Hints file and Strip-User-Name
Ivan Kalik
tnt at kalik.net
Tue Jun 3 20:46:43 CEST 2008
authenticate{}??? What are they doing there. Files are a part of
authorize{} section.
Ivan Kalik
Kalik Informatika ISP
Dana 3/6/2008, "Paul Khavkine" <paul.khavkine at distributel.ca> piše:
>
>
>files is there in authentication { } section.
>
>authenticate {
> #
> # PAP authentication, when a back-end database listed
> # in the 'authorize' section supplies a password. The
> # password can be clear-text, or encrypted.
> Auth-Type PAP {
> pap
> }
>
> #
> # Most people want CHAP authentication
> # A back-end database listed in the 'authorize' section
> # MUST supply a CLEAR TEXT password. Encrypted passwords
> # won't work.
> Auth-Type CHAP {
> chap
> }
>
> #
> # MSCHAP authentication.
> Auth-Type MS-CHAP {
> mschap
> }
>
> #
> # If you have a Cisco SIP server authenticating against
> # FreeRADIUS, uncomment the following line, and the 'digest'
> # line in the 'authorize' section.
># digest
>
> #
> # Pluggable Authentication Modules.
># pam
>
> #
> # See 'man getpwent' for information on how the 'unix'
> # module checks the users password. Note that packets
> # containing CHAP-Password attributes CANNOT be authenticated
> # against /etc/passwd! See the FAQ for details.
> #
># unix
>
> # Uncomment it if you want to use ldap for authentication
> #
> # Note that this means "check plain-text password against
> # the ldap database", which means that EAP won't work,
> # as it does not supply a plain-text password.
># Auth-Type LDAP {
># ldap
># }
>
> #
> # Allow EAP authentication.
> eap
> files
> }
>
>
>Paul
>
>
>
>-----Original Message-----
>From:
>freeradius-users-bounces+paul.khavkine=distributel.ca at lists.freeradius.o
>rg
>[mailto:freeradius-users-bounces+paul.khavkine=distributel.ca at lists.free
>radius.org] On Behalf Of Ivan Kalik
>Sent: June 3, 2008 2:07 PM
>To: FreeRadius users mailing list
>Subject: Re: Hints file and Strip-User-Name
>
>>
>>When run radiusd -W I can see it enter the preprocess module and match
>>an entry, but the suffix is not being stripped and entry in users file
>>not being matched:
>>
>
>Not being stripped? You think that's the problem.
>
>>
>>
>>Tue Jun 3 12:54:15 2008 : Debug: +- entering group authorize
>>
>>Tue Jun 3 12:54:15 2008 : Debug: modsingle[authorize]: calling
>suffix
>>(rlm_realm) for request 0
>...
>>Tue Jun 3 12:54:15 2008 : Debug: modsingle[authorize]: calling
>>preprocess (rlm_preprocess) for request 0
>>
>...
>>Tue Jun 3 12:54:15 2008 : Debug: auth: No authenticate method
>>(Auth-Type) configuration found for the request: Rejecting the user
>>
>
>You haven't hacked away at the default configuration by any chance?
>Users file entry is not matched because you prevented the server from
>looking there. Even if you put "files" back in it still won't work as
>you have broken every single authentication method. Well done! Now put
>the configuration back the way it was and watch it work.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list