<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<META content="MSHTML 6.00.2900.3395" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<DIV>radius version is 1.1.7</DIV>
<DIV> </DIV>
<DIV><A href="mailto:root@colo-radius:/usr/sbin">root@colo-radius:/usr/sbin</A># freeradius -X<BR>Starting - reading configuration files ...<BR>reread_config: reading radiusd.conf<BR>Config: including file: /etc/freeradius/proxy.conf<BR>Config: including file: /etc/freeradius/clients.conf<BR>Config: including file: /etc/freeradius/snmp.conf<BR> main: prefix = "/usr"<BR> main: localstatedir = "/var"<BR> main: logdir = "/var/www"<BR> main: libdir = "/usr/lib"<BR> main: radacctdir = "/var/www/radacct"<BR> main: hostname_lookups = no<BR> main: snmp = no<BR> main: max_request_time = 30<BR> main: cleanup_delay = 5<BR> main: max_requests = 1024<BR> main: delete_blocked_requests = 0<BR> main: port = 1645<BR> main: allow_core_dumps = no<BR> main: log_stripped_names = no<BR> main: log_file = "/var/www/radius.txt"<BR> main: log_auth = yes<BR> main: log_auth_badpass = yes<BR> main: log_auth_goodpass = no<BR> main: pidfile = "/var/run/freeradius/radiusd.pid"<BR> main: user = "(null)"<BR> main: group = "(null)"<BR> main: usercollide = no<BR> main: lower_user = "no"<BR> main: lower_pass = "no"<BR> main: nospace_user = "no"<BR> main: nospace_pass = "no"<BR> main: checkrad = "/usr/sbin/checkrad"<BR> main: proxy_requests = yes<BR> proxy: retry_delay = 5<BR> proxy: retry_count = 3<BR> proxy: synchronous = no<BR> proxy: default_fallback = yes<BR> proxy: dead_time = 120<BR> proxy: post_proxy_authorize = no<BR> proxy: wake_all_if_all_dead = no<BR> security: max_attributes = 200<BR> security: reject_delay = 1<BR> security: status_server = no<BR> main: debug_level = 0<BR>read_config_files: reading dictionary<BR>read_config_files: reading naslist<BR>Using deprecated naslist file. Support for this will go away soon.<BR>read_config_files: reading clients<BR>read_config_files: reading realms<BR>radiusd: entering modules setup<BR>Module: Library search path is /usr/lib<BR>Module: Loaded Counter<BR> counter: filename = "/etc/freeradius/db.daily"<BR> counter: key = "User-Name"<BR> counter: reset = "daily"<BR> counter: count-attribute = "Acct-Session-Time"<BR> counter: counter-name = "Daily-Session-Time"<BR> counter: check-name = "Max-Daily-Session"<BR> counter: allowed-servicetype = "Framed-User"<BR> counter: cache-size = 5000<BR>rlm_counter: Counter attribute Daily-Session-Time is number 1830<BR>rlm_counter: Current Time: 1230746513 [2008-12-31 13:01:53], Next reset 1230786000 [2009-01-01 00:00:00]<BR>Module: Instantiated counter (daily)<BR>Module: Loaded LDAP<BR> ldap: server = "172.16.8.141"<BR> ldap: port = 389<BR> ldap: net_timeout = 10<BR> ldap: timeout = 5<BR> ldap: timelimit = 5<BR> ldap: identity = ""<BR> ldap: tls_mode = no<BR> ldap: start_tls = no<BR> ldap: tls_cacertfile = "(null)"<BR> ldap: tls_cacertdir = "(null)"<BR> ldap: tls_certfile = "(null)"<BR> ldap: tls_keyfile = "(null)"<BR> ldap: tls_randfile = "(null)"<BR> ldap: tls_require_cert = "allow"<BR> ldap: password = ""<BR> ldap: basedn = "o=nwf,c=us"<BR> ldap: filter = "(&(CN=%{User-Name})(objectClass=person))"<BR> ldap: base_filter = "(objectclass=radiusprofile)"<BR> ldap: default_profile = "(null)"<BR> ldap: profile_attribute = "(null)"<BR> ldap: password_header = "(null)"<BR> ldap: password_attribute = "(null)"<BR> ldap: access_attr = "(null)"<BR> ldap: groupname_attribute = "cn"<BR> ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"<BR> ldap: groupmembership_attribute = "(null)"<BR> ldap: dictionary_mapping = "/etc/freeradius/ldap.attrmap"<BR> ldap: ldap_debug = 0<BR> ldap: ldap_connections_number = 10<BR> ldap: compare_check_items = no<BR> ldap: access_attr_used_for_allow = yes<BR> ldap: do_xlat = yes<BR> ldap: edir_account_policy_check = yes<BR> ldap: set_auth_type = yes<BR>rlm_ldap: Registering ldap_groupcmp for Ldap-Group<BR>rlm_ldap: Registering ldap_xlat with xlat_name ldap<BR>rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap<BR>rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$<BR>rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$<BR>rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type<BR>rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use<BR>rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id<BR>rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id<BR>rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password<BR>rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password<BR>rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT<BR>rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration<BR>rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address<BR>rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type<BR>rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol<BR>rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address<BR>rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask<BR>rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route<BR>rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing<BR>rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id<BR>rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU<BR>rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression<BR>rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host<BR>rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service<BR>rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port<BR>rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number<BR>rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id<BR>rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network<BR>rlm_ldap: LDAP radiusClass mapped to RADIUS Class<BR>rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout<BR>rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout<BR>rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action<BR>rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service<BR>rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node<BR>rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group<BR>rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link<BR>rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network<BR>rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone<BR>rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit<BR>rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port<BR>rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message<BR>conns: 0xb93ecd88<BR>Module: Instantiated ldap (ldap)<BR>Module: Loaded preprocess<BR> preprocess: huntgroups = "/etc/freeradius/huntgroups"<BR> preprocess: hints = "/etc/freeradius/hints"<BR> preprocess: with_ascend_hack = no<BR> preprocess: ascend_channels_per_line = 23<BR> preprocess: with_ntdomain_hack = no<BR> preprocess: with_specialix_jetstream_hack = no<BR> preprocess: with_cisco_vsa_hack = no<BR> preprocess: with_alvarion_vsa_hack = no<BR>Module: Instantiated preprocess (preprocess)<BR>Listening on authentication *:1645<BR>Listening on accounting *:1646<BR>Ready to process requests.<BR>rad_recv: Access-Request packet from host 172.16.8.7:1543, id=105, length=58<BR> User-Name = "hottel"<BR> User-Password = ""<BR> NAS-IP-Address = 64.241.16.2<BR> NAS-Port = 0<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 0<BR> modcall[authorize]: module "preprocess" returns ok for request 0<BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization for hottel<BR>radius_xlat: '(&(CN=hottel)(objectClass=person))'<BR>radius_xlat: 'o=nwf,c=us'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: attempting LDAP reconnection<BR>rlm_ldap: (re)connect to 172.16.8.141:389, authentication 0<BR>rlm_ldap: bind as / to 172.16.8.141:389<BR>rlm_ldap: waiting for bind result ...<BR>rlm_ldap: Bind was successful<BR>rlm_ldap: performing search in o=nwf,c=us, with filter (&(CN=hottel)(objectClass=person))<BR>rlm_ldap: No default NMAS login sequence<BR>rlm_ldap: looking for check items in directory...<BR>rlm_ldap: looking for reply items in directory...<BR>rlm_ldap: Setting Auth-Type = ldap<BR>rlm_ldap: user hottel authorized to use remote access<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> modcall[authorize]: module "ldap" returns ok for request 0<BR>modcall: leaving group authorize (returns ok) for request 0<BR> rad_check_password: Found Auth-Type ldap<BR>auth: type "LDAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group LDAP for request 0<BR>rlm_ldap: - authenticate<BR>rlm_ldap: login attempt by "hottel" with password ""<BR>rlm_ldap: user DN: cn=Hottel,ou=Users,ou=HQ,o=NWF,c=US<BR>rlm_ldap: (re)connect to 172.16.8.141:389, authentication 1<BR>rlm_ldap: bind as cn=Hottel,ou=Users,ou=HQ,o=NWF,c=US/ to 172.16.8.141:389<BR>rlm_ldap: waiting for bind result ...<BR>rlm_ldap: Bind was successful<BR>rlm_ldap: user hottel authenticated succesfully<BR> modcall[authenticate]: module "ldap" returns ok for request 0<BR>modcall: leaving group LDAP (returns ok) for request 0<BR>Login OK: [hottel] (from client Sonicwall port 0)<BR>Sending Access-Accept of id 105 to 172.16.8.7 port 1543<BR>Finished request 0<BR>Going to the next request<BR>--- Walking the entire request list ---<BR>Waking up in 6 seconds...<BR>--- Walking the entire request list ---<BR>Cleaning up request 0 ID 105 with timestamp 495bb3a1<BR>Nothing to do. Sleeping until we see a request.<BR>rad_recv: Access-Request packet from host 172.16.8.7:1543, id=106, length=57<BR> User-Name = "icore"<BR> User-Password = ""<BR> NAS-IP-Address = 64.241.16.2<BR> NAS-Port = 0<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 1<BR> modcall[authorize]: module "preprocess" returns ok for request 1<BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization for icore<BR>radius_xlat: '(&(CN=icore)(objectClass=person))'<BR>radius_xlat: 'o=nwf,c=us'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in o=nwf,c=us, with filter (&(CN=icore)(objectClass=person))<BR>rlm_ldap: No default NMAS login sequence<BR>rlm_ldap: looking for check items in directory...<BR>rlm_ldap: looking for reply items in directory...<BR>rlm_ldap: Setting Auth-Type = ldap<BR>rlm_ldap: user icore authorized to use remote access<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> modcall[authorize]: module "ldap" returns ok for request 1<BR>modcall: leaving group authorize (returns ok) for request 1<BR> rad_check_password: Found Auth-Type ldap<BR>auth: type "LDAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group LDAP for request 1<BR>rlm_ldap: - authenticate<BR>rlm_ldap: login attempt by "icore" with password ""<BR>rlm_ldap: user DN: cn=icore,ou=External,ou=HQ,o=NWF,c=US<BR>rlm_ldap: (re)connect to 172.16.8.141:389, authentication 1<BR>rlm_ldap: bind as cn=icore,ou=External,ou=HQ,o=NWF,c=US/ to 172.16.8.141:389<BR>rlm_ldap: waiting for bind result ...<BR>rlm_ldap: Bind was successful<BR>rlm_ldap: user icore authenticated succesfully<BR> modcall[authenticate]: module "ldap" returns ok for request 1<BR>modcall: leaving group LDAP (returns ok) for request 1<BR>Login OK: [icore] (from client Sonicwall port 0)<BR>Sending Access-Accept of id 106 to 172.16.8.7 port 1543<BR>Finished request 1<BR>Going to the next request<BR>--- Walking the entire request list ---<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 172.16.8.7:1543, id=107, length=57<BR> User-Name = "icore"<BR> User-Password = ""<BR> NAS-IP-Address = 64.241.16.2<BR> NAS-Port = 0<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 2<BR> modcall[authorize]: module "preprocess" returns ok for request 2<BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization for icore<BR>radius_xlat: '(&(CN=icore)(objectClass=person))'<BR>radius_xlat: 'o=nwf,c=us'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in o=nwf,c=us, with filter (&(CN=icore)(objectClass=person))<BR>rlm_ldap: No default NMAS login sequence<BR>rlm_ldap: looking for check items in directory...<BR>rlm_ldap: looking for reply items in directory...<BR>rlm_ldap: Setting Auth-Type = ldap<BR>rlm_ldap: user icore authorized to use remote access<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> modcall[authorize]: module "ldap" returns ok for request 2<BR>modcall: leaving group authorize (returns ok) for request 2<BR> rad_check_password: Found Auth-Type ldap<BR>auth: type "LDAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group LDAP for request 2<BR>rlm_ldap: - authenticate<BR>rlm_ldap: login attempt by "icore" with password ""<BR>rlm_ldap: user DN: cn=icore,ou=External,ou=HQ,o=NWF,c=US<BR>rlm_ldap: (re)connect to 172.16.8.141:389, authentication 1<BR>rlm_ldap: bind as cn=icore,ou=External,ou=HQ,o=NWF,c=US/ to 172.16.8.141:389<BR>rlm_ldap: waiting for bind result ...<BR>rlm_ldap: Bind was successful<BR>rlm_ldap: user icore authenticated succesfully<BR> modcall[authenticate]: module "ldap" returns ok for request 2<BR>modcall: leaving group LDAP (returns ok) for request 2<BR>Login OK: [icore] (from client Sonicwall port 0)<BR>Sending Access-Accept of id 107 to 172.16.8.7 port 1543<BR>Finished request 2<BR>Going to the next request<BR>--- Walking the entire request list ---<BR>Waking up in 4 seconds...<BR>--- Walking the entire request list ---<BR>Cleaning up request 1 ID 106 with timestamp 495bb3ae<BR>Waking up in 2 seconds...<BR>--- Walking the entire request list ---<BR>Cleaning up request 2 ID 107 with timestamp 495bb3b0<BR>Nothing to do. Sleeping until we see a request.<BR>rad_recv: Access-Request packet from host 172.16.8.7:1543, id=108, length=57<BR> User-Name = "icore"<BR> User-Password = ""<BR> NAS-IP-Address = 64.241.16.2<BR> NAS-Port = 0<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 3<BR> modcall[authorize]: module "preprocess" returns ok for request 3<BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization for icore<BR>radius_xlat: '(&(CN=icore)(objectClass=person))'<BR>radius_xlat: 'o=nwf,c=us'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in o=nwf,c=us, with filter (&(CN=icore)(objectClass=person))<BR>rlm_ldap: No default NMAS login sequence<BR>rlm_ldap: looking for check items in directory...<BR>rlm_ldap: looking for reply items in directory...<BR>rlm_ldap: Setting Auth-Type = ldap<BR>rlm_ldap: user icore authorized to use remote access<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> modcall[authorize]: module "ldap" returns ok for request 3<BR>modcall: leaving group authorize (returns ok) for request 3<BR> rad_check_password: Found Auth-Type ldap<BR>auth: type "LDAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group LDAP for request 3<BR>rlm_ldap: - authenticate<BR>rlm_ldap: login attempt by "icore" with password ""<BR>rlm_ldap: user DN: cn=icore,ou=External,ou=HQ,o=NWF,c=US<BR>rlm_ldap: (re)connect to 172.16.8.141:389, authentication 1<BR>rlm_ldap: bind as cn=icore,ou=External,ou=HQ,o=NWF,c=US/ to 172.16.8.141:389<BR>rlm_ldap: waiting for bind result ...<BR>rlm_ldap: Bind was successful<BR>rlm_ldap: user icore authenticated succesfully<BR> modcall[authenticate]: module "ldap" returns ok for request 3<BR>modcall: leaving group LDAP (returns ok) for request 3<BR>Login OK: [icore] (from client Sonicwall port 0)<BR>Sending Access-Accept of id 108 to 172.16.8.7 port 1543<BR>Finished request 3<BR>Going to the next request<BR>--- Walking the entire request list ---<BR>Waking up in 6 seconds...<BR>--- Walking the entire request list ---<BR>Cleaning up request 3 ID 108 with timestamp 495bb3ba<BR>Nothing to do. Sleeping until we see a request.<BR>rad_recv: Access-Request packet from host 172.16.8.7:1543, id=109, length=57<BR> User-Name = "icore"<BR> User-Password = ""<BR> NAS-IP-Address = 64.241.16.2<BR> NAS-Port = 0<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 4<BR> modcall[authorize]: module "preprocess" returns ok for request 4<BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization for icore<BR>radius_xlat: '(&(CN=icore)(objectClass=person))'<BR>radius_xlat: 'o=nwf,c=us'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in o=nwf,c=us, with filter (&(CN=icore)(objectClass=person))<BR>rlm_ldap: object not found or got ambiguous search result<BR>rlm_ldap: search failed<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> modcall[authorize]: module "ldap" returns notfound for request 4<BR>modcall: leaving group authorize (returns ok) for request 4<BR>auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user<BR>auth: Failed to validate the user.<BR>Login incorrect (rlm_ldap: User not found): [icore/] (from client Sonicwall port 0)<BR>Delaying request 4 for 1 seconds<BR>Finished request 4<BR>Going to the next request<BR>--- Walking the entire request list ---<BR>Waking up in 1 seconds...<BR>--- Walking the entire request list ---<BR>Waking up in 1 seconds...<BR>--- Walking the entire request list ---<BR>Sending Access-Reject of id 109 to 172.16.8.7 port 1543<BR>Waking up in 4 seconds...<BR>--- Walking the entire request list ---<BR>Cleaning up request 4 ID 109 with timestamp 495bb3cf<BR>Nothing to do. Sleeping until we see a request.<BR><BR><BR>>>> On 12/31/2008 at 10:46 AM, in message <495B93D8.3020305@deployingradius.com>, Alan DeKok <aland@deployingradius.com> wrote:<BR></DIV>
<DIV style="PADDING-LEFT: 7px; MARGIN: 0px 0px 0px 15px; BORDER-LEFT: #050505 1px solid; BACKGROUND-COLOR: #f3f3f3">John Hottel wrote:<BR>> If i happen to make a login attempt within 15 seconds of that coming up,<BR>> i see:<BR>> <BR>> "---Walking the entire request list---<BR><BR> You are running 1.1.7 (or later).<BR><BR> Upgrade to 2.1.3.<BR><BR>> Waking up in 1 seconds...<BR>> sending Access-Reject<BR>> waking up in 4 seconds... "<BR>> <BR>> When i try again, it works.<BR>> <BR>> <BR>> Any ideas what this could be? If you need more info as to my version of<BR>> freeradius, i will be more then happy to supply the info, if you tell me<BR>> how to retrieve it :)<BR><BR>$ man radiusd<BR><BR> radiusd -v<BR><BR> Alan DeKok.<BR>-<BR>List info/subscribe/unsubscribe? See <A href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A><BR></DIV></BODY></HTML>