[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: difference in logs
From: "Lists () Apted Tech ! " <lists () aptedtech ! com>
Date: 2002-12-31 19:20:31
[Download RAW message or body]
I have just setup freeradius 0.8 on redhat 8 (2.4.18-14) and like it much
more that icradius, but I am seeing a strange occurrence in my logs. We
have many other radius servers that are proxying requests to us, and this
box is intended as a replacement to one of the radius servers we use right
now running icradius. User auth information is stored in mysql database and
all is working fine as far as I can see. However, during some testing
between this new box and a client radius server that is forwarding auth
requests by using fully qualified username (testing@customcpu.com). The
@customcpu.com should be stripped and then testing is sent to our box for
auth. In my main radius log file (/var/log/radius) the auth request appears
to come in as it should:
Mon Dec 30 17:27:29 2002 : Auth: Login OK: [testing] (from client
acs-proxy[4] port 32 cli 9075692251)
However, when I check the detail log file, I see:
Mon Dec 30 17:27:29 2002
Acct-Session-Id = "1E002868"
User-Name = "testing@customcpu.com"
NAS-IP-Address = 209.112.154.7
NAS-Port = 32
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Connect-Info = "52000 LAPM/V42BIS"
Called-Station-Id = "2744107"
Calling-Station-Id = "9075692251"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 209.112.139.144
Acct-Delay-Time = 0
Client-IP-Address = 209.193.61.249
Acct-Unique-Session-Id = "abef067046a44f52"
Timestamp = 1041301649
Mon Dec 30 17:28:27 2002
Acct-Session-Id = "1E002868"
User-Name = "testing@customcpu.com"
NAS-IP-Address = 209.112.154.7
NAS-Port = 32
NAS-Port-Type = Async
Acct-Status-Type = Stop
Acct-Session-Time = 58
Acct-Authentic = RADIUS
Connect-Info = "52000 LAPM/V42BIS"
Acct-Input-Octets = 2136
Acct-Output-Octets = 788
Called-Station-Id = "2744107"
Calling-Station-Id = "9075692251"
Acct-Terminate-Cause = User-Request
LE-Terminate-Detail = "User Request - PPP Term Req"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 209.112.139.144
Acct-Delay-Time = 0
Client-IP-Address = 209.193.61.249
Acct-Unique-Session-Id = "abef067046a44f52"
Timestamp = 1041301707
I have session information being logged via radutmp & sql in radiusd.conf:
session {
radutmp
sql
}
the sql database shows the same information as the detail file entries
above.
radlast shows:
testing@ 032:0XCaBw 209.112.139.159 Mon Dec 30 17:29 - 17:35 (00:06)
radwho (while the connection was active):
testing@cu testing@customcpu PPP S32 Mon 17:36 209.112.1 209.112.139.129
Im not to informed on the more advanced features of the radius protocol, but
I have been trying to find something to explain this occurrence in the
documentation and cannot. I don't understand how an auth request can come
in for a username testing, and be authenticated and logged one place, then
show up as testing@customcpu.com in another log? @customcpu.com should
have been stripped from the username before being send to my server, but
then again, /var/log/radius shows the request coming in as just testing. I
have no reference of any kind to @customcpu.com in any part of my config, so
i'm wondering how many parts to a radius authentication request packet there
are? Is there a field in the auth request where my server could be seeing
@customcpu.com but not considering it when checking against the my mysql
user database? I would really love it if someone would at least flame me
right before pointing me in some direction that will help me understand what
is going on here. Thanks much all.
-Chris Ochap
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic