Problem with only some users. Monowall - Freeradius

tnt at kalik.net tnt at kalik.net
Wed Feb 4 02:45:21 CET 2009


>I have a Monowall athorizing and accounting on a Freeradius 2.1.1
>

I have news for you - you don't. Some other server does that. Yours just
proxies requests to it.

>[suffix] Looking up realm "dialup.usp.br" for User-Name = "
>nbatista at dialup.usp.br"
>[suffix] Found realm "dialup.usp.br"
>[suffix] Adding Realm = "dialup.usp.br"
>[suffix] Proxying request from user nbatista to realm dialup.usp.br
..
>rad_recv: Access-Reject packet from host 126.126.126.126 port 1812, id=239,
>length=82
>        Reply-Message = "\r\nYou are already logged in 2 times  - access
>denied\r\n\n"
>        Proxy-State = 0x313636
>+- entering group post-proxy {...}
>[eap] No pre-existing handler found
>++[eap] returns noop
>Login incorrect (Home Server says so): [nbatista at dialup.usp.br] (from client
>gwrp port 83 cli 00:1b:77:b5:34:9d)


That's the only information of any use on this debug - Home Server says
so!

>Using Post-Auth-Type Reject
>  WARNING: Unknown value specified for Post-Auth-Type.  Cannot perform
>requested action.

Why have you disabled Post-Auth-Type REJECT on your server?

>I understood that there are 2 sessions opened. am I correct?

Maybe. But you need the debug from the home server in order to find out.

>If I am how can
>I close these sessions?

Again, you can't. If home server didn't get stop packets from your NAS
sessions will need to be removed - in the home server database. If you
are not the administrator of the home server - there is nothing you can
do. Except calling someone who is.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list