ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user

Adam Cage adamcage27 at gmail.com
Mon Sep 25 16:13:42 CEST 2017 

People, I have working OK a Freeradius with AD Authentication and LDAP
Authorization. Everything is OK when I use my service to authenticate users
for the WiFi service.

But now I want to add a Cisco Firepower IPS authentication, and I fail. The
Cisco Firepower IPS has a Radius configuration interface where I fill out
all the basic necessary data: Radius IP and port, Secret and Default User
Role.

In the Freeradius server, I have edited
/etc/freeradius/sites-available/defaullt and inner-tunnel files, adding a
clause similar to the current ones, as follow (the unique condition is the
user belongs to IPS LDAP group):

if .....
.......
elsif (LDAP-Group == "IPS") {
                        update reply {
                        Reply-Message = "Hello %{User-Name}: Access enabled
to Firepower"
                        }
                        ok
                }
else {
                reject
        }

and the Freeradius debug output is this:

rlm_ldap::ldap_groupcmp: User found in group WiFi-Corp
  [ldap] ldap_release_conn: Release Id: 0
? Evaluating (LDAP-Group == "IPS") -> TRUE
++? elsif (LDAP-Group == "IPS") -> TRUE
++elsif (LDAP-Group == "IPS") {
+++update reply {
        expand: Hello %{User-Name}: Access enabled to Firepower -> Hello
adam: Access enabled to Firepower
+++} # update reply = noop
+++[ok] = ok
++} # elsif (LDAP-Group == "IPS") = ok
++ ... skipping else for request 203: Preceding "if" was taken
+} # group authorize = ok
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
Using Post-Auth-Type REJECT
# Executing group from file /etc/freeradius/sites-enabled/default
+group REJECT {
[attr_filter.access_reject]     expand: %{User-Name} -> adam
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 203 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 203
Sending Access-Reject of id 147 to 172.20.1.1 port 52154
        Reply-Message = "Hello adam: Access enabled to Firepower"


Please can you help me???

Special thanks :)

ADAM

More information about the Freeradius-Users mailing list