Hi, I have this error, when i client log in: Fri Jul 28 12:49:55 2006 : Debug: Processing the post-auth section of radiusd.conf Fri Jul 28 12:49:55 2006 : Debug: modcall: entering group post-auth for request 0 Fri Jul 28 12:49:55 2006 : Debug: modsingle[post-auth]: calling professori (rlm_ippool) for request 0 Fri Jul 28 12:49:55 2006 : Debug: rlm_ippool: Could not find Pool-Name attribute. Fri Jul 28 12:49:55 2006 : Debug: modsingle[post-auth]: returned from professori (rlm_ippool) for request 0 Fri Jul 28 12:49:55 2006 : Debug: modcall[post-auth]: module "professori" returns noop for request 0 Fri Jul 28 12:49:55 2006 : Debug: modsingle[post-auth]: calling studenti (rlm_ippool) for request 0 Fri Jul 28 12:49:55 2006 : Debug: rlm_ippool: Could not find Pool-Name attribute. Fri Jul 28 12:49:55 2006 : Debug: modsingle[post-auth]: returned from studenti (rlm_ippool) for request 0 Fri Jul 28 12:49:55 2006 : Debug: modcall[post-auth]: module "studenti" returns noop for request 0 Fri Jul 28 12:49:55 2006 : Debug: modcall: leaving group post-auth (returns noop) for request 0 CONFIG: radius.conf ippool professori { range-start = 192.168.182.2 range-stop = 192.168.182.50 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex } ippool studenti { range-start = 192.168.182.129 range-stop = 192.168.182.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex } post-auth { professori studenti ............ } users DEFAULT Service-Type == Framed-User, Huntgroup-Name == "professori", User-Profile:="employeeType=professor", Pool-Name := "professori" Fall-Through = Yes DEFAULT Service-Type == Framed-User, Huntgroup-Name == "studenti", User-Profile:="employeeType=student", Pool-Name := "studentii" Fall-Through = Yes huntgroups professori NAS-IP-Address == 192.168.182.1 studenti NAS-IP-Address == 192.168.182.1 -------------------- Thanks in advance, Giusy
Giuseppina Venezia wrote:
users
DEFAULT Service-Type == Framed-User, Huntgroup-Name == "professori", User-Profile:="employeeType=professor", Pool-Name := "professori" Fall-Through = Yes
If the ippool module is saying Pool-Name is not found, then these entries must not be matching. Run FreeRadius under debugging with the -X argument, and watch for the bit where it processes the "authorize" section - see what entries are matched in the "files" module.
On 7/28/06, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
If the ippool module is saying Pool-Name is not found, then these entries must not be matching. Run FreeRadius under debugging with the -X argument, and watch for the bit where it processes the "authorize" section - see what entries are matched in the "files" module.
The authorize section works well: ..... Fri Jul 28 17:51:49 2006 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Fri Jul 28 17:51:49 2006 : Debug: modcall[authorize]: module "ldap" returns ok for request 0 Fri Jul 28 17:51:49 2006 : Debug: modsingle[authorize]: calling checkval (rlm_checkval) for request 0 Fri Jul 28 17:51:49 2006 : Debug: rlm_checkval: Item Name: Calling-Station-Id, Value: 00-02-D7-BF-A0-98 Fri Jul 28 17:51:49 2006 : Debug: rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-D7-BF-A0-98 Fri Jul 28 17:51:49 2006 : Debug: modsingle[authorize]: returned from checkval (rlm_checkval) for request 0 Fri Jul 28 17:51:49 2006 : Debug: modcall[authorize]: module "checkval" returns ok for request 0 Fri Jul 28 17:51:49 2006 : Debug: modcall: leaving group authorize (returns ok) for request 0 .... The authentication also works well, i think that i have some problems in my config. Thanks.
I have a doubt, it's possibile use ippool with LDAP (CHAP authentication)? Have someone ideas about this error? I'm not able to find documentation or other about this. Thanks in advance. Giusy
Yes its possible. However you will have to store passwords in clear text format onto the ldap. _____ De : freeradius-users-bounces+s.cantos=neopost.com@lists.freeradius.org [mailto:freeradius-users-bounces+s.cantos=neopost.com@lists.freeradius.org] De la part de Giuseppina Venezia Envoyé : lundi 31 juillet 2006 12:13 À : FreeRadius users mailing list Objet : Re: ippool error I have a doubt, it's possibile use ippool with LDAP (CHAP authentication)? Have someone ideas about this error? I'm not able to find documentation or other about this. Thanks in advance. Giusy
Ive something like this in the user file : DEFAULT Service-Type == Framed-User, Pool-Name := "main_pool" Framed-Protocol = PPP, Framed-MTU = 1500, Idle-Timeout = 300 Then make sure you have a reference to your pool in the postauth section of radiusd.conf : post-auth { # Get an address from the IP Pool. main_pool And also a reference of it in the accounting section (just to make sure an IP will be cleared from the pool when an accounting STOP packet is received). accounting { .. main_pool . Regards, Sebastien. _____ De : freeradius-users-bounces+s.cantos=neopost.com@lists.freeradius.org [mailto:freeradius-users-bounces+s.cantos=neopost.com@lists.freeradius.org] De la part de Giuseppina Venezia Envoyé : lundi 31 juillet 2006 14:31 À : FreeRadius users mailing list Objet : Re: ippool error On 7/31/06, Sebastien Cantos <s.cantos@neopost.com> wrote: Yes it's possible. However you will have to store passwords in clear text format onto the ldap. Ldap works fine. The authentication works, the only thing that doesn't works is ip pool assignment.
On 7/31/06, Sebastien Cantos <s.cantos@neopost.com> wrote:
I've something like this in the user file :
....
That's Ok Then make sure you have a reference to your pool in the postauth section of
radiusd.conf :
Yes.
And also a reference of it in the accounting section (just to make sure an IP will be cleared from the pool when an accounting STOP packet is received).
accounting {
…..
main_pool
….
I haven't this. Noy, I've added the name of my pool in accounting section and i have this error in adding to that one before: Mon Jul 31 16:11:45 2006 : Debug: Processing the accounting section of radiusd.conf Mon Jul 31 16:11:45 2006 : Debug: modcall: entering group accounting for request 1 Mon Jul 31 16:11:45 2006 : Debug: modsingle[accounting]: calling studenti (rlm_ippool) for request 1 Mon Jul 31 16:11:45 2006 : Debug: rlm_ippool: This is not an Accounting-Stop. Return NOOP. Mon Jul 31 16:11:45 2006 : Debug: modsingle[accounting]: returned from studenti (rlm_ippool) for request 1 Mon Jul 31 16:11:45 2006 : Debug: modcall[accounting]: module "studenti" returns noop for request 1 Regards,
Thanks. Giusy
Can you paste the part of the logs dealing with postauth ? The IP assignment should be done in postauth and it adds the Framed-IP-Address in the auth response. Also, can you paste the part of your radiusd.conf where you define the ip pool please ? _____ De : freeradius-users-bounces+s.cantos=neopost.com@lists.freeradius.org [mailto:freeradius-users-bounces+s.cantos=neopost.com@lists.freeradius.org] De la part de Giuseppina Venezia Envoyé : lundi 31 juillet 2006 16:26 À : FreeRadius users mailing list Objet : Re: ippool error On 7/31/06, Sebastien Cantos <s.cantos@neopost.com> wrote: I've something like this in the user file : .... That's Ok Then make sure you have a reference to your pool in the postauth section of radiusd.conf : Yes. And also a reference of it in the accounting section (just to make sure an IP will be cleared from the pool when an accounting STOP packet is received). accounting { .. main_pool . I haven't this. Noy, I've added the name of my pool in accounting section and i have this error in adding to that one before: Mon Jul 31 16:11:45 2006 : Debug: Processing the accounting section of radiusd.conf Mon Jul 31 16:11:45 2006 : Debug: modcall: entering group accounting for request 1 Mon Jul 31 16:11:45 2006 : Debug: modsingle[accounting]: calling studenti (rlm_ippool) for request 1 Mon Jul 31 16:11:45 2006 : Debug: rlm_ippool: This is not an Accounting-Stop. Return NOOP. Mon Jul 31 16:11:45 2006 : Debug: modsingle[accounting]: returned from studenti (rlm_ippool) for request 1 Mon Jul 31 16:11:45 2006 : Debug: modcall[accounting]: module "studenti" returns noop for request 1 Regards, Thanks. Giusy
Giuseppina Venezia wrote:
On 7/28/06, *Phil Mayers* <p.mayers@imperial.ac.uk <mailto:p.mayers@imperial.ac.uk>> wrote:
If the ippool module is saying Pool-Name is not found, then these entries must not be matching. Run FreeRadius under debugging with the -X argument, and watch for the bit where it processes the "authorize" section - see what entries are matched in the "files" module.
The authorize section works well:
I'll repeat myself:
Run FreeRadius under debugging with the -X argument, and watch for the bit where it processes the "authorize" section - see what entries are matched in the "files" module.
The logs you have given are NOT debugging output. What does your radiusd.conf look like? I'll repeat myself - you are NOT setting the Pool-Name attribute. Set it, and it will work.
On 7/31/06, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
The logs you have given are NOT debugging output.
root@barbaculo:/usr/local/etc/raddb# radiusd -X -A & [1] 16321 Starting - reading configuration files ... ....... Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:1039, id=0, length=216 User-Name = "arccas" CHAP-Challenge = 0xf606250a5f23241fb1b9d9109af1a082 CHAP-Password = 0x00c66b772cfa0368bcf45f5e2945903846 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.3 Calling-Station-Id = "00-02-D7-BF-A0-98" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Identifier = "nas01" Acct-Session-Id = "44ce1d9300000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Message-Authenticator = 0x4e30008639aaaa133c8110c2088e9d90 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for arccas radius_xlat: '(uid=arccas)' radius_xlat: 'ou=statistica,dc=xxx,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=xxx,dc=it/PASSWORD to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=statistica,dc=xxx,dc=it, with filter (uid=arccas) rlm_ldap: checking if remote access for arccas is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value student & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-D7-BF-A0-98 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user arccas authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-02-D7-BF-A0-98 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-D7-BF-A0-98 modcall[authorize]: module "checkval" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group CHAP for request 0 rlm_chap: login attempt by "arccas" with CHAP password rlm_chap: Using clear text password a for user arccas authentication. rlm_chap: chap user arccas authenticated succesfully modcall[authenticate]: module "chap" returns ok for request 0 modcall: leaving group CHAP (returns ok) for request 0 Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 rlm_ippool: Could not find Pool-Name attribute. modcall[post-auth]: module "studenti" returns noop for request 0 modcall: leaving group post-auth (returns noop) for request 0 Sending Access-Accept of id 0 to 127.0.0.1 port 1039 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 127.0.0.1:1037, id=0, length=131 Acct-Status-Type = Start User-Name = "arccas" Calling-Station-Id = "00-02-D7-BF-A0-98" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-Port-Id = "00000001" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "nas01" Framed-IP-Address = 192.168.182.3 Acct-Session-Id = "44ce1d9300000001" Processing the preacct section of radiusd.conf modcall: entering group preacct for request 1 modcall[preacct]: module "preprocess" returns noop for request 1 rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "44ce1d9300000001",User-Name = "arccas"' rlm_acct_unique: Acct-Unique-Session-ID = "6b0287a8c4334b7b". modcall[preacct]: module "acct_unique" returns ok for request 1 rlm_realm: No '@' in User-Name = "arccas", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 1 modcall: leaving group preacct (returns ok) for request 1 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 1 rlm_ippool: This is not an Accounting-Stop. Return NOOP. modcall[accounting]: module "studenti" returns noop for request 1 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060731' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060731 modcall[accounting]: module "detail" returns ok for request 1 modcall[accounting]: module "unix" returns ok for request 1 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'arccas' modcall[accounting]: module "radutmp" returns ok for request 1 modcall: leaving group accounting (returns ok) for request 1 Sending Accounting-Response of id 0 to 127.0.0.1 port 1037 Finished request 1 What does your radiusd.conf look like? radius.conf ippool studenti { range-start = 192.168.182.129 range-stop = 192.168.182.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = yes maximum-timeout = 0 } accounting { studenti ...... post-auth { studenti ...... ------------- users DEFAULT Auth-Type = LDAP Fall-Through = 1 DEFAULT Huntgroup-Name == "studenti", Ldap-Group == "student", Pool-Name:="studenti" DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes, WISPr-Bandwidth-Max-Up = 128000, WISPr-Bandwidth-Max-Down = 512000 DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "SLIP" Framed-Protocol = SLIP ------- Huntgroups studenti NAS-IP-Address == 192.168.182.1 -------- I'll repeat myself - you are NOT setting the Pool-Name attribute. Set
it, and it will work.
How i can set it? I really didn't understand this. Where I must set the Pool-Name attribute? In radius.conf. Really, thanks a lot for your patience. Giusy
"Giuseppina Venezia" <giusy.venezia@gmail.com> wrote:
rlm_ippool: Could not find Pool-Name attribute.
As has been said many times, you are not setting the Pool-Name attribute.
users
...
DEFAULT Huntgroup-Name == "studenti", Ldap-Group == "student", Pool-Name:="studenti"
Which is OK, except for the fact that the debug log shows the server isn't reading the "users" file. And the radiusd.conf pieces you posted don't include the "authorize" section. You deleted "files" from "authorize", and are still trying to use the "users" file. Please don't break the server configuration. The default configuration is there for a purpose: it works. It's frustrating to see the number of people who go out of their way to break the server, and then wonder why it doesn't work. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
On 7/31/06, Alan DeKok <aland@deployingradius.com> wrote:
You deleted "files" from "authorize", and are still trying to use the "users" file.
Please don't break the server configuration. The default configuration is there for a purpose: it works. It's frustrating to see the number of people who go out of their way to break the server, and then wonder why it doesn't work.
Touché. Thank you, Alan. Now, I have decommented "files", it reads "users" but give the same error. I'll paste the log and the "authorize" configuration of radius.conf: LOG: ..... Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.96:2061, id=1, length=69 Ignoring request from unknown client 192.168.1.96:2061 --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 127.0.0.1:1053, id=0, length=216 User-Name = "arccas" CHAP-Challenge = 0x5fa368f34c077e5795c013ae506dc046 CHAP-Password = 0x00a2462385fdf08f161ee314ad6cb3b18d NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.2 Calling-Station-Id = "00-02-D7-BF-A0-98" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Identifier = "nas01" Acct-Session-Id = "44ce4b7700000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x8b794514b94fc2f9ebad526175214ab9 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for arccas radius_xlat: '(uid=arccas)' radius_xlat: 'ou=statistica,dc=xxx,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=xxx,dc=it/PASSWORD to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=statistica,dc=xxx,dc=it, with filter (uid=arccas) rlm_ldap: checking if remote access for arccas is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value student & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-D7-BF-A0-98 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user arccas authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-02-D7-BF-A0-98 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-D7-BF-A0-98 modcall[authorize]: module "checkval" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type LDAP auth: type Local auth: user supplied CHAP-Password matches local User-Password Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 rlm_ippool: Could not find Pool-Name attribute. modcall[post-auth]: module "studenti" returns noop for request 0 modcall: leaving group post-auth (returns noop) for request 0 Sending Access-Accept of id 0 to 127.0.0.1 port 1053 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 127.0.0.1:1051, id=0, length=131 Acct-Status-Type = Start User-Name = "arccas" Calling-Station-Id = "00-02-D7-BF-A0-98" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Port-Id = "00000000" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "nas01" Framed-IP-Address = 192.168.182.2 Acct-Session-Id = "44ce4b7700000000" Processing the preacct section of radiusd.conf modcall: entering group preacct for request 1 modcall[preacct]: module "preprocess" returns noop for request 1 rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "44ce4b7700000000",User-Name = "arccas"' rlm_acct_unique: Acct-Unique-Session-ID = "68b1949fcaee533d". modcall[preacct]: module "acct_unique" returns ok for request 1 rlm_realm: No '@' in User-Name = "arccas", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 1 modcall[preacct]: module "files" returns noop for request 1 modcall: leaving group preacct (returns ok) for request 1 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 1 rlm_ippool: This is not an Accounting-Stop. Return NOOP. modcall[accounting]: module "studenti" returns noop for request 1 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060731' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060731 modcall[accounting]: module "detail" returns ok for request 1 modcall[accounting]: module "unix" returns ok for request 1 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'arccas' modcall[accounting]: module "radutmp" returns ok for request 1 modcall: leaving group accounting (returns ok) for request 1 Sending Accounting-Response of id 0 to 127.0.0.1 port 1051 Finished request 1 Going to the next request Cleaning up request 1 ID 0 with timestamp 44ce4b99 Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 44ce4b99 Nothing to do. Sleeping until we see a request. ------------ radius,conf authorize { preprocess chap files ldap checkval } ------------------------- Thanks in advance. Giusy
"Giuseppina Venezia" <giusy.venezia@gmail.com> wrote:
Thank you, Alan. Now, I have decommented "files", it reads "users" but give the same error. I'll paste the log and the "authorize" configuration of radius.conf: ... Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.96:2061, id=1, length= 69 Ignoring request from unknown client 192.168.1.96:2061
That's a problem. Please fix that, AND post logs from ONE CLIENT only. Posting logs that include packets from multiple clients makes it impossible to figure out the problem.
rad_check_password: Found Auth-Type LDAP auth: type Local
You're kidding, right? If this is really what's going on, then you spent a LOT of effort to break the default configuration.
users: Matched entry DEFAULT at line 152
So... what's on line 152? Go read it.
rlm_ippool: Could not find Pool-Name attribute.
Probably because the entry setting the Pool-Name isn't on line 152. Honestly, you're going through enormous amounts of effort to get this working. Almost all of that effort is wasted, because you've ALSO spent enormous amounts of effort breaking the default configuration. Please start with the default configuration. What you're using now is so completely broken that it's simply too difficult to fix it. Then, configure the IP pool module. Change NOTHING else in the default configuration. Then, add a "users" file entry setting the pool name, and a password for a test user. See the FAQ. Then test it. Get THAT to work, and then start working on LDAP, and everything else. Again, please stop trying so hard to break the default configuration. It's clear you're not familiar with the way the server works, and that's OK. But it means that you SHOULD NOT be making massive edits to the default config, as you've been doing. It's causing nothing but problems. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
On 7/31/06, Alan DeKok <aland@deployingradius.com> wrote: Then, add a "users" file entry setting the pool name, and a password
for a test user. See the FAQ. Then test it. Get THAT to work, and then start working on LDAP, and everything else.
Ok. Again, please stop trying so hard to break the default
configuration. It's clear you're not familiar with the way the server works, and that's OK. But it means that you SHOULD NOT be making massive edits to the default config, as you've been doing. It's causing nothing but problems.
It's true. I'll make all. Rally, thanks a lot. Alan DeKok.
-- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 7/31/06, Alan DeKok <aland@deployingradius.com> wrote: Then, add a "users" file entry setting the pool name, and a password
for a test user. See the FAQ. Then test it. Get THAT to work, and then start working on LDAP, and everything else.
Ok. Again, please stop trying so hard to break the default
configuration. It's clear you're not familiar with the way the server works, and that's OK. But it means that you SHOULD NOT be making massive edits to the default config, as you've been doing. It's causing nothing but problems.
It's true. I'll make all. Rally, thanks a lot. Alan DeKok. Giusy
participants (4)
-
Alan DeKok -
Giuseppina Venezia -
Phil Mayers -
Sebastien Cantos