On Wed, 20 Nov 2002 11:23:24 -0500 Alan DeKok <[EMAIL PROTECTED]> wrote:
> William Ragsdale <[EMAIL PROTECTED]> wrote: > > I checked the output in debug mode. It shows that it is sending the > reject > > packet. > > Wonderful. The debug output ALSO says WHY it's sending the reject > packet. > > Have you tried reading the rest of the debug output? > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > I looked at the debug output, I don't see anything wrong. The password IS invalid. That the intent. With a valid password it sends a Access-Accept and all is well. It is the invalid Access-Reject that is the problem. I see a problem in my user file, but it shouldn't be a problem for rejects. The Freeradius Server is v0.8 on FreeBSD 4.7 The production server, which I hope to replace is: #/usr/local/stealth/raddb/radiusd -v radiusd: RADIUS version 1.6.6 06-Feb-2002 Compilation flags: USE_DB1 NOSHADOW ATTRIB_NMC COMPAT_1543 bsdi Full debug output: #/usr/local/sbin/radiusd -X Debug Output Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/raddb/clients.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log" main: libdir = "/usr/local/lib" main: radacctdir = "/var/log/radacct" main: hostname_lookups = no main: max_request_time = 10 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 0 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/raddb/huntgroups" preprocess: hints = "/usr/local/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/raddb/users" files: acctusersfile = "/usr/local/raddb/acct_users" files: preproxy_usersfile = "/usr/local/raddb/preproxy_users" files: compat = "no" auth_type_fixup: Auth-Type [1000] auth_type_fixup: User-Password [2] auth_type_fixup: Auth-Type [1000] auth_type_fixup: User-Password [2] auth_type_fixup: Auth-Type [1000] auth_type_fixup: User-Password [2] auth_type_fixup: Auth-Type [1000] auth_type_fixup: User-Password [2] auth_type_fixup: Auth-Type [1000] auth_type_fixup: User-Password [2] auth_type_fixup: Auth-Type [1000] auth_type_fixup: User-Password [2] auth_type_fixup: Auth-Type [1000] auth_type_fixup: User-Password [2] auth_type_fixup: Auth-Type [1000] auth_type_fixup: User-Password [2] auth_type_fixup: Auth-Type [1000] auth_type_fixup: User-Password [2] auth_type_fixup: Auth-Type [1000] auth_type_fixup: User-Password [2] auth_type_fixup: Auth-Type [1000] auth_type_fixup: User-Password [2] auth_type_fixup: Auth-Type [1000] auth_type_fixup: User-Password [2] [/usr/local/raddb/users]:312 WARNING! Changing 'Session-Timeout =' to 'Session-Timeout ==' ?for comparing RADIUS attribute in check item list for user DEFAULT Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/detail" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1812/udp and 1813/udp. Ready to process requests. rad_recv: Access-Request packet from host 209.172.24.67:10240, id=89, length=91 User-Name = "[EMAIL PROTECTED]" Password = "lkjh" NAS-IP-Address = 209.172.24.67 NAS-Port-Id = 20115 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port-Type = Async modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm netonecom.net for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm netonecom.net rlm_realm: Adding Stripped-User-Name = "azander" rlm_realm: Proxying request from user azander to realm netonecom.net rlm_realm: Adding Realm = "netonecom.net" rlm_realm: Authentication realm is LOCAL. rlm_realm: auth_port is not set. proxy cancelled modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 296 users: Matched DEFAULT at 316 users: Matched DEFAULT at 323 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate rlm_unix: [azander]: invalid password modcall[authenticate]: module "unix" returns reject modcall: group authenticate returns reject auth: Failed to validate the user. Login incorrect: [[EMAIL PROTECTED]/lkjh] (from client M1 port 20115) Sending Access-Reject of id 89 to 209.172.24.67:10240 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 89 with timestamp 3ddbb818 Nothing to do. Sleeping until we see a request. -- �William Ragsdale �http://www.netonecom.net �Server Administrator �Office Hours �NetOne Communications, Inc. �Work: 231-734-2917 10AM - 7PM �2186 US 10 �FAX: 231-734-6395 �Sears, MI 49679 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
