<span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 12px; ">OK.. so first time I am working with free radius (or any kind of <br>radius server) .. so please bear with me. <br><p>I have a ubuntu based system on which I have installed freeradius <br>
2.1.8 <br>I have created my own new module called grid which is intended to only <br>provide an authentication function <br>I have the code compiled and the .so installed to the lib directory <br>I have modified the radiusd.conf file to include the new module <br>
I have updated the sites-available/default file to include the new <br>authentication type. In fact since all i am interested in is <br>authentication, i have removed entries from all the other sections. So <br>my default file looks like <br>
========================= <br>authorize {} <br>authenticate { <br> Auth-Type GRID { <br> grid <br> } <br></p><div id="qhide_609260" class="qt" style="display: block; ">} <br><br></div>preacct {} <br>accounting {} <br>session {} <br>
post-auth {} <br>pre-proxy {} <br>post-proxy {} <br>=========================== <br><p>I start up radius in debug mode and send in the following test request <br>'radtest abc 123 127.0.0.1 10 testing123' and I get the No Auth -Type <br>
specified error.. Attached below is the output from radius. <br>Could somebody please tell me what I am doing wrong ? <br></p><p>FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Mar 16 <br>2010 at 20:29:16 <br>
Copyright (C) 1999-2009 The FreeRADIUS server project and <br>contributors. <br>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <br>PARTICULAR PURPOSE. <br>You may redistribute copies of FreeRADIUS under the terms of the <br>
GNU General Public License v2. <br>Starting - reading configuration files ... <br>including configuration file /usr/local/etc/raddb/radiusd.conf <br>including configuration file /usr/local/etc/raddb/proxy.conf <br>including configuration file /usr/local/etc/raddb/clients.conf <br>
including files in directory /usr/local/etc/raddb/modules/ <br>including configuration file /usr/local/etc/raddb/modules/files <br>including configuration file /usr/local/etc/raddb/modules/detail.log <br>including configuration file /usr/local/etc/raddb/modules/mschap <br>
including configuration file /usr/local/etc/raddb/modules/ippool <br>including configuration file /usr/local/etc/raddb/modules/preprocess <br>including configuration file /usr/local/etc/raddb/modules/unix <br>including configuration file /usr/local/etc/raddb/modules/sql_log <br>
including configuration file /usr/local/etc/raddb/modules/sradutmp <br>including configuration file /usr/local/etc/raddb/modules/mac2vlan <br>including configuration file /usr/local/etc/raddb/modules/mac2ip <br>including configuration file /usr/local/etc/raddb/modules/inner-eap <br>
including configuration file /usr/local/etc/raddb/modules/attr_filter <br>including configuration file /usr/local/etc/raddb/modules/counter <br>including configuration file /usr/local/etc/raddb/modules/radutmp <br>including configuration file /usr/local/etc/raddb/modules/attr_rewrite <br>
including configuration file /usr/local/etc/raddb/modules/wimax <br>including configuration file /usr/local/etc/raddb/modules/echo <br>including configuration file /usr/local/etc/raddb/modules/krb5 <br>including configuration file /usr/local/etc/raddb/modules/always <br>
including configuration file /usr/local/etc/raddb/modules/etc_group <br>including configuration file /usr/local/etc/raddb/modules/ntlm_auth <br>including configuration file /usr/local/etc/raddb/modules/cui <br>including configuration file /usr/local/etc/raddb/modules/perl <br>
including configuration file /usr/local/etc/raddb/modules/checkval <br>including configuration file /usr/local/etc/raddb/modules/logintime <br>including configuration file /usr/local/etc/raddb/modules/policy <br>including configuration file /usr/local/etc/raddb/modules/detail <br>
including configuration file /usr/local/etc/raddb/modules/expr <br>including configuration file /usr/local/etc/raddb/modules/smsotp <br>including configuration file /usr/local/etc/raddb/modules/exec <br>including configuration file /usr/local/etc/raddb/modules/pam <br>
including configuration file /usr/local/etc/raddb/modules/expiration <br>including configuration file /usr/local/etc/raddb/modules/grid <br>including configuration file /usr/local/etc/raddb/modules/digest <br>including configuration file /usr/local/etc/raddb/modules/passwd <br>
including configuration file /usr/local/etc/raddb/modules/chap <br>including configuration file /usr/local/etc/raddb/modules/acct_unique <br>including configuration file /usr/local/etc/raddb/modules/pap <br>including configuration file /usr/local/etc/raddb/modules/realm <br>
including configuration file /usr/local/etc/raddb/modules/smbpasswd <br>including configuration file /usr/local/etc/raddb/modules/ldap <br>including configuration file /usr/local/etc/raddb/modules/otp <br>including configuration file /usr/local/etc/raddb/modules/linelog <br>
including configuration file /usr/local/etc/raddb/modules/ <br><a href="http://detail.example.com">detail.example.com</a> <br>including configuration file /usr/local/etc/raddb/modules/ <br>sqlcounter_expire_on_login <br>including configuration file /usr/local/etc/raddb/eap.conf <br>
including configuration file /usr/local/etc/raddb/policy.conf <br>including files in directory /usr/local/etc/raddb/sites-enabled/ <br>including configuration file /usr/local/etc/raddb/sites-enabled/inner- <br>tunnel <br>
including configuration file /usr/local/etc/raddb/sites-enabled/ <br>default <br>including configuration file /usr/local/etc/raddb/sites-enabled/ <br>control-socket <br>main { <br> allow_core_dumps = no <br></p><div id="qhide_609261" class="qt" style="display: block; ">
} <br><br></div>including dictionary file /usr/local/etc/raddb/dictionary <br>main { <br> prefix = "/usr/local" <br> localstatedir = "/usr/local/var" <br> logdir = "/usr/local/var/log/radius" <br>
libdir = "/usr/local/lib" <br> radacctdir = "/usr/local/var/log/radius/radacct" <br> hostname_lookups = no <br> max_request_time = 30 <br> cleanup_delay = 5 <br> max_requests = 1024 <br>
pidfile = "/usr/local/var/run/radiusd/radiusd.pid" <br> checkrad = "/usr/local/sbin/checkrad" <br> debug_level = 0 <br> proxy_requests = yes <br> log { <br> stripped_names = no <br>
auth = no <br> auth_badpass = no <br> auth_goodpass = no <br> } <br> security { <br> max_attributes = 200 <br> reject_delay = 1 <br> status_server = yes <br> } <br><div id="qhide_609262" class="qt" style="display: block; ">
} <br><br></div>radiusd: #### Loading Realms and Home Servers #### <br> proxy server { <br> retry_delay = 5 <br> retry_count = 3 <br> default_fallback = no <br> dead_time = 120 <br> wake_all_if_all_dead = no <br>
} <br> home_server localhost { <br> ipaddr = 127.0.0.1 <br> port = 1812 <br> type = "auth" <br> secret = "testing123" <br> response_window = 20 <br> max_outstanding = 65536 <br>
require_message_authenticator = no <br> zombie_period = 40 <br> status_check = "status-server" <br> ping_interval = 30 <br> check_interval = 30 <br> num_answers_to_alive = 3 <br>
num_pings_to_alive = 3 <br> revive_interval = 120 <br> status_check_timeout = 4 <br> irt = 2 <br> mrt = 16 <br> mrc = 5 <br> mrd = 30 <br> } <br> home_server_pool my_auth_failover { <br>
type = fail-over <br> home_server = localhost <br> } <br> realm <a href="http://example.com">example.com</a> { <br> auth_pool = my_auth_failover <br> } <br> realm LOCAL { <br> } <br>radiusd: #### Loading Clients #### <br>
client localhost { <br> ipaddr = 127.0.0.1 <br> require_message_authenticator = no <br> secret = "testing123" <br> nastype = "other" <br> } <br>radiusd: #### Instantiating modules #### <br>
instantiate { <br> Module: Linked to module rlm_exec <br> Module: Instantiating exec <br> exec { <br> wait = no <br> input_pairs = "request" <br> shell_escape = yes <br> } <br> Module: Linked to module rlm_expr <br>
Module: Instantiating expr <br> Module: Linked to module rlm_expiration <br> Module: Instantiating expiration <br> expiration { <br> reply-message = "Password Has Expired " <br> } <br> Module: Linked to module rlm_logintime <br>
Module: Instantiating logintime <br> logintime { <br> reply-message = "You are calling outside your allowed timespan " <br> minimum-timeout = 60 <br> } <br> } <br>radiusd: #### Loading Virtual Servers #### <br>
server inner-tunnel { <br> modules { <br> Module: Checking authenticate {...} for more modules to load <br> Module: Linked to module rlm_pap <br> Module: Instantiating pap <br> pap { <br> encryption_scheme = "auto" <br>
auto_header = no <br> } <br> Module: Linked to module rlm_chap <br> Module: Instantiating chap <br> Module: Linked to module rlm_mschap <br> Module: Instantiating mschap <br> mschap { <br> use_mppe = yes <br>
require_encryption = no <br> require_strong = no <br> with_ntdomain_hack = no <br> } <br> Module: Linked to module rlm_unix <br> Module: Instantiating unix <br> unix { <br> radwtmp = "/usr/local/var/log/radius/radwtmp" <br>
} <br> Module: Linked to module rlm_eap <br> Module: Instantiating eap <br> eap { <br> default_eap_type = "md5" <br> timer_expire = 60 <br> ignore_unknown_eap_types = no <br> cisco_accounting_username_bug = no <br>
max_sessions = 4096 <br> } <br> Module: Linked to sub-module rlm_eap_md5 <br> Module: Instantiating eap-md5 <br> Module: Linked to sub-module rlm_eap_leap <br> Module: Instantiating eap-leap <br> Module: Linked to sub-module rlm_eap_gtc <br>
Module: Instantiating eap-gtc <br> gtc { <br> challenge = "Password: " <br> auth_type = "PAP" <br> } <br> Module: Linked to sub-module rlm_eap_tls <br> Module: Instantiating eap-tls <br>
tls { <br> rsa_key_exchange = no <br> dh_key_exchange = yes <br> rsa_key_length = 512 <br> dh_key_length = 512 <br> verify_depth = 0 <br> pem_file_type = yes <br> private_key_file = "/usr/local/etc/raddb/certs/server.pem" <br>
certificate_file = "/usr/local/etc/raddb/certs/server.pem" <br> CA_file = "/usr/local/etc/raddb/certs/ca.pem" <br> private_key_password = "whatever" <br> dh_file = "/usr/local/etc/raddb/certs/dh" <br>
random_file = "/usr/local/etc/raddb/certs/random" <br> fragment_size = 1024 <br> include_length = yes <br> check_crl = no <br> cipher_list = "DEFAULT" <br> make_cert_command = "/usr/local/etc/raddb/certs/bootstrap" <br>
cache { <br> enable = no <br> lifetime = 24 <br> max_entries = 255 <br> } <br> } <br> Module: Linked to sub-module rlm_eap_ttls <br> Module: Instantiating eap-ttls <br> ttls { <br> default_eap_type = "md5" <br>
copy_request_to_tunnel = no <br> use_tunneled_reply = no <br> virtual_server = "inner-tunnel" <br> include_length = yes <br> } <br> Module: Linked to sub-module rlm_eap_peap <br> Module: Instantiating eap-peap <br>
peap { <br> default_eap_type = "mschapv2" <br> copy_request_to_tunnel = no <br> use_tunneled_reply = no <br> proxy_tunneled_request_as_eap = yes <br> virtual_server = "inner-tunnel" <br>
} <br> Module: Linked to sub-module rlm_eap_mschapv2 <br> Module: Instantiating eap-mschapv2 <br> mschapv2 { <br> with_ntdomain_hack = no <br> } <br> Module: Checking authorize {...} for more modules to load <br>
Module: Linked to module rlm_realm <br> Module: Instantiating suffix <br> realm suffix { <br> format = "suffix" <br> delimiter = "@" <br> ignore_default = no <br> ignore_null = no <br>
} <br> Module: Linked to module rlm_files <br> Module: Instantiating files <br> files { <br> usersfile = "/usr/local/etc/raddb/users" <br> acctusersfile = "/usr/local/etc/raddb/acct_users" <br>
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" <br> compat = "no" <br> } <br> Module: Checking session {...} for more modules to load <br> Module: Linked to module rlm_radutmp <br>
Module: Instantiating radutmp <br> radutmp { <br> filename = "/usr/local/var/log/radius/radutmp" <br> username = "%{User-Name}" <br> case_sensitive = yes <br> check_with_nas = yes <br>
perm = 384 <br> callerid = yes <br> } <br> Module: Checking post-proxy {...} for more modules to load <br> Module: Checking post-auth {...} for more modules to load <br> Module: Linked to module rlm_attr_filter <br>
Module: Instantiating attr_filter.access_reject <br> attr_filter attr_filter.access_reject { <br> attrsfile = "/usr/local/etc/raddb/attrs.access_reject" <br> key = "%{User-Name}" <br> } <br>
} # modules <br><div id="qhide_609263" class="qt" style="display: block; ">} # server <br><br></div>server { <br> modules { <br> Module: Checking authenticate {...} for more modules to load <br> Module: Linked to module rlm_grid <br>
Module: Instantiating grid <br> grid { <br> grid_auth_url = "<a target="_blank" rel="nofollow" href="http://www.google.com/url?sa=D&q=http://localhost/pam_grid/process.php&usg=AFQjCNHYYIgZZp-q-2aceO-Ndo3p2GjzGw" style="color: rgb(0, 0, 204); ">http://localhost/pam_grid/process.php</a>" <br>
grid_app_id = "some app id" <br> } <br> } # modules <br><div id="qhide_609264" class="qt" style="display: block; ">} # server <br><br></div>radiusd: #### Opening IP addresses and Ports #### <br>listen { <br>
type = "auth" <br> ipaddr = * <br> port = 0 <br><div id="qhide_609265" class="qt" style="display: block; ">} <br><br></div>listen { <br> type = "acct" <br> ipaddr = * <br>
port = 0 <br><div id="qhide_609266" class="qt" style="display: block; ">} <br><br></div>listen { <br> type = "control" <br> listen { <br> socket = "/usr/local/var/run/radiusd/radiusd.sock" <br>
} <br><div id="qhide_609267" class="qt" style="display: block; ">} <br><br></div>Listening on authentication address * port 1812 <br>Listening on accounting address * port 1813 <br>Listening on command file /usr/local/var/run/radiusd/radiusd.sock <br>
Listening on proxy address * port 1814 <br>Ready to process requests. <br>rad_recv: Access-Request packet from host 127.0.0.1 port 58303, id=88, <br>length=55 <br> User-Name = "abc" <br> User-Password = "123" <br>
NAS-IP-Address = 127.0.1.1 <br> NAS-Port = 10 <br> WARNING: Empty section. Using default return values. <br>No authenticate method (Auth-Type) configuration found for the <br>request: Rejecting the user <br>
Failed to authenticate the user. <br>Using Post-Auth-Type Reject <br> WARNING: Unknown value specified for Post-Auth-Type. Cannot perform <br>requested action. <br>Delaying reject of request 0 for 1 seconds <br>Going to the next request <br>
Waking up in 0.9 seconds. <br>Sending delayed reject for request 0 <br>Sending Access-Reject of id 88 to 127.0.0.1 port 58303 <br>Waking up in 4.9 seconds. <br><p>Radius server boots up ok with no problems. </p></span>