Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=2, length=252
- User-Name = "testaccount@testdomain.edu"
- Calling-Station-Id = "00-21-00-2d-f5-31"
- Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
- NAS-Port = 29
- Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
- NAS-IP-Address = 10.5.11.6
- NAS-Identifier = "SIMONS-WLC2"
- Airespace-Wlan-Id = 2
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- Tunnel-Type:0 = VLAN
- Tunnel-Medium-Type:0 = IEEE-802
- Tunnel-Private-Group-Id:0 = "60"
- EAP-Message = 0x020f001901747374754073696d6f6e732d726f636b2e656475
- Message-Authenticator = 0x2a7295ca400e871b79e1366c27d62fae
- # Executing section authorize from file /etc/raddb/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
- [suffix] Found realm "testdomain.edu"
- [suffix] Adding Stripped-User-Name = "testaccount"
- [suffix] Adding Realm = "testdomain.edu"
- [suffix] Authentication realm is LOCAL.
- ++[suffix] returns ok
- [eap] EAP packet type response id 15 length 25
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
- [files] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testaccount)
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (uid=testaccount)
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=faculty)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group faculty not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=staff)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group staff not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=student)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::ldap_groupcmp: User found in group student
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=driver)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group driver not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=faculty)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group faculty not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=staff)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group staff not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=student)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::ldap_groupcmp: User found in group student
- [ldap] ldap_release_conn: Release Id: 0
- [files] users: Matched entry DEFAULT at line 249
- ++[files] returns ok
- [ldap] performing user authorization for testaccount
- [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
- [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testaccount)
- [ldap] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (uid=testaccount)
- [ldap] checking if remote access for testaccount is allowed by uid
- [ldap] looking for check items in directory...
- [ldap] looking for reply items in directory...
- WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
- [ldap] user testaccount authorized to use remote access
- [ldap] ldap_release_conn: Release Id: 0
- ++[ldap] returns ok
- ++[expiration] returns noop
- ++[logintime] returns noop
- [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
- ++[pap] returns noop
- Found Auth-Type = EAP
- # Executing group from file /etc/raddb/sites-enabled/default
- +- entering group authenticate {...}
- [eap] EAP Identity
- [eap] processing type md5
- rlm_eap_md5: Issuing Challenge
- ++[eap] returns handled
- Sending Access-Challenge of id 2 to 10.5.11.6 port 32768
- Tunnel-Type:0 = VLAN
- Tunnel-Medium-Type:0 = IEEE-802
- Tunnel-Private-Group-Id:0 = "360"
- EAP-Message = 0x01100016041018d8ef54d69ea798aff0558773cbe2eb
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xa21774aba20770afd7fdef493d91b23e
- Finished request 1656.
- Going to the next request
- Waking up in 2.3 seconds.
- rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=3, length=251
- User-Name = "testaccount@testdomain.edu"
- Calling-Station-Id = "00-21-00-2d-f5-31"
- Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
- NAS-Port = 29
- Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
- NAS-IP-Address = 10.5.11.6
- NAS-Identifier = "SIMONS-WLC2"
- Airespace-Wlan-Id = 2
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- Tunnel-Type:0 = VLAN
- Tunnel-Medium-Type:0 = IEEE-802
- Tunnel-Private-Group-Id:0 = "60"
- EAP-Message = 0x021000060315
- State = 0xa21774aba20770afd7fdef493d91b23e
- Message-Authenticator = 0x87a7eedbb79d90c2796a7bc94ac2ba48
- # Executing section authorize from file /etc/raddb/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
- [suffix] Found realm "testdomain.edu"
- [suffix] Adding Stripped-User-Name = "testaccount"
- [suffix] Adding Realm = "testdomain.edu"
- [suffix] Authentication realm is LOCAL.
- ++[suffix] returns ok
- [eap] EAP packet type response id 16 length 6
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
- [files] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testaccount)
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (uid=testaccount)
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=faculty)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group faculty not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=staff)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group staff not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=student)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::ldap_groupcmp: User found in group student
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=driver)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group driver not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=faculty)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group faculty not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=staff)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group staff not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=student)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::ldap_groupcmp: User found in group student
- [ldap] ldap_release_conn: Release Id: 0
- [files] users: Matched entry DEFAULT at line 249
- ++[files] returns ok
- [ldap] performing user authorization for testaccount
- [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
- [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testaccount)
- [ldap] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (uid=testaccount)
- [ldap] checking if remote access for testaccount is allowed by uid
- [ldap] looking for check items in directory...
- [ldap] looking for reply items in directory...
- WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
- [ldap] user testaccount authorized to use remote access
- [ldap] ldap_release_conn: Release Id: 0
- ++[ldap] returns ok
- ++[expiration] returns noop
- ++[logintime] returns noop
- [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
- ++[pap] returns noop
- Found Auth-Type = EAP
- # Executing group from file /etc/raddb/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP NAK
- [eap] EAP-NAK asked for EAP-Type/ttls
- [eap] processing type tls
- [tls] Initiate
- [tls] Start returned 1
- ++[eap] returns handled
- Sending Access-Challenge of id 3 to 10.5.11.6 port 32768
- Tunnel-Type:0 = VLAN
- Tunnel-Medium-Type:0 = IEEE-802
- Tunnel-Private-Group-Id:0 = "360"
- EAP-Message = 0x011100061520
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xa21774aba30661afd7fdef493d91b23e
- Finished request 1657.
- Going to the next request
- Waking up in 2.3 seconds.
- rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=4, length=354
- User-Name = "testaccount@testdomain.edu"
- Calling-Station-Id = "00-21-00-2d-f5-31"
- Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
- NAS-Port = 29
- Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
- NAS-IP-Address = 10.5.11.6
- NAS-Identifier = "SIMONS-WLC2"
- Airespace-Wlan-Id = 2
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- Tunnel-Type:0 = VLAN
- Tunnel-Medium-Type:0 = IEEE-802
- Tunnel-Private-Group-Id:0 = "60"
- EAP-Message = 0x0211006d158000000063160301005e0100005a03014f5504d0cb1064cb5d75ae6e8ed973e4c0da2393549b5f7aa918e46810aca441000018002f00350005000ac013c014c009c00a003200380013000401000019ff01000100000a0006000400170018000b0002010000230000
- State = 0xa21774aba30661afd7fdef493d91b23e
- Message-Authenticator = 0xb246c2e794291d4e71df77e3dfe9639e
- # Executing section authorize from file /etc/raddb/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
- [suffix] Found realm "testdomain.edu"
- [suffix] Adding Stripped-User-Name = "testaccount"
- [suffix] Adding Realm = "testdomain.edu"
- [suffix] Authentication realm is LOCAL.
- ++[suffix] returns ok
- [eap] EAP packet type response id 17 length 109
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/raddb/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/ttls
- [eap] processing type ttls
- [ttls] Authenticate
- [ttls] processing EAP-TLS
- TLS Length 99
- [ttls] Length Included
- [ttls] eaptls_verify returned 11
- [ttls] (other): before/accept initialization
- [ttls] TLS_accept: before/accept initialization
- [ttls] <<< TLS 1.0 Handshake [length 005e], ClientHello
- [ttls] TLS_accept: SSLv3 read client hello A
- [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello
- [ttls] TLS_accept: SSLv3 write server hello A
- [ttls] >>> TLS 1.0 Handshake [length 08cf], Certificate
- [ttls] TLS_accept: SSLv3 write certificate A
- [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
- [ttls] TLS_accept: SSLv3 write server done A
- [ttls] TLS_accept: SSLv3 flush data
- [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A
- In SSL Handshake Phase
- In SSL Accept mode
- [ttls] eaptls_process returned 13
- ++[eap] returns handled
- Sending Access-Challenge of id 4 to 10.5.11.6 port 32768
- EAP-Message = 0x0112040015c00000091316030100310200002d03014f5504d1319589c6f0c8780218bd875a3aa26822699b0550b34cd15db30ce51e00002f000005ff0100010016030108cf0b0008cb0008c80004e9308204e5308203cda003020102020304162b300d06092a864886f70d0101050500303c310b300906035504061302555331173015060355040a130e47656f54727573742c20496e632e311430120603550403130b526170696453534c204341301e170d3131313132313137313432385a170d3137303232313135333933325a3081e93129302706035504051320795a4b446844676b3642724169572f66487a4b514974343933314f756970755231
- EAP-Message = 0x0b3009060355040613025553311a3018060355040a0c112a2e73696d6f6e732d726f636b2e65647531133011060355040b130a475433373637383036313131302f060355040b1328536565207777772e726170696473736c2e636f6d2f7265736f75726365732f637073202863293131312f302d060355040b1326446f6d61696e20436f6e74726f6c2056616c696461746564202d20526170696453534c285229311a301806035504030c112a2e73696d6f6e732d726f636b2e65647530820122300d06092a864886f70d01010105000382010f003082010a0282010100fb332c06cf365090cf397c2c3b78092c684958734db77857efbc824731082f
- EAP-Message = 0x80a37dc1998acd45824fd80fb6678925a136e7313070d0952d8ace024737177104bfa8b83908be1e6e6d1a8dab3da6e8651d164e1d5599e5da11c0e6d7b59962a93222a4da4c2076f832455d036de2eb08e1defb96f52945a5f1a572d18cf9e780bddd4115fab6256be30bc0d0b2fc2d90c3cd3398174f1e0e6780607b654ec39fb8c1807e263dbe5a0280947f5dac22251f4bd514ec4bb1cce86534509a337c1ce46a8cd791172641a22edecf7cd8b2356e9c71c4d4c5540999fec09f7608e4cf64e5aabe75cd899f47f7dc7dff2133e80df9e5ded8fb4c85b066fc044b880d890203010001a38201403082013c301f0603551d230418301680146b69
- EAP-Message = 0x3d6a18424add8f026539fd35248678911630300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302302d0603551d110426302482112a2e73696d6f6e732d726f636b2e656475820f73696d6f6e732d726f636b2e65647530430603551d1f043c303a3038a036a0348632687474703a2f2f726170696473736c2d63726c2e67656f74727573742e636f6d2f63726c732f726170696473736c2e63726c301d0603551d0e04160414949b26e17f9eadddc9fe1570ee0b765076a3d161300c0603551d130101ff04023000304906082b06010505070101043d303b303906082b060105050730
- EAP-Message = 0x02862d687474703a2f2f7261
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xa21774aba00561afd7fdef493d91b23e
- Finished request 1658.
- Going to the next request
- Waking up in 2.3 seconds.
- rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=5, length=251
- User-Name = "testaccount@testdomain.edu"
- Calling-Station-Id = "00-21-00-2d-f5-31"
- Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
- NAS-Port = 29
- Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
- NAS-IP-Address = 10.5.11.6
- NAS-Identifier = "SIMONS-WLC2"
- Airespace-Wlan-Id = 2
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- Tunnel-Type:0 = VLAN
- Tunnel-Medium-Type:0 = IEEE-802
- Tunnel-Private-Group-Id:0 = "60"
- EAP-Message = 0x021200061500
- State = 0xa21774aba00561afd7fdef493d91b23e
- Message-Authenticator = 0xb7a75f24d4d353d4202ceebb30d2aa58
- # Executing section authorize from file /etc/raddb/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
- [suffix] Found realm "testdomain.edu"
- [suffix] Adding Stripped-User-Name = "testaccount"
- [suffix] Adding Realm = "testdomain.edu"
- [suffix] Authentication realm is LOCAL.
- ++[suffix] returns ok
- [eap] EAP packet type response id 18 length 6
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/raddb/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/ttls
- [eap] processing type ttls
- [ttls] Authenticate
- [ttls] processing EAP-TLS
- [ttls] Received TLS ACK
- [ttls] ACK handshake fragment handler
- [ttls] eaptls_verify returned 1
- [ttls] eaptls_process returned 13
- ++[eap] returns handled
- Sending Access-Challenge of id 5 to 10.5.11.6 port 32768
- EAP-Message = 0x0113040015c00000091370696473736c2d6169612e67656f74727573742e636f6d2f726170696473736c2e637274300d06092a864886f70d010105050003820101001845cc1c562218f11207bbc32e985402bb763dbdf48b06ce198bbd1693cd3d4b02d564e1c426aceee7ef2580c47ba85620782a48aec6e4562dac194298a2621d273d2586872b03762b41bbb33ca378add486ab5eaf40ed22a65c6737db0b7f9e3688c3f590a2cdb855327b54fefaff6b0285b6bf6a1e1184fce12060702d2856cb843b5531487cb4e9a6b539827654759a4c06cfdb37fdf4572e748a06de3765398c9e1b22cfd1d1bb00df762194bc7b8a58be7c2683fd30ada9e7
- EAP-Message = 0x28b9d9a83feb3b635ef4ccb1bab93dd71bed1a8d9cf7fc8480c07a5969158c2aeff7e11496d31f010562a1675ef515dc6f7f7c3d5c63875702857393b804a0af15d1249fcc0003d9308203d5308202bda00302010202030236d1300d06092a864886f70d01010505003042310b300906035504061302555331163014060355040a130d47656f547275737420496e632e311b30190603550403131247656f547275737420476c6f62616c204341301e170d3130303231393232343530355a170d3230303231383232343530355a303c310b300906035504061302555331173015060355040a130e47656f54727573742c20496e632e3114301206035504
- EAP-Message = 0x03130b526170696453534c20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c771f856c71ed9ccb5adf6b497a3fba1e60b505f50aa3ada0ffc3d292443c61029c1fc554072eebdeadf9fb641f4484bc86efe4f57128b5bfa92dd5ee8adf3f01bb17b4dfbcffdd1e5f8e3dce7f5737fdf0149cf8c56c1bd37e35bbeb54f8b8bf0da4fc7e3dd554769dff25b7b074f3de5ac21c1c81d7ae8e7f60fa1aaf56fdea8654f10899c03f3897aa55e017233eda9e95a1e79f387c8dfc8c5fc37c89a9ad7b876ccb03ee7fde654eadf5f5241785957adf112d67fbcd59f70d3056cfaa37d6758dd26621d31920c79791c8e
- EAP-Message = 0xcfca7bc166afa87448fb8e82c29e2c995c7b2d5d9bbc5b579e7c3a7a13adf2a3185b2b590fcd5c3aeb6833c6281d82d1508b0203010001a381d93081d6300e0603551d0f0101ff040403020106301d0603551d0e041604146b693d6a18424add8f026539fd35248678911630301f0603551d23041830168014c07a98688d89fbab05640c117daa7d65b8cacc4e30120603551d130101ff040830060101ff020100303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e67656f74727573742e636f6d2f63726c732f6774676c6f62616c2e63726c303406082b0601050507010104283026302406082b0601050507300186186874
- EAP-Message = 0x74703a2f2f6f6373702e6765
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xa21774aba10461afd7fdef493d91b23e
- Finished request 1659.
- Going to the next request
- Waking up in 2.3 seconds.
- rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=6, length=251
- User-Name = "testaccount@testdomain.edu"
- Calling-Station-Id = "00-21-00-2d-f5-31"
- Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
- NAS-Port = 29
- Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
- NAS-IP-Address = 10.5.11.6
- NAS-Identifier = "SIMONS-WLC2"
- Airespace-Wlan-Id = 2
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- Tunnel-Type:0 = VLAN
- Tunnel-Medium-Type:0 = IEEE-802
- Tunnel-Private-Group-Id:0 = "60"
- EAP-Message = 0x021300061500
- State = 0xa21774aba10461afd7fdef493d91b23e
- Message-Authenticator = 0x6ce48f27fee5fcf6015478bd727600fd
- # Executing section authorize from file /etc/raddb/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
- [suffix] Found realm "testdomain.edu"
- [suffix] Adding Stripped-User-Name = "testaccount"
- [suffix] Adding Realm = "testdomain.edu"
- [suffix] Authentication realm is LOCAL.
- ++[suffix] returns ok
- [eap] EAP packet type response id 19 length 6
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/raddb/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/ttls
- [eap] processing type ttls
- [ttls] Authenticate
- [ttls] processing EAP-TLS
- [ttls] Received TLS ACK
- [ttls] ACK handshake fragment handler
- [ttls] eaptls_verify returned 1
- [ttls] eaptls_process returned 13
- ++[eap] returns handled
- Sending Access-Challenge of id 6 to 10.5.11.6 port 32768
- EAP-Message = 0x011401311580000009136f74727573742e636f6d300d06092a864886f70d01010505000382010100abbcbc0a5d1894e3c1b1c3a84c55d6beb498f1ee3c1ccdcff324245c96032758fc36aea22f8ff1feda2b02c333bdc8dd48222b600fa50310fd77f8d0ed96674ffdea47207054dca90c557ee196258ad9b5da574abe8d8e494363a56c4e278725eb5b6dfea27f3828e036abad39a5a562c4b75c582caa5d0160a66267a3c0c76223f4e76c46eeb5d3806a2213d22d3f744feaaf8c5fb4389cdbaeceaf841ea6f634515979d3e375dcbcd7f373df92ecd220596f9cfb95f89276180a7c0f2ca6cade8a627bd8f3ce5f68bd8f3ec174bb15723a1683a9
- EAP-Message = 0x0be64d999cd857eca80151c76f57345eab4a2c42f64f1c8978de264ef56f934c156b27564d00546c7ab7b716030100040e000000
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xa21774aba60361afd7fdef493d91b23e
- Finished request 1660.
- Going to the next request
- Waking up in 2.3 seconds.
- rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=7, length=583
- User-Name = "testaccount@testdomain.edu"
- Calling-Station-Id = "00-21-00-2d-f5-31"
- Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
- NAS-Port = 29
- Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
- NAS-IP-Address = 10.5.11.6
- NAS-Identifier = "SIMONS-WLC2"
- Airespace-Wlan-Id = 2
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- Tunnel-Type:0 = VLAN
- Tunnel-Medium-Type:0 = IEEE-802
- Tunnel-Private-Group-Id:0 = "60"
- EAP-Message = 0x021401501580000001461603010106100001020100681eb02185015eb7fa9772641ed4a7dc37daebd99639f569cca27c518a56ec374c99a724fa49d955148eec015bbe06572bbf644c48b9fbeefa64f1a841bfe58e8ea46f3bba2148e43fd02606a3bf8877fb1e363ce7c48bbad0f7278633f7187c4d6192f817b1e73e775b26c03605604625d5fddecdab0a84fe68a462db5bb731051d84150b092aef23056172b32bc43c63cb56344f6dd152514671a223f0875e847eb680b6809a57b836ee9cd9c610b61bc3ba53e835c786b18a1d864bb2c23005e6966f7e512dce7fecbbf7173550bb023fc3a927927099be6ce56e89096afdace61b20bd494d97
- EAP-Message = 0x442b09756ede214f6fd202c0f6d5e441336dcb284bcff483140301000101160301003017576173032be633996ed4d8e68b0afed2d31a38cabe45af393565c33206265d4214782e56250908dbcdfa014d788b4b
- State = 0xa21774aba60361afd7fdef493d91b23e
- Message-Authenticator = 0x1f5807a96c33dcc130b0a9c8c5e7c99a
- # Executing section authorize from file /etc/raddb/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
- [suffix] Found realm "testdomain.edu"
- [suffix] Adding Stripped-User-Name = "testaccount"
- [suffix] Adding Realm = "testdomain.edu"
- [suffix] Authentication realm is LOCAL.
- ++[suffix] returns ok
- [eap] EAP packet type response id 20 length 253
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/raddb/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/ttls
- [eap] processing type ttls
- [ttls] Authenticate
- [ttls] processing EAP-TLS
- TLS Length 326
- [ttls] Length Included
- [ttls] eaptls_verify returned 11
- [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
- [ttls] TLS_accept: SSLv3 read client key exchange A
- [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
- [ttls] <<< TLS 1.0 Handshake [length 0010], Finished
- [ttls] TLS_accept: SSLv3 read finished A
- [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
- [ttls] TLS_accept: SSLv3 write change cipher spec A
- [ttls] >>> TLS 1.0 Handshake [length 0010], Finished
- [ttls] TLS_accept: SSLv3 write finished A
- [ttls] TLS_accept: SSLv3 flush data
- [ttls] (other): SSL negotiation finished successfully
- SSL Connection Established
- [ttls] eaptls_process returned 13
- ++[eap] returns handled
- Sending Access-Challenge of id 7 to 10.5.11.6 port 32768
- EAP-Message = 0x0115004515800000003b14030100010116030100308334d3efee1ec82976cac9e129f3c660e9106e7d8ee4176ad39f45b84013fe5fe05a755377372139e9e9f53626a3f54e
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xa21774aba70261afd7fdef493d91b23e
- Finished request 1661.
- Going to the next request
- Waking up in 2.3 seconds.
- rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=8, length=340
- User-Name = "testaccount@testdomain.edu"
- Calling-Station-Id = "00-21-00-2d-f5-31"
- Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
- NAS-Port = 29
- Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
- NAS-IP-Address = 10.5.11.6
- NAS-Identifier = "SIMONS-WLC2"
- Airespace-Wlan-Id = 2
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- Tunnel-Type:0 = VLAN
- Tunnel-Medium-Type:0 = IEEE-802
- Tunnel-Private-Group-Id:0 = "60"
- EAP-Message = 0x0215005f1580000000551703010050a5f6c3fcb1a787b60f256c51246b6ce6d9da0b7c28d797dc6f9fd628b0e03ed0fa434143718e27032a38b58de72612873e3d88ea896531136cbad40d2acca8a08cd97801279fec9baa4f7a84cbf921d1
- State = 0xa21774aba70261afd7fdef493d91b23e
- Message-Authenticator = 0x5f0fa2285ac032657b9d6f2f6fd040f9
- # Executing section authorize from file /etc/raddb/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
- [suffix] Found realm "testdomain.edu"
- [suffix] Adding Stripped-User-Name = "testaccount"
- [suffix] Adding Realm = "testdomain.edu"
- [suffix] Authentication realm is LOCAL.
- ++[suffix] returns ok
- [eap] EAP packet type response id 21 length 95
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/raddb/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/ttls
- [eap] processing type ttls
- [ttls] Authenticate
- [ttls] processing EAP-TLS
- TLS Length 85
- [ttls] Length Included
- [ttls] eaptls_verify returned 11
- [ttls] eaptls_process returned 7
- [ttls] Session established. Proceeding to decode tunneled attributes.
- [ttls] Got tunneled request
- User-Name = "testaccount@testdomain.edu"
- User-Password = "testpassword"
- FreeRADIUS-Proxied-To = 127.0.0.1
- [ttls] Sending tunneled request
- User-Name = "testaccount@testdomain.edu"
- User-Password = "testpassword"
- FreeRADIUS-Proxied-To = 127.0.0.1
- Calling-Station-Id = "00-21-00-2d-f5-31"
- Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
- NAS-Port = 29
- Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
- NAS-IP-Address = 10.5.11.6
- NAS-Identifier = "SIMONS-WLC2"
- Airespace-Wlan-Id = 2
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- Tunnel-Type:0 = VLAN
- Tunnel-Medium-Type:0 = IEEE-802
- Tunnel-Private-Group-Id:0 = "60"
- server inner-tunnel {
- # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
- +- entering group authorize {...}
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
- [suffix] Found realm "testdomain.edu"
- [suffix] Adding Stripped-User-Name = "testaccount"
- [suffix] Adding Realm = "testdomain.edu"
- [suffix] Authentication realm is LOCAL.
- ++[suffix] returns ok
- ++[control] returns ok
- [eap] No EAP-Message, not doing EAP
- ++[eap] returns noop
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
- [files] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testaccount)
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (uid=testaccount)
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=faculty)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group faculty not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=staff)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group staff not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=student)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::ldap_groupcmp: User found in group student
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=driver)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group driver not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=faculty)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group faculty not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=staff)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::groupcmp: Group staff not found or user not a member
- [ldap] ldap_release_conn: Release Id: 0
- [files] expand: %{Client-IP-Address} -> 10.5.11.6
- [ldap] Entering ldap_groupcmp()
- [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=student)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
- [ldap] object not found
- [ldap] ldap_release_conn: Release Id: 0
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
- rlm_ldap::ldap_groupcmp: User found in group student
- [ldap] ldap_release_conn: Release Id: 0
- [files] users: Matched entry DEFAULT at line 249
- ++[files] returns ok
- [ldap] performing user authorization for testaccount
- [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
- [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testaccount)
- [ldap] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in dc=testdomain,dc=edu, with filter (uid=testaccount)
- [ldap] checking if remote access for testaccount is allowed by uid
- [ldap] looking for check items in directory...
- [ldap] looking for reply items in directory...
- WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
- [ldap] Setting Auth-Type = LDAP
- [ldap] user testaccount authorized to use remote access
- [ldap] ldap_release_conn: Release Id: 0
- ++[ldap] returns ok
- ++[expiration] returns noop
- ++[logintime] returns noop
- ++[pap] returns noop
- Found Auth-Type = LDAP
- # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
- +- entering group LDAP {...}
- [ldap] login attempt by "testaccount" with password "testpassword"
- [ldap] user DN: uid=testaccount,ou=people,dc=testdomain,dc=edu
- [ldap] (re)connect to ldapserver.testdomain.edu:389, authentication 1
- [ldap] bind as uid=testaccount,ou=people,dc=testdomain,dc=edu/testpassword to ldapserver.testdomain.edu:389
- [ldap] waiting for bind result ...
- [ldap] Bind was successful
- [ldap] user testaccount authenticated succesfully
- ++[ldap] returns ok
- Login OK: [testaccount@testdomain.edu] (from client SIMONS-WLC2 port 29 cli 00-21-00-2d-f5-31 via TLS tunnel)
- WARNING: Empty post-auth section. Using default return values.
- # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel
- } # server inner-tunnel
- [ttls] Got tunneled reply code 2
- Tunnel-Type:0 = VLAN
- Tunnel-Medium-Type:0 = IEEE-802
- Tunnel-Private-Group-Id:0 = "360"
- [ttls] Got tunneled Access-Accept
- [eap] Freeing handler
- ++[eap] returns ok
- Login OK: [testaccount@testdomain.edu] (from client SIMONS-WLC2 port 29 cli 00-21-00-2d-f5-31)
- # Executing section post-auth from file /etc/raddb/sites-enabled/default
- +- entering group post-auth {...}
- ++[exec] returns noop
- Sending Access-Accept of id 8 to 10.5.11.6 port 32768
- Tunnel-Type:0 = VLAN
- Tunnel-Medium-Type:0 = IEEE-802
- Tunnel-Private-Group-Id:0 = "360"
- MS-MPPE-Recv-Key = 0x1d45dc670bf171d27f6a3803389b7cd729ce603503c4855e429efd710e85c14d
- MS-MPPE-Send-Key = 0xa85eb171c8ebae769e489d7f0b56efd5b5046a6ef88ed456b47f7e5ee1437d31
- EAP-Message = 0x03150004
- Message-Authenticator = 0x00000000000000000000000000000000
- User-Name = "testaccount"
- Finished request 1662.
- Going to the next request
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement