Experiencing a proplem with pap authentication using Freeradius 2.2.2

dwnek at dollartree.com dwnek at dollartree.com
Fri Nov 15 21:20:58 CET 2013 

I apologize if I came across as anti-social Alan.

To me, Arran's wording seemed very insipid so I answered how I felt.  I am
certainly not someone who relishes in starting trouble and do not seek to
alienate myself from any assistance this forum can provide.

Here is another try at presenting what I sent in the email you deleted.
Basically this is where I am at...

Me: I stood up a new server with a new IP address and version 2.2.2 which
is replacing another server running 2.1.8 and am unable to get a device
with PAP selected to authenticate as it does on the older server.
You: RADIUS is *very* dependent on IP addresses.
Me: I understand. I had even shutdown the IP on the production server for a
moment and brought up the same IP on the new server, modified the listen
lines in radiusd.conf and restarted radius on the new server..but no
change.

Me: Here is the output from starting up freeradius 2.2.2 in -Xxx debug mode
You: PLEASE follow instructions.  We don't need the extra crap produced by
"-Xxx".  Just "-X" is good enough.
Me: Okay, henceforth I will only post -X output.

Me: If anyone can help me to resolve this I would be greatly appreciative.
I can answer any questions and post configuration file contents if
required.
You: The point of the debug output is that you usually don't need to post
the config files.  The ones which are used produce useful information in
the debug output.  The ones which aren't used don't matter.
Me: Okay, henceforth I will refrain from offering to post config files.

>From my debug: Fri Nov 15 09:25:30 2013 : Info: ++[eap] = noop
Fri Nov 15 09:25:30 2013 : Info: [files] users: Matched entry dwnek at line
22
Fri Nov 15 09:25:30 2013 : Info: [files]        expand: Hello, %{User-Name}
-> Hello, dwnek
You: So... what's that entry on line 22?  Does it contain a password for
the user?
Me: The entry on line 22 of the users file is my username of dwnek.  The
following two lines contain the following..
Reply-Message = "Hello, %{User-Name}",
Symbol-Admin-Role = SuperUser,

>From my debug: Fri Nov 15 09:25:30 2013 : Info: [pap] WARNING! No "known
good" password found for the user.  Authentication may fail because of
this.
You: Which means that entry doesn't contain a password for the user.
Me: That is correct. On the old server we are using passwords
in /etc/shadow to authenticate users.

Me: I got it working by uncommenting the "unix" line under the "authorize"
section of the raddb/sites-available/default file. I am hoping that this
was the best way to fix authenticating users via /etc/shadow? I am guessing
that I should probably uncomment it under the "authenticate" and
"accounting" sections as well?

I am now just seeking a response to my last two statements about how I got
it to work.

Thank You,
Derek






From:	Alan DeKok <aland at deployingradius.com>
To:	FreeRadius users mailing list
            <freeradius-users at lists.freeradius.org>
Date:	11/15/2013 02:53 PM
Subject:	Re: Experiencing a proplem with pap authentication	using
            Freeradius	2.2.2
Sent by:	<freeradius-users-bounces
            +dwnek=dollartree.com at lists.freeradius.org>



dwnek at dollartree.com wrote:
> Thank you Arran... your last remark was EXTREMELY un-helpful.

  You should have found it very helpful.  I couldn't make head or tails
out of your last message, because it was so mis-formatted.  So I deleted
it.

  i.e. your anti-social mail client means we're less inclined to help you.

  If you want help, your *last* priority should be making it difficult
for people to help you.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list