Unknown value specified for Autz-Type, freeradius 2.1.3

Kent Nasveschuk knasveschuk at mbl.edu
Mon Dec 22 19:51:34 CET 2008


Hello,

Having a little problem with "Unknown value specified for Autz-Type". 
OS CentOS 5
Freeradius version 2.1.3 latest
I have this working on a 1.1.3 version that ships with CentOS 5 but having a little problem here.

I actually have 2 LDAP sources for testing. One source is used for the switch (Enterasys) that does MAC authentication the other does 802.1x. The records are in different parts of the LDAP tree. The 802.1x works fine. The error message at the bottom is the one I get from the MAC authentication.



raddb/modules/ldap:

...
        ldap devices {
                server = "192.168.1.12"
                identity = "uid=xxxx,ou=xxxx,dc=mbl,dc=edu"
                password = xxxxxx
                basedn = "ou=devices,ou=network,dc=mbl,dc=edu"
                filter = "(cn=%{User-Name})"
                tls {
                start_tls = no
                }
                tls_mode = no
                dictionary_mapping = ${raddbdir}/ldap.attrmap
                edir_account_policy_check = no
                ldap_cache_timeout = 120
                ldap_cache_size = 0
                ldap_connections_number = 10
                password_attribute = userPassword
                timeout = 3
                timelimit = 5
                net_timeout = 1
                compare_check_items = no
                dictionary_mapping = ${confdir}/ldap.attrmap
                access_attr = "radiusFilterId"
                set_auth_type = yes
        }
...

raddb/sites-enabled/inner-tunnel:

...
authorize {
        Autz-Type DEVICES {
        devices
        }
...
}

...
authenticate {
        Auth-Type DEVICES {
        devices
        }
...
}

raddb/sites-enabled/users:

# TEST C2 MAC
DEFAULT Auth-Type := DEVICES, Auth-Type := ACCEPT, Autz-Type := DEVICES, Client-IP-Address == "192.168.1.15"
        Filter-Id := "Enterasys:version=1:policy=D-Unregistered",
        Fall-Through =  yes


radiusd -X (MAC authentication failure): 

...
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.15 port 49152, id=62, length=146
	User-Name = "00-11-24-80-40-7A"
	Service-Type = Framed-User
	Called-Station-Id = "00-01-F4-5C-97-80"
	Calling-Station-Id = "00-11-24-80-40-7A"
	NAS-IP-Address = 192.168.1.15
	NAS-Port = 17
	NAS-Port-Type = Ethernet
	NAS-Port-Id = "ge.1.17"
	User-Password = "xxxxxxx"
	Message-Authenticator = 0x21da3669c869a962c6270f0cee3d3bac
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "00-11-24-80-40-7A", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] 	expand: %{Client-IP-Address} -> 192.168.1.15
[files] 	expand: %{Client-IP-Address} -> 192.168.1.15
[files] users: Matched entry DEFAULT at line 5
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Using Autz-Type DEVICES
  WARNING: Unknown value specified for Autz-Type.  Cannot perform requested action.
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 62 to 192.168.1.15 port 49152
	Filter-Id := "Enterasys:version=1:policy=D-Unregistered"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 62 with timestamp +2
Ready to process requests.

Any help wold be appreciated.

Kent

Kent L. Nasveschuk
Systems Administrator


----------------------------
Marine Biological Laboratory
7 MBL St.
Woods Hole, MA 02543



More information about the Freeradius-Users mailing list