<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Send the whole configuration and initial request/response. The snippet below is pretty much useless.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>David<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> freeradius-users-bounces+davidp=wirelessconnections.net@lists.freeradius.org [mailto:freeradius-users-bounces+davidp=wirelessconnections.net@lists.freeradius.org] <b>On Behalf Of </b>Suryalakshmi Annadurai<br><b>Sent:</b> Monday, September 30, 2013 8:46 AM<br><b>To:</b> freeradius-users@lists.freeradius.org<br><b>Subject:</b> Access Request from HA rejected<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hi all,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I am using FreeRadius 2.1.12 for WIMAX authentication. My initial authentication between ASN-GW and AAA is successful. Keys are generated and received in Access-Accept. But when HA sends Access-Request to AAA, the Request is rejected.The SPI values are all correct. All the AVP values are valid (because I checked with a workaround and it was successful). There looks like a problem in the authorize section when username is checked for in the 'Users' file. Can you please tell me if I am missing something in the configuration? I have added the inner identity in the 'users' file. Clients are defined in the 'clients.conf'.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Below is a portion from log file.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>rad_recv: Access-Request packet from host 172.16.10.10 port 52511, id=1, length=165<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'> User-Name = "<a href="mailto:01-01-01-03-01-01@abc.com">01-01-01-03-01-01@abc.com</a>"<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'> NAS-IP-Address = 172.16.10.10 <o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'> NAS-Identifier = "HA1"<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'> Message-Authenticator = 0x930277dfe340d323eb58e3ecf7588f30<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'> WiMAX-Release = "1.2"<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'> WiMAX-Accounting-Capabilities = No-Accounting<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'> WiMAX-hHA-IP-MIP4 = 172.16.10.10<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'> WiMAX-MN-hHA-MIP4-SPI = 1185754294<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'> WiMAX-HA-RK-SPI = 123123<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: +- entering group authorize {...}<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: ++[preprocess] returns ok<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: ++[chap] returns noop<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: ++[mschap] returns noop<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: [suffix] Looking up realm "abc.com" for User-Name = "<a href="mailto:01-01-01-03-01-01@abc.com">01-01-01-03-01-01@abc.com</a>"<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: [suffix] Found realm "abc.com"<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: [suffix] Adding Stripped-User-Name = "01-01-01-03-01-01"<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: [suffix] Adding Realm = "abc.com"<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: [suffix] Authentication realm is LOCAL.<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: ++[suffix] returns ok<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: [eap] No EAP-Message, not doing EAP<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: ++[eap] returns noop<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: ++[files] returns noop<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: Failed to authenticate the user.<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: Using Post-Auth-Type <o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: # Executing group from file /etc/raddb/sites-enabled/default<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: +- entering group REJECT {...}<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: [attr_filter.access_reject] expand: %{User-Name} -> <a href="mailto:01-01-01-03-01-01@abc.com">01-01-01-03-01-01@abc.com</a><o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Debug: attr_filter: Matched entry DEFAULT at line 11<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: ++[attr_filter.access_reject] returns updated<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Info: Delaying reject of request 5 for 1 seconds<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Debug: Going to the next request<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:35 1970 : Debug: Waking up in 0.9 seconds.<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Thu Jan 1 05:53:36 1970 : Info: Sending delayed reject for request 5<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Sending Access-Reject of id 1 to 172.16.10.10 port 52511<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>-Thanks</span><o:p></o:p></p></div></body></html>