FreeRadius Basic Authentication Problem

Ivan Kalik tnt at
Fri Aug 22 17:09:32 CEST 2008

>rad_recv: Access-Request packet from host port 1029, id=10,
>        User-Name = "John"
>        User-Password = "hello"
>        NAS-IP-Address =
>        NAS-Port = 1
>+- entering group authorize
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>    rlm_realm: No '@' in User-Name = "John", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>++[suffix] returns noop
>  rlm_eap: No EAP-Message, not doing EAP
>++[eap] returns noop
>++[unix] returns notfound
>++[files] returns noop
>++[expiration] returns noop
>++[logintime] returns noop
>rlm_pap: WARNING! No "known good" password found for the user.
>Authentication may fail because of this.
>++[pap] returns noop

Nothing matched.

>And my radtest command *radtest John hello localhost 1 testing123

Oh dear! localhost resolved to:

>        NAS-IP-Address =

You need to fix name resolution so localhost resolves properly to

>Users file
># This is an entry for a user with a space in their name.
># Note the double quotes surrounding the name.
>John  Auth-Type :=System,Huntgroup-Name == John,User-Password := "hello"
>        Reply-Message = "Hello, %{User-Name}",
>                Fall-Through = Yes

This is also wrong. Auth-Type system means that user/password will be
looked up in etc/passwd. You dont need either Auth-Type or password
attribute there. If you are going to remove Auth-Type fix password
attribute to be Cleartex-Password. If you are checking a system account 
(not very likely since unix returned notfound) then remove the password

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list