Re: Server logs say users authenticate, but they don't (Now with more details!)

Here's the output from `freeradius -X` for one attempted user login: rad_recv: Access-Request packet from host AS5300:1645, id=32, length=88 NAS-IP-Address = AS5300 NAS-Port = 47 NAS-Port-Type = Async User-Name = Pheilmann Called-Station-Id = 6811527

Re: Server logs say users authenticate, but they don't (Now with more details!)

Okay, after doing these tests, we can see that the Cisco is now accepting the packets. However, the AS5300 is now telling us no appropriate authorization type for user. Here's the logs from the AS5300 (XX.XX.XX.X is the new server, XX.XX.XX.Y is the backup that was offline for the duration of the

Re: Server logs say users authenticate, but they don't (Now with more details!)

G'day Ernie, What value are you sending for Service-Type? Best way to check is radiusd -X, and watch for the Access-Accept that freeradius sends, in case your authorization config isn't quite right. Cheers, James. Ernie Dunbar wrote: Okay, after doing these tests, we can see that the

Re: Server logs say users authenticate, but they don't (Now with more details!)

G'day Ernie, Can you sniff on the AS5300 and ensure the Access-Accept packets are arriving before the 3 second (default) timeout? Yes, we tried that. The access-accept packets aren't arriving at all! Does it work if you temporarily disable the Simultaneous-Use check? No, that doesn't work

Re: Server logs say users authenticate, but they don't (Now with more details!)

G'day Ernie, Can you sniff on the AS5300 and ensure the Access-Accept packets are arriving before the 3 second (default) timeout? Yes, we tried that. The access-accept packets aren't arriving at all! Does it work if you temporarily disable the Simultaneous-Use check? No, that doesn't work

Re: Server logs say users authenticate, but they don't (Now with more details!)

Hi Ernie, * Run radiusd -X and check that Access-Accept is being sent, and how long after the Access-Request this is. * Verify with tcpdump that the packet is actually getting onto the wire. * Check for iptables rules/access-lists that might be dropping/rejecting the packets. * Make sure

Server logs say users authenticate, but they don't (Now with more details!)

This isn't a duplicate, I've just included more information about our configuration. We have a Cisco AS5300 for our dialup pool. It is able to log into our new FreeRadius server and make authentication requests, but users are not able to authenticate. It's very strange, because FreeRadius

RE: Server logs say users authenticate, but they don't (Now with more details!)

Title: RE: Server logs say users authenticate, but they don't (Now with more details!) Is the server multihomed ? It often happends that the server will recieve a request on one IP address and send out a reply using a different address with a multihomed system. If your system has multiple

RE: Server logs say users authenticate, but they don't (Now with more details!)

: Server logs say users authenticate, but they don't (Now with more details!) This isn't a duplicate, I've just included more information about our configuration. We have a Cisco AS5300 for our dialup pool. It is able to log into our new FreeRadius server and make authentication requests

Re: Server logs say users authenticate, but they don't (Now with more details!)

Ernie Dunbar wrote: No, it's not multihomed, but on a lark I tried it anyway (since there's two network cards in it, but one isn't used). It still doesn't work. G'day Ernie, Can you sniff on the AS5300 and ensure the Access-Accept packets are arriving before the 3 second (default) timeout?