[Auth Problem] FreeRADIUS with GnuGK and ATA
ByoungJu Jeon
happian at hotmail.com
Thu Jan 12 13:50:54 CET 2006
>"ByoungJu Jeon" <[EMAIL PROTECTED]> wrote:
>>When authorization, RADIUS set Auth-Type as CHAP. (In the log, you can see
>>"rlm_chap: Setting 'Auth-Type := CHAP'".) But when authentication, RADIUS
>>set Auth-Type as Reject. (In the log, you can see "rad_check_password:
>>Found Auth-Type Reject".) I don't know why Auth-Type is changed.
>
>
> Your local configuration changed it. The default configuration of
>the server does not set Auth-Type to Reject.
>
> Alan DeKok.
I am very sure that my configuration is wrong.
The reason why I send a mail to mailing list is I can't find out what's
wrong.
Which part of my local configuration change 'Auth-Type'?
Could you point out how to change to fix this problem?
Configuration is as below.
============== radiusd.conf ===================
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = yes
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 0
status_server = no
}
proxy_requests = no
$INCLUDE ${confdir}/clients.conf
snmp = no
thread pool {
start_servers = 2
max_servers = 5
min_spare_servers = 1
max_spare_servers = 2
max_requests_per_server = 0
}
modules {
chap {
authtype = CHAP
}
preprocess {
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = yes
}
detail {
detailfile =
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
detail auth_log {
detailfile =
${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
detailperm = 0600
}
detail reply_log {
detailfile =
${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
}
$INCLUDE ${confdir}/postgresql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
expr {
}
digest {
}
exec {
wait = yes
input_pairs = request
}
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
}
ippool main_pool {
range-start = 192.168.1.1
range-stop = 192.168.3.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
}
}
instantiate {
expr
}
authorize {
preprocess
auth_log
chap
sql
}
authenticate {
Auth-Type CHAP {
chap
}
}
preacct {
}
accounting {
acct_unique
sql
}
session {
}
post-auth {
reply_log
}
pre-proxy {
}
post-proxy {
}
======================================================
More information about the Freeradius-Users
mailing list