Updating from 2.0 to 3.0 - ERROR: No Auth-Type found

Alberto Balsalm twellborn23 at gmail.com
Fri Jun 25 01:20:04 CEST 2021


On Thu, Jun 24, 2021 at 1:55 PM Alan DeKok <aland at deployingradius.com> wrote:
>
> On Jun 24, 2021, at 1:31 PM, Alberto Balsalm <twellborn23 at gmail.com> wrote:
> >
> > I recently updated my secondary RADIUS server from 2.X to 3.0.16. I am
> > running Daloradius with MySQL. I am trying to authenticate through SQL
> > via a user / group / NAS setup on DaloRadius, I receive "(0) ERROR: No
> > Auth-Type found: rejecting the user via Post-Auth-Type = Reject" when
> > attempting to authenticate via this secondary server.
>
>   You edited configuration and broke the server.  Don't do that.
>
>   For upgrades, start with the default configuration in v3.  Then, gradually make changes to copy over your v2 functionality.  See raddb/README.rst for full details.
>
>   If you make 15 changes and it doesn't work, you have no idea what's wrong.  If you make one change and it goes from working to not working, then you know exactly what's wrong.

> > My primary RADIUS server is still running a 2.X version of FreeRADIUS
> > and runs its own instance of Daloradius and MySQL. This primary server
> > functions fine and I am able to login via SQL authentication. The
> > configurations for FreeRADIUS, DaloRADIUS, and MySQL are essentially
> > mirrored, with changes being made on the secondary's config to
> > accommodate the update to 3.0.
>
>    Changes such as... ?

I started with default 3.0 config, and then added the listening ports
to radiusd.conf, enabled the MySQL module in mods-enabled/sql and
adjusted the sql module to read clients from the 'nas' table i had
created in MySQL, mirroring my previous configuration on 2.0.

> > Below is my Freeradius -X output for my secondary server.
> > ...
> > } # modules
> > radiusd: #### Loading Virtual Servers ####
> > server { # from file /etc/freeradius/3.0/radiusd.conf
> > } # server
>
>   Why did you add this?  i.e. you added an empty "server" section in the main radiusd.conf file.
>
>   Don't do that.  The default virtual server is this one:
>

After searching through my radiusd.conf, I cannot find any additional
server profile section at all. The edits I made to radiusd were adding
 listen sections, and tweaking a max_requests to match my previous
config. I can post my radiusd.conf if needed.

> > server default { # from file /etc/freeradius/3.0/sites-enabled/default
> > # Loading authenticate {...}
> > # Loading authorize {...}
> > Ignoring "ldap" (see raddb/mods-available/README.rst)
> > # Loading preacct {...}
> > # Loading accounting {...}
> > # Loading session {...}
> > # Loading post-proxy {...}
> > # Loading post-auth {...}
> > } # server default
>
>   It looked like you edited that a whole bunch, too.
>
> > server inner-tunnel { # from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
> > ...
> > Listening on auth address * port 62502
> > Listening on acct address * port 62503
> > Listening on auth address * port 1645
> > Listening on acct address * port 1646
>
>   None of those listeners are bound to a virtual server.  So they won't do anything.
>

Do the listeners need to be bound to a virtual server in order for
them to properly pull client / nas info from MySQL? Looking at my 2.0
config, I did not have any virtual servers setup as far as I can tell

> > Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
> > Listening on proxy address * port 42860
> > Ready to process requests
> > (0) Received Access-Request Id 141 from 10.20.1.1:1645 to
> > 192.168.1.100:62502 length 76
> > (0)   User-Name = "user"
> > (0)   User-Password = "userpass"
> > (0)   NAS-Port = 1
> > (0)   NAS-Port-Id = "tty1"
> > (0)   NAS-Port-Type = Virtual
> > (0)   NAS-IP-Address = 10.20.1.1
> > (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
>
>   Yup.  They tried to run either no virtual server, or the empty one you added to radiusd.conf.

I don't see the empty server on my radiusd.conf, Is there another
place that the debug output would be pulling that from?

>
>   PLEASE don't just mangle the heck out of the config and then ask "why doesn't it work".
>
>   Instead, do the upgrade slowly, as described above.  If you have questions about how to do certain things, ask.
>
>   If you want to see how listeners are tied to virtual servers in v3, see raddb/sites-available/README
>
>   All of this is extensively documented.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

My next course of action will be to wipe and restart with a fresh
FreeRadius install because it seems I have probably mucked something
up.

Thanks,


More information about the Freeradius-Users mailing list