DEFAULT entry in users file (1.0.5-->1.1.7)

Martin Pauly pauly at hrz.uni-marburg.de
Fri Nov 16 18:17:19 CET 2007 

Hi everybody,

sorry to ask, but I don' get it.
I'm still trying to upgrade from 1.0.5 to 1.1.7.
Previously, my users fiel looked like this:

[some static entries for special users]
[some entries with Auth-Type=Reject for special conditions]

DEFAULT Auth-Type = LDAP, Called-Station-Id == "our-dialup-number"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
	[more reply-items for dialup users]

# All other requests: simply match against LDAP
# Replace 'outer' attribute User-Name with value from variable
# ==> This yields the true username from inside the tunnel in case of
# anonymous outer identification with 802.1x
DEFAULT Auth-Type = LDAP
        User-Name = `%{User-Name}`,
        Reply-Message = "Matched DEFAULT user entry in staff-RADIUS"


So all my normal users' passwords are checked against LDAP, 
using LDAP bind-as-user. There's a properly configured LDAP section in 
radiusd.conf, of course. 

With 1.1.7 (and perhaps with any version >=1.1.4), Auth-Type = LDAP
seems to be gone, but what on earth do put there instead?
The static entries (with cleartext-password for 1.1.7) work fine,

With a users file like 
DEFAULT 
        User-Name = `%{User-Name}`

the server complains loudly about the missing Auth-Type when asking with
radtest:

rad_recv: Access-Request packet from host 127.0.0.1:41995, id=59, length=58
        User-Name = "martin"
        User-Password = "testpass"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 10
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "pauly0", looking up realm NULL
    rlm_realm: Found realm "NULL"
    rlm_realm: Adding Stripped-User-Name = "pauly0"
    rlm_realm: Proxying request from user pauly0 to realm NULL
    rlm_realm: Adding Realm = "NULL"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 69
radius_xlat:  'pauly0'
  modcall[authorize]: module "files" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.

So how do I direct the server to use LDAP without setting Auth-Type?
Or is radtest somehow the wrong test tool in the new scenario??

Thanks, Martin

-- 
  Dr. Martin Pauly     Fax:    49-6421-28-26994            
  HRZ Univ. Marburg    Phone:  49-6421-28-23527
  Hans-Meerwein-Str.   E-Mail: pauly at HRZ.Uni-Marburg.DE  
  D-35032 Marburg

More information about the Freeradius-Users mailing list