when I run radiusd -X I see on sysout (but not in the
logs):
...
rlm_ldap: user 085407 authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "B-level_users" returns
ok for request 1
modcall: group Autz-Type returns ok for request 1
rad_check_password: Found Auth-Type Kerberos
auth: type "Kerberos"
modcall: entering group authenticate for request 1
rlm_krb5: [085407] krb5_g_i_t_w_p failed:
Preauthentication failed
modcall[authenticate]: module "krb5" returns reject
for request 1
modcall: group authenticate returns reject for request 1
auth: Failed to validate the user.
Login incorrect: [085407/anything] (from client
auth1.ds.lanl.gov port 0)
Sending Access-Reject of id 34 to 128.165.47.2:33293
Finished request 1
Going to the next request
--- Walking the entire request list ---
and
[EMAIL PROTECTED] /root]# radclient -xs radius.ds.lanl.gov
auth justaTest
User-Name = 085407
User-password = anything
Sending Access-Request of id 34 to 128.165.47.2:1812
User-Name = "085407"
User-Password = "anything"
rad_recv: Access-Reject packet from host
128.165.47.2:1812, id=34, length=20
[EMAIL PROTECTED] /root]# tail /var/log/radius/radius.log
Wed Jan 7 17:20:07 2004 : Info: Ready to process
requests.
Thu Jan 8 17:23:47 2004 : Auth: rlm_krb5: krb5_init ok
Thu Jan 8 17:23:47 2004 : Info: Ready to process
requests.
Mon Jan 12 13:43:36 2004 : Auth: rlm_krb5: [900777]
krb5_g_i_t_w_p failed: Client not found in Kerberos
database
Mon Jan 12 13:43:36 2004 : Auth: Login incorrect
(rlm_ldap: User not found): [900777/testok] (from
client auth1.ds.lanl.gov port 1235)
Mon Jan 12 13:44:21 2004 : Auth: rlm_krb5: [085407]
krb5_g_i_t_w_p failed: Client not found in Kerberos
database
Mon Jan 12 13:44:21 2004 : Auth: Login incorrect:
[085407/testok] (from client auth1.ds.lanl.gov port
1235)
Mon Jan 12 16:30:31 2004 : Error: rlm_ldap:
ldap_search() failed: LDAP connection lost.
Mon Jan 12 16:30:31 2004 : Info: rlm_ldap: Attempting
reconnect
Mon Jan 12 16:30:32 2004 : Auth: Login OK:
[085407/041-0012] (from client auth1.ds.lanl.gov port
0)
[EMAIL PROTECTED] /root]#
> The details on the setup I quoted,
>
> On one of our test servers I built freeradius 0.9.3
> like so..
>
> untar tarball (tar -zxvf free*)
> cd free*
> ./configure --localstatedir=/var --sysconfdir=/etc
> make
> make install
>
> this built freeradius and installed all the freeradius
> bits into the
> default locations with a default setup.
>
> I then did the following modifications to the files is
> /etc/raddb
>
> clients.conf
> comment out localhost entry
> add client stanza for each test machine
> client xxx.xxx.xxx.xx { <-- in config I put real
> ip
> secret = test4321
> shortname = webfe
> nastype = other
> }
>
> radiusd.conf
> log_auth = yes
> log_auth_badpass = yes
> log_auth_goodpass = yes
>
> Then I started freeradius by /usr/local/sbin/radiusd
> -p 1645
>
> I then used NTradPing to do testing. I got the
> following in my
> /var/log/radius/radius.log file
>
> Mon Jan 12 11:35:57 2004 : Auth: rlm_unix: [username]:
> invalid password
> Mon Jan 12 11:35:57 2004 : Auth: Login incorrect:
> [username/badpass]
> (from client webfe port 0)
> Mon Jan 12 11:36:24 2004 : Auth: Login OK:
> [username/goodpass] (from
> client webfe port 0)
>
> Hope this helps.
>
> Robert Causey
> iMedia Associates
>
>
>
>
> [EMAIL PROTECTED] wrote:
>
>> What version? and how are you running radiusd? I saw
>> the problem with 0.9.3 and running with radiusd -X,
>> but haven't looked into why yet.
>>
>>
>>> > Then this will go to /var/log/radius.log ?
>>>
>>>Yes.
>>>
>>>Robert Causey
>>>iMedia Associates
>>>
>>>
>>>
>>>-
>>>List info/subscribe/unsubscribe? See
>>>http://www.freeradius.org/list/users.html
>>>
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
