Not setting Auth-Type

Roberto Rios rrios at chattanooga.gov
Thu Aug 25 16:07:36 CEST 2016 

Ready to process requests
Received Access-Request Id 36 from 127.0.0.1:55677 to 127.0.0.1:1812 length
81
User-Name = 'yyyy1'
User-Password = 'xxxx1'
NAS-IP-Address = 10.0.45.44
NAS-Port = 0
Message-Authenticator = 0xd1c9ced51d4b2fb6529fcc61d622782c
(0) Received Access-Request packet from host 127.0.0.1 port 55677, id=36,
length=81
(0) User-Name = 'yyyy1'
(0) User-Password = 'xxxx1'
(0) NAS-IP-Address = 10.0.45.44
(0) NAS-Port = 0
(0) Message-Authenticator = 0xd1c9ced51d4b2fb6529fcc61d622782c
(0) # Executing section authorize from file /etc/raddb/sites-enabled/default
(0)   authorize {
(0)   filter_username filter_username {
(0)     if (!&User-Name)
(0)     if (!&User-Name)  -> FALSE
(0)     if (&User-Name =~ / /)
(0)     if (&User-Name =~ / /)  -> FALSE
(0)     if (&User-Name =~ /@.*@/ )
(0)     if (&User-Name =~ /@.*@/ )  -> FALSE
(0)     if (&User-Name =~ /\\.\\./ )
(0)     if (&User-Name =~ /\\.\\./ )  -> FALSE
(0)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
(0)     if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))   ->
FALSE
(0)     if (&User-Name =~ /\\.$/)
(0)     if (&User-Name =~ /\\.$/)   -> FALSE
(0)     if (&User-Name =~ /@\\./)
(0)     if (&User-Name =~ /@\\./)   -> FALSE
(0)   } # filter_username filter_username = notfound
(0)   [preprocess] = ok
(0)   [chap] = noop
(0)   [mschap] = noop
(0)   [digest] = noop
(0)  suffix : Checking for suffix after "@"
(0)  suffix : No '@' in User-Name = "yyyy1", looking up realm NULL
(0)  suffix : No such realm "NULL"
(0)   [suffix] = noop
(0)  eap : No EAP-Message, not doing EAP
(0)   [eap] = noop
(0)   [files] = noop
(0)  sql : EXPAND %{User-Name}
(0)  sql :    --> yyyy1
(0)  sql : SQL-User-Name set to 'yyyy1'
rlm_sql (sql): Reserved connection (4)
(0)  sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(0)  sql :    --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'yyyy1' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'yyyy1' ORDER BY id'
(0)  sql : EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(0)  sql :    --> SELECT groupname FROM radusergroup WHERE username =
'yyyy1' ORDER BY priority
rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE
username = 'yyyy1' ORDER BY priority'
(0)  sql : User not found in any groups
rlm_sql (sql): Released connection (4)
(0)   [sql] = notfound
rlm_ldap (ldap): Reserved connection (4)
(0)  ldap : EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(0)  ldap :    --> (uid=yyyy1)
(0)  ldap : EXPAND dc=testtn,dc=com
(0)  ldap :    --> dc=testtn,dc=com
(0)  ldap : Performing search in 'dc=testtn,dc=com' with filter
'(uid=yyyy1)', scope 'sub'
(0)  ldap : Waiting for search result...
rlm_ldap (ldap): Rebinding to URL ldap://
ForestDnsZones.testtn.com/DC=ForestDnsZones,DC=testtn,DC=com
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Rebinding to URL ldap://
DomainDnsZones.testtn.com/DC=DomainDnsZones,DC=testtn,DC=com
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Rebinding to URL ldap://
testtn.com/CN=Configuration,DC=testtn,DC=com
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Bind successful
(0)  ldap : Search returned no results
rlm_ldap (ldap): Deleting connection (4)
(0)   [ldap] = notfound
(0)   [expiration] = noop
(0)   [logintime] = noop
(0)  WARNING: pap : No "known good" password found for the user.  Not
setting Auth-Type
(0)  WARNING: pap : Authentication will fail unless a "known good" password
is available
(0)   [pap] = noop
(0)  } #  authorize = ok
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
Reject
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0)  Post-Auth-Type REJECT {
(0)  sql : EXPAND .query
(0)  sql :    --> .query
(0)  sql : Using query template 'query'
rlm_sql (sql): Reserved connection (4)
(0)  sql : EXPAND %{User-Name}
(0)  sql :    --> yyyy1
(0)  sql : SQL-User-Name set to 'yyyy1'
(0)  sql : EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')
(0)  sql :    --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'yyyy1', 'xxxx1', 'Access-Reject', '2016-08-25 09:56:07')
rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass,
reply, authdate) VALUES ( 'yyyy1', 'xxxx1', 'Access-Reject', '2016-08-25
09:56:07')'
rlm_sql (sql): Released connection (4)
(0)   [sql] = ok
(0)  attr_filter.access_reject : EXPAND %{User-Name}
(0)  attr_filter.access_reject :    --> yyyy1
(0)  attr_filter.access_reject : Matched entry DEFAULT at line 11
(0)   [attr_filter.access_reject] = updated
(0)  eap : Request didn't contain an EAP-Message, not inserting EAP-Failure
(0)   [eap] = noop
(0)   remove_reply_message_if_eap remove_reply_message_if_eap {
(0)     if (&reply:EAP-Message && &reply:Reply-Message)
(0)     if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(0)    else else {
(0)     [noop] = noop
(0)    } # else else = noop
(0)   } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(0)  } # Post-Auth-Type REJECT = updated
(0) Delaying response for 1 seconds
Waking up in 0.9 seconds.
(0) Sending delayed response
(0) Sending Access-Reject packet to host 127.0.0.1 port 55677, id=36,
length=0
Sending Access-Reject Id 36 from 127.0.0.1:1812 to 127.0.0.1:55677
Waking up in 3.9 seconds.
(0) Cleaning up request packet ID 36 with timestamp +12
Ready to process requests

Right now I am trying to have a working instance of radius with ldap auth,
but , yes I will be using PEAP for wireless authentication.
Thank you

More information about the Freeradius-Users mailing list