Hi all, I am struggling with this issue right now. I have installed a JRadius module on FreeRadius 1.1.0 , and made FreeRadius to call the Jradius module in post-auth section. The Jradius handler is supposed to replace the access-accept packet obtained from prior authentication with a access-challenge packet. My logs show that rlm_jradius has correctly return FreeRadius an Access-challenge module, with code 11. However, Freeradius still returns an Access-accept to the client (which is an radtest program). Does anyone know what is the possible reason? Or maybe someone can enlighten me as which part of the freeradius code is actually handling this portion, so I can take a look?
following is the debug output of freeradius: (the dashed line and below are of the primary concern) Thank you very much? rad_recv: Access-Request packet from host 127.0.0.1:4820, id=197, length=64 User-Name = "hellouser123" User-Password = "[EMAIL PROTECTED]" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Wed Apr 5 11:51:50 2006 : Debug: Processing the authorize section of radiusd.conf Wed Apr 5 11:51:50 2006 : Debug: modcall: entering group authorize for request 0 Wed Apr 5 11:51:50 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Wed Apr 5 11:51:50 2006 : Error: Invalid operator for item Suffix: reverting to '==' Wed Apr 5 11:51:50 2006 : Error: Invalid operator for item Suffix: reverting to '==' Wed Apr 5 11:51:50 2006 : Error: Invalid operator for item Suffix: reverting to '==' Wed Apr 5 11:51:50 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Wed Apr 5 11:51:50 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Wed Apr 5 11:51:50 2006 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: - authorize Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: performing user authorization for hellouser123 Wed Apr 5 11:51:50 2006 : Debug: radius_xlat: '(&(cn=hellouser123)(objectclass=user))' Wed Apr 5 11:51:50 2006 : Debug: radius_xlat: 'cn=Users,dc=hellotechnology,dc=com' Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: attempting LDAP reconnection Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: (re)connect to 10.26.1.202:389, authentication 0 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: bind as cn=krazy,cn=Users,dc=hellotechnology,dc=com/welcome123 to 10.26.1.202:389 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: waiting for bind result ... Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: Bind was successful Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: performing search in cn=Users,dc=hellotechnology,dc=com, with filter (&(cn=hellouser123)(objectclass=user)) Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: checking if remote access for hellouser123 is allowed by msNPAllowDialin Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: looking for check items in directory ... Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: looking for reply items in directory... Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: user hellouser123 authorized to use remote access Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Apr 5 11:51:50 2006 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Wed Apr 5 11:51:50 2006 : Debug: modcall[authorize]: module "ldap" returns ok for request 0 Wed Apr 5 11:51:50 2006 : Debug: modcall: leaving group authorize (returns ok) for request 0 Wed Apr 5 11:51:50 2006 : Debug: rad_check_password: Found Auth-Type ldap Wed Apr 5 11:51:50 2006 : Debug: auth: type "LDAP" Wed Apr 5 11:51:50 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Apr 5 11:51:50 2006 : Debug: modcall: entering group LDAP for request 0 Wed Apr 5 11:51:50 2006 : Debug: modsingle[authenticate]: calling ldap (rlm_ldap) for request 0 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: - authenticate Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: login attempt by "hellouser123" with password "[EMAIL PROTECTED]" Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: user DN: CN=hellouser123,CN=Users,DC=HelloTechnology,DC=com Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: (re)connect to 10.26.1.202:389, authentication 1 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: bind as CN=hellouser123,CN=Users,DC=HelloTechnology,DC=com/[EMAIL PROTECTED] to 10.26.1.202:389 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: waiting for bind result ... Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: Bind was successful Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: user hellouser123 authenticated succesfully Wed Apr 5 11:51:50 2006 : Debug: modsingle[authenticate]: returned from ldap (rlm_ldap) for request 0 Wed Apr 5 11:51:50 2006 : Debug: modcall[authenticate]: module "ldap" returns ok for request 0 Wed Apr 5 11:51:50 2006 : Debug: modcall: leaving group LDAP (returns ok) for request 0 Wed Apr 5 11:51:50 2006 : Debug: Processing the post-auth section of radiusd.conf Wed Apr 5 11:51:50 2006 : Debug: modcall: entering group post-auth for request 0 Wed Apr 5 11:51:50 2006 : Debug: modsingle[post-auth]: calling jradius (rlm_jradius) for request 0 Wed Apr 5 11:51:50 2006 : Error: rlm_jradius: could not connect to 127.0.0.1:1814 Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: packing attribute User-Name (type: 1; len: 12) Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: packing attribute User-Password (type: 2; len: 8) Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: packing attribute NAS-IP-Address (type: 4; len: 4) Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: packing attribute NAS-Port (type: 5; len: 4) Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: packing attribute Client-IP-Address (type: 1052; len: 4) Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: packing attribute Ldap-UserDn (type: 1053; len: 50) Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: packing packet with code: 1 (attr length: 154) Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: packing packet with code: 2 (attr length: 0) Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: packing attribute Auth-Type (type: 1000; len: 4) Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: sending 201 bytes to jradius server Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: return code 2; receiving 2 packets Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: reading packet: code=1 len=154 Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: reading attribute: type=1; len=12 Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: reading attribute: type=2; len=8 Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: reading attribute: type=4; len=4 Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: reading attribute: type=5; len=4 Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: reading attribute: type=1052; len=4 Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: reading attribute: type=1053; len=50 --------------------------------------------------------- Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: reading packet: code=11 len=37 Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: reading attribute: type=18; len=25 Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: reading request: config_item: len=16 Wed Apr 5 11:51:50 2006 : Debug: rlm_jradius: reading attribute: type=1000; len=4 Wed Apr 5 11:51:50 2006 : Debug: modsingle[post-auth]: returned from jradius (rlm_jradius) for request 0 Wed Apr 5 11:51:50 2006 : Debug: modcall[post-auth]: module "jradius" returns ok for request 0 Wed Apr 5 11:51:50 2006 : Debug: modcall: leaving group post-auth (returns ok) for request 0 Sending Access-Accept of id 197 to 127.0.0.1 port 4820 Reply-Message = "Please input SMS password" Wed Apr 5 11:51:50 2006 : Debug: Finished request 0 Wed Apr 5 11:51:50 2006 : Debug: Going to the next request Wed Apr 5 11:51:50 2006 : Debug: --- Walking the entire request list --- Wed Apr 5 11:51:50 2006 : Debug: Waking up in 6 seconds... Wed Apr 5 11:51:56 2006 : Debug: --- Walking the entire request list --- Wed Apr 5 11:51:56 2006 : Debug: Cleaning up request 0 ID 197 with timestamp 44333ed6 Wed Apr 5 11:51:56 2006 : Debug: Nothing to do. Sleeping until we see a request. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html