On 10-02-16 16:04, Jim Whitescarver wrote:
... But I always get pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (2) pap: WARNING: Authentication will fail unless a "known good" password is available
How can I get past that? There is never a "known good" password. Passwords are not used. Somehow four years ago we got it to work.
That error is caused by the pap module, not by Python. You can remove it from your config.
(1) [python] = ok (1) update control { (1) Auth-Type := saferadius (1) } # update control = noop
Here Python updated control:Auth-Type, which is good.
... (1) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (1) pap: WARNING: Authentication will fail unless a "known good" password is available (1) [pap] = noop
Here pap warns you that it can't handle the authentication. It's ugly, but it doesn't break anything. Like I said: try to remove the pap from the virtual server.
(1) } # authorize = ok (1) Found Auth-Type = saferadius (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (1) Auth-Type saferadius { (1) [python] = noop (1) } # Auth-Type saferadius = noop (1) Failed to authenticate the user
Here it should call the authenticate method of your python module, which should return radiusd.RLM_MODULE_OK to accept the user. I've got no idea if it really does that or not, all that information is truncated from the logging snippets you've posted. -- Herwin Weststrate