rad_recv: Access-Request packet from host 127.0.0.1 port 1029, id=10, length=56 User-Name = "John" User-Password = "hello" NAS-IP-Address = 192.168.1.131 NAS-Port = 1 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "John", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop
Nothing matched.
And my radtest command *radtest John hello localhost 1 testing123
Oh dear! localhost resolved to:
NAS-IP-Address = 192.168.1.131
You need to fix name resolution so localhost resolves properly to 127.0.0.1.
Users file
# This is an entry for a user with a space in their name. # Note the double quotes surrounding the name.
John Auth-Type :=System,Huntgroup-Name == John,User-Password := "hello"
Reply-Message = "Hello, %{User-Name}", Fall-Through = Yes
This is also wrong. Auth-Type system means that user/password will be looked up in etc/passwd. You dont need either Auth-Type or password attribute there. If you are going to remove Auth-Type fix password attribute to be Cleartex-Password. If you are checking a system account (not very likely since unix returned notfound) then remove the password attribute. Ivan Kalik Kalik Informatika ISP