Yet another Freeradius+openldap eap-ttls pap issue

Work piepoli.antonio at gmail.com
Thu Nov 28 18:04:53 CET 2013 

Il 28/11/2013 17:28, A.L.M.Buxey at lboro.ac.uk ha scritto:
> Hi,
>
>
> PAP and CHAP without EAP dont use inner-tunnel
>
> if you arent calling LDAP module in the inner-tunnel then an EAP method
> that relies on ldap will simply not work.
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I do call LDAP in the inner-tunnel otherwise I think I will not have 
this output I guess:

rad_recv: Access-Request packet from host 127.0.0.1 port 44972, id=102, 
length=57
         User-Name = "atest"
         User-Password = "atest"
         NAS-IP-Address = 127.0.1.1
         NAS-Port = 10
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "atest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[ldap] performing user authorization for atest
[ldap]  expand: %{Stripped-User-Name} ->
[ldap]  ... expanding second conditional
[ldap]  expand: %{User-Name} -> atest
[ldap]  expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=atest)
[ldap]  expand: dc=newenergygroup,dc=com -> dc=newenergygroup,dc=com
   [ldap] ldap_get_conn: Checking Id: 0
   [ldap] ldap_get_conn: Got Id: 0
   [ldap] attempting LDAP reconnection
   [ldap] (re)connect to test-ldap.newenergygroup.com:389, authentication 0
   [ldap] bind as cn=admin,dc=newenergygroup,dc=com/Ld4pPa$$w0rD to 
test-ldap.newenergygroup.com:389
   [ldap] waiting for bind result ...
   [ldap] Bind was successful
   [ldap] performing search in dc=newenergygroup,dc=com, with filter 
(uid=atest)
[ldap] Added User-Password = {MD5}tQzXLan1f4v2iAMD/1t2Ig== in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
[ldap] user atest authorized to use remote access
   [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "atest"
[pap] Using MD5 encryption.
[pap] Normalizing MD5-Password from base64 encoding
[pap] User authenticated successfully
++[pap] returns ok
Login OK: [atest] (from client localhost port 10)
+- entering group post-auth {...}
++[ldap] returns noop
} # server inner-tunnel
Sending Access-Accept of id 102 to 127.0.0.1 port 44972
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 102 with timestamp +3
Ready to process requests.


Thanks

More information about the Freeradius-Users mailing list