getting access-reject not sure why

Alan Buxey alan.buxey at gmail.com
Fri Jun 30 23:30:09 CEST 2017


client network-equipment {
ipv4addr = 10.150.1.0/24
secret = NetworkControl1
nas_type = cisco
shortname = network-equipment
}

?

On 30 June 2017 at 22:17, Andrew Meyer via Freeradius-Users
<freeradius-users at lists.freeradius.org> wrote:
> This is weird.  I got it to work, however I had to manually specify my hosts connecting to the FreeRADIUS server.  If I do a 10.150.1.0/24 It won't work.  But if I specify the IP with the ipaddr = 10.150.1.250 it works fine.  Has anyone seen this problem?  My config looks correct.  This is all a test so passwords will be changed.
>
> client network-equipment {
> ipaddr = 10.150.1.0/24
> secret = NetworkControl1
> nas_type = cisco
> shortname = network-equipment
> }
>
> client windows-pc {
> ipaddr = 10.150.1.250
> secret = CellPhone
> nas_type = other
> shortname = windows
> }
>
>
>
> On Friday, June 30, 2017 3:42 PM, Andrew Meyer <andrewm659 at yahoo.com> wrote:
>
>
>
> Ok I fixed one aspect of the issue.  I found out that I didn't have VMWare tools running, and turned off TCP OFfloading.  But still getting an Accept-Reject for the user.  For my other test user "bob" it works fine.
>
>
> On Friday, June 30, 2017 2:29 PM, Andrew Meyer via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
>
>
> I'm using NTRadPing to test.
> [me at asm-rancid01 ~]$ sudo tcpdump -vv -c 25 -i ens160 port radius or port radius-acct or port radius-dynauthtcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 65535 bytes14:27:05.939265 IP (tos 0x0, ttl 127, id 32326, offset 0, flags [none], proto UDP (17), length 73)    10.150.1.250.54985 > asm-rancid01.borg.local.radius: [udp sum ok] RADIUS, length: 45        Access Request (1), id: 0x0f, Authenticator: 20202020202031343938383530383034          Username Attribute (1), length: 7, Value: test1            0x0000:  7465 7374 31          Password Attribute (2), length: 18, Value:            0x0000:  95cd ee67 81b4 a45e bfd5 2e3f b1fb b50014:27:06.940510 IP (tos 0x0, ttl 64, id 64923, offset 0, flags [none], proto UDP (17), length 62)    asm-rancid01.borg.local.radius > 10.150.1.250.54985: [bad udp cksum 0x2189 -> 0x817c!] RADIUS, length: 34        Access Reject (3), id: 0x0f, Authenticator: 5ab10ea4604f377f82ee855f1f2a2300          Reply Attribute (18), length: 14, Value: Hello, test1            0x0000:  4865 6c6c 6f2c 2074 6573 7431
>
>
>
>     On Friday, June 30, 2017 2:18 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
>
>
>> On Jun 30, 2017, at 3:06 PM, Andrew Meyer via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>>
>> So I just changed my shared seceret and tested again.  Same thing.  I got the reply of "Hello $USER".
>
> Configure your shared secret in the RADIUS dissector in wireshark.  If the secret is correct you'll see the decoded password in the packet trace.
>
> -Arran
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list