Re: LDAP + TTLS PAP

2009-07-15 Thread jpablorp



Ivan Kalik wrote:
> 
>> Here is my all debug.
> 
> Enable ldap in inner-tunnel virtual server as well.
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

Thanks for your help Ivan. 

Now everything looks fine.
-- 
View this message in context: 
http://www.nabble.com/LDAP-%2B-TTLS-PAP-tp24498710p24500243.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: LDAP + TTLS PAP

2009-07-15 Thread Ivan Kalik
> Here is my all debug.

Enable ldap in inner-tunnel virtual server as well.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: LDAP + TTLS PAP

2009-07-15 Thread jpablorp


Ivan Kalik wrote:
> 
> 
>> You have deleted the interesting part of the debug.
> 
>>Ivan Kalik
>>Kalik Informatika ISP
> 
> 

Sorry 
Here is my all debug.
Ready to process requests.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=2,
length=163
User-Name = "user"
Calling-Station-Id = "00-24-2C-83-AA-92"
Called-Station-Id = "00-21-A1-9E-F9-30:testGDL"
NAS-Port = 1
NAS-IP-Address = 10.14.56.33
NAS-Identifier = "test-gdl-wlc"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020800090175736572
Message-Authenticator = 0xb86c778d5e5cbb982425e05ea5b4b6e8
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for user
[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
details
[ldap]  expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=user)
[ldap]  expand: ou=Wireless,dc=local,dc=test,dc=com ->
ou=Wireless,dc=local,dc=test,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Wireless,dc=local,dc=test,dc=com, with
filter (cn=user)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: userPassword -> Cleartext-Password == "Newuser01"
[ldap] looking for reply items in directory...
[ldap] user user authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 2 to 10.14.56.33 port 32768
EAP-Message = 0x010900160410a1a022fc9a0dfa06c749cc18033a2a4a
Message-Authenticator = 0x
State = 0xeb2a1c90eb2318c7f00b52ffc2a1bc44
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=2,
length=163
Sending duplicate reply to client 10.14.56.33 port 32768 - ID: 2
Sending Access-Challenge of id 2 to 10.14.56.33 port 32768
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=2,
length=163
Sending duplicate reply to client 10.14.56.33 port 32768 - ID: 2
Sending Access-Challenge of id 2 to 10.14.56.33 port 32768
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=3,
length=178
User-Name = "user"
Calling-Station-Id = "00-24-2C-83-AA-92"
Called-Station-Id = "00-21-A1-9E-F9-30:testGDL"
NAS-Port = 1
NAS-IP-Address = 10.14.56.33
NAS-Identifier = "test-gdl-wlc"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020900060315
State = 0xeb2a1c90eb2318c7f00b52ffc2a1bc44
Message-Authenticator = 0xbe3af8eada8201dbfd51322d12e53c40
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for user
[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
details
[ldap]  expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=user)
[ldap]  expand: ou=Wireless,dc=local,dc=test,dc=com ->
ou=Wireless,dc=local,dc=test,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Wireless,dc=local,dc=test,dc=com, with
filter (cn=user)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: userPassword -> Cleartext-Password == "Newuser01"
[ldap] looking for reply items in directory...
[ldap] user user authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EA

Re: LDAP + TTLS PAP

2009-07-15 Thread Ivan Kalik
> but when i try from mi XP client the debug show this:

You have deleted the interesting part of the debug.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


LDAP + TTLS PAP

2009-07-15 Thread jpablorp

Hi.
I've been trying  to setup freeradius with LDAP + TTLS PAP.
I use the default radius, eap users files configuration, I configure my
modules/ldap file to connect to my ldap, sites-avilable/default file to
authorize ldap, and ldap.attrmap to check Cleartext-Password against
userPassword.
 
Everything seems normal, when I test it  with 
radtest user pass 10.14.56.26 0 secret
is accepted.

but when i try from mi XP client the debug show this:

+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
} # server inner-tunnel
[ttls] Got tunneled reply code 3
[ttls] Got tunneled Access-Reject
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}

Here my /sites-avilable/default authorize section:

authorize {
preprocess
chap
mschap
eap {
ok = return
}
unix
files
ldap
expiration
logintime
pap
}

Any Ideas?

Thanks.
-- 
View this message in context: 
http://www.nabble.com/LDAP-%2B-TTLS-PAP-tp24498710p24498710.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html