RADIUS auth questions.

This is a discussion on RADIUS auth questions. within the FreeRADIUS Users forums, part of the Networking and Network Related category; Hi all I have two questions relating to the above. 1) I notice that my server is responding to the ...


Go Back   Usenet Forums > Networking and Network Related > FreeRADIUS Users

Reload this Page RADIUS auth questions.

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-16-2005
J.F
 
Posts: n/a
Default RADIUS auth questions.
Hi all

I have two questions relating to the above.

1) I notice that my server is responding to the client with the Cisco-AVPair
attributes even if the user's authentication fails due to an incorrect
password. Is this normal behaviour? For example, the client log shows:

--------------------16/05/2005 08:47:16 PM Test started
[2GB_test]-------------------------
Info:Sending Access-Request of id 0 to 192.168.0.10:1812
User-Name = "2GBuser@testnet"
User-Password = "badpass"
Info: Access-Reject packet from host 192.168.0.10:1812, id=0, length=86
Cisco-AVPair = "ip:ip-unnumbered=Loopback50"
Cisco-AVPair = "ip:addr-pool=ipnetpool1"
--------------------16/05/2005 08:47:18 PM Test finished
[2GB_test]-------------------------

As you can see, the server sends back the Cisco-AVPair information even
though the user's password is incorrect. Is this normal? If not, how do I go
about changing it?


2) In a situation where the password supplied by the client is correct, but
the attribute values associated with the request are incorrect, I notice
that the server responds with an Access-Accept, but updates the attribute
values. For example:

--------------------16/05/2005 08:55:10 PM Test started [FreeRADIUS
test]-------------------------
Info:Sending Access-Request of id 0 to 192.168.0.10:1812
Framed-Protocol = PPP
Service-Type = Outbound-User
User-Name = "test@testnet"
User-Password = "testpass"
Info: Access-Accept packet from host 192.168.0.10:1812, id=0, length=98
Framed-Protocol = PPP
Service-Type = Framed-User
Cisco-AVPair = "ip:ip-unnumbered=Loopback52"
Cisco-AVPair = "ip:addr-pool=ipnetpool3"
--------------------16/05/2005 08:55:10 PM Test finished [FreeRADIUS
test]-------------------------

As you can see, the Access-Request was for "Outbound-User" access, which was
incorrect for this user's profile. Instead of rejecting it, the RADIUS
server accepted and just updated the Service-Type in the Access-Accept
packet. Again, is this normal behaviour? If not, how do I go about changing
it?


Any help with the above would be much appreciated. Details of my system are
as follows:

Operating System: FreeBSD 5.4-STABLE
FreeRADIUS package: freeradius-1.0.2_1
Database: mysql-server-4.1.11_1


Many thanks,

Justin















-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 11:11 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0