PAP/SSHA plus MS-CHAP on 2.17
Y'all: Maybe this question obvious for somebody, but I haven't been able to find an answer so far. I'd appreciate any help on this. I'm setting up freeradius 2.17 with OpenLDAP on CentOS 5.3 (using the pre-built RPM repository from http://people.redhat.com/jdennis/freeradius-rhel-centos). The system need to authenticate at least two different ways by RADIUS (plus several others by LDAP, but that's all working fine). Currently one is working and the other is not. I've worked with freeradius/LDAP setups before, but it's been a couple years since I last did it from scratch. One client needs to talk MS-CHAP, and that's working great. If it matters I'm happy to post logs of these sessions happening, but I presume that's irrelevant. The other client needs to talk PAP, and it's not working right at all. In keeping with the frequent advice of this group, I've kept the config files as pristine as I can. Here are all the changes I've made since I last reverted to the default files: [/etc/raddb]# diff ./sites-available/default.DIST ./sites-available/default 170c170 < # ldap ---
ldap
[/etc/raddb]# diff ./modules/ldap.DIST ./modules/ldap 33c33 < server = "ldap.your.domain" ---
server = ".org"
36c36 < basedn = "o=My Org,c=UA" ---
basedn = "dc=my,dc=office,dc=org"
116c116 < # password_attribute = userPassword ---
password_attribute = userPassword
[/etc/raddb]# diff ./modules/pap.DIST ./modules/pap 17c17 < auto_header = no ---
auto_header = yes
[/etc/raddb]# diff ./clients.conf.DIST ./clients.conf 101c101 < secret = testing123 ---
secret = SharedSecret
234a235,240
client 172.16.0.0/24 { secret = SharedSecret shortname = office-network }
[/etc/raddb]# In fiddling over the past few days I've achieved several different failure modes, but here's what a session looks like now: rad_recv: Access-Request packet from host 172.16.0.1 port 1078, id=36, length=82 User-Name = "testuser" User-Password = "user" Service-Type = Authenticate-Only NAS-Identifier = "VPNSRV" Message-Authenticator = 0x8e--censored--db +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated ++[files] returns noop [ldap] performing user authorization for testuser [ldap] expand: %{Stripped-User-Name} -> [ldap] expand: %{User-Name} -> testuser [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=testuser) [ldap] expand: dc=my,dc=office,dc=org -> dc=my,dc=office,dc=org rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to muggins.my.office.org:389, authentication 0 rlm_ldap: bind as / to muggins.my.office.org:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=my,dc=office,dc=org, with filter (uid=testuser) [ldap] Added User-Password = {SSHA}i9--censored--JI in check items [ldap] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x4338--censored--4531 rlm_ldap: sambaLmPassword -> LM-Password == 0x4637--censored--4545 [ldap] looking for reply items in directory... [ldap] user testuser authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing NT-Password from hex encoding [pap] Normalizing LM-Password from hex encoding [pap] Normalizing SSHA1-Password from base64 encoding ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "user" [pap] Using CRYPT encryption. [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> testuser attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 36 to 172.16.0.1 port 1078 Waking up in 4.9 seconds. The part that seems strange to me is that the system clearly identifies the type of passwords we are using ("Normalizing SSHA1-Password from base64 encoding" seems proof enough of that), but a couple lines later PAP has decided to use CRYPT encryption for some reason. I can't imagine what I've done to make the system believe it should use CRYPT instead of SSHA. I've been developing a range of crazy theories as to what might be going on, but I think it's time for me to see what y'all have to say. Thanks in advance for any guidance. E.
Eric Swanson wrote:
... [ldap] Added User-Password = {SSHA}i9--censored--JI in check items [ldap] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x4338--censored--4531 rlm_ldap: sambaLmPassword -> LM-Password == 0x4637--censored--4545
You have 3 versions of the "known good" password for the user. Which one do you want to use?
[pap] Using CRYPT encryption.
And the "pap" module isn't configured to use any of them.
The part that seems strange to me is that the system clearly identifies the type of passwords we are using ("Normalizing SSHA1-Password from base64 encoding" seems proof enough of that), but a couple lines later PAP has decided to use CRYPT encryption for some reason. I can't imagine what I've done to make the system believe it should use CRYPT instead of SSHA.
Check the configuration of the PAP module. Alan DeKok.
On Wed, Jan 13, 2010 at 10:48 PM, Alan DeKok <aland@deployingradius.com> wrote:
Eric Swanson wrote:
... [ldap] Added User-Password = {SSHA}i9--censored--JI in check items [ldap] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x4338--censored--4531 rlm_ldap: sambaLmPassword -> LM-Password == 0x4637--censored--4545
You have 3 versions of the "known good" password for the user. Which one do you want to use?
Alan: Thanks so much for getting back to me. My intent is to use the SSHA password -- of the ones my LDAP system must maintain, I assumed it would be the most straightforward (better than those Windows ones anyway).
[pap] Using CRYPT encryption.
And the "pap" module isn't configured to use any of them.
The part that seems strange to me is that the system clearly identifies the type of passwords we are using ("Normalizing SSHA1-Password from base64 encoding" seems proof enough of that), but a couple lines later PAP has decided to use CRYPT encryption for some reason. I can't imagine what I've done to make the system believe it should use CRYPT instead of SSHA.
Check the configuration of the PAP module.
Here's my modules/pap in its entirety: pap { auto_header = yes } I haven't found any information on other (non-deprecated) directives that go in this file. If there's a way to tell PAP to use the SSHA password, I would _love_ to hear it. There's not much to the rest of my PAP-related configuration. In sites-available/default under the authorization section, PAP is listed last, just like this: pap In sites-available/default under the authentication section, PAP is listed first like this: Auth-Type PAP { pap } I'm excited about your note's implication that there's a way to tell PAP which password to use. If that's really true, I think all I need is to be pointed to information about how to do so. Thankx, E.
On Thu, Jan 14, 2010 at 12:18 AM, Eric Swanson <swanson@technologypartnerds.com> wrote:
There's not much to the rest of my PAP-related configuration.
...and just for the record, I've just grepped through my whole /etc/raddb folder. The only other non-commented mentions of PAP are in eap.conf, sites-available/inner-tunnel, and modules/inner-eap -- none of which has been modified from the standard distributed file. Thanks again, E.
Eric Swanson wrote:
My intent is to use the SSHA password -- of the ones my LDAP system must maintain, I assumed it would be the most straightforward (better than those Windows ones anyway).
<shrug> *something* is either adding a crypt'd password, or is forcing the PAP module to use the crypt'd password. Maybe the "unix" module? Alan DeKok.
On Thu, Jan 14, 2010 at 1:29 AM, Alan DeKok <aland@deployingradius.com> wrote:
<shrug> *something* is either adding a crypt'd password, or is forcing the PAP module to use the crypt'd password.
Maybe the "unix" module?
Good guess! I disabled the "unix" module from authentication and authorization, and everything looks great. As it happens, the system has picked one of the NT passwords to check, but as long as it works I'm fine. Thanks so much for your timely assistance. E. -- Eric Swanson, swanson@technologypartnerds.com Director of Marketing & Sales / Senior Technical Staff Technology Partnerds 888-NERDS-55
hi after upgrade 2.1.8 prelease to 2.1.8, i get No authenticate method (Auth-Type) configuration found for the request: Rejecting the user please help. here's my debug info radius2:/etc/freeradius# freeradius -Xxx Fri Jan 15 02:21:01 2010 : Info: FreeRADIUS Version 2.1.8, for host x86_64-pc-linux-gnu, built on Jan 15 2010 at 00:56:39 Fri Jan 15 02:21:01 2010 : Info: Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. Fri Jan 15 02:21:01 2010 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Fri Jan 15 02:21:01 2010 : Info: PARTICULAR PURPOSE. Fri Jan 15 02:21:01 2010 : Info: You may redistribute copies of FreeRADIUS under the terms of the Fri Jan 15 02:21:01 2010 : Info: GNU General Public License v2. Fri Jan 15 02:21:01 2010 : Info: Starting - reading configuration files ... Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/radiusd.conf Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/proxy.conf Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/clients.conf Fri Jan 15 02:21:01 2010 : Debug: including files in directory /etc/freeradius/modules/ Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/preprocess Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/always Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/logintime Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/smbpasswd Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/counter Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/detail Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/digest Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/smsotp Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/cui Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/realm Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/mschap Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/ippool Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/expr Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/attr_rewrite Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/linelog Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/attr_filter Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/inner-eap Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/unix Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/otp Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/sql_log Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/ntlm_auth Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/etc_group Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/perl Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/policy Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/chap Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/exec Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/echo Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/detail.example.com Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/sradutmp Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/krb5 Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/expiration Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/pam Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/checkval Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/acct_unique Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/passwd Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/mac2vlan Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/wimax Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/files Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/mac2ip Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/ldap Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/detail.log Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/radutmp Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/pap Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/eap.conf Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/sql.conf Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/sql/mysql/dialup.conf Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/policy.conf Fri Jan 15 02:21:01 2010 : Debug: including files in directory /etc/freeradius/sites-enabled/ Fri Jan 15 02:21:01 2010 : Debug: main { Fri Jan 15 02:21:01 2010 : Debug: user = "freerad" Fri Jan 15 02:21:01 2010 : Debug: group = "freerad" Fri Jan 15 02:21:01 2010 : Debug: allow_core_dumps = no Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: including dictionary file /etc/freeradius/dictionary Fri Jan 15 02:21:01 2010 : Debug: main { Fri Jan 15 02:21:01 2010 : Debug: prefix = "/usr" Fri Jan 15 02:21:01 2010 : Debug: localstatedir = "/var" Fri Jan 15 02:21:01 2010 : Debug: logdir = "/var/log/freeradius" Fri Jan 15 02:21:01 2010 : Debug: libdir = "/usr/lib/freeradius" Fri Jan 15 02:21:01 2010 : Debug: radacctdir = "/var/log/freeradius/radacct" Fri Jan 15 02:21:01 2010 : Debug: hostname_lookups = no Fri Jan 15 02:21:01 2010 : Debug: max_request_time = 30 Fri Jan 15 02:21:01 2010 : Debug: cleanup_delay = 5 Fri Jan 15 02:21:01 2010 : Debug: max_requests = 1024 Fri Jan 15 02:21:01 2010 : Debug: pidfile = "/var/run/freeradius/freeradius.pid" Fri Jan 15 02:21:01 2010 : Debug: checkrad = "/usr/sbin/checkrad" Fri Jan 15 02:21:01 2010 : Debug: debug_level = 0 Fri Jan 15 02:21:01 2010 : Debug: proxy_requests = yes Fri Jan 15 02:21:01 2010 : Debug: log { Fri Jan 15 02:21:01 2010 : Debug: stripped_names = no Fri Jan 15 02:21:01 2010 : Debug: auth = no Fri Jan 15 02:21:01 2010 : Debug: auth_badpass = yes Fri Jan 15 02:21:01 2010 : Debug: auth_goodpass = no Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: security { Fri Jan 15 02:21:01 2010 : Debug: max_attributes = 200 Fri Jan 15 02:21:01 2010 : Debug: reject_delay = 1 Fri Jan 15 02:21:01 2010 : Debug: status_server = yes Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: radiusd: #### Loading Realms and Home Servers #### Fri Jan 15 02:21:01 2010 : Debug: proxy server { Fri Jan 15 02:21:01 2010 : Debug: retry_delay = 5 Fri Jan 15 02:21:01 2010 : Debug: retry_count = 3 Fri Jan 15 02:21:01 2010 : Debug: default_fallback = no Fri Jan 15 02:21:01 2010 : Debug: dead_time = 120 Fri Jan 15 02:21:01 2010 : Debug: wake_all_if_all_dead = no Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: home_server localhost { Fri Jan 15 02:21:01 2010 : Debug: ipaddr = 127.0.0.1 Fri Jan 15 02:21:01 2010 : Debug: port = 1812 Fri Jan 15 02:21:01 2010 : Debug: type = "auth" Fri Jan 15 02:21:01 2010 : Debug: secret = "testing123" Fri Jan 15 02:21:01 2010 : Debug: response_window = 20 Fri Jan 15 02:21:01 2010 : Debug: max_outstanding = 65536 Fri Jan 15 02:21:01 2010 : Debug: require_message_authenticator = no Fri Jan 15 02:21:01 2010 : Debug: zombie_period = 40 Fri Jan 15 02:21:01 2010 : Debug: status_check = "status-server" Fri Jan 15 02:21:01 2010 : Debug: ping_interval = 30 Fri Jan 15 02:21:01 2010 : Debug: check_interval = 30 Fri Jan 15 02:21:01 2010 : Debug: num_answers_to_alive = 3 Fri Jan 15 02:21:01 2010 : Debug: num_pings_to_alive = 3 Fri Jan 15 02:21:01 2010 : Debug: revive_interval = 120 Fri Jan 15 02:21:01 2010 : Debug: status_check_timeout = 4 Fri Jan 15 02:21:01 2010 : Debug: irt = 2 Fri Jan 15 02:21:01 2010 : Debug: mrt = 16 Fri Jan 15 02:21:01 2010 : Debug: mrc = 5 Fri Jan 15 02:21:01 2010 : Debug: mrd = 30 Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: home_server_pool my_auth_failover { Fri Jan 15 02:21:01 2010 : Debug: type = fail-over Fri Jan 15 02:21:01 2010 : Debug: home_server = localhost Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: realm example.com { Fri Jan 15 02:21:01 2010 : Debug: auth_pool = my_auth_failover Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: realm LOCAL { Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: radiusd: #### Loading Clients #### Fri Jan 15 02:21:01 2010 : Debug: client localhost { Fri Jan 15 02:21:01 2010 : Debug: ipaddr = 127.0.0.1 Fri Jan 15 02:21:01 2010 : Debug: require_message_authenticator = no Fri Jan 15 02:21:01 2010 : Debug: secret = "testing123" Fri Jan 15 02:21:01 2010 : Debug: nastype = "other" Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: client 0.0.0.0/0 { Fri Jan 15 02:21:01 2010 : Debug: require_message_authenticator = no Fri Jan 15 02:21:01 2010 : Debug: secret = "secret" Fri Jan 15 02:21:01 2010 : Debug: shortname = "testing" Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: radiusd: #### Instantiating modules #### Fri Jan 15 02:21:01 2010 : Debug: instantiate { Fri Jan 15 02:21:01 2010 : Debug: (Loaded rlm_exec, checking if it's valid) Fri Jan 15 02:21:01 2010 : Debug: Module: Linked to module rlm_exec Fri Jan 15 02:21:01 2010 : Debug: Module: Instantiating exec Fri Jan 15 02:21:01 2010 : Debug: exec { Fri Jan 15 02:21:01 2010 : Debug: wait = no Fri Jan 15 02:21:01 2010 : Debug: input_pairs = "request" Fri Jan 15 02:21:01 2010 : Debug: shell_escape = yes Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: (Loaded rlm_expr, checking if it's valid) Fri Jan 15 02:21:01 2010 : Debug: Module: Linked to module rlm_expr Fri Jan 15 02:21:01 2010 : Debug: Module: Instantiating expr Fri Jan 15 02:21:01 2010 : Debug: (Loaded rlm_expiration, checking if it's valid) Fri Jan 15 02:21:01 2010 : Debug: Module: Linked to module rlm_expiration Fri Jan 15 02:21:01 2010 : Debug: Module: Instantiating expiration Fri Jan 15 02:21:01 2010 : Debug: expiration { Fri Jan 15 02:21:01 2010 : Debug: reply-message = "Password Has Expired " Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: (Loaded rlm_logintime, checking if it's valid) Fri Jan 15 02:21:01 2010 : Debug: Module: Linked to module rlm_logintime Fri Jan 15 02:21:01 2010 : Debug: Module: Instantiating logintime Fri Jan 15 02:21:01 2010 : Debug: logintime { Fri Jan 15 02:21:01 2010 : Debug: reply-message = "You are calling outside your allowed timespan " Fri Jan 15 02:21:01 2010 : Debug: minimum-timeout = 60 Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: radiusd: #### Loading Virtual Servers #### Fri Jan 15 02:21:01 2010 : Debug: server { Fri Jan 15 02:21:01 2010 : Debug: modules { Fri Jan 15 02:21:01 2010 : Debug: } # modules Fri Jan 15 02:21:01 2010 : Debug: } # server Fri Jan 15 02:21:01 2010 : Debug: radiusd: #### Opening IP addresses and Ports #### Fri Jan 15 02:21:01 2010 : Debug: listen { Fri Jan 15 02:21:01 2010 : Debug: type = "auth" Fri Jan 15 02:21:01 2010 : Debug: ipaddr = * Fri Jan 15 02:21:01 2010 : Debug: port = 0 Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: listen { Fri Jan 15 02:21:01 2010 : Debug: type = "acct" Fri Jan 15 02:21:01 2010 : Debug: ipaddr = * Fri Jan 15 02:21:01 2010 : Debug: port = 0 Fri Jan 15 02:21:01 2010 : Debug: } Fri Jan 15 02:21:01 2010 : Debug: Listening on authentication address * port 1812 Fri Jan 15 02:21:01 2010 : Debug: Listening on accounting address * port 1813 Fri Jan 15 02:21:01 2010 : Debug: Listening on proxy address * port 1814 Fri Jan 15 02:21:01 2010 : Info: Ready to process requests. rad_recv: Access-Request packet from host 119.74.144.166 port 4025, id=26, length=57 User-Name = "steve" User-Password = "testing" NAS-Identifier = "iCELL-TEST" Fri Jan 15 02:21:04 2010 : Info: WARNING: Empty section. Using default return values. Fri Jan 15 02:21:04 2010 : Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Fri Jan 15 02:21:04 2010 : Info: Failed to authenticate the user. Fri Jan 15 02:21:04 2010 : Info: Delaying reject of request 0 for 1 seconds Fri Jan 15 02:21:04 2010 : Debug: Going to the next request Fri Jan 15 02:21:04 2010 : Debug: Waking up in 0.9 seconds. Fri Jan 15 02:21:05 2010 : Info: Sending delayed reject for request 0 Sending Access-Reject of id 26 to 119.74.144.166 port 4025 Fri Jan 15 02:21:05 2010 : Debug: Waking up in 4.9 seconds.
piston wrote:
hi
after upgrade 2.1.8 prelease to 2.1.8, i get No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
You have managed to delete all of the virtual servers from raddb/sites-enabled. Alan DeKok.
i don't event know how i managed to delete all virtual server, managed to solved the problem by copy back entire freeradius folder under /etc/ upgrade from 2.1.6 > 2.1.7 > 2.1.8 prelease was very smooth without problem, basically i just executed dpkg -i command,but this time no luck. anyway thanks for your answer. KH ----- Original Message ---- From: Alan DeKok <aland@deployingradius.com> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Sent: Fri, January 15, 2010 3:10:12 PM Subject: Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user piston wrote:
hi
after upgrade 2.1.8 prelease to 2.1.8, i get No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
You have managed to delete all of the virtual servers from raddb/sites-enabled. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, Jan 15, 2010 at 08:55:24AM -0800, piston wrote:
i don't event know how i managed to delete all virtual server, managed to solved the problem by copy back entire freeradius folder under /etc/
upgrade from 2.1.6 > 2.1.7 > 2.1.8 prelease was very smooth without problem, basically i just executed dpkg -i command,but this time no luck.
If you used dpkg -i, you might not have noticed the new freeradius-common package. In the future, to install/upgrade FreeRADIUS packages on Debian(-like) systems, just use the standard official repositories with APT, so that you get the tested packages with all the necessary dependencies resolved automatically. We haven't had 2.1.6 and earlier 2.1.x versions in there, but now we do. Also if you're running the stable distribution - the Debian packages built (backported) for release 5.0/lenny are available at the standard place: http://www.backports.org/ One just has to add another line to sources.list(5) and use the target release 'lenny-backports'. -- 2. That which causes joy or happiness.
Thanks for your advice, learn a lots. ----- Original Message ---- From: Josip Rodin <joy@entuzijast.net> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Sent: Sat, January 16, 2010 3:59:19 AM Subject: Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user On Fri, Jan 15, 2010 at 08:55:24AM -0800, piston wrote:
i don't event know how i managed to delete all virtual server, managed to solved the problem by copy back entire freeradius folder under /etc/
upgrade from 2.1.6 > 2.1.7 > 2.1.8 prelease was very smooth without problem, basically i just executed dpkg -i command,but this time no luck.
If you used dpkg -i, you might not have noticed the new freeradius-common package. In the future, to install/upgrade FreeRADIUS packages on Debian(-like) systems, just use the standard official repositories with APT, so that you get the tested packages with all the necessary dependencies resolved automatically. We haven't had 2.1.6 and earlier 2.1.x versions in there, but now we do. Also if you're running the stable distribution - the Debian packages built (backported) for release 5.0/lenny are available at the standard place: http://www.backports.org/ One just has to add another line to sources.list(5) and use the target release 'lenny-backports'. -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (4)
-
Alan DeKok -
Eric Swanson -
Josip Rodin -
piston