<div dir="ltr">Dear All,<br>I am about deploying an AAA services: All authentication is centralized on my freeradius-server (on debian lenny), in the green zone behind ipcop in which I installed ipcop addons called copspot ( like chilispot) for the captive portal.<br>
The authentication worked well locally against openldap (in the same server). When an user try to connect to internet in the Blue Zone (WLAN), it generates the following error in the radius-server. I am really stuck here, any help will be welcome. <br>
<br style="background-color: rgb(192, 192, 192);" clear="all"><span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:14:51 2010 : Debug: }</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:14:51 2010 : Debug: Listening on authentication address * port 1812</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:14:51 2010 : Debug: Listening on accounting address * port 1813</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:14:51 2010 : Debug: Listening on proxy address * port 1814</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:14:51 2010 : Info: Ready to process requests.</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">rad_recv: Access-Request packet from host 192.168.2.1 port 32790, id=0, length=216</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> User-Name = "kkigor14"</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> CHAP-Challenge = 0xd12e07a5f57980aa86a4aa049fc7bb40</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> CHAP-Password = 0x0005cff525e5508c82bc3ebb315c0b09e5</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> NAS-IP-Address = 0.0.0.0</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"><span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> Service-Type = Login-User</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> Framed-IP-Address = 192.168.4.7</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"><span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> Calling-Station-Id = "00-21-63-6B-C8-40"</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> Called-Station-Id = "00-08-74-D4-7A-F5"</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> NAS-Identifier = "nas01"</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> Acct-Session-Id = "4bd058be00000003"</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> NAS-Port-Type = Wireless-802.11</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"><span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> NAS-Port = 3</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> Message-Authenticator = 0x5d8d6302e9684a55c2db247bdafc022e</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;"> WISPr-Logoff-URL = "<a href="http://192.168.4.1:3990/logoff">http://192.168.4.1:3990/logoff</a>"</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: +- entering group authorize {...}</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: ++[preprocess] returns ok</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/<a href="http://192.168.2.1/auth-detail-20100422">192.168.2.1/auth-detail-20100422</a></span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/<a href="http://192.168.2.1/auth-detail-20100422">192.168.2.1/auth-detail-20100422</a></span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [auth_log] expand: %t -> Thu Apr 22 14:17:59 2010</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: ++[auth_log] returns ok</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [suffix] No '@' in User-Name = "kkigor14", looking up realm NULL</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [suffix] No such realm "NULL"</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: ++[suffix] returns noop</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [eap] No EAP-Message, not doing EAP</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: ++[eap] returns noop</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: ++[unix] returns notfound</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [ldap] performing user authorization for kkigor14</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [ldap] expand: %{Stripped-User-Name} -></span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [ldap] ... expanding second conditional</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [ldap] expand: %{User-Name} -> kkigor14</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=kkigor14)</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [ldap] expand: dc=csimaroc, dc=lan -> dc=csimaroc, dc=lan</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: [ldap] ldap_get_conn: Checking Id: 0</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: [ldap] ldap_get_conn: Got Id: 0</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: [ldap] attempting LDAP reconnection</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: [ldap] (re)connect to <a href="http://127.0.0.1:389">127.0.0.1:389</a>, authentication 0</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: [ldap] bind as / to <a href="http://127.0.0.1:389">127.0.0.1:389</a></span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: [ldap] waiting for bind result ...</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: [ldap] Bind was successful</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: [ldap] performing search in dc=csimaroc, dc=lan, with filter (uid=kkigor14)</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [ldap] No default NMAS login sequence</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [ldap] looking for check items in directory...</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: [ldap] sambaNtPassword -> NT-Password == 0x4535334337353245323438413034353342353531353646383131303237453139</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: [ldap] sambaLmPassword -> LM-Password == 0x4432433038394334374245444535364641414433423433354235313430344545</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [ldap] looking for reply items in directory...</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [ldap] user kkigor14 authorized to use remote access</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: [ldap] ldap_release_conn: Release Id: 0</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: ++[ldap] returns ok</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: ++[expiration] returns noop</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: ++[logintime] returns noop</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [pap] Normalizing NT-Password from hex encoding</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [pap] Normalizing LM-Password from hex encoding</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [pap] No clear-text password in the request. Not performing PAP.</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: ++[pap] returns noop</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: Failed to authenticate the user.</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: Using Post-Auth-Type Reject</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: +- entering group REJECT {...}</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: [attr_filter.access_reject] expand: %{User-Name} -> kkigor14</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: ++[attr_filter.access_reject] returns updated</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Info: Delaying reject of request 0 for 1 seconds</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: Going to the next request</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:17:59 2010 : Debug: Waking up in 0.9 seconds.</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:18:00 2010 : Info: Sending delayed reject for request 0</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Sending Access-Reject of id 0 to 192.168.2.1 port 32790</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:18:00 2010 : Debug: Waking up in 4.9 seconds.</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:18:05 2010 : Info: Cleaning up request 0 ID 0 with timestamp +188</span><br style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">
<span style="background-color: rgb(192, 192, 192); font-family: courier new,monospace;">Thu Apr 22 14:18:05 2010 : Info: Ready to process requests.</span><br><br>All the Best<br>-- <br>-----------------------------------------------------------------<br>
|JJohnny RANDRIAMAMPIONONA |<br>| Phone: +212663682554 |<br>| National School of Applied Sciences |<br>| 1818 TANGIER 90000 |<br>|----------------------------------------------------------------|<br>
</div>