Authentication Problem
john decot
johndecot at yahoo.com
Tue May 24 06:36:18 CEST 2011
I have backup from working server but still not working
Please find the log:
success Log:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 52710, id=55, length=59
User-Name = "rajnish"
User-Password = "rajnish123"
NAS-IP-Address = x.x.x.x
NAS-Port = 0
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "rajnish", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> rajnish
[sql] sql_set_user escaped user --> 'rajnish'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck
WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op FROM radcheck WHERE
username = BINARY 'rajnish' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply
WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op FROM radreply WHERE
username = BINARY 'rajnish' ORDER BY id
[sql] expand: SELECT groupname FROM usergroup WHERE username =
BINARY '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname
FROM usergroup WHERE username = BINARY 'rajnish' ORDER BY
priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY
id -> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '128kbps_Unlimited' ORDER BY
id
[sql] User found in group 128kbps_Unlimited
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY
id -> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '128kbps_Unlimited' ORDER BY
id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
rlm_checkval: Could not find item named Calling-Station-Id in request
rlm_checkval: Could not find attribute named Calling-Station-Id in check pairs
++[station-check] returns notfound
rlm_checkval: Could not find item named NAS-Identifier in request
rlm_checkval: Could not find attribute named NAS-Identifier in check pairs
++[NAS-check] returns notfound
[expiration] Checking Expiration time: '18 Jan 2012'
++[expiration] returns ok
rlm_logintime: Checking Login-Time: 'Su-Sa0000-2400'
rlm_logintime: timestr returned unlimited
++[logintime] returns ok
++[pap] returns updated
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "rajnish123"
[pap] Using clear text password "rajnish123"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section session from file /usr/local/etc/raddb/sites-enabled/default
+- entering group session {...}
[radutmp] expand: /usr/local/var/log/radius/radutmp ->
/usr/local/var/log/radius/radutmp
[radutmp] expand: %{User-Name} -> rajnish
rlm_radutmp: Failed to check the terminal server for user 'rajnish'.
++[radutmp] returns fail
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 55 to 127.0.0.1 port 52710
Idle-Timeout := 600
Session-Timeout = 20618797
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Failure Log:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 58102, id=246,
length=55
User-Name = "bob"
User-Password = "bob"
NAS-IP-Address = x.x.x.x
NAS-Port = 0
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "bob", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> bob
[sql] sql_set_user escaped user --> 'bob'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck
WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op FROM radcheck WHERE
username = BINARY 'bob' ORDER BY id
[sql] expand: SELECT groupname FROM usergroup WHERE username =
BINARY '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname
FROM usergroup WHERE username = BINARY 'bob' ORDER BY
priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY
id -> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '256kbps_Unlimited' ORDER BY
id
[sql] User found in group 256kbps_Unlimited
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY
id -> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '256kbps_Unlimited' ORDER BY
id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
rlm_checkval: Could not find item named Calling-Station-Id in request
rlm_checkval: Could not find attribute named Calling-Station-Id in check pairs
++[station-check] returns notfound
rlm_checkval: Could not find item named NAS-Identifier in request
rlm_checkval: Could not find attribute named NAS-Identifier in check pairs
++[NAS-check] returns notfound
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'Su-Sa0000-2400'
rlm_logintime: timestr returned unlimited
++[logintime] returns ok
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the
user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> bob
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 246 to 127.0.0.1 port 58102
Waking up in 4.6 seconds.
Rgds,
John
________________________________
From: Fajar A. Nugraha <list at fajar.net>
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Sent: Tue, May 24, 2011 8:15:42 AM
Subject: Re: Authentication Problem
On Tue, May 24, 2011 at 9:20 AM, john decot <johndecot at yahoo.com> wrote:
> Hi ,
> I have been using freeradius-server-2.1.10 . Dialupadmin is using for web
> based administration. It was working fine till yesterday. I have changed
> added attribute to check Max-All-Session. Then I have face problem of
> No authenticate method (Auth-Type) found for the request: Rejecting the
> user
Max-All-Session alone should not cause that
>
> however the authorized section is working fine. After googling i have check
> with option default Auth-Type = Local but it was not success.
Normally you should never have to mess with Auth-Type, unless you're
doing some exotic setup (like LDAP bind with fallback to system user)
> this error
> occurs for new create user only , old user are authenticating normally.
>
> I have revert back my changes with removing attribute to check
> Max-All-Session but still the error exists.
... which again, simply confirms that Max-All-Session was not the
cause of the problem
>
> Please advise me.
You have changed something else and made it broken. Reverse that.
I use git to record changes in /etc/raddb so I can have a record of
what have changed. You might need something similar.
In the mean time, see
http://wiki.freeradius.org/index.php/FAQ#It_still_doesn.27t_work.21
Since you say only some users experience it, compare the log for both
the working and non-working user.
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110523/ef2f9783/attachment.html>
More information about the Freeradius-Users
mailing list