TLS cant connect ldap+freeradius+novell
Yogesh Nagarkar
yogesh.nagarkar at gmail.com
Tue Jul 24 23:43:29 CEST 2007
Hi Martin,
If you already do not have it working, here are the steps that got mine to work,
1) Login to Novell iManager and under Roles and Tasks -> LDAP options
-> View Ldap Servers -> Click on server -> Connections -> make sure
"SSL Certificate IP" is the server cert and "Client Certificate - Not Requested"
2) Now if you click on Novell Certificate Access -> Server
Certificates -> Expand "SSL Certificate IP" , it shows that its signed
by Organizational CA
3) Click Novell Certificate Server -> Configure Certificate Authority
-> Click Certificates Tab -> Select "Organizational CA" -> Export and
follow steps and download the cert to a file say "cert.pfx"
4) Open cygwin (since i use edir on windoz) and do
openssl pkcs12 -in ~/Desktop/cert.pfx -nocerts -nodes -out
~/Desktop/edir_ca_key.pem
openssl pkcs12 -in ~/Desktop/cert.pfx -clcerts -nokeys -out
~/Desktop/edir_ca_cert.pem
cat ~/Desktop/edir_ca_cert.pem ~/Desktop/edir_ca_key.pem > ~/Desktop/edir.pem
5) Copy edir.pem to the radius server under say /certs/edir/edir.pem
6) My module looks like:
#make sure the ip is the same ip as in the CN of the CA cert
ldap ldap1{
# edir
server = 192.168.1.40
port = 636
dictionary_mapping = ${raddbdir}/ldap.attrmap
basedn = "o=engineering"
identity = "cn=admin,o=domain"
password = "*********"
password_attribute = nspmPassword
edir_account_policy_check = yes
filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
tls_cacertfile = /certs/edir/edir.pem
tls_certfile = /certs/edir/client.pem
tls_keyfile =/certs/edir/client.pem
tls_require_cert = "demand"
#tls_mode = yes
ldap_connections_number = 5
timeout = 5
timelimit = 3
net_timeout =1
}
Good luck :)
Yogesh.
On 7/19/07, Martin G <kapten_kanelbulle at hotmail.com> wrote:
> Hello!
>
> Im new to both this mailinglist and to novell/linux/ldap/freeradius but iv
> tried my best to install a radius/ldap linuxserver to pass on
> radius-requests from a Aruba-controller to our novell-server.
>
> IPs:
> Novell 10.10.0.11
> Aruba 10.10.0.28
> Linux (freeradius+ldap) 10.10.0.132
>
> Iv tried to change tls_mode, port and tls_start on and off a couple of times
> without any good result and when i go use ldapsearch -vvv -h 10.10.0.11 -x
> -Z -b ou=adm,ou=malmo,o=wifi "cn=lotta"
> i recieve "TLS: hostname does not match CN in peer certificate".
>
> So i have some thoughts about the certificate, but iv exported the
> selfsigned novell-certificate from the novellserver and verifyed it. But im
> not sure how to use a "client-certificate" on the linux.
>
> When i use "freeradius -XXX -A" on the linuxserver and i trie to do a
> radius-request, the aruba gets a timeout and the linuxserver tells me the
> following logg:
>
> Tue Jul 10 11:32:28 2007 : Info: Starting - reading configuration files ...
> Tue Jul 10 11:32:28 2007 : Debug: reread_config: reading radiusd.conf
> Tue Jul 10 11:32:28 2007 : Debug: Config: including file:
> /etc/freeradius/proxy.conf
> Tue Jul 10 11:32:28 2007 : Debug: Config: including file:
> /etc/freeradius/clients.conf
> Tue Jul 10 11:32:28 2007 : Debug: Config: including file:
> /etc/freeradius/snmp.conf
> Tue Jul 10 11:32:28 2007 : Debug: Config: including file:
> /etc/freeradius/eap.conf
> Tue Jul 10 11:32:28 2007 : Debug: Config: including file:
> /etc/freeradius/sql.conf
> Tue Jul 10 11:32:28 2007 : Debug: main: prefix = "/usr"
> Tue Jul 10 11:32:28 2007 : Debug: main: localstatedir = "/var"
> Tue Jul 10 11:32:28 2007 : Debug: main: logdir = "/var/log/freeradius"
> Tue Jul 10 11:32:28 2007 : Debug: main: libdir = "/usr/lib/freeradius"
> Tue Jul 10 11:32:28 2007 : Debug: main: radacctdir =
> "/var/log/freeradius/radacct"
> Tue Jul 10 11:32:28 2007 : Debug: main: hostname_lookups = no
> Tue Jul 10 11:32:28 2007 : Debug: main: max_request_time = 30
> Tue Jul 10 11:32:28 2007 : Debug: main: cleanup_delay = 5
> Tue Jul 10 11:32:28 2007 : Debug: main: max_requests = 1024
> Tue Jul 10 11:32:28 2007 : Debug: main: delete_blocked_requests = 0
> Tue Jul 10 11:32:28 2007 : Debug: main: port = 0
> Tue Jul 10 11:32:28 2007 : Debug: main: allow_core_dumps = no
> Tue Jul 10 11:32:28 2007 : Debug: main: log_stripped_names = yes
> Tue Jul 10 11:32:28 2007 : Debug: main: log_file =
> "/var/log/freeradius/radius.log"
> Tue Jul 10 11:32:28 2007 : Debug: main: log_auth = yes
> Tue Jul 10 11:32:28 2007 : Debug: main: log_auth_badpass = yes
> Tue Jul 10 11:32:28 2007 : Debug: main: log_auth_goodpass = yes
> Tue Jul 10 11:32:28 2007 : Debug: main: pidfile =
> "/var/run/freeradius/freeradius.pid"
> Tue Jul 10 11:32:28 2007 : Debug: main: user = "freerad"
> Tue Jul 10 11:32:28 2007 : Debug: main: group = "freerad"
> Tue Jul 10 11:32:28 2007 : Debug: main: usercollide = no
> Tue Jul 10 11:32:28 2007 : Debug: main: lower_user = "no"
> Tue Jul 10 11:32:28 2007 : Debug: main: lower_pass = "no"
> Tue Jul 10 11:32:28 2007 : Debug: main: nospace_user = "no"
> Tue Jul 10 11:32:28 2007 : Debug: main: nospace_pass = "no"
> Tue Jul 10 11:32:28 2007 : Debug: main: checkrad = "/usr/sbin/checkrad"
> Tue Jul 10 11:32:28 2007 : Debug: main: proxy_requests = yes
> Tue Jul 10 11:32:28 2007 : Debug: proxy: retry_delay = 5
> Tue Jul 10 11:32:28 2007 : Debug: proxy: retry_count = 3
> Tue Jul 10 11:32:28 2007 : Debug: proxy: synchronous = no
> Tue Jul 10 11:32:28 2007 : Debug: proxy: default_fallback = yes
> Tue Jul 10 11:32:28 2007 : Debug: proxy: dead_time = 120
> Tue Jul 10 11:32:28 2007 : Debug: proxy: post_proxy_authorize = no
> Tue Jul 10 11:32:28 2007 : Debug: proxy: wake_all_if_all_dead = no
> Tue Jul 10 11:32:28 2007 : Debug: security: max_attributes = 200
> Tue Jul 10 11:32:28 2007 : Debug: security: reject_delay = 1
> Tue Jul 10 11:32:28 2007 : Debug: security: status_server = no
> Tue Jul 10 11:32:28 2007 : Debug: main: debug_level = 0
> Tue Jul 10 11:32:28 2007 : Debug: read_config_files: reading dictionary
> Tue Jul 10 11:32:28 2007 : Debug: read_config_files: reading naslist
> Tue Jul 10 11:32:28 2007 : Info: Using deprecated naslist file. Support for
> this will go away soon.
> Tue Jul 10 11:32:28 2007 : Debug: read_config_files: reading clients
> Tue Jul 10 11:32:28 2007 : Debug: read_config_files: reading realms
> Tue Jul 10 11:32:28 2007 : Debug: radiusd: entering modules setup
> Tue Jul 10 11:32:28 2007 : Debug: Module: Library search path is
> /usr/lib/freeradius
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded exec
> Tue Jul 10 11:32:28 2007 : Debug: exec: wait = yes
> Tue Jul 10 11:32:28 2007 : Debug: exec: program = "(null)"
> Tue Jul 10 11:32:28 2007 : Debug: exec: input_pairs = "request"
> Tue Jul 10 11:32:28 2007 : Debug: exec: output_pairs = "(null)"
> Tue Jul 10 11:32:28 2007 : Debug: exec: packet_type = "(null)"
> Tue Jul 10 11:32:28 2007 : Info: rlm_exec: Wait=yes but no output defined.
> Did you mean output=none?
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated exec (exec)
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded expr
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated expr (expr)
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded PAP
> Tue Jul 10 11:32:28 2007 : Debug: pap: encryption_scheme = "crypt"
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated pap (pap)
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded CHAP
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated chap (chap)
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded MS-CHAP
> Tue Jul 10 11:32:28 2007 : Debug: mschap: use_mppe = yes
> Tue Jul 10 11:32:28 2007 : Debug: mschap: require_encryption = no
> Tue Jul 10 11:32:28 2007 : Debug: mschap: require_strong = no
> Tue Jul 10 11:32:28 2007 : Debug: mschap: with_ntdomain_hack = no
> Tue Jul 10 11:32:28 2007 : Debug: mschap: passwd = "(null)"
> Tue Jul 10 11:32:28 2007 : Debug: mschap: ntlm_auth = "(null)"
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated mschap (mschap)
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded System
> Tue Jul 10 11:32:28 2007 : Debug: unix: cache = no
> Tue Jul 10 11:32:28 2007 : Debug: unix: passwd = "(null)"
> Tue Jul 10 11:32:28 2007 : Debug: unix: shadow = "/etc/shadow"
> Tue Jul 10 11:32:28 2007 : Debug: unix: group = "(null)"
> Tue Jul 10 11:32:28 2007 : Debug: unix: radwtmp =
> "/var/log/freeradius/radwtmp"
> Tue Jul 10 11:32:28 2007 : Debug: unix: usegroup = no
> Tue Jul 10 11:32:28 2007 : Debug: unix: cache_reload = 600
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated unix (unix)
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded LDAP
> Tue Jul 10 11:32:28 2007 : Debug: ldap: server = "10.10.0.11"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: port = 636
> Tue Jul 10 11:32:28 2007 : Debug: ldap: net_timeout = 1
> Tue Jul 10 11:32:28 2007 : Debug: ldap: timeout = 4
> Tue Jul 10 11:32:28 2007 : Debug: ldap: timelimit = 3
> Tue Jul 10 11:32:28 2007 : Debug: ldap: identity = "cn=admin,o=wifi"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: tls_mode = no
> Tue Jul 10 11:32:28 2007 : Debug: ldap: start_tls = yes
> Tue Jul 10 11:32:28 2007 : Debug: ldap: tls_cacertfile =
> "/etc/freeradius/certs/WIFITREE_CA.b64"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: tls_certfile =
> "/etc/freeradius/certs/WIFITREE_CA.b64"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: tls_cacertdir = "(null)"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: tls_keyfile = "(null)"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: tls_randfile = "(null)"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: tls_require_cert = "allow"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: password = "******"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: basedn = "ou=adm,ou=malmo,o=wifi"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: filter =
> "(cn=%{Stripped-User-Name:-%{User-Name}})"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: base_filter =
> "(objectclass=radiusprofile)"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: default_profile = "(null)"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: profile_attribute = "(null)"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: password_header = "(null)"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: password_attribute = "nspmPassword"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: access_attr = "dialupAccess"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: groupname_attribute = "cn"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: groupmembership_filter =
> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: groupmembership_attribute =
> "(null)"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: dictionary_mapping =
> "/etc/freeradius/ldap.attrmap"
> Tue Jul 10 11:32:28 2007 : Debug: ldap: ldap_debug = 0
> Tue Jul 10 11:32:28 2007 : Debug: ldap: ldap_connections_number = 5
> Tue Jul 10 11:32:28 2007 : Debug: ldap: compare_check_items = no
> Tue Jul 10 11:32:28 2007 : Debug: ldap: access_attr_used_for_allow = yes
> Tue Jul 10 11:32:28 2007 : Debug: ldap: do_xlat = yes
> Tue Jul 10 11:32:28 2007 : Debug: ldap: edir_account_policy_check = yes
> Tue Jul 10 11:32:28 2007 : Debug: ldap: set_auth_type = yes
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: Registering ldap_groupcmp for
> Ldap-Group
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: Registering ldap_xlat with
> xlat_name ldap
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: reading ldap<->radius mappings
> from file /etc/freeradius/ldap.attrmap
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to
> RADIUS $GENERIC$
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to
> RADIUS $GENERIC$
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusAuthType mapped to
> RADIUS Auth-Type
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusSimultaneousUse
> mapped to RADIUS Simultaneous-Use
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusCalledStationId
> mapped to RADIUS Called-Station-Id
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusCallingStationId
> mapped to RADIUS Calling-Station-Id
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS
> LM-Password
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS
> NT-Password
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS
> SMB-Account-CTRL-TEXT
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusExpiration mapped to
> RADIUS Expiration
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped
> to RADIUS NAS-IP-Address
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusServiceType mapped to
> RADIUS Service-Type
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped
> to RADIUS Framed-Protocol
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusFramedIPAddress
> mapped to RADIUS Framed-IP-Address
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask
> mapped to RADIUS Framed-IP-Netmask
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to
> RADIUS Framed-Route
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped
> to RADIUS Framed-Routing
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusFilterId mapped to
> RADIUS Filter-Id
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to
> RADIUS Framed-MTU
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusFramedCompression
> mapped to RADIUS Framed-Compression
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to
> RADIUS Login-IP-Host
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusLoginService mapped
> to RADIUS Login-Service
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped
> to RADIUS Login-TCP-Port
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped
> to RADIUS Callback-Number
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to
> RADIUS Callback-Id
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork
> mapped to RADIUS Framed-IPX-Network
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusClass mapped to
> RADIUS Class
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped
> to RADIUS Session-Timeout
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to
> RADIUS Idle-Timeout
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusTerminationAction
> mapped to RADIUS Termination-Action
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusLoginLATService
> mapped to RADIUS Login-LAT-Service
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped
> to RADIUS Login-LAT-Node
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped
> to RADIUS Login-LAT-Group
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink
> mapped to RADIUS Framed-AppleTalk-Link
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP
> radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone
> mapped to RADIUS Framed-AppleTalk-Zone
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to
> RADIUS Port-Limit
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped
> to RADIUS Login-LAT-Port
> Tue Jul 10 11:32:28 2007 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped
> to RADIUS Reply-Message
> Tue Jul 10 11:32:28 2007 : Debug: conns: 0x8145988
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated ldap (ldap)
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded eap
> Tue Jul 10 11:32:28 2007 : Debug: eap: default_eap_type = "md5"
> Tue Jul 10 11:32:28 2007 : Debug: eap: timer_expire = 60
> Tue Jul 10 11:32:28 2007 : Debug: eap: ignore_unknown_eap_types = no
> Tue Jul 10 11:32:28 2007 : Debug: eap: cisco_accounting_username_bug = no
> Tue Jul 10 11:32:28 2007 : Debug: rlm_eap: Loaded and initialized type md5
> Tue Jul 10 11:32:28 2007 : Debug: rlm_eap: Loaded and initialized type leap
> Tue Jul 10 11:32:28 2007 : Debug: gtc: challenge = "Password: "
> Tue Jul 10 11:32:28 2007 : Debug: gtc: auth_type = "PAP"
> Tue Jul 10 11:32:28 2007 : Debug: rlm_eap: Loaded and initialized type gtc
> Tue Jul 10 11:32:28 2007 : Debug: mschapv2: with_ntdomain_hack = no
> Tue Jul 10 11:32:28 2007 : Debug: rlm_eap: Loaded and initialized type
> mschapv2
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated eap (eap)
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded preprocess
> Tue Jul 10 11:32:28 2007 : Debug: preprocess: huntgroups =
> "/etc/freeradius/huntgroups"
> Tue Jul 10 11:32:28 2007 : Debug: preprocess: hints =
> "/etc/freeradius/hints"
> Tue Jul 10 11:32:28 2007 : Debug: preprocess: with_ascend_hack = no
> Tue Jul 10 11:32:28 2007 : Debug: preprocess: ascend_channels_per_line = 23
> Tue Jul 10 11:32:28 2007 : Debug: preprocess: with_ntdomain_hack = no
> Tue Jul 10 11:32:28 2007 : Debug: preprocess: with_specialix_jetstream_hack
> = no
> Tue Jul 10 11:32:28 2007 : Debug: preprocess: with_cisco_vsa_hack = no
> Tue Jul 10 11:32:28 2007 : Debug: preprocess: with_alvarion_vsa_hack = no
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated preprocess
> (preprocess)
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded realm
> Tue Jul 10 11:32:28 2007 : Debug: realm: format = "suffix"
> Tue Jul 10 11:32:28 2007 : Debug: realm: delimiter = "@"
> Tue Jul 10 11:32:28 2007 : Debug: realm: ignore_default = no
> Tue Jul 10 11:32:28 2007 : Debug: realm: ignore_null = no
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated realm (suffix)
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded files
> Tue Jul 10 11:32:28 2007 : Debug: files: usersfile =
> "/etc/freeradius/users"
> Tue Jul 10 11:32:28 2007 : Debug: files: acctusersfile =
> "/etc/freeradius/acct_users"
> Tue Jul 10 11:32:28 2007 : Debug: files: preproxy_usersfile =
> "/etc/freeradius/preproxy_users"
> Tue Jul 10 11:32:28 2007 : Debug: files: compat = "no"
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated files (files)
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded Acct-Unique-Session-Id
> Tue Jul 10 11:32:28 2007 : Debug: acct_unique: key = "User-Name,
> Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated acct_unique
> (acct_unique)
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded detail
> Tue Jul 10 11:32:28 2007 : Debug: detail: detailfile =
> "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> Tue Jul 10 11:32:28 2007 : Debug: detail: detailperm = 384
> Tue Jul 10 11:32:28 2007 : Debug: detail: dirperm = 493
> Tue Jul 10 11:32:28 2007 : Debug: detail: locking = no
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated detail (detail)
> Tue Jul 10 11:32:28 2007 : Debug: Module: Loaded radutmp
> Tue Jul 10 11:32:28 2007 : Debug: radutmp: filename =
> "/var/log/freeradius/radutmp"
> Tue Jul 10 11:32:28 2007 : Debug: radutmp: username = "%{User-Name}"
> Tue Jul 10 11:32:28 2007 : Debug: radutmp: case_sensitive = yes
> Tue Jul 10 11:32:28 2007 : Debug: radutmp: check_with_nas = yes
> Tue Jul 10 11:32:28 2007 : Debug: radutmp: perm = 384
> Tue Jul 10 11:32:28 2007 : Debug: radutmp: callerid = yes
> Tue Jul 10 11:32:28 2007 : Debug: Module: Instantiated radutmp (radutmp)
> Tue Jul 10 11:32:28 2007 : Debug: Listening on authentication *:1812
> Tue Jul 10 11:32:28 2007 : Debug: Listening on accounting *:1813
> Tue Jul 10 11:32:28 2007 : Info: Ready to process requests.
> rad_recv: Access-Request packet from host 10.10.0.28:32795, id=42,
> length=112
> NAS-IP-Address = 10.10.0.29
> NAS-Port = 0
> NAS-Port-Type = Wireless-802.11
> User-Name = "lotta"
> User-Password = "********"
> Calling-Station-Id = "000000000000"
> Called-Station-Id = "000B86600DB2"
> Aruba-Essid-Name = ""
> Aruba-Location-Id = "0.0.0"
> Tue Jul 10 11:32:29 2007 : Debug: Processing the authorize section of
> radiusd.conf
> Tue Jul 10 11:32:29 2007 : Debug: modcall: entering group authorize for
> request 0
> Tue Jul 10 11:32:29 2007 : Debug: modsingle[authorize]: calling preprocess
> (rlm_preprocess) for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modsingle[authorize]: returned from
> preprocess (rlm_preprocess) for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modcall[authorize]: module "preprocess"
> returns ok for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modsingle[authorize]: calling chap
> (rlm_chap) for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modsingle[authorize]: returned from chap
> (rlm_chap) for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modcall[authorize]: module "chap"
> returns noop for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modsingle[authorize]: calling mschap
> (rlm_mschap) for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modsingle[authorize]: returned from
> mschap (rlm_mschap) for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modcall[authorize]: module "mschap"
> returns noop for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modsingle[authorize]: calling suffix
> (rlm_realm) for request 0
> Tue Jul 10 11:32:29 2007 : Debug: rlm_realm: No '@' in User-Name =
> "lotta", looking up realm NULL
> Tue Jul 10 11:32:29 2007 : Debug: rlm_realm: No such realm "NULL"
> Tue Jul 10 11:32:29 2007 : Debug: modsingle[authorize]: returned from
> suffix (rlm_realm) for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modcall[authorize]: module "suffix"
> returns noop for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modsingle[authorize]: calling eap
> (rlm_eap) for request 0
> Tue Jul 10 11:32:29 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP
> Tue Jul 10 11:32:29 2007 : Debug: modsingle[authorize]: returned from eap
> (rlm_eap) for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modcall[authorize]: module "eap" returns
> noop for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modsingle[authorize]: calling files
> (rlm_files) for request 0
> Tue Jul 10 11:32:29 2007 : Debug: users: Matched entry DEFAULT at line
> 152
> Tue Jul 10 11:32:29 2007 : Debug: modsingle[authorize]: returned from
> files (rlm_files) for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modcall[authorize]: module "files"
> returns ok for request 0
> Tue Jul 10 11:32:29 2007 : Debug: modsingle[authorize]: calling ldap
> (rlm_ldap) for request 0
> Tue Jul 10 11:32:29 2007 : Debug: rlm_ldap: - authorize
> Tue Jul 10 11:32:29 2007 : Debug: rlm_ldap: performing user authorization
> for lotta
> Tue Jul 10 11:32:29 2007 : Debug: radius_xlat: '(cn=lotta)'
> Tue Jul 10 11:32:29 2007 : Debug: radius_xlat: 'ou=adm,ou=malmo,o=wifi'
> Tue Jul 10 11:32:29 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
> Tue Jul 10 11:32:29 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
> Tue Jul 10 11:32:29 2007 : Debug: rlm_ldap: attempting LDAP reconnection
> Tue Jul 10 11:32:29 2007 : Debug: rlm_ldap: (re)connect to 10.10.0.11:636,
> authentication 0
> Tue Jul 10 11:32:29 2007 : Debug: rlm_ldap: setting TLS mode to 1
> Tue Jul 10 11:32:29 2007 : Debug: rlm_ldap: setting TLS CACert File to
> /etc/freeradius/certs/WIFITREE_CA.b64
> Tue Jul 10 11:32:29 2007 : Debug: rlm_ldap: setting TLS CACert Directory to
> /etc/freeradius/certs/
> Tue Jul 10 11:32:29 2007 : Debug: rlm_ldap: setting TLS Cert File to
> /etc/freeradius/certs/WIFITREE_CA.b64
> Tue Jul 10 11:32:29 2007 : Debug: rlm_ldap: starting TLS
> Tue Jul 10 11:32:30 2007 : Debug: rlm_ldap: ldap_start_tls_s()
> Tue Jul 10 11:32:30 2007 : Error: rlm_ldap: could not start TLS Can't
> contact LDAP server
> Tue Jul 10 11:32:30 2007 : Error: rlm_ldap: (re)connection attempt failed
> Tue Jul 10 11:32:30 2007 : Debug: rlm_ldap: search failed
> Tue Jul 10 11:32:30 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
> Tue Jul 10 11:32:30 2007 : Debug: modsingle[authorize]: returned from ldap
> (rlm_ldap) for request 0
> Tue Jul 10 11:32:30 2007 : Debug: modcall[authorize]: module "ldap"
> returns fail for request 0
> Tue Jul 10 11:32:30 2007 : Debug: modcall: leaving group authorize (returns
> fail) for request 0
> Tue Jul 10 11:32:30 2007 : Debug: Finished request 0
> Tue Jul 10 11:32:30 2007 : Debug: Going to the next request
> Tue Jul 10 11:32:30 2007 : Debug: --- Walking the entire request list ---
> Tue Jul 10 11:32:30 2007 : Debug: Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 10.10.0.28:32795, id=42,
> length=112
> Tue Jul 10 11:32:31 2007 : Debug: Discarding duplicate request from client
> localhost:32795 - ID: 42
> Tue Jul 10 11:32:31 2007 : Debug: --- Walking the entire request list ---
> Tue Jul 10 11:32:31 2007 : Debug: Waking up in 4 seconds...
> rad_recv: Access-Request packet from host 10.10.0.28:32795, id=42,
> length=112
> Tue Jul 10 11:32:33 2007 : Debug: Discarding duplicate request from client
> localhost:32795 - ID: 42
> Tue Jul 10 11:32:33 2007 : Debug: --- Walking the entire request list ---
> Tue Jul 10 11:32:33 2007 : Debug: Waking up in 2 seconds...
> Tue Jul 10 11:32:35 2007 : Debug: --- Walking the entire request list ---
> Tue Jul 10 11:32:35 2007 : Debug: Cleaning up request 0 ID 42 with timestamp
> 4693522d
> Tue Jul 10 11:32:35 2007 : Debug: Nothing to do. Sleeping until we see a
> request.
> rad_recv: Access-Request packet from host 10.10.0.28:32795, id=42,
> length=112
> NAS-IP-Address = 10.10.0.29
> NAS-Port = 0
> NAS-Port-Type = Wireless-802.11
> User-Name = "lotta"
> User-Password = "******"
> Calling-Station-Id = "000000000000"
> Called-Station-Id = "000B86600DB2"
> Aruba-Essid-Name = ""
> Aruba-Location-Id = "0.0.0"
> Tue Jul 10 11:32:35 2007 : Debug: Processing the authorize section of
> radiusd.conf
> Tue Jul 10 11:32:35 2007 : Debug: modcall: entering group authorize for
> request 1
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: calling preprocess
> (rlm_preprocess) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: returned from
> preprocess (rlm_preprocess) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modcall[authorize]: module "preprocess"
> returns ok for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: calling chap
> (rlm_chap) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: returned from chap
> (rlm_chap) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modcall[authorize]: module "chap"
> returns noop for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: calling mschap
> (rlm_mschap) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: returned from
> mschap (rlm_mschap) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modcall[authorize]: module "mschap"
> returns noop for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: calling suffix
> (rlm_realm) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: rlm_realm: No '@' in User-Name =
> "lotta", looking up realm NULL
> Tue Jul 10 11:32:35 2007 : Debug: rlm_realm: No such realm "NULL"
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: returned from
> suffix (rlm_realm) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modcall[authorize]: module "suffix"
> returns noop for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: calling eap
> (rlm_eap) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: returned from eap
> (rlm_eap) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modcall[authorize]: module "eap" returns
> noop for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: calling files
> (rlm_files) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: users: Matched entry DEFAULT at line
> 152
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: returned from
> files (rlm_files) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modcall[authorize]: module "files"
> returns ok for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: calling ldap
> (rlm_ldap) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: - authorize
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: performing user authorization
> for lotta
> Tue Jul 10 11:32:35 2007 : Debug: radius_xlat: '(cn=lotta)'
> Tue Jul 10 11:32:35 2007 : Debug: radius_xlat: 'ou=adm,ou=malmo,o=wifi'
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: attempting LDAP reconnection
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: (re)connect to 10.10.0.11:636,
> authentication 0
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: setting TLS mode to 1
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: setting TLS CACert File to
> /etc/freeradius/certs/WIFITREE_CA.b64
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: setting TLS CACert Directory to
> /etc/freeradius/certs/
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: setting TLS Cert File to
> /etc/freeradius/certs/WIFITREE_CA.b64
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: starting TLS
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: ldap_start_tls_s()
> Tue Jul 10 11:32:35 2007 : Error: rlm_ldap: could not start TLS Can't
> contact LDAP server
> Tue Jul 10 11:32:35 2007 : Error: rlm_ldap: (re)connection attempt failed
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: search failed
> Tue Jul 10 11:32:35 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
> Tue Jul 10 11:32:35 2007 : Debug: modsingle[authorize]: returned from ldap
> (rlm_ldap) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modcall[authorize]: module "ldap"
> returns fail for request 1
> Tue Jul 10 11:32:35 2007 : Debug: modcall: leaving group authorize (returns
> fail) for request 1
> Tue Jul 10 11:32:35 2007 : Debug: Finished request 1
> Tue Jul 10 11:32:35 2007 : Debug: Going to the next request
> Tue Jul 10 11:32:35 2007 : Debug: --- Walking the entire request list ---
> Tue Jul 10 11:32:35 2007 : Debug: Waking up in 6 seconds...
>
> Hope someone got any help.
> /Mr G
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list