I am running freeradius 20030922 snapshot on RedHat 9.0. I am
authorizing and authenticating via ldap. I seem to be getting authorized
and authenticated but my supplicant continues to try and authenticate.
Below is my debug output. If anyone can see anything unusual please let
me know. Thanks for any help.
rad_recv: Access-Request packet from host 10.5.50.115:1645, id=106,
length=211
User-Name = "install"
Framed-MTU = 1400
Called-Station-Id = "000d.bd43.d9a8"
Calling-Station-Id = "0040.9645.c07a"
Message-Authenticator = 0xaba44c3d8a18f7aa63dbf2fe20630dae
EAP-Message =
0x0205004f15800000004517030100409dcc64928d8f5ff60c838cef0ac6a057006e51ad920af73b628207daa197dcbdcd1fbd2ea04505100cd5d27cf356a14adb8eb92944976da2adffa2e5623fdea9
NAS-Port-Type = Virtual
NAS-Port = 496
State = 0x0cd1fc1c30ee0fc4a8488e79f6205014
NAS-IP-Address = 10.5.50.115
NAS-Identifier = "TESTAP1"
modcall: entering group authorize
rlm_ldap: - authorize
rlm_ldap: performing user authorization for install
radius_xlat: '(uid=install)'
radius_xlat: 'ou=academics,o=dbu'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=academics,o=dbu, with filter
(uid=install)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user install authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
rlm_eap: EAP packet type response id 5 length 79
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated
modcall: group authorize returns updated
rad_check_password: Found Auth-Type LDAP
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'install'
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_ttls: Session established. Proceeding to decode tunneled
attributes.
TTLS: Got tunneled request
User-Name = "install"
User-Password = "f0ulb3ast"
Freeradius-Proxied-To = 127.0.0.1
TTLS: Sending tunneled request
User-Name = "install"
User-Password = "f0ulb3ast"
Freeradius-Proxied-To = 127.0.0.1
modcall: entering group authorize
rlm_ldap: - authorize
rlm_ldap: performing user authorization for install
radius_xlat: '(uid=install)'
radius_xlat: 'ou=academics,o=dbu'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=academics,o=dbu, with filter
(uid=install)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user install authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group authenticate
rlm_ldap: - authenticate
rlm_ldap: login attempt by "install" with password "f0ulb3ast"
rlm_ldap: user DN: cn=install,ou=Academics,o=DBU
rlm_ldap: (re)connect to 10.5.10.215:389, authentication 1
rlm_ldap: bind as cn=install,ou=Academics,o=DBU/f0ulb3ast to
10.5.10.215:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user install authenticated succesfully
modcall[authenticate]: module "ldap" returns ok
modcall: group authenticate returns ok
Trying to look up name of unknown client 127.0.0.1.
Login OK: [install/f0ulb3ast] (from client UNKNOWN-CLIENT port 0)
TTLS: Got tunneled reply RADIUS code 2
TTLS: Got tunneled Access-Accept
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns handled
modcall: group authenticate returns handled
Sending Access-Accept of id 106 to 10.5.50.115:1645
MS-MPPE-Recv-Key =
0xe4bcd7f454abdd128405446d00ebf4127842ccf9716b0ae4ebd5da185ad75c17
MS-MPPE-Send-Key =
0xa847b8c85d1c43f533610ebceef89cbe6c8f1daf24e04dfe6316513047111c6f
EAP-Message = 0x03050004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "install"
Finished request 23
Going to the next request
Waking up in 1 seconds...
rick...
Rom.5:8
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
