Hi i dont get any answer till now, though i join ur list that i hope a help from someone. please i need to decide what to use RED HAT OR SLACKWARE. On 2/15/07, freeradius-users-request@lists.freeradius.org < freeradius-users-request@lists.freeradius.org> wrote:
Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to freeradius-users-request@lists.freeradius.org
You can reach the person managing the list at freeradius-users-owner@lists.freeradius.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: db.counter not found! (Alan DeKok) 2. Re: VLAN assigment and Alcatel Omniswitch 7800 (Oxiel Contreras) 3. [SOLVED] - Re: VLAN assigment and Alcatel Omniswitch 7800 (Oxiel Contreras) 4. Re: Simple security (Gaddis, Jeremy L.) 5. NAS-IP-Address in mysql (VeNoMouS) 6. Re: NAS-IP-Address in mysql (Dan Mahoney, System Admin) 7. strip unwanted characters from reply message (Cory Robson) 8. Re: a problem about radius and ldap [SOLVED] (Ramazan Ulker)
----------------------------------------------------------------------
Message: 1 Date: Thu, 15 Feb 2007 03:02:40 +0100 From: Alan DeKok <aland@deployingradius.com> Subject: Re: db.counter not found! To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <45D3BF40.30201@deployingradius.com> Content-Type: text/plain; charset=ISO-8859-1
Enrique Llanos V. wrote:
And of course in my raddb (freeradius) path:
bash-2.05b# locate db.counter /usr/local/etc/raddb/db.counter
"locate" uses a database that is updated daily. So if the file disappears, locate doesn't notice.
Use "ls" instead.
Yet when i start freeradius i obtain this error: ... Wed Feb 14 17:02:40 2007 : Error: rlm_counter: Failed to open file /usr/local/etc/raddb/db.counter: No such file or directory ... Any ideas in how to correct this error?
Ensure that the /usr/local/etc/raddb directory exists, and readable by radiusd.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
------------------------------
Message: 2 Date: Wed, 14 Feb 2007 22:08:57 -0400 From: Oxiel Contreras <oxielc@yahoo.it> Subject: Re: VLAN assigment and Alcatel Omniswitch 7800 To: freeradius-users@lists.freeradius.org Message-ID: <200702142208.57769.oxielc@yahoo.it> Content-Type: text/plain; charset="iso-8859-1"
Hello Marcel.
I'm afraid you added it in the wrong place, dictionary.alcatel does not contain the VSAs for Omniswitches (Alcatel-Lucent has multiple dictionaries for different products, dictionary.alcatel appears to be for a BRAS, not for an enterprise switch). The dictionary you're looking for is dictionary.xylan; the easiest way is to use Xylan-Auth-Group for sending your VLAN (The name isn't really that important, what is important is that the number for the attribute is correct (1 in this case) and that it is defined with the proper vendor number (800 for Omniswitches)).
Right, indeed used Xylan-Auth-Group and worked perfectly, i'm so happy a tear fell down :)
Many thanks.
Oxiel
Chiacchiera con i tuoi amici in tempo reale! http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com
------------------------------
Message: 3 Date: Wed, 14 Feb 2007 22:30:17 -0400 From: Oxiel Contreras <oxielc@yahoo.it> Subject: [SOLVED] - Re: VLAN assigment and Alcatel Omniswitch 7800 To: freeradius-users@lists.freeradius.org Message-ID: <200702142230.18122.oxielc@yahoo.it> Content-Type: text/plain; charset="iso-8859-15"
Hello Santa.
This worked great!!!
I was doing 802.1x only, no AVLAN.
For any soul out there trying to implement 802.1x with FreeRadius on OpenSuSE10.1 and Omniswitch 7800 and Active Directory as taught on:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
Take note of the following points:
1) If you use PEAP, install the patch from MS to Radius as noted on the FAQ, you need someone with Gold Support from M$ to get it or email me off the list :)
http://wiki.freeradius.org/FreeRADIUS_Wiki:FAQ#PEAP_Doesn.27t_Work
2) If PEAP is your election, install the CA and generate the certificates on the Radius server.
3) Modify the permissions of execution for the winbind daemon in order to acomplish the ntlm_auth process, FIXME, now using root permissions.
4) Use Xylan-Auth-Group as VSA in /etc/raddb/users as the attribute for assigning VLAN, or generate the new dictionary.alcatel as Santa Yeh described below, and then use Alcatel-Auth-Group as the attribute for VLAN
5) Use the setup for omniswitch as described below by Santa Yeh
6) Thank all these great people who develop and support this great software.
Thanks Alan, A.L.M., Jeremy, Marcel and Santa.
Best regards
Oxiel
El Mi?rcoles, 14 de Febrero de 2007 11:19, Santa Yeh escribi?:
Hello Oxiel,
Are you doing AVLAN or 802.1x?
1. I created a new file - dictionary.alcatel
# # dictionary.alcatel # # Alcatel VSAs #
VENDOR Alcatel 800
# # Standard attribute # ATTRIBUTE Alcatel-Auth-Group 1 integer Alcatel ATTRIBUTE Alcatel-Slot-Port 2 string Alcatel ATTRIBUTE Alcatel-Time-of-Day 3 string Alcatel ATTRIBUTE Alcatel-Client-IP-Addr 4 ipaddr Alcatel ATTRIBUTE Alcatel-Group-Desc 5 string Alcatel ATTRIBUTE Alcatel-Port-Desc 6 string Alcatel
VALUE Acct-Authentic AUTH-AVCLIENT 4 VALUE Acct-Authentic AUTH-TELNET 5 VALUE Acct-Authentic AUTH-HTTP 6
2. For users file
user1 Auth-Type := Local, Password = "user1" Alcatel-Auth-Group = 3
3. For AVLAN
vlan 3 authentication enable vlan port mobile 1/1 bpdu ignore enable vlan port 1/1 authenticate enable ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3 aaa radius-server rad1 host 192.168.10.211 key radkey aaa authentication vlan single-mode rad1 aaa accounting vlan rad1 aaa avlan default dhcp 192.168.11.254 aaa avlan dns alcatel avlan 3 auth-ip 192.168.11.253
4. For 802.1x (Sorry, just from my memory)
vlan 3 802.1x enable vlan port mobile 1/1 bpdu ignore enable vlan port 1/1 802.1x enable ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3 aaa radius-server rad1 host 192.168.10.211 key radkey aaa authentication 802.1x rad1 aaa accounting 802/1x rad1 Chiacchiera con i tuoi amici in tempo reale! http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com
------------------------------
Message: 4 Date: Thu, 15 Feb 2007 00:07:42 -0500 (EST) From: "Gaddis, Jeremy L." <jeremy@linuxwiz.net> Subject: Re: Simple security To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <Pine.LNX.4.64.0702150007130.26174@w00t.linuxwiz.net> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Wed, 14 Feb 2007, Scott Hughes wrote:
I have friend that want some light security on the small network they have (15-25 PCs).
What is the best way to secure his network so that someone can't just plug in his laptop and be on the network? He would prefer to make this seamless to his users.
802.1X
-- Jeremy L. Gaddis, MCP, GCWN jeremy@linuxwiz.net LinuxWiz Consulting http://linuxwiz.net
------------------------------
Message: 5 Date: Thu, 15 Feb 2007 18:09:04 +1300 From: "VeNoMouS" <venom@gen-x.co.nz> Subject: NAS-IP-Address in mysql To: freeradius-users@lists.freeradius.org Message-ID: <jdhnn4.lzlxf2@www.gen-x.co.nz> Content-Type: text/plain; charset="iso-8859-1"
Hi guys After doing some tests, I just discovered that I cant have more then one NAS-IP-Address in radgroupcheck (it seems to ignore the others) does anyone know of a work around as i dont want to use the huntgroup file (makes it kinda anonying since im doing a web frontend for administration).
Cheers
------------------------------
Message: 6 Date: Thu, 15 Feb 2007 01:09:41 -0500 (EST) From: "Dan Mahoney, System Admin" <danm@prime.gushi.org> Subject: Re: NAS-IP-Address in mysql To: venom@gen-x.co.nz, FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <20070215010842.M65264@prime.gushi.org> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Thu, 15 Feb 2007, VeNoMouS wrote:
Hi guys After doing some tests, I just discovered that I cant have more then one NAS-IP-Address in radgroupcheck (it seems to ignore the others) does anyone know of a work around as i dont want to use the huntgroup file (makes it kinda anonying since im doing a web frontend for administration).
this is getting to be a really common question :)
Yes, you need to embed the nas-ip-address as part of your query (in the WHERE clause (same way as you match the username) so only the matching items are returned.
-Dan
Cheers
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
"I can feel it, comin' back again...Like a rolling thunder chasin' the wind..."
-Dan Mahoney, JS, JB & SL, May 10th, 1997, Approx 1AM
--------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
------------------------------
Message: 7 Date: Thu, 15 Feb 2007 15:40:00 +0900 From: "Cory Robson" <cory@cmi.net.au> Subject: strip unwanted characters from reply message To: "'FreeRadius users mailing list'" <freeradius-users@lists.freeradius.org> Message-ID: <20070215063635.3AAD5104464@poseidon.gateway.net.au> Content-Type: text/plain; charset="us-ascii"
I have failed logins being dumped into a table in myslq and am getting a lot of unwanted characters.
IE: Password Has Expired=5Cr=5Cn
Is there a way I can tell it to only supply the textual content
Thanks
Cory
------------------------------
Message: 8 Date: Thu, 15 Feb 2007 08:45:30 +0200 From: "Ramazan Ulker" <ulkerra@gmail.com> Subject: Re: a problem about radius and ldap [SOLVED] To: freeradius-users@lists.freeradius.org Message-ID: <79b4f8410702142245j263beef5vd8f15e1794b8c187@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1"
Hi Sorry for too many mails. Problem solved by setting identity and password in radius.conf with proper user in ldap. I managed to get User-Password from ldap at the end as shown below.
rlm_ldap: Added password ramazan in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding userpassword as User-Password, value ramazan & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id, value 2 & op=11 rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6 & op=11 rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN & op=11 rlm_ldap: Adding radiusClass as Class, value employee & op=11 rlm_ldap: user ramazan authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 1 modcall: leaving group authenticate (returns ok) for request 1 Login OK: [ramazan/<no User-Password attribute>] (from client ldapsrv port 50001 cli 00-12-79-AE-D2-4D) On 1/29/07, Ramazan Ulker <ulkerra@gmail.com> wrote:
Hi
I'm working on 802.1x implementation(cisco 2950, freeradius, ldap), i
face a problem. First of all, defining users and passwords in users file in raddb works well with md5 authentication. Then i tried to use ldap, then with radtest i get accept-accept packet. But while authenticating from xp client with md5-challenge, I got
Auth:rlm_ldap:Attribute "User-Password" is required for authentication
error. In one of the e-mail you said don't authenticate from ldap, but
with radtest function i get success!!! The passwords are kept clear text. I'm looking forward to getting your help. I also send radius debug log.
Best Regards
Ramazan
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded LDAP
ldap: server = "192.168.100.18"
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = ""
ldap: start_tls = no
ldap: password = ""
ldap: basedn = "dc=dot1x.com"
ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "userPassword"
ldap: access_attr = "radiusgroupname"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "radiusGroupName"
ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
conns: (nil)
rlm_ldap: reading ldap<->radius mappings from file
/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP userPassword mapped to RADIUS User-Password
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS
Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS
Tunnel-Private-Group-Id
conns: 0x8101f58
Module: Instantiated ldap (ldap)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
rlm_eap: Loaded and initialized the type md5
rlm_eap: Loaded and initialized the type leap
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.100.17:1812, id=11,
length=129
NAS-IP-Address = 192.168.100.17
NAS-Port = 50001
NAS-Port-Type = Ethernet
User-Name = "ramazan"
Called-Station-Id = "00-0F-8F-77-DB-81"
Calling-Station-Id = "00-12-79-AE-D2-4D"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = 0x0200000c0172616d617a616e
Message-Authenticator = 0x68c41631d4feb2234d900b37a9845348
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_eap: EAP packet type notification id 0 length 12
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 0
rlm_realm: No '@' in User-Name = "ramazan", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched DEFAULT at 152
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'dc=dot1x.com'
radius_xlat: '(uid=ramazan)'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.100.18:389, authentication 0
rlm_ldap: bind as / to 192.168.100.18:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in dc=dot1x.com, with filter (uid=ramazan)
ldap_release_conn: Release Id: 0
radius_xlat:
'(|(&(objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc= dot1x.com ))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc= dot1x.com)))'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dot1x.com, with filter
(&(cn=VPN)(|(&(objectClass=GroupOfNames)(member=uid=ramazan,cn=users,cn=idc,dc= dot1x.com ))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=ramazan,cn=users,cn=idc,dc= dot1x.com))))
rlm_ldap: object not found or got ambiguous search result
ldap_release_conn: Release Id: 0
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=ramazan,cn=users,cn=idc,dc=dot1x.com,
with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group VPN
ldap_release_conn: Release Id: 0
users: Matched DEFAULT at 171
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for ramazan
radius_xlat: '(uid=ramazan)'
radius_xlat: 'dc=dot1x.com'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dot1x.com, with filter (uid=ramazan)
rlm_ldap: checking if remote access for ramazan is allowed by
radiusgroupname
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusAuthType as Auth-Type, value ldap & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id,
value 2 & op=11
rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value 6 &
op=11
rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN & op=11
rlm_ldap: Adding radiusClass as Class, value group-net & op=11
rlm_ldap: user ramazan authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type ldap
auth: type "LDAP"
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "ldap" returns invalid for request 0
modcall: group Auth-Type returns invalid for request 0
auth: Failed to validate the user.
Login incorrect: [ramazan/<no User-Password attribute>] (from client
radius port 50001 cli 00-12-79-AE-D2-4D)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 11 to 192.168.100.17:1812
Waking up in 4 seconds...