Radius Squid authentication REJECT
Iftakhul Anwar
anwar at meruvian.org
Thu Apr 11 15:08:31 CEST 2013
Hi Adam,
I'm sorry my previous attachment too large,
This attachment log of radiusd -X output when i try to login using user =
alice with passwrod=password
Thanks
On Thu, Apr 11, 2013 at 8:02 PM, Iftakhul Anwar <anwar at meruvian.org> wrote:
> Hi Adam,
>
> This attachment log of radiusd -X output when i try to login using user =
> alice with passwrod=password
>
>
> On Thu, Apr 11, 2013 at 4:55 PM, Adam Bishop <Adam.Bishop at ja.net> wrote:
>
>> On 11 Apr 2013, at 10:35, Iftakhul Anwar <anwar at meruvian.org> wrote:
>> >
>> > I just use enter after my shared secret.
>> >
>> > Any suggestions ?
>>
>> There are three possibilities
>>
>> * The shared secret is wrong in the squid radius file
>> * The shared secret is wrong in the freeradius clients file
>> * Squid is broken (I think this unlikely)
>>
>> As you've not posted a full debug log, all we can do is guess.
>>
>> My guess is that radtest is using the secret defined in
>> clients.conf:client 127.0.0.1/8 and squid is using the secret defined in
>> clients.conf:client 192.168.2.3
>>
>> Post a full log, and we can probably do more than guess.
>>
>> Adam Bishop
>>
>> gpg: 0x6609D460
>>
>> Janet, the UK's research and education network.
>>
>>
>>
>> Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
>> not-for-profit company which is registered in England under No. 2881024
>> and whose Registered Office is at Lumen House, Library Avenue,
>> Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>
> --
> *M.Iftakhul Anwar*
> Meruvian Integrator
> High Performance Computing / Cloud Computing (HPC/CC)
>
>
> Office Phone : 021-93586577
> Mobile Phone : 085215331477
> Blog : http://blog.mervpolis.com/roller/anwar
> FB : http://www.facebook.com/troya.adromeda
> Website : www.meruvian.org
>
>
--
*M.Iftakhul Anwar*
Meruvian Integrator
High Performance Computing / Cloud Computing (HPC/CC)
Office Phone : 021-93586577
Mobile Phone : 085215331477
Blog : http://blog.mervpolis.com/roller/anwar
FB : http://www.facebook.com/troya.adromeda
Website : www.meruvian.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130411/69da25c1/attachment-0001.html>
-------------- next part --------------
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file /usr/local/etc/raddb/modules/detail
detail {
detailfile = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /usr/local/etc/raddb/attrs.accounting_response
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp
radutmp {
filename = "/usr/local/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /usr/local/etc/raddb/attrs.access_reject
} # modules
} # server
server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
server coa { # from file /usr/local/etc/raddb/sites-enabled/coa
modules {
Module: Checking recv-coa {...} for more modules to load
Module: Linked to module rlm_always
Module: Instantiating module "ok" from file /usr/local/etc/raddb/modules/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
Module: Checking send-coa {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "coa"
server = "coa"
ipaddr = *
port = 3799
}
listen {
type = "control"
listen {
socket = "/usr/local/var/run/radiusd/radiusd.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
... adding new socket proxy address * port 54492
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on coa address * port 3799 as server coa
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
User-Name = "alice"
User-Password = "\335\307-\245#?!7\036f\023\217\3630\257"
NAS-Port = 111
NAS-Port-Type = Async
NAS-IP-Address = 192.168.2.3
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "alice", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> alice
[sql] sql_set_user escaped user --> 'alice'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alice' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alice' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alice' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "\DD\C7-\A5#\CB?!7?f??\F30\AF"
[pap] Using clear text password "password"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> alice
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 1.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 0.9 seconds.
Cleaning up request 0 ID 4 with timestamp +98
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
User-Name = "alice"
User-Password = "\335\307-\245#?!7\036f\023\217\3630\257"
NAS-Port = 111
NAS-Port-Type = Async
NAS-IP-Address = 192.168.2.3
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "alice", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> alice
[sql] sql_set_user escaped user --> 'alice'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alice' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alice' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alice' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "\DD\C7-\A5#\CB?!7?f??\F30\AF"
[pap] Using clear text password "password"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> alice
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 1.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 0.9 seconds.
Cleaning up request 1 ID 4 with timestamp +104
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
User-Name = "alice"
User-Password = "\335\307-\245#?!7\036f\023\217\3630\257"
NAS-Port = 111
NAS-Port-Type = Async
NAS-IP-Address = 192.168.2.3
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "alice", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> alice
[sql] sql_set_user escaped user --> 'alice'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alice' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alice' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alice' ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "\DD\C7-\A5#\CB?!7?f??\F30\AF"
[pap] Using clear text password "password"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> alice
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 1.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 0.9 seconds.
Cleaning up request 2 ID 4 with timestamp +110
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
User-Name = "alice"
User-Password = "\335\307-\245#?!7\036f\023\217\3630\257"
NAS-Port = 111
NAS-Port-Type = Async
NAS-IP-Address = 192.168.2.3
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "alice", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> alice
[sql] sql_set_user escaped user --> 'alice'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alice' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alice' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alice' ORDER BY priority
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "\DD\C7-\A5#\CB?!7?f??\F30\AF"
[pap] Using clear text password "password"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> alice
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 3 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 1.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 0.9 seconds.
Cleaning up request 3 ID 4 with timestamp +116
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
User-Name = "alice"
User-Password = "\335\307-\245#?!7\036f\023\217\3630\257"
NAS-Port = 111
NAS-Port-Type = Async
NAS-IP-Address = 192.168.2.3
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "alice", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> alice
[sql] sql_set_user escaped user --> 'alice'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alice' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alice' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alice' ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "\DD\C7-\A5#\CB?!7?f??\F30\AF"
[pap] Using clear text password "password"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> alice
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 4 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 1.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4, length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 0.9 seconds.
Cleaning up request 4 ID 4 with timestamp +122
Ready to process requests.
More information about the Freeradius-Users
mailing list