Access-Reject
Hassan, Hazem (Nokia - EG/Cairo)
hazem.hassan at nokia.com
Thu Mar 4 22:32:45 CET 2021
Hi ,
I have IPoE setup , it stuck on authentication with the following error:
Given the user file as show below:
User file:
98:86:5d:90:c2:84 Cleartext-Password := "LetMeIn"
Alc-Subsc-Prof-Str = "three_services_1G",
Alc-SLA-Prof-Str = "Internet_1G",
Alc-Subsc-ID-Str = "98:86:5d:90:c2:84",
Framed-IP-Address = 100.0.0.3,
Framed-IP-Netmask = 255.255.255.0,
Framed-Route = "192.168.1.0/24 0.0.0.0",
Alc-Default-Router = 100.0.0.2,
Alc-Primary-Dns = 188.172.144.120,
Alc-Secondary-Dns = 141.0.144.64,
Delegated-IPv6-Prefix = 2a02:8802::/64,
Alc-Ipv6-Address = 2a02:8800::3/128
Error in the debug
(5) Received Access-Request Id 193 from 10.113.139.50:64445 to 80.194.79.79:1812 length 149
(5) User-Name = "98:86:5d:90:bd:b4"
(5) User-Password = "LetMeIn"
(5) NAS-IP-Address = 10.113.139.50
(5) NAS-Port-Type = Ethernet
(5) NAS-Port-Id = "lag-2:11"
(5) NAS-Identifier = "BNG-SR1"
(5) Alc-Client-Hardware-Addr = "98:86:5d:90:bd:b4"
(5) Acct-Session-Id = "785EB00001369B60414DD7"
(5) Alc-SAP-Session-Index = 1
(5) # Executing section authorize from file /etc/raddb/sites-enabled/default
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ /@\./) {
(5) if (&User-Name =~ /@\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "98:86:5d:90:bd:b4", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) eap: No EAP-Message, not doing EAP
(5) [eap] = noop
(5) [files] = noop
(5) [expiration] = noop
(5) [logintime] = noop
(5) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
(5) pap: WARNING: Authentication will fail unless a "known good" password is available
(5) [pap] = noop
(5) } # authorize = ok
(5) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
(5) Failed to authenticate the user
(5) Using Post-Auth-Type Reject
(5) # Executing group from file /etc/raddb/sites-enabled/default
(5) Post-Auth-Type REJECT {
(5) attr_filter.access_reject: EXPAND %{User-Name}
(5) attr_filter.access_reject: --> 98:86:5d:90:bd:b4
(5) attr_filter.access_reject: Matched entry DEFAULT at line 11
(5) [attr_filter.access_reject] = updated
(5) [eap] = noop
(5) policy remove_reply_message_if_eap {
(5) if (&reply:EAP-Message && &reply:Reply-Message) {
(5) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(5) else {
(5) [noop] = noop
(5) } # else = noop
(5) } # policy remove_reply_message_if_eap = noop
(5) } # Post-Auth-Type REJECT = updated
(5) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(3) Cleaning up request packet ID 191 with timestamp +10
(5) Sending delayed response
(5) Sent Access-Reject Id 193 from 80.194.79.79:1812 to 10.113.139.50:64445 length 20
Waking up in 1.3 seconds.
Any idea?
Thanks,
Hazem
More information about the Freeradius-Users
mailing list