> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Alan DeKok
> Sent: Monday, January 12, 2004 4:31 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Freeradius using a Cistron users file.
> All I can say is figure out *why* it didn't match. Do
> simple tests, like it suggests in the FAQ.
>
OK, Alan, I did what you said. I have a two line users file now:
bob Auth-Type := Crypt-Local, Password == "IZOofOc2ONteU"
Reply-Message = "Hello, bob"
The weird thing is that when I use "IZOofOc2ONteU" as a password in radtest,
here is the output:
rad_recv: Access-Request packet from host XXX.XXX.XXX.XXX:33729, id=10,
length=58
User-Name = "bob"
User-Password = "IZOofOc2ONteU"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "eap" returns noop for request 0
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched bob at 1
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type Crypt-Local
auth: type Crypt
auth: Failed to validate the user.
Login incorrect: [bob/IZOofOc2ONteU] (from client local port 1)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 10 to XXX.XXX.XXX.XXX:33729
Reply-Message = "Hello, bob"
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 10 with timestamp 400446da
Nothing to do. Sleeping until we see a request.
HOWEVER: when I use the unencrypted word (bob) as the password, the output
is just like before:
rad_recv: Access-Request packet from host XXX.XXX.XXX.XXX:33730, id=15,
length=58
User-Name = "bob"
User-Password = "bob"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "eap" returns noop for request 1
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
modcall[authorize]: module "files" returns notfound for request 1
modcall[authorize]: module "mschap" returns noop for request 1
modcall: group authorize returns ok for request 1
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [bob/bob] (from client local port 1)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 15 to XXX.XXX.XXX.XXX:33730
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 15 with timestamp 400446e9
Nothing to do. Sleeping until we see a request.
What in the world does this mean? No changes to the users file, no changes
to the radiusd.conf file, not even restarting the daemon, just changing the
radtest line from IZOofOc2ONteU to bob. In fact, it is repeatable. Every
time I change the line, using a bad password (or anything but the string
IZOofOc2ONteU), it gets the "No authenticate method (Auth-Type)..." error.
If I take the "Auth-Type" phrase out of the users file and use IZOofOc2ONteU
as the password, I get an accept.
TIA
Alex
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
