Access Request from HA rejected

Suryalakshmi Annadurai suryalakshmi.annadurai at carc.co.in
Mon Sep 30 14:46:13 CEST 2013 

Hi all,

I am using FreeRadius 2.1.12 for WIMAX authentication. My initial authentication between ASN-GW and AAA is successful. Keys are generated and received in Access-Accept. But when HA sends Access-Request to AAA, the Request is rejected.The SPI values are all correct. All the AVP values are valid (because I checked with a workaround and it was successful). There looks like a problem in the authorize section when username is checked for in the 'Users' file. Can you please tell me if I am missing something in the configuration? I have added the inner identity in the 'users' file. Clients are defined in the 'clients.conf'.

Below is a portion from log file.

rad_recv: Access-Request packet from host 172.16.10.10 port 52511, id=1, length=165
            User-Name = "01-01-01-03-01-01 at abc.com"
            NAS-IP-Address = 172.16.10.10
            NAS-Identifier = "HA1"
            Message-Authenticator = 0x930277dfe340d323eb58e3ecf7588f30
            WiMAX-Release = "1.2"
            WiMAX-Accounting-Capabilities = No-Accounting
            WiMAX-hHA-IP-MIP4 = 172.16.10.10
            WiMAX-MN-hHA-MIP4-SPI = 1185754294
            WiMAX-HA-RK-SPI = 123123
Thu Jan  1 05:53:35 1970 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default
Thu Jan  1 05:53:35 1970 : Info: +- entering group authorize {...}
Thu Jan  1 05:53:35 1970 : Info: ++[preprocess] returns ok
Thu Jan  1 05:53:35 1970 : Info: ++[chap] returns noop
Thu Jan  1 05:53:35 1970 : Info: ++[mschap] returns noop
Thu Jan  1 05:53:35 1970 : Info: [suffix] Looking up realm "abc.com" for User-Name = "01-01-01-03-01-01 at abc.com"
Thu Jan  1 05:53:35 1970 : Info: [suffix] Found realm "abc.com"
Thu Jan  1 05:53:35 1970 : Info: [suffix] Adding Stripped-User-Name = "01-01-01-03-01-01"
Thu Jan  1 05:53:35 1970 : Info: [suffix] Adding Realm = "abc.com"
Thu Jan  1 05:53:35 1970 : Info: [suffix] Authentication realm is LOCAL.
Thu Jan  1 05:53:35 1970 : Info: ++[suffix] returns ok
Thu Jan  1 05:53:35 1970 : Info: [eap] No EAP-Message, not doing EAP
Thu Jan  1 05:53:35 1970 : Info: ++[eap] returns noop
Thu Jan  1 05:53:35 1970 : Info: ++[files] returns noop
Thu Jan  1 05:53:35 1970 : Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Thu Jan  1 05:53:35 1970 : Info: Failed to authenticate the user.
Thu Jan  1 05:53:35 1970 : Info: Using Post-Auth-Type
Thu Jan  1 05:53:35 1970 : Info: # Executing group from file /etc/raddb/sites-enabled/default
Thu Jan  1 05:53:35 1970 : Info: +- entering group REJECT {...}
Thu Jan  1 05:53:35 1970 : Info: [attr_filter.access_reject]            expand: %{User-Name} -> 01-01-01-03-01-01 at abc.com
Thu Jan  1 05:53:35 1970 : Debug: attr_filter: Matched entry DEFAULT at line 11
Thu Jan  1 05:53:35 1970 : Info: ++[attr_filter.access_reject] returns updated
Thu Jan  1 05:53:35 1970 : Info: Delaying reject of request 5 for 1 seconds
Thu Jan  1 05:53:35 1970 : Debug: Going to the next request
Thu Jan  1 05:53:35 1970 : Debug: Waking up in 0.9 seconds.
Thu Jan  1 05:53:36 1970 : Info: Sending delayed reject for request 5
Sending Access-Reject of id 1 to 172.16.10.10 port 52511

-Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130930/64dc33e6/attachment.html>

More information about the Freeradius-Users mailing list