Ldap + EAP

Rafał Kamiński rafal.kaminski at blstream.com
Fri Jan 26 11:56:09 CET 2007


Hi,

I have another problem with that LDAP auth.

I set clearPassword - userPassword, and i see that ldap auth.user:

rlm_ldap: user rka authorized to use remote access

but after i see:

rlm_eap_peap: Received EAP-TLV response.
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap_peap: Tunneled data is valid.
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap_peap:  Had sent TLV failure.
 User was rejcted rejected earlier in this session.

why ? what is wrong ?

BR,

/////Debug mode/////
User-Name = "rka"
        NAS-IP-Address = 192.168.1.245
        Called-Station-Id = "000f66a0643e"
        Calling-Station-Id = "0014a41e7112"
        NAS-Identifier = "000f66a0643e"
        NAS-Port = 61
        Framed-MTU = 1400
        State = 0x3e33510f9407a5ab3618886708f0a7ab
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x020700261900170301001bac20ee16475c5840e93722613a0e23156a7025d2aa5bfa24846b31
        Message-Authenticator = 0x0581c287817e870b2d4c1eb38f2b257f
Fri Jan 26 10:18:13 2007 : Debug: rad_lowerpair:  User-Name now 'rka'
Fri Jan 26 10:18:13 2007 : Debug:   Processing the authorize section of
radiusd.conf
Fri Jan 26 10:18:13 2007 : Debug: modcall: entering group authorize for
request 7
Fri Jan 26 10:18:13 2007 : Debug:   modsingle[authorize]: calling mschap
(rlm_mschap) for request 7
Fri Jan 26 10:18:13 2007 : Debug:   modsingle[authorize]: returned from
mschap (rlm_mschap) for request 7
Fri Jan 26 10:18:13 2007 : Debug:   modcall[authorize]: module "mschap"
returns noop for request 7
Fri Jan 26 10:18:13 2007 : Debug:   modsingle[authorize]: calling ldap
(rlm_ldap) for request 7
Fri Jan 26 10:18:13 2007 : Debug: rlm_ldap: - authorize
Fri Jan 26 10:18:13 2007 : Debug: rlm_ldap: performing user
authorization for rka
Fri Jan 26 10:18:13 2007 : Debug: radius_xlat:  '(uid=rka)'
Fri Jan 26 10:18:13 2007 : Debug: radius_xlat:  'ou=Users,dc=blstream'
Fri Jan 26 10:18:13 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Fri Jan 26 10:18:13 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Fri Jan 26 10:18:13 2007 : Debug: rlm_ldap: performing search in
ou=Users,dc=blstream, with filter (uid=rka)
Fri Jan 26 10:18:14 2007 : Debug: rlm_ldap: checking if remote access
for rka is allowed by uid
Fri Jan 26 10:18:14 2007 : Debug: rlm_ldap: Added password {CLEAR} dupa
in check items
Fri Jan 26 10:18:14 2007 : Debug: rlm_ldap: looking for check items in
directory...
Fri Jan 26 10:18:14 2007 : Debug: rlm_ldap: Adding userPassword as
User-Password, value {CLEAR} dupa & op=21
Fri Jan 26 10:18:14 2007 : Debug: rlm_ldap: looking for reply items in
directory...
Fri Jan 26 10:18:14 2007 : Debug: rlm_ldap: user rka authorized to use
remote access
Fri Jan 26 10:18:14 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Fri Jan 26 10:18:14 2007 : Debug:   modsingle[authorize]: returned from
ldap (rlm_ldap) for request 7
Fri Jan 26 10:18:14 2007 : Debug:   modcall[authorize]: module "ldap"
returns ok for request 7
Fri Jan 26 10:18:14 2007 : Debug:   modsingle[authorize]: calling eap
(rlm_eap) for request 7
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap: EAP packet type response id
7 length 38
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap: No EAP Start, assuming it's
an on-going EAP conversation
Fri Jan 26 10:18:14 2007 : Debug:   modsingle[authorize]: returned from
eap (rlm_eap) for request 7
Fri Jan 26 10:18:14 2007 : Debug:   modcall[authorize]: module "eap"
returns updated for request 7
Fri Jan 26 10:18:14 2007 : Debug: modcall: leaving group authorize
(returns updated) for request 7
Fri Jan 26 10:18:14 2007 : Debug:   rad_check_password:  Found Auth-Type EAP
Fri Jan 26 10:18:14 2007 : Debug: auth: type "EAP"
Fri Jan 26 10:18:14 2007 : Debug:   Processing the authenticate section
of radiusd.conf
Fri Jan 26 10:18:14 2007 : Debug: modcall: entering group authenticate
for request 7
Fri Jan 26 10:18:14 2007 : Debug:   modsingle[authenticate]: calling eap
(rlm_eap) for request 7
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap: Request found, released
from the list
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap: EAP/peap
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap: processing type peap
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap_peap: Authenticate
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap_tls: processing TLS
Fri Jan 26 10:18:14 2007 : Debug:   eaptls_verify returned 7
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap_tls: Done initial handshake
Fri Jan 26 10:18:14 2007 : Debug:   eaptls_process returned 7
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap_peap: EAPTLS_OK
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap_peap: Session established.
Decoding tunneled attributes.
  PEAP tunnel data in 0000: 02 07 00 0b 21 80 03 00 02 00 02
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap_peap: Received EAP-TLV response.
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap_peap: Tunneled data is valid.
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap_peap:  Had sent TLV failure.
 User was rejcted rejected earlier in this session.
Fri Jan 26 10:18:14 2007 : Debug:  rlm_eap: Handler failed in EAP/peap
Fri Jan 26 10:18:14 2007 : Debug:   rlm_eap: Failed in EAP select
Fri Jan 26 10:18:14 2007 : Debug:   modsingle[authenticate]: returned
from eap (rlm_eap) for request 7
Fri Jan 26 10:18:14 2007 : Debug:   modcall[authenticate]: module "eap"
returns invalid for request 7



-- 
Rafal Kaminski
http://blstream.com
email: rafal.kaminski at blstream.com
jid: rka at im.blstream.com



More information about the Freeradius-Users mailing list