Hi,
my Enterasys-switche need the filter-id for policy enforcement. I've got
a problem with 802.1X authentication. Here is the log:
rad_recv: Access-Request packet from host 172.16.255.101 port 49169,
id=171, length=190
User-Name = DNT1\\testtom
Service-Type = Framed-User
Called-Station-Id = 00-1F-45-19-9C-68
Calling-Station-Id = 00-1C-25-9B-0E-EB
NAS-Identifier = D2_Zi31_Tom
NAS-IP-Address = 172.16.255.101
NAS-Port = 1
NAS-Port-Id = ge.1.1
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0x5a07edfa520df4edb36b506fccf290c2
EAP-Message =
0x020a001d1900170301001291f098b2e763cf55403eff0840390a3d3413
Message-Authenticator = 0xe6865e95c71f8c06d904dd297c05ee96
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/radius/radacct/172.16.255.101/auth-detail-20091029
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/172.16.255.101/auth-detail-20091029
[auth_log] expand: %t - Thu Oct 29 10:37:21 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = DNT1\testtom, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[ntdomain] Looking up realm DNT1 for User-Name = DNT1\testtom
[ntdomain] No such realm DNT1
++[ntdomain] returns noop
[eap] EAP packet type response id 10 length 29
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020a00061a03
server {
PEAP: Setting User-Name to DNT1\testtom
Sending tunneled request
EAP-Message = 0x020a00061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = DNT1\\testtom
State = 0xeb8ce38fea86f9b39b0a9d7efe7aaa3e
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = DNT1\testtom, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[ntdomain] Looking up realm DNT1 for User-Name = DNT1\testtom
[ntdomain] No such realm DNT1
++[ntdomain] returns noop
[eap] EAP packet type response id 10 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: Entering ldap_groupcmp()
[files] expand: OU=Abt11-2,OU=Amt11,OU=Stadt
Heidelberg,DC=heidelberg,DC=bw-online,DC=de -
OU=Abt11-2,OU=Amt11,OU=Stadt Heidelberg,DC=heidelberg,DC=bw-online,DC=de
[files] expand: sAMAccountName=%{mschap:User-Name} -
sAMAccountName=testtom
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in OU=Abt11-2,OU=Amt11,OU=Stadt
Heidelberg,DC=heidelberg,DC=bw-online,DC=de, with filter
sAMAccountName=testtom
rlm_ldap: ldap_release_conn: Release Id: 0
[files] expand:
(|((objectClass=Group)(member=%{control:Ldap-UserDn}))((objectClass=Gr
oupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))) -
(|((objectClass=Group)(member=CN\3dTest\5c\2c
Tom\2cOU\3dAbt11-2\2cOU\3dAmt11\2cOU\3dStadt
Heidelberg\2cDC\3dheidelberg\2cDC\3dbw-online\2cDC\3dde))((objectClass=
GroupOfUniqueNames)(uniquemember=CN\3dTest\5c\2c
Tom\2cOU\3dAbt11-2\2cOU\3dAmt11\2cOU\3dStadt
Heidelberg\2cDC\3dheidelberg\2cDC\3dbw-online\2cDC\3dde)))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in OU=Abt11-2,OU=Amt11,OU=Stadt
Heidelberg,DC=heidelberg,DC=bw-online,DC=de, with filter
((cn=WWW)(|((objectClass=Group)(member=CN\3dTest\5c\2c
Tom\2cOU\3dAbt11-2\2cOU\3dAmt11\2cOU\3dStadt
Heidelberg\2cDC\3dheidelberg\2cDC\3dbw-online\2cDC\3dde))((objectClass=
GroupOfUniqueNames)(uniquemember=CN\3dTest\5c\2c
Tom\2cOU\3dAbt11-2\2cOU\3dAmt11\2cOU\3dStadt
Heidelberg\2cDC\3dheidelberg\2cDC\3dbw-online\2cDC\3dde
rlm_ldap: object not found
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in CN=Test\,
Tom,OU=Abt11-2,OU=Amt11,OU=Stadt
Heidelberg,DC=heidelberg,DC=bw-online,DC=de, with filter (objectclass=*)
rlm_ldap: performing search in
CN=WWW,CN=Users,DC=heidelberg,DC=bw-online,DC=de, with filter (cn=WWW)
rlm_ldap::ldap_groupcmp: User found in group WWW
rlm_ldap: ldap_release_conn: Release Id: 0
[files] users: Matched entry DEFAULT at line 215
++[files] returns ok
[ldap] performing user authorization for DNT1\testtom
[ldap] expand: sAMAccountName=%{mschap:User-Name} -
sAMAccountName=testtom
[ldap] expand: