Hi Tony,
Are you running a pip installation or debian wheezy?
Which version of privacyidea are you running?
In certain cases there were problems with the ldap resolver, if the DN contains special characters and is base54 encoded.
Is it openldap or AD?
The Uid type: is it DN or entryUUID?
Kind regards Cornelius
Cornelius KölbelCornelius.koelbel@netknights.it+49 151 2960 1417
NetKnights GmbHhttp://netknights.itLandgraf-Karl-Str. 19, 34131 Kassel, GermanyTel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405Geschäftsführer: Cornelius Kölbel-------- Ursprüngliche Nachricht --------
Von: Tony Hawker lil.tud@gmail.com
Datum: 21.10.2015 08:59 (GMT+01:00)
An: privacyidea privacyidea@googlegroups.com
Betreff: Re: ‘privacyIDEA request failed: 500 INTERNAL SERVER ERROR’ - FreeRadius
Hithanks for your quick response to my issueI have been watching the privacyidea.log but no entries are made when a connection attempt is made via the radius, which leads me to think that the radius is not able to see the privacyidea API?I can access the URI in my browser, so i can see that is up
I see this in the privacyidea.log when i reboot
[2015-10-21 15:41:28,041][1924][139636199069440][ERROR][privacyidea.lib.resolvers.LDAPIdResolver:333] ‘Traceback (most recent call last):\n File “/opt/privacyIDEA/lib/python2.7/site-packages/privacyidea/lib/resolvers/ LDAPIdResolver.py”, line 328, in getUserList\n user = self._ldap_attributes_to_user_object(attributes)\n File “/opt/privacyIDEA/lib/python2.7/site-packages/privacyidea/lib/resolvers/LDAPIdResolver.py”, line 246, in _ldap_attributes_to_user_object\n for ldap_k, ldap_v in attributes.items():\nAttributeError: 'NoneType' object has no attribute 'items'\n’
Cheers
On Wednesday, 21 October 2015 17:14:34 UTC+11, Cornelinux K wrote:Hi Tony,
please do the following:
- Take a look into the audit log
Within the webui take a look, what you can see in the request in the
AUdit Tab. The right most tab.
I assume, the user does not exist.
The audit gives you a top level view of what is happening in
privacyidea.
- Take a look into the log file privacyidea.log.
This gives you a detailed view, of what is happening.
Kind regards
Cornelius
Am Dienstag, den 20.10.2015, 17:56 -0700 schrieb Tony Hawker:
Hi
I have followed the guide on setting up Privactidea on Centos 7 here:
Two-Factor-Authentication with OTP on CentOS 7 – privacyID3A
I can access the webui, register tokens, linked to active directory
etc, all tested ok
I am having issues with the radius plugin, when I attempt to make any
connection to the radius, either using the test functions described in
the link above, or from an external connection, I am seeing the errors
below:
]# echo “User-Name=user, User-Password=password” | radclient -sx
localhost auth testing123
Sending Access-Request Id 91 from 0.0.0.0:34321 to 127.0.0.1:1812
User-Name = 'user'
User-Password = 'password'
Received Access-Reject Id 91 from 127.0.0.1:1812 to 127.0.0.1:34321
length 75
Reply-Message = 'privacyIDEA request failed: 500 INTERNAL
SERVER ERROR’
(0) -: Expected Access-Accept got Access-Reject
Packet summary:
Accepted : 0
Rejected : 1
Lost : 0
Passed filter : 0
Failed filter : 1
and on the radius server I see this:
Received Access-Request Id 111 from 127.0.0.1:35488 to 127.0.0.1:1812
length 44
User-Name = 'user'
User-Password = 'password'
(0) Received Access-Request packet from host 127.0.0.1 port 35488,
id=111, length=44
(0) User-Name = ‘user’
(0) User-Password = ‘password’
(0) # Executing section authorize from
file /etc/raddb/sites-enabled/privacyidea
(0) authorize {
(0) [preprocess] = ok
(0) [digest] = noop
(0) suffix : Checking for suffix after “@”
(0) suffix : No ‘@’ in User-Name = “user”, looking up realm NULL
(0) suffix : No such realm “NULL”
(0) [suffix] = noop
(0) ntdomain : Checking for prefix before ""
(0) ntdomain : No '' in User-Name = “user”, looking up realm NULL
(0) ntdomain : No such realm “NULL”
(0) [ntdomain] = noop
(0) [files] = noop
(0) [expiration] = noop
(0) [logintime] = noop
(0) WARNING: pap : No “known good” password found for the user. Not
setting Auth-Type
(0) WARNING: pap : Authentication will fail unless a “known good”
password is available
(0) [pap] = noop
(0) update control {
(0) Auth-Type := Perl
(0) } # update control = noop
(0) } # authorize = ok
(0) Found Auth-Type = Perl
(0) # Executing group from file /etc/raddb/sites-enabled/privacyidea
(0) Auth-Type Perl {
(0) perl : $RAD_REQUEST{‘User-Name’} = &request:User-Name → ‘user’
(0) perl : $RAD_REQUEST{‘User-Password’} = &request:User-Password →
‘password’
(0) perl : $RAD_REQUEST{‘NAS-IP-Address’} = &request:NAS-IP-Address
→ ‘127.0.0.1’
(0) perl : $RAD_REQUEST{‘Event-Timestamp’} =
&request:Event-Timestamp → ‘Oct 21 2015 11:50:57 AEDT’
(0) perl : $RAD_CHECK{‘Auth-Type’} = &control:Auth-Type → ‘Perl’
(0) perl : $RAD_CONFIG{‘Auth-Type’} = &control:Auth-Type → ‘Perl’
rlm_perl: Config File /etc/freeradius/rlm_perl.ini found!
rlm_perl: Default URL https://127.0.0.1/validate/check
rlm_perl: Looking for config for auth-type Perl
rlm_perl: Auth-Type: Perl
rlm_perl: url: https://127.0.0.1/validate/check
rlm_perl: user sent to privacyidea: user
rlm_perl: realm sent to privacyidea:
rlm_perl: resolver sent to privacyidea:
rlm_perl: client sent to privacyidea: 127.0.0.1
rlm_perl: state sent to privacyidea:
rlm_perl: urlparam client
rlm_perl: urlparam pass
rlm_perl: urlparam user
rlm_perl: Not verifying SSL certificate!
rlm_perl: privacyIDEA request failed: 500 INTERNAL SERVER ERROR
rlm_perl: return RLM_MODULE_FAIL
(0) perl : &request:User-Name = $RAD_REQUEST{‘User-Name’} → ‘user’
(0) perl : &request:Event-Timestamp = $RAD_REQUEST{‘Event-Timestamp’}
→ ‘Oct 21 2015 11:50:57 AEDT’
(0) perl : &request:User-Password = $RAD_REQUEST{‘User-Password’} →
‘password’
(0) perl : &request:NAS-IP-Address = $RAD_REQUEST{‘NAS-IP-Address’}
→ ‘127.0.0.1’
(0) perl : &reply:Reply-Message = $RAD_REPLY{‘Reply-Message’} →
‘privacyIDEA request failed: 500 INTERNAL SERVER ERROR’
(0) perl : &control:Auth-Type = $RAD_CHECK{‘Auth-Type’} → ‘Perl’
(0) [perl] = fail
(0) } # Auth-Type Perl = fail
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) Delaying response for 1 seconds
Waking up in 0.9 seconds.
(0) Sending delayed response
(0) Sending Access-Reject packet to host 127.0.0.1 port 35488, id=111,
length=0
(0) Reply-Message = 'privacyIDEA request failed: 500 INTERNAL
SERVER ERROR’
Sending Access-Reject Id 111 from 127.0.0.1:1812 to 127.0.0.1:35488
Reply-Message = 'privacyIDEA request failed: 500 INTERNAL
SERVER ERROR’
Waking up in 3.9 seconds.
(0) Cleaning up request packet ID 111 with timestamp +7
I don’t think this is just an issue with the user / password, but if
anyone can point me in the right direction in what I may have done
wrong with either the radius or privacy idea install?
Cheers
–
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it
+49 151 2960 1417
NetKnights GmbH
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
–
You received this message because you are subscribed to the Google Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/242a0b48-4735-4b91-b29b-9d53507fe8b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.