user not found in freeradius "users" file
Bertrand Poulet
bertrand.poulet at pasteur-lille.fr
Wed Mar 22 18:26:05 CET 2006
hello all ,
i've got a vpn server which make authentication to a freeradius server.
the user "someone" is authenticated (file users of freeradius) when
tested locally via radtest, but not when the request comes from nas box
in first case , the user is found in file users of freeradius at line 227 ,
and in the second case the same user isn't found in file.
instead, the user is searched in system (/etc/passwd).
why the user isn't found in file users of freeradius ?
thanks .
root at gringo raddb]# radtest someone thepass localhost 0 secret
Sending Access-Request of id 161 to 127.0.0.1 port 1812
User-Name = "someone"
User-Password = "thepass"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Request packet from host 127.0.0.1:35045, id=161, length=59
User-Name = "someone"
User-Password = "thepass"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
rlm_realm: No '@' in User-Name = "someone", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
users: Matched entry DEFAULT at line 152
users: Matched entry someone at line 227
modcall[authorize]: module "files" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
modcall: leaving group authorize (returns ok) for request 1
rad_check_password: Found *Auth-Type Local*
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [someone/thepass] (from client localhost port 0)
Sending Access-Accept of id 161 to 127.0.0.1 port 35045
======================================================
root at gringo raddb]#
rad_recv: Access-Request packet from host 192.168.10.1:1025, id=181,
length=156
User-Name = "someone"
User-Password = "thepass"
NAS-Port = 546
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "191.254.137._"
Calling-Station-Id = "66.147.66.24_"
Tunnel-Client-Endpoint:0 = "66.147.66.24_"
NAS-IP-Address = 192.168.10.1
NAS-Port-Type = Virtual
Cisco-AVPair = "ip:source-ip=66.147.66.24_"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 2
rlm_realm: No '@' in User-Name = "someone", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
users: Matched entry DEFAULT at line 183
modcall[authorize]: module "files" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
modcall: leaving group authorize (returns ok) for request 2
rad_check_password: Found *Auth-Type System*
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
modcall[authenticate]: module "unix" returns notfound for request 2
modcall: leaving group authenticate (returns notfound) for request 2
auth: *Failed *to validate the user.
More information about the Freeradius-Users
mailing list