local user file authentication does not work
Alan DeKok
aland at deployingradius.com
Tue Jan 24 15:57:27 CET 2017
On Jan 23, 2017, at 11:16 PM, Seiichirou Hiraoka <seiichirou.hiraoka at gmail.com> wrote:
>
> In the environment of CentOS 7.3, FreeRADIUS 3.0.4, local users file
> (/etc/raddb/mods-config/files/authorize) can not authenticate.
Yes, they can.
> It is set to authenticate with mschap using inner-tunnel,
> and the following I confirmed that authentication succeeds
> with the command.
> (username at eduroam.test.edu is the user on the AD server)
>
> # radtest - t mschap username at eduroam.test.edu test 127.0.0.1: 1812 0
> testing 123
> Received Access-Accept Id 32 from 127.0.0.1: 1812 to 127.0.0.1: 42901 length 84
>
> Next, to monitor the service, add the following entry to local users file.
>
> radtest at eduroam.test.edu Cleartext - Password: = "test"
Odds are that you have a realm defined, which is "eduroam.test.edu".
> Running radtest in this state will fail.
>
> # radtest radtest at eduroam.test.edu test 127.0.0.1: 1812 0 testing 123
> Received Access-Reject Id 79 from 127.0.0.1: 1812 to 127.0.0.1: 55380 length 20
>
> Looking at the log (/var/log/radius/radius.log),
> files seems to be noop and is not recognized.
>
> (0) [suffix] = ok
> (0) eap: No EAP-Message, not doing EAP
> (0) [eap] = noop
> (0) [files] = noop <- This is wrong????
If only you could read the REST OF THE DEBUG OUTPUT to see what the server is doing.
> Please tell me how to do RADIUS authentication with local user file
> for service monitoring.
You use it as documented. And, you read the debug output.
ALL OF IT.
Alan DeKok.
More information about the Freeradius-Users
mailing list