EAP authentication stopped working
larry tembu
larrytembu at yahoo.com
Sat May 4 10:03:19 CEST 2013
Hi Freeradius users,
i have FR freeradius-2.2.0-0.fc17.i686 set up on fedora 17 machine. the wimax clients are supplying EAPttls Mschapv2 for authentication. a few weeks ago, the configuration was working and authenticating, but it suddenly stopped. the users are created in the users file and below is the radiusd -X output. any more info required will be promptly provided. could someone help me out on this? the wimax system is 4M alvarion and the CPe are well configured.
ignore_null = no
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating module "detail" from file /etc/raddb/modules/detail
detail {
detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/attrs.accounting_response
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/attrs.access_reject
} # modules
} # server
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/var/run/radiusd/radiusd.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
... adding new socket proxy address * port 46422
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 11.0.0.205 port 1812, id=153, length=196
User-Name = "{sm=1}rawlacurone at adn.com"
EAP-Message = 0x0201001e017b736d3d317d7261776c616375726f6e654061646e2e636f6d
Message-Authenticator = 0x39a7eb8d6128461e0fa6caf5dd5c26c3
NAS-Identifier = "201"
NAS-IP-Address = 11.0.0.205
Calling-Station-Id = "AC-81-12-78-CA-6E"
WiMAX-BS-Id = 0xfff329010102
NAS-Port-Type = Wireless-802.16
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 256
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-Attr-1793 = 0x0000028a
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
[auth_log] expand: %t -> Wed May 1 17:46:27 2013
++[auth_log] returns fail
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> {sm=1}rawlacurone at adn.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 153 to 11.0.0.205 port 1812
Waking up in 4.9 seconds.
Cleaning up request 0 ID 153 with timestamp +1
Ready to process requests.
rad_recv: Access-Request packet from host 11.0.0.205 port 1812, id=154, length=196
User-Name = "{sm=1}rawlacurone at adn.com"
EAP-Message = 0x0201001e017b736d3d317d7261776c616375726f6e654061646e2e636f6d
Message-Authenticator = 0x0ddedece670902a6348d2b16c392c015
NAS-Identifier = "201"
NAS-IP-Address = 11.0.0.205
Calling-Station-Id = "AC-81-12-78-CA-6E"
WiMAX-BS-Id = 0xfff329010102
NAS-Port-Type = Wireless-802.16
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 256
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-Attr-1793 = 0x0000028a
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
[auth_log] expand: %t -> Wed May 1 17:46:35 2013
++[auth_log] returns fail
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> {sm=1}rawlacurone at adn.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 154 to 11.0.0.205 port 1812
Waking up in 4.9 seconds.
Cleaning up request 1 ID 154 with timestamp +9
Ready to process requests.
rad_recv: Access-Request packet from host 11.0.0.205 port 1812, id=155, length=196
User-Name = "{sm=1}rawlacurone at adn.com"
EAP-Message = 0x0201001e017b736d3d317d7261776c616375726f6e654061646e2e636f6d
Message-Authenticator = 0x8cbc1a4105e88c044aaa7a95df6dc98a
NAS-Identifier = "201"
NAS-IP-Address = 11.0.0.205
Calling-Station-Id = "AC-81-12-78-CA-6E"
WiMAX-BS-Id = 0xfff329010102
NAS-Port-Type = Wireless-802.16
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 256
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-Attr-1793 = 0x0000028a
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
[auth_log] expand: %t -> Wed May 1 17:46:43 2013
++[auth_log] returns fail
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> {sm=1}rawlacurone at adn.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 155 to 11.0.0.205 port 1812
Waking up in 4.9 seconds.
Cleaning up request 2 ID 155 with timestamp +17
Ready to process requests.
rad_recv: Access-Request packet from host 11.0.0.205 port 1812, id=157, length=196
User-Name = "{sm=1}rawlacurone at adn.com"
EAP-Message = 0x0201001e017b736d3d317d7261776c616375726f6e654061646e2e636f6d
Message-Authenticator = 0xd84871a21825f994c68593b4d78ca653
NAS-Identifier = "201"
NAS-IP-Address = 11.0.0.205
Calling-Station-Id = "AC-81-12-78-CA-6E"
WiMAX-BS-Id = 0xfff329010102
NAS-Port-Type = Wireless-802.16
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 256
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-Attr-1793 = 0x0000028a
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expan
[auth_log] expand: %t -> Wed May 1 17:46:50 2013
++[auth_log] returns fail
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> {sm=1}rawlacurone at adn.co
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 3 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 157 to 11.0.0.205 port 1812
Waking up in 4.9 seconds.
^C
[root at adn larry]#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130504/da210092/attachment-0001.html>
More information about the Freeradius-Users
mailing list