Jason Frisvold wrote:
On Apr 4, 2005 2:30 PM, Greg Swift <[EMAIL PROTECTED]> wrote:rad_recv: Access-Request packet from host 64.238.139.2:7016, id=188, length=104
I was working on my system, and to be honest I had never really tried to
verify if my "disabled" users group worked properly. Then this morning
I shutdown a user that was spamming, and put them in that group, and
they were back online a minute later... I was very confused at this
point. The logs show Accepted, but still return the Rejected error.
Can you post a snippet of the log??
User-Name = "xwulff"
CHAP-Password =
NAS-IP-Address = 64.238.139.2
NAS-Port = 2154
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
State = 0x
Acct-Session-Id = "448813778"
X-Ascend-Data-Rate = 21600
X-Ascend-Xmit-Rate = 52000
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 38
modcall[authorize]: module "preprocess" returns ok for request 38
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 38
modcall[authorize]: module "mschap" returns noop for request 38
rlm_realm: No '@' in User-Name = "xwulff", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "xwulff"
rlm_realm: Proxying request from user xwulff to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 38
radius_xlat: 'xwulff'
rlm_sql (sql): sql_set_user escaped user --> 'xwulff'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'xwulff' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WH$
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'xwulff' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WH$
rlm_sql (sql): Checking profile disabled
rlm_sql (sql): sql_set_user escaped user --> 'disabled'
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WH$
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WH$
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 38
modcall: group authorize returns ok for request 38
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 38
rlm_chap: login attempt by "xwulff" with CHAP password
rlm_chap: Using clear text password jc6awzy for user xwulff authentication.
rlm_chap: chap user xwulff authenticated succesfully
modcall[authenticate]: module "chap" returns ok for request 38
modcall: group Auth-Type returns ok for request 38
radius_xlat: 'This feature is not enabled for this userid'
Sending Access-Accept of id 188 to 64.238.139.2:7016
Reply-Message = "This feature is not enabled for this userid"
Ascend-Maximum-Channels := 0
Finished request 38
I tried editing the Defaults in the users file on the off chance that that affected things.But I am at a loss as to what the actual solution was... I've tried
implementing numerous different methods, but am still not able to reject
users.
What method have you implemented thus far?
I set the name of the Default profile in sql.conf to my disabled group
I tried different operators on the Auth-Type on the disabled profile.
I know SELinux can be a bear, but I also know I can work past it (or atleast have so far). But what is your warning about mysql? I want it installed (okay, maybe not local server, but common and client).I am running a non-rpm free-radius1.0.0-pre3 install on rhel3 (yes, I
know there is newer, and I am getting ready to change to rhel4 so I can
just use their packages).
Be careful moving to RHEL 4.0 .. :) MySQL installed automatically on
me.. had to back it out and put in the original version I had ... :)
SELinux can be fun too..
-Greg
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
