rlm_cache NT-Password with EAP-PEAP

Sherker, Donald Donald.Sherker at mybrighthouse.com
Fri Feb 27 20:54:10 CET 2015 

>Don't list LDAP in the outer server, you only need passwords in the inner server.

I have removed LDAP from the outer server.  Thank you.

>and no more calls to cache, so i'm not sure what you were expecting to happen.
>
>For the PEAP request the cache will have been cleared as the server has been restarted. If you want a persistent
>cache, you need to use the memcached driver and run a memcached server. That won't persist across memcached >restarts though.
>
>For that there'd need to be a new file system based cache driver.

I understand that the cache will not persist across restarts of the radius server.  The problem that we are having is that NT-Password and LM-Password are not available for caching when EAP-PEAP is used.  What I am showing in the logs is the first time a user connects and what is being cached.

Thanks,

Don

EAP-TTLS - It is able to cache the NT-Password and LM-Password:

Fri Feb 27 11:47:49 2015 : Debug: (6)       modsingle[post-auth]: calling cache (rlm_cache) for request 6
Fri Feb 27 11:47:49 2015 : Debug: %{User-Name}%{outer.request:Calling-Station-Id}
Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree:
Fri Feb 27 11:47:49 2015 : Debug: attribute --> User-Name
Fri Feb 27 11:47:49 2015 : Debug: attribute --> Calling-Station-Id
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id}
Fri Feb 27 11:47:49 2015 : Debug: (6) cache:    --> qaresdone899c47233d8
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Mutex acquired
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: No cache entry found for "qaresdone899c47233d8"
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Creating new cache entry
Fri Feb 27 11:47:49 2015 : Debug: %{control:NT-Password}
Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree:
Fri Feb 27 11:47:49 2015 : Debug: attribute --> NT-Password
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{control:NT-Password}
Fri Feb 27 11:47:49 2015 : Debug: (6) cache:    --> 0x5835048ce94ad0564e29a924a03510ef
Fri Feb 27 11:47:49 2015 : Debug: (6) cache:   control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef
Fri Feb 27 11:47:49 2015 : Debug: %{control:LM-Password}
Fri Feb 27 11:47:49 2015 : Debug: Parsed xlat tree:
Fri Feb 27 11:47:49 2015 : Debug: attribute --> LM-Password
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: EXPAND %{control:LM-Password}
Fri Feb 27 11:47:49 2015 : Debug: (6) cache:    --> 0xe52cac67419a9a2238f10713b629b565
Fri Feb 27 11:47:49 2015 : Debug: (6) cache:   control:LM-Password := 0xe52cac67419a9a2238f10713b629b565
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Merging cache entry into request
Fri Feb 27 11:47:49 2015 : Debug: (6) cache:   &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef
Fri Feb 27 11:47:49 2015 : Debug: (6) cache:   &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: FROM 2 TO 6 MAX 8
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: Examining NT-Password
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: OVERWRITING NT-Password FROM 0 TO 4
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: Examining LM-Password
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: OVERWRITING LM-Password FROM 1 TO 5
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: TO in 6 out 6
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[0] = Proxy-To-Realm
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[1] = Ldap-UserDn
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[2] = Cleartext-Password
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[3] = Auth-Type
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[4] = NT-Password
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: ::: to[5] = LM-Password
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Commited entry, TTL 86400 seconds
Fri Feb 27 11:47:49 2015 : Debug: (6) cache: Mutex released
Fri Feb 27 11:47:49 2015 : Debug: (6)       modsingle[post-auth]: returned from cache (rlm_cache) for request 6
Fri Feb 27 11:47:49 2015 : Debug: (6)       [cache] = updated


EAP-PEAP - It is not able to cache the NT-Password and LM-Password:

Fri Feb 27 11:48:44 2015 : Debug: (8)       modsingle[post-auth]: calling cache (rlm_cache) for request 8
Fri Feb 27 11:48:44 2015 : Debug: %{User-Name}%{outer.request:Calling-Station-Id}
Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree:
Fri Feb 27 11:48:44 2015 : Debug: attribute --> User-Name
Fri Feb 27 11:48:44 2015 : Debug: attribute --> Calling-Station-Id
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id}
Fri Feb 27 11:48:44 2015 : Debug: (8) cache:    --> qaresdone899c47233d8
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Mutex acquired
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: No cache entry found for "qaresdone899c47233d8"
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Creating new cache entry
Fri Feb 27 11:48:44 2015 : Debug: %{control:NT-Password}
Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree:
Fri Feb 27 11:48:44 2015 : Debug: attribute --> NT-Password
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: EXPAND %{control:NT-Password}
Fri Feb 27 11:48:44 2015 : Debug: (8) cache:    -->
Fri Feb 27 11:48:44 2015 : Debug: (8) cache:   control:NT-Password := 0x
Fri Feb 27 11:48:44 2015 : Debug: %{control:LM-Password}
Fri Feb 27 11:48:44 2015 : Debug: Parsed xlat tree:
Fri Feb 27 11:48:44 2015 : Debug: attribute --> LM-Password
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: EXPAND %{control:LM-Password}
Fri Feb 27 11:48:44 2015 : Debug: (8) cache:    -->
Fri Feb 27 11:48:44 2015 : Debug: (8) cache:   control:LM-Password := 0x
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Merging cache entry into request
Fri Feb 27 11:48:44 2015 : Debug: (8) cache:   &control:NT-Password := 0x
Fri Feb 27 11:48:44 2015 : Debug: (8) cache:   &control:LM-Password := 0x
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: FROM 2 TO 4 MAX 6
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: Examining NT-Password
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: APPENDING NT-Password FROM 0 TO 4
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: Examining LM-Password
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: APPENDING LM-Password FROM 1 TO 5
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: TO in 4 out 6
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[0] = Proxy-To-Realm
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[1] = Ldap-UserDn
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[2] = Cleartext-Password
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[3] = Auth-Type
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[4] = NT-Password
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: ::: to[5] = LM-Password
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Commited entry, TTL 86400 seconds
Fri Feb 27 11:48:44 2015 : Debug: (8) cache: Mutex released
Fri Feb 27 11:48:44 2015 : Debug: (8)       modsingle[post-auth]: returned from cache (rlm_cache) for request 8
Fri Feb 27 11:48:44 2015 : Debug: (8)       [cache] = updated

________________________________

CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. **If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.

More information about the Freeradius-Users mailing list