help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnu-radius] User Access was Denied in Dial-Up

From: Julio César Mejia Vergara
Subject: [Help-gnu-radius] User Access was Denied in Dial-Up
Date: Tue, 13 Apr 2004 12:45:42 -0700
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113 
Hi There,

Sorry for the first message.
I'm traing to configure GNU Radius for validating users via Access Servers using PPP, we allready have an existing Radius Server Running Liningston Radius 2.0.1 on Solaris x86, we want to upgrade to Solaris 8 and GNU Radius. I have allready compiled GNU Radius and made some test using Local Authentication for user authentication for a Cisco Router, so i now the radius server is working and logging correctly. 
Here is the users configuration i used for that test that was succesfull:

jume Auth-Type = Local,
       Password = "Packers02",
       Simultaneous-Use = 1
   Service-Type = Login-User
Now since i allready have the Livingston Radius working with PPP i copied the users file of that radius and used it for the GNU Radius, i restarted GNU Radius and it did not send me any error messages in the /var/log/radius.log. Here is the output of the radius.log: 

Apr 12 19:52:51 Main.info: Starting
Apr 12 19:52:51 Main.info: Terminating the subprocesses
Apr 12 19:52:51 Main.info: Loading configuration files.
Apr 12 19:52:51 Main.info: reading /usr/local/etc/raddb/config
Apr 12 19:52:51 Main.info: /usr/local/etc/raddb/users reloaded.
Apr 12 19:52:51 Main.info: Ready
Apr 12 19:52:51 Main.info: Ready to process requests.
So i think the users file is ok, here is and users entry from the users file: 

migo    Password = "telnor2k", Framed-Protocol = PPP
           Service-Type = Framed-User,
           Framed-Protocol = PPP,
           Framed-IP-Address = 255.255.255.254,
           Framed-Routing = Broadcast-Listen,
           Framed-MTU = 1500

ceni    Password = "610128", Framed-Protocol = PPP
           Service-Type = Framed-User,
           Framed-Protocol = PPP,
           Framed-IP-Address = 255.255.255.254,
       Framed-IPX-Network = 255.255.255.254,
           Framed-Routing = Broadcast-Listen,
           Framed-MTU = 1500

ednu    Password = "1958", Framed-Protocol = PPP
           Service-Type = Framed-User,
           Framed-Protocol = PPP,
           Framed-IP-Address = 255.255.255.254,
       Framed-IPX-Network = 255.255.255.254,
           Framed-Routing = Broadcast-Listen,
           Framed-MTU = 1500
Allso my access server uses ports 1645 and 1646 for authentication and logging and not the 1812 and 1813 that GNU radius uses, so i changed the port on the client.conf file (i dont now if i need to edit another file to change the port. Here is my client.conf file: 

server local 127.0.0.1 intranet 1645 1646
source_ip 147.15.34.160
timeout 3
retry 1
Here are the rest of the config files in the raddb directory that i modified, the rest were left with there default configuration: 

- clients
127.0.0.1        intranet
147.15.81.6        intranet
147.15.34.160           intranet
147.15.34.8             intranet
147.15.68.129           intranet

- config
option {
   max-requests 1024;
   resolve no;
};

logging {
   prefix-hook "default_log_prefix";
   channel default {
       file "radius.log";
       print-category yes;
       print-level yes;
   };
   channel info {
       file "radius.info";
       print-pid yes;
}; channel debug { 
       file "radius.debug";
       print-category yes;
       print-level yes;
       print-priority yes;
   };
   category auth {
       print-auth yes;
       print-failed-pass yes;
   };
   category info {
       channel info;
   };
   category =debug {
       channel debug;
   };
   category * {
       channel default;
   };
};

auth {
   max-requests 127;
   request-cleanup-delay 2;
   detail yes;
   strip-names yes;
   checkrad-assume-logged yes;
};

acct {
   max-requests 127;
   request-cleanup-delay 2;
};

rewrite {
   load "checknas.rw";
   load "log-hook.rw";
};

message {
   account-closed "Tu cuenta de DialUp fue Cancelada";
   access-denied "Acceso Denegado";
}; 
# snmp {
#     listen no;
# }; 
- naslist
127.0.0.1        local        true
147.15.81.6             prueba1        true
147.15.34.160        piopico        true
So finally here is my problem, when i try to login with my laptop via Dial-UP a get the following error:
Error 691 - Access was denied because the username and/or password was invalid on the domain.
I dont now if the users file is wrong or if there is a problem with the port numbers i'm using. 

Any ideas of what i'm doing wrong?

Thanks
Julio
reply via email to
[Prev in Thread] Current Thread [Next in Thread]