hi group!
i have a problem with my free-radiusserver. the radiusd starts normally but i
cannot log on with a username and password defined in /etc/raddb/users. the
client is a cisco-router 1720. below you find some logs i made. perhaps you
can pick out what went wrong. thanks for your help!!!
ciao marc werner
/etc/raddb/clients.conf:
client 10.0.0.1 {
�secret = meinsecret
�shortname = 1720 }
output from tcpdump:
09:39:00.304215 10.0.0.1.sightline > radius.radius: rad-access-req 72 [id 1]
Attr[ NAS_ipaddr{10.0.0.1} NAS_port{0} NAS_port_type{Async} User{$enab15$} [|
radius]
09:39:05.304134 10.0.0.1.sightline > radius.radius: rad-access-req 72 [id 1]
Attr[ NAS_ipaddr{10.0.0.1} NAS_port{0} NAS_port_type{Async} User{$enab15$} [|
radius]
09:39:05.304742 arp who-has 10.0.0.1 tell radius
09:39:05.305353 arp reply 10.0.0.1 is-at 0:b0:c2:89:d6:58
09:39:05.305370 radius.radius > 10.0.0.1.sightline: rad-access-reject 20 [id
1] (DF)
09:39:05.305377 radius.radius > 10.0.0.1.sightline: rad-access-reject 20 [id
1] (DF)
/var/log/radius/radius.log:
Fri Mar 19 09:02:35 2004 : Info: Using deprecated naslist file. Support for
this will go away soon.
Fri Mar 19 09:02:35 2004 : Info: Using deprecated clients file. Support for
this will go away soon.
Fri Mar 19 09:02:35 2004 : Info: Using deprecated realms file. Support for
this will go away soon.
Fri Mar 19 09:02:35 2004 : Info: HASH: Reinitializing hash structures and
lists for caching...
Fri Mar 19 09:02:35 2004 : Info: HASH: Stored 17 entries from /etc/passwd
Fri Mar 19 09:02:35 2004 : Info: HASH: Stored 36 entries from /etc/group
Fri Mar 19 09:02:35 2004 : Info: Listening on IP address 10.0.0.2, ports 1812/
udp and 1813/udp, with proxy on 1814/udp.
Fri Mar 19 09:02:35 2004 : Info: Ready to process requests.
Fri Mar 19 09:05:07 2004 : Auth: Login incorrect: [$enab15$/sususe8710] (from
client 1720 port 0)
Fri Mar 19 09:39:00 2004 : Auth: Login incorrect: [$enab15$/sususe8710] (from
client 1720 port 0)
output from debug-mode:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/"
main: localstatedir = "//var"
main: logdir = "//var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "//var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "//var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "//var/run/radiusd.pid"
main: bind_address = 10.0.0.2 IP address [10.0.0.2]
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
Using deprecated clients file. Support for this will go away soon.
read_config_files: reading realms
Using deprecated realms file. Support for this will go away soon.
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded System
unix: cache = yes
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "//var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
HASH: Reinitializing hash structures and lists for caching...
HASH: user root found in hashtable bucket 11726
HASH: user bin found in hashtable bucket 86651
HASH: user daemon found in hashtable bucket 11668
HASH: user lp found in hashtable bucket 54068
HASH: user mail found in hashtable bucket 79471
HASH: user news found in hashtable bucket 5375
HASH: user uucp found in hashtable bucket 38541
HASH: user games found in hashtable bucket 47657
HASH: user man found in hashtable bucket 50534
HASH: user wwwrun found in hashtable bucket 21080
HASH: user ftp found in hashtable bucket 56226
HASH: user nobody found in hashtable bucket 99723
HASH: user at found in hashtable bucket 67095
HASH: user sshd found in hashtable bucket 71560
HASH: user postfix found in hashtable bucket 23093
HASH: user radiusd found in hashtable bucket 55046
HASH: user ntp found in hashtable bucket 21418
HASH: Stored 17 entries from /etc/passwd
HASH: Stored 36 entries from /etc/group
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "cistron"
[/etc/raddb/users]:172 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/users]:184 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/users]:191 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/users]:198 Cistron compatibility checks for entry DEFAULT ...
[/etc/raddb/users]:220 Cistron compatibility checks for entry geraldo ...
[/etc/raddb/users]:229 Cistron compatibility checks for entry moremya4103 ...
[/etc/raddb/users]:233 Cistron compatibility checks for entry dumyute10107 ...
[/etc/raddb/users]:237 Cistron compatibility checks for entry shojoyu873 ...
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile = "//var/log/radius/radacct/%{Client-IP-Address}/detail"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "//var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address 10.0.0.2, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
--
Marc Werner
[EMAIL PROTECTED]
ICQ#190044536
http://tuxxy.in.itzehoe.de
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
