<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I am not a Pro neither, but I have had my share of sleepless nights
trying to figure out the same issues here. The problem does not seem
to be freeradius here but the LDAP server<br>
The LDAP module cannot find the user "user1" in the LDAP database
even though it successfully connected to it.<br>
Try to locate "user1" in the directory using ldapsearch or another
tool , then use that information in you basedn info (in ldap.conf).
Users are generally stored in the cn=users,dc=domain,dc=tld
container<br>
I have found that with AD the ldap module cannot seem to find
anything when searching the root of the domain ...<br>
<br>
Gondar<br>
<br>
<br>
<br>
<br>
<br>
On 9/12/2011 10:16 AM, Ricardo Sousa wrote:
<blockquote cite="mid:SNT120-DS12BF6CC3B6B9E641E6F518D3020@phx.gbl"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<meta name="GENERATOR" content="MSHTML 9.00.8112.16434">
<div><font face="Calibri">Greetings list users,</font></div>
<div> </div>
<div><font face="Calibri">I'm trying setup FreeRadius to work with
LDAP in a deployment of ClearOS and have followed this How-To
<a moz-do-not-send="true"
href="http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap"><font
title="http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap
CTRL
+ Clique para seguir a hiperligação" face="Times New
Roman">http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap</font></a> and
this How-To </font><font face="Calibri"><a
moz-do-not-send="true"
href="http://deployingradius.com/documents/configuration/pap.html"><font
title="http://deployingradius.com/documents/configuration/pap.html
CTRL
+ Clique para seguir a hiperligação" face="Times New
Roman">http://deployingradius.com/documents/configuration/pap.html</font></a> with
success, up to the part of the inital radtest with credentials
inserted in the users file. But when trying to use credentials
from the LDAP directory, the Radius server returns an
Access-Reject packet. </font></div>
<div><font face="Calibri">Below is the output from the debug mode.
</font></div>
<div> </div>
<div><font face="Calibri">***************************************************</font></div>
<div><font face="Calibri">login as: root<br>
<a moz-do-not-send="true" href="mailto:root@192.168.3.5%27s">root@192.168.3.5's</a>
password:<br>
Last login: Mon Sep 12 13:31:45 2011 from 192.168.3.2<br>
[root@system ~]# service radiusd stop<br>
Stopping RADIUS server: [
OK ]<br>
[root@system ~]# radiusd -X<br>
FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu,
built on May 19 2010 at 13:10:59<br>
Copyright (C) 1999-2009 The FreeRADIUS server project and
contributors.<br>
There is NO warranty; not even for MERCHANTABILITY or FITNESS
FOR A<br>
PARTICULAR PURPOSE.<br>
You may redistribute copies of FreeRADIUS under the terms of
the<br>
GNU General Public License v2.<br>
Starting - reading configuration files ...<br>
including configuration file /etc/raddb/radiusd.conf<br>
including configuration file /etc/raddb/proxy.conf<br>
including configuration file /etc/raddb/clearos-clients.conf<br>
including files in directory /etc/raddb/modules/<br>
including configuration file /etc/raddb/modules/radutmp<br>
including configuration file /etc/raddb/modules/smbpasswd<br>
including configuration file /etc/raddb/modules/realm<br>
including configuration file /etc/raddb/modules/etc_group<br>
including configuration file /etc/raddb/modules/attr_rewrite<br>
including configuration file /etc/raddb/modules/wimax<br>
including configuration file /etc/raddb/modules/detail<br>
including configuration file /etc/raddb/modules/logintime<br>
including configuration file
/etc/raddb/modules/detail.example.com<br>
including configuration file /etc/raddb/modules/files<br>
including configuration file /etc/raddb/modules/counter<br>
including configuration file /etc/raddb/modules/acct_unique<br>
including configuration file /etc/raddb/modules/ippool<br>
including configuration file /etc/raddb/modules/exec<br>
including configuration file /etc/raddb/modules/inner-eap<br>
including configuration file /etc/raddb/modules/always<br>
including configuration file /etc/raddb/modules/passwd<br>
including configuration file /etc/raddb/modules/expiration<br>
including configuration file /etc/raddb/modules/checkval<br>
including configuration file /etc/raddb/modules/linelog<br>
including configuration file
/etc/raddb/modules/sqlcounter_expire_on_login<br>
including configuration file /etc/raddb/modules/digest<br>
including configuration file /etc/raddb/modules/mschap<br>
including configuration file /etc/raddb/modules/detail.log<br>
including configuration file /etc/raddb/modules/echo<br>
including configuration file /etc/raddb/modules/sradutmp<br>
including configuration file /etc/raddb/modules/mac2ip<br>
including configuration file /etc/raddb/modules/mac2vlan<br>
including configuration file /etc/raddb/modules/pam<br>
including configuration file /etc/raddb/modules/smsotp<br>
including configuration file /etc/raddb/modules/ldap<br>
including configuration file /etc/raddb/modules/unix<br>
including configuration file /etc/raddb/modules/pap<br>
including configuration file /etc/raddb/modules/sql_log<br>
including configuration file /etc/raddb/modules/policy<br>
including configuration file /etc/raddb/modules/expr<br>
including configuration file /etc/raddb/modules/attr_filter<br>
including configuration file /etc/raddb/modules/perl<br>
including configuration file /etc/raddb/modules/cui<br>
including configuration file /etc/raddb/modules/preprocess<br>
including configuration file /etc/raddb/modules/otp<br>
including configuration file /etc/raddb/modules/chap<br>
including configuration file /etc/raddb/clearos-eap.conf<br>
including configuration file /etc/raddb/policy.conf<br>
including files in directory /etc/raddb/sites-enabled/<br>
including configuration file
/etc/raddb/sites-enabled/control-socket<br>
including configuration file
/etc/raddb/sites-enabled/inner-tunnel<br>
including configuration file /etc/raddb/sites-enabled/default<br>
including configuration file
/etc/raddb/sites-enabled/clearos-inner-tunnel<br>
group = radiusd<br>
user = radiusd<br>
including dictionary file /etc/raddb/dictionary<br>
main {<br>
prefix = "/usr"<br>
localstatedir = "/var"<br>
logdir = "/var/log/radius"<br>
libdir = "/usr/lib/freeradius"<br>
radacctdir = "/var/log/radius/radacct"<br>
hostname_lookups = no<br>
max_request_time = 30<br>
cleanup_delay = 5<br>
max_requests = 1024<br>
allow_core_dumps = no<br>
pidfile = "/var/run/radiusd/radiusd.pid"<br>
checkrad = "/usr/sbin/checkrad"<br>
debug_level = 0<br>
proxy_requests = yes<br>
log {<br>
stripped_names = no<br>
auth = no<br>
auth_badpass = no<br>
auth_goodpass = no<br>
}<br>
security {<br>
max_attributes = 200<br>
reject_delay = 1<br>
status_server = yes<br>
}<br>
}<br>
radiusd: #### Loading Realms and Home Servers ####<br>
proxy server {<br>
retry_delay = 5<br>
retry_count = 3<br>
default_fallback = no<br>
dead_time = 120<br>
wake_all_if_all_dead = no<br>
}<br>
home_server localhost {<br>
ipaddr = 127.0.0.1<br>
port = 1812<br>
type = "auth"<br>
secret = "testing123"<br>
response_window = 20<br>
max_outstanding = 65536<br>
require_message_authenticator = no<br>
zombie_period = 40<br>
status_check = "status-server"<br>
ping_interval = 30<br>
check_interval = 30<br>
num_answers_to_alive = 3<br>
num_pings_to_alive = 3<br>
revive_interval = 120<br>
status_check_timeout = 4<br>
irt = 2<br>
mrt = 16<br>
mrc = 5<br>
mrd = 30<br>
}<br>
home_server_pool my_auth_failover {<br>
type = fail-over<br>
home_server = localhost<br>
}<br>
realm example.com {<br>
auth_pool = my_auth_failover<br>
}<br>
realm LOCAL {<br>
}<br>
radiusd: #### Loading Clients ####<br>
client localhost {<br>
require_message_authenticator = no<br>
secret = "mysecretpass"<br>
shortname = "myclient"<br>
}<br>
radiusd: #### Instantiating modules ####<br>
instantiate {<br>
Module: Linked to module rlm_exec<br>
Module: Instantiating exec<br>
exec {<br>
wait = no<br>
input_pairs = "request"<br>
shell_escape = yes<br>
}<br>
Module: Linked to module rlm_expr<br>
Module: Instantiating expr<br>
Module: Linked to module rlm_expiration<br>
Module: Instantiating expiration<br>
expiration {<br>
reply-message = "Password Has Expired "<br>
}<br>
Module: Linked to module rlm_logintime<br>
Module: Instantiating logintime<br>
logintime {<br>
reply-message = "You are calling outside your allowed
timespan "<br>
minimum-timeout = 60<br>
}<br>
}<br>
radiusd: #### Loading Virtual Servers ####<br>
server inner-tunnel {<br>
modules {<br>
Module: Checking authenticate {...} for more modules to load<br>
Module: Linked to module rlm_pap<br>
Module: Instantiating pap<br>
pap {<br>
encryption_scheme = "auto"<br>
auto_header = no<br>
}<br>
Module: Linked to module rlm_chap<br>
Module: Instantiating chap<br>
Module: Linked to module rlm_mschap<br>
Module: Instantiating mschap<br>
mschap {<br>
use_mppe = yes<br>
require_encryption = no<br>
require_strong = no<br>
with_ntdomain_hack = no<br>
}<br>
Module: Linked to module rlm_unix<br>
Module: Instantiating unix<br>
unix {<br>
radwtmp = "/var/log/radius/radwtmp"<br>
}<br>
Module: Linked to module rlm_eap<br>
Module: Instantiating eap<br>
eap {<br>
default_eap_type = "ttls"<br>
timer_expire = 60<br>
ignore_unknown_eap_types = no<br>
cisco_accounting_username_bug = no<br>
max_sessions = 2048<br>
}<br>
Module: Linked to sub-module rlm_eap_md5<br>
Module: Instantiating eap-md5<br>
Module: Linked to sub-module rlm_eap_leap<br>
Module: Instantiating eap-leap<br>
Module: Linked to sub-module rlm_eap_gtc<br>
Module: Instantiating eap-gtc<br>
gtc {<br>
challenge = "Password: "<br>
auth_type = "PAP"<br>
}<br>
Module: Linked to sub-module rlm_eap_tls<br>
Module: Instantiating eap-tls<br>
tls {<br>
rsa_key_exchange = no<br>
dh_key_exchange = yes<br>
rsa_key_length = 512<br>
dh_key_length = 512<br>
verify_depth = 0<br>
pem_file_type = yes<br>
private_key_file = "/etc/raddb/clearos-certs/key.pem"<br>
certificate_file = "/etc/raddb/clearos-certs/cert.pem"<br>
CA_file = "/etc/raddb/clearos-certs/ca.pem"<br>
dh_file = "/etc/raddb/clearos-certs/dh1024.pem"<br>
random_file = "/etc/raddb/clearos-certs/random"<br>
fragment_size = 1024<br>
include_length = yes<br>
check_crl = no<br>
cipher_list = "DEFAULT"<br>
cache {<br>
enable = no<br>
lifetime = 24<br>
max_entries = 255<br>
}<br>
}<br>
Module: Linked to sub-module rlm_eap_ttls<br>
Module: Instantiating eap-ttls<br>
ttls {<br>
default_eap_type = "md5"<br>
copy_request_to_tunnel = no<br>
use_tunneled_reply = no<br>
virtual_server = "clearos-inner-tunnel"<br>
include_length = yes<br>
}<br>
Module: Linked to sub-module rlm_eap_peap<br>
Module: Instantiating eap-peap<br>
peap {<br>
default_eap_type = "mschapv2"<br>
copy_request_to_tunnel = no<br>
use_tunneled_reply = no<br>
proxy_tunneled_request_as_eap = yes<br>
virtual_server = "inner-tunnel"<br>
}<br>
Module: Linked to sub-module rlm_eap_mschapv2<br>
Module: Instantiating eap-mschapv2<br>
mschapv2 {<br>
with_ntdomain_hack = no<br>
}<br>
Module: Checking authorize {...} for more modules to load<br>
Module: Linked to module rlm_realm<br>
Module: Instantiating suffix<br>
realm suffix {<br>
format = "suffix"<br>
delimiter = "@"<br>
ignore_default = no<br>
ignore_null = no<br>
}<br>
Module: Linked to module rlm_files<br>
Module: Instantiating files<br>
files {<br>
usersfile = "/etc/raddb/users"<br>
acctusersfile = "/etc/raddb/acct_users"<br>
preproxy_usersfile = "/etc/raddb/preproxy_users"<br>
compat = "no"<br>
}<br>
Module: Checking session {...} for more modules to load<br>
Module: Linked to module rlm_radutmp<br>
Module: Instantiating radutmp<br>
radutmp {<br>
filename = "/var/log/radius/radutmp"<br>
username = "%{User-Name}"<br>
case_sensitive = yes<br>
check_with_nas = yes<br>
perm = 384<br>
callerid = yes<br>
}<br>
Module: Checking post-proxy {...} for more modules to load<br>
Module: Checking post-auth {...} for more modules to load<br>
Module: Linked to module rlm_attr_filter<br>
Module: Instantiating attr_filter.access_reject<br>
attr_filter attr_filter.access_reject {<br>
attrsfile = "/etc/raddb/attrs.access_reject"<br>
key = "%{User-Name}"<br>
}<br>
} # modules<br>
} # server<br>
server clearos-inner-tunnel {<br>
modules {<br>
Module: Checking authenticate {...} for more modules to load<br>
Module: Checking authorize {...} for more modules to load<br>
Module: Linked to module rlm_ldap<br>
Module: Instantiating ldap<br>
ldap {<br>
server = "localhost"<br>
port = 389<br>
password = "CnboAg6Wb3lTe75u"<br>
identity = "cn=manager,cn=internal,dc=clearos,dc=lan"<br>
net_timeout = 5<br>
timeout = 20<br>
timelimit = 10<br>
tls_mode = no<br>
start_tls = no<br>
tls_require_cert = "allow"<br>
tls {<br>
start_tls = no<br>
require_cert = "allow"<br>
}<br>
basedn = "dc=clearos,dc=lan"<br>
filter =
"(uid=%{%{Stripped-User-Name}:-%{User-Name}})"<br>
base_filter = "(objectclass=radiusprofile)"<br>
auto_header = no<br>
access_attr_used_for_allow = yes<br>
groupname_attribute = "cn"<br>
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))"<br>
dictionary_mapping = "/etc/raddb/ldap.attrmap"<br>
ldap_debug = 0<br>
ldap_connections_number = 5<br>
compare_check_items = no<br>
do_xlat = yes<br>
set_auth_type = yes<br>
}<br>
rlm_ldap: Registering ldap_groupcmp for Ldap-Group<br>
rlm_ldap: Registering ldap_xlat with xlat_name ldap<br>
rlm_ldap: Over-riding set_auth_type, as there is no module
ldap listed in the "authenticate" section.<br>
rlm_ldap: reading ldap<->radius mappings from file
/etc/raddb/ldap.attrmap<br>
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$<br>
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$<br>
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type<br>
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS
Simultaneous-Use<br>
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS
Called-Station-Id<br>
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
Calling-Station-Id<br>
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password<br>
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password<br>
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password<br>
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password<br>
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password<br>
rlm_ldap: LDAP acctFlags mapped to RADIUS
SMB-Account-CTRL-TEXT<br>
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration<br>
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS
NAS-IP-Address<br>
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type<br>
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS
Framed-Protocol<br>
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS
Framed-IP-Address<br>
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS
Framed-IP-Netmask<br>
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route<br>
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS
Framed-Routing<br>
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id<br>
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU<br>
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
Framed-Compression<br>
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS
Login-IP-Host<br>
rlm_ldap: LDAP radiusLoginService mapped to RADIUS
Login-Service<br>
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS
Login-TCP-Port<br>
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS
Callback-Number<br>
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id<br>
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
Framed-IPX-Network<br>
rlm_ldap: LDAP radiusClass mapped to RADIUS Class<br>
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS
Session-Timeout<br>
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout<br>
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
Termination-Action<br>
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS
Login-LAT-Service<br>
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS
Login-LAT-Node<br>
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS
Login-LAT-Group<br>
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link<br>
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network<br>
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
Framed-AppleTalk-Zone<br>
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit<br>
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS
Login-LAT-Port<br>
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS
Reply-Message<br>
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type<br>
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS
Tunnel-Medium-Type<br>
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS
Tunnel-Private-Group-Id<br>
conns: 0x8eaf548<br>
Module: Checking session {...} for more modules to load<br>
Module: Checking post-proxy {...} for more modules to load<br>
Module: Checking post-auth {...} for more modules to load<br>
} # modules<br>
} # server<br>
server {<br>
modules {<br>
Module: Checking authenticate {...} for more modules to load<br>
Module: Checking authorize {...} for more modules to load<br>
Module: Linked to module rlm_preprocess<br>
Module: Instantiating preprocess<br>
preprocess {<br>
huntgroups = "/etc/raddb/huntgroups"<br>
hints = "/etc/raddb/hints"<br>
with_ascend_hack = no<br>
ascend_channels_per_line = 23<br>
with_ntdomain_hack = no<br>
with_specialix_jetstream_hack = no<br>
with_cisco_vsa_hack = no<br>
with_alvarion_vsa_hack = no<br>
}<br>
Module: Checking preacct {...} for more modules to load<br>
Module: Linked to module rlm_acct_unique<br>
Module: Instantiating acct_unique<br>
acct_unique {<br>
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"<br>
}<br>
Module: Checking accounting {...} for more modules to load<br>
Module: Linked to module rlm_detail<br>
Module: Instantiating detail<br>
detail {<br>
detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"<br>
header = "%t"<br>
detailperm = 384<br>
dirperm = 493<br>
locking = no<br>
log_packet_header = no<br>
}<br>
Module: Instantiating attr_filter.accounting_response<br>
attr_filter attr_filter.accounting_response {<br>
attrsfile = "/etc/raddb/attrs.accounting_response"<br>
key = "%{User-Name}"<br>
}<br>
Module: Checking session {...} for more modules to load<br>
Module: Checking post-proxy {...} for more modules to load<br>
Module: Checking post-auth {...} for more modules to load<br>
} # modules<br>
} # server<br>
radiusd: #### Opening IP addresses and Ports ####<br>
listen {<br>
type = "auth"<br>
ipaddr = *<br>
port = 0<br>
}<br>
listen {<br>
type = "acct"<br>
ipaddr = *<br>
port = 0<br>
}<br>
listen {<br>
type = "control"<br>
listen {<br>
socket = "/var/run/radiusd/radiusd.sock"<br>
}<br>
}<br>
Listening on authentication address * port 1812<br>
Listening on accounting address * port 1813<br>
Listening on command file /var/run/radiusd/radiusd.sock<br>
Listening on proxy address * port 1814<br>
Ready to process requests.<br>
rad_recv: Access-Request packet from host 127.0.0.1 port
40537, id=123, length=55<br>
User-Name = "bob"<br>
User-Password = "hello"<br>
NAS-IP-Address = 127.0.0.1<br>
NAS-Port = 0<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No <a moz-do-not-send="true" href="mailto:%27@%27">'@'</a>
in User-Name = "bob", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] No EAP-Message, not doing EAP<br>
++[eap] returns noop<br>
[files] users: Matched entry bob at line 1<br>
++[files] returns ok<br>
[ldap] performing user authorization for bob<br>
[ldap] expand: %{Stripped-User-Name} -><br>
[ldap] expand: %{User-Name} -> bob<br>
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}})
-> (uid=bob)<br>
[ldap] expand: dc=clearos,dc=lan -> dc=clearos,dc=lan<br>
rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>
rlm_ldap: attempting LDAP reconnection<br>
rlm_ldap: (re)connect to localhost:389, authentication 0<br>
rlm_ldap: bind as
cn=manager,cn=internal,dc=clearos,dc=lan/CnboAg6Wb3lTe75u to
localhost:389<br>
rlm_ldap: waiting for bind result ...<br>
rlm_ldap: Bind was successful<br>
rlm_ldap: performing search in dc=clearos,dc=lan, with filter
(uid=bob)<br>
rlm_ldap: object not found<br>
[ldap] search failed<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br>
++[ldap] returns notfound<br>
++[expiration] returns noop<br>
++[logintime] returns noop<br>
++[pap] returns updated<br>
Found Auth-Type = PAP<br>
+- entering group PAP {...}<br>
[pap] login attempt with password "hello"<br>
[pap] Using clear text password "hello"<br>
[pap] User authenticated successfully<br>
++[pap] returns ok<br>
+- entering group post-auth {...}<br>
++[exec] returns noop<br>
Sending Access-Accept of id 123 to 127.0.0.1 port 40537<br>
Finished request 0.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
Cleaning up request 0 ID 123 with timestamp +6<br>
Ready to process requests.<br>
rad_recv: Access-Request packet from host 127.0.0.1 port
52736, id=80, length=57<br>
User-Name = "user1"<br>
User-Password = "user1pass"<br>
NAS-IP-Address = 127.0.0.1<br>
NAS-Port = 0<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No <a moz-do-not-send="true" href="mailto:%27@%27">'@'</a>
in User-Name = "user1", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] No EAP-Message, not doing EAP<br>
++[eap] returns noop<br>
rlm_ldap: Entering ldap_groupcmp()<br>
[files] expand: dc=clearos,dc=lan ->
dc=clearos,dc=lan<br>
[files] expand: %{Stripped-User-Name} -><br>
[files] expand: %{User-Name} -> user1<br>
[files] expand:
(uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=user1)<br>
rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>
rlm_ldap: performing search in dc=clearos,dc=lan, with filter
(uid=user1)<br>
rlm_ldap: object not found<br>
rlm_ldap::ldap_groupcmp: search failed<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br>
[files] users: Matched entry DEFAULT at line 1<br>
++[files] returns ok<br>
[ldap] performing user authorization for user1<br>
[ldap] expand: %{Stripped-User-Name} -><br>
[ldap] expand: %{User-Name} -> user1<br>
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}})
-> (uid=user1)<br>
[ldap] expand: dc=clearos,dc=lan -> dc=clearos,dc=lan<br>
rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>
rlm_ldap: performing search in dc=clearos,dc=lan, with filter
(uid=user1)<br>
rlm_ldap: object not found<br>
[ldap] search failed<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br>
++[ldap] returns notfound<br>
++[expiration] returns noop<br>
++[logintime] returns noop<br>
[pap] Found existing Auth-Type, not changing it.<br>
++[pap] returns noop<br>
Found Auth-Type = Reject<br>
Auth-Type = Reject, rejecting user<br>
Failed to authenticate the user.<br>
Using Post-Auth-Type Reject<br>
+- entering group REJECT {...}<br>
[attr_filter.access_reject] expand: %{User-Name} ->
user1<br>
attr_filter: Matched entry DEFAULT at line 11<br>
++[attr_filter.access_reject] returns updated<br>
Delaying reject of request 1 for 1 seconds<br>
Going to the next request<br>
Waking up in 0.9 seconds.<br>
Sending delayed reject for request 1<br>
Sending Access-Reject of id 80 to 127.0.0.1 port 52736<br>
Waking up in 4.5 seconds.<br>
</font></div>
<div> </div>
<div><font face="Calibri">***************************************************</font></div>
<div> </div>
<div><font face="Calibri">Hope someone can show some light to this
unix illiterate. </font></div>
<div> </div>
<div><font face="Calibri">Regards,</font></div>
<div><font face="Calibri">Ricardo</font></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a></pre>
</blockquote>
<br>
</body>
</html>