Can't Assign IP address my users
Tevfik Ceydeliler
tevfik.ceydeliler at astron.yasar.com.tr
Thu Jan 21 07:17:54 CET 2010
Hi Alain,
According your suggestion I delete " Packet-Type == Access-Request" -I wrote down to config according to SecOvid manual-, and,I dont think that problem is home server because home server accept requests when user IP comes from IP pool.This problem happens for only user who wanna use static ip.
All problem is, the user must static IP, cant connect.
As you see the log below, radius asks sends request and home server accept in first request:
...
...
Wed Jan 20 10:01:07 2010 : Debug: Going to the next request
Wed Jan 20 10:01:07 2010 : Debug: Waking up in 0.9 seconds.
##########HERE IS ACCESS ACCEPT >rad_recv: Access-Accept packet from host 10.1.1.51 port 1812, id=107, length=24
Proxy-State = 0x3530
Wed Jan 20 10:01:07 2010 : Info: +- entering group post-proxy {...}
Wed Jan 20 10:01:07 2010 : Info: [eap] No pre-existing handler found
Wed Jan 20 10:01:07 2010 : Info: ++[eap] returns noop
Wed Jan 20 10:01:07 2010 : Info: Found Auth-Type = CHAP
Wed Jan 20 10:01:07 2010 : Info: Found Auth-Type = Accept
Wed Jan 20 10:01:07 2010 : Error: Warning: Found 2 auth-types on request for user 'tevfikceydeliler' >>>>>>>>>>>>>>>>>>>ERROR HERE
Wed Jan 20 10:01:07 2010 : Info: Auth-Type = Accept, accepting the user
Wed Jan 20 10:01:07 2010 : Info: +- entering group post-auth {...}
Wed Jan 20 10:01:07 2010 : Info: [main_pool] Could not find Pool-Name attribute.
Wed Jan 20 10:01:07 2010 : Info: ++[main_pool] returns noop
Wed Jan 20 10:01:07 2010 : Info: [birmas] Could not find Pool-Name attribute.
Wed Jan 20 10:01:07 2010 : Info: ++[birmas] returns noop
Wed Jan 20 10:01:07 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100120
Wed Jan 20 10:01:07 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100120
Wed Jan 20 10:01:07 2010 : Debug: expand: %t -> Wed Jan 20 10:01:07 2010
Wed Jan 20 10:01:07 2010 : Info: ++[detail] returns ok
Wed Jan 20 10:01:07 2010 : Info: ++[exec] returns noop
Sending Access-Accept of id 50 to 172.30.80.1 port 2005
Wed Jan 20 10:01:07 2010 : Info: Finished request 1.
Wed Jan 20 10:01:07 2010 : Debug: Going to the next request
Wed Jan 20 10:01:07 2010 : Debug: Waking up in 4.9 seconds.
###########AGAIN ACCESS-REQUEST > rad_recv: Access-Request packet from host 172.30.80.1 port 1806, id=154, length=139
NAS-IP-Address = 172.30.80.1
NAS-Identifier = "GGFILE02"
Called-Station-Id = "yasarapn"
Framed-Protocol = GPRS-PDP-Context
Service-Type = Framed-User
NAS-Port-Type = Virtual
NAS-Port = 40329920
CHAP-Challenge = 0x224a9ef9367e1507dc0e1114ce97e66b
User-Name = "tevfikceydeliler"
CHAP-Password = 0x0142e9c0c54eb5526890378c5f4d16ff35
Calling-Station-Id = "905308507313"
Wed Jan 20 10:01:07 2010 : Info: +- entering group authorize {...}
Wed Jan 20 10:01:07 2010 : Info: ++[preprocess] returns ok
Wed Jan 20 10:01:07 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100120
Wed Jan 20 10:01:07 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100120
Wed Jan 20 10:01:07 2010 : Debug: expand: %t -> Wed Jan 20 10:01:07 2010
Wed Jan 20 10:01:07 2010 : Info: ++[detail] returns ok
Wed Jan 20 10:01:07 2010 : Info: [chap] Setting 'Auth-Type := CHAP'
Wed Jan 20 10:01:07 2010 : Info: ++[chap] returns ok
Wed Jan 20 10:01:07 2010 : Info: ++[mschap] returns noop
Wed Jan 20 10:01:07 2010 : Info: [suffix] No '@' in User-Name = "tevfikceydeliler", looking up realm NULL
Wed Jan 20 10:01:07 2010 : Info: [suffix] No such realm "NULL"
Wed Jan 20 10:01:07 2010 : Info: ++[suffix] returns noop
Wed Jan 20 10:01:07 2010 : Info: [eap] No EAP-Message, not doing EAP
Wed Jan 20 10:01:07 2010 : Info: ++[eap] returns noop
Wed Jan 20 10:01:07 2010 : Info: ++[unix] returns notfound
Wed Jan 20 10:01:07 2010 : Info: [files] users: Matched entry tevfikceydeliler at line 219
Wed Jan 20 10:01:07 2010 : Info: ++[files] returns ok
Wed Jan 20 10:01:07 2010 : Info: ++[expiration] returns noop
Wed Jan 20 10:01:07 2010 : Info: ++[logintime] returns noop
Wed Jan 20 10:01:07 2010 : Info: ++[pap] returns noop
Wed Jan 20 10:01:07 2010 : Info: +- entering group pre-proxy {...}
Wed Jan 20 10:01:07 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100120
Wed Jan 20 10:01:07 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100120
Wed Jan 20 10:01:07 2010 : Debug: expand: %t -> Wed Jan 20 10:01:07 2010
Wed Jan 20 10:01:07 2010 : Info: ++[detail] returns ok
Sending Access-Request of id 115 to 10.1.1.51 port 1812
NAS-IP-Address = 172.30.80.1
NAS-Identifier = "GGFILE02"
Called-Station-Id = "yasarapn"
Framed-Protocol = GPRS-PDP-Context
Service-Type = Framed-User
NAS-Port-Type = Virtual
NAS-Port = 40329920
CHAP-Challenge = 0x224a9ef9367e1507dc0e1114ce97e66b
User-Name = "tevfikceydeliler"
CHAP-Password = 0x0142e9c0c54eb5526890378c5f4d16ff35
Calling-Station-Id = "905308507313"
Proxy-State = 0x313534
Wed Jan 20 10:01:07 2010 : Info: Proxying request 2 to home server 10.1.1.51 port 1812
Sending Access-Request of id 115 to 10.1.1.51 port 1812
NAS-IP-Address = 172.30.80.1
NAS-Identifier = "GGFILE02"
Called-Station-Id = "yasarapn"
Framed-Protocol = GPRS-PDP-Context
Service-Type = Framed-User
NAS-Port-Type = Virtual
NAS-Port = 40329920
CHAP-Challenge = 0x224a9ef9367e1507dc0e1114ce97e66b
User-Name = "tevfikceydeliler"
CHAP-Password = 0x0142e9c0c54eb5526890378c5f4d16ff35
Calling-Station-Id = "905308507313"
Proxy-State = 0x313534
Wed Jan 20 10:01:07 2010 : Debug: Going to the next request
Wed Jan 20 10:01:07 2010 : Debug: Waking up in 0.9 seconds.
rad_recv: Access-Reject packet from host 10.1.1.51 port 1812, id=115, length=25
Proxy-State = 0x313534
Wed Jan 20 10:01:07 2010 : Info: +- entering group post-proxy {...}
Wed Jan 20 10:01:07 2010 : Info: [eap] No pre-existing handler found
Wed Jan 20 10:01:07 2010 : Info: ++[eap] returns noop
Wed Jan 20 10:01:07 2010 : Info: Using Post-Auth-Type Reject
Wed Jan 20 10:01:07 2010 : Info: +- entering group REJECT {...}
...
...
Then I dont know why but access request comes again.
And home server (OTP server) looks itself and sees that this password is used before for this userand then reject it. İt is very normal beahviour for Home server. Because it is One Time Password server.
------------------------------
Message: 3
Date: Wed, 20 Jan 2010 12:58:28 +0100
From: Alan DeKok <aland at deployingradius.com>
Subject: Re: Can't Assign IP address my users
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <4B56EFE4.1080900 at deployingradius.com>
Content-Type: text/plain; charset=UTF-8
Tevfik Ceydeliler wrote:
> Hi,
> My problem is, If I try to assign a static I address to my user, I got error.
> I have Secovid OTP server as realm. And my all users use token to create password.
> In test case, when I try to connect to my radius server via gprs I see some error:
> ...
> ....
> Wed Jan 20 10:01:07 2010 : Error: Warning: Found 2 auth-types on request for user 'tevfikceydeliler'
> ...
> ...
> I did not edit DEFAULTS.
> My users settings is here:
> tevfikceydeliler Packet-Type == Access-Request ,
You don't need to check Packet-Type. Delete it.
> Here is the my logs:
> root at radiusII:/etc/freeradius# freeradius -Xxx
Why "-Xxx" ? What's wrong with following the documentation?
> rad_recv: Access-Reject packet from host 10.1.1.51 port 1812, id=115, length=25
> Proxy-State = 0x313534
Well... the home server rejects the user. Go fix the home server.
Alan DeKok.
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
More information about the Freeradius-Users
mailing list