Freeradius with google authenticator gives error - No "known good" password found for the use
prasanna
prasanna.tuladhar at gmail.com
Tue Mar 10 17:23:54 CET 2020
Thanks Alan,
> DEFAULT Group == "disabled", Auth-Type := Reject
> Reply-Message = "Your account has been disabled."
>
> DEFAULT Auth-Type := PAM
Ok... *where* in the file was this added?
>>> This is in line 67-68 of /etc/raddb/users. I only appended DEFAULT
Auth-Type := PAM in line 68 . The section "DEFAULT Group == "disabled",
Auth-Type := Reject..." was only commented out but was already existing
before.
I seriously doubt if the file "/etc/raddb/users"is being read by
freeradius. I might have converted it to normal file. I do not see symlink
when issuing ls-al command
ls -al /etc/raddb/users
-rw-r----- 1 root radiusd 7127 Mar 9 20:37 /etc/raddb/users
how can I check this or convert into user file ?
On Tue, Mar 10, 2020 at 3:21 PM Alan DeKok <aland at deployingradius.com>
wrote:
> On Mar 9, 2020, at 5:40 PM, prasanna <prasanna.tuladhar at gmail.com> wrote:
> > I am new to freeradius and after going through docs and user faq I was
> not
> > able to solve this issue after multiple checks in my config.
> >
> > freeradius version is 3.0.13
> > I am using Linux ( from Amazon AWS HVM2 64 bit ) and using the EC2 box
> > My VPC CIDR range (or client machines are ) : 10.0.0.0/16
> >
> > I used the scripts below to install
>
> That information isn't necessary. We only need the debug output. *All*
> of the documentation makes this clear.
>
> > Enabled PAM in file/etc/sites-available/default by removing the '#' pam
> > comment
> >
> > Enabled PAM as default authentication type in /etc/raddb/users by
> removing
> > comment on DEFAULT Group and adding DEFAULT Auth-Type := PAM line
> >
> > DEFAULT Group == "disabled", Auth-Type := Reject
> > Reply-Message = "Your account has been disabled."
> >
> > DEFAULT Auth-Type := PAM
>
> Ok... *where* in the file was this added?
>
> And are you sure that the server is reading that file? It's normally a
> symlink to mods-config/files/authorize. Maybe you changed the "users" file
> to a normal file, in which case FreeRADIUS isn't reading it.
>
> > ...
> > (2) [eap] = noop
> > (2) [files] = noop
>
> So nothing in the "users" file matched.
>
> Make sure that you're editing the right file, *and* that FreeRADIUS is
> reading it.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list