Newbie-quiz: Can't get authentication to work.
Giobbi Piero
piero at news.fb.se
Mon May 28 13:24:11 CEST 2007
Hello all.
Just started out with Freeradius and got it installed and working
(Debian Etch, FR 1.1.4).
Im hooked up our firewall to authenticate to FR-server and the "link"
works, so i guess the basics are ok. Now i have added a user in the
system and in the Users-file:
test-system Auth-Type := System, User-Password == "test-system"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 10.0.5.7,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Fall-Through = yes,
Framed-Compression = Van-Jacobsen-TCP-IP
When i connect to my FR-server i get this:
rad_recv: Access-Request packet from host 10.0.5.1:56509, id=132,
length=182
NAS-Identifier = "halon"
NAS-IP-Address = 10.0.5.1
Message-Authenticator = 0x3f0dd3b6a7a3fd31e874e22721f5073d
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "10.0.8.184"
User-Name = "test-system"
MS-CHAP-Challenge = 0xbb1e68a886add6f65e6e9af66c709bfd
MS-CHAP2-Response =
0x01000a3194599cecfe61460a4942c9671fe70000000000000000a5f8bab30f7bdf4664
07edd2d7be2e97969a1a918def8d2c
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 0
rlm_realm: No '@' in User-Name = "test-system", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry test-system at line 101
users: Matched entry DEFAULT at line 185
users: Matched entry DEFAULT at line 204
users: Matched entry DEFAULT at line 216
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_unix: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "unix" returns invalid for request 0
modcall: leaving group authenticate (returns invalid) for request 0
auth: Failed to validate the user.
Login incorrect: [test-system/<no User-Password attribute>] (from
client halon port 0 cli 10.0.8.184)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 132 to 10.0.5.1 port 56509
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 132 with timestamp 465ab8d7
So, my firewall talks MS_CHAP, i haven't touched the radiusd.conf and
its in there under authenticate {..
Now im stuck, i really don't know where else to look for, tried
google but everything pointed to this wonderful list! I tried to
change auth-type = Local but same problem. Maybe the problem lies here:
rlm_realm: No '@' in User-Name = "test-system", looking up realm
NULL
rlm_realm: No such realm "NULL"
But i can't tell. Any thoughts, solutions, pointers to right
directions are greatly appreciated!
Many thanks.
p
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070528/d3158d48/attachment.html>
More information about the Freeradius-Users
mailing list