1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
| Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 41586, id=30, length=56
User-Name = "toto"
User-Password = "\267\002n\235W\270=\207\343\327U\032\036\032w\372"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "toto", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[ldap] performing user authorization for toto
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> toto
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=toto)
[ldap] expand: dc=tem-tsp,dc=eu -> dc=tem-tsp,dc=eu
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=tem-tsp,dc=eu, with filter (uid=toto)
[ldap] Added User-Password = toto in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "toto"
[ldap] looking for reply items in directory...
[ldap] radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "33"
[ldap] radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
[ldap] radiusTunnelType -> Tunnel-Type:0 = VLAN
[ldap] user toto authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Config already contains "known good" password. Ignoring Password-With-Header
++[pap] returns updated
Found Auth-Type = PAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "�?n?W�=?��U???w�"
[pap] Using clear text password "toto"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> toto
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 11 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 11
Sending Access-Reject of id 30 to 127.0.0.1 port 41586
Waking up in 4.9 seconds.
Cleaning up request 11 ID 30 with timestamp +1966
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 41586, id=30, length=56
User-Name = "toto"
User-Password = "\267\002n\235W\270=\207\343\327U\032\036\032w\372"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "toto", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[ldap] performing user authorization for toto
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> toto
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=toto)
[ldap] expand: dc=tem-tsp,dc=eu -> dc=tem-tsp,dc=eu
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=tem-tsp,dc=eu, with filter (uid=toto)
[ldap] Added User-Password = toto in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "toto"
[ldap] looking for reply items in directory...
[ldap] radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "33"
[ldap] radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
[ldap] radiusTunnelType -> Tunnel-Type:0 = VLAN
[ldap] user toto authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Config already contains "known good" password. Ignoring Password-With-Header
++[pap] returns updated
Found Auth-Type = PAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "�?n?W�=?��U???w�"
[pap] Using clear text password "toto"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> toto
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 12 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 12
Sending Access-Reject of id 30 to 127.0.0.1 port 41586
Waking up in 4.9 seconds.
Cleaning up request 12 ID 30 with timestamp +1974
Ready to process requests |
FreeRAdius /OpenLdap /TTLS/PAP
Répondre avec citation
Partager