incorrect auth-type
Sallee, Stephen (Jake)
Jake.Sallee at umhb.edu
Tue Jul 27 20:13:51 CEST 2010
I am new to FreeRADIUS so please be patient with me. I am scouring the
docs as I write this but so far I have been stumped. Below I have
included the debug output of my server when I send it a authentication
request.
You will see that the user is found and authenticated by the
"ntlm_auth_Cru" module, however the user is still rejected bec the
server says no auth-type was configured for the request. Any help is
appreciated.
I have the following lines in my users file:
-----------------
DEFAULT Auth-Type := ntlm_auth
Fall-Through = Yes
-----------------
I also have the following in my radius.conf:
------------------
redundant ntlm_auth {
group {
ntlm_auth_Cru {
reject = 1
ok = return
}
ntlm_auth_UMHB {
reject = 1
ok = return
}
}
}
------------------
Here is the debug output:
------------------
rad_recv: Access-Request packet from host 10.2.1.75 port 46841, id=239,
length=51
User-Name = "image"
User-Password = "image"
NAS-IP-Address = 10.2.1.75
Tue Jul 27 13:01:03 2010 : Info: +- entering group authorize {...}
Tue Jul 27 13:01:03 2010 : Info: ++[preprocess] returns ok
Tue Jul 27 13:01:03 2010 : Info: ++- entering group ntlm_auth {...}
Tue Jul 27 13:01:03 2010 : Info: +++- entering group {...}
Tue Jul 27 13:01:03 2010 : Info: [ntlm_auth_Cru] expand:
--username=%{mschap:User-Name} -> --username=image
Tue Jul 27 13:01:03 2010 : Info: [ntlm_auth_Cru] expand:
--password=%{User-Password} -> --password=image
Tue Jul 27 13:01:03 2010 : Debug: Exec-Program output: NT_STATUS_OK:
Success (0x0)
Tue Jul 27 13:01:03 2010 : Debug: Exec-Program-Wait: plaintext:
NT_STATUS_OK: Success (0x0)
Tue Jul 27 13:01:03 2010 : Debug: Exec-Program: returned: 0
Tue Jul 27 13:01:03 2010 : Info: ++++[ntlm_auth_Cru] returns ok
Tue Jul 27 13:01:03 2010 : Info: +++- group returns ok
Tue Jul 27 13:01:03 2010 : Info: ++- group ntlm_auth returns ok
Tue Jul 27 13:01:03 2010 : Info: ++[expiration] returns noop
Tue Jul 27 13:01:03 2010 : Info: ++[logintime] returns noop
GOT CLONE -1208792368 0x9f8ff70
Tue Jul 27 13:01:03 2010 : Debug: rlm_perl: PacketFence SWITCH:
10.2.1.75
Tue Jul 27 13:01:03 2010 : Debug: rlm_perl: PacketFence MAC:
Tue Jul 27 13:01:03 2010 : Debug: rlm_perl: PacketFence USER: image
Tue Jul 27 13:01:03 2010 : Debug: rlm_perl: Added pair User-Name = image
Tue Jul 27 13:01:03 2010 : Debug: rlm_perl: Added pair User-Password =
image
Tue Jul 27 13:01:03 2010 : Debug: rlm_perl: Added pair NAS-IP-Address =
10.2.1.75
Tue Jul 27 13:01:03 2010 : Info: ++[perl] returns ok
Tue Jul 27 13:01:03 2010 : Info: No authenticate method (Auth-Type)
configuration found for the request: Rejecting the user
Tue Jul 27 13:01:03 2010 : Info: Failed to authenticate the user.
Tue Jul 27 13:01:03 2010 : Info: Using Post-Auth-Type Reject
Tue Jul 27 13:01:03 2010 : Info: +- entering group REJECT {...}
Tue Jul 27 13:01:03 2010 : Info: [attr_filter.access_reject] expand:
%{User-Name} -> image
Tue Jul 27 13:01:03 2010 : Debug: attr_filter: Matched entry DEFAULT at
line 11
Tue Jul 27 13:01:03 2010 : Info: ++[attr_filter.access_reject] returns
updated
Tue Jul 27 13:01:03 2010 : Info: Delaying reject of request 0 for 1
seconds
Tue Jul 27 13:01:03 2010 : Debug: Going to the next request
Tue Jul 27 13:01:03 2010 : Debug: Waking up in 0.8 seconds.
Tue Jul 27 13:01:04 2010 : Info: Sending delayed reject for request 0
Sending Access-Reject of id 239 to 10.2.1.75 port 46841
Tue Jul 27 13:01:04 2010 : Debug: Waking up in 4.9 seconds.
Tue Jul 27 13:01:09 2010 : Info: Cleaning up request 0 ID 239 with
timestamp +26
Tue Jul 27 13:01:09 2010 : Debug: Ready to process requests.
------------------
PS: I know it is not best practice to specify the default auth-type but
this is a single purpose server and I know what types of requests are
going to come to it, anything other than what I want should be
discarded.
Jake Sallee
Godfather Of Bandwidth
Network Engineer
Fone: 254-295-4658
Phax: 254-295-4221
More information about the Freeradius-Users
mailing list