Working MAC-auth. in 1.1.7, not working in 2.0pre2 (noob-quiz).

Sun Sep 16 21:24:47 CEST 2007

Check what you have written in users file. Nothing matched.

Ivan Kalik
Kalik Informatika ISP

Dana 16/9/2007, "Piero Giobbi" <piero at news.fb.se> piše:

>Hi all.
>
>Im getting my hands dirty with radius and i really enjoying it
>to : ). Im totally new at this and im basically trying my way throu,
>lots of trying and loggreading as you can imagine. I got some things
>rolling, my firewalls pptp-auths and now my Proxim AP4000 with MAC-
>addr auth - just to hot.
>
>Now i just have to try the 2.0pre-release, to get prepared for the
>future. I have manually written in my clients and users in the
>version 2s configs. Everything works except for one small thing; now
>i can't login. These are the errors;
>
>rad_recv: Access-Request packet from host 10.0.5.200 port 6001, id=5,
>length=151
>         User-Name = "00-17-f2-ea-b1-3e"
>         User-Password = "00-17-f2-ea-b1-3e"
>         NAS-IP-Address = 10.0.5.200
>         Called-Station-Id = "00-20-a6-6f-93-bf:My Wireless Network B"
>         Calling-Station-Id = "00-17-f2-ea-b1-3e"
>         NAS-Port = 9
>         NAS-Port-Type = Wireless-802.11
>+- entering group authorize
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>++[unix] returns notfound
>     rlm_realm: No '@' in User-Name = "00-17-f2-ea-b1-3e", looking up
>realm NULL
>     rlm_realm: No such realm "NULL"
>++[suffix] returns noop
>   rlm_eap: No EAP-Message, not doing EAP
>++[eap] returns noop
>++[files] returns noop
>++[expiration] returns noop
>++[logintime] returns noop
>rlm_pap: WARNING! No "known good" password found for the user.
>Authentication may fail because of this.
>++[pap] returns noop
>auth: No authenticate method (Auth-Type) configuration found for the
>request: Rejecting the user
>auth: Failed to validate the user.
>Login incorrect: [00-17-f2-ea-b1-3e/00-17-f2-ea-b1-3e] (from client
>ap4000-intern port 9 cli 00-17-f2-ea-b1-3e)
>   Found Post-Auth-Type Reject
>+- entering group REJECT
>         expand: %{User-Name} -> 00-17-f2-ea-b1-3e
>  attr_filter: Matched entry DEFAULT at line 11
>++[attr_filter.access_reject] returns updated
>Delaying reject of request 0 for 1 seconds
>Going to the next request
>
>So, something is wrong with the default PAP-attributes. I look in the
>attr.access_reject-file and it guides me to the man-page. Unfortually
>it doesn't help me much, i tried PAP-Message=* ANY but it was a lame
>try. I haven't found any info about this either on the net (sorry if
>i missed something too easy).
>
>Now im stuck, all help are apreciated.