I posted the question to the forum. Thank you for your help.
SecureW2 (List) wrote: > > tevfik, > > Post the question in the SecureW2 forum, www.securew2.com/forum/. I will > get back to you via the forum. > > Regards, > > Tom > > tevfik schreef: >>> did you configure SecureW2 to allow new connections? >>> >> >> Yes i tried both combinations, nothing is changed. >> >> In addition to this when I enter correct username but wrong password, I >> got >> similar debug log which i lised below. >> >> I wasn't able to see any problem with ldap configuration because it works >> with radtest command. (That is when i entered correct usrname but wrong >> password, I got Access-Rejected message. When both of them was true, I >> got >> Access-Accepted) >> >> Is there a problem with my ldap configuration. Is there any weird message >> in >> my debug log? >> >> I am dealing with this thing about 20 days. Could anybody tell me whats >> wrong with it? >> >> Thanks in advance: >> >> My full debug log: (username was entered true, password was entered false >> ) >> ------------------------------------------------------------------------------------------------- >> ldap:~ # radiusd -X -A >> Starting - reading configuration files ... >> reread_config: reading radiusd.conf >> Config: including file: /etc/raddb/proxy.conf >> Config: including file: /etc/raddb/clients.conf >> Config: including file: /etc/raddb/snmp.conf >> Config: including file: /etc/raddb/eap.conf >> Config: including file: /etc/raddb/sql.conf >> main: prefix = "/usr" >> main: localstatedir = "/var" >> main: logdir = "/var/log/radius" >> main: libdir = "/usr/lib/freeradius" >> main: radacctdir = "/var/log/radius/radacct" >> main: hostname_lookups = no >> main: max_request_time = 30 >> main: cleanup_delay = 5 >> main: max_requests = 1024 >> main: delete_blocked_requests = 0 >> main: port = 0 >> main: allow_core_dumps = no >> main: log_stripped_names = no >> main: log_file = "/var/log/radius/radius.log" >> main: log_auth = no >> main: log_auth_badpass = no >> main: log_auth_goodpass = no >> main: pidfile = "/var/run/radiusd/radiusd.pid" >> main: user = "radiusd" >> main: group = "radiusd" >> main: usercollide = no >> main: lower_user = "no" >> main: lower_pass = "no" >> main: nospace_user = "no" >> main: nospace_pass = "no" >> main: checkrad = "/usr/sbin/checkrad" >> main: proxy_requests = yes >> proxy: retry_delay = 5 >> proxy: retry_count = 3 >> proxy: synchronous = no >> proxy: default_fallback = yes >> proxy: dead_time = 120 >> proxy: post_proxy_authorize = no >> proxy: wake_all_if_all_dead = no >> security: max_attributes = 200 >> security: reject_delay = 1 >> security: status_server = no >> main: debug_level = 0 >> read_config_files: reading dictionary >> read_config_files: reading naslist >> read_config_files: reading clients >> read_config_files: reading realms >> radiusd: entering modules setup >> Module: Library search path is /usr/lib/freeradius >> Module: Loaded exec >> exec: wait = yes >> exec: program = "(null)" >> exec: input_pairs = "request" >> exec: output_pairs = "(null)" >> exec: packet_type = "(null)" >> rlm_exec: Wait=yes but no output defined. Did you mean output=none? >> Module: Instantiated exec (exec) >> Module: Loaded expr >> Module: Instantiated expr (expr) >> Module: Loaded PAP >> pap: encryption_scheme = "crypt" >> Module: Instantiated pap (pap) >> Module: Loaded CHAP >> Module: Instantiated chap (chap) >> Module: Loaded MS-CHAP >> mschap: use_mppe = yes >> mschap: require_encryption = no >> mschap: require_strong = no >> mschap: with_ntdomain_hack = no >> mschap: passwd = "(null)" >> mschap: authtype = "MS-CHAP" >> mschap: ntlm_auth = "(null)" >> Module: Instantiated mschap (mschap) >> Module: Loaded System >> unix: cache = no >> unix: passwd = "(null)" >> unix: shadow = "(null)" >> unix: group = "(null)" >> unix: radwtmp = "/var/log/radius/radwtmp" >> unix: usegroup = no >> unix: cache_reload = 600 >> Module: Instantiated unix (unix) >> Module: Loaded LDAP >> ldap: server = "ldap.anadolu.edu.tr" >> ldap: port = 389 >> ldap: net_timeout = 1 >> ldap: timeout = 4 >> ldap: timelimit = 3 >> ldap: identity = "" >> ldap: tls_mode = no >> ldap: start_tls = no >> ldap: tls_cacertfile = "(null)" >> ldap: tls_cacertdir = "(null)" >> ldap: tls_certfile = "(null)" >> ldap: tls_keyfile = "(null)" >> ldap: tls_randfile = "(null)" >> ldap: tls_require_cert = "allow" >> ldap: password = "" >> ldap: basedn = "ou=people,dc=anadolu,dc=edu,dc=tr" >> ldap: filter = "(uid=%u)" >> ldap: base_filter = "(objectclass=radiusprofile)" >> ldap: default_profile = "(null)" >> ldap: profile_attribute = "(null)" >> ldap: password_header = "(null)" >> ldap: password_attribute = "(null)" >> ldap: access_attr = "(null)" >> ldap: groupname_attribute = "cn" >> ldap: groupmembership_filter = >> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" >> ldap: groupmembership_attribute = "(null)" >> ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap" >> ldap: ldap_debug = 0 >> ldap: ldap_connections_number = 5 >> ldap: compare_check_items = no >> ldap: access_attr_used_for_allow = yes >> ldap: do_xlat = yes >> ldap: edir_account_policy_check = yes >> ldap: set_auth_type = yes >> rlm_ldap: Registering ldap_groupcmp for Ldap-Group >> rlm_ldap: Creating new attribute ldap_1x-Ldap-Group >> rlm_ldap: Registering ldap_groupcmp for ldap_1x-Ldap-Group >> rlm_ldap: Registering ldap_xlat with xlat_name ldap_1x >> rlm_ldap: Over-riding set_auth_type, as we're not listed in the >> "authenticate" section. >> rlm_ldap: reading ldap<->radius mappings from file >> /etc/raddb/ldap.attrmap >> rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ >> rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ >> rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type >> rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use >> rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id >> rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id >> rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password >> rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password >> rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT >> rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration >> rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type >> rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol >> rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address >> rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask >> rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route >> rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing >> rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id >> rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU >> rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS >> Framed-Compression >> rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host >> rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service >> rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port >> rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number >> rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id >> rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network >> rlm_ldap: LDAP radiusClass mapped to RADIUS Class >> rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout >> rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout >> rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS >> Termination-Action >> rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service >> rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node >> rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group >> rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS >> Framed-AppleTalk-Link >> rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS >> Framed-AppleTalk-Network >> rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS >> Framed-AppleTalk-Zone >> rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit >> rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port >> conns: 0x800d0420 >> Module: Instantiated ldap (ldap_1x) >> Module: Loaded eap >> eap: default_eap_type = "ttls" >> eap: timer_expire = 60 >> eap: ignore_unknown_eap_types = no >> eap: cisco_accounting_username_bug = no >> rlm_eap: Loaded and initialized type md5 >> rlm_eap: Loaded and initialized type leap >> gtc: challenge = "Password: " >> gtc: auth_type = "PAP" >> rlm_eap: Loaded and initialized type gtc >> tls: rsa_key_exchange = no >> tls: dh_key_exchange = yes >> tls: rsa_key_length = 512 >> tls: dh_key_length = 512 >> tls: verify_depth = 0 >> tls: CA_path = "(null)" >> tls: pem_file_type = yes >> tls: private_key_file = "/etc/raddb/certs/server_keycert.pem" >> tls: certificate_file = "/etc/raddb/certs/server_keycert.pem" >> tls: CA_file = "/etc/raddb/certs/cacert.pem" >> tls: private_key_password = "1234" >> tls: dh_file = "/etc/raddb/certs/dh" >> tls: random_file = "/etc/raddb/certs/random" >> tls: fragment_size = 1024 >> tls: include_length = yes >> tls: check_crl = no >> tls: check_cert_cn = "(null)" >> rlm_eap_tls: Loading the certificate file as a chain >> rlm_eap: Loaded and initialized type tls >> ttls: default_eap_type = "md5" >> ttls: copy_request_to_tunnel = yes >> ttls: use_tunneled_reply = no >> rlm_eap: Loaded and initialized type ttls >> mschapv2: with_ntdomain_hack = no >> rlm_eap: Loaded and initialized type mschapv2 >> Module: Instantiated eap (eap) >> Module: Loaded preprocess >> preprocess: huntgroups = "/etc/raddb/huntgroups" >> preprocess: hints = "/etc/raddb/hints" >> preprocess: with_ascend_hack = no >> preprocess: ascend_channels_per_line = 23 >> preprocess: with_ntdomain_hack = no >> preprocess: with_specialix_jetstream_hack = no >> preprocess: with_cisco_vsa_hack = no >> Module: Instantiated preprocess (preprocess) >> Module: Loaded realm >> realm: format = "suffix" >> realm: delimiter = "@" >> realm: ignore_default = yes >> realm: ignore_null = yes >> Module: Instantiated realm (suffix) >> Module: Loaded files >> files: usersfile = "/etc/raddb/users" >> files: acctusersfile = "/etc/raddb/acct_users" >> files: preproxy_usersfile = "/etc/raddb/preproxy_users" >> files: compat = "no" >> Module: Instantiated files (files) >> Module: Loaded Acct-Unique-Session-Id >> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, >> Client-IP-Address, NAS-Port" >> Module: Instantiated acct_unique (acct_unique) >> Module: Loaded detail >> detail: detailfile = >> "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" >> detail: detailperm = 384 >> detail: dirperm = 493 >> detail: locking = no >> Module: Instantiated detail (detail) >> Module: Loaded radutmp >> radutmp: filename = "/var/log/radius/radutmp" >> radutmp: username = "%{User-Name}" >> radutmp: case_sensitive = yes >> radutmp: check_with_nas = yes >> radutmp: perm = 384 >> radutmp: callerid = yes >> Module: Instantiated radutmp (radutmp) >> Listening on authentication *:1812 >> Listening on accounting *:1813 >> Ready to process requests. >> rad_recv: Access-Request packet from host 10.10.7.203:1645, id=146, >> length=139 >> User-Name = "tkiziloren" >> Framed-MTU = 1400 >> Called-Station-Id = "0017.0e85.f190" >> Calling-Station-Id = "0011.2fb9.d08b" >> Service-Type = Login-User >> Message-Authenticator = 0x4bf1be37ab5fc1598c68bd249777d10d >> EAP-Message = 0x0202000f01746b697a696c6f72656e >> NAS-Port-Type = Wireless-802.11 >> NAS-Port = 322 >> NAS-IP-Address = 10.10.7.203 >> NAS-Identifier = "testbaum" >> Processing the authorize section of radiusd.conf >> modcall: entering group authorize for request 0 >> modcall[authorize]: module "preprocess" returns ok for request 0 >> modcall[authorize]: module "chap" returns noop for request 0 >> modcall[authorize]: module "mschap" returns noop for request 0 >> rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to >> config. >> modcall[authorize]: module "suffix" returns noop for request 0 >> rlm_eap: EAP packet type response id 2 length 15 >> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation >> modcall[authorize]: module "eap" returns updated for request 0 >> users: Matched entry DEFAULT at line 29 >> modcall[authorize]: module "files" returns ok for request 0 >> rlm_ldap: - authorize >> rlm_ldap: performing user authorization for tkiziloren >> radius_xlat: '(uid=tkiziloren)' >> radius_xlat: 'ou=people,dc=anadolu,dc=edu,dc=tr' >> rlm_ldap: ldap_get_conn: Checking Id: 0 >> rlm_ldap: ldap_get_conn: Got Id: 0 >> rlm_ldap: attempting LDAP reconnection >> rlm_ldap: (re)connect to ldap.anadolu.edu.tr:389, authentication 0 >> rlm_ldap: bind as / to ldap.anadolu.edu.tr:389 >> rlm_ldap: waiting for bind result ... >> rlm_ldap: Bind was successful >> rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with >> filter (uid=tkiziloren) >> rlm_ldap: looking for check items in directory... >> rlm_ldap: looking for reply items in directory... >> rlm_ldap: user tkiziloren authorized to use remote access >> rlm_ldap: ldap_release_conn: Release Id: 0 >> modcall[authorize]: module "ldap_1x" returns ok for request 0 >> modcall: leaving group authorize (returns updated) for request 0 >> rad_check_password: Found Auth-Type EAP >> auth: type "EAP" >> Processing the authenticate section of radiusd.conf >> modcall: entering group authenticate for request 0 >> rlm_eap: EAP Identity >> rlm_eap: processing type tls >> rlm_eap_tls: Initiate >> rlm_eap_tls: Start returned 1 >> modcall[authenticate]: module "eap" returns handled for request 0 >> modcall: leaving group authenticate (returns handled) for request 0 >> Sending Access-Challenge of id 146 to 10.10.7.203 port 1645 >> EAP-Message = 0x010300061520 >> Message-Authenticator = 0x00000000000000000000000000000000 >> State = 0x0aacb6009ffcc2e6b40b7487d9b49dce >> Finished request 0 >> Going to the next request >> --- Walking the entire request list --- >> Waking up in 6 seconds... >> rad_recv: Access-Request packet from host 10.10.7.203:1645, id=147, >> length=202 >> User-Name = "tkiziloren" >> Framed-MTU = 1400 >> Called-Station-Id = "0017.0e85.f190" >> Calling-Station-Id = "0011.2fb9.d08b" >> Service-Type = Login-User >> Message-Authenticator = 0xec986e334fed0be253f43e2461d77e42 >> EAP-Message = >> 0x0203003c158000000032160301002d01000029030146cbafcad15f26ee9c399c30942cb9a40c438dfa3f0aeb13b9b68e7fd7fa6e64000002000a0100 >> NAS-Port-Type = Wireless-802.11 >> NAS-Port = 322 >> State = 0x0aacb6009ffcc2e6b40b7487d9b49dce >> NAS-IP-Address = 10.10.7.203 >> NAS-Identifier = "testbaum" >> Processing the authorize section of radiusd.conf >> modcall: entering group authorize for request 1 >> modcall[authorize]: module "preprocess" returns ok for request 1 >> modcall[authorize]: module "chap" returns noop for request 1 >> modcall[authorize]: module "mschap" returns noop for request 1 >> rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to >> config. >> modcall[authorize]: module "suffix" returns noop for request 1 >> rlm_eap: EAP packet type response id 3 length 60 >> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation >> modcall[authorize]: module "eap" returns updated for request 1 >> users: Matched entry DEFAULT at line 29 >> modcall[authorize]: module "files" returns ok for request 1 >> rlm_ldap: - authorize >> rlm_ldap: performing user authorization for tkiziloren >> radius_xlat: '(uid=tkiziloren)' >> radius_xlat: 'ou=people,dc=anadolu,dc=edu,dc=tr' >> rlm_ldap: ldap_get_conn: Checking Id: 0 >> rlm_ldap: ldap_get_conn: Got Id: 0 >> rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with >> filter (uid=tkiziloren) >> rlm_ldap: looking for check items in directory... >> rlm_ldap: looking for reply items in directory... >> rlm_ldap: user tkiziloren authorized to use remote access >> rlm_ldap: ldap_release_conn: Release Id: 0 >> modcall[authorize]: module "ldap_1x" returns ok for request 1 >> modcall: leaving group authorize (returns updated) for request 1 >> rad_check_password: Found Auth-Type EAP >> auth: type "EAP" >> Processing the authenticate section of radiusd.conf >> modcall: entering group authenticate for request 1 >> rlm_eap: Request found, released from the list >> rlm_eap: EAP/ttls >> rlm_eap: processing type ttls >> rlm_eap_ttls: Authenticate >> rlm_eap_tls: processing TLS >> rlm_eap_tls: Length Included >> eaptls_verify returned 11 >> (other): before/accept initialization >> TLS_accept: before/accept initialization >> rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello >> TLS_accept: SSLv3 read client hello A >> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello >> TLS_accept: SSLv3 write server hello A >> rlm_eap_tls: >>> TLS 1.0 Handshake [length 05e7], Certificate >> TLS_accept: SSLv3 write certificate A >> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone >> TLS_accept: SSLv3 write server done A >> TLS_accept: SSLv3 flush data >> TLS_accept:error in SSLv3 read client certificate A >> In SSL Handshake Phase >> In SSL Accept mode >> eaptls_process returned 13 >> modcall[authenticate]: module "eap" returns handled for request 1 >> modcall: leaving group authenticate (returns handled) for request 1 >> Sending Access-Challenge of id 147 to 10.10.7.203 port 1645 >> EAP-Message = >> 0x0104040a15c000000644160301004a0200004603014642d682aa7f984a7fcdbc4a6bc13b1d264b81e704929e445b4ebf174c04b7cc20d1ee663783e4d828257c89be8df743bbae47180d8e7bd7a41edc3742644c918a000a0016030105e70b0005e30005e00002c5308202c13082022aa003020102020101300d06092a864886f70d010105050030818f310b300906035504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a86 >> EAP-Message = >> 0x4886f70d01090116136c64617040616e61646f6c752e6564752e7472301e170d3037303530383130333833325a170d3038303530373130333833325a3081a3310b300906035504061302545231123010060355040813095452416e61646f6c75311230100603550407130945736b697365686972311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e747230819f300d06092a864886f70d010101050003818d003081890281 >> EAP-Message = >> 0x8100aa7e832714838afb5c85df7c60afaf107142a9e077659f216e0b0cee26180413d2ce23bd4551cb0e7243dbae482db8757502159b52b08f8776b1fef8110ea8798dc7bd0db591296d73e37cad9a07ad8b1c1db6360104861ae0405cab03544b1ae33633df6a5403c79bdde9ab57ed2dcfe191f5f34418b555c953351acc461ce70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181003c0a0c3e188348ce41725b4c062f8a8570a1bf407bb6ee3504b9df6a18e935fe2f8792c914c2eabadd85e6ea701ec99443a06e436152b7b9fd413cf44fbd09db68cdf3879c76ea673153 >> EAP-Message = >> 0xb8adc112064df7b8369c796d37251577569523b465b686408649adbb9f9006148c9e8df035dec411681b9365b9d317f44efd89b9b42b000315308203113082027aa003020102020100300d06092a864886f70d010105050030818f310b300906035504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e7472301e170d3037303530383130333734345a170d >> EAP-Message = 0x3130303530373130333734345a30818f310b30090603 >> Message-Authenticator = 0x00000000000000000000000000000000 >> State = 0x2c09c8f35ddc35ecd609188a17165621 >> Finished request 1 >> Going to the next request >> Waking up in 6 seconds... >> rad_recv: Access-Request packet from host 10.10.7.203:1645, id=148, >> length=148 >> User-Name = "tkiziloren" >> Framed-MTU = 1400 >> Called-Station-Id = "0017.0e85.f190" >> Calling-Station-Id = "0011.2fb9.d08b" >> Service-Type = Login-User >> Message-Authenticator = 0x9b4e281f16c2c5d3cf691e6e195bea68 >> EAP-Message = 0x020400061500 >> NAS-Port-Type = Wireless-802.11 >> NAS-Port = 322 >> State = 0x2c09c8f35ddc35ecd609188a17165621 >> NAS-IP-Address = 10.10.7.203 >> NAS-Identifier = "testbaum" >> Processing the authorize section of radiusd.conf >> modcall: entering group authorize for request 2 >> modcall[authorize]: module "preprocess" returns ok for request 2 >> modcall[authorize]: module "chap" returns noop for request 2 >> modcall[authorize]: module "mschap" returns noop for request 2 >> rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to >> config. >> modcall[authorize]: module "suffix" returns noop for request 2 >> rlm_eap: EAP packet type response id 4 length 6 >> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation >> modcall[authorize]: module "eap" returns updated for request 2 >> users: Matched entry DEFAULT at line 29 >> modcall[authorize]: module "files" returns ok for request 2 >> rlm_ldap: - authorize >> rlm_ldap: performing user authorization for tkiziloren >> radius_xlat: '(uid=tkiziloren)' >> radius_xlat: 'ou=people,dc=anadolu,dc=edu,dc=tr' >> rlm_ldap: ldap_get_conn: Checking Id: 0 >> rlm_ldap: ldap_get_conn: Got Id: 0 >> rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with >> filter (uid=tkiziloren) >> rlm_ldap: looking for check items in directory... >> rlm_ldap: looking for reply items in directory... >> rlm_ldap: user tkiziloren authorized to use remote access >> rlm_ldap: ldap_release_conn: Release Id: 0 >> modcall[authorize]: module "ldap_1x" returns ok for request 2 >> modcall: leaving group authorize (returns updated) for request 2 >> rad_check_password: Found Auth-Type EAP >> auth: type "EAP" >> Processing the authenticate section of radiusd.conf >> modcall: entering group authenticate for request 2 >> rlm_eap: Request found, released from the list >> rlm_eap: EAP/ttls >> rlm_eap: processing type ttls >> rlm_eap_ttls: Authenticate >> rlm_eap_tls: processing TLS >> rlm_eap_tls: Received EAP-TLS ACK message >> rlm_eap_tls: ack handshake fragment handler >> eaptls_verify returned 1 >> eaptls_process returned 13 >> modcall[authenticate]: module "eap" returns handled for request 2 >> modcall: leaving group authenticate (returns handled) for request 2 >> Sending Access-Challenge of id 148 to 10.10.7.203 port 1645 >> EAP-Message = >> 0x0105024e1580000006445504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e747230819f300d06092a864886f70d010101050003818d0030818902818100f87fe052d754f4586d4e311ea15bb54cd7bbe1e505e648171bfa44c6a1523906cc31d776e4a8113dd3f002e7ddd43868af03076e0f4c57c6791845adc2f7732d909e58267dc127244ebe656f95 >> EAP-Message = >> 0xf53a09222a4a3451369f97a04391610dc4b77848268d41b7f9bc37f04654d00abdc0ee376c8aad064e5ac5a5a1595bffeea9b30203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e0416041450fd81eacea4e2d3d18547e154bc515d08630096301f0603551d2304183016801450fd81eacea4e2d3d18547e154bc515d08630096300d06092a864886f70d01010505000381810092f44ed2dade447e098f90432e2a2b58d93139471c0b41d3bbdebf1c2d09e321b43bbe2faad7d8c60e6642f5b6c2746fbb4be07033 >> EAP-Message = >> 0x4b77db5093871b2203bf2271cb97b98cc169c03f4f67d7a01261d971dfddc176cce3a42e1dd1e37037060a528db7e8481722e222549b882a93cfa582a29df0f1b401a28e197772410a1f1016030100040e000000 >> Message-Authenticator = 0x00000000000000000000000000000000 >> State = 0xb63cf9e5375c651683e69b8c2d8543fc >> Finished request 2 >> Going to the next request >> Waking up in 6 seconds... >> --- Walking the entire request list --- >> Cleaning up request 0 ID 146 with timestamp 4642d682 >> Cleaning up request 1 ID 147 with timestamp 4642d682 >> Cleaning up request 2 ID 148 with timestamp 4642d682 >> Nothing to do. Sleeping until we see a request. >> >> >> >> >> A.L.M.Buxey wrote: >> >>> Hi, >>> >>> >>>> However when i try to perform same task by using securew2 on XP client, >>>> it >>>> always shows "attempting to authenticate", >>>> >>> did you configure SecureW2 to allow new connections? >>> >>> alan >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >>> >>> >> >> > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://www.nabble.com/ttls-problem-tf3717596.html#a10410860 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html