<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:Arial;
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:948046699;
mso-list-type:hybrid;
mso-list-template-ids:-1626146432 67895297 67895299 67895301 67895297 67895299 67895301 67895297 67895299 67895301;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1
{mso-list-id:2084797441;
mso-list-template-ids:-327749438;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:2086100619;
mso-list-template-ids:-1985690150;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
</head>
<body lang=FR link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hello, <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>In order to allow a user to access the service (send
a Access-Accept) I need to validate several things:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>First the password must be OK:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<ul style='margin-top:0cm' type=disc>
<li class=MsoNormal style='mso-list:l0 level1 lfo3'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>The User-name and
password are stored in cleartext in a ldap (I use Chap), I must get
another ldap attribute wich specify the crm Id matching the username.<o:p></o:p></span></font></li>
</ul>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>The user must be allowed to use the service:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<ul style='margin-top:0cm' type=disc>
<li class=MsoNormal style='mso-list:l0 level1 lfo3'><font size=2 face=Arial><span
lang=EN-GB style='font-size:10.0pt;font-family:Arial'>Daily I get a files
matching a crm Id and a status (can access, cant access)<font color=navy><span
style='color:navy'> => I can’t have a matching between user-name
/ Status. The crm don’t know the user-name, and the ldap don’t
know the client’s status (only the Crm ID)</span></font><o:p></o:p></span></font></li>
</ul>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>I have no trouble to check the User-Name/Password
using ldap and chap modules. But I can’t figure out how to use the ldap
reply to request the local mysql where is store the match between crm Id and
status. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>I don’t know how to use a reply of a
authorization module (ldap) in an another one (sql). <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Since I didn’t find out how to do this, I tried
to add the crmID in a unused radius attribute: Callback-Number:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>In the ldap attrmap configuration file I added:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>replyItem
Callback-Number
SFRrelationLoginService<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>And in the sql configuration: <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>sql_user_name = "%{Callback-Number}"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Unfortunately as expected the replyItem is only add
when the reply is generate. I also tried with a checkItem without more
success… <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Is it possible to configure the ldap module in order
to store a ldapattribute in a variable usable by the mysql module ? Or to
replace/add a radius attribute in the request, base on the ldap<font
color=navy><span style='color:navy'> </span></font>reply before the next module
is compute?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Examples :<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Goal case:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>echo "User-Name=
toto,Chap-Password=111111", | sudo radclient -x 172.16.0.135:1812 auth
secret<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Sending Access-Request of id 202 to 172.16.0.135 port
1812<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'> User-Name
= "toto"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>
CHAP-Password = 0xcab5c3da9c9ebb891608c1991c2e37bea3<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>rad_recv: Access-Reject packet from host 172.16.0.135
port 1812, id=202, length=20<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>log:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
Waking up in 0.9 seconds.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
rlm_ldap: waiting for bind result ...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
rlm_ldap: Bind was successful<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
rlm_ldap: performing search in ou=EndUser,dc=USER,dc=fr, with filter
(USERlogin=toto*)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
[ldapClear] No default NMAS login sequence<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
[ldapClear] looking for check items in directory...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
rlm_ldap: USERrelationLoginService -> Callback-Number ==
"siebelsIdFortoto"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
rlm_ldap: USERuserPassword -> Cleartext-Password == "111111"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
rlm_ldap: USERlogin -> User-Name == "toto"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
[ldapClear] looking for reply items in directory...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
[ldapClear] user toto authorized to use remote access<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
rlm_ldap: ldap_release_conn: Release Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
++[ldapClear] returns ok<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
[sql_crm_abv] #011expand: %{Callback-Number} -><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
[sql_crm_abv] sql_set_user escaped user --> ''<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
rlm_sql (sql_crm_abv): Reserving sql socket id: 1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
[sql_crm_abv] #011expand: SELECT Identifiant,
Status FROM
siebel WHERE
Identifiant = '%{Callback-Number}' AND Status='1' -> SELECT Identifiant,
Status FROM
siebel WHERE
Identifiant = '' AND Status='1'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
rlm_sql_mysql: query: SELECT Identifiant,
Status FROM
siebel WHERE
Identifiant = '' AND Status='1'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
rlm_sql (sql_crm_abv): Released sql socket id: 1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
[sql_crm_abv] User not found<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
++[sql_crm_abv] returns notfound<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
[chap] Setting 'Auth-Type := CHAP'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
++[chap] returns ok<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
++[expiration] returns noop<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
++[logintime] returns noop<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
[pap] Found existing Auth-Type, not changing it.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
++[pap] returns noop<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
rlm_sqlcounter: Entering module authorize code<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
rlm_sqlcounter: Could not find Key value pair<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
++[scratchcounter_lyo] returns noop<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
Found Auth-Type = CHAP<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: +-
entering group CHAP {...}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
[chap] login attempt by "toto" with CHAP password<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
[chap] Using clear text password "111111" for user toto
authentication.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
[chap] chap user toto authenticated succesfully<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
++[chap] returns ok<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
Login OK: [toto/<CHAP-Password>] (from client ext port 0)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: +-
entering group post-auth {...}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]:
++[reply_log] returns ok<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Test addin the crmId in the request before computing
=> not possible in real situation, but to test everything else <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'> echo "User-Name=
toto,Chap-Password=111111",Callback-Number='siebelsIdFortoto' | sudo
radclient -x 172.16.0.135:1812 auth secret<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Sending Access-Request of id 159 to 172.16.0.135 port
1812<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'> User-Name
= "toto"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>
CHAP-Password = 0x9fb08ff7f454d0c9998fc5dd72479940cd<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>
Callback-Number = "siebelsIdFortoto"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>rad_recv: Access-Accept packet from host 172.16.0.135
port 1812, id=159, length=20<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>log:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
Thread 4 got semaphore<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]: Thread
4 handling request 0, (1 handled so far)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]: +-
entering group authorize {...}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
++[preprocess] returns ok<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
++[mschap] returns noop<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[IPASS] No '/' in User-Name = "toto", looking up realm NULL<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[IPASS] No such realm "NULL"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
++[IPASS] returns noop<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[suffix] No '@' in User-Name = "toto", looking up realm NULL<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[suffix] No such realm "NULL"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
++[suffix] returns noop<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
++[files] returns noop<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[ldapClear] performing user authorization for toto<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[ldapClear] #011expand: %{Stripped-User-Name} -><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[ldapClear] #011expand: %{User-Name} -> toto<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[ldapClear] #011expand: (USERlogin=%{%{Stripped-User-Name}:-%{User-Name}}*)
-> (USERlogin=toto*)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[ldapClear] #011expand: ou=EndUser,dc=USER,dc=fr -> ou=EndUser,dc=USER,dc=fr<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_ldap: ldap_get_conn: Checking Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_ldap: ldap_get_conn: Got Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_ldap: attempting LDAP reconnection<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_ldap: (re)connect to 10.33.245.241:389, authentication 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_ldap: bind as cn=Radius Gp,ou=Application,dc=USER,dc=fr/radiusgp to
10.33.245.241:389<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
Threads: total/active/spare threads = 5/1/4<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
Waking up in 0.9 seconds.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_ldap: waiting for bind result ...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_ldap: Bind was successful<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_ldap: performing search in ou=EndUser,dc=USER,dc=fr, with filter
(USERlogin=toto*)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[ldapClear] No default NMAS login sequence<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[ldapClear] looking for check items in directory...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_ldap: USERrelationLoginService -> Callback-Number ==
"siebelsIdFortoto"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_ldap: USERuserPassword -> Cleartext-Password == "111111"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_ldap: USERlogin -> User-Name == "toto"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[ldapClear] looking for reply items in directory...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[ldapClear] user toto authorized to use remote access<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_ldap: ldap_release_conn: Release Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
++[ldapClear] returns ok<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[sql_crm_abv] #011expand: %{Callback-Number} -> siebelsIdFortoto<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[sql_crm_abv] sql_set_user escaped user --> 'siebelsIdFortoto'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_sql (sql_crm_abv): Reserving sql socket id: 1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[sql_crm_abv] #011expand: SELECT Identifiant,
Status FROM
siebel WHERE
Identifiant = '%{Callback-Number}' AND Status='1' -> SELECT Identifiant,
Status FROM
siebel WHERE
Identifiant = 'siebelsIdFortoto' AND Status='1'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_sql_mysql: query: SELECT Identifiant,
Status FROM
siebel WHERE
Identifiant = '=siebelsIdFortoto' AND Status='1'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_sql (sql_crm_abv): Released sql socket id: 1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]: [sql_crm_abv]
User siebelsIdFortoto not found<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
++[sql_crm_abv] returns notfound<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[chap] Setting 'Auth-Type := CHAP'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
++[chap] returns ok<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
++[expiration] returns noop<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
++[logintime] returns noop<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[pap] Found existing Auth-Type, not changing it.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
++[pap] returns noop<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_sqlcounter: Entering module authorize code<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
rlm_sqlcounter: Could not find Key value pair<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
Found Auth-Type = CHAP<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]: +-
entering group CHAP {...}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[chap] login attempt by "toto" with CHAP password<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[chap] Using clear text password "111111" for user toto
authentication.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
[chap] chap user toto authenticated succesfully<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
++[chap] returns ok<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
Login OK: [toto/<CHAP-Password>] (from client ext port 0)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]: +-
entering group post-auth {...}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>JJun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
Finished request 0.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
Going to the next request<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:29 radius-wifi1-aub freeradius[7106]:
Thread 4 waiting to be assigned a request<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:30 radius-wifi1-aub freeradius[7106]:
Waking up in 4.0 seconds.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:34 radius-wifi1-aub freeradius[7106]:
Cleaning up request 0 ID 159 with timestamp +4<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'>Jun 16 12:33:34 radius-wifi1-aub freeradius[7106]:
Ready to process requests.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-GB style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
</div>
</body>
</html>