rad_recv: Access-Request packet from host 10.160.111.240:21645, id=157, length=124
User-Name = "t1"
Framed-MTU = 1400
Called-Station-Id = "0012.4335.2790"
Calling-Station-Id = "000a.95f4.a02a"
Service-Type = Login-User
Message-Authenticator = 0xa8e1592b181ffb4a0f3a8f64af1e44ce
EAP-Message = 0x02020007017431
NAS-Port-Type = Wireless-802.11
NAS-Port = 346
NAS-IP-Address = 10.160.111.240
NAS-Identifier = "D_C1200"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for t1
radius_xlat: '(uid=t1)'
radius_xlat: 'ou=People,dc=d,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot/password to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=People,dc=d,dc=com, with filter (uid=t1)
rlm_ldap: checking if remote access for t1 is allowed by vpnaccess
rlm_ldap: Added password {NT}8846F7EAEE8FB117AD06BDD830B7586C in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user t1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
radius_xlat: '\{NT\}'
radius_xlat: '0x'
rlm_attr_rewrite: Changed value for attribute password from '{NT}8846F7EAEE8FB117AD06BDD830B7586C' to '0x8846F7EAEE8FB117AD06BDD830B7586C'
modcall[authorize]: module "attr_rewrite" returns ok for request 0
rlm_eap: EAP packet type response id 2 length 7
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type leap
rlm_eap_leap: Stage 2
rlm_eap_leap: Issuing AP Challenge
rlm_eap_leap: Successfully initiated
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 157 to 10.160.111.240:21645
EAP-Message = 0x0103001211010008ddaad80eba0fa70f7431
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6112db9db93531033550a056e58cc705
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.160.111.240:21645, id=158, length=169
User-Name = "t1"
Framed-MTU = 1400
Called-Station-Id = "0012.4335.2790"
Calling-Station-Id = "000a.95f4.a02a"
Service-Type = Login-User
Message-Authenticator = 0x65b02d0ba40c84e425ec499a85af14ae
EAP-Message = 0x0203002211010018c290a8dee74ac702f400bccd3228c58be7bfa5e957dcd8947431
NAS-Port-Type = Wireless-802.11
NAS-Port = 346
State = 0x6112db9db93531033550a056e58cc705
NAS-IP-Address = 10.160.111.240
NAS-Identifier = "D_C1200"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for t1
radius_xlat: '(uid=t1)'
radius_xlat: 'ou=People,dc=d,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,dc=d,dc=com, with filter (uid=t1)
rlm_ldap: checking if remote access for t1 is allowed by vpnaccess
rlm_ldap: Added password {NT}8846F7EAEE8FB117AD06BDD830B7586C in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user t1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
radius_xlat: '\{NT\}'
radius_xlat: '0x'
rlm_attr_rewrite: Changed value for attribute password from '{NT}8846F7EAEE8FB117AD06BDD830B7586C' to '0x8846F7EAEE8FB117AD06BDD830B7586C'
modcall[authorize]: module "attr_rewrite" returns ok for request 1
rlm_eap: EAP packet type response id 3 length 34
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/leap
rlm_eap: processing type leap
rlm_eap_leap: Stage 4
rlm_eap_leap: FAILED incorrect NtChallengeResponse from AP
rlm_eap: Handler failed in EAP/leap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Sending Access-Reject of id 158 to 10.160.111.240:21645
EAP-Message = 0x04030004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 1
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 157 with timestamp 42094d54
Cleaning up request 1 ID 158 with timestamp 42094d54
Nothing to do. Sleeping until we see a request.
On Feb 8, 2005, at 4:13 PM, Kostas Kalevras wrote:
On Tue, 8 Feb 2005, Jason Howk wrote:
I'm not getting it to work. I did just an LDAP rebuild and I didn't see a change, so I did a full checkout and compile with no results there either. Am I missing something?
Thanks,
J.
Relevant parts of the radiusd.conf:
ldap {
...
password_header = "{NT}"
password_radius_attribute = NT-Password
password_attribute = userPassword
...
}
in ldap.attrmap I've got:
checkItem NT-Password userPassword
Please remove that and only leave the password_* configuration directives.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
