sending Access-request, Access-Reject

John Dennis jdennis at redhat.com
Thu May 13 02:56:32 CEST 2010


On 05/12/2010 08:01 PM, dorra aa wrote:
> hi can someone help me in that
> i add a users :
> abc cleartext-password:="123"

It's right there in the debug output

> users: Matched entry DEFAULT at line 153
> users: Matched entry abc at line 216
> modcall[authorize]: module "files" returns ok for request 0
> modcall: leaving group authorize (returns ok) for request 0
 > rlm_pap: Found existing Auth-Type, not changing it.
> rad_check_password: Found Auth-Type System
 > modcall[authenticate]: module "unix" returns notfound for request 0

It shouldn't be using an auth-type of "System", that means to lookup the 
user in the /etc/passwd (/etc/shadow) file. But you don't have a user on 
your system named "abc" so the not found result makes sense, right?

Why is it trying to find "abc" amongst the unix users on your system? 
The answer is right above, look at the lines labeled "users:", that's 
your users file, also look at the line that says "Found Auth-Type, not 
changing it". So somthing in your users file forced the user "abc" to 
have an Auth-Type of "system" or "unix", it also tells you which lines 
in the users files it matched. Go fix your users file so it doesn't do that.

I'm guessing in your attempts to get things working you may have mangled 
the example users file, you might want to start with the unaltered users 
file and just add your test user.

All this is documented in the link I sent you a week ago:
http://deployingradius.com/documents/configuration/pap.html

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



More information about the Freeradius-Users mailing list