Failed Auth using users file (sometimes)

Mike O'Connor freeradius at pineview.net
Thu Apr 24 04:26:30 CEST 2008 

Hi Guys

I have an account which I want to auth locally on our 2 proxy radius 
machine.

The problem is that sometimes the connection authenticates and other 
times it does not, there are warning in the log's below so I'm sure I 
have something wrong. But I can not work out what I should be doing instead.

Also how would I create a feature which would temporally authenticate 
all users for a realm as allowed ?

The user file entry is

nyp2inter       Realm == 'xxx.com', User-Password == 'xxx', 
Proxy-To-Realm := "LOCAL"
                        Service-Type = Framed-User,
                        Framed-Protocol = PPP,
                        Framed-IP-Address = xxx.xx.216.40,
                        Framed-IP-Netmask = 255.255.255.255,
                        Framed-Route = "xxx.xx.10.128/25 0.0.0.0 1",
                        Framed-MTU = 1492,
                        Framed-Compression = Van-Jacobsen-TCP-IP



Failed Auth:

rad_recv: Access-Request packet from host xxx.xx.208.165:1645, id=155, 
length=106
        Framed-Protocol = PPP
        User-Name = "nyp2inter at xxx.com"
        User-Password = "xxx"
        NAS-Port-Type = Virtual
        NAS-Port = 328
        Calling-Station-Id = "sfy713300200187"
        Service-Type = Framed-User
        NAS-IP-Address = xxx.xx.208.165
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1647
  modcall[authorize]: module "preprocess" returns ok for request 1647
radius_xlat:  '/var/log/radius/radacct/xxx.xx.208.165/auth-detail-20080424'
rlm_detail: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands 
to /var/log/radius/radacct/xxx.xx.208.165/auth
-detail-20080424
  modcall[authorize]: module "auth_log" returns ok for request 1647
  modcall[authorize]: module "attr_filter" returns noop for request 1647
  modcall[authorize]: module "chap" returns noop for request 1647
  modcall[authorize]: module "mschap" returns noop for request 1647
    rlm_realm: Looking up realm "xxx.com" for User-Name = 
"nyp2inter at xxx.com"
    rlm_realm: Found realm "xxx.com"
    rlm_realm: Proxying request from user nyp2inter to realm xxx.com
    rlm_realm: Adding Realm = "xxx.com"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 1647
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1647
  modcall[authorize]: module "files" returns notfound for request 1647
rlm_pap: WARNING! No "known good" password found for the user.  
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 1647
2008-04-24T11:29:37.613507: Verbose: RLM_PYTHON: handling Authorize 
request...
  modcall[authorize]: module "python" returns ok for request 1647
modcall: leaving group authorize (returns ok) for request 1647
auth: No authenticate method (Auth-Type) configuration found for the 
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [nyp2inter at xxx.com/nyp4inter] (from client lns1.ade 
port 328 cli sfy713300200187)
  Found Post-Auth-Type
  Processing the post-auth section of radiusd.conf
modcall: entering group REJECT for request 1647
rlm_sql_log (sql_log): Processing sql_log_postauth
radius_xlat:  'INSERT INTO radpostauth  (user, password, reply, date, 
reply_message) VALUES ('nyp2inter at xxx.com', 'xxx', '
Access-Reject', '2008-04-24 11:29:37', '');'
radius_xlat:  '/var/log/radius/radacct/sql-relay'
  modcall[post-auth]: module "sql_log" returns ok for request 1647
modcall: leaving group REJECT (returns ok) for request 1647
Delaying request 1647 for 1 seconds
Finished request 1647

With no Changes this Connected:

rad_recv: Access-Request packet from host xxx.xx.208.165:1645, id=167, 
length=106
        Framed-Protocol = PPP
        User-Name = "nyp2inter at xxx.com"
        User-Password = "xxx"
        NAS-Port-Type = Virtual
        NAS-Port = 315
        Calling-Station-Id = "sfy713300200187"
        Service-Type = Framed-User
        NAS-IP-Address = xxx.xx.208.165
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1675
  modcall[authorize]: module "preprocess" returns ok for request 1675
radius_xlat:  '/var/log/radius/radacct/xxx.xx208.165/auth-detail-20080424'
rlm_detail: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands 
to /var/log/radius/radacct/xxx.xx208.165/auth
-detail-20080424
  modcall[authorize]: module "auth_log" returns ok for request 1675
  modcall[authorize]: module "attr_filter" returns noop for request 1675
  modcall[authorize]: module "chap" returns noop for request 1675
  modcall[authorize]: module "mschap" returns noop for request 1675
    rlm_realm: Looking up realm "xxx.com" for User-Name = 
"nyp2inter at xxx.com"
    rlm_realm: Found realm "xxx.com"
    rlm_realm: Adding Stripped-User-Name = "nyp2inter"
    rlm_realm: Proxying request from user nyp2inter to realm xxx.com
    rlm_realm: Adding Realm = "xxx.com"
    rlm_realm: Preparing to proxy authentication request to realm "xxx.com"
  modcall[authorize]: module "suffix" returns updated for request 1675
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1675
    users: Matched entry nyp2inter at line 18
  modcall[authorize]: module "files" returns ok for request 1675
  modcall[authorize]: module "pap" returns updated for request 1675
2008-04-24T11:29:48.109597: Verbose: RLM_PYTHON: handling Authorize 
request...
  modcall[authorize]: module "python" returns ok for request 1675
modcall: leaving group authorize (returns updated) for request 1675
  WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!  
Cancelling invalid proxy request.
  rad_check_password:  Found Auth-Type pap
auth: type "PAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group PAP for request 1675
rlm_pap: login attempt with password nyp4inter
rlm_pap: Using clear text password "nyp4inter".
rlm_pap: User authenticated successfully
  modcall[authenticate]: module "pap" returns ok for request 1675
modcall: leaving group PAP (returns ok) for request 1675
Login OK: [nyp2inter at xxx.com] (from client lns1.ade port 315 cli 
sfy713300200187)
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 1675
radius_xlat:  '/var/log/radius/radacct/xxx.xx.208.165/reply-detail-20080424'
rlm_detail: 
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands 
to /var/log/radius/radacct/xxx.xx.208.165/rep
ly-detail-20080424
  modcall[post-auth]: module "reply_log" returns ok for request 1675
modcall: leaving group post-auth (returns ok) for request 1675
 WARNING: Cancelling proxy to Realm LOCAL, as the realm is local.
Sending Access-Accept of id 167 to xxx.xx.208.165 port 1645
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = xxx.xx.216.40
        Framed-IP-Netmask = 255.255.255.255
        Framed-Route = "xxx.xx.10.128/25 0.0.0.0 1"
        Framed-MTU = 1492
        Framed-Compression = Van-Jacobson-TCP-IP
Finished request 1675

More information about the Freeradius-Users mailing list