<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=text/html;charset=iso-8859-1 http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 9.00.8112.16434"></HEAD>
<BODY style="PADDING-LEFT: 10px; PADDING-RIGHT: 10px; PADDING-TOP: 15px"
id=MailContainerBody leftMargin=0 topMargin=0 CanvasTabStop="true"
name="Compose message area">
<DIV><FONT face=Calibri>Greetings list users,</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>I'm trying setup FreeRadius to work with LDAP in a
deployment of ClearOS and have followed this How-To <A
href="http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap"><FONT
title="http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap
CTRL + Clique para seguir a hiperligação"
face="Times New Roman">http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap</FONT></A> and
this How-To </FONT><FONT face=Calibri><A
href="http://deployingradius.com/documents/configuration/pap.html"><FONT
title="http://deployingradius.com/documents/configuration/pap.html
CTRL + Clique para seguir a hiperligação"
face="Times New Roman">http://deployingradius.com/documents/configuration/pap.html</FONT></A> with
success, up to the part of the inital radtest with credentials inserted in the
users file. But when trying to use credentials from the LDAP directory, the
Radius server returns an Access-Reject packet. </FONT></DIV>
<DIV><FONT face=Calibri>Below is the output from the debug mode. </FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT
face=Calibri>***************************************************</FONT></DIV>
<DIV><FONT face=Calibri>login as: root<BR><A
href="mailto:root@192.168.3.5's">root@192.168.3.5's</A> password:<BR>Last login:
Mon Sep 12 13:31:45 2011 from 192.168.3.2<BR>[root@system ~]# service radiusd
stop<BR>Stopping RADIUS
server:
[ OK ]<BR>[root@system ~]# radiusd -X<BR>FreeRADIUS Version 2.1.7,
for host i686-redhat-linux-gnu, built on May 19 2010 at 13:10:59<BR>Copyright
(C) 1999-2009 The FreeRADIUS server project and contributors.<BR>There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A<BR>PARTICULAR
PURPOSE.<BR>You may redistribute copies of FreeRADIUS under the terms of
the<BR>GNU General Public License v2.<BR>Starting - reading configuration files
...<BR>including configuration file /etc/raddb/radiusd.conf<BR>including
configuration file /etc/raddb/proxy.conf<BR>including configuration file
/etc/raddb/clearos-clients.conf<BR>including files in directory
/etc/raddb/modules/<BR>including configuration file
/etc/raddb/modules/radutmp<BR>including configuration file
/etc/raddb/modules/smbpasswd<BR>including configuration file
/etc/raddb/modules/realm<BR>including configuration file
/etc/raddb/modules/etc_group<BR>including configuration file
/etc/raddb/modules/attr_rewrite<BR>including configuration file
/etc/raddb/modules/wimax<BR>including configuration file
/etc/raddb/modules/detail<BR>including configuration file
/etc/raddb/modules/logintime<BR>including configuration file
/etc/raddb/modules/detail.example.com<BR>including configuration file
/etc/raddb/modules/files<BR>including configuration file
/etc/raddb/modules/counter<BR>including configuration file
/etc/raddb/modules/acct_unique<BR>including configuration file
/etc/raddb/modules/ippool<BR>including configuration file
/etc/raddb/modules/exec<BR>including configuration file
/etc/raddb/modules/inner-eap<BR>including configuration file
/etc/raddb/modules/always<BR>including configuration file
/etc/raddb/modules/passwd<BR>including configuration file
/etc/raddb/modules/expiration<BR>including configuration file
/etc/raddb/modules/checkval<BR>including configuration file
/etc/raddb/modules/linelog<BR>including configuration file
/etc/raddb/modules/sqlcounter_expire_on_login<BR>including configuration file
/etc/raddb/modules/digest<BR>including configuration file
/etc/raddb/modules/mschap<BR>including configuration file
/etc/raddb/modules/detail.log<BR>including configuration file
/etc/raddb/modules/echo<BR>including configuration file
/etc/raddb/modules/sradutmp<BR>including configuration file
/etc/raddb/modules/mac2ip<BR>including configuration file
/etc/raddb/modules/mac2vlan<BR>including configuration file
/etc/raddb/modules/pam<BR>including configuration file
/etc/raddb/modules/smsotp<BR>including configuration file
/etc/raddb/modules/ldap<BR>including configuration file
/etc/raddb/modules/unix<BR>including configuration file
/etc/raddb/modules/pap<BR>including configuration file
/etc/raddb/modules/sql_log<BR>including configuration file
/etc/raddb/modules/policy<BR>including configuration file
/etc/raddb/modules/expr<BR>including configuration file
/etc/raddb/modules/attr_filter<BR>including configuration file
/etc/raddb/modules/perl<BR>including configuration file
/etc/raddb/modules/cui<BR>including configuration file
/etc/raddb/modules/preprocess<BR>including configuration file
/etc/raddb/modules/otp<BR>including configuration file
/etc/raddb/modules/chap<BR>including configuration file
/etc/raddb/clearos-eap.conf<BR>including configuration file
/etc/raddb/policy.conf<BR>including files in directory
/etc/raddb/sites-enabled/<BR>including configuration file
/etc/raddb/sites-enabled/control-socket<BR>including configuration file
/etc/raddb/sites-enabled/inner-tunnel<BR>including configuration file
/etc/raddb/sites-enabled/default<BR>including configuration file
/etc/raddb/sites-enabled/clearos-inner-tunnel<BR>group = radiusd<BR>user =
radiusd<BR>including dictionary file /etc/raddb/dictionary<BR>main
{<BR> prefix =
"/usr"<BR> localstatedir =
"/var"<BR> logdir =
"/var/log/radius"<BR> libdir =
"/usr/lib/freeradius"<BR> radacctdir =
"/var/log/radius/radacct"<BR>
hostname_lookups = no<BR>
max_request_time = 30<BR>
cleanup_delay = 5<BR> max_requests =
1024<BR> allow_core_dumps =
no<BR> pidfile =
"/var/run/radiusd/radiusd.pid"<BR>
checkrad = "/usr/sbin/checkrad"<BR>
debug_level = 0<BR> proxy_requests =
yes<BR> log {<BR> stripped_names
= no<BR> auth =
no<BR> auth_badpass =
no<BR> auth_goodpass =
no<BR> }<BR> security {<BR>
max_attributes = 200<BR> reject_delay
= 1<BR> status_server =
yes<BR> }<BR>}<BR>radiusd: #### Loading Realms and Home Servers
####<BR> proxy server {<BR>
retry_delay = 5<BR> retry_count =
3<BR> default_fallback =
no<BR> dead_time =
120<BR> wake_all_if_all_dead =
no<BR> }<BR> home_server localhost
{<BR> ipaddr =
127.0.0.1<BR> port =
1812<BR> type =
"auth"<BR> secret =
"testing123"<BR> response_window =
20<BR> max_outstanding =
65536<BR>
require_message_authenticator = no<BR>
zombie_period = 40<BR> status_check =
"status-server"<BR> ping_interval =
30<BR> check_interval =
30<BR> num_answers_to_alive =
3<BR> num_pings_to_alive =
3<BR> revive_interval =
120<BR> status_check_timeout =
4<BR> irt =
2<BR> mrt =
16<BR> mrc =
5<BR> mrd =
30<BR> }<BR> home_server_pool my_auth_failover
{<BR> type =
fail-over<BR> home_server =
localhost<BR> }<BR> realm example.com
{<BR> auth_pool =
my_auth_failover<BR> }<BR> realm LOCAL {<BR> }<BR>radiusd: ####
Loading Clients ####<BR> client localhost
{<BR> require_message_authenticator =
no<BR> secret =
"mysecretpass"<BR> shortname =
"myclient"<BR> }<BR>radiusd: #### Instantiating modules
####<BR> instantiate {<BR> Module: Linked to module
rlm_exec<BR> Module: Instantiating exec<BR> exec
{<BR> wait =
no<BR> input_pairs =
"request"<BR> shell_escape =
yes<BR> }<BR> Module: Linked to module rlm_expr<BR> Module:
Instantiating expr<BR> Module: Linked to module
rlm_expiration<BR> Module: Instantiating expiration<BR> expiration
{<BR> reply-message = "Password Has
Expired "<BR> }<BR> Module: Linked to module
rlm_logintime<BR> Module: Instantiating logintime<BR> logintime
{<BR> reply-message = "You are calling
outside your allowed timespan
"<BR> minimum-timeout = 60<BR>
}<BR> }<BR>radiusd: #### Loading Virtual Servers ####<BR>server
inner-tunnel {<BR> modules {<BR> Module: Checking authenticate {...}
for more modules to load<BR> Module: Linked to module
rlm_pap<BR> Module: Instantiating pap<BR> pap
{<BR> encryption_scheme =
"auto"<BR> auto_header = no<BR>
}<BR> Module: Linked to module rlm_chap<BR> Module: Instantiating
chap<BR> Module: Linked to module rlm_mschap<BR> Module: Instantiating
mschap<BR> mschap {<BR> use_mppe
= yes<BR> require_encryption =
no<BR> require_strong =
no<BR> with_ntdomain_hack =
no<BR> }<BR> Module: Linked to module rlm_unix<BR> Module:
Instantiating unix<BR> unix
{<BR> radwtmp =
"/var/log/radius/radwtmp"<BR> }<BR> Module: Linked to module
rlm_eap<BR> Module: Instantiating eap<BR> eap
{<BR> default_eap_type =
"ttls"<BR> timer_expire =
60<BR> ignore_unknown_eap_types =
no<BR> cisco_accounting_username_bug =
no<BR> max_sessions = 2048<BR>
}<BR> Module: Linked to sub-module rlm_eap_md5<BR> Module:
Instantiating eap-md5<BR> Module: Linked to sub-module
rlm_eap_leap<BR> Module: Instantiating eap-leap<BR> Module: Linked to
sub-module rlm_eap_gtc<BR> Module: Instantiating eap-gtc<BR>
gtc {<BR> challenge = "Password:
"<BR> auth_type =
"PAP"<BR> }<BR> Module: Linked to sub-module
rlm_eap_tls<BR> Module: Instantiating eap-tls<BR> tls
{<BR> rsa_key_exchange =
no<BR> dh_key_exchange =
yes<BR> rsa_key_length =
512<BR> dh_key_length =
512<BR> verify_depth =
0<BR> pem_file_type =
yes<BR> private_key_file =
"/etc/raddb/clearos-certs/key.pem"<BR>
certificate_file =
"/etc/raddb/clearos-certs/cert.pem"<BR>
CA_file =
"/etc/raddb/clearos-certs/ca.pem"<BR>
dh_file =
"/etc/raddb/clearos-certs/dh1024.pem"<BR>
random_file =
"/etc/raddb/clearos-certs/random"<BR>
fragment_size = 1024<BR>
include_length = yes<BR> check_crl =
no<BR> cipher_list =
"DEFAULT"<BR> cache
{<BR> enable =
no<BR> lifetime =
24<BR> max_entries =
255<BR> }<BR> }<BR> Module: Linked to
sub-module rlm_eap_ttls<BR> Module: Instantiating eap-ttls<BR>
ttls {<BR> default_eap_type =
"md5"<BR> copy_request_to_tunnel =
no<BR> use_tunneled_reply =
no<BR> virtual_server =
"clearos-inner-tunnel"<BR>
include_length = yes<BR> }<BR> Module: Linked to sub-module
rlm_eap_peap<BR> Module: Instantiating eap-peap<BR> peap
{<BR> default_eap_type =
"mschapv2"<BR> copy_request_to_tunnel
= no<BR> use_tunneled_reply =
no<BR> proxy_tunneled_request_as_eap =
yes<BR> virtual_server =
"inner-tunnel"<BR> }<BR> Module: Linked to sub-module
rlm_eap_mschapv2<BR> Module: Instantiating eap-mschapv2<BR>
mschapv2 {<BR> with_ntdomain_hack =
no<BR> }<BR> Module: Checking authorize {...} for more modules
to load<BR> Module: Linked to module rlm_realm<BR> Module:
Instantiating suffix<BR> realm suffix
{<BR> format =
"suffix"<BR> delimiter =
"@"<BR> ignore_default =
no<BR> ignore_null = no<BR>
}<BR> Module: Linked to module rlm_files<BR> Module: Instantiating
files<BR> files {<BR> usersfile
= "/etc/raddb/users"<BR> acctusersfile
= "/etc/raddb/acct_users"<BR>
preproxy_usersfile =
"/etc/raddb/preproxy_users"<BR> compat
= "no"<BR> }<BR> Module: Checking session {...} for more modules to
load<BR> Module: Linked to module rlm_radutmp<BR> Module:
Instantiating radutmp<BR> radutmp
{<BR> filename =
"/var/log/radius/radutmp"<BR> username
= "%{User-Name}"<BR> case_sensitive =
yes<BR> check_with_nas =
yes<BR> perm =
384<BR> callerid = yes<BR>
}<BR> Module: Checking post-proxy {...} for more modules to
load<BR> Module: Checking post-auth {...} for more modules to
load<BR> Module: Linked to module rlm_attr_filter<BR> Module:
Instantiating attr_filter.access_reject<BR> attr_filter
attr_filter.access_reject {<BR>
attrsfile =
"/etc/raddb/attrs.access_reject"<BR>
key = "%{User-Name}"<BR> }<BR> } # modules<BR>} # server<BR>server
clearos-inner-tunnel {<BR> modules {<BR> Module: Checking authenticate
{...} for more modules to load<BR> Module: Checking authorize {...} for
more modules to load<BR> Module: Linked to module rlm_ldap<BR> Module:
Instantiating ldap<BR> ldap
{<BR> server =
"localhost"<BR> port =
389<BR> password =
"CnboAg6Wb3lTe75u"<BR> identity =
"cn=manager,cn=internal,dc=clearos,dc=lan"<BR>
net_timeout = 5<BR> timeout =
20<BR> timelimit =
10<BR> tls_mode =
no<BR> start_tls =
no<BR> tls_require_cert =
"allow"<BR> tls {<BR>
start_tls = no<BR> require_cert =
"allow"<BR> }<BR> basedn =
"dc=clearos,dc=lan"<BR> filter =
"(uid=%{%{Stripped-User-Name}:-%{User-Name}})"<BR>
base_filter =
"(objectclass=radiusprofile)"<BR>
auto_header = no<BR>
access_attr_used_for_allow = yes<BR>
groupname_attribute = "cn"<BR>
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))"<BR>
dictionary_mapping =
"/etc/raddb/ldap.attrmap"<BR>
ldap_debug = 0<BR>
ldap_connections_number = 5<BR>
compare_check_items = no<BR> do_xlat =
yes<BR> set_auth_type = yes<BR>
}<BR>rlm_ldap: Registering ldap_groupcmp for Ldap-Group<BR>rlm_ldap: Registering
ldap_xlat with xlat_name ldap<BR>rlm_ldap: Over-riding set_auth_type, as there
is no module ldap listed in the "authenticate" section.<BR>rlm_ldap: reading
ldap<->radius mappings from file /etc/raddb/ldap.attrmap<BR>rlm_ldap: LDAP
radiusCheckItem mapped to RADIUS $GENERIC$<BR>rlm_ldap: LDAP radiusReplyItem
mapped to RADIUS $GENERIC$<BR>rlm_ldap: LDAP radiusAuthType mapped to RADIUS
Auth-Type<BR>rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS
Simultaneous-Use<BR>rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS
Called-Station-Id<BR>rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
Calling-Station-Id<BR>rlm_ldap: LDAP lmPassword mapped to RADIUS
LM-Password<BR>rlm_ldap: LDAP ntPassword mapped to RADIUS
NT-Password<BR>rlm_ldap: LDAP sambaLmPassword mapped to RADIUS
LM-Password<BR>rlm_ldap: LDAP sambaNtPassword mapped to RADIUS
NT-Password<BR>rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password<BR>rlm_ldap:
LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT<BR>rlm_ldap: LDAP
radiusExpiration mapped to RADIUS Expiration<BR>rlm_ldap: LDAP
radiusNASIpAddress mapped to RADIUS NAS-IP-Address<BR>rlm_ldap: LDAP
radiusServiceType mapped to RADIUS Service-Type<BR>rlm_ldap: LDAP
radiusFramedProtocol mapped to RADIUS Framed-Protocol<BR>rlm_ldap: LDAP
radiusFramedIPAddress mapped to RADIUS Framed-IP-Address<BR>rlm_ldap: LDAP
radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask<BR>rlm_ldap: LDAP
radiusFramedRoute mapped to RADIUS Framed-Route<BR>rlm_ldap: LDAP
radiusFramedRouting mapped to RADIUS Framed-Routing<BR>rlm_ldap: LDAP
radiusFilterId mapped to RADIUS Filter-Id<BR>rlm_ldap: LDAP radiusFramedMTU
mapped to RADIUS Framed-MTU<BR>rlm_ldap: LDAP radiusFramedCompression mapped to
RADIUS Framed-Compression<BR>rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS
Login-IP-Host<BR>rlm_ldap: LDAP radiusLoginService mapped to RADIUS
Login-Service<BR>rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS
Login-TCP-Port<BR>rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS
Callback-Number<BR>rlm_ldap: LDAP radiusCallbackId mapped to RADIUS
Callback-Id<BR>rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
Framed-IPX-Network<BR>rlm_ldap: LDAP radiusClass mapped to RADIUS
Class<BR>rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS
Session-Timeout<BR>rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS
Idle-Timeout<BR>rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
Termination-Action<BR>rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS
Login-LAT-Service<BR>rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS
Login-LAT-Node<BR>rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS
Login-LAT-Group<BR>rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link<BR>rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to
RADIUS Framed-AppleTalk-Network<BR>rlm_ldap: LDAP radiusFramedAppleTalkZone
mapped to RADIUS Framed-AppleTalk-Zone<BR>rlm_ldap: LDAP radiusPortLimit mapped
to RADIUS Port-Limit<BR>rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS
Login-LAT-Port<BR>rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS
Reply-Message<BR>rlm_ldap: LDAP radiusTunnelType mapped to RADIUS
Tunnel-Type<BR>rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS
Tunnel-Medium-Type<BR>rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS
Tunnel-Private-Group-Id<BR>conns: 0x8eaf548<BR> Module: Checking session
{...} for more modules to load<BR> Module: Checking post-proxy {...} for
more modules to load<BR> Module: Checking post-auth {...} for more modules
to load<BR> } # modules<BR>} # server<BR>server {<BR> modules
{<BR> Module: Checking authenticate {...} for more modules to
load<BR> Module: Checking authorize {...} for more modules to
load<BR> Module: Linked to module rlm_preprocess<BR> Module:
Instantiating preprocess<BR> preprocess
{<BR> huntgroups =
"/etc/raddb/huntgroups"<BR> hints =
"/etc/raddb/hints"<BR>
with_ascend_hack = no<BR>
ascend_channels_per_line = 23<BR>
with_ntdomain_hack = no<BR>
with_specialix_jetstream_hack = no<BR>
with_cisco_vsa_hack = no<BR>
with_alvarion_vsa_hack = no<BR> }<BR> Module: Checking preacct {...}
for more modules to load<BR> Module: Linked to module
rlm_acct_unique<BR> Module: Instantiating acct_unique<BR> acct_unique
{<BR> key = "User-Name,
Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<BR>
}<BR> Module: Checking accounting {...} for more modules to
load<BR> Module: Linked to module rlm_detail<BR> Module: Instantiating
detail<BR> detail {<BR>
detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"<BR>
header = "%t"<BR> detailperm =
384<BR> dirperm =
493<BR> locking =
no<BR> log_packet_header =
no<BR> }<BR> Module: Instantiating
attr_filter.accounting_response<BR> attr_filter
attr_filter.accounting_response {<BR>
attrsfile =
"/etc/raddb/attrs.accounting_response"<BR>
key = "%{User-Name}"<BR> }<BR> Module: Checking session {...} for
more modules to load<BR> Module: Checking post-proxy {...} for more modules
to load<BR> Module: Checking post-auth {...} for more modules to
load<BR> } # modules<BR>} # server<BR>radiusd: #### Opening IP addresses
and Ports ####<BR>listen {<BR> type =
"auth"<BR> ipaddr =
*<BR> port = 0<BR>}<BR>listen
{<BR> type =
"acct"<BR> ipaddr =
*<BR> port = 0<BR>}<BR>listen
{<BR> type = "control"<BR> listen
{<BR> socket =
"/var/run/radiusd/radiusd.sock"<BR> }<BR>}<BR>Listening on authentication
address * port 1812<BR>Listening on accounting address * port 1813<BR>Listening
on command file /var/run/radiusd/radiusd.sock<BR>Listening on proxy address *
port 1814<BR>Ready to process requests.<BR>rad_recv: Access-Request packet from
host 127.0.0.1 port 40537, id=123,
length=55<BR> User-Name =
"bob"<BR> User-Password =
"hello"<BR> NAS-IP-Address =
127.0.0.1<BR> NAS-Port = 0<BR>+-
entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns
noop<BR>++[mschap] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in
User-Name = "bob", looking up realm NULL<BR>[suffix] No such realm
"NULL"<BR>++[suffix] returns noop<BR>[eap] No EAP-Message, not doing
EAP<BR>++[eap] returns noop<BR>[files] users: Matched entry bob at line
1<BR>++[files] returns ok<BR>[ldap] performing user authorization for
bob<BR>[ldap] expand: %{Stripped-User-Name} -><BR>[ldap] expand:
%{User-Name} -> bob<BR>[ldap] expand:
(uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=bob)<BR>[ldap]
expand: dc=clearos,dc=lan -> dc=clearos,dc=lan<BR>rlm_ldap: ldap_get_conn:
Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: attempting
LDAP reconnection<BR>rlm_ldap: (re)connect to localhost:389, authentication
0<BR>rlm_ldap: bind as cn=manager,cn=internal,dc=clearos,dc=lan/CnboAg6Wb3lTe75u
to localhost:389<BR>rlm_ldap: waiting for bind result ...<BR>rlm_ldap: Bind was
successful<BR>rlm_ldap: performing search in dc=clearos,dc=lan, with filter
(uid=bob)<BR>rlm_ldap: object not found<BR>[ldap] search failed<BR>rlm_ldap:
ldap_release_conn: Release Id: 0<BR>++[ldap] returns notfound<BR>++[expiration]
returns noop<BR>++[logintime] returns noop<BR>++[pap] returns updated<BR>Found
Auth-Type = PAP<BR>+- entering group PAP {...}<BR>[pap] login attempt with
password "hello"<BR>[pap] Using clear text password "hello"<BR>[pap] User
authenticated successfully<BR>++[pap] returns ok<BR>+- entering group post-auth
{...}<BR>++[exec] returns noop<BR>Sending Access-Accept of id 123 to 127.0.0.1
port 40537<BR>Finished request 0.<BR>Going to the next request<BR>Waking up in
4.9 seconds.<BR>Cleaning up request 0 ID 123 with timestamp +6<BR>Ready to
process requests.<BR>rad_recv: Access-Request packet from host 127.0.0.1 port
52736, id=80, length=57<BR> User-Name
= "user1"<BR> User-Password =
"user1pass"<BR> NAS-IP-Address =
127.0.0.1<BR> NAS-Port = 0<BR>+-
entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns
noop<BR>++[mschap] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in
User-Name = "user1", looking up realm NULL<BR>[suffix] No such realm
"NULL"<BR>++[suffix] returns noop<BR>[eap] No EAP-Message, not doing
EAP<BR>++[eap] returns noop<BR>rlm_ldap: Entering
ldap_groupcmp()<BR>[files]
expand: dc=clearos,dc=lan ->
dc=clearos,dc=lan<BR>[files]
expand: %{Stripped-User-Name}
-><BR>[files] expand:
%{User-Name} ->
user1<BR>[files] expand:
(uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=user1)<BR>rlm_ldap:
ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap:
performing search in dc=clearos,dc=lan, with filter (uid=user1)<BR>rlm_ldap:
object not found<BR>rlm_ldap::ldap_groupcmp: search failed<BR>rlm_ldap:
ldap_release_conn: Release Id: 0<BR>[files] users: Matched entry DEFAULT at line
1<BR>++[files] returns ok<BR>[ldap] performing user authorization for
user1<BR>[ldap] expand: %{Stripped-User-Name} -><BR>[ldap]
expand: %{User-Name} -> user1<BR>[ldap] expand:
(uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=user1)<BR>[ldap]
expand: dc=clearos,dc=lan -> dc=clearos,dc=lan<BR>rlm_ldap: ldap_get_conn:
Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing
search in dc=clearos,dc=lan, with filter (uid=user1)<BR>rlm_ldap: object not
found<BR>[ldap] search failed<BR>rlm_ldap: ldap_release_conn: Release Id:
0<BR>++[ldap] returns notfound<BR>++[expiration] returns noop<BR>++[logintime]
returns noop<BR>[pap] Found existing Auth-Type, not changing it.<BR>++[pap]
returns noop<BR>Found Auth-Type = Reject<BR>Auth-Type = Reject, rejecting
user<BR>Failed to authenticate the user.<BR>Using Post-Auth-Type Reject<BR>+-
entering group REJECT
{...}<BR>[attr_filter.access_reject] expand:
%{User-Name} -> user1<BR> attr_filter: Matched entry DEFAULT at line
11<BR>++[attr_filter.access_reject] returns updated<BR>Delaying reject of
request 1 for 1 seconds<BR>Going to the next request<BR>Waking up in 0.9
seconds.<BR>Sending delayed reject for request 1<BR>Sending Access-Reject of id
80 to 127.0.0.1 port 52736<BR>Waking up in 4.5 seconds.<BR></FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT
face=Calibri>***************************************************</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>Hope someone can show some light to this unix
illiterate. </FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>Regards,</FONT></DIV>
<DIV><FONT face=Calibri>Ricardo</FONT></DIV></BODY></HTML>