On Jun 13, 2018, at 3:20 PM, Petit, Benoit <b.petit@bell.ca> wrote:
I’m in the process of upgrading Freeradius in our production environment. Long story short : nobody wanted to do the task and I have to jump from Red Hat 3 to Red Hat 6 which includes a totally new version of Openldap (2.4.40 with it’s own database in its structure) and Freeradius 2.2.6.
You should really upgrade to 2.2.10. There aren't many good reasons for running 2.2.6.
Openldap is completed. The users have been transported and I can see them all. When I do a test with a current user, he gets an error message (“host is unreachable”). I see a REJECT message in the radius logs. Attached is the logs while running in debug mode (radiusd –X). Can anyone see something missing in my config?
See the logs...
Ready to process requests. rad_recv: Access-Request packet from host x.x.127.152 port 44165, id=125, length=195 NAS-Identifier = "Juniper IVE" User-Name = "ba0ccxq@ssl-admin.bell" User-Password = "\017S\313\315@ü‡¸€+\212j\226+"
The shared secret is wrong. Fix that.
Proxying request 0 to home server x.x.x.x port 1645 Sending Access-Request of id 27 to x.x.x.x port 1645 NAS-Identifier = "Juniper IVE" User-Name = "ba0ccxq" User-Password = "\017S\313\315@ü‡¸€+\212j\226+" Tunnel-Client-Endpoint:0 = "x.x.99.171" NAS-IP-Address = x.x.127.152 NAS-Port = 0 Acct-Session-Id = "ba0ccxq@ssl-admin.bell(Admin Users - FreeRadius-Test-New)\"Wed Jun 13 13:19:40 2018\"sF2ZSnqZ" Proxy-State = 0x313235
Ok...
Going to the next request Waking up in 0.9 seconds. Waking up in 13.0 seconds. rad_recv: Access-Reject packet from host x.x.x.x port 1645, id=27, length=25 Proxy-State = 0x313235
<sigh> The home server is rejecting the user. That should be *very* clear from reading the logs. Why is the home server rejecting the user? Because the shared secret is wrong, and the User-Password is garbage. That should ALSO be clear from reading the logs. Alan DeKok.