Thanks Alan. My previous test is tested with chap. but when I tested with pap, result is different from chap's.
What I sent radius attributes is blow.(password is incorrect) --------------------------------------------- User-Name = "test" User-Password = "test0" NAS-Port = 1 NAS-IP-Address = 192.168.100.20 Framed-Protocol = PPP Service-Type = Framed-User NAS-Port-Type = ISDN Acct-Session-Id = "123124" Calling-Station-Id = "00000000" --------------------------------------------- So no "VSA" are in Access-Reject. --------------------------------------------------- debug log Debug: Processing the authorize section of radiusd.conf Debug: modcall: entering group authorize for request 0 Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Debug: rlm_eap: No EAP-Message, not doing EAP Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Debug: modcall[authorize]: module "eap" returns noop for request 0 Debug: modcall: entering group group for request 0 Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Debug: modcall[authorize]: module "files" returns notfound for request 0 Debug: modsingle[authorize]: calling sql (rlm_sql) for request 0 Debug: radius_xlat: 'test' <snip> Debug: Waking up in 1 seconds... Debug: --- Walking the entire request list --- Sending Access-Reject of id 18 to 192.168.100.20:1662 --------------------------------------------------- my users file test Auth-Type := Local, Password == "test", Calling-Station-Id == "00000000" User-Service = Framed-User , Framed-Protocol = PPP , Framed-IP-Address = 10.0.0.1 , Framed-IP-Netmask = 255.255.255.255 , Ascend-Idle-Limit = 600 , Ascend-Data-Filter = "ip in forward dstip 10.0.1.0/24" , Ascend-Data-Filter += "ip in forward dstip 172.16.1.0/24" , Ascend-Data-Filter += "ip in drop dstip 0.0.0.0" , Ascend-Data-Filter += "ip out forward" --------------------------------------------------- I wonder this result and check both logs(used chap,pap). When I used chap, rlm_files returned "ok". When I used pap, rlm_files returned "notfound". Do these mean following thing? 1. If I use chap and recive incorrect password, password is incorrect. 2. If I use pap and recice incorrect password, user not found(not password incorrect). 3. So no VSA is in Access-Reject when pap is used. --------- log used chap Debug: modcall: entering group group for request 0 Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Debug: users: Matched test at 93 Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Debug: modcall[authorize]: module "files" returns ok for request 0 --------- log used pap Debug: modcall: entering group group for request 1 Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Debug: modcall[authorize]: module "files" returns notfound for request 1 --------- sorry for my poor english. regards. On Wed, 19 May 2004 12:49:59 -0400 "Alan DeKok" <[EMAIL PROTECTED]> wrote: > 4 woods <[EMAIL PROTECTED]> wrote: > > When password is incorrect, debug logs are next. > > "VSA" are sent with "Access-Reject" > > Is this behavior correct? > > Yes. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- baffy200y <[EMAIL PROTECTED]> __________________________________________________ Do You Yahoo!? http://bb.yahoo.co.jp/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html