I am replacing my current radius server with a new one and have compiled
and installed the same version of freeradius and copied over my radbd
directory. What happens on the new one is that the router (cisco AS5200)
retrys a few times and then fails to auth the user even though
freeradius said its sending an accept. I am running version 0.9.2 on
both, I tried 0.9.3 on the new one and same result. The old server is
running redhat, the new one debian. The old one runs openldap 2.1.22,
the new debian server runs 2.0.23. Its also running off a new ldap
database though identical, so thats the first thing I suspected, however
I changed radius to point to the old server for its ldap and I get the
same results. I did an ldap packet capture and it looks the same. Also
my other services that use the new database
(qmail-ldap,pftp,phpldapadmin) all work with it. Only thing I havent
tried yet is to upgrade openldap, but I didnt want to leave the debian
stable area if I dident need to.
Thanks for your help.
Here is a debug from the origonal working one.
--------------------------------------------------------
rad_recv: Access-Request packet from host 216.183.100.11:1645, id=19,
length
108
NAS-IP-Address = 216.183.100.11
NAS-Port = 28
Cisco-NAS-Port = "Async28"
NAS-Port-Type = Async
User-Name = "ginac"
Called-Station-Id = "1924"
Calling-Station-Id = "4807829708"
User-Password = "ideletedthis"
Service-Type = Framed-User
Framed-Protocol = PPP
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop for request 0
rlm_realm: No '@' in User-Name = "ginac", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched DEFAULT at 8
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for ginac
radius_xlat: '(uid=ginac)'
radius_xlat: 'dc=azquest,dc=com'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=azquest,dc=com/FinallyOrganized! to
localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in dc=azquest,dc=com, with filter
(uid=ginac)
rlm_ldap: checking if remote access for ginac is allowed by dialupAccess
rlm_ldap: Added password {MD5}s3JRIsnTv+9WZGGeCOMYdw== in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user ginac authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type Ldap
auth: type "LDAP"
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "ginac" with password "ideletedthis"
rlm_ldap: user DN: uid=ginac,ou=Lennar,ou=azqaccounts,dc=azquest,dc=com
rlm_ldap: (re)connect to localhost:389, authentication 1
rlm_ldap: bind as
uid=ginac,ou=Lennar,ou=azqaccounts,dc=azquest,dc=com/ideletedthis to
localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user ginac authenticated succesfully
modcall[authenticate]: module "ldap" returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Sending Access-Accept of id 19 to 216.183.100.11:1645
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Routing = Broadcast-Listen
Framed-Compression = Van-Jacobson-TCP-IP
Finished request 0
This is a debug of the new not working one.
-----------------------------------------------------------------------------
rad_recv: Access-Request packet from host 216.183.100.11:1645, id=18,
length=108
NAS-IP-Address = 216.183.100.11
NAS-Port = 26
Cisco-NAS-Port = "Async26"
NAS-Port-Type = Async
User-Name = "ginac"
Called-Station-Id = "1924"
Calling-Station-Id = "4807829708"
User-Password = "ideletedthis"
Service-Type = Framed-User
Framed-Protocol = PPP
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop for request 6
rlm_realm: No '@' in User-Name = "ginac", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
users: Matched DEFAULT at 8
modcall[authorize]: module "files" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for ginac
radius_xlat: '(uid=ginac)'
radius_xlat: 'dc=azquest,dc=com'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=azquest,dc=com, with filter
(uid=ginac)
rlm_ldap: checking if remote access for ginac is allowed by dialupAccess
rlm_ldap: Added password {MD5}s3JRIsnTv+9WZGGeCOMYdw== in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user ginac authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
modcall: group authorize returns ok for request 6
rad_check_password: Found Auth-Type Ldap
auth: type "LDAP"
modcall: entering group Auth-Type for request 6
rlm_ldap: - authenticate
rlm_ldap: login attempt by "ginac" with password "ideletedthis"
rlm_ldap: user DN: uid=ginac,ou=Lennar,ou=azqaccounts,dc=azquest,dc=com
rlm_ldap: (re)connect to 216.183.100.12:389, authentication 1
rlm_ldap: bind as
uid=ginac,ou=Lennar,ou=azqaccounts,dc=azquest,dc=com/ideletedthis to
216.183.100.12:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user ginac authenticated succesfully
modcall[authenticate]: module "ldap" returns ok for request 6
modcall: group Auth-Type returns ok for request 6
Sending Access-Accept of id 18 to 216.183.100.11:1645
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Routing = Broadcast-Listen
Framed-Compression = Van-Jacobson-TCP-IP
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 216.183.100.11:1645, id=18,
length=108
Sending duplicate reply to client isdn-0:1645 - ID: 18
Re-sending Access-Accept of id 18 to 216.183.100.11:1645
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 18 with timestamp 405e34fa
Nothing to do. Sleeping until we see a request.
Here is a "sh radius statistics" when its not working
----------------------------------------------------------
isdn-0#sh radius statistics
Maximum inQ length: 1
Maximum waitQ length: 1
Maximum doneQ length: 1
Total responses seen: 58
Packets with responses: 0 <--- this should be incrementing
Packets without responses: 15
Average response delay: 0 ms
Maximum response delay: 0 ms
Number of Radius timeouts: 60
Duplicate ID detects: 0
--
Entelin <[EMAIL PROTECTED]>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
