no-auth type error
Ross c6
ross at convergingtrails.com
Thu Jul 9 13:57:36 CEST 2015
I am sure it is simple. I did do some research and one of the posts was
about some of the auth modules not starting. Any suggestions ? Testing on
localhost. Please see end of file - I have included the begining bit where
I have started radius -X
filename = "/var/log/radius/linelog"
permissions = 384
format = "This is a log message for %{User-Name}"
reference = "messages.%{%{Packet-Type}:-default}"
}
# Instantiating module "log_accounting" from file
/etc/raddb/mods-enabled/line log
linelog log_accounting {
filename = "/var/log/radius/linelog-accounting"
permissions = 384
format = ""
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
}
# Loaded module rlm_logintime
# Instantiating module "logintime" from file
/etc/raddb/mods-enabled/logintime
logintime {
minimum_timeout = 60
}
# Loaded module rlm_mschap
# Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
}
# Instantiating module "ntlm_auth" from file
/etc/raddb/mods-enabled/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN
--usern ame=%{mschap:User-Name}
--password=%{User-Password}"
shell_escape = yes
}
# Loaded module rlm_pap
# Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
pap {
normalise = yes
}
# Loaded module rlm_passwd
# Instantiating module "etc_passwd" from file
/etc/raddb/mods-enabled/passwd
passwd etc_passwd {
filename = "/etc/passwd"
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
# Loaded module rlm_preprocess
# Instantiating module "preprocess" from file
/etc/raddb/mods-enabled/preproce ss
preprocess {
huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
hints = "/etc/raddb/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /etc/raddb/mods-config/preprocess/hints
# Loaded module rlm_radutmp
# Instantiating module "radutmp" from file /etc/raddb/mods-enabled/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 384
caller_id = yes
}
# Loaded module rlm_realm
# Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
# Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
# Instantiating module "realmpercent" from file
/etc/raddb/mods-enabled/realm
realm realmpercent {
format = "suffix"
delimiter = "%"
ignore_default = no
ignore_null = no
}
# Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
realm ntdomain {
format = "prefix"
delimiter = "\"
ignore_default = no
ignore_null = no
}
# Loaded module rlm_replicate
# Instantiating module "replicate" from file
/etc/raddb/mods-enabled/replicate
# Loaded module rlm_soh
# Instantiating module "soh" from file /etc/raddb/mods-enabled/soh
soh {
dhcp = yes
}
# Instantiating module "sradutmp" from file
/etc/raddb/mods-enabled/sradutmp
radutmp sradutmp {
filename = "/var/log/radius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 420
caller_id = no
}
# Loaded module rlm_unix
# Instantiating module "unix" from file /etc/raddb/mods-enabled/unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
# Loaded module rlm_unpack
# Instantiating module "unpack" from file /etc/raddb/mods-enabled/unpack
# Loaded module rlm_utf8
# Instantiating module "utf8" from file /etc/raddb/mods-enabled/utf8
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
} # server
server default { # from file /etc/raddb/sites-enabled/default
# Creating Auth-Type = digest
# Loading authenticate {...}
# Loading authorize {...}
Ignoring "sql" (see raddb/mods-available/README.rst)
Ignoring "ldap" (see raddb/mods-available/README.rst)
# Loading preacct {...}
# Loading accounting {...}
# Loading post-proxy {...}
# Loading post-auth {...}
} # server default
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
# Loading authenticate {...}
# Loading authorize {...}
# Loading session {...}
# Loading post-proxy {...}
# Loading post-auth {...}
} # server inner-tunnel
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on auth address * port 1812 as server default
Listening on acct address * port 1813 as server default
Listening on auth address :: port 1812 as server default
Listening on acct address :: port 1813 as server default
Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel
Opening new proxy socket 'proxy address * port 0'
Listening on proxy address * port 43825
Ready to process requests
Received Access-Request Id 180 from 127.0.0.1:59304 to 127.0.0.1:1812 length
73
User-Name = 'bob'
User-Password = 'hello'
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x773faf53acb2a0cfec2b328e3f1d8fb3
(9) Received Access-Request packet from host 127.0.0.1 port 59304, id=180,
length=73
(9) User-Name = 'bob'
(9) User-Password = 'hello'
(9) NAS-IP-Address = 127.0.0.1
(9) NAS-Port = 0
(9) Message-Authenticator = 0x773faf53acb2a0cfec2b328e3f1d8fb3
(9) # Executing section authorize from file /etc/raddb/sites-enabled/default
(9) authorize {
(9) filter_username filter_username {
(9) if (!&User-Name)
(9) if (!&User-Name) -> FALSE
(9) if (&User-Name =~ / /)
(9) if (&User-Name =~ / /) -> FALSE
(9) if (&User-Name =~ /@.*@/ )
(9) if (&User-Name =~ /@.*@/ ) -> FALSE
(9) if (&User-Name =~ /\\.\\./ )
(9) if (&User-Name =~ /\\.\\./ ) -> FALSE
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) ->
FALSE
(9) if (&User-Name =~ /\\.$/)
(9) if (&User-Name =~ /\\.$/) -> FALSE
(9) if (&User-Name =~ /@\\./)
(9) if (&User-Name =~ /@\\./) -> FALSE
(9) } # filter_username filter_username = notfound
(9) [preprocess] = ok
(9) [chap] = noop
(9) [mschap] = noop
(9) [digest] = noop
(9) suffix : Checking for suffix after "@"
(9) suffix : No '@' in User-Name = "bob", looking up realm NULL
(9) suffix : No such realm "NULL"
(9) [suffix] = noop
(9) eap : No EAP-Message, not doing EAP
(9) [eap] = noop
(9) [files] = noop
(9) [expiration] = noop
(9) [logintime] = noop
(9) WARNING: pap : No "known good" password found for the user. Not
setting Auth-Type
(9) WARNING: pap : Authentication will fail unless a "known good" password
is available
(9) [pap] = noop
(9) } # authorize = ok
(9) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
Reject
(9) Failed to authenticate the user
(9) Using Post-Auth-Type Reject
(9) # Executing group from file /etc/raddb/sites-enabled/default
(9) Post-Auth-Type REJECT {
(9) attr_filter.access_reject : EXPAND %{User-Name}
(9) attr_filter.access_reject : --> bob
(9) attr_filter.access_reject : Matched entry DEFAULT at line 11
(9) [attr_filter.access_reject] = updated
(9) eap : Request didn't contain an EAP-Message, not inserting EAP-Failure
(9) [eap] = noop
(9) remove_reply_message_if_eap remove_reply_message_if_eap {
(9) if (&reply:EAP-Message && &reply:Reply-Message)
(9) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(9) else else {
(9) [noop] = noop
(9) } # else else = noop
(9) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(9) } # Post-Auth-Type REJECT = updated
(9) Delaying response for 1 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(9) Sending delayed response
(9) Sending Access-Reject packet to host 127.0.0.1 port 59304, id=180,
length=0
Sending Access-Reject Id 180 from 127.0.0.1:1812 to 127.0.0.1:59304
Waking up in 3.9 seconds.
(9) Cleaning up request packet ID 180 with timestamp +1307
Ready to process requests
Received Access-Request Id 222 from 127.0.0.1:49629 to 127.0.0.1:1812 length
77
User-Name = 'testing'
User-Password = 'password'
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0xef77888032042b26cdc7e39baf267ee8
(10) Received Access-Request packet from host 127.0.0.1 port 49629, id=222,
length=77
(10) User-Name = 'testing'
(10) User-Password = 'password'
(10) NAS-IP-Address = 127.0.0.1
(10) NAS-Port = 0
(10) Message-Authenticator = 0xef77888032042b26cdc7e39baf267ee8
(10) # Executing section authorize from file
/etc/raddb/sites-enabled/default
(10) authorize {
(10) filter_username filter_username {
(10) if (!&User-Name)
(10) if (!&User-Name) -> FALSE
(10) if (&User-Name =~ / /)
(10) if (&User-Name =~ / /) -> FALSE
(10) if (&User-Name =~ /@.*@/ )
(10) if (&User-Name =~ /@.*@/ ) -> FALSE
(10) if (&User-Name =~ /\\.\\./ )
(10) if (&User-Name =~ /\\.\\./ ) -> FALSE
(10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(10) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) ->
FALSE
(10) if (&User-Name =~ /\\.$/)
(10) if (&User-Name =~ /\\.$/) -> FALSE
(10) if (&User-Name =~ /@\\./)
(10) if (&User-Name =~ /@\\./) -> FALSE
(10) } # filter_username filter_username = notfound
(10) [preprocess] = ok
(10) [chap] = noop
(10) [mschap] = noop
(10) [digest] = noop
(10) suffix : Checking for suffix after "@"
(10) suffix : No '@' in User-Name = "testing", looking up realm NULL
(10) suffix : No such realm "NULL"
(10) [suffix] = noop
(10) eap : No EAP-Message, not doing EAP
(10) [eap] = noop
(10) [files] = noop
(10) [expiration] = noop
(10) [logintime] = noop
(10) WARNING: pap : No "known good" password found for the user. Not
setting Auth-Type
(10) WARNING: pap : Authentication will fail unless a "known good" password
is available
(10) [pap] = noop
(10) } # authorize = ok
(10) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
Reject
(10) Failed to authenticate the user
(10) Using Post-Auth-Type Reject
(10) # Executing group from file /etc/raddb/sites-enabled/default
(10) Post-Auth-Type REJECT {
(10) attr_filter.access_reject : EXPAND %{User-Name}
(10) attr_filter.access_reject : --> testing
(10) attr_filter.access_reject : Matched entry DEFAULT at line 11
(10) [attr_filter.access_reject] = updated
(10) eap : Request didn't contain an EAP-Message, not inserting EAP-Failure
(10) [eap] = noop
(10) remove_reply_message_if_eap remove_reply_message_if_eap {
(10) if (&reply:EAP-Message && &reply:Reply-Message)
(10) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(10) else else {
(10) [noop] = noop
(10) } # else else = noop
(10) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(10) } # Post-Auth-Type REJECT = updated
(10) Delaying response for 1 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(10) Sending delayed response
(10) Sending Access-Reject packet to host 127.0.0.1 port 49629, id=222,
length=0
Sending Access-Reject Id 222 from 127.0.0.1:1812 to 127.0.0.1:49629
Waking up in 3.9 seconds.
(10) Cleaning up request packet ID 222 with timestamp +1676
Ready to process requests
Please consider the environment before printing this email
More information about the Freeradius-Users
mailing list