Fwd: rlm-perl lc usernames

Charlie B cbwonderboy at gmail.com
Mon Sep 22 20:07:58 CEST 2008


Hi Alan,

I run the same config (as previous post) which works as you indicated (and
Ivan) with radtest however when I use a windows client this is what I
get.... and the rearrangement of the username

rad_recv: Access-Request packet from host 10.0.1.9 port 1645, id=203,
length=139
        User-Name = "****\\raduser"
        Service-Type = Framed-User
        Framed-MTU = 1500
        Called-Station-Id = "00-13-19-EE-6F-11"
        Calling-Station-Id = "00-15-C5-02-39-99"
        EAP-Message = 0x02020011014e494e545c72616475736572
        Message-Authenticator = 0xfb84a2ca75668b069afe6577aef9a486
        NAS-Port-Type = Ethernet
        NAS-Port = 50117
        NAS-IP-Address = 10.0.1.9
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0x2acfd70 asigned new request. Handled so far: 1
found interpetator at address 0x2acfd70
rlm_perl: RAD_REQUEST: NAS-Port-Type = Ethernet
rlm_perl: RAD_REQUEST: Service-Type = Framed-User
rlm_perl: RAD_REQUEST: Calling-Station-Id = 00-15-C5-02-39-99
rlm_perl: RAD_REQUEST: Called-Station-Id = 00-13-19-EE-6F-11
rlm_perl: RAD_REQUEST: Message-Authenticator =
0xfb84a2ca75668b069afe6577aef9a486
rlm_perl: RAD_REQUEST: User-Name = ****\\raduser
rlm_perl: RAD_REQUEST: EAP-Message = 0x02020011014e494e545c72616475736572
rlm_perl: RAD_REQUEST: NAS-IP-Address = 10.0.1.9
rlm_perl: RAD_REQUEST: NAS-Port = 50117
rlm_perl: RAD_REQUEST: Framed-MTU = 1500
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Calling-Station-Id = 00-15-C5-02-39-99
rlm_perl: Added pair Called-Station-Id = 00-13-19-EE-6F-11
rlm_perl: Added pair Message-Authenticator =
0xfb84a2ca75668b069afe6577aef9a486
rlm_perl: Added pair User-Name = ****\\raduser
rlm_perl: Added pair EAP-Message = 0x02020011014e494e545c72616475736572
rlm_perl: Added pair NAS-IP-Address = 10.0.1.9
rlm_perl: Added pair NAS-Port = 50117
rlm_perl: Added pair Framed-MTU = 1500
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x2acfd70
++[perl] returns updated
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "****\ aduserr", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 2 length 17
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: Entering ldap_groupcmp()
        expand: dc=ads,dc=nint,dc=org -> dc=ads,dc=nint,dc=org
        expand: (sAMAccountname=%{mschap:User-Name:-%{User-Name}}) ->
(sAMAccountname= aduserr)
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=***,dc=****,dc=***, with filter
(sAMAccountname= aduserr)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()


rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=***,dc=****,dc=***, with filter
(sAMAccountname= aduserr)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns notfound
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
  rlm_eap: Failed in handler
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect (rlm_ldap: User not found): [****\\\raduser] (from client
switch-man-lan port 50117 cli 00-15-C5-02-39-99)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> ****\ aduserr
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 203 to 10.0.1.9 port 1645
Finished request 1.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080922/396bf8ec/attachment.html>


More information about the Freeradius-Users mailing list