<div dir="ltr"><div class="gmail_extra" style="font-family:arial,sans-serif;font-size:13px">Hi,</div><div class="gmail_extra" style="font-family:arial,sans-serif;font-size:13px"><br></div><div class="gmail_extra" style="font-family:arial,sans-serif;font-size:13px">
I just tried this on radiusd: FreeRADIUS Version 3.1.0 (git #b2d5a45), for host x86_64-unknown-linux-gnu, built on Mar 4 2014 at 11:31:20</div><div class="gmail_extra" style="font-family:arial,sans-serif;font-size:13px">
<br></div><div class="gmail_extra" style="font-family:arial,sans-serif;font-size:13px">but hitting the same error:</div><div class="gmail_extra" style="font-family:arial,sans-serif;font-size:13px"><br></div><div class="gmail_extra" style="font-family:arial,sans-serif;font-size:13px">
<div class="gmail_extra">rad_recv: Access-Request packet from host 10.x.x.100 port 65050, id=45, length=50</div><div class="gmail_extra"> User-Name = 'adamjseed'</div><div class="gmail_extra"> CHAP-Password = 0x64173a8adfdfb68e273ea9add77fa0e984</div>
<div class="gmail_extra">(2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default</div><div class="gmail_extra">(2) authorize {</div><div class="gmail_extra">(2) filter_username filter_username {</div>
<div class="gmail_extra">(2) ? if (!User-Name)</div><div class="gmail_extra">(2) ? if (!User-Name) -> FALSE</div><div class="gmail_extra">(2) ? if (User-Name != "%{tolower:%{User-Name}}")</div><div class="gmail_extra">
(2) expand: "%{tolower:%{User-Name}}" -> 'adamjseed'</div><div class="gmail_extra">(2) ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE</div><div class="gmail_extra">(2) ? if (User-Name =~ / /)</div>
<div class="gmail_extra">(2) ? if (User-Name =~ / /) -> FALSE</div><div class="gmail_extra">(2) ? if (User-Name =~ /@.*@/ )</div><div class="gmail_extra">(2) ? if (User-Name =~ /@.*@/ ) -> FALSE</div><div class="gmail_extra">
(2) ? if (User-Name =~ /\\.\\./ )</div><div class="gmail_extra">(2) ? if (User-Name =~ /\\.\\./ ) -> FALSE</div><div class="gmail_extra">(2) ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))</div>
<div class="gmail_extra">(2) ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE</div><div class="gmail_extra">(2) ? if (User-Name =~ /\\.$/)</div><div class="gmail_extra">(2) ? if (User-Name =~ /\\.$/) -> FALSE</div>
<div class="gmail_extra">(2) ? if (User-Name =~ /@\\./)</div><div class="gmail_extra">(2) ? if (User-Name =~ /@\\./) -> FALSE</div><div class="gmail_extra">(2) } # filter_username filter_username = notfound</div>
<div class="gmail_extra">(2) [preprocess] = ok</div><div class="gmail_extra">(2) chap : Setting 'Auth-Type := CHAP'</div><div class="gmail_extra">(2) [chap] = ok</div><div class="gmail_extra">(2) [mschap] = noop</div>
<div class="gmail_extra">(2) [digest] = noop</div><div class="gmail_extra">(2) suffix : No '@' in User-Name = "adamjseed", looking up realm NULL</div><div class="gmail_extra">(2) suffix : No such realm "NULL"</div>
<div class="gmail_extra">(2) [suffix] = noop</div><div class="gmail_extra">(2) eap : No EAP-Message, not doing EAP</div><div class="gmail_extra">(2) [eap] = noop</div><div class="gmail_extra">(2) [files] = noop</div>
<div class="gmail_extra">rlm_ldap (ldap): Reserved connection (4)</div><div class="gmail_extra">(2) ldap : expand: "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" -> '(uid=adamjseed)'</div><div class="gmail_extra">
(2) ldap : expand: "dc=example,dc=com" -> 'dc=example,dc=com'</div><div class="gmail_extra">(2) ldap : Performing search in 'dc=example,dc=com' with filter '(uid=adamjseed)', scope 'sub'</div>
<div class="gmail_extra">(2) ldap : Waiting for search result...</div><div class="gmail_extra">(2) ldap : User object found at DN "cn=adamjseed,ou=users,dc=example,dc=com"</div><div class="gmail_extra">(2) ldap : Processing user attributes</div>
<div class="gmail_extra">(2) ldap : control:Password-With-Header += 'Password01'</div><div class="gmail_extra">rlm_ldap (ldap): Released connection (4)</div><div class="gmail_extra">(2) [-ldap] = ok</div><div class="gmail_extra">
(2) [expiration] = noop</div><div class="gmail_extra">(2) [logintime] = noop</div><div class="gmail_extra">(2) WARNING: pap : Auth-Type already set. Not setting to PAP</div><div class="gmail_extra">(2) [pap] = noop</div>
<div class="gmail_extra">(2) } # authorize = ok</div><div class="gmail_extra">(2) Found Auth-Type = CHAP</div><div class="gmail_extra">(2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default</div><div class="gmail_extra">
(2) Auth-Type CHAP {</div><div class="gmail_extra">(2) chap : Login attempt by "adamjseed" with CHAP password</div><div class="gmail_extra">(2) ERROR: chap : Cleartext password is required for authentication</div>
<div class="gmail_extra">(2) [chap] = invalid</div><div class="gmail_extra">(2) } # Auth-Type CHAP = invalid</div><div class="gmail_extra">(2) Failed to authenticate the user</div><div class="gmail_extra">(2) Using Post-Auth-Type Reject</div>
<div class="gmail_extra">(2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default</div><div class="gmail_extra">(2) Post-Auth-Type REJECT {</div><div class="gmail_extra">(2) attr_filter.access_reject : expand: "%{User-Name}" -> 'adamjseed'</div>
<div class="gmail_extra">(2) attr_filter.access_reject : Matched entry DEFAULT at line 11</div><div class="gmail_extra">(2) [attr_filter.access_reject] = updated</div><div class="gmail_extra">(2) eap : Request didn't contain an EAP-Message, not inserting EAP-Failure</div>
<div class="gmail_extra">(2) [eap] = noop</div><div class="gmail_extra">(2) remove_reply_message_if_eap remove_reply_message_if_eap {</div><div class="gmail_extra">(2) ? if (reply:EAP-Message && reply:Reply-Message)</div>
<div class="gmail_extra">(2) ? if (reply:EAP-Message && reply:Reply-Message) -> FALSE</div><div class="gmail_extra">(2) else else {</div><div class="gmail_extra">(2) [noop] = noop</div><div class="gmail_extra">
(2) } # else else = noop</div><div class="gmail_extra">(2) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop</div><div class="gmail_extra">(2) } # Post-Auth-Type REJECT = update</div></div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Mon, Mar 3, 2014 at 10:01 PM, Arran Cudbard-Bell <span dir="ltr"><<a href="mailto:a.cudbardb@freeradius.org" target="_blank">a.cudbardb@freeradius.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class=""><br>
On 3 Mar 2014, at 20:15, Adam Seed <<a href="mailto:adamjseed@gmail.com">adamjseed@gmail.com</a>> wrote:<br>
<br>
> Finally got that working - Thanks Alan. Are there any plans to put this assumption in version 3?<br>
<br>
</div>Done.<br>
<div class="HOEnZb"><div class="h5"><br>
Arran Cudbard-Bell <<a href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a>><br>
FreeRADIUS Development Team<br>
<br>
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2<br>
<br>
</div></div><br>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br></div>