Failed Auth using users file (sometimes)

Wed, 23 Apr 2008 19:34:37 -0700 

Hi Guys
I have an account which I want to auth locally on our 2 proxy radius machine. 


The problem is that sometimes the connection authenticates and other 
times it does not, there are warning in the log's below so I'm sure I 
have something wrong. But I can not work out what I should be doing instead.



Also how would I create a feature which would temporally authenticate 
all users for a realm as allowed ?


The user file entry is


nyp2inter       Realm == 'xxx.com', User-Password == 'xxx', 
Proxy-To-Realm := "LOCAL"

                       Service-Type = Framed-User,
                       Framed-Protocol = PPP,
                       Framed-IP-Address = xxx.xx.216.40,
                       Framed-IP-Netmask = 255.255.255.255,
                       Framed-Route = "xxx.xx.10.128/25 0.0.0.0 1",
                       Framed-MTU = 1492,
                       Framed-Compression = Van-Jacobsen-TCP-IP



Failed Auth:


rad_recv: Access-Request packet from host xxx.xx.208.165:1645, id=155, 
length=106

       Framed-Protocol = PPP
       User-Name = "[EMAIL PROTECTED]"
       User-Password = "xxx"
       NAS-Port-Type = Virtual
       NAS-Port = 328
       Calling-Station-Id = "sfy713300200187"
       Service-Type = Framed-User
       NAS-IP-Address = xxx.xx.208.165
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1647
 modcall[authorize]: module "preprocess" returns ok for request 1647
radius_xlat:  '/var/log/radius/radacct/xxx.xx.208.165/auth-detail-20080424'

rlm_detail: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands 
to /var/log/radius/radacct/xxx.xx.208.165/auth

-detail-20080424
 modcall[authorize]: module "auth_log" returns ok for request 1647
 modcall[authorize]: module "attr_filter" returns noop for request 1647
 modcall[authorize]: module "chap" returns noop for request 1647
 modcall[authorize]: module "mschap" returns noop for request 1647

   rlm_realm: Looking up realm "xxx.com" for User-Name = 
"[EMAIL PROTECTED]"

   rlm_realm: Found realm "xxx.com"
   rlm_realm: Proxying request from user nyp2inter to realm xxx.com
   rlm_realm: Adding Realm = "xxx.com"
   rlm_realm: Authentication realm is LOCAL.
 modcall[authorize]: module "suffix" returns noop for request 1647
 rlm_eap: No EAP-Message, not doing EAP
 modcall[authorize]: module "eap" returns noop for request 1647
 modcall[authorize]: module "files" returns notfound for request 1647

rlm_pap: WARNING! No "known good" password found for the user.  
Authentication may fail because of this.

 modcall[authorize]: module "pap" returns noop for request 1647

2008-04-24T11:29:37.613507: Verbose: RLM_PYTHON: handling Authorize 
request...

 modcall[authorize]: module "python" returns ok for request 1647
modcall: leaving group authorize (returns ok) for request 1647

auth: No authenticate method (Auth-Type) configuration found for the 
request: Rejecting the user

auth: Failed to validate the user.

Login incorrect: [EMAIL PROTECTED]/nyp4inter] (from client lns1.ade 
port 328 cli sfy713300200187)

 Found Post-Auth-Type
 Processing the post-auth section of radiusd.conf
modcall: entering group REJECT for request 1647
rlm_sql_log (sql_log): Processing sql_log_postauth

radius_xlat:  'INSERT INTO radpostauth  (user, password, reply, date, 
reply_message) VALUES ('[EMAIL PROTECTED]', 'xxx', '

Access-Reject', '2008-04-24 11:29:37', '');'
radius_xlat:  '/var/log/radius/radacct/sql-relay'
 modcall[post-auth]: module "sql_log" returns ok for request 1647
modcall: leaving group REJECT (returns ok) for request 1647
Delaying request 1647 for 1 seconds
Finished request 1647

With no Changes this Connected:


rad_recv: Access-Request packet from host xxx.xx.208.165:1645, id=167, 
length=106

       Framed-Protocol = PPP
       User-Name = "[EMAIL PROTECTED]"
       User-Password = "xxx"
       NAS-Port-Type = Virtual
       NAS-Port = 315
       Calling-Station-Id = "sfy713300200187"
       Service-Type = Framed-User
       NAS-IP-Address = xxx.xx.208.165
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1675
 modcall[authorize]: module "preprocess" returns ok for request 1675
radius_xlat:  '/var/log/radius/radacct/xxx.xx208.165/auth-detail-20080424'

rlm_detail: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands 
to /var/log/radius/radacct/xxx.xx208.165/auth

-detail-20080424
 modcall[authorize]: module "auth_log" returns ok for request 1675
 modcall[authorize]: module "attr_filter" returns noop for request 1675
 modcall[authorize]: module "chap" returns noop for request 1675
 modcall[authorize]: module "mschap" returns noop for request 1675

   rlm_realm: Looking up realm "xxx.com" for User-Name = 
"[EMAIL PROTECTED]"

   rlm_realm: Found realm "xxx.com"
   rlm_realm: Adding Stripped-User-Name = "nyp2inter"
   rlm_realm: Proxying request from user nyp2inter to realm xxx.com
   rlm_realm: Adding Realm = "xxx.com"
   rlm_realm: Preparing to proxy authentication request to realm "xxx.com"
 modcall[authorize]: module "suffix" returns updated for request 1675
 rlm_eap: No EAP-Message, not doing EAP
 modcall[authorize]: module "eap" returns noop for request 1675
   users: Matched entry nyp2inter at line 18
 modcall[authorize]: module "files" returns ok for request 1675
 modcall[authorize]: module "pap" returns updated for request 1675

2008-04-24T11:29:48.109597: Verbose: RLM_PYTHON: handling Authorize 
request...

 modcall[authorize]: module "python" returns ok for request 1675
modcall: leaving group authorize (returns updated) for request 1675

 WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!  
Cancelling invalid proxy request.

 rad_check_password:  Found Auth-Type pap
auth: type "PAP"
 Processing the authenticate section of radiusd.conf
modcall: entering group PAP for request 1675
rlm_pap: login attempt with password nyp4inter
rlm_pap: Using clear text password "nyp4inter".
rlm_pap: User authenticated successfully
 modcall[authenticate]: module "pap" returns ok for request 1675
modcall: leaving group PAP (returns ok) for request 1675

Login OK: [EMAIL PROTECTED] (from client lns1.ade port 315 cli 
sfy713300200187)

 Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 1675
radius_xlat:  '/var/log/radius/radacct/xxx.xx.208.165/reply-detail-20080424'

rlm_detail: 
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands 
to /var/log/radius/radacct/xxx.xx.208.165/rep

ly-detail-20080424
 modcall[post-auth]: module "reply_log" returns ok for request 1675
modcall: leaving group post-auth (returns ok) for request 1675
WARNING: Cancelling proxy to Realm LOCAL, as the realm is local.
Sending Access-Accept of id 167 to xxx.xx.208.165 port 1645
       Service-Type = Framed-User
       Framed-Protocol = PPP
       Framed-IP-Address = xxx.xx.216.40
       Framed-IP-Netmask = 255.255.255.255
       Framed-Route = "xxx.xx.10.128/25 0.0.0.0 1"
       Framed-MTU = 1492
       Framed-Compression = Van-Jacobson-TCP-IP
Finished request 1675


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






















					Reply via email to