User-Password required Authentication problem
Syed Anwarul Hasan
syedanwarulhasan2007 at gmail.com
Thu Aug 28 13:08:37 CEST 2008
*yes Ivan.
Debug o:p radiusd -X*
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 1031, id=171,
length=57
User-Name = "hasan"
User-Password = "thales"
NAS-IP-Address = 192.168.1.131
NAS-Port = 1
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "hasan", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for thales
WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=hasan)
expand: dc=thales,dc=com -> dc=thales,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 127.0.0.1:389, authentication 0
rlm_ldap: bind as cn=Administrator,dc=thales,dc=com/thales to 127.0.0.1:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=thales,dc=com, with filter (uid=hasan)
rlm_ldap: checking if remote access for thales is allowed by uid
rlm_ldap: Added User-Password = thales in check items
rlm_ldap: No default NMAS login sequence
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute userPassword as RADIUS attribute User-Password ==
"thales"
rlm_ldap: looking for reply items in directory...
rlm_ldap: user authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
*rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Found Post-Auth-Type Reject*
+- entering group REJECT
expand: %{User-Name} -> hasan
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 171 to 127.0.0.1 port 1031
And the request/
* # radtest hasan thales localhost 1 testing123
Sending Access-Request of id 171 to 127.0.0.1 port 1812
User-Name = "hasan"
User-Password = "thales"
NAS-IP-Address = 192.168.1.131
NAS-Port = 1
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=171,
length=20*
2008/8/28 Ivan Kalik <tnt at kalik.net>
> Could be. You haven't posted the debug of request processing, so we
> can't see what's going on.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 28/8/2008, "Syed Anwarul Hasan" <syedanwarulhasan2007 at gmail.com>
> piše:
>
> >Hi Ivan, this is the request .Sorry Ivan, I didn't fix the name resolution
> >for locahost. This Problem is due to this.
> >I will fix the name resolution.
> >
> >SYED
> > # radtest hasan thales localhost 1 testing123
> >Sending Access-Request of id 241 to 127.0.0.1 port 1812
> > User-Name = "hasan"
> > User-Password = "thales"
> > NAS-IP-Address = 192.168.1.131
> > NAS-Port = 1
> >rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=241,
> >length=20
> >
> >
> >2008/8/28 Ivan Kalik <tnt at kalik.net>
> >
> >> Well, ldap found the user but didn't find the password. Post the debug
> >> from the request.
> >>
> >> Ivan Kalik
> >> Kalik Informatika ISP
> >>
> >>
> >> Dana 28/8/2008, "Syed Anwarul Hasan" <syedanwarulhasan2007 at gmail.com>
> >> piše:
> >>
> >> >Hi Alan,
> >> >Since I am using a Plain password in the LDAP database, hence I tried
> to
> >> do
> >> >LDAP Authentication with Auth-type set to LDAP.
> >> >Even I tried with only uncommenting ldap in Authorize and Authenticate
> >> >section of default file in sites-enabled.Still, I am having the Problem
> >> with
> >> >*no Authenticate method found for user error.
> >> >Please comment.
> >> >SYED
> >> >*
> >> >debug o/p:
> >> >++[ldap] returns ok
> >> >++[expiration] returns noop
> >> >++[logintime] returns noop
> >> >rlm_pap: WARNING! No "known good" password found for the user.
> >> >Authentication may fail because of this.
> >> >++[pap] returns noop
> >> >*auth: No authenticate method (Auth-Type) configuration found for the
> >> >request: Rejecting the user*
> >> >auth: Failed to validate the user.
> >> > Found Post-Auth-Type Reject
> >> >+- entering group REJECT
> >> > expand: %{User-Name} -> hasan
> >> > attr_filter: Matched entry DEFAULT at line 11
> >> >
> >> >
> >> >On Wed, Aug 27, 2008 at 7:19 PM, Alan DeKok <aland at deployingradius.com
> >> >wrote:
> >> >
> >> >> Syed Anwarul Hasan wrote:
> >> >> > ... Also in the Sites-enabled dir under default file, I have
> >> >> > added in the Authorize section I added,
> >> >> > *update control {
> >> >> > Auth-Type :=ldap
> >> >>
> >> >> Why? All of the documentation and configuration files say DO NOT
> DO
> >> >> SET AUTH-TYPE.
> >> >>
> >> >> ...
> >> >> > rlm_ldap: Attribute "User-Password" is required for authentication.
> >> >> > Cannot use " (null)".
> >> >>
> >> >> You are sending the server a request that doesn't contain a
> >> >> User-Password attribute.
> >> >>
> >> >> Don't set Auth-Type.
> >> >>
> >> >> Alan DeKok.
> >> >> -
> >> >> List info/subscribe/unsubscribe? See
> >> >> http://www.freeradius.org/list/users.html
> >> >>
> >> >
> >> >
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080828/0377f832/attachment.html>
More information about the Freeradius-Users
mailing list