1) Received Access-Request Id 93 from 127.0.0.1:22779 to 127.0.0.1:18120 length 140 (1) User-Name = "karunad@ssn.in" (1) NAS-IP-Address = 10.101.1.55 (1) NAS-Port = 0 (1) Message-Authenticator = 0xf87798a006cb2ea17d22ed83720d3664 (1) MS-CHAP-Challenge = 0x0eb44659f4fa7e2e (1) MS-CHAP-Response = 0x000100000000000000000000000000000000000000000000000089f7ff5b31e7c1358756a7f84920a35b7e3e994604b59765 (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [chap] = noop (1) mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap' (1) [mschap] = ok (1) suffix: Checking for suffix after "@" (1) suffix: Looking up realm "ssn.in" for User-Name = "karunad@ssn.in" (1) suffix: No such realm "ssn.in" (1) [suffix] = noop (1) update control { (1) &Proxy-To-Realm := LOCAL (1) } # update control = noop (1) eap: No EAP-Message, not doing EAP (1) [eap] = noop (1) [files] = noop rlm_ldap (ldap): Closing connection (2): Hit idle_timeout, was idle for 168 seconds rlm_ldap (ldap): Closing connection (3): Hit idle_timeout, was idle for 167 seconds rlm_ldap (ldap): Closing connection (4): Hit idle_timeout, was idle for 167 seconds rlm_ldap (ldap): Closing connection (0): Hit idle_timeout, was idle for 157 seconds rlm_ldap (ldap): Closing connection (5): Hit idle_timeout, was idle for 156 seconds rlm_ldap (ldap): You probably need to lower "min" rlm_ldap (ldap): Closing connection (1): Hit idle_timeout, was idle for 156 seconds rlm_ldap (ldap): You probably need to lower "min" rlm_ldap (ldap): Closing connection (6): Hit idle_timeout, was idle for 156 seconds rlm_ldap (ldap): You probably need to lower "min" rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare" rlm_ldap (ldap): Opening additional connection (7), 1 of 32 pending slots used rlm_ldap (ldap): Connecting to ldap://pad.ssn.edu.in:636 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful rlm_ldap (ldap): Reserved connection (7) (1) ldap: EXPAND (userPrincipalName=%{%{Stripped-User-Name}:-%{User-Name}}) (1) ldap: --> (userPrincipalName=karunad@ssn.in) (1) ldap: Performing search in "dc=ssn,dc=in" with filter "(userPrincipalName=karunad@ssn.in)", scope "sub" (1) ldap: Waiting for search result... Unable to chase referral "ldaps://ForestDnsZones.ssn.in/DC=ForestDnsZones,DC=ssn,DC=in" (-1: Can't contact LDAP server) Unable to chase referral "ldaps://DomainDnsZones.ssn.in/DC=DomainDnsZones,DC=ssn,DC=in" (-1: Can't contact LDAP server) Unable to chase referral "ldaps://ssn.in/CN=Configuration,DC=ssn,DC=in" (-1: Can't contact LDAP server) (1) ldap: User object found at DN "CN=karunad,OU=staff,DC=ssn,DC=in" (1) ldap: Processing user attributes (1) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute (1) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure) rlm_ldap (ldap): Released connection (7) Need 2 more connections to reach min connections (3) rlm_ldap (ldap): Opening additional connection (8), 1 of 31 pending slots used rlm_ldap (ldap): Connecting to ldap://pad.ssn.edu.in:636 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (1) [ldap] = ok (1) if ((ok || updated) && User-Password && !control:Auth-Type) { (1) if ((ok || updated) && User-Password && !control:Auth-Type) -> FALSE (1) [expiration] = noop (1) [logintime] = noop (1) [pap] = noop (1) } # authorize = ok (1) Found Auth-Type = mschap (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (1) authenticate { (1) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password (1) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password (1) mschap: Client is using MS-CHAPv1 with NT-Password (1) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication (1) mschap: ERROR: MS-CHAP2-Response is incorrect (1) [mschap] = reject (1) } # authenticate = reject (1) Failed to authenticate the user (1) Using Post-Auth-Type Reject (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (1) Post-Auth-Type REJECT { (1) attr_filter.access_reject: EXPAND %{User-Name} (1) attr_filter.access_reject: --> karunad@ssn.in (1) attr_filter.access_reject: Matched entry DEFAULT at line 11 (1) [attr_filter.access_reject] = updated (1) update outer.session-state { (1) ERROR: Mapping "&request:Module-Failure-Message" -> "&Module-Failure-Message" invalid in this context (1) } # update outer.session-state = invalid (1) } # Post-Auth-Type REJECT = invalid (1) Delaying response for 1.000000 seconds Waking up in 0.1 seconds. Waking up in 0.8 seconds. (1) Sending delayed response (1) Sent Access-Reject Id 93 from 127.0.0.1:18120 to 127.0.0.1:22779 length 61 (1) MS-CHAP-Error = "\000E=691 R=1 C=c46688b2ef798f02 V=2" Waking up in 3.9 seconds. (1) Cleaning up request packet ID 93 with timestamp +167