-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, ...we recently upgraded vom freeradius 0.9 to freeradius 2.1.4. Unfortunately local users cannot be authenticated anymore. This morning I used the default configuration files from 2.1.4 and started from scratch. My first objective was to get any valid response from the freeradiusd - but unluckily, without success. In the users file, I enabled the following line: lameuser Auth-Type := Reject Reply-Message = "Your account has been disabled." one entry in clients.conf for localhost testing: client localhost { ipaddr = 127.0.0.1 secret = testing123 require_message_authenticator = no nastype = other virtual_server = default } sites-enabled/default: authorize { chap suffix eap { ok = return } files expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix eap files } I think that must be the main configuration items for my very basic test. Then I run freeradiusd -X -xx and test the user via radclient: echo "User-Name=lameuser, Password=bla, NAS-IP-Address=127.0.0.1" | radclient - -r 1 -x -s 127.0.0.1 auth 'testing123' results in: Sending Access-Request of id 20 to 127.0.0.1 port 1812 User-Name = "lameuser" Password = "bla" NAS-IP-Address = 127.0.0.1 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=20, length=20 Total approved auths: 0 Total denied auths: 1 Total lost auths: 0 The radiusd logs the following: Tue May 12 11:31:58 2009 : Debug: Listening on authentication address * port 1812 Tue May 12 11:31:58 2009 : Debug: Listening on accounting address * port 1813 Tue May 12 11:31:58 2009 : Debug: Listening on command file /var/run/freeradius/run/radiusd/radiusd.sock Tue May 12 11:31:58 2009 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 33013, id=5, length=54 User-Name = "lameuser" User-Password = "bla" NAS-IP-Address = 127.0.0.1 Tue May 12 11:32:04 2009 : Info: server default { Tue May 12 11:32:04 2009 : Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Tue May 12 11:32:04 2009 : Info: Failed to authenticate the user. Tue May 12 11:32:04 2009 : Info: } # server default - -> the user gets rejected, but not because of the Auth-Type := Reject setting in the users file. This is the same behaviour we observer when configuring "real" user accounts having a password associated, like the following: testuser Auth-Type := Local, Cleartext-Password == "blabla" server log says: Tue May 12 11:35:50 2009 : Info: server default { Tue May 12 11:35:50 2009 : Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Tue May 12 11:35:50 2009 : Info: Failed to authenticate the user. Tue May 12 11:35:50 2009 : Info: } # server default Thanks for any hints troubleshooting this! Regards, Andy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoJQ+MACgkQRrny/uOBVy7sggCfRfAjnhIkHwQbElEUwwZWPM4L DIEAniJziPLwpdyQKAWpa/vJvGAftmq1 =4Tih -----END PGP SIGNATURE-----