pap always returns noop for windows dialup authentication
paul trader
fliptop at igolinux.com
Mon Sep 23 18:33:10 CEST 2013
hi all - i've recently tried upgrading from v1 to v2. on a centos 6.4 box
w/ all latest updates, i installed freeradius v2, added one username and
password to /etc/raddb/users:
test Cleartext-Password := "testing"
and the radtest command-line authentication works. i then added one
client for our blade server to /etc/raddb/clients.conf:
client x.x.x.x {
secret = xxxxx
shortname = 3coms
}
substituting the correct ip and secret for the x's.
testing from my linux box w/ a modem, authentication works. output from
radiusd -X shows all is well, my linux box receives an ip address and dns
servers. relavant -X debug output shows:
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "testing"
[pap] Using clear text password "testing"
[pap] User authenticated successfully
++[pap] returns ok
however, when trying to authenticate from a windows box, authentication
fails. every time. i've tried it from a windows xp machine and 2 windows
7 machines. the debug output always says:
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
i've been over and over everything a dozen times, have tried changing the
windows dialup security settings to use pap only, and also have tried
adding the following line to the users file:
Auth-Type = PAP
even though everything i've read said not to do that. still doesn't work.
the only changes i've made to the default installation are to the users
and clients.conf files. i have spent hours searching the internet for a
similar problem/solution and come up empty. windows boxes will not
authenticate, pap always returns noop, and the user is rejected.
am i doing something glaringly wrong, or just going plain crazy?
regards, paul
More information about the Freeradius-Users
mailing list