Problem with spaces in usernames.
Maciej Milewski
milu at dat.pl
Wed Jan 29 17:44:49 CET 2014
My main goal is creating EAP-TLS configuration but I wanted to be sure
the easiest way is working fine. And it's not working for me.
What's wrong that 3.0.0 version doesn't treat:
"A Guest" the same way as aguest?
They are configured this way in users file:
"A Guest" Cleartext-Password := "123456"
Reply-Message = "Hello %{User-Name}"
aguest Cleartext-Password := "123456"
Reply-Message = "Hello, %{User-Name}"
and talking with radtest from other host makes following showing in debug:
rad_recv: Access-Request packet from host 10.0.6.10 port 57803, id=3,
length=77
User-Name = 'A Guest'
User-Password = '123456'
NAS-IP-Address = 10.0.6.10
NAS-Port = 0
Message-Authenticator = 0x3499158ba2be438b4e63389ffd091332
Wed Jan 29 17:20:58 2014 : Debug: (0) # Executing section authorize from
file /usr/local/etc/raddb/sites-enabled/default
Wed Jan 29 17:20:58 2014 : Debug: (0) authorize {
Wed Jan 29 17:20:58 2014 : Debug: (0) filter_username filter_username {
Wed Jan 29 17:20:58 2014 : Debug: (0) ? if (User-Name !=
"%{tolower:%{User-Name}}")
Wed Jan 29 17:20:58 2014 : Debug: %{tolower:%{User-Name}}
Wed Jan 29 17:20:58 2014 : Debug: Parsed xlat tree:
Wed Jan 29 17:20:58 2014 : Debug: xlat: tolower
Wed Jan 29 17:20:58 2014 : Debug: {
Wed Jan 29 17:20:58 2014 : Debug: attribute: User-Name
Wed Jan 29 17:20:58 2014 : Debug: {
Wed Jan 29 17:20:58 2014 : Debug: ref 2
Wed Jan 29 17:20:58 2014 : Debug: list 1
Wed Jan 29 17:20:58 2014 : Debug: tag -128
Wed Jan 29 17:20:58 2014 : Debug: }
Wed Jan 29 17:20:58 2014 : Debug: }
Wed Jan 29 17:20:58 2014 : Debug: (0) expand:
"%{tolower:%{User-Name}}" -> 'a guest'
Wed Jan 29 17:20:58 2014 : Debug: (0) ? if (User-Name !=
"%{tolower:%{User-Name}}") -> TRUE
Wed Jan 29 17:20:58 2014 : Debug: (0) if (User-Name !=
"%{tolower:%{User-Name}}") {
Wed Jan 29 17:20:58 2014 : Debug: (0) modsingle[authorize]: calling
reject (rlm_always) for request 0
Wed Jan 29 17:20:58 2014 : Debug: (0) modsingle[authorize]: returned
from reject (rlm_always) for request 0
Wed Jan 29 17:20:58 2014 : Debug: (0) [reject] = reject
Wed Jan 29 17:20:58 2014 : Debug: (0) } # if (User-Name !=
"%{tolower:%{User-Name}}") = reject
Wed Jan 29 17:20:58 2014 : Debug: (0) } # filter_username
filter_username = reject
Wed Jan 29 17:20:58 2014 : Debug: (0) } # authorize = reject
Wed Jan 29 17:20:58 2014 : Debug: (0) Using Post-Auth-Type Reject
Wed Jan 29 17:20:58 2014 : Debug: (0) # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Wed Jan 29 17:20:58 2014 : Debug: (0) Post-Auth-Type REJECT {
Wed Jan 29 17:20:58 2014 : Debug: (0) modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter) for request 0
Wed Jan 29 17:20:58 2014 : Debug: %{User-Name}
Wed Jan 29 17:20:58 2014 : Debug: Parsed xlat tree:
Wed Jan 29 17:20:58 2014 : Debug: attribute: User-Name
Wed Jan 29 17:20:58 2014 : Debug: {
Wed Jan 29 17:20:58 2014 : Debug: ref 2
Wed Jan 29 17:20:58 2014 : Debug: list 1
Wed Jan 29 17:20:58 2014 : Debug: tag -128
Wed Jan 29 17:20:58 2014 : Debug: }
Wed Jan 29 17:20:58 2014 : Debug: (0) attr_filter.access_reject :
expand: "%{User-Name}" -> 'A Guest'
Wed Jan 29 17:20:58 2014 : Debug: (0) attr_filter.access_reject :
Matched entry DEFAULT at line 11
Wed Jan 29 17:20:58 2014 : Debug: (0) modsingle[post-auth]: returned
from attr_filter.access_reject (rlm_attr_filter) for request 0
Wed Jan 29 17:20:58 2014 : Debug: (0) [attr_filter.access_reject] =
updated
Wed Jan 29 17:20:58 2014 : Debug: (0) modsingle[post-auth]: calling
eap (rlm_eap) for request 0
Wed Jan 29 17:20:58 2014 : Debug: (0) eap : Request didn't contain an
EAP-Message, not inserting EAP-Failure
Wed Jan 29 17:20:58 2014 : Debug: (0) modsingle[post-auth]: returned
from eap (rlm_eap) for request 0
Wed Jan 29 17:20:58 2014 : Debug: (0) [eap] = noop
Wed Jan 29 17:20:58 2014 : Debug: (0) remove_reply_message_if_eap
remove_reply_message_if_eap {
Wed Jan 29 17:20:58 2014 : Debug: (0) ? if (reply:EAP-Message &&
reply:Reply-Message)
Wed Jan 29 17:20:58 2014 : Debug: (0) ? if (reply:EAP-Message &&
reply:Reply-Message) -> FALSE
Wed Jan 29 17:20:58 2014 : Debug: (0) else else {
Wed Jan 29 17:20:58 2014 : Debug: (0) modsingle[post-auth]: calling
noop (rlm_always) for request 0
Wed Jan 29 17:20:58 2014 : Debug: (0) modsingle[post-auth]: returned
from noop (rlm_always) for request 0
Wed Jan 29 17:20:58 2014 : Debug: (0) [noop] = noop
Wed Jan 29 17:20:58 2014 : Debug: (0) } # else else = noop
Wed Jan 29 17:20:58 2014 : Debug: (0) } # remove_reply_message_if_eap
remove_reply_message_if_eap = noop
Wed Jan 29 17:20:58 2014 : Debug: (0) } # Post-Auth-Type REJECT = updated
Wed Jan 29 17:20:58 2014 : Debug: (0) Finished request 0.
Wed Jan 29 17:20:58 2014 : Debug: Waking up in 0.3 seconds.
Wed Jan 29 17:20:58 2014 : Debug: Waking up in 0.6 seconds.
Wed Jan 29 17:20:59 2014 : Debug: (0) Sending delayed reject
Sending Access-Reject of id 3 from 10.0.6.207 port 1812 to 10.0.6.10
port 57803
Wed Jan 29 17:20:59 2014 : Debug: Waking up in 4.9 seconds.
Wed Jan 29 17:21:04 2014 : Debug: (0) Cleaning up request packet ID 3
with timestamp +29
Wed Jan 29 17:21:04 2014 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 10.0.6.10 port 44948, id=210,
length=76
User-Name = 'aguest'
User-Password = '123456'
NAS-IP-Address = 10.0.6.10
NAS-Port = 0
Message-Authenticator = 0xdfd5232531e2f84735f3a9b1b94c22c9
Wed Jan 29 17:21:10 2014 : Debug: (1) # Executing section authorize from
file /usr/local/etc/raddb/sites-enabled/default
Wed Jan 29 17:21:10 2014 : Debug: (1) authorize {
Wed Jan 29 17:21:10 2014 : Debug: (1) filter_username filter_username {
Wed Jan 29 17:21:10 2014 : Debug: (1) ? if (User-Name !=
"%{tolower:%{User-Name}}")
Wed Jan 29 17:21:10 2014 : Debug: %{tolower:%{User-Name}}
Wed Jan 29 17:21:10 2014 : Debug: Parsed xlat tree:
Wed Jan 29 17:21:10 2014 : Debug: xlat: tolower
Wed Jan 29 17:21:10 2014 : Debug: {
Wed Jan 29 17:21:10 2014 : Debug: attribute: User-Name
Wed Jan 29 17:21:10 2014 : Debug: {
Wed Jan 29 17:21:10 2014 : Debug: ref 2
Wed Jan 29 17:21:10 2014 : Debug: list 1
Wed Jan 29 17:21:10 2014 : Debug: tag -128
Wed Jan 29 17:21:10 2014 : Debug: }
Wed Jan 29 17:21:10 2014 : Debug: }
Wed Jan 29 17:21:10 2014 : Debug: }
Wed Jan 29 17:21:10 2014 : Debug: (1) expand:
"%{tolower:%{User-Name}}" -> 'aguest'
Wed Jan 29 17:21:10 2014 : Debug: (1) ? if (User-Name !=
"%{tolower:%{User-Name}}") -> FALSE
Wed Jan 29 17:21:10 2014 : Debug: (1) ? if (User-Name =~ / /)
Wed Jan 29 17:21:10 2014 : Debug: (1) ? if (User-Name =~ / /) -> FALSE
Wed Jan 29 17:21:10 2014 : Debug: (1) ? if (User-Name =~ /@.*@/ )
Wed Jan 29 17:21:10 2014 : Debug: (1) ? if (User-Name =~ /@.*@/ ) ->
FALSE
Wed Jan 29 17:21:10 2014 : Debug: (1) ? if (User-Name =~ /\\.\\./ )
Wed Jan 29 17:21:10 2014 : Debug: (1) ? if (User-Name =~ /\\.\\./ )
-> FALSE
Wed Jan 29 17:21:10 2014 : Debug: (1) ? if ((User-Name =~ /@/) &&
(User-Name !~ /@(.+)\\.(.+)$/)) Wed Jan 29 17:21:10 2014 : Debug: (1)
? if ((User-Name =~ /@/) &&
(User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
Wed Jan 29 17:21:10 2014 : Debug: (1) ? if (User-Name =~ /\\.$/) Wed
Jan 29 17:21:10 2014 : Debug: (1) ? if (User-Name =~ /\\.$/) ->
FALSE
Wed Jan 29 17:21:10 2014 : Debug: (1) ? if (User-Name =~ /@\\./) Wed
Jan 29 17:21:10 2014 : Debug: (1) ? if (User-Name =~ /@\\./) ->
FALSE
Wed Jan 29 17:21:10 2014 : Debug: (1) } # filter_username
filter_username = notfound
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: returned
from preprocess (rlm_preprocess) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) [preprocess] = ok
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: calling
chap (rlm_chap) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: returned
from chap (rlm_chap) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) [chap] = noop
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: calling
mschap (rlm_mschap) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: returned
from mschap (rlm_mschap) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) [mschap] = noop
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: calling
digest (rlm_digest) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: returned
from digest (rlm_digest) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) [digest] = noop
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: calling
suffix (rlm_realm) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) suffix : No '@' in User-Name =
"aguest", looking up realm NULL
Wed Jan 29 17:21:10 2014 : Debug: (1) suffix : No such realm "NULL"
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: returned
from suffix (rlm_realm) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) [suffix] = noop
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: calling
eap (rlm_eap) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) eap : No EAP-Message, not doing EAP
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: returned
from eap (rlm_eap) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) [eap] = noop
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: calling
files (rlm_files) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) files : users: Matched entry
aguest at line 57
Wed Jan 29 17:21:10 2014 : Debug: Hello, %{User-Name}
Wed Jan 29 17:21:10 2014 : Debug: Parsed xlat tree:
Wed Jan 29 17:21:10 2014 : Debug: literal: 'Hello, '
Wed Jan 29 17:21:10 2014 : Debug: attribute: User-Name
Wed Jan 29 17:21:10 2014 : Debug: {
Wed Jan 29 17:21:10 2014 : Debug: ref 2
Wed Jan 29 17:21:10 2014 : Debug: list 1
Wed Jan 29 17:21:10 2014 : Debug: tag -128
Wed Jan 29 17:21:10 2014 : Debug: }
Wed Jan 29 17:21:10 2014 : Debug: (1) files : expand: "Hello,
%{User-Name}" -> 'Hello, aguest'
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: returned
from files (rlm_files) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) [files] = ok
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: calling
expiration (rlm_expiration) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: returned
from expiration (rlm_expiration) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) [expiration] = noop
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: calling
logintime (rlm_logintime) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: returned
from logintime (rlm_logintime) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) [logintime] = noop
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: calling
pap (rlm_pap) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authorize]: returned
from pap (rlm_pap) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) [pap] = updated
Wed Jan 29 17:21:10 2014 : Debug: (1) } # authorize = updated
Wed Jan 29 17:21:10 2014 : Debug: (1) Found Auth-Type = PAP
Wed Jan 29 17:21:10 2014 : Debug: (1) # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Wed Jan 29 17:21:10 2014 : Debug: (1) Auth-Type PAP {
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authenticate]: calling
pap (rlm_pap) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) pap : login attempt with password
"123456"
Wed Jan 29 17:21:10 2014 : Debug: (1) pap : Using clear text password
"123456"
Wed Jan 29 17:21:10 2014 : Debug: (1) pap : User authenticated successfully
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[authenticate]:
returned from pap (rlm_pap) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) [pap] = ok
Wed Jan 29 17:21:10 2014 : Debug: (1) } # Auth-Type PAP = ok
Wed Jan 29 17:21:10 2014 : Debug: (1) # Executing section post-auth from
file /usr/local/etc/raddb/sites-enabled/default
Wed Jan 29 17:21:10 2014 : Debug: (1) post-auth {
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[post-auth]: calling
exec (rlm_exec) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[post-auth]: returned
from exec (rlm_exec) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) [exec] = noop
Wed Jan 29 17:21:10 2014 : Debug: (1) remove_reply_message_if_eap
remove_reply_message_if_eap {
Wed Jan 29 17:21:10 2014 : Debug: (1) ? if (reply:EAP-Message &&
reply:Reply-Message)
Wed Jan 29 17:21:10 2014 : Debug: (1) ? if (reply:EAP-Message &&
reply:Reply-Message) -> FALSE
Wed Jan 29 17:21:10 2014 : Debug: (1) else else {
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[post-auth]: calling
noop (rlm_always) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) modsingle[post-auth]: returned
from noop (rlm_always) for request 1
Wed Jan 29 17:21:10 2014 : Debug: (1) [noop] = noop
Wed Jan 29 17:21:10 2014 : Debug: (1) } # else else = noop
Wed Jan 29 17:21:10 2014 : Debug: (1) } # remove_reply_message_if_eap
remove_reply_message_if_eap = noop
Wed Jan 29 17:21:10 2014 : Debug: (1) } # post-auth = noop
Sending Access-Accept of id 210 from 10.0.6.207 port 1812 to 10.0.6.10
port 44948
Reply-Message = 'Hello, aguest'
Wed Jan 29 17:21:10 2014 : Debug: (1) Finished request 1.
Wed Jan 29 17:21:10 2014 : Debug: Waking up in 0.3 seconds.
Wed Jan 29 17:21:10 2014 : Debug: Waking up in 4.6 seconds.
--
Pozdrawiam,
Maciej Milewski
More information about the Freeradius-Users
mailing list