Hello, in wireshark I can see now that the first request for access goes throught but the second one for accounting is rejected. Can you help me out why? What about encryption ? The secret on the nas server and on the radius is 100% same. Where can I look for this? I have chacked everything you said for now. Thanks! Miha Cleaning up request 1 ID 176 with timestamp +12 Ready to process requests. rad_recv: Access-Request packet from host 1.2.3.4 port 55983, id=139, length=206 Acct-Multi-Session-Id = "1292574457509" Cisco-Attr-130 = 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258 Calling-Station-Id = "81609000" NAS-Identifier = "intraswitch" NAS-IP-Address = 1.2.3.4 3GPP2-Prepaid-acct-Capability = 0x010600000002 3GPP2-Session-Termination-Capability = 1 h323-conf-id = "h323-conf-id=1292574457509" Vendor-Specific = 0x00000009 Event-Timestamp = "Dec 17 2010 09:27:37 CET" User-Name = "081609000" User-Password = "1122" # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "081609000", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [pgsql-voip] expand: %{User-Name} -> 081609000 [pgsql-voip] sql_set_user escaped user --> '081609000' rlm_sql (pgsql-voip): Reserving sql socket id: 22 [pgsql-voip] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '081609000' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 3 , fields = 5 [pgsql-voip] User found in radcheck table [pgsql-voip] expand: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '081609000' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 [pgsql-voip] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='081609000' ORDER BY priority rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 1 [pgsql-voip] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'dynamic' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 [pgsql-voip] User found in group dynamic [pgsql-voip] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'dynamic' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 4 , fields = 5 rlm_sql (pgsql-voip): Released sql socket id: 22 ++[pgsql-voip] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing MD5-Password from hex encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "1122" [pap] Using MD5 encryption. [pap] User authenticated successfully ++[pap] returns ok # Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 139 to 1.2.3.4 port 55983 Vendor-Specific := 0x3347505032 3GPP2-Prepaid-acct-Capability := 0x303130363030303030303032 3GPP2-Session-Termination-Capability := 1 3GPP2-Release-Indicator := 0 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 1.2.3.4 port 55121, id=193, length=335 User-Name = "081609000" User-Password = "\022\312w\014" Cisco-Attr-130 = 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258 Acct-Multi-Session-Id = "1292574457509" Calling-Station-Id = "81609000" Called-Station-Id = "38651357952" Cisco-AVPair = "h323-called-enterprise-id=External" h323-remote-address = "h323-remote-address=unknown" Acct-Session-Id = "129257445750920" h323-conf-id = "h323-conf-id=1292574457509" h323-incoming-conf-id = "h323-incoming-conf-id=1292574457509" 3GPP2-Prepaid-Acct-Quota = 0x0a06564f495008040002 Event-Timestamp = "Dec 17 2010 09:27:37 CET" Acct-Status-Type = One-Time Message-Authenticator = 0x6f793daff586ab35701631c5f2a48d96 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "081609000", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [pgsql-voip] expand: %{User-Name} -> 081609000 [pgsql-voip] sql_set_user escaped user --> '081609000' rlm_sql (pgsql-voip): Reserving sql socket id: 21 [pgsql-voip] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '081609000' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 3 , fields = 5 [pgsql-voip] User found in radcheck table [pgsql-voip] expand: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '081609000' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 [pgsql-voip] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='081609000' ORDER BY priority rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 1 [pgsql-voip] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'dynamic' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 [pgsql-voip] User found in group dynamic [pgsql-voip] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'dynamic' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 4 , fields = 5 rlm_sql (pgsql-voip): Released sql socket id: 21 ++[pgsql-voip] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing MD5-Password from hex encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "?Êw?" [pap] Using MD5 encryption. [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 081609000 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 Sending Access-Reject of id 193 to 1.2.3.4 port 55121 Waking up in 3.9 seconds. rad_recv: Access-Request packet from host 1.2.3.4 port 55121, id=193, length=335 Sending duplicate reply to client intraswitch port 55121 - ID: 193 Sending Access-Reject of id 193 to 1.2.3.4 port 55121 Waking up in 3.9 seconds. Cleaning up request 2 ID 139 with timestamp +728 Waking up in 1.0 seconds. Cleaning up request 3 ID 193 with timestamp +728 Ready to process requests. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3309116.html Sent from the FreeRadius - User mailing list archive at Nabble.com.