[isf-wifidog] Auth server sends 1 then 0 for validated user
Cara Ward
cara at onshore.com
Dim 14 Mai 17:40:22 EDT 2006
Hi,
I'm relatively new to the wifidog community and am having trouble getting
wifidog working. My validated users are redirected to the login page
instead of out to the Internet. The wifidog log shows that the Auth
server gets an allow initially, but shortly after sends a deny. I cannot
figure out why the client is denied.
I am running WiFidog version 1.1.3_beta4. I tried to install the latest
revision on my auth server, but had to revert to r1029 as 1034 kept
complaining that smarty template was not installed even though it was.
1029 installed fine.
I am using a debian based pc for the gateway. ipt_mac is loaded; the
relevant portions of lsmod are below as is the wifidog debug log.
The account status of the denied users is set to 1 in the users table of
the db.
My authenticator is LocalUser.
I cannot figure out from the logs why my auth server sends the second
deny after first allowing my clients. Any suggestions as to why this
might be happening? Thanks in advance for any assistance -
-cara
...
lsmod | grep ip
ipt_MARK 2432 0
ipt_REJECT 6528 0
ipt_TCPMSS 4480 0
ipt_REDIRECT 2432 0
ipt_mark 1920 0
iptable_mangle 3072 0
ipt_MASQUERADE 3968 1
ipt_state 2304 1
iptable_filter 3072 1
ip_nat_irc 4464 0
ip_nat_ftp 4976 0
iptable_nat 22692 5
ipt_REDIRECT,ipt_MASQUERADE,ip_nat_irc,ip_nat_ftp
ip_conntrack_irc 71600 1 ip_nat_irc
ip_conntrack_ftp 72240 1 ip_nat_ftp
tulip 42528 0
ipcomp 6400 0
ipt_LOG 6272 0
ipt_conntrack 2816 0
ip_conntrack 32908 9
ipt_REDIRECT,ipt_MASQUERADE,ipt_state,ip_nat_irc,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_ftp,ipt_conntrack
ip_gre 12192 0
ipip 10084 0
ipt_mac 2176 0
ip_tables 16896 13
ipt_MARK,ipt_REJECT,ipt_TCPMSS,ipt_REDIRECT,ipt_mark,iptable_mangle,ipt_MASQUERADE,ipt_state,iptable_filter,iptable_nat,ipt_LOG,ipt_conntrack,ipt_mac
Auth: 1
Messages:
]
[6][Sun May 14 13:24:09 2006][6737](centralserver.c:149) Auth server
returned authentica
tion code 1
[7][Sun May 14 13:24:09 2006][6737](auth.c:123) Locking client list
[7][Sun May 14 13:24:09 2006][6737](auth.c:123) Client list locked
[6][Sun May 14 13:24:09 2006][6737](auth.c:209) Got ALLOWED from central
server authenti
cating token 5ecc42c55b8907ba41b45cd15a7cfdf3 from 192.168.5.108 at
00:03:47:92:ED:24 -
adding to firewall and redirecting them to portal
[7][Sun May 14 13:24:09 2006][6737](firewall.c:87) Allowing 192.168.5.108
00:03:47:92:ED
:24 with fw_connection_state 2
[7][Sun May 14 13:24:09 2006][6737](fw_iptables.c:79) Executing command:
iptables -t man
gle -A WiFiDog_Outgoing -s 192.168.5.108 -m mac --mac-source
00:03:47:92:ED:24 -j MARK -
-set-mark 2
[7][Sun May 14 13:24:09 2006][6737](util.c:108) Waiting for PID 6845 to
exit
[7][Sun May 14 13:24:09 2006][6737](gateway.c:256) Handler for SIGCHLD
called. Trying to
reap a child
[7][Sun May 14 13:24:09 2006][6737](gateway.c:260) Handler for SIGCHLD
reaped child PID
-1
[7][Sun May 14 13:24:09 2006][6737](util.c:110) Process PID 6845 exited
[7][Sun May 14 13:24:09 2006][6737](fw_iptables.c:79) Executing command:
iptables -t man
gle -A WiFiDog_Incoming -d 192.168.5.108 -j ACCEPT
[7][Sun May 14 13:24:09 2006][6737](util.c:108) Waiting for PID 6846 to
exit
[7][Sun May 14 13:24:09 2006][6737](gateway.c:256) Handler for SIGCHLD
called. Trying to
reap a child
[7][Sun May 14 13:24:09 2006][6737](gateway.c:260) Handler for SIGCHLD
reaped child PID
-1
[7][Sun May 14 13:24:09 2006][6737](util.c:110) Process PID 6846 exited
[7][Sun May 14 13:24:09 2006][6737](auth.c:265) Unlocking client list
[7][Sun May 14 13:24:09 2006][6737](auth.c:265) Client list unlocked
[7][Sun May 14 13:24:09 2006][6737](httpd_thread.c:68) Returned from
httpdProcessRequest
() for 192.168.5.108
[7][Sun May 14 13:24:09 2006][6737](httpd_thread.c:73) Closing connection
with 192.168.5
.108
Auth: 0
Messages: | Updated counters.
]
[6][Sun May 14 13:24:34 2006][6737](centralserver.c:149) Auth server
returned authentica
tion code 0
[7][Sun May 14 13:24:34 2006][6737](firewall.c:247) Locking client list
[7][Sun May 14 13:24:34 2006][6737](firewall.c:247) Client list locked
[5][Sun May 14 13:24:34 2006][6737](firewall.c:280) 192.168.5.108 -
Denied. Removing cli
ent and firewall rules
[7][Sun May 14 13:24:34 2006][6737](firewall.c:102) Denying 192.168.5.108
00:03:47:92:ED
:24 with fw_connection_state 2
[7][Sun May 14 13:24:34 2006][6737](fw_iptables.c:79) Executing command:
iptables -t man
gle -D WiFiDog_Outgoing -s 192.168.5.108 -m mac --mac-source
00:03:47:92:ED:24 -j MARK -
-set-mark 2
[7][Sun May 14 13:24:34 2006][6737](util.c:108) Waiting for PID 6852 to
exit
[7][Sun May 14 13:24:34 2006][6737](gateway.c:256) Handler for SIGCHLD
called. Trying to
reap a child
[7][Sun May 14 13:24:34 2006][6737](gateway.c:260) Handler for SIGCHLD
reaped child PID
-1
[7][Sun May 14 13:24:34 2006][6737](util.c:110) Process PID 6852 exited
[7][Sun May 14 13:24:34 2006][6737](fw_iptables.c:79) Executing command:
iptables -t man
gle -D WiFiDog_Incoming -d 192.168.5.108 -j ACCEPT
[7][Sun May 14 13:24:34 2006][6737](util.c:108) Waiting for PID 6853 to
exit
[7][Sun May 14 13:24:34 2006][6737](gateway.c:256) Handler for SIGCHLD
called. Trying to
reap a child
[7][Sun May 14 13:24:34 2006][6737](gateway.c:260) Handler for SIGCHLD
reaped child PID
-1
[7][Sun May 14 13:24:34 2006][6737](util.c:110) Process PID 6853 exited
[7][Sun May 14 13:24:34 2006][6737](firewall.c:326) Unlocking client list
[7][Sun May 14 13:24:34 2006][6737](firewall.c:326) Client list unlocked
[7][Sun May 14 13:24:35 2006][6737](ping_thread.c:69) Running ping()
[7][Sun May 14 13:24:35 2006][6737](ping_thread.c:105) Entering ping()
[7][Sun May 14 13:24:35 2006][6737](centralserver.c:168) Locking config
[7][Sun May 14 13:24:35 2006][6737](centralserver.c:168) Config locked
[7][Sun May 14 13:24:35 2006][6737](centralserver.c:210) Level 1:
Calculated 1 auth serv
ers in list
[7][Sun May 14 13:24:35 2006][6737](centralserver.c:225) Level 1:
Resolving auth server
[67.176.166.166]
More information about the WiFiDog
mailing list