(0) Received Access-Request Id 246 from 127.0.0.1:7288 to 127.0.0.1:1812 length 116 (0) Service-Type = Login-User (0) User-Name = "ettore" (0) User-Password = "xxxxxxxxxx" (0) NAS-IP-Address = 192.168.1.23 (0) NAS-Identifier = "pfSense.home.arpa" (0) Called-Station-Id = "08:00:27:f4:19:11:pfSense.home.arpa" (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (0) authorize { (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "ettore", skipping NULL due to config. (0) [suffix] = noop (0) ntdomain: Checking for prefix before "\" (0) ntdomain: No '\' in User-Name = "ettore", skipping NULL due to config. (0) [ntdomain] = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop (0) if (true) { (0) if (true) -> TRUE (0) if (true) { (0) redundant { rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare" rlm_ldap (ldap): Opening additional connection (0), 1 of 5 pending slots used rlm_ldap (ldap): Connecting to ldap://192.168.1.24:636 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful rlm_ldap (ldap): Reserved connection (0) (0) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (0) ldap: --> (uid=ettore) (0) ldap: Performing search in "o=basedn" with filter "(uid=ettore)", scope "sub" (0) ldap: Waiting for search result... (0) ldap: User object found at DN "uid=ettore,OU=Dipendenti,O=basedn" (0) ldap: Processing user attributes (0) ldap: WARNING: No "known good" password added. Ensure the admin user has permission to read the password attribute (0) ldap: WARNING: PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure) rlm_ldap (ldap): Released connection (0) Need 4 more connections to reach min connections (5) Need more connections to reach 0 spares rlm_ldap (ldap): Opening additional connection (1), 1 of 4 pending slots used rlm_ldap (ldap): Connecting to ldap://192.168.1.24:636 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (0) [ldap] = ok (0) } # redundant = ok (0) if ((ok || updated) && User-Password && !control:Auth-Type) { (0) if ((ok || updated) && User-Password && !control:Auth-Type) -> TRUE (0) if ((ok || updated) && User-Password && !control:Auth-Type) { (0) update { (0) control:Auth-Type := LDAP (0) } # update = noop (0) } # if ((ok || updated) && User-Password && !control:Auth-Type) = noop (0) } # if (true) = ok rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair (0) [daily] = noop rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair (0) [weekly] = noop rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair (0) [monthly] = noop rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair (0) [forever] = noop (0) if (&request:Calling-Station-Id == &control:Calling-Station-Id) { (0) ERROR: Failed retrieving values required to evaluate condition (0) [expiration] = noop (0) [logintime] = noop Not doing PAP as Auth-Type is already set. (0) [pap] = noop (0) } # authorize = ok (0) Found Auth-Type = LDAP (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (0) Auth-Type LDAP { rlm_ldap (ldap): Reserved connection (0) (0) ldap: Login attempt by "ettore" (0) ldap: Using user DN from request "uid=ettore,OU=Dipendenti,O=basedn" (0) ldap: Waiting for bind result... (0) ldap: Bind successful (0) ldap: Bind as user "uid=ettore,OU=Dipendenti,O=basedn" was successful rlm_ldap (ldap): Released connection (0) (0) [ldap] = ok (0) } # Auth-Type LDAP = ok (0) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default (0) post-auth { (0) update { (0) No attributes updated for RHS &session-state: (0) } # update = noop (0) [exec] = noop (0) policy remove_reply_message_if_eap { (0) if (&reply:EAP-Message && &reply:Reply-Message) { (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (0) else { (0) [noop] = noop (0) } # else = noop (0) } # policy remove_reply_message_if_eap = noop (0) } # post-auth = noop (0) Login OK: [ettore] (from client localhost port 0) (0) Sent Access-Accept Id 246 from 127.0.0.1:1812 to 127.0.0.1:7288 length 20 (0) Finished request Waking up in 4.9 seconds. (0) Cleaning up request packet ID 246 with timestamp +10