Auth-Type in authorize users' file

Angel L. Mateo amateo at um.es
Wed Feb 25 09:13:41 CET 2015


El 24/02/15 a las 15:28, Alan DeKok escribió:
>    It means the bug is fixed?
>
	Ah... Ok. I interpreted as I was doing something wrong. Sorry.

	Meanwhile, I've been looking for information. According to 
http://deployingradius.com/documents/configuration/auth_type.html 
(Common misuses section), Auth-Type main use is to force the user to be 
accepted or rejected, but Auth-Type should not be used. In the doc 
modules/ldap_howto.rst.gz doesn't use this too.

	According to this, I'm trying to remove the Auth-Type = LDAP on the 
users' file. But now the user is rejected and freeradius debug shows:

(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = 
Reject

	So, what is the correct way to configure?

	At this moment, the config I'm trying is:

authorize {
   preprocess
   suffix
   files
   ldap
}

authenticate {
   ldap
}

	and my user' authorization file is:

<login>
	Fall-Through = No

>> On Feb 24, 2015, at 8:49 AM, Angel L. Mateo <amateo at um.es> wrote:
>>
>>> El 24/02/15 a las 14:08, Alan DeKok escribió:
>>>> On Feb 24, 2015, at 7:10 AM, Angel L. Mateo <amateo at um.es> wrote:
>>>>     I'm updating my freeradius server from 2.2.x to 3.0.6.
>>>
>>>    3.0.7 was just released.
>>>
>>>>     This configuration is working with my current 2.2.0 server. But when I try to create the same configuration in a new 3.0.6 server I have the error:
>>>>
>>>> reading pairlist file /etc/freeradius/mods-config/files_myvirtualserver/authorize
>>>> /etc/freeradius/mods-config/files_myvirtualserver/authorize[3]: Parse error (check) for entry <mylogin>: Unknown or invalid value "LDAP" for attribute "Auth-Type"
>>>> Failed reading /etc/freeradius/mods-config/files_myvirtualserver/authorize
>>>> /etc/freeradius/mods-enabled/files_myvirtualserver[8]: Instantiation failed for module "files_adminslogin"
>>>>
>>>>     Any help? Thanks in advance.
>>>
>>>    From the 3.0.7 ChangeLog:
>>>
>>>     * Be more careful to define Auth-Types before loading modules.
>>     And any help about what "be more careful" means?
>>
>> --
>> Angel L. Mateo Martínez
>> Sección de Telemática
>> Área de Tecnologías de la Información
>> y las Comunicaciones Aplicadas (ATICA)
>> http://www.um.es/atica
>> Tfo: 868887590
>> Fax: 868888337
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


-- 
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868887590
Fax: 868888337


More information about the Freeradius-Users mailing list