WARNING about auth-type = Local

Johan Meiring jmeiring at pcservices.co.za
Wed Sep 21 18:45:50 CEST 2011


On 2011/09/21 06:19 PM, Alan DeKok wrote:
> Johan Meiring wrote:
>> My authorise and authenticate section looks like this.
>>
>>    authorize {
>>      authorisation_log
>>      chap
>>      mschap
>>      sql
> 
> 	pap
> 
>>    }
> 
>    You need the "pap" module last in the "authorize" section.  It will
> set Auth-Type for you.
> 
>    In 3.0, the "Auth-Type = Local" warnings will likely go away, because
> the server *won't* set it.  Instead, you'll just get "no Auth-Type"
> 
>> Do I need to concern myself with the warning?
> 
>    Yes.  Use the "pap" module as noted above.
> 
>    See the default configuration file for why this is necessary.
> 


Hi,

Thanks, makes perfect sense.

Now it looks like this.

----------------------------------------------
[sql] User found in radcheck table
rlm_sql (sql): Released sql socket id: 2
+++[sql] returns ok
++- else else returns ok
++[chap] returns noop
++[mschap] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/custom
+- entering group PAP {...}
[pap] login attempt with password "password"
[pap] Using clear text password "password"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/custom
+- entering group post-auth {...}
------------------------------------


What now interests me, is how authentication worked at all previously?

An invalid password WAS actually rejected, without the "pap" module showing that it is running.
The only reference in the debug that showed that the password was actually checked was one of the following:

User-Password in the request is correct

or

User-Password in the request does NOT match "known good" password.
Failed to authenticate the user.

Is that the "local" module?

Thanks again for super support!
Even paid support cannot get close to this.

Cheers,


-- 


Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782

--------------------
Before acting on this email or opening any attachments
you should read Cape PC Service's email disclaimer at:

http://www.pcservices.co.za/disclaimer.html




More information about the Freeradius-Users mailing list