Re: Problem with only some users. Monowall - Freeradius
t...@kalik.net wrote: >> I executed freeradius on debug mode, then I used the radtest command. >> >> The message is almost the same, >> > > Almost is the key word here. > > >> but the proxy (@dialup,usp.br - another >> radius server in another city) returns OK. >> >> Why using radtest it returns OK and using monowall it retorns Reject? >> > > Who knows (actually admin form the home server will know). Most likely > it's because NAS request has Called-Station-Id in it. Or it could be > NAS-Identifier. Or ... > Mr. Daniel, the reason you connection was rejected is quite clear at the end of the debug you sent: Sending Access-Reject of id 166 to 123.123.123.123 port 63026 Reply-Message = "\r\nYou are already logged in 2 times - access denied\r\n\n" We are getting this situation of multiple logins when people don't disconnect properly from monowall (monowall opens a popup window with a "logout" window). For that reason I've installed some clean-up scripts in our freeradius database. Just wait a couple o hours and it will be reset by itself. I'm responsible for the server that is resolving the accounting requests at the domain "dialup.usp.br". Please, next time, ask Rubens there at CIRP. If he doesn't has the answer, he knows our contact phone and e-mail. Roberto Greiner CCE-USP -- - Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade Murphy - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with only some users. Monowall - Freeradius
>I executed freeradius on debug mode, then I used the radtest command. > >The message is almost the same, Almost is the key word here. >but the proxy (@dialup,usp.br - another >radius server in another city) returns OK. > >Why using radtest it returns OK and using monowall it retorns Reject? Who knows (actually admin form the home server will know). Most likely it's because NAS request has Called-Station-Id in it. Or it could be NAS-Identifier. Or ... Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with only some users. Monowall - Freeradius
>I have a Monowall athorizing and accounting on a Freeradius 2.1.1
>
I have news for you - you don't. Some other server does that. Yours just
proxies requests to it.
>[suffix] Looking up realm "dialup.usp.br" for User-Name = "
>nbati...@dialup.usp.br"
>[suffix] Found realm "dialup.usp.br"
>[suffix] Adding Realm = "dialup.usp.br"
>[suffix] Proxying request from user nbatista to realm dialup.usp.br
..
>rad_recv: Access-Reject packet from host 126.126.126.126 port 1812, id=239,
>length=82
>Reply-Message = "\r\nYou are already logged in 2 times - access
>denied\r\n\n"
>Proxy-State = 0x313636
>+- entering group post-proxy {...}
>[eap] No pre-existing handler found
>++[eap] returns noop
>Login incorrect (Home Server says so): [nbati...@dialup.usp.br] (from client
>gwrp port 83 cli 00:1b:77:b5:34:9d)
That's the only information of any use on this debug - Home Server says
so!
>Using Post-Auth-Type Reject
> WARNING: Unknown value specified for Post-Auth-Type. Cannot perform
>requested action.
Why have you disabled Post-Auth-Type REJECT on your server?
>I understood that there are 2 sessions opened. am I correct?
Maybe. But you need the debug from the home server in order to find out.
>If I am how can
>I close these sessions?
Again, you can't. If home server didn't get stop packets from your NAS
sessions will need to be removed - in the home server database. If you
are not the administrator of the home server - there is nothing you can
do. Except calling someone who is.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with only some users. Monowall - Freeradius
Sorry I didn't understand.
I executed freeradius on debug mode, then I used the radtest command.
The message is almost the same, but the proxy (@dialup,usp.br - another
radius server in another city) returns OK.
Why using radtest it returns OK and using monowall it retorns Reject?
Thanks, sorry about my english.
Daniel
2009/2/3 SDamron
Looks like some kind of problem with your database. It clears when
> you auth against the radtest, but when you try to use a user in the
> database, it fails.
>
> On Tue, Feb 3, 2009 at 6:45 PM, Daniel Bojczuk wrote:
> > Hi!!
> >
> > I have a Monowall athorizing and accounting on a Freeradius 2.1.1
> >
> > When I execute:
> > radtest nbati...@dialup.usp.br *** 123.123.123.123 0 's3mf!o/'
> > I get the folowing answer:
> >Sending Access-Request of id 177 to 123.123.123.123 port 1812
> >User-Name = "nbati...@dialup.usp.br"
> >User-Password = "nat6672"
> >NAS-IP-Address = 123.123.123.123
> >NAS-Port = 0
> >rad_recv: Access-Accept packet from host 123.123.123.123 port 1812,
> > id=177, length=68
> >Framed-IP-Address = 255.255.255.254
> >Framed-MTU = 1500
> >Service-Type = Framed-User
> >Framed-Protocol = PPP
> >Framed-Compression = Van-Jacobson-TCP-IP
> >Session-Timeout = 86400
> >Framed-IP-Netmask = 255.255.255.0
> >Idle-Timeout = 3600
> >
> > Everything works fine. But when I try to login using Monowall login page
> on
> > debug mode I have this:
> >
> >
> ___
> >
> > rad_recv: Access-Request packet from host 124.124.124.124 port 63026,
> > id=166, length=150
> > NAS-IP-Address = 124.124.124.124
> > NAS-Identifier = "gwrp.semfio.usp.br"
> > User-Name = "nbati...@dialup.usp.br"
> > User-Password = "***"
> > Service-Type = Login-User
> > NAS-Port-Type = Ethernet
> > NAS-Port = 83
> > Framed-IP-Address = 125.125.125.125
> > Called-Station-Id = "00:11:2f:75:81:7c"
> > Calling-Station-Id = "00:1b:77:b5:34:9d"
> > +- entering group authorize {...}
> > ++[preprocess] returns ok
> > [auth_log] expand:
> > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> ->
> > /usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203
> > [auth_log]
> > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> > expands to
> > /usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203
> > [auth_log] expand: %t -> Tue Feb 3 17:30:54 2009
> > ++[auth_log] returns ok
> > [suffix] Looking up realm "dialup.usp.br" for User-Name =
> > "nbati...@dialup.usp.br"
> > [suffix] Found realm "dialup.usp.br"
> > [suffix] Adding Realm = "dialup.usp.br"
> > [suffix] Proxying request from user nbatista to realm dialup.usp.br
> > [suffix] Preparing to proxy authentication request to realm "
> dialup.usp.br"
> > ++[suffix] returns updated
> > [sql] expand: %{User-Name} -> nbati...@dialup.usp.br
> > [sql] sql_set_user escaped user --> 'nbati...@dialup.usp.br'
> > rlm_sql (sql): Reserving sql socket id: 6
> > [sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck
> > WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName,
> > Attribute, Value, Op FROM radcheck WHERE Username =
> > 'nbati...@dialup.usp.br' ORDER BY id
> > rlm_sql_postgresql: Status: PGRES_TUPLES_OK
> > rlm_sql_postgresql: query affected rows = 0 , fields = 5
> > [sql] expand: SELECT GroupName FROM radusergroup WHERE
> > UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
> > radusergroup WHERE UserName='nbati...@dialup.usp.br' ORDER BY priority
> > rlm_sql_postgresql: Status: PGRES_TUPLES_OK
> > rlm_sql_postgresql: query affected rows = 0 , fields = 1
> > rlm_sql (sql): Released sql socket id: 6
> > [sql] User nbati...@dialup.usp.br not found
> > ++[sql] returns notfound
> > ++[pap] returns noop
> > Sending Access-Request of id 239 to 126.126.126.126 port 1812
> > NAS-IP-Address = 124.124.124.124
> > NAS-Identifier = "gwrp.semfio.usp.br"
> > User-Name = "nbati...@dialup.usp.br"
> > User-Password = "***"
> > Service-Type = Login-User
> > NAS-Port-Type = Ethernet
> > NAS-Port = 83
> > Framed-IP-Address = 125.125.125.125
> > Called-Station-Id = "00:11:2f:75:81:7c"
> > Calling-Station-Id = "00:1b:77:b5:34:Sending Access-Request of id
> > 239 to 143.107.253.10 port 1812
> > NAS-IP-Address = 124.124.124.124
> > NAS-Identifier = "gwrp.semfio.usp.br"
> > User-Name = "nbati...@dialup.usp.br"
> > User-Password = "***"
> > Service-Type = Login-User
> > NAS-Port-Type = Ethernet
> > NAS-Port = 83
> > Framed-IP-Address = 125.125.125.125
> > Called-Sta
Re: Problem with only some users. Monowall - Freeradius
Looks like some kind of problem with your database. It clears when
you auth against the radtest, but when you try to use a user in the
database, it fails.
On Tue, Feb 3, 2009 at 6:45 PM, Daniel Bojczuk wrote:
> Hi!!
>
> I have a Monowall athorizing and accounting on a Freeradius 2.1.1
>
> When I execute:
> radtest nbati...@dialup.usp.br *** 123.123.123.123 0 's3mf!o/'
> I get the folowing answer:
>Sending Access-Request of id 177 to 123.123.123.123 port 1812
>User-Name = "nbati...@dialup.usp.br"
>User-Password = "nat6672"
>NAS-IP-Address = 123.123.123.123
>NAS-Port = 0
>rad_recv: Access-Accept packet from host 123.123.123.123 port 1812,
> id=177, length=68
>Framed-IP-Address = 255.255.255.254
>Framed-MTU = 1500
>Service-Type = Framed-User
>Framed-Protocol = PPP
>Framed-Compression = Van-Jacobson-TCP-IP
>Session-Timeout = 86400
>Framed-IP-Netmask = 255.255.255.0
>Idle-Timeout = 3600
>
> Everything works fine. But when I try to login using Monowall login page on
> debug mode I have this:
>
> ___
>
> rad_recv: Access-Request packet from host 124.124.124.124 port 63026,
> id=166, length=150
> NAS-IP-Address = 124.124.124.124
> NAS-Identifier = "gwrp.semfio.usp.br"
> User-Name = "nbati...@dialup.usp.br"
> User-Password = "***"
> Service-Type = Login-User
> NAS-Port-Type = Ethernet
> NAS-Port = 83
> Framed-IP-Address = 125.125.125.125
> Called-Station-Id = "00:11:2f:75:81:7c"
> Calling-Station-Id = "00:1b:77:b5:34:9d"
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [auth_log] expand:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
> /usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203
> [auth_log]
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to
> /usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203
> [auth_log] expand: %t -> Tue Feb 3 17:30:54 2009
> ++[auth_log] returns ok
> [suffix] Looking up realm "dialup.usp.br" for User-Name =
> "nbati...@dialup.usp.br"
> [suffix] Found realm "dialup.usp.br"
> [suffix] Adding Realm = "dialup.usp.br"
> [suffix] Proxying request from user nbatista to realm dialup.usp.br
> [suffix] Preparing to proxy authentication request to realm "dialup.usp.br"
> ++[suffix] returns updated
> [sql] expand: %{User-Name} -> nbati...@dialup.usp.br
> [sql] sql_set_user escaped user --> 'nbati...@dialup.usp.br'
> rlm_sql (sql): Reserving sql socket id: 6
> [sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck
> WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName,
> Attribute, Value, Op FROM radcheck WHERE Username =
> 'nbati...@dialup.usp.br' ORDER BY id
> rlm_sql_postgresql: Status: PGRES_TUPLES_OK
> rlm_sql_postgresql: query affected rows = 0 , fields = 5
> [sql] expand: SELECT GroupName FROM radusergroup WHERE
> UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
> radusergroup WHERE UserName='nbati...@dialup.usp.br' ORDER BY priority
> rlm_sql_postgresql: Status: PGRES_TUPLES_OK
> rlm_sql_postgresql: query affected rows = 0 , fields = 1
> rlm_sql (sql): Released sql socket id: 6
> [sql] User nbati...@dialup.usp.br not found
> ++[sql] returns notfound
> ++[pap] returns noop
> Sending Access-Request of id 239 to 126.126.126.126 port 1812
> NAS-IP-Address = 124.124.124.124
> NAS-Identifier = "gwrp.semfio.usp.br"
> User-Name = "nbati...@dialup.usp.br"
> User-Password = "***"
> Service-Type = Login-User
> NAS-Port-Type = Ethernet
> NAS-Port = 83
> Framed-IP-Address = 125.125.125.125
> Called-Station-Id = "00:11:2f:75:81:7c"
> Calling-Station-Id = "00:1b:77:b5:34:Sending Access-Request of id
> 239 to 143.107.253.10 port 1812
> NAS-IP-Address = 124.124.124.124
> NAS-Identifier = "gwrp.semfio.usp.br"
> User-Name = "nbati...@dialup.usp.br"
> User-Password = "***"
> Service-Type = Login-User
> NAS-Port-Type = Ethernet
> NAS-Port = 83
> Framed-IP-Address = 125.125.125.125
> Called-Station-Id = "00:11:2f:75:81:7c"
> Calling-Station-Id = "00:1b:77:b5:34:9d"
> Proxy-State = 0x313636
> Going to the next request
> Waking up in 0.8 seconds.
> Cleaning up request 5 ID 194 with timestamp +9
> Waking up in 0.1 seconds.
> Waking up in 13.0 seconds.
> rad_recv: Access-Reject packet from host 126.126.126.126 port 1812, id=239,
> length=82
> Reply-Message = "\r\nYou are already logged in 2 times - access
> denied\r\n\n"
> Proxy-State = 0x313636
> +- entering group post-proxy {...}
> [eap] No pre-existing handl
Problem with only some users. Monowall - Freeradius
Hi!!
I have a Monowall athorizing and accounting on a Freeradius 2.1.1
When I execute:
radtest nbati...@dialup.usp.br *** 123.123.123.123 0 's3mf!o/'
I get the folowing answer:
Sending Access-Request of id 177 to 123.123.123.123 port 1812
User-Name = "nbati...@dialup.usp.br"
User-Password = "nat6672"
NAS-IP-Address = 123.123.123.123
NAS-Port = 0
rad_recv: Access-Accept packet from host 123.123.123.123 port 1812,
id=177, length=68
Framed-IP-Address = 255.255.255.254
Framed-MTU = 1500
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
Session-Timeout = 86400
Framed-IP-Netmask = 255.255.255.0
Idle-Timeout = 3600
Everything works fine. But when I try to login using Monowall login page on
debug mode I have this:
___
rad_recv: Access-Request packet from host 124.124.124.124 port 63026,
id=166, length=150
NAS-IP-Address = 124.124.124.124
NAS-Identifier = "gwrp.semfio.usp.br"
User-Name = "nbati...@dialup.usp.br"
User-Password = "***"
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 83
Framed-IP-Address = 125.125.125.125
Called-Station-Id = "00:11:2f:75:81:7c"
Calling-Station-Id = "00:1b:77:b5:34:9d"
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/
143.107.192.54/auth-detail-20090203
[auth_log] expand: %t -> Tue Feb 3 17:30:54 2009
++[auth_log] returns ok
[suffix] Looking up realm "dialup.usp.br" for User-Name = "
nbati...@dialup.usp.br"
[suffix] Found realm "dialup.usp.br"
[suffix] Adding Realm = "dialup.usp.br"
[suffix] Proxying request from user nbatista to realm dialup.usp.br
[suffix] Preparing to proxy authentication request to realm "dialup.usp.br"
++[suffix] returns updated
[sql] expand: %{User-Name} -> nbati...@dialup.usp.br
[sql] sql_set_user escaped user --> 'nbati...@dialup.usp.br'
rlm_sql (sql): Reserving sql socket id: 6
[sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck
WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName,
Attribute, Value, Op FROM radcheck WHERE Username = '
nbati...@dialup.usp.br' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
[sql] expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='nbati...@dialup.usp.br' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 1
rlm_sql (sql): Released sql socket id: 6
[sql] User nbati...@dialup.usp.br not found
++[sql] returns notfound
++[pap] returns noop
Sending Access-Request of id 239 to 126.126.126.126 port 1812
NAS-IP-Address = 124.124.124.124
NAS-Identifier = "gwrp.semfio.usp.br"
User-Name = "nbati...@dialup.usp.br"
User-Password = "***"
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 83
Framed-IP-Address = 125.125.125.125
Called-Station-Id = "00:11:2f:75:81:7c"
Calling-Station-Id = "00:1b:77:b5:34:Sending Access-Request of id
239 to 143.107.253.10 port 1812
NAS-IP-Address = 124.124.124.124
NAS-Identifier = "gwrp.semfio.usp.br"
User-Name = "nbati...@dialup.usp.br"
User-Password = "***"
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 83
Framed-IP-Address = 125.125.125.125
Called-Station-Id = "00:11:2f:75:81:7c"
Calling-Station-Id = "00:1b:77:b5:34:9d"
Proxy-State = 0x313636
Going to the next request
Waking up in 0.8 seconds.
Cleaning up request 5 ID 194 with timestamp +9
Waking up in 0.1 seconds.
Waking up in 13.0 seconds.
rad_recv: Access-Reject packet from host 126.126.126.126 port 1812, id=239,
length=82
Reply-Message = "\r\nYou are already logged in 2 times - access
denied\r\n\n"
Proxy-State = 0x313636
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
Login incorrect (Home Server says so): [nbati...@dialup.usp.br] (from client
gwrp port 83 cli 00:1b:77:b5:34:9d)
Using Post-Auth-Type Reject
WARNING: Unknown value specified for Post-Auth-Type. Cannot perform
requested action.
Sending Access-Reject of id 166 to 123.123.123.123 port 63026
Reply-Message = "\r\nYou are already logged in 2 times - access
denied\r\n\n"
Finished request
