Access Request from HA rejected
David Peterson
davidp at wirelessconnections.net
Mon Sep 30 14:59:25 CEST 2013
Send the whole configuration and initial request/response. The snippet
below is pretty much useless.
David
From:
freeradius-users-bounces+davidp=wirelessconnections.net at lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections.net at lists.freera
dius.org] On Behalf Of Suryalakshmi Annadurai
Sent: Monday, September 30, 2013 8:46 AM
To: freeradius-users at lists.freeradius.org
Subject: Access Request from HA rejected
Hi all,
I am using FreeRadius 2.1.12 for WIMAX authentication. My initial
authentication between ASN-GW and AAA is successful. Keys are generated and
received in Access-Accept. But when HA sends Access-Request to AAA, the
Request is rejected.The SPI values are all correct. All the AVP values are
valid (because I checked with a workaround and it was successful). There
looks like a problem in the authorize section when username is checked for
in the 'Users' file. Can you please tell me if I am missing something in the
configuration? I have added the inner identity in the 'users' file. Clients
are defined in the 'clients.conf'.
Below is a portion from log file.
rad_recv: Access-Request packet from host 172.16.10.10 port 52511, id=1,
length=165
User-Name = "01-01-01-03-01-01 at abc.com"
NAS-IP-Address = 172.16.10.10
NAS-Identifier = "HA1"
Message-Authenticator = 0x930277dfe340d323eb58e3ecf7588f30
WiMAX-Release = "1.2"
WiMAX-Accounting-Capabilities = No-Accounting
WiMAX-hHA-IP-MIP4 = 172.16.10.10
WiMAX-MN-hHA-MIP4-SPI = 1185754294
WiMAX-HA-RK-SPI = 123123
Thu Jan 1 05:53:35 1970 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Thu Jan 1 05:53:35 1970 : Info: +- entering group authorize {...}
Thu Jan 1 05:53:35 1970 : Info: ++[preprocess] returns ok
Thu Jan 1 05:53:35 1970 : Info: ++[chap] returns noop
Thu Jan 1 05:53:35 1970 : Info: ++[mschap] returns noop
Thu Jan 1 05:53:35 1970 : Info: [suffix] Looking up realm "abc.com" for
User-Name = "01-01-01-03-01-01 at abc.com"
Thu Jan 1 05:53:35 1970 : Info: [suffix] Found realm "abc.com"
Thu Jan 1 05:53:35 1970 : Info: [suffix] Adding Stripped-User-Name =
"01-01-01-03-01-01"
Thu Jan 1 05:53:35 1970 : Info: [suffix] Adding Realm = "abc.com"
Thu Jan 1 05:53:35 1970 : Info: [suffix] Authentication realm is LOCAL.
Thu Jan 1 05:53:35 1970 : Info: ++[suffix] returns ok
Thu Jan 1 05:53:35 1970 : Info: [eap] No EAP-Message, not doing EAP
Thu Jan 1 05:53:35 1970 : Info: ++[eap] returns noop
Thu Jan 1 05:53:35 1970 : Info: ++[files] returns noop
Thu Jan 1 05:53:35 1970 : Info: ERROR: No authenticate method (Auth-Type)
found for the request: Rejecting the user
Thu Jan 1 05:53:35 1970 : Info: Failed to authenticate the user.
Thu Jan 1 05:53:35 1970 : Info: Using Post-Auth-Type
Thu Jan 1 05:53:35 1970 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Thu Jan 1 05:53:35 1970 : Info: +- entering group REJECT {...}
Thu Jan 1 05:53:35 1970 : Info: [attr_filter.access_reject]
expand: %{User-Name} -> 01-01-01-03-01-01 at abc.com
Thu Jan 1 05:53:35 1970 : Debug: attr_filter: Matched entry DEFAULT at line
11
Thu Jan 1 05:53:35 1970 : Info: ++[attr_filter.access_reject] returns
updated
Thu Jan 1 05:53:35 1970 : Info: Delaying reject of request 5 for 1 seconds
Thu Jan 1 05:53:35 1970 : Debug: Going to the next request
Thu Jan 1 05:53:35 1970 : Debug: Waking up in 0.9 seconds.
Thu Jan 1 05:53:36 1970 : Info: Sending delayed reject for request 5
Sending Access-Reject of id 1 to 172.16.10.10 port 52511
-Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130930/624fe75a/attachment-0001.html>
More information about the Freeradius-Users
mailing list