I thing that authorization because the user can't be found in the users file... just look at the part of debug output: Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[files] returns noop And this is the whole freerad request: rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=28, length=56 User-Name = "fred" User-Password = "somepass" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 Fri Jul 11 21:40:46 2008 : Debug: +- entering group authorize Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[preprocess] returns ok Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[chap] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[mschap] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Jul 11 21:40:46 2008 : Debug: rlm_realm: No '@' in User-Name = "fred", looking up realm NULL Fri Jul 11 21:40:46 2008 : Debug: rlm_realm: No such realm "NULL" Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[suffix] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[eap] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling unix (rlm_unix) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from unix (rlm_unix) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[unix] returns notfound Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[files] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling expiration (rlm_expiration) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from expiration (rlm_expiration) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[expiration] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling logintime (rlm_logintime) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from logintime (rlm_logintime) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[logintime] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[pap] returns noop Fri Jul 11 21:40:46 2008 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Fri Jul 11 21:40:46 2008 : Debug: auth: Failed to validate the user. Fri Jul 11 21:40:46 2008 : Debug: Found Post-Auth-Type Reject Fri Jul 11 21:40:46 2008 : Debug: +- entering group REJECT Fri Jul 11 21:40:46 2008 : Debug: modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) for request 1 Fri Jul 11 21:40:46 2008 : Debug: expand: %{User-Name} -> fred Fri Jul 11 21:40:46 2008 : Debug: attr_filter: Matched entry DEFAULT at line 11 Fri Jul 11 21:40:46 2008 : Debug: modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 28 to 127.0.0.1 port 32770 Fri Jul 11 21:40:46 2008 : Debug: Finished request 1. Fri Jul 11 21:40:46 2008 : Debug: Going to the next request Fri Jul 11 21:40:46 2008 : Debug: Waking up in 4.9 seconds. On Fri, 11 Jul 2008 15:30:19 -0400, Sambuddho Chakravarty <sc2516@columbia.edu> wrote:
Hello I think I had a very similar problem couple of days back. I think your authorization is working but authentication is failing right ?
Thanks Sambuddho On Fri, 2008-07-11 at 21:21 +0200, Maciej Drobniuch wrote:
I've cleaned the mess up like you've said, but i've got new errors for you which are not familiar to me ;)
Fri Jul 11 21:17:56 2008 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Fri Jul 11 21:17:56 2008 : Debug: auth: Failed to validate the user.
Am I using an old definition of Auth-Type in my users file? Or what ?
fred Auth-Type := Local, Cleartext-Password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
With what should i replace the "Auth-Type" variable or variable name? Thanks for your tips!
On Fri, 11 Jul 2008 19:30:26 +0100, "Ivan Kalik" <tnt@kalik.net> wrote:
You probably have two instances of the server installed. These files don't belong to the server that is running.
Ivan Kalik Kalik Informatika ISP
Dana 11/7/2008, "Maciej Drobniuch" <maciej@drobniuch.pl> piše:
Hi!
radtest fred somepass localhost 1813 somesecret Sending Access-Request of id 102 to 127.0.0.1 port 1812 User-Name = "fred" User-Password = "somepass" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port
1812
with invalid signature (err=2)! (Shared secret is incorrect.)
radiusd -X rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=102, length=56 User-Name = "fred" User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "fred", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> fred attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 102 to 127.0.0.1 port 32770 Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 2 ID 102 with timestamp +151 Ready to process requests.
cat client.conf client 127.0.0.1 { secret = somesecret shortname = localhost nastype = other }
cat users fred Cleartext-Password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
wilma Auth-Type := CHAP, User-password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
barney Auth-Type := MS-CHAP, User-Password == "somepass" Service-Type = Framed-User, Framed-Protocol = PPP
What's wrong with this line >User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" ??? Thanks for the support!
-- ------------------------ Maciej Drobniuch
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Maciej Drobniuch