<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Thanks for the advice to everyone.<br>
<br>
As per your recomendation we changed the users file with the
following line:<br>
<br>
steve2 Cleartext-Password := "testing", Huntgroup-Name ==
"arcsight"<br>
<br>
but we got the same result access-reject.<br>
<br>
And we got the following output:<br>
<br>
rad_recv: Access-Request packet from host 127.0.0.1 port 6729,
id=139, length=58<br>
User-Name = "steve2"<br>
User-Password = "testing"<br>
NAS-IP-Address = 192.168.2.251<br>
NAS-Port = 10<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "steve2", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] No EAP-Message, not doing EAP<br>
++[eap] returns noop<br>
++[unix] returns notfound<br>
++[files] returns noop<br>
++[expiration] returns noop<br>
++[logintime] returns noop<br>
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.<br>
++[pap] returns noop<br>
<font color="#ff0000"><u><i>No authenticate method (Auth-Type)
configuration found for the request: Rejecting the user</i></u></font><br>
Failed to authenticate the user.<br>
Using Post-Auth-Type Reject<br>
+- entering group REJECT {...}<br>
[attr_filter.access_reject] expand: %{User-Name} -> steve2<br>
attr_filter: Matched entry DEFAULT at line 11<br>
++[attr_filter.access_reject] returns updated<br>
Delaying reject of request 0 for 1 seconds<br>
Going to the next request<br>
Waking up in 0.9 seconds.<br>
Sending delayed reject for request 0<br>
Sending Access-Reject of id 139 to 127.0.0.1 port 6729<br>
Waking up in 4.9 seconds.<br>
Cleaning up request 0 ID 139 with timestamp +5<br>
<br>
I have a question, we remove the autentication value and the debug
shows that it is looking for it, why is that?<br>
<br>
May be someone that has the huntgroups running can send the examples
of the users and huntgroups files, that may help a lot.<br>
<br>
Thanks in advance.<br>
<br>
Regards <br>
<br>
Alfonso.<br>
<br>
El 24/08/2010 04:46 a.m., Alan DeKok escribió:
<blockquote cite="mid:4C7394E7.5040008@deployingradius.com"
type="cite">
<pre wrap="">Alfonso Alejandro Reyes Jiménez wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi, I'm trying to use the huntgroup feature on the freeradius software
with out luck. I think I'm missing something that's why I'm sending this
email maybe you can help me.
</pre>
</blockquote>
<pre wrap="">
You should read the debug output of the server. The answer is in there.
</pre>
<blockquote type="cite">
<pre wrap="">users file at the end:
alfonso Auth-Type := Local, User-Password == "testing", Huntgroup-Name
== "squid"
</pre>
</blockquote>
<pre wrap="">
<sigh> Don't set Auth-Type. Use "Cleartext-Password := ...", and not
"User-Password == ..."
</pre>
<blockquote type="cite">
<pre wrap="">Here's the output of the debug, it seems that it doesn't find the config
file.
</pre>
</blockquote>
<pre wrap="">
No. It finds the DEFAULT entry earlier in the file.
Why? This is documented. Read the comments at the top of the "users"
file. Read the "man users" page. Read the FAQ for an example of how to
configure a test user.
Alan DeKok.
</pre>
</blockquote>
</body>
</html>