No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Johnny R
vasiana09 at gmail.com
Tue Apr 27 13:25:17 CEST 2010
Hi all,
Problem solved about CopSpot and Freeradius, it works against the user file
(not OpenLDAP). Actually, I am wondering if I can do the authentication
using eap-tls module. I enabled it and it gave me the following output:
Tue Apr 27 11:12:19 2010 : Debug: radiusd: #### Loading Virtual Servers ####
Tue Apr 27 11:12:19 2010 : Debug: server inner-tunnel {
Tue Apr 27 11:12:19 2010 : Debug: modules {
Tue Apr 27 11:12:19 2010 : Debug: Module: Checking authenticate {...} for
more modules to load
Tue Apr 27 11:12:19 2010 : Debug: (Loaded rlm_pap, checking if it's
valid)
Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to module rlm_pap
Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating pap
Tue Apr 27 11:12:19 2010 : Debug: pap {
Tue Apr 27 11:12:19 2010 : Debug: encryption_scheme = "auto"
Tue Apr 27 11:12:19 2010 : Debug: auto_header = no
Tue Apr 27 11:12:19 2010 : Debug: }
Tue Apr 27 11:12:19 2010 : Debug: (Loaded rlm_chap, checking if it's
valid)
Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to module rlm_chap
Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating chap
Tue Apr 27 11:12:19 2010 : Debug: (Loaded rlm_mschap, checking if it's
valid)
Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to module rlm_mschap
Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating mschap
Tue Apr 27 11:12:19 2010 : Debug: mschap {
Tue Apr 27 11:12:19 2010 : Debug: use_mppe = yes
Tue Apr 27 11:12:19 2010 : Debug: require_encryption = no
Tue Apr 27 11:12:19 2010 : Debug: require_strong = no
Tue Apr 27 11:12:19 2010 : Debug: with_ntdomain_hack = no
Tue Apr 27 11:12:19 2010 : Debug: }
Tue Apr 27 11:12:19 2010 : Debug: (Loaded rlm_unix, checking if it's
valid)
Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to module rlm_unix
Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating unix
Tue Apr 27 11:12:19 2010 : Debug: unix {
Tue Apr 27 11:12:19 2010 : Debug: radwtmp =
"/var/log/freeradius/radwtmp"
Tue Apr 27 11:12:19 2010 : Debug: }
Tue Apr 27 11:12:19 2010 : Debug: (Loaded rlm_eap, checking if it's
valid)
Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to module rlm_eap
Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating eap
Tue Apr 27 11:12:19 2010 : Debug: eap {
Tue Apr 27 11:12:19 2010 : Debug: default_eap_type = "tls"
Tue Apr 27 11:12:19 2010 : Debug: timer_expire = 60
Tue Apr 27 11:12:19 2010 : Debug: ignore_unknown_eap_types = no
Tue Apr 27 11:12:19 2010 : Debug: cisco_accounting_username_bug = no
Tue Apr 27 11:12:19 2010 : Debug: max_sessions = 4096
Tue Apr 27 11:12:19 2010 : Debug: }
Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to sub-module rlm_eap_md5
Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating eap-md5
Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to sub-module rlm_eap_leap
Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating eap-leap
Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to sub-module rlm_eap_gtc
Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating eap-gtc
Tue Apr 27 11:12:19 2010 : Debug: gtc {
Tue Apr 27 11:12:19 2010 : Debug: challenge = "Password: "
Tue Apr 27 11:12:19 2010 : Debug: auth_type = "PAP"
Tue Apr 27 11:12:19 2010 : Debug: }
Tue Apr 27 11:12:19 2010 : Debug: Module: Linked to sub-module rlm_eap_tls
Tue Apr 27 11:12:19 2010 : Debug: Module: Instantiating eap-tls
Tue Apr 27 11:12:19 2010 : Debug: tls {
Tue Apr 27 11:12:19 2010 : Debug: rsa_key_exchange = no
Tue Apr 27 11:12:19 2010 : Debug: dh_key_exchange = yes
Tue Apr 27 11:12:19 2010 : Debug: rsa_key_length = 512
Tue Apr 27 11:12:19 2010 : Debug: dh_key_length = 512
Tue Apr 27 11:12:19 2010 : Debug: verify_depth = 0
Tue Apr 27 11:12:19 2010 : Debug: pem_file_type = yes
Tue Apr 27 11:12:19 2010 : Debug: private_key_file =
"$/etc/freeradius/certs/serverd.pem"
Tue Apr 27 11:12:19 2010 : Debug: certificate_file =
"$/etc/freeradius/certs/serverd.pem"
Tue Apr 27 11:12:19 2010 : Debug: CA_file =
"$/etc/freeradius/certs/root.pem"
Tue Apr 27 11:12:19 2010 : Debug: private_key_password = "whatever"
Tue Apr 27 11:12:19 2010 : Debug: dh_file =
"$/etc/freeradius/certs/dh"
Tue Apr 27 11:12:19 2010 : Debug: random_file =
"$/etc/freeradius/certs/random"
Tue Apr 27 11:12:19 2010 : Debug: fragment_size = 1024
Tue Apr 27 11:12:19 2010 : Debug: include_length = yes
Tue Apr 27 11:12:19 2010 : Debug: check_crl = yes
Tue Apr 27 11:12:19 2010 : Debug: cipher_list = "DEFAULT"
Tue Apr 27 11:12:19 2010 : Debug: make_cert_command =
"$/etc/root/Workdir/bootstrap"
Tue Apr 27 11:12:19 2010 : Debug: cache {
Tue Apr 27 11:12:19 2010 : Debug: enable = no
Tue Apr 27 11:12:19 2010 : Debug: lifetime = 24
Tue Apr 27 11:12:19 2010 : Debug: max_entries = 255
Tue Apr 27 11:12:19 2010 : Debug: }
Tue Apr 27 11:12:19 2010 : Debug: }
Tue Apr 27 11:12:19 2010 : Error: rlm_eap: SSL error error:02001002:system
library:fopen:No such file or directory
Tue Apr 27 11:12:19 2010 : Error: rlm_eap_tls: Error reading certificate
file $/etc/freeradius/certs/serverd.pem
Tue Apr 27 11:12:19 2010 : Error: rlm_eap: Failed to initialize type tls
Tue Apr 27 11:12:19 2010 : Error: /etc/freeradius/eap.conf[17]:
Instantiation failed for module "eap"
Tue Apr 27 11:12:19 2010 : Error:
/etc/freeradius/sites-enabled/inner-tunnel[223]: Failed to find module
"eap".
Tue Apr 27 11:12:19 2010 : Error:
/etc/freeradius/sites-enabled/inner-tunnel[176]: Errors parsing authenticate
section.
serverd:~#
Frankly, I don't know what the error means: is that the rlm_eap module was
not found (and it's right, it is not present in my system) , if so how can I
install it without reinstalling the whole freeradius ?
Any Help will be appreciated.
Best regards.
On Fri, Apr 23, 2010 at 7:21 AM, Alan DeKok <aland at deployingradius.com>wrote:
> Johnny R wrote:
> > * is the cipher login/password which comes from CopSpot(or any
> > captive portal) deciphered before ipcop sends it to
> > freeradius-server? (It's a kind of question which can not be asked
> > here but ... never know)
>
> I have no idea what that means.
>
> > * the authentication type set in ipcop is just "radius" (and its
> > ip), so I don't understand why the packet contains CHAP?
>
> <shrug> Go ask the ipcop people.
>
> > according
> > to
> http://deployingradius.com/documents/configuration/active_directory.html,
> > centralizing the authentication in samba will work fine, but I want to
> > do it against ldap. I think, what's wrong here is that I added users by
> > smbldap-useradd, not simply ldapadd (which won't work actually, it says:
> > "invalid credentials") ...
> >
> > * So how can I force freeradius to use pap
>
> You can't. The NAS (ipcop) determines what to put in the
> Access-Request, not FreeRADIUS.
>
> You need to put the clear-text password into the database. That's the
> only thing you can do to FreeRADIUS which will help.
>
> > (to be able to
> > authenticate it against ldap) even the passwd/login is tls
> > ciphered (from chilispot)????I m really convinced that that's not
> > possible, even senseless but I have to know why ...
>
> I have no idea what that means.
>
> > Finally, once again, I really want to thank the list for your
> > availability, the freeradius dev. team, because this is a success for
> > the open source community.
> > Thanks,
>
> It's what I do...
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
-----------------------------------------------------------------
|JJohnny RANDRIAMAMPIONONA |
| Phone: +212663682554 |
| National School of Applied Sciences |
| 1818 TANGIER 90000 |
|----------------------------------------------------------------|
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100427/fc950a42/attachment.html>
More information about the Freeradius-Users
mailing list