tnt@kalik.co.yu wrote:
Read the documentation (wiki, users file). For 1.1.6. you should be using Cleartext-Password attribute.
Ok, I updated the radcheck table in mysql so that the atttibute read "Cleartext-Password". I now get a different result when trying to log in from the wlan: rlm_sql (sql): No matching entry in the database for request from user [growse] modcall[authorize]: module "sql" returns notfound for request 7 users: Matched entry DEFAULT at line 155 modcall[authorize]: module "files" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: leaving group authenticate (returns invalid) for request 7 auth: Failed to validate the user. Login incorrect: [growse] (from client wlan port 34 cli 000e35bd8c13) For some reason, sql is now returning "not found", presumably because it's looking for the "Password" attribute and doesn't understand "Cleartext-Password" (just guessing here). However, the correct auth-type is now set, although it rejects the user. Is it rejecting because the sql module returned notfound? Also, my cisco device logins have now broken since updating this attribute, I'm guessing because the sql module can't authenticate the user against the db? Thanks, Andrew
Dana 8/9/2007, "Andrew Rowson" <freeradius@growse.com> piše:
tnt@kalik.co.yu wrote:
users: Matched entry DEFAULT at line 155 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type Local
What is that DEFAULT entry? Is Auth-Type Local coming from there? Or do you have in the database? It had to come from somewhere. The DEFAULT entry in the users is for an auth-type of System. There's nothing in the DB that specifies an auth-type.
And what Freeradius version are you using? User-Password should not be used in recent server versions. Freeradius version is 1.1.6. What do you mean about User-Password shouldn't be used?
Thanks,
Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html