I use Freeradius and Mikrotik. Freeradius 2.1.10+dfsg-3ubuntu0.12.04.2 I want to use DHCP Server of Mikrotik with rlm_sqlippool. DHCP Server on Mikrotik do not send password. I want to use "auth-type := Accept" withou password I receve this on log: Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user How can i do that? Thankyou. -- - Osvaldo T Crispim Filho -
I have this on radcheck: 5794 00:14:AA:49:06:00 Calling-Station-Id =~ 00:14:AA:49:06:00 4089 00:14:AA:49:06:00 MD5-Password := 54a56092489fa15032cf0a709032c184 I have the ERROR with this: 9665 00:14:AA:49:06:00 Auth-Type := Accept 2015-04-27 13:16 GMT-03:00 Osvaldo T Crispim Filho <osvaldotcf@gmail.com>:
I use Freeradius and Mikrotik.
Freeradius 2.1.10+dfsg-3ubuntu0.12.04.2
I want to use DHCP Server of Mikrotik with rlm_sqlippool. DHCP Server on Mikrotik do not send password. I want to use "auth-type := Accept" withou password
I receve this on log: Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
How can i do that?
Thankyou.
-- - Osvaldo T Crispim Filho -
-- - Osvaldo T Crispim Filho -
On Apr 27, 2015, at 12:16 PM, Osvaldo T Crispim Filho <osvaldotcf@gmail.com> wrote:
I want to use DHCP Server of Mikrotik with rlm_sqlippool. DHCP Server on Mikrotik do not send password. I want to use "auth-type := Accept" withou password
That should work.
I receve this on log: Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
How can i do that?
Set Auth-Type := Accept for the user. What does the debug log show? Alan DeKok.
On radcheck id username attribute op value 9664 DC:FF:BB:66:BE:9E MD5-Password := 54a56092489fa15032cf0a709032c184 9665 DC:FF:BB:66:BE:9E Auth-Type := Accept 5876 DC:FF:BB:66:BE:9E Calling-Station-Id =~ DC:FF:BB:66:BE:9E Freeradius Log rad_recv: Access-Request packet from host 192.168.254.2 port 58450, id=134, length=116 NAS-Port-Type = Ethernet NAS-Port = 2202226454 Calling-Station-Id = "1:dc:ff:bb:66:be:9e" Called-Station-Id = "serverT1" User-Name = "DC:FF:BB:66:BE:9E" User-Password = "" NAS-Identifier = "rb-ssa01" NAS-IP-Address = 192.168.254.2 Sun Apr 26 22:50:42 2015 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/default Sun Apr 26 22:50:42 2015 : Info: +- entering group authorize {...} Sun Apr 26 22:50:42 2015 : Info: ++[preprocess] returns ok Sun Apr 26 22:50:42 2015 : Info: ++[chap] returns noop Sun Apr 26 22:50:42 2015 : Info: ++[mschap] returns noop Sun Apr 26 22:50:42 2015 : Info: ++[digest] returns noop Sun Apr 26 22:50:42 2015 : Info: [suffix] No '@' in User-Name = "DC:FF:BB:66:BE:9E", looking up realm NULL Sun Apr 26 22:50:42 2015 : Info: [suffix] No such realm "NULL" Sun Apr 26 22:50:42 2015 : Info: ++[suffix] returns noop Sun Apr 26 22:50:42 2015 : Info: [eap] No EAP-Message, not doing EAP Sun Apr 26 22:50:42 2015 : Info: ++[eap] returns noop Sun Apr 26 22:50:42 2015 : Info: ++[files] returns noop Sun Apr 26 22:50:42 2015 : Info: [sql] expand: %{User-Name} -> DC:FF:BB:66:BE:9E Sun Apr 26 22:50:42 2015 : Info: [sql] sql_set_user escaped user --> 'DC:FF:BB:66:BE:9E' Sun Apr 26 22:50:42 2015 : Debug: rlm_sql (sql): Reserving sql socket id: 4 Sun Apr 26 22:50:42 2015 : Info: [sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute$ Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: Status: PGRES_TUPLES_OK Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: query affected rows = 3 , fields = 5 Sun Apr 26 22:50:42 2015 : Info: [sql] expand: %{Calling-Station-Id} -> 1:dc:FF:BB:66:be:9e Sun Apr 26 22:50:42 2015 : Info: [sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='DC$ Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: Status: PGRES_TUPLES_OK Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: query affected rows = 2 , fields = 1 Sun Apr 26 22:50:42 2015 : Info: [sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attri$ Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: Status: PGRES_TUPLES_OK Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: query affected rows = 1 , fields = 5 Sun Apr 26 22:50:42 2015 : Info: [sql] User found in group hs_ssa1 Sun Apr 26 22:50:42 2015 : Info: [sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attri$ Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: Status: PGRES_TUPLES_OK Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: query affected rows = 1 , fields = 5 Sun Apr 26 22:50:42 2015 : Info: [sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attri$ Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: Status: PGRES_TUPLES_OK Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: query affected rows = 0 , fields = 5 Sun Apr 26 22:50:42 2015 : Info: [sql] User found in group Conectado2 Sun Apr 26 22:50:42 2015 : Info: [sql] expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attri$ Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: Status: PGRES_TUPLES_OK Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: query affected rows = 1 , fields = 5 Sun Apr 26 22:50:42 2015 : Debug: rlm_sql (sql): Released sql socket id: 4 Sun Apr 26 22:50:42 2015 : Info: ++[sql] returns ok Sun Apr 26 22:50:42 2015 : Info: ++[expiration] returns noop Sun Apr 26 22:50:42 2015 : Info: ++[logintime] returns noop Sun Apr 26 22:50:42 2015 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. Sun Apr 26 22:50:42 2015 : Info: ++[pap] returns noop *Sun Apr 26 22:50:42 2015 : Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user* Sun Apr 26 22:50:42 2015 : Info: Failed to authenticate the user. Sun Apr 26 22:50:42 2015 :* Info: Using Post-Auth-Type Reject* Sun Apr 26 22:50:42 2015 : Info: # Executing group from file /etc/freeradius/sites-enabled/default Sun Apr 26 22:50:42 2015 : Info: +- entering group REJECT {...} Sun Apr 26 22:50:42 2015 : Info: [sql] expand: %{User-Name} -> DC:FF:BB:66:BE:9E Sun Apr 26 22:50:42 2015 : Info: [sql] sql_set_user escaped user --> 'DC:FF:BB:66:BE:9E' Sun Apr 26 22:50:42 2015 : Info: [sql] expand: %{User-Password} -> Sun Apr 26 22:50:42 2015 : Info: [sql] ... expanding second conditional Sun Apr 26 22:50:42 2015 : Info: [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-Chap-Password}', '%{reply:Packet-Type}$ Sun Apr 26 22:50:42 2015 : Debug: rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) *VALUES ('DC:FF:BB:66:BE:9E', 'Chap-Password', 'Access-Rej$* << Why Chap-Password here? >> Sun Apr 26 22:50:42 2015 : Debug: rlm_sql (sql): Reserving sql socket id: 3 Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: Status: PGRES_COMMAND_OK Sun Apr 26 22:50:42 2015 : Debug: rlm_sql_postgresql: query affected rows = 1 Sun Apr 26 22:50:42 2015 : Debug: rlm_sql (sql): Released sql socket id: 3 Sun Apr 26 22:50:42 2015 : Info: ++[sql] returns ok Sun Apr 26 22:50:42 2015 : Info: [attr_filter.access_reject] expand: %{User-Name} -> DC:FF:BB:66:BE:9E Sun Apr 26 22:50:42 2015 : Debug: attr_filter: Matched entry DEFAULT at line 11 Sun Apr 26 22:50:42 2015 : Info: ++[attr_filter.access_reject] returns updated Sun Apr 26 22:50:42 2015 : Info: Delaying reject of request 2 for 1 seconds Sun Apr 26 22:50:42 2015 : Debug: Going to the next request 2015-04-27 13:35 GMT-03:00 Alan DeKok <aland@deployingradius.com>:
On Apr 27, 2015, at 12:16 PM, Osvaldo T Crispim Filho < osvaldotcf@gmail.com> wrote:
I want to use DHCP Server of Mikrotik with rlm_sqlippool. DHCP Server on Mikrotik do not send password. I want to use "auth-type := Accept" withou password
That should work.
I receve this on log: Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
How can i do that?
Set Auth-Type := Accept for the user.
What does the debug log show?
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- - Osvaldo T Crispim Filho -
On Apr 27, 2015, at 1:25 PM, Osvaldo T Crispim Filho <osvaldotcf@gmail.com> wrote:
On radcheck
id username attribute op value
9664 DC:FF:BB:66:BE:9E MD5-Password := 54a56092489fa15032cf0a709032c184 9665 DC:FF:BB:66:BE:9E Auth-Type := Accept 5876 DC:FF:BB:66:BE:9E Calling-Station-Id =~ DC:FF:BB:66:BE:9E
I'm not sure what you're doing there. Setting an MD5-Password *and* Auth-Type := Accept seems wrong. In addition, why do a regex comparison on Calling-Station-Id? The RHS of that field isn't a regular expression. It's just a MAC address. And it doesn't match the Calling-Station-Id from the packet. Because the Calling-Station-Id in the packet is lowercase, and has a "1:" before it. My suggestion is to delete the MD5-Password and Calling-Station-Id rows from radcheck. Unless you can explain why they're necessary. Alan DeKok.
Thank you . The problem is the "Calling-Station-Id" attribute; i use this attribute with Mikrotik Hotspot to prevent the use of the username in wrong radio. MD5-Password does not cause problem. All right now , grateful! 2015-04-27 14:34 GMT-03:00 Alan DeKok <aland@deployingradius.com>:
On Apr 27, 2015, at 1:25 PM, Osvaldo T Crispim Filho <osvaldotcf@gmail.com> wrote:
On radcheck
id username attribute op value
9664 DC:FF:BB:66:BE:9E MD5-Password := 54a56092489fa15032cf0a709032c184 9665 DC:FF:BB:66:BE:9E Auth-Type := Accept 5876 DC:FF:BB:66:BE:9E Calling-Station-Id =~ DC:FF:BB:66:BE:9E
I'm not sure what you're doing there. Setting an MD5-Password *and* Auth-Type := Accept seems wrong.
In addition, why do a regex comparison on Calling-Station-Id? The RHS of that field isn't a regular expression. It's just a MAC address. And it doesn't match the Calling-Station-Id from the packet. Because the Calling-Station-Id in the packet is lowercase, and has a "1:" before it.
My suggestion is to delete the MD5-Password and Calling-Station-Id rows from radcheck. Unless you can explain why they're necessary.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- - Osvaldo T Crispim Filho -
participants (2)
-
Alan DeKok -
Osvaldo T Crispim Filho