Authenticate by users file for RADIUS service operation check
Hello folks, I am using FreeRADIUS 3.0.4 on CentOS 7.2. In order to check the service operation of RADIUS, we are trying to authenticate with the users file, but proxy request is made. The setting is as follows. - /etc/raddb/proxy.conf realm "~^subdomain\.domain\.com$" { authhost = LOCAL accthost = LOCAL } home_server server1 { .... } home_server server2 { .... } home_server_pool server { type = fail-over home_server = server1 home_server = server2 } realm DEFAULT { pool = server nostrip } - /etc/raddb/users test@test.com Auth-Type := PAP , Cleartext-Password := "test" or test@test.com Auth-Type := Local , Cleartext-Password := "test" or test@test.com Cleartext-Password := "test" ... ----- When radtest command is executed with radiusd -X, the following result is obtained. # radtest test@test.com test localhost 0 testing123 Sending Access-Request Id 3 from 0.0.0.0:48661 to 127.0.0.1:1812 User-Name = 'test@test.com' User-Password = 'test' NAS-IP-Address = X.X.X.X NAS-Port = 0 Message-Authenticator = 0x00 Received Access-Reject Id 3 from 127.0.0.1:1812 to 127.0.0.1:48661 length 36 Reply-Message = 'Request Denied' (0) -: Expected Access-Accept got Access-Reject The following log is output to the console. (snip) (0) [auth_log] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix : Checking for suffix after "@" (0) suffix : Looking up realm "test.com" for User-Name = "test@test.com" (0) suffix : Found realm "DEFAULT" (0) suffix : Adding Realm = "DEFAULT" (0) suffix : Proxying request from user test@test.com to realm DEFAULT (0) suffix : Preparing to proxy authentication request to realm "DEFAULT" (0) [suffix] = updated (0) eap : No EAP-Message, not doing EAP (0) [eap] = noop (0) files : users: Matched entry test@test.com at line 1 (0) [files] = ok (0) [expiration] = noop (0) [logintime] = noop (0) [pap] = noop (0) } # authorize = updated Opening new proxy socket 'proxy address * port 0' Listening on proxy address * port 59404 (0) Proxying request to home server X.X.X.X port 1812 timeout 30.000000 (0) Sending Access-Request packet to host X.X.X.X port 1812, id=85, length=0 (snip) ----- My question is how to authenticate users file without proxying ? Best regards!
participants (1)
-
Seiichirou Hiraoka