Sudden User Authentication Rejection as a result Compatibility - error

Adam Bishop Adam.Bishop at jisc.ac.uk
Mon Feb 23 12:13:20 CET 2015


On 23 Feb 2015, at 10:40, Clement Ogedengbe <c.ogedengbe at worc.ac.uk> wrote:
> Our primary server has really gone "bunker". Sometimes last week (after server ran without hitches for 2 years), started rejecting users by reporting certificate compatibility problem at the debug level.
> 
> After correcting the access privileges to certificates (which I observed may not be correct), the service resumed, but ran successfully only for 2 days and started rejecting users by reporting certificate compatibility problem.

The debug log you've posted is _not_ the server rejecting anything - it's the client choosing not to authenticate. The warning is simply a suggestion of the likely cause.

Any time FreeRADIUS rejects a user, it will _always_ send an explicit Access-Reject (unless configured otherwise, or using PEAP with retries). If this is what you're now seeing you need to post a much more complete log.

It may ultimately turn out that FreeRADIUS is misbehaving, but the only thing that can tell you why the client is choosing not to authenticate is the client. What supplicant is in use?

Regards,

Adam Bishop

  gpg: 0x6609D460

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under Company No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235 822200. 




More information about the Freeradius-Users mailing list