FS trying to authenticate accounting data

"Jim L." <jdl@imaginenet.net> · Fri, 2 May 2008 10:50:10 -0400

Hello group.

I am running FreeRADIUS 2.0.4 and I am attempting to setup a configuration 

based on the "robust-proxy-accounting" site example. In short, I could not 

get it to work. To attempt to debug the problem, I pared down the 

configuration so the only part that was active was the part that it supposed 

to send the accounting data to a detail file. However, even that small piece 

does not work. The errors I am getting in the debug logs are

auth: No authenticate method (Auth-Type) configuration found for the 

request: Rejecting the user

auth: Failed to validate the user.

However, the configuration to log the data the detail file is only setup for 

accounting, not authentication. This leaves me confused as to why FS is 

attempting to do authentication. The relevant parts of the configuration 

that are active during the test and the debug log is listed below. Any 

assistance would be appreciated.

Thank you,

Jim Lohiser

---------- radiusd.conf
# Single detail file for accounting failover.
detail detail.imaginenet {
       detailfile = "${radacctdir}/imaginenet/detail-%Y%m%d"
}

---------- <site file>
# Dummy server to spool accounting data.
home_server ImagineNet_Detail {
      # Added 'type' value to attempt to force accounting only.
      # Does not fix problem.
      type = acct
      virtual_server = ImagineNet_Detail
}
server ImagineNet_Detail {
      accounting {
              detail.imaginenet
      }
}
home_server_pool ImagineNet_Acct {
       type = load-balance
       home_server = ImagineNet_Detail
       # Turned this off during to debug. Does not fix problem.
       #virtual_server = ImagineNet
}
realm imaginenet.net {
       auth_pool = ImagineNet_Auth
       acct_pool = ImagineNet_Acct
       nostrip
}

########## Full Debug

rad_recv: Accounting-Request packet from host 192.168.0.10 port 51144, 

id=81, length=57

       User-Name = "jlohiser@imaginenet.net"
       Acct-Status-Type = Start
       Acct-Session-Id = "9584"
+- entering group preacct
       expand: %{User-Name} -> jlohiser@imaginenet.net
       expand: %{User-Name} -> jlohiser@imaginenet.net
       expand: %{User-Name} -> jlohiser@imaginenet.net
++[preprocess] returns ok

rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request, 

unique ID MAY be inconsistent

rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.0.10,NAS-IP-Address = 

192.168.0.10,Acct-Session-Id = "9584",User-Name = "jlohiser@imaginenet.net"'

rlm_acct_unique: Acct-Unique-Session-ID = "dc24a5ecb36b1652".
++[acct_unique] returns ok

   rlm_realm: Looking up realm "imaginenet.net" for User-Name = 

"jlohiser@imaginenet.net"

   rlm_realm: Found realm "imaginenet.net"
   rlm_realm: Adding Realm = "imaginenet.net"
   rlm_realm: Proxying request from user jlohiser to realm imaginenet.net

   rlm_realm: Preparing to proxy accounting request to realm 

"imaginenet.net"

++[suffix] returns updated
++[files] returns noop
+- entering group accounting

       expand: 

/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> 

/var/log/radius/radacct/192.168.0.10/detail-20080502

rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d 

expands to /var/log/radius/radacct/192.168.0.10/detail-20080502

       expand: %t -> Fri May  2 02:33:03 2008
++[detail] returns ok
       expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
       expand: %{User-Name} -> jlohiser@imaginenet.net
 rlm_radutmp: No NAS-Port seen.  Cannot do anything.
 rlm_radumtp: WARNING: checkrad will probably not work!
++[radutmp] returns noop
       expand: %{User-Name} -> jlohiser@imaginenet.net
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
+- entering group pre-proxy
   preproxy_users: Matched entry DEFAULT at line 35
       expand: %{Client-IP-Address} -> 192.168.0.10
++[files] returns ok

Sending proxied request internally to virtual server.

server ImagineNet_Detail {

auth: No authenticate method (Auth-Type) configuration found for the 

request: Rejecting the user

auth: Failed to validate the user.

Login incorrect: [jlohiser@imaginenet.net/<no User-Password attribute>] 

(from client fw1.cle1.oh.imaginenet.net port 0 via TLS tunnel)

} # server ImagineNet_Detail
Going to the next request
<<< Received proxied response from internal virtual server.

Login incorrect (Home Server says so): [jlohiser@imaginenet.net/<no 

User-Password attribute>] (from client fw1.cle1.oh.imaginenet.net port 0)

Sending Access-Reject of id 81 to 192.168.0.10 port 51144
Finished request 0.

Cleaning up request 0 ID 81 with timestamp +22 