Hi, Davies , Thanks for your Help, I have another
question.
> >2. At the second stage we will implement a PKI and
> >we'll use EAP-TLS and my doubt is about
> > LDAP data base and simultaneous-use, for example
> >with EAP-PEAP I add the next lines to users file :
> >
> >.......
> >DEFAULT Ldap-Group == group1,
> Simultaneous-Use
> >:= 1
> > Aruba-User-Role = "ESTUDIANTE",
> >
> >DEFAULT Ldap-Group == group2,
> Simultaneous-Use
> >:= 1
> > Aruba-User-Role = "PROFESORES",
> >DEFAULT ....
> >.....
> >
> >And work perfectly, But what happen if we use
> EAP-TLS
> >--> client certificates, exists any way to obtain
> the
> >same results?
>
> If you are providing each client with a certificate
> signed by your CA and the RADIUS servers both have
> the certificate of the root CA, then they'll be able
> to authenticate the clients based on the signature
> of the root CA. LDAP is used for authorization
> anyway so you'll use that independently based on the
> username in the certificate CN.
>
> >,if it is affirmative, how can I do it (some
> >references, howto's)
> >!!because when I use EAP-TLS I don't need to add
> >nothing at users file nor in LDAP data base!!.
>
> You can add authorization in the LDAP database. It
> is not used (by EAP-TLS or PEAP/MS-CHAPv2) for
> authentication. Note, if you're using
> PEAP/MS-CHAPv2 and LDAP and you want to store the
> password in the LDAP database, it *must* be in plain
> text.
>
Here my doubt:
I am using EAP-TLS
I generated a client Certificate with CN "redes"
then I add at LDAP database a user with these
atributes
cn: redes
uid: redes
radiusGroupName: academicos
..others Attributes
but without userpassword
and in the users file i add:
DEFAULT Ldap-Group == academicos,
Simultaneous-Use := 1
Aruba-User-Role = "STAFF",
A user with client certificate can access at Wireless
network and get the Role STAFF perfectly, but the
process of authentication and authorization seems like
very very redundant, is normal that?. I attach the
file of process auth.
thanks
Alfonso Celestino
DGSCA,UNAM
___________________________________________________________
Do You Yahoo!?
La mejor conexión a Internet y <b >2GB</b> extra a tu correo por $100 al mes.
http://net.yahoo.com.mx
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/radius/etc/raddb/proxy.conf
Config: including file: /usr/local/radius/etc/raddb/clients.conf
Config: including file: /usr/local/radius/etc/raddb/snmp.conf
Config: including file: /usr/local/radius/etc/raddb/eap.conf
Config: including file: /usr/local/radius/etc/raddb/sql.conf
main: prefix = "/usr/local/radius"
main: localstatedir = "/usr/local/radius/var"
main: logdir = "/usr/local/radius/var/log/radius"
main: libdir = "/usr/local/radius/lib"
main: radacctdir = "/usr/local/radius/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/radius/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/radius/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/radius/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/radius/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded LDAP
ldap: server = "127.0.0.1"
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = "cn=Manager,dc=unam,dc=edu"
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = "(null)"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "demand"
ldap: password = "wireless"
ldap: basedn = "ou=radius,ou=wireless,dc=unam,dc=edu"
ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
ldap: base_filter = "(objectclass=radiusprofile)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "userPassword"
ldap: access_attr = "(null)"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "radiusGroupName"
ldap: dictionary_mapping = "/usr/local/radius/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file
/usr/local/radius/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP userPassword mapped to RADIUS User-Password
rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP lmPassword mapped to RADIUS User-Password
rlm_ldap: LDAP sambaNTPassword mapped to RADIUS User-Password
rlm_ldap: LDAP sambaLMPassword mapped to RADIUS User-Password
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS
Tunnel-Private-Group-Id
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
conns: 0x8151670
Module: Instantiated ldap (ldap)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/radius/etc/raddb/certs/debian.pem"
tls: certificate_file = "/usr/local/radius/etc/raddb/certs/debian.pem"
tls: CA_file = "/usr/local/radius/etc/raddb/certs/root.pem"
tls: private_key_password = "wireless"
tls: dh_file = "/usr/local/radius/etc/raddb/certs/dh"
tls: random_file = "/usr/local/radius/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/radius/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/radius/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/radius/etc/raddb/users"
files: acctusersfile = "/usr/local/radius/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/radius/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/radius/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 132.247.5.5:32774, id=106, length=141
User-Name = "redes"
NAS-IP-Address = 0.0.0.2
NAS-Port = 1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "009096CAB7A8"
Called-Station-Id = "000B86505910"
Framed-MTU = 1100
Aruba-Attr-5 = 0x5245442052495520575041
Aruba-Attr-6 = 0x322e322e32
EAP-Message = 0x0202000a017265646573
Message-Authenticator = 0x5ada1c8b02a10464da8c8d8d87e5d9c1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "redes", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 2 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
radius_xlat: '(uid=redes)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 127.0.0.1:389, authentication 0
rlm_ldap: setting TLS Require Cert to demand
rlm_ldap: bind as cn=Manager,dc=unam,dc=edu/wireless to 127.0.0.1:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter (uid=redes)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat:
'(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter
(&(cn=estudiantes)(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu,
with filter (objectclass=*)
rlm_ldap::groupcmp: Group estudiantes not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
radius_xlat:
'(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter
(&(cn=academicos)(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu,
with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group academicos
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 86
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for redes
radius_xlat: '(uid=redes)'
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter (uid=redes)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user redes authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 106 to 132.247.5.5:32774
Aruba-User-Role = "STAFF"
EAP-Message = 0x010300060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x25d6b8a20767377acb0ffbc1a7a29b36
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 132.247.5.5:32774, id=107, length=261
User-Name = "redes"
NAS-IP-Address = 0.0.0.2
NAS-Port = 1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "009096CAB7A8"
Called-Station-Id = "000B86505910"
Framed-MTU = 1100
Aruba-Attr-5 = 0x5245442052495520575041
Aruba-Attr-6 = 0x322e322e32
EAP-Message =
0x020300700d800000006616030100610100005d030143206dbb5aed21f70f06aafb21dd46d636e3fac64c999c587d802ac64065ab7f207d2e48477731227420624570f19a1719e284423a890a7a385251897542e0389f001600040005000a000900640062000300060013001200630100
State = 0x25d6b8a20767377acb0ffbc1a7a29b36
Message-Authenticator = 0x784bfd3414dfc21d6d5b5ce847ea72de
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "redes", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 3 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
radius_xlat: '(uid=redes)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter (uid=redes)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat:
'(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter
(&(cn=estudiantes)(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu,
with filter (objectclass=*)
rlm_ldap::groupcmp: Group estudiantes not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
radius_xlat:
'(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter
(&(cn=academicos)(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu,
with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group academicos
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 86
modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for redes
radius_xlat: '(uid=redes)'
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter (uid=redes)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user redes authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 04cd], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004e], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 107 to 132.247.5.5:32774
Aruba-User-Role = "STAFF"
EAP-Message =
0x0104040a0dc000000574160301004a02000046030143202584793bad2ba9deaa4139eb837d8766c67fcaadeb6fdd16fc837f0c5fc0206e825b0815296746bad63cb44e430cfa58ff7e7ea5be5af142619be77473ae6600040016030104cd0b0004c90004c60002243082022030820189a00302010202090093b87029cad3f564300d06092a864886f70d0101040500303d310b3009060355040613024d58310f300d060355040813064d657869636f310d300b06035504071304554e414d310e300c060355040a13054447534341301e170d3035303631303131353834385a170d3036303631303131353834385a304e310b3009060355040613024d58
EAP-Message =
0x310f300d060355040813064d657869636f310d300b06035504071304554e414d310e300c060355040a13054447534341310f300d0603550403130664656269616e30819f300d06092a864886f70d010101050003818d0030818902818100b7b3c461215442e3f9963cafca07f041ba1ebb7082a29405ebb463f2d49bdcc29cfdb431dbf99f7ca0ef4d1d817e167b9345ab46927185b659a2ec26f850bd6ee8589f6a14b8da41de9103b16abdcfdf9e0129205a4a697ad195c9578e8797f490299497b82290c6946bb762318afe02173129bfad3baa7d971d2105bc22309b0203010001a317301530130603551d25040c300a06082b0601050507030130
EAP-Message =
0x0d06092a864886f70d010104050003818100b640efb1a515cf3f5c0c57b5267fc69953df70f06c3ed48d13648d173cbbe599f95081224ac53a8d8bd34221d660e1df52f3614f7b6fb235596f431cbda8022ebbb8fc84bb5b3e997b69de4fd9818260a9a216e2b178f2412c7b7b3ab8aef26b2c77728c63869176d947c80dd92d5751fcfd57105962f91491a99694988ab2d900029c3082029830820201a00302010202090093b87029cad3f563300d06092a864886f70d0101040500303d310b3009060355040613024d58310f300d060355040813064d657869636f310d300b06035504071304554e414d310e300c060355040a13054447534341301e
EAP-Message =
0x170d3035303631303131353831355a170d3037303631303131353831355a303d310b3009060355040613024d58310f300d060355040813064d657869636f310d300b06035504071304554e414d310e300c060355040a1305444753434130819f300d06092a864886f70d010101050003818d0030818902818100d7744ce1443f6723a45bac9cb3d4aa59d1eca069f1c263b5d636a50e4f5f0482ffac89f8fee1f564b1f3ad96b378ac9a69677d8b4e8dd85159474fe54f24df8c455006364d8367dedfe395d60423b7bad349ec5470c40919d6d4a881c7c385e5891f0b492e618d069c2950f56621cce843a520493f6310151a2b17b19a54ef61020301
EAP-Message = 0x0001a3819f30819c301d0603551d0e041604146364c7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3f83e0a1d212a5a017cd01133113c246
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 132.247.5.5:32774, id=108, length=155
User-Name = "redes"
NAS-IP-Address = 0.0.0.2
NAS-Port = 1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "009096CAB7A8"
Called-Station-Id = "000B86505910"
Framed-MTU = 1100
Aruba-Attr-5 = 0x5245442052495520575041
Aruba-Attr-6 = 0x322e322e32
EAP-Message = 0x020400060d00
State = 0x3f83e0a1d212a5a017cd01133113c246
Message-Authenticator = 0x759ff9a1a7ac94babf136046ebbabafb
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "redes", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
radius_xlat: '(uid=redes)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter (uid=redes)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat:
'(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter
(&(cn=estudiantes)(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu,
with filter (objectclass=*)
rlm_ldap::groupcmp: Group estudiantes not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
radius_xlat:
'(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter
(&(cn=academicos)(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu,
with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group academicos
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 86
modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for redes
radius_xlat: '(uid=redes)'
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter (uid=redes)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user redes authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 108 to 132.247.5.5:32774
Aruba-User-Role = "STAFF"
EAP-Message =
0x0105017e0d8000000574b37ee8cf8b6e44e22ade7efe3c32b24552306d0603551d230466306480146364c7b37ee8cf8b6e44e22ade7efe3c32b24552a141a43f303d310b3009060355040613024d58310f300d060355040813064d657869636f310d300b06035504071304554e414d310e300c060355040a1305444753434182090093b87029cad3f563300c0603551d13040530030101ff300d06092a864886f70d0101040500038181007e3df292357416c6bf2a5dcdc645ef078847a81a9a775cef9046130ef749795a81fdfb154d1d7e65dd00e498185cd1094f7825b4b03b9fba536f1f15dcb04902fb5f8cad6b3869f4602f79ad9a332e408b4a
EAP-Message =
0xd94a62e6b7f19d72f2eaa9ba20fcf8be501fb1f366bc51b2b1b6e32d0d4d1aa1cbaaf0c3f91ab308f8d516c5e078160301004e0d0000460201020041003f303d310b3009060355040613024d58310f300d060355040813064d657869636f310d300b06035504071304554e414d310e300c060355040a130544475343410e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x69eea4eb3faf79920095e1488c34cc59
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 132.247.5.5:32774, id=109, length=1038
User-Name = "redes"
NAS-IP-Address = 0.0.0.2
NAS-Port = 1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "009096CAB7A8"
Called-Station-Id = "000B86505910"
Framed-MTU = 1100
Aruba-Attr-5 = 0x5245442052495520575041
Aruba-Attr-6 = 0x322e322e32
EAP-Message =
0x020503730d800000036916030103390b0002290002260002233082021f30820188a00302010202090093b87029cad3f566300d06092a864886f70d0101040500303d310b3009060355040613024d58310f300d060355040813064d657869636f310d300b06035504071304554e414d310e300c060355040a13054447534341301e170d3035303631303133353735365a170d3036303631303133353735365a304d310b3009060355040613024d58310f300d060355040813064d657869636f310d300b06035504071304554e414d310e300c060355040a13054447534341310e300c06035504031305726564657330819f300d06092a864886f70d0101
EAP-Message =
0x01050003818d0030818902818100d6ad8762f5514c0031dbe9e83f65d82e9df7c4f437b9c374f7837b1668bb2c7f9de314c02f8bd328fd66139bcd5fcff7cb05cf0088c0a588f77dc6ee4f11473f57bdbdf091759898e1d31755e73c1ae92965860d9018c1b3c305526a051ef4d64c8f2b6df2f056c8cb196d3cb56d140e591363da76a7dac66a859a0ca559894b0203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d0101040500038181001779f403ff40ea4fb19999feb74bcfe0855312f52e097116291e38ba3a551f1c8c05795fdc4b702b15382f2eecde157c6a5ca029bf113c916369f3e12595
EAP-Message =
0xde4635caa4b878867c012f7aeff4c44c6252a83f205d8e74fdaad6e050989389733c0b057841cdf820e8185de295c89d0db3f20b302cb5cf21ff005ee856fb47286d10000082008057eca81bd6d3b7e256ab3f145a78f4e570cb891ff4014f5a1d0b26ec1cf8eea3ed4814da73684d74a41fbda3b8ce392ea202cad054c0b2896a5b51e33d3f0384f29509868a718713db8ec503ea5cad6ec27d4e20c73f64cffcc6df9dc39dae7254742c20e48f42c8fb13e0c28f167fbc712f19ce4acee8d32eae885b8c0eae920f000082008097eb9e8e1a62439575f6838d5165d0060f65978264c0509accebf3ae82caea2204504a2ec89eb76903949230235725
EAP-Message =
0xdcfa517a12bcda70054d1e19d48821886c639014fd281df1389701c6ab5ac730aa862d0142691924f33be1406ee930807209a83a0e878b56c24c9204444a9a10f48eb3f5cbc8ecc540b37468c1450181741403010001011603010020b6995c73c4f290ae47710b9c191fa523f85d939bd7524fffd569cf63f0cfbac1
State = 0x69eea4eb3faf79920095e1488c34cc59
Message-Authenticator = 0x6e08234b46740def26b1184f6a865099
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "redes", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 5 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
radius_xlat: '(uid=redes)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter (uid=redes)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat:
'(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter
(&(cn=estudiantes)(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu,
with filter (objectclass=*)
rlm_ldap::groupcmp: Group estudiantes not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
radius_xlat:
'(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter
(&(cn=academicos)(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu,
with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group academicos
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 86
modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for redes
radius_xlat: '(uid=redes)'
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter (uid=redes)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user redes authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 022d], Certificate
chain-depth=1,
error=0
--> User-Name = redes
--> BUF-Name =
--> subject = /C=MX/ST=Mexico/L=UNAM/O=DGSCA
--> issuer = /C=MX/ST=Mexico/L=UNAM/O=DGSCA
--> verify return:1
chain-depth=0,
error=0
--> User-Name = redes
--> BUF-Name = redes
--> subject = /C=MX/ST=Mexico/L=UNAM/O=DGSCA/CN=redes
--> issuer = /C=MX/ST=Mexico/L=UNAM/O=DGSCA
--> verify return:1
TLS_accept: SSLv3 read client certificate A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
TLS_accept: SSLv3 read certificate verify A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 109 to 132.247.5.5:32774
Aruba-User-Role = "STAFF"
EAP-Message =
0x010600350d800000002b1403010001011603010020c05d9bbaac634d1fd4e95b36d89ddec0de80ca4032e00b95718c770458a563b4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb2b72ba36bcc3e8981be0a3caa46fbb0
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 132.247.5.5:32774, id=110, length=155
User-Name = "redes"
NAS-IP-Address = 0.0.0.2
NAS-Port = 1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "009096CAB7A8"
Called-Station-Id = "000B86505910"
Framed-MTU = 1100
Aruba-Attr-5 = 0x5245442052495520575041
Aruba-Attr-6 = 0x322e322e32
EAP-Message = 0x020600060d00
State = 0xb2b72ba36bcc3e8981be0a3caa46fbb0
Message-Authenticator = 0x79d9cedd9c3fe2ff0b50f04f4c5ec55e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "redes", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
radius_xlat: '(uid=redes)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter (uid=redes)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat:
'(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter
(&(cn=estudiantes)(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu,
with filter (objectclass=*)
rlm_ldap::groupcmp: Group estudiantes not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
radius_xlat:
'(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter
(&(cn=academicos)(|(&(objectClass=GroupOfNames)(member=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=redes,ou=radius,ou=wireless,dc=unam,dc=edu,
with filter (objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group academicos
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 86
modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for redes
radius_xlat: '(uid=redes)'
radius_xlat: 'ou=radius,ou=wireless,dc=unam,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=radius,ou=wireless,dc=unam,dc=edu, with
filter (uid=redes)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user redes authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 4
modcall: group authenticate returns ok for request 4
Sending Access-Accept of id 110 to 132.247.5.5:32774
Aruba-User-Role = "STAFF"
MS-MPPE-Recv-Key =
0x1f1ef4edaf299c903874a51aaa482b168944eb08012d804a3dc1493c689906ca
MS-MPPE-Send-Key =
0x9a640c39c1a4ef4ef8ca6bfccc170af00e00f7cdc39e1b40b0698a6505d18071
EAP-Message = 0x03060004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "redes"
Finished request 4
Going to the next request
Waking up in 5 seconds...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
