<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=text/html;charset=iso-8859-1 http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 9.00.8112.16434"></HEAD>
<BODY style="PADDING-LEFT: 10px; PADDING-RIGHT: 10px; PADDING-TOP: 15px"
id=MailContainerBody leftMargin=0 topMargin=0 bgColor=#ffffff text=#000000
CanvasTabStop="true" name="Compose message area">
<DIV><FONT face=Calibri>Thanks for your help.</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>After reading all the documentation and config files, I
decided to simply add new users to the directory in a last ditch effort and try
again, and I got an Access-Accepted packet. Double checked.</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>Computers truly make me question my sanity
sometimes.</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>Regards,</FONT></DIV>
<DIV><FONT face=Calibri>Ricardo</FONT></DIV>
<DIV style="FONT: 10pt Tahoma">
<DIV><BR></DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV style="font-color: black"><B>From:</B> <A
title="mailto:admin@commonn.com
CTRL + Clique para seguir a hiperligação"
href="mailto:admin@commonn.com">Commonn Systems</A> </DIV>
<DIV><B>Sent:</B> Monday, September 12, 2011 8:27 PM</DIV>
<DIV><B>To:</B> <A
title="mailto:freeradius-users@lists.freeradius.org
CTRL + Clique para seguir a hiperligação"
href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</A>
</DIV>
<DIV><B>Subject:</B> Re: Troubleshooting FreeRadius +LDAP</DIV></DIV></DIV>
<DIV><BR></DIV>I am not a Pro neither, but I have had my share of sleepless
nights trying to figure out the same issues here. The problem does not seem to
be freeradius here but the LDAP server<BR>The LDAP module cannot find the user
"user1" in the LDAP database even though it successfully connected to it.<BR>Try
to locate "user1" in the directory using ldapsearch or another tool , then use
that information in you basedn info (in ldap.conf). Users are generally stored
in the cn=users,dc=domain,dc=tld container<BR>I have found that with AD the ldap
module cannot seem to find anything when searching the root of the domain
...<BR><BR>Gondar<BR><BR><BR><BR><BR><BR>On 9/12/2011 10:16 AM, Ricardo Sousa
wrote:
<BLOCKQUOTE cite=mid:SNT120-DS12BF6CC3B6B9E641E6F518D3020@phx.gbl type="cite">
<META name=GENERATOR content="MSHTML 9.00.8112.16434">
<DIV><FONT face=Calibri>Greetings list users,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Calibri>I'm trying setup FreeRadius to work with LDAP in a
deployment of ClearOS and have followed this How-To <A
href="http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap"
moz-do-not-send="true"><FONT
title="http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap
CTRL
+ Clique para seguir a hiperligação"
face="Times New
Roman">http://www.clearfoundation.com/docs/howtos/setting_up_freeradius2_to_use_ldap</FONT></A> and
this How-To </FONT><FONT face=Calibri><A
href="http://deployingradius.com/documents/configuration/pap.html"
moz-do-not-send="true"><FONT
title="http://deployingradius.com/documents/configuration/pap.html
CTRL
+ Clique para seguir a hiperligação"
face="Times New
Roman">http://deployingradius.com/documents/configuration/pap.html</FONT></A> with
success, up to the part of the inital radtest with credentials inserted in the
users file. But when trying to use credentials from the LDAP directory, the
Radius server returns an Access-Reject packet. </FONT></DIV>
<DIV><FONT face=Calibri>Below is the output from the debug mode. </FONT></DIV>
<DIV> </DIV>
<DIV><FONT
face=Calibri>***************************************************</FONT></DIV>
<DIV><FONT face=Calibri>login as: root<BR><A
href="mailto:root@192.168.3.5%27s"
moz-do-not-send="true">root@192.168.3.5's</A> password:<BR>Last login: Mon Sep
12 13:31:45 2011 from 192.168.3.2<BR>[root@system ~]# service radiusd
stop<BR>Stopping RADIUS
server:
[ OK ]<BR>[root@system ~]# radiusd -X<BR>FreeRADIUS Version 2.1.7,
for host i686-redhat-linux-gnu, built on May 19 2010 at 13:10:59<BR>Copyright
(C) 1999-2009 The FreeRADIUS server project and contributors.<BR>There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A<BR>PARTICULAR
PURPOSE.<BR>You may redistribute copies of FreeRADIUS under the terms of
the<BR>GNU General Public License v2.<BR>Starting - reading configuration
files ...<BR>including configuration file /etc/raddb/radiusd.conf<BR>including
configuration file /etc/raddb/proxy.conf<BR>including configuration file
/etc/raddb/clearos-clients.conf<BR>including files in directory
/etc/raddb/modules/<BR>including configuration file
/etc/raddb/modules/radutmp<BR>including configuration file
/etc/raddb/modules/smbpasswd<BR>including configuration file
/etc/raddb/modules/realm<BR>including configuration file
/etc/raddb/modules/etc_group<BR>including configuration file
/etc/raddb/modules/attr_rewrite<BR>including configuration file
/etc/raddb/modules/wimax<BR>including configuration file
/etc/raddb/modules/detail<BR>including configuration file
/etc/raddb/modules/logintime<BR>including configuration file
/etc/raddb/modules/detail.example.com<BR>including configuration file
/etc/raddb/modules/files<BR>including configuration file
/etc/raddb/modules/counter<BR>including configuration file
/etc/raddb/modules/acct_unique<BR>including configuration file
/etc/raddb/modules/ippool<BR>including configuration file
/etc/raddb/modules/exec<BR>including configuration file
/etc/raddb/modules/inner-eap<BR>including configuration file
/etc/raddb/modules/always<BR>including configuration file
/etc/raddb/modules/passwd<BR>including configuration file
/etc/raddb/modules/expiration<BR>including configuration file
/etc/raddb/modules/checkval<BR>including configuration file
/etc/raddb/modules/linelog<BR>including configuration file
/etc/raddb/modules/sqlcounter_expire_on_login<BR>including configuration file
/etc/raddb/modules/digest<BR>including configuration file
/etc/raddb/modules/mschap<BR>including configuration file
/etc/raddb/modules/detail.log<BR>including configuration file
/etc/raddb/modules/echo<BR>including configuration file
/etc/raddb/modules/sradutmp<BR>including configuration file
/etc/raddb/modules/mac2ip<BR>including configuration file
/etc/raddb/modules/mac2vlan<BR>including configuration file
/etc/raddb/modules/pam<BR>including configuration file
/etc/raddb/modules/smsotp<BR>including configuration file
/etc/raddb/modules/ldap<BR>including configuration file
/etc/raddb/modules/unix<BR>including configuration file
/etc/raddb/modules/pap<BR>including configuration file
/etc/raddb/modules/sql_log<BR>including configuration file
/etc/raddb/modules/policy<BR>including configuration file
/etc/raddb/modules/expr<BR>including configuration file
/etc/raddb/modules/attr_filter<BR>including configuration file
/etc/raddb/modules/perl<BR>including configuration file
/etc/raddb/modules/cui<BR>including configuration file
/etc/raddb/modules/preprocess<BR>including configuration file
/etc/raddb/modules/otp<BR>including configuration file
/etc/raddb/modules/chap<BR>including configuration file
/etc/raddb/clearos-eap.conf<BR>including configuration file
/etc/raddb/policy.conf<BR>including files in directory
/etc/raddb/sites-enabled/<BR>including configuration file
/etc/raddb/sites-enabled/control-socket<BR>including configuration file
/etc/raddb/sites-enabled/inner-tunnel<BR>including configuration file
/etc/raddb/sites-enabled/default<BR>including configuration file
/etc/raddb/sites-enabled/clearos-inner-tunnel<BR>group = radiusd<BR>user =
radiusd<BR>including dictionary file /etc/raddb/dictionary<BR>main
{<BR> prefix =
"/usr"<BR> localstatedir =
"/var"<BR> logdir =
"/var/log/radius"<BR> libdir =
"/usr/lib/freeradius"<BR> radacctdir
= "/var/log/radius/radacct"<BR>
hostname_lookups = no<BR>
max_request_time = 30<BR>
cleanup_delay = 5<BR> max_requests =
1024<BR> allow_core_dumps =
no<BR> pidfile =
"/var/run/radiusd/radiusd.pid"<BR>
checkrad = "/usr/sbin/checkrad"<BR>
debug_level = 0<BR> proxy_requests =
yes<BR> log {<BR>
stripped_names = no<BR> auth =
no<BR> auth_badpass =
no<BR> auth_goodpass =
no<BR> }<BR> security
{<BR> max_attributes =
200<BR> reject_delay =
1<BR> status_server =
yes<BR> }<BR>}<BR>radiusd: #### Loading Realms and Home Servers
####<BR> proxy server {<BR>
retry_delay = 5<BR> retry_count =
3<BR> default_fallback =
no<BR> dead_time =
120<BR> wake_all_if_all_dead =
no<BR> }<BR> home_server localhost
{<BR> ipaddr =
127.0.0.1<BR> port =
1812<BR> type =
"auth"<BR> secret =
"testing123"<BR> response_window =
20<BR> max_outstanding =
65536<BR>
require_message_authenticator =
no<BR> zombie_period =
40<BR> status_check =
"status-server"<BR> ping_interval =
30<BR> check_interval =
30<BR> num_answers_to_alive =
3<BR> num_pings_to_alive =
3<BR> revive_interval =
120<BR> status_check_timeout =
4<BR> irt =
2<BR> mrt =
16<BR> mrc =
5<BR> mrd =
30<BR> }<BR> home_server_pool my_auth_failover
{<BR> type =
fail-over<BR> home_server =
localhost<BR> }<BR> realm example.com
{<BR> auth_pool =
my_auth_failover<BR> }<BR> realm LOCAL {<BR> }<BR>radiusd: ####
Loading Clients ####<BR> client localhost
{<BR> require_message_authenticator
= no<BR> secret =
"mysecretpass"<BR> shortname =
"myclient"<BR> }<BR>radiusd: #### Instantiating modules
####<BR> instantiate {<BR> Module: Linked to module
rlm_exec<BR> Module: Instantiating exec<BR> exec
{<BR> wait =
no<BR> input_pairs =
"request"<BR> shell_escape =
yes<BR> }<BR> Module: Linked to module rlm_expr<BR> Module:
Instantiating expr<BR> Module: Linked to module
rlm_expiration<BR> Module: Instantiating expiration<BR> expiration
{<BR> reply-message = "Password Has
Expired "<BR> }<BR> Module: Linked to module
rlm_logintime<BR> Module: Instantiating logintime<BR> logintime
{<BR> reply-message = "You are
calling outside your allowed timespan
"<BR> minimum-timeout = 60<BR>
}<BR> }<BR>radiusd: #### Loading Virtual Servers ####<BR>server
inner-tunnel {<BR> modules {<BR> Module: Checking authenticate {...}
for more modules to load<BR> Module: Linked to module
rlm_pap<BR> Module: Instantiating pap<BR> pap
{<BR> encryption_scheme =
"auto"<BR> auto_header =
no<BR> }<BR> Module: Linked to module rlm_chap<BR> Module:
Instantiating chap<BR> Module: Linked to module
rlm_mschap<BR> Module: Instantiating mschap<BR> mschap
{<BR> use_mppe =
yes<BR> require_encryption =
no<BR> require_strong =
no<BR> with_ntdomain_hack =
no<BR> }<BR> Module: Linked to module rlm_unix<BR> Module:
Instantiating unix<BR> unix
{<BR> radwtmp =
"/var/log/radius/radwtmp"<BR> }<BR> Module: Linked to module
rlm_eap<BR> Module: Instantiating eap<BR> eap
{<BR> default_eap_type =
"ttls"<BR> timer_expire =
60<BR> ignore_unknown_eap_types =
no<BR> cisco_accounting_username_bug
= no<BR> max_sessions =
2048<BR> }<BR> Module: Linked to sub-module
rlm_eap_md5<BR> Module: Instantiating eap-md5<BR> Module: Linked to
sub-module rlm_eap_leap<BR> Module: Instantiating
eap-leap<BR> Module: Linked to sub-module rlm_eap_gtc<BR> Module:
Instantiating eap-gtc<BR> gtc
{<BR> challenge = "Password:
"<BR> auth_type =
"PAP"<BR> }<BR> Module: Linked to sub-module
rlm_eap_tls<BR> Module: Instantiating eap-tls<BR> tls
{<BR> rsa_key_exchange =
no<BR> dh_key_exchange =
yes<BR> rsa_key_length =
512<BR> dh_key_length =
512<BR> verify_depth =
0<BR> pem_file_type =
yes<BR> private_key_file =
"/etc/raddb/clearos-certs/key.pem"<BR>
certificate_file =
"/etc/raddb/clearos-certs/cert.pem"<BR>
CA_file =
"/etc/raddb/clearos-certs/ca.pem"<BR>
dh_file =
"/etc/raddb/clearos-certs/dh1024.pem"<BR>
random_file =
"/etc/raddb/clearos-certs/random"<BR>
fragment_size = 1024<BR>
include_length = yes<BR> check_crl =
no<BR> cipher_list =
"DEFAULT"<BR> cache
{<BR> enable =
no<BR> lifetime =
24<BR> max_entries =
255<BR> }<BR> }<BR> Module: Linked to
sub-module rlm_eap_ttls<BR> Module: Instantiating
eap-ttls<BR> ttls {<BR>
default_eap_type = "md5"<BR>
copy_request_to_tunnel = no<BR>
use_tunneled_reply = no<BR>
virtual_server =
"clearos-inner-tunnel"<BR>
include_length = yes<BR> }<BR> Module: Linked to sub-module
rlm_eap_peap<BR> Module: Instantiating eap-peap<BR> peap
{<BR> default_eap_type =
"mschapv2"<BR>
copy_request_to_tunnel = no<BR>
use_tunneled_reply = no<BR>
proxy_tunneled_request_as_eap =
yes<BR> virtual_server =
"inner-tunnel"<BR> }<BR> Module: Linked to sub-module
rlm_eap_mschapv2<BR> Module: Instantiating eap-mschapv2<BR>
mschapv2 {<BR> with_ntdomain_hack =
no<BR> }<BR> Module: Checking authorize {...} for more
modules to load<BR> Module: Linked to module rlm_realm<BR> Module:
Instantiating suffix<BR> realm suffix
{<BR> format =
"suffix"<BR> delimiter =
"@"<BR> ignore_default =
no<BR> ignore_null = no<BR>
}<BR> Module: Linked to module rlm_files<BR> Module: Instantiating
files<BR> files {<BR>
usersfile = "/etc/raddb/users"<BR>
acctusersfile =
"/etc/raddb/acct_users"<BR>
preproxy_usersfile =
"/etc/raddb/preproxy_users"<BR>
compat = "no"<BR> }<BR> Module: Checking session {...} for more
modules to load<BR> Module: Linked to module rlm_radutmp<BR> Module:
Instantiating radutmp<BR> radutmp
{<BR> filename =
"/var/log/radius/radutmp"<BR>
username = "%{User-Name}"<BR>
case_sensitive = yes<BR>
check_with_nas = yes<BR> perm =
384<BR> callerid = yes<BR>
}<BR> Module: Checking post-proxy {...} for more modules to
load<BR> Module: Checking post-auth {...} for more modules to
load<BR> Module: Linked to module rlm_attr_filter<BR> Module:
Instantiating attr_filter.access_reject<BR> attr_filter
attr_filter.access_reject {<BR>
attrsfile =
"/etc/raddb/attrs.access_reject"<BR>
key = "%{User-Name}"<BR> }<BR> } # modules<BR>} # server<BR>server
clearos-inner-tunnel {<BR> modules {<BR> Module: Checking
authenticate {...} for more modules to load<BR> Module: Checking
authorize {...} for more modules to load<BR> Module: Linked to module
rlm_ldap<BR> Module: Instantiating ldap<BR> ldap
{<BR> server =
"localhost"<BR> port =
389<BR> password =
"CnboAg6Wb3lTe75u"<BR> identity =
"cn=manager,cn=internal,dc=clearos,dc=lan"<BR>
net_timeout = 5<BR> timeout =
20<BR> timelimit =
10<BR> tls_mode =
no<BR> start_tls =
no<BR> tls_require_cert =
"allow"<BR> tls {<BR>
start_tls = no<BR> require_cert =
"allow"<BR> }<BR> basedn
= "dc=clearos,dc=lan"<BR> filter =
"(uid=%{%{Stripped-User-Name}:-%{User-Name}})"<BR>
base_filter =
"(objectclass=radiusprofile)"<BR>
auto_header = no<BR>
access_attr_used_for_allow = yes<BR>
groupname_attribute = "cn"<BR>
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))"<BR>
dictionary_mapping =
"/etc/raddb/ldap.attrmap"<BR>
ldap_debug = 0<BR>
ldap_connections_number = 5<BR>
compare_check_items = no<BR> do_xlat
= yes<BR> set_auth_type =
yes<BR> }<BR>rlm_ldap: Registering ldap_groupcmp for
Ldap-Group<BR>rlm_ldap: Registering ldap_xlat with xlat_name ldap<BR>rlm_ldap:
Over-riding set_auth_type, as there is no module ldap listed in the
"authenticate" section.<BR>rlm_ldap: reading ldap<->radius mappings from
file /etc/raddb/ldap.attrmap<BR>rlm_ldap: LDAP radiusCheckItem mapped to
RADIUS $GENERIC$<BR>rlm_ldap: LDAP radiusReplyItem mapped to RADIUS
$GENERIC$<BR>rlm_ldap: LDAP radiusAuthType mapped to RADIUS
Auth-Type<BR>rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS
Simultaneous-Use<BR>rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS
Called-Station-Id<BR>rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
Calling-Station-Id<BR>rlm_ldap: LDAP lmPassword mapped to RADIUS
LM-Password<BR>rlm_ldap: LDAP ntPassword mapped to RADIUS
NT-Password<BR>rlm_ldap: LDAP sambaLmPassword mapped to RADIUS
LM-Password<BR>rlm_ldap: LDAP sambaNtPassword mapped to RADIUS
NT-Password<BR>rlm_ldap: LDAP dBCSPwd mapped to RADIUS
LM-Password<BR>rlm_ldap: LDAP acctFlags mapped to RADIUS
SMB-Account-CTRL-TEXT<BR>rlm_ldap: LDAP radiusExpiration mapped to RADIUS
Expiration<BR>rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS
NAS-IP-Address<BR>rlm_ldap: LDAP radiusServiceType mapped to RADIUS
Service-Type<BR>rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS
Framed-Protocol<BR>rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS
Framed-IP-Address<BR>rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS
Framed-IP-Netmask<BR>rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS
Framed-Route<BR>rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS
Framed-Routing<BR>rlm_ldap: LDAP radiusFilterId mapped to RADIUS
Filter-Id<BR>rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS
Framed-MTU<BR>rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
Framed-Compression<BR>rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS
Login-IP-Host<BR>rlm_ldap: LDAP radiusLoginService mapped to RADIUS
Login-Service<BR>rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS
Login-TCP-Port<BR>rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS
Callback-Number<BR>rlm_ldap: LDAP radiusCallbackId mapped to RADIUS
Callback-Id<BR>rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
Framed-IPX-Network<BR>rlm_ldap: LDAP radiusClass mapped to RADIUS
Class<BR>rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS
Session-Timeout<BR>rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS
Idle-Timeout<BR>rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
Termination-Action<BR>rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS
Login-LAT-Service<BR>rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS
Login-LAT-Node<BR>rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS
Login-LAT-Group<BR>rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link<BR>rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to
RADIUS Framed-AppleTalk-Network<BR>rlm_ldap: LDAP radiusFramedAppleTalkZone
mapped to RADIUS Framed-AppleTalk-Zone<BR>rlm_ldap: LDAP radiusPortLimit
mapped to RADIUS Port-Limit<BR>rlm_ldap: LDAP radiusLoginLATPort mapped to
RADIUS Login-LAT-Port<BR>rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS
Reply-Message<BR>rlm_ldap: LDAP radiusTunnelType mapped to RADIUS
Tunnel-Type<BR>rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS
Tunnel-Medium-Type<BR>rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to
RADIUS Tunnel-Private-Group-Id<BR>conns: 0x8eaf548<BR> Module: Checking
session {...} for more modules to load<BR> Module: Checking post-proxy
{...} for more modules to load<BR> Module: Checking post-auth {...} for
more modules to load<BR> } # modules<BR>} # server<BR>server
{<BR> modules {<BR> Module: Checking authenticate {...} for more
modules to load<BR> Module: Checking authorize {...} for more modules to
load<BR> Module: Linked to module rlm_preprocess<BR> Module:
Instantiating preprocess<BR> preprocess
{<BR> huntgroups =
"/etc/raddb/huntgroups"<BR> hints =
"/etc/raddb/hints"<BR>
with_ascend_hack = no<BR>
ascend_channels_per_line = 23<BR>
with_ntdomain_hack = no<BR>
with_specialix_jetstream_hack =
no<BR> with_cisco_vsa_hack =
no<BR> with_alvarion_vsa_hack =
no<BR> }<BR> Module: Checking preacct {...} for more modules to
load<BR> Module: Linked to module rlm_acct_unique<BR> Module:
Instantiating acct_unique<BR> acct_unique
{<BR> key = "User-Name,
Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<BR>
}<BR> Module: Checking accounting {...} for more modules to
load<BR> Module: Linked to module rlm_detail<BR> Module:
Instantiating detail<BR> detail
{<BR> detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"<BR>
header = "%t"<BR> detailperm =
384<BR> dirperm =
493<BR> locking =
no<BR> log_packet_header =
no<BR> }<BR> Module: Instantiating
attr_filter.accounting_response<BR> attr_filter
attr_filter.accounting_response
{<BR> attrsfile =
"/etc/raddb/attrs.accounting_response"<BR>
key = "%{User-Name}"<BR> }<BR> Module: Checking session {...} for
more modules to load<BR> Module: Checking post-proxy {...} for more
modules to load<BR> Module: Checking post-auth {...} for more modules to
load<BR> } # modules<BR>} # server<BR>radiusd: #### Opening IP addresses
and Ports ####<BR>listen {<BR> type
= "auth"<BR> ipaddr =
*<BR> port = 0<BR>}<BR>listen
{<BR> type =
"acct"<BR> ipaddr =
*<BR> port = 0<BR>}<BR>listen
{<BR> type =
"control"<BR> listen {<BR>
socket = "/var/run/radiusd/radiusd.sock"<BR> }<BR>}<BR>Listening on
authentication address * port 1812<BR>Listening on accounting address * port
1813<BR>Listening on command file /var/run/radiusd/radiusd.sock<BR>Listening
on proxy address * port 1814<BR>Ready to process requests.<BR>rad_recv:
Access-Request packet from host 127.0.0.1 port 40537, id=123,
length=55<BR> User-Name =
"bob"<BR> User-Password =
"hello"<BR> NAS-IP-Address =
127.0.0.1<BR> NAS-Port = 0<BR>+-
entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap]
returns noop<BR>++[mschap] returns noop<BR>[suffix] No <A
href="mailto:%27@%27" moz-do-not-send="true">'@'</A> in User-Name = "bob",
looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns
noop<BR>[eap] No EAP-Message, not doing EAP<BR>++[eap] returns noop<BR>[files]
users: Matched entry bob at line 1<BR>++[files] returns ok<BR>[ldap]
performing user authorization for bob<BR>[ldap] expand:
%{Stripped-User-Name} -><BR>[ldap] expand: %{User-Name} ->
bob<BR>[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=bob)<BR>[ldap] expand: dc=clearos,dc=lan ->
dc=clearos,dc=lan<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap:
ldap_get_conn: Got Id: 0<BR>rlm_ldap: attempting LDAP
reconnection<BR>rlm_ldap: (re)connect to localhost:389, authentication
0<BR>rlm_ldap: bind as
cn=manager,cn=internal,dc=clearos,dc=lan/CnboAg6Wb3lTe75u to
localhost:389<BR>rlm_ldap: waiting for bind result ...<BR>rlm_ldap: Bind was
successful<BR>rlm_ldap: performing search in dc=clearos,dc=lan, with filter
(uid=bob)<BR>rlm_ldap: object not found<BR>[ldap] search failed<BR>rlm_ldap:
ldap_release_conn: Release Id: 0<BR>++[ldap] returns
notfound<BR>++[expiration] returns noop<BR>++[logintime] returns
noop<BR>++[pap] returns updated<BR>Found Auth-Type = PAP<BR>+- entering group
PAP {...}<BR>[pap] login attempt with password "hello"<BR>[pap] Using clear
text password "hello"<BR>[pap] User authenticated successfully<BR>++[pap]
returns ok<BR>+- entering group post-auth {...}<BR>++[exec] returns
noop<BR>Sending Access-Accept of id 123 to 127.0.0.1 port 40537<BR>Finished
request 0.<BR>Going to the next request<BR>Waking up in 4.9
seconds.<BR>Cleaning up request 0 ID 123 with timestamp +6<BR>Ready to process
requests.<BR>rad_recv: Access-Request packet from host 127.0.0.1 port 52736,
id=80, length=57<BR> User-Name =
"user1"<BR> User-Password =
"user1pass"<BR> NAS-IP-Address =
127.0.0.1<BR> NAS-Port = 0<BR>+-
entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap]
returns noop<BR>++[mschap] returns noop<BR>[suffix] No <A
href="mailto:%27@%27" moz-do-not-send="true">'@'</A> in User-Name = "user1",
looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns
noop<BR>[eap] No EAP-Message, not doing EAP<BR>++[eap] returns
noop<BR>rlm_ldap: Entering
ldap_groupcmp()<BR>[files]
expand: dc=clearos,dc=lan ->
dc=clearos,dc=lan<BR>[files]
expand: %{Stripped-User-Name}
-><BR>[files] expand:
%{User-Name} ->
user1<BR>[files] expand:
(uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=user1)<BR>rlm_ldap:
ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id:
0<BR>rlm_ldap: performing search in dc=clearos,dc=lan, with filter
(uid=user1)<BR>rlm_ldap: object not found<BR>rlm_ldap::ldap_groupcmp: search
failed<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR>[files] users: Matched
entry DEFAULT at line 1<BR>++[files] returns ok<BR>[ldap] performing user
authorization for user1<BR>[ldap] expand: %{Stripped-User-Name}
-><BR>[ldap] expand: %{User-Name} -> user1<BR>[ldap] expand:
(uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=user1)<BR>[ldap]
expand: dc=clearos,dc=lan -> dc=clearos,dc=lan<BR>rlm_ldap: ldap_get_conn:
Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing
search in dc=clearos,dc=lan, with filter (uid=user1)<BR>rlm_ldap: object not
found<BR>[ldap] search failed<BR>rlm_ldap: ldap_release_conn: Release Id:
0<BR>++[ldap] returns notfound<BR>++[expiration] returns noop<BR>++[logintime]
returns noop<BR>[pap] Found existing Auth-Type, not changing it.<BR>++[pap]
returns noop<BR>Found Auth-Type = Reject<BR>Auth-Type = Reject, rejecting
user<BR>Failed to authenticate the user.<BR>Using Post-Auth-Type Reject<BR>+-
entering group REJECT
{...}<BR>[attr_filter.access_reject] expand:
%{User-Name} -> user1<BR> attr_filter: Matched entry DEFAULT at line
11<BR>++[attr_filter.access_reject] returns updated<BR>Delaying reject of
request 1 for 1 seconds<BR>Going to the next request<BR>Waking up in 0.9
seconds.<BR>Sending delayed reject for request 1<BR>Sending Access-Reject of
id 80 to 127.0.0.1 port 52736<BR>Waking up in 4.5 seconds.<BR></FONT></DIV>
<DIV> </DIV>
<DIV><FONT
face=Calibri>***************************************************</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Calibri>Hope someone can show some light to this unix
illiterate. </FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Calibri>Regards,</FONT></DIV>
<DIV><FONT face=Calibri>Ricardo</FONT></DIV><BR>
<FIELDSET class=mimeAttachmentHeader></FIELDSET> <BR><PRE wrap="">-
List info/subscribe/unsubscribe? See <A class=moz-txt-link-freetext href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A></PRE></BLOCKQUOTE><BR>
<P>
<HR>
<P></P>-<BR>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html</BODY></HTML>