Credentials format in Windows suplicant
joanroldan
joan.roldan.paitovi at gmail.com
Thu Jun 23 15:28:06 CEST 2011
Hi everybody,
I have successfully authenticated a user by adding this portion
authorize {
if (User-Name =~ /^([^@]*)@(.+)$/) {
update request {
Stripped-User-Name := "%{1}"
Realm := "%{toupper:%{2}}"
}
}
else {
reject
}
that Phil provide me.
The internal authentication/accounting with Active Directory is fine, so all
corporate users using eduroam with internal realms in the credentials can
gain access to the network.
However, using users from another realms which have to be proxied do not. In
debug mode the request is proxied:
u Jun 23 15:22:03 2011 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 172.18.1.10 port 32769, id=97,
length=203
User-Name = "proves_irta at cesca.cat"
Calling-Station-Id = "00-26-B6-59-F1-EA"
Called-Station-Id = "00-22-55-F1-80-B0:eduroam"
NAS-Port = 1
NAS-IP-Address = 172.18.1.10
NAS-Identifier = "WLC_SSCC"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x0205001a0170726f7665735f697274614063657363612e636174
Message-Authenticator = 0x559f7e2dfefa8dffefb282cb2c7dae91
Thu Jun 23 15:22:16 2011 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Thu Jun 23 15:22:16 2011 : Info: +- entering group authorize {...}
Thu Jun 23 15:22:16 2011 : Info: ++[chap] returns noop
Thu Jun 23 15:22:16 2011 : Info: ++[mschap] returns noop
Thu Jun 23 15:22:16 2011 : Info: [suffix] Looking up realm "cesca.cat" for
User-Name = "proves_irta at cesca.cat"
Thu Jun 23 15:22:16 2011 : Info: [suffix] Found realm "DEFAULT"
Thu Jun 23 15:22:16 2011 : Info: [suffix] Adding Realm = "DEFAULT"
Thu Jun 23 15:22:16 2011 : Info: [suffix] Proxying request from user
proves_irta to realm DEFAULT
Thu Jun 23 15:22:16 2011 : Info: [suffix] Preparing to proxy authentication
request to realm "DEFAULT"
Thu Jun 23 15:22:16 2011 : Info: ++[suffix] returns updated
Thu Jun 23 15:22:16 2011 : Info: [eap] Request is supposed to be proxied to
Realm DEFAULT. Not doing EAP.
Thu Jun 23 15:22:16 2011 : Info: ++[eap] returns noop
Thu Jun 23 15:22:16 2011 : Info: ++[files] returns noop
Thu Jun 23 15:22:16 2011 : Info: WARNING: Empty pre-proxy section. Using
default return values.
Sending Access-Request of id 113 to 84.88.0.19 port 1812
User-Name = "proves_irta at cesca.cat"
Calling-Station-Id = "00-26-B6-59-F1-EA"
Called-Station-Id = "00-22-55-F1-80-B0:eduroam"
NAS-Port = 1
NAS-IP-Address = 172.18.1.10
NAS-Identifier = "WLC_SSCC"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x0205001a0170726f7665735f697274614063657363612e636174
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x3937
Thu Jun 23 15:22:16 2011 : Info: Proxying request 0 to home server
84.88.0.19 port 1812
Sending Access-Request of id 113 to 84.88.0.19 port 1812
User-Name = "proves_irta at cesca.cat"
Calling-Station-Id = "00-26-B6-59-F1-EA"
Called-Station-Id = "00-22-55-F1-80-B0:eduroam"
NAS-Port = 1
NAS-IP-Address = 172.18.1.10
NAS-Identifier = "WLC_SSCC"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x0205001a0170726f7665735f697274614063657363612e636174
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x3937
Thu Jun 23 15:22:16 2011 : Debug: Going to the next request
Thu Jun 23 15:22:16 2011 : Debug: Waking up in 0.9 seconds.
Thu Jun 23 15:22:17 2011 : Debug: Waking up in 12.9 seconds.
rad_recv: Access-Request packet from host 172.18.1.10 port 32769, id=97,
length=203
Thu Jun 23 15:22:18 2011 : Info: Sending duplicate proxied request to home
server 84.88.0.19 port 1812 - ID: 113
Sending Access-Request of id 113 to 84.88.0.19 port 1812
User-Name = "proves_irta at cesca.cat"
Calling-Station-Id = "00-26-B6-59-F1-EA"
Called-Station-Id = "00-22-55-F1-80-B0:eduroam"
NAS-Port = 1
NAS-IP-Address = 172.18.1.10
NAS-Identifier = "WLC_SSCC"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x0205001a0170726f7665735f697274614063657363612e636174
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x3937
Thu Jun 23 15:22:18 2011 : Debug: Waking up in 11.9 seconds.
rad_recv: Access-Request packet from host 172.18.1.10 port 32769, id=97,
length=203
Thu Jun 23 15:22:20 2011 : Info: Sending duplicate proxied request to home
server 84.88.0.19 port 1812 - ID: 113
Sending Access-Request of id 113 to 84.88.0.19 port 1812
User-Name = "proves_irta at cesca.cat"
Calling-Station-Id = "00-26-B6-59-F1-EA"
Called-Station-Id = "00-22-55-F1-80-B0:eduroam"
NAS-Port = 1
NAS-IP-Address = 172.18.1.10
NAS-Identifier = "WLC_SSCC"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x0205001a0170726f7665735f697274614063657363612e636174
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x3937
Thu Jun 23 15:22:20 2011 : Debug: Waking up in 9.9 seconds.
rad_recv: Access-Request packet from host 172.18.1.10 port 32769, id=97,
length=203
Thu Jun 23 15:22:22 2011 : Info: Sending duplicate proxied request to home
server 84.88.0.19 port 1812 - ID: 113
Sending Access-Request of id 113 to 84.88.0.19 port 1812
User-Name = "proves_irta at cesca.cat"
Calling-Station-Id = "00-26-B6-59-F1-EA"
Called-Station-Id = "00-22-55-F1-80-B0:eduroam"
NAS-Port = 1
NAS-IP-Address = 172.18.1.10
NAS-Identifier = "WLC_SSCC"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x0205001a0170726f7665735f697274614063657363612e636174
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x3937
Thu Jun 23 15:22:22 2011 : Debug: Waking up in 7.9 seconds.
rad_recv: Access-Request packet from host 172.18.1.10 port 32769, id=97,
length=203
Thu Jun 23 15:22:24 2011 : Info: Sending duplicate proxied request to home
server 84.88.0.19 port 1812 - ID: 113
Sending Access-Request of id 113 to 84.88.0.19 port 1812
User-Name = "proves_irta at cesca.cat"
Calling-Station-Id = "00-26-B6-59-F1-EA"
Called-Station-Id = "00-22-55-F1-80-B0:eduroam"
NAS-Port = 1
NAS-IP-Address = 172.18.1.10
NAS-Identifier = "WLC_SSCC"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x0205001a0170726f7665735f697274614063657363612e636174
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x3937
Thu Jun 23 15:22:24 2011 : Debug: Waking up in 5.9 seconds.
rad_recv: Access-Request packet from host 172.18.1.10 port 32769, id=97,
length=203
Thu Jun 23 15:22:26 2011 : Info: Sending duplicate proxied request to home
server 84.88.0.19 port 1812 - ID: 113
Sending Access-Request of id 113 to 84.88.0.19 port 1812
User-Name = "proves_irta at cesca.cat"
Calling-Station-Id = "00-26-B6-59-F1-EA"
Called-Station-Id = "00-22-55-F1-80-B0:eduroam"
NAS-Port = 1
NAS-IP-Address = 172.18.1.10
NAS-Identifier = "WLC_SSCC"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x0205001a0170726f7665735f697274614063657363612e636174
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x3937
Thu Jun 23 15:22:26 2011 : Debug: Waking up in 3.9 seconds.
Thu Jun 23 15:22:30 2011 : Info: WARNING: Internal sanity check failed in
event handler for request 0: Discarding the request!
Thu Jun 23 15:22:30 2011 : Info: Ready to process requests.
to the radius server as proxy.conf has the realm DEFAULT to this RADIUS. I
understand that it does not do EAP, but it must be done?
The administrator of the proxy RADIUS says that he receive the request but
after sending the challenge, my freeradius do not answer?
Could anyone explain me this, please?
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Credentials-format-in-Windows-suplicant-tp4476319p4517440.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list