pap always returns noop for windows dialup authentication

paul trader fliptop at
Mon Sep 23 18:33:10 CEST 2013

hi all - i've recently tried upgrading from v1 to v2.  on a centos 6.4 box 
w/ all latest updates, i installed freeradius v2, added one username and 
password to /etc/raddb/users:

test Cleartext-Password := "testing"

and the radtest command-line authentication works.  i then added one 
client for our blade server to /etc/raddb/clients.conf:

client x.x.x.x {
   secret = xxxxx
   shortname = 3coms

substituting the correct ip and secret for the x's.

testing from my linux box w/ a modem, authentication works.  output from 
radiusd -X shows all is well, my linux box receives an ip address and dns 
servers.  relavant -X debug output shows:

++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "testing"
[pap] Using clear text password "testing"
[pap] User authenticated successfully
++[pap] returns ok

however, when trying to authenticate from a windows box, authentication 
fails.  every time.  i've tried it from a windows xp machine and 2 windows 
7 machines.  the debug output always says:

[pap] WARNING! No "known good" password found for the user. 
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting 
the user
Failed to authenticate the user.
Using Post-Auth-Type Reject

i've been over and over everything a dozen times, have tried changing the 
windows dialup security settings to use pap only, and also have tried 
adding the following line to the users file:

Auth-Type = PAP

even though everything i've read said not to do that.  still doesn't work. 
the only changes i've made to the default installation are to the users 
and clients.conf files.  i have spent hours searching the internet for a 
similar problem/solution and come up empty.  windows boxes will not 
authenticate, pap always returns noop, and the user is rejected.

am i doing something glaringly wrong, or just going plain crazy?

regards, paul

More information about the Freeradius-Users mailing list