Access-Accept BUT no connection

Clement Ogedengbe c.ogedengbe at worc.ac.uk
Tue Jan 28 11:48:13 CET 2014 

Don't think so as I can ping the NAS from both RADIUS servers and there is no firewall between them. Also, the Backup RADIUS server that works with the NAS is on the same subnet with the Main RADIUS server that sends Access-Accept without user being able to get online.


-----Original Message-----
From: freeradius-users-bounces+c.ogedengbe=worc.ac.uk at lists.freeradius.org [mailto:freeradius-users-bounces+c.ogedengbe=worc.ac.uk at lists.freeradius.org] On Behalf Of adrian.p.smith at bt.com
Sent: 28 January 2014 10:19
To: freeradius-users at lists.freeradius.org
Subject: RE: Access-Accept BUT no connection

Network only allowing packets in one direction?


-----Original Message-----
From: freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org [mailto:freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org] On Behalf Of Clement Ogedengbe
Sent: 28 January 2014 10:10
To: FreeRadius users mailing list
Subject: RE: Access-Accept BUT no connection

I have posted this before and the response I got was "If the server sends an Access-Accept and the user doesn't get online....blame the NAS. Always".

I am having a situation where the connection just broke without any config change. We have two alternate RADIUS servers (Main one and a back up) both receiving packets from the same NAS.

I returned to the office after the week end to find users are not getting online in spite of the Main RADIUS server returning Access-Accept (This has always been working and there has been no config change on the NAS and Radius servers).

I changed the same NAS to connect to the Backup RADIUS server and everything works. I can't figure out how NAS is to blame here please!  

Below is the extract of post-authentication reply log from the Main RADIUS server to the NAS, but users are not getting online.

10.255.253.2 Returned from 193.62.48.61 for User xxxx - Tue Jan 28 09:51:57 2014
        Packet-Type = Access-Accept
        MS-CHAP2-Success = 0x00533d44303538334343433436373339323643313033343843413135463643373637333639373241423130
        MS-MPPE-Recv-Key = 0xc4c255e279235d1abc4128569b4391b6
        MS-MPPE-Send-Key = 0x3773e3518d6620d5d8f85e158848c601
        MS-MPPE-Encryption-Policy = 0x00000002
        MS-MPPE-Encryption-Types = 0x00000004

Many Thanks

Clement 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list