Troubleshooting Help Request
Todd H Raymond
traymond at csc.com
Wed Oct 21 19:19:41 CEST 2015
All-
Unix background (years ago). Noob to Linux (vocab, tech, etc), no
networking experience or background, noob to FreeRadius.
This request concerns an issue I see often in the posts. Yet, for all
the efforts made leveraging the posted answers, I have failed to
resolve this common question. My assigned task was is to successfully
install and configure the freeradius (2.2.6) for AAA Server and 802.1x
review. At this stage I have installed it, and got it to reject all
attempts to authenticate my test user.
I have attached the output from the raddb -X server run in debug as
well as the client side test user attempt using radtest.
I have followed the "startup and test" recommendations that are in the
freeradius website. I have modified (SIMPLY) the /etc/raddb/users file
as recommended. I naively expected the server to authenticate with
"Access-Accept". I have reset the users, raddb_conf and clients_conf
files to the originals and run the same tests again. I have replaced
the ipaddress for localhost with localhost. I have tried to insert with
the user the companies NAS IP address which differs form the NAS ip set
to localhost I see in some test basics examples online. I DO see the
company's IPaddress for the NAS in the output of the debug run. Running
as user "test", "testuser", etc. has failed (examples from online
tutorials). I have even inserted user root and root password (thinking
that authentication failed at bladeserver/CompanyNAS/freeradius server
PAP tests. I am only trying to get this running using PAP at the moment
(one challenge at a time). All attempts have failed to result in
Access-Accept. All have returned Access-Rejected. At least it works
there.
One thing I have NOT done is set up a new client in the client.conf
file. This is because I read over and over again that the basic setup
should not be changed and it should run successfully during this basic
PAP configuration test.
I have checked and rechecked all (at least as far as I know)
"known-good" passwords and they match (input and config files). I
assume its not authenticating at the NAS. But when I set it up with
root and root password as the user, that failed as well. I am afraid
due to my lack of experience, I may not know what question SHOULD be
asked to troubleshoot and successfully configure the freeradius/radtest
testrun.
I ask for your help, please. Thank you.
From Server Run output
(0) pap: WARNING: No "known good" password found for the user. Not
setting Auth-Type(0) pap: WARNING: Authentication will fail unless a
"known good" password is available(0) [pap] = noop(0) } #
authorize = ok(0) ERROR: No Auth-Type found: rejecting the user via
Post-Auth-Type = Reject(0) Failed to authenticate the user
Environment
RHEL6, bladeservers, freelinux 2.2.6 RPM file used, I did NOT build
from src.
This is a PRIVATE message. If you are not the intended recipient,
please delete without copying and kindly advise us by e-mail of the
mistake in delivery. NOTE: Regardless of content, this e-mail shall not
operate to bind CSC to any order or other contract unless pursuant to
explicit written agreement or government initiative expressly
permitting the use of e-mail for such purpose.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SubmissionRunText_client.txt
Type: application/octet-stream
Size: 384 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151021/0746077b/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SubmissionRunText_raddb-X.txt
Type: application/octet-stream
Size: 26010 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151021/0746077b/attachment-0003.obj>
More information about the Freeradius-Users
mailing list