realms and local user file processing question
Michael Hare
michael.hare at doit.wisc.edu
Fri Dec 15 21:01:13 CET 2006
Hello-
Having some problems getting a match on the local users file after a
successful realm proxy.
I would like to have a user be able to log in with different realms and
get different IP addresses.
I have tried all sorts of formats in the users file. I would have
thought that the first was the correct syntax but it didn't work, hence
the trial and error.
mdhare at test
Framed-IP-Address = 146.151.211.254
mdhare Realm == "test"
Framed-IP-Address = 146.151.211.254
"mdhare at test"
Framed-IP-Address = 146.151.211.254
according to
http://wiki.freeradius.org/Proxy#What_Happens
"Then the users file is processed as usual. The username used at this
point is the one after hints file processing (regardless of the "hints"
option). It also includes the realm (regardless of the setting of the
"nostrip" option) unless the realm is LOCAL."
Here is the debug from a login. How do I further troubleshoot why the
local users file is not being matched?
-Michael
------------
rad_recv: Access-Request packet from host 144.92.44.114:2523, id=152,
length=128
User-Name = "mdhare at test"
User-Password = *****
NAS-Port = 1953
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "144.92.44.114"
Calling-Station-Id = "128.104.19.106"
Tunnel-Client-Endpoint:0 = "128.104.19.106"
NAS-IP-Address = 144.92.44.114
NAS-Port-Type = Virtual
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "attr_filter" returns noop for request 0
rlm_realm: Looking up realm "test" for User-Name = "mdhare at test"
rlm_realm: Found realm "DEFAULT"
rlm_realm: Adding Stripped-User-Name = "mdhare"
rlm_realm: Proxying request from user mdhare to realm DEFAULT
rlm_realm: Adding Realm = "DEFAULT"
rlm_realm: Preparing to proxy authentication request to realm "DEFAULT"
modcall[authorize]: module "suffix" returns updated for request 0
modcall[authorize]: module "files" returns notfound for request 0
modcall: leaving group authorize (returns updated) for request 0
Sending Access-Request of id 0 to 144.92.254.243 port 1812
User-Name = "mdhare"
User-Password = *********
NAS-Port = 1953
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "144.92.44.114"
Calling-Station-Id = "128.104.19.106"
Tunnel-Client-Endpoint:0 = "128.104.19.106"
NAS-IP-Address = 144.92.44.114
NAS-Port-Type = Virtual
Proxy-State = 0x313532
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Accept packet from host 144.92.254.243:1812, id=0,
length=31
Service-Type = NAS-Prompt-User
Proxy-State = 0x313532
Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 0
modcall[post-proxy]: module "eap" returns noop for request 0
modcall: leaving group post-proxy (returns noop) for request 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
attr_filter: Matched entry DEFAULT at line 84
modcall[authorize]: module "attr_filter" returns updated for request 0
rlm_realm: Proxy reply, or no User-Name. Ignoring.
modcall[authorize]: module "suffix" returns noop for request 0
---------------------- problem ----------------------------------
modcall[authorize]: module "files" returns notfound for request 0
---------------------- problem ----------------------------------
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type
rad_check_password: Auth-Type = Accept, accepting the user
Sending Access-Accept of id 152 to 144.92.44.114 port 2523
Finished request 0
Going to the next request
Waking up in 6 seconds...
--
=======================W===
Michael Hare
UW-Madison + WiscNet Network Engineering
Desk: 608-262-5236
24 Hr Noc: 608-263-4188
More information about the Freeradius-Users
mailing list