Problem with only some users. Monowall - Freeradius

Daniel Bojczuk daniel at cirp.usp.br
Wed Feb 4 02:23:28 CET 2009


Sorry I didn't understand.

I executed freeradius on debug mode, then I used the radtest command.

The message is almost the same, but the proxy (@dialup,usp.br - another
radius server in another city) returns OK.

Why using radtest it returns OK and using monowall it retorns Reject?

Thanks, sorry about my english.

Daniel

2009/2/3 SDamron <sdamron at gmail.com>

Looks like some kind of problem with your database.  It clears when
> you auth against the radtest, but when you try to use a user in the
> database, it fails.
>
> On Tue, Feb 3, 2009 at 6:45 PM, Daniel Bojczuk <daniel at cirp.usp.br> wrote:
> > Hi!!
> >
> > I have a Monowall athorizing and accounting on a Freeradius 2.1.1
> >
> > When I execute:
> >       radtest nbatista at dialup.usp.br ******* 123.123.123.123 0 's3mf!o/'
> > I get the folowing answer:
> >    Sending Access-Request of id 177 to 123.123.123.123 port 1812
> >        User-Name = "nbatista at dialup.usp.br"
> >        User-Password = "nat6672"
> >        NAS-IP-Address = 123.123.123.123
> >        NAS-Port = 0
> >    rad_recv: Access-Accept packet from host 123.123.123.123 port 1812,
> > id=177, length=68
> >        Framed-IP-Address = 255.255.255.254
> >        Framed-MTU = 1500
> >        Service-Type = Framed-User
> >        Framed-Protocol = PPP
> >        Framed-Compression = Van-Jacobson-TCP-IP
> >        Session-Timeout = 86400
> >        Framed-IP-Netmask = 255.255.255.0
> >        Idle-Timeout = 3600
> >
> > Everything works fine. But when I try to login using Monowall login page
> on
> > debug mode I have this:
> >
> >
> ___________________________________________________________________________________________________________________________
> >
> > rad_recv: Access-Request packet from host 124.124.124.124 port 63026,
> > id=166, length=150
> >         NAS-IP-Address = 124.124.124.124
> >         NAS-Identifier = "gwrp.semfio.usp.br"
> >         User-Name = "nbatista at dialup.usp.br"
> >         User-Password = "*******"
> >         Service-Type = Login-User
> >         NAS-Port-Type = Ethernet
> >         NAS-Port = 83
> >         Framed-IP-Address = 125.125.125.125
> >         Called-Station-Id = "00:11:2f:75:81:7c"
> >         Calling-Station-Id = "00:1b:77:b5:34:9d"
> > +- entering group authorize {...}
> > ++[preprocess] returns ok
> > [auth_log]      expand:
> > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> ->
> > /usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203
> > [auth_log]
> > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> > expands to
> > /usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203
> > [auth_log]      expand: %t -> Tue Feb  3 17:30:54 2009
> > ++[auth_log] returns ok
> > [suffix] Looking up realm "dialup.usp.br" for User-Name =
> > "nbatista at dialup.usp.br"
> > [suffix] Found realm "dialup.usp.br"
> > [suffix] Adding Realm = "dialup.usp.br"
> > [suffix] Proxying request from user nbatista to realm dialup.usp.br
> > [suffix] Preparing to proxy authentication request to realm "
> dialup.usp.br"
> > ++[suffix] returns updated
> > [sql]   expand: %{User-Name} -> nbatista at dialup.usp.br
> > [sql] sql_set_user escaped user --> 'nbatista at dialup.usp.br'
> > rlm_sql (sql): Reserving sql socket id: 6
> > [sql]   expand: SELECT id, UserName, Attribute, Value, Op   FROM radcheck
> > WHERE Username = '%{SQL-User-Name}'   ORDER BY id -> SELECT id, UserName,
> > Attribute, Value, Op   FROM radcheck   WHERE Username =
> > 'nbatista at dialup.usp.br'   ORDER BY id
> > rlm_sql_postgresql: Status: PGRES_TUPLES_OK
> > rlm_sql_postgresql: query affected rows = 0 , fields = 5
> > [sql]   expand: SELECT GroupName FROM radusergroup WHERE
> > UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
> > radusergroup WHERE UserName='nbatista at dialup.usp.br' ORDER BY priority
> > rlm_sql_postgresql: Status: PGRES_TUPLES_OK
> > rlm_sql_postgresql: query affected rows = 0 , fields = 1
> > rlm_sql (sql): Released sql socket id: 6
> > [sql] User nbatista at dialup.usp.br not found
> > ++[sql] returns notfound
> > ++[pap] returns noop
> > Sending Access-Request of id 239 to 126.126.126.126 port 1812
> >         NAS-IP-Address = 124.124.124.124
> >         NAS-Identifier = "gwrp.semfio.usp.br"
> >         User-Name = "nbatista at dialup.usp.br"
> >         User-Password = "*******"
> >         Service-Type = Login-User
> >         NAS-Port-Type = Ethernet
> >         NAS-Port = 83
> >         Framed-IP-Address = 125.125.125.125
> >         Called-Station-Id = "00:11:2f:75:81:7c"
> >         Calling-Station-Id = "00:1b:77:b5:34:Sending Access-Request of id
> > 239 to 143.107.253.10 port 1812
> >         NAS-IP-Address = 124.124.124.124
> >         NAS-Identifier = "gwrp.semfio.usp.br"
> >         User-Name = "nbatista at dialup.usp.br"
> >         User-Password = "*******"
> >         Service-Type = Login-User
> >         NAS-Port-Type = Ethernet
> >         NAS-Port = 83
> >         Framed-IP-Address = 125.125.125.125
> >         Called-Station-Id = "00:11:2f:75:81:7c"
> >         Calling-Station-Id = "00:1b:77:b5:34:9d"
> >         Proxy-State = 0x313636
> > Going to the next request
> > Waking up in 0.8 seconds.
> > Cleaning up request 5 ID 194 with timestamp +9
> > Waking up in 0.1 seconds.
> > Waking up in 13.0 seconds.
> > rad_recv: Access-Reject packet from host 126.126.126.126 port 1812,
> id=239,
> > length=82
> >         Reply-Message = "\r\nYou are already logged in 2 times  - access
> > denied\r\n\n"
> >         Proxy-State = 0x313636
> > +- entering group post-proxy {...}
> > [eap] No pre-existing handler found
> > ++[eap] returns noop
> > Login incorrect (Home Server says so): [nbatista at dialup.usp.br] (from
> client
> > gwrp port 83 cli 00:1b:77:b5:34:9d)
> > Using Post-Auth-Type Reject
> >   WARNING: Unknown value specified for Post-Auth-Type.  Cannot perform
> > requested action.
> > Sending Access-Reject of id 166 to 123.123.123.123 port 63026
> >         Reply-Message = "\r\nYou are already logged in 2 times  - access
> > denied\r\n\n"
> > Finished request 6.
> > Going to the next request
> > Waking up in 4.9 seconds.
> >
> ____________________________________________________________________________________________________________________
> >
> > I understood that there are 2 sessions opened. am I correct? If I am how
> can
> > I close these sessions?
> > And why does radtest work?
> >
> >
> > Thanks!
> >
> > Sorry about my English.
> >
> > Daniel Bojczuk
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090203/7521f5c6/attachment.html>


More information about the Freeradius-Users mailing list