Re: "[eap] = reject" after "Calling eap_md5 to process EAP data"
Kris Armstrong
kris.armstrong at me.com
Wed Jul 8 23:36:54 CEST 2015
here is what I am seeing since uncommenting the "nostrip"
(168) # Executing section authorize from file /etc/raddb/sites-enabled/default
(168) authorize {
(168) filter_username filter_username {
(168) if (!&User-Name)
(168) if (!&User-Name) -> FALSE
(168) if (&User-Name =~ / /)
(168) if (&User-Name =~ / /) -> FALSE
(168) if (&User-Name =~ /@.*@/ )
(168) if (&User-Name =~ /@.*@/ ) -> FALSE
(168) if (&User-Name =~ /\\.\\./ )
(168) if (&User-Name =~ /\\.\\./ ) -> FALSE
(168) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(168) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(168) if (&User-Name =~ /\\.$/)
(168) if (&User-Name =~ /\\.$/) -> FALSE
(168) if (&User-Name =~ /@\\./)
(168) if (&User-Name =~ /@\\./) -> FALSE
(168) } # filter_username filter_username = notfound
(168) WARNING: preprocess : There are more than 10 Proxy-State attributes in the request
(168) WARNING: preprocess : You have likely configured an infinite proxy loop
(168) [preprocess] = ok
(168) [chap] = noop
(168) [mschap] = noop
(168) [digest] = noop
(168) suffix : Checking for suffix after "@"
(168) suffix : Looking up realm "example.com" for User-Name = "user at example.com"
(168) suffix : Found realm "example.com"
(168) suffix : Adding Realm = "example.com"
(168) suffix : Proxying request from user user at example.com to realm example.com
(168) suffix : Preparing to proxy authentication request to realm "example.com"
(168) [suffix] = updated
(168) eap : Request is supposed to be proxied to Realm example.com. Not doing EAP.
(168) [eap] = noop
(168) [files] = noop
(168) sql : EXPAND %{User-Name}
(168) sql : --> user at example.com
(168) sql : SQL-User-Name set to 'user at example.com'
rlm_sql (sql): Reserved connection (4)
(168) sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(168) sql : --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user at example.com' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user at example.com' ORDER BY id'
(168) sql : EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(168) sql : --> SELECT groupname FROM radusergroup WHERE username = 'user at example.com' ORDER BY priority
rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'user at example.com' ORDER BY priority'
(168) sql : User not found in any groups
rlm_sql (sql): Released connection (4)
(168) [sql] = notfound
(168) [expiration] = noop
(168) [logintime] = noop
(168) [pap] = noop
(168) } # authorize = updated
(168) Proxying request to home server 127.0.0.1 port 1812 timeout 20.000000
(168) Sending Access-Request packet to host 127.0.0.1 port 1812, id=152, length=0
(168) User-Name = 'user at example.com'
(168) NAS-IP-Address = 10.250.8.180
(168) Called-Station-Id = 'c8d71992a9d7'
(168) Calling-Station-Id = '00c01732012e'
(168) NAS-Identifier = 'c8d71992a9d7'
(168) NAS-Port = 29
(168) Framed-MTU = 1400
(168) NAS-Port-Type = Wireless-802.11
(168) EAP-Message = 0x020000150175736572406578616d706c652e636f6d
(168) Message-Authenticator = 0xbeb9ebda3594a94e4cef4cb918c81000
(168) Event-Timestamp = 'Jul 8 2015 14:48:00 MDT'
(168) Proxy-State = 0x30
On Jul 08, 2015, at 02:40 AM, A.L.M.Buxey at lboro.ac.uk wrote:
Hi,
I tried uncommenting the line nostrip from the proxy.con. that didn’t work.
....and...... (what does the debug NOW look like? )
if you dont help us, by providing that output, we cannot help you.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list