ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
I am hoping someone can help me. We compiled 2.1.x from source and finally got it to accept our python Auth-Type as the default in the users file. DEFAULT Auth-Type := python But, after sucessfully calling our python module the user is rejected ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Below is the complete log. Any ideas of what we may be doing wrong? Thanks, Jim Tue May 17 14:15:37 2011 : Debug: Listening on proxy address * port 1814 Tue May 17 14:15:37 2011 : Info: Ready to process requests. rad_recv: Access-Request packet from host 135.207.164.41 port 49346, id=131, length=55 User-Name = "owk" User-Password = "test123" NAS-IP-Address = 135.207.164.41 NAS-Port = 1812 Tue May 17 14:15:50 2011 : Info: # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Tue May 17 14:15:50 2011 : Info: +- entering group authorize {...} Tue May 17 14:15:50 2011 : Info: ++[preprocess] returns ok *** authorize *** Tue May 17 14:15:50 2011 : Info: *** radlog call in authorize *** (('User-Name', '"owk"'), ('User-Password', '"test123"'), ('NAS-IP-Address', '135.207.164.41'), ('NAS-Port', '1812')) User-Name: "owk" User-Password: "test123" NAS-IP-Address: 135.207.164.41 NAS-Port: 1812 Authenticate User: owk Tue May 17 14:16:16 2011 : Info: ++[python] returns ok Tue May 17 14:16:16 2011 : Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Tue May 17 14:16:16 2011 : Info: Failed to authenticate the user. Tue May 17 14:16:16 2011 : Info: Using Post-Auth-Type Reject Tue May 17 14:16:16 2011 : Info: # Executing group from file /usr/local/etc/raddb/sites-enabled/default Tue May 17 14:16:16 2011 : Info: +- entering group REJECT {...} Tue May 17 14:16:16 2011 : Info: [attr_filter.access_reject] expand: %{User-Name} -> owk Tue May 17 14:16:16 2011 : Debug: attr_filter: Matched entry DEFAULT at line 11 Tue May 17 14:16:16 2011 : Info: ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 131 to 135.207.164.41 port 49346 Tue May 17 14:16:16 2011 : Info: Finished request 0. Tue May 17 14:16:16 2011 : Debug: Going to the next request Tue May 17 14:16:16 2011 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 135.207.164.41 port 49346, id=131, length=55 Tue May 17 14:16:16 2011 : Info: Sending duplicate reply to client five-10 port 49346 - ID: 131 Sending Access-Reject of id 131 to 135.207.164.41 port 49346 Tue May 17 14:16:16 2011 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 135.207.164.41 port 49346, id=131, length=55 Tue May 17 14:16:16 2011 : Info: Sending duplicate reply to client five-10 port 49346 - ID: 131 Sending Access-Reject of id 131 to 135.207.164.41 port 49346 Tue May 17 14:16:16 2011 : Debug: Waking up in 4.9 seconds. Tue May 17 14:16:21 2011 : Info: Cleaning up request 0 ID 131 with timestamp +13 Tue May 17 14:16:21 2011 : Info: Ready to process requests.
Jim Whitescarver wrote:
But, after sucessfully calling our python module the user is rejected
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Don't edit the default configuration and break it.
Below is the complete log.
Any ideas of what we may be doing wrong?
(1) Run the server in debugging mode. "-Xx" gives *too* much information (2) If you 3ant to use the "users" file, *DON'T* delete "files" from the "authorize" section. All of the work you put into "simplifying" the configuration files was wasted. If you don't understand how the server works, change as little as possible. Read "man radiusd", and see the DEBUGGING section. It gives *EXPLICIT* instructions for how to change the configuration of the server. Follow them. This is documented. Following the documentation helps. Alan DeKok.
On Tue, May 17, 2011 at 3:08 PM, Alan DeKok <aland@deployingradius.com> wrote:
Jim Whitescarver wrote:
But, after sucessfully calling our python module the user is rejected
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Don't edit the default configuration and break it.
The only thing we want is python authentication. I just commented out everything else. I will start again and try to minimize edits. I am rather clueless about the nature the minimum edits should have. It seems that every configuration file needs python in every section for it to be recognized.
Any ideas of what we may be doing wrong?
(1) Run the server in debugging mode. "-Xx" gives *too* much information
(2) If you 3ant to use the "users" file, *DON'T* delete "files" from the "authorize" section.
I don't think we want to use the "users" file. We only want to call the python module for any request.
All of the work you put into "simplifying" the configuration files was wasted. If you don't understand how the server works, change as little as possible.
We will try again. It's not clear why we would leave other stuff in if we are not using anything but the python module. Thanks for the tips. Jim.
Jim Whitescarver wrote:
The only thing we want is python authentication. I just commented out everything else. I will start again and try to minimize edits. I am rather clueless about the nature the minimum edits should have.
Add what you need. The default configuration *works*.
It seems that every configuration file needs python in every section for it to be recognized.
No. You need to list "python" everywhere you want it to be *used*.
I don't think we want to use the "users" file. We only want to call the python module for any request.
That's just rude. The first message you posted showed a "users" file entry, and wondered why it didn't work. Now you say you don't want to use it. Figure out what you want to do. The majority of the issues you're having are due to inconsistency.
It's not clear why we would leave other stuff in if we are not using anything but the python module.
Because you don't understand what it does. If you don't understand it, deleting it is wrong. "Hey, I don't understand what this widget is on my car engine. I'll just rip it off. Hmm, my car no longer works. I know... I'll blame the mechanic!" You wouldn't do that to a car mechanic. Don't do it here. Alan DeKok.
Thank's Alan, it works! We had the same issue with python auths being serialized that we had with pam, but running out of debug mode fixed the issue. Pam probably would have worked if we tried that, but it was a pam_python module anyway so it is better going directly to python. Thanks again, Jim On Wed, May 18, 2011 at 1:44 AM, Alan DeKok <aland@deployingradius.com> wrote:
Jim Whitescarver wrote:
The only thing we want is python authentication. I just commented out everything else. I will start again and try to minimize edits. I am rather clueless about the nature the minimum edits should have.
Add what you need. The default configuration *works*.
It seems that every configuration file needs python in every section for it to be recognized.
No. You need to list "python" everywhere you want it to be *used*.
I don't think we want to use the "users" file. We only want to call the python module for any request.
That's just rude.
The first message you posted showed a "users" file entry, and wondered why it didn't work. Now you say you don't want to use it.
Figure out what you want to do. The majority of the issues you're having are due to inconsistency.
It's not clear why we would leave other stuff in if we are not using anything but the python module.
Because you don't understand what it does. If you don't understand it, deleting it is wrong.
"Hey, I don't understand what this widget is on my car engine. I'll just rip it off. Hmm, my car no longer works. I know... I'll blame the mechanic!"
You wouldn't do that to a car mechanic. Don't do it here.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Alan DeKok -
Jim Whitescarver