Simple authentication by users file.

Michel GAUDET michel.gaudet at mines-paristech.fr
Thu Mar 26 17:57:06 CET 2009 

Hello Everybody !

Sorry for my english : the french people are known to be bad in other langage
than french !

To make my (new) experience with freeRADIUS I try to authenticate with simple
User-name and password in the users file.
Sorry for the long post but I want to give all is necessary to understand.

My conf is following (some big extract) :

modules {
        pap {
                auto_header = no
        }
        chap {
                authtype = CHAP
        }
        preprocess {
                huntgroups = ${confdir}/huntgroups
                hints = ${confdir}/hints
                with_ascend_hack = no
                ascend_channels_per_line = 23
                with_ntdomain_hack = no
                with_specialix_jetstream_hack = no
                with_cisco_vsa_hack = no
        }
        files {
                usersfile = ${confdir}/users
                acctusersfile = ${confdir}/acct_users
                compat = no
        }
        pam {
                pam_auth = radiusd
        }
        always fail {
                rcode = fail
        }
        always reject {
                rcode = reject
        }
        always noop {
                rcode = noop
        }
        always handled {
                rcode = handled
        }
        always updated {
               rcode = updated
        }
        always notfound {
                rcode = notfound
        }
        always ok {
                rcode = ok
                simulcount = 0
                mpp = no
        }
}
server ensmp {
        authorize {
                files
        }
        authenticate {
# I don't know what is mandatory here
        }
}

Client.conf file :

client 1.2.3.4 {
        secret  = XXXX
        shortname = Linux
        nastype   = other
}

users file  :

myself  Auth-Type := Accept,User-Password == "YYYYYY"


And I try to access with a radius client (radexample) :

Linux# radexample
login: myself
Password:
"myself" RADIUS Authentication failure (RC=2)

My server in launch in debug mode ( /usr/sbin/freeradius -Xxx) without errors

at the moment of my try :

Thu Mar 26 18:13:01 2009 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host 1.2.3.4 port 48655, id=88, length=65
        User-Name = "myself"
        User-Password = "YYYYYY"
        Service-Type = Authenticate-Only
        NAS-Port = 0
        NAS-IP-Address = 10.3.5.136
Thu Mar 26 18:13:18 2009 : Debug: auth: No authenticate method (Auth-Type)
configuration found for the request: Rejectig the user
Thu Mar 26 18:13:18 2009 : Debug: auth: Failed to validate the user.
Thu Mar 26 18:13:18 2009 : Auth: Login incorrect: [mgaudet/ifqj1cf5] (from
client turing port 0)
Thu Mar 26 18:13:18 2009 : Debug: Delaying reject of request 0 for 1 seconds
Thu Mar 26 18:13:18 2009 : Debug: Going to the next request
Thu Mar 26 18:13:18 2009 : Debug: Waking up in 0.9 seconds.
Thu Mar 26 18:13:19 2009 : Debug: Sending delayed reject for request 0
Sending Access-Reject of id 88 to 10.3.5.136 port 48655
Thu Mar 26 18:13:19 2009 : Debug: Waking up in 4.9 seconds.
Thu Mar 26 18:13:24 2009 : Debug: Cleaning up request 0 ID 88 with timestamp +17


The request have been received and acknowledge  but rejected because missing
Auth-Type.

I don't understand WHAT AND WHERE to put Auth-Type elsewhere in my conf.

Some ideas ?

Thank's in advance.

	Regards.

	Michel.


-- 
Michel GAUDET
Centre de Calcul et des Systèmes d'Information
Ecole Nationale Supérieure des Mines de Paris
60-62, Boulevard Saint Michel
75272 PARIS cedex 06 FRANCE
Tel  : 01.40.51.92.03  Fax : 01.40.51.93 01
mail : michel.gaudet at mines-paristech.fr

More information about the Freeradius-Users mailing list