AD Auth Question
Martin, Jeremy
jmartin at emcc.edu
Mon Jan 1 02:36:44 CET 2018
radiusd: FreeRADIUS Version 3.0.13, for host x86_64-redhat-linux-gnu, built on Aug 23 2017 at 15:18:22
FreeRADIUS Version 3.0.13
Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Jeremy
> On Dec 31, 2017, at 8:32 PM, Nathan Ward <lists+freeradius at daork.net> wrote:
>
>
>> On 1/01/2018, at 2:20 PM, Martin, Jeremy <jmartin at emcc.edu> wrote:
>>
>> So I greatly appreciate the pointers and help thus far but unfortunately this part of the the project keeps running into wall after wall. So I decided to take a step back and start with a single domain on a nice clean install but come up with the same error from the inner-tunnel test.
>>
>> &Module-Failure-Message += 'Rejected: User-Name contains multiple ..s’
>>
>> When researching this error it seems to point to issues people had when upgrading from v2 to v3 but this is not the case in this instance and am not able to find any useful information after many hours of exhausting the resources that I did find.
>>
>> So I now have two questions:
>>
>> 1. As we are largely required to use FR due to the MD5 EAP requirement of a solution we need to support and the difficulties and other issues of getting this implemented I am seriously considering the viability of the product without commercial support options. Does anyone have any rough idea of cost for the commercial support option for a FR server in a educational production environment?
>>
>> 2. In the event we decide to go the commercial route, and honestly I am heavily leaning that way after the amount of time invested this weekend, I still really need to do a proof of concept before coming so any pointers on the following error?
>>
>> radtest -t mschap testuser simplepass 127.0.0.1:18120 0 testing123
>>
>> Received Access-Request Id 74 from 127.0.0.1:52096 to 127.0.0.1:18120 length 142
>> (1) User-Name = “testuser"
>> (1) NAS-IP-Address = 10.40.0.199
>> (1) NAS-Port = 0
>> (1) Message-Authenticator = 0xd61679269ea9b90bf0e38f138bd9a1a4
>> (1) MS-CHAP-Challenge = 0x1b48d5a1841beb78
>> (1) MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000a76b216d255f8f4b4b039e309a93b5e58e52e6fdc5feaf1e
>> (1) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
>> (1) authorize {
>> (1) policy filter_username {
>> (1) if (&User-Name) {
>> (1) if (&User-Name) -> TRUE
>> (1) if (&User-Name) {
>> (1) if (&User-Name =~ / /) {
>> (1) if (&User-Name =~ / /) -> FALSE
>> (1) if (&User-Name =~ /@[^@]*@/ ) {
>> (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
>> (1) if (&User-Name =~ /\.\./ ) {
>> (1) if (&User-Name =~ /\.\./ ) -> TRUE
>> (1) if (&User-Name =~ /\.\./ ) {
>> (1) update request {
>> (1) &Module-Failure-Message += 'Rejected: User-Name contains multiple ..s'
>> (1) } # update request = noop
>> (1) [reject] = reject
>> (1) } # if (&User-Name =~ /\.\./ ) = reject
>> (1) } # if (&User-Name) = reject
>> (1) } # policy filter_username = reject
>> (1) } # authorize = reject
>> (1) Invalid user (Rejected: User-Name contains multiple ..s): [testuser/<no User-Password attribute>] (from client localhost port 0)
>> (1) Using Post-Auth-Type Reject
>
> What version of FreeRADIUS are you running?
>
> What is correct_escapes set to in your radiusd.conf file?
>
> --
> Nathan Ward
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list