Hi all,
Would anyone have an idea why rlm_unix would authenticate successful on the first attempt then subsequent attempts it would report "not found" for ANY user? I am depending on the system NSS libraries and not direct reading of the /etc/passwd. All my other daemons (ftp, POP, etc) work perfectly with NSS and freeradius was also for the last 2 months until about 2:00am last night...I could not locate anything special that happened then...I didn't even see a HUP. When monitoring the NSS calls I see freeradius asking for getpwnam() once and a successful reply, the next request from freeradius I see a getpwnam() and a reply of "not found"...for the same user. All subsequent getpwnam() requests report not found until radius is restarted. I know something HAD to happen last night at 2:00am to make this stop working...however I cannot locate any changes. Anyone got any ideas??...please??...;) -Dave /etc/raddb/user --Matched Entry-- username Auth-Type := System Idle-Timeout = 1800, Session-Timeout = 28800 # /usr/local/sbin/radiusd -A -f -X -y -z -p 1645 reread_config: reading radiusd.conf Config: including file: /etc/radius/proxy.conf Config: including file: /etc/radius/clients.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log" main: libdir = "/usr/local/lib" main: radacctdir = "/var/log" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 8 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1645 main: allow_core_dumps = no main: log_stripped_names = yes main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/var/run/radiusd.pid" main: bind_address = x.x.x.x IP address [x.x.x.x] main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "before" main: lower_pass = "no" main: nospace_user = "before" main: nospace_pass = "before" main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = no proxy: dead_time = 120 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "/etc/radius/huntgroups" preprocess: hints = "/etc/radius/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded files files: usersfile = "/etc/radius/users" files: acctusersfile = "/etc/radius/acct_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/rad_%{Client-IP-Address}.log" detail: detailperm = 384 detail: dirperm = 493 Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address x.x.x.x, ports 1645/udp and 1646/udp. Ready to process requests. rad_recv: Access-Request packet from host x.x.x.x:2923, id=78, length=56 User-Name = "username" Password = "xxxx rad_lowerpair: User-Name now 'username' rad_rmspace_pair: User-Name now 'username' rad_rmspace_pair: Password now 'xxxx' modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok users: Matched username at 47 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate modcall[authenticate]: module "unix" returns ok modcall: group authenticate returns ok radius_xlat: '/etc/radius/acct_exec' Exec-Program: /etc/radius/acct_exec Exec-Program: returned: 0 Login OK: [username/xxxxxx] (from nas UNKNOWN-NAS port 0) Sending Access-Accept of id 78 to x.x.x.x:2923 Ascend-Client-Primary-DNS = x.x.x.x Ascend-Client-Secondary-DNS = x.x.x.x Idle-Timeout = 1800 Session-Timeout = 28800 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 9 seconds... rad_recv: Access-Request packet from host x.x.x.x:2924, id=79, length=56 User-Name = "username" Password = "xxxx rad_lowerpair: User-Name now 'username' rad_rmspace_pair: User-Name now 'username' rad_rmspace_pair: Password now 'xxxx' modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok users: Matched username at 47 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate modcall[authenticate]: module "unix" returns notfound modcall: group authenticate returns notfound auth: Failed to validate the user. Login incorrect: [username/xxxxxx] (from nas UNKNOWN-NAS port 0) Sending Access-Reject of id 79 to x.x.x.x:2924 Ascend-Client-Primary-DNS = x.x.x.x Ascend-Client-Secondary-DNS = x.x.x.x Finished request 1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html