[RADIATOR] confusing auth rejections

Hugh Irvine hugh at open.com.au
Thu Oct 12 06:33:25 UTC 2017


Hello Eric -

Without seeing your configuration file it is difficult to say exactly, however it looks like you have a default Handler with an AuthBy INTERNAL clause which rejects the request.

regards

Hugh


> On 12 Oct 2017, at 03:57, Eric W. Bates <ericx at whoi.edu> wrote:
> 
> Some, not all, of my authentications are failing and I'm confused. Can
> someone help me parse the log messages below?
> 
> When is AuthINTERNAL invoked?
> And is Handler '' something to worry about?
> 
> Wed Oct 11 08:39:55 2017 946233: DEBUG: Rewrote user name to
> stuff at nonsense.com
> Wed Oct 11 08:39:55 2017 947122: DEBUG: Packet dump:
> *** Received from 172.27.8.5 port 46915 ....
> Code:       Access-Request
> Identifier: 107
> Authentic:  < ... >
> Attributes:
> 	User-Name = "stuff at nonsense.com"
> 	User-Password = < ... >
> 	NAS-IP-Address = 172.27.8.5
> 	NAS-Port = 8
> 	NAS-Port-Type = Virtual
> 	cisco-avpair = "coa-push=true"
> 
> Wed Oct 11 08:39:55 2017 949439: DEBUG: Handling request with Handler
> '', Identifier 'DefaultHandler'
> Wed Oct 11 08:39:55 2017 949843: DEBUG: Handling with AuthINTERNAL:
> Wed Oct 11 08:39:55 2017 950062: DEBUG: AuthBy INTERNAL result: REJECT,
> Fixed by AuthResult
> Wed Oct 11 08:39:55 2017 950264: INFO: Access rejected for
> stuff at nonsense.com: Fixed by AuthResult
> Wed Oct 11 08:39:55 2017 951000: DEBUG: do query to
> 'dbi:mysql:radmin:radminsql.whoinet.whoi.edu': 'insert into RADAUTHLOG
> (TIME_STAMP, USERNAME, TYPE, REASON, CALLERID) values (1507725595,
> 'stuff at nonsense.com', 0, 'Fixed by AuthResult', '')':
> 
> 
> Thanks for your time.
> 
> -- 
> Clark 159a, MS 46
> 508/289-3112
> 
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> http://lists.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.



More information about the radiator mailing list