If I do a test, login without domain, only with username and password,
the authentication occurs.
We can see this information in the files "proxy1.txt" and "realmTESTE1.txt"
If someone can help me.
Very Thanks.
Israel Fabio Alves wrote:
The file "proxy.txt" is the freeradius that receive de request from Switch.
The file "realmTESTE.txt" is the freeradius that will authenticate users
for domain TESTE. At this moment, the autentication is in files.
Dustin Doris wrote:
Do you have nostrip setup in proxy.conf to not strip the username?
Please
post debug info (radiusd -X).
On Fri, 28 Jan 2005, Israel Fabio Alves wrote:
I do not know right if is a problem of freeradius, it is possible that
is my configuration.
When I do a test using just the user and password, I loggin OK, but when
using username, password and domain, occurr the login failed.
If somebody have information taht help me, I will very happy.
Alan DeKok wrote:
Israel Fabio Alves <[EMAIL PROTECTED]> wrote:
I try to do 802.1x with proxy autentication, when user loggin from
Windows XP, he put username, password and domain. The Switch will
send a
request authentication for a freeradius server, that will proxy the
request conform user domain. When a try this, I get the erros bellow.
What part of the errors are unclear?
Sending Access-Request of id 0 to 172.22.3.69:1812
...
rad_recv: Access-Reject packet from host 172.22.3.69:1812, id=0,
length=108
The other server rejected the user. Why would you think this is a
problem in FreeRADIUS?
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Israel Alves - Gerente de Infraestrutura
Quantiza Systems - 55(51) 598-2343
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
------------------------------------------------------------------------
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/radius/etc/raddb/proxy.conf
Config: including file: /usr/local/radius/etc/raddb/clients.conf
Config: including file: /usr/local/radius/etc/raddb/snmp.conf
Config: including file: /usr/local/radius/etc/raddb/eap.conf
Config: including file: /usr/local/radius/etc/raddb/sql.conf
main: prefix = "/usr/local/radius"
main: localstatedir = "/usr/local/radius/var"
main: logdir = "/usr/local/radius/var/log/radius"
main: libdir = "/usr/local/radius/lib"
main: radacctdir = "/usr/local/radius/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/usr/local/radius/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/radius/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/radius/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/radius/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/radius/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile = "/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/radius/etc/raddb/users"
files: acctusersfile = "/usr/local/radius/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/radius/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
detail: detailfile = "/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/radius/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.22.0.47:1814, id=0, length=97
User-Name = "israel"
EAP-Message = 0x020100110154455354455c69737261656c
NAS-IP-Address = 172.22.2.32
Service-Type = Login-User
Calling-Station-Id = "0.0.0.0"
NAS-Port-Type = Ethernet
Message-Authenticator = 0x0195a000df15f453a0effe23b403fb50
Proxy-State = 0x323534
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/usr/local/radius/var/log/radius/radacct/172.22.0.47/auth-detail-20050128'
rlm_detail: /usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/radius/var/log/radius/radacct/172.22.0.47/auth-detail-20050128
modcall[authorize]: module "auth_log" returns ok for request 0
rlm_realm: No '@' in User-Name = "israel", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched israel at 18
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 0
modcall: group authenticate returns invalid for request 0
auth: Failed to validate the user.
Login incorrect: [israel/<no User-Password attribute>] (from client radius port 0 cli 0.0.0.0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 0 to 172.22.0.47:1814
Extreme-Netlogin-Url = "http://172.22.2.180"
Extreme-Netlogin-Url-Desc = "Extreme Networks Home"
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "servers"
Proxy-State = 0x323534
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 41fa778b
Nothing to do. Sleeping until we see a request.
------------------------------------------------------------------------
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/radius/etc/raddb/proxy.conf
Config: including file: /usr/local/radius/etc/raddb/clients.conf
Config: including file: /usr/local/radius/etc/raddb/snmp.conf
Config: including file: /usr/local/radius/etc/raddb/eap.conf
Config: including file: /usr/local/radius/etc/raddb/sql.conf
main: prefix = "/usr/local/radius"
main: localstatedir = "/usr/local/radius/var"
main: logdir = "/usr/local/radius/var/log/radius"
main: libdir = "/usr/local/radius/lib"
main: radacctdir = "/usr/local/radius/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/usr/local/radius/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/radius/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/radius/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/radius/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/radius/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile = "/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/radius/etc/raddb/users"
files: acctusersfile = "/usr/local/radius/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/radius/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
detail: detailfile = "/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/radius/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.22.2.32:1746, id=254, length=98
User-Name = "[EMAIL PROTECTED]"
EAP-Message = 0x020100110154455354455c69737261656c
NAS-IP-Address = 172.22.2.32
Service-Type = Login-User
Calling-Station-Id = "0.0.0.0"
NAS-Port-Type = Ethernet
Message-Authenticator = 0x4b7d7eb7f7c7d152f7781ccef4d74eb2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/usr/local/radius/var/log/radius/radacct/172.22.2.32/auth-detail-20050128'
rlm_detail: /usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/radius/var/log/radius/radacct/172.22.2.32/auth-detail-20050128
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Looking up realm "TESTE" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "TESTE"
rlm_realm: Adding Stripped-User-Name = "israel"
rlm_realm: Proxying request from user israel to realm TESTE
rlm_realm: Adding Realm = "TESTE"
rlm_realm: Preparing to proxy authentication request to realm "TESTE"
modcall[authorize]: module "suffix" returns updated for request 0
rlm_eap: Request is supposed to be proxied to Realm TESTE. Not doing EAP.
modcall[authorize]: module "eap" returns noop for request 0
modcall[authorize]: module "files" returns notfound for request 0
modcall: group authorize returns updated for request 0
Sending Access-Request of id 0 to 172.22.3.69:1812
User-Name = "israel"
EAP-Message = 0x020100110154455354455c69737261656c
NAS-IP-Address = 172.22.2.32
Service-Type = Login-User
Calling-Station-Id = "0.0.0.0"
NAS-Port-Type = Ethernet
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x323534
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Reject packet from host 172.22.3.69:1812, id=0, length=108
Extreme-Netlogin-Url = "http://172.22.2.180"
Extreme-Netlogin-Url-Desc = "Extreme Networks Home"
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "servers"
Proxy-State = 0x323534
Login incorrect (Home Server says so): [israel/<no User-Password attribute>] (from client extreme port 0 cli 0.0.0.0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.22.2.32:1746, id=254, length=98
Sending Access-Reject of id 254 to 172.22.2.32:1746
Extreme-Netlogin-Url = "http://172.22.2.180"
Extreme-Netlogin-Url-Desc = "Extreme Networks Home"
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "servers"
--- Walking the entire request list ---
Waking up in 5 seconds...
--
Israel Alves - Gerente de Infraestrutura
Quantiza Systems - 55(51) 598-2343
Ready to process requests.
rad_recv: Access-Request packet from host 172.22.2.32:1752, id=23, length=86
User-Name = "israel"
EAP-Message = 0x0201000b0169737261656c
NAS-IP-Address = 172.22.2.32
Service-Type = Login-User
Calling-Station-Id = "0.0.0.0"
NAS-Port-Type = Ethernet
Message-Authenticator = 0x3ce509c3bf74ba8f8bdcdfa3779662f7
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:
'/usr/local/radius/var/log/radius/radacct/172.22.2.32/auth-detail-20050128'
rlm_detail:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/radius/var/log/radius/radacct/172.22.2.32/auth-detail-20050128
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "israel", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched israel at 18
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
Sending Access-Request of id 0 to 172.22.3.69:1812
User-Name = "israel"
EAP-Message = 0x0201000b0169737261656c
NAS-IP-Address = 172.22.2.32
Service-Type = Login-User
Calling-Station-Id = "0.0.0.0"
NAS-Port-Type = Ethernet
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x3233
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Challenge packet from host 172.22.3.69:1812, id=0, length=173
Service-Type = Login-User
Extreme-Netlogin-Url = "http://172.22.2.180"
Extreme-Netlogin-Url-Desc = "Extreme Networks Home"
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "servers"
EAP-Message = 0x01020016041083c2525c1e38aff50760c95a7c2676d5
Message-Authenticator = 0xc51c89bd8b982d38a8cb6f8b83da995f
State = 0xecf53721b73e9b5edbb4c1c5be1dc48f
Proxy-State = 0x3233
Sending Access-Challenge of id 23 to 172.22.2.32:1752
Service-Type = Login-User
Extreme-Netlogin-Url = "http://172.22.2.180"
Extreme-Netlogin-Url-Desc = "Extreme Networks Home"
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "servers"
EAP-Message = 0x01020016041083c2525c1e38aff50760c95a7c2676d5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xecf53721b73e9b5edbb4c1c5be1dc48f
Finished request 0
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.22.2.32:1753, id=27, length=121
User-Name = "israel"
EAP-Message = 0x0202001c04105aaa04a104713a480168c2e8a600717669737261656c
NAS-IP-Address = 172.22.2.32
Service-Type = Login-User
Calling-Station-Id = "0.0.0.0"
NAS-Port-Type = Ethernet
State = 0xecf53721b73e9b5edbb4c1c5be1dc48f
Message-Authenticator = 0x1f5c6cb62a3a7fba84c5275ab4fd1f86
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat:
'/usr/local/radius/var/log/radius/radacct/172.22.2.32/auth-detail-20050128'
rlm_detail:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/radius/var/log/radius/radacct/172.22.2.32/auth-detail-20050128
modcall[authorize]: module "auth_log" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "israel", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 2 length 28
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched israel at 18
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
Sending Access-Request of id 1 to 172.22.3.69:1812
User-Name = "israel"
EAP-Message = 0x0202001c04105aaa04a104713a480168c2e8a600717669737261656c
NAS-IP-Address = 172.22.2.32
Service-Type = Login-User
Calling-Station-Id = "0.0.0.0"
NAS-Port-Type = Ethernet
State = 0xecf53721b73e9b5edbb4c1c5be1dc48f
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x3237
Waking up in 6 seconds...
rad_recv: Access-Accept packet from host 172.22.3.69:1812, id=1, length=145
Service-Type = Login-User
Extreme-Netlogin-Url = "http://172.22.2.180"
Extreme-Netlogin-Url-Desc = "Extreme Networks Home"
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "servers"
EAP-Message = 0x03020004
Message-Authenticator = 0x5cdf497509b31d38c99f9f3f06f4f9bf
User-Name = "israel"
Proxy-State = 0x3237
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat:
'/usr/local/radius/var/log/radius/radacct/172.22.2.32/auth-detail-20050128'
rlm_detail:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/radius/var/log/radius/radacct/172.22.2.32/auth-detail-20050128
modcall[authorize]: module "auth_log" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: Proxy reply, or no User-Name. Ignoring.
modcall[authorize]: module "suffix" returns noop for request 1
modcall[authorize]: module "eap" returns noop for request 1
users: Matched israel at 18
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [israel/<no User-Password attribute>] (from client extreme port 0 cli
0.0.0.0)
Sending Access-Accept of id 27 to 172.22.2.32:1753
Service-Type = Login-User
Extreme-Netlogin-Url = "http://172.22.2.180"
Extreme-Netlogin-Url-Desc = "Extreme Networks Home"
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "servers"
EAP-Message = 0x03020004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "israel"
Finished request 1
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 23 with timestamp 41fa9c9a
Cleaning up request 1 ID 27 with timestamp 41fa9c9a
Nothing to do. Sleeping until we see a request.
Ready to process requests.
rad_recv: Access-Request packet from host 172.22.0.47:1814, id=0, length=90
User-Name = "israel"
EAP-Message = 0x0201000b0169737261656c
NAS-IP-Address = 172.22.2.32
Service-Type = Login-User
Calling-Station-Id = "0.0.0.0"
NAS-Port-Type = Ethernet
Message-Authenticator = 0xa7b85432bc4296d74129230c08c714d2
Proxy-State = 0x3233
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:
'/usr/local/radius/var/log/radius/radacct/172.22.0.47/auth-detail-20050128'
rlm_detail:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/radius/var/log/radius/radacct/172.22.0.47/auth-detail-20050128
modcall[authorize]: module "auth_log" returns ok for request 0
rlm_realm: No '@' in User-Name = "israel", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched israel at 18
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 0 to 172.22.0.47:1814
Service-Type = Login-User
Extreme-Netlogin-Url = "http://172.22.2.180"
Extreme-Netlogin-Url-Desc = "Extreme Networks Home"
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "servers"
EAP-Message = 0x01020016041083c2525c1e38aff50760c95a7c2676d5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xecf53721b73e9b5edbb4c1c5be1dc48f
Proxy-State = 0x3233
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.22.0.47:1814, id=1, length=125
User-Name = "israel"
EAP-Message = 0x0202001c04105aaa04a104713a480168c2e8a600717669737261656c
NAS-IP-Address = 172.22.2.32
Service-Type = Login-User
Calling-Station-Id = "0.0.0.0"
NAS-Port-Type = Ethernet
State = 0xecf53721b73e9b5edbb4c1c5be1dc48f
Message-Authenticator = 0xa2b8df5192e198fe3ce83a9099efcbb6
Proxy-State = 0x3237
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat:
'/usr/local/radius/var/log/radius/radacct/172.22.0.47/auth-detail-20050128'
rlm_detail:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/radius/var/log/radius/radacct/172.22.0.47/auth-detail-20050128
modcall[authorize]: module "auth_log" returns ok for request 1
rlm_realm: No '@' in User-Name = "israel", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 2 length 28
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched israel at 18
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/md5
rlm_eap: processing type md5
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 1
modcall: group authenticate returns ok for request 1
Login OK: [israel/<no User-Password attribute>] (from client radius port 0 cli
0.0.0.0)
Sending Access-Accept of id 1 to 172.22.0.47:1814
Service-Type = Login-User
Extreme-Netlogin-Url = "http://172.22.2.180"
Extreme-Netlogin-Url-Desc = "Extreme Networks Home"
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "servers"
EAP-Message = 0x03020004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "israel"
Proxy-State = 0x3237
Finished request 1
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 41fa9c70
Cleaning up request 1 ID 1 with timestamp 41fa9c70
Nothing to do. Sleeping until we see a request.
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/radius/etc/raddb/proxy.conf
Config: including file: /usr/local/radius/etc/raddb/clients.conf
Config: including file: /usr/local/radius/etc/raddb/snmp.conf
Config: including file: /usr/local/radius/etc/raddb/eap.conf
Config: including file: /usr/local/radius/etc/raddb/sql.conf
main: prefix = "/usr/local/radius"
main: localstatedir = "/usr/local/radius/var"
main: logdir = "/usr/local/radius/var/log/radius"
main: libdir = "/usr/local/radius/lib"
main: radacctdir = "/usr/local/radius/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/usr/local/radius/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/radius/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/radius/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/radius/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/radius/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile =
"/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/radius/etc/raddb/users"
files: acctusersfile = "/usr/local/radius/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/radius/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
detail: detailfile =
"/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/radius/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.22.0.47:1814, id=0, length=97
User-Name = "israel"
EAP-Message = 0x020100110154455354455c69737261656c
NAS-IP-Address = 172.22.2.32
Service-Type = Login-User
Calling-Station-Id = "0.0.0.0"
NAS-Port-Type = Ethernet
Message-Authenticator = 0x0195a000df15f453a0effe23b403fb50
Proxy-State = 0x323534
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:
'/usr/local/radius/var/log/radius/radacct/172.22.0.47/auth-detail-20050128'
rlm_detail:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/radius/var/log/radius/radacct/172.22.0.47/auth-detail-20050128
modcall[authorize]: module "auth_log" returns ok for request 0
rlm_realm: No '@' in User-Name = "israel", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched israel at 18
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 0
modcall: group authenticate returns invalid for request 0
auth: Failed to validate the user.
Login incorrect: [israel/<no User-Password attribute>] (from client radius port
0 cli 0.0.0.0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 0 to 172.22.0.47:1814
Extreme-Netlogin-Url = "http://172.22.2.180"
Extreme-Netlogin-Url-Desc = "Extreme Networks Home"
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "servers"
Proxy-State = 0x323534
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 41fa778b
Nothing to do. Sleeping until we see a request.
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/radius/etc/raddb/proxy.conf
Config: including file: /usr/local/radius/etc/raddb/clients.conf
Config: including file: /usr/local/radius/etc/raddb/snmp.conf
Config: including file: /usr/local/radius/etc/raddb/eap.conf
Config: including file: /usr/local/radius/etc/raddb/sql.conf
main: prefix = "/usr/local/radius"
main: localstatedir = "/usr/local/radius/var"
main: logdir = "/usr/local/radius/var/log/radius"
main: libdir = "/usr/local/radius/lib"
main: radacctdir = "/usr/local/radius/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/usr/local/radius/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/radius/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/radius/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/radius/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/radius/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile =
"/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/radius/etc/raddb/users"
files: acctusersfile = "/usr/local/radius/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/radius/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
detail: detailfile =
"/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/radius/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.22.2.32:1746, id=254, length=98
User-Name = "[EMAIL PROTECTED]"
EAP-Message = 0x020100110154455354455c69737261656c
NAS-IP-Address = 172.22.2.32
Service-Type = Login-User
Calling-Station-Id = "0.0.0.0"
NAS-Port-Type = Ethernet
Message-Authenticator = 0x4b7d7eb7f7c7d152f7781ccef4d74eb2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:
'/usr/local/radius/var/log/radius/radacct/172.22.2.32/auth-detail-20050128'
rlm_detail:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/radius/var/log/radius/radacct/172.22.2.32/auth-detail-20050128
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Looking up realm "TESTE" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "TESTE"
rlm_realm: Adding Stripped-User-Name = "israel"
rlm_realm: Proxying request from user israel to realm TESTE
rlm_realm: Adding Realm = "TESTE"
rlm_realm: Preparing to proxy authentication request to realm "TESTE"
modcall[authorize]: module "suffix" returns updated for request 0
rlm_eap: Request is supposed to be proxied to Realm TESTE. Not doing EAP.
modcall[authorize]: module "eap" returns noop for request 0
modcall[authorize]: module "files" returns notfound for request 0
modcall: group authorize returns updated for request 0
Sending Access-Request of id 0 to 172.22.3.69:1812
User-Name = "israel"
EAP-Message = 0x020100110154455354455c69737261656c
NAS-IP-Address = 172.22.2.32
Service-Type = Login-User
Calling-Station-Id = "0.0.0.0"
NAS-Port-Type = Ethernet
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x323534
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Reject packet from host 172.22.3.69:1812, id=0, length=108
Extreme-Netlogin-Url = "http://172.22.2.180"
Extreme-Netlogin-Url-Desc = "Extreme Networks Home"
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "servers"
Proxy-State = 0x323534
Login incorrect (Home Server says so): [israel/<no User-Password attribute>]
(from client extreme port 0 cli 0.0.0.0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.22.2.32:1746, id=254, length=98
Sending Access-Reject of id 254 to 172.22.2.32:1746
Extreme-Netlogin-Url = "http://172.22.2.180"
Extreme-Netlogin-Url-Desc = "Extreme Networks Home"
Extreme-Netlogin-Only = Enabled
Extreme-Netlogin-Vlan = "servers"
--- Walking the entire request list ---
Waking up in 5 seconds...