Hi,
First of all sorry for my english because I'm French.
I would like to do work my freeradius for auto VLAN. I have freeradius, a switch HP procurve 2650 and LDAP directory.
In fact I use EAP-TTLS-PAP to authenticate user en Freeradius ask LDAP to check if the creditentials are corrects.
The authentication work properly but the auto VLAN assigment don't Work.
Here, users files:
DEFAULT Ldap-Group == "disabled", Auth-Type := Reject
Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN,
Tunnel-Private-Group-Id = "2"
DEFAULT Ldap-Group == "enabled", Auth-Type := LDAP
Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN,
Tunnel-Private-Group-Id = "3"
Here, the switch configuration (show running-config). I test the auto VLAN on port 47
Running configuration:
; J4899B Configuration Editor; Created on release #H.10.50
hostname "ProCurve Switch 2650"
interface 47
no lacp
exit
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-50
ip address 10.1.1.1 255.255.0.0
exit
vlan 2
name "hell"
ip address 10.2.1.1 255.255.0.0
exit
vlan 3
name "paradise"
ip address 10.3.1.1 255.255.0.0
exit
aaa authentication port-access eap-radius
radius-server key testing123
radius-server host 10.1.1.13
aaa port-access authenticator 47
aaa port-access authenticator 47 unauth-vid 2
aaa port-access authenticator active
aaa port-access 47
password manager
And here, the radius log:
Ready to process requests.
rad_recv: Access-Request packet from host 10.1.1.1 port 1024, id=71, length=218
Framed-MTU = 1480
NAS-IP-Address = 10.1.1.1
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "anonymous"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 47
NAS-Port-Type = Ethernet
NAS-Port-Id = "47"
Called-Station-Id = "00-1c-2e-71-df-00"
Calling-Station-Id = "00-15-b7-d5-70-e9"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "2"
EAP-Message = 0x0201000e01616e6f6e796d6f7573
Message-Authenticator = 0xc1372f49cdc099ae6c441951af51b4fd
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: Entering ldap_groupcmp()
expand: o=radius -> o=radius
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=anonymous)(rADIUSActiveConnections=1))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 10.1.1.13:389, authentication 0
rlm_ldap: starting TLS
rlm_ldap: bind as cn=admin,o=radius/admin to 10.1.1.13:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in o=radius, with filter (&(uid=anonymous)(rADIUSActiveConnections=1))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
expand: o=radius -> o=radius
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=anonymous)(rADIUSActiveConnections=1))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=radius, with filter (&(uid=anonymous)(rADIUSActiveConnections=1))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[files] returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anonymous
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=anonymous)(rADIUSActiveConnections=1))
expand: o=radius -> o=radius
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=radius, with filter (&(uid=anonymous)(rADIUSActiveConnections=1))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns notfound
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 71 to 10.1.1.1 port 1024
EAP-Message = 0x010200061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x459fffbc459dea57ef3ee1d36baff220
Finished request 0.
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.1 port 1024, id=72, length=282
Framed-MTU = 1480
NAS-IP-Address = 10.1.1.1
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "anonymous"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 47
NAS-Port-Type = Ethernet
NAS-Port-Id = "47"
Called-Station-Id = "00-1c-2e-71-df-00"
Calling-Station-Id = "00-15-b7-d5-70-e9"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "2"
State = 0x459fffbc459dea57ef3ee1d36baff220
EAP-Message = 0x0202003c158000000032160301002d0100002903010e389564e36284344f0e3dbff6b041f73b5a0c03ff095ced901abac9d1d91f7f000002000a0100
Message-Authenticator = 0x598999f53f1a317370ec578741af498b
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 60
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
TLS Length 50
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 070a], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 72 to 10.1.1.1 port 1024
EAP-Message = 0x0103040015c000000767160301004a020000460301482d6647475cd8166c34f42b0606a3c4c6fbeb8ba2114fdc41cf2139d2300b8320761e249cd2f4c9fb6052564b279748d3bcf7a28d06a1125bc7bbc1bf4995ab6e000a00160301070a0b0007060007030002dd308202d930820242020103300d06092a864886f70d01010505003081bb310b3009060355040613024652310f300d060355040813064672616e63653119301706035504071310436c65726d6f6e742d46657272616e64311a3018060355040a1411436f6e7365696c2047c3a96ec3a972616c311d301b060355040b1414436f6e7365696c2047c3a96ec3a972616c204341311d301b
EAP-Message = 0x06035504031414436f6e7365696c2047c3a96ec3a972616c2043413126302406092a864886f70d0109011617726f6d61696e2e736572726540686f746d61696c2e6672301e170d3038303430313039303234355a170d3038303530313039303234355a3081ad310b3009060355040613024652310f300d060355040813064672616e63653119301706035504071310436c65726d6f6e742d46657272616e64311a3018060355040a1411436f6e7365696c2047c3a96ec3a972616c311d301b060355040b1414436f6e7365696c2047c3a96ec3a972616c204341310f300d060355040313067261646975733126302406092a864886f70d010901161772
EAP-Message = 0x6f6d61696e2e736572726540686f746d61696c2e667230819f300d06092a864886f70d010101050003818d0030818902818100d3c9ff0f06e63fbb664a496ea2481cd4c763c1cadc120717189342c836cef3bb950c0196564525293236eb4efa96a42372b56ba0ac48141c2619590b427c548c7afa48d1d848cb64861196fb6b513ff05e6a36c9b34e4a172ad4ceabc0e5bac2213289e6144b09cfe188705be57fd5acb3cfebaabf252da4d8ad17ca4a29c31d0203010001300d06092a864886f70d010105050003818100a241b2fa13630f72456e0c205569a11e3f652bd035b61ada09ac1a9daa94ab3e41a94f8d696a3b5511005a793f424166ad2d
EAP-Message = 0xda00cdaa6e3fe76e9808c018f54768f7e06518381f95aa89a1c676443a82be7766eb918d372113c4ff081ea399540865badd2028e2b0bd976f57178135d7d98d427bf72fc39b707e65ce386d802b0004203082041c30820385a003020102020900889e72399fd01d37300d06092a864886f70d01010505003081bb310b3009060355040613024652310f300d060355040813064672616e63653119301706035504071310436c65726d6f6e742d46657272616e64311a3018060355040a1411436f6e7365696c2047c3a96ec3a972616c311d301b060355040b1414436f6e7365696c2047c3a96ec3a972616c204341311d301b06035504031414436f6e
EAP-Message = 0x7365696c2047c3a96ec3a972
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x459fffbc449cea57ef3ee1d36baff220
Finished request 1.
Going to the next request
Waking up in 0.7 seconds.
rad_recv: Access-Request packet from host 10.1.1.1 port 1024, id=73, length=228
Framed-MTU = 1480
NAS-IP-Address = 10.1.1.1
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "anonymous"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 47
NAS-Port-Type = Ethernet
NAS-Port-Id = "47"
Called-Station-Id = "00-1c-2e-71-df-00"
Calling-Station-Id = "00-15-b7-d5-70-e9"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "2"
State = 0x459fffbc449cea57ef3ee1d36baff220
EAP-Message = 0x020300061500
Message-Authenticator = 0x2bb18705e716f10224bf2afc02432611
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 73 to 10.1.1.1 port 1024
EAP-Message = 0x0104037b158000000767616c2043413126302406092a864886f70d0109011617726f6d61696e2e736572726540686f746d61696c2e6672301e170d3038303430313038353930355a170d3038303530313038353930355a3081bb310b3009060355040613024652310f300d060355040813064672616e63653119301706035504071310436c65726d6f6e742d46657272616e64311a3018060355040a1411436f6e7365696c2047c3a96ec3a972616c311d301b060355040b1414436f6e7365696c2047c3a96ec3a972616c204341311d301b06035504031414436f6e7365696c2047c3a96ec3a972616c2043413126302406092a864886f70d01090116
EAP-Message = 0x17726f6d61696e2e736572726540686f746d61696c2e667230819f300d06092a864886f70d010101050003818d0030818902818100cd03239a9e832f29417830c13b63c50c42695a2617b39ff2668e694f8988a847ec286f077ae1cc995efb3620844c3366b0a3e3367dce018e856d90e3a17ef13f54a5f105cea0751a6cc3a434987cebfd7802819a809b734e36842678a5ab7535b90ecbec14ca4cb58851ffce6d73e33dcf8193ec2f438ff4be7f68a4739ecb5b0203010001a382012430820120301d0603551d0e04160414c19438472de2930f7fc09fe4ebb2853f02e360773081f00603551d230481e83081e58014c19438472de2930f7fc09fe4
EAP-Message = 0xebb2853f02e36077a181c1a481be3081bb310b3009060355040613024652310f300d060355040813064672616e63653119301706035504071310436c65726d6f6e742d46657272616e64311a3018060355040a1411436f6e7365696c2047c3a96ec3a972616c311d301b060355040b1414436f6e7365696c2047c3a96ec3a972616c204341311d301b06035504031414436f6e7365696c2047c3a96ec3a972616c2043413126302406092a864886f70d0109011617726f6d61696e2e736572726540686f746d61696c2e6672820900889e72399fd01d37300c0603551d13040530030101ff300d06092a864886f70d0101050500038181007e28596197
EAP-Message = 0x2619569a05b2d29ff40a5d261d5b36d848b0ede2fdfea3299a7905f19611f1fc04ae1dccdcae1645367886bb37d4a8755d48b6cdb561566ee4eec728443b0b07b4c3b5e0aac847cda2cc797f87555d2619c41b6fda04ff0431a3f7f65483f385fe4dee92c28341cb2d2f9fa54183fd05f7f4f6ab69e088b642fbd716030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x459fffbc479bea57ef3ee1d36baff220
Finished request 2.
Going to the next request
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 10.1.1.1 port 1024, id=74, length=422
Framed-MTU = 1480
NAS-IP-Address = 10.1.1.1
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "anonymous"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 47
NAS-Port-Type = Ethernet
NAS-Port-Id = "47"
Called-Station-Id = "00-1c-2e-71-df-00"
Calling-Station-Id = "00-15-b7-d5-70-e9"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "2"
State = 0x459fffbc479bea57ef3ee1d36baff220
EAP-Message = 0x020400c81580000000be16030100861000008200802f553566c96627c56a91b7d5f4735a27be05d23dc730115303fe40f306fc39d95a464cb509d418285fd295adc1976e470fdcc176dbee8a7679a8be101e12cd08d1a513551b8c1eec593a4445383eee15566a416ce822b2ca0c540b52f1dcb48072adf86cdc4a45f8ba2312eb698790c79ecf977db4ccf31637d8f192dcbc67e014030100010116030100285afe06cbf077852d5551f8adeeba137f8a0addcf5824677d23a0a2cb7adc9cdbdb902bfddfed61dc
Message-Authenticator = 0x95c319c6d60ba08e4d365fa5adafd215
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 200
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
TLS Length 190
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 74 to 10.1.1.1 port 1024
EAP-Message = 0x0105003d15800000003314030100010116030100287660db6c456dc5ff06de3b56abdd29e5c1ac27a3e3451405ccb87f46f135fe98f30478f61a19cd98
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x459fffbc469aea57ef3ee1d36baff220
Finished request 3.
Going to the next request
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 10.1.1.1 port 1024, id=75, length=293
Framed-MTU = 1480
NAS-IP-Address = 10.1.1.1
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "anonymous"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 47
NAS-Port-Type = Ethernet
NAS-Port-Id = "47"
Called-Station-Id = "00-1c-2e-71-df-00"
Calling-Station-Id = "00-15-b7-d5-70-e9"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "2"
State = 0x459fffbc469aea57ef3ee1d36baff220
EAP-Message = 0x0205004715800000003d1703010038628fbe3f2c20cb9d62907cb875b79406e3e77c35c1b77536203b291707bd857de5c3b75446256e926403819f4dc0a9fcdc08bbb90d867a44
Message-Authenticator = 0xe490089131b27d2eccdab7c194f602a4
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 5 length 71
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
TLS Length 61
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes.
TTLS: Got tunneled request
User-Name = "fufu"
User-Password = "admin"
FreeRADIUS-Proxied-To = 127.0.0.1
TTLS: Sending tunneled request
User-Name = "fufu"
User-Password = "admin"
FreeRADIUS-Proxied-To = 127.0.0.1
server (null) {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "fufu", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
rlm_ldap: Entering ldap_groupcmp()
expand: o=radius -> o=radius
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=fufu)(rADIUSActiveConnections=1))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=radius, with filter (&(uid=fufu)(rADIUSActiveConnections=1))
rlm_ldap: ldap_release_conn: Release Id: 0
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=fufu)(rADIUSActiveConnections=1))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=radius, with filter (&(businessCategory=disabled)(&(uid=fufu)(rADIUSActiveConnections=1)))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=fufu,o=radius, with filter (objectclass=*)
rlm_ldap::groupcmp: Group disabled not found or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
expand: o=radius -> o=radius
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=fufu)(rADIUSActiveConnections=1))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=radius, with filter (&(businessCategory=enabled)(&(uid=fufu)(rADIUSActiveConnections=1)))
rlm_ldap::ldap_groupcmp: User found in group enabled
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 9
++[files] returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for fufu
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=fufu)(rADIUSActiveConnections=1))
expand: o=radius -> o=radius
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=radius, with filter (&(uid=fufu)(rADIUSActiveConnections=1))
rlm_ldap: No default NMAS login sequence
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
rlm_ldap: user fufu authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
+- entering group LDAP
rlm_ldap: - authenticate
rlm_ldap: login attempt by "fufu" with password "admin"
rlm_ldap: user DN: cn=fufu,o=radius
rlm_ldap: (re)connect to 10.1.1.13:389, authentication 1
rlm_ldap: starting TLS
rlm_ldap: bind as cn=fufu,o=radius/admin to 10.1.1.13:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user fufu authenticated succesfully
++[ldap] returns ok
Login OK: [fufu/admin] (from client hp port 0)
+- entering group post-auth
++[ldap] returns noop
} # server (null)
TTLS: Got tunneled reply RADIUS code 2
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Tunnel-Private-Group-Id:0 = "3"
TTLS: Got tunneled Access-Accept
rlm_eap: Freeing handler
++[eap] returns ok
Login OK: [anonymous/<via Auth-Type = EAP>] (from client hp port 47 cli 00-15-b7-d5-70-e9)
+- entering group post-auth
++[ldap] returns noop
Sending Access-Accept of id 75 to 10.1.1.1 port 1024
MS-MPPE-Recv-Key = 0x57ac0d7ae41abc5c2ea0e456d9442c87cb06ae7f497850ebbb0e8102c0aa94cd
MS-MPPE-Send-Key = 0x7b50da9c1b7e4b36b6bc8651f887b514231e1640c10b0fc6cfe15053ecb11b9b
EAP-Message = 0x03050004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "anonymous"
Finished request 4.
Going to the next request
Waking up in 0.5 seconds.
Waking up in 0.2 seconds.
Waking up in 3.6 seconds.
Cleaning up request 0 ID 71 with timestamp +15
Waking up in 0.2 seconds.
Cleaning up request 1 ID 72 with timestamp +15
Cleaning up request 2 ID 73 with timestamp +15
Cleaning up request 3 ID 74 with timestamp +16
Waking up in 0.1 seconds.
Cleaning up request 4 ID 75 with timestamp +16
Ready to process requests.
Thanks you for your help.
