tanx for reply, this is mut debug output with -X. at last my user was rejected, how can define auth-type? Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = yes main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 3 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded exec exec: wait = yes exec: program = "/usr/local/etc/raddb/exec-program-wait" exec: input_pairs = "request" exec: output_pairs = "reply" exec: packet_type = "(null)" Module: Instantiated exec (authphp) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:38170, id=57, length=56 User-Name = "reza" User-Password = "12349" NAS-IP-Address = 255.255.255.255 NAS-Port = 12 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "reza", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 modcall[authorize]: module "files" returns notfound for request 0 radius_xlat: '/usr/local/etc/raddb/exec-program-wait' Exec-Program: /usr/local/etc/raddb/exec-program-wait /usr/local/etc/raddb/exec-program-wait: line 8: Exec-Program-Wait: command not found Exec-Program output: Reply-Message += "Hello, %u", Reply-Message += "PATH=/usr/local/bin:/bin:/usr/bin", Framed-IP-Address = 255.255.255.255 Exec-Program-Wait: value-pairs: Reply-Message += "Hello, %u", Reply-Message += "PATH=/usr/local/bin:/bin:/usr/bin", Framed-IP-Address = 255.255.255.255 Exec-Program: returned: 0 modcall[authorize]: module "authphp" returns ok for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [reza/12349] (from client 217.218.95.126 port 12) Delaying request 0 for 3 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 3 seconds... rad_recv: Access-Request packet from host 127.0.0.1:38170, id=57, length=56 Sending Access-Reject of id 57 to 127.0.0.1:38170 Reply-Message += "Hello, %u" Reply-Message += "PATH=/usr/local/bin:/bin:/usr/bin" --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 57 with timestamp 441f4a79 Nothing to do. Sleeping until we see a request. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
tanx for reply, this is mut debug output with -X. at last my user was rejected, how can define auth-type?
radius_xlat: '/usr/local/etc/raddb/exec-program-wait' Exec-Program: /usr/local/etc/raddb/exec-program-wait /usr/local/etc/raddb/exec-program-wait: line 8: Exec-Program-Wait: command not found Exec-Program output: Reply-Message += "Hello, %u", Reply-Message += "PATH=/usr/local/bin:/bin:/usr/bin", Framed-IP-Address = 255.255.255.255 Exec-Program-Wait: value-pairs: Reply-Message += "Hello, %u", Reply-Message += "PATH=/usr/local/bin:/bin:/usr/bin", Framed-IP-Address = 255.255.255.255 Exec-Program: returned: 0 modcall[authorize]: module "authphp" returns ok for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Well, that depends on how you are authenticating the users. Do you wish to do everything with just the php script itself? Then just have this single line in the users file and have it be called after the script runs. DEFAULT Auth-Type := Accept If everything is not done with php, then you need to finish configuring the rest of the server to do what you want. I assume in that case you are just trying to use php for sending back reply attributes. Actually, I would suggest you first configure the server to work for you in authenticating the users and then go back and add php into the mix to return those reply values you want.
participants (2)
-
Dusty Doris -
Pezhman Lali