files Authentication problem
alexdhelmet at free.fr
alexdhelmet at free.fr
Wed Nov 21 09:01:22 CET 2012
Hello,
I have a problem of authentication with the files method.
I am using freeradius: FreeRADIUS Version 2.1.10
I try to configure freeradius to have authentication with non-sensitive
password and user.
I am using ntradping to test my radius server.
In both case, ++[files] returns ok , so it seems to be ok.
But the client receive on ok, and one bad.
See the output of freeradius -X
NON-WORKING : the last C is in capital letter.
=============
rad_recv: Access-Request packet from host 100.100.16.3 port 44994, id=1,
length=57
User-Name = "00c51180d29c"
User-Password = "00c51180d29C"
Vendor-Specific = 0x383030
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[files] expand: %{User-Password} -> 00c51180d29C
[files] expand: %{tolower:%{User-Password}} -> 00c51180d29c
[files] users: Matched entry 00c51180d29c at line 2
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = Local
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
User-Password in the request does NOT match "known good" password.
Failed to authenticate the user.
Login incorrect: [00c51180d29c/00c51180d29C] (from client pc1461 port 0)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> 00c51180d29c
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
WORKING
=========
rad_recv: Access-Request packet from host 100.100.16.3 port 45055, id=3,
length=57
User-Name = "00c51180d29c"
User-Password = "00c51180d29c"
Vendor-Specific = 0x383030
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[files] expand: %{User-Password} -> 00c51180d29c
[files] expand: %{tolower:%{User-Password}} -> 00c51180d29c
[files] users: Matched entry 00c51180d29c at line 2
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = Local
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
User-Password in the request is correct.
Login OK: [00c51180d29c/00c51180d29c] (from client pcXX port 0)
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 3 to 100.100.16.3 port 45055
Alcatel-Lucent-Auth-Group = 4
Finished request 3.
Config of the files modules
====================
files {
# The default key attribute to use for matches. The content
# of this attribute is used to match the "name" of the
# entry.
#key = "%{Stripped-User-Name:-%{User-Name}}"
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
key = "%{tolower:%{User-Password}}"
case_sensitive = no
# If you want to use the old Cistron 'users' file
# with FreeRADIUS, you should change the next line
# to 'compat = cistron'. You can the copy your 'users'
# file from Cistron.
compat = no
}
Users file (all in lower letters)
========
"00c51180d29c" Auth-Type := Local, Cleartext-Password := "00c51180d29c"
Alcatel-Lucent-Auth-Group = 4
Thanks for the help.
Alexandre
More information about the Freeradius-Users
mailing list