Hi, I'm running FreeRADIUS on a Solaris platform. To
me, the Access-Challenge seems way too long. When I
run FreeRADIUS on a Linux platform, the
Access-Challenge is much shorter than this. Here is
the debug output from the Solaris machine:
Listening on IP address *, ports 1812/udp and
1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host
192.168.51.40:4733, id=1, length=63
User-Name = "user4"
NAS-IP-Address = 192.168.51.40
EAP-Message = "\002d\000\n\001user4"
Message-Authenticator =
0xa37e51a112bd2147005ebc97730f3046
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
modcall[authorize]: module "suffix" returns ok
users: Matched user4 at 4
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type md5
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 1 to 192.168.51.40:4733
EAP-Message =
"\001\001\000\000\004\020\204\243\306\210\0347}c\001\314\372I~\215\302\215gs\000\000\000\030e
th\000\017\365h\210\0347}c\001\314\372I~\215\302\215on
valu\000\000\000\030\tor \000\017\365\210host to log
the user\000\000\000\030o.\n#\000\017\365\250ou can
include anoth\000\000\000\030user\000\017\365\310ile
with `$INCLUDE
u\000\000\000\030.oth\000\017\365\350#\n\n#\n#\tFor a
list of\000\000\000\030IUS \000\017\366\010ibutes, and
links to\000\000\000\030ir
d\000\017\366(itions,\n#\tsee:\n#\n#\th\000\000\000\030"
EAP-Message =
"//ww\000\017\366Heeradius.org/rfc/att\000\000\000\030tes.\000\017\366h\n#\n\n#\n#
Deny access \000\000\000\030a sp\000\017\366\210ic
user. Note that \000\000\000\030
ent\000\017\366\250UST\n# be bef\000\000\026Hany
\000\000\000\030r
'A\000\017\366\310Type\000\000\000\000trib\000\000\000\000whic\000\000\000\030sult\000\017\366\350
the user\n# being
au\000\000\000\030tica\000\017\367\010\n#\n# Note that
there\000\000\000\030NO '\000\017\367(-Through'
attribute,"
EAP-Message = "\000\000\000\030the
\000\017\367H will not\n# be given\000\000\000\030
add\000\017\367hnal
resources.\n#\n#la\000\000\000\030er\tA\000\017\367\210Type
:=
Reject\n#\t\tRe\000\000\000\030Mess\000\017\367\250=
"Your account has \000\000\000\030
dis\000\017\367\310d."\n\n#\n# Deny
access\000\000\000\030 a g\000\017\367\350 of
users.\n#\n# Note \000\000\000\030
the\000\017\370\010s NO 'Fall-Through'
\000\000\000\030ibut\000\017\370(o the user will "
EAP-Message = "not\n\000\000\000\030
giv\000\017\370Hny additional
resour\000\000\000\030\n#\n#\000\017\370hULT\tGroup ==
"disabl\000\000\000\030 Aut\000\017\370\210pe :=
Reject\n#\t\tRepl\000\000\000\030ssag\000\017\370\250"Your
account has
be\000\000\000\030isab\000\017\370\310"\n#\n\n#\n#
This is a c\000\000\000\030ete \000\017\370\350y for
"steve". Note \000\000\000\030 the\000\017\371\010s no
Fall-Through\n# \000\000\000\030y so\000\017\371(t no
DEFAULT"
EAP-Message = " entry w\000\000\000\030be
u\000\017\371H and the user will N\000\000\000\030
get\000\017\371h attributes in addit\000\000\000\030to
t\000\017\371\210nes listed
here.\n#\n#\000\000\000\030e\tAu\000\017\371\250ype :=
Local, User-P\000\000\000\030ord
\000\017\371\310testing"\n#\tService-T\000\000\000\030=
Fr\000\017\371\350-User,\n#\tFramed-Prot\000\000\000\030
= P\000\017\372\010#\tFramed-IP-Address
\000\000\000\0302.16\000\017\372(3,\n#\tFra"
EAP-Message = "med-IP-Netma\000\000\000\030
255\000\017\372H.255.0,\n#\tFramed-Rou\000\000\000\030
=
B\000\017\372hcast-Listen,\n#\tFrame\000\000\000\030lter\000\017\372\210=
"std.ppp",\n#\tFrame\000\000\000\030U =
\000\017\372\250,\n#\tFramed-Compressi\000\000\000\030
Van\000\017\372\310obsen-TCP-IP\n\n#\n#
Th\000\000\000\030s an\000\017\372\350ry for a user
with a\000\000\000\030ce i\000\017\373\010eir name.\n#
Note the\000\000\000\030ble \000\017\373(es s"
EAP-Message = "urrounding the
n\000\000\000\030\n#\n#\000\017\373Hn Doe"\tAuth-Type
:= \000\000\000\030l, U\000\017\373hPassword ==
"hello"\n\000\000\000\030eply\000\017\373\210sage =
"Hello, %u"\n\n\000\000\000\030Dial\000\017\373\250r
back and telnet to\000\000\000\030 def\000\017\373\310
host for that
port\n\000\000\000\030eg\tA\000\000\000\000Type :=
Local,
User-\000\000\0009word\000\000\000\000\377\377\377\377\000\000\000\001\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377"
EAP-Message =
"\377\377\377\377\000\004]\020\000\000\000\000\000\017\361\210#\tLo\000\000\0009IP-H\000\000\000\000\377\377\377\377\000\000\000\001\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\000\004]\000\000\000\000\001\000\017\373\360gin-\000\000\0041ice
\000\017\374|\000\017\374\240\000\000\004\000\000\017\374\240\000\017\374\245\000\000\000\000\000\000\000\001\000\017\374\252\000\017\374\253\000\017\374\266\000\017\374\301\000\017\374\307root\000x\000"
EAP-Message = "led back after which\n# he will
get a connection to the host
"timeshare1".\n#\n#dialbk\tAuth-Type := Local,
User-Password == "callme"\n#\tService-Type =
Callback-Login-User,\n#\tLogin-IP-Host =
timeshare1,\n#\tLogin-Service =
PortMaster,\n#\tCallback-Number = "9,1"
EAP-Message = "-800-555-1212"\n\n#\n# user
"swilson" will only get a static IP number if he logs
in with\n# a framed protocol on a terminal server in
Alphen (see the huntgroups file).\n#\n# Note that by
setting "Fall-Through", other attributes will be added
from\n# the foll"
EAP-Message = "owing DEFAULT
entries\n#\n#swilson\tService-Type == Framed-User,
Huntgroup-Name == "alphen"\n#\t\tFramed-IP-Address =
192.168.1.65,\n#\t\tFall-Through = Yes\n\n#\n# If the
user logs in as 'username.shell', then authenticate
them\n# against the system database, give"
EAP-Message = " them shell access, and stop
processing\n# the rest of the
file.\n#\n#DEFAULT\tSuffix == ".shell", Auth-Type :=
System\n#\t\tService-Type =
Login-User,\n#\t\tLogin-Se\000\000\000Ae =
\000\000\000\004\300\2503(\000\000\000\000\022}\000\000\000\000\000\001\000\000\000\001Gz\215q\022\345l\367\327\2771\215\240\002u\030\000\000\000\000\000\000\000\000\000\020\000\360\000\000\000?\000\020\002\030
of \000\000\000A
fil\001\001\000?Gz\215q\022\345l\367\327\2771\215"
EAP-Message =
"\240\002u\030\001\007user4\004\006\300\2503(O\014\002d\000\n\001user4P\022\243~Q\241\022\275!G\000^\274\227s\0170F
\000\000\000\221
all\000\020\000\250\000\000\000\000\000\020\001\320\000\000\000\000\000\020\t\370\000\020\002\030\000\000\000\000qqq\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000<\277\020\204\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
Message-Authenticator =
0x00000000000000000000000000000000
State =
0xb571c4621e0261b1154d801df8e38ab33cbf1084eaf3122c948a2a6005a0e28b05466613
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 1 with timestamp 3cbf1084
Nothing to do. Sleeping until we see a request.
Is there some setting in a file i need to change for
Solaris? Any help will be greatly appreciated .. thanks!
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
