getting access-reject not sure why
Andrew Meyer
andrewm659 at yahoo.com
Fri Jun 30 23:36:51 CEST 2017
I think I fixed it.
Thank you for all the help.
On Friday, June 30, 2017 4:33 PM, Andrew Meyer via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
I fixed that. I took out the ipv4addr and put the ipaddr back.
On Friday, June 30, 2017 4:30 PM, Alan Buxey <alan.buxey at gmail.com> wrote:
client network-equipment {
ipv4addr = 10.150.1.0/24
secret = NetworkControl1
nas_type = cisco
shortname = network-equipment
}
?
On 30 June 2017 at 22:17, Andrew Meyer via Freeradius-Users
<freeradius-users at lists.freeradius.org> wrote:
> This is weird. I got it to work, however I had to manually specify my hosts connecting to the FreeRADIUS server. If I do a 10.150.1.0/24 It won't work. But if I specify the IP with the ipaddr = 10.150.1.250 it works fine. Has anyone seen this problem? My config looks correct. This is all a test so passwords will be changed.
>
> client network-equipment {
> ipaddr = 10.150.1.0/24
> secret = NetworkControl1
> nas_type = cisco
> shortname = network-equipment
> }
>
> client windows-pc {
> ipaddr = 10.150.1.250
> secret = CellPhone
> nas_type = other
> shortname = windows
> }
>
>
>
> On Friday, June 30, 2017 3:42 PM, Andrew Meyer <andrewm659 at yahoo.com> wrote:
>
>
>
> Ok I fixed one aspect of the issue. I found out that I didn't have VMWare tools running, and turned off TCP OFfloading. But still getting an Accept-Reject for the user. For my other test user "bob" it works fine.
>
>
> On Friday, June 30, 2017 2:29 PM, Andrew Meyer via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
>
>
> I'm using NTRadPing to test.
> [me at asm-rancid01 ~]$ sudo tcpdump -vv -c 25 -i ens160 port radius or port radius-acct or port radius-dynauthtcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 65535 bytes14:27:05.939265 IP (tos 0x0, ttl 127, id 32326, offset 0, flags [none], proto UDP (17), length 73) 10.150.1.250.54985 > asm-rancid01.borg.local.radius: [udp sum ok] RADIUS, length: 45 Access Request (1), id: 0x0f, Authenticator: 20202020202031343938383530383034 Username Attribute (1), length: 7, Value: test1 0x0000: 7465 7374 31 Password Attribute (2), length: 18, Value: 0x0000: 95cd ee67 81b4 a45e bfd5 2e3f b1fb b50014:27:06.940510 IP (tos 0x0, ttl 64, id 64923, offset 0, flags [none], proto UDP (17), length 62) asm-rancid01.borg.local.radius > 10.150.1.250.54985: [bad udp cksum 0x2189 -> 0x817c!] RADIUS, length: 34 Access Reject (3), id: 0x0f, Authenticator: 5ab10ea4604f377f82ee855f1f2a2300 Reply Attribute (18), length: 14, Value: Hello, test1 0x0000: 4865 6c6c 6f2c 2074 6573 7431
>
>
>
> On Friday, June 30, 2017 2:18 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
>
>
>> On Jun 30, 2017, at 3:06 PM, Andrew Meyer via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>>
>> So I just changed my shared seceret and tested again. Same thing. I got the reply of "Hello $USER".
>
> Configure your shared secret in the RADIUS dissector in wireshark. If the secret is correct you'll see the decoded password in the packet trace.
>
> -Arran
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list