Stefan Winter ha scritto:
Hi,
users: Matched DEFAULT at 155 modcall[authorize]: module "files" returns ok for request 203 modcall: group authorize returns updated for request 203 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type Local Warning: Found 2 auth-types on request for user 'agostini' auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user.
reading the above section might have given you a clue that Auth-Type Local is not a good thing (tm). Take a look in the "users" file, line 155, and see if this might force Auth-Type Local. If it does, comment it out.
Hi Stefan, please to meet you, I'm following your discussion on "mobility" list. I am very interesting to EDUROAM here in Florence. However, now I have checked "users" file; there was some DEFAULT row. Now I have correct it. I have tried to modify the "Auth-Type" in radcheck table to: EAP (was Local), but the result is similar. Have you any idea what is wrong now? Thanks A.Agostini Finished request 7 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 149.139.xxx.xxx:20002, id=35, length=159 NAS-Port-Id = "2/1" Calling-Station-Id = "00-08-E3-B0-73-46" Called-Station-Id = "00-12-A9-17-08-40:wpa-experimental" Service-Type = Framed-User User-Name = "agostini" State = 0x07ddb48e264cc0bfa432dbc1a5a2bba8 EAP-Message = 0x020a00061900 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "3Com" NAS-IP-Address = xxx.xxx.xxx.xxx Message-Authenticator = 0x0563e5b96edfc128b52b63cdd553b752 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "agostini", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 10 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 radius_xlat: 'agostini' rlm_sql (sql): sql_set_user escaped user --> 'agostini' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'agostini' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'agostini' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'agostini' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'agostini' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'agostini' ORDER BY id' rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'agostini' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'agostini' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'agostini' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns ok for request 8 modcall[authorize]: module "files" returns notfound for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'agostini' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 8 modcall: group authenticate returns handled for request 8 Sending Access-Challenge of id 35 to 149.139.32.61:20002 Service-Type := Framed-User Tunnel-Type:0 := VLAN Tunnel-Private-Group-Id:0 := "ifac" EAP-Message = 0x010b02f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbb58837b0ad36c22eccc43e62d0730b1 Finished request 8 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 149.139.xxx.xxx:20002, id=36, length=159 NAS-Port-Id = "2/1" Calling-Station-Id = "00-08-E3-B0-73-46" Called-Station-Id = "00-12-A9-17-08-40:wpa-experimental" Service-Type = Framed-User User-Name = "agostini" State = 0xbb58837b0ad36c22eccc43e62d0730b1 EAP-Message = 0x020b00061900 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "3Com" NAS-IP-Address = xxx.xxx.xxx.xxx Message-Authenticator = 0x0349691ed54a09348ce3734b3afbbcd8 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_realm: No '@' in User-Name = "agostini", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: EAP packet type response id 11 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 radius_xlat: 'agostini' rlm_sql (sql): sql_set_user escaped user --> 'agostini' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'agostini' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'agostini' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'agostini' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'agostini' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'agostini' ORDER BY id' rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'agostini' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'agostini' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'agostini' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module "sql" returns ok for request 9 modcall[authorize]: module "files" returns notfound for request 9 modcall: group authorize returns updated for request 9 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'agostini' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 9 modcall: group authenticate returns handled for request 9 Sending Access-Challenge of id 36 to xxx.xxx.xxx.xxx:20002 Service-Type := Framed-User Tunnel-Type:0 := VLAN Tunnel-Private-Group-Id:0 := "ifac" EAP-Message = 0x010c00061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfbbcc6567f4091f2cbd3633228aec4bc Finished request 9 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 5 ID 32 with timestamp 44898894 Cleaning up request 6 ID 33 with timestamp 44898894 Cleaning up request 7 ID 34 with timestamp 44898894 Cleaning up request 8 ID 35 with timestamp 44898894 Cleaning up request 9 ID 36 with timestamp 44898894 Nothing to do. Sleeping until we see a request.