Re: EAP authentication stopped working
Hi, >My GUESS is that it's something as simple as disk full. Try "df -h" and >"df -i". yep. thats the most common error. check in your change log for any changes made to your system , check revision control for any changes, check your 'gold reference' 'radiusd -X' output against what it looks like now etc. if none of tht has changed then you'll need to look elsewhere - such as system patches that have been applied BUT, the obvious failure would be lack of diskspace. and the defauly bahaviour is if the auth etc cannot be logged then the authentication will fail (otherwise you wont have audit trails of the connection/usage) ...and then advice that you start putting system monitoring into place for such things. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: some error in log file
> WARNING: Module rlm_sql became unblocked for request 10526 > Error: WARNING: Unresponsive child for request 10561, in component authorize > module sql What oh what could the SQL client be waiting for... I think it's waiting for cake. Have you tried inserting a Gateaux into the cooling ducts of your RADIUS server? Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeeradius 3.0.0 issue
BALSIANOK, Peter wrote:
> (3) ERROR: %{Called-Station-Id}.%{3GPP-SGSN-Address}
> (3) ERROR:^ Invalid regex reference
I've pushed a fix.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
some error in log file
Hi All i have some error in log file and i do not know what is the cause of this error ? Error: WARNING: Unresponsive child for request 10785, in component authorize module WARNING: Module rlm_sql became unblocked for request 10526 Error: WARNING: Unresponsive child for request 10583, in component authorize module Error: WARNING: Unresponsive child for request 10561, in component authorize module sql WARNING: Unresponsive child for request 7478, in component authorize module best regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP authentication stopped working
On Sat, May 4, 2013 at 3:24 PM, Peter Lambrechtsen wrote:
> Why does auth_log return fail?
> On May 4, 2013 8:04 PM, "larry tembu" wrote:
>
>> a few weeks ago, the configuration was working and authenticating, but it
>> suddenly stopped.
>>
>
> [auth_log] expand:
>> /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
>> /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
>> [auth_log]
>> /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
>> /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
>> [auth_log] expand: %t -> Wed May 1 17:46:27 2013
>> ++[auth_log] returns fail
>> Using Post-Auth-Type REJECT
>>
>
My GUESS is that it's something as simple as disk full. Try "df -h" and "df
-i".
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP authentication stopped working
Why does auth_log return fail?
On May 4, 2013 8:04 PM, "larry tembu" wrote:
> Hi Freeradius users,
> i have FR freeradius-2.2.0-0.fc17.i686 set up on fedora 17 machine. the
> wimax clients are supplying EAPttls Mschapv2 for authentication. a few
> weeks ago, the configuration was working and authenticating, but it
> suddenly stopped. the users are created in the users file and below is the
> radiusd -X output. any more info required will be promptly provided. could
> someone help me out on this? the wimax system is 4M alvarion and the CPe
> are well configured.
> ignore_null = no
> }
> Module: Checking accounting {...} for more modules to load
> Module: Instantiating module "detail" from file /etc/raddb/modules/detail
> detail {
> detailfile =
> "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> header = "%t"
> detailperm = 384
> dirperm = 493
> locking = no
> log_packet_header = no
> }
> Module: Linked to module rlm_radutmp
> Module: Instantiating module "radutmp" from file
> /etc/raddb/modules/radutmp
> radutmp {
> filename = "/var/log/radius/radutmp"
> username = "%{User-Name}"
> case_sensitive = yes
> check_with_nas = yes
> perm = 384
> callerid = yes
> }
> Module: Linked to module rlm_attr_filter
> Module: Instantiating module "attr_filter.accounting_response" from file
> /etc/raddb/modules/attr_filter
> attr_filter attr_filter.accounting_response {
> attrsfile = "/etc/raddb/attrs.accounting_response"
> key = "%{User-Name}"
> relaxed = no
> }
> reading pairlist file /etc/raddb/attrs.accounting_response
> Module: Checking session {...} for more modules to load
> Module: Checking post-proxy {...} for more modules to load
> Module: Checking post-auth {...} for more modules to load
> Module: Instantiating module "attr_filter.access_reject" from file
> /etc/raddb/modules/attr_filter
> attr_filter attr_filter.access_reject {
> attrsfile = "/etc/raddb/attrs.access_reject"
> key = "%{User-Name}"
> relaxed = no
> }
> reading pairlist file /etc/raddb/attrs.access_reject
> } # modules
> } # server
> server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
> modules {
> Module: Checking authenticate {...} for more modules to load
> Module: Checking authorize {...} for more modules to load
> Module: Checking session {...} for more modules to load
> Module: Checking post-proxy {...} for more modules to load
> Module: Checking post-auth {...} for more modules to load
> } # modules
> } # server
> radiusd: Opening IP addresses and Ports
> listen {
> type = "auth"
> ipaddr = *
> port = 0
> }
> listen {
> type = "acct"
> ipaddr = *
> port = 0
> }
> listen {
> type = "control"
> listen {
> socket = "/var/run/radiusd/radiusd.sock"
> }
> }
> listen {
> type = "auth"
> ipaddr = 127.0.0.1
> port = 18120
> }
> ... adding new socket proxy address * port 46422
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Listening on command file /var/run/radiusd/radiusd.sock
> Listening on authentication address 127.0.0.1 port 18120 as server
> inner-tunnel
> Listening on proxy address * port 1814
> Ready to process requests.
> rad_recv: Access-Request packet from host 11.0.0.205 port 1812, id=153,
> length=196
> User-Name = "{sm=1}rawlacur...@adn.com"
> EAP-Message =
> 0x0201001e017b736d3d317d7261776c616375726f6e654061646e2e636f6d
> Message-Authenticator = 0x39a7eb8d6128461e0fa6caf5dd5c26c3
> NAS-Identifier = "201"
> NAS-IP-Address = 11.0.0.205
> Calling-Station-Id = "AC-81-12-78-CA-6E"
> WiMAX-BS-Id = 0xfff329010102
> NAS-Port-Type = Wireless-802.16
> Framed-MTU = 2000
> Service-Type = Framed-User
> WiMAX-GMT-Timezone-offset = 256
> WiMAX-Release = "1.0"
> WiMAX-Accounting-Capabilities = IP-Session-Based
> WiMAX-Attr-1793 = 0x028a
> # Executing section authorize from file /etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [auth_log] expand:
> /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
> /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
> [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
> [auth_log] expand: %t -> Wed May 1 17:46:27 2013
> ++[auth_log] returns fail
> Using Post-Auth-Type REJECT
> # Executing group from file /etc/raddb/sites-enabled/default
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> {sm=
> 1}rawlacur...@adn.com
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject
EAP authentication stopped working
Hi Freeradius users,
i have FR freeradius-2.2.0-0.fc17.i686 set up on fedora 17 machine. the wimax
clients are supplying EAPttls Mschapv2 for authentication. a few weeks ago, the
configuration was working and authenticating, but it suddenly stopped. the
users are created in the users file and below is the radiusd -X output. any
more info required will be promptly provided. could someone help me out on
this? the wimax system is 4M alvarion and the CPe are well configured.
ignore_null = no
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating module "detail" from file /etc/raddb/modules/detail
detail {
detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file
/etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/attrs.accounting_response
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file
/etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/attrs.access_reject
} # modules
} # server
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: Opening IP addresses and Ports
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/var/run/radiusd/radiusd.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
... adding new socket proxy address * port 46422
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 11.0.0.205 port 1812, id=153,
length=196
User-Name = "{sm=1}rawlacur...@adn.com"
EAP-Message =
0x0201001e017b736d3d317d7261776c616375726f6e654061646e2e636f6d
Message-Authenticator = 0x39a7eb8d6128461e0fa6caf5dd5c26c3
NAS-Identifier = "201"
NAS-IP-Address = 11.0.0.205
Calling-Station-Id = "AC-81-12-78-CA-6E"
WiMAX-BS-Id = 0xfff329010102
NAS-Port-Type = Wireless-802.16
Framed-MTU = 2000
Service-Type = Framed-User
WiMAX-GMT-Timezone-offset = 256
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-Attr-1793 = 0x028a
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/11.0.0.205/auth-detail-20130501
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/11.0.0.205/auth-detail-20130501
[auth_log] expand: %t -> Wed May 1 17:46:27 2013
++[auth_log] returns fail
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} ->
{sm=1}rawlacur...@adn.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 153 to 11.0.0.205 port 1812
Waking up in 4.9 seconds.
Cleaning up request 0 ID 153 with timestamp +1
Ready to process requests.
rad_recv: Access-Request packet from host 11.0.0.
