No authenticate method (Auth-Type) found for the request
I am using network manager with radius server. I put this config in this files eap.conf default_eap_type = peap create new certificate as per http://deployingradius.com and network manager side i put ca.der but its giving Ready to process requests. rad_recv: Access-Request packet from host 192.168.21.32 port 32773, id=1, length=127 User-Name = "testing" NAS-IP-Address = 192.168.21.32 Called-Station-Id = "00ffff000001" Calling-Station-Id = "1caff76ce38c" NAS-Identifier = "00ffff000001" NAS-Port = 3 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000c0174657374696e67 Message-Authenticator = 0xbc498e29bfb9f44c5276dcb7d57b082e WARNING: Empty authorize section. Using default return values. ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Delaying reject of request 5 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 5 Sending Access-Reject of id 1 to 192.168.21.32 port 32773 Waking up in 4.9 seconds. Cleaning up request 5 ID 1 with timestamp +95 Ready to process requests. thanks in advance -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Harish Mandowara wrote:
but its giving ... WARNING: Empty authorize section. Using default return values.
You edited the default configuration and broke it. Don't do that. Check the raddb/sites-enabled directory. Make sure that ONLY the "default" and "inner-tunnel" servers are there. Make sure that you HAVEN'T edited those files. The error occurs because the default configuration has been *deleted*. Don't do that. Alan DeKok.
Thank you alan, I want to use PEAP-MSCHAP. So that i did change in eap.conf. I did not change in raddb/sites-enabled. Even in radiusd.conf, its there. but its giving right now Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } rlm_eap: No such sub-type for default EAP type peap /usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module "eap" /usr/local/etc/raddb/sites-enabled/default[310]: Failed to load module "eap". /usr/local/etc/raddb/sites-enabled/default[252]: Errors parsing authenticate section. I already install all openssl library but its not working properly.
Harish Mandowara wrote:
but its giving ... WARNING: Empty authorize section. Using default return values.
You edited the default configuration and broke it. Don't do that.
Check the raddb/sites-enabled directory. Make sure that ONLY the "default" and "inner-tunnel" servers are there. Make sure that you HAVEN'T edited those files.
The error occurs because the default configuration has been *deleted*. Don't do that.
Alan DeKok.
-- With Warm Regards Harish Mandowara -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
On Tue, Jan 24, 2012 at 6:48 PM, Harish Mandowara <harishm@cdac.in> wrote:
Thank you alan,
I want to use PEAP-MSCHAP.
Ignoring EAP-Type/peap because we do not have OpenSSL support.
See that error? Fix that. What OS/distro are you using? if you're having problem building FR with ssl, ready-to-use package should be available for most OS: http://wiki.freeradius.org/Packages -- Fajar
Hi,
Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support.
built within OpenSSL support - install the DEVELOPMENT libraries/headers (eg ssl-dev, openssl-devel or whatever they are called on your platform) and rebuild. or install a prebuilt package built with openssl support alan
Hi, I installed all the these libraries. Again build the code. and install but its coming same. i am putting all debugging message over here. main { allow_core_dumps = no } including dictionary file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/dictionary main { name = "radiusd" prefix = "/usr/local" localstatedir = "/usr/local/var" sbindir = "/usr/local/sbin" logdir = "/usr/local/var/log/radius" run_dir = "/usr/local/var/run/radiusd" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client 192.168.21.32 { ipaddr = 192.168.21.34 require_message_authenticator = no secret = "testing123" nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/radiusd.conf modules { Module: Creating Auth-Type = digest Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/eap.conf eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } rlm_eap: No such sub-type for default EAP type peap /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/eap.conf[17]: Instantiation failed for module "eap" /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/sites-enabled/default[310]: Failed to load module "eap". /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/sites-enabled/default[252]: Errors parsing authenticate section.
Hi,
Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support.
built within OpenSSL support - install the DEVELOPMENT libraries/headers (eg ssl-dev, openssl-devel or whatever they are called on your platform) and rebuild. or install a prebuilt package built with openssl support
alan
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
On Tue, Jan 24, 2012 at 9:55 PM, Harish Mandowara <harishm@cdac.in> wrote:
Hi,
I installed all the these libraries. Again build the code. and install but
No, you didn't. You either: - didn't have development headers installed (e.g. you have libssl, but not libssl-dev), OR - didn't re-run configure, OR - have conflicting version of openssl, possibly one installed from package and one from source, OR - somehow got a buggy version of openssl (unlikely, but possible) either way, looking at ./configure output (using "tee", and later open the log with a text editor helps) should be able to tell you why it has no ssl support. Or just use packages. -- Fajar
Hi,
I installed all the these libraries. Again build the code. and install but its coming same. i am putting all debugging message over here.
outut of the ./configure stage? once again, no OpenSSL support - so you built without the OpenSSL headers/includes for the server.... and/or you didnt run the ./configure stage again alan
participants (4)
-
Alan Buxey -
Alan DeKok -
Fajar A. Nugraha -
Harish Mandowara