RADIUS error -812, "Access Rejected, No Such User"
(Last modified: 27Aug2002)
This document (10057584) is provided subject to the disclaimer at the end of this document.
fact
Novell NetWare 5.0
Novell NetWare 5.1
Novell BorderManager Authentication Services 3.0
Novell BorderManager Authentication Services 3.5
symptom
RADIUS error -812, "Access Rejected, No Such User"
Error when authenticating via RADIUS
ERROR:[(date) (time)] Access Rejected [IP address of RADIUS client], [username], No such user (As shown in the SYS:ETC\RADIUS\LOG\yyyymmdd.log file.)
cause
Possible causes:
- User Object does not exist.
- Lookup Context was not specified.
- User entered the username incorrectly (distinguished name syntax error).
- Dial Access System object does not have Browse and Read rights to the User object.
- Username Resolution has NDS Find specified instead of Lookup Context.
fix
Possible solutions:
Make sure the user attempting to authenticate is a valid NDS user.
Ensure the username was typed correctly.
Enter the users distinguished name, with leading period and full context. (I.e .username.accounting.company)
If Common Name login is enabled, ensure the appropriate container is specified in the Lookup Context.
Run a full, unattended DSREPAIR.
Ensure that the Dial Access System Object has Browse and Read rights to the desired user object.
Use Lookup Context instead of NDS Find when multiple users containers exist.
Note: NDS Find only allows common name lookup for users located in the same container as the DAS object. All users in other containers would still need to use their full distinguished name (including a leading period). Unless all users are located in this container, you must use Lookup Context for username resolution.
Additional Info:
Using the advanced RADIUS debug options, 'RADIUS DEBUGLOG ON', the following is displayed in the RADDBG.log file (Located in SYS:ETC\RADIUS\DEBUG):
[2000-09-30 08:18:25 AM] -------- START : (Access-Request (1)) ---
[2000-09-30 08:18:25 AM] CACHE: CacheDomainListExist(DAS.Novell), using cache <<Note: DAS.Novell = Dial Access System Object name>>
[2000-09-30 08:18:25 AM] AuthRequestHandler(), Calling RequestHandler.
[2000-09-30 08:18:25 AM] CACHE: CacheReadSecretForNASAddress(DAS.Novell), using cache
[2000-09-30 08:18:25 AM] CACHE: CacheGetEnableCNLogin(DAS.Novell), using cache
[2000-09-30 08:18:25 AM] (->)CacheGetDNForName(testuser), failed, no such user (-812) <<Note: testuser = username trying to authenticate>>
[2000-09-30 08:18:25 AM] ->Sending Access-Reject (3) [(ip) 192.168.0.1 (1025)] count=20
[2000-09-30 08:18:25 AM] ->Inserting into RespQ , code(3) id(109).
[2000-09-30 08:18:25 AM] -------- END : (Access-Request (1)) ---Using the advanced RADIUS debug options, 'RADIUS DEBUGLOG ON', the following is displayed in the RADDBG.log file (Located in SYS:ETC\RADIUS\DEBUG):
[2000-09-30 08:18:25 AM] -------- START : (Access-Request (1)) ---
[2000-09-30 08:18:25 AM] CACHE: CacheDomainListExist(DAS.Novell), using cache <<Note: DAS.Novell = Dial Access System Object name>>
[2000-09-30 08:18:25 AM] AuthRequestHandler(), Calling RequestHandler.
[2000-09-30 08:18:25 AM] CACHE: CacheReadSecretForNASAddress(DAS.Novell), using cache
[2000-09-30 08:18:25 AM] CACHE: CacheGetEnableCNLogin(DAS.Novell), using cache
[2000-09-30 08:18:25 AM] (->)CacheGetDNForName(testuser), failed, no such user (-812) <<Note: testuser = username trying to authenticate>>
[2000-09-30 08:18:25 AM] ->Sending Access-Reject (3) [(ip) 192.168.0.1 (1025)] count=20
[2000-09-30 08:18:25 AM] ->Inserting into RespQ , code(3) id(109).
[2000-09-30 08:18:25 AM] -------- END : (Access-Request (1)) ---
document
| Document Title: | RADIUS error -812, "Access Rejected, No Such User" |
| Document ID: | 10057584 |
| Solution ID: | NOVL29094 |
| Creation Date: | 12Oct2000 |
| Modified Date: | 27Aug2002 |
| Novell Product Class: | Novell BorderManager Services |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.