No authenticate method (Auth-Type) configuration found
Bereos OHG Michael Spinnenhirn
michael.spinnenhirn at bereos.eu
Wed Oct 20 15:51:45 CEST 2010
I did delete the client from clients.conf and tried radclient from the remote host:
echo "User-Name=guest,Password=guest" | radclient 172.
16.30.6:1812 auth radiussecret
I get the following error.
Ignoring request to authentication address * port 1812 from unknown client
172.16.20.10 port 36735
Ready to process requests
Then I re-entered (manually) the following lines to clients.conf:
client 172.16.20.10 {
secret = radiussecret
require_message_authenticator = no
}
client 172.16.30.6 {
secret = radiussecret
require_message_authenticator = no
}
The remote radclient gives the following debug output:
rad_recv: Access-Request packet from host 172.16.20.10 port 56195, id=36, length
=27
User-Name = "guest"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "guest", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> guest
rlm_sql (sql): sql_set_user escaped user --> 'guest'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op FROM radchec
k WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op FROM radcheck WHERE usern
ame = 'guest' ORDER BY id
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radrepl
y WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op FROM radreply WHERE usern
ame = 'guest' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE use
rname = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname
FROM radusergroup WHERE username = 'guest' ORDER BY pri
ority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: No clear-text password in the request. Not performing PAP.
++[pap] returns noop
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [guest/<no User-Password attribute>] (from client 172.16.20.10
port 0)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> guest
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 36 to 172.16.20.10 port 56195
Waking up in 4.9 seconds.
Cleaning up request 0 ID 36 with timestamp +10
Ready to process requests.
while the radclient on the local radius server receives no error:
rad_recv: Access-Request packet from host 172.16.30.6 port 42677, id=105, length=45
User-Name = "guest"
User-Password = "guest"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "guest", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> guest
rlm_sql (sql): sql_set_user escaped user --> 'guest'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id ->
SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'guest' ORDER BY id
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id ->
SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'guest' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname
FROM radusergroup WHERE username = 'guest' ORDER BY
priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "guest"
rlm_pap: Using clear text password "guest"
rlm_pap: User authenticated successfully
++[pap] returns ok
Login OK: [guest/guest] (from client 172.16.30.6 port 0)
+- entering group post-auth
rlm_sql (sql): Processing sql_postauth
expand: %{User-Name} -> guest
rlm_sql (sql): sql_set_user escaped user --> 'guest'
expand: %{User-Password} -> guest
expand: INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'guest', 'guest',
'Access-Accept', '2010-10-20 15:47:40')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'guest', 'guest',
'Access-Accept', '2010-10-20 15:47:40')
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 105 to 172.16.30.6 port 42677
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 105 with timestamp +20
Ready to process requests.
What else could be wrong here?
Alan DeKok schrieb:
> Bereos OHG Michael Spinnenhirn wrote:
>> auth: No authenticate method (Auth-Type) configuration found for the
>> request: Rejecting the user
>> auth: Failed to validate the user.
>> Login incorrect: [guest/MM\250f\375 \241Ñ?\247\007\242Ë?i\316] (from
>> client nas01 port 2 cli 00-0C-29-00-71-20)
>> WARNING: Unprintable characters in the password. Double-check
>> the shared secret on the server and the NAS!
>>
>> I allready checked the secret. It's the same in chilli config and
>> client.conf on the server.
>
> That message is pretty definitive.
>
> I suggest *deleting* the client. Then send the server packets.
> Verify that the server complains about "unknown client". Then, add the
> client again. This time re-entering all of the data, rather than
> copying it from your existing configuration.
>
> Also try "radtest" (or radclient) from the remote machine. There's no
> need to depend on Chillispot config when you can use the FreeRADIUS
> software to do the tests.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list