I've now removed Auth-Type := Local, and I get a little futher, but it now seg-faults... rad_recv: Access-Request packet from host 10.10.1.199:1812, id=4, length=73 User-Name = "nick" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02010009016e69636b NAS-IP-Address = 10.10.1.199 Message-Authenticator = 0x1889000f020061e757be3f2542db8e96 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "nick", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 radius_xlat: 'nick' rlm_sql (sql): sql_set_user escaped user --> 'nick' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'nick' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName, radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'nick' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName, radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 4 to 10.10.1.199 port 1812 Framed-IP-Address := 10.10.1.197 Service-Type := Framed-User Framed-Protocol := PPP Acct-Interim-Interval := 600 Framed-IP-Netmask := 255.255.255.0 Framed-Route := "10.10.1.0/24 10.10.1.199" EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbcd29b08ebdd9733c943a713160427f3 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.1.199:1812, id=5, length=156 User-Name = "nick" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202004a198000000040160301003b01000037030177ea93b17221418dc56a55a310c695c25e02281882265889ee66f6c6aeb6536600001000040005000a000900640062000300060100 State = 0xbcd29b08ebdd9733c943a713160427f3 NAS-IP-Address = 10.10.1.199 Message-Authenticator = 0x7e1934ade016613853f374ceaf97c353 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "nick", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 74 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 radius_xlat: 'nick' rlm_sql (sql): sql_set_user escaped user --> 'nick' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'nick' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName, radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'nick' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName, radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization Segmentation fault: 11 (core dumped) Does anyone know what may cause this? The only other time I've had radius seg-fault is when I was trying to get rlm_sql working. Cheers, Nick Larsen. On 8/29/06, Nick Larsen <larsen.nick@gmail.com> wrote:
Hi,
I have forcibly set Auth-Type to Local, so perhaps that's the problem. Here's my debug output anyway...
rad_recv: Access-Request packet from host 10.10.1.199:1812, id=1, length=73 User-Name = "nick" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02010009016e69636b NAS-IP-Address = 10.10.1.199 Message-Authenticator = 0xa2632b22341f08798a0fca4aa0f457c9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 160 modcall[authorize]: module "preprocess" returns ok for request 160 modcall[authorize]: module "chap" returns noop for request 160 modcall[authorize]: module "mschap" returns noop for request 160 rlm_realm: No '@' in User-Name = "nick", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 160 rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 160 radius_xlat: 'nick' rlm_sql (sql): sql_set_user escaped user --> 'nick' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'nick' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName, radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'nick' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName, radgroupreply.Attribute ,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 160 modcall: leaving group authorize (returns updated) for request 160 rad_check_password: Found Auth-Type Local auth: type Local
auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Login incorrect: [nick] (from client Finc-Wireless port 0) Delaying request 160 for 1 seconds Finished request 160 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 1 to 10.10.1.199 port 1812 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 160 ID 1 with timestamp 44f357bf Nothing to do. Sleeping until we see a request.
Cheers for your help,
Nick Larsen
On 8/29/06, Alan DeKok <aland@deployingradius.com> wrote:
"Nick Larsen" <larsen.nick@gmail.com> wrote:
Now I'm trying to authenticate users via wireless PDA's, but I now get "auth: No User-Password or CHAP-Password attribute in the request" in Access-Request, I guess it's the Linksys WAG54g now, so I better start trawling through the net again.
No.
Run the server in debugging mode, and post the output here.
That message happens ONLY if you forcibly set "Auth-Type = Local" when it doesn't make sense to do so.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Regards,
Nick Larsen Wellington NEW ZEALAND
-- Regards, Nick Larsen Wellington NEW ZEALAND