Failed authentication on Eduroam FreeRADIUS server
Tal Nur
nurtal at yahoo.com
Wed Apr 17 09:59:06 CEST 2019
Dear colleagues
I'm trying to setup Freeradius IdP server for Eduroam service.
I followed the "how-tos" on wiki.geant.org but during the test of my
setup I'd got the following error messages:
===============================================================================
Ready to process requests
(1) Received Access-Request Id 0 from 89.250.80.136:1117 to
89.250.80.130:1812 length 213
(1) Message-Authenticator = 0x0083de2f19d2f059d3d800138a6f7374
(1) Service-Type = Framed-User
(1) User-Name = "sake at kazrena.kz"
(1) Framed-MTU = 1488
(1) Called-Station-Id = "00-22-B0-0C-84-71:eduroam"
(1) Calling-Station-Id = "18-F4-6A-33-41-A5"
(1) NAS-Identifier = "D-Link Access Point"
(1) NAS-Port-Type = Wireless-802.11
(1) Connect-Info = "CONNECT 54Mbps 802.11g"
(1) EAP-Message = 0x020000140173616b65406b617a72656e612e6b7a
(1) NAS-IP-Address = 89.250.80.136
(1) NAS-Port = 1
(1) NAS-Port-Id = "STA port # 1"
(1) # Executing section authorize from file
/etc/freeradius/sites-enabled/eduroam
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) ERROR: regex failed: Found null in subject at offset 15.
String unsafe for evaluation
(1) ERROR: Failed retrieving values required to evaluate condition
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) ERROR: regex failed: Found null in subject at offset 15.
String unsafe for evaluation
(1) ERROR: Failed retrieving values required to evaluate condition
(1) if (&User-Name =~ /\.\./ ) {
(1) ERROR: regex failed: Found null in subject at offset 15.
String unsafe for evaluation
(1) ERROR: Failed retrieving values required to evaluate condition
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(1) ERROR: regex failed: Found null in subject at offset 15.
String unsafe for evaluation
(1) ERROR: Failed retrieving values required to evaluate condition
(1) if (&User-Name =~ /\.$/) {
(1) ERROR: regex failed: Found null in subject at offset 15.
String unsafe for evaluation
(1) ERROR: Failed retrieving values required to evaluate condition
(1) if (&User-Name =~ /@\./) {
(1) ERROR: regex failed: Found null in subject at offset 15.
String unsafe for evaluation
(1) ERROR: Failed retrieving values required to evaluate condition
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) update request {
(1) Operator-Name := "1kazrena.kz"
(1) } # update request = noop
(1) auth_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(1) auth_log: -->
/var/log/freeradius/radacct/89.250.80.136/auth-detail-20190417
(1) auth_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/89.250.80.136/auth-detail-20190417
(1) auth_log: EXPAND %t
(1) auth_log: --> Wed Apr 17 10:11:36 2019
(1) [auth_log] = ok
(1) suffix: Checking for suffix after "@"
(1) suffix: Looking up realm "kazrena.kz" for User-Name = "sake at kazrena.kz"
(1) suffix: Found realm "kazrena.kz"
(1) suffix: Adding Realm = "kazrena.kz"
(1) suffix: Authentication realm is LOCAL
(1) [suffix] = ok
rlm_sql (sql): Reserved connection (1)
rlm_sql (sql): Released connection (1)
(1) [sql] = notfound
(1) eap: Peer sent EAP Response (code 2) ID 0 length 20
(1) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(1) [eap] = ok
(1) } # authorize = ok
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(1) authenticate {
(1) eap: Peer sent packet with method EAP Identity (1)
(1) eap: Calling submodule eap_md5 to process data
(1) eap_md5: Issuing MD5 Challenge
(1) eap: Sending EAP Request (code 1) ID 1 length 22
(1) eap: EAP session adding &reply:State = 0x3afb18fa3afa1cb6
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) Post-Auth-Type sub-section not found. Ignoring.
(1) # Executing group from file /etc/freeradius/sites-enabled/eduroam
(1) Sent Access-Challenge Id 0 from 89.250.80.130:1812 to
89.250.80.136:1117 length 0
(1) EAP-Message = 0x010100160410cc91782bcf8cf2f0b4de0ed50943dc6e
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x3afb18fa3afa1cb6e9d755993b5205d3
(1) Finished request
=======================================================================================
I couldn't understand what's configured wrong. Could you advice me what
to do to fix the problem?
Regards, Talgat Nurlybayev
More information about the Freeradius-Users
mailing list