Freeradius with google authenticator gives error - No "known good" password found for the use
prasanna.tuladhar at gmail.com
Tue Mar 10 18:00:00 CET 2020
Thanks for your hint. I solved this and PAM authenticator was working. The
soft-link was destroyed since I was using sed editor to append lines. After
I recreated symlink everything worked smoothly
ln -s /etc/raddb/users ./mods-config/files/authorize
On Tue, Mar 10, 2020 at 5:23 PM prasanna <prasanna.tuladhar at gmail.com>
> Thanks Alan,
> > DEFAULT Group == "disabled", Auth-Type := Reject
> > Reply-Message = "Your account has been disabled."
> > DEFAULT Auth-Type := PAM
> Ok... *where* in the file was this added?
> >>> This is in line 67-68 of /etc/raddb/users. I only appended DEFAULT
> Auth-Type := PAM in line 68 . The section "DEFAULT Group == "disabled",
> Auth-Type := Reject..." was only commented out but was already existing
> I seriously doubt if the file "/etc/raddb/users"is being read by
> freeradius. I might have converted it to normal file. I do not see symlink
> when issuing ls-al command
> ls -al /etc/raddb/users
> -rw-r----- 1 root radiusd 7127 Mar 9 20:37 /etc/raddb/users
> how can I check this or convert into user file ?
> On Tue, Mar 10, 2020 at 3:21 PM Alan DeKok <aland at deployingradius.com>
>> On Mar 9, 2020, at 5:40 PM, prasanna <prasanna.tuladhar at gmail.com> wrote:
>> > I am new to freeradius and after going through docs and user faq I was
>> > able to solve this issue after multiple checks in my config.
>> > freeradius version is 3.0.13
>> > I am using Linux ( from Amazon AWS HVM2 64 bit ) and using the EC2 box
>> > My VPC CIDR range (or client machines are ) : 10.0.0.0/16
>> > I used the scripts below to install
>> That information isn't necessary. We only need the debug output.
>> *All* of the documentation makes this clear.
>> > Enabled PAM in file/etc/sites-available/default by removing the '#' pam
>> > comment
>> > Enabled PAM as default authentication type in /etc/raddb/users by
>> > comment on DEFAULT Group and adding DEFAULT Auth-Type := PAM line
>> > DEFAULT Group == "disabled", Auth-Type := Reject
>> > Reply-Message = "Your account has been disabled."
>> > DEFAULT Auth-Type := PAM
>> Ok... *where* in the file was this added?
>> And are you sure that the server is reading that file? It's normally a
>> symlink to mods-config/files/authorize. Maybe you changed the "users" file
>> to a normal file, in which case FreeRADIUS isn't reading it.
>> > ...
>> > (2) [eap] = noop
>> > (2) [files] = noop
>> So nothing in the "users" file matched.
>> Make sure that you're editing the right file, *and* that FreeRADIUS is
>> reading it.
>> Alan DeKok.
>> List info/subscribe/unsubscribe? See
More information about the Freeradius-Users