Alan DeKok wrote:
"Chris A. Kalin" <[EMAIL PROTECTED]> wrote:
Sending Access-Reject of id 3 to xx.xx.xx.xx port 4587
Reply-Message = "Your account has been disabled."
That message does not appear in the server source. It's added
somewhere by your local config.
Right, in the users file. I knew that one already, sorry I didn't post
the users files.
Fri Sep 8 12:37:40 2006 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 2
Fri Sep 8 12:37:40 2006 : Debug: users: Matched entry DEFAULT at
line 54
Fri Sep 8 12:37:40 2006 : Debug: users: Matched entry DEFAULT at
line 72
Check those two lines.
Find the entry in your configuration files that adds that
Reply-Message, it's setting Auth-Type := Reject, too.
That's exactly riight, but why is it even getting to my users file?
It's supposed to be proxying the auth request to another box, and
apparently does, but then it charges ahead and checks the username
against the local password database anyway, and finds a local user with
a GID that generates the "Your account has been disabled" message. It's
like it's proxying the request but doesn't stop once it gets a hit. An
identical users file with the same proxy.conf and (as similiar as it can
be) radiusd.conf under an older FreeRADIUS doesn't do this. And more
importantly, it's not logging _anything_ to my radius.log (in the event
of this particular failure I mean, other logs work fine), which is the
first time I've ever seen that happen in FreeRADIUS. If the remote end
rejects the user I get a "remote host says so" or similar error. Right
now I'm not getting anything.
Thanks!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
