Config now reads #DEFAULT Auth-Type = System Still not working though
Gonna run through a couple iterations here as I do not think I am expressing the problem properly. First I would like to lay the ground rules. 1: Compare Attribute "User-Name" to a list of usernames in a text file. Format of text file "GROUP-NAME:Usernamea,Usernameb,usernamec" ex "TEST:Noc1,Noc2" Here we have two usernames Noc1 and Noc2 they are in "group" TEST 2: Assign "Group-Name" attributes to the Auth request. IN this ex Noc1 and Noc2 usernames would have Group-Name field set to "TEST" 3: Use "Group-Name" as a flag to assign privileges. ex. When you log onto our Foundry switch gear it places you in a non admin role. To become an admin the Radius server must send a flag back to the switch as part of the authentication process. We have devices other than the Foundry gear that behaves the same way. We will have multiple groups with different members all accounts will be members of more than one group so I will need to perform some logic using the Authenticating device as well as group membership, so based on which device is asking for Auth and what the users accounts is a member of will dictate what flags are sent back. Right now I am on step 2. I have one account on the machine (its my Linux dev box so I only need my account on it..) and have Kerberos up and running to auth campus accounts. Lets call my account "usernamea" which resides locally AND remotely in Kerberos with different passwords, however the accounts from a string compare standpoint are identical (ie on the linux box my username is "usernamea" my campus kerberos principal is also "usernamea") The second Username "usernameb" is not local to my machine and thus only resides in remote kerberos. Lets look at some Debug output, see attached file Initialization.txt Lets look at some auth attmepts. See attached files. I think the way I am trying to implement this is way off base. If I could have my way I would rock it from clients.conf. ie Place the logic in the clients configuration, that way when a client auths against radius all the group logic and radius reply attribute logic is performed on a client by client basis (ie have a client group for the foundry gear, if your username is in the foundry group you get access. Another group for hte packshaper group, they log into the shaper, they are in the packeteer group, bam they get access to said device (with approprite reply flags). Hope this is possible. Thank you
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "md5"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "(null)"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
tls: cipher_list = "(null)"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded Kerberos
krb5: keytab = "/etc/krb5.keytab"
krb5: service_principal = "radius/lfr-noc1.larry.ucdavis.edu"
rlm_krb5: krb5_init ok
Module: Instantiated krb5 (krb5)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "%"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded passwd
passwd: filename = "/etc/raddb/group"
passwd: format = "=Group-Name:*,User-Name"
passwd: authtype = "(null)"
passwd: delimiter = ":"
passwd: ignorenislike = yes
passwd: ignoreempty = yes
passwd: allowmultiplekeys = yes
passwd: hashsize = 50
rlm_passwd: nfields: 2 keyfield 1(User-Name) listable: yes
Module: Instantiated passwd (noc_group)
Module: Loaded LDAP
ldap: server = "169.237.104.19"
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = "uid=********,ou=********,dc=ucdavis,dc=edu"
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = "(null)"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "allow"
ldap: password = "******"
ldap: basedn = "ou=People,dc=ucdavis,dc=edu"
ldap: filter = "(uid=%u)"
ldap: base_filter = "(objectclass=radiusprofile)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "(null)"
ldap: access_attr = "(null)"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
ldap: set_auth_type = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: Over-riding set_auth_type, as we're not listed in the "authenticate"
section.
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP unicodePWD mapped to RADIUS NT-Password
rlm_ldap: LDAP unicodePWD mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
conns: 0x8a433a8
Module: Instantiated ldap (ldap)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.rad_recv: Access-Request packet from host 128.120.0.213:47594, id=1, length=114
NAS-IP-Address = 128.120.0.213
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
User-Name = "usernamea"
User-Password = "***"
Calling-Station-Id = "0.0.0.0"
Called-Station-Id = "000B860B9D20"
Service-Type = Login-User
Aruba-Essid-Name = ""
Aruba-Location-Id = "N/A"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '%' in User-Name = "usernamea", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
Invalid operator for item Group-Name: reverting to '=='
users: Matched entry DEFAULT at line 160
modcall[authorize]: module "files" returns ok for request 0
rlm_passwd: Added Group-Name: 'NOC' to reply_items
modcall[authorize]: module "noc_group" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for usernamea
radius_xlat: '(uid=usernamea)'
radius_xlat: 'ou=People,dc=ucdavis,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 169.237.104.19:389, authentication 0
rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow
rlm_ldap: bind as ********************************************* to 0.0.0.0:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=People,dc=ucdavis,dc=edu, with filter
(uid=usernamea)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding unicodePWD as LM-Password, value * & op=21
rlm_ldap: Adding unicodePWD as NT-Password, value * & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user usernamea authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type krb5
auth: type "krb5"
Processing the authenticate section of radiusd.conf
modcall: entering group krb5 for request 0
modcall[authenticate]: module "krb5" returns ok for request 0
modcall: leaving group krb5 (returns ok) for request 0
Login OK: [usernamea] (from client ArubaTest port 0 cli 0.0.0.0)
Sending Access-Accept of id 1 to 128.120.0.213 port 47594
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.120.0.213:47594, id=2, length=183
NAS-IP-Address = 128.120.0.213
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
User-Name = "usernamea"
Calling-Station-Id = "000000000000"
Called-Station-Id = "000B860B9D20"
MS-CHAP-Challenge = 0x0d5376a4803290fc7f16eddf********
MS-CHAP2-Response =
0x000071124b9bcc673b3734bb4**************************
Service-Type = Login-User
Aruba-Essid-Name = ""
Aruba-Location-Id = "N/A"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 1
rlm_realm: No '%' in User-Name = "usernamea", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
Invalid operator for item Group-Name: reverting to '=='
users: Matched entry DEFAULT at line 160
modcall[authorize]: module "files" returns ok for request 1
rlm_passwd: Added Group-Name: 'NOC' to reply_items
modcall[authorize]: module "noc_group" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for usernamea
radius_xlat: '(uid=usernamea)'
radius_xlat: 'ou=People,dc=ucdavis,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,dc=ucdavis,dc=edu, with filter
(uid=usernamea)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding unicodePWD as LM-Password, value **************** & op=21
rlm_ldap: Adding unicodePWD as NT-Password, value **************** & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user usernamea authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 1
rlm_mschap: Found LM-Password
rlm_mschap: Found NT-Password
rlm_mschap: Told to do MS-CHAPv2 for usernamea with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok for request 1
modcall: leaving group MS-CHAP (returns ok) for request 1
Login OK: [usernamea] (from client ArubaTest port 0 cli 000000000000)
Sending Access-Accept of id 2 to 128.120.0.213 port 47594
MS-CHAP2-Success = 0x00533d30303735333346423534303******************
MS-MPPE-Recv-Key = 0x2ffa04b18904d2c0***************
MS-MPPE-Send-Key = 0x131c0755493d83b*******************
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 1 with timestamp 49d247fb
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 2 with timestamp 49d247fe
Nothing to do. Sleeping until we see a request.rad_recv: Access-Request packet from host 128.120.0.213:47594, id=3, length=183
NAS-IP-Address = 128.120.0.213
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
User-Name = "usernameb"
Calling-Station-Id = "000000000000"
Called-Station-Id = "000B860B9D20"
MS-CHAP-Challenge = 0xe230bfaebbebb1c5f2ff9869fc00fa1b
MS-CHAP2-Response =
0x0000b19431d48c4c0c44aa2513a2354c8fcf000000000000000082c84cd02519242ecadc7f100bb4877a550df8d0a029435e
Service-Type = Login-User
Aruba-Essid-Name = ""
Aruba-Location-Id = "N/A"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 2
rlm_realm: No '%' in User-Name = "usernameb", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 2
Invalid operator for item Group-Name: reverting to '=='
users: Matched entry DEFAULT at line 160
modcall[authorize]: module "files" returns ok for request 2
rlm_passwd: Added Group-Name: 'NOC' to reply_items
modcall[authorize]: module "noc_group" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for usernameb
radius_xlat: '(uid=usernameb)'
radius_xlat: 'ou=People,dc=ucdavis,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,dc=ucdavis,dc=edu, with filter
(uid=usernameb)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding unicodePWD as LM-Password, value **************** & op=21
rlm_ldap: Adding unicodePWD as NT-Password, value **************** & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user usernameb authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
modcall: leaving group authorize (returns ok) for request 2
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 2
rlm_mschap: Found LM-Password
rlm_mschap: Found NT-Password
rlm_mschap: Told to do MS-CHAPv2 for usernameb with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok for request 2
modcall: leaving group MS-CHAP (returns ok) for request 2
Login OK: [usernameb] (from client ArubaTest port 0 cli 000000000000)
Sending Access-Accept of id 3 to 128.120.0.213 port 47594
MS-CHAP2-Success = 0x00533d3433364635463741384441353336393230*
MS-MPPE-Recv-Key = 0x8bcce19*
MS-MPPE-Send-Key = 0x85f1485*
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.120.0.213:47594, id=4, length=114
NAS-IP-Address = 128.120.0.213
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
User-Name = "usernameb"
User-Password = "***"
Calling-Station-Id = "0.0.0.0"
Called-Station-Id = "000B860B9D20"
Service-Type = Login-User
Aruba-Essid-Name = ""
Aruba-Location-Id = "N/A"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '%' in User-Name = "usernameb", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 3
Invalid operator for item Group-Name: reverting to '=='
users: Matched entry DEFAULT at line 160
modcall[authorize]: module "files" returns ok for request 3
rlm_passwd: Added Group-Name: 'NOC' to reply_items
modcall[authorize]: module "noc_group" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for usernameb
radius_xlat: '(uid=usernameb)'
radius_xlat: 'ou=People,dc=ucdavis,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,dc=ucdavis,dc=edu, with filter
(uid=usernameb)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding unicodePWD as LM-Password, value * & op=21
rlm_ldap: Adding unicodePWD as NT-Password, value * & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user usernameb authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
modcall: leaving group authorize (returns ok) for request 3
rad_check_password: Found Auth-Type krb5
auth: type "krb5"
Processing the authenticate section of radiusd.conf
modcall: entering group krb5 for request 3
modcall[authenticate]: module "krb5" returns ok for request 3
modcall: leaving group krb5 (returns ok) for request 3
Login OK: [usernameb] (from client ArubaTest port 0 cli 0.0.0.0)
Sending Access-Accept of id 4 to 128.120.0.213 port 47594
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 3 with timestamp 49d2480b
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 4 with timestamp 49d2480e
Nothing to do. Sleeping until we see a request.
hints
Description: hints
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
