My Static IP Client conf. not work
Tevfik Ceydeliler
tevfik.ceydeliler at astron.yasar.com.tr
Wed Jan 13 11:26:22 CET 2010
Now I understand why I get accept message. Bec. of " DEFAULT Auth-Type := Accept". When I remove it I get reject. This error occurs for only users have Framed-IP-Address .
My verison is :
freeradius: FreeRADIUS Version 2.1.0, for host i486-pc-linux-gnu
Here is the CORRECT log:
##########################################################
rad_recv: Access-Request packet from host 172.30.80.1 port 4778, id=206, length=139
NAS-IP-Address = 172.30.80.1
NAS-Identifier = "GGFILE02"
Called-Station-Id = "yasarapn"
Framed-Protocol = GPRS-PDP-Context
Service-Type = Framed-User
NAS-Port-Type = Virtual
NAS-Port = 143607256
CHAP-Challenge = 0x2e302fefb09604035cfe4022945bfbd8
User-Name = "tevfikceydeliler"
CHAP-Password = 0x01a1b18b5f3a772a9107bee3ee400ff60e
Calling-Station-Id = "905308507313"
Wed Jan 13 12:17:33 2010 : Info: +- entering group authorize {...}
Wed Jan 13 12:17:33 2010 : Info: ++[preprocess] returns ok
Wed Jan 13 12:17:33 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/auth-detail-20100113
Wed Jan 13 12:17:33 2010 : Info: [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/auth-detail-20100113
Wed Jan 13 12:17:33 2010 : Debug: expand: %t -> Wed Jan 13 12:17:33 2010
Wed Jan 13 12:17:33 2010 : Info: ++[auth_log] returns ok
Wed Jan 13 12:17:33 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100113
Wed Jan 13 12:17:33 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100113
Wed Jan 13 12:17:33 2010 : Debug: expand: %t -> Wed Jan 13 12:17:33 2010
Wed Jan 13 12:17:33 2010 : Info: ++[detail] returns ok
Wed Jan 13 12:17:33 2010 : Info: [chap] Setting 'Auth-Type := CHAP'
Wed Jan 13 12:17:33 2010 : Info: ++[chap] returns ok
Wed Jan 13 12:17:33 2010 : Info: ++[mschap] returns noop
Wed Jan 13 12:17:33 2010 : Info: [suffix] No '@' in User-Name = "tevfikceydeliler", looking up realm NULL
Wed Jan 13 12:17:33 2010 : Info: [suffix] No such realm "NULL"
Wed Jan 13 12:17:33 2010 : Info: ++[suffix] returns noop
Wed Jan 13 12:17:33 2010 : Info: [eap] No EAP-Message, not doing EAP
Wed Jan 13 12:17:33 2010 : Info: ++[eap] returns noop
Wed Jan 13 12:17:33 2010 : Info: ++[unix] returns notfound
Wed Jan 13 12:17:33 2010 : Info: ++[files] returns noop
Wed Jan 13 12:17:33 2010 : Info: ++[expiration] returns noop
Wed Jan 13 12:17:33 2010 : Info: ++[logintime] returns noop
>>>>>>>Wed Jan 13 12:17:33 2010 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
>>>>>>>Wed Jan 13 12:17:33 2010 : Info: ++[pap] returns noop
>>>>>>>Wed Jan 13 12:17:33 2010 : Info: Found Auth-Type = CHAP
>>>>>>>Wed Jan 13 12:17:33 2010 : Info: +- entering group CHAP {...}
>>>>>>>Wed Jan 13 12:17:33 2010 : Info: [chap] login attempt by "tevfikceydeliler" with CHAP password
>>>>>>>Wed Jan 13 12:17:33 2010 : Info: [chap] Cleartext-Password is required for authentication
>>>>>>>Wed Jan 13 12:17:33 2010 : Info: ++[chap] returns invalid
>>>>>>>Wed Jan 13 12:17:33 2010 : Info: Failed to authenticate the user.
>>>>>>>Wed Jan 13 12:17:33 2010 : Auth: Login incorrect (rlm_chap: Clear text password not available): [tevfikceydeliler/<CHAP-Password>] (from client turkcellAPN port 143607256 cli 905308507313)
>>>>>>>Wed Jan 13 12:17:33 2010 : Info: Using Post-Auth-Type Reject
Wed Jan 13 12:17:33 2010 : Info: +- entering group REJECT {...}
Wed Jan 13 12:17:33 2010 : Debug: expand: %{User-Name} -> tevfikceydeliler
Wed Jan 13 12:17:33 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11
Wed Jan 13 12:17:33 2010 : Info: ++[attr_filter.access_reject] returns updated
Wed Jan 13 12:17:33 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100113
Wed Jan 13 12:17:33 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100113
Wed Jan 13 12:17:33 2010 : Debug: expand: %t -> Wed Jan 13 12:17:33 2010
Wed Jan 13 12:17:33 2010 : Info: ++[detail] returns ok
Wed Jan 13 12:17:33 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/reply-detail-20100113
Wed Jan 13 12:17:33 2010 : Info: [reply_log] /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/reply-detail-20100113
Wed Jan 13 12:17:33 2010 : Debug: expand: %t -> Wed Jan 13 12:17:33 2010
Wed Jan 13 12:17:33 2010 : Info: ++[reply_log] returns ok
Wed Jan 13 12:17:33 2010 : Info: Delaying reject of request 0 for 3 seconds
Wed Jan 13 12:17:33 2010 : Debug: Going to the next request
Wed Jan 13 12:17:33 2010 : Debug: Waking up in 0.9 seconds.
Wed Jan 13 12:17:34 2010 : Debug: Waking up in 1.9 seconds.
Wed Jan 13 12:17:36 2010 : Info: Sending delayed reject for request 0
Sending Access-Reject of id 206 to 172.30.80.1 port 4778
Wed Jan 13 12:17:36 2010 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.30.80.1 port 1806, id=237, length=139
NAS-IP-Address = 172.30.80.1
NAS-Identifier = "GGFILE02"
Called-Station-Id = "yasarapn"
Framed-Protocol = GPRS-PDP-Context
Service-Type = Framed-User
NAS-Port-Type = Virtual
NAS-Port = 193325448
CHAP-Challenge = 0x2e302fefb09604035cfe4022945bfbd8
User-Name = "tevfikceydeliler"
CHAP-Password = 0x01a1b18b5f3a772a9107bee3ee400ff60e
Calling-Station-Id = "905308507313"
Wed Jan 13 12:17:36 2010 : Info: +- entering group authorize {...}
Wed Jan 13 12:17:36 2010 : Info: ++[preprocess] returns ok
Wed Jan 13 12:17:36 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/auth-detail-20100113
Wed Jan 13 12:17:36 2010 : Info: [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/auth-detail-20100113
Wed Jan 13 12:17:36 2010 : Debug: expand: %t -> Wed Jan 13 12:17:36 2010
Wed Jan 13 12:17:36 2010 : Info: ++[auth_log] returns ok
Wed Jan 13 12:17:36 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100113
Wed Jan 13 12:17:36 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100113
Wed Jan 13 12:17:36 2010 : Debug: expand: %t -> Wed Jan 13 12:17:36 2010
Wed Jan 13 12:17:36 2010 : Info: ++[detail] returns ok
Wed Jan 13 12:17:36 2010 : Info: [chap] Setting 'Auth-Type := CHAP'
Wed Jan 13 12:17:36 2010 : Info: ++[chap] returns ok
Wed Jan 13 12:17:36 2010 : Info: ++[mschap] returns noop
Wed Jan 13 12:17:36 2010 : Info: [suffix] No '@' in User-Name = "tevfikceydeliler", looking up realm NULL
Wed Jan 13 12:17:36 2010 : Info: [suffix] No such realm "NULL"
Wed Jan 13 12:17:36 2010 : Info: ++[suffix] returns noop
Wed Jan 13 12:17:36 2010 : Info: [eap] No EAP-Message, not doing EAP
Wed Jan 13 12:17:36 2010 : Info: ++[eap] returns noop
Wed Jan 13 12:17:36 2010 : Info: ++[unix] returns notfound
Wed Jan 13 12:17:36 2010 : Info: ++[files] returns noop
Wed Jan 13 12:17:36 2010 : Info: ++[expiration] returns noop
Wed Jan 13 12:17:36 2010 : Info: ++[logintime] returns noop
Wed Jan 13 12:17:36 2010 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
Wed Jan 13 12:17:36 2010 : Info: ++[pap] returns noop
Wed Jan 13 12:17:36 2010 : Info: Found Auth-Type = CHAP
Wed Jan 13 12:17:36 2010 : Info: +- entering group CHAP {...}
Wed Jan 13 12:17:36 2010 : Info: [chap] login attempt by "tevfikceydeliler" with CHAP password
Wed Jan 13 12:17:36 2010 : Info: [chap] Cleartext-Password is required for authentication
Wed Jan 13 12:17:36 2010 : Info: ++[chap] returns invalid
Wed Jan 13 12:17:36 2010 : Info: Failed to authenticate the user.
Wed Jan 13 12:17:36 2010 : Auth: Login incorrect (rlm_chap: Clear text password not available): [tevfikceydeliler/<CHAP-Password>] (from client turkcellAPN port 193325448 cli 905308507313)
Wed Jan 13 12:17:36 2010 : Info: Using Post-Auth-Type Reject
Wed Jan 13 12:17:36 2010 : Info: +- entering group REJECT {...}
Wed Jan 13 12:17:36 2010 : Debug: expand: %{User-Name} -> tevfikceydeliler
Wed Jan 13 12:17:36 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11
Wed Jan 13 12:17:36 2010 : Info: ++[attr_filter.access_reject] returns updated
Wed Jan 13 12:17:36 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100113
Wed Jan 13 12:17:36 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100113
Wed Jan 13 12:17:36 2010 : Debug: expand: %t -> Wed Jan 13 12:17:36 2010
Wed Jan 13 12:17:36 2010 : Info: ++[detail] returns ok
Wed Jan 13 12:17:36 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/reply-detail-20100113
Wed Jan 13 12:17:36 2010 : Info: [reply_log] /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/reply-detail-20100113
Wed Jan 13 12:17:36 2010 : Debug: expand: %t -> Wed Jan 13 12:17:36 2010
Wed Jan 13 12:17:36 2010 : Info: ++[reply_log] returns ok
Wed Jan 13 12:17:36 2010 : Info: Delaying reject of request 1 for 3 seconds
Wed Jan 13 12:17:36 2010 : Debug: Going to the next request
Wed Jan 13 12:17:36 2010 : Debug: Waking up in 0.9 seconds.
Wed Jan 13 12:17:37 2010 : Debug: Waking up in 1.9 seconds.
Wed Jan 13 12:17:39 2010 : Info: Sending delayed reject for request 1
Sending Access-Reject of id 237 to 172.30.80.1 port 1806
Wed Jan 13 12:17:39 2010 : Debug: Waking up in 1.9 seconds.
Wed Jan 13 12:17:41 2010 : Info: Cleaning up request 0 ID 206 with timestamp +165
Wed Jan 13 12:17:41 2010 : Debug: Waking up in 3.0 seconds.
Wed Jan 13 12:17:44 2010 : Info: Cleaning up request 1 ID 237 with timestamp +168
Wed Jan 13 12:17:44 2010 : Debug: Ready to process requests.
##########################################################################
Tevfik Ceydeliler
Hello Tevfik,
Run radius in debug mode (radius -X) and then try to authenticate the user. You should have enough information in the debug to
figure out the problem.
If you still can't figure it out paste your debug output here. You may also want to mention what version of freeradius you're
using.
Adrian
-----Original Message-----
From: freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org
[mailto:freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org] On Behalf Of Tevfik Ceydeliler
Sent: Tuesday, January 12, 2010 2:15 AM
To: freeradius-users at lists.freeradius.org
Subject: My Static IP Client conf. not work
Hi Adrian,
I change the operator for Framed IP Address and Netmask.
But nothing changed.
Client get Access-Accept but no IP address assigned. I check it with "ipconfig"
Regards...
Tevfik Ceydeliler
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 57, Issue 38
************************************************
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
More information about the Freeradius-Users
mailing list