mod_auth_radius not asking for username/password

Süleyman Kuran skuran at ayk.gov.tr
Mon Apr 11 09:04:46 CEST 2016 


On 09-04-2016 18:24, Isaac Boukris wrote:
> On Fri, Apr 8, 2016 at 5:13 PM, Süleyman Kuran <skuran at ayk.gov.tr> wrote:
>> Hi there,
>>
>> I am on Centos 7
>> httpd 2.4
>> mod_auth_radius 1.5.8
>> My virtual host file is as follows:
>>
>> apache is not asking for username/password after 1 failed radius auth
>> attempt. After 1 failed auth, Unauthorized page appears and if I refresh
>> the page (F5) previous failed credentials are sent to the radius server
>> without popping up a window asking for username/password. If login is OK
>> the page is authorized. But if not, the user will have to wait for the
>> popup window until the session is timed out.
>>
>> if apache is configured for basic auth with htpasswd file. It asks for
>> the password after failed login as expected.
> It would be interesting to see the outputs of:
> # curl -v -k https://localhost/
> # curl -v -k https://localhost/ -u bad_user:bad_pwd
[root at localhost ~]# curl -v -k https://localhost/
* About to connect() to localhost port 443 (#0)
*   Trying ::1...
* Connected to localhost (::1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*     subject:
E=root at localhost.localdomain,CN=localhost.localdomain,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
*     start date: Nis 07 08:44:34 2016 GMT
*     expire date: Nis 07 08:44:34 2017 GMT
*     common name: localhost.localdomain
*     issuer:
E=root at localhost.localdomain,CN=localhost.localdomain,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Date: Mon, 11 Apr 2016 06:59:39 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9
PHP/5.4.16
< WWW-Authenticate: Basic realm="Auth required"
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
* Connection #0 to host localhost left intact

And the output to the second curl command is as follows:

[root at localhost ~]# curl -v -k https://localhost/ -u bad_user:bad_pwd
* About to connect() to localhost port 443 (#0)
*   Trying ::1...
* Connected to localhost (::1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*     subject:
E=root at localhost.localdomain,CN=localhost.localdomain,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
*     start date: Nis 07 08:44:34 2016 GMT
*     expire date: Nis 07 08:44:34 2017 GMT
*     common name: localhost.localdomain
*     issuer:
E=root at localhost.localdomain,CN=localhost.localdomain,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--
* Server auth using Basic with user 'bad_user'
> GET / HTTP/1.1
> Authorization: Basic YmFkX3VzZXI6YmFkX3B3ZA==
> User-Agent: curl/7.29.0
> Host: localhost
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Date: Mon, 11 Apr 2016 07:02:10 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9
PHP/5.4.16
< Content-Length: 381
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
* Connection #0 to host localhost left intact


And I am not so sure, this is a browser problem.

Thank you.





> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list