ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Adam Cage
adamcage27 at gmail.com
Mon Sep 25 16:13:42 CEST 2017
People, I have working OK a Freeradius with AD Authentication and LDAP
Authorization. Everything is OK when I use my service to authenticate users
for the WiFi service.
But now I want to add a Cisco Firepower IPS authentication, and I fail. The
Cisco Firepower IPS has a Radius configuration interface where I fill out
all the basic necessary data: Radius IP and port, Secret and Default User
Role.
In the Freeradius server, I have edited
/etc/freeradius/sites-available/defaullt and inner-tunnel files, adding a
clause similar to the current ones, as follow (the unique condition is the
user belongs to IPS LDAP group):
if .....
.......
elsif (LDAP-Group == "IPS") {
update reply {
Reply-Message = "Hello %{User-Name}: Access enabled
to Firepower"
}
ok
}
else {
reject
}
and the Freeradius debug output is this:
rlm_ldap::ldap_groupcmp: User found in group WiFi-Corp
[ldap] ldap_release_conn: Release Id: 0
? Evaluating (LDAP-Group == "IPS") -> TRUE
++? elsif (LDAP-Group == "IPS") -> TRUE
++elsif (LDAP-Group == "IPS") {
+++update reply {
expand: Hello %{User-Name}: Access enabled to Firepower -> Hello
adam: Access enabled to Firepower
+++} # update reply = noop
+++[ok] = ok
++} # elsif (LDAP-Group == "IPS") = ok
++ ... skipping else for request 203: Preceding "if" was taken
+} # group authorize = ok
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
Using Post-Auth-Type REJECT
# Executing group from file /etc/freeradius/sites-enabled/default
+group REJECT {
[attr_filter.access_reject] expand: %{User-Name} -> adam
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 203 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 203
Sending Access-Reject of id 147 to 172.20.1.1 port 52154
Reply-Message = "Hello adam: Access enabled to Firepower"
Please can you help me???
Special thanks :)
ADAM
More information about the Freeradius-Users
mailing list