eOn Mon, 23 Sep 2013 at 17:52, Phil Mayers opined: PM:It's difficult to say, because the debug you sent has all the useful PM:bits trimmed out - like the original packet, and the full module PM:processing chain.
hi phil - ok, here's the full debug for a successful request: rad_recv: Access-Request packet from host x.x.x.x port 1812, id=37, length=133 User-Name = "test" User-Password = "testing" User-Password = "testing" NAS-IP-Address = x.x.x.x NAS-Identifier = "x.x.x.x" NAS-Port = 2561 Acct-Session-Id = "167773864" Service-Type = Login-User Calling-Station-Id = "xxxxxxxxxx" Called-Station-Id = "xxxxxxx" NAS-Port-Type = Async # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry test at line 1 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "testing" [pap] Using clear text password "testing" [pap] User authenticated successfully ++[pap] returns ok # Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 37 to x.x.x.x port 1812 Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 2 ID 37 with timestamp +676 and here's the full output of a failed request: Ready to process requests. rad_recv: Access-Request packet from host x.x.x.x port 1812, id=35, length=121 User-Name = "test" User-Password = "testing" NAS-IP-Address = x.x.x.x NAS-Identifier = "x.x.x.x" NAS-Port = 2561 Acct-Session-Id = "167773862" Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "xxxxxxxxxx" Called-Station-Id = "xxxxxxx" NAS-Port-Type = Async # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> test attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 35 to 64.214.93.3 port 1812 Waking up in 4.9 seconds. Cleaning up request 0 ID 35 with timestamp +361 from what i can see, the successful request finds the user's entry in the user table, but the failed request doesn't (and uses DEFAULT instead). but the usernames passed in seem to be the same. i don't know, we've used freeradius for years and this is the 1st time i'm having a problem. weird. regards, paul - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html