..::Huntgroup Issues::..
Alfonso Alejandro Reyes Jiménez
conesh at gmail.com
Fri Sep 3 20:19:19 CEST 2010
Thanks, now its working. I was trying to authenticate with the
localhost, when I tried to use the device everything works great.
Thanks for your help.
Regards.
Alfonso.
El 03/09/2010 06:18 a.m., Carlos Eduardo Tavares Terra escribió:
> Maybe the problem is here:
>
> rad_recv: Access-Request packet from host 127.0.0.1 port 6729, id=139,
> length=58
> User-Name = "steve2"
> User-Password = "testing"
> * NAS-IP-Address = 192.168.2.251*
> NAS-Port = 10
>
>
>
> 2010/9/1 Alfonso Alejandro Reyes Jiménez <conesh at gmail.com
> <mailto:conesh at gmail.com>>
>
> Thanks for the advice to everyone.
>
> As per your recomendation we changed the users file with the
> following line:
>
> steve2 Cleartext-Password := "testing", Huntgroup-Name ==
> "arcsight"
>
> but we got the same result access-reject.
>
> And we got the following output:
>
> rad_recv: Access-Request packet from host 127.0.0.1 port 6729,
> id=139, length=58
> User-Name = "steve2"
> User-Password = "testing"
> NAS-IP-Address = 192.168.2.251
> NAS-Port = 10
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "steve2", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
>
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> _/No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user/_
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> steve2
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 0 for 1 seconds
>
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 0
> Sending Access-Reject of id 139 to 127.0.0.1 port 6729
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 139 with timestamp +5
>
> I have a question, we remove the autentication value and the debug
> shows that it is looking for it, why is that?
>
> May be someone that has the huntgroups running can send the
> examples of the users and huntgroups files, that may help a lot.
>
> Thanks in advance.
>
> Regards
>
> Alfonso.
>
> El 24/08/2010 04:46 a.m., Alan DeKok escribió:
>> Alfonso Alejandro Reyes Jiménez wrote:
>>> Hi, I'm trying to use the huntgroup feature on the freeradius software
>>> with out luck. I think I'm missing something that's why I'm sending this
>>> email maybe you can help me.
>> You should read the debug output of the server. The answer is in there.
>>
>>> users file at the end:
>>>
>>> alfonso Auth-Type := Local, User-Password == "testing", Huntgroup-Name
>>> == "squid"
>> <sigh> Don't set Auth-Type. Use "Cleartext-Password := ...", and not
>> "User-Password == ..."
>>
>>> Here's the output of the debug, it seems that it doesn't find the config
>>> file.
>> No. It finds the DEFAULT entry earlier in the file.
>>
>> Why? This is documented. Read the comments at the top of the "users"
>> file. Read the "man users" page. Read the FAQ for an example of how to
>> configure a test user.
>>
>> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
> --
> Carlos Eduardo Tavares Terra
> Red Hat Certified Engineer
> Consultor em Administração de Redes Linux
> GNU/Linux #413291 [http://counter.li.org]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100903/004e2fb7/attachment.html>
More information about the Freeradius-Users
mailing list