Server logs say users authenticate, but they don't (Now with more details!)
James Wakefield
jamesw at deakin.edu.au
Tue Nov 7 00:23:00 CET 2006
Hi Ernie,
* Run radiusd -X and check that Access-Accept is being sent, and how
long after the Access-Request this is.
* Verify with tcpdump that the packet is actually getting onto the wire.
* Check for iptables rules/access-lists that might be dropping/rejecting
the packets.
* Make sure your AS5300 and freeradius are configured to use the same
port numbers. freeradius shouldn't be seeing the Access-Request if not,
but it might be worth a look.
Ernie Dunbar wrote:
>> G'day Ernie,
>>
>> Can you sniff on the AS5300 and ensure the Access-Accept packets are
>> arriving before the 3 second (default) timeout?
>
> Yes, we tried that. The access-accept packets aren't arriving at all!
>
>> Does it work if you temporarily disable the Simultaneous-Use check?
>
> No, that doesn't work either.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: james.wakefield at deakin.edu.au
Website: http://www.deakin.edu.au
More information about the Freeradius-Users
mailing list