[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Failed retrieving values required to evaluate condition
From:       Christian Strauf <strauf () rz ! tu-clausthal ! de>
Date:       2019-04-30 9:50:24
Message-ID: 3F027287-05B2-4DB5-98EA-034C0D2F1B65 () rz ! tu-clausthal ! de
[Download RAW message or body]

Hi Christoph,

your log shows the cause of the problem:

--------8<--------8<--------8<--------8<--------
(8) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(8) ldap:    --> (uid=test)
(8) ldap: Performing search in "dc=uni-koblenz,dc=de" with filter "(uid=test)", scope \
"sub" (8) ldap: Waiting for search result...
(8) ldap: Search returned no results
rlm_ldap (ldap): Released connection (0)
(8)           [ldap] = notfound
(8)         } # else = notfound
(8)       } # else = notfound
(8)       [expiration] = noop
(8)       [logintime] = noop
(8)       [pap] = noop
(8)     } # authorize = updated
(8)   Found Auth-Type = eapoldca
(8)   Auth-Type sub-section not found.  Ignoring.
(8)   # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(8)   Failed to authenticate the user
(8)   Using Post-Auth-Type Reject
--------8<--------8<--------8<--------8<--------

The user "test" is not found in your LDAP directory and is hence rejected. I haven't \
looked at the rest of the configuration but it's safe to say that for this particular \
connection attempt, that's the root cause of the client not being able to connect. \
The PEAP tunnel is established successfully, the inner authentication seems to run as \
well (though I don't understand why you need the "if (&User-Name == "eduroam...")" \
statement in the inner-tunnel configuration because you only need it for the TLS \
handshake of the outer tunnel).

Kind regards,
Christian Strauf
-- 
Dipl.-Math. Christian Strauf
Clausthal Univ. of Technology   E-Mail: strauf@rz.tu-clausthal.de
Rechenzentrum                   Web:    www.rz.tu-clausthal.de
Erzstraße 18                    Tel.:   +49-5323-72-2086 Fax: -992086
D-38678 Clausthal-Zellerfeld


["smime.p7s" (smime.p7s)]

0	*H
 010
	`He0	*H
 00 	%ف0
	*H
010	UDE1+0)U
"T-Systems Enterprise Services GmbH10UT-Systems Trust \
Center1%0#UT-TeleSec GlobalRoot Class 20 160222133822Z
310222235959Z010	UDE1E0CU
<Verein zur Foerderung eines Deutschen Forschungsnetzes e. \
V.10UDFN-PKI1-0+U$DFN-Verein Certification Authority 20"0 	*H
0
`fAsMg9Z`GNWKVlUvFEc>pԫT#7(	]Ę7 \
fx J2)y T_Jx4twMYZ/l<5e \
2mZjKb84YE6Ixjm[k<q;gz6N)=Q\4 \
u9i%=+;U*^3	1FkYt0p0U0U2&JJK0U#0Y \
6y  "kaҸ,˂J0U003U ,0*0 +!,0
+!,0g0LUE0C0A ? \
=;http://pki0336.telesec.de/rl/TeleSec_GlobalRoot_Class_2.crl0+z0x0,+0 \
http://ocsp0336.telesec.de/ocspr0H+0<http://pki0336.telesec.de/crt/TeleSec_GlobalRoot_Class_2.cer0
 	*H
>eV-;qOں)!F.8y8tv]bL3j2,LG`Utk,ykMPf0"rM>[ϙR9.D~i;u;"lGG \
4}=wMOY>GJXoB.M<I&6,"͋xU;DRiТSW{$Jer900 \
c,=0 	*H
010	UDE1E0CU
<Verein zur Foerderung eines Deutschen Forschungsnetzes e. \
V.10UDFN-PKI1-0+U$DFN-Verein Certification Authority 20 160524113840Z
310222235959Z010	UDE1E0CU
<Verein zur Foerderung eines Deutschen Forschungsnetzes e. \
V.10UDFN-PKI1%0#UDFN-Verein Global Issuing CA0"0 	*H
0
;yGi9٢0r)_KhLk{-n:WQ6pmc \
.@уLf=di囤rh9QyӮ/]cqK9zBi@p翞MGH_e*I-?T/:W~xJA}S_ȳ*0$? \
MR 6$eǖs$hYv~ \
x<K7S:8Gmd=<ZEJʀ|LL00U00U0)U \
"0 0 +!,0
+!,0Uk:S୲2	;t0U#02&JJK0U00@ \
> <:http://cdp1.pca.dfn.de/global-root-g2-ca/pub/crl/cacrl.crl0@ > \
> <:http://cdp2.pca.dfn.de/global-root-g2-ca/pub/crl/cacrl.crl0+003 \
> +0'http://ocsp.pca.dfn.de/OCSP-Server/OCSP0J+0>http://cdp1.pca.dfn.d \
> e/global-root-g2-ca/pub/cacert/cacert.crt0J+0>http://cdp2.pca.dfn.de/global-root-g2-ca/pub/cacert/cacert.crt0
> 
	*H
xENU	j>xh5?k8w,> \
̨3$b6LxnPn`OR1CFubnfQB1gPI9˟ʆHK+f \
8W-L_>\)9l{F8ܰ?q3 Hc%%<z{Wn8 \
/[Kl=w3Sv&%Ao/|~`]A \
aI)ب-uJU4"00 GC0 	*H
010	UDE1E0CU
<Verein zur Foerderung eines Deutschen Forschungsnetzes e. \
V.10UDFN-PKI1%0#UDFN-Verein Global Issuing CA0 171206071917Z
201205071917Z0T10	UDE1*0(U
!Technische Universitaet Clausthal10UChristian Strauf0"0
	*H
0
	q[{\B&,%q?}QvT	V4w$	ՂV;EҊ`6a懜-%
 hMo0-HT#ލ_5	?nSBГ:JV=Zf~mf=(]&/S}/ \
"-n+DS;30ٌv~ɍKam8Gc;.ˎK\?D@+pcXi300@U \
9070 +!,0+!,0+!,0	U00U \
0U%0++0U`9EZq	'0U#0k:S୲2	;t0\UU0Sstrauf@rz.tu-clausthal.de \
christian.strauf@tu-clausthal.derzcs@tu-clausthal.de0U00? = \
;9http://cdp1.pca.dfn.de/dfn-ca-global-g2/pub/crl/cacrl.crl0? = \
;9http://cdp2.pca.dfn.de/dfn-ca-global-g2/pub/crl/cacrl.crl0+003+ \
0'http://ocsp.pca.dfn.de/OCSP-Server/OCSP0I+0=http://cdp1.pca.dfn.de/dfn \
-ca-global-g2/pub/cacert/cacert.crt0I+0=http://cdp2.pca.dfn.de/dfn-ca-global-g2/pub/cacert/cacert.crt0
 	*H
fiW;USNCA5j'PaJyDz/ 窽\5	w̒5Q
aO)xCFDZ'yf!*x*![N62uab:ݑJ#Q^ؘ].CN&u \
I`@~+cK!Nܴt<?tG#C#76Ċg=mcDYЮOXDd"EYמΆhEeqőH4^#qr~Cq100010	UDE1E0CU
  <Verein zur Foerderung eines Deutschen Forschungsnetzes e. \
V.10UDFN-PKI1%0#UDFN-Verein Global Issuing CAGC0 \
	`He 0	*H 	1	*H
0	*H
	1
190430095024Z0/	*H
	1" 1؁>ZT婵w50	+710010	UDE1E0CU
<Verein zur Foerderung eines Deutschen Forschungsnetzes e. \
V.10UDFN-PKI1%0#UDFN-Verein Global Issuing CAGC0*H \
	1 010	UDE1E0CU  <Verein zur Foerderung eines Deutschen \
Forschungsnetzes e. V.10UDFN-PKI1%0#UDFN-Verein Global Issuing \
CAGC0 	*H
r=P+4YGDXv3oSD;8"+rW'b9!+XJەg؎mvq
7?2[ */ɖtלB34/bb967mgz8aoe&ȃHx	唱Ӛ`-6|u<UwJ;e:+ \
$)`EFe|UW roux9ɃH#=5v nH.	}
Ǜ"{A


[Attachment #4 (unknown)]

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic