not able to get authenticated by free Radius

Yagnesh Dave yagnesh.dave at rediffmail.com
Thu Dec 3 17:48:44 CET 2009


Hi, 

I am not able to get authenticate from the free radius server. PLease fins the logs for the same on my LNS

#################################################################

072633: Dec  3 22:13:48.335 IST: ppp491 PPP: Authorization required
072634: Dec  3 22:13:48.335 IST: ppp491 PPP: Sent CHAP LOGIN Request
072635: Dec  3 22:13:48.335 IST: RADIUS/ENCODE(00001A39):Orig. component type = VPDN
072636: Dec  3 22:13:48.335 IST: RADIUS:  AAA Unsupported Attr: interface         [157] 15  
072637: Dec  3 22:13:48.335 IST: RADIUS:   55 6E 69 71 2D 53 65 73 73 2D 49 44 34           [Uniq-Sess-ID4]
072638: Dec  3 22:13:48.335 IST: RADIUS(00001A39): Config NAS IP: 192.168.243.250
072639: Dec  3 22:13:48.335 IST: RADIUS/ENCODE(00001A39): acct_session_id: 10199
072640: Dec  3 22:13:48.335 IST: RADIUS(00001A39): sending
072641: Dec  3 22:13:48.335 IST: RADIUS(00001A39): Send Access-Request to 172.31.6.158:1645 id 1645/128, len 133
072642: Dec  3 22:13:48.335 IST: RADIUS:  authenticator 44 7F FA 34 1E FE 1E 8C - DB F7 84 BE 44 0A 5E 40
072643: Dec  3 22:13:48.335 IST: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
072644: Dec  3 22:13:48.335 IST: RADIUS:  User-Name           [1]   17  "tcl1 at cisco1.com"
072645: Dec  3 22:13:48.335 IST: RADIUS:  CHAP-Password       [3]   19  *
072646: Dec  3 22:13:48.335 IST: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
072647: Dec  3 22:13:48.335 IST: RADIUS:  NAS-Port            [5]   6   491                       
072648: Dec  3 22:13:48.335 IST: RADIUS:  NAS-Port-Id         [87]  17  "Uniq-Sess-ID491"
072649: Dec  3 22:13:48.335 IST: RADIUS:  Calling-Station-Id  [31]  17  "404001623674242"
072650: Dec  3 22:13:48.335 IST: RADIUS:  Connect-Info        [77]  13  "64000/57600"
072651: Dec  3 22:13:48.335 IST: RADIUS:  Service-Type        [6]   6   Framed                    [2]
072652: Dec  3 22:13:48.335 IST: RADIUS:  NAS-IP-Address      [4]   6   192.168.243.250           
072653: Dec  3 22:13:48.567 IST: ppp492 PPP: Authorization required
072654: Dec  3 22:13:48.567 IST: ppp492 PPP: Sent CHAP LOGIN Request
072655: Dec  3 22:13:48.567 IST: RADIUS/ENCODE(00001A3A):Orig. component type = VPDN
072656: Dec  3 22:13:48.567 IST: RADIUS:  AAA Unsupported Attr: interface         [157] 15  
072657: Dec  3 22:13:48.567 IST: RADIUS:   55 6E 69 71 2D 53 65 73 73 2D 49 44 34           [Uniq-Sess-ID4]
072658: Dec  3 22:13:48.567 IST: RADIUS(00001A3A): Config NAS IP: 192.168.243.250
072659: Dec  3 22:13:48.567 IST: RADIUS/ENCODE(00001A3A): acct_session_id: 10200
072660: Dec  3 22:13:48.567 IST: RADIUS(00001A3A): sending
072661: Dec  3 22:13:48.567 IST: RADIUS(00001A3A): Send Access-Request to 172.31.6.158:1645 id 1645/129, len 133
072662: Dec  3 22:13:48.567 IST: RADIUS:  authenticator 24 41 31 64 0C 88 D8 9F - F6 12 B3 78 5E B7 27 09
072663: Dec  3 22:13:48.567 IST: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
072664: Dec  3 22:13:48.571 IST: RADIUS:  User-Name           [1]   17  "tcl2 at cisco1.com"
072665: Dec  3 22:13:48.571 IST: RADIUS:  CHAP-Password       [3]   19  *
072666: Dec  3 22:13:48.571 IST: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
072667: Dec  3 22:13:48.571 IST: RADIUS:  NAS-Port            [5]   6   492                       
072668: Dec  3 22:13:48.571 IST: RADIUS:  NAS-Port-Id         [87]  17  "Uniq-Sess-ID492"
072669: Dec  3 22:13:48.571 IST: RADIUS:  Calling-Station-Id  [31]  17  "404000341609662"
072670: Dec  3 22:13:48.571 IST: RADIUS:  Connect-Info        [77]  13  "64000/57600"
072671: Dec  3 22:13:48.571 IST: RADIUS:  Service-Type        [6]   6   Framed                    [2]
072672: Dec  3 22:13:48.571 IST: RADIUS:  NAS-IP-Address      [4]   6   192.168.243.250           
072673: Dec  3 22:13:49.351 IST: RADIUS: Received from id 1645/128 172.31.6.158:1645, Access-Reject, len 20
072674: Dec  3 22:13:49.351 IST: RADIUS:  authenticator FC 4F 4F CC 30 09 61 22 - AC E0 57 93 17 B0 C5 A9
072675: Dec  3 22:13:49.351 IST: RADIUS(00001A39): Received from id 1645/128
072676: Dec  3 22:13:49.351 IST: ppp491 PPP: Received LOGIN Response FAIL
072677: Dec  3 22:13:49.351 IST: ppp491 CHAP: O FAILURE id 1 len 25 msg is "Authentication failed"
072678: Dec  3 22:13:49.583 IST: RADIUS: Received from id 1645/129 172.31.6.158:1645, Access-Reject, len 20
072679: Dec  3 22:13:49.583 IST: RADIUS:  authenticator 94 73 B6 A0 77 2C FB 52 - 91 5A 52 20 A1 8A 00 A5
072680: Dec  3 22:13:49.583 IST: RADIUS(00001A3A): Received from id 1645/129
072681: Dec  3 22:13:49.583 IST: ppp492 PPP: Received LOGIN Response FAIL
072682: Dec  3 22:13:49.583 IST: ppp492 CHAP: O FAILURE id 1 len 25 msg is "Authentication failed"

###################################################################

Debug Logs on the FreeRadius server


########################################################

rad_recv: Access-Request packet from host 192.168.243.250 port 1645, id=139, length=164
        Framed-Protocol = PPP
        User-Name = "tcl1 at cisco1.com"
        CHAP-Challenge = 0xe9c73ba6d4a4d55f4ecb135615450c55dcb53dc4a438afe357bb024f5e
        CHAP-Password = 0x012699c4cf08980486a7c5a2f124022fb7
        NAS-Port-Type = Virtual
        NAS-Port = 502
        NAS-Port-Id = "Uniq-Sess-ID502"
        Calling-Station-Id = "404000834680158"
        Connect-Info = "64000/57600"
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.243.250
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[suffix] Looking up realm "cisco1.com" for User-Name = "tcl1 at cisco1.com"
[suffix] Found realm "cisco1.com"
[suffix] Adding Realm = "cisco1.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by "tcl1 at cisco1.com" with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> tcl1 at cisco1.com
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 37 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 37
Sending Access-Reject of id 139 to 192.168.243.250 port 1645

###############################################################

Please let me know where I have done a mis-config.

Thanks and Regards,
Dave.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091203/0917fbca/attachment.html>


More information about the Freeradius-Users mailing list