Hello to the whole list,<br>I'm experiencing a big and strange problem with the hints file. First I'll explain what I need to do.<br>The users can access only to the machines of some companies OR to all the machine of the same kind, for example I could have user FOO who can have access only to the machines of customer custA and custB and is able to manage all the firewalls of all the customers. To do that I implemented a set of rules in hints which<br>
1) Set the permissions for the logging user<br>2) Recognize the type of machine which the user is trying to access<br>3) Check the permissions relating the customers and sets the (custom) attribute itfgrant to "ok" if the user can log onto that machine<br>
4) Check the permissions relating the type of machine and sets the (custom) attribute itfgrant to "ok" if the user can log onto that machine<b><br></b><br>Then in the users file I check that attribute (itfgrant) along with the password to grant the access.<br>
<br>The problem is that for each user the first login after the starting of the server is evaluated in the right way, with the right permissions. All the successive logins carry the same result as the first one! In other words if the first login resulted in a Access-Accept then EVERY successive login from that user will result in a Access-Accept. The same thing happens if the first login resulted in a Access-Reject.<br>
Restarting the server fixes the behaviour only for another login, then I have to restart the server again.<br><br>Glossary:<br>itfcliente contains the permissions for a given user<br>itfgrant is used to grant access<br>
itfAll-* are used like booleans to give permissions to all the machines of a kind<br>itfclient contains the name ho the customer which the machine belongs (like an huntgroup)<br><br><br>Here is the hints file<br>
<br>#START OF CONTENTS (it starts on the line numbered 37)<br># declaration of users permissions<br>DEFAULT User-Name=="denABcfw"<br> itfcliente+="clienteA",<br> itfcliente+="clienteB",<br>
itfAll-cisco="yes",<br> itfAll-fw="yes",<br> itfAll-win="yes",<br> Fall-Through:="yes"<br><br>DEFAULT User-Name=="denf"<br> itfAll-fw="yes",<br>
Fall-Through:="yes"<br><br>DEFAULT User-Name=="denBC"<br> itfcliente+="clienteB",<br> itfcliente+="clienteC",<br> Fall-Through:="yes"<br><br>DEFAULT User-Name=="maxA"<br>
itfcliente+="clienteA",<br> Fall-Through:="yes"<br><br>###### Detecting the customer<br><br>DEFAULT Nas-Ip-Address =~ "10\.10\.8\.[0-2]?[0-9]*"<br> itfclient:="clienteA",<br>
Fall-Through:="yes"<br><br>DEFAULT Nas-Ip-Address =~ "10\.10\.9\.[0-2]?[0-9]*"<br> itfclient:="clienteB",<br> Fall-Through:="yes"<br><br>DEFAULT Nas-Ip-Address =~ "10\.10\.10\.[0-2]?[0-9]*"<br>
itfclient:="clienteC",<br> Fall-Through:="yes"<br><br>###### Detecting the kind of machine<br><br>DEFAULT Nas-Ip-Address == 10.10.8.1<br> itftype="win",<br> Fall-Through:="yes"<br>
DEFAULT Nas-Ip-Address == 10.10.9.1<br> itftype="win",<br> Fall-Through:="yes"<br>DEFAULT Nas-Ip-Address == 10.10.10.1<br> itftype="win",<br> Fall-Through:="yes"<br>
<br>DEFAULT Nas-Ip-Address == 10.10.8.2<br> itftype="lin",<br> Fall-Through:="yes"<br>DEFAULT Nas-Ip-Address == 10.10.9.2<br> itftype="lin",<br> Fall-Through:="yes"<br>
DEFAULT Nas-Ip-Address == 10.10.10.2<br> itftype="lin",<br> Fall-Through:="yes"<br><br>DEFAULT Nas-Ip-Address == 10.10.8.3<br> itftype="cisco",<br> Fall-Through:="yes"<br>
DEFAULT Nas-Ip-Address == 10.10.9.3<br> itftype="cisco",<br> Fall-Through:="yes"<br>DEFAULT Nas-Ip-Address == 10.10.10.3<br> itftype="cisco",<br> Fall-Through:="yes"<br>
<br>DEFAULT Nas-Ip-Address == 10.10.8.4<br> itftype="fw",<br> Fall-Through:="yes"<br>DEFAULT Nas-Ip-Address == 10.10.9.4<br> itftype="fw",<br> Fall-Through:="yes"<br>
DEFAULT Nas-Ip-Address == 10.10.10.4<br> itftype="fw",<br> Fall-Through:="yes"<br><br>DEFAULT Nas-Ip-Address == 10.10.8.5<br> itftype="voip",<br> Fall-Through:="yes"<br>
DEFAULT Nas-Ip-Address == 10.10.9.5<br> itftype="voip",<br> Fall-Through:="yes"<br>DEFAULT Nas-Ip-Address == 10.10.10.5<br> itftype="voip",<br> Fall-Through:="yes"<br>
<br># Match itfcliente with the customer customer (itfclient)<br><br>DEFAULT itfcliente=="%{itfclient}"<br> itfgrant:="ok",<br> Fall-Through:="yes"<br><br># Match with the type of machine<br>
<br>DEFAULT itftype=="cisco", itfAll-cisco=="yes"<br> itfgrant:="ok",<br> Fall-Through:="yes"<br><br>DEFAULT itftype=="fw", itfAll-fw=="yes"<br> itfgrant:="ok",<br>
Fall-Through:="yes"<br><br>DEFAULT itftype=="win", itfAll-win=="yes"<br> itfgrant:="ok",<br> Fall-Through:="yes"<br><br>DEFAULT itftype=="lin", itfAll-lin=="yes"<br>
itfgrant:="ok",<br> Fall-Through:="yes"<br><br>DEFAULT itftype=="voip", itfAll-cisco=="voip"<br> itfgrant:="ok"<br>#END OF CONTENTS<br><br><br>And here come the users file<br>
<br><br># this one has access to customers A and B, and to all the cisco equipment, firewalls and windows machines<br>denABcfw Cleartext-Password:="pippo", itfgrant=="ok"<br> Fall-Through:="yes"<br>
<br># this one has access to all the firewall and nothing else<br>denf Cleartext-Password:="pippo", itfgrant=="ok"<br> Fall-Through:="yes"<br><br># this user has access only to the customers B and C<br>
denBC Cleartext-Password:="pippo", itfgrant=="ok"<br> Fall-Through:="yes"<br><br># this one can access only to the customer A<br>maxA Cleartext-Password:="pippo", itfgrant=="ok"<br>
Fall-Through:="yes"<br><br><br><br>Here's the output of freeradius -X with some tests<br><br><br>FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 17 2010 at 04:06:04<br>Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. <br>
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <br>PARTICULAR PURPOSE. <br>You may redistribute copies of FreeRADIUS under the terms of the <br>GNU General Public License v2. <br>Starting - reading configuration files ...<br>
including configuration file /etc/freeradius/radiusd.conf<br>including configuration file /etc/freeradius/proxy.conf<br>including configuration file /etc/freeradius/clients.conf<br>including files in directory /etc/freeradius/modules/<br>
including configuration file /etc/freeradius/modules/digest<br>including configuration file /etc/freeradius/modules/echo<br>including configuration file /etc/freeradius/modules/krb5<br>including configuration file /etc/freeradius/modules/always<br>
including configuration file /etc/freeradius/modules/linelog<br>including configuration file /etc/freeradius/modules/chap<br>including configuration file /etc/freeradius/modules/otp<br>including configuration file /etc/freeradius/modules/checkval<br>
including configuration file /etc/freeradius/modules/perl<br>including configuration file /etc/freeradius/modules/passwd<br>including configuration file /etc/freeradius/modules/detail.log<br>including configuration file /etc/freeradius/modules/realm<br>
including configuration file /etc/freeradius/modules/policy<br>including configuration file /etc/freeradius/modules/<a href="http://detail.example.com">detail.example.com</a><br>including configuration file /etc/freeradius/modules/attr_filter<br>
including configuration file /etc/freeradius/modules/sradutmp<br>including configuration file /etc/freeradius/modules/radutmp<br>including configuration file /etc/freeradius/modules/sql_log<br>including configuration file /etc/freeradius/modules/expiration<br>
including configuration file /etc/freeradius/modules/counter<br>including configuration file /etc/freeradius/modules/exec<br>including configuration file /etc/freeradius/modules/etc_group<br>including configuration file /etc/freeradius/modules/cui<br>
including configuration file /etc/freeradius/modules/detail<br>including configuration file /etc/freeradius/modules/attr_rewrite<br>including configuration file /etc/freeradius/modules/ippool<br>including configuration file /etc/freeradius/modules/smbpasswd<br>
including configuration file /etc/freeradius/modules/mac2vlan<br>including configuration file /etc/freeradius/modules/expr<br>including configuration file /etc/freeradius/modules/acct_unique<br>including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login<br>
including configuration file /etc/freeradius/modules/wimax<br>including configuration file /etc/freeradius/modules/dynamic_clients<br>including configuration file /etc/freeradius/modules/preprocess<br>including configuration file /etc/freeradius/modules/inner-eap<br>
including configuration file /etc/freeradius/modules/pap<br>including configuration file /etc/freeradius/modules/logintime<br>including configuration file /etc/freeradius/modules/smsotp<br>including configuration file /etc/freeradius/modules/ntlm_auth<br>
including configuration file /etc/freeradius/modules/unix<br>including configuration file /etc/freeradius/modules/ldap<br>including configuration file /etc/freeradius/modules/files<br>including configuration file /etc/freeradius/modules/opendirectory<br>
including configuration file /etc/freeradius/modules/mac2ip<br>including configuration file /etc/freeradius/modules/mschap<br>including configuration file /etc/freeradius/modules/pam<br>including configuration file /etc/freeradius/eap.conf<br>
including configuration file /etc/freeradius/policy.conf<br>including files in directory /etc/freeradius/sites-enabled/<br>including configuration file /etc/freeradius/sites-enabled/inner-tunnel<br>including configuration file /etc/freeradius/sites-enabled/default<br>
main {<br> user = "freerad"<br> group = "freerad"<br> allow_core_dumps = no<br>}<br>including dictionary file /etc/freeradius/dictionary<br>main {<br> prefix = "/usr"<br> localstatedir = "/var"<br>
logdir = "/var/log/freeradius"<br> libdir = "/usr/lib/freeradius"<br> radacctdir = "/var/log/freeradius/radacct"<br> hostname_lookups = no<br> max_request_time = 30<br> cleanup_delay = 0<br>
max_requests = 1024<br> pidfile = "/var/run/freeradius/freeradius.pid"<br> checkrad = "/usr/sbin/checkrad"<br> debug_level = 0<br> proxy_requests = no<br> log {<br> stripped_names = yes<br>
auth = yes<br> auth_badpass = yes<br> auth_goodpass = yes<br> }<br> security {<br> max_attributes = 200<br> reject_delay = 1<br> status_server = yes<br> }<br>}<br>radiusd: #### Loading Realms and Home Servers ####<br>
proxy server {<br> retry_delay = 5<br> retry_count = 3<br> default_fallback = no<br> dead_time = 120<br> wake_all_if_all_dead = no<br> }<br> home_server localhost {<br> ipaddr = 127.0.0.1<br> port = 1812<br>
type = "auth"<br> secret = "testing123"<br> response_window = 20<br> max_outstanding = 65536<br> require_message_authenticator = yes<br> zombie_period = 40<br> status_check = "status-server"<br>
ping_interval = 30<br> check_interval = 30<br> num_answers_to_alive = 3<br> num_pings_to_alive = 3<br> revive_interval = 120<br> status_check_timeout = 4<br> irt = 2<br> mrt = 16<br> mrc = 5<br>
mrd = 30<br> }<br> home_server_pool my_auth_failover {<br> type = fail-over<br> home_server = localhost<br> }<br> realm <a href="http://example.com">example.com</a> {<br> auth_pool = my_auth_failover<br> }<br>
realm LOCAL {<br> }<br>radiusd: #### Loading Clients ####<br> client itfor {<br> ipaddr = 10.10.10.225<br> netmask = 32<br> require_message_authenticator = no<br> secret = "s3cr3t"<br> nastype = "other"<br>
}<br> client itf_test {<br> ipaddr = 10.10.0.0<br> netmask = 16<br> require_message_authenticator = no<br> secret = "s3cr3t"<br> nastype = "other"<br> }<br> client localhost {<br> ipaddr = 127.0.0.1<br>
require_message_authenticator = no<br> secret = "testing123"<br> nastype = "other"<br> }<br>radiusd: #### Instantiating modules ####<br> instantiate {<br> Module: Linked to module rlm_exec<br>
Module: Instantiating module "exec" from file /etc/freeradius/modules/exec<br> exec {<br> wait = no<br> input_pairs = "request"<br> shell_escape = yes<br> }<br> Module: Linked to module rlm_expr<br>
Module: Instantiating module "expr" from file /etc/freeradius/modules/expr<br> Module: Linked to module rlm_expiration<br> Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration<br>
expiration {<br> reply-message = "Password Has Expired "<br> }<br> Module: Linked to module rlm_logintime<br> Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime<br>
logintime {<br> reply-message = "You are calling outside your allowed timespan "<br> minimum-timeout = 60<br> }<br> Module: Linked to module rlm_linelog<br> Module: Instantiating module "linelog" from file /etc/freeradius/modules/linelog<br>
linelog {<br> filename = "/var/log/freeradius/linelog"<br> format = "This is a log message for %{User-Name}"<br> reference = "%{%{Packet-Type}:-format}"<br> }<br> }<br>radiusd: #### Loading Virtual Servers ####<br>
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel<br> modules {<br> Module: Checking authenticate {...} for more modules to load<br> Module: Linked to module rlm_pap<br> Module: Instantiating module "pap" from file /etc/freeradius/modules/pap<br>
pap {<br> encryption_scheme = "auto"<br> auto_header = no<br> }<br> Module: Linked to module rlm_chap<br> Module: Instantiating module "chap" from file /etc/freeradius/modules/chap<br> Module: Linked to module rlm_mschap<br>
Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap<br> mschap {<br> use_mppe = yes<br> require_encryption = no<br> require_strong = no<br> with_ntdomain_hack = no<br> }<br>
Module: Linked to module rlm_unix<br> Module: Instantiating module "unix" from file /etc/freeradius/modules/unix<br> unix {<br> radwtmp = "/var/log/freeradius/radwtmp"<br> }<br> Module: Linked to module rlm_eap<br>
Module: Instantiating module "eap" from file /etc/freeradius/eap.conf<br> eap {<br> default_eap_type = "md5"<br> timer_expire = 60<br> ignore_unknown_eap_types = no<br> cisco_accounting_username_bug = no<br>
max_sessions = 4096<br> }<br> Module: Linked to sub-module rlm_eap_md5<br> Module: Instantiating eap-md5<br> Module: Linked to sub-module rlm_eap_leap<br> Module: Instantiating eap-leap<br> Module: Linked to sub-module rlm_eap_gtc<br>
Module: Instantiating eap-gtc<br> gtc {<br> challenge = "Password: "<br> auth_type = "PAP"<br> }<br> Module: Linked to sub-module rlm_eap_tls<br> Module: Instantiating eap-tls<br> tls {<br>
rsa_key_exchange = no<br> dh_key_exchange = yes<br> rsa_key_length = 512<br> dh_key_length = 512<br> verify_depth = 0<br> CA_path = "/etc/freeradius/certs"<br> pem_file_type = yes<br> private_key_file = "/etc/freeradius/certs/server.key"<br>
certificate_file = "/etc/freeradius/certs/server.pem"<br> CA_file = "/etc/freeradius/certs/ca.pem"<br> private_key_password = "whatever"<br> dh_file = "/etc/freeradius/certs/dh"<br>
random_file = "/dev/urandom"<br> fragment_size = 1024<br> include_length = yes<br> check_crl = no<br> cipher_list = "DEFAULT"<br> make_cert_command = "/etc/freeradius/certs/bootstrap"<br>
cache {<br> enable = no<br> lifetime = 24<br> max_entries = 255<br> }<br> verify {<br> }<br> }<br> Module: Linked to sub-module rlm_eap_ttls<br> Module: Instantiating eap-ttls<br> ttls {<br> default_eap_type = "md5"<br>
copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> virtual_server = "inner-tunnel"<br> include_length = yes<br> }<br> Module: Linked to sub-module rlm_eap_peap<br> Module: Instantiating eap-peap<br>
peap {<br> default_eap_type = "mschapv2"<br> copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> proxy_tunneled_request_as_eap = yes<br> virtual_server = "inner-tunnel"<br> }<br>
Module: Linked to sub-module rlm_eap_mschapv2<br> Module: Instantiating eap-mschapv2<br> mschapv2 {<br> with_ntdomain_hack = no<br> }<br> Module: Checking authorize {...} for more modules to load<br> Module: Linked to module rlm_realm<br>
Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm<br> realm suffix {<br> format = "suffix"<br> delimiter = "@"<br> ignore_default = no<br> ignore_null = no<br>
}<br> Module: Linked to module rlm_files<br> Module: Instantiating module "files" from file /etc/freeradius/modules/files<br> files {<br> usersfile = "/etc/freeradius/users"<br> acctusersfile = "/etc/freeradius/acct_users"<br>
preproxy_usersfile = "/etc/freeradius/preproxy_users"<br> compat = "no"<br> }<br> Module: Checking session {...} for more modules to load<br> Module: Linked to module rlm_radutmp<br> Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp<br>
radutmp {<br> filename = "/var/log/freeradius/radutmp"<br> username = "%{User-Name}"<br> case_sensitive = yes<br> check_with_nas = yes<br> perm = 384<br> callerid = yes<br> }<br> Module: Checking post-proxy {...} for more modules to load<br>
Module: Checking post-auth {...} for more modules to load<br> Module: Linked to module rlm_attr_filter<br> Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter<br>
attr_filter attr_filter.access_reject {<br> attrsfile = "/etc/freeradius/attrs.access_reject"<br> key = "%{User-Name}"<br> }<br> } # modules<br>} # server<br>server { # from file /etc/freeradius/radiusd.conf<br>
modules {<br> Module: Checking authenticate {...} for more modules to load<br> Module: Linked to module rlm_digest<br> Module: Instantiating module "digest" from file /etc/freeradius/modules/digest<br> Module: Checking authorize {...} for more modules to load<br>
Module: Linked to module rlm_preprocess<br> Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess<br> preprocess {<br> huntgroups = "/etc/freeradius/huntgroups"<br>
hints = "/etc/freeradius/hints"<br> with_ascend_hack = no<br> ascend_channels_per_line = 23<br> with_ntdomain_hack = no<br> with_specialix_jetstream_hack = no<br> with_cisco_vsa_hack = no<br> with_alvarion_vsa_hack = no<br>
}<br> Module: Linked to module rlm_detail<br> Module: Instantiating module "auth_log" from file /etc/freeradius/modules/detail.log<br> detail auth_log {<br> detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"<br>
header = "%t"<br> detailperm = 384<br> dirperm = 493<br> locking = no<br> log_packet_header = no<br> }<br> Module: Linked to module rlm_checkval<br> Module: Instantiating module "checkval" from file /etc/freeradius/modules/checkval<br>
checkval {<br> item-name = "Calling-Station-Id"<br> check-name = "Calling-Station-Id"<br> data-type = "string"<br> notfound-reject = no<br> }<br>rlm_checkval: Registered name Calling-Station-Id for attribute 31<br>
Module: Checking preacct {...} for more modules to load<br> Module: Linked to module rlm_acct_unique<br> Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique<br> acct_unique {<br>
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<br> }<br> Module: Checking accounting {...} for more modules to load<br> Module: Instantiating module "detail" from file /etc/freeradius/modules/detail<br>
detail {<br> detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"<br> header = "%t"<br> detailperm = 384<br> dirperm = 493<br> locking = no<br> log_packet_header = no<br>
}<br> Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter<br> attr_filter attr_filter.accounting_response {<br> attrsfile = "/etc/freeradius/attrs.accounting_response"<br>
key = "%{User-Name}"<br> }<br> Module: Checking session {...} for more modules to load<br> Module: Checking post-auth {...} for more modules to load<br> } # modules<br>} # server<br>radiusd: #### Opening IP addresses and Ports ####<br>
listen {<br> type = "auth"<br> ipaddr = 10.10.8.70<br> port = 0<br>}<br>listen {<br> type = "auth"<br> ipaddr = 127.0.0.1<br> port = 18120<br>}<br>Listening on authentication address 10.10.8.70 port 1812<br>
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel<br>Ready to process requests.<br> NOW I REQUEST maxA HAVING ACCESS TO A MACHIN OF CUSTOMER A (ALLOWED)<br>rad_recv: Access-Request packet from host 10.10.10.232 port 51990, id=183, length=62<br>
User-Name = "maxA"<br> User-Password = "pippo"<br> NAS-IP-Address = 10.10.8.2<br> NAS-Port = 1<br> Framed-Protocol = PPP<br># Executing section authorize from file /etc/freeradius/sites-enabled/default<br>
+- entering group authorize {...}<br>[preprocess] hints: Matched DEFAULT at 56<br>[preprocess] expand: %{NAS-IP-Address} -> 10.10.8.2<br>[preprocess] hints: Matched DEFAULT at 62<br>[preprocess] expand: %{NAS-IP-Address} -> 10.10.8.2<br>
[preprocess] expand: %{NAS-IP-Address} -> 10.10.8.2<br>[preprocess] hints: Matched DEFAULT at 86<br>[preprocess] expand: %{itfclient} -> clienteA<br>[preprocess] hints: Matched DEFAULT at 128<br>++[preprocess] returns ok<br>
[auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/<a href="http://10.10.10.232/auth-detail-20110613">10.10.10.232/auth-detail-20110613</a><br>[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/<a href="http://10.10.10.232/auth-detail-20110613">10.10.10.232/auth-detail-20110613</a><br>
[auth_log] expand: %t -> Mon Jun 13 15:12:08 2011<br>++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[digest] returns noop<br>[files] users: Matched entry maxA at line 70<br>[files] users: Matched entry DEFAULT at line 73<br>
++[files] returns ok<br>rlm_checkval: Could not find item named Calling-Station-Id in request<br>rlm_checkval: Could not find attribute named Calling-Station-Id in check pairs<br>++[checkval] returns notfound<br>WARNING: Please update your configuration, and remove 'Auth-Type = Local'<br>
WARNING: Use the PAP or CHAP modules instead.<br>User-Password in the request is correct.<br>Login OK: [maxA/pippo] (from client itf_test port 1)<br># Executing section post-auth from file /etc/freeradius/sites-enabled/default<br>
+- entering group post-auth {...}<br>++[exec] returns noop<br>Sending Access-Accept of id 183 to 10.10.10.232 port 51990<br>Finished request 0.<br>Going to the next request<br>Cleaning up request 0 ID 183 with timestamp +137<br>
Ready to process requests.<br> NOW I REQUEST maxA TO HAVE ACCESS TO A CUSTOMER B MACHINE (NOT ALLOWED)<br>rad_recv: Access-Request packet from host 10.10.10.232 port 41485, id=116, length=62<br> User-Name = "maxA"<br>
User-Password = "pippo"<br> NAS-IP-Address = 10.10.9.2<br> NAS-Port = 1<br> Framed-Protocol = PPP<br># Executing section authorize from file /etc/freeradius/sites-enabled/default<br>+- entering group authorize {...}<br>
[preprocess] hints: Matched DEFAULT at 56<br>[preprocess] expand: %{NAS-IP-Address} -> 10.10.9.2<br>[preprocess] expand: %{NAS-IP-Address} -> 10.10.9.2<br>[preprocess] hints: Matched DEFAULT at 66<br>[preprocess] expand: %{NAS-IP-Address} -> 10.10.9.2<br>
[preprocess] hints: Matched DEFAULT at 89<br>[preprocess] hints: Matched DEFAULT at 128<br>++[preprocess] returns ok<br>[auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/<a href="http://10.10.10.232/auth-detail-20110613">10.10.10.232/auth-detail-20110613</a><br>
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/<a href="http://10.10.10.232/auth-detail-20110613">10.10.10.232/auth-detail-20110613</a><br>[auth_log] expand: %t -> Mon Jun 13 15:13:20 2011<br>
++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[digest] returns noop<br>[files] users: Matched entry maxA at line 70<br>[files] users: Matched entry DEFAULT at line 73<br>++[files] returns ok<br>
rlm_checkval: Could not find item named Calling-Station-Id in request<br>rlm_checkval: Could not find attribute named Calling-Station-Id in check pairs<br>++[checkval] returns notfound<br>WARNING: Please update your configuration, and remove 'Auth-Type = Local'<br>
WARNING: Use the PAP or CHAP modules instead.<br>User-Password in the request is correct.<br>Login OK: [maxA/pippo] (from client itf_test port 1)<br># Executing section post-auth from file /etc/freeradius/sites-enabled/default<br>
+- entering group post-auth {...}<br>++[exec] returns noop<br>Sending Access-Accept of id 116 to 10.10.10.232 port 41485<br>Finished request 1.<br>Going to the next request<br>Cleaning up request 1 ID 116 with timestamp +209<br>
Ready to process requests.<br><br><br><br><br>Thanks for the attention and forgive my not-so-good english,<br>Denis<br clear="all"><br>-- <br> \ __ __ _ *<br> _\ \__\ \ \ _\ \/ <br> \_\ \__ \ \ \__ \\ <br>-------------------------><br>
<br>Registered Linux User # 372295<br><br>-----BEGIN GEEK CODE BLOCK-----<br>Version: 3.1<br><br><br>GCS/CM d--- s:+: a-- C+++ UL+++S E--- W+(-) N o+ w--- O? M-- PS+ PE Y+ PGP t+(++) 5? X- R* tv-- b+ DI+ D++++ G+ e h! r++ y* <br>
------END GEEK CODE BLOCK------<br>