Hello, At the end of the log file the following statement might ring a bell:
> Cleaning up request 22 ID 11 with timestamp 403a2289 > Sending Access-Reject of id 12 to 192.168.49.252:1225 > Reply-Message += "Password Has Expired\r\n" > Waking up in 4 seconds... Password has expired....? Tom Rixom SecureW2 > -----Original Message----- > From: José Luis Solano [mailto:[EMAIL PROTECTED] > Sent: Monday, February 23, 2004 5:10 PM > To: [EMAIL PROTECTED] > Subject: Re: Alfa&Ariss Client Heeeeeeeeeeeeelp!!!!!!! > > > > Hi all, > > Lionel, Jean-Paul and family I have had the changes and > currently I think I > have the same configuration than Lionel and Jean-Paul, but my > freeradius > don't run with TTLS and LDAP, the freeradius error is the following: > > Note this lines: > rlm_ldap: user 888888888881 authorized to use remote access > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 22 > modcall: group authorize returns updated for request 22 > auth: Failed to validate the user. > > I think the user 888888888881 is authorizated but NOT > authenticate, isn't > it? > > I remember you I use Secure W2 client. (PAP) > > > thanks in advance > > > [EMAIL PROTECTED] /]# rad_recv: Access-Request packet from host > 192.168.49.252:1225, id=10, length=146 > User-Name = "888888888881" > NAS-IP-Address = 192.168.49.252 > NAS-Port = 0 > Called-Station-Id = "00-80-C8-01-01-55" > Calling-Station-Id = "00-0B-46-26-1C-44" > NAS-Identifier = "DWL-1000AP+" > Framed-MTU = 1380 > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x0201001101383838383838383838383831 > Message-Authenticator = 0xf5bdbb8b3ae83b0daec8d12cdaa2ecb3 > modcall: entering group authorize for request 21 > modcall[authorize]: module "preprocess" returns ok for request 21 > modcall[authorize]: module "chap" returns noop for request 21 > modcall[authorize]: module "mschap" returns noop for request 21 > rlm_realm: No '@' in User-Name = "888888888881", looking > up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 21 > rlm_eap: EAP packet type response id 1 length 17 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 21 > users: Matched DEFAULT at 152 > modcall[authorize]: module "files" returns ok for request 21 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for 888888888881 > radius_xlat: '(uid=888888888881)' > radius_xlat: 'ou=Wireless,dc=sgi,dc=es' > ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter > (uid=888888888881) > rlm_ldap: looking for check items in directory... > rlm_ldap: Adding radiusExpiration as Expiration, value 22 & op=21 > rlm_ldap: Adding radiusAuthType as Auth-Type, value EAP & op=21 > rlm_ldap: looking for reply items in directory... > rlm_ldap: user 888888888881 authorized to use remote access > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 21 > modcall: group authorize returns updated for request 21 > auth: Failed to validate the user. > Delaying request 21 for 1 seconds > Finished request 21 > Going to the next request > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Sending Access-Reject of id 10 to 192.168.49.252:1225 > Reply-Message += "Password Has Expired\r\n" > Waking up in 4 seconds... > rad_recv: Access-Request packet from host 192.168.49.252:1225, id=11, > length=146 > User-Name = "888888888881" > NAS-IP-Address = 192.168.49.252 > NAS-Port = 0 > Called-Station-Id = "00-80-C8-01-01-55" > Calling-Station-Id = "00-0B-46-26-1C-44" > NAS-Identifier = "DWL-1000AP+" > Framed-MTU = 1380 > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x0201001101383838383838383838383831 > Message-Authenticator = 0xa2461b4adf3829ef9cc8c9d10cc37033 > modcall: entering group authorize for request 22 > modcall[authorize]: module "preprocess" returns ok for request 22 > modcall[authorize]: module "chap" returns noop for request 22 > modcall[authorize]: module "mschap" returns noop for request 22 > rlm_realm: No '@' in User-Name = "888888888881", looking > up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 22 > rlm_eap: EAP packet type response id 1 length 17 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 22 > users: Matched DEFAULT at 152 > modcall[authorize]: module "files" returns ok for request 22 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for 888888888881 > radius_xlat: '(uid=888888888881)' > radius_xlat: 'ou=Wireless,dc=sgi,dc=es' > ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter > (uid=888888888881) > rlm_ldap: looking for check items in directory... > rlm_ldap: Adding radiusExpiration as Expiration, value 22 & op=21 > rlm_ldap: Adding radiusAuthType as Auth-Type, value EAP & op=21 > rlm_ldap: looking for reply items in directory... > rlm_ldap: user 888888888881 authorized to use remote access > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 22 > modcall: group authorize returns updated for request 22 > auth: Failed to validate the user. > Delaying request 22 for 1 seconds > Finished request 22 > Going to the next request > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Cleaning up request 21 ID 10 with timestamp 403a2284 > Waking up in 1 seconds... > --- Walking the entire request list --- > Sending Access-Reject of id 11 to 192.168.49.252:1225 > Reply-Message += "Password Has Expired\r\n" > Waking up in 4 seconds... > rad_recv: Access-Request packet from host 192.168.49.252:1225, id=12, > length=146 > User-Name = "888888888881" > NAS-IP-Address = 192.168.49.252 > NAS-Port = 0 > Called-Station-Id = "00-80-C8-01-01-55" > Calling-Station-Id = "00-0B-46-26-1C-44" > NAS-Identifier = "DWL-1000AP+" > Framed-MTU = 1380 > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x0201001101383838383838383838383831 > Message-Authenticator = 0xe2a546a1d8596e1437b9d629a2e8a7de > modcall: entering group authorize for request 23 > modcall[authorize]: module "preprocess" returns ok for request 23 > modcall[authorize]: module "chap" returns noop for request 23 > modcall[authorize]: module "mschap" returns noop for request 23 > rlm_realm: No '@' in User-Name = "888888888881", looking > up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 23 > rlm_eap: EAP packet type response id 1 length 17 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 23 > users: Matched DEFAULT at 152 > modcall[authorize]: module "files" returns ok for request 23 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for 888888888881 > radius_xlat: '(uid=888888888881)' > radius_xlat: 'ou=Wireless,dc=sgi,dc=es' > ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter > (uid=888888888881) > rlm_ldap: looking for check items in directory... > rlm_ldap: Adding radiusExpiration as Expiration, value 22 & op=21 > rlm_ldap: Adding radiusAuthType as Auth-Type, value EAP & op=21 > rlm_ldap: looking for reply items in directory... > rlm_ldap: user 888888888881 authorized to use remote access > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 23 > modcall: group authorize returns updated for request 23 > auth: Failed to validate the user. > Delaying request 23 for 1 seconds > Finished request 23 > Going to the next request > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Cleaning up request 22 ID 11 with timestamp 403a2289 > Sending Access-Reject of id 12 to 192.168.49.252:1225 > Reply-Message += "Password Has Expired\r\n" > Waking up in 4 seconds... > --- Walking the entire request list --- > Cleaning up request 23 ID 12 with timestamp 403a228d > Nothing to do. Sleeping until we see a request. > > > > > José Luis Solano > SGI - Soluciones Globales Internet S.A. > Delegación Regional Sur > [EMAIL PROTECTED] > (+34) 954.088.060 > ----- Original Message ----- > From: "José Luis Solano" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, February 23, 2004 4:06 PM > Subject: Re: Alfa&Ariss Client Heeeeeeeeeeeeelp!!!!!!! > > > > Thanks Alan!!! > > > > > > José Luis Solano > > SGI - Soluciones Globales Internet S.A. > > Delegación Regional Sur > > [EMAIL PROTECTED] > > (+34) 954.088.060 > > ----- Original Message ----- > > From: "Alan DeKok" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, February 23, 2004 3:18 PM > > Subject: Re: Alfa&Ariss Client Heeeeeeeeeeeeelp!!!!!!! > > > > > > > =?iso-8859-1?Q?Jos=E9_Luis_Solano?= <[EMAIL PROTECTED]> wrote: > > > > -have you changed anything in dictionary file? > > > > > > Don't edit the dictionary files. 99.99999% of the > time, it's the > > > wrong thing to do. > > > > > > Alan DeKok. > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html