Hi, I have problems with freeradius I am authenticate with a perl script and it works only when I do a radtest like in the following case: Ready to process requests (0) Received Access-Request Id 188 from 192.168.0.3:40871 to 192.168.0.9:1812 length 109 (0) User-Name = "lesterpl@infomed.sld.cu" (0) User-Password = "supermelinda.com2010" (0) NAS-IP-Address = 192.168.0.3 (0) NAS-Port = 1812 (0) Message-Authenticator = 0xe32e609007f449c81e2c6bd8ecf18a8e (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: Looking up realm "infomed.sld.cu" for User-Name = "lesterpl@infomed.sld.cu" (0) suffix: Found realm "infomed.sld.cu" (0) suffix: Adding Stripped-User-Name = "lesterpl" (0) suffix: Adding Realm = "infomed.sld.cu" (0) suffix: Authentication realm is LOCAL (0) [suffix] = ok (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) files: users: Matched entry DEFAULT at line 221 (0) [files] = ok (0) if (ok || updated) { (0) if (ok || updated) -> TRUE (0) if (ok || updated) { (0) update control { (0) Auth-Type := perl (0) } # update control = noop (0) } # if (ok || updated) = noop (0) [expiration] = noop (0) [logintime] = noop (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (0) pap: WARNING: Authentication will fail unless a "known good" password is available (0) [pap] = noop (0) } # authorize = ok (0) Found Auth-Type = perl (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Auth-Type perl { (0) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'lesterpl@infomed.sld.cu' (0) perl: $RAD_REQUEST{'User-Password'} = &request:User-Password -> 'supermelinda.com2010' (0) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '192.168.0.3' (0) perl: $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '1812' (0) perl: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Sep 4 2018 12:25:15 UTC' (0) perl: $RAD_REQUEST{'Message-Authenticator'} = &request:Message-Authenticator -> '0xe32e609007f449c81e2c6bd8ecf18a8e' (0) perl: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'lesterpl' (0) perl: $RAD_REQUEST{'Realm'} = &request:Realm -> 'infomed.sld.cu' (0) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'perl' (0) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'perl' SOFT ASSERT FAILED src/modules/rlm_perl/rlm_perl.c[703]: *vps (0) perl: &request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> '0xe32e609007f449c81e2c6bd8ecf18a8e' (0) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'lesterpl@infomed.sld.cu' (0) perl: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Sep 4 2018 12:25:15 UTC' (0) perl: &request:User-Password = $RAD_REQUEST{'User-Password'} -> 'supermelinda.com2010' (0) perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '1812' (0) perl: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'lesterpl' (0) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '192.168.0.3' (0) perl: &request:Realm = $RAD_REQUEST{'Realm'} -> 'infomed.sld.cu' SOFT ASSERT FAILED src/modules/rlm_perl/rlm_perl.c[703]: *vps (0) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'perl' (0) [perl] = ok (0) } # Auth-Type perl = ok (0) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default (0) post-auth { (0) update { (0) No attributes updated (0) } # update = noop (0) [exec] = noop (0) policy remove_reply_message_if_eap { (0) if (&reply:EAP-Message && &reply:Reply-Message) { (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (0) else { (0) [noop] = noop (0) } # else = noop (0) } # policy remove_reply_message_if_eap = noop (0) } # post-auth = noop (0) Sent Access-Accept Id 188 from 192.168.0.9:1812 to 192.168.0.3:40871 length 0 (0) Finished request Waking up in 4.9 seconds. BUT WHEN I SEND IT MY AP THE FREERADIUS ASSUMES IT IN THE GROUP OF PAP AND NOT AUTHENTIC Received Access-Request Id 4 from 192.168.0.80:1061 to 192.168.0.9:1812 length 322 (4) Message-Authenticator = 0x7350cca44f5ea831e5dff8bf3ea5be8b (4) Service-Type = Framed-User (4) User-Name = "aymeema" (4) Framed-MTU = 1488 (4) State = 0xee0bf512ed0fecd6e57224eb55af15dd (4) Called-Station-Id = "00-23-CD-DC-C5-54:FTS" (4) Calling-Station-Id = "48-59-29-D4-FC-33" (4) NAS-Port-Type = Wireless-802.11 (4) Connect-Info = "CONNECT 54Mbps 802.11g" (4) EAP-Message = 0x020400901980000000861603010046100000424104631fdc9346cd60c44035b7efb9e8f1f0c997f33787eff9189e4b6eeee27cc542d466b86da33c4f378c5ce26aa52d5d311a5790c308e422e121b9093286c1c303140301000101160301003085b82bf9e3a0949af7d6af10fc9938d21707e2778c3cde (4) NAS-IP-Address = 192.168.1.5 (4) NAS-Port = 2 (4) NAS-Port-Id = "STA port # 2" (4) session-state: No cached attributes (4) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (4) authorize { (4) policy filter_username { (4) if (&User-Name) { (4) if (&User-Name) -> TRUE (4) if (&User-Name) { (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@[^@]*@/ ) { (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ /@\./) { (4) if (&User-Name =~ /@\./) -> FALSE (4) } # if (&User-Name) = notfound (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "aymeema", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent EAP Response (code 2) ID 4 length 144 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = eap (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0xee0bf512ed0fecd6 (4) eap: Finished EAP session with state 0xee0bf512ed0fecd6 (4) eap: Previous EAP request found for state 0xee0bf512ed0fecd6, released from the list (4) eap: Peer sent packet with method EAP PEAP (25) (4) eap: Calling submodule eap_peap to process data (4) eap_peap: Continuing EAP-TLS (4) eap_peap: Peer indicated complete TLS record size will be 134 bytes (4) eap_peap: Got complete TLS record (134 bytes) (4) eap_peap: [eaptls verify] = length included (4) eap_peap: TLS_accept: SSLv3/TLS write server done (4) eap_peap: <<< recv TLS 1.0 Handshake [length 0046], ClientKeyExchange (4) eap_peap: TLS_accept: SSLv3/TLS read client key exchange (4) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec (4) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished (4) eap_peap: TLS_accept: SSLv3/TLS read finished (4) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001] (4) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec (4) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished (4) eap_peap: TLS_accept: SSLv3/TLS write finished (4) eap_peap: (other): SSL negotiation finished successfully (4) eap_peap: SSL Connection Established (4) eap_peap: [eaptls process] = handled (4) eap: Sending EAP Request (code 1) ID 5 length 65 (4) eap: EAP session adding &reply:State = 0xee0bf512ea0eecd6 (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) Post-Auth-Type sub-section not found. Ignoring. (4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (4) Sent Access-Challenge Id 4 from 192.168.0.9:1812 to 192.168.0.80:1061 length 0 (4) EAP-Message = 0x01050041190014030100010116030100309e11214d85fa990821becf3a07c9bb538025176dc796b9634c64808ba1686f9238894ab9576ed35c33363c495fe50394 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0xee0bf512ea0eecd6e57224eb55af15dd (4) Finished request Waking up in 3.9 seconds. (5) Received Access-Request Id 5 from 192.168.0.80:1061 to 192.168.0.9:1812 length 184 (5) Message-Authenticator = 0x5817762eb30c8ca2143d311a5f05701f (5) Service-Type = Framed-User (5) User-Name = "aymeema" (5) Framed-MTU = 1488 (5) State = 0xee0bf512ea0eecd6e57224eb55af15dd (5) Called-Station-Id = "00-23-CD-DC-C5-54:FTS" (5) Calling-Station-Id = "48-59-29-D4-FC-33" (5) NAS-Port-Type = Wireless-802.11 (5) Connect-Info = "CONNECT 54Mbps 802.11g" (5) EAP-Message = 0x020500061900 (5) NAS-IP-Address = 192.168.1.5 (5) NAS-Port = 2 (5) NAS-Port-Id = "STA port # 2" (5) session-state: No cached attributes (5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "aymeema", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: Peer sent EAP Response (code 2) ID 5 length 6 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = eap (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0xee0bf512ea0eecd6 (5) eap: Finished EAP session with state 0xee0bf512ea0eecd6 (5) eap: Previous EAP request found for state 0xee0bf512ea0eecd6, released from the list (5) eap: Peer sent packet with method EAP PEAP (25) (5) eap: Calling submodule eap_peap to process data (5) eap_peap: Continuing EAP-TLS (5) eap_peap: Peer ACKed our handshake fragment. handshake is finished (5) eap_peap: [eaptls verify] = success (5) eap_peap: [eaptls process] = success (5) eap_peap: Session established. Decoding tunneled attributes (5) eap_peap: PEAP state TUNNEL ESTABLISHED (5) eap: Sending EAP Request (code 1) ID 6 length 43 (5) eap: EAP session adding &reply:State = 0xee0bf512eb0decd6 (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) Post-Auth-Type sub-section not found. Ignoring. (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (5) Sent Access-Challenge Id 5 from 192.168.0.9:1812 to 192.168.0.80:1061 length 0 (5) EAP-Message = 0x0106002b19001703010020e5982b8f79ff254f613da0903bf2edcd9082b515df3088104824bfed85946d68 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0xee0bf512eb0decd6e57224eb55af15dd (5) Finished request Waking up in 3.9 seconds. (6) Received Access-Request Id 6 from 192.168.0.80:1061 to 192.168.0.9:1812 length 258 (6) Message-Authenticator = 0xc0a67886a6db2931141dc8ab02e5f4ec (6) Service-Type = Framed-User (6) User-Name = "aymeema" (6) Framed-MTU = 1488 (6) State = 0xee0bf512eb0decd6e57224eb55af15dd (6) Called-Station-Id = "00-23-CD-DC-C5-54:FTS" (6) Calling-Station-Id = "48-59-29-D4-FC-33" (6) NAS-Port-Type = Wireless-802.11 (6) Connect-Info = "CONNECT 54Mbps 802.11g" (6) EAP-Message = 0x0206005019001703010020b02f8c267ab89a8847fbfc6ee6ab613935ab0fdc7c2e2635d7f785dd8ea3d6e31703010020383a7ac5e717bd2dff247c3d2aeed6364d86752af73793a7ba166abcb88aea89 (6) NAS-IP-Address = 192.168.1.5 (6) NAS-Port = 2 (6) NAS-Port-Id = "STA port # 2" (6) session-state: No cached attributes (6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "aymeema", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) eap: Peer sent EAP Response (code 2) ID 6 length 80 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = eap (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (6) authenticate { (6) eap: Expiring EAP session with state 0xee0bf512eb0decd6 (6) eap: Finished EAP session with state 0xee0bf512eb0decd6 (6) eap: Previous EAP request found for state 0xee0bf512eb0decd6, released from the list (6) eap: Peer sent packet with method EAP PEAP (25) (6) eap: Calling submodule eap_peap to process data (6) eap_peap: Continuing EAP-TLS (6) eap_peap: [eaptls verify] = ok (6) eap_peap: Done initial handshake (6) eap_peap: [eaptls process] = ok (6) eap_peap: Session established. Decoding tunneled attributes (6) eap_peap: PEAP state WAITING FOR INNER IDENTITY (6) eap_peap: Identity - aymeema (6) eap_peap: Got inner identity 'aymeema' (6) eap_peap: Setting default EAP type for tunneled EAP session (6) eap_peap: Got tunneled request (6) eap_peap: EAP-Message = 0x0206000c0161796d65656d61 (6) eap_peap: Setting User-Name to aymeema (6) eap_peap: Sending tunneled request to inner-tunnel (6) eap_peap: EAP-Message = 0x0206000c0161796d65656d61 (6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (6) eap_peap: User-Name = "aymeema" (6) Virtual server inner-tunnel received request (6) EAP-Message = 0x0206000c0161796d65656d61 (6) FreeRADIUS-Proxied-To = 127.0.0.1 (6) User-Name = "aymeema" (6) WARNING: Outer and inner identities are the same. User privacy is compromised. (6) server inner-tunnel { (6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ /@\./) { (6) if (&User-Name =~ /@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [chap] = noop (6) [mschap] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "aymeema", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) update control { (6) &Proxy-To-Realm := LOCAL (6) } # update control = noop (6) eap: Peer sent EAP Response (code 2) ID 6 length 12 (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = eap (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (6) authenticate { (6) eap: Peer sent packet with method EAP Identity (1) (6) eap: Calling submodule eap_mschapv2 to process data (6) eap_mschapv2: Issuing Challenge (6) eap: Sending EAP Request (code 1) ID 7 length 43 (6) eap: EAP session adding &reply:State = 0x122cc322122bd902 (6) [eap] = handled (6) } # authenticate = handled (6) } # server inner-tunnel (6) Virtual server sending reply (6) EAP-Message = 0x0107002b1a0107002610376ccdc558f65a17b14afc6aca1ccfef667265657261646975732d332e302e3132 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x122cc322122bd9025a123037d96cd8cc (6) eap_peap: Got tunneled reply code 11 (6) eap_peap: EAP-Message = 0x0107002b1a0107002610376ccdc558f65a17b14afc6aca1ccfef667265657261646975732d332e302e3132 (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0x122cc322122bd9025a123037d96cd8cc (6) eap_peap: Got tunneled reply RADIUS code 11 (6) eap_peap: EAP-Message = 0x0107002b1a0107002610376ccdc558f65a17b14afc6aca1ccfef667265657261646975732d332e302e3132 (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0x122cc322122bd9025a123037d96cd8cc (6) eap_peap: Got tunneled Access-Challenge (6) eap: Sending EAP Request (code 1) ID 7 length 75 (6) eap: EAP session adding &reply:State = 0xee0bf512e80cecd6 (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) Post-Auth-Type sub-section not found. Ignoring. (6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (6) Sent Access-Challenge Id 6 from 192.168.0.9:1812 to 192.168.0.80:1061 length 0 (6) EAP-Message = 0x0107004b19001703010040171a800058420a49caaa8d4866e007313847e5baccdd901f56266b9863c45e076cce5ee00d9c0ea977fab30c69c1d8c5e16a06f7c69fff919decaaf19a5a90f6 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xee0bf512e80cecd6e57224eb55af15dd (6) Finished request Waking up in 3.8 seconds. (7) Received Access-Request Id 7 from 192.168.0.80:1061 to 192.168.0.9:1812 length 322 (7) Message-Authenticator = 0x4dc080cff5d2aec2ee857c6c7375b959 (7) Service-Type = Framed-User (7) User-Name = "aymeema" (7) Framed-MTU = 1488 (7) State = 0xee0bf512e80cecd6e57224eb55af15dd (7) Called-Station-Id = "00-23-CD-DC-C5-54:FTS" (7) Calling-Station-Id = "48-59-29-D4-FC-33" (7) NAS-Port-Type = Wireless-802.11 (7) Connect-Info = "CONNECT 54Mbps 802.11g" (7) EAP-Message = 0x0207009019001703010020b184428e6a6c8997d160d1a52137bbf60102a804bb422c47aa5f08e04eadc391170301006002f9a0662fa796bca2340e3ea61f635a9da1e2836df02e56a30ee198ea1b58d5a9cc41385046f7138e93c6124fcf6f1e32559708b4797a9c94ab3a2be57dd6535d72c428c5c02a (7) NAS-IP-Address = 192.168.1.5 (7) NAS-Port = 2 (7) NAS-Port-Id = "STA port # 2" (7) session-state: No cached attributes (7) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "aymeema", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) eap: Peer sent EAP Response (code 2) ID 7 length 144 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = eap (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (7) authenticate { (7) eap: Expiring EAP session with state 0x122cc322122bd902 (7) eap: Finished EAP session with state 0xee0bf512e80cecd6 (7) eap: Previous EAP request found for state 0xee0bf512e80cecd6, released from the list (7) eap: Peer sent packet with method EAP PEAP (25) (7) eap: Calling submodule eap_peap to process data (7) eap_peap: Continuing EAP-TLS (7) eap_peap: [eaptls verify] = ok (7) eap_peap: Done initial handshake (7) eap_peap: [eaptls process] = ok (7) eap_peap: Session established. Decoding tunneled attributes (7) eap_peap: PEAP state phase2 (7) eap_peap: EAP method MSCHAPv2 (26) (7) eap_peap: Got tunneled request (7) eap_peap: EAP-Message = 0x020700421a0207003d310fd6e853d94fc6045add7929942343ee00000000000000009620b931c92b1f08b063b513a33a5330e01b5519358610210061796d65656d61 (7) eap_peap: Setting User-Name to aymeema (7) eap_peap: Sending tunneled request to inner-tunnel (7) eap_peap: EAP-Message = 0x020700421a0207003d310fd6e853d94fc6045add7929942343ee00000000000000009620b931c92b1f08b063b513a33a5330e01b5519358610210061796d65656d61 (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (7) eap_peap: User-Name = "aymeema" (7) eap_peap: State = 0x122cc322122bd9025a123037d96cd8cc (7) Virtual server inner-tunnel received request (7) EAP-Message = 0x020700421a0207003d310fd6e853d94fc6045add7929942343ee00000000000000009620b931c92b1f08b063b513a33a5330e01b5519358610210061796d65656d61 (7) FreeRADIUS-Proxied-To = 127.0.0.1 (7) User-Name = "aymeema" (7) State = 0x122cc322122bd9025a123037d96cd8cc (7) WARNING: Outer and inner identities are the same. User privacy is compromised. (7) server inner-tunnel { (7) session-state: No cached attributes (7) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ /@\./) { (7) if (&User-Name =~ /@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) [chap] = noop (7) [mschap] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "aymeema", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) update control { (7) &Proxy-To-Realm := LOCAL (7) } # update control = noop (7) eap: Peer sent EAP Response (code 2) ID 7 length 66 (7) eap: No EAP Start, assuming it's an on-going EAP conversation (7) [eap] = updated (7) [files] = noop (7) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'aymeema' (7) perl: $RAD_REQUEST{'State'} = &request:State -> '0x122cc322122bd9025a123037d96cd8cc' (7) perl: $RAD_REQUEST{'EAP-Message'} = &request:EAP-Message -> '0x020700421a0207003d310fd6e853d94fc6045add7929942343ee00000000000000009620b931c92b1f08b063b513a33a5330e01b5519358610210061796d65656d61' (7) perl: $RAD_REQUEST{'FreeRADIUS-Proxied-To'} = &request:FreeRADIUS-Proxied-To -> '127.0.0.1' (7) perl: $RAD_REQUEST{'EAP-Type'} = &request:EAP-Type -> 'MSCHAPv2' (7) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'eap' (7) perl: $RAD_CHECK{'Proxy-To-Realm'} = &control:Proxy-To-Realm -> 'LOCAL' (7) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'eap' (7) perl: $RAD_CONFIG{'Proxy-To-Realm'} = &control:Proxy-To-Realm -> 'LOCAL' SOFT ASSERT FAILED src/modules/rlm_perl/rlm_perl.c[703]: *vps (7) perl: &request:EAP-Message = $RAD_REQUEST{'EAP-Message'} -> '0x020700421a0207003d310fd6e853d94fc6045add7929942343ee00000000000000009620b931c92b1f08b063b513a33a5330e01b5519358610210061796d65656d61' (7) perl: &request:State = $RAD_REQUEST{'State'} -> '0x122cc322122bd9025a123037d96cd8cc' (7) perl: &request:FreeRADIUS-Proxied-To = $RAD_REQUEST{'FreeRADIUS-Proxied-To'} -> '127.0.0.1' (7) perl: &request:EAP-Type = $RAD_REQUEST{'EAP-Type'} -> 'MSCHAPv2' (7) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'aymeema' SOFT ASSERT FAILED src/modules/rlm_perl/rlm_perl.c[703]: *vps (7) perl: &control:Proxy-To-Realm = $RAD_CHECK{'Proxy-To-Realm'} -> 'LOCAL' (7) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'eap' (7) [perl] = ok (7) [expiration] = noop (7) [logintime] = noop (7) [pap] = noop (7) } # authorize = updated (7) Found Auth-Type = eap (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (7) authenticate { (7) eap: Expiring EAP session with state 0x122cc322122bd902 (7) eap: Finished EAP session with state 0x122cc322122bd902 (7) eap: Previous EAP request found for state 0x122cc322122bd902, released from the list (7) eap: Peer sent packet with method EAP MSCHAPv2 (26) (7) eap: Calling submodule eap_mschapv2 to process data (7) eap_mschapv2: # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (7) eap_mschapv2: authenticate { (7) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password (7) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password (7) mschap: Creating challenge hash with username: aymeema (7) mschap: Client is using MS-CHAPv2 (7) mschap: ERROR: FAILED: No NT/LM-Password. Cannot perform authentication (7) mschap: ERROR: MS-CHAP2-Response is incorrect (7) [mschap] = reject (7) } # authenticate = reject (7) eap: Sending EAP Failure (code 4) ID 7 length 4 (7) eap: Freeing handler (7) [eap] = reject (7) } # authenticate = reject (7) Failed to authenticate the user (7) Using Post-Auth-Type Reject (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel (7) Post-Auth-Type REJECT { (7) attr_filter.access_reject: EXPAND %{User-Name} (7) attr_filter.access_reject: --> aymeema (7) attr_filter.access_reject: Matched entry DEFAULT at line 11 (7) [attr_filter.access_reject] = updated (7) update outer.session-state { (7) &Module-Failure-Message := &request:Module-Failure-Message -> 'mschap: FAILED: No NT/LM-Password. Cannot perform authentication' (7) } # update outer.session-state = noop (7) } # Post-Auth-Type REJECT = updated (7) } # server inner-tunnel (7) Virtual server sending reply (7) MS-CHAP-Error = "\007E=691 R=1 C=fcb1c9be7da91078278e0b9b45cf0517 V=3 M=Authentication failed" (7) EAP-Message = 0x04070004 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: Got tunneled reply code 3 (7) eap_peap: MS-CHAP-Error = "\007E=691 R=1 C=fcb1c9be7da91078278e0b9b45cf0517 V=3 M=Authentication failed" (7) eap_peap: EAP-Message = 0x04070004 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: Got tunneled reply RADIUS code 3 (7) eap_peap: MS-CHAP-Error = "\007E=691 R=1 C=fcb1c9be7da91078278e0b9b45cf0517 V=3 M=Authentication failed" (7) eap_peap: EAP-Message = 0x04070004 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: Tunneled authentication was rejected (7) eap_peap: FAILURE (7) eap: Sending EAP Request (code 1) ID 8 length 43 (7) eap: EAP session adding &reply:State = 0xee0bf512e903ecd6 (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) Post-Auth-Type sub-section not found. Ignoring. (7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (7) session-state: Saving cached attributes (7) Module-Failure-Message := "mschap: FAILED: No NT/LM-Password. Cannot perform authentication" (7) Sent Access-Challenge Id 7 from 192.168.0.9:1812 to 192.168.0.80:1061 length 0 (7) EAP-Message = 0x0108002b19001703010020349d637b500281f48f99c09f3393a3f9ff128e70fe6005b6de3d4d5db3fd680f (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0xee0bf512e903ecd6e57224eb55af15dd (7) Finished request Waking up in 3.8 seconds. (8) Received Access-Request Id 8 from 192.168.0.80:1061 to 192.168.0.9:1812 length 258 (8) Message-Authenticator = 0x6d2614f187dcdb7592b43f61f3bc426c (8) Service-Type = Framed-User (8) User-Name = "aymeema" (8) Framed-MTU = 1488 (8) State = 0xee0bf512e903ecd6e57224eb55af15dd (8) Called-Station-Id = "00-23-CD-DC-C5-54:FTS" (8) Calling-Station-Id = "48-59-29-D4-FC-33" (8) NAS-Port-Type = Wireless-802.11 (8) Connect-Info = "CONNECT 54Mbps 802.11g" (8) EAP-Message = 0x02080050190017030100206c2d7efa7278365fe6169b3873bb4bd90d9bea6499b5a50b532e34b4cedddaaf170301002068dc2af39bb85f463ce6f8b752991db68a1079ae0382ef75f600bada56b907a1 (8) NAS-IP-Address = 192.168.1.5 (8) NAS-Port = 2 (8) NAS-Port-Id = "STA port # 2" (8) Restoring &session-state (8) &session-state:Module-Failure-Message := "mschap: FAILED: No NT/LM-Password. Cannot perform authentication" (8) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (8) authorize { (8) policy filter_username { (8) if (&User-Name) { (8) if (&User-Name) -> TRUE (8) if (&User-Name) { (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@[^@]*@/ ) { (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ /@\./) { (8) if (&User-Name =~ /@\./) -> FALSE (8) } # if (&User-Name) = notfound (8) } # policy filter_username = notfound (8) [preprocess] = ok (8) [chap] = noop (8) [mschap] = noop (8) [digest] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "aymeema", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) eap: Peer sent EAP Response (code 2) ID 8 length 80 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) } # authorize = ok (8) Found Auth-Type = eap (8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (8) authenticate { (8) eap: Expiring EAP session with state 0xee0bf512e903ecd6 (8) eap: Finished EAP session with state 0xee0bf512e903ecd6 (8) eap: Previous EAP request found for state 0xee0bf512e903ecd6, released from the list (8) eap: Peer sent packet with method EAP PEAP (25) (8) eap: Calling submodule eap_peap to process data (8) eap_peap: Continuing EAP-TLS (8) eap_peap: [eaptls verify] = ok (8) eap_peap: Done initial handshake (8) eap_peap: [eaptls process] = ok (8) eap_peap: Session established. Decoding tunneled attributes (8) eap_peap: PEAP state send tlv failure (8) eap_peap: Received EAP-TLV response (8) eap_peap: The users session was previously rejected: returning reject (again.) (8) eap_peap: This means you need to read the PREVIOUS messages in the debug output (8) eap_peap: to find out the reason why the user was rejected (8) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you (8) eap_peap: what went wrong, and how to fix the problem (8) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed (8) eap: Sending EAP Failure (code 4) ID 8 length 4 (8) eap: Failed in EAP select (8) [eap] = invalid (8) } # authenticate = invalid (8) Failed to authenticate the user (8) Using Post-Auth-Type Reject (8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (8) Post-Auth-Type REJECT { (8) attr_filter.access_reject: EXPAND %{User-Name} (8) attr_filter.access_reject: --> aymeema (8) attr_filter.access_reject: Matched entry DEFAULT at line 11 (8) [attr_filter.access_reject] = updated (8) [eap] = noop (8) policy remove_reply_message_if_eap { (8) if (&reply:EAP-Message && &reply:Reply-Message) { (8) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (8) else { (8) [noop] = noop (8) } # else = noop (8) } # policy remove_reply_message_if_eap = noop (8) } # Post-Auth-Type REJECT = updated (8) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (8) Sending delayed response (8) Sent Access-Reject Id 8 from 192.168.0.9:1812 to 192.168.0.80:1061 length 44 (8) EAP-Message = 0x04080004 (8) Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 2.8 seconds. (0) Cleaning up request packet ID 0 with timestamp +55 (1) Cleaning up request packet ID 1 with timestamp +55 (2) Cleaning up request packet ID 2 with timestamp +55 (3) Cleaning up request packet ID 3 with timestamp +55 Waking up in 1.0 seconds. (4) Cleaning up request packet ID 4 with timestamp +56 (5) Cleaning up request packet ID 5 with timestamp +56 (6) Cleaning up request packet ID 6 with timestamp +56 (7) Cleaning up request packet ID 7 with timestamp +56 (8) Cleaning up request packet ID 8 with timestamp +56 Ready to process requests Any suggestions? ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de Salud. La persona que envia este correo asume el compromiso de usar el servicio a tales fines y cumplir con las regulaciones establecidas Infomed: http://www.sld.cu/
On Sep 4, 2018, at 8:32 AM, lesterpl@infomed.sld.cu wrote:
Hi, I have problems with freeradius I am authenticate with a perl script and it works only when I do a radtest like in the following case:
Ready to process requests (0) Received Access-Request Id 188 from 192.168.0.3:40871 to 192.168.0.9:1812 length 109 (0) User-Name = "lesterpl@infomed.sld.cu" (0) User-Password = "supermelinda.com2010"
Which has a password.
(0) Auth-Type := perl
We don't recommend doing authentication in a custom module. The module should instead supply a Cleartext-Password, and then let FreeRADIUS do the authentication.
BUT WHEN I SEND IT MY AP THE FREERADIUS ASSUMES IT IN THE GROUP OF PAP AND NOT AUTHENTIC
No, when you authenticate via the AP, the end user systems sends EAP. Which doesn't include a User-Password.
Received Access-Request Id 4 from 192.168.0.80:1061 to 192.168.0.9:1812 length 322 (4) Message-Authenticator = 0x7350cca44f5ea831e5dff8bf3ea5be8b (4) Service-Type = Framed-User (4) User-Name = "aymeema" (4) Framed-MTU = 1488 (4) State = 0xee0bf512ed0fecd6e57224eb55af15dd (4) Called-Station-Id = "00-23-CD-DC-C5-54:FTS" (4) Calling-Station-Id = "48-59-29-D4-FC-33" (4) NAS-Port-Type = Wireless-802.11 (4) Connect-Info = "CONNECT 54Mbps 802.11g" (4) EAP-Message = 0x020400901980000000861603010046100000424104631fdc9346cd60c44035b7efb9e8f1f0c997f33787eff9189e4b6eeee27cc542d466b86da33c4f378c5ce26aa52d5d311a5790c308e422e121b9093286c1c303140301000101160301003085b82bf9e3a0949af7d6af10fc9938d21707e2778c3cde
See? EAP. And no User-Password.
Any suggestions?
Have your module supply a Cleartext-Password in the "authorize" phase. Don't set "Auth-Type := perl". FreeRADIUS will authenticate the user. If the module *can't* supply a Cleartext-Password, then PEAP will never work. The only other option is to get the end user machine to do EAP-TTLS, with PAP inside of the inner-tunnel. Then, configure the "inner-tunnel" virtual server to use your module to check the password. You're limited by how the authentication protocols work. No amount of research or poking at the code will result in any other answer. Alan DeKok.
Please here my configuration, where is that I should remove the perl authentication. Where do I have the error or what should I do? Thank you very much /etc/freeradius/3.0/proxy.conf realm infomed.sld.cu { type = radius authhost = LOCAL accthost = LOCAL } realm fts.vcl.sld.cu { type = radius authhost = LOCAL accthost = LOCAL } /etc/freeradius/3.0/users DEFAULT Auth-Type = Perl, Realm != DEFAULT /etc/freeradius/3.0/mods-available/perl filename = /etc/freeradius/3.0/pop3s.pl /etc/freeradius/3.0/sites-enabled/default authorize { …. eap { ok = return } files if (ok || updated) { update control { Auth-Type := Perl } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } Auth-Type perl { perl } …. /etc/freeradius/3.0/sites-enabled/inner-tunnel authorize { …. eap { ok = return } Files Perl authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } Auth-Type perl { perl } ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de Salud. La persona que envia este correo asume el compromiso de usar el servicio a tales fines y cumplir con las regulaciones establecidas Infomed: http://www.sld.cu/
On Sep 4, 2018, at 9:12 AM, lesterpl@infomed.sld.cu wrote:
Please here my configuration, where is that I should remove the perl authentication.
It helps to understand how the server works. That way you can fix issues yourself, instead of giving up, and asking other people to do your work for you.
Where do I have the error or what should I do?
I explained it in my previous message,. Alan DeKok.
Thank you very much for the help but I'm not an expert in freeradius, I think you say that you remove the perl option from the file /etc/freeradius/3.0/sites-enabled/default and place it in inner-tunnel, my idea is to authenticate the server with a perl script that queries pop3 to several domains because I have users of several domains and I do not have to create the accounts. Now the script works which is the main thing but I have the problem of eap sent by my AP. please help I've been stuck for days and it seems like I'm blocked. Alan DeKok <aland@deployingradius.com> escribió:
On Sep 4, 2018, at 9:12 AM, lesterpl@infomed.sld.cu wrote:
Please here my configuration, where is that I should remove the perl authentication.
It helps to understand how the server works. That way you can fix issues yourself, instead of giving up, and asking other people to do your work for you.
Where do I have the error or what should I do?
I explained it in my previous message,.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de Salud. La persona que envia este correo asume el compromiso de usar el servicio a tales fines y cumplir con las regulaciones establecidas Infomed: http://www.sld.cu/
On Sep 4, 2018, at 9:28 AM, lesterpl@infomed.sld.cu wrote:
Thank you very much for the help but I'm not an expert in freeradius, I think you say that you remove the perl option from the file /etc/freeradius/3.0/sites-enabled/default and place it in inner-tunnel, my idea is to authenticate the server with a perl script that queries pop3 to several domains because I have users of several domains and I do not have to create the accounts. Now the script works which is the main thing but I have the problem of eap sent by my AP. please help I've been stuck for days and it seems like I'm blocked.
As I said in my first reply... even if you *do* get it working, it will only work for EAP-TTLS with PAP inside of the inner-tunnel. Do you know what that means? Alan DeKok.
I'm sorry I do not know how to do it and what it means EAP-TTLS with PAP, if you can not help me I understand. Thank you for your time and patience with me. Alan DeKok <aland@deployingradius.com> escribió:
On Sep 4, 2018, at 9:28 AM, lesterpl@infomed.sld.cu wrote:
Thank you very much for the help but I'm not an expert in freeradius, I think you say that you remove the perl option from the file /etc/freeradius/3.0/sites-enabled/default and place it in inner-tunnel, my idea is to authenticate the server with a perl script that queries pop3 to several domains because I have users of several domains and I do not have to create the accounts. Now the script works which is the main thing but I have the problem of eap sent by my AP. please help I've been stuck for days and it seems like I'm blocked.
As I said in my first reply... even if you *do* get it working, it will only work for EAP-TTLS with PAP inside of the inner-tunnel.
Do you know what that means?
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de Salud. La persona que envia este correo asume el compromiso de usar el servicio a tales fines y cumplir con las regulaciones establecidas Infomed: http://www.sld.cu/
On Sep 4, 2018, at 9:37 AM, lesterpl@infomed.sld.cu wrote:
I'm sorry I do not know how to do it and what it means EAP-TTLS with PAP, if you can not help me I understand. Thank you for your time and patience with me.
EAP is a framework for carrying different authentication protocols. One is PEAP, another is EAP-TTLS. Honestly... if EAP is a complete unknown to you, then you won't have an easy time trying to configure EAP in the server. It really does help a lot to know how it works. You will have to read the documentation on the end user system to see how to configure EAP-TTLS with PAP. And that is something we can't help you with. Alan DeKok.
participants (2)
-
Alan DeKok -
lesterpl@infomed.sld.cu