no session showed by radwho, but user still could not login

Trio Yulistianto trioy99 at gmail.com
Tue May 15 02:40:27 CEST 2007 

Hi all

I'm newbie in freeradius, i've already installed freeradius-1.1.6, Mysql and
MikroTik NAS.

I'm configuring my radius 1 session for every 1 user :

+----+---------------+---------------------------+-----+-------------+

| id | UserName  | Attribute               | op | Value      |

+----+---------------+---------------------------+-----+--------------+

| 57 | rsa at idola | Simultaneous-Use | :=  | 0            |

| 42 | rsa at idola | Password             | == | denpasar |

+----+---------------+---------------------------+----+---------------+



The problem is sometimes user cannot login even no session rsa at idola user in
Mikrotik NAS connected,

I check with radwho, its shown below :

[root at ladps ~]# radwho

Login                Name              What    TTY   When        From
   Location

tyl at idola           tyl at idola            PPP   S232 Mon 17:43 129.47.26
172.16.30.79

awn at idola        awn at idola         PPP   S245 Mon 19:53 129.47.26
172.16.30.246

gde at idola         gde at idola          PPP   S189 Mon 13:12 129.47.26
172.16.30.255

afy at idola          afy at idola           PPP   S218 Mon 13:20 129.47.26
172.16.30.252



no session rsa at idola in that list… is'nt it ?

but rsa at idola still couldnot login,  this is the log from radiusd –X :



Ready to process requests.

Nothing to do.  Sleeping until we see a request.

rad_recv: Access-Request packet from host 129.47.26.123:1088, id=8,
length=179

        Service-Type = Framed-User

        Framed-Protocol = PPP

        NAS-Port = 252

        NAS-Port-Type = Ethernet

        User-Name = "rsa at idola"

        Calling-Station-Id = "00:18:DE:69:F1:F3"

        Called-Station-Id = "VLAN TEST"

        NAS-Port-Id = "vlan_TEST"

        MS-CHAP-Domain = "idola"

        CHAP-Challenge = 0x0270131ced4933d4f26646e2946b2192

        CHAP-Password = 0x016806e0edb33d434bc59078e233381b6c

        NAS-Identifier = "ROUTER INDUK"

        NAS-IP-Address = 129.47.26.123

        Mikrotik-Realm = "idola"

  Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 1

  modcall[authorize]: module "preprocess" returns ok for request 1

  rlm_chap: Setting 'Auth-Type := CHAP'

  modcall[authorize]: module "chap" returns ok for request 1

  modcall[authorize]: module "mschap" returns noop for request 1

    rlm_realm: Looking up realm "idola" for User-Name = "rsa at idola"

    rlm_realm: No such realm "idola"

  modcall[authorize]: module "suffix" returns noop for request 1

  rlm_eap: No EAP-Message, not doing EAP

  modcall[authorize]: module "eap" returns noop for request 1

    users: Matched entry DEFAULT at line 163

    users: Matched entry DEFAULT at line 183

    users: Matched entry DEFAULT at line 195

  modcall[authorize]: module "files" returns ok for request 1

radius_xlat:  'rsa at idola'

rlm_sql (sql): sql_set_user escaped user --> 'rsa at idola'

radius_xlat:  'SELECT id, UserName, Attribute, Value, op FROM radcheck
WHERE Username = 'rsa at idola'           ORDER BY id'

rlm_sql (sql): Reserving sql socket id: 2

radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,
radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM
radgroupcheck,usergroup WHERE usergroup.Username = 'rsa at idola' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'

radius_xlat:  'SELECT id, UserName, Attribute, Value, op FROM radreply
  WHERE Username = 'rsa at idola'   ORDER BY id'

radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,
radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM
radgroupreply,usergroup WHERE         usergroup.Username = 'rsa at idola' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'

rlm_sql (sql): Released sql socket id: 2

  modcall[authorize]: module "sql" returns ok for request 1

rlm_pap: Found existing Auth-Type, not changing it.

  modcall[authorize]: module "pap" returns noop for request 1

rlm_sqlcounter: Entering module authorize code

rlm_sqlcounter: Could not find Check item value pair

  modcall[authorize]: module "noresetcounter" returns noop for request 1

rlm_sqlcounter: Entering module authorize code

rlm_sqlcounter: Could not find Check item value pair

  modcall[authorize]: module "dailycounter" returns noop for request 1

rlm_sqlcounter: Entering module authorize code

rlm_sqlcounter: Could not find Check item value pair

  modcall[authorize]: module "monthlycounter" returns noop for request 1

rlm_sqlcounter: Entering module authorize code

rlm_sqlcounter: Could not find Check item value pair

  modcall[authorize]: module "mbcounter" returns noop for request 1

rlm_sqlcounter: Entering module authorize code

rlm_sqlcounter: Could not find Check item value pair

  modcall[authorize]: module "dailymbcounter" returns noop for request 1

rlm_sqlcounter: Entering module authorize code

rlm_sqlcounter: Could not find Check item value pair

  modcall[authorize]: module "monthlymbcounter" returns noop for request 1

modcall: leaving group authorize (returns ok) for request 1

  rad_check_password:  Found Auth-Type Local

auth: type Local

auth: user supplied CHAP-Password matches local User-Password

  Processing the session section of radiusd.conf

modcall: entering group session for request 1

radius_xlat:  '/usr/local/var/log/radius/radutmp'

radius_xlat:  'rsa at idola'

  modcall[session]: module "radutmp" returns ok for request 1

modcall: leaving group session (returns ok) for request 1

  Found Post-Auth-Type

  Processing the post-auth section of radiusd.conf

modcall: entering group REJECT for request 1

rlm_sql (sql): Processing sql_postauth

radius_xlat:  'rsa at idola'

rlm_sql (sql): sql_set_user escaped user --> 'rsa at idola'

radius_xlat:  'INSERT into radpostauth (id, user, pass, reply, date) values
('','rsa at idola', 'Chap-Password', 'Access-Reject', NOW())'

rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user,
pass,reply, date) values ('', 'rsa at idola', 'Chap-Password', 'Access-Reject',
NOW())

rlm_sql (sql): Reserving sql socket id: 1

rlm_sql (sql): Released sql socket id: 1

  modcall[post-auth]: module "sql" returns ok for request 1

modcall: leaving group REJECT (returns ok) for request 1

Delaying request 1 for 1 seconds

Finished request 1

Going to the next request

--- Walking the entire request list ---

Waking up in 1 seconds...

rad_recv: Access-Request packet from host 129.47.26.123:1088, id=8,
length=179

Sending Access-Reject of id 8 to 129.47.26.123 port 1088

Reply-Message := "\r\nYou are already logged in - access denied\r\n\n"

Waking up in 1 seconds...



I have already checked my NAS and there is no session for rsa at idola, I try
with radzap and still not working…

Any help please…



thanks

trio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070515/651e534c/attachment.html>

More information about the Freeradius-Users mailing list