<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div style="-webkit-text-size-adjust: auto; ">Hi,</div><div style="-webkit-text-size-adjust: auto; "><br></div><div style="-webkit-text-size-adjust: auto; ">Am not able to see my authorization happening because I don't see the value-attr or reply message. Please help. Logs attached.</div><div><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">rad_recv: Access-Request packet from host 192.168.0.2 port <a href="tel:39662" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="1">39662</a>, id=92, length=62<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> User-Name = "radiustest"<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> User-Password = "password@123"<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> NAS-IP-Address = 192.168.0.2<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> NAS-Port = 1812<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"># Executing section authorize from file /etc/raddb/sites-enabled/default<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">+- entering group authorize {...}<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">++[preprocess] returns ok<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.2/auth-detail-20130128<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.2/auth-detail-20130128<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[auth_log] expand: %t -> Mon Jan 28 10:12:16 2013<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">++[auth_log] returns ok<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] performing user authorization for radiustest<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] ... expanding second conditional<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] expand: %{User-Name} -> radiustest<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] expand: (&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})) -> (&(sAMAccountName=radiustest))<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] expand: cn=users,dc=example,dc=com -> cn=users,dc=example,dc=com<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> [ldap] ldap_get_conn: Checking Id: 0<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> [ldap] ldap_get_conn: Got Id: 0<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> [ldap] performing search in cn=users,dc=example,dc=com, with filter (&(sAMAccountName=radiustest))<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] looking for check items in directory...<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] looking for reply items in directory...<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] Setting Auth-Type = ldap<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] user radiustest authorized to use remote access<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> [ldap] ldap_release_conn: Release Id: 0<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">++[ldap] returns ok<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">++[digest] returns noop<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[suffix] No '@' in User-Name = "radiustest", looking up realm NULL<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[suffix] No such realm "NULL"<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">++[suffix] returns noop<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] performing user authorization for radiustest<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] ... expanding second conditional<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] expand: %{User-Name} -> radiustest<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] expand: (&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})) -> (&(sAMAccountName=radiustest))<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] expand: cn=users,dc=example,dc=com -> cn=users,dc=example,dc=com<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> [ldap] ldap_get_conn: Checking Id: 0<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> [ldap] ldap_get_conn: Got Id: 0<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> [ldap] performing search in cn=users,dc=example,dc=com, with filter (&(sAMAccountName=radiustest))<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] looking for check items in directory...<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] looking for reply items in directory...<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] user radiustest authorized to use remote access<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> [ldap] ldap_release_conn: Release Id: 0<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">++[ldap] returns ok<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">++[expiration] returns noop<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">++[logintime] returns noop<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">++[pap] returns noop<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">Found Auth-Type = ldap<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"># Executing group from file /etc/raddb/sites-enabled/default<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">+- entering group LDAP {...}<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] login attempt by "radiustest" with password "password@123"<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] user DN: CN=radiustest,CN=Users,DC=example,DC=com<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> [ldap] (re)connect to 192.168.0.3:389, authentication 1<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> [ldap] bind as CN=radiustest,CN=Users,DC=example,DC=com/password@123 to 192.168.0.3:389<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> [ldap] waiting for bind result ...<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"> [ldap] Bind was successful<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">[ldap] user radiustest authenticated succesfully<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">++[ldap] returns ok<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);"># Executing section post-auth from file /etc/raddb/sites-enabled/default<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">+- entering group post-auth {...}<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">++[exec] returns noop<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">Sending Access-Accept of id 92 to 192.168.0.2 port <a href="tel:39662" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="5">39662</a><o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">Finished request 2.<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">Going to the next request<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">Waking up in 4.9 seconds.<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">Cleaning up request 2 ID 92 with timestamp +88<o:p></o:p></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt; "><span style="-webkit-text-size-adjust: auto; background-color: rgba(255, 255, 255, 0);">Ready to process requests.</span></p></div><div style="-webkit-text-size-adjust: auto; "><br></div><div style="-webkit-text-size-adjust: auto; ">Regards,</div><div style="-webkit-text-size-adjust: auto; ">/Neo<br>Sent from my iPhone</div><div style="-webkit-text-size-adjust: auto; "><br>On 25-Jan-2013, at 3:32 AM, <a href="mailto:A.L.M.Buxey@lboro.ac.uk">A.L.M.Buxey@lboro.ac.uk</a> wrote:<br><br></div><blockquote type="cite" style="-webkit-text-size-adjust: auto; "><div><span>Hi,</span><br><span></span><br><blockquote type="cite"><span> Do you mean the below in the "users" file?</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> cisco Auth-Type := LDAP</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> Service-Type = Administrative-User,</span><br></blockquote><blockquote type="cite"><span> cisco-avpair = "shell:priv-lvl=15"</span><br></blockquote><span></span><br><span>no.</span><br><span></span><br><span>cisco Auth-Type := LDAP</span><br><span> Service-Type = Administrative-User,</span><br><span> cisco-avpair = "shell:priv-lvl=15"</span><br><span></span><br><span></span><br><span>(see all the examples in the users file)</span><br><span></span><br><span>alan</span><br></div></blockquote></body></html>