Now I understand why I get accept message. Bec. of " DEFAULT Auth-Type := Accept". When I remove it I get reject. This error occurs for only users have Framed-IP-Address . My verison is : freeradius: FreeRADIUS Version 2.1.0, for host i486-pc-linux-gnu Here is the CORRECT log: ########################################################## rad_recv: Access-Request packet from host 172.30.80.1 port 4778, id=206, length=139 NAS-IP-Address = 172.30.80.1 NAS-Identifier = "GGFILE02" Called-Station-Id = "yasarapn" Framed-Protocol = GPRS-PDP-Context Service-Type = Framed-User NAS-Port-Type = Virtual NAS-Port = 143607256 CHAP-Challenge = 0x2e302fefb09604035cfe4022945bfbd8 User-Name = "tevfikceydeliler" CHAP-Password = 0x01a1b18b5f3a772a9107bee3ee400ff60e Calling-Station-Id = "905308507313" Wed Jan 13 12:17:33 2010 : Info: +- entering group authorize {...} Wed Jan 13 12:17:33 2010 : Info: ++[preprocess] returns ok Wed Jan 13 12:17:33 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/auth-detail-20100113 Wed Jan 13 12:17:33 2010 : Info: [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/auth-detail-20100113 Wed Jan 13 12:17:33 2010 : Debug: expand: %t -> Wed Jan 13 12:17:33 2010 Wed Jan 13 12:17:33 2010 : Info: ++[auth_log] returns ok Wed Jan 13 12:17:33 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100113 Wed Jan 13 12:17:33 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100113 Wed Jan 13 12:17:33 2010 : Debug: expand: %t -> Wed Jan 13 12:17:33 2010 Wed Jan 13 12:17:33 2010 : Info: ++[detail] returns ok Wed Jan 13 12:17:33 2010 : Info: [chap] Setting 'Auth-Type := CHAP' Wed Jan 13 12:17:33 2010 : Info: ++[chap] returns ok Wed Jan 13 12:17:33 2010 : Info: ++[mschap] returns noop Wed Jan 13 12:17:33 2010 : Info: [suffix] No '@' in User-Name = "tevfikceydeliler", looking up realm NULL Wed Jan 13 12:17:33 2010 : Info: [suffix] No such realm "NULL" Wed Jan 13 12:17:33 2010 : Info: ++[suffix] returns noop Wed Jan 13 12:17:33 2010 : Info: [eap] No EAP-Message, not doing EAP Wed Jan 13 12:17:33 2010 : Info: ++[eap] returns noop Wed Jan 13 12:17:33 2010 : Info: ++[unix] returns notfound Wed Jan 13 12:17:33 2010 : Info: ++[files] returns noop Wed Jan 13 12:17:33 2010 : Info: ++[expiration] returns noop Wed Jan 13 12:17:33 2010 : Info: ++[logintime] returns noop >>>>>>>Wed Jan 13 12:17:33 2010 : Info: [pap] WARNING! No "known good" password >>>>>>>found for the user. Authentication may fail because of this. >>>>>>>Wed Jan 13 12:17:33 2010 : Info: ++[pap] returns noop >>>>>>>Wed Jan 13 12:17:33 2010 : Info: Found Auth-Type = CHAP >>>>>>>Wed Jan 13 12:17:33 2010 : Info: +- entering group CHAP {...} >>>>>>>Wed Jan 13 12:17:33 2010 : Info: [chap] login attempt by >>>>>>>"tevfikceydeliler" with CHAP password >>>>>>>Wed Jan 13 12:17:33 2010 : Info: [chap] Cleartext-Password is required >>>>>>>for authentication >>>>>>>Wed Jan 13 12:17:33 2010 : Info: ++[chap] returns invalid >>>>>>>Wed Jan 13 12:17:33 2010 : Info: Failed to authenticate the user. >>>>>>>Wed Jan 13 12:17:33 2010 : Auth: Login incorrect (rlm_chap: Clear text >>>>>>>password not available): [tevfikceydeliler/<CHAP-Password>] (from client >>>>>>>turkcellAPN port 143607256 cli 905308507313) >>>>>>>Wed Jan 13 12:17:33 2010 : Info: Using Post-Auth-Type Reject Wed Jan 13 12:17:33 2010 : Info: +- entering group REJECT {...} Wed Jan 13 12:17:33 2010 : Debug: expand: %{User-Name} -> tevfikceydeliler Wed Jan 13 12:17:33 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11 Wed Jan 13 12:17:33 2010 : Info: ++[attr_filter.access_reject] returns updated Wed Jan 13 12:17:33 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100113 Wed Jan 13 12:17:33 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100113 Wed Jan 13 12:17:33 2010 : Debug: expand: %t -> Wed Jan 13 12:17:33 2010 Wed Jan 13 12:17:33 2010 : Info: ++[detail] returns ok Wed Jan 13 12:17:33 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/reply-detail-20100113 Wed Jan 13 12:17:33 2010 : Info: [reply_log] /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/reply-detail-20100113 Wed Jan 13 12:17:33 2010 : Debug: expand: %t -> Wed Jan 13 12:17:33 2010 Wed Jan 13 12:17:33 2010 : Info: ++[reply_log] returns ok Wed Jan 13 12:17:33 2010 : Info: Delaying reject of request 0 for 3 seconds Wed Jan 13 12:17:33 2010 : Debug: Going to the next request Wed Jan 13 12:17:33 2010 : Debug: Waking up in 0.9 seconds. Wed Jan 13 12:17:34 2010 : Debug: Waking up in 1.9 seconds. Wed Jan 13 12:17:36 2010 : Info: Sending delayed reject for request 0 Sending Access-Reject of id 206 to 172.30.80.1 port 4778 Wed Jan 13 12:17:36 2010 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.30.80.1 port 1806, id=237, length=139 NAS-IP-Address = 172.30.80.1 NAS-Identifier = "GGFILE02" Called-Station-Id = "yasarapn" Framed-Protocol = GPRS-PDP-Context Service-Type = Framed-User NAS-Port-Type = Virtual NAS-Port = 193325448 CHAP-Challenge = 0x2e302fefb09604035cfe4022945bfbd8 User-Name = "tevfikceydeliler" CHAP-Password = 0x01a1b18b5f3a772a9107bee3ee400ff60e Calling-Station-Id = "905308507313" Wed Jan 13 12:17:36 2010 : Info: +- entering group authorize {...} Wed Jan 13 12:17:36 2010 : Info: ++[preprocess] returns ok Wed Jan 13 12:17:36 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/auth-detail-20100113 Wed Jan 13 12:17:36 2010 : Info: [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/auth-detail-20100113 Wed Jan 13 12:17:36 2010 : Debug: expand: %t -> Wed Jan 13 12:17:36 2010 Wed Jan 13 12:17:36 2010 : Info: ++[auth_log] returns ok Wed Jan 13 12:17:36 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100113 Wed Jan 13 12:17:36 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100113 Wed Jan 13 12:17:36 2010 : Debug: expand: %t -> Wed Jan 13 12:17:36 2010 Wed Jan 13 12:17:36 2010 : Info: ++[detail] returns ok Wed Jan 13 12:17:36 2010 : Info: [chap] Setting 'Auth-Type := CHAP' Wed Jan 13 12:17:36 2010 : Info: ++[chap] returns ok Wed Jan 13 12:17:36 2010 : Info: ++[mschap] returns noop Wed Jan 13 12:17:36 2010 : Info: [suffix] No '@' in User-Name = "tevfikceydeliler", looking up realm NULL Wed Jan 13 12:17:36 2010 : Info: [suffix] No such realm "NULL" Wed Jan 13 12:17:36 2010 : Info: ++[suffix] returns noop Wed Jan 13 12:17:36 2010 : Info: [eap] No EAP-Message, not doing EAP Wed Jan 13 12:17:36 2010 : Info: ++[eap] returns noop Wed Jan 13 12:17:36 2010 : Info: ++[unix] returns notfound Wed Jan 13 12:17:36 2010 : Info: ++[files] returns noop Wed Jan 13 12:17:36 2010 : Info: ++[expiration] returns noop Wed Jan 13 12:17:36 2010 : Info: ++[logintime] returns noop Wed Jan 13 12:17:36 2010 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. Wed Jan 13 12:17:36 2010 : Info: ++[pap] returns noop Wed Jan 13 12:17:36 2010 : Info: Found Auth-Type = CHAP Wed Jan 13 12:17:36 2010 : Info: +- entering group CHAP {...} Wed Jan 13 12:17:36 2010 : Info: [chap] login attempt by "tevfikceydeliler" with CHAP password Wed Jan 13 12:17:36 2010 : Info: [chap] Cleartext-Password is required for authentication Wed Jan 13 12:17:36 2010 : Info: ++[chap] returns invalid Wed Jan 13 12:17:36 2010 : Info: Failed to authenticate the user. Wed Jan 13 12:17:36 2010 : Auth: Login incorrect (rlm_chap: Clear text password not available): [tevfikceydeliler/<CHAP-Password>] (from client turkcellAPN port 193325448 cli 905308507313) Wed Jan 13 12:17:36 2010 : Info: Using Post-Auth-Type Reject Wed Jan 13 12:17:36 2010 : Info: +- entering group REJECT {...} Wed Jan 13 12:17:36 2010 : Debug: expand: %{User-Name} -> tevfikceydeliler Wed Jan 13 12:17:36 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11 Wed Jan 13 12:17:36 2010 : Info: ++[attr_filter.access_reject] returns updated Wed Jan 13 12:17:36 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100113 Wed Jan 13 12:17:36 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100113 Wed Jan 13 12:17:36 2010 : Debug: expand: %t -> Wed Jan 13 12:17:36 2010 Wed Jan 13 12:17:36 2010 : Info: ++[detail] returns ok Wed Jan 13 12:17:36 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/reply-detail-20100113 Wed Jan 13 12:17:36 2010 : Info: [reply_log] /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/reply-detail-20100113 Wed Jan 13 12:17:36 2010 : Debug: expand: %t -> Wed Jan 13 12:17:36 2010 Wed Jan 13 12:17:36 2010 : Info: ++[reply_log] returns ok Wed Jan 13 12:17:36 2010 : Info: Delaying reject of request 1 for 3 seconds Wed Jan 13 12:17:36 2010 : Debug: Going to the next request Wed Jan 13 12:17:36 2010 : Debug: Waking up in 0.9 seconds. Wed Jan 13 12:17:37 2010 : Debug: Waking up in 1.9 seconds. Wed Jan 13 12:17:39 2010 : Info: Sending delayed reject for request 1 Sending Access-Reject of id 237 to 172.30.80.1 port 1806 Wed Jan 13 12:17:39 2010 : Debug: Waking up in 1.9 seconds. Wed Jan 13 12:17:41 2010 : Info: Cleaning up request 0 ID 206 with timestamp +165 Wed Jan 13 12:17:41 2010 : Debug: Waking up in 3.0 seconds. Wed Jan 13 12:17:44 2010 : Info: Cleaning up request 1 ID 237 with timestamp +168 Wed Jan 13 12:17:44 2010 : Debug: Ready to process requests. ##########################################################################
 Tevfik Ceydeliler Hello Tevfik, Run radius in debug mode (radius -X) and then try to authenticate the user. You should have enough information in the debug to figure out the problem. If you still can't figure it out paste your debug output here. You may also want to mention what version of freeradius you're using. Adrian -----Original Message----- From: freeradius-users-bounces+adrian=dsl4u...@lists.freeradius.org [mailto:freeradius-users-bounces+adrian=dsl4u...@lists.freeradius.org] On Behalf Of Tevfik Ceydeliler Sent: Tuesday, January 12, 2010 2:15 AM To: freeradius-users@lists.freeradius.org Subject: My Static IP Client conf. not work Hi Adrian, I change the operator for Framed IP Address and Netmask. But nothing changed. Client get Access-Accept but no IP address assigned. I check it with "ipconfig" Regards... Tevfik Ceydeliler Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system. ------------------------------ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest, Vol 57, Issue 38 ************************************************ Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html