Hello group.
I am running FreeRADIUS 2.0.4 and I am attempting to setup a configuration
based on the "robust-proxy-accounting" site example. In short, I could not
get it to work. To attempt to debug the problem, I pared down the
configuration so the only part that was active was the part that it supposed
to send the accounting data to a detail file. However, even that small piece
does not work. The errors I am getting in the debug logs are
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
However, the configuration to log the data the detail file is only setup for
accounting, not authentication. This leaves me confused as to why FS is
attempting to do authentication. The relevant parts of the configuration
that are active during the test and the debug log is listed below. Any
assistance would be appreciated.
Thank you,
Jim Lohiser
---------- radiusd.conf
# Single detail file for accounting failover.
detail detail.imaginenet {
detailfile = "${radacctdir}/imaginenet/detail-%Y%m%d"
}
---------- <site file>
# Dummy server to spool accounting data.
home_server ImagineNet_Detail {
# Added 'type' value to attempt to force accounting only.
# Does not fix problem.
type = acct
virtual_server = ImagineNet_Detail
}
server ImagineNet_Detail {
accounting {
detail.imaginenet
}
}
home_server_pool ImagineNet_Acct {
type = load-balance
home_server = ImagineNet_Detail
# Turned this off during to debug. Does not fix problem.
#virtual_server = ImagineNet
}
realm imaginenet.net {
auth_pool = ImagineNet_Auth
acct_pool = ImagineNet_Acct
nostrip
}
########## Full Debug
rad_recv: Accounting-Request packet from host 192.168.0.10 port 51144,
id=81, length=57
User-Name = "[EMAIL PROTECTED]"
Acct-Status-Type = Start
Acct-Session-Id = "9584"
+- entering group preacct
expand: %{User-Name} -> [EMAIL PROTECTED]
expand: %{User-Name} -> [EMAIL PROTECTED]
expand: %{User-Name} -> [EMAIL PROTECTED]
++[preprocess] returns ok
rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request,
unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.0.10,NAS-IP-Address =
192.168.0.10,Acct-Session-Id = "9584",User-Name = "[EMAIL PROTECTED]"'
rlm_acct_unique: Acct-Unique-Session-ID = "dc24a5ecb36b1652".
++[acct_unique] returns ok
rlm_realm: Looking up realm "imaginenet.net" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: Found realm "imaginenet.net"
rlm_realm: Adding Realm = "imaginenet.net"
rlm_realm: Proxying request from user jlohiser to realm imaginenet.net
rlm_realm: Preparing to proxy accounting request to realm
"imaginenet.net"
++[suffix] returns updated
++[files] returns noop
+- entering group accounting
expand:
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/radius/radacct/192.168.0.10/detail-20080502
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.0.10/detail-20080502
expand: %t -> Fri May 2 02:33:03 2008
++[detail] returns ok
expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
expand: %{User-Name} -> [EMAIL PROTECTED]
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
++[radutmp] returns noop
expand: %{User-Name} -> [EMAIL PROTECTED]
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
+- entering group pre-proxy
preproxy_users: Matched entry DEFAULT at line 35
expand: %{Client-IP-Address} -> 192.168.0.10
++[files] returns ok
Sending proxied request internally to virtual server.
server ImagineNet_Detail {
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [EMAIL PROTECTED]/<no User-Password attribute>]
(from client fw1.cle1.oh.imaginenet.net port 0 via TLS tunnel)
} # server ImagineNet_Detail
Going to the next request
<<< Received proxied response from internal virtual server.
Login incorrect (Home Server says so): [EMAIL PROTECTED]/<no
User-Password attribute>] (from client fw1.cle1.oh.imaginenet.net port 0)
Sending Access-Reject of id 81 to 192.168.0.10 port 51144
Finished request 0.
Cleaning up request 0 ID 81 with timestamp +22
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
