CHAP auth fail with radclient -c option #955

Closed
Shamey opened this Issue Apr 13, 2015 · 2 comments

Projects

None yet

2 participants

@Shamey
Shamey commented Apr 13, 2015

Testing out-of-box freeradius3.0.4 with simple users text file on CentOS 7
Experience error with using -c option which i need for stress testing. My reading of debugs is server issues a new CHAP challenge for each auth- request iteration but client re-sends response from first challenge. Hence first auth packet is success but each subsequent count of auth packets sent get auth rejections.

test-client:
[root@localhost radius-tests]# more test_file2
User-Name = "bob"
CHAP-Password = "hello"
[root@localhost radius-tests]# radclient -F -x -f test_file2 -d /etc/raddb 127.0.0.1 auth testing123
Sending Access-Request Id 126 from 0.0.0.0:57928 to 127.0.0.1:1812
User-Name = 'bob'
CHAP-Password = 0x24c51fe001f764bde01328c0c58de35a15
Received Access-Accept Id 126 from 127.0.0.1:1812 to 127.0.0.1:57928 length 32
(0) test_file2 response code 2
Reply-Message = 'Hello, bob'
[root@localhost radius-tests]# radclient -F -x -c2 -f test_file2 -d /etc/raddb 127.0.0.1 auth testing123
Sending Access-Request Id 126 from 0.0.0.0:46172 to 127.0.0.1:1812
User-Name = 'bob'
CHAP-Password = 0xb13788a2479d2d14f69cf248f10ff410e8
Received Access-Accept Id 126 from 127.0.0.1:1812 to 127.0.0.1:46172 length 32
(0) test_file2 response code 2
Reply-Message = 'Hello, bob'
Sending Access-Request Id 132 from 0.0.0.0:46172 to 127.0.0.1:1812
User-Name = 'bob'
CHAP-Password = 0xb13788a2479d2d14f69cf248f10ff410e8
Received Access-Reject Id 132 from 127.0.0.1:1812 to 127.0.0.1:46172 length 32
(0) test_file2 response code 3
Reply-Message = 'Hello, bob'
(0) test_file2: Expected Access-Accept got Access-Reject
[root@localhost radius-tests]#

radiusd server log:
Mon Apr 13 12:56:44 2015 : Auth: (430) Login OK: [bob](from client localhost port 0)
Mon Apr 13 12:56:44 2015 : Auth: (431) Login incorrect (chap: Password is comparison failed: password is incorrect): [bob](from client localhost port 0)

radiusserver debug
Received Access-Request Id 114 from 127.0.0.1:39409 to 127.0.0.1:1812 length 44
User-Name = 'bob'
CHAP-Password = 0x6792f4ba2552bfedec42ad8e9bce1212ef
Mon Apr 13 13:01:13 2015 : Debug: (0) Received Access-Request packet from host 127.0.0.1 port 39409, id=114, length=44
Mon Apr 13 13:01:13 2015 : Debug: (0) User-Name = 'bob'
Mon Apr 13 13:01:13 2015 : Debug: (0) CHAP-Password = 0x6792f4ba2552bfedec42ad8e9bce1212ef
Mon Apr 13 13:01:13 2015 : Debug: (0) # Executing section authorize from file /etc/raddb/sites-enabled/default
Mon Apr 13 13:01:13 2015 : Debug: (0) authorize {
Mon Apr 13 13:01:13 2015 : Debug: (0) filter_username filter_username {
Mon Apr 13 13:01:13 2015 : Debug: (0) if (!&User-Name)
Mon Apr 13 13:01:13 2015 : Debug: (0) if (!&User-Name) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (0) if (&User-Name =~ / /)
Mon Apr 13 13:01:13 2015 : Debug: (0) if (&User-Name =~ / /) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (0) if (&User-Name =~ /@.@/ )
Mon Apr 13 13:01:13 2015 : Debug: (0) if (&User-Name =~ /@.
@/ ) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (0) if (&User-Name =~ /../ )
Mon Apr 13 13:01:13 2015 : Debug: (0) if (&User-Name =~ /../ ) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/))
Mon Apr 13 13:01:13 2015 : Debug: (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (0) if (&User-Name =~ /.$/)
Mon Apr 13 13:01:13 2015 : Debug: (0) if (&User-Name =~ /.$/) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (0) if (&User-Name =~ /@./)
Mon Apr 13 13:01:13 2015 : Debug: (0) if (&User-Name =~ /@./) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (0) } # filter_username filter_username = notfound
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) [preprocess] = ok
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: calling chap (rlm_chap) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) chap : Setting 'Auth-Type := CHAP'
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: returned from chap (rlm_chap) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) [chap] = ok
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: calling mschap (rlm_mschap) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: returned from mschap (rlm_mschap) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) [mschap] = noop
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: calling digest (rlm_digest) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: returned from digest (rlm_digest) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) [digest] = noop
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: calling suffix (rlm_realm) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) suffix : Checking for suffix after "@"
Mon Apr 13 13:01:13 2015 : Debug: (0) suffix : No '@' in User-Name = "bob", looking up realm NULL
Mon Apr 13 13:01:13 2015 : Debug: (0) suffix : No such realm "NULL"
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: returned from suffix (rlm_realm) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) [suffix] = noop
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: calling eap (rlm_eap) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) eap : No EAP-Message, not doing EAP
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: returned from eap (rlm_eap) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) [eap] = noop
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: calling files (rlm_files) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) files : users: Matched entry bob at line 87
Mon Apr 13 13:01:13 2015 : Debug: (0) files : ::: FROM 1 TO 0 MAX 1
Mon Apr 13 13:01:13 2015 : Debug: (0) files : ::: Examining Reply-Message
Mon Apr 13 13:01:13 2015 : Debug: Hello, %{User-Name}
Mon Apr 13 13:01:13 2015 : Debug: Parsed xlat tree:
Mon Apr 13 13:01:13 2015 : Debug: literal --> Hello,
Mon Apr 13 13:01:13 2015 : Debug: attribute --> User-Name
Mon Apr 13 13:01:13 2015 : Debug: (0) files : EXPAND Hello, %{User-Name}
Mon Apr 13 13:01:13 2015 : Debug: (0) files : --> Hello, bob
Mon Apr 13 13:01:13 2015 : Debug: (0) files : ::: APPENDING Reply-Message FROM 0 TO 0
Mon Apr 13 13:01:13 2015 : Debug: (0) files : ::: TO in 0 out 1
Mon Apr 13 13:01:13 2015 : Debug: (0) files : ::: to[0] = Reply-Message
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: returned from files (rlm_files) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) [files] = ok
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: calling expiration (rlm_expiration) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: returned from expiration (rlm_expiration) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) [expiration] = noop
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: calling logintime (rlm_logintime) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: returned from logintime (rlm_logintime) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) [logintime] = noop
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: calling pap (rlm_pap) for request 0
Mon Apr 13 13:01:13 2015 : WARNING: (0) pap : Auth-Type already set. Not setting to PAP
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authorize]: returned from pap (rlm_pap) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) [pap] = noop
Mon Apr 13 13:01:13 2015 : Debug: (0) } # authorize = ok
Mon Apr 13 13:01:13 2015 : Debug: (0) Found Auth-Type = CHAP
Mon Apr 13 13:01:13 2015 : Debug: (0) # Executing group from file /etc/raddb/sites-enabled/default
Mon Apr 13 13:01:13 2015 : Debug: (0) Auth-Type CHAP {
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authenticate]: calling chap (rlm_chap) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) chap : Login attempt by "bob" with CHAP password
Mon Apr 13 13:01:13 2015 : Debug: (0) chap : Comparing with "known good" Cleartext-Password "hello"
Mon Apr 13 13:01:13 2015 : Debug: (0) chap : CHAP challenge : eeb2445dc9510edd29465b3441bd9bb3
Mon Apr 13 13:01:13 2015 : Debug: (0) chap : Client sent : 92f4ba2552bfedec42ad8e9bce1212ef
Mon Apr 13 13:01:13 2015 : Debug: (0) chap : We calculated : 92f4ba2552bfedec42ad8e9bce1212ef
Mon Apr 13 13:01:13 2015 : Debug: (0) chap : CHAP user "bob" authenticated successfully
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[authenticate]: returned from chap (rlm_chap) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) [chap] = ok
Mon Apr 13 13:01:13 2015 : Debug: (0) } # Auth-Type CHAP = ok
Mon Apr 13 13:01:13 2015 : Auth: (0) Login OK: [bob](from client localhost port 0)
Mon Apr 13 13:01:13 2015 : Debug: (0) # Executing section post-auth from file /etc/raddb/sites-enabled/default
Mon Apr 13 13:01:13 2015 : Debug: (0) post-auth {
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[post-auth]: calling exec (rlm_exec) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[post-auth]: returned from exec (rlm_exec) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) [exec] = noop
Mon Apr 13 13:01:13 2015 : Debug: (0) remove_reply_message_if_eap remove_reply_message_if_eap {
Mon Apr 13 13:01:13 2015 : Debug: (0) if (&reply:EAP-Message && &reply:Reply-Message)
Mon Apr 13 13:01:13 2015 : Debug: (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (0) else else {
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[post-auth]: calling noop (rlm_always) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) modsingle[post-auth]: returned from noop (rlm_always) for request 0
Mon Apr 13 13:01:13 2015 : Debug: (0) [noop] = noop
Mon Apr 13 13:01:13 2015 : Debug: (0) } # else else = noop
Mon Apr 13 13:01:13 2015 : Debug: (0) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
Mon Apr 13 13:01:13 2015 : Debug: (0) } # post-auth = noop
Mon Apr 13 13:01:13 2015 : Debug: (0) Sending Access-Accept packet to host 127.0.0.1 port 39409, id=114, length=0
Mon Apr 13 13:01:13 2015 : Debug: (0) Reply-Message = 'Hello, bob'
Sending Access-Accept Id 114 from 127.0.0.1:1812 to 127.0.0.1:39409
Reply-Message = 'Hello, bob'
Mon Apr 13 13:01:13 2015 : Debug: (0) Finished request
Mon Apr 13 13:01:13 2015 : Debug: Waking up in 0.3 seconds.
Received Access-Request Id 137 from 127.0.0.1:39409 to 127.0.0.1:1812 length 44
User-Name = 'bob'
CHAP-Password = 0x6792f4ba2552bfedec42ad8e9bce1212ef
Mon Apr 13 13:01:13 2015 : Debug: (1) Received Access-Request packet from host 127.0.0.1 port 39409, id=137, length=44
Mon Apr 13 13:01:13 2015 : Debug: (1) User-Name = 'bob'
Mon Apr 13 13:01:13 2015 : Debug: (1) CHAP-Password = 0x6792f4ba2552bfedec42ad8e9bce1212ef
Mon Apr 13 13:01:13 2015 : Debug: (1) # Executing section authorize from file /etc/raddb/sites-enabled/default
Mon Apr 13 13:01:13 2015 : Debug: (1) authorize {
Mon Apr 13 13:01:13 2015 : Debug: (1) filter_username filter_username {
Mon Apr 13 13:01:13 2015 : Debug: (1) if (!&User-Name)
Mon Apr 13 13:01:13 2015 : Debug: (1) if (!&User-Name) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (1) if (&User-Name =~ / /)
Mon Apr 13 13:01:13 2015 : Debug: (1) if (&User-Name =~ / /) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (1) if (&User-Name =~ /@.@/ )
Mon Apr 13 13:01:13 2015 : Debug: (1) if (&User-Name =~ /@.
@/ ) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (1) if (&User-Name =~ /../ )
Mon Apr 13 13:01:13 2015 : Debug: (1) if (&User-Name =~ /../ ) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/))
Mon Apr 13 13:01:13 2015 : Debug: (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (1) if (&User-Name =~ /.$/)
Mon Apr 13 13:01:13 2015 : Debug: (1) if (&User-Name =~ /.$/) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (1) if (&User-Name =~ /@./)
Mon Apr 13 13:01:13 2015 : Debug: (1) if (&User-Name =~ /@./) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (1) } # filter_username filter_username = notfound
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [preprocess] = ok
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: calling chap (rlm_chap) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) chap : Setting 'Auth-Type := CHAP'
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: returned from chap (rlm_chap) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [chap] = ok
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: calling mschap (rlm_mschap) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: returned from mschap (rlm_mschap) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [mschap] = noop
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: calling digest (rlm_digest) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: returned from digest (rlm_digest) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [digest] = noop
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: calling suffix (rlm_realm) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) suffix : Checking for suffix after "@"
Mon Apr 13 13:01:13 2015 : Debug: (1) suffix : No '@' in User-Name = "bob", looking up realm NULL
Mon Apr 13 13:01:13 2015 : Debug: (1) suffix : No such realm "NULL"
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: returned from suffix (rlm_realm) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [suffix] = noop
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: calling eap (rlm_eap) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) eap : No EAP-Message, not doing EAP
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: returned from eap (rlm_eap) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [eap] = noop
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: calling files (rlm_files) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) files : users: Matched entry bob at line 87
Mon Apr 13 13:01:13 2015 : Debug: (1) files : ::: FROM 1 TO 0 MAX 1
Mon Apr 13 13:01:13 2015 : Debug: (1) files : ::: Examining Reply-Message
Mon Apr 13 13:01:13 2015 : Debug: Hello, %{User-Name}
Mon Apr 13 13:01:13 2015 : Debug: Parsed xlat tree:
Mon Apr 13 13:01:13 2015 : Debug: literal --> Hello,
Mon Apr 13 13:01:13 2015 : Debug: attribute --> User-Name
Mon Apr 13 13:01:13 2015 : Debug: (1) files : EXPAND Hello, %{User-Name}
Mon Apr 13 13:01:13 2015 : Debug: (1) files : --> Hello, bob
Mon Apr 13 13:01:13 2015 : Debug: (1) files : ::: APPENDING Reply-Message FROM 0 TO 0
Mon Apr 13 13:01:13 2015 : Debug: (1) files : ::: TO in 0 out 1
Mon Apr 13 13:01:13 2015 : Debug: (1) files : ::: to[0] = Reply-Message
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: returned from files (rlm_files) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [files] = ok
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: calling expiration (rlm_expiration) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: returned from expiration (rlm_expiration) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [expiration] = noop
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: calling logintime (rlm_logintime) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: returned from logintime (rlm_logintime) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [logintime] = noop
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: calling pap (rlm_pap) for request 1
Mon Apr 13 13:01:13 2015 : WARNING: (1) pap : Auth-Type already set. Not setting to PAP
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authorize]: returned from pap (rlm_pap) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [pap] = noop
Mon Apr 13 13:01:13 2015 : Debug: (1) } # authorize = ok
Mon Apr 13 13:01:13 2015 : Debug: (1) Found Auth-Type = CHAP
Mon Apr 13 13:01:13 2015 : Debug: (1) # Executing group from file /etc/raddb/sites-enabled/default
Mon Apr 13 13:01:13 2015 : Debug: (1) Auth-Type CHAP {
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authenticate]: calling chap (rlm_chap) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) chap : Login attempt by "bob" with CHAP password
Mon Apr 13 13:01:13 2015 : Debug: (1) chap : Comparing with "known good" Cleartext-Password "hello"
Mon Apr 13 13:01:13 2015 : Debug: (1) chap : CHAP challenge : ceef9d7099301ec2fd8ec44884297896
Mon Apr 13 13:01:13 2015 : Debug: (1) chap : Client sent : 92f4ba2552bfedec42ad8e9bce1212ef
Mon Apr 13 13:01:13 2015 : Debug: (1) chap : We calculated : 99f1e896b5562aa8f095838a8e14c4cf
Mon Apr 13 13:01:13 2015 : ERROR: (1) chap : Password is comparison failed: password is incorrect
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[authenticate]: returned from chap (rlm_chap) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [chap] = reject
Mon Apr 13 13:01:13 2015 : Debug: (1) } # Auth-Type CHAP = reject
Mon Apr 13 13:01:13 2015 : Debug: (1) Failed to authenticate the user
Mon Apr 13 13:01:13 2015 : Auth: (1) Login incorrect (chap: Password is comparison failed: password is incorrect): [bob](from client localhost port 0)
Mon Apr 13 13:01:13 2015 : Debug: (1) Using Post-Auth-Type Reject
Mon Apr 13 13:01:13 2015 : Debug: (1) # Executing group from file /etc/raddb/sites-enabled/default
Mon Apr 13 13:01:13 2015 : Debug: (1) Post-Auth-Type REJECT {
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) for request 1
Mon Apr 13 13:01:13 2015 : Debug: %{User-Name}
Mon Apr 13 13:01:13 2015 : Debug: Parsed xlat tree:
Mon Apr 13 13:01:13 2015 : Debug: attribute --> User-Name
Mon Apr 13 13:01:13 2015 : Debug: (1) attr_filter.access_reject : EXPAND %{User-Name}
Mon Apr 13 13:01:13 2015 : Debug: (1) attr_filter.access_reject : --> bob
Mon Apr 13 13:01:13 2015 : Debug: (1) attr_filter.access_reject : Matched entry DEFAULT at line 11
Mon Apr 13 13:01:13 2015 : Debug: (1) attr_filter.access_reject : Reply-Message = 'Hello, bob' allowed by Reply-Message =* ''
Mon Apr 13 13:01:13 2015 : Debug: (1) attr_filter.access_reject : Attribute "Reply-Message" allowed by 1 rules, disallowed by 0 rules
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [attr_filter.access_reject] = updated
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[post-auth]: calling eap (rlm_eap) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) eap : Request didn't contain an EAP-Message, not inserting EAP-Failure
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[post-auth]: returned from eap (rlm_eap) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [eap] = noop
Mon Apr 13 13:01:13 2015 : Debug: (1) remove_reply_message_if_eap remove_reply_message_if_eap {
Mon Apr 13 13:01:13 2015 : Debug: (1) if (&reply:EAP-Message && &reply:Reply-Message)
Mon Apr 13 13:01:13 2015 : Debug: (1) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
Mon Apr 13 13:01:13 2015 : Debug: (1) else else {
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[post-auth]: calling noop (rlm_always) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) modsingle[post-auth]: returned from noop (rlm_always) for request 1
Mon Apr 13 13:01:13 2015 : Debug: (1) [noop] = noop
Mon Apr 13 13:01:13 2015 : Debug: (1) } # else else = noop
Mon Apr 13 13:01:13 2015 : Debug: (1) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
Mon Apr 13 13:01:13 2015 : Debug: (1) } # Post-Auth-Type REJECT = updated
Mon Apr 13 13:01:13 2015 : Debug: (1) Delaying response for 1 seconds
Mon Apr 13 13:01:13 2015 : Debug: Waking up in 0.3 seconds.
Mon Apr 13 13:01:13 2015 : Debug: Waking up in 0.6 seconds.
Mon Apr 13 13:01:14 2015 : Debug: (1) Sending delayed response
Mon Apr 13 13:01:14 2015 : Debug: (1) Sending Access-Reject packet to host 127.0.0.1 port 39409, id=137, length=0
Mon Apr 13 13:01:14 2015 : Debug: (1) Reply-Message = 'Hello, bob'
Sending Access-Reject Id 137 from 127.0.0.1:1812 to 127.0.0.1:39409
Reply-Message = 'Hello, bob'
Mon Apr 13 13:01:14 2015 : Debug: Waking up in 3.9 seconds.
Mon Apr 13 13:01:18 2015 : Debug: (0) Cleaning up request packet ID 114 with timestamp +5
Mon Apr 13 13:01:18 2015 : Debug: (1) Cleaning up request packet ID 137 with timestamp +5
Mon Apr 13 13:01:18 2015 : Info: Ready to process requests

@alandekok alandekok closed this in d77eb31 Apr 13, 2015
@Shamey
Shamey commented Apr 14, 2015

Agreed. so does radclient need changing to do this ? Im solely using radclient not CPE and NAS.

@alandekok
Member

If you click on the links to the commit, you'll see that radclient was changed.

@jpereira jpereira added a commit to jpereira/freeradius-server that referenced this issue Apr 30, 2015
@alandekok @jpereira alandekok + jpereira Properly re-encode CHAP-Password. Fixes #955 19fc540
@jpereira jpereira added a commit to jpereira/freeradius-server that referenced this issue May 5, 2015
@alandekok @jpereira alandekok + jpereira Properly re-encode CHAP-Password. Fixes #955 edde2e6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment