user not found in freeradius "users" file

Bertrand Poulet bertrand.poulet at pasteur-lille.fr
Wed Mar 22 18:26:05 CET 2006


hello all ,

i've got a vpn server which make authentication to a freeradius server.
the user "someone" is authenticated (file users of freeradius) when 
tested locally via radtest, but not when the request comes from nas box

in first case , the user is found in file users of freeradius at line 227 ,
and in the second case the same user isn't found in file.
instead, the user is searched in system (/etc/passwd).

why the user isn't found in file users of freeradius ?
thanks .




root at gringo raddb]# radtest someone thepass localhost 0 secret
Sending Access-Request of id 161 to 127.0.0.1 port 1812
        User-Name = "someone"
        User-Password = "thepass"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
rad_recv: Access-Request packet from host 127.0.0.1:35045, id=161, length=59
        User-Name = "someone"
        User-Password = "thepass"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0




  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "someone", looking up realm NULL
    rlm_realm: No such realm "NULL"
 
 modcall[authorize]: module "suffix" returns noop for request 1
    users: Matched entry DEFAULT at line 152
    users: Matched entry someone at line 227


  modcall[authorize]: module "files" returns ok for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
modcall: leaving group authorize (returns ok) for request 1

  rad_check_password:  Found *Auth-Type Local*
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [someone/thepass] (from client localhost port 0)



Sending Access-Accept of id 161 to 127.0.0.1 port 35045
======================================================
root at gringo raddb]#
rad_recv: Access-Request packet from host 192.168.10.1:1025, id=181, 
length=156
        User-Name = "someone"
        User-Password = "thepass"
        NAS-Port = 546
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Called-Station-Id = "191.254.137._"
        Calling-Station-Id = "66.147.66.24_"
        Tunnel-Client-Endpoint:0 = "66.147.66.24_"
        NAS-IP-Address = 192.168.10.1
        NAS-Port-Type = Virtual
        Cisco-AVPair = "ip:source-ip=66.147.66.24_"
 

 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "someone", looking up realm NULL
    rlm_realm: No such realm "NULL"

  modcall[authorize]: module "suffix" returns noop for request 2
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
    users: Matched entry DEFAULT at line 183

  modcall[authorize]: module "files" returns ok for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
modcall: leaving group authorize (returns ok) for request 2

  rad_check_password:  Found *Auth-Type System*
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  modcall[authenticate]: module "unix" returns notfound for request 2
modcall: leaving group authenticate (returns notfound) for request 2
auth: *Failed *to validate the user.




More information about the Freeradius-Users mailing list