freeradius authentication against gmail

Eero Volotinen eero.volotinen at iki.fi
Wed Oct 4 08:46:15 CEST 2017 

Works fine from radtest, but when using wlan authentication via wireless
wlan, it says something like:

suffix: Checking for suffix after "@"
(23) suffix: No '@' in User-Name = "eero", looking up realm NULL
(23) suffix: No such realm "NULL"
(23)     [suffix] = noop
(23) eap: Peer sent EAP Response (code 2) ID 2 length 6
(23) eap: No EAP Start, assuming it's an on-going EAP conversation
(23)     [eap] = updated
(23) files: users: Matched entry DEFAULT at line 65
(23)     [files] = ok
(23)     [expiration] = noop
(23)     [logintime] = noop
(23) pap: WARNING: No "known good" password found for the user.  Not
setting Auth-Type
(23) pap: WARNING: Authentication will fail unless a "known good" password
is available
(23)     [pap] = noop
(23)   } # authorize = updated
(23) Found Auth-Type = pam
(23) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(23)   authenticate {
(23) pam: Attribute "User-Password" is required for authentication
(23)     [pam] = invalid
(23)   } # authenticate = invalid
(23) Failed to authenticate the user
(23) Using Post-Auth-Type Reject
(23) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(23)   Post-Auth-Type REJECT {
(23) attr_filter.access_reject: EXPAND %{User-Name}
(23) attr_filter.access_reject:    --> eero
(23) attr_filter.access_reject: Matched entry DEFAULT at line 11
(23)     [attr_filter.access_reject] = updated

Eero


2017-10-03 20:26 GMT+03:00 Alan Buxey <alan.buxey at gmail.com>:

> radiusd -X
>
> What client, what configuration - was EAP-TTLS/PAP being used? Did you call
> the module in the inner-tunnel?
>
> alan
>
>
> On 3 Oct 2017 6:07 pm, "Eero Volotinen" <eero.volotinen at iki.fi> wrote:
>
> I already code my pam-imap module. works fine with radtest, but not from
> wlan controller. any ideas why?
>
> Eero
>
> 3.10.2017 18.41 "Arran Cudbard-Bell" <a.cudbardb at freeradius.org>
> kirjoitti:
>
>
>
> > On 3 Oct 2017, at 21:05, Eero Volotinen <eero.volotinen at iki.fi> wrote:
> >
> > Is there example of that kind of configuration?
>
> I think I saw it when I was browsing through GitHub for 3rd party modules.
> IIRC someone did it in Perl.
>
> -Arran
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>

More information about the Freeradius-Users mailing list