Radius Squid authentication REJECT
Iftakhul Anwar
anwar at meruvian.org
Thu Apr 11 18:29:57 CEST 2013
Hi,
I'm sorry,
This is response log from radiusd -X when i try long using usr:alice
password: password
Cleaning up request 3 ID 4 with timestamp +116
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4,
length=63
User-Name = "alice"
User-Password = "\335\307-\245#ˎ!7\036f\023\217\3630\257"
NAS-Port = 111
NAS-Port-Type = Async
NAS-IP-Address = 192.168.2.3
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "alice", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> alice
[sql] sql_set_user escaped user --> 'alice'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY
id -> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'alice' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY
id -> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'alice' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'alice'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "\DD\C7-\A5#\CB?!7?f??\F30\AF"
[pap] Using clear text password "password"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared
secret on the server and the NAS!
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> alice
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 4 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4,
length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4,
length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4,
length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 2.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4,
length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 1.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.3 port 55467, id=4,
length=63
Sending duplicate reply to client localprivate port 55467 - ID: 4
Sending Access-Reject of id 4 to 192.168.2.3 port 55467
Waking up in 0.9 seconds.
Cleaning up request 4 ID 4 with timestamp +122
Ready to process requests.
On Thu, Apr 11, 2013 at 11:22 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
> > Hi, previously i've attached my log as attachment :)
>
> no, you havent :-(
>
> all you have attached is the stuff that you felt you wanted to send.
> without sending
> the FULL output of radiusd -X FROM THE START we cannot see where you have
> gone wrong.
>
> HOW can we help if you dont give us the information we request?
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
*M.Iftakhul Anwar*
Meruvian Integrator
High Performance Computing / Cloud Computing (HPC/CC)
Office Phone : 021-93586577
Mobile Phone : 085215331477
Blog : http://blog.mervpolis.com/roller/anwar
FB : http://www.facebook.com/troya.adromeda
Website : www.meruvian.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130411/690692f5/attachment.html>
More information about the Freeradius-Users
mailing list