Always get: Expected Access-Accept got Access-Reject

Alan DeKok aland at deployingradius.com
Wed May 8 16:07:33 CEST 2019


On May 8, 2019, at 10:00 AM, Alexandre Lessard <alex at targointernet.com> wrote:
> 
> I'm new to Freeradius and I kind of fell bad to ask to the community
> about this basic issue. But here it is.
> 
> I have just made a fresh Debian 9 install with with Freeradius 3.0.1

  Huh?  Don't use 3.0.1  It's *years* out of date.

  Use the packages available here:  https://networkradius.com/freeradius-packages/

  See also http://wiki.freeradius.org/radius-X for how to read the debug output.

> (0)   authorize {
> (0)     policy filter_username {
> (0)       if (&User-Name) {
> (0)       if (&User-Name)  -> TRUE
> (0)       if (&User-Name)  {
> (0)         if (&User-Name =~ / /) {
> (0)         if (&User-Name =~ / /)  -> FALSE
> (0)         if (&User-Name =~ /@[^@]*@/ ) {
> (0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
> (0)         if (&User-Name =~ /\.\./ ) {
> (0)         if (&User-Name =~ /\.\./ )  -> FALSE
> (0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
> (0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))
>  -> FALSE
> (0)         if (&User-Name =~ /\.$/)  {
> (0)         if (&User-Name =~ /\.$/)   -> FALSE
> (0)         if (&User-Name =~ /@\./)  {
> (0)         if (&User-Name =~ /@\./)   -> FALSE
> (0)       } # if (&User-Name)  = notfound
> (0)     } # policy filter_username = notfound
> (0)     [preprocess] = ok
> (0)     [chap] = noop
> (0)     [mschap] = noop
> (0)     [digest] = noop
> (0) suffix: Checking for suffix after "@"
> (0) suffix: No '@' in User-Name = "testing", looking up realm NULL
> (0) suffix: No such realm "NULL"
> (0)     [suffix] = noop
> (0) eap: No EAP-Message, not doing EAP
> (0)     [eap] = noop
> (0)     [files] = noop

  i.e. "nothing found".  See Matthews reply for why.

  Alan DeKok.




More information about the Freeradius-Users mailing list