Hi I am new to freeradius. I want to implement huntgroup for associating a user name with particular NAS device. I am performing username authentication with Auth-Type = LDAP If my NAS devices are cisco routes, with IP A.B.C.D, and I want to authenticate this device with user1/***** in LDAP, can some one pls provide what are configuration needed to modified in which files. If I am doing following in /etc/raddb/users file: kmcuser Auth-Type = LDAP, Huntgroup-Name == "kmc1" Fall-Through = Yes and following lines in /etc/raddb/huntgroup file: kmc1 NAS-IP-Address == 172.16.0.150 After restarting radius server with radiusd -X, Now if I am trying to logon to NAS device, it is unsuccessfull with following messages: rad_recv: Access-Request packet from host 172.16.0.150:47715, id=31, length=65 NAS-IP-Address = 172.16.0.155 Service-Type = Login-User NAS-Port-Type = Virtual User-Name = "kmcuser" User-Password = "kmcnet" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "kmcuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 modcall[authorize]: module "files" returns notfound for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Re jecting the user auth: Failed to validate the user. Login incorrect: [kmcuser] (from client private-network-1 port 0) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 31 to 172.16.0.150 port 47715 Waking up in 4 seconds... so pls tell me how shall I solve this problem?/
Parashar Singh wrote:
I am new to freeradius.
You installed a *very* old version of the server. I suggest you upgrade to 2.1.6.
If I am doing following in /etc/raddb/users file:
kmcuser Auth-Type = LDAP, Huntgroup-Name == "kmc1" Fall-Through = Yes
That says "use LDAP authentication for that huntgroup"
and following lines in /etc/raddb/huntgroup file:
kmc1 NAS-IP-Address == 172.16.0.150 ... rad_recv: Access-Request packet from host 172.16.0.150:47715, id=31, length=65 NAS-IP-Address = 172.16.0.155
And the user didn't log in from that huntgroup.
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
So... no authentication was done. Alan DeKok.
kmcuser Auth-Type = LDAP, Huntgroup-Name == "kmc1" Fall-Through = Yes
You probably don't need to force Auth-Type. What freeradius version is this? Why are you using version that is years out of date?
and following lines in /etc/raddb/huntgroup file:
kmc1 NAS-IP-Address == 172.16.0.150
After restarting radius server with radiusd -X, Now if I am trying to logon to NAS device, it is unsuccessfull with following messages:
rad_recv: Access-Request packet from host 172.16.0.150:47715, id=31, length=65 NAS-IP-Address = 172.16.0.155 Service-Type = Login-User NAS-Port-Type = Virtual User-Name = "kmcuser" User-Password = "kmcnet" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "kmcuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 modcall[authorize]: module "files" returns notfound for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Re jecting the user
That's because you haven't listed ldap in authorize (and your password is in there). Ivan Kalik Kalik Informatika ISP
participants (3)
-
Alan DeKok -
Ivan Kalik -
Parashar Singh