Access request-access reject
dorra aa
dj_dido2003 at hotmail.com
Thu May 13 12:47:46 CEST 2010
> Date: Thu, 13 May 2010 11:01:10 +0100
> From: A.L.M.Buxey at lboro.ac.uk
> To: freeradius-users at lists.freeradius.org
> Subject: Re: Access request-access reject
>
> Hi,
>
> > I found in users file that line:
> > DEFAULT Auth-Type = System
>
> comment this line out and restart the daemon
> remove calls to 'unix' from your configuration
> if you dont want to even think about /etc/passwd
i commented it like that:
#DEFAULT Auth-Type = System
Fall-Through = 1
also in file radiusd.conf:
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
Auth-Type PAP {
pap
}
#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
Auth-Type CHAP {
chap
}
#
# MSCHAP authentication.
Auth-Type MS-CHAP {
mschap
}
#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authorize' section.
# digest
#
# Pluggable Authentication Modules.
# pam
#
# See 'man getpwent' for information on how the 'unix'
# module checks the users password. Note that packets
# containing CHAP-Password attributes CANNOT be authenticated
# against /etc/passwd! See the FAQ for details.
#
unix
# Uncomment it if you want to use ldap for authentication
#
# Note that this means "check plain-text password against
# the ldap database", which means that EAP won't work,
# as it does not supply a plain-text password.
# Auth-Type LDAP {
# ldap
# }
#
# Allow EAP authentication.
eap
}
i commented :unix
...
and i have this output in the deamon:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:40128, id=130, length=55
User-Name = "abc"
User-Password = "123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "abc", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 153
users: Matched entry abc at line 216
modcall[authorize]: module "files" returns ok for request 0
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
modcall[authenticate]: module "unix" returns notfound for request 0
modcall: leaving group authenticate (returns notfound) for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 130 to 127.0.0.1 port 40128
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 130 with timestamp 4bebd86e
Nothing to do. Sleeping until we see a request.
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_________________________________________________________________
Hotmail: Free, trusted and rich email service.
https://signup.live.com/signup.aspx?id=60969
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100513/52f3b3fc/attachment.html>
More information about the Freeradius-Users
mailing list