..::Huntgroup Issues::..

Alfonso Alejandro Reyes Jiménez conesh at gmail.com
Wed Sep 1 22:44:18 CEST 2010 

  Thanks for the advice to everyone.

As per your recomendation we changed the users file with the following line:

steve2    Cleartext-Password := "testing", Huntgroup-Name == "arcsight"

but we got the same result access-reject.

And we got the following output:

rad_recv: Access-Request packet from host 127.0.0.1 port 6729, id=139, 
length=58
         User-Name = "steve2"
         User-Password = "testing"
         NAS-IP-Address = 192.168.2.251
         NAS-Port = 10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "steve2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  
Authentication may fail because of this.
++[pap] returns noop
_/No authenticate method (Auth-Type) configuration found for the 
request: Rejecting the user/_
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> steve2
  attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 139 to 127.0.0.1 port 6729
Waking up in 4.9 seconds.
Cleaning up request 0 ID 139 with timestamp +5

I have a question, we remove the autentication value and the debug shows 
that it is looking for it, why is that?

May be someone that has the huntgroups running can send the examples of 
the users and huntgroups files, that may help a lot.

Thanks in advance.

Regards

Alfonso.

El 24/08/2010 04:46 a.m., Alan DeKok escribió:
> Alfonso Alejandro Reyes Jiménez wrote:
>> Hi, I'm trying to use the huntgroup feature on the freeradius software
>> with out luck. I think I'm missing something that's why I'm sending this
>> email maybe you can help me.
>    You should read the debug output of the server.  The answer is in there.
>
>> users file at the end:
>>
>> alfonso  Auth-Type := Local, User-Password == "testing", Huntgroup-Name
>> == "squid"
>    <sigh>   Don't set Auth-Type.  Use "Cleartext-Password := ...", and not
> "User-Password == ..."
>
>> Here's the output of the debug, it seems that it doesn't find the config
>> file.
>    No.  It finds the DEFAULT entry earlier in the file.
>
>    Why?  This is documented.  Read the comments at the top of the "users"
> file.  Read the "man users" page.  Read the FAQ for an example of how to
> configure a test user.
>
>    Alan DeKok.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100901/6de2a7f1/attachment.html>

More information about the Freeradius-Users mailing list