Ready to process requests (0) Received Access-Request Id 49 from 127.0.0.1:52226 to 127.0.0.1:1812 length 102 (0) User-Name = "test@dsl.dido.ca" (0) User-Password = "testing123testing" (0) NAS-IP-Address = 23.144.128.31 (0) NAS-Port = 0 (0) Message-Authenticator = 0xde13937558571e30f92b0e3e1c2b35d6 (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/de fault (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: Looking up realm "dsl.dido.ca" for User-Name = "test@dsl.dido.ca" (0) suffix: No such realm "dsl.dido.ca" (0) [suffix] = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop (0) sql: EXPAND %{User-Name} (0) sql: --> test@dsl.dido.ca (0) sql: SQL-User-Name set to 'test@dsl.dido.ca' rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 257 second s rlm_sql (sql): Closing connection (2): Hit idle_timeout, was idle for 257 second s rlm_sql (sql): Closing connection (3): Hit idle_timeout, was idle for 257 second s rlm_sql (sql): Closing connection (4): Hit idle_timeout, was idle for 257 second s rlm_sql (sql): You probably need to lower "min" rlm_sql (sql): Closing connection (0): Hit idle_timeout, was idle for 257 second s rlm_sql (sql): You probably need to lower "min" rlm_sql (sql): Closing connection (5): Hit idle_timeout, was idle for 257 second s rlm_sql (sql): You probably need to lower "min" rlm_sql (sql): 0 of 0 connections in use. You may need to increase "spare" rlm_sql (sql): Opening additional connection (6), 1 of 32 pending slots used rlm_sql (sql): Reserved connection (6) (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE us ername = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE us ername = 'test@dsl.dido.ca' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test@dsl.dido.ca' ORDER BY id (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User- Name}' ORDER BY priority (0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'test@dsl.di do.ca' ORDER BY priority (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE userna me = 'test@dsl.dido.ca' ORDER BY priority (0) sql: User not found in any groups rlm_sql (sql): Released connection (6) Need 2 more connections to reach min connections (3) rlm_sql (sql): Opening additional connection (7), 1 of 31 pending slots used (0) [sql] = notfound (0) [expiration] = noop (0) [logintime] = noop (0) pap: WARNING: No "known good" password found for the user. Not setting Auth -Type (0) pap: WARNING: Authentication will fail unless a "known good" password is ava ilable (0) [pap] = noop (0) } # authorize = ok (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (0) Failed to authenticate the user (0) Using Post-Auth-Type Reject (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Post-Auth-Type REJECT { (0) sql: EXPAND .query (0) sql: --> .query (0) sql: Using query template 'query' rlm_sql (sql): Reserved connection (6) (0) sql: EXPAND %{User-Name} (0) sql: --> test@dsl.dido.ca (0) sql: SQL-User-Name set to 'test@dsl.dido.ca' (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet- Type}', '%S') (0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test@dsl.dido.ca', 'testing123testing', 'Access-Reject', '2019-08-24 14:41:2 1') (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authda te) VALUES ( 'test@dsl.dido.ca', 'testing123testing', 'Access-Reject', '2019-08- 24 14:41:21') (0) sql: SQL query returned: success (0) sql: 1 record(s) updated rlm_sql (sql): Released connection (6) (0) [sql] = ok (0) attr_filter.access_reject: EXPAND %{User-Name} (0) attr_filter.access_reject: --> test@dsl.dido.ca (0) attr_filter.access_reject: Matched entry DEFAULT at line 11 (0) [attr_filter.access_reject] = updated (0) [eap] = noop (0) policy remove_reply_message_if_eap { (0) if (&reply:EAP-Message && &reply:Reply-Message) { (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (0) else { (0) [noop] = noop (0) } # else = noop (0) } # policy remove_reply_message_if_eap = noop (0) } # Post-Auth-Type REJECT = updated (0) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [test@dsl.dido.ca/testing123testing] (from client localhost port 0) (0) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed response (0) Sent Access-Reject Id 49 from 127.0.0.1:1812 to 127.0.0.1:52226 length 20 Waking up in 3.9 seconds. (0) Cleaning up request packet ID 49 with timestamp +257 Ready to process requests -----Original Message----- From: Matthew Newton <mcn@freeradius.org> Sent: Saturday, August 24, 2019 10:51 AM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>; gilbertrebeiro@gmail.com; 'FreeRadius users mailing list' <freeradius-users@lists.freeradius.org> Subject: RE: Auth: (24) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): On 24 August 2019 15:43:24 BST, gilbertrebeiro@gmail.com wrote:
Just so I don’t post anything stupid. What in the output needs to be masked? IP addresses secrets etc?
FreeRADIUS hides configured secrets in the output already. The more you chop out, the more irritating it is for people trying to help you as they have to keep asking for more information or are left guessing. Level of irritation is inversely proportional to the amount of help you're likely to get... -- Matthew