Help with freeradius upgrade

Alan DeKok aland at deployingradius.com
Wed Jun 13 22:44:26 CEST 2018 

On Jun 13, 2018, at 3:20 PM, Petit, Benoit <b.petit at bell.ca> wrote:
> I’m in the process of upgrading Freeradius in our production environment. Long story short : nobody wanted to do the task and I have to jump  from Red Hat 3 to Red Hat 6 which includes a totally new version of Openldap (2.4.40 with it’s own database in its structure) and Freeradius 2.2.6.

  You should really upgrade to 2.2.10.  There aren't many good reasons for running 2.2.6.

> Openldap is completed. The users have been transported and I can see them all. When I do a test with a current user, he gets an error message (“host is unreachable”). I see a REJECT message in the radius logs. Attached is the logs while running in debug mode (radiusd –X). Can anyone see something missing in my config?

  See the logs...

> Ready to process requests.
> rad_recv: Access-Request packet from host x.x.127.152 port 44165, id=125, length=195
> 	NAS-Identifier = "Juniper IVE"
> 	User-Name = "ba0ccxq at ssl-admin.bell"
> 	User-Password = "\017S\313\315@ü‡¸€+\212j\226+"

  The shared secret is wrong.  Fix that.

> Proxying request 0 to home server x.x.x.x port 1645
> Sending Access-Request of id 27 to x.x.x.x port 1645
> 	NAS-Identifier = "Juniper IVE"
> 	User-Name = "ba0ccxq"
> 	User-Password = "\017S\313\315@ü‡¸€+\212j\226+"
> 	Tunnel-Client-Endpoint:0 = "x.x.99.171"
> 	NAS-IP-Address = x.x.127.152
> 	NAS-Port = 0
> 	Acct-Session-Id = "ba0ccxq at ssl-admin.bell(Admin Users - FreeRadius-Test-New)\"Wed Jun 13 13:19:40 2018\"sF2ZSnqZ"
> 	Proxy-State = 0x313235

  Ok...

> Going to the next request
> Waking up in 0.9 seconds.
> Waking up in 13.0 seconds.
> rad_recv: Access-Reject packet from host x.x.x.x port 1645, id=27, length=25
> 	Proxy-State = 0x313235

  <sigh>

  The home server is rejecting the user.  That should be *very* clear from reading the logs.

  Why is the home server rejecting the user?  Because the shared secret is wrong, and the User-Password is garbage.  That should ALSO be clear from reading the logs.

  Alan DeKok.

More information about the Freeradius-Users mailing list