Attribute "User-Password" is required for authentication

tnt at kalik.co.yu tnt at kalik.co.yu
Mon Jun 18 22:59:07 CEST 2007


You are forcing Auth-Type PAM and doing EAP. Where is Auth-Type coming
from? One of the DEFAULT entries? Don't set Auth-Type! Let the server
swich to one that's needed.

Ivan Kalik
Kalik Informatika ISP


Dana 18/6/2007, "Cody Jarrett" <cody.jarrett at itfreedom.com> piše:

>Sorry, 10.1.22.10 is the ip of my 3com.
>
>rad_recv: Access-Request packet from host 10.1.22.10:2458, id=0, length=185
>         Message-Authenticator = 0xb0ba1aec817dfd6ab3fc3b0e49fb1125
>         Service-Type = Framed-User
>         User-Name = "cjarrett"
>         Framed-MTU = 1488
>         Called-Station-Id = "00-0F-CB-FC-3E-5F:CJ Test"
>         Calling-Station-Id = "00-0E-35-FF-2A-82"
>         NAS-Identifier = "AP11G"
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 54Mbps 802.11g"
>         EAP-Message = 0x0200000d01636a617272657474
>         NAS-IP-Address = 10.1.22.10
>         NAS-Port = 2
>         NAS-Port-Id = "STA port # 2"
>   Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   modcall[authorize]: module "mschap" returns noop for request 0
>     rlm_realm: No '@' in User-Name = "cjarrett", looking up realm NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 0
>   rlm_eap: EAP packet type response id 0 length 13
>   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>   modcall[authorize]: module "eap" returns updated for request 0
>     users: Matched entry DEFAULT at line 153
>     users: Matched entry DEFAULT at line 177
>   modcall[authorize]: module "files" returns ok for request 0
>modcall: leaving group authorize (returns updated) for request 0
>   rad_check_password:  Found Auth-Type pam
>auth: type "PAM"
>   Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
>rlm_pam: Attribute "User-Password" is required for authentication.
>   modcall[authenticate]: module "pam" returns invalid for request 0
>modcall: leaving group authenticate (returns invalid) for request 0
>auth: Failed to validate the user.
>Delaying request 0 for 1 seconds
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Sending Access-Reject of id 0 to 10.1.22.10 port 2458
>Waking up in 4 seconds...
>
>
>
>Kevin Bonner wrote:
>> On Monday 18 June 2007 16:31:37 Cody Jarrett wrote:
>>> I found a few topics on this issue but nothing quite informative enough.
>>> I'm trying to get freeradius auth working with pam and peap. When I test
>>> my config with radtest, I get Access-accept. When I use a windows XP
>>> supplicant with a 3com access point, I get:
>>>
>>> rlm_pam: Attribute "User-Password" is required for authentication.
>>> modcall[authenticate]: module "pam" returns invalid for request 4
>>> modcall: leaving group authenticate (returns invalid) for request 4
>>> auth: Failed to validate the user.
>>>
>>> Is the 3com not sending User-Password attributes in the packets, or is
>>> something else wrong?
>>
>> Run FreeRADIUS in debug mode (radiusd -X) to verify.  We cannot guess what
>> your NAS/client is sending.
>>
>> -Kevin
>>
>>
>> ------------------------------------------------------------------------
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list