FS trying to authenticate accounting data

Jim L. jdl at imaginenet.net
Fri May 2 16:50:10 CEST 2008 

Hello group.

I am running FreeRADIUS 2.0.4 and I am attempting to setup a configuration 
based on the "robust-proxy-accounting" site example. In short, I could not 
get it to work. To attempt to debug the problem, I pared down the 
configuration so the only part that was active was the part that it supposed 
to send the accounting data to a detail file. However, even that small piece 
does not work. The errors I am getting in the debug logs are

auth: No authenticate method (Auth-Type) configuration found for the 
request: Rejecting the user
auth: Failed to validate the user.

However, the configuration to log the data the detail file is only setup for 
accounting, not authentication. This leaves me confused as to why FS is 
attempting to do authentication. The relevant parts of the configuration 
that are active during the test and the debug log is listed below. Any 
assistance would be appreciated.

Thank you,

Jim Lohiser


---------- radiusd.conf
# Single detail file for accounting failover.
detail detail.imaginenet {
        detailfile = "${radacctdir}/imaginenet/detail-%Y%m%d"
}

---------- <site file>
# Dummy server to spool accounting data.
home_server ImagineNet_Detail {
       # Added 'type' value to attempt to force accounting only.
       # Does not fix problem.
       type = acct
       virtual_server = ImagineNet_Detail
}
server ImagineNet_Detail {
       accounting {
               detail.imaginenet
       }
}
home_server_pool ImagineNet_Acct {
        type = load-balance
        home_server = ImagineNet_Detail
        # Turned this off during to debug. Does not fix problem.
        #virtual_server = ImagineNet
}
realm imaginenet.net {
        auth_pool = ImagineNet_Auth
        acct_pool = ImagineNet_Acct
        nostrip
}


########## Full Debug
rad_recv: Accounting-Request packet from host 192.168.0.10 port 51144, 
id=81, length=57
        User-Name = "jlohiser at imaginenet.net"
        Acct-Status-Type = Start
        Acct-Session-Id = "9584"
+- entering group preacct
        expand: %{User-Name} -> jlohiser at imaginenet.net
        expand: %{User-Name} -> jlohiser at imaginenet.net
        expand: %{User-Name} -> jlohiser at imaginenet.net
++[preprocess] returns ok
rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request, 
unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.0.10,NAS-IP-Address = 
192.168.0.10,Acct-Session-Id = "9584",User-Name = "jlohiser at imaginenet.net"'
rlm_acct_unique: Acct-Unique-Session-ID = "dc24a5ecb36b1652".
++[acct_unique] returns ok
    rlm_realm: Looking up realm "imaginenet.net" for User-Name = 
"jlohiser at imaginenet.net"
    rlm_realm: Found realm "imaginenet.net"
    rlm_realm: Adding Realm = "imaginenet.net"
    rlm_realm: Proxying request from user jlohiser to realm imaginenet.net
    rlm_realm: Preparing to proxy accounting request to realm 
"imaginenet.net"
++[suffix] returns updated
++[files] returns noop
+- entering group accounting
        expand: 
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> 
/var/log/radius/radacct/192.168.0.10/detail-20080502
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d 
expands to /var/log/radius/radacct/192.168.0.10/detail-20080502
        expand: %t -> Fri May  2 02:33:03 2008
++[detail] returns ok
        expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
        expand: %{User-Name} -> jlohiser at imaginenet.net
  rlm_radutmp: No NAS-Port seen.  Cannot do anything.
  rlm_radumtp: WARNING: checkrad will probably not work!
++[radutmp] returns noop
        expand: %{User-Name} -> jlohiser at imaginenet.net
 attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
+- entering group pre-proxy
    preproxy_users: Matched entry DEFAULT at line 35
        expand: %{Client-IP-Address} -> 192.168.0.10
++[files] returns ok
>>> Sending proxied request internally to virtual server.
server ImagineNet_Detail {
auth: No authenticate method (Auth-Type) configuration found for the 
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [jlohiser at imaginenet.net/<no User-Password attribute>] 
(from client fw1.cle1.oh.imaginenet.net port 0 via TLS tunnel)
} # server ImagineNet_Detail
Going to the next request
<<< Received proxied response from internal virtual server.
Login incorrect (Home Server says so): [jlohiser at imaginenet.net/<no 
User-Password attribute>] (from client fw1.cle1.oh.imaginenet.net port 0)
Sending Access-Reject of id 81 to 192.168.0.10 port 51144
Finished request 0.
Cleaning up request 0 ID 81 with timestamp +22

More information about the Freeradius-Users mailing list