FreeRadius Basic Authentication Problem
Ivan Kalik
tnt at kalik.net
Fri Aug 22 17:09:32 CEST 2008
>rad_recv: Access-Request packet from host 127.0.0.1 port 1029, id=10,
>length=56
> User-Name = "John"
> User-Password = "hello"
> NAS-IP-Address = 192.168.1.131
> NAS-Port = 1
>+- entering group authorize
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
> rlm_realm: No '@' in User-Name = "John", looking up realm NULL
> rlm_realm: No such realm "NULL"
>++[suffix] returns noop
> rlm_eap: No EAP-Message, not doing EAP
>++[eap] returns noop
>++[unix] returns notfound
>++[files] returns noop
>++[expiration] returns noop
>++[logintime] returns noop
>rlm_pap: WARNING! No "known good" password found for the user.
>Authentication may fail because of this.
>++[pap] returns noop
Nothing matched.
>And my radtest command *radtest John hello localhost 1 testing123
>
Oh dear! localhost resolved to:
> NAS-IP-Address = 192.168.1.131
You need to fix name resolution so localhost resolves properly to
127.0.0.1.
>Users file
>
># This is an entry for a user with a space in their name.
># Note the double quotes surrounding the name.
>
>John Auth-Type :=System,Huntgroup-Name == John,User-Password := "hello"
>
> Reply-Message = "Hello, %{User-Name}",
> Fall-Through = Yes
This is also wrong. Auth-Type system means that user/password will be
looked up in etc/passwd. You dont need either Auth-Type or password
attribute there. If you are going to remove Auth-Type fix password
attribute to be Cleartex-Password. If you are checking a system account
(not very likely since unix returned notfound) then remove the password
attribute.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list