[prev in list] [next in list] [prev in thread] [next in thread] List: freeradius-users Subject: Re: Failed retrieving values required to evaluate condition From: Christian Strauf <strauf () rz ! tu-clausthal ! de> Date: 2019-04-30 9:50:24 Message-ID: 3F027287-05B2-4DB5-98EA-034C0D2F1B65 () rz ! tu-clausthal ! de [Download RAW message or body] Hi Christoph, your log shows the cause of the problem: --------8<--------8<--------8<--------8<-------- (8) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (8) ldap: --> (uid=test) (8) ldap: Performing search in "dc=uni-koblenz,dc=de" with filter "(uid=test)", scope \ "sub" (8) ldap: Waiting for search result... (8) ldap: Search returned no results rlm_ldap (ldap): Released connection (0) (8) [ldap] = notfound (8) } # else = notfound (8) } # else = notfound (8) [expiration] = noop (8) [logintime] = noop (8) [pap] = noop (8) } # authorize = updated (8) Found Auth-Type = eapoldca (8) Auth-Type sub-section not found. Ignoring. (8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (8) Failed to authenticate the user (8) Using Post-Auth-Type Reject --------8<--------8<--------8<--------8<-------- The user "test" is not found in your LDAP directory and is hence rejected. I haven't \ looked at the rest of the configuration but it's safe to say that for this particular \ connection attempt, that's the root cause of the client not being able to connect. \ The PEAP tunnel is established successfully, the inner authentication seems to run as \ well (though I don't understand why you need the "if (&User-Name == "eduroam...")" \ statement in the inner-tunnel configuration because you only need it for the TLS \ handshake of the outer tunnel). Kind regards, Christian Strauf -- Dipl.-Math. Christian Strauf Clausthal Univ. of Technology E-Mail: strauf@rz.tu-clausthal.de Rechenzentrum Web: www.rz.tu-clausthal.de Erzstraße 18 Tel.: +49-5323-72-2086 Fax: -992086 D-38678 Clausthal-Zellerfeld ["smime.p7s" (smime.p7s)] 0 *H 010 `He 0 *H 00 %ف0 *H 010 UDE1+0)U "T-Systems Enterprise Services GmbH10UT-Systems Trust \ Center1%0#UT-TeleSec GlobalRoot Class 20 160222133822Z 310222235959Z010 UDE1E0CU <Verein zur Foerderung eines Deutschen Forschungsnetzes e. \ V.10UDFN-PKI1-0+U$DFN-Verein Certification Authority 20"0 *H 0 `fAsMg9Z`GNWKVlUvFEc>pԫT#7( ]Ę7 \ fx J2)y T_Jx4twMYZ/l<