Re: Problem with only some users. Monowall - Freeradius
t...@kalik.net wrote: >> I executed freeradius on debug mode, then I used the radtest command. >> >> The message is almost the same, >> > > Almost is the key word here. > > >> but the proxy (@dialup,usp.br - another >> radius server in another city) returns OK. >> >> Why using radtest it returns OK and using monowall it retorns Reject? >> > > Who knows (actually admin form the home server will know). Most likely > it's because NAS request has Called-Station-Id in it. Or it could be > NAS-Identifier. Or ... > Mr. Daniel, the reason you connection was rejected is quite clear at the end of the debug you sent: Sending Access-Reject of id 166 to 123.123.123.123 port 63026 Reply-Message = "\r\nYou are already logged in 2 times - access denied\r\n\n" We are getting this situation of multiple logins when people don't disconnect properly from monowall (monowall opens a popup window with a "logout" window). For that reason I've installed some clean-up scripts in our freeradius database. Just wait a couple o hours and it will be reset by itself. I'm responsible for the server that is resolving the accounting requests at the domain "dialup.usp.br". Please, next time, ask Rubens there at CIRP. If he doesn't has the answer, he knows our contact phone and e-mail. Roberto Greiner CCE-USP -- - Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade Murphy - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with only some users. Monowall - Freeradius
>I executed freeradius on debug mode, then I used the radtest command. > >The message is almost the same, Almost is the key word here. >but the proxy (@dialup,usp.br - another >radius server in another city) returns OK. > >Why using radtest it returns OK and using monowall it retorns Reject? Who knows (actually admin form the home server will know). Most likely it's because NAS request has Called-Station-Id in it. Or it could be NAS-Identifier. Or ... Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with only some users. Monowall - Freeradius
>I have a Monowall athorizing and accounting on a Freeradius 2.1.1 > I have news for you - you don't. Some other server does that. Yours just proxies requests to it. >[suffix] Looking up realm "dialup.usp.br" for User-Name = " >nbati...@dialup.usp.br" >[suffix] Found realm "dialup.usp.br" >[suffix] Adding Realm = "dialup.usp.br" >[suffix] Proxying request from user nbatista to realm dialup.usp.br .. >rad_recv: Access-Reject packet from host 126.126.126.126 port 1812, id=239, >length=82 >Reply-Message = "\r\nYou are already logged in 2 times - access >denied\r\n\n" >Proxy-State = 0x313636 >+- entering group post-proxy {...} >[eap] No pre-existing handler found >++[eap] returns noop >Login incorrect (Home Server says so): [nbati...@dialup.usp.br] (from client >gwrp port 83 cli 00:1b:77:b5:34:9d) That's the only information of any use on this debug - Home Server says so! >Using Post-Auth-Type Reject > WARNING: Unknown value specified for Post-Auth-Type. Cannot perform >requested action. Why have you disabled Post-Auth-Type REJECT on your server? >I understood that there are 2 sessions opened. am I correct? Maybe. But you need the debug from the home server in order to find out. >If I am how can >I close these sessions? Again, you can't. If home server didn't get stop packets from your NAS sessions will need to be removed - in the home server database. If you are not the administrator of the home server - there is nothing you can do. Except calling someone who is. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with only some users. Monowall - Freeradius
Sorry I didn't understand. I executed freeradius on debug mode, then I used the radtest command. The message is almost the same, but the proxy (@dialup,usp.br - another radius server in another city) returns OK. Why using radtest it returns OK and using monowall it retorns Reject? Thanks, sorry about my english. Daniel 2009/2/3 SDamron Looks like some kind of problem with your database. It clears when > you auth against the radtest, but when you try to use a user in the > database, it fails. > > On Tue, Feb 3, 2009 at 6:45 PM, Daniel Bojczuk wrote: > > Hi!! > > > > I have a Monowall athorizing and accounting on a Freeradius 2.1.1 > > > > When I execute: > > radtest nbati...@dialup.usp.br *** 123.123.123.123 0 's3mf!o/' > > I get the folowing answer: > >Sending Access-Request of id 177 to 123.123.123.123 port 1812 > >User-Name = "nbati...@dialup.usp.br" > >User-Password = "nat6672" > >NAS-IP-Address = 123.123.123.123 > >NAS-Port = 0 > >rad_recv: Access-Accept packet from host 123.123.123.123 port 1812, > > id=177, length=68 > >Framed-IP-Address = 255.255.255.254 > >Framed-MTU = 1500 > >Service-Type = Framed-User > >Framed-Protocol = PPP > >Framed-Compression = Van-Jacobson-TCP-IP > >Session-Timeout = 86400 > >Framed-IP-Netmask = 255.255.255.0 > >Idle-Timeout = 3600 > > > > Everything works fine. But when I try to login using Monowall login page > on > > debug mode I have this: > > > > > ___ > > > > rad_recv: Access-Request packet from host 124.124.124.124 port 63026, > > id=166, length=150 > > NAS-IP-Address = 124.124.124.124 > > NAS-Identifier = "gwrp.semfio.usp.br" > > User-Name = "nbati...@dialup.usp.br" > > User-Password = "***" > > Service-Type = Login-User > > NAS-Port-Type = Ethernet > > NAS-Port = 83 > > Framed-IP-Address = 125.125.125.125 > > Called-Station-Id = "00:11:2f:75:81:7c" > > Calling-Station-Id = "00:1b:77:b5:34:9d" > > +- entering group authorize {...} > > ++[preprocess] returns ok > > [auth_log] expand: > > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > -> > > /usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203 > > [auth_log] > > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > > expands to > > /usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203 > > [auth_log] expand: %t -> Tue Feb 3 17:30:54 2009 > > ++[auth_log] returns ok > > [suffix] Looking up realm "dialup.usp.br" for User-Name = > > "nbati...@dialup.usp.br" > > [suffix] Found realm "dialup.usp.br" > > [suffix] Adding Realm = "dialup.usp.br" > > [suffix] Proxying request from user nbatista to realm dialup.usp.br > > [suffix] Preparing to proxy authentication request to realm " > dialup.usp.br" > > ++[suffix] returns updated > > [sql] expand: %{User-Name} -> nbati...@dialup.usp.br > > [sql] sql_set_user escaped user --> 'nbati...@dialup.usp.br' > > rlm_sql (sql): Reserving sql socket id: 6 > > [sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck > > WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, > > Attribute, Value, Op FROM radcheck WHERE Username = > > 'nbati...@dialup.usp.br' ORDER BY id > > rlm_sql_postgresql: Status: PGRES_TUPLES_OK > > rlm_sql_postgresql: query affected rows = 0 , fields = 5 > > [sql] expand: SELECT GroupName FROM radusergroup WHERE > > UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM > > radusergroup WHERE UserName='nbati...@dialup.usp.br' ORDER BY priority > > rlm_sql_postgresql: Status: PGRES_TUPLES_OK > > rlm_sql_postgresql: query affected rows = 0 , fields = 1 > > rlm_sql (sql): Released sql socket id: 6 > > [sql] User nbati...@dialup.usp.br not found > > ++[sql] returns notfound > > ++[pap] returns noop > > Sending Access-Request of id 239 to 126.126.126.126 port 1812 > > NAS-IP-Address = 124.124.124.124 > > NAS-Identifier = "gwrp.semfio.usp.br" > > User-Name = "nbati...@dialup.usp.br" > > User-Password = "***" > > Service-Type = Login-User > > NAS-Port-Type = Ethernet > > NAS-Port = 83 > > Framed-IP-Address = 125.125.125.125 > > Called-Station-Id = "00:11:2f:75:81:7c" > > Calling-Station-Id = "00:1b:77:b5:34:Sending Access-Request of id > > 239 to 143.107.253.10 port 1812 > > NAS-IP-Address = 124.124.124.124 > > NAS-Identifier = "gwrp.semfio.usp.br" > > User-Name = "nbati...@dialup.usp.br" > > User-Password = "***" > > Service-Type = Login-User > > NAS-Port-Type = Ethernet > > NAS-Port = 83 > > Framed-IP-Address = 125.125.125.125 > > Called-Sta
Re: Problem with only some users. Monowall - Freeradius
Looks like some kind of problem with your database. It clears when you auth against the radtest, but when you try to use a user in the database, it fails. On Tue, Feb 3, 2009 at 6:45 PM, Daniel Bojczuk wrote: > Hi!! > > I have a Monowall athorizing and accounting on a Freeradius 2.1.1 > > When I execute: > radtest nbati...@dialup.usp.br *** 123.123.123.123 0 's3mf!o/' > I get the folowing answer: >Sending Access-Request of id 177 to 123.123.123.123 port 1812 >User-Name = "nbati...@dialup.usp.br" >User-Password = "nat6672" >NAS-IP-Address = 123.123.123.123 >NAS-Port = 0 >rad_recv: Access-Accept packet from host 123.123.123.123 port 1812, > id=177, length=68 >Framed-IP-Address = 255.255.255.254 >Framed-MTU = 1500 >Service-Type = Framed-User >Framed-Protocol = PPP >Framed-Compression = Van-Jacobson-TCP-IP >Session-Timeout = 86400 >Framed-IP-Netmask = 255.255.255.0 >Idle-Timeout = 3600 > > Everything works fine. But when I try to login using Monowall login page on > debug mode I have this: > > ___ > > rad_recv: Access-Request packet from host 124.124.124.124 port 63026, > id=166, length=150 > NAS-IP-Address = 124.124.124.124 > NAS-Identifier = "gwrp.semfio.usp.br" > User-Name = "nbati...@dialup.usp.br" > User-Password = "***" > Service-Type = Login-User > NAS-Port-Type = Ethernet > NAS-Port = 83 > Framed-IP-Address = 125.125.125.125 > Called-Station-Id = "00:11:2f:75:81:7c" > Calling-Station-Id = "00:1b:77:b5:34:9d" > +- entering group authorize {...} > ++[preprocess] returns ok > [auth_log] expand: > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> > /usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203 > [auth_log] > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > expands to > /usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203 > [auth_log] expand: %t -> Tue Feb 3 17:30:54 2009 > ++[auth_log] returns ok > [suffix] Looking up realm "dialup.usp.br" for User-Name = > "nbati...@dialup.usp.br" > [suffix] Found realm "dialup.usp.br" > [suffix] Adding Realm = "dialup.usp.br" > [suffix] Proxying request from user nbatista to realm dialup.usp.br > [suffix] Preparing to proxy authentication request to realm "dialup.usp.br" > ++[suffix] returns updated > [sql] expand: %{User-Name} -> nbati...@dialup.usp.br > [sql] sql_set_user escaped user --> 'nbati...@dialup.usp.br' > rlm_sql (sql): Reserving sql socket id: 6 > [sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck > WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, > Attribute, Value, Op FROM radcheck WHERE Username = > 'nbati...@dialup.usp.br' ORDER BY id > rlm_sql_postgresql: Status: PGRES_TUPLES_OK > rlm_sql_postgresql: query affected rows = 0 , fields = 5 > [sql] expand: SELECT GroupName FROM radusergroup WHERE > UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM > radusergroup WHERE UserName='nbati...@dialup.usp.br' ORDER BY priority > rlm_sql_postgresql: Status: PGRES_TUPLES_OK > rlm_sql_postgresql: query affected rows = 0 , fields = 1 > rlm_sql (sql): Released sql socket id: 6 > [sql] User nbati...@dialup.usp.br not found > ++[sql] returns notfound > ++[pap] returns noop > Sending Access-Request of id 239 to 126.126.126.126 port 1812 > NAS-IP-Address = 124.124.124.124 > NAS-Identifier = "gwrp.semfio.usp.br" > User-Name = "nbati...@dialup.usp.br" > User-Password = "***" > Service-Type = Login-User > NAS-Port-Type = Ethernet > NAS-Port = 83 > Framed-IP-Address = 125.125.125.125 > Called-Station-Id = "00:11:2f:75:81:7c" > Calling-Station-Id = "00:1b:77:b5:34:Sending Access-Request of id > 239 to 143.107.253.10 port 1812 > NAS-IP-Address = 124.124.124.124 > NAS-Identifier = "gwrp.semfio.usp.br" > User-Name = "nbati...@dialup.usp.br" > User-Password = "***" > Service-Type = Login-User > NAS-Port-Type = Ethernet > NAS-Port = 83 > Framed-IP-Address = 125.125.125.125 > Called-Station-Id = "00:11:2f:75:81:7c" > Calling-Station-Id = "00:1b:77:b5:34:9d" > Proxy-State = 0x313636 > Going to the next request > Waking up in 0.8 seconds. > Cleaning up request 5 ID 194 with timestamp +9 > Waking up in 0.1 seconds. > Waking up in 13.0 seconds. > rad_recv: Access-Reject packet from host 126.126.126.126 port 1812, id=239, > length=82 > Reply-Message = "\r\nYou are already logged in 2 times - access > denied\r\n\n" > Proxy-State = 0x313636 > +- entering group post-proxy {...} > [eap] No pre-existing handl
Problem with only some users. Monowall - Freeradius
Hi!! I have a Monowall athorizing and accounting on a Freeradius 2.1.1 When I execute: radtest nbati...@dialup.usp.br *** 123.123.123.123 0 's3mf!o/' I get the folowing answer: Sending Access-Request of id 177 to 123.123.123.123 port 1812 User-Name = "nbati...@dialup.usp.br" User-Password = "nat6672" NAS-IP-Address = 123.123.123.123 NAS-Port = 0 rad_recv: Access-Accept packet from host 123.123.123.123 port 1812, id=177, length=68 Framed-IP-Address = 255.255.255.254 Framed-MTU = 1500 Service-Type = Framed-User Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP Session-Timeout = 86400 Framed-IP-Netmask = 255.255.255.0 Idle-Timeout = 3600 Everything works fine. But when I try to login using Monowall login page on debug mode I have this: ___ rad_recv: Access-Request packet from host 124.124.124.124 port 63026, id=166, length=150 NAS-IP-Address = 124.124.124.124 NAS-Identifier = "gwrp.semfio.usp.br" User-Name = "nbati...@dialup.usp.br" User-Password = "***" Service-Type = Login-User NAS-Port-Type = Ethernet NAS-Port = 83 Framed-IP-Address = 125.125.125.125 Called-Station-Id = "00:11:2f:75:81:7c" Calling-Station-Id = "00:1b:77:b5:34:9d" +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/143.107.192.54/auth-detail-20090203 [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/ 143.107.192.54/auth-detail-20090203 [auth_log] expand: %t -> Tue Feb 3 17:30:54 2009 ++[auth_log] returns ok [suffix] Looking up realm "dialup.usp.br" for User-Name = " nbati...@dialup.usp.br" [suffix] Found realm "dialup.usp.br" [suffix] Adding Realm = "dialup.usp.br" [suffix] Proxying request from user nbatista to realm dialup.usp.br [suffix] Preparing to proxy authentication request to realm "dialup.usp.br" ++[suffix] returns updated [sql] expand: %{User-Name} -> nbati...@dialup.usp.br [sql] sql_set_user escaped user --> 'nbati...@dialup.usp.br' rlm_sql (sql): Reserving sql socket id: 6 [sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = ' nbati...@dialup.usp.br' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 0 , fields = 5 [sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='nbati...@dialup.usp.br' ORDER BY priority rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 0 , fields = 1 rlm_sql (sql): Released sql socket id: 6 [sql] User nbati...@dialup.usp.br not found ++[sql] returns notfound ++[pap] returns noop Sending Access-Request of id 239 to 126.126.126.126 port 1812 NAS-IP-Address = 124.124.124.124 NAS-Identifier = "gwrp.semfio.usp.br" User-Name = "nbati...@dialup.usp.br" User-Password = "***" Service-Type = Login-User NAS-Port-Type = Ethernet NAS-Port = 83 Framed-IP-Address = 125.125.125.125 Called-Station-Id = "00:11:2f:75:81:7c" Calling-Station-Id = "00:1b:77:b5:34:Sending Access-Request of id 239 to 143.107.253.10 port 1812 NAS-IP-Address = 124.124.124.124 NAS-Identifier = "gwrp.semfio.usp.br" User-Name = "nbati...@dialup.usp.br" User-Password = "***" Service-Type = Login-User NAS-Port-Type = Ethernet NAS-Port = 83 Framed-IP-Address = 125.125.125.125 Called-Station-Id = "00:11:2f:75:81:7c" Calling-Station-Id = "00:1b:77:b5:34:9d" Proxy-State = 0x313636 Going to the next request Waking up in 0.8 seconds. Cleaning up request 5 ID 194 with timestamp +9 Waking up in 0.1 seconds. Waking up in 13.0 seconds. rad_recv: Access-Reject packet from host 126.126.126.126 port 1812, id=239, length=82 Reply-Message = "\r\nYou are already logged in 2 times - access denied\r\n\n" Proxy-State = 0x313636 +- entering group post-proxy {...} [eap] No pre-existing handler found ++[eap] returns noop Login incorrect (Home Server says so): [nbati...@dialup.usp.br] (from client gwrp port 83 cli 00:1b:77:b5:34:9d) Using Post-Auth-Type Reject WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action. Sending Access-Reject of id 166 to 123.123.123.123 port 63026 Reply-Message = "\r\nYou are already logged in 2 times - access denied\r\n\n" Finished request