Newbie-quiz: Can't get authentication to work.

tnt at kalik.co.yu tnt at kalik.co.yu
Mon May 28 13:42:27 CEST 2007


You have forced Auth-Type System in your user configuration and have
overruled the server trying to (correctly) do MS-CHAP. Delete that
Auth-Type from the check line and it should work.

Ivan Kalik
Kalik Informatika ISP


Dana 28/5/2007, "Giobbi Piero" <piero at news.fb.se> piše:

>Hello all.
>
>Just started out with Freeradius and got it installed and working
>(Debian Etch, FR 1.1.4).
>
>Im hooked up our firewall to authenticate to FR-server and the "link"
>works, so i guess the basics are ok. Now i have added a user in the
>system and in the Users-file:
>
>test-system   Auth-Type := System, User-Password == "test-system"
>        Service-Type = Framed-User,
>        Framed-Protocol = PPP,
>        Framed-IP-Address = 10.0.5.7,
>        Framed-IP-Netmask = 255.255.255.0,
>        Framed-Routing = Broadcast-Listen,
>        Framed-Filter-Id = "std.ppp",
>        Framed-MTU = 1500,
>        Fall-Through = yes,
>        Framed-Compression = Van-Jacobsen-TCP-IP
>
>When i connect to my FR-server i get this:
>rad_recv: Access-Request packet from host 10.0.5.1:56509, id=132,
>length=182
>         NAS-Identifier = "halon"
>         NAS-IP-Address = 10.0.5.1
>         Message-Authenticator = 0x3f0dd3b6a7a3fd31e874e22721f5073d
>         NAS-Port = 0
>         NAS-Port-Type = Virtual
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Calling-Station-Id = "10.0.8.184"
>         User-Name = "test-system"
>         MS-CHAP-Challenge = 0xbb1e68a886add6f65e6e9af66c709bfd
>         MS-CHAP2-Response =
>0x01000a3194599cecfe61460a4942c9671fe70000000000000000a5f8bab30f7bdf4664
>07edd2d7be2e97969a1a918def8d2c
>   Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
>   modcall[authorize]: module "mschap" returns ok for request 0
>     rlm_realm: No '@' in User-Name = "test-system", looking up realm
>NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 0
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 0
>     users: Matched entry test-system at line 101
>     users: Matched entry DEFAULT at line 185
>     users: Matched entry DEFAULT at line 204
>     users: Matched entry DEFAULT at line 216
>   modcall[authorize]: module "files" returns ok for request 0
>modcall: leaving group authorize (returns ok) for request 0
>   rad_check_password:  Found Auth-Type System
>auth: type "System"
>   Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
>rlm_unix: Attribute "User-Password" is required for authentication.
>   modcall[authenticate]: module "unix" returns invalid for request 0
>modcall: leaving group authenticate (returns invalid) for request 0
>auth: Failed to validate the user.
>Login incorrect: [test-system/<no User-Password attribute>] (from
>client halon port 0 cli 10.0.8.184)
>Delaying request 0 for 1 seconds
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Sending Access-Reject of id 132 to 10.0.5.1 port 56509
>Waking up in 4 seconds...
>--- Walking the entire request list ---
>Cleaning up request 0 ID 132 with timestamp 465ab8d7
>
>
>So, my firewall talks MS_CHAP, i haven't touched the radiusd.conf and
>its in there under authenticate {..
>
>Now im stuck, i really don't know where else to look for, tried
>google but everything pointed to this wonderful list! I tried to
>change auth-type = Local but same problem. Maybe the problem lies here:
>
>     rlm_realm: No '@' in User-Name = "test-system", looking up realm
>NULL
>     rlm_realm: No such realm "NULL"
>
>
>
>
>But i can't tell. Any thoughts, solutions, pointers to right
>directions are greatly appreciated!
>
>Many thanks.
>
>p
>
>
>




More information about the Freeradius-Users mailing list