RE: Hopefully quick question: conditional processing sneaking in and setting Auth-Type
So.... Still not sure what file is tweaking this. I ended up copying the entire /raddb dir from ServerB to ServerA to get the same exact behavior. Prior to that I tried. Replicating (copying the file via ftp): radiusd.conf, users, default, inner-tunnel, radiusd, ... maybe more. I also manually diff'd: chap, mschap, pap, hints, huntgroups, ...maybe more.... Is there additional radiusd args I can use to see what module/file/etc is executing the conditional processing? ... [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop # Begin output of goofy processing ++? if (!control:Auth-Type) ? Evaluating !(control:Auth-Type) -> FALSE ++? if (!control:Auth-Type) -> FALSE # End output of goofy processing Found Auth-Type = MSCHAP +- entering group MS-CHAP {...} ... I'll be more than happy to sanitize numerous pages of radiusd -X output from both servers, but I captured and diff'd those and accounted for all diffs from the startup process. As noted, I also replicated the most common conf files that I probably tweaked. Weird... Thanks! Gary -----Original Message----- From: Gary Gatten Sent: Saturday, March 05, 2011 9:17 AM To: 'freeradius-users@lists.freeradius.org' Subject: Re: Hopefully quick question: conditional processing sneaking in and setting Auth-Type Yeah, when I wrote the email I figured I'd get at least one reply like that. I was hoping the position/sequence of the event would be enough to point me in he right direction. I'll capture the startups and auth requests / replies from both servers. In the mean time I'm thinking the mschap module on the failing server isn't quite right. Both have changes that are commented out, but who knows, maybe I missed something. I think it (failing) might be a slightly older version than the other as well. ----- Original Message ----- From: Alan DeKok [mailto:aland@deployingradius.com] Sent: Saturday, March 05, 2011 12:38 AM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: Hopefully quick question: conditional processing sneaking in and setting Auth-Type Gary Gatten wrote:
I can't find where this conditional processing is happing. I have two FR servers with "nearly" the same config. Auth works on one, but not the other:
Posting 2-3 lines of debug output doesn't help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
Hi,
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop
# Begin output of goofy processing
++? if (!control:Auth-Type) ? Evaluating !(control:Auth-Type) -> FALSE ++? if (!control:Auth-Type) -> FALSE
cd /etc/raddb (if thats where your RADDB is..) grep -R -i "control:Auth-Type" * alan
Good idea, but no help. It only returned "default", which is one of the first files I checked, double-checked, replicated, etc. I'm wondering if I zip my raddb dir if you (or someone) would be willing to test it on your system and see if you get similar results? It's not a huge deal anymore 'cause I have both systems working exactly the same now; but it IS bothering me - like a puzzle I can't solve... If not no worries. Thanks for the help so far. I'll keep at it until I resolve it or .... not! Gary -----Original Message----- From: freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.org] On Behalf Of Alan Buxey Sent: Tuesday, March 08, 2011 3:21 AM To: FreeRadius users mailing list Subject: Re: Hopefully quick question: conditional processing sneaking in and setting Auth-Type Hi,
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop
# Begin output of goofy processing
++? if (!control:Auth-Type) ? Evaluating !(control:Auth-Type) -> FALSE ++? if (!control:Auth-Type) -> FALSE
cd /etc/raddb (if thats where your RADDB is..) grep -R -i "control:Auth-Type" * alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
Hi,
Good idea, but no help. It only returned "default", which is one of the first files I checked, double-checked, replicated, etc.
if it says default, then that code is in 'default' - look in that file to find where it is
Thanks for the help so far. I'll keep at it until I resolve it or .... not!
you can ZIP up the RADDB for me to play/look if you want.... but i think i'll only come up with the same answer... alan
participants (2)
-
Alan Buxey -
Gary Gatten