Unexpected response - Freeradius 3.0.10
Michal Tomaszewski
Michal.Tomaszewski at cca.pl
Mon Sep 21 20:10:45 CEST 2015
Hello,
Freeradius – last build from repo – reject response adds unexpected values when SQL is not available.
Default configuration straight from repo, SQL enabled, empty mysql database.
When I call:
echo "User-Name=service-check,User-Password=somepassword,Framed-Protocol=PPP " | radclient -x -r 1 -t 2 server_address:1812 auth testing123
I get:
Sending Access-Request of id 118 to server_address port 1812
User-Name = "service-check"
User-Password = " somepassword "
Framed-Protocol = PPP
rad_recv: Access-Reject packet from host server_address port 1812, id=118, length=20
When SQL server is down calling the same:
echo "User-Name=service-check,User-Password=somepassword,Framed-Protocol=PPP " | radclient -x -r 1 -t 2 server_address:1812 auth testing123
Gives:
Sending Access-Request of id 239 to server_address 8 port 1812
User-Name = "service-check"
User-Password = " somepassword"
Framed-Protocol = PPP
rad_recv: Access-Reject packet from host server_address port 1812, id=239, length=32
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
It seems that response adds Framed-Protocol and Framed-Compression responses when SQL is not available.
In debug there is:
Mon Sep 21 19:57:11 2015 : Debug: (2) Post-Auth-Type REJECT {
Mon Sep 21 19:57:11 2015 : Debug: (2) modsingle[post-auth]: calling sql (rlm_sql) for request 2
Mon Sep 21 19:57:11 2015 : Debug: .query
Mon Sep 21 19:57:11 2015 : Debug: Parsed xlat tree:
Mon Sep 21 19:57:11 2015 : Debug: literal --> .query
Mon Sep 21 19:57:11 2015 : Debug: (2) sql: EXPAND .query
Mon Sep 21 19:57:11 2015 : Debug: (2) sql: --> .query
Mon Sep 21 19:57:11 2015 : Debug: (2) sql: Using query template 'query'
Mon Sep 21 19:57:11 2015 : Debug: rlm_sql (sql): 0 of 0 connections in use. You may need to increase "spare"
Mon Sep 21 19:57:11 2015 : Info: rlm_sql (sql): Opening additional connection (3), 1 of 32 pending slots used
Mon Sep 21 19:57:11 2015 : Debug: rlm_sql_mysql: Starting connect to MySQL server
Mon Sep 21 19:57:11 2015 : Error: rlm_sql_mysql: Couldn't connect to MySQL server radius at 127.0.0.1:Radius-DB
Mon Sep 21 19:57:11 2015 : Error: rlm_sql_mysql: MySQL error: Can't connect to MySQL server on '127.0.0.1' (111)
Mon Sep 21 19:57:11 2015 : Debug: rlm_sql_mysql: Socket destructor called, closing socket
Mon Sep 21 19:57:11 2015 : Error: rlm_sql (sql): Opening connection failed (3)
Mon Sep 21 19:57:11 2015 : Debug: (2) modsingle[post-auth]: returned from sql (rlm_sql) for request 2
Mon Sep 21 19:57:11 2015 : Debug: (2) [sql] = fail
Mon Sep 21 19:57:11 2015 : Debug: (2) } # Post-Auth-Type REJECT = fail
Mon Sep 21 19:57:11 2015 : Debug: (2) Delaying response for 1.000000 seconds
Mon Sep 21 19:57:11 2015 : Debug: Waking up in 0.3 seconds.
Mon Sep 21 19:57:11 2015 : Debug: Waking up in 0.6 seconds.
Mon Sep 21 19:57:12 2015 : Debug: (2) <REQUEST_RESPONSE_DELAY>: Sending delayed response
Mon Sep 21 19:57:12 2015 : Debug: (2) <REQUEST_RESPONSE_DELAY>: Sent Access-Reject Id 100 from 10.10.10.10:1812 to EXT_ADDRESS:59005 length 32
Mon Sep 21 19:57:12 2015 : Debug: (2) <REQUEST_RESPONSE_DELAY>: Framed-Protocol = PPP
Mon Sep 21 19:57:12 2015 : Debug: (2) <REQUEST_RESPONSE_DELAY>: Framed-Compression = Van-Jacobson-TCP-IP
Mon Sep 21 19:57:12 2015 : Debug: Waking up in 3.9 seconds.
Mon Sep 21 19:57:16 2015 : Debug: (2) <REQUEST_RESPONSE_DELAY>: Cleaning up request packet ID 100 with timestamp +19
Mon Sep 21 19:57:16 2015 : Info: Ready to process requests
Is this response correct?
Regards,
Mike
________________________________________ Uwaga: Treść niniejszej wiadomości może być poufna i objęta zakazem jej ujawniania. Jeśli czytelnik tej wiadomości nie jest jej zamierzonym adresatem, pracownikiem lub pośrednikiem upoważnionym do jej przekazania adresatowi, informujemy że wszelkie rozprowadzanie, rozpowszechnianie lub powielanie niniejszej wiadomości jest zabronione. Jeśli otrzymałeś tę wiadomość omyłkowo, proszę bezzwłocznie odesłać ją nadawcy, a samą wiadomość usunąć z komputera. Dziękujemy. ________________________________ Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.If you have received this communication in error, please notify the sender immediately by replying to the message and deleting it from your computer. Thank you. ________________________________
More information about the Freeradius-Users
mailing list