Ocserv reading group config from radius
Mac Liang
liang1985 at gmail.com
Sun Feb 1 22:52:10 PST 2015
Hi there,
I tried to set up an openconnect server with freeradius. Everything
goes well except the groupconfig. I'm not sure how ocserv is reading
group configuration from freeradius. i set-up a profile named global,
and asked freeradius to send a reply with Group-Name as global. After
that, i created an account named as global_test and associated it with
global. Also. i used select-group = global[Tunnel All Network Traffic]
ti let the user select their network. However, when connecting to
ocserv, i kept receiving this error message:
ocserv[21229]: user 'global_test' requested group 'global' but is not a member
>From the log i learnt:
ocserv[22302]: worker: 101.*.*.2:53891 cannot find 'group-select' in client XM
L message
ocserv[22302]: worker: 101.*.*.2:53891 cannot find 'group-select' in client XM
L message
ocserv[22302]: worker: 101.*.*.2:53891 failed reading groupname
ocserv[22302]: worker: 101.*.*.2:53891 cannot find 'username' in client XML me
ssage
ocserv[22302]: worker: 101.*.*.2:53891 failed reading username
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: User-Agent: AnyConnect AppleSSLVP
N_Darwin_ARM (iPhone) 3.0.12169
ocserv[22302]: worker: 101.*.*.2:53891 User-agent: 'AnyConnect AppleSSLVPN_Dar
win_ARM (iPhone) 3.0.'
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: Host: *****************************
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: Accept: */*
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: Accept-Encoding: identity
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: X-Transcend-Version: 1
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: X-Transcend-Version: 1
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: X-AnyConnect-Identifier-ClientVer
sion: 3.0.12169
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: X-AnyConnect-Identifier-Platform:
apple-ios
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: X-AnyConnect-Identifier-PlatformV
ersion: 8.1.3
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: X-AnyConnect-Identifier-DeviceTyp
e: iPhone7,2
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: X-AnyConnect-Identifier-Device-Un
iqueID: 414989eb02633682633fa2f7155a0ee7a4a73bbf
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: X-Aggregate-Auth: 1
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: Content-Length: 38
ocserv[22302]: worker: 101.*.*.2:53891 HTTP: Content-Type: application/x-www-f
orm-urlencoded
ocserv[22302]: worker: 101.*.*.2:53891 HTTP POST /auth
ocserv[22302]: worker: 101.*.*.2:53891 POST body: 'group_list=global&username=
global_test'
ocserv[22302]: worker: 101.*.*.2:53891 cannot find 'group%5flist' in client me
ssage
ocserv[22301]: sec-mod: received request from pid 22302 and uid 65534
ocserv[22302]: worker[global_test]: 101.*.*.2:53891 sending message 'sm: auth
init' to secmod
ocserv[22301]: sec-mod: cmd [size=38] sm: auth init
ocserv[22301]: user 'global_test' requested group 'global' but is not a member
ocserv[22301]: sec-mod: error processing data for 'sm: auth init' command (-1)
ocserv[22302]: common.c:385: recvmsg returned zero
ocserv[22302]: worker[global_test]: 101.*.*.2:53891 worker-auth.c:679: error r
eceiving auth reply message
ocserv[22302]: worker[global_test]: 101.*.*.2:53891 worker-auth.c:1230: failed
authentication for 'global_test'
ocserv[22300]: main: 101.*.*.2:53891 main-misc.c:501: command socket closed
ocserv[22300]: main: 101.*.*.2:53891 removing client '' with id '22302'
ocserv[22314]: worker: 101.*.*.2:53893 accepted connection
ocserv[22314]: worker: 101.*.*.2:53893 sending message 'resume data fetch requ
est' to main
ocserv[22300]: main: 101.*.*.2:53893 main received message 'resume data fetch
request' of 34 bytes
ocserv[22300]: main: 101.*.*.2:53893 TLS session DB resuming ca777698713332863
c70d1f7ee3522e44448b52345c3814e88df8100b4358fc3
ocserv[22300]: main: 101.*.*.2:53893 sending message 'resume data fetch reply'
to worker
ocserv[22314]: worker: 101.*.*.2:53893 TLS handshake completed
--
Best,
Mac
More information about the openconnect-devel
mailing list