getting access-reject not sure why
Andrew Meyer
andrewm659 at yahoo.com
Fri Jun 30 23:17:40 CEST 2017
This is weird. I got it to work, however I had to manually specify my hosts connecting to the FreeRADIUS server. If I do a 10.150.1.0/24 It won't work. But if I specify the IP with the ipaddr = 10.150.1.250 it works fine. Has anyone seen this problem? My config looks correct. This is all a test so passwords will be changed.
client network-equipment {
ipaddr = 10.150.1.0/24
secret = NetworkControl1
nas_type = cisco
shortname = network-equipment
}
client windows-pc {
ipaddr = 10.150.1.250
secret = CellPhone
nas_type = other
shortname = windows
}
On Friday, June 30, 2017 3:42 PM, Andrew Meyer <andrewm659 at yahoo.com> wrote:
Ok I fixed one aspect of the issue. I found out that I didn't have VMWare tools running, and turned off TCP OFfloading. But still getting an Accept-Reject for the user. For my other test user "bob" it works fine.
On Friday, June 30, 2017 2:29 PM, Andrew Meyer via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
I'm using NTRadPing to test.
[me at asm-rancid01 ~]$ sudo tcpdump -vv -c 25 -i ens160 port radius or port radius-acct or port radius-dynauthtcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 65535 bytes14:27:05.939265 IP (tos 0x0, ttl 127, id 32326, offset 0, flags [none], proto UDP (17), length 73) 10.150.1.250.54985 > asm-rancid01.borg.local.radius: [udp sum ok] RADIUS, length: 45 Access Request (1), id: 0x0f, Authenticator: 20202020202031343938383530383034 Username Attribute (1), length: 7, Value: test1 0x0000: 7465 7374 31 Password Attribute (2), length: 18, Value: 0x0000: 95cd ee67 81b4 a45e bfd5 2e3f b1fb b50014:27:06.940510 IP (tos 0x0, ttl 64, id 64923, offset 0, flags [none], proto UDP (17), length 62) asm-rancid01.borg.local.radius > 10.150.1.250.54985: [bad udp cksum 0x2189 -> 0x817c!] RADIUS, length: 34 Access Reject (3), id: 0x0f, Authenticator: 5ab10ea4604f377f82ee855f1f2a2300 Reply Attribute (18), length: 14, Value: Hello, test1 0x0000: 4865 6c6c 6f2c 2074 6573 7431
On Friday, June 30, 2017 2:18 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> On Jun 30, 2017, at 3:06 PM, Andrew Meyer via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> So I just changed my shared seceret and tested again. Same thing. I got the reply of "Hello $USER".
Configure your shared secret in the RADIUS dissector in wireshark. If the secret is correct you'll see the decoded password in the packet trace.
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list