Why were "vsa"s sent when password was incorrect?

Wed, 19 May 2004 08:10:03 -0700 

Hello.
I am testing freeradius-snapshot-20040518. and I use NTRadPing 
as a radius client.

I sent radius attributes from NTRadPing next values.
 User-Name = "test"
 CHAP-Password = 0x199b0db7370a6f27bf611e3a6e3eef65cd
 NAS-Port = 1
 NAS-IP-Address = 192.168.100.20
 Framed-Protocol = PPP
 Service-Type = Framed-User
 NAS-Port-Type = ISDN
 Acct-Session-Id = "123124"
 Calling-Station-Id = "00000000"

When password is incorrect, debug logs are next.
"VSA" are sent with "Access-Reject" 
Is this behavior correct?

rad_recv: Access-Request packet from host 192.168.100.20:1924, id=38, length=93
        User-Name = "test"
        CHAP-Password = 0xfe9a010597246a13b6786b44b5b1f9fd41
        NAS-Port = 1
        NAS-IP-Address = 192.168.100.20
        Framed-Protocol = PPP
        Service-Type = Framed-User
        NAS-Port-Type = ISDN
        Acct-Session-Id = "123124"
        Calling-Station-Id = "00000000"
 Debug:   Processing the authorize section of radiusd.conf
 Debug: modcall: entering group authorize for request 3
 Debug:   modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3
 Debug:   modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3
 Debug:   modcall[authorize]: module "preprocess" returns ok for request 3
 Debug:   modsingle[authorize]: calling chap (rlm_chap) for request 3
 Debug:   rlm_chap: Setting 'Auth-Type := CHAP'
 Debug:   modsingle[authorize]: returned from chap (rlm_chap) for request 3
 Debug:   modcall[authorize]: module "chap" returns ok for request 3
 Debug:   modsingle[authorize]: calling eap (rlm_eap) for request 3
 Debug:   rlm_eap: No EAP-Message, not doing EAP
 Debug:   modsingle[authorize]: returned from eap (rlm_eap) for request 3
 Debug:   modcall[authorize]: module "eap" returns noop for request 3
 Debug: modcall: entering group group for request 3
 Debug:   modsingle[authorize]: calling files (rlm_files) for request 3
 Debug:     users: Matched test at 93
 Debug:   modsingle[authorize]: returned from files (rlm_files) for request 3
 Debug:   modcall[authorize]: module "files" returns ok for request 3
 Debug: modcall: group group returns ok for request 3
 Debug: modcall: group authorize returns ok for request 3
 Debug:   rad_check_password:  Found Auth-Type Local
 Debug: auth: type Local
 Debug: auth: user supplied CHAP-Password does NOT match local User-Password
 Debug: auth: Failed to validate the user.
 Auth: Login incorrect: [test/<CHAP-Password>] (from client bryan port 1 cli 00000000)
 Debug:   Processing the post-auth section of radiusd.conf
 Debug: modcall: entering group Post-Auth-Type for request 3
 Debug:   modsingle[post-auth]: calling sql (rlm_sql) for request 3
 Debug: rlm_sql (sql): Processing sql_postauth
 Debug: radius_xlat:  'test'
 Debug: rlm_sql (sql): sql_set_user escaped user --> 'test'
 Debug: radius_xlat:  'INSERT into radpostauth (id, user, pass, reply, date) values 
('', 'test', 'Chap-Password', 'Access-Reject', NOW())'
 Debug: radius_xlat:  '/var/log/radius/sqltrace.sql'
 Debug: rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, 
pass, reply, date) values ('', 'test', 'Chap-Password', 'Access-Reject', NOW())
 Debug: rlm_sql (sql): Reserving sql socket id: 1
 Debug: rlm_sql_mysql: query:  INSERT into radpostauth (id, user, pass, reply, date) 
values ('', 'test', 'Chap-Password', 'Access-Reject', NOW())
 Debug: rlm_sql (sql): Released sql socket id: 1
 Debug:   modsingle[post-auth]: returned from sql (rlm_sql) for request 3
 Debug:   modcall[post-auth]: module "sql" returns ok for request 3
 Debug: modcall: group Post-Auth-Type returns ok for request 3
 Debug: Delaying request 3 for 1 seconds
 Debug: Finished request 3
 Debug: Going to the next request
 Debug: --- Walking the entire request list ---
 Debug: Waking up in 1 seconds...
 Debug: --- Walking the entire request list ---
 Debug: Waking up in 1 seconds...
 Debug: --- Walking the entire request list ---
Sending Access-Reject of id 38 to 192.168.100.20:1924
        Ascend-Idle-Limit = 600
        Ascend-Data-Filter = "ip in forward dstip 10.0.1.0/24 0"
        Ascend-Data-Filter += "ip in forward dstip 172.16.1.0/24 0"
        Ascend-Data-Filter += "ip in drop 0"
        Ascend-Data-Filter += "ip out forward 0"

---------------------------------------------------

my users file
test    Auth-Type := Local, Password == "test", Calling-Station-Id == "00000000"
        User-Service = Framed-User ,
        Framed-Protocol = PPP ,
        Framed-IP-Address = 10.0.0.1 ,
        Framed-IP-Netmask = 255.255.255.255 ,
        Ascend-Idle-Limit = 600 ,
        Ascend-Data-Filter = "ip in forward dstip 10.0.1.0/24" ,
        Ascend-Data-Filter += "ip in forward dstip 172.16.1.0/24" ,
        Ascend-Data-Filter += "ip in drop dstip 0.0.0.0" ,
        Ascend-Data-Filter += "ip out forward"

---------------------------------------------------

sorry for my poor english
regards

-- 
baffy200y <[EMAIL PROTECTED]>


__________________________________________________
Do You Yahoo!?
http://bb.yahoo.co.jp/


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to