FreeRadius out of the box....
Tony Spencer
tony at games-master.co.uk
Thu Apr 6 07:40:00 CEST 2006
I tried that way and it's still failing.
The debug shows:
###
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.0.0.1:1645, id=91, length=97
Framed-Protocol = PPP
User-Name = "user1 at dsl.adslco.com"
User-Password = "password"
NAS-Port-Type = Virtual
NAS-Port = 267
Service-Type = Framed-User
NAS-IP-Address = 10.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
modcall[authorize]: module "preprocess" returns ok for request 13
modcall[authorize]: module "chap" returns noop for request 13
rlm_realm: Looking up realm "dsl.adslco.com" for User-Name =
"user1 at dsl.adslco.com"
rlm_realm: No such realm "dsl.adslco.com"
modcall[authorize]: module "suffix" returns noop for request 13
users: Matched DEFAULT at 168
users: Matched DEFAULT at 180
modcall[authorize]: module "files" returns ok for request 13
modcall: group authorize returns ok for request 13
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [user1 at dsl.adslco.com/password] (from client l2tp-tunnel
port 267)
Delaying request 13 for 1 seconds
Finished request 13
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 91 to 10.0.0.1:1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 13 ID 91 with timestamp 4434a5b6
Nothing to do. Sleeping until we see a request.
###
It looks like because I removed:
###
DEFAULT Auth-Type = System
Fall-Through = 1
###
It's failing because no Auth-Type is set.
Tony
-----Original Message-----
From: freeradius-users-bounces+tony=games-master.co.uk at lists.freeradius.org
[mailto:freeradius-users-bounces+tony=games-master.co.uk at lists.freeradius.or
g] On Behalf Of Phil Mayers
Sent: 05 April 2006 09:46
To: FreeRadius users mailing list
Subject: Re: FreeRadius out of the box....
Tony Spencer wrote:
> On testing I found users still couldn't authenticate by PAP or CHAP, I
> run "radiusd -X" and from what I could see its because of the Default
> setting:
>
> DEFAULT Auth-Type = System
>
> Fall-Through = 1
>
>
That is no longer in the default config in CVS. If/when it'll make it
into a release version, one of the developers would have to reply.
>
> What do I need to change to get Freeradius to accept both PAP and CHAP
> authentication?
>
Remove that entry for a start.
FR 1.0.1 isn't a version I have installed or the source knocking around
for, but at least in current versions (fixed in CVS) the handling of PAP
and Auth-Type is a little inconsistent - there's no authorize handler
for PAP.
You want something like:
modules {
pap {
encryption_scheme = clear
}
chap {
authtype = CHAP
}
# .. rest of modules
}
authorize {
preprocess
chap
files
}
authenticate {
Auth-Type CHAP {
chap
}
Auth-Type PAP {
pap
}
}
...and in "users":
username User-Password := "string", Auth-Type = PAP
...since the Auth-Type is set using "=" if Auth-Type is ALREADY CHAP
from the chap module, it won't be changed. If it isn't set, it'll be set
to PAP and executed appropriately.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Freeradius-Users
mailing list