ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject

Mustafa Mujahid/SYS mustafa.mujahid at nayatel.com
Thu Jan 19 07:44:21 CET 2017


Hello,

Turns out there is no problem with my configuration. The change at DB 
end is causing the problem. Changing from Password to Cleartext-Password 
causes PAP to give error of "No Auth-Type" and "No "known good" password 
found for the user" . When I tested the same with an already working 
radius 2.x it returned the error mentioned above. Then reverting the DB 
attribute pack to "Password" solved the issue and the user was able to 
authenticate. How can I mitigate this issue.

  I read this http://freeradius.org/radiusd/man/rlm_pap.html#lbAD

It says

Qoute <


It is important to understand the difference between the User-Password 
and Cleartext-Password attributes. The Cleartext-Password attribute is 
the "known good" password for the user. Simply supplying the 
Cleartext-Password to the server will result in most authentication 
methods working.

Unqoute >


So , I'm having trouble understanding what else is missing, Does it have 
something to do with headers? I have attached a screen shot of my 
radcheck Table from the test oracle DB.Any help on the matter would be 
greatly appreciated.


*Mustafa Mujahid | Systems*


On 01/18/2017 09:39 PM, Alan DeKok wrote:
>> On Jan 18, 2017, at 11:35 AM, Mustafa Mujahid/SYS <mustafa.mujahid at nayatel.com> wrote:
>>
>> Hello,
>>
>> I was working with free radius 3.0.12 and received the below errors in debug output.
>    You need to read the debug output.  ALL OF IT.
>
>    Reading only part of it means you're ignoring messages which will help you solve the problem.
>
>> I was reading this :
>>
>> Qoute <
>>
>> When a RADIUS packet contains a clear-text password in the form of a User-Password attribute, the/rlm_pap/module may be used for authentication. The module requires a "known good" password, which it uses to validate the password given in the RADIUS packet. That "known good" password must be supplied by another module (e.g./rlm_files/,/rlm_ldap/, etc.), and is usually taken from a database.
>>
>> Unqoute >
>>
>> But I'm having a bit of trouble understanding. In my DB the Attribute is Cleartext-Password , which corresponds to a plain text password. So then why is this error generated. And how to mitigate it. What am I missing.
>    Since you haven't said what you did, I can only guess.
>
>    If you follow the documentation, it WILL WORK.  See the Wiki:
>
> http://wiki.freeradius.org/modules/Rlm_sql
>
>> The authorize section of my /etc/raddb/sites-enabled/default  is read as:
>    If you don't understand how the server works, you should NOT edit the default virtual server.  Make ONE change at a time.  Then, test the change, before making another one.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4331 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170119/3fc17dd1/attachment-0001.png>


More information about the Freeradius-Users mailing list