Radius Access-Challenge and Apache

Daniel Abels Daniel.Abels at leica-microsystems.com
Mon Sep 5 01:27:21 CEST 2011


Hi Alan,

Thank you for your response.  I've been having a lot of trouble reaching
the mailing list, my responses are not getting through.  Hopefully this
one will!

Below is the output from the debug mode:

rad_recv: Access-Request packet from host 127.0.0.1 port 1026, id=60,
length=83
        User-Name = "dra"
        User-Password = "*****"
        Service-Type = Authenticate-Only
        NAS-Identifier = "debian-test-dra.vsl.com.au"
        NAS-IP-Address = 127.0.0.1
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "dra", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 54
++[files] returns ok
rlm_perl: Authorize Function Called
rlm_perl: Authorization for >127.0.0.1< was granted...
rlm_perl: Added pair User-Name = dra
rlm_perl: Added pair NAS-Identifier = debian-test-dra.vsl.com.au
rlm_perl: Added pair User-Password = *****
rlm_perl: Added pair Service-Type = Authenticate-Only
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair Auth-Type = Perl
++[perl] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = Perl
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group Perl {...}
rlm_perl: Log Request Attributes Called
rlm_perl:    Request: >User-Name< = >dra<
rlm_perl:    Request: >User-Password< = >*****<
rlm_perl:    Request: >NAS-Identifier< = >debian-test-dra.vsl.com.au<
rlm_perl:    Request: >Service-Type< = >Authenticate-Only<
rlm_perl:    Request: >NAS-IP-Address< = >127.0.0.1<
rlm_perl: Authenticate Function Called
rlm_perl: User: >dra< Authenticated, now sending access-challenge
rlm_perl: Log Reply Attributes Called
rlm_perl:    Reply: >Reply-Message< = >Please Enter Code<
rlm_perl:    Reply: >State< = >challenge<
rlm_perl: Added pair User-Name = dra
rlm_perl: Added pair User-Password = *****
rlm_perl: Added pair NAS-Identifier = debian-test-dra.vsl.com.au
rlm_perl: Added pair Service-Type = Authenticate-Only
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair Reply-Message = Please Enter Code
rlm_perl: Added pair State = challenge
rlm_perl: Added pair Response-Packet-Type = Access-Challenge
rlm_perl: Added pair Auth-Type = Perl
++[perl] returns handled
Sending Access-Challenge of id 60 to 127.0.0.1 port 1026
        Reply-Message = "Please Enter Code"
        State = 0x6368616c6c656e6765
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 6 ID 60 with timestamp +148
Ready to process requests.

The output to the browser at this point looks like this: (Firefox 6.0,
but I have tried IE 8.0 too)

http://imageshack.us/photo/my-images/856/authenticationrequired2.png/

I turned-up the logging level for Apache too, the following is a
complete successful login:

[Tue Aug 30 09:25:04 2011] [debug] mod_auth_radius-2.0.c(1185): Radius
Auth for: debian-test-dra.vsl.com.au requests /test/ :
file=/var/www/test/
[Tue Aug 30 09:25:04 2011] [debug] mod_auth_radius-2.0.c(762): Found
Radius Cookie, now check if it's valid...
[Tue Aug 30 09:25:04 2011] [debug] mod_auth_radius-2.0.c(1191): Found
cookie=8115747392e228c2f612d8fce9b384074e5c2035f36809adchallenge for
user=dra :
[Tue Aug 30 09:25:04 2011] [debug] mod_auth_radius-2.0.c(1195): with
RADIUS challenge state set.\n
[Tue Aug 30 09:25:04 2011] [debug] mod_auth_radius-2.0.c(902): Sending
packet on 127.0.0.1:1812
[Tue Aug 30 09:25:04 2011] [debug] mod_auth_radius-2.0.c(1111): RADIUS
server requested challenge for user dra
[Tue Aug 30 09:25:04 2011] [debug] mod_auth_radius-2.0.c(1232): RADIUS
authentication for user=dra password=***** failed\n
[Tue Aug 30 09:25:04 2011] [debug] mod_auth_radius-2.0.c(1239): Sending
failure message to user=dra\n
[Tue Aug 30 09:25:04 2011] [error] [client 10.10.240.240] user dra:
authentication failure for "/test/": Password Mismatch
[Tue Aug 30 09:25:04 2011] [debug] mod_deflate.c(615): [client
10.10.240.240] Zlib: Compressed 482 to 324 : URL /test/
[Tue Aug 30 09:25:18 2011] [debug] mod_auth_radius-2.0.c(1185): Radius
Auth for: debian-test-dra.vsl.com.au requests /test/ :
file=/var/www/test/
[Tue Aug 30 09:25:18 2011] [debug] mod_auth_radius-2.0.c(762): Found
Radius Cookie, now check if it's valid...
[Tue Aug 30 09:25:18 2011] [debug] mod_auth_radius-2.0.c(1191): Found
cookie=f94377b91a7b4e30ac0a3910ea54ec194e5c2048f36809adchallenge for
user=dra :
[Tue Aug 30 09:25:18 2011] [debug] mod_auth_radius-2.0.c(1195): with
RADIUS challenge state set.\n
[Tue Aug 30 09:25:18 2011] [debug] mod_auth_radius-2.0.c(902): Sending
packet on 127.0.0.1:1812
[Tue Aug 30 09:25:18 2011] [debug] mod_auth_radius-2.0.c(1256):  RADIUS
Authentication for user=dra password=0000 OK.  Cookie expiry in 5
minutes\n
[Tue Aug 30 09:25:18 2011] [debug] mod_auth_radius-2.0.c(1258):  Adding
cookie 393dda94ff105f4d6dad2c1a509a3a344e5c210a\n
[Tue Aug 30 09:25:18 2011] [debug] mod_deflate.c(615): [client
10.10.240.240] Zlib: Compressed 130 to 108 : URL /test/index.html

Any ideas?

Thanks again,

Daniel





More information about the Freeradius-Users mailing list