Hello everyone.
I have a very weird problem with my setup.
my clients.conf
client 127.0.0.1 {
secret = testing123
shortname = Localhost
}
client 20.20.20.20 {
secret = pfsense
shortname = pfsense
}
client 20.20.20.17 {
secret = testing
shortname = ubuntu
}
with this setup I can only connect through the pfsense's captive portal
when I try to use radtest in both localhost and the remote ubuntu i
get a nas not found response
I'm using mysql authentication and the debugging output is the following
rad_recv: Access-Request packet from host 20.20.20.17 port 55281,
id=56, length=67
User-Name = "northpole"
User-Password = "1234"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Framed-Protocol = PPP
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "northpole", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 50
[files] expand: /usr/local/bin/rmauth "%{NAS-IP-Address}"
"%{User-Name}" "%{Calling-Station-Id}" -> /usr/local/bin/rmauth
"127.0.1.1" "northpole" ""
++[files] returns ok
[sql] expand: %{User-Name} -> northpole
[sql] sql_set_user escaped user --> 'northpole'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'northpole' ORDER
BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'northpole' ORDER
BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username
= 'northpole' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = Local
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
User-Password in the request is correct.
+- entering group session {...}
[sql] expand: %{User-Name} -> northpole
[sql] sql_set_user escaped user --> 'northpole'
[sql] expand: SELECT COUNT(*) FROM
radacct WHERE username =
'%{SQL-User-Name}' AND acctstoptime IS
NULL -> SELECT COUNT(*) FROM radacct
WHERE username = 'northpole'
AND acctstoptime IS NULL
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
+- entering group post-auth {...}
[sqlippool] No Pool-Name defined.
[sqlippool] expand: No Pool-Name defined (did %{Called-Station-Id}
cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> No
Pool-Name defined (did cli port 1812 user northpole)
No Pool-Name defined (did cli port 1812 user northpole)
++[sqlippool] returns noop
Exec-Program output: Reply-Message="NAS not found!"
Exec-Program-Wait: value-pairs: Reply-Message="NAS not found!"
Exec-Program: returned: 1
[exec] Login incorrect (external check said so)
++[exec] returns reject
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> northpole
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 7 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 7
Sending Access-Reject of id 56 to 20.20.20.17 port 55281
Reply-Message = "NAS not found!"
Waking up in 4.9 seconds.
Cleaning up request 7 ID 56 with timestamp +358
Ready to process requests.
what am I missing here?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
