RE: radius access-reject
In which file i must do the modifications, and which modifications -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Alain Perry Envoyé : mercredi 23 juin 2004 17:45 À : Freeradius-Users (E-mail) Objet : Re: radius access-reject rlm_ldap: no dialupAccess attribute - access denied by default This is pretty explicit: you need to add a dialupAccess attribute in the LDAP entry for your user, and to set it to anything but false. -- Alain Perry - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radius access-reject
Le jeu 24/06/2004 à 08:08, TANGUY ERIC a écrit : In which file i must do the modifications, and which modifications Hum, as I said, you need to modify the LDAP entry for your user... That means not modifying a file, but adding a dialupAccess attribute to your user LDAP profile. Of course, the RADIUS_LDAPv3 schema must be imported on your LDAP server. The dialupAccess attribute should then be set to true, but anything except false should do. -- Alain Perry - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radius access-reject
i do this modification, but now, i have an other problem rad_recv: Access-Request packet from host 10.xxx.xxx.19:1645, id=204, length=111 Framed-Protocol = PPP User-Name = a0327 CHAP-Password = 0x021373350363856f39d120a2119e9a4d8b Calling-Station-Id = 2 Called-Station-Id = 0061 NAS-Port-Type = Async Connect-Info = 19200 V34+/Async NAS-Port = 72 Service-Type = Framed-User NAS-IP-Address = 10.xxx.xxx.19 rlm_chap: Setting 'Auth-Type := CHAP' rlm_ldap: - authenticate rlm_ldap: Attribute User-Password is required for authentication. Cannot use CHAP-Password. Login incorrect: [a0327/CHAP-Password] (from client 10.xxx.xxx.19 port 72 cli 2) rad_recv: Access-Request packet from host 10.xxx.xxx.19:1645, id=204, length=111 Sending Access-Reject of id 204 to 10.xxx.xxx.19:1645 user's file - a0327 Auth-Type := LDAP Service-Type = Framed-User, Framed-Protocol = PPP, cisco-avpair = ip:addr-pool=testpool -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Alain Perry Envoyé : mercredi 23 juin 2004 17:45 À : Freeradius-Users (E-mail) Objet : Re: radius access-reject rlm_ldap: no dialupAccess attribute - access denied by default This is pretty explicit: you need to add a dialupAccess attribute in the LDAP entry for your user, and to set it to anything but false. -- Alain Perry - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radius access-reject
I don't know everything (far from that unfortunately) about FreeRADIUS, but what's the point in using a user file if your user database is in a LDAP directory (this is a real question, I'm probably just missing something here) ? About your new problem, I'm sorry, but I haven't used CHAP yet (and I'm not planning to) so I can't really help you with that)... -- Alain Perry signature.asc Description: This is a digitally signed message part
radius access-reject
Hi, I am using freeradius-0.9.3 and a server LDAP for authentication. but when i want to connect a user with frame protocol PPP, the authentication failed. below, logs of router and users file. Jun 23 11:36:19.168: %ISDN-6-CONNECT: Interface Serial1/0:0 is now connected to 29800 Jun 23 11:36:35.148: As69 LCP: I CONFREQ [Closed] id 1 len 20 Jun 23 11:36:35.148: As69 LCP:ACCM 0x (0x0206) Jun 23 11:36:35.148: As69 LCP:MagicNumber 0x19723A65 (0x050619723A65) Jun 23 11:36:35.148: As69 LCP:PFC (0x0702) Jun 23 11:36:35.148: As69 LCP:ACFC (0x0802) Jun 23 11:36:35.148: As69 LCP: Lower layer not up, Fast Starting Jun 23 11:36:35.148: As69 PPP: Using dialer call direction Jun 23 11:36:35.148: As69 PPP: Treating connection as a callin Jun 23 11:36:35.148: As69 PPP: Phase is ESTABLISHING, Passive Open Jun 23 11:36:35.148: As69 LCP: State is Listen Jun 23 11:36:35.148: As69 PPP: Authorization required Jun 23 11:36:35.148: As69 LCP: O CONFREQ [Listen] id 1 len 25 Jun 23 11:36:35.148: As69 LCP:ACCM 0x000A (0x0206000A) Jun 23 11:36:35.148: As69 LCP:AuthProto CHAP (0x0305C22305) Jun 23 11:36:35.148: As69 LCP:MagicNumber 0x35C0A4C5 (0x050635C0A4C5) Jun 23 11:36:35.148: As69 LCP:PFC (0x0702) Jun 23 11:36:35.148: As69 LCP:ACFC (0x0802) Jun 23 11:36:35.148: As69 LCP: O CONFACK [Listen] id 1 len 20 Jun 23 11:36:35.148: As69 LCP:ACCM 0x (0x0206) Jun 23 11:36:35.148: As69 LCP:MagicNumber 0x19723A65 (0x050619723A65) Jun 23 11:36:35.148: As69 LCP:PFC (0x0702) Jun 23 11:36:35.148: As69 LCP:ACFC (0x0802) Jun 23 11:36:35.152: %LINK-3-UPDOWN: Interface Async69, changed state to up Jun 23 11:36:35.360: As69 LCP: I CONFACK [ACKsent] id 1 len 25 Jun 23 11:36:35.360: As69 LCP:ACCM 0x000A (0x0206000A) Jun 23 11:36:35.360: As69 LCP:AuthProto CHAP (0x0305C22305) Jun 23 11:36:35.360: As69 LCP:MagicNumber 0x35C0A4C5 (0x050635C0A4C5) Jun 23 11:36:35.360: As69 LCP:PFC (0x0702) Jun 23 11:36:35.360: As69 LCP:ACFC (0x0802) Jun 23 11:36:35.360: As69 LCP: State is Open Jun 23 11:36:35.360: As69 PPP: Phase is AUTHENTICATING, by this end Jun 23 11:36:35.360: As69 CHAP: O CHALLENGE id 1 len 28 from r-nas-a Jun 23 11:36:35.512: As69 CHAP: I RESPONSE id 1 len 26 from a0327 Jun 23 11:36:35.516: As69 PPP: Phase is FORWARDING, Attempting Forward Jun 23 11:36:35.516: As69 PPP: Phase is AUTHENTICATING, Unauthenticated User Jun 23 11:36:35.516: As69 PPP: Sent CHAP LOGIN Request Jun 23 11:36:35.516: RADIUS/ENCODE(0138):Orig. component type = ISDN Jun 23 11:36:35.516: RADIUS: AAA Unsupported [152] 7 Jun 23 11:36:35.516: RADIUS: 41 73 79 6E 63 [Async] Jun 23 11:36:35.516: RADIUS(0138): Storing nasport 69 in rad_db Jun 23 11:36:35.516: RADIUS(0138): Config NAS IP: 0.0.0.0 Jun 23 11:36:35.516: RADIUS/ENCODE(0138): acct_session_id: 312 Jun 23 11:36:35.516: RADIUS(0138): sending Jun 23 11:36:35.516: RADIUS/ENCODE: Best Local IP-Address 10.xxx.xxx.19 for Radius-Server 10.xxx.xxx.29 Jun 23 11:36:35.516: RADIUS(0138): Send Access-Request to 10.xxx.xxx.29:1812 id 1645/199, len 111 Jun 23 11:36:35.516: RADIUS: authenticator 8D 83 E8 0D 9B 53 D0 2F - 14 3C 36 20 60 A9 4D 54 Jun 23 11:36:35.516: RADIUS: Framed-Protocol [7] 6 PPP [1] Jun 23 11:36:35.516: RADIUS: User-Name [1] 7 a0327 Jun 23 11:36:35.516: RADIUS: CHAP-Password [3] 19 * Jun 23 11:36:35.516: RADIUS: Calling-Station-Id [31] 11 2 Jun 23 11:36:35.516: RADIUS: Called-Station-Id [30] 6 0061 Jun 23 11:36:35.516: RADIUS: NAS-Port-Type [61] 6 Async [0] Jun 23 11:36:35.516: RADIUS: Connect-Info[77] 18 19200 V34+/Async Jun 23 11:36:35.516: RADIUS: NAS-Port[5] 6 69 Jun 23 11:36:35.516: RADIUS: Service-Type[6] 6 Framed [2] Jun 23 11:36:35.516: RADIUS: NAS-IP-Address [4] 6 10.xxx.xxx.19 Jun 23 11:36:38.148: As69 CHAP: I RESPONSE id 1 len 26 from a0327 Jun 23 11:36:38.148: As69 CHAP: Ignoring Additional Response Jun 23 11:36:40.516: RADIUS: Retransmit to (10.xxx.xxx.29:1812,1813) for id 1645/199 Jun 23 11:36:40.516: RADIUS: Received from id 1645/199 10.xxx.xxx.29:1812, Access-Reject, len 155 Jun 23 11:36:40.516: RADIUS: authenticator 97 C7 04 0E E1 4C C2 1C - CD 11 37 C8 68 47 84 E0 Jun 23 11:36:40.516: RADIUS: Vendor, Cisco [26] 29 Jun 23 11:36:40.516: RADIUS: Cisco AVpair [1] 23 ip:addr-pool=testpool Jun 23 11:36:40.516: RADIUS(0138): Received from id 1645/199 Jun 23 11:36:40.516: As69 PPP: Received LOGIN Response FAIL Jun 23 11:36:40.516: As69 CHAP: O FAILURE id 1 len 25 msg is Authentication failed Jun 23 11:36:40.516: As69 PPP: Sending Acct Event[Down] id[138] Jun 23 11:36:40.516: As69 PPP: Phase is TERMINATING Jun 23 11:36:40.516: As69 LCP: O TERMREQ [Open] id 2 len 4 Jun 23 11:36:42.504: As69 LCP: TIMEout: State TERMsent Jun 23
radius access-reject
Hi, I am using freeradius-0.9.3 and a server LDAP for authentication. but when i want to connect a user with frame protocol PPP, the authentication failed. below, logs of router , users file and radius log. Jun 23 11:36:19.168: %ISDN-6-CONNECT: Interface Serial1/0:0 is now connected to 29800 Jun 23 11:36:35.148: As69 LCP: I CONFREQ [Closed] id 1 len 20 Jun 23 11:36:35.148: As69 LCP:ACCM 0x (0x0206) Jun 23 11:36:35.148: As69 LCP:MagicNumber 0x19723A65 (0x050619723A65) Jun 23 11:36:35.148: As69 LCP:PFC (0x0702) Jun 23 11:36:35.148: As69 LCP:ACFC (0x0802) Jun 23 11:36:35.148: As69 LCP: Lower layer not up, Fast Starting Jun 23 11:36:35.148: As69 PPP: Using dialer call direction Jun 23 11:36:35.148: As69 PPP: Treating connection as a callin Jun 23 11:36:35.148: As69 PPP: Phase is ESTABLISHING, Passive Open Jun 23 11:36:35.148: As69 LCP: State is Listen Jun 23 11:36:35.148: As69 PPP: Authorization required Jun 23 11:36:35.148: As69 LCP: O CONFREQ [Listen] id 1 len 25 Jun 23 11:36:35.148: As69 LCP:ACCM 0x000A (0x0206000A) Jun 23 11:36:35.148: As69 LCP:AuthProto CHAP (0x0305C22305) Jun 23 11:36:35.148: As69 LCP:MagicNumber 0x35C0A4C5 (0x050635C0A4C5) Jun 23 11:36:35.148: As69 LCP:PFC (0x0702) Jun 23 11:36:35.148: As69 LCP:ACFC (0x0802) Jun 23 11:36:35.148: As69 LCP: O CONFACK [Listen] id 1 len 20 Jun 23 11:36:35.148: As69 LCP:ACCM 0x (0x0206) Jun 23 11:36:35.148: As69 LCP:MagicNumber 0x19723A65 (0x050619723A65) Jun 23 11:36:35.148: As69 LCP:PFC (0x0702) Jun 23 11:36:35.148: As69 LCP:ACFC (0x0802) Jun 23 11:36:35.152: %LINK-3-UPDOWN: Interface Async69, changed state to up Jun 23 11:36:35.360: As69 LCP: I CONFACK [ACKsent] id 1 len 25 Jun 23 11:36:35.360: As69 LCP:ACCM 0x000A (0x0206000A) Jun 23 11:36:35.360: As69 LCP:AuthProto CHAP (0x0305C22305) Jun 23 11:36:35.360: As69 LCP:MagicNumber 0x35C0A4C5 (0x050635C0A4C5) Jun 23 11:36:35.360: As69 LCP:PFC (0x0702) Jun 23 11:36:35.360: As69 LCP:ACFC (0x0802) Jun 23 11:36:35.360: As69 LCP: State is Open Jun 23 11:36:35.360: As69 PPP: Phase is AUTHENTICATING, by this end Jun 23 11:36:35.360: As69 CHAP: O CHALLENGE id 1 len 28 from r-nas-a Jun 23 11:36:35.512: As69 CHAP: I RESPONSE id 1 len 26 from a0327 Jun 23 11:36:35.516: As69 PPP: Phase is FORWARDING, Attempting Forward Jun 23 11:36:35.516: As69 PPP: Phase is AUTHENTICATING, Unauthenticated User Jun 23 11:36:35.516: As69 PPP: Sent CHAP LOGIN Request Jun 23 11:36:35.516: RADIUS/ENCODE(0138):Orig. component type = ISDN Jun 23 11:36:35.516: RADIUS: AAA Unsupported [152] 7 Jun 23 11:36:35.516: RADIUS: 41 73 79 6E 63 [Async] Jun 23 11:36:35.516: RADIUS(0138): Storing nasport 69 in rad_db Jun 23 11:36:35.516: RADIUS(0138): Config NAS IP: 0.0.0.0 Jun 23 11:36:35.516: RADIUS/ENCODE(0138): acct_session_id: 312 Jun 23 11:36:35.516: RADIUS(0138): sending Jun 23 11:36:35.516: RADIUS/ENCODE: Best Local IP-Address 10.xxx.xxx.19 for Radius-Server 10.xxx.xxx.29 Jun 23 11:36:35.516: RADIUS(0138): Send Access-Request to 10.xxx.xxx.29:1812 id 1645/199, len 111 Jun 23 11:36:35.516: RADIUS: authenticator 8D 83 E8 0D 9B 53 D0 2F - 14 3C 36 20 60 A9 4D 54 Jun 23 11:36:35.516: RADIUS: Framed-Protocol [7] 6 PPP [1] Jun 23 11:36:35.516: RADIUS: User-Name [1] 7 a0327 Jun 23 11:36:35.516: RADIUS: CHAP-Password [3] 19 * Jun 23 11:36:35.516: RADIUS: Calling-Station-Id [31] 11 2 Jun 23 11:36:35.516: RADIUS: Called-Station-Id [30] 6 0061 Jun 23 11:36:35.516: RADIUS: NAS-Port-Type [61] 6 Async [0] Jun 23 11:36:35.516: RADIUS: Connect-Info[77] 18 19200 V34+/Async Jun 23 11:36:35.516: RADIUS: NAS-Port[5] 6 69 Jun 23 11:36:35.516: RADIUS: Service-Type[6] 6 Framed [2] Jun 23 11:36:35.516: RADIUS: NAS-IP-Address [4] 6 10.xxx.xxx.19 Jun 23 11:36:38.148: As69 CHAP: I RESPONSE id 1 len 26 from a0327 Jun 23 11:36:38.148: As69 CHAP: Ignoring Additional Response Jun 23 11:36:40.516: RADIUS: Retransmit to (10.xxx.xxx.29:1812,1813) for id 1645/199 Jun 23 11:36:40.516: RADIUS: Received from id 1645/199 10.xxx.xxx.29:1812, Access-Reject, len 155 Jun 23 11:36:40.516: RADIUS: authenticator 97 C7 04 0E E1 4C C2 1C - CD 11 37 C8 68 47 84 E0 Jun 23 11:36:40.516: RADIUS: Vendor, Cisco [26] 29 Jun 23 11:36:40.516: RADIUS: Cisco AVpair [1] 23 ip:addr-pool=testpool Jun 23 11:36:40.516: RADIUS(0138): Received from id 1645/199 Jun 23 11:36:40.516: As69 PPP: Received LOGIN Response FAIL Jun 23 11:36:40.516: As69 CHAP: O FAILURE id 1 len 25 msg is Authentication failed Jun 23 11:36:40.516: As69 PPP: Sending Acct Event[Down] id[138] Jun 23 11:36:40.516: As69 PPP: Phase is TERMINATING Jun 23 11:36:40.516: As69 LCP: O TERMREQ [Open] id 2 len 4 Jun 23 11:36:42.504: As69 LCP: TIMEout: State
Re: radius access-reject
On Wed, 23 Jun 2004, TANGUY ERIC wrote: Hi, I am using freeradius-0.9.3 and a server LDAP for authentication. but when i want to connect a user with frame protocol PPP, the authentication failed. below, logs of router and users file. The log from the router will not help. Run the server in debug mode to see what's happening Jun 23 11:36:19.168: %ISDN-6-CONNECT: Interface Serial1/0:0 is now connected to 29800 Jun 23 11:36:35.148: As69 LCP: I CONFREQ [Closed] id 1 len 20 Jun 23 11:36:35.148: As69 LCP:ACCM 0x (0x0206) Jun 23 11:36:35.148: As69 LCP:MagicNumber 0x19723A65 (0x050619723A65) Jun 23 11:36:35.148: As69 LCP:PFC (0x0702) Jun 23 11:36:35.148: As69 LCP:ACFC (0x0802) Jun 23 11:36:35.148: As69 LCP: Lower layer not up, Fast Starting Jun 23 11:36:35.148: As69 PPP: Using dialer call direction Jun 23 11:36:35.148: As69 PPP: Treating connection as a callin Jun 23 11:36:35.148: As69 PPP: Phase is ESTABLISHING, Passive Open Jun 23 11:36:35.148: As69 LCP: State is Listen Jun 23 11:36:35.148: As69 PPP: Authorization required Jun 23 11:36:35.148: As69 LCP: O CONFREQ [Listen] id 1 len 25 Jun 23 11:36:35.148: As69 LCP:ACCM 0x000A (0x0206000A) Jun 23 11:36:35.148: As69 LCP:AuthProto CHAP (0x0305C22305) Jun 23 11:36:35.148: As69 LCP:MagicNumber 0x35C0A4C5 (0x050635C0A4C5) Jun 23 11:36:35.148: As69 LCP:PFC (0x0702) Jun 23 11:36:35.148: As69 LCP:ACFC (0x0802) Jun 23 11:36:35.148: As69 LCP: O CONFACK [Listen] id 1 len 20 Jun 23 11:36:35.148: As69 LCP:ACCM 0x (0x0206) Jun 23 11:36:35.148: As69 LCP:MagicNumber 0x19723A65 (0x050619723A65) Jun 23 11:36:35.148: As69 LCP:PFC (0x0702) Jun 23 11:36:35.148: As69 LCP:ACFC (0x0802) Jun 23 11:36:35.152: %LINK-3-UPDOWN: Interface Async69, changed state to up Jun 23 11:36:35.360: As69 LCP: I CONFACK [ACKsent] id 1 len 25 Jun 23 11:36:35.360: As69 LCP:ACCM 0x000A (0x0206000A) Jun 23 11:36:35.360: As69 LCP:AuthProto CHAP (0x0305C22305) Jun 23 11:36:35.360: As69 LCP:MagicNumber 0x35C0A4C5 (0x050635C0A4C5) Jun 23 11:36:35.360: As69 LCP:PFC (0x0702) Jun 23 11:36:35.360: As69 LCP:ACFC (0x0802) Jun 23 11:36:35.360: As69 LCP: State is Open Jun 23 11:36:35.360: As69 PPP: Phase is AUTHENTICATING, by this end Jun 23 11:36:35.360: As69 CHAP: O CHALLENGE id 1 len 28 from r-nas-a Jun 23 11:36:35.512: As69 CHAP: I RESPONSE id 1 len 26 from a0327 Jun 23 11:36:35.516: As69 PPP: Phase is FORWARDING, Attempting Forward Jun 23 11:36:35.516: As69 PPP: Phase is AUTHENTICATING, Unauthenticated User Jun 23 11:36:35.516: As69 PPP: Sent CHAP LOGIN Request Jun 23 11:36:35.516: RADIUS/ENCODE(0138):Orig. component type = ISDN Jun 23 11:36:35.516: RADIUS: AAA Unsupported [152] 7 Jun 23 11:36:35.516: RADIUS: 41 73 79 6E 63 [Async] Jun 23 11:36:35.516: RADIUS(0138): Storing nasport 69 in rad_db Jun 23 11:36:35.516: RADIUS(0138): Config NAS IP: 0.0.0.0 Jun 23 11:36:35.516: RADIUS/ENCODE(0138): acct_session_id: 312 Jun 23 11:36:35.516: RADIUS(0138): sending Jun 23 11:36:35.516: RADIUS/ENCODE: Best Local IP-Address 10.xxx.xxx.19 for Radius-Server 10.xxx.xxx.29 Jun 23 11:36:35.516: RADIUS(0138): Send Access-Request to 10.xxx.xxx.29:1812 id 1645/199, len 111 Jun 23 11:36:35.516: RADIUS: authenticator 8D 83 E8 0D 9B 53 D0 2F - 14 3C 36 20 60 A9 4D 54 Jun 23 11:36:35.516: RADIUS: Framed-Protocol [7] 6 PPP [1] Jun 23 11:36:35.516: RADIUS: User-Name [1] 7 a0327 Jun 23 11:36:35.516: RADIUS: CHAP-Password [3] 19 * Jun 23 11:36:35.516: RADIUS: Calling-Station-Id [31] 11 2 Jun 23 11:36:35.516: RADIUS: Called-Station-Id [30] 6 0061 Jun 23 11:36:35.516: RADIUS: NAS-Port-Type [61] 6 Async [0] Jun 23 11:36:35.516: RADIUS: Connect-Info[77] 18 19200 V34+/Async Jun 23 11:36:35.516: RADIUS: NAS-Port[5] 6 69 Jun 23 11:36:35.516: RADIUS: Service-Type[6] 6 Framed [2] Jun 23 11:36:35.516: RADIUS: NAS-IP-Address [4] 6 10.xxx.xxx.19 Jun 23 11:36:38.148: As69 CHAP: I RESPONSE id 1 len 26 from a0327 Jun 23 11:36:38.148: As69 CHAP: Ignoring Additional Response Jun 23 11:36:40.516: RADIUS: Retransmit to (10.xxx.xxx.29:1812,1813) for id 1645/199 Jun 23 11:36:40.516: RADIUS: Received from id 1645/199 10.xxx.xxx.29:1812, Access-Reject, len 155 Jun 23 11:36:40.516: RADIUS: authenticator 97 C7 04 0E E1 4C C2 1C - CD 11 37 C8 68 47 84 E0 Jun 23 11:36:40.516: RADIUS: Vendor, Cisco [26] 29 Jun 23 11:36:40.516: RADIUS: Cisco AVpair [1] 23 ip:addr-pool=testpool Jun 23 11:36:40.516: RADIUS(0138): Received from id 1645/199 Jun 23 11:36:40.516: As69 PPP: Received LOGIN Response FAIL Jun 23 11:36:40.516: As69 CHAP: O FAILURE id 1 len 25 msg is Authentication failed Jun 23