Re: EAP authentication stopped working
Hi, >My GUESS is that it's something as simple as disk full. Try "df -h" and >"df -i". yep. thats the most common error. check in your change log for any changes made to your system , check revision control for any changes, check your 'gold reference' 'radiusd -X' output against what it looks like now etc. if none of tht has changed then you'll need to look elsewhere - such as system patches that have been applied BUT, the obvious failure would be lack of diskspace. and the defauly bahaviour is if the auth etc cannot be logged then the authentication will fail (otherwise you wont have audit trails of the connection/usage) ...and then advice that you start putting system monitoring into place for such things. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: some error in log file
> WARNING: Module rlm_sql became unblocked for request 10526 > Error: WARNING: Unresponsive child for request 10561, in component authorize > module sql What oh what could the SQL client be waiting for... I think it's waiting for cake. Have you tried inserting a Gateaux into the cooling ducts of your RADIUS server? Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeeradius 3.0.0 issue
BALSIANOK, Peter wrote: > (3) ERROR: %{Called-Station-Id}.%{3GPP-SGSN-Address} > (3) ERROR:^ Invalid regex reference I've pushed a fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
some error in log file
Hi All i have some error in log file and i do not know what is the cause of this error ? Error: WARNING: Unresponsive child for request 10785, in component authorize module WARNING: Module rlm_sql became unblocked for request 10526 Error: WARNING: Unresponsive child for request 10583, in component authorize module Error: WARNING: Unresponsive child for request 10561, in component authorize module sql WARNING: Unresponsive child for request 7478, in component authorize module best regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP authentication stopped working
On Sat, May 4, 2013 at 3:24 PM, Peter Lambrechtsen wrote: > Why does auth_log return fail? > On May 4, 2013 8:04 PM, "larry tembu" wrote: > >> a few weeks ago, the configuration was working and authenticating, but it >> suddenly stopped. >> > > [auth_log] expand: >> /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> >> /var/log/radius/radacct/11.0.0.205/auth-detail-20130501 >> [auth_log] >> /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to >> /var/log/radius/radacct/11.0.0.205/auth-detail-20130501 >> [auth_log] expand: %t -> Wed May 1 17:46:27 2013 >> ++[auth_log] returns fail >> Using Post-Auth-Type REJECT >> > My GUESS is that it's something as simple as disk full. Try "df -h" and "df -i". -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP authentication stopped working
Why does auth_log return fail? On May 4, 2013 8:04 PM, "larry tembu" wrote: > Hi Freeradius users, > i have FR freeradius-2.2.0-0.fc17.i686 set up on fedora 17 machine. the > wimax clients are supplying EAPttls Mschapv2 for authentication. a few > weeks ago, the configuration was working and authenticating, but it > suddenly stopped. the users are created in the users file and below is the > radiusd -X output. any more info required will be promptly provided. could > someone help me out on this? the wimax system is 4M alvarion and the CPe > are well configured. > ignore_null = no > } > Module: Checking accounting {...} for more modules to load > Module: Instantiating module "detail" from file /etc/raddb/modules/detail > detail { > detailfile = > "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" > header = "%t" > detailperm = 384 > dirperm = 493 > locking = no > log_packet_header = no > } > Module: Linked to module rlm_radutmp > Module: Instantiating module "radutmp" from file > /etc/raddb/modules/radutmp > radutmp { > filename = "/var/log/radius/radutmp" > username = "%{User-Name}" > case_sensitive = yes > check_with_nas = yes > perm = 384 > callerid = yes > } > Module: Linked to module rlm_attr_filter > Module: Instantiating module "attr_filter.accounting_response" from file > /etc/raddb/modules/attr_filter > attr_filter attr_filter.accounting_response { > attrsfile = "/etc/raddb/attrs.accounting_response" > key = "%{User-Name}" > relaxed = no > } > reading pairlist file /etc/raddb/attrs.accounting_response > Module: Checking session {...} for more modules to load > Module: Checking post-proxy {...} for more modules to load > Module: Checking post-auth {...} for more modules to load > Module: Instantiating module "attr_filter.access_reject" from file > /etc/raddb/modules/attr_filter > attr_filter attr_filter.access_reject { > attrsfile = "/etc/raddb/attrs.access_reject" > key = "%{User-Name}" > relaxed = no > } > reading pairlist file /etc/raddb/attrs.access_reject > } # modules > } # server > server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel > modules { > Module: Checking authenticate {...} for more modules to load > Module: Checking authorize {...} for more modules to load > Module: Checking session {...} for more modules to load > Module: Checking post-proxy {...} for more modules to load > Module: Checking post-auth {...} for more modules to load > } # modules > } # server > radiusd: Opening IP addresses and Ports > listen { > type = "auth" > ipaddr = * > port = 0 > } > listen { > type = "acct" > ipaddr = * > port = 0 > } > listen { > type = "control" > listen { > socket = "/var/run/radiusd/radiusd.sock" > } > } > listen { > type = "auth" > ipaddr = 127.0.0.1 > port = 18120 > } > ... adding new socket proxy address * port 46422 > Listening on authentication address * port 1812 > Listening on accounting address * port 1813 > Listening on command file /var/run/radiusd/radiusd.sock > Listening on authentication address 127.0.0.1 port 18120 as server > inner-tunnel > Listening on proxy address * port 1814 > Ready to process requests. > rad_recv: Access-Request packet from host 11.0.0.205 port 1812, id=153, > length=196 > User-Name = "{sm=1}rawlacur...@adn.com" > EAP-Message = > 0x0201001e017b736d3d317d7261776c616375726f6e654061646e2e636f6d > Message-Authenticator = 0x39a7eb8d6128461e0fa6caf5dd5c26c3 > NAS-Identifier = "201" > NAS-IP-Address = 11.0.0.205 > Calling-Station-Id = "AC-81-12-78-CA-6E" > WiMAX-BS-Id = 0xfff329010102 > NAS-Port-Type = Wireless-802.16 > Framed-MTU = 2000 > Service-Type = Framed-User > WiMAX-GMT-Timezone-offset = 256 > WiMAX-Release = "1.0" > WiMAX-Accounting-Capabilities = IP-Session-Based > WiMAX-Attr-1793 = 0x028a > # Executing section authorize from file /etc/raddb/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > [auth_log] expand: > /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> > /var/log/radius/radacct/11.0.0.205/auth-detail-20130501 > [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > expands to /var/log/radius/radacct/11.0.0.205/auth-detail-20130501 > [auth_log] expand: %t -> Wed May 1 17:46:27 2013 > ++[auth_log] returns fail > Using Post-Auth-Type REJECT > # Executing group from file /etc/raddb/sites-enabled/default > +- entering group REJECT {...} > [attr_filter.access_reject] expand: %{User-Name} -> {sm= > 1}rawlacur...@adn.com > attr_filter: Matched entry DEFAULT at line 11 > ++[attr_filter.access_reject] returns updated > Delaying reject
EAP authentication stopped working
Hi Freeradius users, i have FR freeradius-2.2.0-0.fc17.i686 set up on fedora 17 machine. the wimax clients are supplying EAPttls Mschapv2 for authentication. a few weeks ago, the configuration was working and authenticating, but it suddenly stopped. the users are created in the users file and below is the radiusd -X output. any more info required will be promptly provided. could someone help me out on this? the wimax system is 4M alvarion and the CPe are well configured. ignore_null = no } Module: Checking accounting {...} for more modules to load Module: Instantiating module "detail" from file /etc/raddb/modules/detail detail { detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/attrs.access_reject } # modules } # server server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: Opening IP addresses and Ports listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } ... adding new socket proxy address * port 46422 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 11.0.0.205 port 1812, id=153, length=196 User-Name = "{sm=1}rawlacur...@adn.com" EAP-Message = 0x0201001e017b736d3d317d7261776c616375726f6e654061646e2e636f6d Message-Authenticator = 0x39a7eb8d6128461e0fa6caf5dd5c26c3 NAS-Identifier = "201" NAS-IP-Address = 11.0.0.205 Calling-Station-Id = "AC-81-12-78-CA-6E" WiMAX-BS-Id = 0xfff329010102 NAS-Port-Type = Wireless-802.16 Framed-MTU = 2000 Service-Type = Framed-User WiMAX-GMT-Timezone-offset = 256 WiMAX-Release = "1.0" WiMAX-Accounting-Capabilities = IP-Session-Based WiMAX-Attr-1793 = 0x028a # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/11.0.0.205/auth-detail-20130501 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/11.0.0.205/auth-detail-20130501 [auth_log] expand: %t -> Wed May 1 17:46:27 2013 ++[auth_log] returns fail Using Post-Auth-Type REJECT # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> {sm=1}rawlacur...@adn.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 153 to 11.0.0.205 port 1812 Waking up in 4.9 seconds. Cleaning up request 0 ID 153 with timestamp +1 Ready to process requests. rad_recv: Access-Request packet from host 11.0.0.