having problems with different eap modules
Sergio
sergioyebenes at alumnos.upm.es
Sat Jul 12 23:03:17 CEST 2008
Hi,
my users file contains this:
"YEBENES MORENO, SERGIO (AUTENTICACIÓN)"
"NOMBRE YEBENES MORENO SERGIO"
my sites-enabled/default contains this
authorize {
......
if (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACIÓN)") {
DNIe
}
elsif (User-Name == "NOMBRE YEBENES MORENO SERGIO") {
FNMT
}
......
}
authenticate {
......
DNIe
FNMT
.....
}
my radiusd.conf contains this
......
eap DNIe {....}
eap FNMT {....}
.....
#being separated, working ok
I've deactivated proxy-request also, and commented $INCLUDE proxy.conf.
Sometimes I can authenticate both users but sometimes I have this log
with first user in this case:
rad_recv: Access-Request packet from host 192.168.0.3 port 3072, id=0,
length=191
User-Name = "YEBENES MORENO, SERGIO (AUTENTICACIÓN)"
NAS-IP-Address = 192.168.0.3
Called-Station-Id = "0014c145956f"
Calling-Station-Id = "001cf01294dd"
NAS-Identifier = "0014c145956f"
NAS-Port = 27
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0200002c01594542454e4553204d4f52454e4f2c2053455247494f2028415554454e544943414349c3934e29
Message-Authenticator = 0xa54b6486b856720c5b53d13d93a3c986
+- entering group authorize
++[preprocess] returns ok
rlm_realm: No '@' in User-Name = "YEBENES MORENO, SERGIO
(AUTENTICACI�?N)", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++? if (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACI�?N)")
? Evaluating (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACI�?N)") ->
TRUE
++? if (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACI�?N)") -> TRUE
++- entering if (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACI�?N)")
rlm_eap: EAP packet type response id 0 length 44
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
+++[DNIe] returns updated
++- if (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACI�?N)") returns
updated
++ ... skipping elsif for request 0: Preceding "if" was taken
++[unix] returns notfound
users: Matched entry YEBENES MORENO, SERGIO (AUTENTICACI�?N) at line
64
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rad_check_password: Found Auth-Type DNIe
auth: type "DNIe"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[DNIe] returns handled
Sending Access-Challenge of id 0 to 192.168.0.3 port 3072
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4b4488b94b458530f65cf8f80cfd1f5e
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +8
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.3 port 3072, id=0,
length=199
NAS-IP-Address = 192.168.0.3
Called-Station-Id = "0014c145956f"
Calling-Station-Id = "001cf01294dd"
NAS-Identifier = "0014c145956f"
NAS-Port = 27
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0201005d0d0016030100520100004e030148791746f321838297028ad0310c01e89a8658b33fb6d1912141922b623886ab00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100
Message-Authenticator = 0x6e7ed6d984d2842c80ec94779dbd71c7
+- entering group authorize
++[preprocess] returns ok
rlm_realm: Proxy reply, or no User-Name. Ignoring.
++[suffix] returns ok
++? if (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACI�?N)")
(Attribute User-Name was not found)
++? elsif (User-Name == "NOMBRE YEBENES MORENO SERGIO")
(Attribute User-Name was not found)
++[unix] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} ->
++[attr_filter.access_reject] returns noop
Sending Access-Reject of id 0 to 192.168.0.3 port 3072
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 0 with timestamp +38
Ready to process requests.
why User-Name couldn't be found?
If first match with users file was ok and found DNIe module, radius
should begin tls handshake.
Does wpa_supplicant sends identity only in the rist Access-Request? this
sounds a little strange...
Any "Sauron Eye" which can help me? Thanks
More information about the Freeradius-Users
mailing list