|
1
|
(0) Received Access-Request Id 103 from 127.0.0.1:18717 to 127.0.0.1:1812 length 116
|
|
2
|
(0) Service-Type = Login-User
|
|
3
|
(0) User-Name = "ettore"
|
|
4
|
(0) User-Password = "xxxxxxxxxxx"
|
|
5
|
(0) NAS-IP-Address = 192.168.1.23
|
|
6
|
(0) NAS-Identifier = "pfSense.home.arpa"
|
|
7
|
(0) Called-Station-Id = "08:00:27:f4:19:11:pfSense.home.arpa"
|
|
8
|
(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
|
|
9
|
(0) authorize {
|
|
10
|
(0) [preprocess] = ok
|
|
11
|
(0) [chap] = noop
|
|
12
|
(0) [mschap] = noop
|
|
13
|
(0) [digest] = noop
|
|
14
|
(0) suffix: Checking for suffix after "@"
|
|
15
|
(0) suffix: No '@' in User-Name = "ettore", skipping NULL due to config.
|
|
16
|
(0) [suffix] = noop
|
|
17
|
(0) ntdomain: Checking for prefix before "\"
|
|
18
|
(0) ntdomain: No '\' in User-Name = "ettore", skipping NULL due to config.
|
|
19
|
(0) [ntdomain] = noop
|
|
20
|
(0) eap: No EAP-Message, not doing EAP
|
|
21
|
(0) [eap] = noop
|
|
22
|
(0) [files] = noop
|
|
23
|
(0) if ((notfound || noop) && ("%{%{Control:Auth-Type}:-No-Accept}" != "Accept")) {
|
|
24
|
(0) EXPAND %{%{Control:Auth-Type}:-No-Accept}
|
|
25
|
(0) --> No-Accept
|
|
26
|
(0) if ((notfound || noop) && ("%{%{Control:Auth-Type}:-No-Accept}" != "Accept")) -> TRUE
|
|
27
|
(0) if ((notfound || noop) && ("%{%{Control:Auth-Type}:-No-Accept}" != "Accept")) {
|
|
28
|
(0) if (true) {
|
|
29
|
(0) if (true) -> TRUE
|
|
30
|
(0) if (true) {
|
|
31
|
(0) redundant {
|
|
32
|
rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare"
|
|
33
|
rlm_ldap (ldap): Opening additional connection (0), 1 of 5 pending slots used
|
|
34
|
rlm_ldap (ldap): Connecting to ldap://192.168.1.25:636
|
|
35
|
rlm_ldap (ldap): Waiting for bind result...
|
|
36
|
rlm_ldap (ldap): Bind successful
|
|
37
|
rlm_ldap (ldap): Reserved connection (0)
|
|
38
|
(0) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
|
|
39
|
(0) ldap: --> (uid=ettore)
|
|
40
|
(0) ldap: Performing search in "o=basedn" with filter "(uid=ettore)", scope "sub"
|
|
41
|
(0) ldap: Waiting for search result...
|
|
42
|
(0) ldap: User object found at DN "uid=ettore,OU=Dipendenti,O=basedn"
|
|
43
|
(0) ldap: Processing user attributes
|
|
44
|
(0) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute
|
|
45
|
(0) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
|
|
46
|
rlm_ldap (ldap): Released connection (0)
|
|
47
|
Need 4 more connections to reach min connections (5)
|
|
48
|
Need more connections to reach 0 spares
|
|
49
|
rlm_ldap (ldap): Opening additional connection (1), 1 of 4 pending slots used
|
|
50
|
rlm_ldap (ldap): Connecting to ldap://192.168.1.25:636
|
|
51
|
rlm_ldap (ldap): Waiting for bind result...
|
|
52
|
rlm_ldap (ldap): Bind successful
|
|
53
|
(0) [ldap] = ok
|
|
54
|
(0) } # redundant = ok
|
|
55
|
(0) if (notfound || noop) {
|
|
56
|
(0) if (notfound || noop) -> FALSE
|
|
57
|
(0) } # if (true) = ok
|
|
58
|
(0) } # if ((notfound || noop) && ("%{%{Control:Auth-Type}:-No-Accept}" != "Accept")) = ok
|
|
59
|
rlm_counter: Entering module authorize code
|
|
60
|
rlm_counter: Could not find Check item value pair
|
|
61
|
(0) [daily] = noop
|
|
62
|
rlm_counter: Entering module authorize code
|
|
63
|
rlm_counter: Could not find Check item value pair
|
|
64
|
(0) [weekly] = noop
|
|
65
|
rlm_counter: Entering module authorize code
|
|
66
|
rlm_counter: Could not find Check item value pair
|
|
67
|
(0) [monthly] = noop
|
|
68
|
rlm_counter: Entering module authorize code
|
|
69
|
rlm_counter: Could not find Check item value pair
|
|
70
|
(0) [forever] = noop
|
|
71
|
(0) if (&request:Calling-Station-Id == &control:Calling-Station-Id) {
|
|
72
|
(0) ERROR: Failed retrieving values required to evaluate condition
|
|
73
|
(0) [expiration] = noop
|
|
74
|
(0) [logintime] = noop
|
|
75
|
(0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
|
|
76
|
(0) pap: WARNING: Authentication will fail unless a "known good" password is available
|
|
77
|
(0) [pap] = noop
|
|
78
|
(0) } # authorize = ok
|
|
79
|
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
|
|
80
|
(0) Failed to authenticate the user
|
|
81
|
(0) Using Post-Auth-Type Reject
|
|
82
|
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
|
|
83
|
(0) Post-Auth-Type REJECT {
|
|
84
|
(0) attr_filter.access_reject: EXPAND %{User-Name}
|
|
85
|
(0) attr_filter.access_reject: --> ettore
|
|
86
|
(0) attr_filter.access_reject: Matched entry DEFAULT at line 11
|
|
87
|
(0) [attr_filter.access_reject] = updated
|
|
88
|
(0) [eap] = noop
|
|
89
|
(0) policy remove_reply_message_if_eap {
|
|
90
|
(0) if (&reply:EAP-Message && &reply:Reply-Message) {
|
|
91
|
(0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
|
|
92
|
(0) else {
|
|
93
|
(0) [noop] = noop
|
|
94
|
(0) } # else = noop
|
|
95
|
(0) } # policy remove_reply_message_if_eap = noop
|
|
96
|
(0) } # Post-Auth-Type REJECT = updated
|
|
97
|
(0) Login incorrect (Failed retrieving values required to evaluate condition): [ettore] (from client localhost port 0)
|
|
98
|
(0) Delaying response for 1.000000 seconds
|
|
99
|
Waking up in 0.9 seconds.
|
|
100
|
(0) Sending delayed response
|
|
101
|
(0) Sent Access-Reject Id 103 from 127.0.0.1:1812 to 127.0.0.1:18717 length 20
|
|
102
|
Waking up in 3.9 seconds.
|
|
103
|
(0) Cleaning up request packet ID 103 with timestamp +8
|
|
104
|
Ready to process requests
|
|
105
|
|