freeradius using linux user passwd

Matthew Newton mcn4 at leicester.ac.uk
Mon Jul 8 23:16:19 CEST 2013 

On Mon, Jul 08, 2013 at 01:49:47PM -0700, Julian Macassey wrote:
> 	I have a Netgear WiFi router set up for WPA2 Enterprise.
> It is pointed at a freeradius server. I am trying to use the
> username and password of that server to authenticate. It fails
> consistenty with: 
> 
> [pap] WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> ERROR: No authenticate method (Auth-Type) found for the request:
> Rejecting the user
> Failed to authenticate the user.

It looks like you've removed 'eap' from your default server
configuration. As WPA uses eap, you won't get far without it.

However, if you want to authenticate using the system
(/etc/passwd or shadow) database, then the only EAP type that's
going to work is EAP-TTLS/PAP. Windows older than Win8 don't
support that without a 3rd party supplicant, which is a barrier
for many people wanting to use it, so most dont.

In short the most likely things you want to do after adding eap
back in again are to use either a database with cleartext
passwords in it or use mschap (NTLM hash) passwords.

Matthew


> rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=73, length=162
> 	User-Name = "evergreen"
> 	NAS-IP-Address = 192.168.1.1
> 	NAS-Port = 0
> 	Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
> 	Calling-Station-Id = "00-1F-5B-C1-AB-24"
> 	Framed-MTU = 1400
> 	NAS-Port-Type = Wireless-802.11
> 	Connect-Info = "CONNECT 0Mbps 802.11b"
> 	EAP-Message = 0x02b1000e0165766572677265656e
> 	Message-Authenticator = 0x6f0e884ab22ca3b623c88cb2a8bab823
> # Executing section authorize from file /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "evergreen", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
> ++[pap] returns noop
> ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group REJECT {...}
> [attr_filter.access_reject] 	expand: %{User-Name} -> evergreen
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Sending Access-Reject of id 73 to 10.1.1.211 port 35032
> Waking up in 4.9 seconds.


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list