Hi, I am using freeradius-0.9.3 and a server LDAP for authentication. but when i want to connect a user with frame protocol PPP, the authentication failed.
below, logs of router , users file and radius log. Jun 23 11:36:19.168: %ISDN-6-CONNECT: Interface Serial1/0:0 is now connected to 298002222 Jun 23 11:36:35.148: As69 LCP: I CONFREQ [Closed] id 1 len 20 Jun 23 11:36:35.148: As69 LCP: ACCM 0x00000000 (0x020600000000) Jun 23 11:36:35.148: As69 LCP: MagicNumber 0x19723A65 (0x050619723A65) Jun 23 11:36:35.148: As69 LCP: PFC (0x0702) Jun 23 11:36:35.148: As69 LCP: ACFC (0x0802) Jun 23 11:36:35.148: As69 LCP: Lower layer not up, Fast Starting Jun 23 11:36:35.148: As69 PPP: Using dialer call direction Jun 23 11:36:35.148: As69 PPP: Treating connection as a callin Jun 23 11:36:35.148: As69 PPP: Phase is ESTABLISHING, Passive Open Jun 23 11:36:35.148: As69 LCP: State is Listen Jun 23 11:36:35.148: As69 PPP: Authorization required Jun 23 11:36:35.148: As69 LCP: O CONFREQ [Listen] id 1 len 25 Jun 23 11:36:35.148: As69 LCP: ACCM 0x000A0000 (0x0206000A0000) Jun 23 11:36:35.148: As69 LCP: AuthProto CHAP (0x0305C22305) Jun 23 11:36:35.148: As69 LCP: MagicNumber 0x35C0A4C5 (0x050635C0A4C5) Jun 23 11:36:35.148: As69 LCP: PFC (0x0702) Jun 23 11:36:35.148: As69 LCP: ACFC (0x0802) Jun 23 11:36:35.148: As69 LCP: O CONFACK [Listen] id 1 len 20 Jun 23 11:36:35.148: As69 LCP: ACCM 0x00000000 (0x020600000000) Jun 23 11:36:35.148: As69 LCP: MagicNumber 0x19723A65 (0x050619723A65) Jun 23 11:36:35.148: As69 LCP: PFC (0x0702) Jun 23 11:36:35.148: As69 LCP: ACFC (0x0802) Jun 23 11:36:35.152: %LINK-3-UPDOWN: Interface Async69, changed state to up Jun 23 11:36:35.360: As69 LCP: I CONFACK [ACKsent] id 1 len 25 Jun 23 11:36:35.360: As69 LCP: ACCM 0x000A0000 (0x0206000A0000) Jun 23 11:36:35.360: As69 LCP: AuthProto CHAP (0x0305C22305) Jun 23 11:36:35.360: As69 LCP: MagicNumber 0x35C0A4C5 (0x050635C0A4C5) Jun 23 11:36:35.360: As69 LCP: PFC (0x0702) Jun 23 11:36:35.360: As69 LCP: ACFC (0x0802) Jun 23 11:36:35.360: As69 LCP: State is Open Jun 23 11:36:35.360: As69 PPP: Phase is AUTHENTICATING, by this end Jun 23 11:36:35.360: As69 CHAP: O CHALLENGE id 1 len 28 from "r-nas-a" Jun 23 11:36:35.512: As69 CHAP: I RESPONSE id 1 len 26 from "a0327" Jun 23 11:36:35.516: As69 PPP: Phase is FORWARDING, Attempting Forward Jun 23 11:36:35.516: As69 PPP: Phase is AUTHENTICATING, Unauthenticated User Jun 23 11:36:35.516: As69 PPP: Sent CHAP LOGIN Request Jun 23 11:36:35.516: RADIUS/ENCODE(00000138):Orig. component type = ISDN Jun 23 11:36:35.516: RADIUS: AAA Unsupported [152] 7 Jun 23 11:36:35.516: RADIUS: 41 73 79 6E 63 [Async] Jun 23 11:36:35.516: RADIUS(00000138): Storing nasport 69 in rad_db Jun 23 11:36:35.516: RADIUS(00000138): Config NAS IP: 0.0.0.0 Jun 23 11:36:35.516: RADIUS/ENCODE(00000138): acct_session_id: 312 Jun 23 11:36:35.516: RADIUS(00000138): sending Jun 23 11:36:35.516: RADIUS/ENCODE: Best Local IP-Address 10.xxx.xxx.19 for Radius-Server 10.xxx.xxx.29 Jun 23 11:36:35.516: RADIUS(00000138): Send Access-Request to 10.xxx.xxx.29:1812 id 1645/199, len 111 Jun 23 11:36:35.516: RADIUS: authenticator 8D 83 E8 0D 9B 53 D0 2F - 14 3C 36 20 60 A9 4D 54 Jun 23 11:36:35.516: RADIUS: Framed-Protocol [7] 6 PPP [1] Jun 23 11:36:35.516: RADIUS: User-Name [1] 7 "a0327" Jun 23 11:36:35.516: RADIUS: CHAP-Password [3] 19 * Jun 23 11:36:35.516: RADIUS: Calling-Station-Id [31] 11 "2xxxxxxxx" Jun 23 11:36:35.516: RADIUS: Called-Station-Id [30] 6 "0061" Jun 23 11:36:35.516: RADIUS: NAS-Port-Type [61] 6 Async [0] Jun 23 11:36:35.516: RADIUS: Connect-Info [77] 18 "19200 V34+/Async" Jun 23 11:36:35.516: RADIUS: NAS-Port [5] 6 69 Jun 23 11:36:35.516: RADIUS: Service-Type [6] 6 Framed [2] Jun 23 11:36:35.516: RADIUS: NAS-IP-Address [4] 6 10.xxx.xxx.19 Jun 23 11:36:38.148: As69 CHAP: I RESPONSE id 1 len 26 from "a0327" Jun 23 11:36:38.148: As69 CHAP: Ignoring Additional Response Jun 23 11:36:40.516: RADIUS: Retransmit to (10.xxx.xxx.29:1812,1813) for id 1645/199 Jun 23 11:36:40.516: RADIUS: Received from id 1645/199 10.xxx.xxx.29:1812, Access-Reject, len 155 Jun 23 11:36:40.516: RADIUS: authenticator 97 C7 04 0E E1 4C C2 1C - CD 11 37 C8 68 47 84 E0 Jun 23 11:36:40.516: RADIUS: Vendor, Cisco [26] 29 Jun 23 11:36:40.516: RADIUS: Cisco AVpair [1] 23 "ip:addr-pool=testpool" Jun 23 11:36:40.516: RADIUS(00000138): Received from id 1645/199 Jun 23 11:36:40.516: As69 PPP: Received LOGIN Response FAIL Jun 23 11:36:40.516: As69 CHAP: O FAILURE id 1 len 25 msg is "Authentication failed" Jun 23 11:36:40.516: As69 PPP: Sending Acct Event[Down] id[138] Jun 23 11:36:40.516: As69 PPP: Phase is TERMINATING Jun 23 11:36:40.516: As69 LCP: O TERMREQ [Open] id 2 len 4 Jun 23 11:36:42.504: As69 LCP: TIMEout: State TERMsent Jun 23 11:36:42.504: As69 LCP: O TERMREQ [TERMsent] id 3 len 4 Jun 23 11:36:44.520: As69 LCP: TIMEout: State TERMsent Jun 23 11:36:44.520: As69 LCP: State is Closed Jun 23 11:36:44.520: As69 PPP: Phase is DOWN Jun 23 11:36:44.520: As69 PPP: Phase is ESTABLISHING, Passive Open Jun 23 11:36:44.520: As69 LCP: State is Listen Jun 23 11:36:44.632: %ISDN-6-DISCONNECT: Interface Serial1/0:0 disconnected from 2xxxxxxxx , call lasted 31 seconds Jun 23 11:36:46.520: %LINK-5-CHANGED: Interface Async69, changed state to reset Jun 23 11:36:46.520: As69 LCP: State is Closed Jun 23 11:36:46.520: As69 PPP: Phase is DOWN Jun 23 11:36:51.521: %LINK-3-UPDOWN: Interface Async69, changed state to down user's file ------------- a0327 Auth-Type := LDAP Service-Type = Framed-User, Framed-Protocol = PPP, cisco-avpair = "ip:addr-pool=testpool" radius log ---------- rad_recv: Access-Request packet from host 10.xxx.xxx.19:1645, id=202, length=77 User-Name = "a0327" User-Password = "xxxxx" NAS-Port = 99 NAS-Port-Type = Virtual Calling-Station-Id = "10.xxx.xxx.29" NAS-IP-Address = 10.xxx.xxx.19 rlm_ldap: - authorize rlm_ldap: performing user authorization for a0327 ldap_get_conn: Got Id: 0 rlm_ldap: (re)connect to 10.xxx.xxx.1:3268, authentication 0 rlm_ldap: bind as / to 10.xxx.xxx.1:3268 rlm_ldap: waiting for bind result ... rlm_ldap: no dialupAccess attribute - access denied by default ldap_release_conn: Release Id: 0 Invalid user (rlm_ldap: Access Attribute denies access): [a0327/xxxx] (from client 10.xxx.xxx.19 port 99 cli 10.xxx.xxx.29) rad_recv: Access-Request packet from host 10.xxx.xxx.19:1645, id=202, length=77 Sending Access-Reject of id 202 to 10.xxx.xxx.19:1645 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html