<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt;"><span>Hello,</span></div><div style="font-family: 'times new roman', 'new york', times, serif; font-size: 16px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><span><br></span></div><div style="background-color: transparent;"><span>Please see the debug log: (log output from command >> </span><span style="font-size: 16px;">freeradius -fxx -l stdout) and with "freeradius -X" it works fine.</span></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-size: 16px; font-family: 'times new roman', 'new york', times, serif; font-style: normal;"><span style="font-size: 16px;"><br></span></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-size: 16px;
font-family: 'times new roman', 'new york', times, serif; font-style: normal;"><span style="font-size: 16px;">My issue is that debug mode "freeradius -X" the authentication works great but once I try with normal mode it doesn't. I have checked all the permissions all are correct.</span></div><div style="font-family: 'times new roman', 'new york', times, serif; font-size: 16px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><span><br></span></div><div style="background-color: transparent;"><span><div style="background-color: transparent;">Ready to process requests.</div><div style="background-color: transparent;">rad_recv: Access-Request packet from host 192.168.1.99 port 50000, id=24, length=177</div><div style="background-color: transparent;">Threads: total/active/spare threads = 5/0/5</div><div style="background-color: transparent;">Waking up in 0.9 seconds.</div><div style="background-color: transparent;">Thread 5 got
semaphore</div><div style="background-color: transparent;">Thread 5 handling request 0, (1 handled so far)</div><div style="background-color: transparent;"> User-Name = "TEST.COM\\user1"</div><div style="background-color: transparent;"> Calling-Station-Id = "0000005e5523"</div><div style="background-color: transparent;"> EAP-Message = 0x0200003f01544553542e434f4d5c75736572317676646a65687563697275656b63746a6869747568666365726465666c747269726668626775747464686467</div><div style="background-color: transparent;"> Message-Authenticator = 0x07222d989a50a5ab3ad1a36ec1fe32d8</div><div style="background-color: transparent;">[<thread>] # Executing section authorize from file /etc/freeradius/sites-enabled/default</div><div style="background-color: transparent;">[<thread>] +- entering group authorize {...}</div><div style="background-color:
transparent;">++[preprocess] returns ok</div><div style="background-color: transparent;">++[chap] returns noop</div><div style="background-color: transparent;">++[mschap] returns noop</div><div style="background-color: transparent;">[suffix] No '@' in User-Name = "TEST.COM\user1", looking up realm NULL</div><div style="background-color: transparent;">[suffix] No such realm "NULL"</div><div style="background-color: transparent;">++[suffix] returns noop</div><div style="background-color: transparent;">[ntdomain] Looking up realm "TEST.COM" for User-Name = "TEST.COM\user1"</div><div style="background-color: transparent;">[ntdomain] No such realm "TEST.COM"</div><div style="background-color: transparent;">++[ntdomain] returns noop</div><div style="background-color: transparent;">[eap] EAP packet type response id 0 length 63</div><div style="background-color: transparent;">[eap] No EAP Start, assuming it's an on-going EAP conversation</div><div
style="background-color: transparent;">++[eap] returns updated</div><div style="background-color: transparent;">rlm_perl: Added pair User-Name = TEST.COM\\user1</div><div style="background-color: transparent;">rlm_perl: Added pair EAP-Message = 0x0200003f01544553542e434f4d5c75736572317676646a65687563697275656b63746a6869747568666365726465666c747269726668626775747464686467</div><div style="background-color: transparent;">rlm_perl: Added pair EAP-Type = Identity</div><div style="background-color: transparent;">rlm_perl: Added pair NAS-IP-Address = 192.168.1.99</div><div style="background-color: transparent;">rlm_perl: Added pair Calling-Station-Id = 0000005e5523</div><div style="background-color: transparent;">rlm_perl: Added pair Message-Authenticator = 0x07222d989a50a5ab3ad1a36ec1fe32d8</div><div style="background-color: transparent;">rlm_perl: Added pair Auth-Type = EAP</div><div style="background-color: transparent;">++[perl] returns ok</div><div
style="background-color: transparent;">[files] users: Matched entry DEFAULT at line 147</div><div style="background-color: transparent;">++[files] returns ok</div><div style="background-color: transparent;">[ldap] performing user authorization for TEST.COM\user1</div><div style="background-color: transparent;">[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=user1)</div><div style="background-color: transparent;">[ldap] expand: dc=example,dc=com -> dc=example,dc=com</div><div style="background-color: transparent;"> [ldap] ldap_get_conn: Checking Id: 0</div><div style="background-color: transparent;"> [ldap] ldap_get_conn: Got Id: 0</div><div style="background-color: transparent;"> [ldap] attempting LDAP reconnection</div><div style="background-color: transparent;"> [ldap] (re)connect to 192.168.1.120:389, authentication 0</div><div style="background-color: transparent;"> [ldap] bind as
cn=admin,dc=example,dc=com/yubico to 192.168.1.120:389</div><div style="background-color: transparent;"> [ldap] waiting for bind result ...</div><div style="background-color: transparent;"> [ldap] Bind was successful</div><div style="background-color: transparent;"> [ldap] performing search in dc=example,dc=com, with filter (uid=user1)</div><div style="background-color: transparent;">[ldap] No default NMAS login sequence</div><div style="background-color: transparent;">[ldap] looking for check items in directory...</div><div style="background-color: transparent;"> [ldap] userPassword -> Cleartext-Password == "yubico"</div><div style="background-color: transparent;"> [ldap] userPassword -> Password-With-Header == "yubico"</div><div style="background-color: transparent;">[ldap] looking for reply items in directory...</div><div style="background-color: transparent;">[ldap] user TEST.COM\user1 authorized to use remote
access</div><div style="background-color: transparent;"> [ldap] ldap_release_conn: Release Id: 0</div><div style="background-color: transparent;">++[ldap] returns ok</div><div style="background-color: transparent;">[pap] Config already contains "known good" password. Ignoring Password-With-Header</div><div style="background-color: transparent;">[pap] WARNING: Auth-Type already set. Not setting to PAP</div><div style="background-color: transparent;">++[pap] returns noop</div><div style="background-color: transparent;">Found Auth-Type = EAP</div><div style="background-color: transparent;"># Executing group from file /etc/freeradius/sites-enabled/default</div><div style="background-color: transparent;">+- entering group EAP {...}</div><div style="background-color: transparent;">rlm_perl: Added pair User-Name = TEST.COM\\user1</div><div style="background-color: transparent;">rlm_perl: Added pair EAP-Message =
0x0200003f01544553542e434f4d5c75736572317676646a65687563697275656b63746a6869747568666365726465666c747269726668626775747464686467</div><div style="background-color: transparent;">rlm_perl: Added pair Calling-Station-Id = 0000005e5523</div><div style="background-color: transparent;">rlm_perl: Added pair NAS-IP-Address = 192.168.1.99</div><div style="background-color: transparent;">rlm_perl: Added pair EAP-Type = Identity</div><div style="background-color: transparent;">rlm_perl: Added pair Message-Authenticator = 0x07222d989a50a5ab3ad1a36ec1fe32d8</div><div style="background-color: transparent;">rlm_perl: Added pair Cleartext-Password = yubico</div><div style="background-color: transparent;">rlm_perl: Added pair Password-With-Header = yubico</div><div style="background-color: transparent;">rlm_perl: Added pair Ldap-UserDn = uid=user1,ou=people,dc=example,dc=com</div><div style="background-color: transparent;">rlm_perl: Added pair Auth-Type = EAP</div><div
style="background-color: transparent;">++[perl] returns noop</div><div style="background-color: transparent;">[eap] EAP Identity</div><div style="background-color: transparent;">[eap] processing type tls</div><div style="background-color: transparent;">[tls] Initiate</div><div style="background-color: transparent;">[tls] Start returned 1</div><div style="background-color: transparent;">++[eap] returns handled</div><div style="background-color: transparent;">Sending Access-Challenge of id 24 to 192.168.1.99 port 50000</div><div style="background-color: transparent;"> EAP-Message = 0x010100061920</div><div style="background-color: transparent;"> Message-Authenticator = 0x00000000000000000000000000000000</div><div style="background-color: transparent;"> State = 0x122bbc42122aa5a2412bf0f529fb8dfe</div><div style="background-color: transparent;">Finished request 0.</div><div
style="background-color: transparent;">Going to the next request</div><div style="background-color: transparent;">Thread 5 waiting to be assigned a request</div><div style="background-color: transparent;">rad_recv: Access-Request packet from host 192.168.1.99 port 50000, id=25, length=348</div><div style="background-color: transparent;">Waking up in 0.9 seconds.</div><div style="background-color: transparent;">Thread 4 got semaphore</div><div style="background-color: transparent;">Thread 4 handling request 1, (1 handled so far)</div><div style="background-color: transparent;"> User-Name = "TEST.COM\\user1"</div><div style="background-color: transparent;"> Calling-Station-Id = "0000005e5523"</div><div style="background-color: transparent;"> EAP-Message =
0x020100d8190016030100cd010000c9030151189e9c9fbe653e32873d8edf71da69da00c2f53aba302ad4fd7b82cc7df16d00005cc014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f009600410007c011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000</div><div style="background-color: transparent;"> Message-Authenticator = 0x0455c39fc67f100bbe7b8bef15fbea80</div><div style="background-color: transparent;"> State = 0x122bbc42122aa5a2412bf0f529fb8dfe</div><div style="background-color: transparent;">[<thread>] # Executing section authorize from file /etc/freeradius/sites-enabled/default</div><div style="background-color: transparent;">[<thread>] +- entering group authorize {...}</div><div
style="background-color: transparent;">++[preprocess] returns ok</div><div style="background-color: transparent;">++[chap] returns noop</div><div style="background-color: transparent;">++[mschap] returns noop</div><div style="background-color: transparent;">[suffix] No '@' in User-Name = "TEST.COM\user1", looking up realm NULL</div><div style="background-color: transparent;">[suffix] No such realm "NULL"</div><div style="background-color: transparent;">++[suffix] returns noop</div><div style="background-color: transparent;">[ntdomain] Looking up realm "TEST.COM" for User-Name = "TEST.COM\user1"</div><div style="background-color: transparent;">[ntdomain] No such realm "TEST.COM"</div><div style="background-color: transparent;">++[ntdomain] returns noop</div><div style="background-color: transparent;">[eap] EAP packet type response id 1 length 216</div><div style="background-color: transparent;">[eap] Continuing tunnel setup.</div><div
style="background-color: transparent;">++[eap] returns ok</div><div style="background-color: transparent;">Found Auth-Type = EAP</div><div style="background-color: transparent;"># Executing group from file /etc/freeradius/sites-enabled/default</div><div style="background-color: transparent;">+- entering group EAP {...}</div><div style="background-color: transparent;"><span style="font-weight: bold;">rlm_perl: Added pair User-Name = [here the username is not getting ???] </span></div><div style="background-color: transparent;">rlm_perl: Added pair EAP-Message =
0x020100d8190016030100cd010000c9030151189e9c9fbe653e32873d8edf71da69da00c2f53aba302ad4fd7b82cc7df16d00005cc014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f009600410007c011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000</div><div style="background-color: transparent;">rlm_perl: Added pair EAP-Type = PEAP</div><div style="background-color: transparent;">rlm_perl: Added pair NAS-IP-Address = 192.168.1.99</div><div style="background-color: transparent;">rlm_perl: Added pair State = 0x122bbc42122aa5a2412bf0f529fb8dfe</div><div style="background-color: transparent;">rlm_perl: Added pair Calling-Station-Id = 0000005e5523</div><div style="background-color: transparent;">rlm_perl: Added pair Message-Authenticator =
0x0455c39fc67f100bbe7b8bef15fbea80</div><div style="background-color: transparent;">rlm_perl: Added pair Auth-Type = EAP</div><div style="background-color: transparent;">++[perl] returns noop</div><div style="background-color: transparent;">[eap] Request found, released from the list</div><div style="background-color: transparent;">[eap] Identity does not match User-Name. Authentication failed.</div><div style="background-color: transparent;">[eap] Failed in handler</div><div style="background-color: transparent;">++[eap] returns invalid</div><div style="background-color: transparent;">Failed to authenticate the user.</div><div style="background-color: transparent;">Using Post-Auth-Type Reject</div><div style="background-color: transparent;"># Executing group from file /etc/freeradius/sites-enabled/default</div><div style="background-color: transparent;">+- entering group REJECT {...}</div><div style="background-color:
transparent;">[attr_filter.access_reject] expand: %{User-Name} -></div><div style="background-color: transparent;">++[attr_filter.access_reject] returns noop</div><div style="background-color: transparent;">Delaying reject of request 1 for 1 seconds</div><div style="background-color: transparent;">Going to the next request</div><div style="background-color: transparent;">Thread 4 waiting to be assigned a request</div><div style="background-color: transparent;">rad_recv: Access-Request packet from host 192.168.1.99 port 50000, id=25, length=348</div><div style="background-color: transparent;">Waiting to send Access-Reject to client 14_192.168.1.99 port 50000 - ID: 25</div><div style="background-color: transparent;">Sending delayed reject for request 1</div><div style="background-color: transparent;">Sending Access-Reject of id 25 to 192.168.1.99 port 50000</div><div style="background-color: transparent;">Waking up in 3.9
seconds.</div><div style="background-color: transparent;">Cleaning up request 0 ID 24 with timestamp +8</div><div style="background-color: transparent;">Waking up in 1.0 seconds.</div><div style="background-color: transparent;">Cleaning up request 1 ID 25 with timestamp +8</div><div style="background-color: transparent;">Ready to process requests.</div><div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 16px; font-style: normal;"><br></div></span></div><div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt;"><br></div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt;"> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt;"> <div dir="ltr"> <font size="2" face="Arial"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Phil Mayers <p.mayers@imperial.ac.uk><br> <b><span
style="font-weight: bold;">To:</span></b> freeradius-users@lists.freeradius.org <br> <b><span style="font-weight: bold;">Sent:</span></b> Monday, 11 February 2013 3:57 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: freeradius not working in normal mode but working in debug mode<br> </font> </div> <br>On 02/11/2013 10:11 AM, Nandkumar Palkar wrote:<br>> version 2.1.10<br><br>You should upgrade; that version has a known security bug.<br><br>><br>> Module - LDAP<br>><br>> In this case debug log shows the username, but while i debug to stdout<br>> it shows no username.<br>><br>> freeradius -fxx -l stdout<br><br>Just to be clear - when you say it "works in debug mode" what *exactly* <br>do you mean? In usual use, "debug mode" means:<br><br>radiusd -X<br><br>...but you list a different command line. Which command line works, and <br>which command line doesn't?<br><br>When it doesn't work, what are the
symptoms?<br><br>Please show the debug output when it *does* work.<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br><br><br> </div> </div> </div></body></html>