autz-type according ldap server
cd
christophedeze at wanadoo.fr
Tue Feb 2 15:17:24 CET 2010
sorry .
in fact, the problem is the same with users auth.
ldap_admin return ok but I get DEFAULT Autz-Type := ldap_peda
> Message du 02/02/10 15:05
> De : "cd"
> A : freeradius-users at lists.freeradius.org
> Copie à :
> Objet : autz-type according ldap server
>
>
>
> I have a little problem
> but I think it's because autz-type is badly configured
> I have 2 ldaps (ldap_peda and ldap_admin)
> users account works fine on each servers
>
> but machine accounts work only on ldap_peda
>
> when a computer boot
> freeradius logs says
> +++[ldap_admin] returns ok
> [...]
> ++[ldap_peda] returns notfound
> (it s normal)
>
> but it says Sending Access-Accept with autz-type ldap_peda and not ldap_admin
>
> So machine is in the wrong vlan
>
> What do I miss ?
>
>
>
> my users file
> #### IT S FOR MACHINE ACCOUNT AUTH
> DEFAULT Autz-Type := ldap_peda
> Tunnel-Type=VLAN,
> Tunnel-Medium-Type=6,
> Tunnel-Private-Group-ID=20,
> Reply-Message="ok_hostpeda"
>
> DEFAULT Autz-Type := ldap_admin
> Tunnel-Type=VLAN,
> Tunnel-Medium-Type=6,
> Tunnel-Private-Group-ID=10,
> Reply-Message="ok_hostadmin"
>
>
> #### IT S FOR USERS ACCOUNT AUTH
> DEFAULT ldap_peda-Ldap-Group=="Eleves"
> Tunnel-Type=VLAN,
> Tunnel-Medium-Type=6,
> Tunnel-Private-Group-ID=20,
> Reply-Message="okeleves"
>
> DEFAULT ldap_peda-Ldap-Group=="professeurs"
> Tunnel-Type=VLAN,
> Tunnel-Medium-Type=6,
> Tunnel-Private-Group-ID=20,
> Reply-Message="okprofs"
>
> DEFAULT ldap_admin-Ldap-Group=="administratifs"
> Tunnel-Type=VLAN,
> Tunnel-Medium-Type=6,
> Tunnel-Private-Group-ID=10,
> Reply-Message="admin"
>
>
>
> FreeRADIUS Version 2.1.7, for host i486-pc-linux-gnu, built on Oct 5 2009 at 14:59:57
> Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
> Starting - reading configuration files ...
> including configuration file /etc/freeradius/radiusd.conf
> including configuration file /etc/freeradius/clients.conf
> including files in directory /etc/freeradius/modules/
> including configuration file /etc/freeradius/modules/preprocess
> including configuration file /etc/freeradius/modules/echo
> including configuration file /etc/freeradius/modules/ippool
> including configuration file /etc/freeradius/modules/ldap
> including configuration file /etc/freeradius/modules/passwd
> including configuration file /etc/freeradius/modules/pap
> including configuration file /etc/freeradius/modules/mac2vlan
> including configuration file /etc/freeradius/modules/logintime
> including configuration file /etc/freeradius/modules/acct_unique
> including configuration file /etc/freeradius/modules/krb5
> including configuration file /etc/freeradius/modules/detail.log
> including configuration file /etc/freeradius/modules/perl
> including configuration file /etc/freeradius/modules/mschap
> including configuration file /etc/freeradius/modules/sql_log
> including configuration file /etc/freeradius/modules/unix
> including configuration file /etc/freeradius/modules/counter
> including configuration file /etc/freeradius/modules/expiration
> including configuration file /etc/freeradius/modules/files
> including configuration file /etc/freeradius/modules/attr_rewrite
> including configuration file /etc/freeradius/modules/inner-eap
> including configuration file /etc/freeradius/modules/chap
> including configuration file /etc/freeradius/modules/exec
> including configuration file /etc/freeradius/modules/always
> including configuration file /etc/freeradius/modules/realm
> including configuration file /etc/freeradius/modules/expr
> including configuration file /etc/freeradius/modules/detail
> including configuration file /etc/freeradius/modules/checkval
> including configuration file /etc/freeradius/modules/digest
> including configuration file /etc/freeradius/modules/radutmp
> including configuration file /etc/freeradius/modules/smsotp
> including configuration file /etc/freeradius/modules/cui
> including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
> including configuration file /etc/freeradius/modules/policy
> including configuration file /etc/freeradius/modules/etc_group
> including configuration file /etc/freeradius/modules/wimax
> including configuration file /etc/freeradius/modules/sradutmp
> including configuration file /etc/freeradius/modules/attr_filter
> including configuration file /etc/freeradius/modules/smbpasswd
> including configuration file /etc/freeradius/modules/otp
> including configuration file /etc/freeradius/modules/detail.example.com
> including configuration file /etc/freeradius/modules/linelog
> including configuration file /etc/freeradius/modules/mac2ip
> including configuration file /etc/freeradius/modules/pam
> including configuration file /etc/freeradius/eap.conf
> including configuration file /etc/freeradius/policy.conf
> including files in directory /etc/freeradius/sites-enabled/
> including configuration file /etc/freeradius/sites-enabled/inner-tunnel
> including configuration file /etc/freeradius/sites-enabled/default
> including configuration file /etc/freeradius/sites-enabled/control-socket
> group = freerad
> user = freerad
> including dictionary file /etc/freeradius/dictionary
> main {
> prefix = "/usr"
> localstatedir = "/var"
> logdir = "/var/log/freeradius"
> libdir = "/usr/lib/freeradius"
> radacctdir = "/var/log/freeradius/radacct"
> hostname_lookups = no
> max_request_time = 30
> cleanup_delay = 5
> max_requests = 1024
> allow_core_dumps = no
> pidfile = "/var/run/freeradius/freeradius.pid"
> checkrad = "/usr/sbin/checkrad"
> debug_level = 0
> proxy_requests = no
> log {
> stripped_names = no
> auth = no
> auth_badpass = no
> auth_goodpass = no
> }
> security {
> max_attributes = 200
> reject_delay = 1
> status_server = yes
> }
> }
> radiusd: #### Loading Realms and Home Servers ####
> radiusd: #### Loading Clients ####
> client localhost {
> ipaddr = 127.0.0.1
> require_message_authenticator = no
> secret = "testing123"
> nastype = "other"
> virtual_server = "inner-tunnel"
> }
> client 192.168.10.254 {
> require_message_authenticator = no
> secret = "momo"
> shortname = "Nortel"
> nastype = "other"
> virtual_server = "inner-tunnel"
> }
> radiusd: #### Instantiating modules ####
> instantiate {
> Module: Linked to module rlm_exec
> Module: Instantiating exec
> exec {
> wait = no
> input_pairs = "request"
> shell_escape = yes
> }
> Module: Linked to module rlm_expr
> Module: Instantiating expr
> Module: Linked to module rlm_expiration
> Module: Instantiating expiration
> expiration {
> reply-message = "Password Has Expired "
> }
> Module: Linked to module rlm_logintime
> Module: Instantiating logintime
> logintime {
> reply-message = "You are calling outside your allowed timespan "
> minimum-timeout = 60
> }
> }
> radiusd: #### Loading Virtual Servers ####
> server inner-tunnel {
> modules {
> Module: Checking authenticate {...} for more modules to load
> Module: Linked to module rlm_pap
> Module: Instantiating pap
> pap {
> encryption_scheme = "auto"
> auto_header = no
> }
> Module: Linked to module rlm_chap
> Module: Instantiating chap
> Module: Linked to module rlm_mschap
> Module: Instantiating mschap
> mschap {
> use_mppe = yes
> require_encryption = no
> require_strong = no
> with_ntdomain_hack = yes
> }
> Module: Linked to module rlm_ldap
> Module: Instantiating ldap_admin
> ldap ldap_admin {
> server = "192.168.10.2"
> port = 389
> password = ""
> identity = ""
> net_timeout = 1
> timeout = 4
> timelimit = 3
> tls_mode = no
> start_tls = no
> tls_require_cert = "allow"
> tls {
> start_tls = no
> require_cert = "allow"
> }
> basedn = "o=gouv,c=fr"
> filter = "(uid=%{mschap:User-Name})"
> base_filter = "(objectclass=radiusprofile)"
> password_attribute = "user-Password"
> auto_header = no
> access_attr = "uid"
> access_attr_used_for_allow = yes
> groupname_attribute = "cn"
> groupmembership_filter = "(&(objectClass=posixGroup)(memberUid=%{mschap:User-Name}))"
> dictionary_mapping = "/etc/freeradius/ldap.attrmap"
> ldap_debug = 0
> ldap_connections_number = 15
> compare_check_items = no
> do_xlat = yes
> edir_account_policy_check = no
> set_auth_type = yes
> }
> rlm_ldap: Registering ldap_groupcmp for Ldap-Group
> rlm_ldap: Creating new attribute ldap_admin-Ldap-Group
> rlm_ldap: Registering ldap_groupcmp for ldap_admin-Ldap-Group
> rlm_ldap: Registering ldap_xlat with xlat_name ldap_admin
> rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
> rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
> rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
> rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password
> rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
> rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
> rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
> rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
> rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
> rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
> rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
> rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
> rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
> rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
> rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
> rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
> rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
> rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
> rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
> rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
> rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
> rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
> rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
> rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
> rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
> rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
> rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
> rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
> rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
> rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
> rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
> rlm_ldap: LDAP radiusClass mapped to RADIUS Class
> rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
> rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
> rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
> rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
> rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
> rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
> rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
> rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
> rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
> rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
> rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
> rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
> conns: 0x8176838
> Module: Instantiating ldap_peda
> ldap ldap_peda {
> server = "192.168.20.2"
> port = 389
> password = ""
> identity = ""
> net_timeout = 1
> timeout = 4
> timelimit = 3
> tls_mode = no
> start_tls = no
> tls_require_cert = "allow"
> tls {
> start_tls = no
> require_cert = "allow"
> }
> basedn = "o=gouv,c=fr"
> filter = "(uid=%{mschap:User-Name})"
> base_filter = "(objectclass=radiusprofile)"
> password_attribute = "user-Password"
> auto_header = no
> access_attr = "uid"
> access_attr_used_for_allow = yes
> groupname_attribute = "cn"
> groupmembership_filter = "(&(objectClass=posixGroup)(memberUid=%{mschap:User-Name}))"
> dictionary_mapping = "/etc/freeradius/ldap.attrmap"
> ldap_debug = 0
> ldap_connections_number = 15
> compare_check_items = no
> do_xlat = yes
> edir_account_policy_check = no
> set_auth_type = yes
> }
> rlm_ldap: Registering ldap_groupcmp for Ldap-Group
> rlm_ldap: Creating new attribute ldap_peda-Ldap-Group
> rlm_ldap: Registering ldap_groupcmp for ldap_peda-Ldap-Group
> rlm_ldap: Registering ldap_xlat with xlat_name ldap_peda
> rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
> rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
> rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
> rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password
> rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
> rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
> rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
> rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
> rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
> rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
> rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
> rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
> rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
> rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
> rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
> rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
> rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
> rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
> rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
> rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
> rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
> rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
> rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
> rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
> rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
> rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
> rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
> rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
> rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
> rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
> rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
> rlm_ldap: LDAP radiusClass mapped to RADIUS Class
> rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
> rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
> rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
> rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
> rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
> rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
> rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
> rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
> rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
> rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
> rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
> rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
> conns: 0x8177e58
> Module: Linked to module rlm_eap
> Module: Instantiating eap
> eap {
> default_eap_type = "mschapv2"
> timer_expire = 60
> ignore_unknown_eap_types = yes
> cisco_accounting_username_bug = no
> max_sessions = 2048
> }
> Module: Linked to sub-module rlm_eap_md5
> Module: Instantiating eap-md5
> Module: Linked to sub-module rlm_eap_leap
> Module: Instantiating eap-leap
> Module: Linked to sub-module rlm_eap_gtc
> Module: Instantiating eap-gtc
> gtc {
> challenge = "Password: "
> auth_type = "PAP"
> }
> Module: Linked to sub-module rlm_eap_tls
> Module: Instantiating eap-tls
> tls {
> rsa_key_exchange = no
> dh_key_exchange = yes
> rsa_key_length = 512
> dh_key_length = 512
> verify_depth = 0
> pem_file_type = yes
> private_key_file = "/etc/ssl/certs/eole.key"
> certificate_file = "/etc/ssl/certs/eole.crt"
> CA_file = "/etc/ssl/certs/ca.crt"
> dh_file = "/etc/ssl/dh"
> random_file = "/dev/random"
> fragment_size = 1024
> include_length = yes
> check_crl = no
> cipher_list = "DEFAULT"
> cache {
> enable = no
> lifetime = 24
> max_entries = 255
> }
> }
> Module: Linked to sub-module rlm_eap_ttls
> Module: Instantiating eap-ttls
> ttls {
> default_eap_type = "mschapv2"
> copy_request_to_tunnel = yes
> use_tunneled_reply = yes
> virtual_server = "inner-tunnel"
> include_length = yes
> }
> Module: Linked to sub-module rlm_eap_peap
> Module: Instantiating eap-peap
> peap {
> default_eap_type = "mschapv2"
> copy_request_to_tunnel = yes
> use_tunneled_reply = yes
> proxy_tunneled_request_as_eap = yes
> virtual_server = "inner-tunnel"
> }
> Module: Linked to sub-module rlm_eap_mschapv2
> Module: Instantiating eap-mschapv2
> mschapv2 {
> with_ntdomain_hack = no
> }
> Module: Checking authorize {...} for more modules to load
> Module: Linked to module rlm_files
> Module: Instantiating files
> files {
> usersfile = "/etc/freeradius/users"
> acctusersfile = "/etc/freeradius/acct_users"
> preproxy_usersfile = "/etc/freeradius/preproxy_users"
> compat = "no"
> }
> Module: Checking session {...} for more modules to load
> Module: Linked to module rlm_radutmp
> Module: Instantiating radutmp
> radutmp {
> filename = "/var/log/freeradius/radutmp"
> username = "%{User-Name}"
> case_sensitive = yes
> check_with_nas = yes
> perm = 384
> callerid = yes
> }
> Module: Checking post-proxy {...} for more modules to load
> Module: Checking post-auth {...} for more modules to load
> Module: Linked to module rlm_attr_filter
> Module: Instantiating attr_filter.access_reject
> attr_filter attr_filter.access_reject {
> attrsfile = "/etc/freeradius/attrs.access_reject"
> key = "%{User-Name}"
> }
> } # modules
> } # server
> server {
> modules {
> } # modules
> } # server
> radiusd: #### Opening IP addresses and Ports ####
> listen {
> type = "auth"
> ipaddr = *
> port = 0
> }
> Listening on authentication address * port 1812
> Ready to process requests.
> rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=239, length=122
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> Message-Authenticator = 0xf9beb36136492c7928eb9131e2fb21ca
> NAS-Port = 10
> Framed-MTU = 1490
> User-Name = "host/pc-admin"
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> EAP-Message = 0x020b001201686f73742f70632d61646d696e
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 11 length 18
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to 192.168.20.2:389, authentication 0
> rlm_ldap: bind as / to 192.168.20.2:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to 192.168.10.2:389, authentication 0
> rlm_ldap: bind as / to 192.168.10.2:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type mschapv2
> rlm_eap_mschapv2: Issuing Challenge
> ++[eap] returns handled
> } # server inner-tunnel
> Sending Access-Challenge of id 239 to 192.168.10.254 port 1024
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x010c00271a010c002210d92b9fd31dccad929fdb3f2ca05a6646686f73742f70632d61646d696e
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5af34ee25aff54b96dea318012fe73d9
> Finished request 0.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=240, length=128
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> Message-Authenticator = 0x21826287328e18d53b013ad8b9b196f1
> NAS-Port = 10
> Framed-MTU = 1490
> User-Name = "host/pc-admin"
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> State = 0x5af34ee25aff54b96dea318012fe73d9
> EAP-Message = 0x020c00060319
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 12 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP NAK
> [eap] EAP-NAK asked for EAP-Type/peap
> [eap] processing type tls
> [tls] Initiate
> [tls] Start returned 1
> ++[eap] returns handled
> } # server inner-tunnel
> Sending Access-Challenge of id 240 to 192.168.10.254 port 1024
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x010d00061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5af34ee25bfe57b96dea318012fe73d9
> Finished request 1.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=241, length=202
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> Message-Authenticator = 0x6939b9798b27d12e96581c83e621324d
> NAS-Port = 10
> Framed-MTU = 1490
> User-Name = "host/pc-admin"
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> State = 0x5af34ee25bfe57b96dea318012fe73d9
> EAP-Message = 0x020d005019800000004616030100410100003d03014b6829d4ba7efe234d701d03c5952b9eb8ead51c8105eb946369aacc24e8430000001600040005000a000900640062000300060013001200630100
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 13 length 80
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> TLS Length 70
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] (other): before/accept initialization
> [peap] TLS_accept: before/accept initialization
> [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
> [peap] TLS_accept: SSLv3 read client hello A
> [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
> [peap] TLS_accept: SSLv3 write server hello A
> [peap] >>> TLS 1.0 Handshake [length 0914], Certificate
> [peap] TLS_accept: SSLv3 write certificate A
> [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> [peap] TLS_accept: SSLv3 write server done A
> [peap] TLS_accept: SSLv3 flush data
> [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> } # server inner-tunnel
> Sending Access-Challenge of id 241 to 192.168.10.254 port 1024
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x010e040019c000000951160301002a0200002603014b68298c6d7075b0b54fb873ef9fa975135522b70e535ab172d2d7a99533d73e0000040016030109140b00091000090d0004af308204ab30820393a003020102020120300d06092a864886f70d0101050500307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e301e170d3130303130343135303632365a170d31333031303431
> EAP-Message = 0x35303632365a30818d310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573312630240603550403131d70662d616d6f6e2e30373231353732542e61632d6e616e7465732e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100e4bed7c951596527195184c10821f2095377a90e673796557a48c155e02114854d78ef0a554f4508f9b65fabbbe13c41f336035031036c0406d1cfa48959aa70e6bbe935fa99
> EAP-Message = 0x376c3784bbadd7617ab8ce3379b7b067a632c25ccbe005fcfc04e88fe73f53256aa16ee313b08ad0db3e843ab8c459e476f2e5d85779ccab883841a4b410efafa984bb03f2ae66f9bbdccc438edbf28b9ae2d2bfb99c72e37b6e9f43efec87f622bd64f50f281c42738a4d534b0588436d7bc05e2ebfd286f9f5202ca4ebd88d0b483f513f601ef41c0372e57e025264814e7c26d5cd550c14ceca6f04267766408a69cd9774a86d377dc39319419639f0ae531f64e65077ee310203010001a382012630820122300c0603551d130101ff04023000301d0603551d0e04160414d9d4f8e696b1018db9607d864c473313ecd52e533081ac0603551d2304
> EAP-Message = 0x81a43081a18014323a4970ba53cf9fff2b2ce5436dd64e036b4cf7a17ea47c307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e820900f600a779ca4a31f2300b0603551d0f0404030205a0301106096086480186f8420101040403020640302406096086480186f842010d04171615436572746966696361742073656c66207369676e65300d06092a864886f70d01010505000382
> EAP-Message = 0x010100738b52410508dfb265
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5af34ee258fd57b96dea318012fe73d9
> Finished request 2.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=242, length=128
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> Message-Authenticator = 0xfb36b01671119b3c8b0224e2688bb6e0
> NAS-Port = 10
> Framed-MTU = 1490
> User-Name = "host/pc-admin"
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> State = 0x5af34ee258fd57b96dea318012fe73d9
> EAP-Message = 0x020e00061900
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 14 length 6
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] Received TLS ACK
> [peap] ACK handshake fragment handler
> [peap] eaptls_verify returned 1
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> } # server inner-tunnel
> Sending Access-Challenge of id 242 to 192.168.10.254 port 1024
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x010f03fc19401182ca5390bea1fe88313c924d092dbd0cb475424af8c336fe26053d412f47c50fe19c560b380240cd0ffc099b2d1389efe8138320b9c39ff976bb256aa135220112ce2dcbda12a62d121874632f586a639ab589de66aab22d0c8be6b3038ef720750df0fc4a49d65fd28ac02cf66774b954084b383d2be00517d663023aee762e237709c22dfad7be540c986d88fb9e0cd1d07723dc5a1b86bac13bfc40ce7d6b640ab880491b96a5069e353e781586f8a1ed77c86e94b7eadb0ed3319ae20ace6a378133a7022b2080796dd1c122ac1f4a5c2e7257cdbff34956e38db82ab83ce720e860c087888c09c792fb0cd761cc6bf95f8d82ae
> EAP-Message = 0x000458308204543082033ca003020102020900f600a779ca4a31f2300d06092a864886f70d0101050500307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e301e170d3130303130343135303632365a170d3133303130343135303632365a307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c65
> EAP-Message = 0x20284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e30820122300d06092a864886f70d01010105000382010f003082010a0282010100c98d21324f37ff11d786d7c35d535d59aae2514ae1b9d0647cde3fb9f700505a1d945695c686888f85f5b36c083bee7d99d29dab7444ce49efa4a9802fa14565b1778f676baf779694fe8167ea4e3cf7cd350219e755c5389f981290b31d0414e7967d7f05b92bfbd52f188754f8a47e193638cf68927ca3c8bc307c860f3ef36b39bd3d10117cbe53837e3c60390357cb55a73c6f4b44
> EAP-Message = 0x8ea1a5c9b451094d5c02f5e2e482071c7950df080d1f3644f47d9a7aefd6958e5eb5ebf2f93bdf1d65901ea2a3b9b110d16b808ef34a7c3374bb7263d077f063734d63b186b29928e17ef698ed7e4b2841387fc844cb07cc7eb4fd39de3ebc8e4fe0cf2eca4d1b93510203010001a381dc3081d930090603551d1304023000301d0603551d0e04160414323a4970ba53cf9fff2b2ce5436dd64e036b4cf73081ac0603551d230481a43081a18014323a4970ba53cf9fff2b2ce5436dd64e036b4cf7a17ea47c307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c65
> EAP-Message = 0x20284d454e455352
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5af34ee259fc57b96dea318012fe73d9
> Finished request 3.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=243, length=128
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> Message-Authenticator = 0xd8c323cc1c5dca53fdc26144184a55df
> NAS-Port = 10
> Framed-MTU = 1490
> User-Name = "host/pc-admin"
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> State = 0x5af34ee259fc57b96dea318012fe73d9
> EAP-Message = 0x020f00061900
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 15 length 6
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] Received TLS ACK
> [peap] ACK handshake fragment handler
> [peap] eaptls_verify returned 1
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> } # server inner-tunnel
> Sending Access-Challenge of id 243 to 192.168.10.254 port 1024
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x0110016b1900293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e820900f600a779ca4a31f2300d06092a864886f70d0101050500038201010042fb00de5ab000702d477a4af2d066894ac9481a89afd607a8e4f870038ca1f2e4c2ccba76f8c8db937ccc0c1607694dc7316a32ac04f88035c99b3802c40e6af4381339b21229c22e4bab13c4c0d12039f5030c932283e00dd5855df9a1c8172e257e3a41ad6928431aeb93813578cf9208816cd75e3306b3a31e175f3f6fe054317296231e4d53ca9fd6879b03330265e555633dd78100c55681
> EAP-Message = 0xdc1181d3cf04302e58287bbf7cbbd102ddceeb821787e736217180fd90a1f0690e40338cfa058c84dae4404611e2a04aebf9a5f09c28f3bba02bc2663707c320ff8f40f9b3f6455f1a683d5c2e9b67a4cdf327665ebcd7e24afd894e826f76f5125763470e16030100040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5af34ee25ee357b96dea318012fe73d9
> Finished request 4.
> Going to the next request
> Waking up in 4.8 seconds.
> rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=244, length=444
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> Message-Authenticator = 0x9d064c122b5956c73615d6349ffcd178
> NAS-Port = 10
> Framed-MTU = 1490
> User-Name = "host/pc-admin"
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> State = 0x5af34ee25ee357b96dea318012fe73d9
> EAP-Message = 0x02100140198000000136160301010610000102010099e22fbe4a05d936accfcc683fd55f8b40700b04e65e3b78c86f9117140b263c154c7e549b412e66757099dcbb13dfb218779e04be85a67c741dddf6330b8873c677c47b0afbe278d88c68cfa0943459b196f5e12e02ed21271f9dbaa3289de2ce776cf3da2e30eea71308f185b2e7d4dbdd2ed4fc59316384ed6fa408dc96ec0a212a99cd89692a92b12717206fb0a3a0e8b9c70106f6840256733976809d3edb569081ba70d4bcaf6f65d6784eb7d457297c263f549c34f7f8db3f55eae388f086290d5bde0840af663c86a181464e1cc22b035e1434614f23ed4fc54ac3e39a404a2c71b3f0d3
> EAP-Message = 0x22a99e4af56b9ca63a6dab50062bb096e513852043326d0a14030100010116030100204948fe1d6f1b3ecde1765601ef11cfd1936905e4f4948312a68781a0739e2666
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 16 length 253
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> TLS Length 310
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
> [peap] TLS_accept: SSLv3 read client key exchange A
> [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
> [peap] <<< TLS 1.0 Handshake [length 0010], Finished
> [peap] TLS_accept: SSLv3 read finished A
> [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
> [peap] TLS_accept: SSLv3 write change cipher spec A
> [peap] >>> TLS 1.0 Handshake [length 0010], Finished
> [peap] TLS_accept: SSLv3 write finished A
> [peap] TLS_accept: SSLv3 flush data
> [peap] (other): SSL negotiation finished successfully
> SSL Connection Established
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> } # server inner-tunnel
> Sending Access-Challenge of id 244 to 192.168.10.254 port 1024
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x01110031190014030100010116030100203700812b24e375749201076da0bd9b4c462587b2d818f14a726c9beb33feeb45
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5af34ee25fe257b96dea318012fe73d9
> Finished request 5.
> Going to the next request
> Waking up in 4.8 seconds.
> rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=245, length=128
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> Message-Authenticator = 0xb9d8ae0e08e37f9d172f8e0eda4b780c
> NAS-Port = 10
> Framed-MTU = 1490
> User-Name = "host/pc-admin"
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> State = 0x5af34ee25fe257b96dea318012fe73d9
> EAP-Message = 0x021100061900
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 17 length 6
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] Received TLS ACK
> [peap] ACK handshake is finished
> [peap] eaptls_verify returned 3
> [peap] eaptls_process returned 3
> [peap] EAPTLS_SUCCESS
> ++[eap] returns handled
> } # server inner-tunnel
> Sending Access-Challenge of id 245 to 192.168.10.254 port 1024
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x0112002019001703010015b30cb528421556a6b7595ed3761ee6c1aaebee96dc
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5af34ee25ce157b96dea318012fe73d9
> Finished request 6.
> Going to the next request
> Waking up in 4.7 seconds.
> rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=246, length=163
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> Message-Authenticator = 0xfe515d2dd1c0562720460ac87f8684ae
> NAS-Port = 10
> Framed-MTU = 1490
> User-Name = "host/pc-admin"
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> State = 0x5af34ee25ce157b96dea318012fe73d9
> EAP-Message = 0x021200291900170301001e8f577a77f3936128a808f14d17c3fb56dd053088ce04a8319e069b68bc4e
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 18 length 41
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] eaptls_verify returned 7
> [peap] Done initial handshake
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established. Decoding tunneled attributes.
> [peap] Identity - host/pc-admin
> [peap] Got tunneled request
> EAP-Message = 0x0212001201686f73742f70632d61646d696e
> server inner-tunnel {
> PEAP: Got tunneled identity of host/pc-admin
> PEAP: Setting default EAP type for tunneled EAP session.
> PEAP: Setting User-Name to host/pc-admin
> Sending tunneled request
> EAP-Message = 0x0212001201686f73742f70632d61646d696e
> FreeRADIUS-Proxied-To = 127.0.0.1
> User-Name = "host/pc-admin"
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> NAS-Port = 10
> Framed-MTU = 1490
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 18 length 18
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type mschapv2
> rlm_eap_mschapv2: Issuing Challenge
> ++[eap] returns handled
> } # server inner-tunnel
> [peap] Got tunneled reply code 11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x011300271a01130022103abcb825a9f3a4a3ef8a850d3573308d686f73742f70632d61646d696e
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5fb3bf1f5fa0a5401b55155387e6016c
> [peap] Got tunneled reply RADIUS code 11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x011300271a01130022103abcb825a9f3a4a3ef8a850d3573308d686f73742f70632d61646d696e
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5fb3bf1f5fa0a5401b55155387e6016c
> [peap] Got tunneled Access-Challenge
> ++[eap] returns handled
> } # server inner-tunnel
> Sending Access-Challenge of id 246 to 192.168.10.254 port 1024
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x0113003e190017030100337504bfcfdd2686dec869ab4dc942775c76ad373a4014d7994c954b743803351ee1570e54043d7b3a6432bf116c45b3e40b9ce9
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5af34ee25de057b96dea318012fe73d9
> Finished request 7.
> Going to the next request
> Waking up in 4.7 seconds.
> rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=247, length=217
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> Message-Authenticator = 0x34be6f17afd410895671a689cdaa2ace
> NAS-Port = 10
> Framed-MTU = 1490
> User-Name = "host/pc-admin"
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> State = 0x5af34ee25de057b96dea318012fe73d9
> EAP-Message = 0x0213005f19001703010054d9a59f27d7f3fd8667cf9248bddcc6d8335f836aacc87e5567c1c17962874c425a7e3b8a0e137606a9f01fec1c5f6381f4382d502c02eb469d8a2a73513c55f2ab6a1834e641162955910e9fd80293782b4fc76b
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 19 length 95
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] eaptls_verify returned 7
> [peap] Done initial handshake
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established. Decoding tunneled attributes.
> [peap] EAP type mschapv2
> [peap] Got tunneled request
> EAP-Message = 0x021300481a021300433186b47cb64903955b806163bb51c35db8000000000000000041a2daf3776d80fcf8208f4fe0e697184864cb49983d513800686f73742f70632d61646d696e
> server inner-tunnel {
> PEAP: Setting User-Name to host/pc-admin
> Sending tunneled request
> EAP-Message = 0x021300481a021300433186b47cb64903955b806163bb51c35db8000000000000000041a2daf3776d80fcf8208f4fe0e697184864cb49983d513800686f73742f70632d61646d696e
> FreeRADIUS-Proxied-To = 127.0.0.1
> User-Name = "host/pc-admin"
> State = 0x5fb3bf1f5fa0a5401b55155387e6016c
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> NAS-Port = 10
> Framed-MTU = 1490
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 19 length 72
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/mschapv2
> [eap] processing type mschapv2
> [mschapv2] +- entering group MS-CHAP {...}
> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
> [mschap] Found NT-Password
> [mschap] Told to do MS-CHAPv2 for host/pc-admin with NT-Password
> [mschap] adding MS-CHAPv2 MPPE keys
> ++[mschap] returns ok
> MSCHAP Success
> ++[eap] returns handled
> } # server inner-tunnel
> [peap] Got tunneled reply code 11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x011400331a0313002e533d30453146453344413437333434303035434445323936383045394344354246303233344539384235
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5fb3bf1f5ea7a5401b55155387e6016c
> [peap] Got tunneled reply RADIUS code 11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x011400331a0313002e533d30453146453344413437333434303035434445323936383045394344354246303233344539384235
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5fb3bf1f5ea7a5401b55155387e6016c
> [peap] Got tunneled Access-Challenge
> ++[eap] returns handled
> } # server inner-tunnel
> Sending Access-Challenge of id 247 to 192.168.10.254 port 1024
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x0114004a1900170301003fcaee9ba310faf92efca265d1525ab6435017cd256d841401359551ef19eb8dab39eaa87f35a8c2e079554a0291898d709de59a87219a6217fbd3e57f456337
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5af34ee252e757b96dea318012fe73d9
> Finished request 8.
> Going to the next request
> Waking up in 4.7 seconds.
> rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=248, length=151
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> Message-Authenticator = 0xd0a4155dd2819c7764b212492c148338
> NAS-Port = 10
> Framed-MTU = 1490
> User-Name = "host/pc-admin"
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> State = 0x5af34ee252e757b96dea318012fe73d9
> EAP-Message = 0x0214001d19001703010012207c339d428fdb827f4aef0d36ae8ae833ad
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 20 length 29
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] eaptls_verify returned 7
> [peap] Done initial handshake
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established. Decoding tunneled attributes.
> [peap] EAP type mschapv2
> [peap] Got tunneled request
> EAP-Message = 0x021400061a03
> server inner-tunnel {
> PEAP: Setting User-Name to host/pc-admin
> Sending tunneled request
> EAP-Message = 0x021400061a03
> FreeRADIUS-Proxied-To = 127.0.0.1
> User-Name = "host/pc-admin"
> State = 0x5fb3bf1f5ea7a5401b55155387e6016c
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> NAS-Port = 10
> Framed-MTU = 1490
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 20 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/mschapv2
> [eap] processing type mschapv2
> [eap] Freeing handler
> ++[eap] returns ok
> WARNING: Empty section. Using default return values.
> } # server inner-tunnel
> [peap] Got tunneled reply code 2
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x03140004
> Message-Authenticator = 0x00000000000000000000000000000000
> User-Name = "host/pc-admin"
> [peap] Got tunneled reply RADIUS code 2
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x03140004
> Message-Authenticator = 0x00000000000000000000000000000000
> User-Name = "host/pc-admin"
> [peap] Tunneled authentication was successful.
> [peap] SUCCESS
> [peap] Saving tunneled attributes for later
> ++[eap] returns handled
> } # server inner-tunnel
> Sending Access-Challenge of id 248 to 192.168.10.254 port 1024
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> EAP-Message = 0x011500261900170301001bf941565a3183097d130c6f900ea8d2b7449ccb3bdcccf59f96527b
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x5af34ee253e657b96dea318012fe73d9
> Finished request 9.
> Going to the next request
> Waking up in 4.7 seconds.
> rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=249, length=160
> NAS-IP-Address = 10.172.253.110
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> Message-Authenticator = 0x50f80e51813b38b0aa944eba89d37efa
> NAS-Port = 10
> Framed-MTU = 1490
> User-Name = "host/pc-admin"
> Calling-Station-Id = "00-0C-29-F7-CC-A0"
> State = 0x5af34ee253e657b96dea318012fe73d9
> EAP-Message = 0x021500261900170301001be0562040c9bb550ba6720c9d0826df79e9fc5b58f7427160c7c9ad
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [eap] EAP packet type response id 21 length 38
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> [files] users: Matched entry DEFAULT at line 207
> ++[files] returns ok
> ++- entering group {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_peda] returns notfound
> [ldap_admin] performing user authorization for host/pc-admin
> [ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> [ldap_admin] checking if remote access for host/pc-admin is allowed by uid
> [ldap_admin] No default NMAS login sequence
> [ldap_admin] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
> [ldap_admin] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
> [ldap_admin] user host/pc-admin authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> +++[ldap_admin] returns ok
> ++- group returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Using Autz-Type ldap_peda
> +- entering group ldap_peda {...}
> [ldap_peda] performing user authorization for host/pc-admin
> [ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
> [ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
> rlm_ldap: object not found
> [ldap_peda] search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap_peda] returns notfound
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] eaptls_verify returned 7
> [peap] Done initial handshake
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established. Decoding tunneled attributes.
> [peap] Received EAP-TLV response.
> [peap] Success
> [peap] Using saved attributes from the original Access-Accept
> [eap] Freeing handler
> ++[eap] returns ok
> WARNING: Empty section. Using default return values.
> } # server inner-tunnel
> Sending Access-Accept of id 249 to 192.168.10.254 port 1024
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "20"
> Reply-Message = "ok_hostpeda"
> User-Name = "host/pc-admin"
> MS-MPPE-Recv-Key = 0x4cb00c191ad9ce2d5913f5218594324f3017e7efd7d209aa14b6b56b6a520f1a
> MS-MPPE-Send-Key = 0x48f134131000bba5b3f590233bc0e3d08e7d99b8f8806bb99b484ede6ce0b0b2
> EAP-Message = 0x03150004
> Message-Authenticator = 0x00000000000000000000000000000000
> Finished request 10.
> Going to the next request
> Waking up in 4.7 seconds.
> Cleaning up request 0 ID 239 with timestamp +40
> Cleaning up request 1 ID 240 with timestamp +40
> Cleaning up request 2 ID 241 with timestamp +40
> Cleaning up request 3 ID 242 with timestamp +40
> Cleaning up request 4 ID 243 with timestamp +40
> Cleaning up request 5 ID 244 with timestamp +40
> Cleaning up request 6 ID 245 with timestamp +40
> Cleaning up request 7 ID 246 with timestamp +40
> Cleaning up request 8 ID 247 with timestamp +40
> Cleaning up request 9 ID 248 with timestamp +40
> Cleaning up request 10 ID 249 with timestamp +40
> Ready to process requests.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list