Was un-commented and below is the output from trying to authenticate a
user that is a member of the DialupFS group and does not have an
account in /etc/passwd. For some reason it is falling though to PAP
and saying "No authenticate method (Auth-Type) configuration found for
the request:".
This behavior only started when I tried to implement redundant ldap
servers and in the users file having DEFAULT LDAP Groups for each LDAP
module.
If I do not use the redundant LDAP servers and just place both LDAP
servers in the LDAP module like this it works correctly:
server ="
server1.somedomain.com,
server2.somedomain.com"
Thanks for your help
rad_recv: Access-Request packet from host 127.0.0.1 port
52514, id=166, length=60
User-Name = "testuser1"
%{User-Name}}) -> (uid=testuser1)
[ldap-server1] ldap_get_conn: Checking Id: 0
[ldap-server1] ldap_get_conn: Got Id: 0
[ldap-server1] attempting LDAP reconnection
[ldap-server1] (re)connect to
server1.somedomain.com:389,
authentication
0
[ldap-server1] bind as uid=raduser, ou=people, o=
test,
o=isp/testpassword to
server1.somedomain.com:389
[ldap-server1] waiting for bind result ...
[ldap-server1] Bind was successful
[ldap-server1] performing search in ou=people,o=
test,o=isp,
with filter (uid=testuser1)
[ldap-server1] ldap_release_conn: Release Id: 0
[files] expand:
(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))
->
(|(&(objectClass=GroupOfNames)(member=uid\3dtestuser1\2cou\3dpeople\2co\
3dtest\2co\3disp))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid\3dtestuser1\2cou\3dpeople\2co\
3dtest\2co\3disp)))
[ldap-server1] ldap_get_conn: Checking Id: 0
[ldap-server1] ldap_get_conn: Got Id: 0
[ldap-server1] performing search in cn=DialupFS,ou=Groups,o=
test,o=isp, with filter
(|(&(objectClass=GroupOfNames)(member=uid\3dtestuser1\2cou\3dpeople\2co\
3dtest\2co\3disp))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid\3dtestuser1\2cou\3dpeople\2co\
3dtest\2co\3disp)))
[ldap-server1] ldap_release_conn: Release Id: 0
[files] users: Matched entry DEFAULT at line 166
++[files] returns ok
++- entering policy redundant {...}
[ldap-server1] performing user authorization for testuser1
[ldap-server1] expand: %{Stripped-User-Name} ->
[ldap-server1] ... expanding second conditional
[ldap-server1] expand: %{User-Name} -> testuser1
[ldap-server1] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}})
->
(uid=testuser1)
[ldap-server1] expand: ou=people,o=
test,o=isp
->
ou=people,o=
test,o=isp
[ldap-server1] ldap_get_conn: Checking Id: 0
[ldap-server1] ldap_get_conn: Got Id: 0
[ldap-server1] performing search in ou=people,o=
test,o=isp,
with filter (uid=testuser1)
[ldap-server1] looking for check items in directory...
[ldap-server1] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you
sure that the user is configured correctly?
[ldap-server1] user testuser1 authorized to use remote access
[ldap rlm_ldap::ldap_groupcmp: User found in group
cn=DialupFS,ou=Groups,o=
test,o=isp
-server1] ldap_release_conn: Release Id: 0
+++[ldap-server1] returns ok
++- policy redundant returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration
found for the request: Rejecting
the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> testuser1
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 166 to 127.0.0.1 port 52514
Reply-Message = "FS User
Authorized"
Waking up in 4.9 seconds.
Cleaning up request 0 ID 166 with timestamp +74
Ready to process requests.