<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";
mso-believe-normal-left:yes;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
p
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle19
{mso-style-type:personal-reply;
color:black;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
<![if mso 9]>
<style>
p.MsoNormal
{margin-left:3.35pt;}
</style>
<![endif]>
</head>
<body lang=EN-US link=blue vlink=blue style='margin-left:3.35pt;margin-top:
3.35pt;margin-right:3.35pt;margin-bottom:.85pt'>
<div class=Section1>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>Good to see Novell fans still exist!<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>No time to dig into this, but I’ve
seen on the list several times that copying configs from one version of FR to
another is not always supported / recommended. Probably doesn’t help
much, but maybe point you in the right direction. Can you reinstall the
original working version and conf of FR?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='margin:0in;margin-bottom:.0001pt;
text-align:center'><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.org] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Robert Koskey<br>
<b><span style='font-weight:bold'>Sent:</span></b> Thursday, December 09, 2010
4:41 PM<br>
<b><span style='font-weight:bold'>To:</span></b>
freeradius-users@lists.freeradius.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> ldap - edirectory
authentication</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Can anyone help?
We are trying to do a ldap authentication from novell's edirectory to an <st1:place
w:st="on">Aruba</st1:place> controller for wireless access. These are the
error's we are getting.<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>It used to work
perfectly but the original radius server blew up. We installed a new one with
the same configuration and it doesn't work. The problem areas are bold'ed.<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>The problem seems
to occur after the ldap authentication. I don't think we are entirely clear
about the order in which the whole process happens. <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Any help or
suggestions would be greatly appreciated.<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>The set up is:<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>OpenSuse 11.0<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>FreeRadius 2.0.5<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>We have tried:<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>OpenSuse 11.3<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>FreeRadius
2.1.9 (same result)<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>rad_recv:
Access-Request packet from host 10.215.10.100 port 34806, id=218, length=199<br>
User-Name = "jordanhkaltenbruner"<br>
NAS-IP-Address = 10.200.8.30<br>
NAS-Port = 2<br>
NAS-Identifier = "10.215.10.99"<br>
NAS-Port-Type = Wireless-802.11<br>
Calling-Station-Id = "78CA39B5D3E5"<br>
Called-Station-Id = "000B8661AC58"<br>
Service-Type = Login-User<br>
Framed-MTU = 1100<br>
EAP-Message = 0x02010018016a6f7264616e686b616c74656e6272756e6572<br>
Aruba-Essid-Name = "SCHS-Student"<br>
Aruba-Location-Id = "SpringbankW2-9"<br>
Message-Authenticator = 0x4542e9b98b5978ca1ca52b7617910620<br>
+- entering group authorize<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
rlm_realm: No <a href="mailto:'@'">'@'</a> in User-Name =
"jordanhkaltenbruner", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
++[suffix] returns noop<br>
rlm_ldap: - authorize<br>
rlm_ldap: performing user authorization for jordanhkaltenbruner<br>
WARNING: Deprecated conditional expansion ":-". See "man
unlang" for details<br>
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) ->
(uid=jordanhkaltenbruner)<br>
expand: ou=springhigh_lab,o=springhigh ->
ou=springhigh_lab,o=springhigh<br>
rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>
rlm_ldap: attempting LDAP reconnection<br>
rlm_ldap: (re)connect to 10.215.0.3:636, authentication 0<br>
rlm_ldap: setting TLS mode to 1<br>
rlm_ldap: bind as cn=admin,o=springhigh/???? to 10.215.0.3:636<br>
rlm_ldap: waiting for bind result ...<br>
rlm_ldap: Bind was successful<br>
rlm_ldap: performing search in ou=springhigh_lab,o=springhigh, with filter
(uid=jordanhkaltenbruner)<br>
rlm_ldap: Added the eDirectory password 51601222 in check items as
Cleartext-Password<br>
rlm_ldap: No default NMAS login sequence<br>
rlm_ldap: looking for check items in directory...<br>
rlm_ldap: looking for reply items in directory...<br>
rlm_ldap: user jordanhkaltenbruner authorized to use remote access<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br>
++[ldap] returns ok<br>
<strong><b><font face=Tahoma><span style='font-family:Tahoma'>++[expiration]
returns noop</span></font></b></strong><b><span style='font-weight:bold'><br>
<strong><b><font face=Tahoma><span style='font-family:Tahoma'>++[logintime]
returns noop</span></font></b></strong><br>
<strong><b><font face=Tahoma><span style='font-family:Tahoma'>rlm_pap: No
clear-text password in the request. Not performing PAP.</span></font></b></strong><br>
<strong><b><font face=Tahoma><span style='font-family:Tahoma'>++[pap] returns
noop</span></font></b></strong><br>
<strong><b><font face=Tahoma><span style='font-family:Tahoma'>auth: type Local</span></font></b></strong><br>
<strong><b><font face=Tahoma><span style='font-family:Tahoma'>auth: No
User-Password or CHAP-Password attribute in the request</span></font></b></strong><br>
<strong><b><font face=Tahoma><span style='font-family:Tahoma'>auth: Failed to
validate the user.</span></font></b></strong><br>
</span></b> Found Post-Auth-Type Reject<br>
+- entering group REJECT<br>
expand: %{User-Name} -> jordanhkaltenbruner<br>
attr_filter: Matched entry DEFAULT at line 11<br>
++[attr_filter.access_reject] returns updated<br>
Sending Access-Reject of id 218 to 10.215.10.100 port 34806<br>
Finished request 0.<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Robert Koskey,<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Systems and
Network Manager<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Rocky View
Schools<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Telephone:
403-945-4080<br>
Cell: 403-988-4640<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Robert Koskey,<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Systems and
Network Manager<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Rocky View
Schools<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>Telephone:
403-945-4080<br>
Cell: 403-988-4640<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'><o:p> </o:p></span></font></p>
<p><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>_____________________________________________________________________________________
<o:p></o:p></span></font></p>
<p><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>This
communication is intended for the use of the recipient to which it is
addressed, and may contain confidential, personal, and or privileged
information. Please contact us immediately if you are not the intended
recipient of this communication, and do not copy, distribute, or take action
relying on it. Any communication received in error, or subsequent reply, should
be deleted or destroyed. <o:p></o:p></span></font></p>
</div>
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
</body>
</html>