Hi Alain, According your suggestion I delete " Packet-Type == Access-Request" -I wrote down to config according to SecOvid manual-, and,I dont think that problem is home server because home server accept requests when user IP comes from IP pool.This problem happens for only user who wanna use static ip.
All problem is, the user must static IP, cant connect. As you see the log below, radius asks sends request and home server accept in first request: ... ... Wed Jan 20 10:01:07 2010 : Debug: Going to the next request Wed Jan 20 10:01:07 2010 : Debug: Waking up in 0.9 seconds. ##########HERE IS ACCESS ACCEPT >rad_recv: Access-Accept packet from host 10.1.1.51 port 1812, id=107, length=24 Proxy-State = 0x3530 Wed Jan 20 10:01:07 2010 : Info: +- entering group post-proxy {...} Wed Jan 20 10:01:07 2010 : Info: [eap] No pre-existing handler found Wed Jan 20 10:01:07 2010 : Info: ++[eap] returns noop Wed Jan 20 10:01:07 2010 : Info: Found Auth-Type = CHAP Wed Jan 20 10:01:07 2010 : Info: Found Auth-Type = Accept Wed Jan 20 10:01:07 2010 : Error: Warning: Found 2 auth-types on request for user 'tevfikceydeliler' >>>>>>>>>>>>>>>>>>>ERROR HERE Wed Jan 20 10:01:07 2010 : Info: Auth-Type = Accept, accepting the user Wed Jan 20 10:01:07 2010 : Info: +- entering group post-auth {...} Wed Jan 20 10:01:07 2010 : Info: [main_pool] Could not find Pool-Name attribute. Wed Jan 20 10:01:07 2010 : Info: ++[main_pool] returns noop Wed Jan 20 10:01:07 2010 : Info: [birmas] Could not find Pool-Name attribute. Wed Jan 20 10:01:07 2010 : Info: ++[birmas] returns noop Wed Jan 20 10:01:07 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100120 Wed Jan 20 10:01:07 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100120 Wed Jan 20 10:01:07 2010 : Debug: expand: %t -> Wed Jan 20 10:01:07 2010 Wed Jan 20 10:01:07 2010 : Info: ++[detail] returns ok Wed Jan 20 10:01:07 2010 : Info: ++[exec] returns noop Sending Access-Accept of id 50 to 172.30.80.1 port 2005 Wed Jan 20 10:01:07 2010 : Info: Finished request 1. Wed Jan 20 10:01:07 2010 : Debug: Going to the next request Wed Jan 20 10:01:07 2010 : Debug: Waking up in 4.9 seconds. ###########AGAIN ACCESS-REQUEST > rad_recv: Access-Request packet from host 172.30.80.1 port 1806, id=154, length=139 NAS-IP-Address = 172.30.80.1 NAS-Identifier = "GGFILE02" Called-Station-Id = "yasarapn" Framed-Protocol = GPRS-PDP-Context Service-Type = Framed-User NAS-Port-Type = Virtual NAS-Port = 40329920 CHAP-Challenge = 0x224a9ef9367e1507dc0e1114ce97e66b User-Name = "tevfikceydeliler" CHAP-Password = 0x0142e9c0c54eb5526890378c5f4d16ff35 Calling-Station-Id = "905308507313" Wed Jan 20 10:01:07 2010 : Info: +- entering group authorize {...} Wed Jan 20 10:01:07 2010 : Info: ++[preprocess] returns ok Wed Jan 20 10:01:07 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100120 Wed Jan 20 10:01:07 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100120 Wed Jan 20 10:01:07 2010 : Debug: expand: %t -> Wed Jan 20 10:01:07 2010 Wed Jan 20 10:01:07 2010 : Info: ++[detail] returns ok Wed Jan 20 10:01:07 2010 : Info: [chap] Setting 'Auth-Type := CHAP' Wed Jan 20 10:01:07 2010 : Info: ++[chap] returns ok Wed Jan 20 10:01:07 2010 : Info: ++[mschap] returns noop Wed Jan 20 10:01:07 2010 : Info: [suffix] No '@' in User-Name = "tevfikceydeliler", looking up realm NULL Wed Jan 20 10:01:07 2010 : Info: [suffix] No such realm "NULL" Wed Jan 20 10:01:07 2010 : Info: ++[suffix] returns noop Wed Jan 20 10:01:07 2010 : Info: [eap] No EAP-Message, not doing EAP Wed Jan 20 10:01:07 2010 : Info: ++[eap] returns noop Wed Jan 20 10:01:07 2010 : Info: ++[unix] returns notfound Wed Jan 20 10:01:07 2010 : Info: [files] users: Matched entry tevfikceydeliler at line 219 Wed Jan 20 10:01:07 2010 : Info: ++[files] returns ok Wed Jan 20 10:01:07 2010 : Info: ++[expiration] returns noop Wed Jan 20 10:01:07 2010 : Info: ++[logintime] returns noop Wed Jan 20 10:01:07 2010 : Info: ++[pap] returns noop Wed Jan 20 10:01:07 2010 : Info: +- entering group pre-proxy {...} Wed Jan 20 10:01:07 2010 : Debug: expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/172.30.80.1/detail-20100120 Wed Jan 20 10:01:07 2010 : Info: [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/172.30.80.1/detail-20100120 Wed Jan 20 10:01:07 2010 : Debug: expand: %t -> Wed Jan 20 10:01:07 2010 Wed Jan 20 10:01:07 2010 : Info: ++[detail] returns ok Sending Access-Request of id 115 to 10.1.1.51 port 1812 NAS-IP-Address = 172.30.80.1 NAS-Identifier = "GGFILE02" Called-Station-Id = "yasarapn" Framed-Protocol = GPRS-PDP-Context Service-Type = Framed-User NAS-Port-Type = Virtual NAS-Port = 40329920 CHAP-Challenge = 0x224a9ef9367e1507dc0e1114ce97e66b User-Name = "tevfikceydeliler" CHAP-Password = 0x0142e9c0c54eb5526890378c5f4d16ff35 Calling-Station-Id = "905308507313" Proxy-State = 0x313534 Wed Jan 20 10:01:07 2010 : Info: Proxying request 2 to home server 10.1.1.51 port 1812 Sending Access-Request of id 115 to 10.1.1.51 port 1812 NAS-IP-Address = 172.30.80.1 NAS-Identifier = "GGFILE02" Called-Station-Id = "yasarapn" Framed-Protocol = GPRS-PDP-Context Service-Type = Framed-User NAS-Port-Type = Virtual NAS-Port = 40329920 CHAP-Challenge = 0x224a9ef9367e1507dc0e1114ce97e66b User-Name = "tevfikceydeliler" CHAP-Password = 0x0142e9c0c54eb5526890378c5f4d16ff35 Calling-Station-Id = "905308507313" Proxy-State = 0x313534 Wed Jan 20 10:01:07 2010 : Debug: Going to the next request Wed Jan 20 10:01:07 2010 : Debug: Waking up in 0.9 seconds. rad_recv: Access-Reject packet from host 10.1.1.51 port 1812, id=115, length=25 Proxy-State = 0x313534 Wed Jan 20 10:01:07 2010 : Info: +- entering group post-proxy {...} Wed Jan 20 10:01:07 2010 : Info: [eap] No pre-existing handler found Wed Jan 20 10:01:07 2010 : Info: ++[eap] returns noop Wed Jan 20 10:01:07 2010 : Info: Using Post-Auth-Type Reject Wed Jan 20 10:01:07 2010 : Info: +- entering group REJECT {...} ... ... Then I dont know why but access request comes again. And home server (OTP server) looks itself and sees that this password is used before for this userand then reject it. İt is very normal beahviour for Home server. Because it is One Time Password server. ------------------------------ Message: 3 Date: Wed, 20 Jan 2010 12:58:28 +0100 From: Alan DeKok <al...@deployingradius.com> Subject: Re: Can't Assign IP address my users To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <4b56efe4.1080...@deployingradius.com> Content-Type: text/plain; charset=UTF-8 Tevfik Ceydeliler wrote: > Hi, > My problem is, If I try to assign a static I address to my user, I got error. > I have Secovid OTP server as realm. And my all users use token to create > password. > In test case, when I try to connect to my radius server via gprs I see some > error: > ... > .... > Wed Jan 20 10:01:07 2010 : Error: Warning: Found 2 auth-types on request for > user 'tevfikceydeliler' > ... > ... > I did not edit DEFAULTS. > My users settings is here: > tevfikceydeliler Packet-Type == Access-Request , You don't need to check Packet-Type. Delete it. > Here is the my logs: > r...@radiusii:/etc/freeradius# freeradius -Xxx Why "-Xxx" ? What's wrong with following the documentation? > rad_recv: Access-Reject packet from host 10.1.1.51 port 1812, id=115, > length=25 > Proxy-State = 0x313534 Well... the home server rejects the user. Go fix the home server. Alan DeKok. Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html