ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user

Alan DeKok aland at
Mon Sep 25 18:10:49 CEST 2017

On Sep 25, 2017, at 12:01 PM, Adam Cage <adamcage27 at> wrote:
> For WiFi service, I authenticate the users against te AD following Alan
> Dekok's tutorial...that works OK. And also I authorize the users against
> LDAP (from AD), enabling ldap line in default and inner-tunnel files and
> evaluating if users belong or not to given certain groups using the
> Ldap-Groups attribute...that works OK too.

  That's good, but you already said that.  Please focus on fixing the problem, not describing things that already work.

> Now I have an IPS device, with 3 users that have to manage it and they
> belong to a LDAP group that is used in the WiFi service, so I think the
> police is the same.

  You "think"?  Are these people doing WiFi authentication when the log into the IPS device?

> In this case I want to authenticate any of these 3
> users, and authorize them evaluating if they belong to the IPS group. I
> think the authentication method is the same as I'm using right now for WiFi
> service (defined for AD as described in Alan Dekok's tutorial).

  While they might still authenticate to AD, the policies are rather different.

> Please, should I add more details or can you hel me???

  read raddb/sites-available/README

  You will want create a *new* virtual server, specifically for the IPS rules.

  Copy the "default" virtual server.  Change the name to "server ips { ...}".  Delete all references to EAP.  Set up the IPS client in clients.conf with "virtual_server = ips"

  The problem is that you don't know what the differences are between WiFi auth and the authentication used by the IPS server.  You can run the server in debug mode, and READ THE OUTPUT to see the differences.  They're not the same.

  You can also read the documentation I suggested that you read.

  Or, you can keep trying random things, and never get the problem solved.

  Alan DeKok.

More information about the Freeradius-Users mailing list