Hello,
I'm running freebsd 8.1 with mpd 5.5, authenticating users against
freeradius. After some seccon uptime pppoe link is dropped.
In radius.log i see this
Auth: Login OK: [test/test] (from client mpd port 2 cli 000c2906911e)
Error: Received Accounting-Request packet from 10.10.10.2 with invalid
signature! (Shared secret is incorrect.) Dropping packet without
response.
Found in forums about "options RADIX_MPATH" for kernel but that didn't
give me any result.
DEBUG:
rad_recv: Access-Request packet from host 10.10.10.2 port 19490,
id=151, length=183
NAS-Identifier = "mpd.mydomain.tld"
NAS-IP-Address = 10.10.10.2
Message-Authenticator = 0xd52aa007f6772e3745cc6209e99aef8d
Acct-Session-Id = "7596900-em1_0-2"
NAS-Port = 2
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "000c2906911e"
Called-Station-Id = "z"
NAS-Port-Id = "em1"
Vendor-12341-Attr-12 = 0x656d315f302d32
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Client-Endpoint:0 = "00:0c:29:06:91:1e"
User-Name = "test"
User-Password = "test"
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radacct/10.10.10.2/auth-detail-20110213
[auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radacct/10.10.10.2/auth-detail-20110213
[auth_log] expand: %t -> Sun Feb 13 10:00:27 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql] expand: %{User-Name} -> test
[sql] sql_set_user escaped user --> 'test'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attri
bute, value, op FROM radcheck WHERE username =
'test' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attri
bute, value, op FROM radreply WHERE username =
'test' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergr
oup WHERE username = 'test' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "test"
[pap] Using CRYPT encryption.
[pap] User authenticated successfully
++[pap] returns ok
Login OK: [test/test] (from client mpd port 2 cli 000c2906911e)
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 151 to 10.10.10.2 port 19490
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
Finished request 23.
Going to the next request
Waking up in 0.5 seconds.
rad_recv: Accounting-Request packet from host 10.10.10.2 port 26224,
id=172, length=218
NAS-Identifier = "mpd.mydomain.tld"
NAS-IP-Address = 10.10.10.2
Acct-Session-Id = "7596900-em1_0-2"
NAS-Port = 2
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "000c2906911e"
Called-Station-Id = "z"
NAS-Port-Id = "em1"
Vendor-12341-Attr-12 = 0x656d315f302d32
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Client-Endpoint:0 = "00:0c:29:06:91:1e"
Acct-Status-Type = Start
Framed-IP-Address = 20.20.20.2
User-Name = "test"
Acct-Multi-Session-Id = "7596900-B-1"
Vendor-12341-Attr-13 = 0x422d31
Vendor-12341-Attr-14 = 0x6e6730
Vendor-12341-Attr-15 = 0x00000004
Acct-Link-Count = 1
Acct-Authentic = RADIUS
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 2,Client-IP-Address =
10.10.10.2,NAS-IP-Address = 10.10.10.2,Acct-Session-Id =
"7596900-em1_0-2",User-Name = "test"'
[acct_unique] Acct-Unique-Session-ID = "026e7c5b94c4dd87".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting {...}
[detail] expand:
/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/radacct/10.10.10.2/detail-20110213
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to
/var/log/radacct/10.10.10.2/detail-20110213
[detail] expand: %t -> Sun Feb 13 10:00:27 2011
++[detail] returns ok
++[unix] returns fail
Finished request 24.
Cleaning up request 24 ID 172 with timestamp +12
Going to the next request
Waking up in 0.5 seconds.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
