Unknown value specified for Autz-Type, freeradius 2.1.3
Kent Nasveschuk
knasveschuk at mbl.edu
Mon Dec 22 19:51:34 CET 2008
Hello,
Having a little problem with "Unknown value specified for Autz-Type".
OS CentOS 5
Freeradius version 2.1.3 latest
I have this working on a 1.1.3 version that ships with CentOS 5 but having a little problem here.
I actually have 2 LDAP sources for testing. One source is used for the switch (Enterasys) that does MAC authentication the other does 802.1x. The records are in different parts of the LDAP tree. The 802.1x works fine. The error message at the bottom is the one I get from the MAC authentication.
raddb/modules/ldap:
...
ldap devices {
server = "192.168.1.12"
identity = "uid=xxxx,ou=xxxx,dc=mbl,dc=edu"
password = xxxxxx
basedn = "ou=devices,ou=network,dc=mbl,dc=edu"
filter = "(cn=%{User-Name})"
tls {
start_tls = no
}
tls_mode = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
edir_account_policy_check = no
ldap_cache_timeout = 120
ldap_cache_size = 0
ldap_connections_number = 10
password_attribute = userPassword
timeout = 3
timelimit = 5
net_timeout = 1
compare_check_items = no
dictionary_mapping = ${confdir}/ldap.attrmap
access_attr = "radiusFilterId"
set_auth_type = yes
}
...
raddb/sites-enabled/inner-tunnel:
...
authorize {
Autz-Type DEVICES {
devices
}
...
}
...
authenticate {
Auth-Type DEVICES {
devices
}
...
}
raddb/sites-enabled/users:
# TEST C2 MAC
DEFAULT Auth-Type := DEVICES, Auth-Type := ACCEPT, Autz-Type := DEVICES, Client-IP-Address == "192.168.1.15"
Filter-Id := "Enterasys:version=1:policy=D-Unregistered",
Fall-Through = yes
radiusd -X (MAC authentication failure):
...
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.15 port 49152, id=62, length=146
User-Name = "00-11-24-80-40-7A"
Service-Type = Framed-User
Called-Station-Id = "00-01-F4-5C-97-80"
Calling-Station-Id = "00-11-24-80-40-7A"
NAS-IP-Address = 192.168.1.15
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "ge.1.17"
User-Password = "xxxxxxx"
Message-Authenticator = 0x21da3669c869a962c6270f0cee3d3bac
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "00-11-24-80-40-7A", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] expand: %{Client-IP-Address} -> 192.168.1.15
[files] expand: %{Client-IP-Address} -> 192.168.1.15
[files] users: Matched entry DEFAULT at line 5
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Using Autz-Type DEVICES
WARNING: Unknown value specified for Autz-Type. Cannot perform requested action.
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 62 to 192.168.1.15 port 49152
Filter-Id := "Enterasys:version=1:policy=D-Unregistered"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 62 with timestamp +2
Ready to process requests.
Any help wold be appreciated.
Kent
Kent L. Nasveschuk
Systems Administrator
----------------------------
Marine Biological Laboratory
7 MBL St.
Woods Hole, MA 02543
More information about the Freeradius-Users
mailing list