Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
April 2012
- 112 participants
- 163 discussions
20 Apr '12
Hi,
I have a dial-in system that use freeRADIUS as radius server. I have figured out how to log username and password from access requests in a SQL database. My next goal is to be able to keep on logging Username and password but accept all users regardless of username/password. The user shall not need to be listed as a user in the RADIUS server. I want to grant access for all users that dial in for access to the network, hut I need to log the username and password that they send to the RADIUS server.
Username and password are stored in a Mysql database and we use PAP.
Is it possible to make this configuration and if it is possible how do I do it.
/Henrik
2
1
Please read the mailing list archives, this very question and setup is often mentioned
alan
5
10
Alan,
Thanks for your reply.
Our FreeRadius server is servering the WLAN authentication.
For some reason, we need know the result for each authentication request, pass or fail.
We know the post-authentication query can do something which we know who is pass.
We don't have a method to log the rejected request.
Thanks!
------------------ Original ------------------
From: "freeradius-users"<freeradius-users-request(a)lists.freeradius.org>;
Date: Fri, Apr 20, 2012 03:30 PM
To: "freeradius-users"<freeradius-users(a)lists.freeradius.org>;
Subject: Freeradius-Users Digest, Vol 84, Issue 63
Send Freeradius-Users mailing list submissions to
freeradius-users(a)lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request(a)lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner(a)lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails. (Alan Buxey)
2. Re: Perl, MySQL & auth (Alan Buxey)
3. Re: Freeradius Access Requet ID (Alan DeKok)
4. Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails. (Wassim Zaarour)
5. Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails. (Fajar A. Nugraha)
6. Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails. (Wassim Zaarour)
7. Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails. (Fajar A. Nugraha)
----------------------------------------------------------------------
Message: 1
Date: Fri, 20 Apr 2012 07:30:20 +0100
From: Alan Buxey <A.L.M.Buxey(a)lboro.ac.uk>
To: "wassim.zaarour(a)navlink.com" <wassim.zaarour(a)navlink.com>,
"freeradius-users(a)lists.freeradius.org"
<freeradius-users(a)lists.freeradius.org>
Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.
Message-ID: <9339D497-E840-42EF-A2D5-779F77E0F5D9(a)lboro.ac.uk>
Content-Type: text/plain; charset="utf-8"
Please read the mailing list archives, this very question and setup is often mentioned
alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120420…>
------------------------------
Message: 2
Date: Fri, 20 Apr 2012 07:35:24 +0100
From: Alan Buxey <A.L.M.Buxey(a)lboro.ac.uk>
To: "fabrifloresg(a)gmail.com" <fabrifloresg(a)gmail.com>,
"freeradius-users(a)lists.freeradius.org"
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Perl, MySQL & auth
Message-ID: <EEA07012-72B5-438B-B5CE-039B6D237BA0(a)lboro.ac.uk>
Content-Type: text/plain; charset="utf-8"
Hi,
Some interesting system problems. Did you compile FR with PERL support....or if using distros version do they have additional packages you need to install eg freeradius-perl ?
We use PERL here...FR compiled with it supported and just 'use DBI;' at the top of the PERL script....no need to do ANYTHING with system libs or running parameters
alan
--
This smartphone has free WiFi worldwide with eduroam, now that IS smart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120420…>
------------------------------
Message: 3
Date: Fri, 20 Apr 2012 08:50:56 +0200
From: Alan DeKok <aland(a)deployingradius.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Freeradius Access Requet ID
Message-ID: <4F910750.7040104(a)deployingradius.com>
Content-Type: text/plain; charset=UTF-8
?????? wrote:
> What is the parameter name for freeradius access requet ID?
>
> For example,
> Called-Station-Id = "46-E7-CF-62-78-11"
> Called-Station-Id is the parameter name for NAS MAC address.
You can't look at the access request ID. It doesn't mean anything,
and there's no reason to look at it.
Alan DeKok.
------------------------------
Message: 4
Date: Fri, 20 Apr 2012 10:09:18 +0300
From: Wassim Zaarour <wassim.zaarour(a)navlink.com>
To: Alan Buxey <A.L.M.Buxey(a)lboro.ac.uk>,
"freeradius-users(a)lists.freeradius.org"
<freeradius-users(a)lists.freeradius.org>
Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.
Message-ID: <CBB6E5E1.ECFF%wassim.zaarour(a)navlink.com>
Content-Type: text/plain; charset="us-ascii"
Hi Alan,
I went through the archives and did some changes but still getting the
error, appreciate of you can help me a bit here.
I think I read that the ldap request must be proxied to the inner tunnel for
it work, is that true? How can we do that?
Thanks
Wassim.
From: Alan Buxey <A.L.M.Buxey(a)lboro.ac.uk>
Date: Friday, April 20, 2012 9:30 AM
To: Wassim Zaarour <wassim.zaarour(a)navlink.com>,
"freeradius-users(a)lists.freeradius.org"
<freeradius-users(a)lists.freeradius.org>
Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.
Please read the mailing list archives, this very question and setup is often
mentioned
alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120420…>
------------------------------
Message: 5
Date: Fri, 20 Apr 2012 14:15:59 +0700
From: "Fajar A. Nugraha" <list(a)fajar.net>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.
Message-ID:
<CAG1y0scEv7ZrF9OkB5-FKEyJuKOiGW=mmAUQNjt=5AS6j4OnHw(a)mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On Fri, Apr 20, 2012 at 2:09 PM, Wassim Zaarour
<wassim.zaarour(a)navlink.com> wrote:
> Hi Alan,
>
> I went through the archives and did some changes but still getting the
> error, appreciate of you can help me a bit here.
>
> I think I read that the ldap request must be proxied to the inner tunnel for
> it work, is that true? How can we do that?
Short version: you won't be able to get PEAP-MSCHAPv2 (i.e. what
windows use) to work with your LDAP. Period.
Long version:
MSCHAPv2 (which also means PEAP-MSCHAPv2) needs either:
- Cleartext-Password or NT-Hash available (in LDAP, sql, users file
whatever), OR
- an active directory
If you don't have either, then it won't work.
--
Fajar
------------------------------
Message: 6
Date: Fri, 20 Apr 2012 10:22:30 +0300
From: Wassim Zaarour <wassim.zaarour(a)navlink.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.
Message-ID: <CBB6E904.ED05%wassim.zaarour(a)navlink.com>
Content-Type: text/plain; CHARSET=US-ASCII
On 4/20/12 10:15 AM, "Fajar A. Nugraha" <list(a)fajar.net> wrote:
>On Fri, Apr 20, 2012 at 2:09 PM, Wassim Zaarour
><wassim.zaarour(a)navlink.com> wrote:
>> Hi Alan,
>>
>> I went through the archives and did some changes but still getting the
>> error, appreciate of you can help me a bit here.
>>
>> I think I read that the ldap request must be proxied to the inner
>>tunnel for
>> it work, is that true? How can we do that?
>
>Short version: you won't be able to get PEAP-MSCHAPv2 (i.e. what
>windows use) to work with your LDAP. Period.
>
>Long version:
>MSCHAPv2 (which also means PEAP-MSCHAPv2) needs either:
>- Cleartext-Password or NT-Hash available (in LDAP, sql, users file
>whatever), OR
>- an active directory
>
>If you don't have either, then it won't work.
Hi Farja,
Passwords are stored as clear text in my LDAP, that should make MSCHAPv2
work right?
Wassim
------------------------------
Message: 7
Date: Fri, 20 Apr 2012 14:30:42 +0700
From: "Fajar A. Nugraha" <list(a)fajar.net>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.
Message-ID:
<CAG1y0sch+7s+r9+G5Gp5oxhca6wAjbek=j9L6_4gqDWU_sEztg(a)mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On Fri, Apr 20, 2012 at 2:22 PM, Wassim Zaarour
<wassim.zaarour(a)navlink.com> wrote:
> On 4/20/12 10:15 AM, "Fajar A. Nugraha" <list(a)fajar.net> wrote:
>>Long version:
>>MSCHAPv2 (which also means PEAP-MSCHAPv2) needs either:
>>- Cleartext-Password or NT-Hash available (in LDAP, sql, users file
>>whatever), OR
>>- an active directory
>>
>>If you don't have either, then it won't work.
>
> Hi Farja,
>
> Passwords are stored as clear text in my LDAP, that should make MSCHAPv2
> work right?
Yes, if FR can find them. This part of the log says it can't:
[ldap] performing search in o=navbey.com, dc=navbey,dc=com, with filter
(uid=pk)
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that
the user is configured correctly?
You might need to play around with the user used to login to LDAP, as
some systems only give out passwords to admin accounts. Testing manual
LDAP lookup using command line tool (e.g. ldapsearch) helps. If you
CAN get your ldap server to return cleartext password with ldapsearch,
then you should be able to configure FR to get that as well.
--
Fajar
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 84, Issue 63
************************************************
2
1
Hello,
What is the parameter name for freeradius access requet ID?
For example,
Called-Station-Id = "46-E7-CF-62-78-11"
Called-Station-Id is the parameter name for NAS MAC address.
Thanks!
Tom
------------------ Original ------------------
From: "freeradius-users"<freeradius-users-request(a)lists.freeradius.org>;
Date: Fri, Apr 20, 2012 08:12 AM
To: "freeradius-users"<freeradius-users(a)lists.freeradius.org>;
Subject: Freeradius-Users Digest, Vol 84, Issue 60
Send Freeradius-Users mailing list submissions to
freeradius-users(a)lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request(a)lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner(a)lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Perl, MySQL & auth (Fabricio Flores)
2. Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails. (alan buxey)
3. Re: Perl, MySQL & auth (alan buxey)
4. Re: using windows 8's builtin eap-ttls... Windows 8 bug
(Matthew Newton)
5. Re: using windows 8's builtin eap-ttls... Windows 8 bug
(alan buxey)
6. Re: Perl, MySQL & auth (Fabricio Flores)
----------------------------------------------------------------------
Message: 1
Date: Thu, 19 Apr 2012 10:48:28 -0500
From: Fabricio Flores <fabrifloresg(a)gmail.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Perl, MySQL & auth
Message-ID:
<CAJfLZm94kTamUafQf5QNxs95yOti9zEEy3bQNNvb4zPdw4dAnQ(a)mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi... I worked in my perl script... i did the conection to the web service
and it works... I configure freeradius (add perl and sql) in auth section,
I made a debug with freeradius -X but I don?t know if freeradius read the
perl script before work with mysql... i have this output:
rad_recv: Access-Request packet from host 127.0.0.1 port 45894, id=120,
length=62
User-Name = "1104015936"
User-Password = "fabricio1"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "usuario", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
rlm_perl: Added pair User-Name = usuario
rlm_perl: Added pair User-Password = clave
rlm_perl: Added pair NAS-Port = 1812
rlm_perl: Added pair NAS-IP-Address = 127.0.1.1
++[perl] returns ok
[sql] expand: %{User-Name} -> 1104015936
[sql] sql_set_user escaped user --> 'usuario'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY
id -> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'usuario' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'usuario'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
[sql] User usuario not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> usuario
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 120 to 127.0.0.1 port 45894
Waking up in 4.9 seconds.
Cleaning up request 1 ID 120 with timestamp +410
Ready to process requests.
El 9 de abril de 2012 16:49, Fajar A. Nugraha <list(a)fajar.net> escribi?:
> On Mon, Apr 9, 2012 at 10:49 PM, Fabricio Flores <fabrifloresg(a)gmail.com>
> wrote:
> > is possible to use the perl and mysql in authorization section? in
>
> As I've already said, yes.
>
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Fabricio A. Flores G.
Egresado en Ingenier?a en Sistemas
MSN: fabri_floresg(a)hotmail.com
Google: fabrifloresg(a)gmail.com
Twitter: fabricioflores
Skype: fabriciofloresgallardo
Blog Personal <http://fabricioflores.wordpress.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120419…>
------------------------------
Message: 2
Date: Thu, 19 Apr 2012 16:53:42 +0100
From: alan buxey <A.L.M.Buxey(a)lboro.ac.uk>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: LDAP-FreeRadius-Cisco Switch-802.1x Fails.
Message-ID: <20120419155342.GD1845(a)lboro.ac.uk>
Content-Type: text/plain; charset=us-ascii
hi,
quick look seems to show that you dont have a suitable authorise
section in the inner tunnel.
the tunnel gets started...your client rejects the default md5
the server sent - and EAP-TTLS gets done...the username/password
gets sent but has nothing to go against.... so I suggest
you add
'ldap' to the inner-tunnel virtual server (in same way that ldap and
LDAP are defined in default server...)
alan
------------------------------
Message: 3
Date: Thu, 19 Apr 2012 16:56:10 +0100
From: alan buxey <A.L.M.Buxey(a)lboro.ac.uk>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Perl, MySQL & auth
Message-ID: <20120419155610.GE1845(a)lboro.ac.uk>
Content-Type: text/plain; charset=utf-8
Hi,
> Hi... I worked in my perl script... i did the conection to the web service
> and it works... I configure freeradius (add perl and sql) in auth section,
> I made a debug with freeradius -X but I don?t know if freeradius read the
> perl script before work with mysql... i have this output:
the logs show the perl being called before the sql...and the sql failing with
usuario userid not being found
alan
------------------------------
Message: 4
Date: Thu, 19 Apr 2012 19:53:13 +0100
From: Matthew Newton <mcn4(a)leicester.ac.uk>
To: aman.arneja(a)microsoft.com
Cc: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: using windows 8's builtin eap-ttls... Windows 8 bug
Message-ID: <20120419185313.GC10911(a)rootmail.cc.le.ac.uk>
Content-Type: text/plain; charset=us-ascii
Hi Aman,
(I'm copying freeradius-users to feedback to the thread, but
as it's not really a FR issue I'm happy for you to take this
off-list if you want any more details/testing).
On Mon, Mar 05, 2012 at 08:19:15PM +0000, Alan Buxey wrote:
> right. interesting. I've just been looking into Windows 8 and I found
> that if I chose a non-EAP method with TTLS (eg PAP or MSCHAP) then it
> didnt work. but if I chose an EAP method with TTLS - eg EAP-MSCHAPv2 then
> it worked fine. so more needs to be looked at there.
We've been digging into this a bit more and testing the TTLS
support with Windows 8. Really nice to see more options than just
PEAP at last :-)
There seems to be a bug in the Windows 8 TTLS ACK, which means
that EAP-TTLS/MS-CHAPv2 doesn't work (EAP-TTLS/MSCHAP and
EAP-TTLS/EAP-MSCHAP-V2 are OK).
Having received an Access-Accept from the inner tunnel (after the
mschap module succeeded), FreeRADIUS sends an Access-Challenge
back to the NAS. See src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c:675.
The end device should respond to the challenge with a TTLS ACK.
RFC 5281 s9.2.3 says:
"An Acknowledgement packet is an EAP-TTLS packet with no
additional data beyond the Flags octet, and with the L, M, and S
bits of the Flags octet set to 0. (Note, however, that the V
field MUST still be set to the appropriate version number.)"
(this is correctly handled in FR src/modules/rlm_eap/libeap/eap_tls.c:375)
The EAP-Message in the resulting Access-Request from Win8 is:
EAP-Message = 0x020b000a158000000000
Which is Response / id 11 / length 10 / type TTLS, then:
flags 0x80 ('length included') followed by a length of 00000000.
Note the RFC says that no additional data beyond Flags, and L/M/S
all set to 0 - here, L is set to 1, so it's not a correctly formed
ACK (albeit looking like one with Length set to 0), so FR bombs
out with:
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 0
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] SSL_read Error
[ttls] Error in fragmentation logic
[ttls] eaptls_process returned 4
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
eapol_test with EAP-TTLS/MSCHAP-v2 works fine, and sends the TTLS
ACK back as:
EAP-Message = 0x020800061500
which is fine - flags all 0, no TTLS length supplied.
Windows 8 with EAP-TTLS/MSCHAP is also fine, as there is no
Access-Challenge sent; it's a direct Access-Accept with
EAP-Message 0x030a0004 (Success).
As Alan noted, EAP-TTLS/EAP-MSCHAP-V2 also seems fine.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <mcn4(a)le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp(a)le.ac.uk>
------------------------------
Message: 5
Date: Thu, 19 Apr 2012 22:02:27 +0100
From: alan buxey <A.L.M.Buxey(a)lboro.ac.uk>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Cc: "aman.arneja(a)microsoft.com" <aman.arneja(a)microsoft.com>
Subject: Re: using windows 8's builtin eap-ttls... Windows 8 bug
Message-ID: <20120419210227.GA2768(a)lboro.ac.uk>
Content-Type: text/plain; charset=us-ascii
Hi,
> We've been digging into this a bit more and testing the TTLS
> support with Windows 8. Really nice to see more options than just
> PEAP at last :-)
thanks for the further testing/verification Matthew :-)
alan
------------------------------
Message: 6
Date: Thu, 19 Apr 2012 19:12:36 -0500
From: Fabricio Flores <fabrifloresg(a)gmail.com>
To: FreeRadius users mailing list
<freeradius-users(a)lists.freeradius.org>
Subject: Re: Perl, MySQL & auth
Message-ID:
<CAJfLZm88gdUSMR8bNZhmiKuP_Hp2QT3Jm6ODyLQmhL2K6LMgAA(a)mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
ok i start the freeradius with freeradius -x and i have this error:
Can't load '/usr/lib/perl5/auto/DBI/DBI.so' for module DBI:
/usr/lib/perl5/auto/DBI/DBI.so: undefined symbol: PL_memory_wrap at
/usr/lib/perl/5.12/DynaLoader.pm line 192.
I read in another post that is an error because i use dbi of perl... so i
started freeradius with:
LD_PRELOAD=/usr/lib/libperl.so.5.12.4 freeradius -X
in this way freeradius daemon starts but in the freeradius log i have this:
Thu Apr 19 18:27:55 2012 : Info: Loaded virtual server inner-tunnel
Thu Apr 19 18:27:55 2012 : Error: rlm_perl: perl_parse failed:
/etc/freeradius/example.pl not found or has syntax errors.
Thu Apr 19 18:27:55 2012 : Error: /etc/freeradius/modules/perl[7]:
Instantiation failed for module "perl"
Thu Apr 19 18:27:55 2012 : Error:
/etc/freeradius/sites-enabled/default[265]: Failed to load module "perl".
Thu Apr 19 18:27:55 2012 : Error:
/etc/freeradius/sites-enabled/default[265]: Failed to parse "perl" entry.
Thu Apr 19 18:27:55 2012 : Error: Failed to load virtual server <default>
i test the perl script without freeradius variables and it works
El 19 de abril de 2012 10:56, alan buxey <A.L.M.Buxey(a)lboro.ac.uk> escribi?:
> Hi,
>
> > Hi... I worked in my perl script... i did the conection to the web
> service
> > and it works... I configure freeradius (add perl and sql) in auth
> section,
> > I made a debug with freeradius -X but I don?t know if freeradius read
> the
> > perl script before work with mysql... i have this output:
>
> the logs show the perl being called before the sql...and the sql failing
> with
> usuario userid not being found
>
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Fabricio A. Flores G.
Egresado en Ingenier?a en Sistemas
MSN: fabri_floresg(a)hotmail.com
Google: fabrifloresg(a)gmail.com
Twitter: fabricioflores
Skype: fabriciofloresgallardo
Blog Personal <http://fabricioflores.wordpress.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120419…>
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 84, Issue 60
************************************************
2
1
Hi,
Some interesting system problems. Did you compile FR with PERL support....or if using distros version do they have additional packages you need to install eg freeradius-perl ?
We use PERL here...FR compiled with it supported and just 'use DBI;' at the top of the PERL script....no need to do ANYTHING with system libs or running parameters
alan
--
This smartphone has free WiFi worldwide with eduroam, now that IS smart
1
0
Hi List,
I have set up Freeadius 2.1.10 to authenticate with ldap.
I have a cisco switch and using my Mac Laptop to connect.
If I try to connect using ldap credentials the authentication fails, though
the same credentials work if I use them with radtest on the localhost
If I try to connect using a username defined as clear text in the users
file, the authentication succeeds.
As I understood that ldap will only accept clear text passwords, I am
wondering why the radtest succeeds while connecting from the Mac OS fails,
is the Mac OS not sending the password in clear text?
I appreciate any help understanding this.
Wassim C. Zaarour
Systems & Network Engineer
NavLink (an AT&T Affiliated company)
www.navlink.com
³The information contained in this e-mail is confidential. This e-mail is
intended only for the stated addressee. If you are not an addressee, you
must not disclose, copy, circulate or in any other way use or rely on the
information contained in this e-mail. If you have received this e-mail in
error, please inform us immediately and delete it and all copies from your
system.²
3
8
Hi everyone.. I have a little problem... I have users with a web service
but I need to store the accounting in a mysql database because I use
daloradius. So I have an authentication with SQL module but I need to add
users before authorization. So I think if is possible to use the perl
module in the authorization section to add users to MySQL database and
after freeradius do an authorization with the mysql database.
--
Fabricio A. Flores G.
Egresado en Ingeniería en Sistemas
Twitter: fabricioflores
Skype: fabriciofloresgallardo
Blog Personal <http://fabricioflores.wordpress.com/>
3
6
We've been using SecureW2's client with our Freeradius server using EAP-TTLS/PAP authentication. From doing some very preliminary
testing with the Windows 8 consumer preview, I've noticed that MS is now including EAP-TTLS support directly in windows.
Unfortunately, I haven't had any luck getting this working yet. From looking over the radius logs, everything appears to be
authenticating correctly, but then windows sits at "Checking network requirements" for a few minutes before dying. Below are the
steps I have taken to configure windows to connect to our network so far. Has anyone else had luck with this yet?
1. Open the "Network and Sharing Center" either through the control panel or by right clicking the network icon in your tray
2. Click "Set up a new connection or network"
3. Click "Manually connect to a wireless network"
4. Enter the network name and choose WPA2-Enterprise for Security Type, then click Next
5. Click "Change connection settings"
6. Go to the security tab and choose "Microsoft EAP-TTLS" from the "Network Authentication Method" dropdown
7. Click "Settings" and uncheck "Enable identity privacy"
8. Click OK twice
9. Click the wifi icon in your tray and choose your secure wireless network
10. You will now be prompted for your username & password
Brian Gold
System Administrator
Bard College at Simon's Rock
5
6
A cursory look suggests we may use some of the effected codepaths
in CVE-2012-2110 (http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html)
and given that FreeRADIUS often deals with certificates from
sources that are not under direct control of administrators (dot1x clients,
federation servers, etc.) this might be worth a news page post.
--
Brian S. Julin
Network Administrator
Clark University
2
1
Hello list,
I'm testing FreeRADIUS ldap authentication and ldap authorization, in
the default server config I defined:
authorize {
...
redundant-load-balance {
ldap1
ldap2
ldap3
}
# Allow only members of AD-Group
"cn=radius.users,ou=Groups,dc=test,dc=local" !
if(Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") {
...several Ldap-Group queries to decide which
attributes will be returned
}
...
}
authenticate {
...
Auth-Type LDAP {
redundant-load-balance {
ldap1
ldap2
ldap3
}
}
...
}
The three ldap modules are well configured, I hope so. See freeradius
-X output below.
During FreeRADIUS performance test as described in
/usr/share/doc/freeradius/performance-testing.gz I noticed that FR does
for the ldap-group query above (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") no load-balancing or
fall-through to other ldap modules. Every time only ldap module ldap3 is
taken to do this ldap-group query.
When I disable the nic of the ldap server referenced in ldap module
ldap3 and authenticate with an existing user in AD I get an
Access-Accept but without the return RADIUS Attributes I configured for
special ldap-group membership inside the nested if bracket. No fail-over
to the other ldap modules happens, although the other two ldap servers
are up and running and reachable.
Why FR doesn't load balance for this ldap-query?
Thanks in advance,
Tobias Hachmer
Output of freeradius -X is a lot:
root@asaradius1:/etc/freeradius# freeradius -X
FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Oct
24 2011 at 15:27:27
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/redis
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/ldap2
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/rediswho
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/ldap1
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/ldap3
including configuration file /etc/freeradius/modules/expr
including configuration file
/etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/soh
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/replicate
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/status
including configuration file /etc/freeradius/sites-enabled/default
including configuration file
/etc/freeradius/sites-enabled/control-socket
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client Test1 {
ipaddr = 192.168.72.11
netmask = 32
require_message_authenticator = no
secret = "testing123"
shortname = "Test"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file
/etc/freeradius/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file
/etc/freeradius/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/etc/freeradius/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/etc/freeradius/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan
"
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/sites-enabled/default
modules {
Module: Creating Auth-Type = LDAP
Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_ldap
Module: Instantiating module "ldap1" from file
/etc/freeradius/modules/ldap1
ldap ldap1 {
server = "ldaps://testwdc1.test.local"
port = 636
password = "abc321!"
identity = "cn=Free RADIUS,cn=Users,dc=test,dc=local"
net_timeout = 1
timeout = 4
timelimit = 3
tls_mode = no
start_tls = no
tls_require_cert = "allow"
tls {
start_tls = no
cacertfile = "/etc/freeradius/certs/cacert.pem"
require_cert = "allow"
}
basedn = "ou=Frankfurt,dc=test,dc=local"
filter =
"(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
auto_header = no
access_attr_used_for_allow = yes
groupname_attribute = "cn"
groupmembership_filter =
"(&(objectClass=group)(member=%{control:Ldap-UserDn}))"
dictionary_mapping = "/etc/freeradius/ldap.attrmap"
ldap_debug = 40
ldap_connections_number = 5
compare_check_items = no
do_xlat = yes
edir_account_policy_check = no
set_auth_type = yes
keepalive {
idle = 60
probes = 3
interval = 3
}
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap1-Ldap-Group
rlm_ldap: Registering ldap_groupcmp for ldap1-Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap1
rlm_ldap: reading ldap<->radius mappings from file
/etc/freeradius/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS
Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS
Tunnel-Private-Group-Id
conns: 0xc9fae0
Module: Instantiating module "ldap2" from file
/etc/freeradius/modules/ldap2
ldap ldap2 {
server = "ldaps://testwdc2.test.local"
port = 636
password = "abc321!"
identity = "cn=Free RADIUS,cn=Users,dc=test,dc=local"
net_timeout = 1
timeout = 4
timelimit = 3
tls_mode = no
start_tls = no
tls_require_cert = "allow"
tls {
start_tls = no
cacertfile = "/etc/freeradius/certs/cacert.pem"
require_cert = "demand"
}
basedn = "ou=Frankfurt,dc=test,dc=local"
filter =
"(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
auto_header = no
access_attr_used_for_allow = yes
groupname_attribute = "cn"
groupmembership_filter =
"(&(objectClass=group)(member=%{control:Ldap-UserDn}))"
dictionary_mapping = "/etc/freeradius/ldap.attrmap"
ldap_debug = 0
ldap_connections_number = 5
compare_check_items = no
do_xlat = yes
edir_account_policy_check = no
set_auth_type = yes
keepalive {
idle = 60
probes = 3
interval = 3
}
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap2-Ldap-Group
rlm_ldap: Registering ldap_groupcmp for ldap2-Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap2
rlm_ldap: reading ldap<->radius mappings from file
/etc/freeradius/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS
Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS
Tunnel-Private-Group-Id
conns: 0xca2090
Module: Instantiating module "ldap3" from file
/etc/freeradius/modules/ldap3
ldap ldap3 {
server = "ldaps://testwdc3.test.local"
port = 636
password = "abc321!"
identity = "cn=Free RADIUS,cn=Users,dc=test,dc=local"
net_timeout = 1
timeout = 4
timelimit = 3
tls_mode = no
start_tls = no
tls_require_cert = "allow"
tls {
start_tls = no
cacertfile = "/etc/freeradius/cacert.pem"
require_cert = "demand"
}
basedn = "ou=Frankfurt,dc=test,dc=local"
filter =
"(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
auto_header = no
access_attr_used_for_allow = yes
groupname_attribute = "cn"
groupmembership_filter =
"(&(objectClass=group)(member=%{control:Ldap-UserDn}))"
dictionary_mapping = "/etc/freeradius/ldap.attrmap"
ldap_debug = 0
ldap_connections_number = 5
compare_check_items = no
do_xlat = yes
edir_account_policy_check = no
set_auth_type = yes
keepalive {
idle = 60
probes = 3
interval = 3
}
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap3-Ldap-Group
rlm_ldap: Registering ldap_groupcmp for ldap3-Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap3
rlm_ldap: reading ldap<->radius mappings from file
/etc/freeradius/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS
Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS
Tunnel-Private-Group-Id
conns: 0xca4640
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file
/etc/freeradius/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/etc/freeradius/modules/preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_detail
Module: Instantiating module "auth_log" from file
/etc/freeradius/modules/detail.log
detail auth_log {
detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_always
Module: Instantiating module "reject" from file
/etc/freeradius/modules/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/etc/freeradius/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating module "detail" from file
/etc/freeradius/modules/detail
detail {
detailfile =
"/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file
/etc/freeradius/modules/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/etc/freeradius/modules/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from
file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
Module: Checking session {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file
/etc/freeradius/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
} # modules
} # server
server status { # from file /etc/freeradius/sites-enabled/status
modules {
Module: Creating Autz-Type = Status-Server
Module: Checking authorize {...} for more modules to load
Module: Instantiating module "ok" from file
/etc/freeradius/modules/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/var/run/freeradius/freeradius.sock"
uid = "freerad"
gid = "freerad"
mode = "rw"
}
}
listen {
type = "status"
ipaddr = 127.0.0.1
port = 18120
client admin {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "adminsecret"
}
}
... adding new socket proxy address * port 44399
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/freeradius/freeradius.sock
Listening on status address 127.0.0.1 port 18120 as server status
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=155, length=52
User-Name = "fkd"
User-Password = "hhbea"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:05:47 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for fkd
[ldap1] expand: %{Stripped-User-Name} ->
[ldap1] ... expanding second conditional
[ldap1] expand: %{User-Name} -> fkd
[ldap1] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=fkd)
[ldap1] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] attempting LDAP reconnection
[ldap1] (re)connect to ldaps://testwdc1.test.local, authentication 0
[ldap1] setting TLS CACert File to /etc/freeradius/certs/cacert.pem
[ldap1] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc1.test.local
[ldap1] waiting for bind result ...
[ldap1] Bind was successful
[ldap1] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=fkd)
[ldap1] object not found
[ldap1] search failed
[ldap1] ldap_release_conn: Release Id: 0
+++[ldap1] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> fkd
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=fkd)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> fkd
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 155 to 192.168.72.11 port 52586
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=106, length=53
User-Name = "vfyg"
User-Password = "aiuqnb"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:05:48 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap2] performing user authorization for vfyg
[ldap2] expand: %{Stripped-User-Name} ->
[ldap2] ... expanding second conditional
[ldap2] expand: %{User-Name} -> vfyg
[ldap2] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=vfyg)
[ldap2] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap2] ldap_get_conn: Checking Id: 0
[ldap2] ldap_get_conn: Got Id: 0
[ldap2] attempting LDAP reconnection
[ldap2] (re)connect to ldaps://testwdc2.test.local, authentication 0
[ldap2] setting TLS CACert File to /etc/freeradius/certs/cacert.pem
[ldap2] setting TLS Require Cert to demand
[ldap2] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc2.test.local
[ldap2] waiting for bind result ...
[ldap2] Bind was successful
[ldap2] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=vfyg)
[ldap2] object not found
[ldap2] search failed
[ldap2] ldap_release_conn: Release Id: 0
+++[ldap2] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> vfyg
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=vfyg)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> vfyg
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 106 to 192.168.72.11 port 52586
Finished request 1.
Going to the next request
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=2, length=55
User-Name = "daboib"
User-Password = "tqfblh"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:05:49 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap3] performing user authorization for daboib
[ldap3] expand: %{Stripped-User-Name} ->
[ldap3] ... expanding second conditional
[ldap3] expand: %{User-Name} -> daboib
[ldap3] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=daboib)
[ldap3] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
[ldap3] search failed
[ldap3] ldap_release_conn: Release Id: 0
+++[ldap3] returns fail
[ldap1] performing user authorization for daboib
[ldap1] expand: %{Stripped-User-Name} ->
[ldap1] ... expanding second conditional
[ldap1] expand: %{User-Name} -> daboib
[ldap1] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=daboib)
[ldap1] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=daboib)
[ldap1] object not found
[ldap1] search failed
[ldap1] ldap_release_conn: Release Id: 0
+++[ldap1] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> daboib
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=daboib)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> daboib
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 2 to 192.168.72.11 port 52586
Finished request 2.
Going to the next request
Waking up in 1.9 seconds.
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=79, length=52
User-Name = "qyc"
User-Password = "bpd"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:05:51 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for qyc
[ldap1] expand: %{Stripped-User-Name} ->
[ldap1] ... expanding second conditional
[ldap1] expand: %{User-Name} -> qyc
[ldap1] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=qyc)
[ldap1] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=qyc)
[ldap1] object not found
[ldap1] search failed
[ldap1] ldap_release_conn: Release Id: 0
+++[ldap1] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> qyc
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=qyc)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> qyc
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 79 to 192.168.72.11 port 52586
Finished request 3.
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=160, length=52
User-Name = "xlb"
User-Password = "shu"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:05:52 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for xlb
[ldap1] expand: %{Stripped-User-Name} ->
[ldap1] ... expanding second conditional
[ldap1] expand: %{User-Name} -> xlb
[ldap1] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=xlb)
[ldap1] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=xlb)
[ldap1] object not found
[ldap1] search failed
[ldap1] ldap_release_conn: Release Id: 0
+++[ldap1] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> xlb
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=xlb)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> xlb
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 4 for 1 seconds
Going to the next request
Cleaning up request 0 ID 155 with timestamp +57
Sending delayed reject for request 4
Sending Access-Reject of id 160 to 192.168.72.11 port 52586
Waking up in 1.0 seconds.
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=4, length=54
User-Name = "vxtva"
User-Password = "rafjwdr"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:05:53 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap2] performing user authorization for vxtva
[ldap2] expand: %{Stripped-User-Name} ->
[ldap2] ... expanding second conditional
[ldap2] expand: %{User-Name} -> vxtva
[ldap2] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=vxtva)
[ldap2] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap2] ldap_get_conn: Checking Id: 0
[ldap2] ldap_get_conn: Got Id: 0
[ldap2] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=vxtva)
[ldap2] object not found
[ldap2] search failed
[ldap2] ldap_release_conn: Release Id: 0
+++[ldap2] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> vxtva
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=vxtva)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> vxtva
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 4 to 192.168.72.11 port 52586
Finished request 5.
Going to the next request
Cleaning up request 1 ID 106 with timestamp +58
Waking up in 1.9 seconds.
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=173, length=54
User-Name = "nquna"
User-Password = "hffe"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:05:54 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for nquna
[ldap1] expand: %{Stripped-User-Name} ->
[ldap1] ... expanding second conditional
[ldap1] expand: %{User-Name} -> nquna
[ldap1] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=nquna)
[ldap1] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=nquna)
[ldap1] object not found
[ldap1] search failed
[ldap1] ldap_release_conn: Release Id: 0
+++[ldap1] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> nquna
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=nquna)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> nquna
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 173 to 192.168.72.11 port 52586
Finished request 6.
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=115, length=57
User-Name = "vlsagjxx"
User-Password = "hihmb"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:05:55 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for vlsagjxx
[ldap1] expand: %{Stripped-User-Name} ->
[ldap1] ... expanding second conditional
[ldap1] expand: %{User-Name} -> vlsagjxx
[ldap1] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=vlsagjxx)
[ldap1] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=vlsagjxx)
[ldap1] object not found
[ldap1] search failed
[ldap1] ldap_release_conn: Release Id: 0
+++[ldap1] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> vlsagjxx
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=vlsagjxx)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> vlsagjxx
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 7 for 1 seconds
Going to the next request
Cleaning up request 2 ID 2 with timestamp +59
Sending delayed reject for request 7
Sending Access-Reject of id 115 to 192.168.72.11 port 52586
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=90, length=54
User-Name = "bcrtp"
User-Password = "ficei"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:05:56 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for bcrtp
[ldap1] expand: %{Stripped-User-Name} ->
[ldap1] ... expanding second conditional
[ldap1] expand: %{User-Name} -> bcrtp
[ldap1] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=bcrtp)
[ldap1] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=bcrtp)
[ldap1] object not found
[ldap1] search failed
[ldap1] ldap_release_conn: Release Id: 0
+++[ldap1] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> bcrtp
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=bcrtp)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> bcrtp
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 90 to 192.168.72.11 port 52586
Finished request 8.
Going to the next request
Cleaning up request 3 ID 79 with timestamp +61
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=176, length=54
User-Name = "dkova"
User-Password = "skmlqw"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:05:57 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap2] performing user authorization for dkova
[ldap2] expand: %{Stripped-User-Name} ->
[ldap2] ... expanding second conditional
[ldap2] expand: %{User-Name} -> dkova
[ldap2] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=dkova)
[ldap2] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap2] ldap_get_conn: Checking Id: 0
[ldap2] ldap_get_conn: Got Id: 0
[ldap2] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=dkova)
[ldap2] object not found
[ldap2] search failed
[ldap2] ldap_release_conn: Release Id: 0
+++[ldap2] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> dkova
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=dkova)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> dkova
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 176 to 192.168.72.11 port 52586
Finished request 9.
Going to the next request
Cleaning up request 4 ID 160 with timestamp +62
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=106, length=54
User-Name = "fnenl"
User-Password = "kjbjclqw"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:05:58 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap2] performing user authorization for fnenl
[ldap2] expand: %{Stripped-User-Name} ->
[ldap2] ... expanding second conditional
[ldap2] expand: %{User-Name} -> fnenl
[ldap2] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=fnenl)
[ldap2] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap2] ldap_get_conn: Checking Id: 0
[ldap2] ldap_get_conn: Got Id: 0
[ldap2] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=fnenl)
[ldap2] object not found
[ldap2] search failed
[ldap2] ldap_release_conn: Release Id: 0
+++[ldap2] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> fnenl
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=fnenl)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> fnenl
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 10 for 1 seconds
Going to the next request
Cleaning up request 5 ID 4 with timestamp +63
Sending delayed reject for request 10
Sending Access-Reject of id 106 to 192.168.72.11 port 52586
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=54, length=53
User-Name = "txhj"
User-Password = "qdmjrgrm"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:05:59 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap3] performing user authorization for txhj
[ldap3] expand: %{Stripped-User-Name} ->
[ldap3] ... expanding second conditional
[ldap3] expand: %{User-Name} -> txhj
[ldap3] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=txhj)
[ldap3] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
[ldap3] search failed
[ldap3] ldap_release_conn: Release Id: 0
+++[ldap3] returns fail
[ldap1] performing user authorization for txhj
[ldap1] expand: %{Stripped-User-Name} ->
[ldap1] ... expanding second conditional
[ldap1] expand: %{User-Name} -> txhj
[ldap1] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=txhj)
[ldap1] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=txhj)
[ldap1] object not found
[ldap1] search failed
[ldap1] ldap_release_conn: Release Id: 0
+++[ldap1] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> txhj
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=txhj)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> txhj
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 54 to 192.168.72.11 port 52586
Finished request 11.
Going to the next request
Cleaning up request 6 ID 173 with timestamp +64
Cleaning up request 7 ID 115 with timestamp +65
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=59, length=54
User-Name = "nhgwh"
User-Password = "qmbtw"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:06:01 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap2] performing user authorization for nhgwh
[ldap2] expand: %{Stripped-User-Name} ->
[ldap2] ... expanding second conditional
[ldap2] expand: %{User-Name} -> nhgwh
[ldap2] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=nhgwh)
[ldap2] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap2] ldap_get_conn: Checking Id: 0
[ldap2] ldap_get_conn: Got Id: 0
[ldap2] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=nhgwh)
[ldap2] object not found
[ldap2] search failed
[ldap2] ldap_release_conn: Release Id: 0
+++[ldap2] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> nhgwh
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=nhgwh)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> nhgwh
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 12 for 1 seconds
Going to the next request
Cleaning up request 8 ID 90 with timestamp +66
Sending delayed reject for request 12
Sending Access-Reject of id 59 to 192.168.72.11 port 52586
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=11, length=55
User-Name = "kaiaur"
User-Password = "chdyo"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:06:02 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap1] performing user authorization for kaiaur
[ldap1] expand: %{Stripped-User-Name} ->
[ldap1] ... expanding second conditional
[ldap1] expand: %{User-Name} -> kaiaur
[ldap1] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=kaiaur)
[ldap1] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=kaiaur)
[ldap1] object not found
[ldap1] search failed
[ldap1] ldap_release_conn: Release Id: 0
+++[ldap1] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> kaiaur
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=kaiaur)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> kaiaur
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 11 to 192.168.72.11 port 52586
Finished request 13.
Going to the next request
Cleaning up request 9 ID 176 with timestamp +67
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=160, length=54
User-Name = "kmvbu"
User-Password = "uegu"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:06:03 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap3] performing user authorization for kmvbu
[ldap3] expand: %{Stripped-User-Name} ->
[ldap3] ... expanding second conditional
[ldap3] expand: %{User-Name} -> kmvbu
[ldap3] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=kmvbu)
[ldap3] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
[ldap3] search failed
[ldap3] ldap_release_conn: Release Id: 0
+++[ldap3] returns fail
[ldap1] performing user authorization for kmvbu
[ldap1] expand: %{Stripped-User-Name} ->
[ldap1] ... expanding second conditional
[ldap1] expand: %{User-Name} -> kmvbu
[ldap1] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=kmvbu)
[ldap1] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=kmvbu)
[ldap1] object not found
[ldap1] search failed
[ldap1] ldap_release_conn: Release Id: 0
+++[ldap1] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> kmvbu
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=kmvbu)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> kmvbu
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 160 to 192.168.72.11 port 52586
Finished request 14.
Going to the next request
Cleaning up request 10 ID 106 with timestamp +68
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=61, length=54
User-Name = "aydps"
User-Password = "cnx"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:06:05 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap2] performing user authorization for aydps
[ldap2] expand: %{Stripped-User-Name} ->
[ldap2] ... expanding second conditional
[ldap2] expand: %{User-Name} -> aydps
[ldap2] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=aydps)
[ldap2] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap2] ldap_get_conn: Checking Id: 0
[ldap2] ldap_get_conn: Got Id: 0
[ldap2] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=aydps)
[ldap2] object not found
[ldap2] search failed
[ldap2] ldap_release_conn: Release Id: 0
+++[ldap2] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> aydps
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=aydps)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> aydps
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 61 to 192.168.72.11 port 52586
Finished request 15.
Going to the next request
Cleaning up request 11 ID 54 with timestamp +69
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=184, length=54
User-Name = "jiumn"
User-Password = "qwdwmc"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:06:06 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap2] performing user authorization for jiumn
[ldap2] expand: %{Stripped-User-Name} ->
[ldap2] ... expanding second conditional
[ldap2] expand: %{User-Name} -> jiumn
[ldap2] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=jiumn)
[ldap2] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap2] ldap_get_conn: Checking Id: 0
[ldap2] ldap_get_conn: Got Id: 0
[ldap2] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=jiumn)
[ldap2] object not found
[ldap2] search failed
[ldap2] ldap_release_conn: Release Id: 0
+++[ldap2] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> jiumn
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=jiumn)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> jiumn
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 184 to 192.168.72.11 port 52586
Finished request 16.
Going to the next request
Cleaning up request 12 ID 59 with timestamp +71
rad_recv: Access-Request packet from host 192.168.72.11 port 52586,
id=86, length=55
User-Name = "anolpf"
User-Password = "phxf"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = "0"
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/192.168.72.11/auth-detail-20120419
[auth_log] expand: %t -> Thu Apr 19 13:06:07 2012
++[auth_log] returns ok
++- entering redundant-load-balance group redundant-load-balance {...}
[ldap3] performing user authorization for anolpf
[ldap3] expand: %{Stripped-User-Name} ->
[ldap3] ... expanding second conditional
[ldap3] expand: %{User-Name} -> anolpf
[ldap3] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=anolpf)
[ldap3] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
[ldap3] search failed
[ldap3] ldap_release_conn: Release Id: 0
+++[ldap3] returns fail
[ldap1] performing user authorization for anolpf
[ldap1] expand: %{Stripped-User-Name} ->
[ldap1] ... expanding second conditional
[ldap1] expand: %{User-Name} -> anolpf
[ldap1] expand:
(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(sAMAccountName=anolpf)
[ldap1] expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
[ldap1] ldap_get_conn: Checking Id: 0
[ldap1] ldap_get_conn: Got Id: 0
[ldap1] performing search in ou=Frankfurt,dc=test,dc=local, with
filter (sAMAccountName=anolpf)
[ldap1] object not found
[ldap1] search failed
[ldap1] ldap_release_conn: Release Id: 0
+++[ldap1] returns notfound
++- redundant-load-balance group redundant-load-balance returns
notfound
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local")
[ldap3] Entering ldap_groupcmp()
expand: ou=Frankfurt,dc=test,dc=local ->
ou=Frankfurt,dc=test,dc=local
expand: %{Stripped-User-Name} ->
... expanding second conditional
expand: %{User-Name} -> anolpf
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
-> (sAMAccountName=anolpf)
[ldap3] ldap_get_conn: Checking Id: 0
[ldap3] ldap_get_conn: Got Id: 0
[ldap3] attempting LDAP reconnection
[ldap3] (re)connect to ldaps://testwdc3.test.local, authentication 0
[ldap3] setting TLS CACert File to /etc/freeradius/cacert.pem
[ldap3] setting TLS Require Cert to demand
[ldap3] bind as cn=Free RADIUS,cn=Users,dc=test,dc=local/abc321! to
ldaps://testwdc3.test.local
[ldap3] cn=Free RADIUS,cn=Users,dc=test,dc=local bind to
ldaps://testwdc3.test.local failed: Can't contact LDAP server
[ldap3] (re)connection attempt failed
rlm_ldap::ldap_groupcmp: search failed
[ldap3] ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group ==
"cn=radius.users,ou=Groups,dc=test,dc=local") -> FALSE
++? if (Ldap-Group == "cn=radius.users,ou=Groups,dc=test,dc=local") ->
FALSE
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> anolpf
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 86 to 192.168.72.11 port 52586
Finished request 17.
Going to the next request
Cleaning up request 13 ID 11 with timestamp +72
Waking up in 0.9 seconds.
Cleaning up request 14 ID 160 with timestamp +73
Waking up in 1.0 seconds.
Cleaning up request 15 ID 61 with timestamp +75
Waking up in 1.0 seconds.
Cleaning up request 16 ID 184 with timestamp +76
Waking up in 1.9 seconds.
Cleaning up request 17 ID 86 with timestamp +77
Ready to process requests.
4
6