Re: Failed Auth using users file (sometimes)
Configuration changes do take effect on restart. It could of been made days or weeks before but they kick in when you restart. Ivan Kalik Kalik Informatika ISP Dana 25/4/2008, Mike O'Connor [EMAIL PROTECTED] piše: Hi Ivan Thanks for your response, my question why would it not work then just work, no changes other than a restart between the two. Its running freeradius 1.1.7 Mike Mike Ivan Kalik wrote: rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 1647 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1647 modcall[authorize]: module files returns notfound for request 1647 rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Adding Stripped-User-Name = nyp2inter rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Preparing to proxy authentication request to realm xxx.com modcall[authorize]: module suffix returns updated for request 1675 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1675 users: Matched entry nyp2inter at line 18 modcall[authorize]: module files returns ok for request 1675 First debug doesn't strip the realm so there is no match in users file. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed Auth using users file (sometimes)
rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 1647 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1647 modcall[authorize]: module files returns notfound for request 1647 rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Adding Stripped-User-Name = nyp2inter rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Preparing to proxy authentication request to realm xxx.com modcall[authorize]: module suffix returns updated for request 1675 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1675 users: Matched entry nyp2inter at line 18 modcall[authorize]: module files returns ok for request 1675 First debug doesn't strip the realm so there is no match in users file. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed Auth using users file (sometimes)
Hi Ivan Thanks for your response, my question why would it not work then just work, no changes other than a restart between the two. Its running freeradius 1.1.7 Mike Mike Ivan Kalik wrote: rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 1647 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1647 modcall[authorize]: module files returns notfound for request 1647 rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Adding Stripped-User-Name = nyp2inter rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Preparing to proxy authentication request to realm xxx.com modcall[authorize]: module suffix returns updated for request 1675 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1675 users: Matched entry nyp2inter at line 18 modcall[authorize]: module files returns ok for request 1675 First debug doesn't strip the realm so there is no match in users file. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Failed Auth using users file (sometimes)
Hi Guys I have an account which I want to auth locally on our 2 proxy radius machine. The problem is that sometimes the connection authenticates and other times it does not, there are warning in the log's below so I'm sure I have something wrong. But I can not work out what I should be doing instead. Also how would I create a feature which would temporally authenticate all users for a realm as allowed ? The user file entry is nyp2inter Realm == 'xxx.com', User-Password == 'xxx', Proxy-To-Realm := LOCAL Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = xxx.xx.216.40, Framed-IP-Netmask = 255.255.255.255, Framed-Route = xxx.xx.10.128/25 0.0.0.0 1, Framed-MTU = 1492, Framed-Compression = Van-Jacobsen-TCP-IP Failed Auth: rad_recv: Access-Request packet from host xxx.xx.208.165:1645, id=155, length=106 Framed-Protocol = PPP User-Name = [EMAIL PROTECTED] User-Password = xxx NAS-Port-Type = Virtual NAS-Port = 328 Calling-Station-Id = sfy713300200187 Service-Type = Framed-User NAS-IP-Address = xxx.xx.208.165 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1647 modcall[authorize]: module preprocess returns ok for request 1647 radius_xlat: '/var/log/radius/radacct/xxx.xx.208.165/auth-detail-20080424' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/xxx.xx.208.165/auth -detail-20080424 modcall[authorize]: module auth_log returns ok for request 1647 modcall[authorize]: module attr_filter returns noop for request 1647 modcall[authorize]: module chap returns noop for request 1647 modcall[authorize]: module mschap returns noop for request 1647 rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 1647 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1647 modcall[authorize]: module files returns notfound for request 1647 rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. modcall[authorize]: module pap returns noop for request 1647 2008-04-24T11:29:37.613507: Verbose: RLM_PYTHON: handling Authorize request... modcall[authorize]: module python returns ok for request 1647 modcall: leaving group authorize (returns ok) for request 1647 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [EMAIL PROTECTED]/nyp4inter] (from client lns1.ade port 328 cli sfy713300200187) Found Post-Auth-Type Processing the post-auth section of radiusd.conf modcall: entering group REJECT for request 1647 rlm_sql_log (sql_log): Processing sql_log_postauth radius_xlat: 'INSERT INTO radpostauth (user, password, reply, date, reply_message) VALUES ('[EMAIL PROTECTED]', 'xxx', ' Access-Reject', '2008-04-24 11:29:37', '');' radius_xlat: '/var/log/radius/radacct/sql-relay' modcall[post-auth]: module sql_log returns ok for request 1647 modcall: leaving group REJECT (returns ok) for request 1647 Delaying request 1647 for 1 seconds Finished request 1647 With no Changes this Connected: rad_recv: Access-Request packet from host xxx.xx.208.165:1645, id=167, length=106 Framed-Protocol = PPP User-Name = [EMAIL PROTECTED] User-Password = xxx NAS-Port-Type = Virtual NAS-Port = 315 Calling-Station-Id = sfy713300200187 Service-Type = Framed-User NAS-IP-Address = xxx.xx.208.165 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1675 modcall[authorize]: module preprocess returns ok for request 1675 radius_xlat: '/var/log/radius/radacct/xxx.xx208.165/auth-detail-20080424' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/xxx.xx208.165/auth -detail-20080424 modcall[authorize]: module auth_log returns ok for request 1675 modcall[authorize]: module attr_filter returns noop for request 1675 modcall[authorize]: module chap returns noop for request 1675 modcall[authorize]: module mschap returns noop for request 1675 rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Adding Stripped-User-Name = nyp2inter rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Preparing to proxy authentication request to realm xxx.com