Il 28/11/2013 17:28, A.L.M.Buxey@lboro.ac.uk ha scritto:
Hi,
PAP and CHAP without EAP dont use inner-tunnel
if you arent calling LDAP module in the inner-tunnel then an EAP method that relies on ldap will simply not work.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I do call LDAP in the inner-tunnel otherwise I think I will not have this output I guess:
rad_recv: Access-Request packet from host 127.0.0.1 port 44972, id=102, length=57 User-Name = "atest" User-Password = "atest" NAS-IP-Address = 127.0.1.1 NAS-Port = 10 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "atest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [ldap] performing user authorization for atest [ldap] expand: %{Stripped-User-Name} -> [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> atest [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=atest) [ldap] expand: dc=newenergygroup,dc=com -> dc=newenergygroup,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to test-ldap.newenergygroup.com:389, authentication 0 [ldap] bind as cn=admin,dc=newenergygroup,dc=com/Ld4pPa$$w0rD to test-ldap.newenergygroup.com:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in dc=newenergygroup,dc=com, with filter (uid=atest) [ldap] Added User-Password = {MD5}tQzXLan1f4v2iAMD/1t2Ig== in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] looking for reply items in directory... [ldap] user atest authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "atest" [pap] Using MD5 encryption. [pap] Normalizing MD5-Password from base64 encoding [pap] User authenticated successfully ++[pap] returns ok Login OK: [atest] (from client localhost port 10) +- entering group post-auth {...} ++[ldap] returns noop } # server inner-tunnel Sending Access-Accept of id 102 to 127.0.0.1 port 44972 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 102 with timestamp +3 Ready to process requests. Thanks