Requests being rejected with "Invalid user"

Alan DeKok aland at deployingradius.com
Sat Dec 5 14:56:14 CET 2020


On Dec 4, 2020, at 7:25 PM, Dan M <dan.red.beard at gmail.com> wrote:
>>  Sure.  Sounds like a DB connection issue, TBH.
> 
> Not using a DB. 

  Well, some *external* connectivity issue.  The server doesn't just randomly start rejecting users.  How would that even happen?

> We are using python to make a web service call as part of authorize.

  So... connecting to an external system.

> Python log has nothing for these requests.
> So I'm five nines confident it isn't getting that far.
> Python makes the webservice call which actually does the authentication,
> and if it succeeds, sets the cleartext password to the password in the request and lets pap (the only thing in authentication section, handle the reply)
> If it fails, it returns configTuple = (('Auth-Type', "Reject"),)> 

  You can just set "Auth-Type = Accept", you don't need to use the PAP module.   But whatever.

> The point was it's getting rejected by something I didn't write and isn't reaching the thing I did.
> I left all of these in place and haven't changed any of the files.
> Authorize {
> filter_username
> preprocess
> auth_log
> suffix
> expiration
> logintime
> python
> pap
> }

  There's really nothing there which will randomly cause the server to reject users.  I've never seen this anywhere else.  Including other production systems, and lab tests running millions of packets through the server.

  Alan DeKok.




More information about the Freeradius-Users mailing list