getting access-reject not sure why

Andrew Meyer andrewm659 at yahoo.com
Fri Jun 30 23:17:40 CEST 2017


This is weird.  I got it to work, however I had to manually specify my hosts connecting to the FreeRADIUS server.  If I do a 10.150.1.0/24 It won't work.  But if I specify the IP with the ipaddr = 10.150.1.250 it works fine.  Has anyone seen this problem?  My config looks correct.  This is all a test so passwords will be changed.

client network-equipment { 
ipaddr = 10.150.1.0/24 
secret = NetworkControl1 
nas_type = cisco 
shortname = network-equipment 
} 

client windows-pc { 
ipaddr = 10.150.1.250 
secret = CellPhone 
nas_type = other 
shortname = windows 
} 



On Friday, June 30, 2017 3:42 PM, Andrew Meyer <andrewm659 at yahoo.com> wrote:



Ok I fixed one aspect of the issue.  I found out that I didn't have VMWare tools running, and turned off TCP OFfloading.  But still getting an Accept-Reject for the user.  For my other test user "bob" it works fine.


On Friday, June 30, 2017 2:29 PM, Andrew Meyer via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:



I'm using NTRadPing to test.
[me at asm-rancid01 ~]$ sudo tcpdump -vv -c 25 -i ens160 port radius or port radius-acct or port radius-dynauthtcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 65535 bytes14:27:05.939265 IP (tos 0x0, ttl 127, id 32326, offset 0, flags [none], proto UDP (17), length 73)    10.150.1.250.54985 > asm-rancid01.borg.local.radius: [udp sum ok] RADIUS, length: 45        Access Request (1), id: 0x0f, Authenticator: 20202020202031343938383530383034          Username Attribute (1), length: 7, Value: test1            0x0000:  7465 7374 31          Password Attribute (2), length: 18, Value:            0x0000:  95cd ee67 81b4 a45e bfd5 2e3f b1fb b50014:27:06.940510 IP (tos 0x0, ttl 64, id 64923, offset 0, flags [none], proto UDP (17), length 62)    asm-rancid01.borg.local.radius > 10.150.1.250.54985: [bad udp cksum 0x2189 -> 0x817c!] RADIUS, length: 34        Access Reject (3), id: 0x0f, Authenticator: 5ab10ea4604f377f82ee855f1f2a2300          Reply Attribute (18), length: 14, Value: Hello, test1            0x0000:  4865 6c6c 6f2c 2074 6573 7431



    On Friday, June 30, 2017 2:18 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:



> On Jun 30, 2017, at 3:06 PM, Andrew Meyer via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> So I just changed my shared seceret and tested again.  Same thing.  I got the reply of "Hello $USER".

Configure your shared secret in the RADIUS dissector in wireshark.  If the secret is correct you'll see the decoded password in the packet trace.

-Arran


  
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list