Access Request from HA rejected

David Peterson davidp at wirelessconnections.net
Mon Sep 30 14:59:25 CEST 2013


Send the whole configuration and initial request/response.  The snippet
below is pretty much useless.

 

David

 

From:
freeradius-users-bounces+davidp=wirelessconnections.net at lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections.net at lists.freera
dius.org] On Behalf Of Suryalakshmi Annadurai
Sent: Monday, September 30, 2013 8:46 AM
To: freeradius-users at lists.freeradius.org
Subject: Access Request from HA rejected

 

Hi all,

 

I am using FreeRadius 2.1.12 for WIMAX authentication. My initial
authentication between ASN-GW and AAA is successful. Keys are generated and
received in Access-Accept. But when HA sends Access-Request to AAA, the
Request is rejected.The SPI values are all correct. All the AVP values are
valid (because I checked with a workaround and it was successful). There
looks like a problem in the authorize section when username is checked for
in the 'Users' file. Can you please tell me if I am missing something in the
configuration? I have added the inner identity in the 'users' file. Clients
are defined in the 'clients.conf'.

 

Below is a portion from log file.

 

rad_recv: Access-Request packet from host 172.16.10.10 port 52511, id=1,
length=165

            User-Name = "01-01-01-03-01-01 at abc.com"

            NAS-IP-Address = 172.16.10.10 

            NAS-Identifier = "HA1"

            Message-Authenticator = 0x930277dfe340d323eb58e3ecf7588f30

            WiMAX-Release = "1.2"

            WiMAX-Accounting-Capabilities = No-Accounting

            WiMAX-hHA-IP-MIP4 = 172.16.10.10

            WiMAX-MN-hHA-MIP4-SPI = 1185754294

            WiMAX-HA-RK-SPI = 123123

Thu Jan  1 05:53:35 1970 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default

Thu Jan  1 05:53:35 1970 : Info: +- entering group authorize {...}

Thu Jan  1 05:53:35 1970 : Info: ++[preprocess] returns ok

Thu Jan  1 05:53:35 1970 : Info: ++[chap] returns noop

Thu Jan  1 05:53:35 1970 : Info: ++[mschap] returns noop

Thu Jan  1 05:53:35 1970 : Info: [suffix] Looking up realm "abc.com" for
User-Name = "01-01-01-03-01-01 at abc.com"

Thu Jan  1 05:53:35 1970 : Info: [suffix] Found realm "abc.com"

Thu Jan  1 05:53:35 1970 : Info: [suffix] Adding Stripped-User-Name =
"01-01-01-03-01-01"

Thu Jan  1 05:53:35 1970 : Info: [suffix] Adding Realm = "abc.com"

Thu Jan  1 05:53:35 1970 : Info: [suffix] Authentication realm is LOCAL.

Thu Jan  1 05:53:35 1970 : Info: ++[suffix] returns ok

Thu Jan  1 05:53:35 1970 : Info: [eap] No EAP-Message, not doing EAP

Thu Jan  1 05:53:35 1970 : Info: ++[eap] returns noop

Thu Jan  1 05:53:35 1970 : Info: ++[files] returns noop

Thu Jan  1 05:53:35 1970 : Info: ERROR: No authenticate method (Auth-Type)
found for the request: Rejecting the user

Thu Jan  1 05:53:35 1970 : Info: Failed to authenticate the user.

Thu Jan  1 05:53:35 1970 : Info: Using Post-Auth-Type 

Thu Jan  1 05:53:35 1970 : Info: # Executing group from file
/etc/raddb/sites-enabled/default

Thu Jan  1 05:53:35 1970 : Info: +- entering group REJECT {...}

Thu Jan  1 05:53:35 1970 : Info: [attr_filter.access_reject]
expand: %{User-Name} -> 01-01-01-03-01-01 at abc.com

Thu Jan  1 05:53:35 1970 : Debug: attr_filter: Matched entry DEFAULT at line
11

Thu Jan  1 05:53:35 1970 : Info: ++[attr_filter.access_reject] returns
updated

Thu Jan  1 05:53:35 1970 : Info: Delaying reject of request 5 for 1 seconds

Thu Jan  1 05:53:35 1970 : Debug: Going to the next request

Thu Jan  1 05:53:35 1970 : Debug: Waking up in 0.9 seconds.

Thu Jan  1 05:53:36 1970 : Info: Sending delayed reject for request 5

Sending Access-Reject of id 1 to 172.16.10.10 port 52511

 

-Thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130930/624fe75a/attachment-0001.html>


More information about the Freeradius-Users mailing list