(0) Received Access-Request Id 42 from 127.0.0.1:52084 to 127.0.0.1:18120 length 84 (0) User-Name = "karunad@ssn.in" (0) User-Password = "Dkaruna@1974" (0) NAS-IP-Address = 10.101.1.55 (0) NAS-Port = 0 (0) Message-Authenticator = 0x4d65d2ee404437332a75dbc9766b8ec4 (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [chap] = noop (0) [mschap] = noop (0) suffix: Checking for suffix after "@" (0) suffix: Looking up realm "ssn.in" for User-Name = "karunad@ssn.in" (0) suffix: No such realm "ssn.in" (0) [suffix] = noop (0) update control { (0) &Proxy-To-Realm := LOCAL (0) } # update control = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop rlm_ldap (ldap): Reserved connection (0) (0) ldap: EXPAND (userPrincipalName=%{%{Stripped-User-Name}:-%{User-Name}}) (0) ldap: --> (userPrincipalName=karunad@ssn.in) (0) ldap: Performing search in "dc=ssn,dc=in" with filter "(userPrincipalName=karunad@ssn.in)", scope "sub" (0) ldap: Waiting for search result... Unable to chase referral "ldaps://ForestDnsZones.ssn.in/DC=ForestDnsZones,DC=ssn,DC=in" (-1: Can't contact LDAP server) Unable to chase referral "ldaps://DomainDnsZones.ssn.in/DC=DomainDnsZones,DC=ssn,DC=in" (-1: Can't contact LDAP server) Unable to chase referral "ldaps://ssn.in/CN=Configuration,DC=ssn,DC=in" (-1: Can't contact LDAP server) (0) ldap: User object found at DN "CN=karunad,OU=staff,DC=ssn,DC=in" (0) ldap: Processing user attributes (0) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute (0) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure) rlm_ldap (ldap): Released connection (0) Need 5 more connections to reach 10 spares rlm_ldap (ldap): Opening additional connection (5), 1 of 27 pending slots used rlm_ldap (ldap): Connecting to ldap://pad.ssn.edu.in:636 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (0) [ldap] = ok (0) if ((ok || updated) && User-Password && !control:Auth-Type) { (0) if ((ok || updated) && User-Password && !control:Auth-Type) -> TRUE (0) if ((ok || updated) && User-Password && !control:Auth-Type) { (0) update { (0) control:Auth-Type := LDAP (0) } # update = noop (0) } # if ((ok || updated) && User-Password && !control:Auth-Type) = noop (0) [expiration] = noop (0) [logintime] = noop (0) [pap] = noop (0) } # authorize = ok (0) Found Auth-Type = LDAP (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (0) Auth-Type LDAP { rlm_ldap (ldap): Reserved connection (1) (0) ldap: Login attempt by "karunad@ssn.in" (0) ldap: Using user DN from request "CN=karunad,OU=staff,DC=ssn,DC=in" (0) ldap: Waiting for bind result... (0) ldap: Bind successful (0) ldap: Bind as user "CN=karunad,OU=staff,DC=ssn,DC=in" was successful rlm_ldap (ldap): Released connection (1) Need 4 more connections to reach 10 spares rlm_ldap (ldap): Opening additional connection (6), 1 of 26 pending slots used rlm_ldap (ldap): Connecting to ldap://pad.ssn.edu.in:636 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (0) [ldap] = ok (0) } # Auth-Type LDAP = ok (0) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (0) post-auth { (0) if (0) { (0) if (0) -> FALSE (0) } # post-auth = noop (0) Sent Access-Accept Id 42 from 127.0.0.1:18120 to 127.0.0.1:52084 length 0 (0) Finished request Waking up in 4.9 seconds. (0) Sending duplicate reply to client localhost port 52084 - ID: 42 Waking up in 9.9 seconds. (0) Cleaning up request packet ID 42 with timestamp +5