Windows Authentication and Authorization via LDAP on FreeRadius v 2.1.4 Configuration Help!!!

Edwin Isada eisada at gmail.com
Tue Mar 24 15:58:09 CET 2009


Hello All,

Excuse me for my lack of knowledge with Linux and FreeRadius.  I hardly have
any experience and I've been using version 1.1.3 for the past few weeks and
had authentication working properly for Cisco devices.  I decided to install
the latest version 2.1.4 and forgot to save all my configuration for 1.1.3.
Hopefully I'll learn my lesson next time =)  The radiusd.conf file from what
I recall looks totally different.  I inserted my ldap information in the
modules section, but running the basic debug I'm seeing an error "No
authenticate method (Auth-Type).  Even running the recommended radtest it's
failing in reviewing the debug.  I believe I'm missing authenticate config.
If so do I need to modify another file or add it to radiusd.conf?  I'm a
little lost here if someone can point me the right direction and hopefully I
can proceed with getting authorization working afterwards.  Let me know if
you need any additional information.  I've added the debug info below.
Another quick question has anyone configured this for F5 devices?

rad_recv: Access-Request packet from host 127.0.0.1 port 1027, id=254,
length=56
        User-Name = "test"
        User-Password = "test"
        NAS-IP-Address = 127.0.1.1
        NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [test] (from client localhost port 0)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> test
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 254 to 127.0.0.1 port 1027
Waking up in 4.9 seconds.
Cleaning up request 0 ID 254 with timestamp +783

Thanks,

Ed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090324/d8ed443f/attachment.html>


More information about the Freeradius-Users mailing list