Google authenticator : Access-Reject

servernemesis at tutanota.com servernemesis at tutanota.com
Tue Apr 24 11:48:10 CEST 2018 

Hello,

I followed this tutorial (https://www.techdrabble.com/citrix/14-2factor-with-google-authenticator-and-netscaler <https://www.techdrabble.com/citrix/14-2factor-with-google-authenticator-and-netscaler>) and managed to get it running on Debian 9 with FR 3.0.12 thanks to the help here. But I have another issue : when I try to authenticate with password + googleauth code, I got rejected.
I'm able to log on the FR server with domain credentials without problem. The google auth code gets generated without issue either.

Radtest:
radtest user at mydomain.com <mailto:user at mydomain.com> password123456 localhost 18120 testing123
Sent Access-Request Id 226 from 0.0.0.0:38763 to 127.0.0.1:1812 length 92
        User-Name = "user at mydomain.com <mailto:user at mydomain.com>"
        User-Password = "password123456"
        NAS-IP-Address = 127.0.1.1
        NAS-Port = 18120
        Message-Authenticator = 0x00
        Cleartext-Password = "password123456"
Received Access-Reject Id 226 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject


Log:
Ready to process requests
Waking up in 0.3 seconds.
(0) Received Access-Request Id 226 from 127.0.0.1:38763 to 127.0.0.1:1812 length 92
(0)   User-Name = "user at mydomain.com <mailto:user at mydomain.com>"
(0)   User-Password = "password123456"
(0)   NAS-IP-Address = 127.0.1.1
(0)   NAS-Port = 18120
(0)   Message-Authenticator = 0x53b836642c653e776b0d9f8a542fca3a
(0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(0) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type
(0) pap: WARNING: Authentication will fail unless a "known good" password is available
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
Waking up in 0.3 seconds.
Waking up in 0.2 seconds.
(0) pam: ERROR: pam_authenticate failed: Authentication failure
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
Waking up in 0.7 seconds.
(0) Sent Access-Reject Id 226 from 127.0.0.1:1812 to 127.0.0.1:38763 length 20
Waking up in 3.9 seconds.
Ready to process requests

Regards

More information about the Freeradius-Users mailing list