Capturing Access-Reject data in the radpostauth table

Alan DeKok aland at
Fri Apr 30 09:31:40 CEST 2010

Aaron Paetznick wrote:
> Huh.  Then it should be working but it isn't.
> radiusd -X says:
> ...
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
> Failed to authenticate the user.
> Login incorrect: [username/badpass] (from client somenas port 0 cli
> somecallinginfo)
> Using Post-Auth-Type Reject

  As I said:

>>    But the log message *uses* it:
>> Login incorrect (rlm_pap: CLEAR TEXT password check failed) ..
>>    The text between the () *is* the Module-Failure-Message attribute.
>> See src/main/auth.c.

  Look closely at the two log messages.  They're different.  One
references "rlm_pap", which means it's using Module-Failure-Message.
The other doesn't reference rlm_pap, which means it's not using

  i.e. In this example, you failed to configure a way for the user to be
authenticated.  The server didn't run any module for authentication.
So.... there's no Module-Failure-Method.

  Alan DeKok.

More information about the Freeradius-Users mailing list