Auth: (24) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject):

gilbertrebeiro at gmail.com gilbertrebeiro at gmail.com
Sat Aug 24 18:37:16 CEST 2019


Ready to process requests
(0) Received Access-Request Id 49 from 127.0.0.1:52226 to 127.0.0.1:1812 length                                                                                                                                                              102
(0)   User-Name = "test at dsl.dido.ca"
(0)   User-Password = "testing123testing"
(0)   NAS-IP-Address = 23.144.128.31
(0)   NAS-Port = 0
(0)   Message-Authenticator = 0xde13937558571e30f92b0e3e1c2b35d6
(0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/de                                                                                                                                                             fault
(0)   authorize {
(0)     policy filter_username {
(0)       if (&User-Name) {
(0)       if (&User-Name)  -> TRUE
(0)       if (&User-Name)  {
(0)         if (&User-Name =~ / /) {
(0)         if (&User-Name =~ / /)  -> FALSE
(0)         if (&User-Name =~ /@[^@]*@/ ) {
(0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(0)         if (&User-Name =~ /\.\./ ) {
(0)         if (&User-Name =~ /\.\./ )  -> FALSE
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALS                                                                                                                                                             E
(0)         if (&User-Name =~ /\.$/)  {
(0)         if (&User-Name =~ /\.$/)   -> FALSE
(0)         if (&User-Name =~ /@\./)  {
(0)         if (&User-Name =~ /@\./)   -> FALSE
(0)       } # if (&User-Name)  = notfound
(0)     } # policy filter_username = notfound
(0)     [preprocess] = ok
(0)     [chap] = noop
(0)     [mschap] = noop
(0)     [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: Looking up realm "dsl.dido.ca" for User-Name = "test at dsl.dido.ca"
(0) suffix: No such realm "dsl.dido.ca"
(0)     [suffix] = noop
(0) eap: No EAP-Message, not doing EAP
(0)     [eap] = noop
(0)     [files] = noop
(0) sql: EXPAND %{User-Name}
(0) sql:    --> test at dsl.dido.ca
(0) sql: SQL-User-Name set to 'test at dsl.dido.ca'
rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 257 second                                                                                                                                                             s
rlm_sql (sql): Closing connection (2): Hit idle_timeout, was idle for 257 second                                                                                                                                                             s
rlm_sql (sql): Closing connection (3): Hit idle_timeout, was idle for 257 second                                                                                                                                                             s
rlm_sql (sql): Closing connection (4): Hit idle_timeout, was idle for 257 second                                                                                                                                                             s
rlm_sql (sql): You probably need to lower "min"
rlm_sql (sql): Closing connection (0): Hit idle_timeout, was idle for 257 second                                                                                                                                                             s
rlm_sql (sql): You probably need to lower "min"
rlm_sql (sql): Closing connection (5): Hit idle_timeout, was idle for 257 second                                                                                                                                                             s
rlm_sql (sql): You probably need to lower "min"
rlm_sql (sql): 0 of 0 connections in use.  You  may need to increase "spare"
rlm_sql (sql): Opening additional connection (6), 1 of 32 pending slots used
rlm_sql (sql): Reserved connection (6)
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE us                                                                                                                                                             ername = '%{SQL-User-Name}' ORDER BY id
(0) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE us                                                                                                                                                             ername = 'test at dsl.dido.ca' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM                                                                                                                                                              radcheck WHERE username = 'test at dsl.dido.ca' ORDER BY id
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-                                                                                                                                                             Name}' ORDER BY priority
(0) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'test at dsl.di                                                                                                                                                             do.ca' ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE userna                                                                                                                                                             me = 'test at dsl.dido.ca' ORDER BY priority
(0) sql: User not found in any groups
rlm_sql (sql): Released connection (6)
Need 2 more connections to reach min connections (3)
rlm_sql (sql): Opening additional connection (7), 1 of 31 pending slots used
(0)     [sql] = notfound
(0)     [expiration] = noop
(0)     [logintime] = noop
(0) pap: WARNING: No "known good" password found for the user.  Not setting Auth                                                                                                                                                             -Type
(0) pap: WARNING: Authentication will fail unless a "known good" password is ava                                                                                                                                                             ilable
(0)     [pap] = noop
(0)   } # authorize = ok
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0)   Post-Auth-Type REJECT {
(0) sql: EXPAND .query
(0) sql:    --> .query
(0) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (6)
(0) sql: EXPAND %{User-Name}
(0) sql:    --> test at dsl.dido.ca
(0) sql: SQL-User-Name set to 'test at dsl.dido.ca'
(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES                                                                                                                                                              ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-                                                                                                                                                             Type}', '%S')
(0) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES                                                                                                                                                              ( 'test at dsl.dido.ca', 'testing123testing', 'Access-Reject', '2019-08-24 14:41:2                                                                                                                                                             1')
(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authda                                                                                                                                                             te) VALUES ( 'test at dsl.dido.ca', 'testing123testing', 'Access-Reject', '2019-08-                                                                                                                                                             24 14:41:21')
(0) sql: SQL query returned: success
(0) sql: 1 record(s) updated
rlm_sql (sql): Released connection (6)
(0)     [sql] = ok
(0) attr_filter.access_reject: EXPAND %{User-Name}
(0) attr_filter.access_reject:    --> test at dsl.dido.ca
(0) attr_filter.access_reject: Matched entry DEFAULT at line 11
(0)     [attr_filter.access_reject] = updated
(0)     [eap] = noop
(0)     policy remove_reply_message_if_eap {
(0)       if (&reply:EAP-Message && &reply:Reply-Message) {
(0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(0)       else {
(0)         [noop] = noop
(0)       } # else = noop
(0)     } # policy remove_reply_message_if_eap = noop
(0)   } # Post-Auth-Type REJECT = updated
(0) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type =                                                                                                                                                              Reject): [test at dsl.dido.ca/testing123testing] (from client localhost port 0)
(0) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(0) Sending delayed response
(0) Sent Access-Reject Id 49 from 127.0.0.1:1812 to 127.0.0.1:52226 length 20
Waking up in 3.9 seconds.
(0) Cleaning up request packet ID 49 with timestamp +257
Ready to process requests

-----Original Message-----
From: Matthew Newton <mcn at freeradius.org> 
Sent: Saturday, August 24, 2019 10:51 AM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>; gilbertrebeiro at gmail.com; 'FreeRadius users mailing list' <freeradius-users at lists.freeradius.org>
Subject: RE: Auth: (24) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject):

On 24 August 2019 15:43:24 BST, gilbertrebeiro at gmail.com wrote:
>Just so I don’t post anything stupid.
>What in the output needs to be masked?
>IP addresses secrets etc?

FreeRADIUS hides configured secrets in the output already.

The more you chop out, the more irritating it is for people trying to help you as they have to keep asking for more information or are left guessing. Level of irritation is inversely proportional to the amount of help you're likely to get...


-- 
Matthew




More information about the Freeradius-Users mailing list