[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Requests being rejected with "Invalid user"
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2020-12-05 13:56:14
Message-ID: 82CDE224-10B2-4994-AA0A-713DEBB55C79 () deployingradius ! com
[Download RAW message or body]

On Dec 4, 2020, at 7:25 PM, Dan M <dan.red.beard@gmail.com> wrote:
> > Sure.  Sounds like a DB connection issue, TBH.
> 
> Not using a DB. 

  Well, some *external* connectivity issue.  The server doesn't just randomly start \
rejecting users.  How would that even happen?

> We are using python to make a web service call as part of authorize.

  So... connecting to an external system.

> Python log has nothing for these requests.
> So I'm five nines confident it isn't getting that far.
> Python makes the webservice call which actually does the authentication,
> and if it succeeds, sets the cleartext password to the password in the request and \
> lets pap (the only thing in authentication section, handle the reply) If it fails, \
> it returns configTuple = (('Auth-Type', "Reject"),)> 

  You can just set "Auth-Type = Accept", you don't need to use the PAP module.   But \
whatever.

> The point was it's getting rejected by something I didn't write and isn't reaching \
> the thing I did. I left all of these in place and haven't changed any of the files.
> Authorize {
> filter_username
> preprocess
> auth_log
> suffix
> expiration
> logintime
> python
> pap
> }

  There's really nothing there which will randomly cause the server to reject users.  \
I've never seen this anywhere else.  Including other production systems, and lab \
tests running millions of packets through the server.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]