Can't get checkrad to be called
Dan Brisson
dbrisson at gmail.com
Thu Jun 2 04:25:33 CEST 2011
I was wondering if someone could help me determine why checkrad isn't
being called. I've followed the directions in the doc/Simultaneous-Use
but still cannot get checkrad to fire off when I login. It will check
radutmp, but never reaches out to my NAS with checkrad, as evidenced
here from radiusd -X:
+- entering group session {...}
[radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp] expand: %{User-Name} -> testuser
++[radutmp] returns ok
Using Post-Auth-Type Reject
In this case, testuser was already logged in as verified by radwho, but
why didn't it go out and check my NAS? I'm using a Nomadix HSG for a
NAS, which doesn't have a definition in clients.conf, but I've been able
to get /usr/sbin/checkrad to return the following by modifying the
"pr3000" definition:
[root at hologram radius]# more checkrad.log
Wed Jun 1 22:11:34 2011 checkrad pr3000 10.1.10.20 1 testuser 1
snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'public' 10.1.10.20
.1.3.6.1.4.1.3309.1.2.2.18.1.1.5
Returning 1 (double detected)
So it would seem if I could get FR to perform checkrad, I'd be in good
shape.
Can I provide any other data? I'm using SQL for authorization and
accounting. I'm on version 2.1.7-7.el5 of FreeRadius.
TIA,
-dan
More information about the Freeradius-Users
mailing list