eap-ttls proxy and ldap

basile bmathieu at siris.sorbonne.fr
Wed Feb 28 17:07:23 CET 2007 

hi
i try to proxy eap-ttls request from a freeradius server to another
i use outer identity anonymous at domainename and username login at domainename
first server proxy to the second  a request with anonymous as username
so it don t work

if i use outer identity anonymous at anoterdomain ( anoterdomain is local
to the first server )
all works fine , the proxy request is with login as username
i use freeradius 1.1.3 on debian on this server
here are my logs
i have other proxy that works well

thanks

rad_recv: Access-Request packet from host xxx:1814, id=36, length=162
        User-Name = "anonymous"
        Framed-MTU = 1400
        Called-Station-Id = "000d.eddf.7aa6"
        Calling-Station-Id = "0002.2d70.02a2"
        Service-Type = Login-User
        Message-Authenticator = 0xdd3f8213af874ac3b02b2ad676fa70cc
        EAP-Message =
0x0202001e01616e6f6e796d6f757340656e632e736f72626f6e6e652e6672
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 165300
        NAS-IP-Address = xxx
        NAS-Identifier = "xxx"
        Proxy-State = 0x3336
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  rlm_eap: EAP packet type response id 2 length 30
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 2
    users: Matched entry DEFAULT at line 14
  modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
  Found Autz-Type enc
  Processing the authorize section of radiusd.conf
modcall: entering group enc for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anonymous
radius_xlat:  '(uid=anonymous)'
radius_xlat:  'dc=enc,dc=sorbonne,dc=fr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=enc,dc=sorbonne,dc=fr, with filter
(uid=anonymous)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "enc" returns notfound for request 2
modcall: leaving group enc (returns notfound) for request 2
  rad_check_password:  Found Auth-Type pap
auth: type "PAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group PAP for request 2
rlm_pap: Attribute "Password" is required for authentication.
  modcall[authenticate]: module "pap" returns invalid for request 2
modcall: leaving group PAP (returns invalid) for request 2
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
Waking up in 3 seconds...

More information about the Freeradius-Users mailing list