EAP authentication stopped working
Peter Lambrechtsen
peter at crypt.co.nz
Sat May 4 10:24:58 CEST 2013
Why does auth_log return fail?
On May 4, 2013 8:04 PM, "larry tembu" <larrytembu at yahoo.com> wrote:
> Hi Freeradius users,
> i have FR freeradius-2.2.0-0.fc17.i686 set up on fedora 17 machine. the
> wimax clients are supplying EAPttls Mschapv2 for authentication. a few
> weeks ago, the configuration was working and authenticating, but it
> suddenly stopped. the users are created in the users file and below is the
> radiusd -X output. any more info required will be promptly provided. could
> someone help me out on this? the wimax system is 4M alvarion and the CPe
> are well configured.
> ignore_null = no
> }
> Module: Checking accounting {...} for more modules to load
> Module: Instantiating module "detail" from file /etc/raddb/modules/detail
> detail {
> detailfile =
> "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> header = "%t"
> detailperm = 384
> dirperm = 493
> locking = no
> log_packet_header = no
> }
> Module: Linked to module rlm_radutmp
> Module: Instantiating module "radutmp" from file
> /etc/raddb/modules/radutmp
> radutmp {
> filename = "/var/log/radius/radutmp"
> username = "%{User-Name}"
> case_sensitive = yes
> check_with_nas = yes
> perm = 384
> callerid = yes
> }
> Module: Linked to module rlm_attr_filter
> Module: Instantiating module "attr_filter.accounting_response" from file
> /etc/raddb/modules/attr_filter
> attr_filter attr_filter.accounting_response {
> attrsfile = "/etc/raddb/attrs.accounting_response"
> key = "%{User-Name}"
> relaxed = no
> }
> reading pairlist file /etc/raddb/attrs.accounting_response
> Module: Checking session {...} for more modules to load
> Module: Checking post-proxy {...} for more modules to load
> Module: Checking post-auth {...} for more modules to load
> Module: Instantiating module "attr_filter.access_reject" from file
> /etc/raddb/modules/attr_filter
> attr_filter attr_filter.access_reject {
> attrsfile = "/etc/raddb/attrs.access_reject"
> key = "%{User-Name}"
> relaxed = no
> }
> reading pairlist file /etc/raddb/attrs.access_reject
> } # modules
> } # server
> server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
> modules {
> Module: Checking authenticate {...} for more modules to load
> Module: Checking authorize {...} for more modules to load
> Module: Checking session {...} for more modules to load
> Module: Checking post-proxy {...} for more modules to load
> Module: Checking post-auth {...} for more modules to load
> } # modules
> } # server
> radiusd: #### Opening IP addresses and Ports ####
> listen {
> type = "auth"
> ipaddr = *
> port = 0
> }
> listen {
> type = "acct"
> ipaddr = *
> port = 0
> }
> listen {
> type = "control"
> listen {
> socket = "/var/run/radiusd/radiusd.sock"
> }
> }
> listen {
> type = "auth"
> ipaddr = 127.0.0.1
> port = 18120
> }
> ... adding new socket proxy address * port 46422
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Listening on command file /var/run/radiusd/radiusd.sock
> Listening on authentication address 127.0.0.1 port 18120 as server
> inner-tunnel
> Listening on proxy address * port 1814
> Ready to process requests.
> rad_recv: Access-Request packet from host 11.0.0.205 port 1812, id=153,
> length=196
> User-Name = "{sm=1}rawlacurone at adn.com"
> EAP-Message =
> 0x0201001e017b736d3d317d7261776c616375726f6e654061646e2e636f6d
> Message-Authenticator = 0x39a7eb8d6128461e0fa6caf5dd5c26c3
> NAS-Identifier = "201"
> NAS-IP-Address = 11.0.0.205
> Calling-Station-Id = "AC-81-12-78-CA-6E"
> WiMAX-BS-Id = 0xfff329010102
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 256
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Attr-1793 = 0x0000028a
> # Executing section authorize from file /etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [auth_log] expand:
> /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
> /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
> [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
> [auth_log] expand: %t -> Wed May 1 17:46:27 2013
> ++[auth_log] returns fail
> Using Post-Auth-Type REJECT
> # Executing group from file /etc/raddb/sites-enabled/default
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> {sm=
> 1}rawlacurone at adn.com
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Sending Access-Reject of id 153 to 11.0.0.205 port 1812
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 153 with timestamp +1
> Ready to process requests.
> rad_recv: Access-Request packet from host 11.0.0.205 port 1812, id=154,
> length=196
> User-Name = "{sm=1}rawlacurone at adn.com"
> EAP-Message =
> 0x0201001e017b736d3d317d7261776c616375726f6e654061646e2e636f6d
> Message-Authenticator = 0x0ddedece670902a6348d2b16c392c015
> NAS-Identifier = "201"
> NAS-IP-Address = 11.0.0.205
> Calling-Station-Id = "AC-81-12-78-CA-6E"
> WiMAX-BS-Id = 0xfff329010102
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 256
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Attr-1793 = 0x0000028a
> # Executing section authorize from file /etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [auth_log] expand:
> /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
> /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
> [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
> [auth_log] expand: %t -> Wed May 1 17:46:35 2013
> ++[auth_log] returns fail
> Using Post-Auth-Type REJECT
> # Executing group from file /etc/raddb/sites-enabled/default
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> {sm=
> 1}rawlacurone at adn.com
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 1 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 1
> Sending Access-Reject of id 154 to 11.0.0.205 port 1812
> Waking up in 4.9 seconds.
> Cleaning up request 1 ID 154 with timestamp +9
> Ready to process requests.
> rad_recv: Access-Request packet from host 11.0.0.205 port 1812, id=155,
> length=196
> User-Name = "{sm=1}rawlacurone at adn.com"
> EAP-Message =
> 0x0201001e017b736d3d317d7261776c616375726f6e654061646e2e636f6d
> Message-Authenticator = 0x8cbc1a4105e88c044aaa7a95df6dc98a
> NAS-Identifier = "201"
> NAS-IP-Address = 11.0.0.205
> Calling-Station-Id = "AC-81-12-78-CA-6E"
> WiMAX-BS-Id = 0xfff329010102
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 256
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Attr-1793 = 0x0000028a
> # Executing section authorize from file /etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [auth_log] expand:
> /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
> /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
> [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
> [auth_log] expand: %t -> Wed May 1 17:46:43 2013
> ++[auth_log] returns fail
> Using Post-Auth-Type REJECT
> # Executing group from file /etc/raddb/sites-enabled/default
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> {sm=
> 1}rawlacurone at adn.com
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 2 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 2
> Sending Access-Reject of id 155 to 11.0.0.205 port 1812
> Waking up in 4.9 seconds.
> Cleaning up request 2 ID 155 with timestamp +17
> Ready to process requests.
> rad_recv: Access-Request packet from host 11.0.0.205 port 1812, id=157,
> length=196
> User-Name = "{sm=1}rawlacurone at adn.com"
> EAP-Message =
> 0x0201001e017b736d3d317d7261776c616375726f6e654061646e2e636f6d
> Message-Authenticator = 0xd84871a21825f994c68593b4d78ca653
> NAS-Identifier = "201"
> NAS-IP-Address = 11.0.0.205
> Calling-Station-Id = "AC-81-12-78-CA-6E"
> WiMAX-BS-Id = 0xfff329010102
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 256
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Attr-1793 = 0x0000028a
> # Executing section authorize from file /etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [auth_log] expand:
> /var/log/radius/radacct/%{Client-IP-Address}/auth-detail
> [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expan
> [auth_log] expand: %t -> Wed May 1 17:46:50 2013
> ++[auth_log] returns fail
> Using Post-Auth-Type REJECT
> # Executing group from file /etc/raddb/sites-enabled/default
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> {sm=
> 1}rawlacurone at adn.co
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 3 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 3
> Sending Access-Reject of id 157 to 11.0.0.205 port 1812
> Waking up in 4.9 seconds.
> ^C
> [root at adn larry]#
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130504/55ce6309/attachment-0001.html>
More information about the Freeradius-Users
mailing list