Last call for 2.1.10

John Horne john.horne at plymouth.ac.uk
Wed Sep 22 19:02:56 CEST 2010


On Wed, 2010-09-22 at 18:53 +0200, Alan DeKok wrote:
> John Horne wrote:
> > The problem seems to be that although the proxy server returns a 'Yes'
> > reply (meaning the user is authenticated)
> 
>   What does that mean?  There is no standard attribute to transport a "Yes".
> 
Sorry, the 'Yes' is just the reply-message from the proxy server.

> > Although this looks like a pppd problem, it only occurs after we have
> > issued 'radmin -e hup'. If we don't use the control-socket, or just use
> > it without issuing a 'hup', then pppd works fine.
> 
>   Use tcpdump to see what the Access-Accepts look like before && after
> the HUP.
> 
I ran radiusd -X instead and saw:

For a working login:

=====================================================
Login OK: [jhorne] (from client localhost port 0 cli 141.163.60.7)
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 24 to 127.0.0.1 port 59536
        Framed-IP-Address = 141.163.192.64
        MS-MPPE-Encryption-Types = 0x00000004
        MS-MPPE-Encryption-Policy = 0x00000002
        MS-CHAP2-Success =
0xdb533d43314635413343393031354536343336343346313837304135454345383546444545363443433432
        Reply-Message = "Yes"
        MS-MPPE-Recv-Key = 0xdbeaf9748e2221f03f521d891346d33f
        MS-MPPE-Send-Key = 0xc346ea6996ae8388f9de48e0f2fa0434
Finished request 0.
=====================================================


For a failed login:

=====================================================
Login OK: [jhorne] (from client localhost port 0 cli 141.163.60.7)
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 27 to 127.0.0.1 port 53597
        Framed-IP-Address = 141.163.192.64
        MS-MPPE-Encryption-Types = 0x00000004
        MS-MPPE-Encryption-Policy = 0x00000002
        Reply-Message = "Yes"
        MS-MPPE-Recv-Key = 0xa6f4391a49e2df2088d8807bd929eef6
        MS-MPPE-Send-Key = 0x1d8311b17d07f5a1be38f07abe1211e3
Finished request 3.

=====================================================


The failed login has no MS-CHAP2-Success attribute being sent back.



John.

-- 
John Horne                   Tel: +44 (0)1752 587287
University of Plymouth, UK   Fax: +44 (0)1752 587001




More information about the Freeradius-Users mailing list