Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
April 2025
- 27 participants
- 32 discussions
We use FreeRADIUS for our wireless authentication. Everything worked
correctly until around November 2024. Now, certain users are unable to
authenticate. The FreeRADIUS server points to our Google Workspace
domain using Google Secure LDAP. Our domain has a primary domain and a
subdomain. Any user in the subdomain is affected by this issue. Below
are the results of the authentication attempt for two users in the
subdomain. These results are taken from running freeradius -X -x. If I
add an alias to any user in the subdomain to point to the primary,
they can log in. I am hoping someone here could give me some ideas on
what it might be because Google says it is not on their end.
Thu Apr 3 08:21:22 2025 : Debug: (8) Received Access-Request Id 12
from 192.168.1.5:60774 to 10.220.3.99:1812 length 81
Thu Apr 3 08:21:22 2025 : Debug: (8) User-Name =
"ben.tennyson(a)student.madeupdomain.com"
Thu Apr 3 08:21:22 2025 : Debug: (8) User-Password = "Omnitrix2024"
Thu Apr 3 08:21:22 2025 : Debug: (8) Framed-IP-Address = 192.168.1.5
Thu Apr 3 08:21:22 2025 : Debug: (8) session-state: No State attribute
Thu Apr 3 08:21:22 2025 : Debug: (8) # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
Thu Apr 3 08:21:22 2025 : Debug: (8) authorize {
Thu Apr 3 08:21:22 2025 : Debug: (8) policy filter_username {
Thu Apr 3 08:21:22 2025 : Debug: (8) if (&User-Name) {
Thu Apr 3 08:21:22 2025 : Debug: (8) if (&User-Name) -> TRUE
Thu Apr 3 08:21:22 2025 : Debug: (8) if (&User-Name) {
Thu Apr 3 08:21:22 2025 : Debug: (8) if (&User-Name =~ / /) {
Thu Apr 3 08:21:22 2025 : Debug: (8) if (&User-Name =~ / /) -> FALSE
Thu Apr 3 08:21:22 2025 : Debug: (8) if (&User-Name =~ /@[^@]*@/ ) {
Thu Apr 3 08:21:22 2025 : Debug: (8) if (&User-Name =~
/@[^@]*@/ ) -> FALSE
Thu Apr 3 08:21:22 2025 : Debug: (8) if (&User-Name =~ /\.\./ ) {
Thu Apr 3 08:21:22 2025 : Debug: (8) if (&User-Name =~ /\.\./
) -> FALSE
Thu Apr 3 08:21:22 2025 : Debug: (8) if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
Thu Apr 3 08:21:22 2025 : Debug: (8) if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
Thu Apr 3 08:21:22 2025 : Debug: (8) if (&User-Name =~ /\.$/) {
Thu Apr 3 08:21:22 2025 : Debug: (8) if (&User-Name =~ /\.$/)
-> FALSE
Thu Apr 3 08:21:22 2025 : Debug: (8) if (&User-Name =~ /(a)\./) {
Thu Apr 3 08:21:22 2025 : Debug: (8) if (&User-Name =~ /(a)\./)
-> FALSE
Thu Apr 3 08:21:22 2025 : Debug: (8) } # if (&User-Name) = notfound
Thu Apr 3 08:21:22 2025 : Debug: (8) } # policy filter_username = notfound
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
calling preprocess (rlm_preprocess)
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
returned from preprocess (rlm_preprocess)
Thu Apr 3 08:21:22 2025 : Debug: (8) [preprocess] = ok
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
calling chap (rlm_chap)
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
returned from chap (rlm_chap)
Thu Apr 3 08:21:22 2025 : Debug: (8) [chap] = noop
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
calling mschap (rlm_mschap)
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
returned from mschap (rlm_mschap)
Thu Apr 3 08:21:22 2025 : Debug: (8) [mschap] = noop
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
calling digest (rlm_digest)
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
returned from digest (rlm_digest)
Thu Apr 3 08:21:22 2025 : Debug: (8) [digest] = noop
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
calling suffix (rlm_realm)
Thu Apr 3 08:21:22 2025 : Debug: (8) suffix: Checking for suffix after "@"
Thu Apr 3 08:21:22 2025 : Debug: (8) suffix: Looking up realm
"student.madeupdomain.com" for User-Name =
"ben.tennyson(a)student.madeupdomain.com"
Thu Apr 3 08:21:22 2025 : Debug: (8) suffix: Found realm
"student.madeupdomain.com"
Thu Apr 3 08:21:22 2025 : Debug: (8) suffix: Adding
Stripped-User-Name = "ben.tennyson"
Thu Apr 3 08:21:22 2025 : Debug: (8) suffix: Adding Realm =
"student.madeupdomain.com"
Thu Apr 3 08:21:22 2025 : Debug: (8) suffix: Authentication realm is LOCAL
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
returned from suffix (rlm_realm)
Thu Apr 3 08:21:22 2025 : Debug: (8) [suffix] = ok
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
calling eap (rlm_eap)
Thu Apr 3 08:21:22 2025 : Debug: (8) eap: No EAP-Message, not doing EAP
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
returned from eap (rlm_eap)
Thu Apr 3 08:21:22 2025 : Debug: (8) [eap] = noop
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
calling files (rlm_files)
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
returned from files (rlm_files)
Thu Apr 3 08:21:22 2025 : Debug: (8) [files] = noop
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
calling ldap (rlm_ldap)
Thu Apr 3 08:21:22 2025 : Debug: (8) ldap: EXPAND (mail=%{User-Name})
Thu Apr 3 08:21:22 2025 : Debug: (8) ldap: -->
(mail=ben.tennyson(a)student.madeupdomain.com)
Thu Apr 3 08:21:22 2025 : Debug: (8) ldap: Performing search in
"dc=madeupdomain,dc=com" with filter
"(mail=ben.tennyson(a)student.madeupdomain.com)", scope "sub"
Thu Apr 3 08:21:22 2025 : Debug: (8) ldap: Waiting for search result...
Thu Apr 3 08:21:22 2025 : Debug: (8) ldap: User object found at DN
"uid=ben.tennyson,ou=LBHS,ou=Students,ou=Users,dc=madeupdomain,dc=com"
Thu Apr 3 08:21:22 2025 : Debug: (8) ldap: Processing user attributes
Thu Apr 3 08:21:22 2025 : Debug: (8) ldap: Attribute "userPassword"
not found in LDAP object
Thu Apr 3 08:21:22 2025 : Debug: (8) ldap: Attribute
"radiusControlAttribute" not found in LDAP object
Thu Apr 3 08:21:22 2025 : Debug: (8) ldap: Attribute
"radiusRequestAttribute" not found in LDAP object
Thu Apr 3 08:21:22 2025 : Debug: (8) ldap: Attribute
"radiusReplyAttribute" not found in LDAP object
Thu Apr 3 08:21:22 2025 : WARNING: (8) ldap: No "known good" password
added. Ensure the admin user has permission to read the password
attribute
Thu Apr 3 08:21:22 2025 : WARNING: (8) ldap: PAP authentication will
*NOT* work with Active Directory (if that is what you were trying to
configure)
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
returned from ldap (rlm_ldap)
Thu Apr 3 08:21:22 2025 : Debug: (8) [ldap] = ok
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
calling expiration (rlm_expiration)
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
returned from expiration (rlm_expiration)
Thu Apr 3 08:21:22 2025 : Debug: (8) [expiration] = noop
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
calling logintime (rlm_logintime)
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
returned from logintime (rlm_logintime)
Thu Apr 3 08:21:22 2025 : Debug: (8) [logintime] = noop
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
calling pap (rlm_pap)
Thu Apr 3 08:21:22 2025 : WARNING: (8) pap: No "known good" password
found for the user. Not setting Auth-Type
Thu Apr 3 08:21:22 2025 : WARNING: (8) pap: Authentication will fail
unless a "known good" password is available
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authorize]:
returned from pap (rlm_pap)
Thu Apr 3 08:21:22 2025 : Debug: (8) [pap] = noop
Thu Apr 3 08:21:22 2025 : Debug: (8) if (User-Password) {
Thu Apr 3 08:21:22 2025 : Debug: (8) if (User-Password) -> TRUE
Thu Apr 3 08:21:22 2025 : Debug: (8) if (User-Password) {
Thu Apr 3 08:21:22 2025 : Debug: (8) update control {
Thu Apr 3 08:21:22 2025 : Debug: (8) Auth-Type := LDAP
Thu Apr 3 08:21:22 2025 : Debug: (8) } # update control = noop
Thu Apr 3 08:21:22 2025 : Debug: (8) } # if (User-Password) = noop
Thu Apr 3 08:21:22 2025 : Debug: (8) } # authorize = ok
Thu Apr 3 08:21:22 2025 : Debug: (8) Found Auth-Type = LDAP
Thu Apr 3 08:21:22 2025 : Debug: (8) # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
Thu Apr 3 08:21:22 2025 : Debug: (8) authenticate {
Thu Apr 3 08:21:22 2025 : Debug: (8) modsingle[authenticate]:
calling ldap (rlm_ldap)
Thu Apr 3 08:21:22 2025 : Debug: (8) ldap: Login attempt by "ben.tennyson"
Thu Apr 3 08:21:22 2025 : Debug: (8) ldap: Using user DN from request
"uid=ben.tennyson,ou=LBHS,ou=Students,ou=Users,dc=madeupdomain,dc=com"
Thu Apr 3 08:21:22 2025 : Debug: (8) ldap: Waiting for bind result...
Thu Apr 3 08:21:23 2025 : ERROR: (8) ldap: Bind credentials
incorrect: Invalid credentials
Thu Apr 3 08:21:23 2025 : ERROR: (8) ldap: Server said: Incorrect password.
Thu Apr 3 08:21:23 2025 : Debug: (8) modsingle[authenticate]:
returned from ldap (rlm_ldap)
Thu Apr 3 08:21:23 2025 : Debug: (8) [ldap] = reject
Thu Apr 3 08:21:23 2025 : Debug: (8) } # authenticate = reject
Thu Apr 3 08:21:23 2025 : Debug: (8) Failed to authenticate the user
Thu Apr 3 08:21:23 2025 : Debug: (8) Using Post-Auth-Type Reject
Thu Apr 3 08:21:23 2025 : Debug: (8) # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
Thu Apr 3 08:21:23 2025 : Debug: (8) Post-Auth-Type REJECT {
Thu Apr 3 08:21:23 2025 : Debug: (8) modsingle[post-auth]:
calling attr_filter.access_reject (rlm_attr_filter)
Thu Apr 3 08:21:23 2025 : Debug: %{User-Name}
Thu Apr 3 08:21:23 2025 : Debug: Parsed xlat tree:
Thu Apr 3 08:21:23 2025 : Debug: attribute --> User-Name
Thu Apr 3 08:21:23 2025 : Debug: (8) attr_filter.access_reject:
EXPAND %{User-Name}
Thu Apr 3 08:21:23 2025 : Debug: (8) attr_filter.access_reject:
--> ben.tennyson(a)student.madeupdomain.com
Thu Apr 3 08:21:23 2025 : Debug: (8) attr_filter.access_reject:
Matched entry DEFAULT at line 11
Thu Apr 3 08:21:23 2025 : Debug: (8) modsingle[post-auth]:
returned from attr_filter.access_reject (rlm_attr_filter)
Thu Apr 3 08:21:23 2025 : Debug: (8) [attr_filter.access_reject] = updated
Thu Apr 3 08:21:23 2025 : Debug: (8) modsingle[post-auth]:
calling eap (rlm_eap)
Thu Apr 3 08:21:23 2025 : Debug: (8) eap: Request didn't contain an
EAP-Message, not inserting EAP-Failure
Thu Apr 3 08:21:23 2025 : Debug: (8) modsingle[post-auth]:
returned from eap (rlm_eap)
Thu Apr 3 08:21:23 2025 : Debug: (8) [eap] = noop
Thu Apr 3 08:21:23 2025 : Debug: (8) policy remove_reply_message_if_eap {
Thu Apr 3 08:21:23 2025 : Debug: (8) if (&reply:EAP-Message &&
&reply:Reply-Message) {
Thu Apr 3 08:21:23 2025 : Debug: (8) if (&reply:EAP-Message &&
&reply:Reply-Message) -> FALSE
Thu Apr 3 08:21:23 2025 : Debug: (8) else {
Thu Apr 3 08:21:23 2025 : Debug: (8) modsingle[post-auth]:
calling noop (rlm_always)
Thu Apr 3 08:21:23 2025 : Debug: (8) modsingle[post-auth]:
returned from noop (rlm_always)
Thu Apr 3 08:21:23 2025 : Debug: (8) [noop] = noop
Thu Apr 3 08:21:23 2025 : Debug: (8) } # else = noop
Thu Apr 3 08:21:23 2025 : Debug: (8) } # policy
remove_reply_message_if_eap = noop
Thu Apr 3 08:21:23 2025 : Debug: (8) } # Post-Auth-Type REJECT = updated
Thu Apr 3 08:21:23 2025 : Auth: (8) Login incorrect (ldap: Bind
credentials incorrect: Invalid credentials):
[ben.tennyson(a)student.madeupdomain.com/Omnitrix2024] (from client LBSD
port 0)
Thu Apr 3 08:21:23 2025 : Debug: (8) Delaying response for 1.000000 seconds
Thu Apr 3 08:21:35 2025 : Debug: (36) Received Access-Request Id 13
from 192.168.1.5:61800 to 10.220.3.99:1812 length 77
Thu Apr 3 08:21:35 2025 : Debug: (36) User-Name =
"johnny.test(a)student.madeupdomain.com"
Thu Apr 3 08:21:35 2025 : Debug: (36) User-Password = "Dookie2025"
Thu Apr 3 08:21:35 2025 : Debug: (36) Framed-IP-Address = 192.168.1.5
Thu Apr 3 08:21:35 2025 : Debug: (36) session-state: No State attribute
Thu Apr 3 08:21:35 2025 : Debug: (36) # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
Thu Apr 3 08:21:35 2025 : Debug: (36) authorize {
Thu Apr 3 08:21:35 2025 : Debug: (36) policy filter_username {
Thu Apr 3 08:21:35 2025 : Debug: (36) if (&User-Name) {
Thu Apr 3 08:21:35 2025 : Debug: (36) if (&User-Name) -> TRUE
Thu Apr 3 08:21:35 2025 : Debug: (36) if (&User-Name) {
Thu Apr 3 08:21:35 2025 : Debug: (36) if (&User-Name =~ / /) {
Thu Apr 3 08:21:35 2025 : Debug: (36) if (&User-Name =~ / /) -> FALSE
Thu Apr 3 08:21:35 2025 : Debug: (36) if (&User-Name =~ /@[^@]*@/ ) {
Thu Apr 3 08:21:35 2025 : Debug: (36) if (&User-Name =~
/@[^@]*@/ ) -> FALSE
Thu Apr 3 08:21:35 2025 : Debug: (36) if (&User-Name =~ /\.\./ ) {
Thu Apr 3 08:21:35 2025 : Debug: (36) if (&User-Name =~
/\.\./ ) -> FALSE
Thu Apr 3 08:21:35 2025 : Debug: (36) if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
Thu Apr 3 08:21:35 2025 : Debug: (36) if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
Thu Apr 3 08:21:35 2025 : Debug: (36) if (&User-Name =~ /\.$/) {
Thu Apr 3 08:21:35 2025 : Debug: (36) if (&User-Name =~
/\.$/) -> FALSE
Thu Apr 3 08:21:35 2025 : Debug: (36) if (&User-Name =~ /(a)\./) {
Thu Apr 3 08:21:35 2025 : Debug: (36) if (&User-Name =~
/(a)\./) -> FALSE
Thu Apr 3 08:21:35 2025 : Debug: (36) } # if (&User-Name) = notfound
Thu Apr 3 08:21:35 2025 : Debug: (36) } # policy filter_username = notfound
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
calling preprocess (rlm_preprocess)
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
returned from preprocess (rlm_preprocess)
Thu Apr 3 08:21:35 2025 : Debug: (36) [preprocess] = ok
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
calling chap (rlm_chap)
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
returned from chap (rlm_chap)
Thu Apr 3 08:21:35 2025 : Debug: (36) [chap] = noop
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
calling mschap (rlm_mschap)
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
returned from mschap (rlm_mschap)
Thu Apr 3 08:21:35 2025 : Debug: (36) [mschap] = noop
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
calling digest (rlm_digest)
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
returned from digest (rlm_digest)
Thu Apr 3 08:21:35 2025 : Debug: (36) [digest] = noop
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
calling suffix (rlm_realm)
Thu Apr 3 08:21:35 2025 : Debug: (36) suffix: Checking for suffix after "@"
Thu Apr 3 08:21:35 2025 : Debug: (36) suffix: Looking up realm
"student.madeupdomain.com" for User-Name =
"johnny.test(a)student.madeupdomain.com"
Thu Apr 3 08:21:35 2025 : Debug: (36) suffix: Found realm
"student.madeupdomain.com"
Thu Apr 3 08:21:35 2025 : Debug: (36) suffix: Adding
Stripped-User-Name = "johnny.test"
Thu Apr 3 08:21:35 2025 : Debug: (36) suffix: Adding Realm =
"student.madeupdomain.com"
Thu Apr 3 08:21:35 2025 : Debug: (36) suffix: Authentication realm is LOCAL
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
returned from suffix (rlm_realm)
Thu Apr 3 08:21:35 2025 : Debug: (36) [suffix] = ok
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
calling eap (rlm_eap)
Thu Apr 3 08:21:35 2025 : Debug: (36) eap: No EAP-Message, not doing EAP
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
returned from eap (rlm_eap)
Thu Apr 3 08:21:35 2025 : Debug: (36) [eap] = noop
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
calling files (rlm_files)
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
returned from files (rlm_files)
Thu Apr 3 08:21:35 2025 : Debug: (36) [files] = noop
Thu Apr 3 08:21:35 2025 : Debug: (36) modsingle[authorize]:
calling ldap (rlm_ldap)
Thu Apr 3 08:21:35 2025 : Debug: (36) ldap: Waiting for bind result...
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: Bind successful
Thu Apr 3 08:21:36 2025 : Debug: (mail=%{User-Name})
Thu Apr 3 08:21:36 2025 : Debug: Parsed xlat tree:
Thu Apr 3 08:21:36 2025 : Debug: literal --> (mail=
Thu Apr 3 08:21:36 2025 : Debug: attribute --> User-Name
Thu Apr 3 08:21:36 2025 : Debug: literal --> )
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: EXPAND (mail=%{User-Name})
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: -->
(mail=johnny.test(a)student.madeupdomain.com)
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: Performing search in
"dc=madeupdomain,dc=com" with filter
"(mail=johnny.test(a)student.madeupdomain.com)", scope "sub"
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: Waiting for search result...
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: User object found at DN
"uid=johnny.test,ou=LBHS,ou=Students,ou=Users,dc=madeupdomain,dc=com"
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: Processing user attributes
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: Attribute "userPassword"
not found in LDAP object
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: Attribute
"radiusControlAttribute" not found in LDAP object
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: Attribute
"radiusRequestAttribute" not found in LDAP object
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: Attribute
"radiusReplyAttribute" not found in LDAP object
Thu Apr 3 08:21:36 2025 : WARNING: (36) ldap: No "known good"
password added. Ensure the admin user has permission to read the
password attribute
Thu Apr 3 08:21:36 2025 : WARNING: (36) ldap: PAP authentication will
*NOT* work with Active Directory (if that is what you were trying to
configure)
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[authorize]:
returned from ldap (rlm_ldap)
Thu Apr 3 08:21:36 2025 : Debug: (36) [ldap] = ok
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[authorize]:
calling expiration (rlm_expiration)
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[authorize]:
returned from expiration (rlm_expiration)
Thu Apr 3 08:21:36 2025 : Debug: (36) [expiration] = noop
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[authorize]:
calling logintime (rlm_logintime)
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[authorize]:
returned from logintime (rlm_logintime)
Thu Apr 3 08:21:36 2025 : Debug: (36) [logintime] = noop
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[authorize]:
calling pap (rlm_pap)
Thu Apr 3 08:21:36 2025 : WARNING: (36) pap: No "known good" password
found for the user. Not setting Auth-Type
Thu Apr 3 08:21:36 2025 : WARNING: (36) pap: Authentication will fail
unless a "known good" password is available
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[authorize]:
returned from pap (rlm_pap)
Thu Apr 3 08:21:36 2025 : Debug: (36) [pap] = noop
Thu Apr 3 08:21:36 2025 : Debug: (36) if (User-Password) {
Thu Apr 3 08:21:36 2025 : Debug: (36) if (User-Password) -> TRUE
Thu Apr 3 08:21:36 2025 : Debug: (36) if (User-Password) {
Thu Apr 3 08:21:36 2025 : Debug: (36) update control {
Thu Apr 3 08:21:36 2025 : Debug: (36) Auth-Type := LDAP
Thu Apr 3 08:21:36 2025 : Debug: (36) } # update control = noop
Thu Apr 3 08:21:36 2025 : Debug: (36) } # if (User-Password) = noop
Thu Apr 3 08:21:36 2025 : Debug: (36) } # authorize = ok
Thu Apr 3 08:21:36 2025 : Debug: (36) Found Auth-Type = LDAP
Thu Apr 3 08:21:36 2025 : Debug: (36) # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
Thu Apr 3 08:21:36 2025 : Debug: (36) authenticate {
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[authenticate]:
calling ldap (rlm_ldap)
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: Login attempt by "johnny.test"
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: Using user DN from
request "uid=johnny.test,ou=LBHS,ou=Students,ou=Users,dc=madeupdomain,dc=com"
Thu Apr 3 08:21:36 2025 : Debug: (36) ldap: Waiting for bind result...
Thu Apr 3 08:21:36 2025 : ERROR: (36) ldap: Bind credentials
incorrect: Invalid credentials
Thu Apr 3 08:21:36 2025 : ERROR: (36) ldap: Server said: Incorrect password.
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[authenticate]:
returned from ldap (rlm_ldap)
Thu Apr 3 08:21:36 2025 : Debug: (36) [ldap] = reject
Thu Apr 3 08:21:36 2025 : Debug: (36) } # authenticate = reject
Thu Apr 3 08:21:36 2025 : Debug: (36) Failed to authenticate the user
Thu Apr 3 08:21:36 2025 : Debug: (36) Using Post-Auth-Type Reject
Thu Apr 3 08:21:36 2025 : Debug: (36) # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
Thu Apr 3 08:21:36 2025 : Debug: (36) Post-Auth-Type REJECT {
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[post-auth]:
calling attr_filter.access_reject (rlm_attr_filter)
Thu Apr 3 08:21:36 2025 : Debug: %{User-Name}
Thu Apr 3 08:21:36 2025 : Debug: Parsed xlat tree:
Thu Apr 3 08:21:36 2025 : Debug: attribute --> User-Name
Thu Apr 3 08:21:36 2025 : Debug: (36) attr_filter.access_reject:
EXPAND %{User-Name}
Thu Apr 3 08:21:36 2025 : Debug: (36) attr_filter.access_reject:
--> johnny.test(a)student.madeupdomain.com
Thu Apr 3 08:21:36 2025 : Debug: (36) attr_filter.access_reject:
Matched entry DEFAULT at line 11
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[post-auth]:
returned from attr_filter.access_reject (rlm_attr_filter)
Thu Apr 3 08:21:36 2025 : Debug: (36) [attr_filter.access_reject] = updated
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[post-auth]:
calling eap (rlm_eap)
Thu Apr 3 08:21:36 2025 : Debug: (36) eap: Request didn't contain an
EAP-Message, not inserting EAP-Failure
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[post-auth]:
returned from eap (rlm_eap)
Thu Apr 3 08:21:36 2025 : Debug: (36) [eap] = noop
Thu Apr 3 08:21:36 2025 : Debug: (36) policy remove_reply_message_if_eap {
Thu Apr 3 08:21:36 2025 : Debug: (36) if (&reply:EAP-Message &&
&reply:Reply-Message) {
Thu Apr 3 08:21:36 2025 : Debug: (36) if (&reply:EAP-Message &&
&reply:Reply-Message) -> FALSE
Thu Apr 3 08:21:36 2025 : Debug: (36) else {
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[post-auth]:
calling noop (rlm_always)
Thu Apr 3 08:21:36 2025 : Debug: (36) modsingle[post-auth]:
returned from noop (rlm_always)
Thu Apr 3 08:21:36 2025 : Debug: (36) [noop] = noop
Thu Apr 3 08:21:36 2025 : Debug: (36) } # else = noop
Thu Apr 3 08:21:36 2025 : Debug: (36) } # policy
remove_reply_message_if_eap = noop
Thu Apr 3 08:21:36 2025 : Debug: (36) } # Post-Auth-Type REJECT = updated
Thu Apr 3 08:21:36 2025 : Auth: (36) Login incorrect (ldap: Bind
credentials incorrect: Invalid credentials):
[johnny.test(a)student.madeupdomain.com/Dookie2025] (from client LBSD
port 0)
Thu Apr 3 08:21:36 2025 : Debug: (36) Delaying response for 1.000000 seconds
Thu Apr 3 08:21:50 2025 : Debug: (59) Received Access-Request Id 14
from 192.168.1.5:62921 to 10.220.3.99:1812 length 77
Thu Apr 3 08:21:50 2025 : Debug: (59) User-Name =
"johnny.test(a)student.madeupdomain.com"
Thu Apr 3 08:21:50 2025 : Debug: (59) User-Password = "12345678"
Thu Apr 3 08:21:50 2025 : Debug: (59) Framed-IP-Address = 192.168.1.5
Thu Apr 3 08:21:50 2025 : Debug: (59) session-state: No State attribute
Thu Apr 3 08:21:50 2025 : Debug: (59) # Executing section authorize
from file /etc/freeradius/3.0/sites-enabled/default
Thu Apr 3 08:21:50 2025 : Debug: (59) authorize {
Thu Apr 3 08:21:50 2025 : Debug: (59) policy filter_username {
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&User-Name) {
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&User-Name) -> TRUE
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&User-Name) {
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&User-Name =~ / /) {
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&User-Name =~ / /) -> FALSE
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&User-Name =~ /@[^@]*@/ ) {
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&User-Name =~
/@[^@]*@/ ) -> FALSE
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&User-Name =~ /\.\./ ) {
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&User-Name =~
/\.\./ ) -> FALSE
Thu Apr 3 08:21:50 2025 : Debug: (59) if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) {
Thu Apr 3 08:21:50 2025 : Debug: (59) if ((&User-Name =~ /@/)
&& (&User-Name !~ /(a)(.+)\.(.+)$/)) -> FALSE
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&User-Name =~ /\.$/) {
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&User-Name =~
/\.$/) -> FALSE
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&User-Name =~ /(a)\./) {
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&User-Name =~
/(a)\./) -> FALSE
Thu Apr 3 08:21:50 2025 : Debug: (59) } # if (&User-Name) = notfound
Thu Apr 3 08:21:50 2025 : Debug: (59) } # policy filter_username = notfound
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
calling preprocess (rlm_preprocess)
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
returned from preprocess (rlm_preprocess)
Thu Apr 3 08:21:50 2025 : Debug: (59) [preprocess] = ok
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
calling chap (rlm_chap)
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
returned from chap (rlm_chap)
Thu Apr 3 08:21:50 2025 : Debug: (59) [chap] = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
calling mschap (rlm_mschap)
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
returned from mschap (rlm_mschap)
Thu Apr 3 08:21:50 2025 : Debug: (59) [mschap] = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
calling digest (rlm_digest)
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
returned from digest (rlm_digest)
Thu Apr 3 08:21:50 2025 : Debug: (59) [digest] = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
calling suffix (rlm_realm)
Thu Apr 3 08:21:50 2025 : Debug: (59) suffix: Checking for suffix after "@"
Thu Apr 3 08:21:50 2025 : Debug: (59) suffix: Looking up realm
"student.madeupdomain.com" for User-Name =
"johnny.test(a)student.madeupdomain.com"
Thu Apr 3 08:21:50 2025 : Debug: (59) suffix: Found realm
"student.madeupdomain.com"
Thu Apr 3 08:21:50 2025 : Debug: (59) suffix: Adding
Stripped-User-Name = "johnny.test"
Thu Apr 3 08:21:50 2025 : Debug: (59) suffix: Adding Realm =
"student.madeupdomain.com"
Thu Apr 3 08:21:50 2025 : Debug: (59) suffix: Authentication realm is LOCAL
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
returned from suffix (rlm_realm)
Thu Apr 3 08:21:50 2025 : Debug: (59) [suffix] = ok
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
calling eap (rlm_eap)
Thu Apr 3 08:21:50 2025 : Debug: (59) eap: No EAP-Message, not doing EAP
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
returned from eap (rlm_eap)
Thu Apr 3 08:21:50 2025 : Debug: (59) [eap] = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
calling files (rlm_files)
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
returned from files (rlm_files)
Thu Apr 3 08:21:50 2025 : Debug: (59) [files] = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
calling ldap (rlm_ldap)
Thu Apr 3 08:21:50 2025 : Debug: rlm_ldap (ldap): Reserved connection (1)
Thu Apr 3 08:21:50 2025 : Debug: (mail=%{User-Name})
Thu Apr 3 08:21:50 2025 : Debug: Parsed xlat tree:
Thu Apr 3 08:21:50 2025 : Debug: literal --> (mail=
Thu Apr 3 08:21:50 2025 : Debug: attribute --> User-Name
Thu Apr 3 08:21:50 2025 : Debug: literal --> )
Thu Apr 3 08:21:50 2025 : Debug: (59) ldap: EXPAND (mail=%{User-Name})
Thu Apr 3 08:21:50 2025 : Debug: (59) ldap: -->
(mail=johnny.test(a)student.madeupdomain.com)
Thu Apr 3 08:21:50 2025 : Debug: (59) ldap: Performing search in
"dc=madeupdomain,dc=com" with filter
"(mail=johnny.test(a)student.madeupdomain.com)", scope "sub"
Thu Apr 3 08:21:50 2025 : Debug: (59) ldap: Waiting for search result...
Thu Apr 3 08:21:50 2025 : Debug: (59) ldap: User object found at DN
"uid=johnny.test,ou=LBHS,ou=Students,ou=Users,dc=madeupdomain,dc=com"
Thu Apr 3 08:21:50 2025 : Debug: (59) ldap: Processing user attributes
Thu Apr 3 08:21:50 2025 : Debug: (59) ldap: Attribute "userPassword"
not found in LDAP object
Thu Apr 3 08:21:50 2025 : Debug: (59) ldap: Attribute
"radiusControlAttribute" not found in LDAP object
Thu Apr 3 08:21:50 2025 : Debug: (59) ldap: Attribute
"radiusRequestAttribute" not found in LDAP object
Thu Apr 3 08:21:50 2025 : Debug: (59) ldap: Attribute
"radiusReplyAttribute" not found in LDAP object
Thu Apr 3 08:21:50 2025 : WARNING: (59) ldap: No "known good"
password added. Ensure the admin user has permission to read the
password attribute
Thu Apr 3 08:21:50 2025 : WARNING: (59) ldap: PAP authentication will
*NOT* work with Active Directory (if that is what you were trying to
configure)
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
returned from ldap (rlm_ldap)
Thu Apr 3 08:21:50 2025 : Debug: (59) [ldap] = ok
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
calling expiration (rlm_expiration)
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
returned from expiration (rlm_expiration)
Thu Apr 3 08:21:50 2025 : Debug: (59) [expiration] = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
calling logintime (rlm_logintime)
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
returned from logintime (rlm_logintime)
Thu Apr 3 08:21:50 2025 : Debug: (59) [logintime] = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
calling pap (rlm_pap)
Thu Apr 3 08:21:50 2025 : WARNING: (59) pap: No "known good" password
found for the user. Not setting Auth-Type
Thu Apr 3 08:21:50 2025 : WARNING: (59) pap: Authentication will fail
unless a "known good" password is available
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authorize]:
returned from pap (rlm_pap)
Thu Apr 3 08:21:50 2025 : Debug: (59) [pap] = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) if (User-Password) {
Thu Apr 3 08:21:50 2025 : Debug: (59) if (User-Password) -> TRUE
Thu Apr 3 08:21:50 2025 : Debug: (59) if (User-Password) {
Thu Apr 3 08:21:50 2025 : Debug: (59) update control {
Thu Apr 3 08:21:50 2025 : Debug: (59) Auth-Type := LDAP
Thu Apr 3 08:21:50 2025 : Debug: (59) } # update control = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) } # if (User-Password) = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) } # authorize = ok
Thu Apr 3 08:21:50 2025 : Debug: (59) Found Auth-Type = LDAP
Thu Apr 3 08:21:50 2025 : Debug: (59) # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
Thu Apr 3 08:21:50 2025 : Debug: (59) authenticate {
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authenticate]:
calling ldap (rlm_ldap)
Thu Apr 3 08:21:50 2025 : Debug: (59) ldap: Login attempt by "johnny.test"
Thu Apr 3 08:21:50 2025 : Debug: (59) ldap: Using user DN from
request "uid=johnny.test,ou=LBHS,ou=Students,ou=Users,dc=madeupdomain,dc=com"
Thu Apr 3 08:21:50 2025 : Debug: (59) ldap: Waiting for bind result...
Thu Apr 3 08:21:50 2025 : ERROR: (59) ldap: Bind credentials
incorrect: Invalid credentials
Thu Apr 3 08:21:50 2025 : ERROR: (59) ldap: Server said: Incorrect password.
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[authenticate]:
returned from ldap (rlm_ldap)
Thu Apr 3 08:21:50 2025 : Debug: (59) [ldap] = reject
Thu Apr 3 08:21:50 2025 : Debug: (59) } # authenticate = reject
Thu Apr 3 08:21:50 2025 : Debug: (59) Failed to authenticate the user
Thu Apr 3 08:21:50 2025 : Debug: (59) Using Post-Auth-Type Reject
Thu Apr 3 08:21:50 2025 : Debug: (59) # Executing group from file
/etc/freeradius/3.0/sites-enabled/default
Thu Apr 3 08:21:50 2025 : Debug: (59) Post-Auth-Type REJECT {
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[post-auth]:
calling attr_filter.access_reject (rlm_attr_filter)
Thu Apr 3 08:21:50 2025 : Debug: %{User-Name}
Thu Apr 3 08:21:50 2025 : Debug: Parsed xlat tree:
Thu Apr 3 08:21:50 2025 : Debug: attribute --> User-Name
Thu Apr 3 08:21:50 2025 : Debug: (59) attr_filter.access_reject:
EXPAND %{User-Name}
Thu Apr 3 08:21:50 2025 : Debug: (59) attr_filter.access_reject:
--> johnny.test(a)student.madeupdomain.com
Thu Apr 3 08:21:50 2025 : Debug: (59) attr_filter.access_reject:
Matched entry DEFAULT at line 11
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[post-auth]:
returned from attr_filter.access_reject (rlm_attr_filter)
Thu Apr 3 08:21:50 2025 : Debug: (59) [attr_filter.access_reject] = updated
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[post-auth]:
calling eap (rlm_eap)
Thu Apr 3 08:21:50 2025 : Debug: (59) eap: Request didn't contain an
EAP-Message, not inserting EAP-Failure
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[post-auth]:
returned from eap (rlm_eap)
Thu Apr 3 08:21:50 2025 : Debug: (59) [eap] = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) policy remove_reply_message_if_eap {
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&reply:EAP-Message &&
&reply:Reply-Message) {
Thu Apr 3 08:21:50 2025 : Debug: (59) if (&reply:EAP-Message &&
&reply:Reply-Message) -> FALSE
Thu Apr 3 08:21:50 2025 : Debug: (59) else {
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[post-auth]:
calling noop (rlm_always)
Thu Apr 3 08:21:50 2025 : Debug: (59) modsingle[post-auth]:
returned from noop (rlm_always)
Thu Apr 3 08:21:50 2025 : Debug: (59) [noop] = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) } # else = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) } # policy
remove_reply_message_if_eap = noop
Thu Apr 3 08:21:50 2025 : Debug: (59) } # Post-Auth-Type REJECT = updated
Thu Apr 3 08:21:50 2025 : Auth: (59) Login incorrect (ldap: Bind
credentials incorrect: Invalid credentials):
[johnny.test(a)student.madeupdomain.com/12345678] (from client LBSD port
0)
Thu Apr 3 08:21:50 2025 : Debug: (59) Delaying response for 1.000000 seconds
Wayne Sprouse, CNA,CCNA,CEH,A+
Long Beach School District
Network Administrator
Work Phone: 228-575-4056
--
"The
foregoing electronic message and any files transmitted with it are
confidential and are intended only for the use of the intended recipient
named above. This communication may contain material protected by the
Family Educational Rights and Privacy Act (FERPA). If you are not the
intended recipient, copying, distribution or use of the contents of this
message is strictly prohibited. If you received this electronic
message
in error, please notify us immediately at (228-864-1146**)."**
3
3
Sam.Hutchings(a)berkshire.nhs.uk would like to recall the message, "TLS handshake not completing".
________________________________
This message is intended exclusively for the individuals to whom it is addressed and may contain information that is privileged, or confidential. If you are not the addressee, you must not read, use or disclose the contents of this e-mail. If you receive this e-mail in error, please advise us immediately on 0300 365 2438 and delete the e-mail. Berkshire Healthcare NHS Foundation Trust has taken every reasonable precaution to ensure that any attachment to this e-mail has been swept for viruses. However, the Trust cannot accept liability for any damage sustained as a result of software viruses and would advise that you carry out your own virus checks before opening any attachment.
1
0