axis audio module and EAP-TLS
Giovanni Venturi
gventuri at nexera.it
Mon Jul 19 15:23:36 CEST 2021
Sorry if you received personally the reply. Thunderbird doesn't reply to
the list by deafult. Sorry. It will never happen again. Sorry.
So it is the camera doesn't send the correct data, I suppose, because I
verifyed each certificate and the id and password. Freeradius replies in
this way:
Mon Jul 19 15:14:29 2021 : Debug: (0) Received Access-Request Id 0 from
192.168.4.248:49156 to 192.168.0.18:1812 length 97
Mon Jul 19 15:14:29 2021 : Debug: (0) NAS-IP-Address = 192.168.4.248
Mon Jul 19 15:14:29 2021 : Debug: (0) NAS-Port-Type = Ethernet
Mon Jul 19 15:14:29 2021 : Debug: (0) NAS-Port = 10
Mon Jul 19 15:14:29 2021 : Debug: (0) User-Name = "user at example.org"
Mon Jul 19 15:14:29 2021 : Debug: (0) EAP-Message =
0x020100150175736572406578616d706c652e6f7267
Mon Jul 19 15:14:29 2021 : Debug: (0) Message-Authenticator =
0x2b6c4a8dea1185bee804dbe0d7645f75
Mon Jul 19 15:14:29 2021 : Debug: (0) session-state: No State attribute
Mon Jul 19 15:14:29 2021 : Debug: (0) # Executing section authorize from
file /etc/raddb/sites-enabled/default
Mon Jul 19 15:14:29 2021 : Debug: (0) authorize {
Mon Jul 19 15:14:29 2021 : Debug: (0) policy filter_username {
Mon Jul 19 15:14:29 2021 : Debug: (0) if (&User-Name) {
Mon Jul 19 15:14:29 2021 : Debug: (0) if (&User-Name) -> TRUE
Mon Jul 19 15:14:29 2021 : Debug: (0) if (&User-Name) {
Mon Jul 19 15:14:29 2021 : Debug: (0) if (&User-Name =~ / /) {
Mon Jul 19 15:14:29 2021 : Debug: No old matches
Mon Jul 19 15:14:29 2021 : Debug: (0) if (&User-Name =~ / /) ->
FALSE
Mon Jul 19 15:14:29 2021 : Debug: (0) if (&User-Name =~
/@[^@]*@/ ) {
Mon Jul 19 15:14:29 2021 : Debug: No old matches
Mon Jul 19 15:14:29 2021 : Debug: (0) if (&User-Name =~
/@[^@]*@/ ) -> FALSE
Mon Jul 19 15:14:29 2021 : Debug: (0) if (&User-Name =~ /\.\./ ) {
Mon Jul 19 15:14:29 2021 : Debug: No old matches
Mon Jul 19 15:14:29 2021 : Debug: (0) if (&User-Name =~ /\.\./
) -> FALSE
Mon Jul 19 15:14:29 2021 : Debug: (0) if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) {
Mon Jul 19 15:14:29 2021 : Debug: No old matches
Mon Jul 19 15:14:29 2021 : Debug: Adding 1 matches
Mon Jul 19 15:14:29 2021 : Debug: Clearing 1 old matches
Mon Jul 19 15:14:29 2021 : Debug: Adding 3 matches
Mon Jul 19 15:14:29 2021 : Debug: (0) if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
Mon Jul 19 15:14:29 2021 : Debug: (0) if (&User-Name =~ /\.$/) {
Mon Jul 19 15:14:29 2021 : Debug: Clearing 3 old matches
Mon Jul 19 15:14:29 2021 : Debug: (0) if (&User-Name =~ /\.$/)
-> FALSE
Mon Jul 19 15:14:29 2021 : Debug: (0) if (&User-Name =~ /@\./) {
Mon Jul 19 15:14:29 2021 : Debug: No old matches
Mon Jul 19 15:14:29 2021 : Debug: (0) if (&User-Name =~ /@\./)
-> FALSE
Mon Jul 19 15:14:29 2021 : Debug: (0) } # if (&User-Name) = notfound
Mon Jul 19 15:14:29 2021 : Debug: (0) } # policy filter_username =
notfound
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: calling
preprocess (rlm_preprocess)
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: returned
from preprocess (rlm_preprocess)
Mon Jul 19 15:14:29 2021 : Debug: (0) [preprocess] = ok
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: calling
auth_log (rlm_detail)
Mon Jul 19 15:14:29 2021 : Debug:
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
Mon Jul 19 15:14:29 2021 : Debug: Parsed xlat tree:
Mon Jul 19 15:14:29 2021 : Debug: literal --> /var/log/radius/radacct/
Mon Jul 19 15:14:29 2021 : Debug: XLAT-IF {
Mon Jul 19 15:14:29 2021 : Debug: attribute --> Packet-Src-IP-Address
Mon Jul 19 15:14:29 2021 : Debug: }
Mon Jul 19 15:14:29 2021 : Debug: XLAT-ELSE {
Mon Jul 19 15:14:29 2021 : Debug: attribute --> Packet-Src-IPv6-Address
Mon Jul 19 15:14:29 2021 : Debug: }
Mon Jul 19 15:14:29 2021 : Debug: literal --> /auth-detail-
Mon Jul 19 15:14:29 2021 : Debug: percent --> Y
Mon Jul 19 15:14:29 2021 : Debug: percent --> m
Mon Jul 19 15:14:29 2021 : Debug: percent --> d
Mon Jul 19 15:14:29 2021 : Debug: (0) auth_log: EXPAND
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
Mon Jul 19 15:14:29 2021 : Debug: (0) auth_log: -->
/var/log/radius/radacct/192.168.4.248/auth-detail-20210719
Mon Jul 19 15:14:29 2021 : Debug: (0) auth_log:
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.4.248/auth-detail-20210719
Mon Jul 19 15:14:29 2021 : Debug: %t
Mon Jul 19 15:14:29 2021 : Debug: Parsed xlat tree:
Mon Jul 19 15:14:29 2021 : Debug: percent --> t
Mon Jul 19 15:14:29 2021 : Debug: (0) auth_log: EXPAND %t
Mon Jul 19 15:14:29 2021 : Debug: (0) auth_log: --> Mon Jul 19
15:14:29 2021
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: returned
from auth_log (rlm_detail)
Mon Jul 19 15:14:29 2021 : Debug: (0) [auth_log] = ok
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: calling
chap (rlm_chap)
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: returned
from chap (rlm_chap)
Mon Jul 19 15:14:29 2021 : Debug: (0) [chap] = noop
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: calling
mschap (rlm_mschap)
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: returned
from mschap (rlm_mschap)
Mon Jul 19 15:14:29 2021 : Debug: (0) [mschap] = noop
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: calling
digest (rlm_digest)
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: returned
from digest (rlm_digest)
Mon Jul 19 15:14:29 2021 : Debug: (0) [digest] = noop
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: calling
suffix (rlm_realm)
Mon Jul 19 15:14:29 2021 : Debug: (0) suffix: Checking for suffix after "@"
Mon Jul 19 15:14:29 2021 : Debug: (0) suffix: Looking up realm
"example.org" for User-Name = "user at example.org"
Mon Jul 19 15:14:29 2021 : Debug: (0) suffix: No such realm "example.org"
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: returned
from suffix (rlm_realm)
Mon Jul 19 15:14:29 2021 : Debug: (0) [suffix] = noop
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: calling
eap (rlm_eap)
Mon Jul 19 15:14:29 2021 : Debug: (0) eap: Peer sent EAP Response (code
2) ID 1 length 21
Mon Jul 19 15:14:29 2021 : Debug: (0) eap: EAP-Identity reply, returning
'ok' so we can short-circuit the rest of authorize
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authorize]: returned
from eap (rlm_eap)
Mon Jul 19 15:14:29 2021 : Debug: (0) [eap] = ok
Mon Jul 19 15:14:29 2021 : Debug: (0) } # authorize = ok
Mon Jul 19 15:14:29 2021 : Debug: (0) Found Auth-Type = eap
Mon Jul 19 15:14:29 2021 : Debug: (0) # Executing group from file
/etc/raddb/sites-enabled/default
Mon Jul 19 15:14:29 2021 : Debug: (0) authenticate {
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authenticate]:
calling eap (rlm_eap)
Mon Jul 19 15:14:29 2021 : Debug: (0) eap: Peer sent packet with method
EAP Identity (1)
Mon Jul 19 15:14:29 2021 : Debug: (0) eap: Calling submodule eap_tls to
process data
Mon Jul 19 15:14:29 2021 : Debug: (0) eap_tls: Initiating new TLS session
Mon Jul 19 15:14:29 2021 : Debug: (0) eap_tls: Setting verify mode to
require certificate from client
Mon Jul 19 15:14:29 2021 : Debug: (0) eap_tls: [eaptls start] = request
Mon Jul 19 15:14:29 2021 : Debug: (0) eap: Sending EAP Request (code 1)
ID 2 length 6
Mon Jul 19 15:14:29 2021 : Debug: (0) eap: EAP session adding
&reply:State = 0x704e25f0704c2894
Mon Jul 19 15:14:29 2021 : Debug: (0) modsingle[authenticate]:
returned from eap (rlm_eap)
Mon Jul 19 15:14:29 2021 : Debug: (0) [eap] = handled
Mon Jul 19 15:14:29 2021 : Debug: (0) } # authenticate = handled
Mon Jul 19 15:14:29 2021 : Debug: (0) Using Post-Auth-Type Challenge
Mon Jul 19 15:14:29 2021 : Debug: (0) # Executing group from file
/etc/raddb/sites-enabled/default
Mon Jul 19 15:14:29 2021 : Debug: (0) Challenge { ... } # empty
sub-section is ignored
Mon Jul 19 15:14:29 2021 : Debug: (0) session-state: Nothing to cache
Mon Jul 19 15:14:29 2021 : Debug: (0) Sent Access-Challenge Id 0 from
192.168.0.18:1812 to 192.168.4.248:49156 length 0
Mon Jul 19 15:14:29 2021 : Debug: (0) EAP-Message = 0x010200060d20
Mon Jul 19 15:14:29 2021 : Debug: (0) Message-Authenticator =
0x00000000000000000000000000000000
Mon Jul 19 15:14:29 2021 : Debug: (0) State =
0x704e25f0704c2894350a7a76741cdfd3
Mon Jul 19 15:14:29 2021 : Debug: (0) Finished request
Mon Jul 19 15:14:29 2021 : Debug: Waking up in 4.9 seconds.
Mon Jul 19 15:14:29 2021 : Debug: (0) Cleaning up request packet ID 0
with timestamp +7
Mon Jul 19 15:14:29 2021 : Debug: (1) Received Access-Request Id 0 from
192.168.4.248:49156 to 192.168.0.18:1812 length 100
Mon Jul 19 15:14:29 2021 : Debug: (1) NAS-IP-Address = 192.168.4.248
Mon Jul 19 15:14:29 2021 : Debug: (1) NAS-Port-Type = Ethernet
Mon Jul 19 15:14:29 2021 : Debug: (1) NAS-Port = 10
Mon Jul 19 15:14:29 2021 : Debug: (1) User-Name = "user at example.org"
Mon Jul 19 15:14:29 2021 : Debug: (1) State =
0x704e25f0704c2894350a7a76741cdfd3
Mon Jul 19 15:14:29 2021 : Debug: (1) EAP-Message = 0x020200060300
Mon Jul 19 15:14:29 2021 : Debug: (1) Message-Authenticator =
0xb56b2484ee97b397f38baefb6a09ecfb
Mon Jul 19 15:14:29 2021 : Debug: (1) session-state: No cached attributes
Mon Jul 19 15:14:29 2021 : Debug: (1) # Executing section authorize from
file /etc/raddb/sites-enabled/default
Mon Jul 19 15:14:29 2021 : Debug: (1) authorize {
Mon Jul 19 15:14:29 2021 : Debug: (1) policy filter_username {
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&User-Name) {
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&User-Name) -> TRUE
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&User-Name) {
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&User-Name =~ / /) {
Mon Jul 19 15:14:29 2021 : Debug: No old matches
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&User-Name =~ / /) ->
FALSE
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&User-Name =~
/@[^@]*@/ ) {
Mon Jul 19 15:14:29 2021 : Debug: No old matches
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&User-Name =~
/@[^@]*@/ ) -> FALSE
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&User-Name =~ /\.\./ ) {
Mon Jul 19 15:14:29 2021 : Debug: No old matches
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&User-Name =~ /\.\./
) -> FALSE
Mon Jul 19 15:14:29 2021 : Debug: (1) if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) {
Mon Jul 19 15:14:29 2021 : Debug: No old matches
Mon Jul 19 15:14:29 2021 : Debug: Adding 1 matches
Mon Jul 19 15:14:29 2021 : Debug: Clearing 1 old matches
Mon Jul 19 15:14:29 2021 : Debug: Adding 3 matches
Mon Jul 19 15:14:29 2021 : Debug: (1) if ((&User-Name =~ /@/) &&
(&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&User-Name =~ /\.$/) {
Mon Jul 19 15:14:29 2021 : Debug: Clearing 3 old matches
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&User-Name =~ /\.$/)
-> FALSE
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&User-Name =~ /@\./) {
Mon Jul 19 15:14:29 2021 : Debug: No old matches
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&User-Name =~ /@\./)
-> FALSE
Mon Jul 19 15:14:29 2021 : Debug: (1) } # if (&User-Name) = notfound
Mon Jul 19 15:14:29 2021 : Debug: (1) } # policy filter_username =
notfound
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: calling
preprocess (rlm_preprocess)
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: returned
from preprocess (rlm_preprocess)
Mon Jul 19 15:14:29 2021 : Debug: (1) [preprocess] = ok
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: calling
auth_log (rlm_detail)
Mon Jul 19 15:14:29 2021 : Debug:
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
Mon Jul 19 15:14:29 2021 : Debug: Parsed xlat tree:
Mon Jul 19 15:14:29 2021 : Debug: literal --> /var/log/radius/radacct/
Mon Jul 19 15:14:29 2021 : Debug: XLAT-IF {
Mon Jul 19 15:14:29 2021 : Debug: attribute --> Packet-Src-IP-Address
Mon Jul 19 15:14:29 2021 : Debug: }
Mon Jul 19 15:14:29 2021 : Debug: XLAT-ELSE {
Mon Jul 19 15:14:29 2021 : Debug: attribute --> Packet-Src-IPv6-Address
Mon Jul 19 15:14:29 2021 : Debug: }
Mon Jul 19 15:14:29 2021 : Debug: literal --> /auth-detail-
Mon Jul 19 15:14:29 2021 : Debug: percent --> Y
Mon Jul 19 15:14:29 2021 : Debug: percent --> m
Mon Jul 19 15:14:29 2021 : Debug: percent --> d
Mon Jul 19 15:14:29 2021 : Debug: (1) auth_log: EXPAND
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
Mon Jul 19 15:14:29 2021 : Debug: (1) auth_log: -->
/var/log/radius/radacct/192.168.4.248/auth-detail-20210719
Mon Jul 19 15:14:29 2021 : Debug: (1) auth_log:
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.4.248/auth-detail-20210719
Mon Jul 19 15:14:29 2021 : Debug: %t
Mon Jul 19 15:14:29 2021 : Debug: Parsed xlat tree:
Mon Jul 19 15:14:29 2021 : Debug: percent --> t
Mon Jul 19 15:14:29 2021 : Debug: (1) auth_log: EXPAND %t
Mon Jul 19 15:14:29 2021 : Debug: (1) auth_log: --> Mon Jul 19
15:14:29 2021
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: returned
from auth_log (rlm_detail)
Mon Jul 19 15:14:29 2021 : Debug: (1) [auth_log] = ok
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: calling
chap (rlm_chap)
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: returned
from chap (rlm_chap)
Mon Jul 19 15:14:29 2021 : Debug: (1) [chap] = noop
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: calling
mschap (rlm_mschap)
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: returned
from mschap (rlm_mschap)
Mon Jul 19 15:14:29 2021 : Debug: (1) [mschap] = noop
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: calling
digest (rlm_digest)
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: returned
from digest (rlm_digest)
Mon Jul 19 15:14:29 2021 : Debug: (1) [digest] = noop
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: calling
suffix (rlm_realm)
Mon Jul 19 15:14:29 2021 : Debug: (1) suffix: Checking for suffix after "@"
Mon Jul 19 15:14:29 2021 : Debug: (1) suffix: Looking up realm
"example.org" for User-Name = "user at example.org"
Mon Jul 19 15:14:29 2021 : Debug: (1) suffix: No such realm "example.org"
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: returned
from suffix (rlm_realm)
Mon Jul 19 15:14:29 2021 : Debug: (1) [suffix] = noop
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: calling
eap (rlm_eap)
Mon Jul 19 15:14:29 2021 : Debug: (1) eap: Peer sent EAP Response (code
2) ID 2 length 6
Mon Jul 19 15:14:29 2021 : Debug: (1) eap: No EAP Start, assuming it's
an on-going EAP conversation
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: returned
from eap (rlm_eap)
Mon Jul 19 15:14:29 2021 : Debug: (1) [eap] = updated
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: calling
files (rlm_files)
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: returned
from files (rlm_files)
Mon Jul 19 15:14:29 2021 : Debug: (1) [files] = noop
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: calling
expiration (rlm_expiration)
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: returned
from expiration (rlm_expiration)
Mon Jul 19 15:14:29 2021 : Debug: (1) [expiration] = noop
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: calling
logintime (rlm_logintime)
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: returned
from logintime (rlm_logintime)
Mon Jul 19 15:14:29 2021 : Debug: (1) [logintime] = noop
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: calling
pap (rlm_pap)
Mon Jul 19 15:14:29 2021 : Debug: Not doing PAP as Auth-Type is already
set.
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authorize]: returned
from pap (rlm_pap)
Mon Jul 19 15:14:29 2021 : Debug: (1) [pap] = noop
Mon Jul 19 15:14:29 2021 : Debug: (1) } # authorize = updated
Mon Jul 19 15:14:29 2021 : Debug: (1) Found Auth-Type = eap
Mon Jul 19 15:14:29 2021 : Debug: (1) # Executing group from file
/etc/raddb/sites-enabled/default
Mon Jul 19 15:14:29 2021 : Debug: (1) authenticate {
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authenticate]:
calling eap (rlm_eap)
Mon Jul 19 15:14:29 2021 : Debug: (1) eap: Expiring EAP session with
state 0x704e25f0704c2894
Mon Jul 19 15:14:29 2021 : Debug: (1) eap: Finished EAP session with
state 0x704e25f0704c2894
Mon Jul 19 15:14:29 2021 : Debug: (1) eap: Previous EAP request found
for state 0x704e25f0704c2894, released from the list
Mon Jul 19 15:14:29 2021 : Debug: (1) eap: Peer sent packet with method
EAP NAK (3)
Mon Jul 19 15:14:29 2021 : Debug: (1) eap: Peer NAK'd indicating it is
not willing to continue
Mon Jul 19 15:14:29 2021 : Debug: (1) eap: Sending EAP Failure (code 4)
ID 2 length 4
Mon Jul 19 15:14:29 2021 : Debug: (1) eap: Failed in EAP select
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[authenticate]:
returned from eap (rlm_eap)
Mon Jul 19 15:14:29 2021 : Debug: (1) [eap] = invalid
Mon Jul 19 15:14:29 2021 : Debug: (1) } # authenticate = invalid
Mon Jul 19 15:14:29 2021 : Debug: (1) Failed to authenticate the user
Mon Jul 19 15:14:29 2021 : Debug: (1) Using Post-Auth-Type Reject
Mon Jul 19 15:14:29 2021 : Debug: (1) # Executing group from file
/etc/raddb/sites-enabled/default
Mon Jul 19 15:14:29 2021 : Debug: (1) Post-Auth-Type REJECT {
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter)
Mon Jul 19 15:14:29 2021 : Debug: %{User-Name}
Mon Jul 19 15:14:29 2021 : Debug: Parsed xlat tree:
Mon Jul 19 15:14:29 2021 : Debug: attribute --> User-Name
Mon Jul 19 15:14:29 2021 : Debug: (1) attr_filter.access_reject: EXPAND
%{User-Name}
Mon Jul 19 15:14:29 2021 : Debug: (1) attr_filter.access_reject: -->
user at example.org
Mon Jul 19 15:14:29 2021 : Debug: (1) attr_filter.access_reject: Matched
entry DEFAULT at line 11
Mon Jul 19 15:14:29 2021 : Debug: (1) attr_filter.access_reject:
EAP-Message = 0x04020004 allowed by EAP-Message =* 0x
Mon Jul 19 15:14:29 2021 : Debug: (1) attr_filter.access_reject:
Attribute "EAP-Message" allowed by 1 rules, disallowed by 0 rules
Mon Jul 19 15:14:29 2021 : Debug: (1) attr_filter.access_reject:
Message-Authenticator = 0x00000000000000000000000000000000 allowed by
Message-Authenticator =* 0x
Mon Jul 19 15:14:29 2021 : Debug: (1) attr_filter.access_reject:
Attribute "Message-Authenticator" allowed by 1 rules, disallowed by 0 rules
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[post-auth]: returned
from attr_filter.access_reject (rlm_attr_filter)
Mon Jul 19 15:14:29 2021 : Debug: (1) [attr_filter.access_reject] = updated
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[post-auth]: calling
eap (rlm_eap)
Mon Jul 19 15:14:29 2021 : Debug: (1) eap: Reply already contained an
EAP-Message, not inserting EAP-Failure
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[post-auth]: returned
from eap (rlm_eap)
Mon Jul 19 15:14:29 2021 : Debug: (1) [eap] = noop
Mon Jul 19 15:14:29 2021 : Debug: (1) policy
remove_reply_message_if_eap {
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&reply:EAP-Message &&
&reply:Reply-Message) {
Mon Jul 19 15:14:29 2021 : Debug: (1) if (&reply:EAP-Message &&
&reply:Reply-Message) -> FALSE
Mon Jul 19 15:14:29 2021 : Debug: (1) else {
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[post-auth]: calling noop
(rlm_always)
Mon Jul 19 15:14:29 2021 : Debug: (1) modsingle[post-auth]: returned
from noop (rlm_always)
Mon Jul 19 15:14:29 2021 : Debug: (1) [noop] = noop
Mon Jul 19 15:14:29 2021 : Debug: (1) } # else = noop
Mon Jul 19 15:14:29 2021 : Debug: (1) } # policy
remove_reply_message_if_eap = noop
Mon Jul 19 15:14:29 2021 : Debug: (1) } # Post-Auth-Type REJECT = updated
Mon Jul 19 15:14:29 2021 : Auth: (1) Login incorrect: [user at example.org]
(from client axis_switch port 10)
Mon Jul 19 15:14:29 2021 : Debug: (1) Delaying response for 1.000000
seconds
Mon Jul 19 15:14:29 2021 : Debug: Waking up in 0.3 seconds.
Mon Jul 19 15:14:29 2021 : Debug: Waking up in 0.6 seconds.
Mon Jul 19 15:14:30 2021 : Debug: (1) Sending delayed response
Mon Jul 19 15:14:30 2021 : Debug: (1) Sent Access-Reject Id 0 from
192.168.0.18:1812 to 192.168.4.248:49156 length 44
Mon Jul 19 15:14:30 2021 : Debug: (1) EAP-Message = 0x04020004
Mon Jul 19 15:14:30 2021 : Debug: (1) Message-Authenticator =
0x00000000000000000000000000000000
Mon Jul 19 15:14:30 2021 : Debug: Waking up in 3.9 seconds.
Mon Jul 19 15:14:34 2021 : Debug: (1) Cleaning up request packet ID 0
with timestamp +7
Mon Jul 19 15:14:34 2021 : Info: Ready to process requests
Il 19/07/21 14:02, Alan DeKok ha scritto:
> On Jul 19, 2021, at 3:42 AM, Giovanni Venturi <gventuri at nexera.it> wrote:
>> And I'm a bit confused how to configure it to make it work with an AXIS P8221 I/O Audio Module.
> The screen shot you posted shows EAP-TLS. Which doesn't use passwords like YEAP.
>
>> In the section 802.1X I uploaded the certificate I geneated with freeradius Makefile from the directory /etc/raddb/certs/
>>
>> I uploaded the CA certificate and the clients one and client ons plus the key.
> Then it should work.
>
>> But when I have to set the EAPOL version, EAP identity and password I don't know what specify and how to configure freeradius to match that parametes.
> The EAP identity should be the "common name" from the certificate.
>
> The password is the password for the client certificate private key. See the client.cnf file for examples.
>
>> Can someone help me?
>>
>> I tryed to configure a simply user with a password into /etc/raddb/mods-config/files/authorize :
>>
>> testing Cleartext-Password := "password"
> That won't work for EAP-TLS.
>
>> And using a freeradius client from an ArchLinux client it works doing command line call.
> Which isn't using EAP-TLS. Read the debug output to see.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Giovanni Venturi
Nexera S.p.A.
Centro Direzionale, IS/A3
80143 - Napoli
Tel. +39.081.5625868
Fax. +39.081.5625135
e-mail: gventuri at nexera.it
web: http://www.nexera.it
More information about the Freeradius-Users
mailing list