install in freebsd freeradius friends and when my clients try to connect this poster draws me, it can be: +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "cdr.cu" for User-Name = "test@cdr.cu" [suffix] No such realm "cdr.cu" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 85 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = System +- entering group authenticate {...} ++[unix] returns notfound Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> test@cdr.cu attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 158 to 192.168.25.50 port 17963 Waking up in 4.9 seconds. Cleaning up request 2 ID 158 with timestamp +158 Ready to process requests.
install in freebsd freeradius friends and when my clients try to connect this poster draws me, it can be:
You are forcing server to look for password in system file (etc/passwd). ...
[files] users: Matched entry DEFAULT at line 85 ++[files] returns ok ... Found Auth-Type = System ...
But password is not there (or anywhere else). ...
++[unix] returns notfound ... [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop +- entering group authenticate {...} ++[unix] returns notfound Failed to authenticate the user. Using Post-Auth-Type Reject ...
Where is your password suposed to be? Ivan Kalik Kalik Informatika ISP
Frank Ernesto Morales Quiroga wrote:
install in freebsd freeradius friends and when my clients try to connect this poster draws me, it can be:
+- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "cdr.cu <http://cdr.cu>" for User-Name = "test@cdr.cu <mailto:test@cdr.cu>" [suffix] No such realm "cdr.cu <http://cdr.cu>" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 85 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = System +- entering group authenticate {...} ++[unix] returns notfound Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> test@cdr.cu <mailto:test@cdr.cu> attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 158 to 192.168.25.50 port 17963 Waking up in 4.9 seconds. Cleaning up request 2 ID 158 with timestamp +158 Ready to process requests.
What is your users real username? test@cdr.cu or just test? Where did you put your users? in database? shadow file? What kind of password authentication do you use? PAP, CHAP, MSCHAP? Default freeradius setup is almost always able to work out of the box for many scenarios, but it still lacks the ability to read minds as we all do here :) As far as i can see, you removed pap from authorize section, which means that you tried to change default setup... Igor
Sorry, was away, the password is the file users 2009/7/24, Igor Smitran <sigor@blic.net>:
Igor Smitran wrote:
As far as i can see, you removed pap from authorize section, which means that you tried to change default setup...
My bad, pap does exist in authorize, but freeradius doesn't know where is the password... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sorry, was away, the password is the file users
And the entry looks like ... what? This is bit of your debug: [suffix] Looking up realm "cdr.cu" for User-Name = "test@cdr.cu" [suffix] No such realm "cdr.cu" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 85 ++[files] returns ok If the entry is for user test it didn't match because you haven't defined the realm in proxy.conf. If it is for test@cdr.cu it is probably below that DEFAULT entry which doesn't have Fall-Through in it. Ivan Kalik Kalik Informatika ISP
participants (3)
-
Frank Ernesto Morales Quiroga -
Igor Smitran -
Ivan Kalik