I have a little problem but I think it's because autz-type is badly configured I have 2 ldaps (ldap_peda and ldap_admin) users account works fine on each servers but machine accounts work only on ldap_peda when a computer boot freeradius logs says +++[ldap_admin] returns ok [...] ++[ldap_peda] returns notfound (it s normal) but it says Sending Access-Accept with autz-type ldap_peda and not ldap_admin So machine is in the wrong vlan What do I miss ? my users file #### IT S FOR MACHINE ACCOUNT AUTH DEFAULT Autz-Type := ldap_peda Tunnel-Type=VLAN, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=20, Reply-Message="ok_hostpeda" DEFAULT Autz-Type := ldap_admin Tunnel-Type=VLAN, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=10, Reply-Message="ok_hostadmin" #### IT S FOR USERS ACCOUNT AUTH DEFAULT ldap_peda-Ldap-Group=="Eleves" Tunnel-Type=VLAN, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=20, Reply-Message="okeleves" DEFAULT ldap_peda-Ldap-Group=="professeurs" Tunnel-Type=VLAN, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=20, Reply-Message="okprofs" DEFAULT ldap_admin-Ldap-Group=="administratifs" Tunnel-Type=VLAN, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=10, Reply-Message="admin" FreeRADIUS Version 2.1.7, for host i486-pc-linux-gnu, built on Oct 5 2009 at 14:59:57 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/control-socket group = freerad user = freerad including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" virtual_server = "inner-tunnel" } client 192.168.10.254 { require_message_authenticator = no secret = "momo" shortname = "Nortel" nastype = "other" virtual_server = "inner-tunnel" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes } Module: Linked to module rlm_ldap Module: Instantiating ldap_admin ldap ldap_admin { server = "192.168.10.2" port = 389 password = "" identity = "" net_timeout = 1 timeout = 4 timelimit = 3 tls_mode = no start_tls = no tls_require_cert = "allow" tls { start_tls = no require_cert = "allow" } basedn = "o=gouv,c=fr" filter = "(uid=%{mschap:User-Name})" base_filter = "(objectclass=radiusprofile)" password_attribute = "user-Password" auto_header = no access_attr = "uid" access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(&(objectClass=posixGroup)(memberUid=%{mschap:User-Name}))" dictionary_mapping = "/etc/freeradius/ldap.attrmap" ldap_debug = 0 ldap_connections_number = 15 compare_check_items = no do_xlat = yes edir_account_policy_check = no set_auth_type = yes } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap_admin-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap_admin-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap_admin rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message conns: 0x8176838 Module: Instantiating ldap_peda ldap ldap_peda { server = "192.168.20.2" port = 389 password = "" identity = "" net_timeout = 1 timeout = 4 timelimit = 3 tls_mode = no start_tls = no tls_require_cert = "allow" tls { start_tls = no require_cert = "allow" } basedn = "o=gouv,c=fr" filter = "(uid=%{mschap:User-Name})" base_filter = "(objectclass=radiusprofile)" password_attribute = "user-Password" auto_header = no access_attr = "uid" access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(&(objectClass=posixGroup)(memberUid=%{mschap:User-Name}))" dictionary_mapping = "/etc/freeradius/ldap.attrmap" ldap_debug = 0 ldap_connections_number = 15 compare_check_items = no do_xlat = yes edir_account_policy_check = no set_auth_type = yes } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap_peda-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap_peda-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap_peda rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message conns: 0x8177e58 Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "mschapv2" timer_expire = 60 ignore_unknown_eap_types = yes cisco_accounting_username_bug = no max_sessions = 2048 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/ssl/certs/eole.key" certificate_file = "/etc/ssl/certs/eole.crt" CA_file = "/etc/ssl/certs/ca.crt" dh_file = "/etc/ssl/dh" random_file = "/dev/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" cache { enable = no lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" } } # modules } # server server { modules { } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } Listening on authentication address * port 1812 Ready to process requests. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=239, length=122 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xf9beb36136492c7928eb9131e2fb21ca NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" EAP-Message = 0x020b001201686f73742f70632d61646d696e server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 11 length 18 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 192.168.20.2:389, authentication 0 rlm_ldap: bind as / to 192.168.20.2:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 192.168.10.2:389, authentication 0 rlm_ldap: bind as / to 192.168.10.2:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 239 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x010c00271a010c002210d92b9fd31dccad929fdb3f2ca05a6646686f73742f70632d61646d696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee25aff54b96dea318012fe73d9 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=240, length=128 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x21826287328e18d53b013ad8b9b196f1 NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee25aff54b96dea318012fe73d9 EAP-Message = 0x020c00060319 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 12 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 240 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x010d00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee25bfe57b96dea318012fe73d9 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=241, length=202 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x6939b9798b27d12e96581c83e621324d NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee25bfe57b96dea318012fe73d9 EAP-Message = 0x020d005019800000004616030100410100003d03014b6829d4ba7efe234d701d03c5952b9eb8ead51c8105eb946369aacc24e8430000001600040005000a000900640062000300060013001200630100 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 13 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 70 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 0914], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 241 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x010e040019c000000951160301002a0200002603014b68298c6d7075b0b54fb873ef9fa975135522b70e535ab172d2d7a99533d73e0000040016030109140b00091000090d0004af308204ab30820393a003020102020120300d06092a864886f70d0101050500307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e301e170d3130303130343135303632365a170d31333031303431 EAP-Message = 0x35303632365a30818d310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573312630240603550403131d70662d616d6f6e2e30373231353732542e61632d6e616e7465732e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100e4bed7c951596527195184c10821f2095377a90e673796557a48c155e02114854d78ef0a554f4508f9b65fabbbe13c41f336035031036c0406d1cfa48959aa70e6bbe935fa99 EAP-Message = 0x376c3784bbadd7617ab8ce3379b7b067a632c25ccbe005fcfc04e88fe73f53256aa16ee313b08ad0db3e843ab8c459e476f2e5d85779ccab883841a4b410efafa984bb03f2ae66f9bbdccc438edbf28b9ae2d2bfb99c72e37b6e9f43efec87f622bd64f50f281c42738a4d534b0588436d7bc05e2ebfd286f9f5202ca4ebd88d0b483f513f601ef41c0372e57e025264814e7c26d5cd550c14ceca6f04267766408a69cd9774a86d377dc39319419639f0ae531f64e65077ee310203010001a382012630820122300c0603551d130101ff04023000301d0603551d0e04160414d9d4f8e696b1018db9607d864c473313ecd52e533081ac0603551d2304 EAP-Message = 0x81a43081a18014323a4970ba53cf9fff2b2ce5436dd64e036b4cf7a17ea47c307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e820900f600a779ca4a31f2300b0603551d0f0404030205a0301106096086480186f8420101040403020640302406096086480186f842010d04171615436572746966696361742073656c66207369676e65300d06092a864886f70d01010505000382 EAP-Message = 0x010100738b52410508dfb265 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee258fd57b96dea318012fe73d9 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=242, length=128 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xfb36b01671119b3c8b0224e2688bb6e0 NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee258fd57b96dea318012fe73d9 EAP-Message = 0x020e00061900 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 14 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 242 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x010f03fc19401182ca5390bea1fe88313c924d092dbd0cb475424af8c336fe26053d412f47c50fe19c560b380240cd0ffc099b2d1389efe8138320b9c39ff976bb256aa135220112ce2dcbda12a62d121874632f586a639ab589de66aab22d0c8be6b3038ef720750df0fc4a49d65fd28ac02cf66774b954084b383d2be00517d663023aee762e237709c22dfad7be540c986d88fb9e0cd1d07723dc5a1b86bac13bfc40ce7d6b640ab880491b96a5069e353e781586f8a1ed77c86e94b7eadb0ed3319ae20ace6a378133a7022b2080796dd1c122ac1f4a5c2e7257cdbff34956e38db82ab83ce720e860c087888c09c792fb0cd761cc6bf95f8d82ae EAP-Message = 0x000458308204543082033ca003020102020900f600a779ca4a31f2300d06092a864886f70d0101050500307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e301e170d3130303130343135303632365a170d3133303130343135303632365a307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c65 EAP-Message = 0x20284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e30820122300d06092a864886f70d01010105000382010f003082010a0282010100c98d21324f37ff11d786d7c35d535d59aae2514ae1b9d0647cde3fb9f700505a1d945695c686888f85f5b36c083bee7d99d29dab7444ce49efa4a9802fa14565b1778f676baf779694fe8167ea4e3cf7cd350219e755c5389f981290b31d0414e7967d7f05b92bfbd52f188754f8a47e193638cf68927ca3c8bc307c860f3ef36b39bd3d10117cbe53837e3c60390357cb55a73c6f4b44 EAP-Message = 0x8ea1a5c9b451094d5c02f5e2e482071c7950df080d1f3644f47d9a7aefd6958e5eb5ebf2f93bdf1d65901ea2a3b9b110d16b808ef34a7c3374bb7263d077f063734d63b186b29928e17ef698ed7e4b2841387fc844cb07cc7eb4fd39de3ebc8e4fe0cf2eca4d1b93510203010001a381dc3081d930090603551d1304023000301d0603551d0e04160414323a4970ba53cf9fff2b2ce5436dd64e036b4cf73081ac0603551d230481a43081a18014323a4970ba53cf9fff2b2ce5436dd64e036b4cf7a17ea47c307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c65 EAP-Message = 0x20284d454e455352 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee259fc57b96dea318012fe73d9 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=243, length=128 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xd8c323cc1c5dca53fdc26144184a55df NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee259fc57b96dea318012fe73d9 EAP-Message = 0x020f00061900 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 15 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 243 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x0110016b1900293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e820900f600a779ca4a31f2300d06092a864886f70d0101050500038201010042fb00de5ab000702d477a4af2d066894ac9481a89afd607a8e4f870038ca1f2e4c2ccba76f8c8db937ccc0c1607694dc7316a32ac04f88035c99b3802c40e6af4381339b21229c22e4bab13c4c0d12039f5030c932283e00dd5855df9a1c8172e257e3a41ad6928431aeb93813578cf9208816cd75e3306b3a31e175f3f6fe054317296231e4d53ca9fd6879b03330265e555633dd78100c55681 EAP-Message = 0xdc1181d3cf04302e58287bbf7cbbd102ddceeb821787e736217180fd90a1f0690e40338cfa058c84dae4404611e2a04aebf9a5f09c28f3bba02bc2663707c320ff8f40f9b3f6455f1a683d5c2e9b67a4cdf327665ebcd7e24afd894e826f76f5125763470e16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee25ee357b96dea318012fe73d9 Finished request 4. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=244, length=444 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x9d064c122b5956c73615d6349ffcd178 NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee25ee357b96dea318012fe73d9 EAP-Message = 0x02100140198000000136160301010610000102010099e22fbe4a05d936accfcc683fd55f8b40700b04e65e3b78c86f9117140b263c154c7e549b412e66757099dcbb13dfb218779e04be85a67c741dddf6330b8873c677c47b0afbe278d88c68cfa0943459b196f5e12e02ed21271f9dbaa3289de2ce776cf3da2e30eea71308f185b2e7d4dbdd2ed4fc59316384ed6fa408dc96ec0a212a99cd89692a92b12717206fb0a3a0e8b9c70106f6840256733976809d3edb569081ba70d4bcaf6f65d6784eb7d457297c263f549c34f7f8db3f55eae388f086290d5bde0840af663c86a181464e1cc22b035e1434614f23ed4fc54ac3e39a404a2c71b3f0d3 EAP-Message = 0x22a99e4af56b9ca63a6dab50062bb096e513852043326d0a14030100010116030100204948fe1d6f1b3ecde1765601ef11cfd1936905e4f4948312a68781a0739e2666 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 16 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 244 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x01110031190014030100010116030100203700812b24e375749201076da0bd9b4c462587b2d818f14a726c9beb33feeb45 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee25fe257b96dea318012fe73d9 Finished request 5. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=245, length=128 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xb9d8ae0e08e37f9d172f8e0eda4b780c NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee25fe257b96dea318012fe73d9 EAP-Message = 0x021100061900 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 17 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 245 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x0112002019001703010015b30cb528421556a6b7595ed3761ee6c1aaebee96dc Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee25ce157b96dea318012fe73d9 Finished request 6. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=246, length=163 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xfe515d2dd1c0562720460ac87f8684ae NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee25ce157b96dea318012fe73d9 EAP-Message = 0x021200291900170301001e8f577a77f3936128a808f14d17c3fb56dd053088ce04a8319e069b68bc4e server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 18 length 41 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - host/pc-admin [peap] Got tunneled request EAP-Message = 0x0212001201686f73742f70632d61646d696e server inner-tunnel { PEAP: Got tunneled identity of host/pc-admin PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to host/pc-admin Sending tunneled request EAP-Message = 0x0212001201686f73742f70632d61646d696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/pc-admin" NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User NAS-Port = 10 Framed-MTU = 1490 Calling-Station-Id = "00-0C-29-F7-CC-A0" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 18 length 18 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x011300271a01130022103abcb825a9f3a4a3ef8a850d3573308d686f73742f70632d61646d696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5fb3bf1f5fa0a5401b55155387e6016c [peap] Got tunneled reply RADIUS code 11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x011300271a01130022103abcb825a9f3a4a3ef8a850d3573308d686f73742f70632d61646d696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5fb3bf1f5fa0a5401b55155387e6016c [peap] Got tunneled Access-Challenge ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 246 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x0113003e190017030100337504bfcfdd2686dec869ab4dc942775c76ad373a4014d7994c954b743803351ee1570e54043d7b3a6432bf116c45b3e40b9ce9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee25de057b96dea318012fe73d9 Finished request 7. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=247, length=217 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x34be6f17afd410895671a689cdaa2ace NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee25de057b96dea318012fe73d9 EAP-Message = 0x0213005f19001703010054d9a59f27d7f3fd8667cf9248bddcc6d8335f836aacc87e5567c1c17962874c425a7e3b8a0e137606a9f01fec1c5f6381f4382d502c02eb469d8a2a73513c55f2ab6a1834e641162955910e9fd80293782b4fc76b server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 19 length 95 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x021300481a021300433186b47cb64903955b806163bb51c35db8000000000000000041a2daf3776d80fcf8208f4fe0e697184864cb49983d513800686f73742f70632d61646d696e server inner-tunnel { PEAP: Setting User-Name to host/pc-admin Sending tunneled request EAP-Message = 0x021300481a021300433186b47cb64903955b806163bb51c35db8000000000000000041a2daf3776d80fcf8208f4fe0e697184864cb49983d513800686f73742f70632d61646d696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/pc-admin" State = 0x5fb3bf1f5fa0a5401b55155387e6016c NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User NAS-Port = 10 Framed-MTU = 1490 Calling-Station-Id = "00-0C-29-F7-CC-A0" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 19 length 72 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] Found NT-Password [mschap] Told to do MS-CHAPv2 for host/pc-admin with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x011400331a0313002e533d30453146453344413437333434303035434445323936383045394344354246303233344539384235 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5fb3bf1f5ea7a5401b55155387e6016c [peap] Got tunneled reply RADIUS code 11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x011400331a0313002e533d30453146453344413437333434303035434445323936383045394344354246303233344539384235 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5fb3bf1f5ea7a5401b55155387e6016c [peap] Got tunneled Access-Challenge ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 247 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x0114004a1900170301003fcaee9ba310faf92efca265d1525ab6435017cd256d841401359551ef19eb8dab39eaa87f35a8c2e079554a0291898d709de59a87219a6217fbd3e57f456337 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee252e757b96dea318012fe73d9 Finished request 8. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=248, length=151 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xd0a4155dd2819c7764b212492c148338 NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee252e757b96dea318012fe73d9 EAP-Message = 0x0214001d19001703010012207c339d428fdb827f4aef0d36ae8ae833ad server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 20 length 29 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x021400061a03 server inner-tunnel { PEAP: Setting User-Name to host/pc-admin Sending tunneled request EAP-Message = 0x021400061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/pc-admin" State = 0x5fb3bf1f5ea7a5401b55155387e6016c NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User NAS-Port = 10 Framed-MTU = 1490 Calling-Station-Id = "00-0C-29-F7-CC-A0" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 20 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok WARNING: Empty section. Using default return values. } # server inner-tunnel [peap] Got tunneled reply code 2 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x03140004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "host/pc-admin" [peap] Got tunneled reply RADIUS code 2 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x03140004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "host/pc-admin" [peap] Tunneled authentication was successful. [peap] SUCCESS [peap] Saving tunneled attributes for later ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 248 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x011500261900170301001bf941565a3183097d130c6f900ea8d2b7449ccb3bdcccf59f96527b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee253e657b96dea318012fe73d9 Finished request 9. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=249, length=160 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x50f80e51813b38b0aa944eba89d37efa NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee253e657b96dea318012fe73d9 EAP-Message = 0x021500261900170301001be0562040c9bb550ba6720c9d0826df79e9fc5b58f7427160c7c9ad server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 21 length 38 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [peap] Using saved attributes from the original Access-Accept [eap] Freeing handler ++[eap] returns ok WARNING: Empty section. Using default return values. } # server inner-tunnel Sending Access-Accept of id 249 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" User-Name = "host/pc-admin" MS-MPPE-Recv-Key = 0x4cb00c191ad9ce2d5913f5218594324f3017e7efd7d209aa14b6b56b6a520f1a MS-MPPE-Send-Key = 0x48f134131000bba5b3f590233bc0e3d08e7d99b8f8806bb99b484ede6ce0b0b2 EAP-Message = 0x03150004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 10. Going to the next request Waking up in 4.7 seconds. Cleaning up request 0 ID 239 with timestamp +40 Cleaning up request 1 ID 240 with timestamp +40 Cleaning up request 2 ID 241 with timestamp +40 Cleaning up request 3 ID 242 with timestamp +40 Cleaning up request 4 ID 243 with timestamp +40 Cleaning up request 5 ID 244 with timestamp +40 Cleaning up request 6 ID 245 with timestamp +40 Cleaning up request 7 ID 246 with timestamp +40 Cleaning up request 8 ID 247 with timestamp +40 Cleaning up request 9 ID 248 with timestamp +40 Cleaning up request 10 ID 249 with timestamp +40 Ready to process requests.
sorry . in fact, the problem is the same with users auth. ldap_admin return ok but I get DEFAULT Autz-Type := ldap_peda
Message du 02/02/10 15:05 De : "cd" A : freeradius-users@lists.freeradius.org Copie à : Objet : autz-type according ldap server
I have a little problem but I think it's because autz-type is badly configured I have 2 ldaps (ldap_peda and ldap_admin) users account works fine on each servers
but machine accounts work only on ldap_peda
when a computer boot freeradius logs says +++[ldap_admin] returns ok [...] ++[ldap_peda] returns notfound (it s normal)
but it says Sending Access-Accept with autz-type ldap_peda and not ldap_admin
So machine is in the wrong vlan
What do I miss ?
my users file #### IT S FOR MACHINE ACCOUNT AUTH DEFAULT Autz-Type := ldap_peda Tunnel-Type=VLAN, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=20, Reply-Message="ok_hostpeda"
DEFAULT Autz-Type := ldap_admin Tunnel-Type=VLAN, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=10, Reply-Message="ok_hostadmin"
#### IT S FOR USERS ACCOUNT AUTH DEFAULT ldap_peda-Ldap-Group=="Eleves" Tunnel-Type=VLAN, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=20, Reply-Message="okeleves"
DEFAULT ldap_peda-Ldap-Group=="professeurs" Tunnel-Type=VLAN, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=20, Reply-Message="okprofs"
DEFAULT ldap_admin-Ldap-Group=="administratifs" Tunnel-Type=VLAN, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=10, Reply-Message="admin"
FreeRADIUS Version 2.1.7, for host i486-pc-linux-gnu, built on Oct 5 2009 at 14:59:57 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/control-socket group = freerad user = freerad including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" virtual_server = "inner-tunnel" } client 192.168.10.254 { require_message_authenticator = no secret = "momo" shortname = "Nortel" nastype = "other" virtual_server = "inner-tunnel" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes } Module: Linked to module rlm_ldap Module: Instantiating ldap_admin ldap ldap_admin { server = "192.168.10.2" port = 389 password = "" identity = "" net_timeout = 1 timeout = 4 timelimit = 3 tls_mode = no start_tls = no tls_require_cert = "allow" tls { start_tls = no require_cert = "allow" } basedn = "o=gouv,c=fr" filter = "(uid=%{mschap:User-Name})" base_filter = "(objectclass=radiusprofile)" password_attribute = "user-Password" auto_header = no access_attr = "uid" access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(&(objectClass=posixGroup)(memberUid=%{mschap:User-Name}))" dictionary_mapping = "/etc/freeradius/ldap.attrmap" ldap_debug = 0 ldap_connections_number = 15 compare_check_items = no do_xlat = yes edir_account_policy_check = no set_auth_type = yes } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap_admin-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap_admin-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap_admin rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message conns: 0x8176838 Module: Instantiating ldap_peda ldap ldap_peda { server = "192.168.20.2" port = 389 password = "" identity = "" net_timeout = 1 timeout = 4 timelimit = 3 tls_mode = no start_tls = no tls_require_cert = "allow" tls { start_tls = no require_cert = "allow" } basedn = "o=gouv,c=fr" filter = "(uid=%{mschap:User-Name})" base_filter = "(objectclass=radiusprofile)" password_attribute = "user-Password" auto_header = no access_attr = "uid" access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(&(objectClass=posixGroup)(memberUid=%{mschap:User-Name}))" dictionary_mapping = "/etc/freeradius/ldap.attrmap" ldap_debug = 0 ldap_connections_number = 15 compare_check_items = no do_xlat = yes edir_account_policy_check = no set_auth_type = yes } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap_peda-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap_peda-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap_peda rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message conns: 0x8177e58 Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "mschapv2" timer_expire = 60 ignore_unknown_eap_types = yes cisco_accounting_username_bug = no max_sessions = 2048 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/ssl/certs/eole.key" certificate_file = "/etc/ssl/certs/eole.crt" CA_file = "/etc/ssl/certs/ca.crt" dh_file = "/etc/ssl/dh" random_file = "/dev/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" cache { enable = no lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" } } # modules } # server server { modules { } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } Listening on authentication address * port 1812 Ready to process requests. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=239, length=122 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xf9beb36136492c7928eb9131e2fb21ca NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" EAP-Message = 0x020b001201686f73742f70632d61646d696e server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 11 length 18 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 192.168.20.2:389, authentication 0 rlm_ldap: bind as / to 192.168.20.2:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 192.168.10.2:389, authentication 0 rlm_ldap: bind as / to 192.168.10.2:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 239 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x010c00271a010c002210d92b9fd31dccad929fdb3f2ca05a6646686f73742f70632d61646d696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee25aff54b96dea318012fe73d9 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=240, length=128 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x21826287328e18d53b013ad8b9b196f1 NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee25aff54b96dea318012fe73d9 EAP-Message = 0x020c00060319 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 12 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 240 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x010d00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee25bfe57b96dea318012fe73d9 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=241, length=202 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x6939b9798b27d12e96581c83e621324d NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee25bfe57b96dea318012fe73d9 EAP-Message = 0x020d005019800000004616030100410100003d03014b6829d4ba7efe234d701d03c5952b9eb8ead51c8105eb946369aacc24e8430000001600040005000a000900640062000300060013001200630100 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 13 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 70 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 0914], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 241 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x010e040019c000000951160301002a0200002603014b68298c6d7075b0b54fb873ef9fa975135522b70e535ab172d2d7a99533d73e0000040016030109140b00091000090d0004af308204ab30820393a003020102020120300d06092a864886f70d0101050500307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e301e170d3130303130343135303632365a170d31333031303431 EAP-Message = 0x35303632365a30818d310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573312630240603550403131d70662d616d6f6e2e30373231353732542e61632d6e616e7465732e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100e4bed7c951596527195184c10821f2095377a90e673796557a48c155e02114854d78ef0a554f4508f9b65fabbbe13c41f336035031036c0406d1cfa48959aa70e6bbe935fa99 EAP-Message = 0x376c3784bbadd7617ab8ce3379b7b067a632c25ccbe005fcfc04e88fe73f53256aa16ee313b08ad0db3e843ab8c459e476f2e5d85779ccab883841a4b410efafa984bb03f2ae66f9bbdccc438edbf28b9ae2d2bfb99c72e37b6e9f43efec87f622bd64f50f281c42738a4d534b0588436d7bc05e2ebfd286f9f5202ca4ebd88d0b483f513f601ef41c0372e57e025264814e7c26d5cd550c14ceca6f04267766408a69cd9774a86d377dc39319419639f0ae531f64e65077ee310203010001a382012630820122300c0603551d130101ff04023000301d0603551d0e04160414d9d4f8e696b1018db9607d864c473313ecd52e533081ac0603551d2304 EAP-Message = 0x81a43081a18014323a4970ba53cf9fff2b2ce5436dd64e036b4cf7a17ea47c307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e820900f600a779ca4a31f2300b0603551d0f0404030205a0301106096086480186f8420101040403020640302406096086480186f842010d04171615436572746966696361742073656c66207369676e65300d06092a864886f70d01010505000382 EAP-Message = 0x010100738b52410508dfb265 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee258fd57b96dea318012fe73d9 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=242, length=128 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xfb36b01671119b3c8b0224e2688bb6e0 NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee258fd57b96dea318012fe73d9 EAP-Message = 0x020e00061900 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 14 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 242 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x010f03fc19401182ca5390bea1fe88313c924d092dbd0cb475424af8c336fe26053d412f47c50fe19c560b380240cd0ffc099b2d1389efe8138320b9c39ff976bb256aa135220112ce2dcbda12a62d121874632f586a639ab589de66aab22d0c8be6b3038ef720750df0fc4a49d65fd28ac02cf66774b954084b383d2be00517d663023aee762e237709c22dfad7be540c986d88fb9e0cd1d07723dc5a1b86bac13bfc40ce7d6b640ab880491b96a5069e353e781586f8a1ed77c86e94b7eadb0ed3319ae20ace6a378133a7022b2080796dd1c122ac1f4a5c2e7257cdbff34956e38db82ab83ce720e860c087888c09c792fb0cd761cc6bf95f8d82ae EAP-Message = 0x000458308204543082033ca003020102020900f600a779ca4a31f2300d06092a864886f70d0101050500307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e301e170d3130303130343135303632365a170d3133303130343135303632365a307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c65 EAP-Message = 0x20284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e30820122300d06092a864886f70d01010105000382010f003082010a0282010100c98d21324f37ff11d786d7c35d535d59aae2514ae1b9d0647cde3fb9f700505a1d945695c686888f85f5b36c083bee7d99d29dab7444ce49efa4a9802fa14565b1778f676baf779694fe8167ea4e3cf7cd350219e755c5389f981290b31d0414e7967d7f05b92bfbd52f188754f8a47e193638cf68927ca3c8bc307c860f3ef36b39bd3d10117cbe53837e3c60390357cb55a73c6f4b44 EAP-Message = 0x8ea1a5c9b451094d5c02f5e2e482071c7950df080d1f3644f47d9a7aefd6958e5eb5ebf2f93bdf1d65901ea2a3b9b110d16b808ef34a7c3374bb7263d077f063734d63b186b29928e17ef698ed7e4b2841387fc844cb07cc7eb4fd39de3ebc8e4fe0cf2eca4d1b93510203010001a381dc3081d930090603551d1304023000301d0603551d0e04160414323a4970ba53cf9fff2b2ce5436dd64e036b4cf73081ac0603551d230481a43081a18014323a4970ba53cf9fff2b2ce5436dd64e036b4cf7a17ea47c307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c65 EAP-Message = 0x20284d454e455352 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee259fc57b96dea318012fe73d9 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=243, length=128 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xd8c323cc1c5dca53fdc26144184a55df NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee259fc57b96dea318012fe73d9 EAP-Message = 0x020f00061900 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 15 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 243 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x0110016b1900293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e820900f600a779ca4a31f2300d06092a864886f70d0101050500038201010042fb00de5ab000702d477a4af2d066894ac9481a89afd607a8e4f870038ca1f2e4c2ccba76f8c8db937ccc0c1607694dc7316a32ac04f88035c99b3802c40e6af4381339b21229c22e4bab13c4c0d12039f5030c932283e00dd5855df9a1c8172e257e3a41ad6928431aeb93813578cf9208816cd75e3306b3a31e175f3f6fe054317296231e4d53ca9fd6879b03330265e555633dd78100c55681 EAP-Message = 0xdc1181d3cf04302e58287bbf7cbbd102ddceeb821787e736217180fd90a1f0690e40338cfa058c84dae4404611e2a04aebf9a5f09c28f3bba02bc2663707c320ff8f40f9b3f6455f1a683d5c2e9b67a4cdf327665ebcd7e24afd894e826f76f5125763470e16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee25ee357b96dea318012fe73d9 Finished request 4. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=244, length=444 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x9d064c122b5956c73615d6349ffcd178 NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee25ee357b96dea318012fe73d9 EAP-Message = 0x02100140198000000136160301010610000102010099e22fbe4a05d936accfcc683fd55f8b40700b04e65e3b78c86f9117140b263c154c7e549b412e66757099dcbb13dfb218779e04be85a67c741dddf6330b8873c677c47b0afbe278d88c68cfa0943459b196f5e12e02ed21271f9dbaa3289de2ce776cf3da2e30eea71308f185b2e7d4dbdd2ed4fc59316384ed6fa408dc96ec0a212a99cd89692a92b12717206fb0a3a0e8b9c70106f6840256733976809d3edb569081ba70d4bcaf6f65d6784eb7d457297c263f549c34f7f8db3f55eae388f086290d5bde0840af663c86a181464e1cc22b035e1434614f23ed4fc54ac3e39a404a2c71b3f0d3 EAP-Message = 0x22a99e4af56b9ca63a6dab50062bb096e513852043326d0a14030100010116030100204948fe1d6f1b3ecde1765601ef11cfd1936905e4f4948312a68781a0739e2666 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 16 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 244 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x01110031190014030100010116030100203700812b24e375749201076da0bd9b4c462587b2d818f14a726c9beb33feeb45 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee25fe257b96dea318012fe73d9 Finished request 5. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=245, length=128 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xb9d8ae0e08e37f9d172f8e0eda4b780c NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee25fe257b96dea318012fe73d9 EAP-Message = 0x021100061900 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 17 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 245 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x0112002019001703010015b30cb528421556a6b7595ed3761ee6c1aaebee96dc Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee25ce157b96dea318012fe73d9 Finished request 6. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=246, length=163 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xfe515d2dd1c0562720460ac87f8684ae NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee25ce157b96dea318012fe73d9 EAP-Message = 0x021200291900170301001e8f577a77f3936128a808f14d17c3fb56dd053088ce04a8319e069b68bc4e server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 18 length 41 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - host/pc-admin [peap] Got tunneled request EAP-Message = 0x0212001201686f73742f70632d61646d696e server inner-tunnel { PEAP: Got tunneled identity of host/pc-admin PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to host/pc-admin Sending tunneled request EAP-Message = 0x0212001201686f73742f70632d61646d696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/pc-admin" NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User NAS-Port = 10 Framed-MTU = 1490 Calling-Station-Id = "00-0C-29-F7-CC-A0" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 18 length 18 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x011300271a01130022103abcb825a9f3a4a3ef8a850d3573308d686f73742f70632d61646d696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5fb3bf1f5fa0a5401b55155387e6016c [peap] Got tunneled reply RADIUS code 11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x011300271a01130022103abcb825a9f3a4a3ef8a850d3573308d686f73742f70632d61646d696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5fb3bf1f5fa0a5401b55155387e6016c [peap] Got tunneled Access-Challenge ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 246 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x0113003e190017030100337504bfcfdd2686dec869ab4dc942775c76ad373a4014d7994c954b743803351ee1570e54043d7b3a6432bf116c45b3e40b9ce9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee25de057b96dea318012fe73d9 Finished request 7. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=247, length=217 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x34be6f17afd410895671a689cdaa2ace NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee25de057b96dea318012fe73d9 EAP-Message = 0x0213005f19001703010054d9a59f27d7f3fd8667cf9248bddcc6d8335f836aacc87e5567c1c17962874c425a7e3b8a0e137606a9f01fec1c5f6381f4382d502c02eb469d8a2a73513c55f2ab6a1834e641162955910e9fd80293782b4fc76b server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 19 length 95 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x021300481a021300433186b47cb64903955b806163bb51c35db8000000000000000041a2daf3776d80fcf8208f4fe0e697184864cb49983d513800686f73742f70632d61646d696e server inner-tunnel { PEAP: Setting User-Name to host/pc-admin Sending tunneled request EAP-Message = 0x021300481a021300433186b47cb64903955b806163bb51c35db8000000000000000041a2daf3776d80fcf8208f4fe0e697184864cb49983d513800686f73742f70632d61646d696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/pc-admin" State = 0x5fb3bf1f5fa0a5401b55155387e6016c NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User NAS-Port = 10 Framed-MTU = 1490 Calling-Station-Id = "00-0C-29-F7-CC-A0" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 19 length 72 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] Found NT-Password [mschap] Told to do MS-CHAPv2 for host/pc-admin with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x011400331a0313002e533d30453146453344413437333434303035434445323936383045394344354246303233344539384235 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5fb3bf1f5ea7a5401b55155387e6016c [peap] Got tunneled reply RADIUS code 11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x011400331a0313002e533d30453146453344413437333434303035434445323936383045394344354246303233344539384235 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5fb3bf1f5ea7a5401b55155387e6016c [peap] Got tunneled Access-Challenge ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 247 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x0114004a1900170301003fcaee9ba310faf92efca265d1525ab6435017cd256d841401359551ef19eb8dab39eaa87f35a8c2e079554a0291898d709de59a87219a6217fbd3e57f456337 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee252e757b96dea318012fe73d9 Finished request 8. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=248, length=151 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0xd0a4155dd2819c7764b212492c148338 NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee252e757b96dea318012fe73d9 EAP-Message = 0x0214001d19001703010012207c339d428fdb827f4aef0d36ae8ae833ad server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 20 length 29 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x021400061a03 server inner-tunnel { PEAP: Setting User-Name to host/pc-admin Sending tunneled request EAP-Message = 0x021400061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/pc-admin" State = 0x5fb3bf1f5ea7a5401b55155387e6016c NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User NAS-Port = 10 Framed-MTU = 1490 Calling-Station-Id = "00-0C-29-F7-CC-A0" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 20 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok WARNING: Empty section. Using default return values. } # server inner-tunnel [peap] Got tunneled reply code 2 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x03140004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "host/pc-admin" [peap] Got tunneled reply RADIUS code 2 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x03140004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "host/pc-admin" [peap] Tunneled authentication was successful. [peap] SUCCESS [peap] Saving tunneled attributes for later ++[eap] returns handled } # server inner-tunnel Sending Access-Challenge of id 248 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" EAP-Message = 0x011500261900170301001bf941565a3183097d130c6f900ea8d2b7449ccb3bdcccf59f96527b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5af34ee253e657b96dea318012fe73d9 Finished request 9. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=249, length=160 NAS-IP-Address = 10.172.253.110 NAS-Port-Type = Ethernet Service-Type = Framed-User Message-Authenticator = 0x50f80e51813b38b0aa944eba89d37efa NAS-Port = 10 Framed-MTU = 1490 User-Name = "host/pc-admin" Calling-Station-Id = "00-0C-29-F7-CC-A0" State = 0x5af34ee253e657b96dea318012fe73d9 EAP-Message = 0x021500261900170301001be0562040c9bb550ba6720c9d0826df79e9fc5b58f7427160c7c9ad server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 21 length 38 [eap] Continuing tunnel setup. ++[eap] returns ok [files] users: Matched entry DEFAULT at line 207 ++[files] returns ok ++- entering group {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_peda] returns notfound [ldap_admin] performing user authorization for host/pc-admin [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) [ldap_admin] checking if remote access for host/pc-admin is allowed by uid [ldap_admin] No default NMAS login sequence [ldap_admin] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430 [ldap_admin] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap_admin] user host/pc-admin authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_admin] returns ok ++- group returns ok ++[expiration] returns noop ++[logintime] returns noop Using Autz-Type ldap_peda +- entering group ldap_peda {...} [ldap_peda] performing user authorization for host/pc-admin [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$) [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$) rlm_ldap: object not found [ldap_peda] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_peda] returns notfound Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [peap] Using saved attributes from the original Access-Accept [eap] Freeing handler ++[eap] returns ok WARNING: Empty section. Using default return values. } # server inner-tunnel Sending Access-Accept of id 249 to 192.168.10.254 port 1024 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" Reply-Message = "ok_hostpeda" User-Name = "host/pc-admin" MS-MPPE-Recv-Key = 0x4cb00c191ad9ce2d5913f5218594324f3017e7efd7d209aa14b6b56b6a520f1a MS-MPPE-Send-Key = 0x48f134131000bba5b3f590233bc0e3d08e7d99b8f8806bb99b484ede6ce0b0b2 EAP-Message = 0x03150004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 10. Going to the next request Waking up in 4.7 seconds. Cleaning up request 0 ID 239 with timestamp +40 Cleaning up request 1 ID 240 with timestamp +40 Cleaning up request 2 ID 241 with timestamp +40 Cleaning up request 3 ID 242 with timestamp +40 Cleaning up request 4 ID 243 with timestamp +40 Cleaning up request 5 ID 244 with timestamp +40 Cleaning up request 6 ID 245 with timestamp +40 Cleaning up request 7 ID 246 with timestamp +40 Cleaning up request 8 ID 247 with timestamp +40 Cleaning up request 9 ID 248 with timestamp +40 Cleaning up request 10 ID 249 with timestamp +40 Ready to process requests.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (1)
-
cd