still not working (newbie for radius)
gahn
ipfreak at yahoo.com
Sun Sep 19 23:35:55 CEST 2010
Hi all:
I apologize for the emails for such simple issue...:)
it is still not working. I have done all of your guys advised and tried to read through the documents, but...:(
here is my "client.conf" file:
client 192.168.255.138 {
secret = testing123
nastype = juniper
}
for my "users" file:
bob Auth-Type := Local
User-Password = "bob",
Juniper-Local-User-Name = "labrat"
I started radius with "radiusd -X" and also started tcpdump process.
here is what i got from freerediaus debugging:
rad_recv: Access-Request packet from host 192.168.255.138 port 54462, id=202, length=57
User-Name = "bob"
User-Password = "bob"
NAS-Identifier = "lab-r8"
NAS-IP-Address = 150.150.0.1
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "bob", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry bob at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = Local
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No "known good" password was configured for the user.
As a result, we cannot authenticate the user.
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> bob
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 202 to 192.168.255.138 port 54462
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.255.138 port 54462, id=202, length=57
Sending duplicate reply to client r8 port 54462 - ID: 202
Sending Access-Reject of id 202 to 192.168.255.138 port 54462
Waking up in 2.9 seconds.
Cleaning up request 0 ID 202 with timestamp +11
rad_recv: Access-Request packet from host 192.168.255.138 port 54462, id=202, length=57
User-Name = "bob"
User-Password = "bob"
NAS-Identifier = "lab-r8"
NAS-IP-Address = 150.150.0.1
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "bob", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry bob at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = Local
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No "known good" password was configured for the user.
As a result, we cannot authenticate the user.
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> bob
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 202 to 192.168.255.138 port 54462
Waking up in 4.9 seconds.
Cleaning up request 1 ID 202 with timestamp +18
Ready to process requests.
for tcpdump:
17:07:11.998936 IP 192.168.255.138.54462 > 192.168.255.128.radius: RADIUS, Access Request (1), id: 0xca length: 57
17:07:14.999487 IP 192.168.255.138.54462 > 192.168.255.128.radius: RADIUS, Access Request (1), id: 0xca length: 57
Interestingly, I only saw 'Access Request" came in, but I didn't see Access Reject messages.
any help would be greatly appreciated.
gahn
More information about the Freeradius-Users
mailing list