Checking an user into a specific OU using ldap module
LEOSI
radius at pronetis.fr
Tue Feb 24 10:41:00 CET 2009
Hi,
I want to attribute for a user based into the OU “Toto” a specific vlan (#2
in this exemple).
I use the LDAP module for checking the user match into my active directory.
I’m not sure about the syntax to use for checking the user.
Regards,
---------------------
my tree :
---------------------
dc : fr
|_dc : test
|_cn : Toto
|_uid : titi
I also tested this schema :
dc : fr
|_dc : test
|_cn : Users
|_uid : philippe
---------------------
users file :
---------------------
# also tried the syntax DEFAULT Ldap-Group == "cn=Users,dc=test,dc=fr"
# and DEFAULT Ldap-Group == "ou=Toto,dc=test,dc=fr"
DEFAULT Ldap-Group == "Users"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2,
Reply-Message = "Ok!"
---------------------
modules/ldap file :
---------------------
ldap {
server = "test.fr"
identity = "cn=bindradius,cn=Users,dc=test,dc=fr"
password = bindradius
# also tried basedn = "ou=Toto,dc=test,dc=fr”
basedn = "cn=Users,dc=test,dc=fr"
filter = "(samaccountname=%{User-Name})"
...
}
---------------------
log file :
---------------------
Mon Feb 23 19:54:09 2009 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=1,
length=202
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "philippe"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
EAP-Message = 0x0201000d017068696c69707065
Message-Authenticator = 0xfc69f28598b58a4210d1d61f58c675ba
Mon Feb 23 19:54:36 2009 : Info: +- entering group authorize {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP packet type response id 1 length
13
Mon Feb 23 19:54:36 2009 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns updated
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: Entering ldap_groupcmp()
Mon Feb 23 19:54:36 2009 : Info: [files] expand: cn=Users,dc=test,dc=fr ->
cn=Users,dc=test,dc=fr
Mon Feb 23 19:54:36 2009 : Info: [files] expand:
(samaccountname=%{User-Name}) -> (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: attempting LDAP reconnection
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: (re)connect to test.fr:389,
authentication 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: bind as
cn=bindradius,cn=Users,dc=test,dc=fr/bindradius to test.fr:389
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: waiting for bind result ...
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: Bind was successful
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: performing search in
cn=Users,dc=test,dc=fr, with filter (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Mon Feb 23 19:54:36 2009 : Info: [files] expand:
(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
->
(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: performing search in
cn=Users,dc=test,dc=fr, with filter
(&(cn=Users)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap::ldap_groupcmp: Group Users not
found or user is not a member.
Mon Feb 23 19:54:36 2009 : Info: ++[files] returns noop
Mon Feb 23 19:54:36 2009 : Info: [ldap] performing user authorization for
philippe
Mon Feb 23 19:54:36 2009 : Info: [ldap] expand:
(samaccountname=%{User-Name}) -> (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Info: [ldap] expand: cn=Users,dc=test,dc=fr ->
cn=Users,dc=test,dc=fr
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: performing search in
cn=Users,dc=test,dc=fr, with filter (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Info: [ldap] looking for check items in
directory...
Mon Feb 23 19:54:36 2009 : Info: [ldap] looking for reply items in
directory...
Mon Feb 23 19:54:36 2009 : Debug: WARNING: No "known good" password was
found in LDAP. Are you sure that the user is configured correctly?
Mon Feb 23 19:54:36 2009 : Info: [ldap] user philippe authorized to use
remote access
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Mon Feb 23 19:54:36 2009 : Info: ++[ldap] returns ok
Mon Feb 23 19:54:36 2009 : Info: ++[expiration] returns noop
Mon Feb 23 19:54:36 2009 : Info: ++[logintime] returns noop
Mon Feb 23 19:54:36 2009 : Info: Found Auth-Type = EAP
Mon Feb 23 19:54:36 2009 : Info: +- entering group authenticate {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP Identity
Mon Feb 23 19:54:36 2009 : Info: [eap] processing type tls
Mon Feb 23 19:54:36 2009 : Info: [tls] Initiate
Mon Feb 23 19:54:36 2009 : Info: [tls] Start returned 1
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.1.1 port 1024
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x598de205598ffb8c81084201186af9a2
Mon Feb 23 19:54:36 2009 : Info: Finished request 0.
Mon Feb 23 19:54:36 2009 : Debug: Going to the next request
Mon Feb 23 19:54:36 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=2,
length=287
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "philippe"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0x598de205598ffb8c81084201186af9a2
EAP-Message =
0x0202005019800000004616030100410100003d030149a3bc86c9ec4d17abdbca42bb1d626df57adf41df412bde414f23755cb2647f00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x8d8c4f905accbf6ddc0f0d9d5e54dc4b
Mon Feb 23 19:54:36 2009 : Info: +- entering group authorize {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP packet type response id 2 length
80
Mon Feb 23 19:54:36 2009 : Info: [eap] Continuing tunnel setup.
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns ok
Mon Feb 23 19:54:36 2009 : Info: Found Auth-Type = EAP
Mon Feb 23 19:54:36 2009 : Info: +- entering group authenticate {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] Request found, released from the list
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP/peap
Mon Feb 23 19:54:36 2009 : Info: [eap] processing type peap
Mon Feb 23 19:54:36 2009 : Info: [peap] processing EAP-TLS
Mon Feb 23 19:54:36 2009 : Debug: TLS Length 70
Mon Feb 23 19:54:36 2009 : Info: [peap] Length Included
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_verify returned 11
Mon Feb 23 19:54:36 2009 : Info: [peap] (other): before/accept
initialization
Mon Feb 23 19:54:36 2009 : Info: [peap] TLS_accept: before/accept
initialization
Mon Feb 23 19:54:36 2009 : Info: [peap] <<< TLS 1.0 Handshake [length 0041],
ClientHello
Mon Feb 23 19:54:36 2009 : Info: [peap] TLS_accept: SSLv3 read client
hello A
Mon Feb 23 19:54:36 2009 : Info: [peap] >>> TLS 1.0 Handshake [length 002a],
ServerHello
Mon Feb 23 19:54:36 2009 : Info: [peap] TLS_accept: SSLv3 write server
hello A
Mon Feb 23 19:54:36 2009 : Info: [peap] >>> TLS 1.0 Handshake [length 07f6],
Certificate
Mon Feb 23 19:54:36 2009 : Info: [peap] TLS_accept: SSLv3 write
certificate A
Mon Feb 23 19:54:36 2009 : Info: [peap] >>> TLS 1.0 Handshake [length 0004],
ServerHelloDone
Mon Feb 23 19:54:36 2009 : Info: [peap] TLS_accept: SSLv3 write server
done A
Mon Feb 23 19:54:36 2009 : Info: [peap] TLS_accept: SSLv3 flush data
Mon Feb 23 19:54:36 2009 : Info: [peap] TLS_accept: Need to read more
data: SSLv3 read client certificate A
Mon Feb 23 19:54:36 2009 : Debug: In SSL Handshake Phase
Mon Feb 23 19:54:36 2009 : Debug: In SSL Accept mode
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_process returned 13
Mon Feb 23 19:54:36 2009 : Info: [peap] EAPTLS_HANDLED
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.1.1 port 1024
EAP-Message =
0x0103040019c000000833160301002a02000026030149a2f0ec1033b6a02462a1e98148ee2b4c8ec3ee3fd080af73ef450a0403cb340000040016030107f60b0007f20007ef0003843082038030820268a003020102020101300d06092a864886f70d0101040500307d310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3110300e0603550403130743412d54455354301e170d3039303231383137323535375a170d31303032
EAP-Message =
0x31383137323535375a3071310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e311830160603550403130f6163746976656469726563746f72793120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b98bf032eeb0e7ce4d537bc0395d13f8a8a411c69883457d2876e0b2ff61301205e43fb5ffae011dc3c5de504368b87da6e3ee03f4bb54df867dde7055f68ccf88424e5ce0c0fcc84eb8b49be8329afb7ca5a9e4ba0e5b37c845e9b0ac3480bd
EAP-Message =
0x8e5a76085b5aa0b53a07c0688a485d14355d8f222d6e588c793876265078980919b1cf0d5e627ea391a83f2538a98e0be4de371ebb5414afbce46a638723da646d30a0612ebb299483d4c259bcc1698bcbf1ab2904623fdba6bacae5051a1e607868ab707d3e53b7b394627fef73a8b54489b86ffa4dbe83b9610d2cf66f9b265ae0793ca7faf7bfaa180754f0b33538fdb38e49cb29a03771eaa1e76b0851e10203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101008a651a00b01bb358e76bae28d6157e3e6cc01780764422568cfee1e355459f31901e9227da31e30bcdc1e9
EAP-Message =
0xa240589be361528986ad51da46a10b1dd3c8dab86b9707340a86716e117e04d97105827c7281686f18cdfabea2f06e77b6937558db51b567f245f029750b4dfc8b19f709e8488bcc321e359c0395363a87d11936c579e105182f5996c17c1c3e9e82ff0b6372574a68bea404ad491e80cd6e9ddb5bb40d90e4285f633800eafb0a128180d320bd89d8cebe6d3d50ef8a49a023197cab6c145ad5498fe05215948580430dbcb1feb85259708d397cdb387357d3f18eae8df4e80cc1557395bb8be043a92469226a64706c6779a90172b4b66c9903810004653082046130820349a003020102020900a7f0b1c64ee5a118300d06092a864886f70d010105
EAP-Message = 0x0500307d310b300906035504
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x598de205588efb8c81084201186af9a2
Mon Feb 23 19:54:36 2009 : Info: Finished request 1.
Mon Feb 23 19:54:36 2009 : Debug: Going to the next request
Mon Feb 23 19:54:36 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=3,
length=213
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "philippe"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0x598de205588efb8c81084201186af9a2
EAP-Message = 0x020300061900
Message-Authenticator = 0xc663e880140234467ac09fc6317e861e
Mon Feb 23 19:54:36 2009 : Info: +- entering group authorize {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP packet type response id 3 length
6
Mon Feb 23 19:54:36 2009 : Info: [eap] Continuing tunnel setup.
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns ok
Mon Feb 23 19:54:36 2009 : Info: Found Auth-Type = EAP
Mon Feb 23 19:54:36 2009 : Info: +- entering group authenticate {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] Request found, released from the list
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP/peap
Mon Feb 23 19:54:36 2009 : Info: [eap] processing type peap
Mon Feb 23 19:54:36 2009 : Info: [peap] processing EAP-TLS
Mon Feb 23 19:54:36 2009 : Info: [peap] Received TLS ACK
Mon Feb 23 19:54:36 2009 : Info: [peap] ACK handshake fragment handler
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_verify returned 1
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_process returned 13
Mon Feb 23 19:54:36 2009 : Info: [peap] EAPTLS_HANDLED
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.1.1 port 1024
EAP-Message =
0x010403fc19400613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3110300e0603550403130743412d54455354301e170d3039303231383137323535375a170d3130303231383137323535375a307d310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e40
EAP-Message =
0x6578616d706c652e636f6d3110300e0603550403130743412d5445535430820122300d06092a864886f70d01010105000382010f003082010a0282010100e601c17d05a595ff001d632714145a4ebc1b9e41f5e7ffa1d5a878a8a415c7ada1282cad1277cac15e1eeef22cc30c2b48dfcca344c7f1a7b2d92baa9a0e79ff0f73a2b1d539cd235cb2a801b5655c0400ef14330a6f6c702d3e052dfd126999603c68928c19fdcd4fd7d60f4fccb05492bee932e8592ace25eb9560446229b50e4bec3abc5a24a61b8826f9085bb403e15a634d39888c1f15aec2f8f369c44993e7f0f71041749134587c3740b558f0b668060745aef0bed0d265dcc92445
EAP-Message =
0x15255e9f4d711eeb2670df7818bf5ffde02605043ac8e73a9a8b56d0861b7c3eef1c5eb86b347662f3fbfb4254cd35906aaa357261aad83cbf0b115a40d389ced90203010001a381e33081e0301d0603551d0e041604141417490c72ef489096b3dd86b9b4fd33bddfd6853081b00603551d230481a83081a580141417490c72ef489096b3dd86b9b4fd33bddfd685a18181a47f307d310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c65
EAP-Message =
0x2e636f6d3110300e0603550403130743412d54455354820900a7f0b1c64ee5a118300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100739ce0eb3de34d3b6cbaf053be480ad703475239dd577a6644a88c70f233c941fad8f0d6a4c241a0ddacab4e19e803e9d03bc4f47749ce24623b675ba8d38967c74c9a6f4999c5ca769d1147404cd27eabb1e35afafd3aede7acebdda837e7fb1ab899e883bed9c03e2de8c966cf4f0711db805b977ac0c0faf34ecdf09bbaa95353f86cb5f170df74574ef06e0ab4d13de630d513f8e40d2623f417840dcbc79f4abf612eceea4c28cfd52d2d7d5e580acb7bffae2724d5e648
EAP-Message = 0xd4e21d47096366c1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x598de2055b89fb8c81084201186af9a2
Mon Feb 23 19:54:36 2009 : Info: Finished request 2.
Mon Feb 23 19:54:36 2009 : Debug: Going to the next request
Mon Feb 23 19:54:36 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=4,
length=213
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "philippe"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0x598de2055b89fb8c81084201186af9a2
EAP-Message = 0x020400061900
Message-Authenticator = 0x94c921647968a3f4b3bad958de6a805f
Mon Feb 23 19:54:36 2009 : Info: +- entering group authorize {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP packet type response id 4 length
6
Mon Feb 23 19:54:36 2009 : Info: [eap] Continuing tunnel setup.
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns ok
Mon Feb 23 19:54:36 2009 : Info: Found Auth-Type = EAP
Mon Feb 23 19:54:36 2009 : Info: +- entering group authenticate {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] Request found, released from the list
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP/peap
Mon Feb 23 19:54:36 2009 : Info: [eap] processing type peap
Mon Feb 23 19:54:36 2009 : Info: [peap] processing EAP-TLS
Mon Feb 23 19:54:36 2009 : Info: [peap] Received TLS ACK
Mon Feb 23 19:54:36 2009 : Info: [peap] ACK handshake fragment handler
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_verify returned 1
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_process returned 13
Mon Feb 23 19:54:36 2009 : Info: [peap] EAPTLS_HANDLED
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.1.1 port 1024
EAP-Message =
0x0105004d1900629a96d33b5742be7208cb60dab2100e6478a4e6c191a4cb9329b6e82a527fcdd51865d7765f1e83e23b6f46b6020cd381652ca9ef5dbb4bfea31c35b11116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x598de2055a88fb8c81084201186af9a2
Mon Feb 23 19:54:36 2009 : Info: Finished request 3.
Mon Feb 23 19:54:36 2009 : Debug: Going to the next request
Mon Feb 23 19:54:36 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=5,
length=529
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "philippe"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0x598de2055a88fb8c81084201186af9a2
EAP-Message =
0x02050140198000000136160301010610000102010078d44043b4bef80387224a07aad07f9295166a85eebc8ab9e51f06e900ee4f40ad253c0de2b63aa3b1786601a234f61706c9920324c4319bd35498aeb804ab94caf7f7484a3e6306c5d3d4892eb70d2079e7811466a79a0466ac10d733d27c8066b6b2ccbd7458ef040bccc491a916638cf0472454b1fdd8c14c52ff62e76a9047807149263ba2640a448df697efdf26f8043fb30590d673c3c86c50fb1ff0e7e4bebac511b357e08b7608b236bfa57785db3167b773a2606dd1ede4a56920706b4a91401a750601d20fc78eb302f71668c3e22d9f16936db81a9bfb6f5c9d796d5d0773ff09ecc1
EAP-Message =
0x83924af5c0659134f511fc4305fb5f8310ce94de34308d0c140301000101160301002074d3074ee6a73b1ebe2fe01bae6b17fad0ae80131b1553c70bc15997be2de338
Message-Authenticator = 0xf00a0869d4a6e6977efd58631e93e4ac
Mon Feb 23 19:54:36 2009 : Info: +- entering group authorize {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP packet type response id 5 length
253
Mon Feb 23 19:54:36 2009 : Info: [eap] Continuing tunnel setup.
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns ok
Mon Feb 23 19:54:36 2009 : Info: Found Auth-Type = EAP
Mon Feb 23 19:54:36 2009 : Info: +- entering group authenticate {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] Request found, released from the list
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP/peap
Mon Feb 23 19:54:36 2009 : Info: [eap] processing type peap
Mon Feb 23 19:54:36 2009 : Info: [peap] processing EAP-TLS
Mon Feb 23 19:54:36 2009 : Debug: TLS Length 310
Mon Feb 23 19:54:36 2009 : Info: [peap] Length Included
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_verify returned 11
Mon Feb 23 19:54:36 2009 : Info: [peap] <<< TLS 1.0 Handshake [length 0106],
ClientKeyExchange
Mon Feb 23 19:54:36 2009 : Info: [peap] TLS_accept: SSLv3 read client
key exchange A
Mon Feb 23 19:54:36 2009 : Info: [peap] <<< TLS 1.0 ChangeCipherSpec [length
0001]
Mon Feb 23 19:54:36 2009 : Info: [peap] <<< TLS 1.0 Handshake [length 0010],
Finished
Mon Feb 23 19:54:36 2009 : Info: [peap] TLS_accept: SSLv3 read finished
A
Mon Feb 23 19:54:36 2009 : Info: [peap] >>> TLS 1.0 ChangeCipherSpec [length
0001]
Mon Feb 23 19:54:36 2009 : Info: [peap] TLS_accept: SSLv3 write change
cipher spec A
Mon Feb 23 19:54:36 2009 : Info: [peap] >>> TLS 1.0 Handshake [length 0010],
Finished
Mon Feb 23 19:54:36 2009 : Info: [peap] TLS_accept: SSLv3 write finished
A
Mon Feb 23 19:54:36 2009 : Info: [peap] TLS_accept: SSLv3 flush data
Mon Feb 23 19:54:36 2009 : Info: [peap] (other): SSL negotiation
finished successfully
Mon Feb 23 19:54:36 2009 : Debug: SSL Connection Established
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_process returned 13
Mon Feb 23 19:54:36 2009 : Info: [peap] EAPTLS_HANDLED
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.1.1 port 1024
EAP-Message =
0x010600311900140301000101160301002042d87f6cc698e9a304b3afc38455d521e685a17b09d4a535e7e91ca37d33ed59
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x598de2055d8bfb8c81084201186af9a2
Mon Feb 23 19:54:36 2009 : Info: Finished request 4.
Mon Feb 23 19:54:36 2009 : Debug: Going to the next request
Mon Feb 23 19:54:36 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=6,
length=213
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "philippe"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0x598de2055d8bfb8c81084201186af9a2
EAP-Message = 0x020600061900
Message-Authenticator = 0x1b303eebecd11e5b5356cd5ce2eccc61
Mon Feb 23 19:54:36 2009 : Info: +- entering group authorize {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP packet type response id 6 length
6
Mon Feb 23 19:54:36 2009 : Info: [eap] Continuing tunnel setup.
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns ok
Mon Feb 23 19:54:36 2009 : Info: Found Auth-Type = EAP
Mon Feb 23 19:54:36 2009 : Info: +- entering group authenticate {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] Request found, released from the list
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP/peap
Mon Feb 23 19:54:36 2009 : Info: [eap] processing type peap
Mon Feb 23 19:54:36 2009 : Info: [peap] processing EAP-TLS
Mon Feb 23 19:54:36 2009 : Info: [peap] Received TLS ACK
Mon Feb 23 19:54:36 2009 : Info: [peap] ACK handshake is finished
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_verify returned 3
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_process returned 3
Mon Feb 23 19:54:36 2009 : Info: [peap] EAPTLS_SUCCESS
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.1.1 port 1024
EAP-Message =
0x0107002019001703010015f6ac088074e3691cf7b4730b36cddcb0c1a51c295c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x598de2055c8afb8c81084201186af9a2
Mon Feb 23 19:54:36 2009 : Info: Finished request 5.
Mon Feb 23 19:54:36 2009 : Debug: Going to the next request
Mon Feb 23 19:54:36 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=7,
length=243
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "philippe"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0x598de2055c8afb8c81084201186af9a2
EAP-Message =
0x020700241900170301001919dee595976b369b4936a14757fa44060a16bb0aa65885b37b
Message-Authenticator = 0x62ed46a7901eab331f6da9ef23703334
Mon Feb 23 19:54:36 2009 : Info: +- entering group authorize {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP packet type response id 7 length
36
Mon Feb 23 19:54:36 2009 : Info: [eap] Continuing tunnel setup.
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns ok
Mon Feb 23 19:54:36 2009 : Info: Found Auth-Type = EAP
Mon Feb 23 19:54:36 2009 : Info: +- entering group authenticate {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] Request found, released from the list
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP/peap
Mon Feb 23 19:54:36 2009 : Info: [eap] processing type peap
Mon Feb 23 19:54:36 2009 : Info: [peap] processing EAP-TLS
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_verify returned 7
Mon Feb 23 19:54:36 2009 : Info: [peap] Done initial handshake
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_process returned 7
Mon Feb 23 19:54:36 2009 : Info: [peap] EAPTLS_OK
Mon Feb 23 19:54:36 2009 : Info: [peap] Session established. Decoding
tunneled attributes.
Mon Feb 23 19:54:36 2009 : Info: [peap] Identity - philippe
Mon Feb 23 19:54:36 2009 : Info: [peap] Got tunneled request
EAP-Message = 0x0207000d017068696c69707065
server {
Mon Feb 23 19:54:36 2009 : Debug: PEAP: Got tunneled identity of philippe
Mon Feb 23 19:54:36 2009 : Debug: PEAP: Setting default EAP type for
tunneled EAP session.
Mon Feb 23 19:54:36 2009 : Debug: PEAP: Setting User-Name to philippe
Sending tunneled request
EAP-Message = 0x0207000d017068696c69707065
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "philippe"
server inner-tunnel {
Mon Feb 23 19:54:36 2009 : Info: +- entering group authorize {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP packet type response id 7 length
13
Mon Feb 23 19:54:36 2009 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns updated
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: Entering ldap_groupcmp()
Mon Feb 23 19:54:36 2009 : Info: [files] expand: cn=Users,dc=test,dc=fr ->
cn=Users,dc=test,dc=fr
Mon Feb 23 19:54:36 2009 : Info: [files] expand:
(samaccountname=%{User-Name}) -> (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: performing search in
cn=Users,dc=test,dc=fr, with filter (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Mon Feb 23 19:54:36 2009 : Info: [files] expand:
(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
->
(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: performing search in
cn=Users,dc=test,dc=fr, with filter
(&(cn=Users)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap::ldap_groupcmp: Group Users not
found or user is not a member.
Mon Feb 23 19:54:36 2009 : Info: ++[files] returns noop
Mon Feb 23 19:54:36 2009 : Info: [ldap] performing user authorization for
philippe
Mon Feb 23 19:54:36 2009 : Info: [ldap] expand:
(samaccountname=%{User-Name}) -> (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Info: [ldap] expand: cn=Users,dc=test,dc=fr ->
cn=Users,dc=test,dc=fr
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: performing search in
cn=Users,dc=test,dc=fr, with filter (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Info: [ldap] looking for check items in
directory...
Mon Feb 23 19:54:36 2009 : Info: [ldap] looking for reply items in
directory...
Mon Feb 23 19:54:36 2009 : Debug: WARNING: No "known good" password was
found in LDAP. Are you sure that the user is configured correctly?
Mon Feb 23 19:54:36 2009 : Info: [ldap] user philippe authorized to use
remote access
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Mon Feb 23 19:54:36 2009 : Info: ++[ldap] returns ok
Mon Feb 23 19:54:36 2009 : Info: ++[expiration] returns noop
Mon Feb 23 19:54:36 2009 : Info: ++[logintime] returns noop
Mon Feb 23 19:54:36 2009 : Info: Found Auth-Type = EAP
Mon Feb 23 19:54:36 2009 : Info: +- entering group authenticate {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP Identity
Mon Feb 23 19:54:36 2009 : Info: [eap] processing type mschapv2
Mon Feb 23 19:54:36 2009 : Debug: rlm_eap_mschapv2: Issuing Challenge
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns handled
} # server inner-tunnel
Mon Feb 23 19:54:36 2009 : Info: [peap] Got tunneled reply code 11
EAP-Message =
0x010800221a0108001d106c2f1d8a7dad19c155d2779e6288d4ca7068696c69707065
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcc8f9539cc878f1431d23b7538d257f9
Mon Feb 23 19:54:36 2009 : Info: [peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010800221a0108001d106c2f1d8a7dad19c155d2779e6288d4ca7068696c69707065
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcc8f9539cc878f1431d23b7538d257f9
Mon Feb 23 19:54:36 2009 : Info: [peap] Got tunneled Access-Challenge
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.1.1 port 1024
EAP-Message =
0x010800391900170301002e3b1ca46d2e7c2aa86c1494a46d9c894a1fa2ac0353048dbd32470f71d74c126dbf37c8d9e576453cb204c6b29cfd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x598de2055f85fb8c81084201186af9a2
Mon Feb 23 19:54:36 2009 : Info: Finished request 6.
Mon Feb 23 19:54:36 2009 : Debug: Going to the next request
Mon Feb 23 19:54:36 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=8,
length=297
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "philippe"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0x598de2055f85fb8c81084201186af9a2
EAP-Message =
0x0208005a1900170301004f4987c64954b9ebb52949992c39a85dacaac56a6c019b44222f6d02d91fbe75ea8aba85229fd2d8fb4fe3e720774f9fa925d699fbb079cb79ff42b5b65654d94c12dae20d0bdf709d9b181cd6f139b4
Message-Authenticator = 0x3bf6b87d35b989fe7927dfd7178a10b7
Mon Feb 23 19:54:36 2009 : Info: +- entering group authorize {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP packet type response id 8 length
90
Mon Feb 23 19:54:36 2009 : Info: [eap] Continuing tunnel setup.
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns ok
Mon Feb 23 19:54:36 2009 : Info: Found Auth-Type = EAP
Mon Feb 23 19:54:36 2009 : Info: +- entering group authenticate {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] Request found, released from the list
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP/peap
Mon Feb 23 19:54:36 2009 : Info: [eap] processing type peap
Mon Feb 23 19:54:36 2009 : Info: [peap] processing EAP-TLS
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_verify returned 7
Mon Feb 23 19:54:36 2009 : Info: [peap] Done initial handshake
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_process returned 7
Mon Feb 23 19:54:36 2009 : Info: [peap] EAPTLS_OK
Mon Feb 23 19:54:36 2009 : Info: [peap] Session established. Decoding
tunneled attributes.
Mon Feb 23 19:54:36 2009 : Info: [peap] EAP type mschapv2
Mon Feb 23 19:54:36 2009 : Info: [peap] Got tunneled request
EAP-Message =
0x020800431a0208003e3178053061b072737c0b154ac3db96427d00000000000000009d17bd239971a8bc57765d2e89ef58e6faf140ff4000237f007068696c69707065
server {
Mon Feb 23 19:54:36 2009 : Debug: PEAP: Setting User-Name to philippe
Sending tunneled request
EAP-Message =
0x020800431a0208003e3178053061b072737c0b154ac3db96427d00000000000000009d17bd239971a8bc57765d2e89ef58e6faf140ff4000237f007068696c69707065
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "philippe"
State = 0xcc8f9539cc878f1431d23b7538d257f9
server inner-tunnel {
Mon Feb 23 19:54:36 2009 : Info: +- entering group authorize {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP packet type response id 8 length
67
Mon Feb 23 19:54:36 2009 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns updated
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: Entering ldap_groupcmp()
Mon Feb 23 19:54:36 2009 : Info: [files] expand: cn=Users,dc=test,dc=fr ->
cn=Users,dc=test,dc=fr
Mon Feb 23 19:54:36 2009 : Info: [files] expand:
(samaccountname=%{User-Name}) -> (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: performing search in
cn=Users,dc=test,dc=fr, with filter (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Mon Feb 23 19:54:36 2009 : Info: [files] expand:
(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
->
(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: performing search in
cn=Users,dc=test,dc=fr, with filter
(&(cn=Users)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap::ldap_groupcmp: Group Users not
found or user is not a member.
Mon Feb 23 19:54:36 2009 : Info: ++[files] returns noop
Mon Feb 23 19:54:36 2009 : Info: [ldap] performing user authorization for
philippe
Mon Feb 23 19:54:36 2009 : Info: [ldap] expand:
(samaccountname=%{User-Name}) -> (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Info: [ldap] expand: cn=Users,dc=test,dc=fr ->
cn=Users,dc=test,dc=fr
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: performing search in
cn=Users,dc=test,dc=fr, with filter (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Info: [ldap] looking for check items in
directory...
Mon Feb 23 19:54:36 2009 : Info: [ldap] looking for reply items in
directory...
Mon Feb 23 19:54:36 2009 : Debug: WARNING: No "known good" password was
found in LDAP. Are you sure that the user is configured correctly?
Mon Feb 23 19:54:36 2009 : Info: [ldap] user philippe authorized to use
remote access
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Mon Feb 23 19:54:36 2009 : Info: ++[ldap] returns ok
Mon Feb 23 19:54:36 2009 : Info: ++[expiration] returns noop
Mon Feb 23 19:54:36 2009 : Info: ++[logintime] returns noop
Mon Feb 23 19:54:36 2009 : Info: Found Auth-Type = EAP
Mon Feb 23 19:54:36 2009 : Info: +- entering group authenticate {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] Request found, released from the list
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP/mschapv2
Mon Feb 23 19:54:36 2009 : Info: [eap] processing type mschapv2
Mon Feb 23 19:54:36 2009 : Info: [mschapv2] +- entering group MS-CHAP {...}
Mon Feb 23 19:54:36 2009 : Info: [mschap] No Cleartext-Password configured.
Cannot create LM-Password.
Mon Feb 23 19:54:36 2009 : Info: [mschap] No Cleartext-Password configured.
Cannot create NT-Password.
Mon Feb 23 19:54:36 2009 : Info: [mschap] Told to do MS-CHAPv2 for philippe
with NT-Password
Mon Feb 23 19:54:36 2009 : Info: [mschap] expand:
--username=%{mschap:User-Name:-None} -> --username=philippe
Mon Feb 23 19:54:36 2009 : Info: [mschap] No NT-Domain was found in the
User-Name.
Mon Feb 23 19:54:36 2009 : Info: [mschap] expand:
--domain=%{mschap:NT-Domain:-TEST} -> --domain=TEST
Mon Feb 23 19:54:36 2009 : Info: [mschap] mschap2: 6c
Mon Feb 23 19:54:36 2009 : Info: [mschap] expand:
--challenge=%{mschap:Challenge:-00} -> --challenge=f9c69733cd96b8de
Mon Feb 23 19:54:36 2009 : Info: [mschap] expand:
--nt-response=%{mschap:NT-Response:-00} ->
--nt-response=9d17bd239971a8bc57765d2e89ef58e6faf140ff4000237f
Mon Feb 23 19:54:36 2009 : Debug: Exec-Program output: NT_KEY:
9B072779CB4039006F60BB6CBCE1D336
Mon Feb 23 19:54:36 2009 : Debug: Exec-Program-Wait: plaintext: NT_KEY:
9B072779CB4039006F60BB6CBCE1D336
Mon Feb 23 19:54:36 2009 : Debug: Exec-Program: returned: 0
Mon Feb 23 19:54:36 2009 : Info: [mschap] adding MS-CHAPv2 MPPE keys
Mon Feb 23 19:54:36 2009 : Info: ++[mschap] returns ok
Mon Feb 23 19:54:36 2009 : Debug: MSCHAP Success
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns handled
} # server inner-tunnel
Mon Feb 23 19:54:36 2009 : Info: [peap] Got tunneled reply code 11
EAP-Message =
0x010900331a0308002e533d38423938393430374143303344344138323430414437334645323539433246464436303739313044
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcc8f9539cd868f1431d23b7538d257f9
Mon Feb 23 19:54:36 2009 : Info: [peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010900331a0308002e533d38423938393430374143303344344138323430414437334645323539433246464436303739313044
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcc8f9539cd868f1431d23b7538d257f9
Mon Feb 23 19:54:36 2009 : Info: [peap] Got tunneled Access-Challenge
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 8 to 192.168.1.1 port 1024
EAP-Message =
0x0109004a1900170301003f7e76008398b93ac2160a39d83d9a3b38b1bcffe54ab05a816ba0c7a505fc69055b055fb3fd9d56d8e0369ee86d283e503512dad3783681d6941406d09580e8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x598de2055e84fb8c81084201186af9a2
Mon Feb 23 19:54:36 2009 : Info: Finished request 7.
Mon Feb 23 19:54:36 2009 : Debug: Going to the next request
Mon Feb 23 19:54:36 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=9,
length=236
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "philippe"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0x598de2055e84fb8c81084201186af9a2
EAP-Message = 0x0209001d19001703010012d7b438355021406eba427ac7131b5603b6ce
Message-Authenticator = 0xb7159ee1c43f37cd95deec203d5bca0b
Mon Feb 23 19:54:36 2009 : Info: +- entering group authorize {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP packet type response id 9 length
29
Mon Feb 23 19:54:36 2009 : Info: [eap] Continuing tunnel setup.
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns ok
Mon Feb 23 19:54:36 2009 : Info: Found Auth-Type = EAP
Mon Feb 23 19:54:36 2009 : Info: +- entering group authenticate {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] Request found, released from the list
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP/peap
Mon Feb 23 19:54:36 2009 : Info: [eap] processing type peap
Mon Feb 23 19:54:36 2009 : Info: [peap] processing EAP-TLS
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_verify returned 7
Mon Feb 23 19:54:36 2009 : Info: [peap] Done initial handshake
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_process returned 7
Mon Feb 23 19:54:36 2009 : Info: [peap] EAPTLS_OK
Mon Feb 23 19:54:36 2009 : Info: [peap] Session established. Decoding
tunneled attributes.
Mon Feb 23 19:54:36 2009 : Info: [peap] EAP type mschapv2
Mon Feb 23 19:54:36 2009 : Info: [peap] Got tunneled request
EAP-Message = 0x020900061a03
server {
Mon Feb 23 19:54:36 2009 : Debug: PEAP: Setting User-Name to philippe
Sending tunneled request
EAP-Message = 0x020900061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "philippe"
State = 0xcc8f9539cd868f1431d23b7538d257f9
server inner-tunnel {
Mon Feb 23 19:54:36 2009 : Info: +- entering group authorize {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP packet type response id 9 length
6
Mon Feb 23 19:54:36 2009 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns updated
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: Entering ldap_groupcmp()
Mon Feb 23 19:54:36 2009 : Info: [files] expand: cn=Users,dc=test,dc=fr ->
cn=Users,dc=test,dc=fr
Mon Feb 23 19:54:36 2009 : Info: [files] expand:
(samaccountname=%{User-Name}) -> (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: performing search in
cn=Users,dc=test,dc=fr, with filter (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Mon Feb 23 19:54:36 2009 : Info: [files] expand:
(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
->
(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: performing search in
cn=Users,dc=test,dc=fr, with filter
(&(cn=Users)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap::ldap_groupcmp: Group Users not
found or user is not a member.
Mon Feb 23 19:54:36 2009 : Info: ++[files] returns noop
Mon Feb 23 19:54:36 2009 : Info: [ldap] performing user authorization for
philippe
Mon Feb 23 19:54:36 2009 : Info: [ldap] expand:
(samaccountname=%{User-Name}) -> (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Info: [ldap] expand: cn=Users,dc=test,dc=fr ->
cn=Users,dc=test,dc=fr
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: performing search in
cn=Users,dc=test,dc=fr, with filter (samaccountname=philippe)
Mon Feb 23 19:54:36 2009 : Info: [ldap] looking for check items in
directory...
Mon Feb 23 19:54:36 2009 : Info: [ldap] looking for reply items in
directory...
Mon Feb 23 19:54:36 2009 : Debug: WARNING: No "known good" password was
found in LDAP. Are you sure that the user is configured correctly?
Mon Feb 23 19:54:36 2009 : Info: [ldap] user philippe authorized to use
remote access
Mon Feb 23 19:54:36 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Mon Feb 23 19:54:36 2009 : Info: ++[ldap] returns ok
Mon Feb 23 19:54:36 2009 : Info: ++[expiration] returns noop
Mon Feb 23 19:54:36 2009 : Info: ++[logintime] returns noop
Mon Feb 23 19:54:36 2009 : Info: Found Auth-Type = EAP
Mon Feb 23 19:54:36 2009 : Info: +- entering group authenticate {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] Request found, released from the list
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP/mschapv2
Mon Feb 23 19:54:36 2009 : Info: [eap] processing type mschapv2
Mon Feb 23 19:54:36 2009 : Info: [eap] Freeing handler
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns ok
} # server inner-tunnel
Mon Feb 23 19:54:36 2009 : Info: [peap] Got tunneled reply code 2
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "philippe"
Mon Feb 23 19:54:36 2009 : Info: [peap] Got tunneled reply RADIUS code 2
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "philippe"
Mon Feb 23 19:54:36 2009 : Info: [peap] Tunneled authentication was
successful.
Mon Feb 23 19:54:36 2009 : Info: [peap] SUCCESS
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 9 to 192.168.1.1 port 1024
EAP-Message =
0x010a00261900170301001b74b79485a82727f191c71978267b52248a7158e39b07849696667e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x598de2055187fb8c81084201186af9a2
Mon Feb 23 19:54:36 2009 : Info: Finished request 8.
Mon Feb 23 19:54:36 2009 : Debug: Going to the next request
Mon Feb 23 19:54:36 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=10,
length=245
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "philippe"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0x598de2055187fb8c81084201186af9a2
EAP-Message =
0x020a00261900170301001b8765ba709f97e5d2effbaf1630cd52e0c7636a60b4b8427d11decb
Message-Authenticator = 0x9766918422dcaa9764e67b6e5045f0b1
Mon Feb 23 19:54:36 2009 : Info: +- entering group authorize {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP packet type response id 10 length
38
Mon Feb 23 19:54:36 2009 : Info: [eap] Continuing tunnel setup.
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns ok
Mon Feb 23 19:54:36 2009 : Info: Found Auth-Type = EAP
Mon Feb 23 19:54:36 2009 : Info: +- entering group authenticate {...}
Mon Feb 23 19:54:36 2009 : Info: [eap] Request found, released from the list
Mon Feb 23 19:54:36 2009 : Info: [eap] EAP/peap
Mon Feb 23 19:54:36 2009 : Info: [eap] processing type peap
Mon Feb 23 19:54:36 2009 : Info: [peap] processing EAP-TLS
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_verify returned 7
Mon Feb 23 19:54:36 2009 : Info: [peap] Done initial handshake
Mon Feb 23 19:54:36 2009 : Info: [peap] eaptls_process returned 7
Mon Feb 23 19:54:36 2009 : Info: [peap] EAPTLS_OK
Mon Feb 23 19:54:36 2009 : Info: [peap] Session established. Decoding
tunneled attributes.
Mon Feb 23 19:54:36 2009 : Info: [peap] Received EAP-TLV response.
Mon Feb 23 19:54:36 2009 : Info: [peap] Success
Mon Feb 23 19:54:36 2009 : Info: [eap] Freeing handler
Mon Feb 23 19:54:36 2009 : Info: ++[eap] returns ok
Mon Feb 23 19:54:36 2009 : Info: +- entering group post-auth {...}
Mon Feb 23 19:54:36 2009 : Info: ++[exec] returns noop
Sending Access-Accept of id 10 to 192.168.1.1 port 1024
MS-MPPE-Recv-Key =
0x78ce1bb4c23a9a581c7330b748dd01fa0eafea50a43e1c75cb343505bb886920
MS-MPPE-Send-Key =
0xc5bfd0bfe248afe638b2a6ede7a11ceae958a5e43a68c961bb0559b234385274
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "philippe"
Mon Feb 23 19:54:36 2009 : Info: Finished request 9.
Mon Feb 23 19:54:36 2009 : Debug: Going to the next request
Mon Feb 23 19:54:36 2009 : Debug: Waking up in 4.9 seconds.
Mon Feb 23 19:54:41 2009 : Info: Cleaning up request 0 ID 1 with timestamp
+27
Mon Feb 23 19:54:41 2009 : Info: Cleaning up request 1 ID 2 with timestamp
+27
Mon Feb 23 19:54:41 2009 : Info: Cleaning up request 2 ID 3 with timestamp
+27
Mon Feb 23 19:54:41 2009 : Info: Cleaning up request 3 ID 4 with timestamp
+27
Mon Feb 23 19:54:41 2009 : Info: Cleaning up request 4 ID 5 with timestamp
+27
Mon Feb 23 19:54:41 2009 : Info: Cleaning up request 5 ID 6 with timestamp
+27
Mon Feb 23 19:54:41 2009 : Info: Cleaning up request 6 ID 7 with timestamp
+27
Mon Feb 23 19:54:41 2009 : Info: Cleaning up request 7 ID 8 with timestamp
+27
Mon Feb 23 19:54:41 2009 : Info: Cleaning up request 8 ID 9 with timestamp
+27
Mon Feb 23 19:54:41 2009 : Info: Cleaning up request 9 ID 10 with timestamp
+27
Mon Feb 23 19:54:41 2009 : Debug: Ready to process requests.
--
View this message in context: http://www.nabble.com/Checking-an-user-into-a-specific-OU-using-ldap-module-tp22178882p22178882.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list