Hy! I am using JRadius together with the FreeRadius. I put the jradius module inside the authorize and post-authenticate sections. Authorize section (implemented inside JRadsius server) sets the Auth-Type on Accept. As you can see, the next is received from the rlm_jradius module of FreeRadius when auth-type is set on Accept by JRadius server. The code of auth-type attribute is 1000 and as you can see there is such attribute in the Radius request. rlm_jradius: reading packet: code=1 len=203 rlm_jradius: reading attribute: type=1; len=6 rlm_jradius: reading attribute: type=2; len=11 rlm_jradius: reading attribute: type=61; len=4 rlm_jradius: reading attribute: type=5; len=4 rlm_jradius: reading attribute: type=4; len=4 rlm_jradius: reading attribute: type=232; len=4 rlm_jradius: reading attribute: type=31; len=10 rlm_jradius: reading attribute: type=6; len=4 rlm_jradius: reading attribute: type=80; len=16 rlm_jradius: reading attribute: type=1052; len=4 rlm_jradius: reading attribute: type=1000; len=4 Why FreeRadius is saying: auth: No authenticate method (Auth-Type) configuration found for the request: Re jecting the user I saw that auth-type is defined inside dictionyry.freeradius.internal file and that file is incuded inside the dictionary main file. What else must be done in order for FreeRadius to recognize auth-type when it is set inside the Radius request. Sincerelly, Žagar Jelena
What else must be done in order for FreeRadius to recognize auth-type when it is set inside the Radius request.
Don't add it to the request. It's a configuration item. See JRadius documentation how to add attributes to the appropriate list (request, reply, configuration). Ivan Kalik Kalik Informatika ISP
I found on their site how it must be done, but as you can see it does not work what I had in mind. What I must do in order to allow every radius request to be accepted in the authenticate module. I put the next line: Auth-Type := Accept Inside the users.conf file, but it does not do anything. The real work that I dois put inside the post-auth module. Why I want that. Because if I leave as it is now, the authenicate module is returning access reject and if the post-auth method Returns later access accept, the radius code will not be changed and the client who initiated the radius request will get access reject no matter of the work of the post-auth module. What is the solution for my problem? Sincerelly, Žagar Jelena -----Original Message----- From: freeradius-users-bounces+jelena.zagar=logos.hr@lists.freeradius.org [mailto:freeradius-users-bounces+jelena.zagar=logos.hr@lists.freeradius.org] On Behalf Of tnt@kalik.net Sent: Monday, September 29, 2008 1:08 PM To: FreeRadius users mailing list Subject: Re: Auth-Type question!
What else must be done in order for FreeRadius to recognize auth-type when it is set inside the Radius request.
Don't add it to the request. It's a configuration item. See JRadius documentation how to add attributes to the appropriate list (request, reply, configuration). Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I put the next line: Auth-Type := Accept Inside the users.conf file, but it does not do anything.
DEFAULT Auth-Type := Accept As JRadius documentation suggests *don't* use it to authenticate (set Auth-Type). Pass the password to Freeradius and let it do the work. Ivan Kalik Kalik Informatika ISP
The point is that I do not want to FreeRadius do that but jRadius because I am familiar with Java programming. The Jradius code must access one web service and one of its method to see whether the combination of username and one-time-password is correct one. If the combination is valid and if all other things are satisfied, then the jradius returns access accept and the freeradius routes that access accept to client who initially requested the radius communication. Sincerelly, Žagar Jelena -----Original Message----- From: freeradius-users-bounces+jelena.zagar=logos.hr@lists.freeradius.org [mailto:freeradius-users-bounces+jelena.zagar=logos.hr@lists.freeradius.org] On Behalf Of tnt@kalik.net Sent: Monday, September 29, 2008 1:40 PM To: FreeRadius users mailing list Subject: RE: Auth-Type question!
I put the next line: Auth-Type := Accept Inside the users.conf file, but it does not do anything.
DEFAULT Auth-Type := Accept As JRadius documentation suggests *don't* use it to authenticate (set Auth-Type). Pass the password to Freeradius and let it do the work. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You had the answer what to do in freeradius to set up jradius Auth-Type and how to force it. Ask on JRadius list how do you use it for authentication. Ivan Kalik Kalik Informatika ISP Dana 29/9/2008, "Jelena Žagar" <jelena.zagar@logos.hr> piše:
The point is that I do not want to FreeRadius do that but jRadius because I am familiar with Java programming. The Jradius code must access one web service and one of its method to see whether the combination of username and one-time-password is correct one. If the combination is valid and if all other things are satisfied, then the jradius returns access accept and the freeradius routes that access accept to client who initially requested the radius communication.
Sincerelly, Žagar Jelena
-----Original Message----- From: freeradius-users-bounces+jelena.zagar=logos.hr@lists.freeradius.org [mailto:freeradius-users-bounces+jelena.zagar=logos.hr@lists.freeradius..org] On Behalf Of tnt@kalik.net Sent: Monday, September 29, 2008 1:40 PM To: FreeRadius users mailing list Subject: RE: Auth-Type question!
I put the next line: Auth-Type := Accept Inside the users.conf file, but it does not do anything.
DEFAULT Auth-Type := Accept
As JRadius documentation suggests *don't* use it to authenticate (set Auth-Type). Pass the password to Freeradius and let it do the work.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Jelena Žagar -
tnt@kalik.net