iaroot
asked on
freeradius user login problem
from /etc/raddb/users
test2@xyz.com Cleartext-Password := "pass2"
from /etc/raddbb/proxy.conf
realm medsign.com {
nostrip
}
from radius -X
Ready to process requests.
rad_recv: Access-Request packet from host 64.136.173.11 port 8282, id=47, length=205
User-Name = "test2@medsign.com"
User-Password = "pass2"
NAS-IP-Address = 63.215.29.155
NAS-Port = 293
Service-Type = Framed-User
Framed-Protocol = PPP
Ascend-Data-Rate = 14400
Ascend-Calling-Id-Type-Of- Num = Unknown
Ascend-Calling-Id-Number-P lan = Unknown
Ascend-Xmit-Rate = 14400
Called-Station-Id = "2567124020"
Calling-Station-Id = "2567127777"
NAS-Identifier = "nas54.2ga1.Level3.net"
Acct-Session-Id = "490017813"
NAS-Port-Type = Async
Ascend-NAS-Port-Format = 4
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "medsign.com" for User-Name = "test2@medsign.com"
[suffix] Found realm "medsign.com"
[suffix] Adding Realm = "medsign.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject ] expand: %{User-Name} -> test2@medsign.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reje ct] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 47 to 64.136.173.11 port 8282
Waking up in 4.9 seconds.
Cleaning up request 0 ID 47 with timestamp +42
Ready to process requests.
test2@xyz.com Cleartext-Password := "pass2"
from /etc/raddbb/proxy.conf
realm medsign.com {
nostrip
}
from radius -X
Ready to process requests.
rad_recv: Access-Request packet from host 64.136.173.11 port 8282, id=47, length=205
User-Name = "test2@medsign.com"
User-Password = "pass2"
NAS-IP-Address = 63.215.29.155
NAS-Port = 293
Service-Type = Framed-User
Framed-Protocol = PPP
Ascend-Data-Rate = 14400
Ascend-Calling-Id-Type-Of-
Ascend-Calling-Id-Number-P
Ascend-Xmit-Rate = 14400
Called-Station-Id = "2567124020"
Calling-Station-Id = "2567127777"
NAS-Identifier = "nas54.2ga1.Level3.net"
Acct-Session-Id = "490017813"
NAS-Port-Type = Async
Ascend-NAS-Port-Format = 4
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "medsign.com" for User-Name = "test2@medsign.com"
[suffix] Found realm "medsign.com"
[suffix] Adding Realm = "medsign.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reje
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 47 to 64.136.173.11 port 8282
Waking up in 4.9 seconds.
Cleaning up request 0 ID 47 with timestamp +42
Ready to process requests.
ASKER
Here is a successful transaction from a unix client
Ready to process requests.
rad_recv: Access-Request packet from host 64.136.164.52 port 8282, id=35, length=104
User-Name = "test2@medsign.com"
Service-Type = Framed-User
NAS-IP-Address = 0.0.0.0
NAS-Port = 1
Called-Station-Id = "123456789"
Calling-Station-Id = "0987654321"
NAS-Port-Type = Async
User-Password = "pass2"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "medsign.com" for User-Name = "test2@medsign.com"
[suffix] Found realm "medsign.com"
[suffix] Adding Realm = "medsign.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry test2@medsign.com at line 205
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "pass2"
[pap] Using clear text password "pass2"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 35 to 64.136.164.52 port 8282
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 35 with timestamp +49
Ready to process requests.
Ready to process requests.
rad_recv: Access-Request packet from host 64.136.164.52 port 8282, id=35, length=104
User-Name = "test2@medsign.com"
Service-Type = Framed-User
NAS-IP-Address = 0.0.0.0
NAS-Port = 1
Called-Station-Id = "123456789"
Calling-Station-Id = "0987654321"
NAS-Port-Type = Async
User-Password = "pass2"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "medsign.com" for User-Name = "test2@medsign.com"
[suffix] Found realm "medsign.com"
[suffix] Adding Realm = "medsign.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry test2@medsign.com at line 205
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "pass2"
[pap] Using clear text password "pass2"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 35 to 64.136.164.52 port 8282
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 35 with timestamp +49
Ready to process requests.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Lines 172-174 - now commented out
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
ASKER