Where is PAP problem

Fajar A. Nugraha list at fajar.net
Mon Sep 7 12:02:09 CEST 2015


On Mon, Sep 7, 2015 at 3:44 PM, Tevfik Ceydeliler
<tevfik.ceydeliler at astron.yasar.com.tr> wrote:
> Actually not.
> Because NAS-IP-Address != 10.1.1.71
> !:=  As a check item, matches if the given attribute is in the request, AND
> does not have the given value.

Exactly. Your debug log says
"
rad_recv: Access-Request packet from host 10.1.1.75 port 24348,
id=217, length=138
    NAS-IP-Address = 10.1.1.75
"

which means it fits the criteria above, thus Auth-Type is set to Reject

>
> Anyway. I found the error. Security person gives me wrong interfce IP
> address. When I change IP address  it works.


Which is what I wrote above.

And (depending on how you want your setup to behave) you also won't
get Auth-Type Reject if you remove the check item row entirely.

-- 
Fajar


More information about the Freeradius-Users mailing list