when I run radiusd -X I see on sysout (but not in the logs): ... rlm_ldap: user 085407 authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "B-level_users" returns ok for request 1 modcall: group Autz-Type returns ok for request 1 rad_check_password: Found Auth-Type Kerberos auth: type "Kerberos" modcall: entering group authenticate for request 1 rlm_krb5: [085407] krb5_g_i_t_w_p failed: Preauthentication failed modcall[authenticate]: module "krb5" returns reject for request 1 modcall: group authenticate returns reject for request 1 auth: Failed to validate the user. Login incorrect: [085407/anything] (from client auth1.ds.lanl.gov port 0) Sending Access-Reject of id 34 to 128.165.47.2:33293 Finished request 1 Going to the next request --- Walking the entire request list ---
and [EMAIL PROTECTED] /root]# radclient -xs radius.ds.lanl.gov auth justaTest User-Name = 085407 User-password = anything Sending Access-Request of id 34 to 128.165.47.2:1812 User-Name = "085407" User-Password = "anything" rad_recv: Access-Reject packet from host 128.165.47.2:1812, id=34, length=20 [EMAIL PROTECTED] /root]# tail /var/log/radius/radius.log Wed Jan 7 17:20:07 2004 : Info: Ready to process requests. Thu Jan 8 17:23:47 2004 : Auth: rlm_krb5: krb5_init ok Thu Jan 8 17:23:47 2004 : Info: Ready to process requests. Mon Jan 12 13:43:36 2004 : Auth: rlm_krb5: [900777] krb5_g_i_t_w_p failed: Client not found in Kerberos database Mon Jan 12 13:43:36 2004 : Auth: Login incorrect (rlm_ldap: User not found): [900777/testok] (from client auth1.ds.lanl.gov port 1235) Mon Jan 12 13:44:21 2004 : Auth: rlm_krb5: [085407] krb5_g_i_t_w_p failed: Client not found in Kerberos database Mon Jan 12 13:44:21 2004 : Auth: Login incorrect: [085407/testok] (from client auth1.ds.lanl.gov port 1235) Mon Jan 12 16:30:31 2004 : Error: rlm_ldap: ldap_search() failed: LDAP connection lost. Mon Jan 12 16:30:31 2004 : Info: rlm_ldap: Attempting reconnect Mon Jan 12 16:30:32 2004 : Auth: Login OK: [085407/041-0012] (from client auth1.ds.lanl.gov port 0) [EMAIL PROTECTED] /root]# > The details on the setup I quoted, > > On one of our test servers I built freeradius 0.9.3 > like so.. > > untar tarball (tar -zxvf free*) > cd free* > ./configure --localstatedir=/var --sysconfdir=/etc > make > make install > > this built freeradius and installed all the freeradius > bits into the > default locations with a default setup. > > I then did the following modifications to the files is > /etc/raddb > > clients.conf > comment out localhost entry > add client stanza for each test machine > client xxx.xxx.xxx.xx { <-- in config I put real > ip > secret = test4321 > shortname = webfe > nastype = other > } > > radiusd.conf > log_auth = yes > log_auth_badpass = yes > log_auth_goodpass = yes > > Then I started freeradius by /usr/local/sbin/radiusd > -p 1645 > > I then used NTradPing to do testing. I got the > following in my > /var/log/radius/radius.log file > > Mon Jan 12 11:35:57 2004 : Auth: rlm_unix: [username]: > invalid password > Mon Jan 12 11:35:57 2004 : Auth: Login incorrect: > [username/badpass] > (from client webfe port 0) > Mon Jan 12 11:36:24 2004 : Auth: Login OK: > [username/goodpass] (from > client webfe port 0) > > Hope this helps. > > Robert Causey > iMedia Associates > > > > > [EMAIL PROTECTED] wrote: > >> What version? and how are you running radiusd? I saw >> the problem with 0.9.3 and running with radiusd -X, >> but haven't looked into why yet. >> >> >>> > Then this will go to /var/log/radius.log ? >>> >>>Yes. >>> >>>Robert Causey >>>iMedia Associates >>> >>> >>> >>>- >>>List info/subscribe/unsubscribe? See >>>http://www.freeradius.org/list/users.html >>> >> >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html