Robert Causey iMedia Associates
[EMAIL PROTECTED] wrote:
when I run radiusd -X I see on sysout (but not in the logs): ... rlm_ldap: user 085407 authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "B-level_users" returns ok for request 1 modcall: group Autz-Type returns ok for request 1 rad_check_password: Found Auth-Type Kerberos auth: type "Kerberos" modcall: entering group authenticate for request 1 rlm_krb5: [085407] krb5_g_i_t_w_p failed: Preauthentication failed modcall[authenticate]: module "krb5" returns reject for request 1 modcall: group authenticate returns reject for request 1 auth: Failed to validate the user. Login incorrect: [085407/anything] (from client <----------------------- auth1.ds.lanl.gov port 0) Sending Access-Reject of id 34 to 128.165.47.2:33293 Finished request 1 Going to the next request --- Walking the entire request list ---
and [EMAIL PROTECTED] /root]# radclient -xs radius.ds.lanl.gov auth justaTest User-Name = 085407 User-password = anything
Sending Access-Request of id 34 to 128.165.47.2:1812 User-Name = "085407" User-Password = "anything" rad_recv: Access-Reject packet from host 128.165.47.2:1812, id=34, length=20
[EMAIL PROTECTED] /root]# tail /var/log/radius/radius.log Wed Jan 7 17:20:07 2004 : Info: Ready to process requests. Thu Jan 8 17:23:47 2004 : Auth: rlm_krb5: krb5_init ok Thu Jan 8 17:23:47 2004 : Info: Ready to process requests. Mon Jan 12 13:43:36 2004 : Auth: rlm_krb5: [900777] krb5_g_i_t_w_p failed: Client not found in Kerberos database Mon Jan 12 13:43:36 2004 : Auth: Login incorrect (rlm_ldap: User not found): [900777/testok] (from client auth1.ds.lanl.gov port 1235) Mon Jan 12 13:44:21 2004 : Auth: rlm_krb5: [085407] krb5_g_i_t_w_p failed: Client not found in Kerberos database Mon Jan 12 13:44:21 2004 : Auth: Login incorrect: <---------------------------- [085407/testok] (from client auth1.ds.lanl.gov port 1235) Mon Jan 12 16:30:31 2004 : Error: rlm_ldap: ldap_search() failed: LDAP connection lost. Mon Jan 12 16:30:31 2004 : Info: rlm_ldap: Attempting reconnect Mon Jan 12 16:30:32 2004 : Auth: Login OK: [085407/041-0012] (from client auth1.ds.lanl.gov port 0) [EMAIL PROTECTED] /root]#
The details on the setup I quoted,
On one of our test servers I built freeradius 0.9.3 like so..
untar tarball (tar -zxvf free*) cd free* ./configure --localstatedir=/var --sysconfdir=/etc make make install
this built freeradius and installed all the freeradius bits into the default locations with a default setup.
I then did the following modifications to the files is /etc/raddb
clients.conf comment out localhost entry add client stanza for each test machine client xxx.xxx.xxx.xx { <-- in config I put real ip secret = test4321 shortname = webfe nastype = other }
radiusd.conf log_auth = yes log_auth_badpass = yes log_auth_goodpass = yes
Then I started freeradius by /usr/local/sbin/radiusd -p 1645
I then used NTradPing to do testing. I got the following in my /var/log/radius/radius.log file
Mon Jan 12 11:35:57 2004 : Auth: rlm_unix: [username]: invalid password Mon Jan 12 11:35:57 2004 : Auth: Login incorrect: [username/badpass] (from client webfe port 0) Mon Jan 12 11:36:24 2004 : Auth: Login OK: [username/goodpass] (from client webfe port 0)
Hope this helps.
Robert Causey iMedia Associates
[EMAIL PROTECTED] wrote:
What version? and how are you running radiusd? I saw the problem with 0.9.3 and running with radiusd -X, but haven't looked into why yet.
Then this will go to /var/log/radius.log ?
Yes.
Robert Causey iMedia Associates
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
