ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
Mustafa Mujahid/SYS
mustafa.mujahid at nayatel.com
Thu Jan 19 07:44:21 CET 2017
Hello,
Turns out there is no problem with my configuration. The change at DB
end is causing the problem. Changing from Password to Cleartext-Password
causes PAP to give error of "No Auth-Type" and "No "known good" password
found for the user" . When I tested the same with an already working
radius 2.x it returned the error mentioned above. Then reverting the DB
attribute pack to "Password" solved the issue and the user was able to
authenticate. How can I mitigate this issue.
I read this http://freeradius.org/radiusd/man/rlm_pap.html#lbAD
It says
Qoute <
It is important to understand the difference between the User-Password
and Cleartext-Password attributes. The Cleartext-Password attribute is
the "known good" password for the user. Simply supplying the
Cleartext-Password to the server will result in most authentication
methods working.
Unqoute >
So , I'm having trouble understanding what else is missing, Does it have
something to do with headers? I have attached a screen shot of my
radcheck Table from the test oracle DB.Any help on the matter would be
greatly appreciated.
*Mustafa Mujahid | Systems*
On 01/18/2017 09:39 PM, Alan DeKok wrote:
>> On Jan 18, 2017, at 11:35 AM, Mustafa Mujahid/SYS <mustafa.mujahid at nayatel.com> wrote:
>>
>> Hello,
>>
>> I was working with free radius 3.0.12 and received the below errors in debug output.
> You need to read the debug output. ALL OF IT.
>
> Reading only part of it means you're ignoring messages which will help you solve the problem.
>
>> I was reading this :
>>
>> Qoute <
>>
>> When a RADIUS packet contains a clear-text password in the form of a User-Password attribute, the/rlm_pap/module may be used for authentication. The module requires a "known good" password, which it uses to validate the password given in the RADIUS packet. That "known good" password must be supplied by another module (e.g./rlm_files/,/rlm_ldap/, etc.), and is usually taken from a database.
>>
>> Unqoute >
>>
>> But I'm having a bit of trouble understanding. In my DB the Attribute is Cleartext-Password , which corresponds to a plain text password. So then why is this error generated. And how to mitigate it. What am I missing.
> Since you haven't said what you did, I can only guess.
>
> If you follow the documentation, it WILL WORK. See the Wiki:
>
> http://wiki.freeradius.org/modules/Rlm_sql
>
>> The authorize section of my /etc/raddb/sites-enabled/default is read as:
> If you don't understand how the server works, you should NOT edit the default virtual server. Make ONE change at a time. Then, test the change, before making another one.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4331 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170119/3fc17dd1/attachment-0001.png>
More information about the Freeradius-Users
mailing list