not able to get authenticated by free Radius
Wagner Pereira
wpereira at pop-sp.rnp.br
Thu Dec 3 18:06:29 CET 2009
Hi, Dave.
I hope that can help you: http://twitpic.com/rv5a4/full
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Fone at RNP 1015-8902
Yagnesh Dave escreveu:
> Hi,
>
> I am not able to get authenticate from the free radius server. PLease
> fins the logs for the same on my LNS
>
> #################################################################
>
> 072633: Dec 3 22:13:48.335 IST: ppp491 PPP: Authorization required
> 072634: Dec 3 22:13:48.335 IST: ppp491 PPP: Sent CHAP LOGIN Request
> 072635: Dec 3 22:13:48.335 IST: RADIUS/ENCODE(00001A39):Orig.
> component type = VPDN
> 072636: Dec 3 22:13:48.335 IST: RADIUS: AAA Unsupported Attr:
> interface [157] 15
> 072637: Dec 3 22:13:48.335 IST: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D
> 49 44 34 [Uniq-Sess-ID4]
> 072638: Dec 3 22:13:48.335 IST: RADIUS(00001A39): Config NAS IP:
> 192.168.243.250
> 072639: Dec 3 22:13:48.335 IST: RADIUS/ENCODE(00001A39):
> acct_session_id: 10199
> 072640: Dec 3 22:13:48.335 IST: RADIUS(00001A39): sending
> 072641: Dec 3 22:13:48.335 IST: RADIUS(00001A39): Send Access-Request
> to 172.31.6.158:1645 id 1645/128, len 133
> 072642: Dec 3 22:13:48.335 IST: RADIUS: authenticator 44 7F FA 34 1E
> FE 1E 8C - DB F7 84 BE 44 0A 5E 40
> 072643: Dec 3 22:13:48.335 IST: RADIUS: Framed-Protocol [7] 6 PPP [1]
> 072644: Dec 3 22:13:48.335 IST: RADIUS: User-Name [1] 17 "tcl1 at cisco1.com"
> 072645: Dec 3 22:13:48.335 IST: RADIUS: CHAP-Password [3] 19 *
> 072646: Dec 3 22:13:48.335 IST: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
> 072647: Dec 3 22:13:48.335 IST: RADIUS: NAS-Port [5] 6 491
> 072648: Dec 3 22:13:48.335 IST: RADIUS: NAS-Port-Id [87] 17
> "Uniq-Sess-ID491"
> 072649: Dec 3 22:13:48.335 IST: RADIUS: Calling-Station-Id [31] 17
> "404001623674242"
> 072650: Dec 3 22:13:48.335 IST: RADIUS: Connect-Info [77] 13 "64000/57600"
> 072651: Dec 3 22:13:48.335 IST: RADIUS: Service-Type [6] 6 Framed [2]
> 072652: Dec 3 22:13:48.335 IST: RADIUS: NAS-IP-Address [4] 6
> 192.168.243.250
> 072653: Dec 3 22:13:48.567 IST: ppp492 PPP: Authorization required
> 072654: Dec 3 22:13:48.567 IST: ppp492 PPP: Sent CHAP LOGIN Request
> 072655: Dec 3 22:13:48.567 IST: RADIUS/ENCODE(00001A3A):Orig.
> component type = VPDN
> 072656: Dec 3 22:13:48.567 IST: RADIUS: AAA Unsupported Attr:
> interface [157] 15
> 072657: Dec 3 22:13:48.567 IST: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D
> 49 44 34 [Uniq-Sess-ID4]
> 072658: Dec 3 22:13:48.567 IST: RADIUS(00001A3A): Config NAS IP:
> 192.168.243.250
> 072659: Dec 3 22:13:48.567 IST: RADIUS/ENCODE(00001A3A):
> acct_session_id: 10200
> 072660: Dec 3 22:13:48.567 IST: RADIUS(00001A3A): sending
> 072661: Dec 3 22:13:48.567 IST: RADIUS(00001A3A): Send Access-Request
> to 172.31.6.158:1645 id 1645/129, len 133
> 072662: Dec 3 22:13:48.567 IST: RADIUS: authenticator 24 41 31 64 0C
> 88 D8 9F - F6 12 B3 78 5E B7 27 09
> 072663: Dec 3 22:13:48.567 IST: RADIUS: Framed-Protocol [7] 6 PPP [1]
> 072664: Dec 3 22:13:48.571 IST: RADIUS: User-Name [1] 17 "tcl2 at cisco1.com"
> 072665: Dec 3 22:13:48.571 IST: RADIUS: CHAP-Password [3] 19 *
> 072666: Dec 3 22:13:48.571 IST: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
> 072667: Dec 3 22:13:48.571 IST: RADIUS: NAS-Port [5] 6 492
> 072668: Dec 3 22:13:48.571 IST: RADIUS: NAS-Port-Id [87] 17
> "Uniq-Sess-ID492"
> 072669: Dec 3 22:13:48.571 IST: RADIUS: Calling-Station-Id [31] 17
> "404000341609662"
> 072670: Dec 3 22:13:48.571 IST: RADIUS: Connect-Info [77] 13 "64000/57600"
> 072671: Dec 3 22:13:48.571 IST: RADIUS: Service-Type [6] 6 Framed [2]
> 072672: Dec 3 22:13:48.571 IST: RADIUS: NAS-IP-Address [4] 6
> 192.168.243.250
> 072673: Dec 3 22:13:49.351 IST: RADIUS: Received from id 1645/128
> 172.31.6.158:1645, Access-Reject, len 20
> 072674: Dec 3 22:13:49.351 IST: RADIUS: authenticator FC 4F 4F CC 30
> 09 61 22 - AC E0 57 93 17 B0 C5 A9
> 072675: Dec 3 22:13:49.351 IST: RADIUS(00001A39): Received from id
> 1645/128
> 072676: Dec 3 22:13:49.351 IST: ppp491 PPP: Received LOGIN Response FAIL
> 072677: Dec 3 22:13:49.351 IST: ppp491 CHAP: O FAILURE id 1 len 25 msg
> is "Authentication failed"
> 072678: Dec 3 22:13:49.583 IST: RADIUS: Received from id 1645/129
> 172.31.6.158:1645, Access-Reject, len 20
> 072679: Dec 3 22:13:49.583 IST: RADIUS: authenticator 94 73 B6 A0 77
> 2C FB 52 - 91 5A 52 20 A1 8A 00 A5
> 072680: Dec 3 22:13:49.583 IST: RADIUS(00001A3A): Received from id
> 1645/129
> 072681: Dec 3 22:13:49.583 IST: ppp492 PPP: Received LOGIN Response FAIL
> 072682: Dec 3 22:13:49.583 IST: ppp492 CHAP: O FAILURE id 1 len 25 msg
> is "Authentication failed"
>
> ###################################################################
>
> Debug Logs on the FreeRadius server
>
>
> ########################################################
>
> rad_recv: Access-Request packet from host 192.168.243.250 port 1645,
> id=139, length=164
> Framed-Protocol = PPP
> User-Name = "tcl1 at cisco1.com"
> CHAP-Challenge =
> 0xe9c73ba6d4a4d55f4ecb135615450c55dcb53dc4a438afe357bb024f5e
> CHAP-Password = 0x012699c4cf08980486a7c5a2f124022fb7
> NAS-Port-Type = Virtual
> NAS-Port = 502
> NAS-Port-Id = "Uniq-Sess-ID502"
> Calling-Station-Id = "404000834680158"
> Connect-Info = "64000/57600"
> Service-Type = Framed-User
> NAS-IP-Address = 192.168.243.250
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [chap] Setting 'Auth-Type := CHAP'
> ++[chap] returns ok
> ++[mschap] returns noop
> [suffix] Looking up realm "cisco1.com" for User-Name = "tcl1 at cisco1.com"
> [suffix] Found realm "cisco1.com"
> [suffix] Adding Realm = "cisco1.com"
> [suffix] Authentication realm is LOCAL.
> ++[suffix] returns ok
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> [files] users: Matched entry DEFAULT at line 172
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> Found Auth-Type = CHAP
> +- entering group CHAP {...}
> [chap] login attempt by "tcl1 at cisco1.com" with CHAP password
> [chap] Cleartext-Password is required for authentication
> ++[chap] returns invalid
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> tcl1 at cisco1.com
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 37 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 37
> Sending Access-Reject of id 139 to 192.168.243.250 port 1645
>
> ###############################################################
>
> Please let me know where I have done a mis-config.
>
> Thanks and Regards,
> Dave.
>
>
> <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?>
>
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list