Freeradius not always denying invalid users

Chris Moss cmoss28 at vci.net
Wed Sep 3 16:01:36 CEST 2008 

Here is a debug of when it works:

rad_recv: Access-Request packet from host XXX.XXX.XXX.X:1812, id=113, 
length=100
        User-Name = "username at domain"
        User-Password = "0844"
        NAS-Identifier = "redback"
        Calling-Station-Id = "mdvi11100400714"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Port = 3841982477
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 47
  modcall[authorize]: module "preprocess" returns ok for request 47
  modcall[authorize]: module "chap" returns noop for request 47
  modcall[authorize]: module "mschap" returns noop for request 47
    rlm_realm: Looking up realm "domain" for User-Name = "username at domain"
    rlm_realm: Found realm "domain"
    rlm_realm: Adding Stripped-User-Name = "username"
    rlm_realm: Proxying request from user username to realm domain
    rlm_realm: Adding Realm = "domain"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 47
    users: Matched entry DEFAULT at line 247
  modcall[authorize]: module "files" returns ok for request 47
modcall: leaving group authorize (returns ok) for request 47
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 47
rlm_unix: [username]: invalid password
  modcall[authenticate]: module "unix" returns reject for request 47
modcall: leaving group authenticate (returns reject) for request 47
auth: Failed to validate the user.
Login incorrect: [username at domain/0844] (from client XXX.XXX.XXX.XXX 
port 3841982477 cli mdvi11100400714)
Delaying request 47 for 3 seconds
Finished request 47

Chris Moss




Chris Moss wrote:
> We've been running Freeradius for a long time without any issues. We 
> typically turn a customer off by changing the password in the passwd 
> file. We use the passwd file for authentication. The issue is 
> intermittent the customer is DSL so they will try to log in for a 
> couple of hours constantly before being allowed to connect. Once the 
> connect reseting their dsl connection forces them to login again. It 
> will fail at this point, like it's supposed to. First before I get 
> into posting any configs or that detail, has anyone else had similar 
> problems?
>
> Also, the logs sometimes show invalid shell with part of the passwd 
> file. Not necessarily the actual shell portion though. It may show the 
> home directory, or the shell, or even part of one of those such as 
> "/bin/fal"
>

More information about the Freeradius-Users mailing list