Hi all,
Would anyone have an idea why rlm_unix would authenticate successful on the
first attempt then subsequent attempts it would report "not found" for ANY
user?
I am depending on the system NSS libraries and not direct reading of the
/etc/passwd. All my other daemons (ftp, POP, etc) work perfectly with NSS
and freeradius was also for the last 2 months until about 2:00am last
night...I could not locate anything special that happened then...I didn't
even see a HUP.
When monitoring the NSS calls I see freeradius asking for getpwnam() once
and a successful reply, the next request from freeradius I see a getpwnam()
and a reply of "not found"...for the same user. All subsequent getpwnam()
requests report not found until radius is restarted.
I know something HAD to happen last night at 2:00am to make this stop
working...however I cannot locate any changes.
Anyone got any ideas??...please??...;)
-Dave
/etc/raddb/user
--Matched Entry--
username Auth-Type := System
Idle-Timeout = 1800,
Session-Timeout = 28800
# /usr/local/sbin/radiusd -A -f -X -y -z -p 1645
reread_config: reading radiusd.conf
Config: including file: /etc/radius/proxy.conf
Config: including file: /etc/radius/clients.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log"
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 8
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1645
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/radiusd.pid"
main: bind_address = x.x.x.x IP address [x.x.x.x]
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "before"
main: lower_pass = "no"
main: nospace_user = "before"
main: nospace_pass = "before"
main: proxy_requests = no
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = no
proxy: dead_time = 120
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/radius/huntgroups"
preprocess: hints = "/etc/radius/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded files
files: usersfile = "/etc/radius/users"
files: acctusersfile = "/etc/radius/acct_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = "/var/log/rad_%{Client-IP-Address}.log"
detail: detailperm = 384
detail: dirperm = 493
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radutmp"
radutmp: username = "%{User-Name}"
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address x.x.x.x, ports 1645/udp and 1646/udp.
Ready to process requests.
rad_recv: Access-Request packet from host x.x.x.x:2923, id=78, length=56
User-Name = "username"
Password = "xxxx
rad_lowerpair: User-Name now 'username'
rad_rmspace_pair: User-Name now 'username'
rad_rmspace_pair: Password now 'xxxx'
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
users: Matched username at 47
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
modcall[authenticate]: module "unix" returns ok
modcall: group authenticate returns ok
radius_xlat: '/etc/radius/acct_exec'
Exec-Program: /etc/radius/acct_exec
Exec-Program: returned: 0
Login OK: [username/xxxxxx] (from nas UNKNOWN-NAS port 0)
Sending Access-Accept of id 78 to x.x.x.x:2923
Ascend-Client-Primary-DNS = x.x.x.x
Ascend-Client-Secondary-DNS = x.x.x.x
Idle-Timeout = 1800
Session-Timeout = 28800
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 9 seconds...
rad_recv: Access-Request packet from host x.x.x.x:2924, id=79, length=56
User-Name = "username"
Password = "xxxx
rad_lowerpair: User-Name now 'username'
rad_rmspace_pair: User-Name now 'username'
rad_rmspace_pair: Password now 'xxxx'
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
users: Matched username at 47
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
modcall[authenticate]: module "unix" returns notfound
modcall: group authenticate returns notfound
auth: Failed to validate the user.
Login incorrect: [username/xxxxxx] (from nas UNKNOWN-NAS port 0)
Sending Access-Reject of id 79 to x.x.x.x:2924
Ascend-Client-Primary-DNS = x.x.x.x
Ascend-Client-Secondary-DNS = x.x.x.x
Finished request 1
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
