On Jan 23, 2017, at 11:16 PM, Seiichirou Hiraoka <seiichirou.hiraoka@gmail.com> wrote:
In the environment of CentOS 7.3, FreeRADIUS 3.0.4, local users file (/etc/raddb/mods-config/files/authorize) can not authenticate.
Yes, they can.
It is set to authenticate with mschap using inner-tunnel, and the following I confirmed that authentication succeeds with the command. (username@eduroam.test.edu is the user on the AD server)
# radtest - t mschap username@eduroam.test.edu test 127.0.0.1: 1812 0 testing 123 Received Access-Accept Id 32 from 127.0.0.1: 1812 to 127.0.0.1: 42901 length 84
Next, to monitor the service, add the following entry to local users file.
radtest@eduroam.test.edu Cleartext - Password: = "test"
Odds are that you have a realm defined, which is "eduroam.test.edu".
Running radtest in this state will fail.
# radtest radtest@eduroam.test.edu test 127.0.0.1: 1812 0 testing 123 Received Access-Reject Id 79 from 127.0.0.1: 1812 to 127.0.0.1: 55380 length 20
Looking at the log (/var/log/radius/radius.log), files seems to be noop and is not recognized.
(0) [suffix] = ok (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop <- This is wrong????
If only you could read the REST OF THE DEBUG OUTPUT to see what the server is doing.
Please tell me how to do RADIUS authentication with local user file for service monitoring.
You use it as documented. And, you read the debug output. ALL OF IT. Alan DeKok.