Access-Reject

Michael Schwartzkopff ms at sys4.de
Thu Mar 4 22:55:06 CET 2021 

On 04.03.21 22:32, Hassan, Hazem (Nokia - EG/Cairo) wrote:
> Hi ,
>
> I have IPoE setup , it stuck on authentication with the following error:
> Given the user file as show below:
>
>
> User file:
> 98:86:5d:90:c2:84 Cleartext-Password := "LetMeIn"
>         Alc-Subsc-Prof-Str = "three_services_1G",
>         Alc-SLA-Prof-Str   = "Internet_1G",
>         Alc-Subsc-ID-Str = "98:86:5d:90:c2:84",
>         Framed-IP-Address  = 100.0.0.3,
>         Framed-IP-Netmask  = 255.255.255.0,
>         Framed-Route = "192.168.1.0/24 0.0.0.0",
>        Alc-Default-Router = 100.0.0.2,
>         Alc-Primary-Dns = 188.172.144.120,
>         Alc-Secondary-Dns = 141.0.144.64,
>         Delegated-IPv6-Prefix = 2a02:8802::/64,
>         Alc-Ipv6-Address = 2a02:8800::3/128
>
> Error in the debug
> (5) Received Access-Request Id 193 from 10.113.139.50:64445 to 80.194.79.79:1812 length 149
> (5)   User-Name = "98:86:5d:90:bd:b4"
> (5)   User-Password = "LetMeIn"
> (5)   NAS-IP-Address = 10.113.139.50
> (5)   NAS-Port-Type = Ethernet
> (5)   NAS-Port-Id = "lag-2:11"
> (5)   NAS-Identifier = "BNG-SR1"
> (5)   Alc-Client-Hardware-Addr = "98:86:5d:90:bd:b4"
> (5)   Acct-Session-Id = "785EB00001369B60414DD7"
> (5)   Alc-SAP-Session-Index = 1
> (5) # Executing section authorize from file /etc/raddb/sites-enabled/default
> (5)   authorize {
> (5)     policy filter_username {
> (5)       if (&User-Name) {
> (5)       if (&User-Name)  -> TRUE
> (5)       if (&User-Name)  {
> (5)         if (&User-Name =~ / /) {
> (5)         if (&User-Name =~ / /)  -> FALSE
> (5)         if (&User-Name =~ /@[^@]*@/ ) {
> (5)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
> (5)         if (&User-Name =~ /\.\./ ) {
> (5)         if (&User-Name =~ /\.\./ )  -> FALSE
> (5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
> (5)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
> (5)         if (&User-Name =~ /\.$/)  {
> (5)         if (&User-Name =~ /\.$/)   -> FALSE
> (5)         if (&User-Name =~ /@\./)  {
> (5)         if (&User-Name =~ /@\./)   -> FALSE
> (5)       } # if (&User-Name)  = notfound
> (5)     } # policy filter_username = notfound
> (5)     [preprocess] = ok
> (5)     [chap] = noop
> (5)     [mschap] = noop
> (5)     [digest] = noop
> (5) suffix: Checking for suffix after "@"
> (5) suffix: No '@' in User-Name = "98:86:5d:90:bd:b4", looking up realm NULL
> (5) suffix: No such realm "NULL"
> (5)     [suffix] = noop
> (5) eap: No EAP-Message, not doing EAP
> (5)     [eap] = noop
> (5)     [files] = noop
> (5)     [expiration] = noop
> (5)     [logintime] = noop
> (5) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type
> (5) pap: WARNING: Authentication will fail unless a "known good" password is available
> (5)     [pap] = noop
> (5)   } # authorize = ok
> (5) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
> (5) Failed to authenticate the user
> (5) Using Post-Auth-Type Reject
> (5) # Executing group from file /etc/raddb/sites-enabled/default
> (5)   Post-Auth-Type REJECT {
> (5) attr_filter.access_reject: EXPAND %{User-Name}
> (5) attr_filter.access_reject:    --> 98:86:5d:90:bd:b4
> (5) attr_filter.access_reject: Matched entry DEFAULT at line 11
> (5)     [attr_filter.access_reject] = updated
> (5)     [eap] = noop
> (5)     policy remove_reply_message_if_eap {
> (5)       if (&reply:EAP-Message && &reply:Reply-Message) {
> (5)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
> (5)       else {
> (5)         [noop] = noop
> (5)       } # else = noop
> (5)     } # policy remove_reply_message_if_eap = noop
> (5)   } # Post-Auth-Type REJECT = updated
> (5) Delaying response for 1.000000 seconds
> Waking up in 0.3 seconds.
> Waking up in 0.6 seconds.
> (3) Cleaning up request packet ID 191 with timestamp +10
> (5) Sending delayed response
> (5) Sent Access-Reject Id 193 from 80.194.79.79:1812 to 10.113.139.50:64445 length 20
> Waking up in 1.3 seconds.
>
>
> Any idea?
>
> Thanks,
> Hazem
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


User is nowhere defined.

Mit freundlichen Grüßen,

-- 

[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

More information about the Freeradius-Users mailing list