Re: Radius reject the request
You are editing the wrong file. Read the output of radiusd -X The server config files will be eg /usr/local/etc/raddb/ alan -- This smartphone uses free WiFi around the world with eduroam, now that's what I call smart.
I install a new radius server as last,(for practice that know nothing is mismatch) and edit the correct "users" file, but radius reject me again. Linux is so difficult :d new debug output is attached. The firewall is disabled. Tanks and Best Regards
On Mon, Jul 23, 2012 at 1:47 PM, Reza Hajjizadeh <hajjizadeh@gmail.com> wrote:
I install a new radius server as last,(for practice that know nothing is mismatch) and edit the correct "users" file, but radius reject me again.
Really? The debug log shows otherwise # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ... ++[files] returns noop ... [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. That means files module did not do anything (i.e. it doesn't find a line matching the request). From initialization section: Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files files { usersfile = "/usr/local/etc/raddb/users" acctusersfile = "/usr/local/etc/raddb/acct_users" preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" compat = "no" } Did you edit the file shown in "usersfile"? Did you follow the example there? What does it contain now?
Linux is so difficult :d
Not if you use common sense. Most software (including FR) contains pretty good documentation (including comments in the configuration file). But you need to read it. The alternative is actually easy: hire someone capable to do it for you. -- Fajar
Thank for your help, Really? The debug log shows otherwise
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ... ++[files] returns noop ... [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
That means files module did not do anything (i.e. it doesn't find a line matching the request). From initialization section:
Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files files { usersfile = "/usr/local/etc/raddb/users" acctusersfile = "/usr/local/etc/raddb/acct_users" preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" compat = "no" }
Did you edit the file shown in "usersfile"?
yes, i was edit the "users" file at the shown path
Did you follow the example
yes the example in the file and in the wiki.freeradius.org
there? What does it contain now?
testuser Cleartext-Password := "Test" I'm try to start with linux, read from freeradius.org Thank that help me
On Mon, Jul 23, 2012 at 3:42 PM, Reza Hajjizadeh <hajjizadeh@gmail.com> wrote:
Did you edit the file shown in "usersfile"?
yes, i was edit the "users" file at the shown path
The debug log doesn't lie. If files module say "noop" on authorization phase, it usually means: - the file FR reads doesn't contain the entry, OR - the file FR reads doesn't contain the entry in the correct format, OR - you haven't restarted FR since the last time you edit the users file
Did you follow the example
yes the example in the file and in the wiki.freeradius.org
there? What does it contain now?
testuser Cleartext-Password := "Test"
You tested with rad_recv: Access-Request packet from host 127.0.0.1 port 33550, id=60, length=78 User-Name = "testuser" User-Password = "123456" I'm guessing it's simply a matter of incorrect edits. Recheck the files carefully, make sure (again) that you edit the correct file, with the correct format, and the correct entry (in this case, pick either "Test" or "123456" as password, but be consistent about it), and make sure you restart FR afterwards (ctrl-C and rerun the command, if running in debug mode) -- Fajar
Hi,
I install a new radius server as last,(for practice that know nothing is mismatch) and edit the correct "users" file, but radius reject me again.
okay..i'll believe you that you edited the correct file. and you say you did testuser with password Test okay...so lets look at the output:
rad_recv: Access-Request packet from host 127.0.0.1 port 33550, id=60, length=78 User-Name = "testuser" User-Password = "123456" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 Message-Authenticator = 0xd65e729657b704159f09d0feb24eeed8
hmmm, oh wait! the request is for 'testuser' with password '123456' so, unless you expect some random magic to occur, this isnt going to work. either send the correct request, or put the correct password into the users file blaming Linux for being difficult? alan
participants (4)
-
Alan Buxey -
alan buxey -
Fajar A. Nugraha -
Reza Hajjizadeh