Hi there,
I got 3 users with all 3 an email tokens assigned.
The 3 users are member of my LDAP resolver:
10668
10669
10670
The user gets authenticated on the frontend netscaler with ldap and after
he succeeds authentication the radius request will be sent to the
privacyidea server.
At that moment Radius log show the following:
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: Config File
/etc/privacyidea/rlm_perl.ini found!
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: Debugging config:
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: Default URL
https://privacyidea.company.nl/validate/check
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: Looking for config for auth-type
Perl
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: Auth-Type: Perl
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: url:
https://privacyidea.company.nl/validate/check
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: user sent to privacyidea: 10670
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: realm sent to privacyidea:
domain.lan
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: resolver sent to privacyidea:
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: client sent to privacyidea:
10.10.1.82
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: state sent to privacyidea:
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: urlparam client
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: urlparam realm
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: urlparam pass
Tue Oct 4 15:43:03 2016 : Info: rlm_perl: urlparam user
Tue Oct 4 15:43:25 2016 : Info: rlm_perl: privacyIDEA Result status is
true!
Tue Oct 4 15:43:25 2016 : Info: rlm_perl: return RLM_MODULE_HANDLED
Privacyidea log shows the following:
[2016-10-04
15:43:03,121][1530][140239196612352][WARNING][privacyidea.lib.utils:439]
Proxy 10.10.2.33 not allowed to set IP to 10.10.1.82.
[2016-10-04
15:43:03,150][1530][140239196612352][INFO][privacyidea.lib.user:186] user
u’10670’ found in resolver u’domain.local’
[2016-10-04
15:43:03,150][1530][140239196612352][INFO][privacyidea.lib.user:187] userid
resolved to ‘d45bc0df-f392-40a1-bd44-b9f00ec1203d’
[2016-10-04
15:43:03,182][1530][140239196612352][INFO][privacyidea.lib.user:186] user
u’10670’ found in resolver u’domain.local’
[2016-10-04
15:43:03,182][1530][140239196612352][INFO][privacyidea.lib.user:187] userid
resolved to ‘d45bc0df-f392-40a1-bd44-b9f00ec1203d’
[2016-10-04
15:43:03,210][1530][140239196612352][INFO][privacyidea.lib.user:186] user
u’10670’ found in resolver u’domain.local’
[2016-10-04
15:43:03,210][1530][140239196612352][INFO][privacyidea.lib.user:187] userid
resolved to ‘d45bc0df-f392-40a1-bd44-b9f00ec1203d’
[2016-10-04
15:43:03,239][1530][140239196612352][INFO][privacyidea.lib.user:186] user
u’10670’ found in resolver u’domain.local’
[2016-10-04
15:43:03,239][1530][140239196612352][INFO][privacyidea.lib.user:187] userid
resolved to ‘d45bc0df-f392-40a1-bd44-b9f00ec1203d’
[2016-10-04
15:43:25,810][1530][140239196612352][INFO][privacyidea.lib.smtpserver:100]
Mail sent: {}
[2016-10-04
15:43:25,859][1530][140239196612352][INFO][privacyidea.lib.user:186] user
u’10670’ found in resolver u’domain.local’
[2016-10-04
15:43:25,859][1530][140239196612352][INFO][privacyidea.lib.user:187] userid
resolved to ‘d45bc0df-f392-40a1-bd44-b9f00ec1203d’
[2016-10-04
15:43:25,914][1530][140239221790464][WARNING][privacyidea.lib.utils:439]
Proxy 10.10.2.33 not allowed to set IP to 10.10.1.29.
The email tokens is sent to the user and normally i get the response page
on my netscaler asking to type the token code but now i dont get that
response and i get a bad request from radius on my netscaler rejecting the
challenge response.
Now the strange thing, i make a new token for the user and the problem is
resolved and everything works fine.
So i still got 2 users from the 3 of which i can reproduce the problem, can
you help me find out where the problem is occuring?
Python-Privacyidea Version: Version: 2.14-1trusty
Server: Ubuntu 14.04.1
Apache2 version 2.4.7 (Ubuntu)
FreeRADIUS Version 2.1.12
rlm_perl.ini
[Default]
URL = https://privacyidea.olvg.nl/validate/check
REALM = domain.local
#RESCONF = someResolver
SSL_CHECK = true
#DEBUG = true
Get system documentation:
Posted on this link, i will mail you the password.
https://cloud.olvg.nl/index.php/s/Lu2PzMWwQhToRRX