Re: Failed Auth using users file (sometimes)
Configuration changes do take effect on restart. It could of been made days or weeks before but they kick in when you restart. Ivan Kalik Kalik Informatika ISP Dana 25/4/2008, Mike O'Connor [EMAIL PROTECTED] piše: Hi Ivan Thanks for your response, my question why would it not work then just work, no changes other than a restart between the two. Its running freeradius 1.1.7 Mike Mike Ivan Kalik wrote: rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 1647 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1647 modcall[authorize]: module files returns notfound for request 1647 rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Adding Stripped-User-Name = nyp2inter rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Preparing to proxy authentication request to realm xxx.com modcall[authorize]: module suffix returns updated for request 1675 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1675 users: Matched entry nyp2inter at line 18 modcall[authorize]: module files returns ok for request 1675 First debug doesn't strip the realm so there is no match in users file. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed Auth using users file (sometimes)
rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 1647 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1647 modcall[authorize]: module files returns notfound for request 1647 rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Adding Stripped-User-Name = nyp2inter rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Preparing to proxy authentication request to realm xxx.com modcall[authorize]: module suffix returns updated for request 1675 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1675 users: Matched entry nyp2inter at line 18 modcall[authorize]: module files returns ok for request 1675 First debug doesn't strip the realm so there is no match in users file. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed Auth using users file (sometimes)
Hi Ivan Thanks for your response, my question why would it not work then just work, no changes other than a restart between the two. Its running freeradius 1.1.7 Mike Mike Ivan Kalik wrote: rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 1647 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1647 modcall[authorize]: module files returns notfound for request 1647 rlm_realm: Looking up realm xxx.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm xxx.com rlm_realm: Adding Stripped-User-Name = nyp2inter rlm_realm: Proxying request from user nyp2inter to realm xxx.com rlm_realm: Adding Realm = xxx.com rlm_realm: Preparing to proxy authentication request to realm xxx.com modcall[authorize]: module suffix returns updated for request 1675 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1675 users: Matched entry nyp2inter at line 18 modcall[authorize]: module files returns ok for request 1675 First debug doesn't strip the realm so there is no match in users file. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Failed Auth using users file (sometimes)
Hi Guys
I have an account which I want to auth locally on our 2 proxy radius
machine.
The problem is that sometimes the connection authenticates and other
times it does not, there are warning in the log's below so I'm sure I
have something wrong. But I can not work out what I should be doing instead.
Also how would I create a feature which would temporally authenticate
all users for a realm as allowed ?
The user file entry is
nyp2inter Realm == 'xxx.com', User-Password == 'xxx',
Proxy-To-Realm := LOCAL
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = xxx.xx.216.40,
Framed-IP-Netmask = 255.255.255.255,
Framed-Route = xxx.xx.10.128/25 0.0.0.0 1,
Framed-MTU = 1492,
Framed-Compression = Van-Jacobsen-TCP-IP
Failed Auth:
rad_recv: Access-Request packet from host xxx.xx.208.165:1645, id=155,
length=106
Framed-Protocol = PPP
User-Name = [EMAIL PROTECTED]
User-Password = xxx
NAS-Port-Type = Virtual
NAS-Port = 328
Calling-Station-Id = sfy713300200187
Service-Type = Framed-User
NAS-IP-Address = xxx.xx.208.165
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1647
modcall[authorize]: module preprocess returns ok for request 1647
radius_xlat: '/var/log/radius/radacct/xxx.xx.208.165/auth-detail-20080424'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/xxx.xx.208.165/auth
-detail-20080424
modcall[authorize]: module auth_log returns ok for request 1647
modcall[authorize]: module attr_filter returns noop for request 1647
modcall[authorize]: module chap returns noop for request 1647
modcall[authorize]: module mschap returns noop for request 1647
rlm_realm: Looking up realm xxx.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: Found realm xxx.com
rlm_realm: Proxying request from user nyp2inter to realm xxx.com
rlm_realm: Adding Realm = xxx.com
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module suffix returns noop for request 1647
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 1647
modcall[authorize]: module files returns notfound for request 1647
rlm_pap: WARNING! No known good password found for the user.
Authentication may fail because of this.
modcall[authorize]: module pap returns noop for request 1647
2008-04-24T11:29:37.613507: Verbose: RLM_PYTHON: handling Authorize
request...
modcall[authorize]: module python returns ok for request 1647
modcall: leaving group authorize (returns ok) for request 1647
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [EMAIL PROTECTED]/nyp4inter] (from client lns1.ade
port 328 cli sfy713300200187)
Found Post-Auth-Type
Processing the post-auth section of radiusd.conf
modcall: entering group REJECT for request 1647
rlm_sql_log (sql_log): Processing sql_log_postauth
radius_xlat: 'INSERT INTO radpostauth (user, password, reply, date,
reply_message) VALUES ('[EMAIL PROTECTED]', 'xxx', '
Access-Reject', '2008-04-24 11:29:37', '');'
radius_xlat: '/var/log/radius/radacct/sql-relay'
modcall[post-auth]: module sql_log returns ok for request 1647
modcall: leaving group REJECT (returns ok) for request 1647
Delaying request 1647 for 1 seconds
Finished request 1647
With no Changes this Connected:
rad_recv: Access-Request packet from host xxx.xx.208.165:1645, id=167,
length=106
Framed-Protocol = PPP
User-Name = [EMAIL PROTECTED]
User-Password = xxx
NAS-Port-Type = Virtual
NAS-Port = 315
Calling-Station-Id = sfy713300200187
Service-Type = Framed-User
NAS-IP-Address = xxx.xx.208.165
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1675
modcall[authorize]: module preprocess returns ok for request 1675
radius_xlat: '/var/log/radius/radacct/xxx.xx208.165/auth-detail-20080424'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/xxx.xx208.165/auth
-detail-20080424
modcall[authorize]: module auth_log returns ok for request 1675
modcall[authorize]: module attr_filter returns noop for request 1675
modcall[authorize]: module chap returns noop for request 1675
modcall[authorize]: module mschap returns noop for request 1675
rlm_realm: Looking up realm xxx.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: Found realm xxx.com
rlm_realm: Adding Stripped-User-Name = nyp2inter
rlm_realm: Proxying request from user nyp2inter to realm xxx.com
rlm_realm: Adding Realm = xxx.com
rlm_realm: Preparing to proxy authentication request to realm xxx.com
