Aller au contenu

Freeradius et auto VLAN


Messages recommandés

Salut à tous:

J'essai de mettre en place un système d'auto assignation des port d'un switch dans le bon VLAN en fonction de l'authentification sur le serveur RADIUS. Pour ce faire j'ai un serveur avec freeradius, un annuaire LDAP et un switch HP procurve 2650

J'authentifie les utilisateurs en utilisant EAP-TTLS-PAP et le serveur Radius interroge l'annuaire LDAP pour voir si l'utilisateur existe et si le mot de passe correspond.

Donc l'authentification fonctionne correctement cependant, le port ne s'affecte pas correctement au VLAN renvoyé par Radius.

Voici le fichier users:

DEFAULT Ldap-Group == "disabled", Auth-Type := Reject


  Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN,
  	Tunnel-Private-Group-Id = "2"


DEFAULT Ldap-Group == "enabled", Auth-Type := LDAP

  Tunnel-Medium-Type = IEEE-802,
  Tunnel-Type = VLAN,
  Tunnel-Private-Group-Id = "3"

Voici la config de mon switch(show running config). J'essai d'abord seulement sur le port 47:

Running configuration:

; J4899B Configuration Editor; Created on release #H.10.50

hostname "ProCurve Switch 2650"
interface 47
  no lacp
exit
snmp-server community "public" Unrestricted

vlan 1
  name "DEFAULT_VLAN"
  untagged 1-50
  ip address 10.1.1.1 255.255.0.0
  exit
vlan 2
  name "hell"
  ip address 10.2.1.1 255.255.0.0
  exit
vlan 3
  name "paradise"
  ip address 10.3.1.1 255.255.0.0
  exit
aaa authentication port-access eap-radius
radius-server key testing123
radius-server host 10.1.1.13
aaa port-access authenticator 47
aaa port-access authenticator 47 unauth-vid 2
aaa port-access authenticator active
aaa port-access 47
password manager

Et voici les log de freeradius:

Ready to process requests.
rad_recv: Access-Request packet from host 10.1.1.1 port 1024, id=71, length=218
	Framed-MTU = 1480
	NAS-IP-Address = 10.1.1.1
	NAS-Identifier = "ProCurve Switch 2650"
	User-Name = "anonymous"
	Service-Type = Framed-User
	Framed-Protocol = PPP
	NAS-Port = 47
	NAS-Port-Type = Ethernet
	NAS-Port-Id = "47"
	Called-Station-Id = "00-1c-2e-71-df-00"
	Calling-Station-Id = "00-15-b7-d5-70-e9"
	Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "2"
	EAP-Message = 0x0201000e01616e6f6e796d6f7573
	Message-Authenticator = 0xc1372f49cdc099ae6c441951af51b4fd
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
 rlm_eap: EAP packet type response id 1 length 14
 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: Entering ldap_groupcmp()
	expand: o=radius -> o=radius
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
	expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=anonymous)(rADIUSActiveConnections=1))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 10.1.1.13:389, authentication 0
rlm_ldap: starting TLS
rlm_ldap: bind as cn=admin,o=radius/admin to 10.1.1.13:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in o=radius, with filter (&(uid=anonymous)(rADIUSActiveConnections=1))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
	expand: o=radius -> o=radius
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
	expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=anonymous)(rADIUSActiveConnections=1))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=radius, with filter (&(uid=anonymous)(rADIUSActiveConnections=1))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[files] returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anonymous
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
	expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=anonymous)(rADIUSActiveConnections=1))
	expand: o=radius -> o=radius
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=radius, with filter (&(uid=anonymous)(rADIUSActiveConnections=1))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns notfound
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
 rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
 rlm_eap: EAP Identity
 rlm_eap: processing type tls
 rlm_eap_tls: Initiate
 rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 71 to 10.1.1.1 port 1024
	EAP-Message = 0x010200061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x459fffbc459dea57ef3ee1d36baff220
Finished request 0.
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.1 port 1024, id=72, length=282
	Framed-MTU = 1480
	NAS-IP-Address = 10.1.1.1
	NAS-Identifier = "ProCurve Switch 2650"
	User-Name = "anonymous"
	Service-Type = Framed-User
	Framed-Protocol = PPP
	NAS-Port = 47
	NAS-Port-Type = Ethernet
	NAS-Port-Id = "47"
	Called-Station-Id = "00-1c-2e-71-df-00"
	Calling-Station-Id = "00-15-b7-d5-70-e9"
	Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "2"
	State = 0x459fffbc459dea57ef3ee1d36baff220
	EAP-Message = 0x0202003c158000000032160301002d0100002903010e389564e36284344f0e3dbff6b041f73b5a0c03ff095ced901abac9d1d91f7f000002000a0100
	Message-Authenticator = 0x598999f53f1a317370ec578741af498b
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
 rlm_eap: EAP packet type response id 2 length 60
 rlm_eap: Continuing tunnel setup.
++[eap] returns ok
 rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
 rlm_eap: Request found, released from the list
 rlm_eap: EAP/ttls
 rlm_eap: processing type ttls
 rlm_eap_ttls: Authenticate
 rlm_eap_tls: processing TLS
 TLS Length 50
rlm_eap_tls:  Length Included
 eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
 rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello
TLS_accept: SSLv3 read client hello A
 rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
 rlm_eap_tls: >>> TLS 1.0 Handshake [length 070a], Certificate
TLS_accept: SSLv3 write certificate A
 rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
 eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 72 to 10.1.1.1 port 1024
	EAP-Message = 0x0103040015c000000767160301004a020000460301482d6647475cd8166c34f42b0606a3c4c6fbeb8ba2114fdc41cf2139d2300b8320761e249cd2f4c9fb6052564b279748d3bcf7a28d06a1125bc7bbc1bf4995ab6e000a00160301070a0b0007060007030002dd308202d930820242020103300d06092a864886f70d01010505003081bb310b3009060355040613024652310f300d060355040813064672616e63653119301706035504071310436c65726d6f6e742d46657272616e64311a3018060355040a1411436f6e7365696c2047c3a96ec3a972616c311d301b060355040b1414436f6e7365696c2047c3a96ec3a972616c204341311d301b
	EAP-Message = 0x06035504031414436f6e7365696c2047c3a96ec3a972616c2043413126302406092a864886f70d0109011617726f6d61696e2e736572726540686f746d61696c2e6672301e170d3038303430313039303234355a170d3038303530313039303234355a3081ad310b3009060355040613024652310f300d060355040813064672616e63653119301706035504071310436c65726d6f6e742d46657272616e64311a3018060355040a1411436f6e7365696c2047c3a96ec3a972616c311d301b060355040b1414436f6e7365696c2047c3a96ec3a972616c204341310f300d060355040313067261646975733126302406092a864886f70d010901161772
	EAP-Message = 0x6f6d61696e2e736572726540686f746d61696c2e667230819f300d06092a864886f70d010101050003818d0030818902818100d3c9ff0f06e63fbb664a496ea2481cd4c763c1cadc120717189342c836cef3bb950c0196564525293236eb4efa96a42372b56ba0ac48141c2619590b427c548c7afa48d1d848cb64861196fb6b513ff05e6a36c9b34e4a172ad4ceabc0e5bac2213289e6144b09cfe188705be57fd5acb3cfebaabf252da4d8ad17ca4a29c31d0203010001300d06092a864886f70d010105050003818100a241b2fa13630f72456e0c205569a11e3f652bd035b61ada09ac1a9daa94ab3e41a94f8d696a3b5511005a793f424166ad2d
	EAP-Message = 0xda00cdaa6e3fe76e9808c018f54768f7e06518381f95aa89a1c676443a82be7766eb918d372113c4ff081ea399540865badd2028e2b0bd976f57178135d7d98d427bf72fc39b707e65ce386d802b0004203082041c30820385a003020102020900889e72399fd01d37300d06092a864886f70d01010505003081bb310b3009060355040613024652310f300d060355040813064672616e63653119301706035504071310436c65726d6f6e742d46657272616e64311a3018060355040a1411436f6e7365696c2047c3a96ec3a972616c311d301b060355040b1414436f6e7365696c2047c3a96ec3a972616c204341311d301b06035504031414436f6e
	EAP-Message = 0x7365696c2047c3a96ec3a972
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x459fffbc449cea57ef3ee1d36baff220
Finished request 1.
Going to the next request
Waking up in 0.7 seconds.
rad_recv: Access-Request packet from host 10.1.1.1 port 1024, id=73, length=228
	Framed-MTU = 1480
	NAS-IP-Address = 10.1.1.1
	NAS-Identifier = "ProCurve Switch 2650"
	User-Name = "anonymous"
	Service-Type = Framed-User
	Framed-Protocol = PPP
	NAS-Port = 47
	NAS-Port-Type = Ethernet
	NAS-Port-Id = "47"
	Called-Station-Id = "00-1c-2e-71-df-00"
	Calling-Station-Id = "00-15-b7-d5-70-e9"
	Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "2"
	State = 0x459fffbc449cea57ef3ee1d36baff220
	EAP-Message = 0x020300061500
	Message-Authenticator = 0x2bb18705e716f10224bf2afc02432611
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
 rlm_eap: EAP packet type response id 3 length 6
 rlm_eap: Continuing tunnel setup.
++[eap] returns ok
 rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
 rlm_eap: Request found, released from the list
 rlm_eap: EAP/ttls
 rlm_eap: processing type ttls
 rlm_eap_ttls: Authenticate
 rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
 rlm_eap_tls: ack handshake fragment handler
 eaptls_verify returned 1
 eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 73 to 10.1.1.1 port 1024
	EAP-Message = 0x0104037b158000000767616c2043413126302406092a864886f70d0109011617726f6d61696e2e736572726540686f746d61696c2e6672301e170d3038303430313038353930355a170d3038303530313038353930355a3081bb310b3009060355040613024652310f300d060355040813064672616e63653119301706035504071310436c65726d6f6e742d46657272616e64311a3018060355040a1411436f6e7365696c2047c3a96ec3a972616c311d301b060355040b1414436f6e7365696c2047c3a96ec3a972616c204341311d301b06035504031414436f6e7365696c2047c3a96ec3a972616c2043413126302406092a864886f70d01090116
	EAP-Message = 0x17726f6d61696e2e736572726540686f746d61696c2e667230819f300d06092a864886f70d010101050003818d0030818902818100cd03239a9e832f29417830c13b63c50c42695a2617b39ff2668e694f8988a847ec286f077ae1cc995efb3620844c3366b0a3e3367dce018e856d90e3a17ef13f54a5f105cea0751a6cc3a434987cebfd7802819a809b734e36842678a5ab7535b90ecbec14ca4cb58851ffce6d73e33dcf8193ec2f438ff4be7f68a4739ecb5b0203010001a382012430820120301d0603551d0e04160414c19438472de2930f7fc09fe4ebb2853f02e360773081f00603551d230481e83081e58014c19438472de2930f7fc09fe4
	EAP-Message = 0xebb2853f02e36077a181c1a481be3081bb310b3009060355040613024652310f300d060355040813064672616e63653119301706035504071310436c65726d6f6e742d46657272616e64311a3018060355040a1411436f6e7365696c2047c3a96ec3a972616c311d301b060355040b1414436f6e7365696c2047c3a96ec3a972616c204341311d301b06035504031414436f6e7365696c2047c3a96ec3a972616c2043413126302406092a864886f70d0109011617726f6d61696e2e736572726540686f746d61696c2e6672820900889e72399fd01d37300c0603551d13040530030101ff300d06092a864886f70d0101050500038181007e28596197
	EAP-Message = 0x2619569a05b2d29ff40a5d261d5b36d848b0ede2fdfea3299a7905f19611f1fc04ae1dccdcae1645367886bb37d4a8755d48b6cdb561566ee4eec728443b0b07b4c3b5e0aac847cda2cc797f87555d2619c41b6fda04ff0431a3f7f65483f385fe4dee92c28341cb2d2f9fa54183fd05f7f4f6ab69e088b642fbd716030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x459fffbc479bea57ef3ee1d36baff220
Finished request 2.
Going to the next request
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 10.1.1.1 port 1024, id=74, length=422
	Framed-MTU = 1480
	NAS-IP-Address = 10.1.1.1
	NAS-Identifier = "ProCurve Switch 2650"
	User-Name = "anonymous"
	Service-Type = Framed-User
	Framed-Protocol = PPP
	NAS-Port = 47
	NAS-Port-Type = Ethernet
	NAS-Port-Id = "47"
	Called-Station-Id = "00-1c-2e-71-df-00"
	Calling-Station-Id = "00-15-b7-d5-70-e9"
	Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "2"
	State = 0x459fffbc479bea57ef3ee1d36baff220
	EAP-Message = 0x020400c81580000000be16030100861000008200802f553566c96627c56a91b7d5f4735a27be05d23dc730115303fe40f306fc39d95a464cb509d418285fd295adc1976e470fdcc176dbee8a7679a8be101e12cd08d1a513551b8c1eec593a4445383eee15566a416ce822b2ca0c540b52f1dcb48072adf86cdc4a45f8ba2312eb698790c79ecf977db4ccf31637d8f192dcbc67e014030100010116030100285afe06cbf077852d5551f8adeeba137f8a0addcf5824677d23a0a2cb7adc9cdbdb902bfddfed61dc
	Message-Authenticator = 0x95c319c6d60ba08e4d365fa5adafd215
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
 rlm_eap: EAP packet type response id 4 length 200
 rlm_eap: Continuing tunnel setup.
++[eap] returns ok
 rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
 rlm_eap: Request found, released from the list
 rlm_eap: EAP/ttls
 rlm_eap: processing type ttls
 rlm_eap_ttls: Authenticate
 rlm_eap_tls: processing TLS
 TLS Length 190
rlm_eap_tls:  Length Included
 eaptls_verify returned 11
 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
 rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
 rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
 rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
 eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 74 to 10.1.1.1 port 1024
	EAP-Message = 0x0105003d15800000003314030100010116030100287660db6c456dc5ff06de3b56abdd29e5c1ac27a3e3451405ccb87f46f135fe98f30478f61a19cd98
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x459fffbc469aea57ef3ee1d36baff220
Finished request 3.
Going to the next request
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 10.1.1.1 port 1024, id=75, length=293
	Framed-MTU = 1480
	NAS-IP-Address = 10.1.1.1
	NAS-Identifier = "ProCurve Switch 2650"
	User-Name = "anonymous"
	Service-Type = Framed-User
	Framed-Protocol = PPP
	NAS-Port = 47
	NAS-Port-Type = Ethernet
	NAS-Port-Id = "47"
	Called-Station-Id = "00-1c-2e-71-df-00"
	Calling-Station-Id = "00-15-b7-d5-70-e9"
	Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "2"
	State = 0x459fffbc469aea57ef3ee1d36baff220
	EAP-Message = 0x0205004715800000003d1703010038628fbe3f2c20cb9d62907cb875b79406e3e77c35c1b77536203b291707bd857de5c3b75446256e926403819f4dc0a9fcdc08bbb90d867a44
	Message-Authenticator = 0xe490089131b27d2eccdab7c194f602a4
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
 rlm_eap: EAP packet type response id 5 length 71
 rlm_eap: Continuing tunnel setup.
++[eap] returns ok
 rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
 rlm_eap: Request found, released from the list
 rlm_eap: EAP/ttls
 rlm_eap: processing type ttls
 rlm_eap_ttls: Authenticate
 rlm_eap_tls: processing TLS
 TLS Length 61
rlm_eap_tls:  Length Included
 eaptls_verify returned 11
 eaptls_process returned 7
 rlm_eap_ttls: Session established.  Proceeding to decode tunneled attributes.
 TTLS: Got tunneled request
	User-Name = "fufu"
	User-Password = "admin"
	FreeRADIUS-Proxied-To = 127.0.0.1
 TTLS: Sending tunneled request
	User-Name = "fufu"
	User-Password = "admin"
	FreeRADIUS-Proxied-To = 127.0.0.1
server (null) {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "fufu", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
 rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
rlm_ldap: Entering ldap_groupcmp()
	expand: o=radius -> o=radius
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
	expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=fufu)(rADIUSActiveConnections=1))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=radius, with filter (&(uid=fufu)(rADIUSActiveConnections=1))
rlm_ldap: ldap_release_conn: Release Id: 0
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
	expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=fufu)(rADIUSActiveConnections=1))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=radius, with filter (&(businessCategory=disabled)(&(uid=fufu)(rADIUSActiveConnections=1)))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=fufu,o=radius, with filter (objectclass=*)
rlm_ldap::groupcmp: Group disabled not found or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
	expand: o=radius -> o=radius
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
	expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=fufu)(rADIUSActiveConnections=1))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=radius, with filter (&(businessCategory=enabled)(&(uid=fufu)(rADIUSActiveConnections=1)))
rlm_ldap::ldap_groupcmp: User found in group enabled
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 9
++[files] returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for fufu
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
	expand: (&(uid=%{Stripped-User-Name:-%{User-Name}})(rADIUSActiveConnections=1)) -> (&(uid=fufu)(rADIUSActiveConnections=1))
	expand: o=radius -> o=radius
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=radius, with filter (&(uid=fufu)(rADIUSActiveConnections=1))
rlm_ldap: No default NMAS login sequence
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
rlm_ldap: user fufu authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
 rad_check_password:  Found Auth-Type LDAP
auth: type "LDAP"
+- entering group LDAP
rlm_ldap: - authenticate
rlm_ldap: login attempt by "fufu" with password "admin"
rlm_ldap: user DN: cn=fufu,o=radius
rlm_ldap: (re)connect to 10.1.1.13:389, authentication 1
rlm_ldap: starting TLS
rlm_ldap: bind as cn=fufu,o=radius/admin to 10.1.1.13:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user fufu authenticated succesfully
++[ldap] returns ok
Login OK: [fufu/admin] (from client hp port 0)
+- entering group post-auth
++[ldap] returns noop
} # server (null)
 TTLS: Got tunneled reply RADIUS code 2
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Type:0 = VLAN
	Tunnel-Private-Group-Id:0 = "3"
 TTLS: Got tunneled Access-Accept
 rlm_eap: Freeing handler
++[eap] returns ok
Login OK: [anonymous/<via Auth-Type = EAP>] (from client hp port 47 cli 00-15-b7-d5-70-e9)
+- entering group post-auth
++[ldap] returns noop
Sending Access-Accept of id 75 to 10.1.1.1 port 1024
	MS-MPPE-Recv-Key = 0x57ac0d7ae41abc5c2ea0e456d9442c87cb06ae7f497850ebbb0e8102c0aa94cd
	MS-MPPE-Send-Key = 0x7b50da9c1b7e4b36b6bc8651f887b514231e1640c10b0fc6cfe15053ecb11b9b
	EAP-Message = 0x03050004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "anonymous"
Finished request 4.
Going to the next request
Waking up in 0.5 seconds.
Waking up in 0.2 seconds.
Waking up in 3.6 seconds.
Cleaning up request 0 ID 71 with timestamp +15
Waking up in 0.2 seconds.
Cleaning up request 1 ID 72 with timestamp +15
Cleaning up request 2 ID 73 with timestamp +15
Cleaning up request 3 ID 74 with timestamp +16
Waking up in 0.1 seconds.
Cleaning up request 4 ID 75 with timestamp +16
Ready to process requests.

Si quelqu'un à une idée, je serai très, mais alors très heureux de l'entendre :transpi:

En tout cas merci d'avance pour votre aide

Lien vers le commentaire
Partager sur d’autres sites

Archivé

Ce sujet est désormais archivé et ne peut plus recevoir de nouvelles réponses.

×
×
  • Créer...