override ldap reply attribute
Hi Guys, I have maybe a quite simple question: is there any way to override the default ldap-reply attribute with an other value than there is in ldap. i.e.: users-file: Default Called-Station-Id = "00-1A-30-2F-11-50:Test", Airespace-Interface-Name := 777 ldap.attrmap: replyItem Airespace-Interface-Name radiusCallingStationId wanted result: if the users-file doesnt match, use vlaue of ldap-attribute: radiusCallingStationId, otherwise use vlaue: 777 in this type of configuration it seems i cant override the ldap-reply attribute-value with the users-file. is there any possible way to do this? thanks in advance :-) freeradiusver: 1.1.4 -- "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail
O/H tschaos@gmx.net έγραψε:
Hi Guys,
I have maybe a quite simple question:
is there any way to override the default ldap-reply attribute with an other value than there is in ldap.
i.e.:
users-file:
Default Called-Station-Id = "00-1A-30-2F-11-50:Test", Airespace-Interface-Name := 777
ldap.attrmap:
replyItem Airespace-Interface-Name radiusCallingStationId
wanted result:
if the users-file doesnt match, use vlaue of ldap-attribute: radiusCallingStationId, otherwise use vlaue: 777
in this type of configuration it seems i cant override the ldap-reply attribute-value with the users-file.
Check the order in which the files and ldap module appear in the authorize section. If you want to override an ldap value then you need to have the files moduel after the ldap module.
is there any possible way to do this?
thanks in advance :-)
freeradiusver: 1.1.4
-- Kostas Kalevras - Network Operations Center National Technical University of Athens http://kkalev.wordpress.com
Kostas Kalevras wrote:
O/H tschaos@gmx.net έγραψε:
Hi Guys,
I have maybe a quite simple question:
is there any way to override the default ldap-reply attribute with an other value than there is in ldap.
i.e.:
users-file:
Default Called-Station-Id = "00-1A-30-2F-11-50:Test", Airespace-Interface-Name := 777
ldap.attrmap:
replyItem Airespace-Interface-Name radiusCallingStationId
wanted result:
if the users-file doesnt match, use vlaue of ldap-attribute: radiusCallingStationId, otherwise use vlaue: 777
in this type of configuration it seems i cant override the ldap-reply attribute-value with the users-file.
Check the order in which the files and ldap module appear in the authorize section. If you want to override an ldap value then you need to have the files moduel after the ldap module.
unfortunately the problem still persists, also if i change the order :-( any other ideas?
is there any possible way to do this?
thanks in advance :-)
freeradiusver: 1.1.4
-- Kostas Kalevras - Network Operations Center National Technical University of Athens http://kkalev.wordpress.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail
O/H Chaos Commander έγραψε:
Kostas Kalevras wrote:
O/H tschaos@gmx.net έγραψε:
Hi Guys,
I have maybe a quite simple question:
is there any way to override the default ldap-reply attribute with an
other value than there is in ldap.
i.e.:
users-file:
Default Called-Station-Id = "00-1A-30-2F-11-50:Test",
Airespace-Interface-Name := 777
ldap.attrmap:
replyItem Airespace-Interface-Name radiusCallingStationId
wanted result:
if the users-file doesnt match, use vlaue of ldap-attribute:
radiusCallingStationId, otherwise use vlaue: 777
in this type of configuration it seems i cant override the ldap-reply
attribute-value with the users-file.
Check the order in which the files and ldap module appear in the authorize section. If you want to override an ldap value then you need to have the files moduel after the ldap module.
unfortunately the problem still persists, also if i change the order :-(
any other ideas?
Run in debug mode (radiusd -X) and POST the output.
is there any possible way to do this?
thanks in advance :-)
freeradiusver: 1.1.4
-- Kostas Kalevras - Network Operations Center National Technical University of Athens http://kkalev.wordpress.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Kostas Kalevras - Network Operations Center National Technical University of Athens http://kkalev.wordpress.com
Here is the full debug-log. Airespace-Interface-Name value in ldap: 310 vlaue in users-file: 777 as you can see, it doesnt override :-( users-file line 54, which matches: DEFAULT Called-Station-Id == "00-1A-30-2E-C9-60:Test99", Airespace-Interface-Name := "777" radiusd.conf authorize section: authorize { preprocess eap ldap_wlan files } as you can see, its wlan-authentication with EAP on SSID:Test99 dont know what i can try else :-( thanks in advance for your help! btw: all network-critical data is changed, so all cracker/hacker wont be happy with that log :-) rad_recv: Access-Request packet from host 10.110.100.3:32769, id=83, length=182 User-Name = "mtesth46" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:Test99" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-anubis-2" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x0202000d016d74657374683436 Message-Authenticator = 0x84b4349efada5535a0f2db597253a3e5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_eap: EAP packet type response id 2 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for mtesth46 radius_xlat: '(|(uid=mtesth46)(uid=_))' radius_xlat: 'dc=meduniwien,dc=ac,dc=at' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.meduniwien.ac.at:389, authentication 0 rlm_ldap: bind as uid=radiant,ou=services,dc=meduniwien,dc=ac,dc=at/chap56 to ldap.meduniwien.ac.at:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=meduniwien,dc=ac,dc=at, with filter (|(uid=mtesth46)(uid=_)) rlm_ldap: Added password tintifax in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusCallingStationId as Airespace-Interface-Name, value 310 & op=11 rlm_ldap: user mtesth46 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_wlan" returns ok for request 0 users: Matched entry DEFAULT at line 54 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 83 to 10.110.100.3 port 32769 Airespace-Interface-Name = "310" EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xeb117ee4b863a7e36af53cd4e074d241 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.110.100.3:32769, id=84, length=182 User-Name = "mtesth46" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:Test99" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-anubis-2" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x0202000d016d74657374683436 Message-Authenticator = 0x33408ce1418bfbcd9bb526e74340fca1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 rlm_eap: EAP packet type response id 2 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for mtesth46 radius_xlat: '(|(uid=mtesth46)(uid=_))' radius_xlat: 'dc=meduniwien,dc=ac,dc=at' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=meduniwien,dc=ac,dc=at, with filter (|(uid=mtesth46)(uid=_)) rlm_ldap: Added password tintifax in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusCallingStationId as Airespace-Interface-Name, value 310 & op=11 rlm_ldap: user mtesth46 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_wlan" returns ok for request 1 users: Matched entry DEFAULT at line 54 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 84 to 10.110.100.3 port 32769 Airespace-Interface-Name = "310" EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9db5e713894084a65d1cef0ad5f54cc7 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.110.100.3:32769, id=85, length=299 User-Name = "mtesth46" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:Test99" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-anubis-2" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x0203007019800000006616030100610100005d0301462c9348f0cb3b382d1edf23126e92cd045d646e7bc8323b4ee978658064418f20af7fc732ebec313f9df32079ab378be41fab862f205a419cb4d57b4821b33441001600040005000a000900640062000300060013001200630100 State = 0x9db5e713894084a65d1cef0ad5f54cc7 Message-Authenticator = 0x9aab627a00755c536afb2d2cc985db12 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 rlm_eap: EAP packet type response id 3 length 112 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for mtesth46 radius_xlat: '(|(uid=mtesth46)(uid=_))' radius_xlat: 'dc=meduniwien,dc=ac,dc=at' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=meduniwien,dc=ac,dc=at, with filter (|(uid=mtesth46)(uid=_)) rlm_ldap: Added password tintifax in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusCallingStationId as Airespace-Interface-Name, value 310 & op=11 rlm_ldap: user mtesth46 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_wlan" returns ok for request 2 users: Matched entry DEFAULT at line 54 modcall[authorize]: module "files" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 070f], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 85 to 10.110.100.3 port 32769 Airespace-Interface-Name = "310" EAP-Message = 0x0104040a19c00000076c160301004a020000460301462de39c5e1e7d93e1c437626b5de0bbf4d23dab5c8f19b86a61dc3ddf49342e20147b6f90fd630f71ff7a55d5a874114c29bc1f6a3c8dd007aef6d8a0460c7b53000400160301070f0b00070b0007080002e3308202df308201c7a0030201020209009928d8ef65bff801300d06092a864886f70d01010405003066310b3009060355040613024154310f300d060355040813065669656e6e61310f300d060355040713065669656e6e61310c300a060355040a13034d5557310c300a060355040b13034d5557311930170603550403131048657262657274204a6163756265747a301e170d3036 EAP-Message = 0x303530333230333030325a170d3037303530333230333030325a3063310b3009060355040613024154310f300d060355040813065669656e6e61310f300d060355040713065669656e6e61310c300a060355040a13034d5557310c300a060355040b13034d5557311630140603550403130d5261646975735261747061636b30819f300d06092a864886f70d010101050003818d0030818902818100f33887720b4f94a489e3e90a6b1f563beb8b38bfe7054aeaa27dfd0bdd931523b5dde0bfb31ee56843ff5b4731324a5d308be9ef3fcfecd3867448826d8670b3fc40c3271441b489f1e9589fcc2e6698897363d1aff4d7fff3f586500db34d43b5 EAP-Message = 0x46e056e485348d82bfeede2fedabc8dd1c8fc044d1c7c6eb4d9daf7d63aa270203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100b03cb3701d7112a8b4c7b2593ca8b25ae7fd7783343986d26dc52c1734a516fb367017f78b89aced98b3141d8a392ff1fd298cba344db7f4fcaa3fd9c0b07b048e1861e455419597c43e143a52332b4226b5d5aab606d1f5b9b5e1db258ec349da35386c1db5d71bcb9bf4b66c08844284f3a52aeb7dabbcdd6178971b793c2d5c4cc64d046de113ad517f7633d97880a06f9a6e59a1f1c78b9d5caf1846bc7fc91ca975be162dd0919d0493 EAP-Message = 0x2b3fd3988746d3376e2e260bb1b2f6c08a982e5ad788a278ac967c052ae013196d1252dc4b6cd09edd1f69026a2d94c66ebf0bc166bbd61cb46b82b0c77405e91b3d15fae94d572726a964ff1d397fc30dacbfaf00041f3082041b30820303a003020102020900c1bf467c4d81368a300d06092a864886f70d01010405003066310b3009060355040613024154310f300d060355040813065669656e6e61310f300d060355040713065669656e6e61310c300a060355040a13034d5557310c300a060355040b13034d5557311930170603550403131048657262657274204a6163756265747a301e170d3036303530333138333234385a170d30363036 EAP-Message = 0x30323138333234385a3066310b300906035504061302 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8f407ef83235a298939082ad03907d91 Finished request 2 Going to the next request Cleaning up request 0 ID 83 with timestamp 462de397 Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.110.100.3:32769, id=86, length=193 User-Name = "mtesth46" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:Test99" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-anubis-2" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x020400061900 State = 0x8f407ef83235a298939082ad03907d91 Message-Authenticator = 0xae95effc16d237c17f1884fa060b2048 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for mtesth46 radius_xlat: '(|(uid=mtesth46)(uid=_))' radius_xlat: 'dc=meduniwien,dc=ac,dc=at' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=meduniwien,dc=ac,dc=at, with filter (|(uid=mtesth46)(uid=_)) rlm_ldap: Added password tintifax in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusCallingStationId as Airespace-Interface-Name, value 310 & op=11 rlm_ldap: user mtesth46 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_wlan" returns ok for request 3 users: Matched entry DEFAULT at line 54 modcall[authorize]: module "files" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 86 to 10.110.100.3 port 32769 Airespace-Interface-Name = "310" EAP-Message = 0x0105037219004154310f300d060355040813065669656e6e61310f300d060355040713065669656e6e61310c300a060355040a13034d5557310c300a060355040b13034d5557311930170603550403131048657262657274204a6163756265747a30820122300d06092a864886f70d01010105000382010f003082010a0282010100f36a1fd1ccb7c903de6556eee3928bad2c00e47e7553c8087af8103b1f8584fc19a6babce9cdf141cf612d3a7bd8132feb672fa036ef8c3b39968459104b5c548fd2b48a391c6f2835e021a2d6c2bcc3a04c2791799a725309c0031f36a021b5ca972f48e35f7793ddd0a4de14216bb96965c9749cf6e642a47d78 EAP-Message = 0x5f7c9985ceb5d93f22c8e42bb8ac8bdea2ac0a2898e9d4648bb822e1189b0a9528894c3cb9fe05451bc48532a15bf12e02b125d51b17cf92530af580cf16791d3d17d7c74f8b6d345769274e2f394d974d4e58183ec8ff95950a2a284244b3cc3621cdf25f2cc9a278949c9911738d764cb534036026cb6fc59e5a4aa493b61993a693f89f0203010001a381cb3081c8301d0603551d0e04160414011ea6a65bc011a153210e925a8b992ee7e6ce6c3081980603551d2304819030818d8014011ea6a65bc011a153210e925a8b992ee7e6ce6ca16aa4683066310b3009060355040613024154310f300d060355040813065669656e6e61310f300d0603 EAP-Message = 0x55040713065669656e6e61310c300a060355040a13034d5557310c300a060355040b13034d5557311930170603550403131048657262657274204a6163756265747a820900c1bf467c4d81368a300c0603551d13040530030101ff300d06092a864886f70d010104050003820101007932033a8b0f62d4044db81baef33e5626fac2c77a1a5f2ae4c0f60fe740536da05bf88935b5883b5f0039c1d336f7f110422c6db391079e815b802e2eb85d13d918c99acb14707b8bfb25ed757cb86f8a8d302ed40cb539068ff6a9e1769db948da22efd44bfde424c5dcbe872bb362ce61624837dde35d0123393043a4e81cb343bee28ace1e36a8f2faf45afa EAP-Message = 0x4c41d669ad821c277ba73cfc377385e8b6fcf4596ee95bda5d4e3e65383eb73eb384e374649ba20e60db580bf49df3f94059865809b13b0b6456156647c4e7d1cb9a11640198648277128e545cfd0d01f6fcbf41a5367e584ddf53b3067d6f1182f8be2073a110d1aae728005c741ca1e53116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8af776765b19efabeb65f4f70d5c92c0 Finished request 3 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.110.100.3:32769, id=87, length=379 User-Name = "mtesth46" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:Test99" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-anubis-2" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x020500c01980000000b61603010086100000820080562f481b4f587cdba823e97eb66b8ef6cff8bc70a463436b9213361a81a644e177fb13daab6d1af9d94c2c0cf1ba34faedcbcbbf83063f36868187720386d306c34f1506ca03d958fd72eb24e17a6b0f74addedc11883800da614ebd1c5c9e28562251c28df3ba424a77f70a6acf5f477aa5664dc22308a04ab95568b0cad0531403010001011603010020130ec5ba986adbfd1ce70f7e27d8e3c9c7fccc385cb3b55bc529daba957db855 State = 0x8af776765b19efabeb65f4f70d5c92c0 Message-Authenticator = 0xcbdb0018d4725be300a23f5a4251b8ae Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 rlm_eap: EAP packet type response id 5 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for mtesth46 radius_xlat: '(|(uid=mtesth46)(uid=_))' radius_xlat: 'dc=meduniwien,dc=ac,dc=at' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=meduniwien,dc=ac,dc=at, with filter (|(uid=mtesth46)(uid=_)) rlm_ldap: Added password tintifax in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusCallingStationId as Airespace-Interface-Name, value 310 & op=11 rlm_ldap: user mtesth46 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_wlan" returns ok for request 4 users: Matched entry DEFAULT at line 54 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 87 to 10.110.100.3 port 32769 Airespace-Interface-Name = "310" EAP-Message = 0x0106003119001403010001011603010020d9863049248e632ed448e12a7b9ceb268392c69f4cc16c88926bcb49356f84eb Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb096a12c8d3847c5d96216e7b7ce010b Finished request 4 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.110.100.3:32769, id=88, length=193 User-Name = "mtesth46" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:Test99" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-anubis-2" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x020600061900 State = 0xb096a12c8d3847c5d96216e7b7ce010b Message-Authenticator = 0xd6cfaae669630a8a61da7bf6c2e621a6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 rlm_eap: EAP packet type response id 6 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for mtesth46 radius_xlat: '(|(uid=mtesth46)(uid=_))' radius_xlat: 'dc=meduniwien,dc=ac,dc=at' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=meduniwien,dc=ac,dc=at, with filter (|(uid=mtesth46)(uid=_)) rlm_ldap: Added password tintifax in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusCallingStationId as Airespace-Interface-Name, value 310 & op=11 rlm_ldap: user mtesth46 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_wlan" returns ok for request 5 users: Matched entry DEFAULT at line 54 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 88 to 10.110.100.3 port 32769 Airespace-Interface-Name = "310" EAP-Message = 0x0107002019001703010015f498da9cbda4d2b81f7c5e0ecef9b206145176adec Message-Authenticator = 0x00000000000000000000000000000000 State = 0x93e17abd1d4eb9881e9ab10f92aebe64 Finished request 5 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.110.100.3:32769, id=89, length=223 User-Name = "mtesth46" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:Test99" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-anubis-2" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x0207002419001703010019cc7f0b13ca2bd6ac9ca20b5c18ab279c55693037821643cb95 State = 0x93e17abd1d4eb9881e9ab10f92aebe64 Message-Authenticator = 0x35ca4974f8d05de9c1d3b52377d70922 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 rlm_eap: EAP packet type response id 7 length 36 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for mtesth46 radius_xlat: '(|(uid=mtesth46)(uid=_))' radius_xlat: 'dc=meduniwien,dc=ac,dc=at' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=meduniwien,dc=ac,dc=at, with filter (|(uid=mtesth46)(uid=_)) rlm_ldap: Added password tintifax in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusCallingStationId as Airespace-Interface-Name, value 310 & op=11 rlm_ldap: user mtesth46 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_wlan" returns ok for request 6 users: Matched entry DEFAULT at line 54 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - mtesth46 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of mtesth46 PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to mtesth46 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 rlm_eap: EAP packet type response id 7 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for mtesth46 radius_xlat: '(|(uid=mtesth46)(uid=_))' radius_xlat: 'dc=meduniwien,dc=ac,dc=at' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=meduniwien,dc=ac,dc=at, with filter (|(uid=mtesth46)(uid=_)) rlm_ldap: Added password tintifax in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusCallingStationId as Airespace-Interface-Name, value 310 & op=11 rlm_ldap: user mtesth46 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_wlan" returns ok for request 6 modcall[authorize]: module "files" returns notfound for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 89 to 10.110.100.3 port 32769 Airespace-Interface-Name = "310" EAP-Message = 0x010800391900170301002e078b421637893e85fec74bb152ce483005a2741ab725d2704ddea9f3d9d3cf5bf724b483de343dbea415d5194b54 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb3d235b463157a50800b19d3f89debdc Finished request 6 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.110.100.3:32769, id=90, length=277 User-Name = "mtesth46" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:Test99" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-anubis-2" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x0208005a1900170301004fe175bbd8117e3b87583fa6bda0f9b9ae0c88614153ec76dd0cb3a9e65a5f08ecad6b5102868896ee483ed3282d358cfa7ce230768d1e63c36ccb97a80a4867d29ec0d626a7f509430644afe5826311 State = 0xb3d235b463157a50800b19d3f89debdc Message-Authenticator = 0xe48addfa95e416c79a438beeb16d91cb Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 rlm_eap: EAP packet type response id 8 length 90 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 rlm_ldap: - authorize rlm_ldap: performing user authorization for mtesth46 radius_xlat: '(|(uid=mtesth46)(uid=_))' radius_xlat: 'dc=meduniwien,dc=ac,dc=at' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=meduniwien,dc=ac,dc=at, with filter (|(uid=mtesth46)(uid=_)) rlm_ldap: Added password tintifax in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusCallingStationId as Airespace-Interface-Name, value 310 & op=11 rlm_ldap: user mtesth46 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_wlan" returns ok for request 7 users: Matched entry DEFAULT at line 54 modcall[authorize]: module "files" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to mtesth46 PEAP: Adding old state with a8 f0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 rlm_eap: EAP packet type response id 8 length 67 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 rlm_ldap: - authorize rlm_ldap: performing user authorization for mtesth46 radius_xlat: '(|(uid=mtesth46)(uid=_))' radius_xlat: 'dc=meduniwien,dc=ac,dc=at' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=meduniwien,dc=ac,dc=at, with filter (|(uid=mtesth46)(uid=_)) rlm_ldap: Added password tintifax in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusCallingStationId as Airespace-Interface-Name, value 310 & op=11 rlm_ldap: user mtesth46 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_wlan" returns ok for request 7 modcall[authorize]: module "files" returns notfound for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 7 rlm_mschap: Told to do MS-CHAPv2 for mtesth46 with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 7 modcall: leaving group MS-CHAP (returns ok) for request 7 MSCHAP Success modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 Sending Access-Challenge of id 90 to 10.110.100.3 port 32769 Airespace-Interface-Name = "310" EAP-Message = 0x0109004a1900170301003f76e82111fad9d5e048c4fb21177ae0b08ad6f14d69f44c661027bd353a9f3700ee748db3b3e0f21ff89feb3faaddebde89641311d45f72903bafe14a3fd027 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2c9ef9760cad6604f9f825af74bd03df Finished request 7 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.110.100.3:32769, id=91, length=216 User-Name = "mtesth46" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:Test99" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-anubis-2" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x0209001d19001703010012cca828145701d4e8ffe734c339b8ec212171 State = 0x2c9ef9760cad6604f9f825af74bd03df Message-Authenticator = 0xf4d563f989f72d6ddaf691a0862f1f24 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 rlm_eap: EAP packet type response id 9 length 29 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 rlm_ldap: - authorize rlm_ldap: performing user authorization for mtesth46 radius_xlat: '(|(uid=mtesth46)(uid=_))' radius_xlat: 'dc=meduniwien,dc=ac,dc=at' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=meduniwien,dc=ac,dc=at, with filter (|(uid=mtesth46)(uid=_)) rlm_ldap: Added password tintifax in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusCallingStationId as Airespace-Interface-Name, value 310 & op=11 rlm_ldap: user mtesth46 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_wlan" returns ok for request 8 users: Matched entry DEFAULT at line 54 modcall[authorize]: module "files" returns ok for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to mtesth46 PEAP: Adding old state with 96 53 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 rlm_eap: EAP packet type response id 9 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 rlm_ldap: - authorize rlm_ldap: performing user authorization for mtesth46 radius_xlat: '(|(uid=mtesth46)(uid=_))' radius_xlat: 'dc=meduniwien,dc=ac,dc=at' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=meduniwien,dc=ac,dc=at, with filter (|(uid=mtesth46)(uid=_)) rlm_ldap: Added password tintifax in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusCallingStationId as Airespace-Interface-Name, value 310 & op=11 rlm_ldap: user mtesth46 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_wlan" returns ok for request 8 modcall[authorize]: module "files" returns notfound for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 8 modcall: leaving group authenticate (returns ok) for request 8 Login OK: [mtesth46] (from client localhost port 0) PEAP: Tunneled authentication was successful. rlm_eap_peap: SUCCESS modcall[authenticate]: module "eap" returns handled for request 8 modcall: leaving group authenticate (returns handled) for request 8 Sending Access-Challenge of id 91 to 10.110.100.3 port 32769 Airespace-Interface-Name = "310" EAP-Message = 0x010a00261900170301001b09f6891cd5e1c18644ca498731d143f6e2d1519b37782628853e49 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd6a50e25e6664e25c9da340836dcac14 Finished request 8 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.110.100.3:32769, id=92, length=225 User-Name = "mtesth46" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:Test99" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-anubis-2" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x020a00261900170301001b64237d09412bf35d7e35580141892b401fbd8e3b4bbf8ebe399a4b State = 0xd6a50e25e6664e25c9da340836dcac14 Message-Authenticator = 0x38ab4c0590111af8ff63c6b6f1617aa4 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 rlm_eap: EAP packet type response id 10 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 rlm_ldap: - authorize rlm_ldap: performing user authorization for mtesth46 radius_xlat: '(|(uid=mtesth46)(uid=_))' radius_xlat: 'dc=meduniwien,dc=ac,dc=at' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=meduniwien,dc=ac,dc=at, with filter (|(uid=mtesth46)(uid=_)) rlm_ldap: Added password tintifax in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusCallingStationId as Airespace-Interface-Name, value 310 & op=11 rlm_ldap: user mtesth46 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_wlan" returns ok for request 9 users: Matched entry DEFAULT at line 54 modcall[authorize]: module "files" returns ok for request 9 modcall: leaving group authorize (returns updated) for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 9 modcall: leaving group authenticate (returns ok) for request 9 Login OK: [mtesth46] (from client wlan port 29 cli 00-0E-35-AE-DB-DF) Sending Access-Accept of id 92 to 10.110.100.3 port 32769 Airespace-Interface-Name = "310" MS-MPPE-Recv-Key = 0xd0006ceb32d38deb51faa8bdd9003f36e642a074be6b04de673a7e305730cfa3 MS-MPPE-Send-Key = 0x796fd7112c1101ddf338e9a151614795b8c5b668879fcc77a7f88df14482e323 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "mtesth46" Finished request 9 Going to the next request -------- Original-Nachricht -------- Datum: Mon, 23 Apr 2007 16:57:45 +0300 Von: Kostas Kalevras <kkalev@noc.ntua.gr> An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Betreff: Re: override ldap reply attribute
O/H Chaos Commander έγραψε:
Kostas Kalevras wrote:
O/H tschaos@gmx.net έγραψε:
Hi Guys,
I have maybe a quite simple question:
is there any way to override the default ldap-reply attribute with an
other value than there is in ldap.
i.e.:
users-file:
Default Called-Station-Id = "00-1A-30-2F-11-50:Test",
Airespace-Interface-Name := 777
ldap.attrmap:
replyItem Airespace-Interface-Name radiusCallingStationId
wanted result:
if the users-file doesnt match, use vlaue of ldap-attribute:
radiusCallingStationId, otherwise use vlaue: 777
in this type of configuration it seems i cant override the ldap-reply
attribute-value with the users-file.
Check the order in which the files and ldap module appear in the authorize section. If you want to override an ldap value then you need to have the files moduel after the ldap module.
unfortunately the problem still persists, also if i change the order :-(
any other ideas?
Run in debug mode (radiusd -X) and POST the output.
is there any possible way to do this?
thanks in advance :-)
freeradiusver: 1.1.4
-- Kostas Kalevras - Network Operations Center National Technical University of Athens http://kkalev.wordpress.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Kostas Kalevras - Network Operations Center National Technical University of Athens http://kkalev.wordpress.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail
O/H tschaos@gmx.net έγραψε:
Here is the full debug-log.
Airespace-Interface-Name value in ldap: 310 vlaue in users-file: 777
as you can see, it doesnt override :-(
users-file line 54, which matches:
DEFAULT Called-Station-Id == "00-1A-30-2E-C9-60:Test99", Airespace-Interface-Name := "777"
Airespace-Interface-Name is a reply item while you are seting it as a check item. Correct way: DEFAULT Called-Station-Id == "00-1A-30-2E-C9-60:Test99" Airespace-Interface-Name := "777"
radiusd.conf authorize section:
authorize { preprocess eap ldap_wlan files }
as you can see, its wlan-authentication with EAP on SSID:Test99
dont know what i can try else :-(
thanks in advance for your help!
-- Kostas Kalevras - Network Operations Center National Technical University of Athens http://kkalev.wordpress.com
Kostas Kalevras wrote
O/H tschaos@gmx.net έγραψε:
Here is the full debug-log.
Airespace-Interface-Name value in ldap: 310 vlaue in users-file: 777
as you can see, it doesnt override :-(
users-file line 54, which matches:
DEFAULT Called-Station-Id == "00-1A-30-2E-C9-60:Test99", Airespace-Interface-Name := "777"
Airespace-Interface-Name is a reply item while you are seting it as a check item. Correct way:
DEFAULT Called-Station-Id == "00-1A-30-2E-C9-60:Test99" Airespace-Interface-Name := "777"
IT WORKS! thanks a LOT :-)
radiusd.conf authorize section:
authorize { preprocess eap ldap_wlan files }
as you can see, its wlan-authentication with EAP on SSID:Test99
dont know what i can try else :-(
thanks in advance for your help!
-- Kostas Kalevras - Network Operations Center National Technical University of Athens http://kkalev.wordpress.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail
participants (3)
-
Chaos Commander -
Kostas Kalevras -
tschaos@gmx.net