inexplicable Nas Not Found

yzy-oui-fi yzy-oui-fi at hotmail.fr
Wed Apr 25 13:16:14 CEST 2012


Check that the firewall in front of your radius server accept 1812 to
1814 tcp connexion.

Le mercredi 25 avril 2012 à 13:58 +0300, NorthPole a écrit :
> Hello everyone.
> 
> I have a very weird problem with my setup.
> 
> my clients.conf
> 
> client 127.0.0.1 {
> 	secret		= testing123
> 	shortname	= Localhost
> }
> client 20.20.20.20 {
> 	secret		= pfsense
> 	shortname	= pfsense
> }
> client 20.20.20.17 {
> 	secret		= testing
> 	shortname	= ubuntu
> }
> 
> with this setup I can only connect through the pfsense's captive portal
> when I try to use radtest in both localhost and the remote ubuntu i
> get a nas not found response
> I'm using mysql authentication and the debugging output is the following
> 
> 
> 
> rad_recv: Access-Request packet from host 20.20.20.17 port 55281,
> id=56, length=67
> 	User-Name = "northpole"
> 	User-Password = "1234"
> 	NAS-IP-Address = 127.0.1.1
> 	NAS-Port = 1812
> 	Framed-Protocol = PPP
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "northpole", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> [files] users: Matched entry DEFAULT at line 50
> [files] 	expand: /usr/local/bin/rmauth "%{NAS-IP-Address}"
> "%{User-Name}" "%{Calling-Station-Id}" -> /usr/local/bin/rmauth
> "127.0.1.1" "northpole" ""
> ++[files] returns ok
> [sql] 	expand: %{User-Name} -> northpole
> [sql] sql_set_user escaped user --> 'northpole'
> rlm_sql (sql): Reserving sql socket id: 3
> [sql] 	expand: SELECT id, username, attribute, value, op
> FROM radcheck           WHERE username = '%{SQL-User-Name}'
> ORDER BY id -> SELECT id, username, attribute, value, op
> FROM radcheck           WHERE username = 'northpole'           ORDER
> BY id
> [sql] User found in radcheck table
> [sql] 	expand: SELECT id, username, attribute, value, op
> FROM radreply           WHERE username = '%{SQL-User-Name}'
> ORDER BY id -> SELECT id, username, attribute, value, op
> FROM radreply           WHERE username = 'northpole'           ORDER
> BY id
> [sql] 	expand: SELECT groupname           FROM radusergroup
> WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
> SELECT groupname           FROM radusergroup           WHERE username
> = 'northpole'           ORDER BY priority
> rlm_sql (sql): Released sql socket id: 3
> ++[sql] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] Found existing Auth-Type, not changing it.
> ++[pap] returns noop
> Found Auth-Type = Local
> WARNING: Please update your configuration, and remove 'Auth-Type = Local'
> WARNING: Use the PAP or CHAP modules instead.
> User-Password in the request is correct.
> +- entering group session {...}
> [sql] 	expand: %{User-Name} -> northpole
> [sql] sql_set_user escaped user --> 'northpole'
> [sql] 	expand: SELECT COUNT(*)                              FROM
> radacct                              WHERE username =
> '%{SQL-User-Name}'                              AND acctstoptime IS
> NULL -> SELECT COUNT(*)                              FROM radacct
>                         WHERE username = 'northpole'
>            AND acctstoptime IS NULL
> rlm_sql (sql): Reserving sql socket id: 2
> rlm_sql (sql): Released sql socket id: 2
> ++[sql] returns ok
> +- entering group post-auth {...}
> [sqlippool] No Pool-Name defined.
> [sqlippool] 	expand: No Pool-Name defined   (did %{Called-Station-Id}
> cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> No
> Pool-Name defined   (did  cli  port 1812 user northpole)
> No Pool-Name defined   (did  cli  port 1812 user northpole)
> ++[sqlippool] returns noop
> Exec-Program output: Reply-Message="NAS not found!"
> Exec-Program-Wait: value-pairs: Reply-Message="NAS not found!"
> Exec-Program: returned: 1
> [exec] Login incorrect (external check said so)
> ++[exec] returns reject
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject] 	expand: %{User-Name} -> northpole
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 7 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 7
> Sending Access-Reject of id 56 to 20.20.20.17 port 55281
> 	Reply-Message = "NAS not found!"
> Waking up in 4.9 seconds.
> Cleaning up request 7 ID 56 with timestamp +358
> Ready to process requests.
> 
> what am I missing here?
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 




More information about the Freeradius-Users mailing list