<html><body><div style="font-family: times new roman,new york,times,serif; font-size: 12pt; color: #000000"><div>Dear Kooman/Listers,</div><div><br data-mce-bogus="1"></div><div><div>I hope you are well. We have setup Radius authentication using LDAP and configured our eduVPN instance as a client on the RADIUS. However, any authentication requests from the eduVPN instance fails per the log below. Any ideas will be highly appreciated.</div><div><br></div><div>(0) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d</div><div>(0) auth_log: --> /var/log/freeradius/radacct/xx.xx.xx.xx/auth-detail-20210126</div><div>(0) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/xx.xx.xx.xx/auth-detail-20210126</div><div>(0) auth_log: EXPAND %t</div><div>(0) auth_log: --> Tue Jan 26 09:49:58 2021</div><div>(0) [auth_log] = ok</div><div>(0) suffix: Checking for suffix after "@"</div><div>(0) suffix: Looking up realm "kenet.or.ke" for User-Name = "jsaruni@kenet.or.ke"</div><div>(0) suffix: Found realm "kenet.or.ke"</div><div>(0) suffix: Adding Stripped-User-Name = "jsaruni"</div><div>(0) suffix: Adding Realm = "kenet.or.ke"</div><div>(0) suffix: Authentication realm is LOCAL</div><div>(0) [suffix] = ok</div><div><span style="background-color: rgb(255, 153, 0);" data-mce-style="background-color: #ff9900;">(0) eap: No EAP-Message, not doing EAP</span></div><div>(0) [eap] = noop</div><div>(0) } # authorize = ok</div><div>(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject</div><div>(0) Failed to authenticate the user</div><div>(0) Using Post-Auth-Type Reject</div><div>(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/eduroam</div><div>(0) Post-Auth-Type REJECT {</div><div>(0) reply_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d</div><div>(0) reply_log: --> /var/log/freeradius/radacct/xx.xx.xx.xx/reply-detail-20210126</div><div>(0) reply_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/xx.xx.xx.xx/reply-detail-20210126</div><div>(0) reply_log: EXPAND %t</div><div>(0) reply_log: --> Tue Jan 26 09:49:58 2021</div><div>(0) [reply_log] = ok</div><div>(0) f_ticks: EXPAND f_ticks.%{%{reply:Packet-Type}:-format}</div><div>(0) f_ticks: --> f_ticks.Access-Reject</div><div>(0) f_ticks: EXPAND F-TICKS/eduroam/1.0#REALM=%{Realm}#VISCOUNTRY=KE#VISINST=%{Operator-Name}#CSI=%{Calling-Station-Id}#RESULT=FAIL#</div><div>(0) f_ticks: --> F-TICKS/eduroam/1.0#REALM=kenet.or.ke#VISCOUNTRY=KE#VISINST=1kenet.or.ke#CSI=#RESULT=FAIL#</div><div>(0) f_ticks: EXPAND /var/log/freeradius/f_ticks/f_ticks.log</div><div>(0) f_ticks: --> /var/log/freeradius/f_ticks/f_ticks.log</div><div>(0) [f_ticks] = ok</div><div>(0) } # Post-Auth-Type REJECT = ok</div><div>(0) Sent Access-Reject Id 245 from yy.yy.yy.yy:1812 to xx.xx.xx.xx:29807 length 0</div><div>(0) Proxy-State = 0x313630</div><div>(0) Finished request</div></div><div><br></div><div data-marker="__SIG_PRE__"><div><span style="font-family: 'tahoma' , 'new york' , 'times' , serif; font-size: large;" data-mce-style="font-family: 'tahoma' , 'new york' , 'times' , serif; font-size: large;"></span><span style="font-size: medium; color: #000000;" data-mce-style="font-size: medium; color: #000000;">Regards,</span></div><div><span style="font-size: medium; color: #000000;" data-mce-style="font-size: medium; color: #000000;">John Saruni,</span><br><span style="font-size: medium; color: #000000;" data-mce-style="font-size: medium; color: #000000;">KENET TEAM.</span><br></div><div><br></div><div><span style="font-size: medium; color: #0000ff;" data-mce-style="font-size: medium; color: #0000ff;">Tel: +254-732150500 / +254-703044500</span><br><span style="font-size: medium; color: #0000ff;" data-mce-style="font-size: medium; color: #0000ff;"></span></div><div><span style="font-size: medium; color: #0000ff;" data-mce-style="font-size: medium; color: #0000ff;"><br></span></div><div><span style="color: #0000ff;" data-mce-style="color: #0000ff;">https://www.kenet.or.ke</span></div><div><span style="font-size: medium; color: #0000ff;" data-mce-style="font-size: medium; color: #0000ff;">https://cert.kenet.or.ke</span></div><div><br></div><div><p style="color: #222222; font-family: 'lora' , 'georgia' , 'times new roman' , 'times'; font-size: 16px; font-weight: normal; line-height: 25.6px; margin: 0px; padding: 0px; text-decoration: none; font-style: normal; font-variant: normal; letter-spacing: normal; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; text-align: justify; background-color: #ffffff;" data-mce-style="color: #222222; font-family: 'lora' , 'georgia' , 'times new roman' , 'times'; font-size: 16px; font-weight: normal; line-height: 25.6px; margin: 0px; padding: 0px; text-decoration: none; font-style: normal; font-variant: normal; letter-spacing: normal; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; text-align: justify; background-color: #ffffff;"><span style="font-size: x-small;" data-mce-style="font-size: x-small;"><em>“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked." — Richard Clarke</em></span></p></div></div></div></body></html>