FreeRadius 2.1.8 and MySQL
All, I have a 2.1.8 freeradius server running and have recently added MySQL into the mix. I am attempting to authenticate a user via EAP-TTLS with a PAP inner (for simplicities sake atm). The user is valid, in the DB with Cleartext-Password, and auths fine when doing a radtest (PAP), however, when EAP-TTLS is thrown in the mix it fails with the following no auth type config'd error. I also attempted to place an Auth-Type == PAP into the DB, but that didn't help the EAP auth. When I remove MySQL, and revert to the users file, the user auths fine even with EAP-TTLS and a PAP inner. I have been scratching my head on this one trying different settings and DB entries and looking at the logs, but am failing to see what I am missing. Any ideas? Thanks, John ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "testing", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Stripped-User-Name = "testing" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[control] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [testing/password] (from client purewave port 0 cli 00:1d:8f:00:03:4d via TLS tunnel) } # server inner-tunnel [ttls] Got tunneled reply code 3 [ttls] Got tunneled Access-Reject [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user.
Hi all, I'm using freeradius 2.1.3. Would like to know if it's possible to block access (maybe in users file) by checking following criteria ? Acct-Tunnel-Client-Endpoint:0 = "137.*.*.*" Would anyone please help? Thanks. Regards, /ST Wong (st-wong@cuhk.edu.hk)
ST Wong (ITSC) wrote:
Hi all,
I'm using freeradius 2.1.3. Would like to know if it's possible to block access (maybe in users file) by checking following criteria ?
Acct-Tunnel-Client-Endpoint:0 = "137.*.*.*"
Would anyone please help? Thanks.
$ man unlang It explains how to match attributes, how to do regex matches, and how to reject users. Alan DeKok.
John Gammons wrote:
All,
I have a 2.1.8 freeradius server running and have recently added MySQL into the mix. I am attempting to authenticate a user via EAP-TTLS with a PAP inner (for simplicities sake atm). The user is valid, in the DB with Cleartext-Password, and auths fine when doing a radtest (PAP), however, when EAP-TTLS is thrown in the mix it fails with the following no auth type config'd error.
Edit raddb/sites-available/inner-tunnel. Add "sql" there in the same places you added it in sites-available/default. Alan DeKok.
participants (3)
-
Alan DeKok -
John Gammons -
ST Wong (ITSC)