Where is PAP problem
Fajar A. Nugraha
list at fajar.net
Mon Sep 7 12:02:09 CEST 2015
On Mon, Sep 7, 2015 at 3:44 PM, Tevfik Ceydeliler
<tevfik.ceydeliler at astron.yasar.com.tr> wrote:
> Actually not.
> Because NAS-IP-Address != 10.1.1.71
> !:= As a check item, matches if the given attribute is in the request, AND
> does not have the given value.
Exactly. Your debug log says
"
rad_recv: Access-Request packet from host 10.1.1.75 port 24348,
id=217, length=138
NAS-IP-Address = 10.1.1.75
"
which means it fits the criteria above, thus Auth-Type is set to Reject
>
> Anyway. I found the error. Security person gives me wrong interfce IP
> address. When I change IP address it works.
Which is what I wrote above.
And (depending on how you want your setup to behave) you also won't
get Auth-Type Reject if you remove the check item row entirely.
--
Fajar
More information about the Freeradius-Users
mailing list