users: Matched entry DEFAULT at line 153
users: Matched entry abc at line 216 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rlm_pap: Found existing Auth-Type, not changing it. rad_check_password: Found Auth-Type System modcall[authenticate]: module "unix" returns notfound for request 0
It shouldn't be using an auth-type of "System", that means to lookup the user in the /etc/passwd (/etc/shadow) file. But you don't have a user on your system named "abc" so the not found result makes sense, right?
Why is it trying to find "abc" amongst the unix users on your system? The answer is right above, look at the lines labeled "users:", that's your users file, also look at the line that says "Found Auth-Type, not changing it". So somthing in your users file forced the user "abc" to have an Auth-Type of "system" or "unix", it also tells you which lines in the users files it matched. Go fix your users file so it doesn't do that. I found in users file that line: DEFAULT Auth-Type = System i decommented it but same problem. i think i must change it to other attribut? I'm guessing in your attempts to get things working you may have mangled the example users file, you might want to start with the unaltered users file and just add your test user.
All this is documented in the link I sent you a week ago: http://deployingradius.com/documents/configuration/pap.html
-- John Dennis <jdennis@redhat.com>
Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
Date: Thu, 13 May 2010 11:01:10 +0100 From: A.L.M.Buxey@lboro.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: Access request-access reject
Hi,
I found in users file that line: DEFAULT Auth-Type = System
comment this line out and restart the daemon remove calls to 'unix' from your configuration if you dont want to even think about /etc/passwd i commented it like that: #DEFAULT Auth-Type = System Fall-Through = 1 also in file radiusd.conf: authenticate { # # PAP authentication, when a back-end database listed # in the 'authorize' section supplies a password. The # password can be clear-text, or encrypted. Auth-Type PAP { pap }
# # Most people want CHAP authentication # A back-end database listed in the 'authorize' section # MUST supply a CLEAR TEXT password. Encrypted passwords # won't work. Auth-Type CHAP { chap } # # MSCHAP authentication. Auth-Type MS-CHAP { mschap } # # If you have a Cisco SIP server authenticating against # FreeRADIUS, uncomment the following line, and the 'digest' # line in the 'authorize' section. # digest # # Pluggable Authentication Modules. # pam # # See 'man getpwent' for information on how the 'unix' # module checks the users password. Note that packets # containing CHAP-Password attributes CANNOT be authenticated # against /etc/passwd! See the FAQ for details. # unix # Uncomment it if you want to use ldap for authentication # # Note that this means "check plain-text password against # the ldap database", which means that EAP won't work, # as it does not supply a plain-text password. # Auth-Type LDAP { # ldap # } # # Allow EAP authentication. eap } i commented :unix ... and i have this output in the deamon: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:40128, id=130, length=55 User-Name = "abc" User-Password = "123" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "abc", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 153 users: Matched entry abc at line 216 modcall[authorize]: module "files" returns ok for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 130 to 127.0.0.1 port 40128 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 130 with timestamp 4bebd86e Nothing to do. Sleeping until we see a request.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_________________________________________________________________ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969
Hi,
comment this line out and restart the daemon remove calls to 'unix' from your configuration if you dont want to even think about /etc/passwd i commented it like that: #DEFAULT Auth-Type = System Fall-Through = 1
comment out both lines.....the DEFAULT line and the fall-through and you didnt read my original email...which is a pity, where i said to comment out calls to 'unix' in your config if you dont use it or need it. as you are not reading what i am telling you then i'm afraid i wont bother replying to you again over this issue :-( alan
nooooo plz sorry i'm not so well in english. thank you Alan :))) it's working now see it: root@pfe-laptop:/home/pfe# radtest abc 123 localhost 1812 testing123 Sending Access-Request of id 185 to 127.0.0.1 port 1812 User-Name = "abc" User-Password = "123" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=185, length=20 thakkkkkkkkkkkkkkkkkkksss
Date: Thu, 13 May 2010 13:07:45 +0100 From: A.L.M.Buxey@lboro.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: Access request-access reject
Hi,
comment this line out and restart the daemon remove calls to 'unix' from your configuration if you dont want to even think about /etc/passwd i commented it like that: #DEFAULT Auth-Type = System Fall-Through = 1
comment out both lines.....the DEFAULT line and the fall-through
and you didnt read my original email...which is a pity, where i said to comment out calls to 'unix' in your config if you dont use it or need it. as you are not reading what i am telling you then i'm afraid i wont bother replying to you again over this issue :-(
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_________________________________________________________________ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
participants (2)
-
Alan Buxey -
dorra aa