> The Password attribute MUST be on the first line. See the sample
> 'users' file.
>
> Note also that when you run the server in debugging mode, you get an
> error message telling you what the problem is, and how to fix it.
I ran radiusd -x and it would tell me:
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched exampleuser at 155
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found auth-type Local
auth: type Local
auth: Failed to validate the user.
Sending Access-Reject of id 93 to 10.0.20.100:2054
But I couldn't get any more specific detail as to why it failed to
validate the user, even if I'd run radiusd -x -x -x. Is there something
else I should be trying?
I'm not able to find explicit documentation that the password attribute
must be on the first line. The examples all do it that way, but there
wasn't anything I could find that explicitly said that was required.
Coming from Merit RADIUS, there were several ways in which one could
structure the users file, so my assumption was that this was one of
several valid ways and I didn't really think anything of it.
I converted other bits of syntax from one server to the other, and was
able to get radiusd to start up without any complaints, so I assumed that
my file formatting was correct. Maybe it would be useful to add this
check to the other checks that radiusd performs upon startup.
> And this is most likely the source of your problem. Put the
> password attribute on the same line as the username, and it should
> work.
Sure enough. That was the problem. Thanks for the pointer. It works
now. It might be helpful to include an explicit note in the documentation
that explains that the placement of the password attribute is critical.
New users to any radius will probably build their user files based on the
examples, but people converting from another radius server may not.
Regards,
Ben
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
