Hi,

Am not able to see my authorization happening because I don't see the 
value-attr or reply message. Please help. Logs attached.
rad_recv: Access-Request packet from host 192.168.0.2 port 39662, id=92, 
length=62
        User-Name = "radiustest"
        User-Password = "password@123"
        NAS-IP-Address = 192.168.0.2
        NAS-Port = 1812
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> 
/var/log/radius/radacct/192.168.0.2/auth-detail-20130128
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /var/log/radius/radacct/192.168.0.2/auth-detail-20130128
[auth_log]      expand: %t -> Mon Jan 28 10:12:16 2013
++[auth_log] returns ok
[ldap] performing user authorization for radiustest
[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for 
details
[ldap]  ... expanding second conditional
[ldap]  expand: %{User-Name} -> radiustest
[ldap]  expand: (&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})) -> 
(&(sAMAccountName=radiustest))
[ldap]  expand: cn=users,dc=example,dc=com -> cn=users,dc=example,dc=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in cn=users,dc=example,dc=com, with filter 
(&(sAMAccountName=radiustest))
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the 
user is configured correctly?
[ldap] Setting Auth-Type = ldap
[ldap] user radiustest authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "radiustest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ldap] performing user authorization for radiustest
[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for 
details
[ldap]  ... expanding second conditional
[ldap]  expand: %{User-Name} -> radiustest
[ldap]  expand: (&(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})) -> 
(&(sAMAccountName=radiustest))
[ldap]  expand: cn=users,dc=example,dc=com -> cn=users,dc=example,dc=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in cn=users,dc=example,dc=com, with filter 
(&(sAMAccountName=radiustest))
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the 
user is configured correctly?
[ldap] user radiustest authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may 
fail because of this.
++[pap] returns noop
Found Auth-Type = ldap
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group LDAP {...}
[ldap] login attempt by "radiustest" with password "password@123"
[ldap] user DN: CN=radiustest,CN=Users,DC=example,DC=com
  [ldap] (re)connect to 192.168.0.3:389, authentication 1
  [ldap] bind as CN=radiustest,CN=Users,DC=example,DC=com/password@123 to 
192.168.0.3:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
[ldap] user radiustest authenticated succesfully
++[ldap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 92 to 192.168.0.2 port 39662
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 92 with timestamp +88
Ready to process requests.

Regards,
/Neo
Sent from my iPhone

On 25-Jan-2013, at 3:32 AM, [email protected] wrote:

> Hi,
> 
>>   Do you mean the below in the "users" file?
>> 
>>   cisco Auth-Type := LDAP
>> 
>>   Service-Type = Administrative-User,
>>   cisco-avpair = "shell:priv-lvl=15"
> 
> no.
> 
> cisco Auth-Type := LDAP
>    Service-Type = Administrative-User,
>    cisco-avpair = "shell:priv-lvl=15"
> 
> 
> (see all the examples in the users file)
> 
> alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to