Yet another Freeradius+openldap eap-ttls pap issue

Work piepoli.antonio at
Thu Nov 28 18:04:53 CET 2013

Il 28/11/2013 17:28, A.L.M.Buxey at ha scritto:
> Hi,
> PAP and CHAP without EAP dont use inner-tunnel
> if you arent calling LDAP module in the inner-tunnel then an EAP method
> that relies on ldap will simply not work.
> alan
> -
> List info/subscribe/unsubscribe? See
I do call LDAP in the inner-tunnel otherwise I think I will not have 
this output I guess:

rad_recv: Access-Request packet from host port 44972, id=102, 
         User-Name = "atest"
         User-Password = "atest"
         NAS-IP-Address =
         NAS-Port = 10
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "atest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[ldap] performing user authorization for atest
[ldap]  expand: %{Stripped-User-Name} ->
[ldap]  ... expanding second conditional
[ldap]  expand: %{User-Name} -> atest
[ldap]  expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=atest)
[ldap]  expand: dc=newenergygroup,dc=com -> dc=newenergygroup,dc=com
   [ldap] ldap_get_conn: Checking Id: 0
   [ldap] ldap_get_conn: Got Id: 0
   [ldap] attempting LDAP reconnection
   [ldap] (re)connect to, authentication 0
   [ldap] bind as cn=admin,dc=newenergygroup,dc=com/Ld4pPa$$w0rD to
   [ldap] waiting for bind result ...
   [ldap] Bind was successful
   [ldap] performing search in dc=newenergygroup,dc=com, with filter 
[ldap] Added User-Password = {MD5}tQzXLan1f4v2iAMD/1t2Ig== in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
[ldap] user atest authorized to use remote access
   [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "atest"
[pap] Using MD5 encryption.
[pap] Normalizing MD5-Password from base64 encoding
[pap] User authenticated successfully
++[pap] returns ok
Login OK: [atest] (from client localhost port 10)
+- entering group post-auth {...}
++[ldap] returns noop
} # server inner-tunnel
Sending Access-Accept of id 102 to port 44972
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 102 with timestamp +3
Ready to process requests.


More information about the Freeradius-Users mailing list