No authenticate method (Auth-Type) found for the request

Beeblebrox zaphod at berentweb.com
Thu Jan 17 21:20:39 CET 2013


> Do a WiFi connection, and read the debug output for *that*.
Good idea - I have some progress in debugging:

This snippet shows that at least SSL certs are working & being accepted
by radius:
++++-----------------------------------------------------+++
Thu Jan 17 21:58:15 2013 : Info: # Executing section authorize from file
/etc/freeradius2/sites/default
Thu Jan 17 21:58:15 2013 : Info: +- entering group authorize {...}
Thu Jan 17 21:58:15 2013 : Info: [eap] EAP packet type response id 255
length 208
Thu Jan 17 21:58:15 2013 : Info: [eap] Continuing tunnel setup.
Thu Jan 17 21:58:15 2013 : Info: ++[eap] returns ok
Thu Jan 17 21:58:15 2013 : Info: Found Auth-Type = EAP
Thu Jan 17 21:58:15 2013 : Info: # Executing group from file
/etc/freeradius2/sites/default
Thu Jan 17 21:58:15 2013 : Info: +- entering group authenticate {...}
Thu Jan 17 21:58:15 2013 : Info: [eap] Request found, released from the list
Thu Jan 17 21:58:15 2013 : Info: [eap] EAP/peap
Thu Jan 17 21:58:15 2013 : Info: [eap] processing type peap
Thu Jan 17 21:58:15 2013 : Info: [peap] processing EAP-TLS
Thu Jan 17 21:58:15 2013 : Debug:   TLS Length 198
Thu Jan 17 21:58:15 2013 : Info: [peap] Length Included
Thu Jan 17 21:58:15 2013 : Info: [peap] eaptls_verify returned 11
Thu Jan 17 21:58:15 2013 : Info: [peap] <<< TLS 1.0 Handshake [length
0086], ClientKeyExchange
Thu Jan 17 21:58:16 2013 : Info: [peap]     TLS_accept: SSLv3 read
client key exchange A
Thu Jan 17 21:58:16 2013 : Info: [peap] <<< TLS 1.0 ChangeCipherSpec
[length 0001]
Thu Jan 17 21:58:16 2013 : Info: [peap] <<< TLS 1.0 Handshake [length
0010], Finished
Thu Jan 17 21:58:16 2013 : Info: [peap]     TLS_accept: SSLv3 read
finished A
Thu Jan 17 21:58:16 2013 : Info: [peap] >>> TLS 1.0 ChangeCipherSpec
[length 0001]
Thu Jan 17 21:58:16 2013 : Info: [peap]     TLS_accept: SSLv3 write
change cipher spec A
Thu Jan 17 21:58:16 2013 : Info: [peap] >>> TLS 1.0 Handshake [length
0010], Finished
Thu Jan 17 21:58:16 2013 : Info: [peap]     TLS_accept: SSLv3 write
finished A
Thu Jan 17 21:58:16 2013 : Info: [peap]     TLS_accept: SSLv3 flush data
Thu Jan 17 21:58:16 2013 : Info: [peap]     (other): SSL negotiation
finished successfully
Thu Jan 17 21:58:16 2013 : Debug: SSL Connection Established
++++-----------------------------------------------------+++


OTHER INTERESTING CODE I FIND (No NT/LM-Password):
++++-----------------------------------------------------+++
hu Jan 17 21:58:16 2013 : Info: # Executing section authorize from file
/etc/freeradius2/sites/default
Thu Jan 17 21:58:16 2013 : Info: +- entering group authorize {...}
Thu Jan 17 21:58:16 2013 : Info: [eap] EAP packet type response id 2
length 65
Thu Jan 17 21:58:16 2013 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Thu Jan 17 21:58:16 2013 : Info: ++[eap] returns updated
Thu Jan 17 21:58:16 2013 : Info: ++[files] returns noop
Thu Jan 17 21:58:16 2013 : Info: [pap] WARNING! No "known good" password
found for the user.  Authentication may fail because of this.
Thu Jan 17 21:58:16 2013 : Info: ++[pap] returns noop
Thu Jan 17 21:58:16 2013 : Info: Found Auth-Type = EAP
Thu Jan 17 21:58:16 2013 : Info: # Executing group from file
/etc/freeradius2/sites/default
Thu Jan 17 21:58:16 2013 : Info: +- entering group authenticate {...}
Thu Jan 17 21:58:16 2013 : Info: [eap] Request found, released from the list
Thu Jan 17 21:58:16 2013 : Info: [eap] EAP/mschapv2
Thu Jan 17 21:58:16 2013 : Info: [eap] processing type mschapv2
Thu Jan 17 21:58:16 2013 : Info: [mschapv2] # Executing group from file
/etc/freeradius2/sites/default
Thu Jan 17 21:58:16 2013 : Info: [mschapv2] +- entering group MS-CHAP {...}
Thu Jan 17 21:58:16 2013 : Info: [mschap] No Cleartext-Password
configured.  Cannot create LM-Password.
Thu Jan 17 21:58:16 2013 : Info: [mschap] No Cleartext-Password
configured.  Cannot create NT-Password.
Thu Jan 17 21:58:16 2013 : Info: [mschap] Creating challenge hash with
username: pospda
Thu Jan 17 21:58:16 2013 : Info: [mschap] Client is using MS-CHAPv2 for
pospda, we need NT-Password
Thu Jan 17 21:58:16 2013 : Info: [mschap] FAILED: No NT/LM-Password.
Cannot perform authentication.
Thu Jan 17 21:58:16 2013 : Info: [mschap] FAILED: MS-CHAP2-Response is
incorrect
Thu Jan 17 21:58:16 2013 : Info: ++[mschap] returns reject
Thu Jan 17 21:58:16 2013 : Info: [eap] Freeing handler
Thu Jan 17 21:58:16 2013 : Info: ++[eap] returns reject
Thu Jan 17 21:58:16 2013 : Info: Failed to authenticate the user.
Thu Jan 17 21:58:16 2013 : Auth: Login incorrect: [pospda/<via Auth-Type
= EAP>] (from client localhost port 1 cli 00-1F-1F-91-32-E4 via TLS tunnel)
++++-----------------------------------------------------+++

This I did not configure & probaly should?
> how does the RADIUS server know how to authenticate the user?

Many many thanks.


More information about the Freeradius-Users mailing list