Bug #7510
echec d'authentification auprès du serveur radius
Start date:
09 June 2015
Due date:
% Done:
0%
Estimated time:
Patch proposed:
No
Planning:
Description
pfSense signale:
Invalid credentials specified
Freeradius lancé en mode debug:
rad_recv: Access-Request packet from host 109.190.108.22 port 64768, id=145, length=172 NAS-IP-Address = 10.0.2.15 NAS-Identifier = "pfSense.entrouvert.lan" User-Name = "e02bb26201fc4277bf265f37d9228bbf" User-Password = "c7ee53e2d89d4a3b9a369e48a2ec919f" Service-Type = Login-User NAS-Port-Type = Ethernet NAS-Port = 2370 Framed-IP-Address = 10.42.0.101 Called-Station-Id = "10.0.2.15" Calling-Station-Id = "08:00:27:7b:f2:00" # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/109.190.108.22/auth-detail-20150609 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/109.190.108.22/auth-detail-20150609 [auth_log] expand: %t -> Tue Jun 9 10:28:49 2015 ++[auth_log] returns ok [ldap] performing user authorization for e02bb26201fc4277bf265f37d9228bbf [ldap] expand: %{Stripped-User-Name} -> [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> e02bb26201fc4277bf265f37d9228bbf [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=e02bb26201fc4277bf265f37d9228bbf) [ldap] expand: ou=radius,dc=entrouvert,dc=org -> ou=radius,dc=entrouvert,dc=org [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to localhost:389, authentication 0 [ldap] bind as uid=admin,ou=people,dc=entrouvert,dc=org/admin to localhost:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in ou=radius,dc=entrouvert,dc=org, with filter (uid=e02bb26201fc4277bf265f37d9228bbf) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "c7ee53e2d89d4a3b9a369e48a2ec919f" [ldap] looking for reply items in directory... [ldap] Setting Auth-Type = LDAP [ldap] user e02bb26201fc4277bf265f37d9228bbf authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "e02bb26201fc4277bf265f37d9228bbf", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop rlm_exec (exec): We require a program to execute ++[exec] returns fail Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> e02bb26201fc4277bf265f37d9228bbf attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 145 to 109.190.108.22 port 64768 Waking up in 4.9 seconds. Cleaning up request 0 ID 145 with timestamp +53 Ready to process requests.