I have a Redback SMS 500 currently in operation and a Cisco 7200 series in
place to replace it after a migration period.
I have both configured in the same huntgroup and I want both to be able to
authenticate the same userbase.
It seems that when trying to connect via PPPoE when the Cisco is the NAS the
password is rejected.
Here is my clients.conf:
client 192.168.1.3 {
secret = 11characters
shortname = redback
}
client 192.168.1.4 {
secret = 11characters
shortname = cisco
}
The DEFAULT record for the redback huntgroup is:
DEFAULT Auth-Type := Local, Framed-Protocol == PPP, Huntgroup-Name ==
"redback"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Idle-Timeout = 0
Here is my debug output, 192.168.1.3 is the Redback, 192.168.1.4 is the
Cisco:
rad_recv: Access-Request packet from host 192.168.1.3:1812, id=217,
length=100
Thread 3 assigned request 2
Waking up in 4 seconds...
Thread 3 handling request 2, (1 handled so far)
User-Name = "user1"
User-Password = "<<CLEARTEXT PASSWORD>>"
NAS-Identifier = "red"
NAS-IP-Address = 192.168.1.3
NAS_Real_Port = 671154529
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 3892366296
Connect-Info = "ba-standard"
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
rlm_realm: No '@' in User-Name = "user1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "user1"
rlm_realm: Proxying request from user user1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 2
radius_xlat: 'user1'
rlm_sql (sql): sql_set_user escaped user --> 'user1'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'user1' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 46
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupchec
k.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'user1' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'user1' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprepl
y.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = 'user1' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
huntgroups: Matched redback at 65
rlm_sql (sql): Released sql socket id: 46
modcall[authorize]: module "sql" returns ok for request 2
huntgroups: Matched redback at 65
users: Matched DEFAULT at 201
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 217 to 192.168.1.3:1812
Framed-IP-Address == 192.168.100.2
Framed-IP-Netmask == 255.255.255.255
Context-Name == "local"
Service-Type = Framed-User
Framed-Protocol = PPP
Idle-Timeout = 0
Finished request 2
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Accounting-Request packet from host 192.168.1.3:1812, id=85,
length=125
Thread 4 assigned request 3
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Waking up in 2 seconds...
Thread 4 handling request 3, (1 handled so far)
User-Name = "user1"
NAS-Identifier = "red"
NAS-IP-Address = 192.168.1.3
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 3892366296
NAS_Real_Port = 671154529
Attr-154140816 = 0x00000001
Acct-Session-Id = "E800CBD8-403E668A"
Acct-Authentic = RADIUS
Connect-Info = "ba-standard"
Acct-Status-Type = Start
modcall: entering group preacct for request 3
modcall[preacct]: module "preprocess" returns noop for request 3
rlm_realm: No '@' in User-Name = "user1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "user1"
rlm_realm: Proxying request from user user1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Accounting realm is LOCAL.
modcall[preacct]: module "suffix" returns noop for request 3
modcall[preacct]: module "files" returns noop for request 3
modcall: group preacct returns noop for request 3
modcall: entering group accounting for request 3
radius_xlat: '/usr/local/adm/freeradius/radacct/192.168.1.3/detail'
rlm_detail: /usr/local/adm/freeradius/radacct/%{Client-IP-Address}/detail
expands to /usr/local/adm/freeradius/radacct/192.168.1.3/detail
modcall[accounting]: module "detail" returns ok for request 3
radius_xlat: 'user1'
rlm_sql (sql): sql_set_user escaped user --> 'user1'
radius_xlat: 'INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId,
UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime,
AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('',
'E800CBD8-403E668A', '', 'user1', 'NULL', '192.168.1.3', '', '', '2004-02-26
16:35:09', '0', '0', 'RADIUS', 'ba-standard ', '', '0', '0', '', '', '',
'Framed-User', 'PPP', '', '', '0')'
rlm_sql (sql): Reserving sql socket id: 45
rlm_sql (sql): Released sql socket id: 45
modcall[accounting]: module "sql" returns ok for request 3
modcall[accounting]: module "unix" returns ok for request 3
radius_xlat: '/usr/local/adm/freeradius/var/log/radius/radutmp'
radius_xlat: 'user1'
modcall[accounting]: module "radutmp" returns ok for request 3
modcall: group accounting returns ok for request 3
Sending Accounting-Response of id 85 to 192.168.1.3:1812
Finished request 3
Going to the next request
Thread 4 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.1.4:21645, id=10, length=76
Sending duplicate reply to client cisco:21645 - ID: 10
Re-sending Access-Reject of id 10 to 192.168.1.4:21645
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/0/5
Cleaning up request 0 ID 10 with timestamp 403e6689
Cleaning up request 3 ID 85 with timestamp 403e668d
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 87 with timestamp 403e668a
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 217 with timestamp 403e668b
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.1.4:21645, id=10, length=76
Thread 5 assigned request 5
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Nothing to do. Sleeping until we see a request.
Thread 5 handling request 5, (1 handled so far)
Framed-Protocol = PPP
User-Name = "user2"
User-Password = "<<WEIRD CRYPTED PW, characters are entered by
escape-code>>"
NAS-Port-Type = Virtual
NAS-Port = 0
Service-Type = Framed-User
NAS-IP-Address = 192.168.1.4
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
rlm_realm: No '@' in User-Name = "user2", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "user2"
rlm_realm: Proxying request from user user2 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
radius_xlat: 'user2'
rlm_sql (sql): sql_set_user escaped user --> 'user2'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'user2' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 44
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupchec
k.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'user2' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'user2' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprepl
y.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = 'user2' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): No matching entry in the database for request from user
[user2]
rlm_sql (sql): Released sql socket id: 44
modcall[authorize]: module "sql" returns notfound for request 5
huntgroups: Matched redback at 66
users: Matched DEFAULT at 201
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns ok for request 5
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No password configured for the user
auth: Failed to validate the user.
WARNING: Unprintable characters in the password. ? Double-check the shared
secret on the server and the NAS!
rad_lowerpair: Stripped-User-Name now 'user2'
rad_rmspace_pair: Stripped-User-Name now 'user2'
rad_rmspace_pair: User-Password now '��?�}Q�?7�A+?&�'
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
rlm_realm: Request already proxied. Ignoring.
modcall[authorize]: module "suffix" returns noop for request 5
radius_xlat: 'user2'
rlm_sql (sql): sql_set_user escaped user --> 'user2'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'user2' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 43
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupchec
k.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'user2' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'user2' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprepl
y.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = 'user2' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): No matching entry in the database for request from user
[user2]
rlm_sql (sql): Released sql socket id: 43
modcall[authorize]: module "sql" returns notfound for request 5
huntgroups: Matched redback at 66
users: Matched DEFAULT at 201
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns ok for request 5
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No password configured for the user
auth: Failed to validate the user.
WARNING: Unprintable characters in the password. ? Double-check the shared
secret on the server and the NAS!
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
Thread 5 waiting to be assigned a request
--
Mark Hennessy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
