authentication-failed

Ejaz mejaz at cyberia.net.sa
Thu Aug 4 16:01:20 CEST 2016 

Hello,  All.

 

 

Please help me to make sure before going live.. just I need to make sure the from expert people. My radius -x shows output as per the attached file. So it mean everything is ok.. 

 

 

My setup is as follows.

 

 

 

1.            NAS (MDG from Motorola, do we need add addionational attributes  in

dictionary file for the Motorola MDG)

2.            Freeradius version 3.x,  oracle 11g client  (installed or Dell

PowerEdge R730 or oracle 11x86)

3.            Database  (installed or Sparc remote server)

4.            Driver rlm_sql is already installed .

5.  oracle and client connectivity is ok.

 

 

 

 

-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+mejaz=cyberia.net.sa at lists.freeradius.org] On Behalf Of Ejaz
Sent: Sunday, April 17, 2016 6:39 PM
To: Freeradius-Users at lists.freeradius.org
Subject: authentication-failed

 

Hello all. 

 

 

1.            NAS (MDG from Motorola, do we need add addionational attributes  in

dictionary file for the Motorola MDG)

2.            Freeradius version 3.x,  oracle 11g client  (installed or Dell

PowerEdge R730 or oracle 11x86)

3.            Database  (installed or Sparc remote server)

4.            Driver rlm_sql is already installed .

 

< <mailto:root at ruh02saaa02:/usr/local/freeradius3/lib> mailto:root at ruh02saaa02:/usr/local/freeradius3/lib>

root at ruh02saaa02:/usr/local/freeradius3/lib# ls -l rlm_sql_oracle*

 

-rwxr-xr-x 1 root root 964808 Apr 14 14:35 rlm_sql_oracle.a

 

-rwxr-xr-x 1 root root     27 Apr 14 14:35  < <http://rlm_sql_oracle.la/> http://rlm_sql_oracle.la/>

rlm_sql_oracle.la

 

-rwxr-xr-x 1 root root 775232 Apr 14 14:35 rlm_sql_oracle.so 

 

 

 

The Radius server is able to connect to the database as below  but the authentication is failed.  as i am very new to freeradius any help would be highly appreciated.. 

 

 

}

 

Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel

 

Listening on auth address * port 1812 bound to server default

 

Listening on acct address * port 1813 bound to server default

 

Listening on auth address :: port 1812 bound to server default

 

Listening on acct address :: port 1813 bound to server default

 

Listening on proxy address * port 59512

 

Listening on proxy address :: port 52582

 

Ready to process requests

 

(0) Received Access-Request Id 0 from  < <http://10.99.10.135:54942/> http://10.99.10.135:54942/>

10.99.10.135:54942 to  < <http://0.0.0.0:1812/> http://0.0.0.0:1812/> 0.0.0.0:1812 length

52

 

(0)   User-Name = "10.10.82.80 "

 

(0)   User-Password = "cisco"

 

(0) # Executing section authorize from file /usr/local/freeradius3/etc/raddb/sit

es-enabled/default

 

(0)   authorize {

 

(0)     policy filter_username {

 

(0)       if (&User-Name) {

 

(0)       if (&User-Name)  -> TRUE

 

(0)       if (&User-Name)  {

 

(0)         if (&User-Name =~ / /) {

 

(0)         if (&User-Name =~ / /)  -> TRUE

 

(0)         if (&User-Name =~ / /)  {

 

(0)           update request {

 

(0)             &Module-Failure-Message += 'Rejected: User-Name contains

whitesp

ace'

 

(0)           } # update request = noop

 

(0)           [reject] = reject

 

(0)         } # if (&User-Name =~ / /)  = reject

 

(0)       } # if (&User-Name)  = reject

 

(0)     } # policy filter_username = reject

 

(0)   } # authorize = reject

 

(0) Using Post-Auth-Type Reject

 

(0) # Executing group from file

/usr/local/freeradius3/etc/raddb/sites-enabled/d

efault

 

(0)   Post-Auth-Type REJECT {

 

(0) sql: EXPAND .query

 

(0) sql:    --> .query

 

(0) sql: Using query template 'query'

 

rlm_sql (sql): Closing connection (0): Hit idle_timeout, was idle for 104 second s

 

rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 104 second s

 

rlm_sql (sql): Closing connection (2): Hit idle_timeout, was idle for 104 second s

 

rlm_sql (sql): You probably need to lower "min"

 

rlm_sql (sql): Closing connection (3): Hit idle_timeout, was idle for 104 second s

 

rlm_sql (sql): You probably need to lower "min"

 

rlm_sql (sql): Closing connection (4): Hit idle_timeout, was idle for 104 second s

 

rlm_sql (sql): You probably need to lower "min"

 

rlm_sql (sql): 0 of 0 connections in use.  You  may need to increase "spare"

 

rlm_sql (sql): Opening additional connection (5), 1 of 32 pending slots used

 

rlm_sql (sql): Reserved connection (5)

 

(0) sql: EXPAND %{User-Name}

 

(0) sql:    --> 10.10.82.80

 

(0) sql: SQL-User-Name set to '10.10.82.80 '

 

(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',

'%{reply:Packet-

Type}', '%S')

 

(0) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate)

VALUES

( '10.10.82.80 ', 'cisco', 'Access-Reject', '2016-04-14 16:32:58')

 

(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authda

te) VALUES ( '10.10.82.80 ', 'cisco', 'Access-Reject', '2016-04-14

16:32:58')

 

(0) sql: SQL query returned: success

 

(0) sql: 1 record(s) updated

 

rlm_sql (sql): Released connection (5)

 

rlm_sql (sql): Need 2 more connections to reach 10 spares

 

rlm_sql (sql): Opening additional connection (6), 1 of 31 pending slots used

 

(0)     [sql] = ok

 

(0) attr_filter.access_reject: EXPAND %{User-Name}

 

(0) attr_filter.access_reject:    --> 10.10.82.80

 

(0) attr_filter.access_reject: Matched entry DEFAULT at line 11

 

(0)     [attr_filter.access_reject] = updated

 

(0)     [eap] = noop

 

(0)     policy remove_reply_message_if_eap {

 

(0)       if (&reply:EAP-Message && &reply:Reply-Message) {

 

(0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE

 

(0)       else {

 

(0)         [noop] = noop

 

(0)       } # else = noop

 

(0)     } # policy remove_reply_message_if_eap = noop

 

(0)   } # Post-Auth-Type REJECT = updated

 

(0) Delaying response for 1.000000 seconds

 

Waking up in 0.3 seconds.

 

Waking up in 0.6 seconds.

 

(0) Sending delayed response

 

(0) Sent Access-Reject Id 0 from  < <http://0.0.0.0:1812/> http://0.0.0.0:1812/> 0.0.0.0:1812 to < <http://10.99.10.135:54942/> http://10.99.10.135:54942/> 10.99.10.135:54942 length 20

 

Waking up in 3.9 seconds.

 

(0) Cleaning up request packet ID 0 with timestamp +104

 

Ready to process requests

 

 

 

Thanks,

 

Mohammed Ejaz

 

Asst. Operation Director of Systems.

 

Cyberia SAUDI ARABIA

 

P.O.Box: 301079, Riyadh 11372

 

Phone:  (+966) 11 464 7114 Ext. 140

 

Mobile:  (+966) 562311787

 

Fax:      (+966) 11 465 4735

 

Website:  <http://www.cyberia.net.sa> http://www.cyberia.net.sa

 

 

-

List info/subscribe/unsubscribe? See  <http://www.freeradius.org/list/users.html> http://www.freeradius.org/list/users.html

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radiusd -X.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160804/dfa7044b/attachment-0001.txt>

More information about the Freeradius-Users mailing list