freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user / sites-enabled
Klaus Schinkinger
sysadmin at dkcm.jku.at
Mon Mar 8 16:00:05 CET 2010
Hi guys!
I got this error as you can see from the subject, as far as I have
learned now this is due to me not having any sites-enabled, problem is I
don't even know which ones to enable.
So here's what I am actually trying to accomplish:
Currently we have a freeradius in the version 1.1.13 running on Debian
Etch and I want to port this to 2.1.18 on Lenny, which isn't that easy
as the config files/structure have completely changed...
The server does not ask for any user-names or passwords but simply
authenticates/authorizes with certificates (which have to be "unlocked"
with a password).
I'd be very thankful if you could tell me what to enter to
sites-enabled, further if you could look over my config to see if i got
any other parameters set wrong:
falcon:/etc/freeradius# freeradius -Xxx
Mon Mar 8 15:02:43 2010 : Info: FreeRADIUS Version 2.1.8, for host
i486-pc-linux-gnu, built on Jan 3 2010 at 15:51:52
Mon Mar 8 15:02:43 2010 : Info: Copyright (C) 1999-2009 The FreeRADIUS
server project and contributors.
Mon Mar 8 15:02:43 2010 : Info: There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A
Mon Mar 8 15:02:43 2010 : Info: PARTICULAR PURPOSE.
Mon Mar 8 15:02:43 2010 : Info: You may redistribute copies of
FreeRADIUS under the terms of the
Mon Mar 8 15:02:43 2010 : Info: GNU General Public License v2.
Mon Mar 8 15:02:43 2010 : Info: Starting - reading configuration files ...
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/radiusd.conf
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/proxy.conf
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/clients.conf
Mon Mar 8 15:02:43 2010 : Debug: including files in directory
/etc/freeradius/modules/
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/files
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/digest
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/detail.example.com
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/always
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/exec
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/perl
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/radutmp
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/sql_log
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/sqlcounter_expire_on_login
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/logintime
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/echo
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/sradutmp
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/etc_group
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/smbpasswd
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/expr
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/krb5
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/ippool
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/chap
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/otp
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/mac2vlan
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/cui
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/policy
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/mac2ip
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/linelog
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/acct_unique
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/mschap
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/attr_filter
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/expiration
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/preprocess
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/pam
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/ntlm_auth
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/passwd
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/attr_rewrite
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/checkval
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/smsotp
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/ldap
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/pap
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/wimax
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/detail.log
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/realm
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/unix
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/counter
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/inner-eap
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/modules/detail
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/eap.conf
Mon Mar 8 15:02:43 2010 : Debug: including configuration file
/etc/freeradius/policy.conf
Mon Mar 8 15:02:43 2010 : Debug: including files in directory
/etc/freeradius/sites-enabled/
Mon Mar 8 15:02:43 2010 : Debug: main {
Mon Mar 8 15:02:43 2010 : Debug: user = "freerad"
Mon Mar 8 15:02:43 2010 : Debug: group = "freerad"
Mon Mar 8 15:02:43 2010 : Debug: allow_core_dumps = no
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: including dictionary file
/etc/freeradius/dictionary
Mon Mar 8 15:02:43 2010 : Debug: main {
Mon Mar 8 15:02:43 2010 : Debug: prefix = "/usr"
Mon Mar 8 15:02:43 2010 : Debug: localstatedir = "/var"
Mon Mar 8 15:02:43 2010 : Debug: logdir = "/var/log/freeradius"
Mon Mar 8 15:02:43 2010 : Debug: libdir = "/usr/lib/freeradius"
Mon Mar 8 15:02:43 2010 : Debug: radacctdir =
"/var/log/freeradius/radacct"
Mon Mar 8 15:02:43 2010 : Debug: hostname_lookups = no
Mon Mar 8 15:02:43 2010 : Debug: max_request_time = 30
Mon Mar 8 15:02:43 2010 : Debug: cleanup_delay = 5
Mon Mar 8 15:02:43 2010 : Debug: max_requests = 1024
Mon Mar 8 15:02:43 2010 : Debug: pidfile =
"/var/run/freeradius/freeradius.pid"
Mon Mar 8 15:02:43 2010 : Debug: checkrad = "/usr/sbin/checkrad"
Mon Mar 8 15:02:43 2010 : Debug: debug_level = 0
Mon Mar 8 15:02:43 2010 : Debug: proxy_requests = yes
Mon Mar 8 15:02:43 2010 : Debug: log {
Mon Mar 8 15:02:43 2010 : Debug: stripped_names = no
Mon Mar 8 15:02:43 2010 : Debug: auth = yes
Mon Mar 8 15:02:43 2010 : Debug: auth_badpass = yes
Mon Mar 8 15:02:43 2010 : Debug: auth_goodpass = yes
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: security {
Mon Mar 8 15:02:43 2010 : Debug: max_attributes = 200
Mon Mar 8 15:02:43 2010 : Debug: reject_delay = 1
Mon Mar 8 15:02:43 2010 : Debug: status_server = yes
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: radiusd: #### Loading Realms and Home
Servers ####
Mon Mar 8 15:02:43 2010 : Debug: proxy server {
Mon Mar 8 15:02:43 2010 : Debug: retry_delay = 5
Mon Mar 8 15:02:43 2010 : Debug: retry_count = 3
Mon Mar 8 15:02:43 2010 : Debug: default_fallback = no
Mon Mar 8 15:02:43 2010 : Debug: dead_time = 120
Mon Mar 8 15:02:43 2010 : Debug: wake_all_if_all_dead = no
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: home_server localhost {
Mon Mar 8 15:02:43 2010 : Debug: ipaddr = 127.0.0.1
Mon Mar 8 15:02:43 2010 : Debug: port = 1812
Mon Mar 8 15:02:43 2010 : Debug: type = "auth"
Mon Mar 8 15:02:43 2010 : Debug: secret = "testing123"
Mon Mar 8 15:02:43 2010 : Debug: response_window = 20
Mon Mar 8 15:02:43 2010 : Debug: max_outstanding = 65536
Mon Mar 8 15:02:43 2010 : Debug: require_message_authenticator = no
Mon Mar 8 15:02:43 2010 : Debug: zombie_period = 40
Mon Mar 8 15:02:43 2010 : Debug: status_check = "status-server"
Mon Mar 8 15:02:43 2010 : Debug: ping_interval = 30
Mon Mar 8 15:02:43 2010 : Debug: check_interval = 30
Mon Mar 8 15:02:43 2010 : Debug: num_answers_to_alive = 3
Mon Mar 8 15:02:43 2010 : Debug: num_pings_to_alive = 3
Mon Mar 8 15:02:43 2010 : Debug: revive_interval = 120
Mon Mar 8 15:02:43 2010 : Debug: status_check_timeout = 4
Mon Mar 8 15:02:43 2010 : Debug: irt = 2
Mon Mar 8 15:02:43 2010 : Debug: mrt = 16
Mon Mar 8 15:02:43 2010 : Debug: mrc = 5
Mon Mar 8 15:02:43 2010 : Debug: mrd = 30
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: home_server_pool my_auth_failover {
Mon Mar 8 15:02:43 2010 : Debug: type = fail-over
Mon Mar 8 15:02:43 2010 : Debug: home_server = localhost
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: realm example.com {
Mon Mar 8 15:02:43 2010 : Debug: auth_pool = my_auth_failover
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: realm LOCAL {
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: radiusd: #### Loading Clients ####
Mon Mar 8 15:02:43 2010 : Debug: client 193.170.38.103 {
Mon Mar 8 15:02:43 2010 : Debug: require_message_authenticator = no
Mon Mar 8 15:02:43 2010 : Debug: secret = "wlan-ap7"
Mon Mar 8 15:02:43 2010 : Debug: shortname = "ap7"
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: client 193.170.38.101 {
Mon Mar 8 15:02:43 2010 : Debug: require_message_authenticator = no
Mon Mar 8 15:02:43 2010 : Debug: secret = "wlan-ap9"
Mon Mar 8 15:02:43 2010 : Debug: shortname = "ap9"
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: client 193.170.38.100 {
Mon Mar 8 15:02:43 2010 : Debug: require_message_authenticator = no
Mon Mar 8 15:02:43 2010 : Debug: secret = "wlan-ap10"
Mon Mar 8 15:02:43 2010 : Debug: shortname = "ap10"
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: client 193.170.39.105 {
Mon Mar 8 15:02:43 2010 : Debug: require_message_authenticator = no
Mon Mar 8 15:02:43 2010 : Debug: secret = "wlan-ap5"
Mon Mar 8 15:02:43 2010 : Debug: shortname = "ap5"
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: client 193.170.37.94 {
Mon Mar 8 15:02:43 2010 : Debug: require_message_authenticator = no
Mon Mar 8 15:02:43 2010 : Debug: secret = "wlan-ap5"
Mon Mar 8 15:02:43 2010 : Debug: shortname = "ap5"
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: client 127.0.0.1 {
Mon Mar 8 15:02:43 2010 : Debug: require_message_authenticator = no
Mon Mar 8 15:02:43 2010 : Debug: secret = "wlan-ap5"
Mon Mar 8 15:02:43 2010 : Debug: shortname = "ap5"
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: client 193.170.38.104 {
Mon Mar 8 15:02:43 2010 : Debug: require_message_authenticator = no
Mon Mar 8 15:02:43 2010 : Debug: secret = "wlan-ap6"
Mon Mar 8 15:02:43 2010 : Debug: shortname = "ap6"
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: client 193.170.38.102 {
Mon Mar 8 15:02:43 2010 : Debug: require_message_authenticator = no
Mon Mar 8 15:02:43 2010 : Debug: secret = "wlan-ap8"
Mon Mar 8 15:02:43 2010 : Debug: shortname = "ap8"
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: client 193.170.38.99 {
Mon Mar 8 15:02:43 2010 : Debug: require_message_authenticator = no
Mon Mar 8 15:02:43 2010 : Debug: secret = "wlan-ap11"
Mon Mar 8 15:02:43 2010 : Debug: shortname = "ap11"
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: client 193.170.38.98 {
Mon Mar 8 15:02:43 2010 : Debug: require_message_authenticator = no
Mon Mar 8 15:02:43 2010 : Debug: secret = "wlan-ap12"
Mon Mar 8 15:02:43 2010 : Debug: shortname = "ap12"
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: radiusd: #### Instantiating modules ####
Mon Mar 8 15:02:43 2010 : Debug: instantiate {
Mon Mar 8 15:02:43 2010 : Debug: (Loaded rlm_exec, checking if it's
valid)
Mon Mar 8 15:02:43 2010 : Debug: Module: Linked to module rlm_exec
Mon Mar 8 15:02:43 2010 : Debug: Module: Instantiating exec
Mon Mar 8 15:02:43 2010 : Debug: exec {
Mon Mar 8 15:02:43 2010 : Debug: wait = no
Mon Mar 8 15:02:43 2010 : Debug: input_pairs = "request"
Mon Mar 8 15:02:43 2010 : Debug: shell_escape = yes
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: (Loaded rlm_expr, checking if it's
valid)
Mon Mar 8 15:02:43 2010 : Debug: Module: Linked to module rlm_expr
Mon Mar 8 15:02:43 2010 : Debug: Module: Instantiating expr
Mon Mar 8 15:02:43 2010 : Debug: (Loaded rlm_expiration, checking
if it's valid)
Mon Mar 8 15:02:43 2010 : Debug: Module: Linked to module rlm_expiration
Mon Mar 8 15:02:43 2010 : Debug: Module: Instantiating expiration
Mon Mar 8 15:02:43 2010 : Debug: expiration {
Mon Mar 8 15:02:43 2010 : Debug: reply-message = "Password Has
Expired "
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: (Loaded rlm_logintime, checking if
it's valid)
Mon Mar 8 15:02:43 2010 : Debug: Module: Linked to module rlm_logintime
Mon Mar 8 15:02:43 2010 : Debug: Module: Instantiating logintime
Mon Mar 8 15:02:43 2010 : Debug: logintime {
Mon Mar 8 15:02:43 2010 : Debug: reply-message = "You are calling
outside your allowed timespan "
Mon Mar 8 15:02:43 2010 : Debug: minimum-timeout = 60
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: radiusd: #### Loading Virtual Servers ####
Mon Mar 8 15:02:43 2010 : Debug: server {
Mon Mar 8 15:02:43 2010 : Debug: modules {
Mon Mar 8 15:02:43 2010 : Debug: } # modules
Mon Mar 8 15:02:43 2010 : Debug: } # server
Mon Mar 8 15:02:43 2010 : Debug: radiusd: #### Opening IP addresses and
Ports ####
Mon Mar 8 15:02:43 2010 : Debug: listen {
Mon Mar 8 15:02:43 2010 : Debug: type = "auth"
Mon Mar 8 15:02:43 2010 : Debug: ipaddr = *
Mon Mar 8 15:02:43 2010 : Debug: port = 1812
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: listen {
Mon Mar 8 15:02:43 2010 : Debug: type = "acct"
Mon Mar 8 15:02:43 2010 : Debug: ipaddr = *
Mon Mar 8 15:02:43 2010 : Debug: port = 0
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: Listening on authentication address *
port 1812
Mon Mar 8 15:02:43 2010 : Debug: Listening on accounting address * port
1813
Mon Mar 8 15:02:43 2010 : Debug: Listening on proxy address * port 1814
Mon Mar 8 15:02:43 2010 : Info: Ready to process requests.
The complete error message was by the way:
Ready to process requests.
rad_recv: Access-Request packet from host 193.170.39.105 port 1027,
id=1, length=109
NAS-IP-Address = 193.170.39.105
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
Calling-Station-Id = "0019d296e00f"
Called-Station-Id = "00118550acf5"
NAS-Identifier = "wlan-ap5"
EAP-Message = 0x0201000501
Message-Authenticator = 0x793e8d344397eca7613421f7d482b309
WARNING: Empty section. Using default return values.
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [<no User-Name attribute>/<no User-Password attribute>]
(from client ap5 port 1 cli 0019d296e00f)
Delaying reject of request 3 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 1 to 193.170.39.105 port 1027
Waking up in 4.9 seconds.
Cleaning up request 3 ID 1 with timestamp +852861
Ready to process requests
I tried this with several different methods, meaning also with user-name
and password...
If you need me to provide any further info please let me know!
Your's Klaus
More information about the Freeradius-Users
mailing list