2011/11/11 Phil Mayers <[email protected]> > On 11/11/2011 07:46 AM, Alejandro Gandara wrote: > > I got erros anyways. I've attached debug output >> > > The debug output didn't make it through; I guess it was too big. Use a > pastebin, or put it inline in the email? > > this is the short view: ++[preprocess] returns ok [ntdomain] Looking up realm "OPTARE" for User-Name = "OPTARE\brouco" [ntdomain] Found realm "OPTARE" [ntdomain] Adding Stripped-User-Name = "brouco" [ntdomain] Adding Realm = "OPTARE" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok ++[mschap] returns noop ++[digest] returns noop [ldap] performing user authorization for brouco [ldap] expand: %{Stripped-User-Name} -> brouco [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=brouco) [ldap] expand: dc=optare,dc=loc -> dc=optare,dc=loc [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=optare,dc=loc, with filter (uid=brouco) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] roomNumber -> Pool-Name == "infraestructuras" [ldap] sambaNtPassword -> NT-Password == 0x3245334230434533423046383434414238374145393237384141453730393331 [ldap] looking for reply items in directory... [ldap] radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "01" [ldap] radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802 [ldap] radiusTunnelType -> Tunnel-Type:0 = VLAN [ldap] radiusFramedIPAddress -> Framed-IP-Address = 192.45.51.9 WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user brouco authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok [eap] EAP packet type response id 45 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. SSL: Removing session 1390126992ccf15f6eca58514ff74975f8661cc927bbe3a5f0e0a52b9a310e4a from the cache [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [OPTARE\\brouco/<via Auth-Type = EAP>] (from client privradius port 29 cli f0-4d-a2-bc-77-cd) Using Post-Auth-Type Reject WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action. # Executing group from file /etc/freeradius/sites-enabled/default Delaying reject of request 6 for 1 seconds
Thanks for the help > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/** > list/users.html <http://www.freeradius.org/list/users.html> >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
