On Mar 4, 2015, at 12:31 PM, Dominik Menke <dom@digineo.de> wrote:
Is there anything else I need to configure?
<sigh> Do you think I lied to you in your last message? Or maybe you got something wrong? Which one is more likely to be true?
Using those two settings gives me this:
# radtest -t pap foobar snafu localhost 10 testing123
Don’t look at the client logs to debug the server. Honestly, this isn’t difficult.
And in the server log:
rad_recv: Access-Request packet from host 127.0.0.1 port 45876, id=0, length=120 User-Name = "foobar" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000b01666f6f626172 Message-Authenticator = 0xb3ca17f074559f077c154b1f72006a21 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop [eap] EAP packet type response id 0 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop
It doesn’t match any entry in the “users” file.
++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop ++update control { ++} # update control = noop +} # group authorize = updated
So… you edited the “authorize” section to add: update control { Auth-Type := Accept } Did I say to do that? No. Then why did you do it?
Although an Access-Accept is transmitted, the warning "no 'known good' password found for the user" makes me worry, I didn't understand a central part of FR…
Following instructions shouldn’t be difficult. And I find it annoying when people make random changes without saying what they’re doing, or why. Then when those changes don’t work… they blame me. “But I followed your instructions!” No. No, you didn’t follow my instructions. Alan DeKok.