.1:1645</a><br>
Framed-IP-Address = <a
href="http://255.255.255.254">255.255.255.254</a><br>
Framed-MTU = 576<br>
Service-Type = Framed-User<br>
MS-MPPE-Recv-Key =
0xf1a6b62d3814b8fc8f3ac5601a89ddacc1c47c4387e21b35fe33bdbffaf15486 <br>
MS-MPPE-Send-Key = 0x1ba3df6508e8c7f03112980ae8e1255bfec5c05ab397c927a9b56be7335714fd<br>
EAP-Message = 0x03080004<br>
Message-Authenticator =
0x00000000000000000000000000000000<br>
User-Name = "CSB\\test" <br>
Finished request 8<br>
Going to the next request<br>
Waking up in 6 seconds...<br>
--- Walking the entire request list ---<br>
Cleaning up request 0 ID 132 with timestamp 45f0c882<br>
Cleaning up request 1 ID 133 with timestamp 45f0c882 <br>
Cleaning up request 2 ID 134 with timestamp 45f0c882<br>
Cleaning up request 3 ID 135 with timestamp 45f0c882<br>
Cleaning up request 4 ID 136 with timestamp 45f0c882<br>
Cleaning up request 5 ID 137 with timestamp 45f0c882 <br>
Cleaning up request 6 ID 138 with timestamp 45f0c882<br>
Cleaning up request 7 ID 139 with timestamp 45f0c882<br>
Cleaning up request 8 ID 140 with timestamp 45f0c882<br>
Nothing to do. Sleeping until we see a request.<br>
<o:p></o:p></span></font></p>
</div>
</div>
</body>
</html>