Freeradius / NAS issue
Andy Billington
billington.andy at googlemail.com
Wed Aug 8 19:24:02 CEST 2007
hi all,
I've searched the list for clues but havent' found a resolution for
the following:
1. On a testing network, with seven identically configured routers,
four connect and three dont. They are all the same make / model.
2. They're all using different usernames and passwords, and the NAS is
reporting that RADIUS is rejecting three of them but the other four
are OK.
3. The box _is_ multihomed; saw the FAQ and i've set bind and port to
the one address I want and also have recompiled with --with-udpfromto
4. I'm seeing fewer errors than I was, but the sites still aren't connecting.
5. When I connect from another site using ntradping to the same
FreeRADIUS all seven usernames / passwords work and I get
Access-Accept.
6. At the not workign sites, the routers (Draytek) report that the
ADSL is in sync, sending an Access-Request, then nine seconds later
they drop the PPP session.
auth-detail reports the Access-Request properly AFAIK.
reply-detail reports the Access-Accept properly.
In the radius.log I get
Wed Aug 8 18:17:35 2007 : Error: rlm_sql (sql) in sql_accounting:
stop packet with zero session length. [user 'Redback', nas 'a.b.c.d']
Wed Aug 8 18:17:36 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:17:36 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:17:36 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:17:36 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:17:41 2007 : Auth: Login OK:
[Site14 at provider.net/<CHAP-Password>] (from client NAS-ocl port
1114112)
Wed Aug 8 18:17:43 2007 : Auth: Login OK:
[Site11 at provider.net/<CHAP-Password>] (from client NAS-ocl port
1114112)
Wed Aug 8 18:17:44 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:17:44 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:17:44 2007 : Error: rlm_sql (sql) in sql_accounting:
stop packet with zero session length. [user 'Redback', nas 'a.b.c.d']
Wed Aug 8 18:17:45 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:17:45 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:17:45 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:17:45 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:17:50 2007 : Auth: Login OK:
[Site14 at provider.net/<CHAP-Password>] (from client NAS-ocl port
1114112)
Wed Aug 8 18:17:50 2007 : Auth: Login incorrect: [Redback/*********]
(from client NAS-ocl port 0)
Wed Aug 8 18:17:50 2007 : Info: rlm_sql (sql): No matching entry in
the database for request from user [redback]
Wed Aug 8 18:17:50 2007 : Auth: Login incorrect: [redback/*********]
(from client NAS-ocl port 0)
Wed Aug 8 18:18:02 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:18:02 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:18:02 2007 : Error: rlm_sql (sql) in sql_accounting:
stop packet with zero session length. [user 'Site11 at provider.net', nas
'a.b.c.d']
Wed Aug 8 18:18:02 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:18:02 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:18:02 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:18:02 2007 : Error: rlm_radutmp: Logout for NAS NAS-ocl
port 1114112, but no Login record
Wed Aug 8 18:18:02 2007 : Error: rlm_sql (sql) in sql_accounting:
stop packet with zero session length. [user 'Site14 at provider.net', nas
'a.b.c.d']
In the detail log I get
Wed Aug 8 17:34:02 2007
User-Name = "REMOVED"
Acct-Status-Type = Stop
Acct-Session-Id = "FF10FFFF584ECD3D-46B9FE2D"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Identifier = "t6-se1"
NAS-Port = 1114112
NAS-Port-Type = Virtual
NAS-Port-Id = "L2TP LNS 5164349"
Medium-Type = DSL
Connect-Info = "155520000/155520000"
Platform-Type = SmartEdge-800
OS-Version = "4.0.5.4p1"
Acct-Authentic = RADIUS
Tunnel-Type:0 = L2TP
Tunnel-Medium-Type:0 = IP
Tunnel-Server-Endpoint:0 = "192.168.XXX.YYY"
Tunnel-Client-Endpoint:0 = "192.168.XXX.ZZZ"
Tunnel-Max-Sessions = 2300
Tunnel-Max-Tunnels = 32767
Tunnel-Function = LNS-Only
Acct-Session-Time = 0
Acct-Terminate-Cause = User-Request
Session-Error-Code = 140
Session-Error-Msg = "Received PPP Terminate Request"
Acct-Input-Packets = 0
Acct-Output-Packets = 0
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Acct-Input-Packets-64 = 0x0000000000000000
Acct-Output-Packets-64 = 0x0000000000000000
Acct-Input-Octets-64 = 0x0000000000000000
Acct-Output-Octets-64 = 0x0000000000000000
Acct-Mcast-In-Packets = 0
Acct-Mcast-Out-Packets = 0
Acct-Mcast-In-Octets = 0
Acct-Mcast-Out-Octets = 0
Acct-Mcast-In-Packets-64 = 0x0000000000000000
Acct-Mcast-Out-Packets-64 = 0x0000000000000000
Acct-Mcast-In-Octets-64 = 0x0000000000000000
Acct-Mcast-Out-Octets-64 = 0x0000000000000000
Event-Timestamp = "Aug 8 2007 18:32:50 BST"
NAS-IP-Address = a.b.c.d
Client-IP-Address = a.b.c.d
Acct-Unique-Session-Id = "f727889885172d56"
Timestamp = 1186590842
I can't see any differences between the usernames that work and those
that dont. FR is using MySQL if that makes a difference. I'm not that
concerned about the redback/***** failures as they are keepalives from
the NAS, which is 3rd party (I have no access).
Thanks in advance for any pointers anyone can give, and very sorry if
my searching of the list missed a solution posted previously!!
Andy
More information about the Freeradius-Users
mailing list