Access request always return reject

J Kephart jkephart at safetynetaccess.com
Wed May 20 23:34:08 CEST 2015


On 05/20/2015 05:21 PM, Alan DeKok wrote:
> On May 20, 2015, at 5:16 PM, J Kephart <jkephart at safetynetaccess.com> wrote:
>> We've just compiled FR 2.2.7 on a CentOS 6.6 system, preparatory to
>> migrating from our old 2.1.12 release.  When we ran the initial test,
>> under "radius -X," we got the expected reject, because there was no user
>> named "test."  We then added that user to the users file (the only
>> change we made), with just the username and cleartext-password, and ran
>> the test again, and it still returned a reject. 
>>
>> I'm posting the output from "radius -X" below.  We've essentially the
>> same config on the older server, and we've never encountered the problem
>> there, so it seems fairly obvious that something's wrong; we just can't
>> tell what it is.  I do see that it says "++[reject] = reject", but I'm
>> not seeing the cause.
>   Something in the "authorize" section is rejecting the user.  It's happening right after the "eap" module is run.  That should help narrow it down a lot.
>
>> One note however:  In the output, at line 190, we see "server { # from
>> file /usr/loc" followed by a bunch of gibberish.  I'm not sure that's a
>> real concern, but it does seem odd.
>   I think it was fixed already.
>
>> In any case, the debug output is below.  I'd appreciate it if someone
>> could point me to the problem.
>   See above.  Please also use "radiusd -X".  Adding "radiusd -Xx" and line numbers isn't necessary.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for the look, Alan.

On the gibberish, this is from the latest 2.2.7 release that we just
downloaded this afternoon.  Has the fix been made available in that source?

Moving on.  Turns out that the problem is in the default
"sites-enabled/default" file installed as part of the "make install". 
There's a stand-alone "reject" at line 160, just after the eap section
that was causing the rejects.  Any idea why that's there?  Is it a bug?

Best,

Jim


More information about the Freeradius-Users mailing list