Updating from 2.0 to 3.0 - ERROR: No Auth-Type found

Alan DeKok aland at deployingradius.com
Thu Jun 24 20:55:13 CEST 2021 

On Jun 24, 2021, at 1:31 PM, Alberto Balsalm <twellborn23 at gmail.com> wrote:
> 
> I recently updated my secondary RADIUS server from 2.X to 3.0.16. I am
> running Daloradius with MySQL. I am trying to authenticate through SQL
> via a user / group / NAS setup on DaloRadius, I receive "(0) ERROR: No
> Auth-Type found: rejecting the user via Post-Auth-Type = Reject" when
> attempting to authenticate via this secondary server.

  You edited configuration and broke the server.  Don't do that.

  For upgrades, start with the default configuration in v3.  Then, gradually make changes to copy over your v2 functionality.  See raddb/README.rst for full details.

  If you make 15 changes and it doesn't work, you have no idea what's wrong.  If you make one change and it goes from working to not working, then you know exactly what's wrong.

> My primary RADIUS server is still running a 2.X version of FreeRADIUS
> and runs its own instance of Daloradius and MySQL. This primary server
> functions fine and I am able to login via SQL authentication. The
> configurations for FreeRADIUS, DaloRADIUS, and MySQL are essentially
> mirrored, with changes being made on the secondary's config to
> accommodate the update to 3.0.

   Changes such as... ?

> Below is my Freeradius -X output for my secondary server.
> ...
> } # modules
> radiusd: #### Loading Virtual Servers ####
> server { # from file /etc/freeradius/3.0/radiusd.conf
> } # server

  Why did you add this?  i.e. you added an empty "server" section in the main radiusd.conf file.

  Don't do that.  The default virtual server is this one:

> server default { # from file /etc/freeradius/3.0/sites-enabled/default
> # Loading authenticate {...}
> # Loading authorize {...}
> Ignoring "ldap" (see raddb/mods-available/README.rst)
> # Loading preacct {...}
> # Loading accounting {...}
> # Loading session {...}
> # Loading post-proxy {...}
> # Loading post-auth {...}
> } # server default

  It looked like you edited that a whole bunch, too.

> server inner-tunnel { # from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
> ...
> Listening on auth address * port 62502
> Listening on acct address * port 62503
> Listening on auth address * port 1645
> Listening on acct address * port 1646

  None of those listeners are bound to a virtual server.  So they won't do anything.

> Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
> Listening on proxy address * port 42860
> Ready to process requests
> (0) Received Access-Request Id 141 from 10.20.1.1:1645 to
> 192.168.1.100:62502 length 76
> (0)   User-Name = "user"
> (0)   User-Password = "userpass"
> (0)   NAS-Port = 1
> (0)   NAS-Port-Id = "tty1"
> (0)   NAS-Port-Type = Virtual
> (0)   NAS-IP-Address = 10.20.1.1
> (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject

  Yup.  They tried to run either no virtual server, or the empty one you added to radiusd.conf.

  PLEASE don't just mangle the heck out of the config and then ask "why doesn't it work".

  Instead, do the upgrade slowly, as described above.  If you have questions about how to do certain things, ask.

  If you want to see how listeners are tied to virtual servers in v3, see raddb/sites-available/README

  All of this is extensively documented.

  Alan DeKok.

More information about the Freeradius-Users mailing list