EAP-TTLS-PAP-LDAP
Rohaizam Abu Bakar
haizam at myjaring.net
Fri Jul 14 09:40:01 CEST 2006
No error detected (refer below debug logs).. only that radius cannot assign
Auth-Type since i do not specify in users file.. I let radius detect by
itself... but since in my users file.. there are a few lines that been
specified with Auth-Type... it cannot figure it out on its own.. i've a few
services refer to different LDAP tree.. So i need to specify the Auth-Type
for other services... Any other solution...??
The EAP should follow line with OCE.. but I do not specify any Auth-Type on
that line...
DEFAULT NAS-Identifier == "Wireless-802.11", Autz-Type := Y5,
Auth-Type :=Y5
DEFAULT Realm == "ocemy015.com", Autz-Type := OCE
DEFAULT Autz-Type := LDAP, Auth-Type :=LDAP
rad_recv: Access-Request packet from host 202.73.10.12:1814, id=20,
length=216
Framed-MTU = 1466
NAS-IP-Address = 10.220.0.3
NAS-Identifier = "OCEPOP2"
User-Name = "jaroce2 at ocemy015.com"
Service-Type = Framed-User
NAS-Port = 241
NAS-Port-Type = Ethernet
NAS-Port-Id = "ether16_241"
Called-Station-Id = "00-11-95-dd-31-0a"
Calling-Station-Id = "00-11-5b-2d-b2-8e"
Connect-Info = "CONNECT Ethernet 2Mbps Full duplex"
EAP-Message = 0x02010019016a61726f636532406f63656d793031352e636f6d
Message-Authenticator = 0xf66af566c577294fbd2873cf99c82fd6
Proxy-State = 0x32
rad_rmspace_pair: User-Name now 'jaroce2 at ocemy015.com'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '/' in User-Name = "jaroce2 at ocemy015.com", skipping NULL
due to config.
modcall[authorize]: module "IPASS" returns noop for request 5
rlm_realm: Looking up realm "ocemy015.com" for User-Name =
"jaroce2 at ocemy015.com"
rlm_realm: Found realm "ocemy015.com"
rlm_realm: Adding Stripped-User-Name = "jaroce2"
rlm_realm: Proxying request from user jaroce2 to realm ocemy015.com
rlm_realm: Adding Realm = "ocemy015.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 1 length 25
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 19
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
Found Autz-Type OCE
Processing the authorize section of radiusd.conf
modcall: entering group OCE for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jaroce2
radius_xlat: '(uid=jaroce2)'
radius_xlat: 'ou=OCE,ou=AAA,ou=People,dc=jaring,dc=my'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 61.6.32.201:389, authentication 0
rlm_ldap: bind as cn=Sysadmin,ou=Applications,dc=jaring,dc=my/kh4l1f4h to
61.6.32.201:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=OCE,ou=AAA,ou=People,dc=jaring,dc=my, with
filter (uid=jaroce2)
rlm_ldap: checking if remote access for jaroce2 is allowed by dialupAccess
rlm_ldap: Added password {CRYPT}$1$ZRXMvi1s$zBQaHYkaxDjGi5zL2geNN0 in check
items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value
Van-Jacobson-TCP-IP & op=11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User &
op=11
rlm_ldap: user jaroce2 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldapOCE" returns ok for request 5
modcall: leaving group OCE (returns ok) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 20 to 202.73.10.12 port 1814
Framed-Compression = Van-Jacobson-TCP-IP
Framed-MTU = 1500
Framed-Protocol = PPP
Service-Type = Framed-User
EAP-Message = 0x010200061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6f8d462fc1d7a9ef273cff67a79b9225
Proxy-State = 0x32
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 202.73.10.12:1814, id=21,
length=269
Framed-MTU = 1466
NAS-IP-Address = 10.220.0.3
NAS-Identifier = "OCEPOP2"
User-Name = "jaroce2 at ocemy015.com"
Service-Type = Framed-User
NAS-Port = 241
NAS-Port-Type = Ethernet
NAS-Port-Id = "ether16_241"
Called-Station-Id = "00-11-95-dd-31-0a"
Calling-Station-Id = "00-11-5b-2d-b2-8e"
Connect-Info = "CONNECT Ethernet 2Mbps Full duplex"
State = 0x6f8d462fc1d7a9ef273cff67a79b9225
EAP-Message =
0x0202003c158000000032160301002d01000029030186f82eb5952be3b8ceadc4a4edc478c2c08acc553c7f
ee894a2a9361bfdcfbb5000002000a0100
Message-Authenticator = 0x9eabe246450cacd8dfd7f8ab25d623e9
Proxy-State = 0x33
rad_rmspace_pair: User-Name now 'jaroce2 at ocemy015.com'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '/' in User-Name = "jaroce2 at ocemy015.com", skipping NULL
due to config.
modcall[authorize]: module "IPASS" returns noop for request 6
rlm_realm: Looking up realm "ocemy015.com" for User-Name =
"jaroce2 at ocemy015.com"
rlm_realm: Found realm "ocemy015.com"
rlm_realm: Adding Stripped-User-Name = "jaroce2"
rlm_realm: Proxying request from user jaroce2 to realm ocemy015.com
rlm_realm: Adding Realm = "ocemy015.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 2 length 60
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 19
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
Found Autz-Type OCE
Processing the authorize section of radiusd.conf
modcall: entering group OCE for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jaroce2
radius_xlat: '(uid=jaroce2)'
radius_xlat: 'ou=OCE,ou=AAA,ou=People,dc=jaring,dc=my'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=OCE,ou=AAA,ou=People,dc=jaring,dc=my, with
filter (uid=jaroce2)
rlm_ldap: checking if remote access for jaroce2 is allowed by dialupAccess
rlm_ldap: Added password {CRYPT}$1$ZRXMvi1s$zBQaHYkaxDjGi5zL2geNN0 in check
items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value
Van-Jacobson-TCP-IP & op=11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User &
op=11
rlm_ldap: user jaroce2 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldapOCE" returns ok for request 6
modcall: leaving group OCE (returns ok) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 21 to 202.73.10.12 port 1814
Framed-Compression = Van-Jacobson-TCP-IP
Framed-MTU = 1500
Framed-Protocol = PPP
Service-Type = Framed-User
EAP-Message =
0x0103040a15c0000006f1160301004a02000046030144b70003608201d67571c6b0b8e90af392f94fcfd408
987fb99af1ad06a5a02620e8a88c919eb766ca2a2893ad7e552bd5348071e5638448deb60aa9eb709ccfa6000a0016030106940b000690
00068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111
300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a
6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f
6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603
550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f
6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a
864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7
d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177
d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d
25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2
e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60e
fa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d01010405003081
9f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d6520436974793115
3013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69
656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf7b50f803a4bf2fad1484ad156677437
Proxy-State = 0x33
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 202.73.10.12:1814, id=22,
length=215
Framed-MTU = 1466
NAS-IP-Address = 10.220.0.3
NAS-Identifier = "OCEPOP2"
User-Name = "jaroce2 at ocemy015.com"
Service-Type = Framed-User
NAS-Port = 241
NAS-Port-Type = Ethernet
NAS-Port-Id = "ether16_241"
Called-Station-Id = "00-11-95-dd-31-0a"
Calling-Station-Id = "00-11-5b-2d-b2-8e"
Connect-Info = "CONNECT Ethernet 2Mbps Full duplex"
State = 0xf7b50f803a4bf2fad1484ad156677437
EAP-Message = 0x020300061500
Message-Authenticator = 0x37401c244125eb3618d68d4f8a6414f3
Proxy-State = 0x34
rad_rmspace_pair: User-Name now 'jaroce2 at ocemy015.com'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '/' in User-Name = "jaroce2 at ocemy015.com", skipping NULL
due to config.
modcall[authorize]: module "IPASS" returns noop for request 7
rlm_realm: Looking up realm "ocemy015.com" for User-Name =
"jaroce2 at ocemy015.com"
rlm_realm: Found realm "ocemy015.com"
rlm_realm: Adding Stripped-User-Name = "jaroce2"
rlm_realm: Proxying request from user jaroce2 to realm ocemy015.com
rlm_realm: Adding Realm = "ocemy015.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 19
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
Found Autz-Type OCE
Processing the authorize section of radiusd.conf
modcall: entering group OCE for request 7
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jaroce2
radius_xlat: '(uid=jaroce2)'
radius_xlat: 'ou=OCE,ou=AAA,ou=People,dc=jaring,dc=my'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=OCE,ou=AAA,ou=People,dc=jaring,dc=my, with
filter (uid=jaroce2)
rlm_ldap: checking if remote access for jaroce2 is allowed by dialupAccess
rlm_ldap: Added password {CRYPT}$1$ZRXMvi1s$zBQaHYkaxDjGi5zL2geNN0 in check
items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value
Van-Jacobson-TCP-IP & op=11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User &
op=11
rlm_ldap: user jaroce2 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldapOCE" returns ok for request 7
modcall: leaving group OCE (returns ok) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 22 to 202.73.10.12 port 1814
Framed-Compression = Van-Jacobson-TCP-IP
Framed-MTU = 1500
Framed-Protocol = PPP
Service-Type = Framed-User
EAP-Message =
0x010402fb1580000006f1170d3036303132343133323630375a30819f310b30090603550406130243413111
300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a
6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420636572746966696361746531
21301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d
0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52cc
EAP-Message =
0xb99b41e80ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a
1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381
ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e
1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e
63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e
EAP-Message =
0x31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365727469
6669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d1304053003
0101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743f
dc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8
f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c51603010004
EAP-Message = 0x0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x72dce9b7a77986474ff02c3969a61113
Proxy-State = 0x34
Finished request 7
Going to the next request
--- Walking the entire request list ---
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 202.73.10.12:1814, id=23,
length=409
Framed-MTU = 1466
NAS-IP-Address = 10.220.0.3
NAS-Identifier = "OCEPOP2"
User-Name = "jaroce2 at ocemy015.com"
Service-Type = Framed-User
NAS-Port = 241
NAS-Port-Type = Ethernet
NAS-Port-Id = "ether16_241"
Called-Station-Id = "00-11-95-dd-31-0a"
Calling-Station-Id = "00-11-5b-2d-b2-8e"
Connect-Info = "CONNECT Ethernet 2Mbps Full duplex"
State = 0x72dce9b7a77986474ff02c3969a61113
EAP-Message =
0x020400c81580000000be16030100861000008200802341c2779273ae281a27779473d8ed419e99960f32c2
3b1c039a1375aca953a7471fefacd95dc62f99694c5e978848a43c4338f2b3883a8da396d5222ebf2e9167d1ff10e2a894a5a54b04a332
0e01c71942038dbcaa9bc8270e260d0f456c5d2b9263144f7b892ea6b17a0665235eb771455338a6a6d5a4cadba19e5de785a914030100
010116030100282d7702a5c85bb95a5f50397748a82d9704435586553fcfe6dfe21ab12d2ad770675feaa6d109bfe6
Message-Authenticator = 0x13f423390144c1ce2959e3338dd5cddd
Proxy-State = 0x35
rad_rmspace_pair: User-Name now 'jaroce2 at ocemy015.com'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '/' in User-Name = "jaroce2 at ocemy015.com", skipping NULL
due to config.
modcall[authorize]: module "IPASS" returns noop for request 8
rlm_realm: Looking up realm "ocemy015.com" for User-Name =
"jaroce2 at ocemy015.com"
rlm_realm: Found realm "ocemy015.com"
rlm_realm: Adding Stripped-User-Name = "jaroce2"
rlm_realm: Proxying request from user jaroce2 to realm ocemy015.com
rlm_realm: Adding Realm = "ocemy015.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 4 length 200
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry DEFAULT at line 19
modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
Found Autz-Type OCE
Processing the authorize section of radiusd.conf
modcall: entering group OCE for request 8
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jaroce2
radius_xlat: '(uid=jaroce2)'
radius_xlat: 'ou=OCE,ou=AAA,ou=People,dc=jaring,dc=my'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=OCE,ou=AAA,ou=People,dc=jaring,dc=my, with
filter (uid=jaroce2)
rlm_ldap: checking if remote access for jaroce2 is allowed by dialupAccess
rlm_ldap: Added password {CRYPT}$1$ZRXMvi1s$zBQaHYkaxDjGi5zL2geNN0 in check
items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value
Van-Jacobson-TCP-IP & op=11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User &
op=11
rlm_ldap: user jaroce2 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldapOCE" returns ok for request 8
modcall: leaving group OCE (returns ok) for request 8
modcall: leaving group OCE (returns ok) for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 8
modcall: leaving group authenticate (returns handled) for request 8
Sending Access-Challenge of id 23 to 202.73.10.12 port 1814
Framed-Compression = Van-Jacobson-TCP-IP
Framed-MTU = 1500
Framed-Protocol = PPP
Service-Type = Framed-User
EAP-Message =
0x0105003d15800000003314030100010116030100288659a2b78a274b717ac1b8bf139eb525b05a0e9a694b
72e6a4e6ed3c1778505495aa9ee7b32acafb
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5fe274409d7706e1604ff620c6127976
Proxy-State = 0x35
Finished request 8
Going to the next request
--- Walking the entire request list ---
Cleaning up request 5 ID 20 with timestamp 44b70001
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 202.73.10.12:1814, id=24,
length=296
Framed-MTU = 1466
NAS-IP-Address = 10.220.0.3
NAS-Identifier = "OCEPOP2"
User-Name = "jaroce2 at ocemy015.com"
Service-Type = Framed-User
NAS-Port = 241
NAS-Port-Type = Ethernet
NAS-Port-Id = "ether16_241"
Called-Station-Id = "00-11-95-dd-31-0a"
Calling-Station-Id = "00-11-5b-2d-b2-8e"
Connect-Info = "CONNECT Ethernet 2Mbps Full duplex"
State = 0x5fe274409d7706e1604ff620c6127976
EAP-Message =
0x0205005715800000004d1703010048b645119ae14f1c156bb2e3b69bd88bb186fc2cf221206ebdcc4ae1cb
dcfae0ab7a32d8cac7622c63b8e814905a560d43c8daae1451d22298ba548e2c6321606160affc5f06ebe8c1
Message-Authenticator = 0x9b6c55824f48dfc98d759efe2022f9cc
Proxy-State = 0x36
rad_rmspace_pair: User-Name now 'jaroce2 at ocemy015.com'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '/' in User-Name = "jaroce2 at ocemy015.com", skipping NULL
due to config.
modcall[authorize]: module "IPASS" returns noop for request 9
rlm_realm: Looking up realm "ocemy015.com" for User-Name =
"jaroce2 at ocemy015.com"
rlm_realm: Found realm "ocemy015.com"
rlm_realm: Adding Stripped-User-Name = "jaroce2"
rlm_realm: Proxying request from user jaroce2 to realm ocemy015.com
rlm_realm: Adding Realm = "ocemy015.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 5 length 87
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched entry DEFAULT at line 19
modcall[authorize]: module "files" returns ok for request 9
modcall: leaving group authorize (returns updated) for request 9
Found Autz-Type OCE
Processing the authorize section of radiusd.conf
modcall: entering group OCE for request 9
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jaroce2
radius_xlat: '(uid=jaroce2)'
radius_xlat: 'ou=OCE,ou=AAA,ou=People,dc=jaring,dc=my'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=OCE,ou=AAA,ou=People,dc=jaring,dc=my, with
filter (uid=jaroce2)
rlm_ldap: checking if remote access for jaroce2 is allowed by dialupAccess
rlm_ldap: Added password {CRYPT}$1$ZRXMvi1s$zBQaHYkaxDjGi5zL2geNN0 in check
items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value
Van-Jacobson-TCP-IP & op=11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User &
op=11
rlm_ldap: user jaroce2 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldapOCE" returns ok for request 9
modcall: leaving group OCE (returns ok) for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_ttls: Session established. Proceeding to decode tunneled
attributes.
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '/' in User-Name = "jaroce2 at ocemy015.com", skipping NULL
due to config.
modcall[authorize]: module "IPASS" returns noop for request 9
rlm_realm: Looking up realm "ocemy015.com" for User-Name =
"jaroce2 at ocemy015.com"
rlm_realm: Found realm "ocemy015.com"
rlm_realm: Adding Stripped-User-Name = "jaroce2"
rlm_realm: Proxying request from user jaroce2 to realm ocemy015.com
rlm_realm: Adding Realm = "ocemy015.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 9
users: Matched entry DEFAULT at line 19
modcall[authorize]: module "files" returns ok for request 9
modcall: leaving group authorize (returns ok) for request 9
Found Autz-Type OCE
Processing the authorize section of radiusd.conf
modcall: entering group OCE for request 9
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jaroce2
radius_xlat: '(uid=jaroce2)'
radius_xlat: 'ou=OCE,ou=AAA,ou=People,dc=jaring,dc=my'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=OCE,ou=AAA,ou=People,dc=jaring,dc=my, with
filter (uid=jaroce2)
rlm_ldap: checking if remote access for jaroce2 is allowed by dialupAccess
rlm_ldap: Added password {CRYPT}$1$ZRXMvi1s$zBQaHYkaxDjGi5zL2geNN0 in check
items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value
Van-Jacobson-TCP-IP & op=11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User &
op=11
rlm_ldap: user jaroce2 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldapOCE" returns ok for request 9
modcall: leaving group OCE (returns ok) for request 9
auth: type Local
auth: user supplied User-Password does NOT match local User-Password
auth: Failed to validate the user.
Login incorrect: [jaroce2 at ocemy015.com] (from client localhost port 0)
TTLS: Got tunneled Access-Reject
rlm_eap: Handler failed in EAP/ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 9
modcall: leaving group authenticate (returns invalid) for request 9
auth: Failed to validate the user.
Login incorrect: [jaroce2 at ocemy015.com] (from client OCE_JARING port 241 cli
00-11-5b-2d-b2-8e)
----- Original Message -----
From: "Alan DeKok" <aland at nitros9.org>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Friday, July 14, 2006 1:44 PM
Subject: Re: EAP-TTLS-PAP-LDAP
> "Rohaizam Abu Bakar" <haizam at myjaring.net> wrote:
>> Login incorrect: [jaroce2 at ocemy015.com] (from client localhost port 0)
>> TTLS: Got tunneled Access-Reject
>
> So.... read the *previous* debug logs to see why it was rejected.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list