Hello, Turns out there is no problem with my configuration. The change at DB end is causing the problem. Changing from Password to Cleartext-Password causes PAP to give error of "No Auth-Type" and "No "known good" password found for the user" . When I tested the same with an already working radius 2.x it returned the error mentioned above. Then reverting the DB attribute pack to "Password" solved the issue and the user was able to authenticate. How can I mitigate this issue. I read this http://freeradius.org/radiusd/man/rlm_pap.html#lbAD It says Qoute < It is important to understand the difference between the User-Password and Cleartext-Password attributes. The Cleartext-Password attribute is the "known good" password for the user. Simply supplying the Cleartext-Password to the server will result in most authentication methods working. Unqoute > So , I'm having trouble understanding what else is missing, Does it have something to do with headers? I have attached a screen shot of my radcheck Table from the test oracle DB.Any help on the matter would be greatly appreciated. *Mustafa Mujahid | Systems* On 01/18/2017 09:39 PM, Alan DeKok wrote:
On Jan 18, 2017, at 11:35 AM, Mustafa Mujahid/SYS <mustafa.mujahid@nayatel.com> wrote:
Hello,
I was working with free radius 3.0.12 and received the below errors in debug output. You need to read the debug output. ALL OF IT.
Reading only part of it means you're ignoring messages which will help you solve the problem.
I was reading this :
Qoute <
When a RADIUS packet contains a clear-text password in the form of a User-Password attribute, the/rlm_pap/module may be used for authentication. The module requires a "known good" password, which it uses to validate the password given in the RADIUS packet. That "known good" password must be supplied by another module (e.g./rlm_files/,/rlm_ldap/, etc.), and is usually taken from a database.
Unqoute >
But I'm having a bit of trouble understanding. In my DB the Attribute is Cleartext-Password , which corresponds to a plain text password. So then why is this error generated. And how to mitigate it. What am I missing. Since you haven't said what you did, I can only guess.
If you follow the documentation, it WILL WORK. See the Wiki:
http://wiki.freeradius.org/modules/Rlm_sql
The authorize section of my /etc/raddb/sites-enabled/default is read as: If you don't understand how the server works, you should NOT edit the default virtual server. Make ONE change at a time. Then, test the change, before making another one.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html