I got it to work further without even disabling pap. But then I get somehow I got this wrong authenticat { Auth-Type example{ python } } But now I get Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.) Investigating how to fix that.... Thanks! Jim On Wed, Feb 10, 2016 at 10:20 AM, Herwin Weststrate < herwin@quarantainenet.nl> wrote:
On 10-02-16 16:04, Jim Whitescarver wrote:
... But I always get pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (2) pap: WARNING: Authentication will fail unless a "known good" password is available
How can I get past that? There is never a "known good" password. Passwords are not used. Somehow four years ago we got it to work.
That error is caused by the pap module, not by Python. You can remove it from your config.
(1) [python] = ok (1) update control { (1) Auth-Type := saferadius (1) } # update control = noop
Here Python updated control:Auth-Type, which is good.
... (1) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (1) pap: WARNING: Authentication will fail unless a "known good" password is available (1) [pap] = noop
Here pap warns you that it can't handle the authentication. It's ugly, but it doesn't break anything. Like I said: try to remove the pap from the virtual server.
(1) } # authorize = ok (1) Found Auth-Type = saferadius (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (1) Auth-Type saferadius { (1) [python] = noop (1) } # Auth-Type saferadius = noop (1) Failed to authenticate the user
Here it should call the authenticate method of your python module, which should return radiusd.RLM_MODULE_OK to accept the user. I've got no idea if it really does that or not, all that information is truncated from the logging snippets you've posted.
-- Herwin Weststrate - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html