[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Requests being rejected with "Invalid user"
From: Alan DeKok <aland () deployingradius ! com>
Date: 2020-12-05 13:56:14
Message-ID: 82CDE224-10B2-4994-AA0A-713DEBB55C79 () deployingradius ! com
[Download RAW message or body]
On Dec 4, 2020, at 7:25 PM, Dan M <dan.red.beard@gmail.com> wrote:
> > Sure. Sounds like a DB connection issue, TBH.
>
> Not using a DB.
Well, some *external* connectivity issue. The server doesn't just randomly start \
rejecting users. How would that even happen?
> We are using python to make a web service call as part of authorize.
So... connecting to an external system.
> Python log has nothing for these requests.
> So I'm five nines confident it isn't getting that far.
> Python makes the webservice call which actually does the authentication,
> and if it succeeds, sets the cleartext password to the password in the request and \
> lets pap (the only thing in authentication section, handle the reply) If it fails, \
> it returns configTuple = (('Auth-Type', "Reject"),)>
You can just set "Auth-Type = Accept", you don't need to use the PAP module. But \
whatever.
> The point was it's getting rejected by something I didn't write and isn't reaching \
> the thing I did. I left all of these in place and haven't changed any of the files.
> Authorize {
> filter_username
> preprocess
> auth_log
> suffix
> expiration
> logintime
> python
> pap
> }
There's really nothing there which will randomly cause the server to reject users. \
I've never seen this anywhere else. Including other production systems, and lab \
tests running millions of packets through the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic