Re: "[eap] = reject" after "Calling eap_md5 to process EAP data"

Kris Armstrong kris.armstrong at me.com
Wed Jul 8 23:36:54 CEST 2015


here is what I am seeing since uncommenting the "nostrip" 

(168) # Executing section authorize from file /etc/raddb/sites-enabled/default
(168)   authorize {
(168)   filter_username filter_username {
(168)     if (!&User-Name)
(168)     if (!&User-Name)  -> FALSE
(168)     if (&User-Name =~ / /)
(168)     if (&User-Name =~ / /)  -> FALSE
(168)     if (&User-Name =~ /@.*@/ )
(168)     if (&User-Name =~ /@.*@/ )  -> FALSE
(168)     if (&User-Name =~ /\\.\\./ )
(168)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(168)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(168)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(168)     if (&User-Name =~ /\\.$/)
(168)     if (&User-Name =~ /\\.$/)   -> FALSE
(168)     if (&User-Name =~ /@\\./)
(168)     if (&User-Name =~ /@\\./)   -> FALSE
(168)   } # filter_username filter_username = notfound
(168)  WARNING: preprocess : There are more than 10 Proxy-State attributes in the request
(168)  WARNING: preprocess : You have likely configured an infinite proxy loop
(168)   [preprocess] = ok
(168)   [chap] = noop
(168)   [mschap] = noop
(168)   [digest] = noop
(168)  suffix : Checking for suffix after "@"
(168)  suffix : Looking up realm "example.com" for User-Name = "user at example.com"
(168)  suffix : Found realm "example.com"
(168)  suffix : Adding Realm = "example.com"
(168)  suffix : Proxying request from user user at example.com to realm example.com
(168)  suffix : Preparing to proxy authentication request to realm "example.com"
(168)   [suffix] = updated
(168)  eap : Request is supposed to be proxied to Realm example.com. Not doing EAP.
(168)   [eap] = noop
(168)   [files] = noop
(168)  sql : EXPAND %{User-Name}
(168)  sql :    --> user at example.com
(168)  sql : SQL-User-Name set to 'user at example.com'
rlm_sql (sql): Reserved connection (4)
(168)  sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(168)  sql :    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user at example.com' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user at example.com' ORDER BY id'
(168)  sql : EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(168)  sql :    --> SELECT groupname FROM radusergroup WHERE username = 'user at example.com' ORDER BY priority
rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'user at example.com' ORDER BY priority'
(168)  sql : User not found in any groups
rlm_sql (sql): Released connection (4)
(168)   [sql] = notfound
(168)   [expiration] = noop
(168)   [logintime] = noop
(168)   [pap] = noop
(168)  } #  authorize = updated
(168) Proxying request to home server 127.0.0.1 port 1812 timeout 20.000000
(168) Sending Access-Request packet to host 127.0.0.1 port 1812, id=152, length=0
(168)   User-Name = 'user at example.com'
(168)   NAS-IP-Address = 10.250.8.180
(168)   Called-Station-Id = 'c8d71992a9d7'
(168)   Calling-Station-Id = '00c01732012e'
(168)   NAS-Identifier = 'c8d71992a9d7'
(168)   NAS-Port = 29
(168)   Framed-MTU = 1400
(168)   NAS-Port-Type = Wireless-802.11
(168)   EAP-Message = 0x020000150175736572406578616d706c652e636f6d
(168)   Message-Authenticator = 0xbeb9ebda3594a94e4cef4cb918c81000
(168)   Event-Timestamp = 'Jul  8 2015 14:48:00 MDT'
(168)   Proxy-State = 0x30

On Jul 08, 2015, at 02:40 AM, A.L.M.Buxey at lboro.ac.uk wrote:

Hi,
I tried uncommenting the line nostrip from the proxy.con. that didn’t work.


....and...... (what does the debug NOW look like? )

if you dont help us, by providing that output, we cannot help you.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list