Troubleshooting Help Request

Todd H Raymond traymond at csc.com
Wed Oct 21 19:19:41 CEST 2015


   All-
   Unix background (years ago). Noob to Linux (vocab, tech, etc), no
   networking experience or background, noob to FreeRadius.

   This request concerns an issue I see often in the posts. Yet, for all
   the efforts made leveraging the posted answers, I have failed to
   resolve this common question. My assigned task was is to successfully
   install and configure the freeradius (2.2.6) for AAA Server and 802.1x
   review. At this stage I have installed it, and got it to reject all
   attempts to authenticate my test user.

   I have attached the output from the raddb -X server run in debug as
   well as the client side test user attempt using radtest.



   I have followed the "startup and test" recommendations that are in the
   freeradius website. I have modified (SIMPLY) the /etc/raddb/users file
   as recommended. I naively expected the server to authenticate with
   "Access-Accept". I have reset the users, raddb_conf and clients_conf
   files to the originals and run the same tests again. I have replaced
   the ipaddress for localhost with localhost. I have tried to insert with
   the user the companies NAS IP address which differs form the NAS ip set
   to localhost I see in some test basics examples online. I DO see the
   company's IPaddress for the NAS in the output of the debug run. Running
   as user "test", "testuser", etc. has failed (examples from online
   tutorials). I have even inserted user root and root password (thinking
   that authentication failed at bladeserver/CompanyNAS/freeradius server
   PAP tests. I am only trying to get this running using PAP at the moment
   (one challenge at a time). All attempts have failed to result in
   Access-Accept. All have returned Access-Rejected. At least it works
   there.

   One thing I have NOT done is set up a new client in the client.conf
   file. This is because I read over and over again that the basic setup
   should not be changed and it should run successfully during this basic
   PAP configuration test.



   I have checked and rechecked all (at least as far as I know)
   "known-good" passwords and they match (input and config files). I
   assume its not authenticating at the NAS. But when I set it up with
   root and root password as the user, that failed as well. I am afraid
   due to my lack of experience, I may not know what question SHOULD be
   asked to troubleshoot and successfully configure the freeradius/radtest
   testrun.

   I ask for your help, please. Thank you.

   From Server Run output

   (0) pap: WARNING: No "known good" password found for the user.  Not
   setting Auth-Type(0) pap: WARNING: Authentication will fail unless a
   "known good" password is available(0)     [pap] = noop(0)   } #
   authorize = ok(0) ERROR: No Auth-Type found: rejecting the user via
   Post-Auth-Type = Reject(0) Failed to authenticate the user

   Environment

   RHEL6, bladeservers, freelinux 2.2.6 RPM file used, I did NOT build
   from src.
   This is a PRIVATE message. If you are not the intended recipient,
   please delete without copying and kindly advise us by e-mail of the
   mistake in delivery. NOTE: Regardless of content, this e-mail shall not
   operate to bind CSC to any order or other contract unless pursuant to
   explicit written agreement or government initiative expressly
   permitting the use of e-mail for such purpose.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SubmissionRunText_client.txt
Type: application/octet-stream
Size: 384 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151021/0746077b/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SubmissionRunText_raddb-X.txt
Type: application/octet-stream
Size: 26010 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151021/0746077b/attachment-0003.obj>


More information about the Freeradius-Users mailing list