Thanks Alan.
My previous test is tested with chap.
but when I tested with pap, result is different from chap's.
What I sent radius attributes is blow.(password is incorrect)
---------------------------------------------
User-Name = "test"
User-Password = "test0"
NAS-Port = 1
NAS-IP-Address = 192.168.100.20
Framed-Protocol = PPP
Service-Type = Framed-User
NAS-Port-Type = ISDN
Acct-Session-Id = "123124"
Calling-Station-Id = "00000000"
---------------------------------------------
So no "VSA" are in Access-Reject.
---------------------------------------------------
debug log
Debug: Processing the authorize section of radiusd.conf
Debug: modcall: entering group authorize for request 0
Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0
Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0
Debug: modcall[authorize]: module "preprocess" returns ok for request 0
Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0
Debug: rlm_eap: No EAP-Message, not doing EAP
Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0
Debug: modcall[authorize]: module "eap" returns noop for request 0
Debug: modcall: entering group group for request 0
Debug: modsingle[authorize]: calling files (rlm_files) for request 0
Debug: modsingle[authorize]: returned from files (rlm_files) for request 0
Debug: modcall[authorize]: module "files" returns notfound for request 0
Debug: modsingle[authorize]: calling sql (rlm_sql) for request 0
Debug: radius_xlat: 'test'
<snip>
Debug: Waking up in 1 seconds...
Debug: --- Walking the entire request list ---
Sending Access-Reject of id 18 to 192.168.100.20:1662
---------------------------------------------------
my users file
test Auth-Type := Local, Password == "test", Calling-Station-Id == "00000000"
User-Service = Framed-User ,
Framed-Protocol = PPP ,
Framed-IP-Address = 10.0.0.1 ,
Framed-IP-Netmask = 255.255.255.255 ,
Ascend-Idle-Limit = 600 ,
Ascend-Data-Filter = "ip in forward dstip 10.0.1.0/24" ,
Ascend-Data-Filter += "ip in forward dstip 172.16.1.0/24" ,
Ascend-Data-Filter += "ip in drop dstip 0.0.0.0" ,
Ascend-Data-Filter += "ip out forward"
---------------------------------------------------
I wonder this result and check both logs(used chap,pap).
When I used chap, rlm_files returned "ok".
When I used pap, rlm_files returned "notfound".
Do these mean following thing?
1. If I use chap and recive incorrect password,
password is incorrect.
2. If I use pap and recice incorrect password,
user not found(not password incorrect).
3. So no VSA is in Access-Reject when pap is used.
---------
log used chap
Debug: modcall: entering group group for request 0
Debug: modsingle[authorize]: calling files (rlm_files) for request 0
Debug: users: Matched test at 93
Debug: modsingle[authorize]: returned from files (rlm_files) for request 0
Debug: modcall[authorize]: module "files" returns ok for request 0
---------
log used pap
Debug: modcall: entering group group for request 1
Debug: modsingle[authorize]: calling files (rlm_files) for request 1
Debug: modsingle[authorize]: returned from files (rlm_files) for request 1
Debug: modcall[authorize]: module "files" returns notfound for request 1
---------
sorry for my poor english.
regards.
On Wed, 19 May 2004 12:49:59 -0400
"Alan DeKok" <[EMAIL PROTECTED]> wrote:
> 4 woods <[EMAIL PROTECTED]> wrote:
> > When password is incorrect, debug logs are next.
> > "VSA" are sent with "Access-Reject"
> > Is this behavior correct?
>
> Yes.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
baffy200y <[EMAIL PROTECTED]>
__________________________________________________
Do You Yahoo!?
http://bb.yahoo.co.jp/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
