still not working (newbie for radius)

gahn ipfreak at yahoo.com
Mon Sep 20 01:08:34 CEST 2010


thanks for the reply:

well, i had tried other configuration for "users":

bob     Cleartext-Password = "bob"
         Juniper-Local-User-Name = "labrat"

labrat is local login user id so that all of radius users will be mapped to that user. unfortunately, it is also failed though with no warning messages:

rad_recv: Access-Request packet from host 192.168.255.138 port 55206, id=152, length=57
        User-Name = "bob"
        User-Password = "bob"
        NAS-Identifier = "lab-r8"
        NAS-IP-Address = 150.150.0.1
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "bob", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> bob
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 152 to 192.168.255.138 port 55206
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.255.138 port 55206, id=152, length=57
Sending duplicate reply to client r8 port 55206 - ID: 152
Sending Access-Reject of id 152 to 192.168.255.138 port 55206
Waking up in 2.9 seconds.
Cleaning up request 0 ID 152 with timestamp +9
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.255.138 port 55206, id=152, length=57
        User-Name = "bob"
        User-Password = "bob"
        NAS-Identifier = "lab-r8"
        NAS-IP-Address = 150.150.0.1
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "bob", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> bob
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 152 to 192.168.255.138 port 55206
Waking up in 4.9 seconds.
Cleaning up request 1 ID 152 with timestamp +15
Ready to process requests.




--- On Sun, 9/19/10, Daniel Woodruffe <danny.woodruffe at yahoo.co.uk> wrote:

From: Daniel Woodruffe <danny.woodruffe at yahoo.co.uk>
Subject: Re: still not working (newbie for radius)
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Date: Sunday, September 19, 2010, 3:57 PM


I think it tells you in your debug what the problem is Gahn:

Found Auth-Type = Local
WARNING: Please update your configuration, and remove 'Auth-Type = Local'



--- On Sun, 19/9/10, gahn <ipfreak at yahoo.com> wrote:

From: gahn <ipfreak at yahoo.com>
Subject: still not working (newbie for radius)
To: freeradius-users at lists.freeradius.org
Date: Sunday, 19 September, 2010, 22:35

Hi all:

I apologize for the emails for such simple issue...:)

it is still not working. I have done all of your guys advised and tried to read through the documents, but...:(

here is my "client.conf" file:

client  192.168.255.138 {
       
 secret          = testing123
        nastype         = juniper
}

for my "users" file:

bob     Auth-Type := Local
        User-Password = "bob",
        Juniper-Local-User-Name = "labrat"

I started radius with "radiusd -X" and also started tcpdump process.

here is what i got from freerediaus debugging:

rad_recv: Access-Request packet from host 192.168.255.138 port 54462, id=202, length=57
        User-Name = "bob"
        User-Password = "bob"
        NAS-Identifier = "lab-r8"
        NAS-IP-Address = 150.150.0.1
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "bob", looking up realm
 NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry bob at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = Local
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No "known good" password was configured for the user.
As a result, we cannot authenticate the user.
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> bob
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns
 updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 202 to 192.168.255.138 port 54462
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.255.138 port 54462, id=202, length=57
Sending duplicate reply to client r8 port 54462 - ID: 202
Sending Access-Reject of id 202 to 192.168.255.138 port 54462
Waking up in 2.9 seconds.
Cleaning up request 0 ID 202 with timestamp +11
rad_recv: Access-Request packet from host 192.168.255.138 port 54462, id=202, length=57
        User-Name = "bob"
        User-Password = "bob"
        NAS-Identifier = "lab-r8"
        NAS-IP-Address = 150.150.0.1
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns
 noop
[suffix] No '@' in User-Name = "bob", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry bob at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = Local
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No "known good" password was configured for the user.
As a result, we cannot authenticate the user.
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> bob
 attr_filter: Matched entry
 DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 202 to 192.168.255.138 port 54462
Waking up in 4.9 seconds.
Cleaning up request 1 ID 202 with timestamp +18
Ready to process requests.

for tcpdump:

17:07:11.998936 IP 192.168.255.138.54462 > 192.168.255.128.radius: RADIUS, Access Request (1), id: 0xca length: 57
17:07:14.999487 IP 192.168.255.138.54462 > 192.168.255.128.radius: RADIUS, Access Request (1), id: 0xca length: 57


Interestingly, I only saw 'Access Request" came in, but I didn't see Access Reject messages.

any help would be greatly appreciated.

gahn


      
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





      
-----Inline Attachment Follows-----

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100919/d209280c/attachment.html>


More information about the Freeradius-Users mailing list