freeradius +mpd

Edgars edgarz at dtg.lv
Sun Feb 13 14:05:24 CET 2011 

 Hello,

  I'm running freebsd 8.1 with mpd 5.5, authenticating users against
  freeradius. After some seccon uptime pppoe link is dropped.
  In radius.log i see this

  Auth: Login OK: [test/test] (from client mpd port 2 cli 000c2906911e)
  Error: Received Accounting-Request packet from 10.10.10.2 with invalid
  signature!  (Shared secret is incorrect.) Dropping packet without
  response.

  Found in forums about "options RADIX_MPATH" for kernel but that didn't
  give me any result.

  DEBUG:

  rad_recv: Access-Request packet from host 10.10.10.2 port 19490,
  id=151, length=183
          NAS-Identifier = "mpd.mydomain.tld"
          NAS-IP-Address = 10.10.10.2
          Message-Authenticator = 0xd52aa007f6772e3745cc6209e99aef8d
          Acct-Session-Id = "7596900-em1_0-2"
          NAS-Port = 2
          NAS-Port-Type = Ethernet
          Service-Type = Framed-User
          Framed-Protocol = PPP
          Calling-Station-Id = "000c2906911e"
          Called-Station-Id = "z"
          NAS-Port-Id = "em1"
          Vendor-12341-Attr-12 = 0x656d315f302d32
          Tunnel-Medium-Type:0 = IEEE-802
          Tunnel-Client-Endpoint:0 = "00:0c:29:06:91:1e"
          User-Name = "test"
          User-Password = "test"
  +- entering group authorize {...}
  ++[preprocess] returns ok
  [auth_log]      expand:
  /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
  /var/log/radacct/10.10.10.2/auth-detail-20110213
  [auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
  expands to /var/log/radacct/10.10.10.2/auth-detail-20110213
  [auth_log]      expand: %t -> Sun Feb 13 10:00:27 2011
  ++[auth_log] returns ok
  ++[chap] returns noop
  ++[mschap] returns noop
  [suffix] No '@' in User-Name = "test", looking up realm NULL
  [suffix] No such realm "NULL"
  ++[suffix] returns noop
  [eap] No EAP-Message, not doing EAP
  ++[eap] returns noop
  ++[unix] returns notfound
  [files] users: Matched entry DEFAULT at line 172
  ++[files] returns ok
  [sql]   expand: %{User-Name} -> test
  [sql] sql_set_user escaped user --> 'test'
  rlm_sql (sql): Reserving sql socket id: 3
  [sql]   expand: SELECT id, username, attribute, value, op
  FROM radcheck           WHERE username = '%{SQL-User-Name}'
  ORDER BY id -> SELECT id, username, attri
  bute, value, op           FROM radcheck           WHERE username =
  'test'           ORDER BY id
  [sql] User found in radcheck table
  [sql]   expand: SELECT id, username, attribute, value, op
  FROM radreply           WHERE username = '%{SQL-User-Name}'
  ORDER BY id -> SELECT id, username, attri
  bute, value, op           FROM radreply           WHERE username =
  'test'           ORDER BY id
  [sql]   expand: SELECT groupname           FROM radusergroup
  WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
  SELECT groupname           FROM radusergr
  oup           WHERE username = 'test'           ORDER BY priority
  rlm_sql (sql): Released sql socket id: 3
  ++[sql] returns ok
  ++[expiration] returns noop
  ++[logintime] returns noop
  ++[pap] returns updated
  Found Auth-Type = PAP
  +- entering group PAP {...}
  [pap] login attempt with password "test"
  [pap] Using CRYPT encryption.
  [pap] User authenticated successfully
  ++[pap] returns ok

  Login OK: [test/test] (from client mpd port 2 cli 000c2906911e)
  +- entering group post-auth {...}
  ++[exec] returns noop
  Sending Access-Accept of id 151 to 10.10.10.2 port 19490
          Framed-Protocol = PPP
          Framed-Compression = Van-Jacobson-TCP-IP
  Finished request 23.
  Going to the next request
  Waking up in 0.5 seconds.
  rad_recv: Accounting-Request packet from host 10.10.10.2 port 26224,
  id=172, length=218
          NAS-Identifier = "mpd.mydomain.tld"
          NAS-IP-Address = 10.10.10.2
          Acct-Session-Id = "7596900-em1_0-2"
          NAS-Port = 2
          NAS-Port-Type = Ethernet
          Service-Type = Framed-User
          Framed-Protocol = PPP
          Calling-Station-Id = "000c2906911e"
          Called-Station-Id = "z"
          NAS-Port-Id = "em1"
          Vendor-12341-Attr-12 = 0x656d315f302d32
          Tunnel-Medium-Type:0 = IEEE-802
          Tunnel-Client-Endpoint:0 = "00:0c:29:06:91:1e"
          Acct-Status-Type = Start
          Framed-IP-Address = 20.20.20.2
          User-Name = "test"
          Acct-Multi-Session-Id = "7596900-B-1"
          Vendor-12341-Attr-13 = 0x422d31
          Vendor-12341-Attr-14 = 0x6e6730
          Vendor-12341-Attr-15 = 0x00000004
          Acct-Link-Count = 1
          Acct-Authentic = RADIUS
  +- entering group preacct {...}
  ++[preprocess] returns ok
  [acct_unique] Hashing 'NAS-Port = 2,Client-IP-Address =
  10.10.10.2,NAS-IP-Address = 10.10.10.2,Acct-Session-Id =
  "7596900-em1_0-2",User-Name = "test"'
  [acct_unique] Acct-Unique-Session-ID = "026e7c5b94c4dd87".
  ++[acct_unique] returns ok
  [suffix] No '@' in User-Name = "test", looking up realm NULL
  [suffix] No such realm "NULL"
  ++[suffix] returns noop
  ++[files] returns noop
  +- entering group accounting {...}
  [detail]        expand:
  /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
  /var/log/radacct/10.10.10.2/detail-20110213
  [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands 
 to
  /var/log/radacct/10.10.10.2/detail-20110213
  [detail]        expand: %t -> Sun Feb 13 10:00:27 2011
  ++[detail] returns ok
  ++[unix] returns fail
  Finished request 24.
  Cleaning up request 24 ID 172 with timestamp +12
  Going to the next request
  Waking up in 0.5 seconds.

More information about the Freeradius-Users mailing list