*yes Ivan. Debug o:p radiusd -X* Listening on authentication address * port 1812 Listening on accounting address * port 1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 1031, id=171, length=57 User-Name = "hasan" User-Password = "thales" NAS-IP-Address = 192.168.1.131 NAS-Port = 1 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "hasan", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop rlm_ldap: - authorize rlm_ldap: performing user authorization for thales WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=hasan) expand: dc=thales,dc=com -> dc=thales,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 127.0.0.1:389, authentication 0 rlm_ldap: bind as cn=Administrator,dc=thales,dc=com/thales to 127.0.0.1:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=thales,dc=com, with filter (uid=hasan) rlm_ldap: checking if remote access for thales is allowed by uid rlm_ldap: Added User-Password = thales in check items rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute userPassword as RADIUS attribute User-Password == "thales" rlm_ldap: looking for reply items in directory... rlm_ldap: user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop *rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Found Post-Auth-Type Reject* +- entering group REJECT expand: %{User-Name} -> hasan attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 171 to 127.0.0.1 port 1031 And the request/ * # radtest hasan thales localhost 1 testing123 Sending Access-Request of id 171 to 127.0.0.1 port 1812 User-Name = "hasan" User-Password = "thales" NAS-IP-Address = 192.168.1.131 NAS-Port = 1 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=171, length=20* 2008/8/28 Ivan Kalik <tnt@kalik.net>
Could be. You haven't posted the debug of request processing, so we can't see what's going on.
Ivan Kalik Kalik Informatika ISP
Dana 28/8/2008, "Syed Anwarul Hasan" <syedanwarulhasan2007@gmail.com> piše:
Hi Ivan, this is the request .Sorry Ivan, I didn't fix the name resolution for locahost. This Problem is due to this. I will fix the name resolution.
SYED # radtest hasan thales localhost 1 testing123 Sending Access-Request of id 241 to 127.0.0.1 port 1812 User-Name = "hasan" User-Password = "thales" NAS-IP-Address = 192.168.1.131 NAS-Port = 1 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=241, length=20
2008/8/28 Ivan Kalik <tnt@kalik.net>
Well, ldap found the user but didn't find the password. Post the debug from the request.
Ivan Kalik Kalik Informatika ISP
Dana 28/8/2008, "Syed Anwarul Hasan" <syedanwarulhasan2007@gmail.com> piše:
Hi Alan, Since I am using a Plain password in the LDAP database, hence I tried to do LDAP Authentication with Auth-type set to LDAP. Even I tried with only uncommenting ldap in Authorize and Authenticate section of default file in sites-enabled.Still, I am having the Problem with *no Authenticate method found for user error. Please comment. SYED * debug o/p: ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop *auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user* auth: Failed to validate the user. Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> hasan attr_filter: Matched entry DEFAULT at line 11
On Wed, Aug 27, 2008 at 7:19 PM, Alan DeKok <aland@deployingradius.com wrote:
Syed Anwarul Hasan wrote:
... Also in the Sites-enabled dir under default file, I have added in the Authorize section I added, *update control { Auth-Type :=ldap
Why? All of the documentation and configuration files say DO NOT DO SET AUTH-TYPE.
...
rlm_ldap: Attribute "User-Password" is required for authentication. Cannot use " (null)".
You are sending the server a request that doesn't contain a User-Password attribute.
Don't set Auth-Type.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html