Google authenticator : Access-Reject

Eero Volotinen eero.volotinen at iki.fi
Tue Apr 24 12:09:17 CEST 2018


Hi,

I am not sure how your setup works, but in mine, there is no @mydomain at
username

Anyway, I used this setup:
https://networkjutsu.com/freeradius-google-authenticator/ (which also
includes static password with google authenticator).


Eero

On Tue, Apr 24, 2018 at 12:48 PM, <servernemesis at tutanota.com> wrote:

>
> Hello,
>
> I followed this tutorial (https://www.techdrabble.com/
> citrix/14-2factor-with-google-authenticator-and-netscaler <
> https://www.techdrabble.com/citrix/14-2factor-with-google-
> authenticator-and-netscaler>) and managed to get it running on Debian 9
> with FR 3.0.12 thanks to the help here. But I have another issue : when I
> try to authenticate with password + googleauth code, I got rejected.
> I'm able to log on the FR server with domain credentials without problem.
> The google auth code gets generated without issue either.
>
> Radtest:
> radtest user at mydomain.com <mailto:user at mydomain.com> password123456
> localhost 18120 testing123
> Sent Access-Request Id 226 from 0.0.0.0:38763 to 127.0.0.1:1812 length 92
>         User-Name = "user at mydomain.com <mailto:user at mydomain.com>"
>         User-Password = "password123456"
>         NAS-IP-Address = 127.0.1.1
>         NAS-Port = 18120
>         Message-Authenticator = 0x00
>         Cleartext-Password = "password123456"
> Received Access-Reject Id 226 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
> (0) -: Expected Access-Accept got Access-Reject
>
>
> Log:
> Ready to process requests
> Waking up in 0.3 seconds.
> (0) Received Access-Request Id 226 from 127.0.0.1:38763 to 127.0.0.1:1812
> length 92
> (0)   User-Name = "user at mydomain.com <mailto:user at mydomain.com>"
> (0)   User-Password = "password123456"
> (0)   NAS-IP-Address = 127.0.1.1
> (0)   NAS-Port = 18120
> (0)   Message-Authenticator = 0x53b836642c653e776b0d9f8a542fca3a
> (0) # Executing section authorize from file /etc/freeradius/3.0/sites-
> enabled/default
> (0) pap: WARNING: No "known good" password found for the user.  Not
> setting Auth-Type
> (0) pap: WARNING: Authentication will fail unless a "known good" password
> is available
> (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
> Waking up in 0.3 seconds.
> Waking up in 0.2 seconds.
> (0) pam: ERROR: pam_authenticate failed: Authentication failure
> (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
> Waking up in 0.7 seconds.
> (0) Sent Access-Reject Id 226 from 127.0.0.1:1812 to 127.0.0.1:38763
> length 20
> Waking up in 3.9 seconds.
> Ready to process requests
>
> Regards
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list