radius access-reject

[TANGUY ERIC]

Hi,
I am using freeradius-0.9.3 and a server LDAP for authentication.
but when i want to connect a user with frame protocol PPP, the authentication failed.

below, logs of router , users file and radius log.


Jun 23 11:36:19.168: %ISDN-6-CONNECT: Interface Serial1/0:0 is now connected to 
298002222
Jun 23 11:36:35.148: As69 LCP: I CONFREQ [Closed] id 1 len 20
Jun 23 11:36:35.148: As69 LCP:    ACCM 0x00000000 (0x020600000000)
Jun 23 11:36:35.148: As69 LCP:    MagicNumber 0x19723A65 (0x050619723A65)
Jun 23 11:36:35.148: As69 LCP:    PFC (0x0702)
Jun 23 11:36:35.148: As69 LCP:    ACFC (0x0802)
Jun 23 11:36:35.148: As69 LCP: Lower layer not up, Fast Starting
Jun 23 11:36:35.148: As69 PPP: Using dialer call direction
Jun 23 11:36:35.148: As69 PPP: Treating connection as a callin
Jun 23 11:36:35.148: As69 PPP: Phase is ESTABLISHING, Passive Open
Jun 23 11:36:35.148: As69 LCP: State is Listen
Jun 23 11:36:35.148: As69 PPP: Authorization required
Jun 23 11:36:35.148: As69 LCP: O CONFREQ [Listen] id 1 len 25
Jun 23 11:36:35.148: As69 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jun 23 11:36:35.148: As69 LCP:    AuthProto CHAP (0x0305C22305)
Jun 23 11:36:35.148: As69 LCP:    MagicNumber 0x35C0A4C5 (0x050635C0A4C5)
Jun 23 11:36:35.148: As69 LCP:    PFC (0x0702)
Jun 23 11:36:35.148: As69 LCP:    ACFC (0x0802)
Jun 23 11:36:35.148: As69 LCP: O CONFACK [Listen] id 1 len 20
Jun 23 11:36:35.148: As69 LCP:    ACCM 0x00000000 (0x020600000000)
Jun 23 11:36:35.148: As69 LCP:    MagicNumber 0x19723A65 (0x050619723A65)
Jun 23 11:36:35.148: As69 LCP:    PFC (0x0702)
Jun 23 11:36:35.148: As69 LCP:    ACFC (0x0802)
Jun 23 11:36:35.152: %LINK-3-UPDOWN: Interface Async69, changed state to up
Jun 23 11:36:35.360: As69 LCP: I CONFACK [ACKsent] id 1 len 25
Jun 23 11:36:35.360: As69 LCP:    ACCM 0x000A0000 (0x0206000A0000)
Jun 23 11:36:35.360: As69 LCP:    AuthProto CHAP (0x0305C22305)
Jun 23 11:36:35.360: As69 LCP:    MagicNumber 0x35C0A4C5 (0x050635C0A4C5)
Jun 23 11:36:35.360: As69 LCP:    PFC (0x0702)
Jun 23 11:36:35.360: As69 LCP:    ACFC (0x0802)
Jun 23 11:36:35.360: As69 LCP: State is Open
Jun 23 11:36:35.360: As69 PPP: Phase is AUTHENTICATING, by this end
Jun 23 11:36:35.360: As69 CHAP: O CHALLENGE id 1 len 28 from "r-nas-a"
Jun 23 11:36:35.512: As69 CHAP: I RESPONSE id 1 len 26 from "a0327"
Jun 23 11:36:35.516: As69 PPP: Phase is FORWARDING, Attempting Forward
Jun 23 11:36:35.516: As69 PPP: Phase is AUTHENTICATING, Unauthenticated User
Jun 23 11:36:35.516: As69 PPP: Sent CHAP LOGIN Request
Jun 23 11:36:35.516: RADIUS/ENCODE(00000138):Orig. component type = ISDN
Jun 23 11:36:35.516: RADIUS:  AAA Unsupported     [152] 7
Jun 23 11:36:35.516: RADIUS:   41 73 79 6E 63                                   [Async]
Jun 23 11:36:35.516: RADIUS(00000138): Storing nasport 69 in rad_db
Jun 23 11:36:35.516: RADIUS(00000138): Config NAS IP: 0.0.0.0
Jun 23 11:36:35.516: RADIUS/ENCODE(00000138): acct_session_id: 312
Jun 23 11:36:35.516: RADIUS(00000138): sending
Jun 23 11:36:35.516: RADIUS/ENCODE: Best Local IP-Address 10.xxx.xxx.19 for 
Radius-Server 10.xxx.xxx.29
Jun 23 11:36:35.516: RADIUS(00000138): Send Access-Request to 10.xxx.xxx.29:1812 id 
1645/199, len 111
Jun 23 11:36:35.516: RADIUS:  authenticator 8D 83 E8 0D 9B 53 D0 2F - 14 3C 36 20 60 
A9 4D 54
Jun 23 11:36:35.516: RADIUS:  Framed-Protocol     [7]   6   PPP                       
[1]
Jun 23 11:36:35.516: RADIUS:  User-Name           [1]   7   "a0327"
Jun 23 11:36:35.516: RADIUS:  CHAP-Password       [3]   19  *
Jun 23 11:36:35.516: RADIUS:  Calling-Station-Id  [31]  11  "2xxxxxxxx"
Jun 23 11:36:35.516: RADIUS:  Called-Station-Id   [30]  6   "0061"
Jun 23 11:36:35.516: RADIUS:  NAS-Port-Type       [61]  6   Async                     
[0]
Jun 23 11:36:35.516: RADIUS:  Connect-Info        [77]  18  "19200 V34+/Async"
Jun 23 11:36:35.516: RADIUS:  NAS-Port            [5]   6   69
Jun 23 11:36:35.516: RADIUS:  Service-Type        [6]   6   Framed                    
[2]
Jun 23 11:36:35.516: RADIUS:  NAS-IP-Address      [4]   6   10.xxx.xxx.19
Jun 23 11:36:38.148: As69 CHAP: I RESPONSE id 1 len 26 from "a0327"
Jun 23 11:36:38.148: As69 CHAP: Ignoring Additional Response
Jun 23 11:36:40.516: RADIUS: Retransmit to (10.xxx.xxx.29:1812,1813) for id 1645/199
Jun 23 11:36:40.516: RADIUS: Received from id 1645/199 10.xxx.xxx.29:1812, 
Access-Reject, len 155
Jun 23 11:36:40.516: RADIUS:  authenticator 97 C7 04 0E E1 4C C2 1C - CD 11 37 C8 68 
47 84 E0
Jun 23 11:36:40.516: RADIUS:  Vendor, Cisco       [26]  29
Jun 23 11:36:40.516: RADIUS:   Cisco AVpair       [1]   23  "ip:addr-pool=testpool"
Jun 23 11:36:40.516: RADIUS(00000138): Received from id 1645/199
Jun 23 11:36:40.516: As69 PPP: Received LOGIN Response FAIL
Jun 23 11:36:40.516: As69 CHAP: O FAILURE id 1 len 25 msg is "Authentication failed"
Jun 23 11:36:40.516: As69 PPP: Sending Acct Event[Down] id[138]
Jun 23 11:36:40.516: As69 PPP: Phase is TERMINATING
Jun 23 11:36:40.516: As69 LCP: O TERMREQ [Open] id 2 len 4
Jun 23 11:36:42.504: As69 LCP: TIMEout: State TERMsent
Jun 23 11:36:42.504: As69 LCP: O TERMREQ [TERMsent] id 3 len 4
Jun 23 11:36:44.520: As69 LCP: TIMEout: State TERMsent
Jun 23 11:36:44.520: As69 LCP: State is Closed
Jun 23 11:36:44.520: As69 PPP: Phase is DOWN
Jun 23 11:36:44.520: As69 PPP: Phase is ESTABLISHING, Passive Open
Jun 23 11:36:44.520: As69 LCP: State is Listen
Jun 23 11:36:44.632: %ISDN-6-DISCONNECT: Interface Serial1/0:0  disconnected from 
2xxxxxxxx , call lasted 31 seconds
Jun 23 11:36:46.520: %LINK-5-CHANGED: Interface Async69, changed state to reset
Jun 23 11:36:46.520: As69 LCP: State is Closed
Jun 23 11:36:46.520: As69 PPP: Phase is DOWN
Jun 23 11:36:51.521: %LINK-3-UPDOWN: Interface Async69, changed state to down


user's file
-------------

a0327               Auth-Type := LDAP
                Service-Type = Framed-User,
                Framed-Protocol = PPP,
                cisco-avpair = "ip:addr-pool=testpool"


radius log
----------
rad_recv: Access-Request packet from host 10.xxx.xxx.19:1645, id=202, length=77
       User-Name = "a0327"
        User-Password = "xxxxx"
        NAS-Port = 99
        NAS-Port-Type = Virtual
        Calling-Station-Id = "10.xxx.xxx.29"
        NAS-IP-Address = 10.xxx.xxx.19
rlm_ldap: - authorize
rlm_ldap: performing user authorization for a0327
ldap_get_conn: Got Id: 0
rlm_ldap: (re)connect to 10.xxx.xxx.1:3268, authentication 0
rlm_ldap: bind as / to 10.xxx.xxx.1:3268
rlm_ldap: waiting for bind result ...
rlm_ldap: no dialupAccess attribute - access denied by default
ldap_release_conn: Release Id: 0
Invalid user (rlm_ldap: Access Attribute denies access): [a0327/xxxx] (from client 
10.xxx.xxx.19 port 99 cli 10.xxx.xxx.29)
rad_recv: Access-Request packet from host 10.xxx.xxx.19:1645, id=202, length=77
Sending Access-Reject of id 202 to 10.xxx.xxx.19:1645





-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html