Hello, with the help of Alan I eliminated two errors but I always have the error mentioned in the subject. I persent the full log wher I begin the lines I don't understand by a star at the bottom of my mail. My question is : wher do I make a configuration error ? Thanks you for your help Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 256 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded Counter counter: filename = "/etc/raddb/db.daily" counter: key = "User-Name" counter: reset = "daily" counter: count-attribute = "Acct-Session-Time" counter: counter-name = "Daily-Session-Time" counter: check-name = "Max-Daily-Session" counter: allowed-servicetype = "Framed-User" counter: cache-size = 5000 rlm_counter: Counter attribute Daily-Session-Time is number 3001 rlm_counter: Current Time: 1210772270 [2008-05-14 15:37:50], Next reset 1210802400 [2008-05-15 00:00:00] Module: Instantiated counter (daily) Module: Loaded LDAP ldap: server = "ldap1.XXX.fr" ldap: port = 389 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = "cn=ldapread,ou=special,dc=XXX,dc=fr" ldap: tls_mode = no ldap: start_tls = no ldap: tls_cacertfile = "(null)" ldap: tls_cacertdir = "(null)" ldap: tls_certfile = "(null)" ldap: tls_keyfile = "(null)" ldap: tls_randfile = "(null)" ldap: tls_require_cert = "allow" ldap: password = "our_password" ldap: basedn = "dc=XXX,dc=fr" ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" ldap: base_filter = "(objectclass=radiusprofile)" ldap: default_profile = "(null)" ldap: profile_attribute = "(null)" ldap: password_header = "(null)" ldap: password_attribute = "userPassword" ldap: access_attr = "(null)" ldap: groupname_attribute = "cn" ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" ldap: groupmembership_attribute = "(null)" ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap" ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes ldap: set_auth_type = yes rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap1-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap1-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap1 rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP carLicense mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT conns: 0xbae7a380 Module: Instantiated ldap (ldap1) ldap: server = "ldap2.XXX.fr" ldap: port = 389 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = "cn=ldapread,ou=special,dc=XXX,dc=fr" ldap: tls_mode = no ldap: start_tls = no ldap: tls_cacertfile = "(null)" ldap: tls_cacertdir = "(null)" ldap: tls_certfile = "(null)" ldap: tls_keyfile = "(null)" ldap: tls_randfile = "(null)" ldap: tls_require_cert = "allow" ldap: password = "our_password" ldap: basedn = "dc=XXX,dc=fr" ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" ldap: base_filter = "(objectclass=radiusprofile)" ldap: default_profile = "(null)" ldap: profile_attribute = "(null)" ldap: password_header = "(null)" ldap: password_attribute = "userPassword" ldap: access_attr = "(null)" ldap: groupname_attribute = "cn" ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" ldap: groupmembership_attribute = "(null)" ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap" ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes ldap: set_auth_type = yes rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap2-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap2-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap2 rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP carLicense mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT conns: 0xbae7aad0 Module: Instantiated ldap (ldap2) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (auth_log) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 11.12.13.14:1896, id=3, length=47 User-Name = "xxxxxx" User-Password = "yyyyyy" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/var/log/radius/radacct/141.115.16.72/auth-detail-20080514' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/141.115.16.72/auth-detail-20080514 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair modcall[authorize]: module "daily" returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0 * auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user * auth: Failed to validate the user. * Login incorrect: [xxxxxx/yyyyyy] (from client zzzzz port 0) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 3 to 141.115.16.72 port 1896 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 3 with timestamp 482aeb39 Nothing to do. Sleeping until we see a request. -- Jean Frontin<BR> System team<BR> I R I T <BR> Université Paul-Sabatier<BR> 118, rte de Narbonne<BR> 31062 Toulouse cedex 9<BR> France<BR> tel (33)(0)5 61 55 63 03<BR> mail frontin@irit.fr<BR>
Jean Frontin wrote:
with the help of Alan I eliminated two errors but I always have the error mentioned in the subject. I persent the full log wher I begin the lines I don't understand by a star at the bottom of my mail. My question is : wher do I make a configuration error ?
You deleted large amounts of the default configuration.
rad_recv: Access-Request packet from host 11.12.13.14:1896, id=3, length=47 User-Name = "xxxxxx" User-Password = "yyyyyy" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/var/log/radius/radacct/141.115.16.72/auth-detail-20080514' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/141.115.16.72/auth-detail-20080514 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair modcall[authorize]: module "daily" returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0 * auth: No authenticate method (Auth-Type) configuration found for the
Where is the password supposed to come from? How does the server know how to authenticate the user? Perhaps you mean to list "ldap" in the "authorize" section? Alan DeKok.
participants (2)
-
Alan DeKok -
Jean Frontin