<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Yes i have. <br>
<br>
Here are the two different logs, one from radlogin on the server and
the the second from an iphone who wants to connect.<br>
<br>
<small><small><big><big>RADLOGIN: <br>
<small><small>rad_recv: Access-Request packet from host
127.0.0.1 port 46391, id=99, length=71<br>
Service-Type = Login-User<br>
User-Name = "Administrator"<br>
User-Password = "***"<br>
NAS-IP-Address = 10.119.2.4<br>
NAS-Port = 0<br>
+- entering group authorize<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
rlm_realm: No '@' in User-Name = "Administrator",
looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
++[suffix] returns noop<br>
rlm_eap: No EAP-Message, not doing EAP<br>
++[eap] returns noop<br>
++[unix] returns updated<br>
++[files] returns noop<br>
rlm_ldap: - authorize<br>
rlm_ldap: performing user authorization for
Administrator<br>
WARNING: Deprecated conditional expansion ":-". See
"man unlang" for details<br>
expand: (uid=%{Stripped-User-Name:-%{User-Name}})
-> (uid=Administrator)<br>
expand: dc=tcsvo,dc=local -> dc=tcsvo,dc=local<br>
rlm_ldap: ldap_get_conn: Checking Id: 0<br>
rlm_ldap: ldap_get_conn: Got Id: 0<br>
rlm_ldap: attempting LDAP reconnection<br>
rlm_ldap: (re)connect to localhost:389, authentication 0<br>
rlm_ldap: starting TLS<br>
rlm_ldap: bind as cn=admin,dc=tcsvo,dc=local/pPWSrf5 to
localhost:389<br>
rlm_ldap: waiting for bind result ...<br>
rlm_ldap: Bind was successful<br>
rlm_ldap: performing search in dc=tcsvo,dc=local, with
filter (uid=Administrator)<br>
rlm_ldap: checking if remote access for Administrator is
allowed by uid<br>
rlm_ldap: No default NMAS login sequence<br>
rlm_ldap: looking for check items in directory...<br>
rlm_ldap: LDAP attribute userPassword as RADIUS
attribute Cleartext-Password ==
"{crypt}$1$5eEakVq3$MQZSsqhrcB6NW/aaGYuRx."<br>
rlm_ldap: LDAP attribute sambaNtPassword as RADIUS
attribute NT-Password ==
0x4139444241443137383246324236314336454541304139374238384242373245<br>
rlm_ldap: LDAP attribute sambaLmPassword as RADIUS
attribute LM-Password ==
0x4241303338423239303831394236353944463132384232444433324241443037<br>
rlm_ldap: looking for reply items in directory...<br>
rlm_ldap: Setting Auth-Type = ldap<br>
rlm_ldap: user Administrator authorized to use remote
access<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br>
++[ldap] returns ok<br>
++[expiration] returns noop<br>
++[logintime] returns noop<br>
rlm_pap: Normalizing NT-Password from hex encoding<br>
rlm_pap: Normalizing LM-Password from hex encoding<br>
rlm_pap: Found existing Auth-Type, not changing it.<br>
++[pap] returns noop<br>
rad_check_password: Found Auth-Type ldap<br>
auth: type "LDAP"<br>
+- entering group LDAP<br>
rlm_ldap: - authenticate<br>
rlm_ldap: login attempt by "Administrator" with password
"***"<br>
rlm_ldap: user DN:
uid=Administrator,cn=users,dc=tcsvo,dc=local<br>
rlm_ldap: (re)connect to localhost:389, authentication 1<br>
rlm_ldap: starting TLS<br>
rlm_ldap: bind as
uid=Administrator,cn=users,dc=tcsvo,dc=local/D4t6Ui2g to
localhost:389<br>
rlm_ldap: waiting for bind result ...<br>
rlm_ldap: Bind was successful<br>
rlm_ldap: user Administrator authenticated succesfully<br>
++[ldap] returns ok<br>
Login OK: [Administrator/***] (from client localhost
port 0)<br>
+- entering group post-auth<br>
++[ldap] returns noop<br>
++[exec] returns noop<br>
Sending Access-Accept of id 99 to 127.0.0.1 port 46391<br>
Finished request 0.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
Cleaning up request 0 ID 99 with timestamp +1284<br>
Ready to process requests.</small></small><br>
<br>
<br>
</big></big><br>
<br>
<big><big>IPhone test:</big></big><br>
rad_recv: Access-Request packet from host 10.119.12.2 port 1318,
id=21, length=197<br>
Message-Authenticator = 0x24691ccd1f2040d828405d72ef7189ec<br>
Service-Type = Framed-User<br>
User-Name = "nadine.bosshard"<br>
Framed-MTU = 1488<br>
Called-Station-Id = "204E7FE98EF3:TCSVO-Intern"<br>
Calling-Station-Id = "9803D861E85C"<br>
NAS-Identifier = "aptcsvo02"<br>
NAS-Port-Type = Wireless-802.11<br>
Connect-Info = "CONNECT 54Mbps 802.11g"<br>
EAP-Message = 0x02000014016e6164696e652e626f737368617264<br>
NAS-IP-Address = 10.119.12.2<br>
NAS-Port = 1<br>
NAS-Port-Id = "STA port # 1"<br>
+- entering group authorize<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
rlm_realm: No '@' in User-Name = "nadine.bosshard", looking
up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
++[suffix] returns noop<br>
rlm_eap: EAP packet type response id 0 length 20<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation<br>
++[eap] returns updated<br>
rlm_unix: [nadine.bosshard]: invalid shell [/bin/false]<br>
++[unix] returns reject<br>
Invalid user: [nadine.bosshard/<via Auth-Type = EAP>]
(from client aptcsvo02 port 1 cli 9803D861E85C)<br>
Found Post-Auth-Type Reject<br>
+- entering group REJECT<br>
expand: %{User-Name} -> nadine.bosshard<br>
attr_filter: Matched entry DEFAULT at line 11<br>
++[attr_filter.access_reject] returns updated<br>
Delaying reject of request 0 for 1 seconds<br>
Going to the next request<br>
Waking up in 0.9 seconds.<br>
rad_recv: Access-Request packet from host 10.119.12.2 port 1318,
id=21, length=197<br>
Waiting to send Access-Reject to client aptcsvo02 port 1318 -
ID: 21<br>
Sending delayed reject for request 0<br>
Sending Access-Reject of id 21 to 10.119.12.2 port 1318<br>
Waking up in 4.9 seconds.<br>
Cleaning up request 0 ID 21 with timestamp +1333<br>
Ready to process requests.</small></small><br>
<br>
<br>
Am 09/11/2012 10:42 AM, schrieb Fajar A. Nugraha:
<blockquote
cite="mid:CAG1y0sf2vJEJcqQ8pdAU2rmAvxeyOn2AnC=0FEP6ezGd1BrNBA@mail.gmail.com"
type="cite">
<pre wrap="">On Tue, Sep 11, 2012 at 3:29 PM, Mihajlo Joksimovic
<a class="moz-txt-link-rfc2396E" href="mailto:mihajlo.joksimovic@adfinis-sygroup.ch"><mihajlo.joksimovic@adfinis-sygroup.ch></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Well i started with a fresh installation and made minimal changes.
i put in the ap's in clients.conf, activated and configured ldap and copied
the certs in the correct direction.
</pre>
</blockquote>
<pre wrap="">
that's a start
</pre>
<blockquote type="cite">
<pre wrap="">This is the output when i start with -X:
</pre>
</blockquote>
<pre wrap="">
good.
</pre>
<blockquote type="cite">
<pre wrap="">Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
</pre>
</blockquote>
<pre wrap="">
... and where's the access-request packet?
It should have different log compared to the one you pasted the first
time, since the config is different.
... or is it you haven't tested authentication using this readius?
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Adfinis SyGroup AG
Mihajlo Joksimovic, System Engineer
Güterstrasse 86 | CH-4053 Basel
Tel. 061 333 80 33</pre>
</body>
</html>