Hello,
I just upgraded a machine from the 0.9.3 Debian package to 1.0.0.
Everything seemed to work smoothly, but upon closer inspection it
started to give login failures for _some_ accounts. I've been unable
to determine what causes this, as other accounts in the same realm
kept on working fine. Another 0.9.3 server using the same configs
continues to work fine.
I did a quick check of the few config files that changed between
those two versions and recreated the appropriate 1.0.0 proxy.conf
and radius.conf files with the local setting here, but no joy.
So I did the freerad -X dance, results below. Note that the
users file is a massive Cistron type file (compat=cistron is
set and with -x or -X you can see it doing a nice conversion dance).
That file is 14MB and yes, a better solution (LDAP) is in the works
but the pace of that project is snail like and out of my control.
Note that both replaced passwords are 8 chars long, nothing special...
First a working example:
---
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32787, id=1, length=76
User-Name = "[EMAIL PROTECTED]"
User-Password = "somepass"
NAS-IP-Address = 255.255.255.255
NAS-Port = 22
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Looking up realm "airh.vips.gol.com" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "airh.vips.gol.com"
rlm_realm: Proxying request from user hidden1 to realm airh.vips.gol.com
rlm_realm: Adding Realm = "airh.vips.gol.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched [EMAIL PROTECTED] at 198024
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [EMAIL PROTECTED]/somepass] (from client localhost port 22)
Sending Access-Accept of id 1 to 127.0.0.1:32787
Service-Type = Framed-User
Framed-IP-Netmask = 255.255.255.255
Framed-IP-Address = 255.255.255.254
Framed-Protocol = PPP
Finished request 0
---
And now the broken one. The record for that user is in the same users
file as the previous one, of course.
---
rad_recv: Access-Request packet from host 127.0.0.1:32787, id=233, length=78
User-Name = "[EMAIL PROTECTED]"
User-Password = "somepass"
NAS-IP-Address = 255.255.255.255
NAS-Port = 22
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: Looking up realm "airh.vips.gol.com" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "airh.vips.gol.com"
rlm_realm: Proxying request from user hidden2 to realm airh.vips.gol.com
rlm_realm: Adding Realm = "airh.vips.gol.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
radius_xlat: 'v2004-09-01-17.30.00.000000cRb8C'
modcall[authorize]: module "files" returns notfound for request 1
modcall: group authorize returns ok for request 1
auth: No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
auth: Failed to validate the user.
Login incorrect: [EMAIL PROTECTED]/somepass] (from client localhost port 22)
Delaying request 1 for 1 seconds
Finished request 1
---
So what the heck does:
radius_xlat: 'v2004-09-01-17.30.00.000000cRb8C'
tell me and how do I fix this???
Thanks a lot for any input,
Christian Balzer
--
Christian Balzer Network/Systems Engineer NOC
[EMAIL PROTECTED] Global OnLine Japan/Fusion Network Services
http://www.gol.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
