[RADIATOR] MSCHAPV2 with Vpn Concentrator 3000
SEG7
seg7 at ipb.pt
Mon Aug 25 09:19:06 CDT 2008
Sami Keski-Kasari wrote:
> Hi Sergio,
>
> You can't rewrite username if you are using mschapv2.
>
> Use UsernameMatchesWithoutRealm inside authby instead.
>
Already tryed that before, must be something else...
Thanks,
Sérgio
Handler
<Handler Realm = vpn.ipb.pt,User-Name = seg7 at vpn.ipb.pt>
MaxSessions 4
AccountingHandled
SessionDatabase SessDBUsers
<AuthBy LDAP2>
NoDefault
UsernameMatchesWithoutRealm
Host blade04.ccom.ipb.pt
Port 389
Version 3
AuthDN cn=root,dc=ipb,dc=pt
AuthPassword *
BaseDN ou=staff,ou=users,dc=ipb,dc=pt
Scope sub
PasswordAttr sambaNTPassword
SearchFilter (uid=%1)
AutoMPPEKeys yes
</AuthBy>
AcctLogFileName /var/log/radius/vpn-detail.log
AccountingHandled
AuthLog vpnusers
</Handler>
Trace 4
Mon Aug 25 15:13:55 2008: DEBUG: Packet dump:
*** Received from 193.137.107.254 port 1130 ....
Code: Access-Request
Identifier: 54
Authentic: <160>I<223>(F<246><229>e<216><1><189>j<171><171><180><224>
Attributes:
User-Name = "seg7 at vpn.ipb.pt"
NAS-Port = 2311
Service-Type = Framed
Framed-Protocol = PPP
Tunnel-Client-Endpoint = 193.136.195.195
MS-CHAP-Challenge = "<139>m<207><16>
X<160><222>/<230><218>j^<20><130>>"
MS-CHAP2-Response =
"<2><0>vp<175><252><197><153><27><198>A<215><174>:<224><22>L<250><0><0><0><0><0><0><0><0>yI<206><13><240>S<242>L<240>3<177><8>+<1
6><218><216>a<9>D{<216><165><222><168>"
NAS-IP-Address = 193.137.107.254
NAS-Port-Type = Virtual
Mon Aug 25 15:13:55 2008: DEBUG: Handling request with Handler 'Realm =
vpn.ipb.pt,User-Name = seg7 at vpn.ipb.pt'
Mon Aug 25 15:13:55 2008: DEBUG: SessDBUsers Deleting session for
seg7 at vpn.ipb.pt, 193.137.107.254, 2311
Mon Aug 25 15:13:55 2008: DEBUG: do query is: 'delete from RADONLINE
where NASIDENTIFIER='193.137.107.254' and NASPORT=02311':
Mon Aug 25 15:13:55 2008: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='seg7 at vpn.ipb.pt'':
Mon Aug 25 15:13:55 2008: DEBUG: Handling with Radius::AuthLDAP2:
Mon Aug 25 15:13:55 2008: INFO: Connecting to blade04.ccom.ipb.pt:389
Mon Aug 25 15:13:55 2008: INFO: Attempting to bind to LDAP server
blade04.ccom.ipb.pt:389
Mon Aug 25 15:13:55 2008: DEBUG: LDAP got result for
uid=seg7,ou=staff,ou=users,dc=ipb,dc=pt
Mon Aug 25 15:13:55 2008: DEBUG: LDAP got sambaNTPassword:
{nthash}31D6CFE0D16AE931B73C59D7E0C089C0
Mon Aug 25 15:13:55 2008: DEBUG: Radius::AuthLDAP2 looks for match with
seg7 [seg7 at vpn.ipb.pt]
Mon Aug 25 15:13:55 2008: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password:
seg7 [seg7 at vpn.ipb.pt]
Mon Aug 25 15:13:55 2008: DEBUG: AuthBy LDAP2 result: REJECT, Bad Password
Mon Aug 25 15:13:55 2008: INFO: Access rejected for seg7 at vpn.ipb.pt: Bad
Password
Mon Aug 25 15:13:55 2008: DEBUG: Packet dump:
*** Sending to 193.137.107.254 port 1130 ....
Code: Access-Reject
Identifier: 54
Authentic: <225><6><159>"i@<138><239><13><156><15><207><192><185><20><165>
Attributes:
Reply-Message = "Request Denied"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: seg7.vcf
Type: text/x-vcard
Size: 203 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20080825/a35595bd/attachment.vcf>
More information about the radiator
mailing list