[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: RE: Client Doesn't establish tunnel
From: "Ravila White" <rwhite () drugstore ! com>
Date: 2004-01-31 1:15:51
Message-ID: 7698096B5B256749AD1112014F821403DBD7CC () seaems005c ! corp ! drugstore ! com
[Download RAW message or body]
I have verified that the failure is with the following attribute:
connect-info = "string"
I have added this attribute to the /usr/local/etc/raddb/dictionary file
The connect-info attribute is defined in the users file as a default entry (this has \
always been defined)
Might anyone know why the NAS is not recognizing the attribute I've passed. As I \
understand it, connect-info is the group that the VPN user belongs to. This group is \
defined on the NAS/Concentrator as well as in the users file.
debug from freeradius shows that it hangs on at the connect-info attribute, debug on \
my concentrator: No Connect-Info for testrav (should be group info)
Bad config from RADIUS server for testrav
No Policy, "", for user, testrav
Has anyone gotten free radius to authenticate using the users file against VPN 5000?
thxs./rav
-----Original Message-----
From: Ravila White
Sent: Friday, January 30, 2004 2:00 PM
To: 'freeradius-users@lists.freeradius.org'
Subject: re: Client Doesn't establish tunnel
Hello, I've added an additional attribute to try and establish the tunnel:
in /usr/local/etc/raddb/dictionary: Attribute Tunnel-Throughput 1 integer
in /usr/loal/etc/raddb/users: Tunnel-Throughput=1
I also modified the users to file to stop the warning of 2 Auth types. Does anyone in \
the group have any idea of why I cannot establish my tunnel??? I've provided the \
output below. Additionally I'm running: solaris 2.6
freeradius 0.9.3
thanks in advance for your suggestions.
rad_recv: Access-Request packet from host 192.168.4.2:2050, id=8, length=72
NAS-IP-Address = 192.168.4.2
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
NAS-Port = 0
Tunnel-Throughput = 0x74657374726176
CHAP-Password = 0x383fd2c096e21396538a2c1fe51f4b460f
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 0
modcall[authorize]: module "eap" returns noop for request 0
rlm_realm: No '@' in User-Name = "testrav", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched testrav at 60
users: Matched DEFAULT at 519
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
modcall: entering group Auth-Type for request 0
rlm_chap: login attempt by "testrav" with CHAP password
rlm_chap: Using clear text password P@ssw0rd1 for user testrav authentication.
rlm_chap: chap user testrav authenticated succesfully
modcall[authenticate]: module "chap" returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Login OK: [testrav/<CHAP-Password>] (from client phlvpn2 port 0)
Sending Access-Accept of id 8 to 192.168.4.2:2050
User-Service-Type = Login-User
Tunnel-Password:0 = "P@ssw0rd1"
Tunnel-Throughput = 1
Connect-Info = "abroad"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 9 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 8 with timestamp 401abcb6
Nothing to do. Sleeping until we see a request.
-----Original Message-----
From: Ravila White
Sent: Thursday, January 29, 2004 3:21 PM
To: 'freeradius-users@lists.freeradius.org'
Subject: RE: Client Doesn't establish tunnel
Ok Thank you. I've included what I see when running radiusd in debug mode. The reason \
I indicated that I was seeing LDAP responses is because this is what my VPN \
concentrator is showing.
thanks again for your help./rav
rad_recv: Access-Request packet from host 10.100.4.2:2050, id=40, length=72
NAS-IP-Address = 10.100.4.2
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
NAS-Port = 0
User-Name = "testrav"
CHAP-Password = 0xcbd4fb1bdab455f9988f978992a31a266f
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 0
modcall[authorize]: module "eap" returns noop for request 0
rlm_realm: No '@' in User-Name = "testrav", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched testrav at 60
users: Matched DEFAULT at 517
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type CHAP
rad_check_password: Found Auth-Type CHAP
Warning: Found 2 auth-types on request for user 'testrav'
auth: type "CHAP"
modcall: entering group Auth-Type for request 0
rlm_chap: login attempt by "testrav" with CHAP password
rlm_chap: Using clear text password P@ssw0rd1 for user testrav authentication.
rlm_chap: chap user testrav authenticated succesfully
modcall[authenticate]: module "chap" returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Login OK: [testrav/<CHAP-Password>] (from client phlvpn2 port 0)
Sending Access-Accept of id 40 to 10.100.4.2:2050
Tunnel-Password:0 = "P@ssw0rd1"
Connect-Info = "abroad"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 9 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 40 with timestamp 40199623
Nothing to do. Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic