Re: Can't Assign IP address my users

Tevfik Ceydeliler Wed, 20 Jan 2010 22:22:36 -0800

  Hi Alain,
According your suggestion I delete " Packet-Type == Access-Request" -I wrote 
down to config according to SecOvid manual-, and,I dont think that problem is 
home server because home server accept requests when user IP comes from IP 
pool.This problem happens for only user who wanna use static ip.


All problem is, the user must static IP, cant connect.
As you see the log below, radius asks sends request and home server accept in 
first request:
...
...
Wed Jan 20 10:01:07 2010 : Debug: Going to the next request
Wed Jan 20 10:01:07 2010 : Debug: Waking up in 0.9 seconds.
##########HERE IS ACCESS ACCEPT >rad_recv: Access-Accept packet from host 
10.1.1.51 port 1812, id=107, length=24
        Proxy-State = 0x3530
Wed Jan 20 10:01:07 2010 : Info: +- entering group post-proxy {...}
Wed Jan 20 10:01:07 2010 : Info: [eap] No pre-existing handler found
Wed Jan 20 10:01:07 2010 : Info: ++[eap] returns noop
Wed Jan 20 10:01:07 2010 : Info: Found Auth-Type = CHAP
Wed Jan 20 10:01:07 2010 : Info: Found Auth-Type = Accept
Wed Jan 20 10:01:07 2010 : Error: Warning:  Found 2 auth-types on request for 
user 'tevfikceydeliler'  >>>>>>>>>>>>>>>>>>>ERROR HERE
Wed Jan 20 10:01:07 2010 : Info: Auth-Type = Accept, accepting the user
Wed Jan 20 10:01:07 2010 : Info: +- entering group post-auth {...}
Wed Jan 20 10:01:07 2010 : Info: [main_pool] Could not find Pool-Name attribute.
Wed Jan 20 10:01:07 2010 : Info: ++[main_pool] returns noop
Wed Jan 20 10:01:07 2010 : Info: [birmas] Could not find Pool-Name attribute.
Wed Jan 20 10:01:07 2010 : Info: ++[birmas] returns noop
Wed Jan 20 10:01:07 2010 : Debug:       expand: 
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> 
/var/log/freeradius/radacct/172.30.80.1/detail-20100120
Wed Jan 20 10:01:07 2010 : Info: [detail] 
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to 
/var/log/freeradius/radacct/172.30.80.1/detail-20100120
Wed Jan 20 10:01:07 2010 : Debug:       expand: %t -> Wed Jan 20 10:01:07 2010
Wed Jan 20 10:01:07 2010 : Info: ++[detail] returns ok
Wed Jan 20 10:01:07 2010 : Info: ++[exec] returns noop
Sending Access-Accept of id 50 to 172.30.80.1 port 2005
Wed Jan 20 10:01:07 2010 : Info: Finished request 1.
Wed Jan 20 10:01:07 2010 : Debug: Going to the next request
Wed Jan 20 10:01:07 2010 : Debug: Waking up in 4.9 seconds.
###########AGAIN ACCESS-REQUEST > rad_recv: Access-Request packet from host 
172.30.80.1 port 1806, id=154, length=139
        NAS-IP-Address = 172.30.80.1
        NAS-Identifier = "GGFILE02"
        Called-Station-Id = "yasarapn"
        Framed-Protocol = GPRS-PDP-Context
        Service-Type = Framed-User
        NAS-Port-Type = Virtual
        NAS-Port = 40329920
        CHAP-Challenge = 0x224a9ef9367e1507dc0e1114ce97e66b
        User-Name = "tevfikceydeliler"
        CHAP-Password = 0x0142e9c0c54eb5526890378c5f4d16ff35
        Calling-Station-Id = "905308507313"
Wed Jan 20 10:01:07 2010 : Info: +- entering group authorize {...}
Wed Jan 20 10:01:07 2010 : Info: ++[preprocess] returns ok
Wed Jan 20 10:01:07 2010 : Debug:       expand: 
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> 
/var/log/freeradius/radacct/172.30.80.1/detail-20100120
Wed Jan 20 10:01:07 2010 : Info: [detail] 
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to 
/var/log/freeradius/radacct/172.30.80.1/detail-20100120
Wed Jan 20 10:01:07 2010 : Debug:       expand: %t -> Wed Jan 20 10:01:07 2010
Wed Jan 20 10:01:07 2010 : Info: ++[detail] returns ok
Wed Jan 20 10:01:07 2010 : Info: [chap] Setting 'Auth-Type := CHAP'
Wed Jan 20 10:01:07 2010 : Info: ++[chap] returns ok
Wed Jan 20 10:01:07 2010 : Info: ++[mschap] returns noop
Wed Jan 20 10:01:07 2010 : Info: [suffix] No '@' in User-Name = 
"tevfikceydeliler", looking up realm NULL
Wed Jan 20 10:01:07 2010 : Info: [suffix] No such realm "NULL"
Wed Jan 20 10:01:07 2010 : Info: ++[suffix] returns noop
Wed Jan 20 10:01:07 2010 : Info: [eap] No EAP-Message, not doing EAP
Wed Jan 20 10:01:07 2010 : Info: ++[eap] returns noop
Wed Jan 20 10:01:07 2010 : Info: ++[unix] returns notfound
Wed Jan 20 10:01:07 2010 : Info: [files] users: Matched entry tevfikceydeliler 
at line 219
Wed Jan 20 10:01:07 2010 : Info: ++[files] returns ok
Wed Jan 20 10:01:07 2010 : Info: ++[expiration] returns noop
Wed Jan 20 10:01:07 2010 : Info: ++[logintime] returns noop
Wed Jan 20 10:01:07 2010 : Info: ++[pap] returns noop
Wed Jan 20 10:01:07 2010 : Info: +- entering group pre-proxy {...}
Wed Jan 20 10:01:07 2010 : Debug:       expand: 
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> 
/var/log/freeradius/radacct/172.30.80.1/detail-20100120
Wed Jan 20 10:01:07 2010 : Info: [detail] 
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to 
/var/log/freeradius/radacct/172.30.80.1/detail-20100120
Wed Jan 20 10:01:07 2010 : Debug:       expand: %t -> Wed Jan 20 10:01:07 2010
Wed Jan 20 10:01:07 2010 : Info: ++[detail] returns ok
Sending Access-Request of id 115 to 10.1.1.51 port 1812
        NAS-IP-Address = 172.30.80.1
        NAS-Identifier = "GGFILE02"
        Called-Station-Id = "yasarapn"
        Framed-Protocol = GPRS-PDP-Context
        Service-Type = Framed-User
        NAS-Port-Type = Virtual
        NAS-Port = 40329920
        CHAP-Challenge = 0x224a9ef9367e1507dc0e1114ce97e66b
        User-Name = "tevfikceydeliler"
        CHAP-Password = 0x0142e9c0c54eb5526890378c5f4d16ff35
        Calling-Station-Id = "905308507313"
        Proxy-State = 0x313534
Wed Jan 20 10:01:07 2010 : Info: Proxying request 2 to home server 10.1.1.51 
port 1812
Sending Access-Request of id 115 to 10.1.1.51 port 1812
        NAS-IP-Address = 172.30.80.1
        NAS-Identifier = "GGFILE02"
        Called-Station-Id = "yasarapn"
        Framed-Protocol = GPRS-PDP-Context
        Service-Type = Framed-User
        NAS-Port-Type = Virtual
        NAS-Port = 40329920
        CHAP-Challenge = 0x224a9ef9367e1507dc0e1114ce97e66b
        User-Name = "tevfikceydeliler"
        CHAP-Password = 0x0142e9c0c54eb5526890378c5f4d16ff35
        Calling-Station-Id = "905308507313"
        Proxy-State = 0x313534
Wed Jan 20 10:01:07 2010 : Debug: Going to the next request
Wed Jan 20 10:01:07 2010 : Debug: Waking up in 0.9 seconds.
rad_recv: Access-Reject packet from host 10.1.1.51 port 1812, id=115, length=25
        Proxy-State = 0x313534
Wed Jan 20 10:01:07 2010 : Info: +- entering group post-proxy {...}
Wed Jan 20 10:01:07 2010 : Info: [eap] No pre-existing handler found
Wed Jan 20 10:01:07 2010 : Info: ++[eap] returns noop
Wed Jan 20 10:01:07 2010 : Info: Using Post-Auth-Type Reject
Wed Jan 20 10:01:07 2010 : Info: +- entering group REJECT {...}
...
...
Then I dont know why but access request  comes again.
And home server (OTP server) looks itself and sees that this password is used 
before for this userand then reject it. İt is very normal beahviour for Home 
server. Because it is One Time Password server.

------------------------------

Message: 3
Date: Wed, 20 Jan 2010 12:58:28 +0100
From: Alan DeKok <al...@deployingradius.com>
Subject: Re: Can't Assign IP address my  users
To: FreeRadius users mailing list
        <freeradius-users@lists.freeradius.org>
Message-ID: <4b56efe4.1080...@deployingradius.com>
Content-Type: text/plain; charset=UTF-8

Tevfik Ceydeliler wrote:
> Hi,
> My problem is, If I try to assign a static I address to my user, I got error.
> I have  Secovid OTP server as realm.  And my all users use token to create 
> password.
> In test case, when I try to connect to my radius server via gprs I see some 
> error:
> ...
> ....
> Wed Jan 20 10:01:07 2010 : Error: Warning:  Found 2 auth-types on request for 
> user 'tevfikceydeliler'
> ...
> ...
> I did not edit DEFAULTS.
> My users settings is here:
> tevfikceydeliler        Packet-Type == Access-Request ,


  You don't need to check Packet-Type.  Delete it.

> Here is the my logs:
> r...@radiusii:/etc/freeradius# freeradius -Xxx

  Why "-Xxx" ?  What's wrong with following the documentation?

> rad_recv: Access-Reject packet from host 10.1.1.51 port 1812, id=115, 
> length=25
>         Proxy-State = 0x313534

  Well... the home server rejects the user.  Go fix the home server.

  Alan DeKok.



Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece 
adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi 
ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi 
dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar 
ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail 
and any files transmitted with it are intended solely for the use of the 
individual or entity to whom they are addressed and Yasar Group Companies do 
not accept legal responsibility for the contents. If you are not the intended 
recipient, please immediately notify the sender and delete it from your system.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can't Assign IP address my users

Reply via email to