Here's the output from `freeradius -X` for one attempted user login:
rad_recv: Access-Request packet from host AS5300:1645, id=32, length=88
NAS-IP-Address = AS5300
NAS-Port = 47
NAS-Port-Type = Async
User-Name = Pheilmann
Called-Station-Id = 6811527
Okay, after doing these tests, we can see that the Cisco is now accepting
the packets.
However, the AS5300 is now telling us no appropriate authorization type
for user. Here's the logs from the AS5300 (XX.XX.XX.X is the new server,
XX.XX.XX.Y is the backup that was offline for the duration of the
G'day Ernie,
What value are you sending for Service-Type? Best way to check is
radiusd -X, and watch for the Access-Accept that freeradius sends, in
case your authorization config isn't quite right.
Cheers,
James.
Ernie Dunbar wrote:
Okay, after doing these tests, we can see that the
G'day Ernie,
Can you sniff on the AS5300 and ensure the Access-Accept packets are
arriving before the 3 second (default) timeout?
Yes, we tried that. The access-accept packets aren't arriving at all!
Does it work if you temporarily disable the Simultaneous-Use check?
No, that doesn't work
G'day Ernie,
Can you sniff on the AS5300 and ensure the Access-Accept packets are
arriving before the 3 second (default) timeout?
Yes, we tried that. The access-accept packets aren't arriving at all!
Does it work if you temporarily disable the Simultaneous-Use check?
No, that doesn't work
Hi Ernie,
* Run radiusd -X and check that Access-Accept is being sent, and how
long after the Access-Request this is.
* Verify with tcpdump that the packet is actually getting onto the wire.
* Check for iptables rules/access-lists that might be dropping/rejecting
the packets.
* Make sure
This isn't a duplicate, I've just included more information about our
configuration.
We have a Cisco AS5300 for our dialup pool. It is able to log into our new
FreeRadius server and make authentication requests, but users are not able
to authenticate.
It's very strange, because FreeRadius
Title: RE: Server logs say users authenticate, but they don't (Now with more details!)
Is the server multihomed ?
It often happends that the server will recieve a request on one IP address and send out a reply using a different address with a multihomed system.
If your system has multiple
: Server logs say users authenticate, but they don't (Now with more
details!)
This isn't a duplicate, I've just included more information about our
configuration.
We have a Cisco AS5300 for our dialup pool. It is able to log into our new
FreeRadius server and make authentication requests
Ernie Dunbar wrote:
No, it's not multihomed, but on a lark I tried it anyway (since there's
two network cards in it, but one isn't used). It still doesn't work.
G'day Ernie,
Can you sniff on the AS5300 and ensure the Access-Accept packets are
arriving before the 3 second (default) timeout?
10 matches
Mail list logo