No Aoth Type problem again

Andy An andyan at eciad.ca
Fri Jun 20 01:35:54 CEST 2008


Hi Ivan:
The password is in the ldap server as one of attributes binded to the 
user (userPassword: {CRYPT}something).
I posted the debugging info here and thanks a lot for your help!
Andy


------------The radiusd -X debugging info for a failed authentication 
request :

rad_recv: Access-Request packet from host 10.10.10.228 port 1059, id=90, 
length=156
        User-Name = "andyan"
        NAS-IP-Address = 10.10.10.228
        NAS-Port = 1
        Called-Station-Id = "00-14-6C-CC-93-E8:ECIeduroam"
        Calling-Station-Id = "00-17-F2-52-8A-C7"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 54Mbps 802.11g"
        EAP-Message = 0x0200000b01616e6479616e
        Message-Authenticator = 0x1b640e34d5907297f26e0150e954b295
+- entering group authorize
        expand: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
-> /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619
rlm_detail: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to 
/usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619
        expand: %t -> Thu Jun 19 16:09:10 2008
++[auth_log] returns ok
    rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 0 length 11
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for andyan
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for 
details
        expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=andyan)
        expand: ou=People,dc=eciad,dc=ca -> ou=People,dc=eciad,dc=ca
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap1.eciad.ca:389, authentication 0
rlm_ldap: bind as / to ldap1.eciad.ca:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=People,dc=eciad,dc=ca, with filter 
(uid=andyan)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that 
the user is configured correctly?
rlm_ldap: user andyan authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.  
Authentication may fail because of this.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 90 to 10.10.10.228 port 1059
        EAP-Message = 0x010100061520
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xce343774ce3522073b392edc718830e4
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.10.10.228 port 1059, id=91, 
length=275
        User-Name = "andyan"
        NAS-IP-Address = 10.10.10.228
        NAS-Port = 1
        Called-Station-Id = "00-14-6C-CC-93-E8:ECIeduroam"
        Calling-Station-Id = "00-17-F2-52-8A-C7"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 54Mbps 802.11g"
        EAP-Message = 
0x0201007015800000006616030100610100005d0301485ae7246df7cad8b3977bcb702121baac84e2a85197943b52e273243aa1543a000036002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a0017001900010100
        State = 0xce343774ce3522073b392edc718830e4
        Message-Authenticator = 0xcb10e2b9445f9958feaab918576268bc
+- entering group authorize
        expand: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
-> /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619
rlm_detail: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to 
/usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619
        expand: %t -> Thu Jun 19 16:09:11 2008
++[auth_log] returns ok
    rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 1 length 112
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
  TLS Length 102
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 91 to 10.10.10.228 port 1059
        EAP-Message = 
0x0102040015c0000008bb160301004a020000460301485ae717624920311e0af361309e5511218e8ea118be1011bdb69298297e6bc620d3e32b8f78ff7c31566794a16b1267cba749c6950eb8651a1e7211ac9cc9c4ad002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
        EAP-Message = 
0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631383232303934315a170d3039303631383232303934315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c5d8f1bfb0aec2555c5e034ee4677c814ac120afc2c6737fae65f755df4a
        EAP-Message = 
0x2af9434f85596064fc5bcd9b5f2e16f426c39ff51614c80a65c2e067a3a4c7911a38a3b8839007ea4d03cbda93410f383e643cd8bd788e9e14d2b3abd1067ad10efcc6eb0f8b8c0302ff00327e8604af8c16debd1e6ca2195d2b8187ca25e77d5f7bd4c84b985981baf5fd0be7cabe98da5d14817bd3ad62f2ac4f281098433100a22663ddb348f2a6ed0dd82f1de13a8ad2a57a3afe6d1e82eca0bf7f708ef7b7999a1af5b78b30171d2a40ce03d8b4daedcacd5bd389559f4b7fc82a4c411712829a3b5a09686b33a1c50abe21e8cff6189d8a481e19871e6f8b629e79dbf5ff590203010001a317301530130603551d25040c300a06082b06010505
        EAP-Message = 
0x070301300d06092a864886f70d01010405000382010100abdc8d29f0855dd309bd358b192e5c368fa45e161de5671519a4ae6db6c8ed586c8a6c3565dbc39b7c3c648061daabd6d1a220997c7caf6d105df85affd385a5dbae3b9b9040f59b066fa399496d909f04ffbe88e13cb90791e3fa8cb66577101e2967fe5a9d562b5c903c7f3625c59de375241836391ccb85aaad9d02a15af33203b928cdff6276ad00bfdaf17f5ef12d0370926d5dee595b22f0dd8a332ffe2c6e3f80d55551787a6b58e31933c44a6282f6eaaefc8c454955db064b742cf6907cf558d08da46b3a3e1925581fee05bb6ca641511d4f35c7880bbedfed8ea20f0276b21a85
        EAP-Message = 0x2889877f5db3c70defc739be
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xce343774cf3622073b392edc718830e4
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.10.10.228 port 1059, id=92, 
length=169
        User-Name = "andyan"
        NAS-IP-Address = 10.10.10.228
        NAS-Port = 1
        Called-Station-Id = "00-14-6C-CC-93-E8:ECIeduroam"
        Calling-Station-Id = "00-17-F2-52-8A-C7"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 54Mbps 802.11g"
        EAP-Message = 0x020200061500
        State = 0xce343774cf3622073b392edc718830e4
        Message-Authenticator = 0x5e4e63959239fca2486e0190d9d3c54a
+- entering group authorize
        expand: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
-> /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619
rlm_detail: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to 
/usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619
        expand: %t -> Thu Jun 19 16:09:11 2008
++[auth_log] returns ok
    rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 92 to 10.10.10.228 port 1059
        EAP-Message = 
0x0103040015c0000008bbcef8e8135051d22c8e604c46bbe50004ab308204a73082038fa003020102020900964407b7ca8a72e7300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631383232303933395a170d3038303731383232303933395a308193310b
        EAP-Message = 
0x3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100e71a28d861d1bc000ead67dda77fc24c88fd7f4e6b154ec39e6c1328da93acb45c4203d45485a76bd3ebf28e55486d785b45f54c81ee601a8e73e1c07d16f606a1b6146055903f54ebc8a5
        EAP-Message = 
0x06d421fb703b664bc1a37493d95559d894f04a2ca09c3c5292e9d82cff10a031177cab034ab883b3871e6c2460325a0d8a2a68322698cde33ad81ed808a429177249ff720932bea36f3558c8037fba4110a20451ed263bdd7021686bc816249ff209de18ebc36a923977b852b198a70b3601fb87b263c740a0d191a59591300981709f9beb6987b67bdfa820db88dcb3c3af3fa827552afb43f6accf386739f292c311b7f6287609afec629a4b8f1c0c0d4a9e165d0203010001a381fb3081f8301d0603551d0e041604148fc1ab4304f6a473ea66c4512ef6f9a078dbe3623081c80603551d230481c03081bd80148fc1ab4304f6a473ea66c4512ef6
        EAP-Message = 
0xf9a078dbe362a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900964407b7ca8a72e7300c0603551d13040530030101ff300d06092a864886f70d010105050003820101008c2687a029f098693008dbc4ee9968c7e71b0a4792003dc2d62403a142c75c227df610ac8979ffd430cf55103bab
        EAP-Message = 0xb78977c9a55b9a3571e655a3
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xce343774cc3722073b392edc718830e4
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.10.10.228 port 1059, id=93, 
length=169
        User-Name = "andyan"
        NAS-IP-Address = 10.10.10.228
        NAS-Port = 1
        Called-Station-Id = "00-14-6C-CC-93-E8:ECIeduroam"
        Calling-Station-Id = "00-17-F2-52-8A-C7"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 54Mbps 802.11g"
        EAP-Message = 0x020300061500
        State = 0xce343774cc3722073b392edc718830e4
        Message-Authenticator = 0x3d44409ada91a802ad38c9516b7bd15f
+- entering group authorize
        expand: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
-> /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619
rlm_detail: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to 
/usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619
        expand: %t -> Thu Jun 19 16:09:11 2008
++[auth_log] returns ok
    rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 93 to 10.10.10.228 port 1059
        EAP-Message = 
0x010400d91580000008bb04ae601515d34e563c02cc3de859401a836dc8d5b9e0c675cc610078839fc238a6f3ca30ce79381a61c588416489587635fe1fa874b66bc643d652e322305ad54f40382d23f7fe74c6df9df734c099780d8604e304ca13d8bc9e2bb3ebd9221731634de6099bb36ff584bae8b16bfd00d3b19ffe67c20b40e9d66366325f55810904fc6fa593c6186bf3cedd075e3c447a65a23d444547c434ec02220b377133980437496ee79601f296ea241e10ed902bcdf83adac9980a26ac91f4b034ef1e88febcd2e3a416030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xce343774cd3022073b392edc718830e4
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.10.10.228 port 1059, id=94, 
length=501
        User-Name = "andyan"
        NAS-IP-Address = 10.10.10.228
        NAS-Port = 1
        Called-Station-Id = "00-14-6C-CC-93-E8:ECIeduroam"
        Calling-Station-Id = "00-17-F2-52-8A-C7"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 54Mbps 802.11g"
        EAP-Message = 
0x0204015015800000014616030101061000010201006f8b4a08f82354917c986395fa9a274fdae1c99fa5016c83526d76183458f4f18db894c0602c67f245007cda75b0bc6267972a5ec6b7b9be1d2bcbf7f8e86d5532a48e861efdc5e232d31e8bf91a4c5edf9c68ffa4c193312122387311da7af75adf30ed6ed034f9a1a57785455f2673482e9339b36ff9784f924f0b50ebaf6bdccdd15f3f1c075208eea7e9f7bc178b0eeb91b1aa5f515b597886566c4f5ff34f45437fd9e810c2699daf33ec51902a7ba4bc7578271b3bf71ccb99e08e7308978bbf09ef9ccf1b63ef0651397222bb58be67099dbc7b8e37627f204ceb641a30382a1e11a7fd2f
        EAP-Message = 
0x991c03d2e3f57e56e36db67b21563e3f97502d4fba252d8a1403010001011603010030cf151f5b366eda1330659c1f3f5e55339fdc3d1e066553f4e1617ef016a82b2051a71cabd5dd256233a3c13b835765ac
        State = 0xce343774cd3022073b392edc718830e4
        Message-Authenticator = 0x5b6d9e9a04ef65ad4b374225d10a39f0
+- entering group authorize
        expand: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
-> /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619
rlm_detail: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to 
/usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619
        expand: %t -> Thu Jun 19 16:09:11 2008
++[auth_log] returns ok
    rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 4 length 253
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
  TLS Length 326
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
SSL Connection Established
  eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 94 to 10.10.10.228 port 1059
        EAP-Message = 
0x0105004515800000003b1403010001011603010030dcbc638acd36ffa613cef9ef9af25c610a95b3484085d983ad7512401dfb83682e456974cac1172d9fc413f44fcaebac
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xce343774ca3122073b392edc718830e4
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.10.10.228 port 1059, id=95, 
length=322
        User-Name = "andyan"
        NAS-IP-Address = 10.10.10.228
        NAS-Port = 1
        Called-Station-Id = "00-14-6C-CC-93-E8:ECIeduroam"
        Calling-Station-Id = "00-17-F2-52-8A-C7"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 54Mbps 802.11g"
        EAP-Message = 
0x0205009f1580000000951703010090987fd6d5cc5864599d5ca410f41de2a2044d322da2a89e7460dee718bd49305e426f8dedf5e8487d84e977a7c3a9206c6de4d1824fada2d41244382e57d30b801ebda16a9ebb3e74dd6b62a2bdcc36755a8f8b26fb36454ed404c3d9eb4f13b8337e25e6c7a4fa21f8497db0a782833b513c8335207e868ac0bfa876fc3db0414a4ae8deccd03be7748f5907fbe04d36
        State = 0xce343774ca3122073b392edc718830e4
        Message-Authenticator = 0xa2874e59a7ffafb2940d2853a2fbe36e
+- entering group authorize
        expand: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
-> /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619
rlm_detail: 
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to 
/usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619
        expand: %t -> Thu Jun 19 16:09:11 2008
++[auth_log] returns ok
    rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 5 length 159
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
  TLS Length 149
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  eaptls_process returned 7
  rlm_eap_ttls: Session established.  Proceeding to decode tunneled 
attributes.
+- entering group authorize
    rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for andyan
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for 
details
        expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=andyan)
        expand: ou=People,dc=eciad,dc=ca -> ou=People,dc=eciad,dc=ca
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,dc=eciad,dc=ca, with filter 
(uid=andyan)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that 
the user is configured correctly?
rlm_ldap: user andyan authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
auth: No authenticate method (Auth-Type) configuration found for the 
request: Rejecting the user
auth: Failed to validate the user.
  TTLS: Got tunneled Access-Reject
 rlm_eap: Handler failed in EAP/ttls
  rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> andyan
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 95 to 10.10.10.228 port 1059
        EAP-Message = 0x04050004
        Message-Authenticator = 0x00000000000000000000000000000000
Finished request 5.
Going to the next request
Waking up in 4.4 seconds.
Cleaning up request 0 ID 90 with timestamp +72
Cleaning up request 1 ID 91 with timestamp +73
Cleaning up request 2 ID 92 with timestamp +73
Cleaning up request 3 ID 93 with timestamp +73
Cleaning up request 4 ID 94 with timestamp +73
Waking up in 0.3 seconds.
Cleaning up request 5 ID 95 with timestamp +73
Ready to process requests.

-- 



More information about the Freeradius-Users mailing list