Problem with only some users. Monowall - Freeradius

Daniel Bojczuk daniel at cirp.usp.br
Wed Feb 4 01:45:32 CET 2009 

Hi!!

I have a Monowall athorizing and accounting on a Freeradius 2.1.1

When I execute:
      radtest nbatista at dialup.usp.br ******* 123.123.123.123 0 's3mf!o/'
I get the folowing answer:
   Sending Access-Request of id 177 to 123.123.123.123 port 1812
       User-Name = "nbatista at dialup.usp.br"
       User-Password = "nat6672"
       NAS-IP-Address = 123.123.123.123
       NAS-Port = 0
   rad_recv: Access-Accept packet from host 123.123.123.123 port 1812,
id=177, length=68
       Framed-IP-Address = 255.255.255.254
       Framed-MTU = 1500
       Service-Type = Framed-User
       Framed-Protocol = PPP
       Framed-Compression = Van-Jacobson-TCP-IP
       Session-Timeout = 86400
       Framed-IP-Netmask = 255.255.255.0
       Idle-Timeout = 3600

Everything works fine. But when I try to login using Monowall login page on
debug mode I have this:

___________________________________________________________________________________________________________________________

rad_recv: Access-Request packet from host 124.124.124.124 port 63026,
id=166, length=150
        NAS-IP-Address = 124.124.124.124
        NAS-Identifier = "gwrp.semfio.usp.br"
        User-Name = "nbatista at dialup.usp.br"
        User-Password = "*******"
        Service-Type = Login-User
        NAS-Port-Type = Ethernet
        NAS-Port = 83
        Framed-IP-Address = 125.125.125.125
        Called-Station-Id = "00:11:2f:75:81:7c"
        Calling-Station-Id = "00:1b:77:b5:34:9d"
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/
143.107.192.54/auth-detail-20090203
[auth_log]      expand: %t -> Tue Feb  3 17:30:54 2009
++[auth_log] returns ok
[suffix] Looking up realm "dialup.usp.br" for User-Name = "
nbatista at dialup.usp.br"
[suffix] Found realm "dialup.usp.br"
[suffix] Adding Realm = "dialup.usp.br"
[suffix] Proxying request from user nbatista to realm dialup.usp.br
[suffix] Preparing to proxy authentication request to realm "dialup.usp.br"
++[suffix] returns updated
[sql]   expand: %{User-Name} -> nbatista at dialup.usp.br
[sql] sql_set_user escaped user --> 'nbatista at dialup.usp.br'
rlm_sql (sql): Reserving sql socket id: 6
[sql]   expand: SELECT id, UserName, Attribute, Value, Op   FROM radcheck
WHERE Username = '%{SQL-User-Name}'   ORDER BY id -> SELECT id, UserName,
Attribute, Value, Op   FROM radcheck   WHERE Username = '
nbatista at dialup.usp.br'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
[sql]   expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='nbatista at dialup.usp.br' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 1
rlm_sql (sql): Released sql socket id: 6
[sql] User nbatista at dialup.usp.br not found
++[sql] returns notfound
++[pap] returns noop
Sending Access-Request of id 239 to 126.126.126.126 port 1812
        NAS-IP-Address = 124.124.124.124
        NAS-Identifier = "gwrp.semfio.usp.br"
        User-Name = "nbatista at dialup.usp.br"
        User-Password = "*******"
        Service-Type = Login-User
        NAS-Port-Type = Ethernet
        NAS-Port = 83
        Framed-IP-Address = 125.125.125.125
        Called-Station-Id = "00:11:2f:75:81:7c"
        Calling-Station-Id = "00:1b:77:b5:34:Sending Access-Request of id
239 to 143.107.253.10 port 1812
        NAS-IP-Address = 124.124.124.124
        NAS-Identifier = "gwrp.semfio.usp.br"
        User-Name = "nbatista at dialup.usp.br"
        User-Password = "*******"
        Service-Type = Login-User
        NAS-Port-Type = Ethernet
        NAS-Port = 83
        Framed-IP-Address = 125.125.125.125
        Called-Station-Id = "00:11:2f:75:81:7c"
        Calling-Station-Id = "00:1b:77:b5:34:9d"
        Proxy-State = 0x313636
Going to the next request
Waking up in 0.8 seconds.
Cleaning up request 5 ID 194 with timestamp +9
Waking up in 0.1 seconds.
Waking up in 13.0 seconds.
rad_recv: Access-Reject packet from host 126.126.126.126 port 1812, id=239,
length=82
        Reply-Message = "\r\nYou are already logged in 2 times  - access
denied\r\n\n"
        Proxy-State = 0x313636
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Login incorrect (Home Server says so): [nbatista at dialup.usp.br] (from client
gwrp port 83 cli 00:1b:77:b5:34:9d)
Using Post-Auth-Type Reject
  WARNING: Unknown value specified for Post-Auth-Type.  Cannot perform
requested action.
Sending Access-Reject of id 166 to 123.123.123.123 port 63026
        Reply-Message = "\r\nYou are already logged in 2 times  - access
denied\r\n\n"
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
____________________________________________________________________________________________________________________

I understood that there are 2 sessions opened. am I correct? If I am how can
I close these sessions?
And why does radtest work?


Thanks!

Sorry about my English.

Daniel Bojczuk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090203/300a6184/attachment.html>

More information about the Freeradius-Users mailing list