Hello everybody!!
I have FreeRADIUS 1.1.7 + openldap using EAP-PEAP authentication, perfectly
working.
Now, I want to use the same openldap database, but with FreeRADIUS 2.0.4, but I
can't get success authentication.
is it necesary additional parameters of configuration for Freeradius 2.0.4?
How or Where can I configure User-Password instead Cleartext-Password?
OpenLDAP database needs changes for FreeRADIUS 2.0.4?
-----------------------
Similar error I got, when I configured EAP-PEAP without OpenLDAP database(Using
users file), like in FreeRADIUS 1.1.7:
"temporal1" User-Password == "temporal1"
But, when I changed User-Password with Cleartext-Password:
"temporal1" Cleartext-Password := "temporal1"
I got success authentication.
-----------------------
But,I need to continue using my OpenLDAP database, somebody can help me how to
achieve that?
Thanks in advance!
German
---------------------------------
Yahoo! Deportes Beta
¡No te pierdas lo último sobre el torneo clausura 2008!
Entérate aquí http://deportes.yahoo.comUser-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0202000e0174656d706f72616c31
Message-Authenticator = 0x55f6f02dad97274f983156eb619450fb
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
rlm_ldap: Entering ldap_groupcmp()
expand: ou=users,ou=radius,dc=wireless,dc=mired,dc=mx ->
ou=users,ou=radius,dc=wireless,dc=mired,dc=mx
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=temporal1)
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.1.2:389, authentication 0
rlm_ldap: bind as uid=riu,ou=admin mail,dc=server,dc=mired,dc=mx/mypass to
192.168.1.2:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx,
with filter (uid=temporal1)
rlm_ldap: ldap_release_conn: Release Id: 0
expand:
(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
->
(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx,
with filter
(&(cn=academicos)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
cn=RETY750916,ou=users,ou=radius,dc=wireless,dc=mired,dc=mx, with filter
(objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group academicos
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 139
++[files] returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for temporal1
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=temporal1)
expand: ou=users,ou=radius,dc=wireless,dc=mired,dc=mx ->
ou=users,ou=radius,dc=wireless,dc=mired,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx,
with filter (uid=temporal1)
rlm_ldap: Added User-Password = TEMPORAL1 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user temporal1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a73dd5c9876db8a2af8cd70725
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a73dd5c9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0203005019800000004616030100410100003d0301483350f485457ef321d7205f1d3f11970f19adf7ebc2d32dd5fe9d61348b073d00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xcdc119224a6d29ca585372b3f0012c87
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 70
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
EAP-Message =
0x0104040019c0000008bb160301004a020000460301483351a9de21a09971d6806ac111570bb67068775f5b7cb355d205df07a04a7120c185d9c8284e73c089835ce33f5016d405fa2977103be2fdc67e7f217d14a83d000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
EAP-Message =
0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303531393232333931365a170d3039303531393232333931365a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100aefc44eb6a1faf3ffc80b7173e182478cf969ea5a6b85736363a5949f060
EAP-Message =
0xf2d0025f992bebe4372a32e13f3f4dfa44b06bc8557b551c09bd106ab680565a1a89492101573ec0debedb699bf16cee097dd36bd5144121f05bf76f68afba7b03efb9330b5774073da4974d385fc2996956b2a94b9515543523e27e8b5b7d93a01b6288b9b3b1ba65eae13ec1763e8cabb8f5f1ad1643d2c6268dc0cf5afa726dc133a10c34957b5bca0308e88f315966169eae2d2649cf679d017fa786bec3225d47614e15f4ea1e5cfda71ea827d61258fa132f73bddb0eafebc096b89ffa772cfe6aefa2285070a0f6aa850467ccb79c732979e5517ed7126da3787a7e7c77a30203010001a317301530130603551d25040c300a06082b06010505
EAP-Message =
0x070301300d06092a864886f70d01010405000382010100118cb9122ef424f0c7a440f733b07990001c1fb80ac009f9457638ac24564dd4c1731c9b2de99a2706e036b7cdb578847b1a48c88b4f4de9c54c034865788fe3d11269e1e56ae5ea0536aa3f9284fe272eba7d3ae7d5bb5a179a8e44b7f2569bac8a871ecaf3e7978f402f246c847db9ea337182451039bbd64c357af615c2ce2581ff660dcf3e3c1ea423c12081f58da942a5ea7c12a487843398f333f3f45f27042570ca7c5ede5e43a701330ee04970972a0c3df08ae158600d9525478885d53ea753fa3b9e91dccf8b548a1574ff24fb8cf053eb2d7eeeed705ee758769a820ea157b5b4
EAP-Message = 0xa0750995694ed4b3130eea99
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a73cd2c9876db8a2af8cd70725
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a73cd2c9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400061900
Message-Authenticator = 0xcc57a33616442858d1ff03ff4d392bf8
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
EAP-Message =
0x010503fc1940b3e10927517142d20aca8b6bfe8d0004ab308204a73082038fa003020102020900ad7745c335b8f9af300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303531393232333931355a170d3038303631383232333931355a308193310b30090603
EAP-Message =
0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c22b84747eb6dbffd145ad73ea401cadcd70928d7a20dd7ba4753cacad6eadc6723fd2c7fc1974248b66ebd0b760886b8e7e0faf3e88f3b5ca16a4ec5a44706250a8c2740589e7248402167cb6a440
EAP-Message =
0xe501c3dd2db58bac21122ba16db6f31ab3ed57f33fec53d3a7fe2b015be100e4feaa5c4e6d35fdc6a315e0d3297444f41f43116659f383e381c0d0d6d7425f1597699bc535b11f5c6bc3c72c72a8a72947b8e0fd0b0f67e2d43ce8bd3e70a93dababba8070c39e3178762704f42156813672a35f3b306ec994340c5a6290c6ca04ae2ff563b3670d3f898b8526df0ff73dbf470e6fe622db7e5a59fd709dfdb042fe352d1078b693c11b31ccccd5cb68190203010001a381fb3081f8301d0603551d0e04160414586bacb4f8629ef9bdd097817b29a258f15a050f3081c80603551d230481c03081bd8014586bacb4f8629ef9bdd097817b29a258f15a
EAP-Message =
0x050fa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900ad7745c335b8f9af300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100064c7c582032b2416ec0ca9ba609174071748b3a5a4723e8dbdc18c4514fa2f266f306f2c9f46b3bc37378b633045c4296db
EAP-Message = 0x9e5ee30aa059fc32
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a73fd3c9876db8a2af8cd70725
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a73fd3c9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020500061900
Message-Authenticator = 0x19e5d2c0dd47034a67366569932803d9
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
EAP-Message =
0x010600d51900fa20504c21743fdcb28c94527095e4bf87f8c9ebbba34400532e82551128434a2a68843619bcbe798630caaec366ec67991327067eb1777e1bcfc1cccc2fc0ec4b80943004ad7e80b9c4431ef84c990eac035d5f9c74b8555739fec5b1bc985fcd95769e31c854d7d61c2d82d97bdb776a153262f818e15c330b59d6e6c2d44cd2d73ee0fff9c4613d98f474a8555b2921f28181c03f803b8dcf740b18a1c13041a95bb3820bea7dfecffc8145308c5e95d161b51a33645bcaceafcb383c3ce03546e7b657bd16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a73ed0c9876db8a2af8cd70725
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a73ed0c9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x02060140198000000136160301010610000102010088203cd15a638c3638db51513d27aea3f9c5998b101e07924c7d517cd0fab8898daeba330f704bd5b4fa9a8828c7953243d2b783656866a56d7f933e668d74a1252a8d86b817d1b59e1fddc96ba0f5a4949b5b94f75f024e765da8093100aa83f6cc70625c83f10f95836b0c6d4ced72d019a7a39fb09cd599706d993cdbb9c1ba3c5670825c9df790652c28435fd7023ddef755be876e81239e19cf7ee62bff25b5aac2256af336d38e10c4cb8e472564dc5f6f3b4ea012adfdd9101dea6d340581e574633fdb2cbe7204d36e9a027924b9a2955bbdf82204b4a6ef667c885a0a1ce1542ff1a1ff
EAP-Message =
0x3bfb40169caae4c580856ad2e941e127bff6a175b3c2a58114030100010116030100209df955e11155d458796366521047a8eaed81de51d31191e76245fc062c8e1b76
Message-Authenticator = 0x79a99d679c69ae0c9e1619f36db388ad
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 6 length 253
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 310
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
EAP-Message =
0x0107003119001403010001011603010020f54bae3cd49c93d813734f616a8c3201ebc9c26416e88382fd46c88db64ddc8d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a739d1c9876db8a2af8cd70725
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a739d1c9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020700061900
Message-Authenticator = 0xc88d46fc398be3abf214a9b1eb767756
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 7 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
EAP-Message =
0x01080020190017030100156ea40735a4cf89f4626ce63b4ce1cf092e6ad3eed1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a738dec9876db8a2af8cd70725
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a738dec9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020800251900170301001a4436081b763f21812f4545f999ac3ca58d64fa44bd807dfa391d
Message-Authenticator = 0xed2a31854da81f2c2607352f7038f884
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 8 length 37
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - temporal1
PEAP: Got tunneled identity of temporal1
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to temporal1
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 8 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: Entering ldap_groupcmp()
expand: ou=users,ou=radius,dc=wireless,dc=mired,dc=mx ->
ou=users,ou=radius,dc=wireless,dc=mired,dc=mx
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=temporal1)
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx,
with filter (uid=temporal1)
rlm_ldap: ldap_release_conn: Release Id: 0
expand:
(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
->
(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx,
with filter
(&(cn=academicos)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
cn=RETY750916,ou=users,ou=radius,dc=wireless,dc=mired,dc=mx, with filter
(objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group academicos
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 139
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
EAP-Message =
0x0109003a1900170301002f176828ea998680bf5cbb0a089f240536fd49f7a9984d36023a331abdf4af139efdf8ed5afbadd7ec7b926a1c86d530
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a73bdfc9876db8a2af8cd70725
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a73bdfc9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0209005b19001703010050056dc48b30e8cfce865753a81c19410868b44ccdc765162103a41cb362cbe3c0c3da3a0ba2e060f77d1914e2bbac6d1528650fa7b33eedd05d30623cd432cf9fb158e4ef5506d7fc6426b4adee4f5b4b
Message-Authenticator = 0xc20c98af65ea96e29c26cc568c9b668e
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 9 length 91
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to temporal1
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 9 length 68
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: Entering ldap_groupcmp()
expand: ou=users,ou=radius,dc=wireless,dc=mired,dc=mx ->
ou=users,ou=radius,dc=wireless,dc=mired,dc=mx
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=temporal1)
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx,
with filter (uid=temporal1)
rlm_ldap: ldap_release_conn: Release Id: 0
expand:
(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
->
(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=radius,dc=wireless,dc=mired,dc=mx,
with filter
(&(cn=academicos)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
cn=RETY750916,ou=users,ou=radius,dc=wireless,dc=mired,dc=mx, with filter
(objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group academicos
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 139
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for temporal1 with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
Login incorrect: [temporal1/<via Auth-Type = EAP>] (from client WLAN port 0 via
TLS tunnel)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
++[eap] returns handled
EAP-Message =
0x010a00261900170301001b1eb8a5f200d206368fbae80686e7042566c959114b2868fce2f0e0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3dd6d0a73adcc9876db8a2af8cd70725
Finished request 7.
Going to the next request
Waking up in 4.8 seconds.
User-Name = "temporal1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-20-a6-53-a6-a0:WLAN"
Calling-Station-Id = "00-0e-9b-d3-72-7c"
NAS-Identifier = "Avaya-AP-8-53-a6-a0"
State = 0x3dd6d0a73adcc9876db8a2af8cd70725
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020a00261900170301001ba4d540bec66a46cd132819b8612d89fac136ed00afa7a8fd61e51e
Message-Authenticator = 0x28a2d71520b5d7318fe1bcb6df931269
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "temporal1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 10 length 38
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this
session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [temporal1/<via Auth-Type = EAP>] (from client WLAN port 0 cli
00-0e-9b-d3-72-7c)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> temporal1
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.8 seconds.
Cleaning up request 0 ID 232 with timestamp +39
Cleaning up request 1 ID 233 with timestamp +39
Cleaning up request 2 ID 234 with timestamp +39
Cleaning up request 3 ID 235 with timestamp +39
Waking up in 0.1 seconds.
Cleaning up request 4 ID 236 with timestamp +39
Cleaning up request 5 ID 237 with timestamp +39
Cleaning up request 6 ID 238 with timestamp +39
Cleaning up request 7 ID 239 with timestamp +39
Waking up in 1.0 seconds.
Cleaning up request 8 ID 240 with timestamp +39
Ready to process requests.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
