>Good morning, everybody. I am working on an upgrade for our FreeRadius >servers, which are currently at 1.1.0. I have configured a test >Radius server, which is running FreeRadius 2.0.5. These are both >Solaris 10 systems running SPARC, and our backend is LDAP. > >With FreeRadius 1.1.0, when a user is rejected, the rejection message >looks like this on the client side: > >rad_recv: Access-Reject packet from host x.x.x.x:1645, id=251, length=49 > Reply-Message = "Please, call the help desk." > >No matter what the user, if the user has a static IP, or any other >information in his user profile, etc, that's all it has - the reject >message. >
That's how things should be (so says RFC). > >With FreeRadius 2.0.5, when a user is rejected, the rejection message >has more information in it: > >rad_recv: Access-Reject packet from host x.x.x.x:1645, id=74, length=32 > Framed-IP-Netmask = 255.255.255.255 > Framed-IP-Address = x.x.x.x > That's bad. You have done something to the filter in post auth type reject. Put that back the way it was. >Admittedly, the configuration file for the 2.0.5 server is a mixture of >1.1.0 config style, and 2.0.5 config style, leaning more towards the >1.1.0 style, so it could simply be a result of old style getting in the >way of the new, but I have gone through both configs, and I can't find >out where my access-reject message in my users file is being either >a)overwritten, or b) ignored outright. > >I've gone through the docs, and the wiki, but haven't found out what I'm >missing. I'm running RADIUS 2.0.5 in debug mode (-XXX), but haven't >found anything pointing out what I'm doing wrong. I can comment out >the entries in ldap.attrmap, but that also means they don't get sent >when the authentication succeeds. > >Here's the last line of my users file, below all other local users, and >default entries: > >DEFAULT Auth-Type := Reject > Reply-Message = "Please, call the help desk." > Post the debug. It's extremly likely that something before this entry matched but didn't have Fall-Through at the end. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
