access reject

Harish Mandowara harishm at
Mon Dec 5 14:56:09 CET 2011

Hi all,

i am connecting network-manager to freeradius server. It showing access
reject. I am using server.crt which is provided by freeradius it self.
Please check and reply.
error paste below

rad_recv: Access-Request packet from host port 32768, id=0,
Cleaning up request 95 ID 0 with timestamp +543
	User-Name = "testing123"
	NAS-IP-Address =
	Called-Station-Id = "30469a872e66"
	Calling-Station-Id = "1caff76ce38c"
	NAS-Identifier = "30469a872e66"
	NAS-Port = 3
	Framed-MTU = 1400
	State = 0x05139c0406178548b5e80cb0708716d1
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x0204001119800000000715030100020230
	Message-Authenticator = 0xfd142706451c8cf676b90ad74a062ecb
# Executing section authorize from file
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testing123", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 17
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 7
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca  
TLS Alert read:fatal:unknown CA
    TLS_accept: failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation
[peap] eaptls_process returned 4 
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] 	expand: %{User-Name} -> testing123
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 96 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 96
Sending Access-Reject of id 0 to port 32768
	EAP-Message = 0x04040004
	Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.

Warm Regards

Harish Mandowara

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Freeradius-Users mailing list