not able to get authenticated by free Radius
Yagnesh Dave
yagnesh.dave at rediffmail.com
Thu Dec 3 17:48:44 CET 2009
Hi,
I am not able to get authenticate from the free radius server. PLease fins the logs for the same on my LNS
#################################################################
072633: Dec 3 22:13:48.335 IST: ppp491 PPP: Authorization required
072634: Dec 3 22:13:48.335 IST: ppp491 PPP: Sent CHAP LOGIN Request
072635: Dec 3 22:13:48.335 IST: RADIUS/ENCODE(00001A39):Orig. component type = VPDN
072636: Dec 3 22:13:48.335 IST: RADIUS: AAA Unsupported Attr: interface [157] 15
072637: Dec 3 22:13:48.335 IST: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 34 [Uniq-Sess-ID4]
072638: Dec 3 22:13:48.335 IST: RADIUS(00001A39): Config NAS IP: 192.168.243.250
072639: Dec 3 22:13:48.335 IST: RADIUS/ENCODE(00001A39): acct_session_id: 10199
072640: Dec 3 22:13:48.335 IST: RADIUS(00001A39): sending
072641: Dec 3 22:13:48.335 IST: RADIUS(00001A39): Send Access-Request to 172.31.6.158:1645 id 1645/128, len 133
072642: Dec 3 22:13:48.335 IST: RADIUS: authenticator 44 7F FA 34 1E FE 1E 8C - DB F7 84 BE 44 0A 5E 40
072643: Dec 3 22:13:48.335 IST: RADIUS: Framed-Protocol [7] 6 PPP [1]
072644: Dec 3 22:13:48.335 IST: RADIUS: User-Name [1] 17 "tcl1 at cisco1.com"
072645: Dec 3 22:13:48.335 IST: RADIUS: CHAP-Password [3] 19 *
072646: Dec 3 22:13:48.335 IST: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
072647: Dec 3 22:13:48.335 IST: RADIUS: NAS-Port [5] 6 491
072648: Dec 3 22:13:48.335 IST: RADIUS: NAS-Port-Id [87] 17 "Uniq-Sess-ID491"
072649: Dec 3 22:13:48.335 IST: RADIUS: Calling-Station-Id [31] 17 "404001623674242"
072650: Dec 3 22:13:48.335 IST: RADIUS: Connect-Info [77] 13 "64000/57600"
072651: Dec 3 22:13:48.335 IST: RADIUS: Service-Type [6] 6 Framed [2]
072652: Dec 3 22:13:48.335 IST: RADIUS: NAS-IP-Address [4] 6 192.168.243.250
072653: Dec 3 22:13:48.567 IST: ppp492 PPP: Authorization required
072654: Dec 3 22:13:48.567 IST: ppp492 PPP: Sent CHAP LOGIN Request
072655: Dec 3 22:13:48.567 IST: RADIUS/ENCODE(00001A3A):Orig. component type = VPDN
072656: Dec 3 22:13:48.567 IST: RADIUS: AAA Unsupported Attr: interface [157] 15
072657: Dec 3 22:13:48.567 IST: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 34 [Uniq-Sess-ID4]
072658: Dec 3 22:13:48.567 IST: RADIUS(00001A3A): Config NAS IP: 192.168.243.250
072659: Dec 3 22:13:48.567 IST: RADIUS/ENCODE(00001A3A): acct_session_id: 10200
072660: Dec 3 22:13:48.567 IST: RADIUS(00001A3A): sending
072661: Dec 3 22:13:48.567 IST: RADIUS(00001A3A): Send Access-Request to 172.31.6.158:1645 id 1645/129, len 133
072662: Dec 3 22:13:48.567 IST: RADIUS: authenticator 24 41 31 64 0C 88 D8 9F - F6 12 B3 78 5E B7 27 09
072663: Dec 3 22:13:48.567 IST: RADIUS: Framed-Protocol [7] 6 PPP [1]
072664: Dec 3 22:13:48.571 IST: RADIUS: User-Name [1] 17 "tcl2 at cisco1.com"
072665: Dec 3 22:13:48.571 IST: RADIUS: CHAP-Password [3] 19 *
072666: Dec 3 22:13:48.571 IST: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
072667: Dec 3 22:13:48.571 IST: RADIUS: NAS-Port [5] 6 492
072668: Dec 3 22:13:48.571 IST: RADIUS: NAS-Port-Id [87] 17 "Uniq-Sess-ID492"
072669: Dec 3 22:13:48.571 IST: RADIUS: Calling-Station-Id [31] 17 "404000341609662"
072670: Dec 3 22:13:48.571 IST: RADIUS: Connect-Info [77] 13 "64000/57600"
072671: Dec 3 22:13:48.571 IST: RADIUS: Service-Type [6] 6 Framed [2]
072672: Dec 3 22:13:48.571 IST: RADIUS: NAS-IP-Address [4] 6 192.168.243.250
072673: Dec 3 22:13:49.351 IST: RADIUS: Received from id 1645/128 172.31.6.158:1645, Access-Reject, len 20
072674: Dec 3 22:13:49.351 IST: RADIUS: authenticator FC 4F 4F CC 30 09 61 22 - AC E0 57 93 17 B0 C5 A9
072675: Dec 3 22:13:49.351 IST: RADIUS(00001A39): Received from id 1645/128
072676: Dec 3 22:13:49.351 IST: ppp491 PPP: Received LOGIN Response FAIL
072677: Dec 3 22:13:49.351 IST: ppp491 CHAP: O FAILURE id 1 len 25 msg is "Authentication failed"
072678: Dec 3 22:13:49.583 IST: RADIUS: Received from id 1645/129 172.31.6.158:1645, Access-Reject, len 20
072679: Dec 3 22:13:49.583 IST: RADIUS: authenticator 94 73 B6 A0 77 2C FB 52 - 91 5A 52 20 A1 8A 00 A5
072680: Dec 3 22:13:49.583 IST: RADIUS(00001A3A): Received from id 1645/129
072681: Dec 3 22:13:49.583 IST: ppp492 PPP: Received LOGIN Response FAIL
072682: Dec 3 22:13:49.583 IST: ppp492 CHAP: O FAILURE id 1 len 25 msg is "Authentication failed"
###################################################################
Debug Logs on the FreeRadius server
########################################################
rad_recv: Access-Request packet from host 192.168.243.250 port 1645, id=139, length=164
Framed-Protocol = PPP
User-Name = "tcl1 at cisco1.com"
CHAP-Challenge = 0xe9c73ba6d4a4d55f4ecb135615450c55dcb53dc4a438afe357bb024f5e
CHAP-Password = 0x012699c4cf08980486a7c5a2f124022fb7
NAS-Port-Type = Virtual
NAS-Port = 502
NAS-Port-Id = "Uniq-Sess-ID502"
Calling-Station-Id = "404000834680158"
Connect-Info = "64000/57600"
Service-Type = Framed-User
NAS-IP-Address = 192.168.243.250
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[suffix] Looking up realm "cisco1.com" for User-Name = "tcl1 at cisco1.com"
[suffix] Found realm "cisco1.com"
[suffix] Adding Realm = "cisco1.com"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by "tcl1 at cisco1.com" with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> tcl1 at cisco1.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 37 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 37
Sending Access-Reject of id 139 to 192.168.243.250 port 1645
###############################################################
Please let me know where I have done a mis-config.
Thanks and Regards,
Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091203/0917fbca/attachment.html>
More information about the Freeradius-Users
mailing list