Server logs say users authenticate, but they don't (Now with more details!)

James Wakefield jamesw at
Tue Nov 7 00:23:00 CET 2006

Hi Ernie,

* Run radiusd -X and check that Access-Accept is being sent, and how 
long after the Access-Request this is.

* Verify with tcpdump that the packet is actually getting onto the wire.

* Check for iptables rules/access-lists that might be dropping/rejecting 
the packets.

* Make sure your AS5300 and freeradius are configured to use the same 
port numbers.  freeradius shouldn't be seeing the Access-Request if not, 
but it might be worth a look.

Ernie Dunbar wrote:
>> G'day Ernie,
>> Can you sniff on the AS5300 and ensure the Access-Accept packets are
>> arriving before the 3 second (default) timeout?
> Yes, we tried that. The access-accept packets aren't arriving at all!
>> Does it work if you temporarily disable the Simultaneous-Use check?
> No, that doesn't work either.
> - 
> List info/subscribe/unsubscribe? See

James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.

Phone: 03 5227 8690 International: +61 3 5227 8690
Fax:   03 5227 8866 International: +61 3 5227 8866
E-mail:   james.wakefield at

More information about the Freeradius-Users mailing list