Capturing Access-Reject data in the radpostauth table
Alan DeKok
aland at deployingradius.com
Fri Apr 30 09:31:40 CEST 2010
Aaron Paetznick wrote:
> Huh. Then it should be working but it isn't.
>
> radiusd -X says:
> ...
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
> Failed to authenticate the user.
> Login incorrect: [username/badpass] (from client somenas port 0 cli
> somecallinginfo)
> Using Post-Auth-Type Reject
As I said:
>> But the log message *uses* it:
>>
>> Login incorrect (rlm_pap: CLEAR TEXT password check failed) ..
>>
>> The text between the () *is* the Module-Failure-Message attribute.
>> See src/main/auth.c.
Look closely at the two log messages. They're different. One
references "rlm_pap", which means it's using Module-Failure-Message.
The other doesn't reference rlm_pap, which means it's not using
Module-Failure-Method.
i.e. In this example, you failed to configure a way for the user to be
authenticated. The server didn't run any module for authentication.
So.... there's no Module-Failure-Method.
Alan DeKok.
More information about the Freeradius-Users
mailing list