radwho not working

Clint Petty cpetty at luthresearch.com
Thu Oct 3 19:10:17 CEST 2013


Hi Alan,

Below is the results from radiusd -X (debug mode), while logging in:

rad_recv: Access-Request packet from host xx.xx.xx.79 port 40379, id=79, length=138
	User-Name = "test"
	NAS-Port-Type = Virtual
	Service-Type = Framed-User
	NAS-Port = 53
	NAS-Port-Id = "ios"
	NAS-IP-Address = xx.xx.xx.79
	Called-Station-Id = "xx.xx.xx.79[4500]"
	Calling-Station-Id = "xx.xx.xx.150[32055]"
	EAP-Message = 0x02000009016a646f65
	NAS-Identifier = "strongSwan"
	Message-Authenticator = 0x13a0846c40f521e3c009161546f6f3fb
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for test
[ldap] 	expand: (&(uid=%u)) -> (&(uid=test))
[ldap] 	expand: ou=People,dc=company,dc=com -> ou=People,dc=company,dc=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to xx.xx.xx.126:389, authentication 0
  [ldap] bind as cn=Admin,dc=company,dc=com/xxxx to xx.xx.xx.126:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
  [ldap] performing search in ou=People,dc=company,dc=com, with filter (&(uid=test))
[ldap] looking for check items in directory...
  [ldap] userPassword -> User-Password == "password"
  [ldap] userPassword -> Password-With-Header == "password"
  [ldap] sambaNtPassword -> NT-Password == 0x38424235443
[ldap] looking for reply items in directory...
[ldap] user test authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Config already contains "known good" password.  Ignoring Password-With-Header
[pap] Normalizing NT-Password from hex encoding
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"               !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 79 to xx.xx.xx.79 port 40379
	EAP-Message = 0x010100160410c73f50e02103b6473c8f5ed51995e29f
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x2310bb7d2311bf963fc3fbc63c331669
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host xx.xx.xx.79 port 40379, id=80, length=169
	User-Name = "test"
	NAS-Port-Type = Virtual
	Service-Type = Framed-User
	NAS-Port = 53
	NAS-Port-Id = "ios"
	NAS-IP-Address = xx.xx.xx.79
	Called-Station-Id = "xx.xx.xx.79[4500]"
	Calling-Station-Id = "xx.xx.xx.150[32055]"
	EAP-Message = 0x020100160410958ab4a6a9b38188febc74cc0c573b96
	NAS-Identifier = "strongSwan"
	State = 0x2310bb7d2311bf963fc3fbc63c331669
	Message-Authenticator = 0xdb77c116ca06726a60a2d3a224bc2e22
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 22
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for test
[ldap] 	expand: (&(uid=%u)) -> (&(uid=test))
[ldap] 	expand: ou=People,dc=company,dc=com -> ou=People,dc=company,dc=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in ou=People,dc=company,dc=com, with filter (&(uid=test))
[ldap] looking for check items in directory...
  [ldap] userPassword -> User-Password == "password"
  [ldap] userPassword -> Password-With-Header == "password"
  [ldap] sambaNtPassword -> NT-Password == 0x38424235443
[ldap] looking for reply items in directory...
[ldap] user test authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Config already contains "known good" password.  Ignoring Password-With-Header
[pap] Normalizing NT-Password from hex encoding
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"               !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/md5
[eap] processing type md5
[eap] Freeing handler
++[eap] returns ok
Login OK: [test] (from client localhost port 53 cli xx.xx.xx.150[32055])
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 80 to xx.xx.xx.79 port 40379
	EAP-Message = 0x03010004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "test"
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 79 with timestamp +20
Cleaning up request 1 ID 80 with timestamp +20
Ready to process requests.



-----Original Message-----
From: freeradius-users-bounces+me=company.com at lists.freeradius.org [mailto:freeradius-users-bounces+me=company.com at lists.freeradius.org] On Behalf Of A.L.M.Buxey at lboro.ac.uk
Sent: Thursday, October 03, 2013 1:32 AM
To: FreeRadius users mailing list
Subject: Re: radwho not working

Hi,
> I would like to display the active Radius connections.  When I run radwho I get the following results (showing nothing but the titles) even though I know I have an active connection:

using the utmp/wtmp modules?  what does your FreeRADIUS debug show when
someone logging in?

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list