hi guys im getting this error when radius authenticating with LDAP, is there any way to sort the issue # Executing group from file /etc/freeradius/sites-enabled/default Thu May 3 11:50:26 2012 : Info: +- entering group PAP {...} Thu May 3 11:50:26 2012 : Info: [pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute! Thu May 3 11:50:26 2012 : Info: ++[pap] returns invalid Thu May 3 11:50:26 2012 : Info: Failed to authenticate the user. Thank You Dhanushka
... did you set a default auth type? A lot of old how to docs have you do this as a test to see if FR is working ... but it is easy to forget to undo when your done. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton TX. 76513 Fone: 254-295-4658 Phax: 254-295-4221 HTTP://WWW.UMHB.EDU -----Original Message----- From: freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org] On Behalf Of dhanushka ranasinghe Sent: Thursday, May 03, 2012 10:57 AM To: FreeRadius users mailing list Subject: freeraduis LDAP error hi guys im getting this error when radius authenticating with LDAP, is there any way to sort the issue # Executing group from file /etc/freeradius/sites-enabled/default Thu May 3 11:50:26 2012 : Info: +- entering group PAP {...} Thu May 3 11:50:26 2012 : Info: [pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute! Thu May 3 11:50:26 2012 : Info: ++[pap] returns invalid Thu May 3 11:50:26 2012 : Info: Failed to authenticate the user. Thank You Dhanushka - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dhanushka ranasinghe wrote:
im getting this error when radius authenticating with LDAP, is there any way to sort the issue
Yes. Don't edit the configuration and break the server.
# Executing group from file /etc/freeradius/sites-enabled/default Thu May 3 11:50:26 2012 : Info: +- entering group PAP {...} Thu May 3 11:50:26 2012 : Info: [pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!
What part of that message is unclear? Alan DeKok.
Hi...guys,, in user file i have the following configuration as well, DEFAULT Ldap-Group == "cn=employees,ou=group,dc=ldap,dc=home,dc=com", Auth-Type := PAP Reply-Message = "You are Accepted" DEFAULT Auth-Type := Reject Thank You Dhanushka On 3 May 2012 21:40, Alan DeKok <aland@deployingradius.com> wrote:
dhanushka ranasinghe wrote:
im getting this error when radius authenticating with LDAP, is there any way to sort the issue
Yes.
Don't edit the configuration and break the server.
# Executing group from file /etc/freeradius/sites-enabled/default Thu May 3 11:50:26 2012 : Info: +- entering group PAP {...} Thu May 3 11:50:26 2012 : Info: [pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!
What part of that message is unclear?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, May 4, 2012 at 7:56 AM, dhanushka ranasinghe <parakrama1282@gmail.com> wrote:
Hi...guys,,
in user file i have the following configuration as well,
DEFAULT Ldap-Group == "cn=employees,ou=group,dc=ldap,dc=home,dc=com",
Auth-Type := PAP
If your LDAP server does NOT store passwords as clear text, that line pretty much qualifies as breaking the server. -- Fajar
Hi... for some reason i got via the error message , but radius server authenticate the users even though they entered wrong password, is there any reason for that Thank You Dhanushka On 4 May 2012 06:34, Fajar A. Nugraha <list@fajar.net> wrote:
On Fri, May 4, 2012 at 7:56 AM, dhanushka ranasinghe <parakrama1282@gmail.com> wrote:
Hi...guys,,
in user file i have the following configuration as well,
DEFAULT Ldap-Group == "cn=employees,ou=group,dc=ldap,dc=home,dc=com",
Auth-Type := PAP
If your LDAP server does NOT store passwords as clear text, that line pretty much qualifies as breaking the server.
-- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ahh yes my LDAP server stors password in SHA Thank you Dhanushka On 4 May 2012 09:40, dhanushka ranasinghe <parakrama1282@gmail.com> wrote:
Hi...
for some reason i got via the error message , but radius server authenticate the users even though they entered wrong password, is there any reason for that
Thank You Dhanushka
On 4 May 2012 06:34, Fajar A. Nugraha <list@fajar.net> wrote:
On Fri, May 4, 2012 at 7:56 AM, dhanushka ranasinghe <parakrama1282@gmail.com> wrote:
Hi...guys,,
in user file i have the following configuration as well,
DEFAULT Ldap-Group == "cn=employees,ou=group,dc=ldap,dc=home,dc=com",
Auth-Type := PAP
If your LDAP server does NOT store passwords as clear text, that line pretty much qualifies as breaking the server.
-- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi.. Seems like radius caching session thats why its got connected ...., as i mention my LDAP uses SHA as password encrypted method , is there any way to sort this issue and what configuration need to use in order to fix this Thank You Dhanushka On 4 May 2012 10:52, dhanushka ranasinghe <parakrama1282@gmail.com> wrote:
ahh yes my LDAP server stors password in SHA
Thank you Dhanushka
On 4 May 2012 09:40, dhanushka ranasinghe <parakrama1282@gmail.com> wrote:
Hi...
for some reason i got via the error message , but radius server authenticate the users even though they entered wrong password, is there any reason for that
Thank You Dhanushka
On 4 May 2012 06:34, Fajar A. Nugraha <list@fajar.net> wrote:
On Fri, May 4, 2012 at 7:56 AM, dhanushka ranasinghe <parakrama1282@gmail.com> wrote:
Hi...guys,,
in user file i have the following configuration as well,
DEFAULT Ldap-Group == "cn=employees,ou=group,dc=ldap,dc=home,dc=com",
Auth-Type := PAP
If your LDAP server does NOT store passwords as clear text, that line pretty much qualifies as breaking the server.
-- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, May 4, 2012 at 12:33 PM, dhanushka ranasinghe <parakrama1282@gmail.com> wrote:
Hi..
Seems like radius caching session thats why its got connected ...., as i mention my LDAP uses SHA as password encrypted method , is there any way to sort this issue and what configuration need to use in order to fix this
Remove the configuration lines that break the server? -- Fajar
Hi.. when i removed "Auth-Type := PAP" line radius not checking password , even when wrong password is used user get the authenticated. Thank You Dhanushka On 4 May 2012 11:31, Fajar A. Nugraha <list@fajar.net> wrote:
On Fri, May 4, 2012 at 12:33 PM, dhanushka ranasinghe <parakrama1282@gmail.com> wrote:
Hi..
Seems like radius caching session thats why its got connected ...., as i mention my LDAP uses SHA as password encrypted method , is there any way to sort this issue and what configuration need to use in order to fix this
Remove the configuration lines that break the server?
-- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, May 4, 2012 at 1:15 PM, dhanushka ranasinghe <parakrama1282@gmail.com> wrote:
Hi..
when i removed "Auth-Type := PAP" line radius not checking password , even when wrong password is used user get the authenticated.
What does the debug log say? My guess is you have Auth-Type := Accept somewhere. -- Fajar
Hi...guys... with the blow configuration .....in user file DEFAULT Ldap-Group == "cn=employees,ou=group,dc=ldap,dc=home,dc=com", Auth-Type := PAP Reply-Message = "You are Accepted" DEFAULT Auth-Type := Reject I test the radius access from command line , by entering wrong password [1] and correct password [2] .., in that case radius respond fine, Issue only occurs [3] when access via ubuntu machine (WPAsupplicant) ... eg -- 1) radtest username wrong-password 192.168.0.63 1812 testing123 Sending Access-Request of id 176 to 192.168.0.63 port 1812 User-Name = "dhanushkar@wso2.com" User-Password = "dcn05c4-128222" NAS-IP-Address = 192.168.0.60 NAS-Port = 1812 rad_recv: Access-Reject packet from host 192.168.0.63 port 1812, id=176, length=38 2) radtest username correct-password 192.168.0.63 1812 testing123 Sending Access-Request of id 167 to 192.168.0.63 port 1812 User-Name = "dhanushkar@wso2.com" User-Password = "dcn05c4-1282" NAS-IP-Address = 192.168.0.60 NAS-Port = 1812 rad_recv: Access-Accept packet from host 192.168.0.63 port 1812, id=167, length=38 3) # Executing group from file /etc/freeradius/sites-enabled/default Thu May 3 11:50:26 2012 : Info: +- entering group PAP {...} Thu May 3 11:50:26 2012 : Info: [pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute! Thu May 3 11:50:26 2012 : Info: ++[pap] returns invalid Thu May 3 11:50:26 2012 : Info: Failed to authenticate the user. Thank you Dhanushka On 4 May 2012 11:58, Fajar A. Nugraha <list@fajar.net> wrote:
On Fri, May 4, 2012 at 1:15 PM, dhanushka ranasinghe <parakrama1282@gmail.com> wrote:
Hi..
when i removed "Auth-Type := PAP" line radius not checking password , even when wrong password is used user get the authenticated.
What does the debug log say?
My guess is you have Auth-Type := Accept somewhere.
-- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dhanushka ranasinghe wrote:
with the blow configuration .....in user file
Which you were told was wrong.
I test the radius access from command line , by entering wrong password [1] and correct password [2] .., in that case radius respond fine, Issue only occurs [3] when access via ubuntu machine (WPAsupplicant) ...
Which doesn't do PAP authentication.
# Executing group from file /etc/freeradius/sites-enabled/default Thu May 3 11:50:26 2012 : Info: +- entering group PAP {...} Thu May 3 11:50:26 2012 : Info: [pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!
Which is the same message as before. The solution is the same. You have been working HARD to avoid solving this problem. The solution to the problem is simple. The debug output TELLS YOU what to do. Go do it. You have had a number of people try to help you. These people are doing MORE WORK than you are to solve the problem. Do as you were told. If you keep ignoring the instructions on this list, you will be unsubscribed and banned. The reason is simple: you're wasting everyone's time by asking questions, and ignoring the answers That's no longer acceptable. Alan DeKok.
Hi... Relay sorry if i make any trouble...Thanks lot for the every one who try to solve my issue... Thank You Dhanushka On 4 May 2012 13:22, Alan DeKok <aland@deployingradius.com> wrote:
dhanushka ranasinghe wrote:
with the blow configuration .....in user file
Which you were told was wrong.
I test the radius access from command line , by entering wrong password [1] and correct password [2] .., in that case radius respond fine, Issue only occurs [3] when access via ubuntu machine (WPAsupplicant) ...
Which doesn't do PAP authentication.
# Executing group from file /etc/freeradius/sites-enabled/default Thu May 3 11:50:26 2012 : Info: +- entering group PAP {...} Thu May 3 11:50:26 2012 : Info: [pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!
Which is the same message as before. The solution is the same.
You have been working HARD to avoid solving this problem. The solution to the problem is simple. The debug output TELLS YOU what to do.
Go do it.
You have had a number of people try to help you. These people are doing MORE WORK than you are to solve the problem. Do as you were told.
If you keep ignoring the instructions on this list, you will be unsubscribed and banned. The reason is simple: you're wasting everyone's time by asking questions, and ignoring the answers
That's no longer acceptable.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (6)
-
alan buxey -
Alan DeKok -
dhanushka ranasinghe -
Fajar A. Nugraha -
NdK -
Sallee, Stephen (Jake)