users authentication problem
Andreas Bourges
andy-lists at bourges.de
Tue May 12 11:39:47 CEST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
...we recently upgraded vom freeradius 0.9 to freeradius 2.1.4. Unfortunately
local users cannot be authenticated anymore.
This morning I used the default configuration files from 2.1.4 and started
from scratch. My first objective was to get any valid response from the
freeradiusd - but unluckily, without success.
In the users file, I enabled the following line:
lameuser Auth-Type := Reject
Reply-Message = "Your account has been disabled."
one entry in clients.conf for localhost testing:
client localhost {
ipaddr = 127.0.0.1
secret = testing123
require_message_authenticator = no
nastype = other
virtual_server = default
}
sites-enabled/default:
authorize {
chap
suffix
eap {
ok = return
}
files
expiration
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
eap
files
}
I think that must be the main configuration items for my very basic test. Then
I run freeradiusd -X -xx and test the user via radclient:
echo "User-Name=lameuser, Password=bla, NAS-IP-Address=127.0.0.1" | radclient
- -r 1 -x -s 127.0.0.1 auth 'testing123'
results in:
Sending Access-Request of id 20 to 127.0.0.1 port 1812
User-Name = "lameuser"
Password = "bla"
NAS-IP-Address = 127.0.0.1
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=20, length=20
Total approved auths: 0
Total denied auths: 1
Total lost auths: 0
The radiusd logs the following:
Tue May 12 11:31:58 2009 : Debug: Listening on authentication address * port
1812
Tue May 12 11:31:58 2009 : Debug: Listening on accounting address * port 1813
Tue May 12 11:31:58 2009 : Debug: Listening on command file
/var/run/freeradius/run/radiusd/radiusd.sock
Tue May 12 11:31:58 2009 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 33013, id=5,
length=54
User-Name = "lameuser"
User-Password = "bla"
NAS-IP-Address = 127.0.0.1
Tue May 12 11:32:04 2009 : Info: server default {
Tue May 12 11:32:04 2009 : Info: No authenticate method (Auth-Type)
configuration found for the request: Rejecting the user
Tue May 12 11:32:04 2009 : Info: Failed to authenticate the user.
Tue May 12 11:32:04 2009 : Info: } # server default
- -> the user gets rejected, but not because of the Auth-Type := Reject setting
in the users file. This is the same behaviour we observer when configuring
"real" user accounts having a password associated, like the following:
testuser Auth-Type := Local, Cleartext-Password == "blabla"
server log says:
Tue May 12 11:35:50 2009 : Info: server default {
Tue May 12 11:35:50 2009 : Info: No authenticate method (Auth-Type)
configuration found for the request: Rejecting the user
Tue May 12 11:35:50 2009 : Info: Failed to authenticate the user.
Tue May 12 11:35:50 2009 : Info: } # server default
Thanks for any hints troubleshooting this!
Regards,
Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoJQ+MACgkQRrny/uOBVy7sggCfRfAjnhIkHwQbElEUwwZWPM4L
DIEAniJziPLwpdyQKAWpa/vJvGAftmq1
=4Tih
-----END PGP SIGNATURE-----
More information about the Freeradius-Users
mailing list