upgrade broke the users file - being read only partially - FR1.1.7 to FR2.0.2

Agent Smith news8080 at yahoo.com
Thu Feb 21 14:14:51 CET 2008


No love man.  

Changed the huntgroup defination and also changed the
sites-enabled/SERVER-1760 file to read. 

....
authorize {
        files
        #auth_log
        pap
}


authenticate {
        files # I also tried it without files here.
        pap
}
....


Debug output
-------------

Ready to process requests.
rad_recv: Access-Request packet from host 10.9.3.29
port 32889, id=174, length=61
        User-Name = "user1"
        User-Password = "abc123"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 171
server SERVER-1760 {
+- entering group authorize
        expand: %{User-Name} -> user1
    users: Matched entry DEFAULT at line 8
++[files] returns ok
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type Reject
  rad_check_password: Auth-Type = Reject, rejecting
user
auth: Failed to validate the user.
Login incorrect: [user1/abc123] (from client my-linux
port 171)
} # server SERVER-1760
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 174 to 10.9.3.29 port
32889
Waking up in 4.9 seconds.
Cleaning up request 0 ID 174 with timestamp +8
Ready to process requests.

--- Alan DeKok <aland at deployingradius.com> wrote:

> Agent Smith wrote:
> > user1 Auth-Type = Local, Cleartext-Password =
> > "abc123", Huntgroup-Name == "fetch"
> 
>   This should be:
> 
> user1 Cleartext-Password := "abc123", Huntgroup-Name
> ...
> 
>   i.e. Don't set Auth-Type.
> 
>   This will work in 1.1.7, too.
> 
> 
> >
>
=========================================================
> > huntgroups file
> > ----------------
> > fetch        Client-IP-Address == "10.9.3.29"
> 
>   Hmmm... the code supporting Client-IP-Address was
> changed a bit.  I
> think that may need to be reverted to the way it
> worked in 1.1.7.
> 
>   If you change this to Packet-Src-IP-Address ==
> 10.9.3.29, it should work.
> 
> > authenticate {
> >         files
> 
>   I'm not sure why you have that there.
> 
>   You SHOULD have at least the "pap" module here,
> and as the last module
> in the "authorize" section.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 



      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping



More information about the Freeradius-Users mailing list