Link to home
Start Free TrialLog in
Avatar of iaroot
iaroot

asked on

freeradius user login problem

from /etc/raddb/users

test2@xyz.com Cleartext-Password := "pass2"

from /etc/raddbb/proxy.conf

realm medsign.com {
nostrip
}

from radius -X

Ready to process requests.
rad_recv: Access-Request packet from host 64.136.173.11 port 8282, id=47, length=205
        User-Name = "test2@medsign.com"
        User-Password = "pass2"
        NAS-IP-Address = 63.215.29.155
        NAS-Port = 293
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Ascend-Data-Rate = 14400
        Ascend-Calling-Id-Type-Of-Num = Unknown
        Ascend-Calling-Id-Number-Plan = Unknown
        Ascend-Xmit-Rate = 14400
        Called-Station-Id = "2567124020"
        Calling-Station-Id = "2567127777"
        NAS-Identifier = "nas54.2ga1.Level3.net"
        Acct-Session-Id = "490017813"
        NAS-Port-Type = Async
        Ascend-NAS-Port-Format = 4
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "medsign.com" for User-Name = "test2@medsign.com"
[suffix] Found realm "medsign.com"
[suffix] Adding Realm = "medsign.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> test2@medsign.com
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 47 to 64.136.173.11 port 8282
Waking up in 4.9 seconds.
Cleaning up request 0 ID 47 with timestamp +42
Ready to process requests.


Avatar of iaroot
iaroot

ASKER

sorry - xyz.com = medsign.com
Avatar of iaroot

ASKER

Here is a successful transaction from a unix client
 
Ready to process requests.
rad_recv: Access-Request packet from host 64.136.164.52 port 8282, id=35, length=104
        User-Name = "test2@medsign.com"
        Service-Type = Framed-User
        NAS-IP-Address = 0.0.0.0
        NAS-Port = 1
        Called-Station-Id = "123456789"
        Calling-Station-Id = "0987654321"
        NAS-Port-Type = Async
        User-Password = "pass2"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "medsign.com" for User-Name = "test2@medsign.com"
[suffix] Found realm "medsign.com"
[suffix] Adding Realm = "medsign.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry test2@medsign.com at line 205
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "pass2"
[pap] Using clear text password "pass2"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 35 to 64.136.164.52 port 8282
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 35 with timestamp +49
Ready to process requests.
ASKER CERTIFIED SOLUTION
Avatar of noci
noci

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of iaroot

ASKER

Lines 172-174 - now commented out

DEFAULT        Framed-Protocol == PPP
       Framed-Protocol = PPP,
       Framed-Compression = Van-Jacobson-TCP-IP