Free Radius users record samples for SmartEdgerouter subcriberauthentication.

Elias Abou Zeid elias.abou.zeid at ericsson.com
Tue Jun 16 23:34:59 CEST 2009


Hi Ivan,

The version info is:
radiusd: FreeRADIUS Version 1.1.7, for host sparc-sun-solaris2.10, built
on Jan  8 2008 at 00:54:01
Copyright (C) 2000-2007 The FreeRADIUS server project.

I added in users: Auth-Type := Local,

But still same debug result:

Ready to process requests.
rad_recv: Access-Request packet from host 10.205.1.1:1812, id=4,
length=187
        User-Name = "abc at RADIUS"
        User-Password = "test"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Identifier = "Quiet"
        NAS-Port = 167903232
        NAS-Real-Port = 2717909092
        NAS-Port-Type = Virtual
        NAS-Port-Id = "10/2 vlan-id 100 pppoe 348"
        Medium-Type = DSL
        Mac-Addr = "00-0c-29-10-12-c3"
        Platform-Type = SmartEdge-800
        OS-Version = "6.1.2.6p9"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:
'/usr/local/var/log/radius/radacct/10.205.1.1/auth-detail-20090616'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%
d expands to
/usr/local/var/log/radius/radacct/10.205.1.1/auth-detail-20090616
  modcall[authorize]: module "auth_log" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: Looking up realm "RADIUS" for User-Name = "abc at RADIUS"
    rlm_realm: No such realm "RADIUS"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
    users: Matched entry DEFAULT at line 183
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  modcall[authenticate]: module "unix" returns notfound for request 0
modcall: leaving group authenticate (returns notfound) for request 0
auth: Failed to validate the user.
Login incorrect: [abc at RADIUS/test] (from client SE-Quiet port 167903232)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 4 to 10.205.1.1 port 1812
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 4 with timestamp 4a380fa8
Nothing to do.  Sleeping until we see a request.

Any other ideas ?

BR,
Elias 

-----Original Message-----
From:
freeradius-users-bounces+elias.abou.zeid=ericsson.com at lists.freeradius.o
rg
[mailto:freeradius-users-bounces+elias.abou.zeid=ericsson.com at lists.free
radius.org] On Behalf Of Ivan Kalik
Sent: June-16-09 5:28 PM
To: FreeRadius users mailing list
Subject: RE: Free Radius users record samples for SmartEdgerouter
subcriberauthentication.

> Now the subscriber config on Radius is as follows:
>
> abc at RADIUS      Cleartext-Password := "test"
>                 Service-Type = Framed-User,
>                 Framed-Protocol = PPP

Are you sure you are changing the correct users file? I don't see this
entry in the debug. Do you know what server version you are using? Do
radiusd -v if you don't. This debug looks older than 1.1.4.

>>From redius debug:
>  rad_recv: Access-Request packet from host 10.205.1.1:1812, id=3,
> length=187
>         User-Name = "abc at RADIUS"
>         User-Password = "test"
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         NAS-Identifier = "Quiet"
>         NAS-Port = 167903232
>         NAS-Real-Port = 2717909092
>         NAS-Port-Type = Virtual
>         NAS-Port-Id = "10/2 vlan-id 100 pppoe 347"
>         Medium-Type = DSL
>         Mac-Addr = "00-0c-29-10-12-c3"
>         Platform-Type = SmartEdge-800
>         OS-Version = "6.1.2.6p9"
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
> radius_xlat:
> '/usr/local/var/log/radius/radacct/10.205.1.1/auth-detail-20090616'
> rlm_detail:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%
> m%
> d expands to
> /usr/local/var/log/radius/radacct/10.205.1.1/auth-detail-20090616
>   modcall[authorize]: module "auth_log" returns ok for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   modcall[authorize]: module "mschap" returns noop for request 0
>     rlm_realm: Looking up realm "RADIUS" for User-Name = "abc at RADIUS"
>     rlm_realm: No such realm "RADIUS"
>   modcall[authorize]: module "suffix" returns noop for request 0
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 0
>     users: Matched entry DEFAULT at line 152
>     users: Matched entry DEFAULT at line 171
>     users: Matched entry DEFAULT at line 183

One of these sets Auth-Type System. Comment it out.

>   modcall[authorize]: module "files" returns ok for request 0
> modcall: leaving group authorize (returns ok) for request 0
>   rad_check_password:  Found Auth-Type System
> auth: type "System"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
>   modcall[authenticate]: module "unix" returns notfound for request 0
> modcall: leaving group authenticate (returns notfound) for request 0
> auth: Failed to validate the user.
> Login incorrect: [abc at RADIUS/test] (from client SE-Quiet port 
> 167903232) Delaying request 0 for 1 seconds Finished request 0
>
> Unfortunately, the login is still failing with no obvious reason why.

Because default entry in users file sets Auth-Type to System. It was
like that by default in old versions. If your version in pre 1.1.4 you
will need to force Auth-Type. Probably to Local. But let's see the
version first.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list