Hi. I've been trying to setup freeradius with LDAP + TTLS PAP. I use the default radius, eap users files configuration, I configure my modules/ldap file to connect to my ldap, sites-avilable/default file to authorize ldap, and ldap.attrmap to check Cleartext-Password against userPassword. Everything seems normal, when I test it with radtest user pass 10.14.56.26 0 secret is accepted. but when i try from mi XP client the debug show this: +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. } # server inner-tunnel [ttls] Got tunneled reply code 3 [ttls] Got tunneled Access-Reject [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} Here my /sites-avilable/default authorize section: authorize { preprocess chap mschap eap { ok = return } unix files ldap expiration logintime pap } Any Ideas? Thanks. -- View this message in context: http://www.nabble.com/LDAP-%2B-TTLS-PAP-tp24498710p24498710.html Sent from the FreeRadius - User mailing list archive at Nabble.com.
Ivan Kalik wrote:
You have deleted the interesting part of the debug.
Ivan Kalik Kalik Informatika ISP
Sorry Here is my all debug. Ready to process requests. rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=2, length=163 User-Name = "user" Calling-Station-Id = "00-24-2C-83-AA-92" Called-Station-Id = "00-21-A1-9E-F9-30:testGDL" NAS-Port = 1 NAS-IP-Address = 10.14.56.33 NAS-Identifier = "test-gdl-wlc" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800090175736572 Message-Authenticator = 0xb86c778d5e5cbb982425e05ea5b4b6e8 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop [ldap] performing user authorization for user [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=user) [ldap] expand: ou=Wireless,dc=local,dc=test,dc=com -> ou=Wireless,dc=local,dc=test,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Wireless,dc=local,dc=test,dc=com, with filter (cn=user) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... rlm_ldap: userPassword -> Cleartext-Password == "Newuser01" [ldap] looking for reply items in directory... [ldap] user user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 2 to 10.14.56.33 port 32768 EAP-Message = 0x010900160410a1a022fc9a0dfa06c749cc18033a2a4a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xeb2a1c90eb2318c7f00b52ffc2a1bc44 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=2, length=163 Sending duplicate reply to client 10.14.56.33 port 32768 - ID: 2 Sending Access-Challenge of id 2 to 10.14.56.33 port 32768 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=2, length=163 Sending duplicate reply to client 10.14.56.33 port 32768 - ID: 2 Sending Access-Challenge of id 2 to 10.14.56.33 port 32768 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=3, length=178 User-Name = "user" Calling-Station-Id = "00-24-2C-83-AA-92" Called-Station-Id = "00-21-A1-9E-F9-30:testGDL" NAS-Port = 1 NAS-IP-Address = 10.14.56.33 NAS-Identifier = "test-gdl-wlc" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020900060315 State = 0xeb2a1c90eb2318c7f00b52ffc2a1bc44 Message-Authenticator = 0xbe3af8eada8201dbfd51322d12e53c40 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop [ldap] performing user authorization for user [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=user) [ldap] expand: ou=Wireless,dc=local,dc=test,dc=com -> ou=Wireless,dc=local,dc=test,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Wireless,dc=local,dc=test,dc=com, with filter (cn=user) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... rlm_ldap: userPassword -> Cleartext-Password == "Newuser01" [ldap] looking for reply items in directory... [ldap] user user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/ttls [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 3 to 10.14.56.33 port 32768 EAP-Message = 0x010a00061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xeb2a1c90ea2009c7f00b52ffc2a1bc44 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=4, length=284 User-Name = "user" Calling-Station-Id = "00-24-2C-83-AA-92" Called-Station-Id = "00-21-A1-9E-F9-30:testGDL" NAS-Port = 1 NAS-IP-Address = 10.14.56.33 NAS-Identifier = "test-gdl-wlc" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020a007015800000006616030100610100005d03014a5ddd93e85b4d75bd7b9a21b884bdcf282a9f2494f57df9199e8563359795a900003600390038003500160013000a00330032002f0007006600050004006300620061001500120009006500640060001400110008000600030100 State = 0xeb2a1c90ea2009c7f00b52ffc2a1bc44 Message-Authenticator = 0xc86d9cf6e3039d68046a0530a18d6d46 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 112 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 102 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 0061], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange [ttls] TLS_accept: SSLv3 write key exchange A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 4 to 10.14.56.33 port 32768 EAP-Message = 0x010b040015c000000aad160301002a0200002603014a5ddd86b41364db7476dd64005ce8e2585aa7e4e156d751c63d743b5933245d00003900160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3039303731303036333131335a170d3130303731303036333131335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c1fb46f3defa76fee58c225a6ee08eabd09fc256cdaa5510b7c129c70c5e64f157c9b9570b3662da82678a731247ec7f9496f5109cdf737793197ec692e4 EAP-Message = 0x02c2a85c91c09c927fc2d7c66e47b187a37685f2e95888eb87cf372fab0501bbec194cb3c2284f1f5758907997ad1bd1f50326d2d871e852f4d8af11b569ececb0257108cf1db77759e1147505d78957913fb61f13d5ea6828aedb0d5c47c26b4541075eec10a589067bee31307ad01b3bc3797f0c576a7282d04ddb7127ac18c09590062b5407fd4460f685ea780fbc104944cc2de025af38103ac4bc5123393d449a30a1f87af9295ce6ae44c5080647857c8db359b809bb01768ba08ae008e84d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101002d88c882d98703865e EAP-Message = 0x56e1820a3593253cbd9c71c4a8c3493770c1f7039a17aca88779555807e379317276afb7ec62f1e95249ad567071bccfcf21bdbf6dbd7f618bd2d40a2053a56635dbd76ac3cd58fc825a91e0feed3c4f427d274fe2eb1e64ef3fc668120a6595c77ada95146cdcf368e58b75a4c08d8cea536f0bbd5ee94355a939ff9538fcdd20107da69646ca5ba3c44f54d75ab922acda4aa1931b1ba45b4dabe6fcda6ff9afc4f658689c1276ca4251922cb97d709069749ae05d4defb0e2c5f9a3b576b9f9b125298836309d99303bbb460d97ea81815552a9703357d9aaf823fff9275c44de6d23bc3d731bb132404580037ac981b244abf9cf450004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xeb2a1c90e92109c7f00b52ffc2a1bc44 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=5, length=178 User-Name = "user" Calling-Station-Id = "00-24-2C-83-AA-92" Called-Station-Id = "00-21-A1-9E-F9-30:testGDL" NAS-Port = 1 NAS-IP-Address = 10.14.56.33 NAS-Identifier = "test-gdl-wlc" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020b00061500 State = 0xeb2a1c90e92109c7f00b52ffc2a1bc44 Message-Authenticator = 0x53442257246b2aea062c0ad67ba0d8a6 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 11 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 5 to 10.14.56.33 port 32768 EAP-Message = 0x010c040015c000000aad00c2732ade952a074d300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303731303036333131335a170d3130303731303036333131335a308193310b3009060355040613024652310f300d0603550408130652616469757331123010 EAP-Message = 0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bae3caea95e2a2b4103a026c52e2706768751828839c3bb2bc16549951a0be10bc6d43714a735af57557cacc9c4f5ee83db1f53c5e67bd898aba0c92db258f9b7deb342f7a84827c4155454223630a6f1becb8ca5f27d236af65ec813eca65cdbea3e58982011a58b12063 EAP-Message = 0x488cbd8bf5d4ea65d8bb4d622cfb3231f4ee5646cf9784032694db2d17abc3f70bd5b67a1ff15d60c6e0e270683fbbad9cc3215d0fc9b914a62efd952c318525d4e2d0c88155bf5bf869aca8aaed078be3d5e099f5cdb36666e8d2754256e3f92e3bd54eb028b2add1971c397dab87f5daf36a280abf9ba92dacf3fd7df11b2e7c58b0a44eabc20ec7a4c70055cc5ca774eb8518270203010001a381fb3081f8301d0603551d0e04160414a4da443af928af9afc56f540c830fc4e3ab709e13081c80603551d230481c03081bd8014a4da443af928af9afc56f540c830fc4e3ab709e1a18199a48196308193310b3009060355040613024652310f300d EAP-Message = 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900c2732ade952a074d300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100570b6b8b63d22871a70c3365cb16220d8b98ae7d4301fce74b18e56569b67db0797263fb5f2feada7c3b243e0ee41f2251c65f0693ced03d4860efdeb1498620e673ba603b9e3c2418c73e801300 EAP-Message = 0x68f730304b70c7cbad58b585 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xeb2a1c90e82609c7f00b52ffc2a1bc44 Finished request 4. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=6, length=178 User-Name = "user" Calling-Station-Id = "00-24-2C-83-AA-92" Called-Station-Id = "00-21-A1-9E-F9-30:testGDL" NAS-Port = 1 NAS-IP-Address = 10.14.56.33 NAS-Identifier = "test-gdl-wlc" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020c00061500 State = 0xeb2a1c90e82609c7f00b52ffc2a1bc44 Message-Authenticator = 0xa5bccb3b79bc110d40bbdcc53be48060 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 12 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 6 to 10.14.56.33 port 32768 EAP-Message = 0x010d02cb158000000aad055db266297bd53796fdc9c30b15caffd8ab544d9ca86907edb447468c3e56c450e02c396449c436c9f89b7089e6d04f27644506c547bdb03cc9b2cb3ea2d36babdd01faa77f9bca03f1799e119e2c3d982ad89323f97fddbc070796c8daf1be7e7bf2b52f03d27d5a3fb82719e9fd7bee5eaeff0eb6d329ac03e5622444aa928031de84253094f8343a8976a025fd8ca31e40bd69a13c0030ecbf21c05d62723b3d669fcaad160301020d0c0002090080daab1e5d7e0d99049e01b3dca62bd3ff257c2c394048d1ca05af77693021cf2d9725699ec9866a9c3f68fcdbb570be03065efaeeb42eab6d958ae2f3792aa4b7fdaa EAP-Message = 0xa455325075e2df460f601f514159d78bd7e788b5d0240dfffedaeab57505b2a0749becfad86b65d910981edf7d0990bf0db90fde230f757a5d053378adf30001020080359b0b3c822887ccbad46c5fc93547d2139a75956b072d39f1fd3ad09c949f7042e463d40e455c00fbb0a21bfcb4cc14816dab7183e1863c64ff04347343d1dd51beb35fefda9108c57f67a657296efa6d7053fe70737301a07023ca62eb7bb5e8edbe402e2d38ccd8f491f7810e4768ef3e6157b161ca4677f47b15831861ad01002a5344650f914fbf5501d97c27f14937376210a865b464c869c64d02da9ed750134fc7a49ba1c641f90b964e2e66252be6ea4c9eba001d88 EAP-Message = 0x3170f4b6dfcc0bb1789b71e309a544455eb5ca9e06fa143c5d54eb15b561abf8f8c598b0e549717cb19773e4f1b811bbfc901a6ecc9b68976daf0e95a9fb1bdaeeaff7e4caa1bcd8951400323135c1a7bf0a2ea76c7e39076db0fae999eade384b93df1de6b059fd8acefd22e1ca4155676cf8f958542c6c0572dbbf8fe05671304328459ab80696a54197da3cffbf4b04366d4d8c32c133e9277d1281e4c919c0b0290b94d1a4477a3c5c676af363637fe0e8202b1d2a6d9e825cc3a0cdc5efcb69df8348c1f54516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xeb2a1c90ef2709c7f00b52ffc2a1bc44 Finished request 5. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=7, length=380 User-Name = "user" Calling-Station-Id = "00-24-2C-83-AA-92" Called-Station-Id = "00-21-A1-9E-F9-30:testGDL" NAS-Port = 1 NAS-IP-Address = 10.14.56.33 NAS-Identifier = "test-gdl-wlc" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020d00d01580000000c61603010086100000820080adbd458783432417ab3288fc3e8b92c05c9fb681e840bfedf3e18ae254d45688a46ed9f645c63b95c96ac8d52bfbb427b2bfdcc994c319f0b9d0929268b100959c2a05b8becfe6e233c97b559eb2cc825d06d80ed15288e08cdf1f80484f4610295a54968350feccbd357fea95a18c22ed0c52173767ea5f3ce6279c58da53cc1403010001011603010030850c47eac970716e3be39d28f9987b5ba2d9d3ebef7a3513b20538af02bb0bb67e7d60af8811a78260a3a3cc4d1fe25d State = 0xeb2a1c90ef2709c7f00b52ffc2a1bc44 Message-Authenticator = 0xec284ccbc43611a9c333221901d9f841 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 13 length 208 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS TLS Length 198 [ttls] Length Included [ttls] eaptls_verify returned 11 [ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 7 to 10.14.56.33 port 32768 EAP-Message = 0x010e004515800000003b14030100010116030100302f18c7e1b289876d19ce10585d73e61da41965a13f0d7d6ad161d562bc1b951c8f621e1e3d0a1bb3292086c67dc50162 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xeb2a1c90ee2409c7f00b52ffc2a1bc44 Finished request 6. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=8, length=284 User-Name = "user" Calling-Station-Id = "00-24-2C-83-AA-92" Called-Station-Id = "00-21-A1-9E-F9-30:testGDL" NAS-Port = 1 NAS-IP-Address = 10.14.56.33 NAS-Identifier = "test-gdl-wlc" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020e007015001703010020aae3ea9541a8b2df748caf875a30ba7b4919efe2cea2e773ddb610d4c47620911703010040f3df9e440c0b0db2135ee7011449b33538421727705920765c60b5f323809fac40e3bb846adcf8bec94ea6e231d4d74bb2318e6dc9cb9aac7187ad153eaecc16 State = 0xeb2a1c90ee2409c7f00b52ffc2a1bc44 Message-Authenticator = 0x600a4febdd89954911cbcea1c34a5d6e +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 14 length 112 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "user" User-Password = "Newuser01" FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "user" User-Password = "Newuser01" FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. } # server inner-tunnel [ttls] Got tunneled reply code 3 [ttls] Got tunneled Access-Reject [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> user attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 7 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 7 Sending Access-Reject of id 8 to 10.14.56.33 port 32768 EAP-Message = 0x040e0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.7 seconds. Cleaning up request 1 ID 2 with timestamp +305 Cleaning up request 2 ID 3 with timestamp +310 Cleaning up request 3 ID 4 with timestamp +310 Cleaning up request 4 ID 5 with timestamp +310 Cleaning up request 5 ID 6 with timestamp +310 Waking up in 0.1 seconds. Cleaning up request 6 ID 7 with timestamp +310 Waking up in 1.0 seconds. Cleaning up request 7 ID 8 with timestamp +310 -- View this message in context: http://www.nabble.com/LDAP-%2B-TTLS-PAP-tp24498710p24499258.html Sent from the FreeRadius - User mailing list archive at Nabble.com.
Ivan Kalik wrote:
Here is my all debug.
Enable ldap in inner-tunnel virtual server as well.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for your help Ivan. Now everything looks fine. -- View this message in context: http://www.nabble.com/LDAP-%2B-TTLS-PAP-tp24498710p24500243.html Sent from the FreeRadius - User mailing list archive at Nabble.com.
participants (2)
-
Ivan Kalik -
jpablorp