Hello,<br><br>I have usual problem for persons who wants to setup LDAP+PEAP integration.<br>I want to setup WIFI with PEAP auth. via FreeRadius.<br>The problem is that I can login with ldap login thought radtest testuser 123456 localhost 10 secret.<br>
But I can't do the same thought my wifi laptop(ldap login) but I can
login on my laptop with local login (/etc/freeradius/users).<br><br>I found several suggestion according my situation but I can't solve the problem.<br>
<br>
Delete :DEFAULT Auth-Type := LDAP<br>Add : <br>checkItem User-Password userPassword<br>checkItem userPassword lmPassword<br><br>It seems that is my direct ldap query don't have : User-Password = "" Atribute.<br>
<br>log file<br>==============================<div>====<br><br> rlm_realm: No '@' in User-Name = "username", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 2<br>
rlm_realm: No '\' in User-Name = "username", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "ntdomain" returns noop for request 2<br>
rlm_eap: EAP packet type response id 3 length 6<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br> modcall[authorize]: module "eap" returns updated for request 2<br>rlm_ldap: - authorize<br>
rlm_ldap: performing user authorization for username<br>radius_xlat: '(&(uid=username)(objectClass=posixAccount))'<br>radius_xlat: 'dc=company,dc=com'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>
rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=username)(objectClass=posixAccount))<br>rlm_ldap: checking if remote access for username is allowed by uid<br>rlm_ldap: No default NMAS login sequence<br>
rlm_ldap: looking for check items in directory...<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: user username authorized to use remote access<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap" returns ok for request 2<br>
modcall: leaving group authorize (returns updated) for request 2<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 2<br>
rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br>rlm_eap_tls: Received EAP-TLS ACK message<br>
rlm_eap_tls: ack handshake fragment handler<br>
eaptls_verify returned 1<br> eaptls_process returned 13<br> rlm_eap_peap: EAPTLS_HANDLED<br> modcall[authenticate]: module "eap" returns handled for request 2<br>modcall: leaving group authenticate (returns handled) for request 2<br>
Sending Access-Challenge of id 211 to <a href="http://100.100.128.139/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139</a> port 6001<br> EAP-Message = 0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8<br>
EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010<br>
EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x944b46983edee9d6374c638b077a98b0<br>Finished request 2<br>Going to the next request<br>Waking up in 6 seconds...<br>rad_recv: Access-Request packet from host <a href="http://100.100.128.139:6001/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139:6001</a>, id=212, length=347<br>
User-Name = "username"<br> NAS-IP-Address = <a href="http://100.100.128.139/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139</a><br> Called-Station-Id = "00-20-a6-64-66-a3:A"<br>
Calling-Station-Id = "00-18-de-4e-8f-1d"<br>
NAS-Identifier = "ORiNOCO-AP-700-64-66-a3"<br> State = 0x944b46983edee9d6374c638b077a98b0<br> Framed-MTU = 1400<br> NAS-Port = 2<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x020400c01980000000b616030100861000008200807d0aa8cba27d582c350fe812e3a13585488f0fd2dd93ad428f2c412328332d3efe74a4a3ddd31f44aec192a4aafa6d96a78de561284fce538250b20fe110d972de06c41880703f3fe7326e4c5d44d1bb9d5dae51e5b05a5f7bd2e96ca9aa91ba2aaacaecc7f979d32ffd32857dcf70ef92b88a2ec2806593cd1888bbe61f6ece1403010001011603010020e1a93666bea97c8b068187f07c7a55b581fee2dc5f9b7ba1b8b920487c503178<br>
Message-Authenticator = 0xd7ccfc59fba379f1f22b2d86f284967f<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 3<br> modcall[authorize]: module "preprocess" returns ok for request 3<br>
modcall[authorize]: module "chap" returns noop for request 3<br> modcall[authorize]: module "mschap" returns noop for request 3<br> rlm_realm: No '@' in User-Name = "user", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 3<br> rlm_realm: No '\' in User-Name = "user", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "ntdomain" returns noop for request 3<br> rlm_eap: EAP packet type response id 4 length 192<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br> modcall[authorize]: module "eap" returns updated for request 3<br>
rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for user<br>radius_xlat: '(&(uid=user)(objectClass=posixAccount))'<br>radius_xlat: 'dc=company,dc=com'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount))<br>rlm_ldap: checking if remote access for user is allowed by uid<br>rlm_ldap: No default NMAS login sequence<br>
rlm_ldap: looking for check items in directory...<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: user username authorized to use remote access<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap" returns ok for request 3<br>
modcall: leaving group authorize (returns updated) for request 3<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 3<br>
rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br>rlm_eap_tls: Length Included<br> eaptls_verify returned 11<br>
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange<br> TLS_accept: SSLv3 read client key exchange A<br> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]<br> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished<br>
TLS_accept: SSLv3 read finished A<br> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]<br> TLS_accept: SSLv3 write change cipher spec A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished<br>
TLS_accept: SSLv3 write finished A<br> TLS_accept: SSLv3 flush data<br> (other): SSL negotiation finished successfully<br>SSL Connection Established<br> eaptls_process returned 13<br> rlm_eap_peap: EAPTLS_HANDLED<br>
modcall[authenticate]: module "eap" returns handled for request 3<br>modcall: leaving group authenticate (returns handled) for request 3<br>Sending Access-Challenge of id 212 to <a href="http://100.100.128.139/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139</a> port 6001<br>
EAP-Message = 0x0105003119001403010001011603010020fcb9a12ef0f4c6ee542c7448c19f2d0a90980fbeccc23732a37133106723dc53<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9f545f6b44154fe7443c4c9b8503f14d<br>
Finished request 3<br>Going to the next request<br>Waking up in 6 seconds...<br>rad_recv: Access-Request packet from host <a href="http://100.100.128.139:6001/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139:6001</a>, id=213, length=161<br>
User-Name = "user"<br>
NAS-IP-Address = <a href="http://100.100.128.139/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139</a><br> Called-Station-Id = "00-20-a6-64-66-a3:A"<br> Calling-Station-Id = "00-18-de-4e-8f-1d"<br>
NAS-Identifier = "ORiNOCO-AP-700-64-66-a3"<br>
State = 0x9f545f6b44154fe7443c4c9b8503f14d<br> Framed-MTU = 1400<br> NAS-Port = 2<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x020500061900<br> Message-Authenticator = 0xfb78e6a22ba9350c248c45488967f9e3<br>
Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 4<br> modcall[authorize]: module "preprocess" returns ok for request 4<br> modcall[authorize]: module "chap" returns noop for request 4<br>
modcall[authorize]: module "mschap" returns noop for request 4<br> rlm_realm: No '@' in User-Name = "user", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 4<br>
rlm_realm: No '\' in User-Name = "user", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "ntdomain" returns noop for request 4<br> rlm_eap: EAP packet type response id 5 length 6<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br> modcall[authorize]: module "eap" returns updated for request 4<br>rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for user<br>
radius_xlat: '(&(uid=user)(objectClass=posixAccount))'<br>radius_xlat: 'dc=company,dc=com'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount))<br>
rlm_ldap: checking if remote access for user is allowed by uid<br>rlm_ldap: No default NMAS login sequence<br>rlm_ldap: looking for check items in directory...<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: user user authorized to use remote access<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap" returns ok for request 4<br>modcall: leaving group authorize (returns updated) for request 4<br> rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 4<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br>
rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br>rlm_eap_tls: Received EAP-TLS ACK message<br> rlm_eap_tls: ack handshake is finished<br> eaptls_verify returned 3<br> eaptls_process returned 3<br> rlm_eap_peap: EAPTLS_SUCCESS<br>
modcall[authenticate]: module "eap" returns handled for request 4<br>modcall: leaving group authenticate (returns handled) for request 4<br>Sending Access-Challenge of id 213 to <a href="http://100.100.128.139/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139</a> port 6001<br>
EAP-Message = 0x010600201900170301001550a63ce907f8230086ea4cfe01fa4b04d285fa90fd<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x0491782a026ef1c37d38229aa2a09fd2<br>Finished request 4<br>
Going to the next request<br>Waking up in 6 seconds...<br>rad_recv: Access-Request packet from host <a href="http://100.100.128.139:6001/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139:6001</a>, id=214, length=189<br>
User-Name = "user"<br>
NAS-IP-Address = <a href="http://100.100.128.139/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139</a><br> Called-Station-Id = "00-20-a6-64-66-a3:A"<br> Calling-Station-Id = "00-18-de-4e-8f-1d"<br>
NAS-Identifier = "ORiNOCO-AP-700-64-66-a3"<br>
State = 0x0491782a026ef1c37d38229aa2a09fd2<br> Framed-MTU = 1400<br> NAS-Port = 2<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x02060022190017030100170c1a8d4e36f76ec984c2802da6ffc5ba177ee6d24fa2b6<br>
Message-Authenticator = 0x2d07b6b5d35b4a8a62e04fee324d7d37<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 5<br> modcall[authorize]: module "preprocess" returns ok for request 5<br>
modcall[authorize]: module "chap" returns noop for request 5<br> modcall[authorize]: module "mschap" returns noop for request 5<br> rlm_realm: No '@' in User-Name = "user", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 5<br> rlm_realm: No '\' in User-Name = "user", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "ntdomain" returns noop for request 5<br> rlm_eap: EAP packet type response id 6 length 34<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br> modcall[authorize]: module "eap" returns updated for request 5<br>
rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for user<br>radius_xlat: '(&(uid=user)(objectClass=posixAccount))'<br>radius_xlat: 'dc=company,dc=com'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount))<br>rlm_ldap: checking if remote access for user is allowed by uid<br>rlm_ldap: No default NMAS login sequence<br>
rlm_ldap: looking for check items in directory...<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: user user authorized to use remote access<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap" returns ok for request 5<br>
modcall: leaving group authorize (returns updated) for request 5<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 5<br>
rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br> eaptls_verify returned 7<br> rlm_eap_tls: Done initial handshake<br>
eaptls_process returned 7<br> rlm_eap_peap: EAPTLS_OK<br> rlm_eap_peap: Session established. Decoding tunneled attributes.<br> rlm_eap_peap: Identity - user<br> rlm_eap_peap: Tunneled data is valid.<br> PEAP: Got tunneled EAP-Message<br>
EAP-Message = 0x0206000b0165726f6e6b6f<br> PEAP: Got tunneled identity of user<br> PEAP: Setting default EAP type for tunneled EAP session.<br> PEAP: Setting User-Name to user<br> PEAP: Sending tunneled request<br>
EAP-Message = 0x0206000b0165726f6e6b6f<br> FreeRADIUS-Proxied-To = <a href="http://127.0.0.1/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">127.0.0.1</a><br> User-Name = "user"<br>
Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 5<br>
modcall[authorize]: module "preprocess" returns ok for request 5<br> modcall[authorize]: module "chap" returns noop for request 5<br> modcall[authorize]: module "mschap" returns noop for request 5<br>
rlm_realm: No '@' in User-Name = "user", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 5<br> rlm_realm: No '\' in User-Name = "user", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "ntdomain" returns noop for request 5<br> rlm_eap: EAP packet type response id 6 length 11<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
modcall[authorize]: module "eap" returns updated for request 5<br>rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for user<br>radius_xlat: '(&(uid=user)(objectClass=posixAccount))'<br>
radius_xlat: 'dc=company,dc=com'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount))<br>
rlm_ldap: checking if remote access for user is allowed by uid<br>rlm_ldap: No default NMAS login sequence<br>rlm_ldap: looking for check items in directory...<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: user user authorized to use remote access<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap" returns ok for request 5<br>modcall: leaving group authorize (returns updated) for request 5<br> rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 5<br> rlm_eap: EAP Identity<br> rlm_eap: processing type mschapv2<br>rlm_eap_mschapv2: Issuing Challenge<br>
modcall[authenticate]: module "eap" returns handled for request 5<br>modcall: leaving group authenticate (returns handled) for request 5<br> PEAP: Got tunneled reply RADIUS code 11<br> EAP-Message = 0x010700201a0107001b106ed1ec90bcd32cc73c262c2156f4e35b65726f6e6b6f<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xe6b54da771c6c9951580aa2c13a974f1<br> PEAP: Processing from tunneled session code 0x8014b458 11<br> EAP-Message = 0x010700201a0107001b106ed1ec90bcd32cc73c262c2156f4e35b65726f6e6b6f<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xe6b54da771c6c9951580aa2c13a974f1<br> PEAP: Got tunneled Access-Challenge<br> modcall[authenticate]: module "eap" returns handled for request 5<br>
modcall: leaving group authenticate (returns handled) for request 5<br>Sending Access-Challenge of id 214 to <a href="http://100.100.128.139/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139</a> port 6001<br>
EAP-Message = 0x010700371900170301002cf7b661ce86c13ad322a5ee1424937977095638f0df2a81f3fbf1edf93d3130ce91835ab86ea73ee239dc5de0<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x3bc371fff6daef9820ca18ec1a95d748<br>Finished request 5<br>Going to the next request<br>Waking up in 6 seconds...<br>rad_recv: Access-Request packet from host <a href="http://100.100.128.139:6001/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139:6001</a>, id=215, length=243<br>
User-Name = "user"<br> NAS-IP-Address = <a href="http://100.100.128.139/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139</a><br> Called-Station-Id = "00-20-a6-64-66-a3:A"<br>
Calling-Station-Id = "00-18-de-4e-8f-1d"<br>
NAS-Identifier = "ORiNOCO-AP-700-64-66-a3"<br> State = 0x3bc371fff6daef9820ca18ec1a95d748<br> Framed-MTU = 1400<br> NAS-Port = 2<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x020700581900170301004d60cb0ad1df28d5131e19ea9db9006aae8b2fab7987ddf7b12b0ef50d864f1b1a813ef2867eb0af3f119842d120c90c8713f1bc573de395d46e26d4b755c9a81b1c2b725fb8c124cc009c7cb77a<br>
Message-Authenticator = 0x446d0653078e6318ed2fcab66426a52f<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 6<br> modcall[authorize]: module "preprocess" returns ok for request 6<br>
modcall[authorize]: module "chap" returns noop for request 6<br> modcall[authorize]: module "mschap" returns noop for request 6<br> rlm_realm: No '@' in User-Name = "user", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 6<br> rlm_realm: No '\' in User-Name = "user", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "ntdomain" returns noop for request 6<br> rlm_eap: EAP packet type response id 7 length 88<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br> modcall[authorize]: module "eap" returns updated for request 6<br>
rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for user<br>radius_xlat: '(&(uid=user)(objectClass=posixAccount))'<br>radius_xlat: 'dc=company,dc=com'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount))<br>rlm_ldap: checking if remote access for user is allowed by uid<br>rlm_ldap: No default NMAS login sequence<br>
rlm_ldap: looking for check items in directory...<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: user user authorized to use remote access<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap" returns ok for request 6<br>
modcall: leaving group authorize (returns updated) for request 6<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 6<br>
rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br> eaptls_verify returned 7<br> rlm_eap_tls: Done initial handshake<br>
eaptls_process returned 7<br> rlm_eap_peap: EAPTLS_OK<br> rlm_eap_peap: Session established. Decoding tunneled attributes.<br> rlm_eap_peap: EAP type mschapv2<br> rlm_eap_peap: Tunneled data is valid.<br> PEAP: Got tunneled EAP-Message<br>
EAP-Message = 0x020700411a0207003c31d882c1781c00f76d0e243209bf9bacbd00000000000000005e5fe71c20fb537939dabaa9e0a5e252eeb22bbc2cb884bc0065726f6e6b6f<br> PEAP: Setting User-Name to user<br> PEAP: Adding old state with e6 b5<br>
PEAP: Sending tunneled request<br> EAP-Message = 0x020700411a0207003c31d882c1781c00f76d0e243209bf9bacbd00000000000000005e5fe71c20fb537939dabaa9e0a5e252eeb22bbc2cb884bc0065726f6e6b6f<br> FreeRADIUS-Proxied-To = <a href="http://127.0.0.1/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">127.0.0.1</a><br>
User-Name = "user"<br> State = 0xe6b54da771c6c9951580aa2c13a974f1<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 6<br> modcall[authorize]: module "preprocess" returns ok for request 6<br>
modcall[authorize]: module "chap" returns noop for request 6<br> modcall[authorize]: module "mschap" returns noop for request 6<br> rlm_realm: No '@' in User-Name = "user", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 6<br> rlm_realm: No '\' in User-Name = "user", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "ntdomain" returns noop for request 6<br> rlm_eap: EAP packet type response id 7 length 65<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br> modcall[authorize]: module "eap" returns updated for request 6<br>
rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for user<br>radius_xlat: '(&(uid=user)(objectClass=posixAccount))'<br>radius_xlat: 'dc=company,dc=com'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount))<br>rlm_ldap: checking if remote access for user is allowed by uid<br>rlm_ldap: No default NMAS login sequence<br>
rlm_ldap: looking for check items in directory...<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: user user authorized to use remote access<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap" returns ok for request 6<br>
modcall: leaving group authorize (returns updated) for request 6<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 6<br>
rlm_eap: Request found, released from the list<br> rlm_eap: EAP/mschapv2<br> rlm_eap: processing type mschapv2<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group MS-CHAP for request 6<br>
rlm_mschap: No User-Password configured. Cannot create LM-Password.<br> rlm_mschap: No User-Password configured. Cannot create NT-Password.<br> rlm_mschap: Told to do MS-CHAPv2 for user with NT-Password<br> rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.<br>
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect<br> modcall[authenticate]: module "mschap" returns reject for request 6<br>modcall: leaving group MS-CHAP (returns reject) for request 6<br> rlm_eap: Freeing handler<br>
modcall[authenticate]: module "eap" returns reject for request 6<br>modcall: leaving group authenticate (returns reject) for request 6<br>auth: Failed to validate the user.<br> PEAP: Got tunneled reply RADIUS code 3<br>
MS-CHAP-Error = "\007E=691 R=1"<br> EAP-Message = 0x04070004<br> Message-Authenticator = 0x00000000000000000000000000000000<br> PEAP: Processing from tunneled session code 0x8014e3d0 3<br>
MS-CHAP-Error = "\007E=691 R=1"<br> EAP-Message = 0x04070004<br> Message-Authenticator = 0x00000000000000000000000000000000<br> PEAP: Tunneled authentication was rejected.<br> rlm_eap_peap: FAILURE<br>
modcall[authenticate]: module "eap" returns handled for request 6<br>modcall: leaving group authenticate (returns handled) for request 6<br>Sending Access-Challenge of id 215 to <a href="http://100.100.128.139/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139</a> port 6001<br>
EAP-Message = 0x010800261900170301001bb07f823ff790eaac7e023f39cdfa2c13c74448e9b40ce1b6c0335f<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x8b12accaa14d0c6f0c8e3d6d75bd953f<br>
Finished request 6<br>Going to the next request<br>Waking up in 6 seconds...<br>rad_recv: Access-Request packet from host <a href="http://100.100.128.139:6001/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139:6001</a>, id=216, length=193<br>
User-Name = "user"<br>
NAS-IP-Address = <a href="http://100.100.128.139/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139</a><br> Called-Station-Id = "00-20-a6-64-66-a3:A"<br> Calling-Station-Id = "00-18-de-4e-8f-1d"<br>
NAS-Identifier = "ORiNOCO-AP-700-64-66-a3"<br>
State = 0x8b12accaa14d0c6f0c8e3d6d75bd953f<br> Framed-MTU = 1400<br> NAS-Port = 2<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x020800261900170301001b45b602e857c5b518dcbb213f9a82d53af11486f45a392431f4fc11<br>
Message-Authenticator = 0x4cbc5e10e73739446acfdbb116669e3a<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 7<br> modcall[authorize]: module "preprocess" returns ok for request 7<br>
modcall[authorize]: module "chap" returns noop for request 7<br> modcall[authorize]: module "mschap" returns noop for request 7<br> rlm_realm: No '@' in User-Name = "user", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 7<br> rlm_realm: No '\' in User-Name = "user", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "ntdomain" returns noop for request 7<br> rlm_eap: EAP packet type response id 8 length 38<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br> modcall[authorize]: module "eap" returns updated for request 7<br>
rlm_ldap: - authorize<br>rlm_ldap: performing user authorization for user<br>radius_xlat: '(&(uid=user)(objectClass=posixAccount))'<br>radius_xlat: 'dc=company,dc=com'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount))<br>rlm_ldap: checking if remote access for user is allowed by uid<br>rlm_ldap: No default NMAS login sequence<br>
rlm_ldap: looking for check items in directory...<br>rlm_ldap: looking for reply items in directory...<br>rlm_ldap: user user authorized to use remote access<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap" returns ok for request 7<br>
modcall: leaving group authorize (returns updated) for request 7<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group authenticate for request 7<br>
rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br> eaptls_verify returned 7<br> rlm_eap_tls: Done initial handshake<br>
eaptls_process returned 7<br> rlm_eap_peap: EAPTLS_OK<br> rlm_eap_peap: Session established. Decoding tunneled attributes.<br> rlm_eap_peap: Received EAP-TLV response.<br> rlm_eap_peap: Tunneled data is valid.<br>
rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session.<br>
rlm_eap: Handler failed in EAP/peap<br> rlm_eap: Failed in EAP select<br> modcall[authenticate]: module "eap" returns invalid for request 7<br>modcall: leaving group authenticate (returns invalid) for request 7<br>
auth: Failed to validate the user.<br>Delaying request 7 for 1 seconds<br>Finished request 7<br>Going to the next request<br>Waking up in 6 seconds...<br>rad_recv: Access-Request packet from host <a href="http://100.100.128.139:6001/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139:6001</a>, id=216, length=193<br>
Sending Access-Reject of id 216 to <a href="http://100.100.128.139/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">100.100.128.139</a> port 6001<br> EAP-Message = 0x04080004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
--- Walking the entire request list ---<br>
Waking up in 3 seconds...<br>rad_recv: Access-Request packet from host <a href="http://127.0.0.1:1033/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">127.0.0.1:1033</a>, id=237, length=58<br> User-Name = "user"<br>
User-Password = "password"<br>
NAS-IP-Address = <a href="http://255.255.255.255/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">255.255.255.255</a><br> NAS-Port = 10<br> Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 8<br> modcall[authorize]: module "preprocess" returns ok for request 8<br>
modcall[authorize]: module "chap" returns noop for request 8<br> modcall[authorize]: module "mschap" returns noop for request 8<br> rlm_realm: No '@' in User-Name = "user", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br> modcall[authorize]: module "suffix" returns noop for request 8<br> rlm_realm: No '\' in User-Name = "user", looking up realm NULL<br> rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "ntdomain" returns noop for request 8<br> rlm_eap: No EAP-Message, not doing EAP<br> modcall[authorize]: module "eap" returns noop for request 8<br>rlm_ldap: - authorize<br>
rlm_ldap: performing user authorization for user<br>radius_xlat: '(&(uid=user)(objectClass=posixAccount))'<br>radius_xlat: 'dc=company,dc=com'<br>rlm_ldap: ldap_get_conn: Checking Id: 0<br>rlm_ldap: ldap_get_conn: Got Id: 0<br>
rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount))<br>rlm_ldap: checking if remote access for useris allowed by uid<br>rlm_ldap: No default NMAS login sequence<br>rlm_ldap: looking for check items in directory...<br>
rlm_ldap: looking for reply items in directory...<br>rlm_ldap: Setting Auth-Type = ldap<br>rlm_ldap: user username authorized to use remote access<br>rlm_ldap: ldap_release_conn: Release Id: 0<br> modcall[authorize]: module "ldap" returns ok for request 8<br>
modcall: leaving group authorize (returns ok) for request 8<br> rad_check_password: Found Auth-Type ldap<br>auth: type "LDAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group LDAP for request 8<br>
rlm_ldap: - authenticate<br>rlm_ldap: login attempt by "username" with password "password"<br>rlm_ldap: user DN: uid=username,ou=People,dc=company,dc=com<br>rlm_ldap: (re)connect to ldap1.company:389, authentication 1<br>
rlm_ldap: setting TLS CACert File to /etc/cert/cert.pem<br>rlm_ldap: starting TLS<br>rlm_ldap: bind as uid=username,ou=People,dc=company,dc=com/password to ldap1.in.company:389<br>rlm_ldap: waiting for bind result ...<br>
rlm_ldap: Bind was successful<br>rlm_ldap: user username authenticated succesfully<br> modcall[authenticate]: module "ldap" returns ok for request 8<br>modcall: leaving group LDAP (returns ok) for request 8<br>
Sending Access-Accept of id 237 to <a href="http://127.0.0.1/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">127.0.0.1</a> port 1033<br>Finished request 8<br>Going to the next request<br>--- Walking the entire request list ---<br>
Waking up in 1 seconds...<br>--- Walking the entire request list ---<br>
Cleaning up request 0 ID 209 with timestamp 47c2cee7<br>Cleaning up request 1 ID 210 with timestamp 47c2cee7<br>Cleaning up request 2 ID 211 with timestamp 47c2cee7<br>Cleaning up request 3 ID 212 with timestamp 47c2cee7<br>
Cleaning up request 4 ID 213 with timestamp 47c2cee7<br>Cleaning up request 5 ID 214 with timestamp 47c2cee7<br>Cleaning up request 6 ID 215 with timestamp 47c2cee7<br>Cleaning up request 7 ID 216 with timestamp 47c2cee7<br>
Waking up in 5 seconds...<br><br><br>==================================<br><br>Thank you <br>Era</div>