On 10/08/2014 02:53 PM, Matthew Newton wrote:
Hi,
On Wed, Oct 08, 2014 at 11:08:37AM +0300, Oleksandr Yermolenko wrote:
users file
stu Cleartext-Password := "x3DdEhgN" stu@sumix.com Cleartext-Password := "x3DdEhgN"
As per the full debug output, your users file is /etc/raddb/mods-config/files/authorize - is that the one you altered?
Did you add those lines to the top of the file?
Matthew
cool, currently I have much better result ... :-) I can build more custom thing with perl in inner--tunnel (6) eap_ttls : Got tunneled request EAP-Message = 0x02010016041009675fbad7352ecad216acaea5be5a12 (6) eap_ttls : Sending tunneled request (6) server inner-tunnel { (6) Request: EAP-Message = 0x02010016041009675fbad7352ecad216acaea5be5a12 User-Name = 'stu@sumix.com' State = 0x96d31d5996d219b178a0b4484d01383f (6) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (6) authorize { (6) eap : Peer sent code Response (2) ID 1 length 22 (6) eap : No EAP Start, assuming it's an on-going EAP conversation (6) [eap] = updated (6) files : users: Matched entry stu@sumix.com at line 2 (6) [files] = ok (6) } # authorize = updated (6) Found Auth-Type = EAP (6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (6) authenticate { (6) eap : Expiring EAP session with state 0x96d31d5996d219b1 (6) eap : Finished EAP session with state 0x96d31d5996d219b1 (6) eap : Previous EAP request found for state 0x96d31d5996d219b1, released from the list (6) eap : Peer sent method MD5 (4) (6) eap : EAP MD5 (4) (6) eap : Calling eap_md5 to process EAP data (6) eap : Freeing handler (6) [eap] = ok (6) } # authenticate = ok (6) Login OK: [stu@sumix.com/<via Auth-Type = EAP>] (from client aae-vm port 0 via TLS tunnel) (6) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel (6) Reply: EAP-Message = 0x03010004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = 'stu@sumix.com' (6) } # server inner-tunnel (6) eap_ttls : Got tunneled Access-Accept (6) eap : Freeing handler (6) [eap] = ok (6) } # authenticate = ok (6) Login OK: [stu@sumix.com/<via Auth-Type = EAP>] (from client aae-vm port 80 cli 10.20.9.8[4500]) (6) # Executing section post-auth from file /etc/raddb/sites-enabled/default (6) post-auth { (6) [exec] = noop (6) } # post-auth = noop (6) Sending Access-Accept packet to host 127.0.0.1 port 53526, id=230, length=0 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) User-Name = 'stu@sumix.com' (6) MS-MPPE-Recv-Key = 0x39315b8745ea304ef0fa604de15f5f8198f5d129b6f30de027213e3ba6178083 (6) MS-MPPE-Send-Key = 0x8320ea33d80145fccce96da3b33497c6be6aab15e49c41e8ea9aecfa52e086ba (6) EAP-MSK = 0x39315b8745ea304ef0fa604de15f5f8198f5d129b6f30de027213e3ba61780838320ea33d80145fccce96da3b33497c6be6aab15e49c41e8ea9aecfa52e086ba (6) EAP-EMSK = 0xa932fd253defe371a204bf8be8ed4214d0538232b8c16f2aa4c4d466afb351382e472eced957ba5778ca61b2aab137ca57caa6569e49738ce9572472b45a2d46 (6) EAP-Session-Id = 0x1554352c1966f914dd00af58f51964cf8dc10c9802988f14954d9ba4f375bbe92754352c199666f38e4d3ef44ef154331b7d69824775ea30ba31fe08bfcd635f40 (6) EAP-Message = 0x03060004 Sending Access-Accept Id 230 from 127.0.0.1:1812 to 127.0.0.1:53526 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = 'stu@sumix.com' MS-MPPE-Recv-Key = 0x39315b8745ea304ef0fa604de15f5f8198f5d129b6f30de027213e3ba6178083 MS-MPPE-Send-Key = 0x8320ea33d80145fccce96da3b33497c6be6aab15e49c41e8ea9aecfa52e086ba EAP-Message = 0x03060004 (6) Finished request Waking up in 0.2 seconds. Waking up in 4.6 seconds. (0) Cleaning up request packet ID 224 with timestamp +13 (1) Cleaning up request packet ID 225 with timestamp +13 (2) Cleaning up request packet ID 226 with timestamp +13 (3) Cleaning up request packet ID 227 with timestamp +13 (4) Cleaning up request packet ID 228 with timestamp +13 (5) Cleaning up request packet ID 229 with timestamp +13 (6) Cleaning up request packet ID 230 with timestamp +13