auth: Failed to validate the user - NEED SOME HELP !
Hello, My name is Shimon from the Open Univ. of Israel. I installed freeradius and I want the Users to authenticate with /etc/raddb/users file NOT /etc/passwd file. Below is a printout of /usr/sbin/radius –X –y ---------------------- rad_recv: Access-Request packet from host 127.0.0.1:54057, id=172, length=59 User-Name = "monitor" User-Password = "XXXXXXXX" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "monitor", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry monitor at line 216 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 172 to 127.0.0.1 port 54057 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 172 with timestamp 49a4e630 Nothing to do. Sleeping until we see a request. ----------------------------------------------------- Can someone help me with defining radius NOT to authenticate with /etc/passwd But with /etc/raddb/users file. Tnx, ------- בברכה, שמעון ויינרייך האוניברסיטה הפתוחה
Hi Shimon, In the /usr/local/etc/raddb/sites-enabled/default file, comment out the unix module. # # Pull crypt'd passwords from /etc/passwd or /etc/shadow, # using the system API's to get the password. If you want # to read /etc/passwd or /etc/shadow directly, see the # passwd module in radiusd.conf. # # unix <--------- Comment out this line Tim From: freeradius-users-bounces+tim.sylvester=networkradius.com@lists.freeradius.or g [mailto:freeradius-users-bounces+tim.sylvester=networkradius.com@lists.freer adius.org] On Behalf Of Shimon Weinreich Sent: Tuesday, February 24, 2009 10:36 PM To: freeradius-users@lists.freeradius.org Subject: auth: Failed to validate the user - NEED SOME HELP ! Hello, My name is Shimon from the Open Univ. of Israel. I installed freeradius and I want the Users to authenticate with /etc/raddb/users file NOT /etc/passwd file. Below is a printout of /usr/sbin/radius –X –y ---------------------- rad_recv: Access-Request packet from host 127.0.0.1:54057, id=172, length=59 User-Name = "monitor" User-Password = "XXXXXXXX" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "monitor", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry monitor at line 216 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 172 to 127.0.0.1 port 54057 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 172 with timestamp 49a4e630 Nothing to do. Sleeping until we see a request. ----------------------------------------------------- Can someone help me with defining radius NOT to authenticate with /etc/passwd But with /etc/raddb/users file. Tnx, ------- בברכה, שמעון ויינרייך האוניברסיטה הפתוחה
rad_recv: Access-Request packet from host 127.0.0.1:54057, id=172, length=59
User-Name = "monitor"
User-Password = "XXXXXXXX"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "monitor", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 152
users: Matched entry monitor at line 216
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
You are using an ancient version of the server. Upgrade. If you insist on using outdated, buggy and unsecure version then comment out the DEFAULT entry setting Auth-Type System in users file. Ivan Kalik Kalik informatika ISP
participants (3)
-
Shimon Weinreich -
Tim Sylvester -
tnt@kalik.net