U-Auth: Demandeshttps://dev.entrouvert.org/https://dev.entrouvert.org/favicon.ico?15861920342015-06-09T08:30:55ZRedmine Entr’ouvert
Redmine Bug #7510 (Fermé): echec d'authentification auprès du serveur radiushttps://dev.entrouvert.org/issues/75102015-06-09T08:30:55ZSerghei Mihai
<p>pfSense signale:<br /><pre>
Invalid credentials specified
</pre></p>
<p>Freeradius lancé en mode debug:<br /><pre>
rad_recv: Access-Request packet from host 109.190.108.22 port 64768, id=145, length=172
NAS-IP-Address = 10.0.2.15
NAS-Identifier = "pfSense.entrouvert.lan"
User-Name = "e02bb26201fc4277bf265f37d9228bbf"
User-Password = "c7ee53e2d89d4a3b9a369e48a2ec919f"
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 2370
Framed-IP-Address = 10.42.0.101
Called-Station-Id = "10.0.2.15"
Calling-Station-Id = "08:00:27:7b:f2:00"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/109.190.108.22/auth-detail-20150609
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/109.190.108.22/auth-detail-20150609
[auth_log] expand: %t -> Tue Jun 9 10:28:49 2015
++[auth_log] returns ok
[ldap] performing user authorization for e02bb26201fc4277bf265f37d9228bbf
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> e02bb26201fc4277bf265f37d9228bbf
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=e02bb26201fc4277bf265f37d9228bbf)
[ldap] expand: ou=radius,dc=entrouvert,dc=org -> ou=radius,dc=entrouvert,dc=org
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to localhost:389, authentication 0
[ldap] bind as uid=admin,ou=people,dc=entrouvert,dc=org/admin to localhost:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in ou=radius,dc=entrouvert,dc=org, with filter (uid=e02bb26201fc4277bf265f37d9228bbf)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "c7ee53e2d89d4a3b9a369e48a2ec919f"
[ldap] looking for reply items in directory...
[ldap] Setting Auth-Type = LDAP
[ldap] user e02bb26201fc4277bf265f37d9228bbf authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "e02bb26201fc4277bf265f37d9228bbf", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
rlm_exec (exec): We require a program to execute
++[exec] returns fail
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> e02bb26201fc4277bf265f37d9228bbf
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 145 to 109.190.108.22 port 64768
Waking up in 4.9 seconds.
Cleaning up request 0 ID 145 with timestamp +53
Ready to process requests.
</pre></p> Bug #7436 (Fermé): erreur lors du SSO après d'un Idp de la fédérationhttps://dev.entrouvert.org/issues/74362015-06-01T14:40:53ZSerghei Mihai
<pre>
INVALID_SYNTAX at /accounts/mellon/login
{'info': 'objectClass: value #0 invalid per syntax', 'desc': 'Invalid syntax'}
</pre> Bug #6828 (Fermé): s/successfull/successful/https://dev.entrouvert.org/issues/68282015-03-25T13:38:30ZFrédéric Pétersfpeters@entrouvert.com
<p>Au niveau des noms de template. Il n'y a pas deux 'l' à la fin de ce mot;</p> Bug #6827 (Fermé): Ne pas ignorer que la connexion à l'annuaire LDAP n'a pas pu se fairehttps://dev.entrouvert.org/issues/68272015-03-25T13:36:43ZFrédéric Pétersfpeters@entrouvert.com
<p>Pour le moment, get_ldap_connection, puis create_radius_user, vont passer sans rien dire, et en bout de course, l'usager en arrivera à penser que son authent a fonctionné, alors que ça n'aura pas été le cas. Dans cette situation il faudrait selon moi afficher un message de panne technique à l'usager.</p> Bug #6825 (Fermé): Mentionner u-auth, et non portail admin, dans le pied de pagehttps://dev.entrouvert.org/issues/68252015-03-25T13:20:57ZFrédéric Pétersfpeters@entrouvert.com