Newbie-quiz: Can't get authentication to work.

Giobbi Piero piero at news.fb.se
Mon May 28 13:24:11 CEST 2007


Hello all.

Just started out with Freeradius and got it installed and working  
(Debian Etch, FR 1.1.4).

Im hooked up our firewall to authenticate to FR-server and the "link"  
works, so i guess the basics are ok. Now i have added a user in the  
system and in the Users-file:

test-system   Auth-Type := System, User-Password == "test-system"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 10.0.5.7,
        Framed-IP-Netmask = 255.255.255.0,
        Framed-Routing = Broadcast-Listen,
        Framed-Filter-Id = "std.ppp",
        Framed-MTU = 1500,
        Fall-Through = yes,
        Framed-Compression = Van-Jacobsen-TCP-IP

When i connect to my FR-server i get this:
rad_recv: Access-Request packet from host 10.0.5.1:56509, id=132,  
length=182
         NAS-Identifier = "halon"
         NAS-IP-Address = 10.0.5.1
         Message-Authenticator = 0x3f0dd3b6a7a3fd31e874e22721f5073d
         NAS-Port = 0
         NAS-Port-Type = Virtual
         Service-Type = Framed-User
         Framed-Protocol = PPP
         Calling-Station-Id = "10.0.8.184"
         User-Name = "test-system"
         MS-CHAP-Challenge = 0xbb1e68a886add6f65e6e9af66c709bfd
         MS-CHAP2-Response =  
0x01000a3194599cecfe61460a4942c9671fe70000000000000000a5f8bab30f7bdf4664 
07edd2d7be2e97969a1a918def8d2c
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
   modcall[authorize]: module "preprocess" returns ok for request 0
   modcall[authorize]: module "chap" returns noop for request 0
   rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
   modcall[authorize]: module "mschap" returns ok for request 0
     rlm_realm: No '@' in User-Name = "test-system", looking up realm  
NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 0
   rlm_eap: No EAP-Message, not doing EAP
   modcall[authorize]: module "eap" returns noop for request 0
     users: Matched entry test-system at line 101
     users: Matched entry DEFAULT at line 185
     users: Matched entry DEFAULT at line 204
     users: Matched entry DEFAULT at line 216
   modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
   rad_check_password:  Found Auth-Type System
auth: type "System"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_unix: Attribute "User-Password" is required for authentication.
   modcall[authenticate]: module "unix" returns invalid for request 0
modcall: leaving group authenticate (returns invalid) for request 0
auth: Failed to validate the user.
Login incorrect: [test-system/<no User-Password attribute>] (from  
client halon port 0 cli 10.0.8.184)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 132 to 10.0.5.1 port 56509
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 132 with timestamp 465ab8d7


So, my firewall talks MS_CHAP, i haven't touched the radiusd.conf and  
its in there under authenticate {..

Now im stuck, i really don't know where else to look for, tried  
google but everything pointed to this wonderful list! I tried to  
change auth-type = Local but same problem. Maybe the problem lies here:

     rlm_realm: No '@' in User-Name = "test-system", looking up realm  
NULL
     rlm_realm: No such realm "NULL"




But i can't tell. Any thoughts, solutions, pointers to right  
directions are greatly appreciated!

Many thanks.

p

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070528/d3158d48/attachment.html>


More information about the Freeradius-Users mailing list