Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- eap {
- pwd {
- #group = 19
- server_id = example@example.com
- # This has the same meaning as for TLS.
- fragment_size = 1020
- # The virtual server which determines the "known good" password for the user.
- # Note that unlike TLS, only the "authorize" section is processed.
- # EAP-PWD requests can be distinguished by having a User-Name, but no User-Password, CHAP-Password, EAP-Message, etc.
- #virtual_server = "inner-tunnel"
- }
- authorize {
- filter_username
- preprocess
- # Look in an SQL database.
- sql
- #permit_only_eap
- eap {
- ok = return
- }
- logintime
- }
- authenticate {
- # Allow EAP authentication.
- eap
- }
- authorize {
- eap {
- ok = return
- }
- # Look in an SQL database.
- sql
- expiration
- }
- authenticate {
- mschap
- # Allow EAP authentication.
- eap
- }
- (2) eap: Peer sent method PWD (52)
- (2) eap: EAP PWD (52)
- (2) eap: Calling eap_pwd to process EAP data
- (2) eap_pwd: Sending tunneled request
- (2) eap_pwd: server default {
- (2) # Executing section authorize from file /etc/freeradius/sites-enabled/default
- (2) authorize {
- (2) policy filter_username {
- (2) if (!&User-Name) {
- (2) if (!&User-Name) -> TRUE
- (2) if (!&User-Name) {
- (2) [noop] = noop
- (2) } # if (!&User-Name) = noop
- (2) if (&User-Name =~ / /) {
- (2) ERROR: Failed retrieving values required to evaluate condition
- (2) if (&User-Name =~ /@.*@/ ) {
- (2) ERROR: Failed retrieving values required to evaluate condition
- (2) if (&User-Name =~ /../ ) {
- (2) ERROR: Failed retrieving values required to evaluate condition
- (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) {
- (2) ERROR: Failed retrieving values required to evaluate condition
- (2) if (&User-Name =~ /.$/) {
- (2) ERROR: Failed retrieving values required to evaluate condition
- (2) if (&User-Name =~ /@./) {
- (2) ERROR: Failed retrieving values required to evaluate condition
- (2) } # policy filter_username = noop
- (2) [preprocess] = ok
- (2) sql: EXPAND %{User-Name}
- (2) sql: -->
- (2) sql: SQL-User-Name set to ''
- rlm_sql (sql): Reserved connection (4)
- (2) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
- (2) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '' ORDER BY id
- (2) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '' ORDER BY id
- (2) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
- (2) sql: --> SELECT groupname FROM radusergroup WHERE username = '' ORDER BY priority
- (2) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = '' ORDER BY priority
- (2) sql: User not found in any groups
- rlm_sql (sql): Released connection (4)
- (2) [sql] = notfound
- (2) eap: No EAP-Message, not doing EAP
- (2) [eap] = noop
- (2) [logintime] = noop
- (2) } # authorize = ok
- (2) eap_pwd: } # server default
- (2) eap_pwd: Got tunneled reply code 0
- failed to find password for lars to do pwd authentication
- (2) eap: ERROR: Failed continuing EAP PWD (52) session. EAP sub-module failed
- (2) eap: Failed in EAP select
- (2) [eap] = invalid
- (2) } # authenticate = invalid
- (2) Failed to authenticate the user
- (2) Login incorrect (eap: Failed continuing EAP PWD (52) session. EAP sub-module failed): [lars] (from client LARS-RANNOCH port 4 cli 48-59-29-F6-BA-89)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement