radwho question....

Chris Bradshaw cwbshaw at gmail.com
Thu Oct 4 13:46:54 CEST 2007


Hi....

OK....I tried using a User-Name of Bob as suggested, but still no joy.
I have attached a complete log of everything from the moment I click
OK on my Windoze laptop until the laptop says it has authenticated
successfully......

Thanx in advance for any help.

Chris.

rad_recv: Access-Request packet from host 10.11.2.97:1645, id=15, length=147
        User-Name = "anonymous"
        Framed-MTU = 1400
        Called-Station-Id = "0019.a90e.f490"
        Calling-Station-Id = "0090.4b28.86b0"
        Service-Type = Login-User
        Message-Authenticator = 0x6c0296cf0997502a20b91d0ab5c7d475
        EAP-Message = 0x0202000e01616e6f6e796d6f7573
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 262
        NAS-Port-Id = "262"
        NAS-IP-Address = 10.11.2.97
        NAS-Identifier = "d106-ap1240-1"
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anonymous
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
Sending Access-Challenge of id 15 to 10.11.2.97 port 1645
        EAP-Message = 0x010300061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x6d038dc21b4b7ccc8be83157ba7f8d5d
rad_recv: Access-Request packet from host 10.11.2.97:1645, id=16, length=157
        User-Name = "anonymous"
        Framed-MTU = 1400
        Called-Station-Id = "0019.a90e.f490"
        Calling-Station-Id = "0090.4b28.86b0"
        Service-Type = Login-User
        Message-Authenticator = 0xd9d6ade7b49bf14e276219d11e1ee016
        EAP-Message = 0x020300060315
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 262
        NAS-Port-Id = "262"
        State = 0x6d038dc21b4b7ccc8be83157ba7f8d5d
        NAS-IP-Address = 10.11.2.97
        NAS-Identifier = "d106-ap1240-1"
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anonymous
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
Sending Access-Challenge of id 16 to 10.11.2.97 port 1645
        EAP-Message = 0x010400061520
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x3fb35d32290c24764e9db533206bc16a
rad_recv: Access-Request packet from host 10.11.2.97:1645, id=17, length=243
        User-Name = "anonymous"
        Framed-MTU = 1400
        Called-Station-Id = "0019.a90e.f490"
        Calling-Station-Id = "0090.4b28.86b0"
        Service-Type = Login-User
        Message-Authenticator = 0x933c7e115f5fde84cf641744c34d90b0
        EAP-Message =
0x0204005c158000000052160301004d01000049030197874f93537273cc884c9764aade2de3d77fc2b7cb525ef666b7c6f2e654e0c320e7dfeb3f9185ff7a30f69ffdb50509b95586c30a3edef6c771e5ba95508d9b620002000a0100
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 262
        NAS-Port-Id = "262"
        State = 0x3fb35d32290c24764e9db533206bc16a
        NAS-IP-Address = 10.11.2.97
        NAS-Identifier = "d106-ap1240-1"
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anonymous
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
Sending Access-Challenge of id 17 to 10.11.2.97 port 1645
        EAP-Message =
0x0105040a15c00000097b160301004a0200004603014704ce66e2b903fed180ce086543967f9c57c961badbd56be7b080c80000000020177e053b5926050f37c369b4a610ca7ec09f31298036a35ab209957e7050a3ad000a00160301091e0b00091a00091700040830820404308202eca003020102020103300d06092a864886f70d01010405003081b7310b3009060355040613024945311530130603550408130c436f756e7479204b65727279310f300d060355040713065472616c65653120301e060355040a1317496e73746974757465206f6620546563686e6f6c6f6779311b3019060355040b1312436f6d707574696e672053657276696365
        EAP-Message =
0x73311b301906035504031312776c616e63612e69747472616c65652e69653124302206092a864886f70d010901161574656368406c6973742e69747472616c65652e6965301e170d3035313030363039333734375a170d3135313030343039333734375a3081b9310b3009060355040613024945311530130603550408130c436f756e7479204b65727279310f300d060355040713065472616c65653120301e060355040a1317496e73746974757465206f6620546563686e6f6c6f6779311b3019060355040b1312436f6d707574696e67205365727669636573311d301b06035504031314776c616e74746c732e69747472616c65652e6965312430
        EAP-Message =
0x2206092a864886f70d010901161574656368406c6973742e69747472616c65652e696530820122300d06092a864886f70d01010105000382010f003082010a0282010100e8b055796ce1bfc203326ff6dd538b09d4b736679081c4fb3523e587c18b0299556a15f58a9dbeaad6449ac0bdb1e008578a28aecd790bfc4df20ada8fd89034430902823ec0164a83a024f40c4044d6c97c94df6a19e3511827496507626eab85cd09d49632312e43ce514b3092597d3d703ce11e18cc74ec8eb3d34f63b576ee69e4a47797ef0f84a10e44ca8ec5b65d6e9ccd03b9d0f478d13fff717543c1bc765067639779c462f5d5ea8b90e0ab553412fefc07d7133f
        EAP-Message =
0x2daf0e0d7eda6722cc5de7d2eb72bd8b32e53af42f8f1ada6315a0c6329c7a63b78eb5a1eb01410db77886daa1a533b53de25d8c16f56587ae7a540efe372cb842335ccf4ac2b70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010013bedbf669d282401ef1d4e8f4ceeab5d9a165277b23a4d904883e599934667f2e3c1582895ad060f2ba2fa25891d35981cd9e0c5f495ab33194a4a91335c6def96ea83f73e7b06ae35fd9ed5ec566a4620a1a8aaac6384ef732a5ae67b258c3445aeb4d04be225c97479d1cfa6a901cb4c0ab90c26561c4bb023fe92d8aff746742ede1
        EAP-Message = 0x3f9249e8a3f87cdf0ba7a9ddda0287c2beb887c1133a
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc9aaf7babacd5449bc2c4dfe415c2ffc
rad_recv: Access-Request packet from host 10.11.2.97:1645, id=18, length=157
        User-Name = "anonymous"
        Framed-MTU = 1400
        Called-Station-Id = "0019.a90e.f490"
        Calling-Station-Id = "0090.4b28.86b0"
        Service-Type = Login-User
        Message-Authenticator = 0xcc603ff0e1ef9af8540cf19e69be6d4e
        EAP-Message = 0x020500061500
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 262
        NAS-Port-Id = "262"
        State = 0xc9aaf7babacd5449bc2c4dfe415c2ffc
        NAS-IP-Address = 10.11.2.97
        NAS-Identifier = "d106-ap1240-1"
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anonymous
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
Sending Access-Challenge of id 18 to 10.11.2.97 port 1645
        EAP-Message =
0x0106040a15c00000097b8c1812bcb59a4dcabfc30f1be566787d627365f58d90e2b2c4b3f8f39fd36a3d4bb985416615a1c95ee9933d0959edce8a97a0b920c65c10b7020bd85b16beeefcbd029e59ce4a7bcadb48683196dee4e418e33366ab749781191b00a6dea40841463a12ef2700050930820505308203eda003020102020100300d06092a864886f70d01010405003081b7310b3009060355040613024945311530130603550408130c436f756e7479204b65727279310f300d060355040713065472616c65653120301e060355040a1317496e73746974757465206f6620546563686e6f6c6f6779311b3019060355040b1312436f6d707574
        EAP-Message =
0x696e67205365727669636573311b301906035504031312776c616e63612e69747472616c65652e69653124302206092a864886f70d010901161574656368406c6973742e69747472616c65652e6965301e170d3034303832333136333434305a170d3134303832313136333434305a3081b7310b3009060355040613024945311530130603550408130c436f756e7479204b65727279310f300d060355040713065472616c65653120301e060355040a1317496e73746974757465206f6620546563686e6f6c6f6779311b3019060355040b1312436f6d707574696e67205365727669636573311b301906035504031312776c616e63612e6974747261
        EAP-Message =
0x6c65652e69653124302206092a864886f70d010901161574656368406c6973742e69747472616c65652e696530820122300d06092a864886f70d01010105000382010f003082010a0282010100ba05dcb9abeec7bf8f46f1a9462b6179c36182869de493a2af9b4c4e3fb31e016472bf4fcdefcde889cc4f24f8434fc920b51cc885e7a76a3f648418d1bcfbee3b8e672285aeef03555f57930bfc658a5121e63d554e4d1f131bdfa69fea2f6b7b5c9d1f28ff58fc6eb53cf608fa7603e490cd11bad38d117d39fd647e863b82195a71ad6cd3917a39f900c1cb6b12b2d9b668bf5889e075b1eddff7da5947e951cba54c3336dfc7e7f50fe29c2f9bb3
        EAP-Message =
0x1ffd96e696bdb1d3e7a3873b59080e0a4f00f918b62812eca614f2777c1706130186988db012d36de28510dde560b62b17a4ec460e6e4403b1ff156bfb0665cc23fc223c0338f215e558e64b7bb9a8d10203010001a382011830820114301d0603551d0e04160414603564bf3709eb94a9ae18e343fe950827d83a5b3081e40603551d230481dc3081d98014603564bf3709eb94a9ae18e343fe950827d83a5ba181bda481ba3081b7310b3009060355040613024945311530130603550408130c436f756e7479204b65727279310f300d060355040713065472616c65653120301e060355040a1317496e73746974757465206f6620546563686e6f6c
        EAP-Message = 0x6f6779311b3019060355040b1312436f6d707574696e
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xb182e73eaf239ef456fca727c18f5345
rad_recv: Access-Request packet from host 10.11.2.97:1645, id=19, length=157
        User-Name = "anonymous"
        Framed-MTU = 1400
        Called-Station-Id = "0019.a90e.f490"
        Calling-Station-Id = "0090.4b28.86b0"
        Service-Type = Login-User
        Message-Authenticator = 0x485cfc0d0d4b9fe547285454f1d0a902
        EAP-Message = 0x020600061500
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 262
        NAS-Port-Id = "262"
        State = 0xb182e73eaf239ef456fca727c18f5345
        NAS-IP-Address = 10.11.2.97
        NAS-Identifier = "d106-ap1240-1"
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anonymous
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
Sending Access-Challenge of id 19 to 10.11.2.97 port 1645
        EAP-Message =
0x0107018515800000097b67205365727669636573311b301906035504031312776c616e63612e69747472616c65652e69653124302206092a864886f70d010901161574656368406c6973742e69747472616c65652e6965820100300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010086b42675c76e6a74a6858ae10803f1dd0da3737ad355ff5b0d55eb9e06d2f50df342841c38c531ab357563920ef1d5da6b2b0022ba20c2170aea199a615440fdcbec5347c3d928903d5c5f0878fa5e0dc46ef1bb53e745e591e44e074a014b059d95db139383ad2506e20d13772aa037284f2d0a352562a0f2404a74b11fc939e7
        EAP-Message =
0x79c80a8b82c93b8259d76594068e601b669a0394b8b43e75ce3c686535f559fbe7659c1a43071d7d6413b0f6398ec578ccd15718bad1ddd870fcdbdd4f3f6ba74c263f57a3ad493c29980c32273247a947aa753eeed2b083a73d111ba02f18b1fcbb8ad3da9bf3315c029448377626971071236c92469db1cba47a0b86bca916030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x09b7545f98e47e43026236e0eab8a38b
rad_recv: Access-Request packet from host 10.11.2.97:1645, id=20, length=481
        User-Name = "anonymous"
        Framed-MTU = 1400
        Called-Station-Id = "0019.a90e.f490"
        Calling-Station-Id = "0090.4b28.86b0"
        Service-Type = Login-User
        Message-Authenticator = 0x86ec324b39f48b51de271f5cd0fec16b
        EAP-Message =
0x0207014815800000013e1603010106100001020100b95dee019dc0ceffbc091bc890093da4c1775efbf7828d372ba5d2bd345b4b02af6b448accf2afd7c896444456ea08e617be150b9902bb68cafba84f4a9398802472ef5dee5e58800591dcf87ef0bc1c8ce1055cc6fdc230f4d887b7ab63dd64544488881028a08574203fd2607db93040b106e893e9d609115f51c7a12c80c7addffbf8da87eeb293b276f2cc6d0fdfd9d7fb67519c05edc960e32ceeddcafb2b2597637ef50b20beadd9655a15f4a45191d9203c30d1feb5e4549909cabc50a355708d54a651d27aef01dad90ea1e5604d1eb5f9e273f2aff23609c1bbbbbb0eeba4e24dac9072
        EAP-Message =
0xc9bd5d8d86674c3f0f93e98c576e12fadda6d0beb113d22c14030100010116030100284e4a7a51f65e3803eb6fe4d538efa8351ae9cfafdfc4442b6574693d2e8bd413af3c252bd298e614
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 262
        NAS-Port-Id = "262"
        State = 0x09b7545f98e47e43026236e0eab8a38b
        NAS-IP-Address = 10.11.2.97
        NAS-Identifier = "d106-ap1240-1"
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anonymous
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
Sending Access-Challenge of id 20 to 10.11.2.97 port 1645
        EAP-Message =
0x0108003d15800000003314030100010116030100289c60651f87bdd417674bbf7beda36626fa1e4afba008323dae5cb00512052ef8180887999e46a541
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x73994dee99fc258300f5da4fc1612c1b
rad_recv: Access-Request packet from host 10.11.2.97:1645, id=21, length=230
        User-Name = "anonymous"
        Framed-MTU = 1400
        Called-Station-Id = "0019.a90e.f490"
        Calling-Station-Id = "0090.4b28.86b0"
        Service-Type = Login-User
        Message-Authenticator = 0x1e9c712a8d2dc8fa960a785e06e7951e
        EAP-Message =
0x0208004f15800000004517030100400bc9845a01daea62c31bdc16a97bd4390e16ffac8ff05fb7e4f73ff86b2a2f2bb193cf3fd7a3fdd1310f5241cbc69bc9f1e95a1a889bb5c7fca2c868095fb598
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 262
        NAS-Port-Id = "262"
        State = 0x73994dee99fc258300f5da4fc1612c1b
        NAS-IP-Address = 10.11.2.97
        NAS-Identifier = "d106-ap1240-1"
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anonymous
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  TTLS: Got tunneled request
        User-Name = "cwbshaw"
        User-Password = "BLAHBLAH"
        FreeRADIUS-Proxied-To = 127.0.0.1
  TTLS: Sending tunneled request
        User-Name = "cwbshaw"
        User-Password = "BLAHBLAH"
        FreeRADIUS-Proxied-To = 127.0.0.1
        Framed-MTU = 1400
        Called-Station-Id = "0019.a90e.f490"
        Calling-Station-Id = "0090.4b28.86b0"
        Service-Type = Login-User
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 262
        NAS-Port-Id = "262"
        NAS-IP-Address = 10.11.2.97
        NAS-Identifier = "d106-ap1240-1"
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cwbshaw
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: No default NMAS login sequence
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id:1 = "90"
rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type:1 = IEEE-802
rlm_ldap: Adding radiusTunnelType as Tunnel-Type:1 = VLAN
rlm_ldap: Adding radiusSessionTimeout as Session-Timeout = 900
rlm_ldap: Setting Auth-Type = ldap
rlm_ldap: user cwbshaw authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "cwbshaw" with password "BLAHBLAH"
rlm_ldap: user DN: uid=cwbshaw,ou=SomeOrg,dc=somename,dc=somename
rlm_ldap: (re)connect to ldapserv:389, authentication 1
rlm_ldap: bind as
uid=cwbshaw,ou=People,ou=SomeOrg,dc=somename,dc=somename/BLAHBLAH to
ldapserv:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user cwbshaw authenticated succesfully
rlm_sql (sql): Processing sql_postauth
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
  TTLS: Got tunneled reply RADIUS code 2
        Tunnel-Private-Group-Id:1 = "90"
        Tunnel-Medium-Type:1 = IEEE-802
        Tunnel-Type:1 = VLAN
        Session-Timeout = 900
rlm_sql (sql): Processing sql_postauth
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
Sending Access-Accept of id 21 to 10.11.2.97 port 1645
        Tunnel-Private-Group-Id:1 = "90"
        Tunnel-Medium-Type:1 = IEEE-802
        Tunnel-Type:1 = VLAN
        Session-Timeout = 900
        MS-MPPE-Recv-Key =
0xb11824885701a83036b3eed97340ee970847a981b575644b530650b8af16ac28
        MS-MPPE-Send-Key =
0xa437c5995ead3c724e67ed1649916a8e9acebc59f796ae0790654da555aa4193
        EAP-Message = 0x03080004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "anonymous"
rad_recv: Accounting-Request packet from host 10.11.2.97:1646, id=6, length=222
        Acct-Session-Id = "00000008"
        Called-Station-Id = "0019.a90e.f490"
        Calling-Station-Id = "0090.4b28.86b0"
        Cisco-AVPair = "ssid=ittwlan"
        Cisco-AVPair = "vlan-id=90"
        Cisco-AVPair = "nas-location=unspecified"
        User-Name = "anonymous"
        Cisco-AVPair = "connect-progress=Call Up"
        Acct-Authentic = RADIUS
        Acct-Status-Type = Start
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 262
        NAS-Port-Id = "262"
        Service-Type = Framed-User
        NAS-IP-Address = 10.11.2.97
        Acct-Delay-Time = 0
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
Sending Accounting-Response of id 6 to 10.11.2.97 port 1646


On 04/10/2007, Alan DeKok <aland at deployingradius.com> wrote:
> Chris Bradshaw wrote:
> > The debug output was pretty much the same as my first email. I have
> > attached it below anyway. This debug output was taken with freeradius
> > 1.1.7 and the following configured:
> >
> > * Enabled use_tunneled_reply & copy_request_to_tunnel.
> >
> > * Have the following in the users file:
> > DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
> >        User-Name := `%{User-Name}`
>
>   You still have it sending "anonymous" in the Access-Accept.  Fix that.
>  Stop doing anything else until it sends the real user name.
>
> > Am I correct in saying that the NAS will send an Accounting-Request
> > using the User-Name it received in the previous Access-Accept?
>
>   Yes.
>
> > If so, how can it be the fault of the NAS if freeradius (in spite of
> > trying the settings above) is still sending an Access-Accept with
> > User-Name set to anonymous?
>
>   It's not.  You're not configuring FreeRADIUS properly.
>
>   Put this at the TOP of the "users" file:
>
> # test
> DEFAULT
>         User-Name := "bob"
> # end of test
>
>   verify that the final Access-Accept contains the user name "bob", and
> the accounting request contains the user name "bob".
>
>   Then, delete that entry, and READ THE DEBUG LOG to see why the other
> entry you have isn't being used.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list