For EAP authentication, you don't code Auth-Type. It's eap module that select itself authentication type.
Use a definition like this : sgisev User-Password == "whatever"
Jean-Paul.
Jos� Luis Solano wrote:
Thanks but:
How can I tell to freeradius who is the users???
In "users" file I have written:
DEFAULT Auth-Type = PAP Fall-Through = 1
sgisev Auth-Type := LOCAL , User-Password == "12345678"
and the freeradius error is:
[EMAIL PROTECTED] raddb]# rad_recv: Access-Request packet from host 192.168.49.252:1225, id=54, length=140 User-Name = "anonymous" NAS-IP-Address = 192.168.49.252 NAS-Port = 0 Called-Station-Id = "00-80-C8-01-01-55" Calling-Station-Id = "00-0B-46-26-1C-44" NAS-Identifier = "DWL-1000AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000e01616e6f6e796d6f7573 Message-Authenticator = 0xdc4c33e656d580182f8ae53ac84293f4 modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 users: Matched DEFAULT at 156 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type PAP auth: type "PAP" modcall: entering group Auth-Type for request 0 rlm_pap: Attribute "Password" is required for authentication. modcall[authenticate]: module "pap" returns invalid for request 0 modcall: group Auth-Type returns invalid for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 54 to 192.168.49.252:1225 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 54 with timestamp 4035fcd9 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.49.252:1225, id=55, length=140 User-Name = "anonymous" NAS-IP-Address = 192.168.49.252 NAS-Port = 0 Called-Station-Id = "00-80-C8-01-01-55" Calling-Station-Id = "00-0B-46-26-1C-44" NAS-Identifier = "DWL-1000AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000e01616e6f6e796d6f7573 Message-Authenticator = 0x7ee64368520996cda3142f0c7059a480 modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 users: Matched DEFAULT at 156 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type PAP auth: type "PAP" modcall: entering group Auth-Type for request 1 rlm_pap: Attribute "Password" is required for authentication. modcall[authenticate]: module "pap" returns invalid for request 1 modcall: group Auth-Type returns invalid for request 1 auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.49.252:1225, id=56, length=140 User-Name = "anonymous" NAS-IP-Address = 192.168.49.252 NAS-Port = 0 Called-Station-Id = "00-80-C8-01-01-55" Calling-Station-Id = "00-0B-46-26-1C-44" NAS-Identifier = "DWL-1000AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202000e01616e6f6e796d6f7573 Message-Authenticator = 0xa060e6b6b7489e59c65c8eb9154f7cd7 modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 users: Matched DEFAULT at 156 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type PAP auth: type "PAP" modcall: entering group Auth-Type for request 2 rlm_pap: Attribute "Password" is required for authentication. modcall[authenticate]: module "pap" returns invalid for request 2 modcall: group Auth-Type returns invalid for request 2 auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2 Going to the next request Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 55 to 192.168.49.252:1225 Sending Access-Reject of id 56 to 192.168.49.252:1225 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 55 with timestamp 4035fce4 Cleaning up request 2 ID 56 with timestamp 4035fce4 Nothing to do. Sleeping until we see a request.
Jos� Luis Solano SGI - Soluciones Globales Internet S.A. Delegaci�n Regional Sur [EMAIL PROTECTED] (+34) 954.088.060 ----- Original Message ----- From: "Jean-Paul Chapalain" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, February 20, 2004 1:16 PM Subject: Re: Authorize and Authenticate with FILES: "auth: Failed to validate the user"
Hi Jos�,
Look at the config of "Alfa&Ariss client" and UNSELECT "Use anonymous user for outer authentication" in Properties.
Jean-Paul.
Jos� Luis Solano wrote:
Hi all!!!
I have installed freeradius-snapshot-20040216 with redhat 9. I use Alfa&Ariss client under Windows XP, cisco pcmcia car on my laptop.
I use FILES to authorize and authenticate, but TTLS don't run ok.
any idea?? please help?? (Alan, Lionel, Jean-Paul, please!!!!)
freeradius logs ------------------------------------------ [EMAIL PROTECTED] raddb]# rad_recv: Access-Request packet from host
192.168.49.252:1225, id=41, length=140
User-Name = "anonymous"
!!!!!!!!!!!!!! are you anonymous ?
NAS-IP-Address = 192.168.49.252 NAS-Port = 0 Called-Station-Id = "00-80-C8-01-01-55" Calling-Station-Id = "00-0B-46-26-1C-44" NAS-Identifier = "DWL-1000AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000e01616e6f6e796d6f7573 Message-Authenticator = 0xd46c99136b226ede9c334c88dfb2fa91 modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "files" returns notfound for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 41 to 192.168.49.252:1225 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 41 with timestamp 4035e87f Nothing to do. Sleeping until we see a request.
users file ----------------- sgisev Auth-Type := Local , User-Password == "12345678"
DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes
DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP" Framed-Protocol = SLIP
radiusd.conf ------------------------- eap { default_eap_type = tls
timer_expire = 60 ignore_unknown_eap_types = no
md5 { } leap { }
tls { private_key_password = izadisan private_key_file =
/usr/local/openssl/ssl/certs/server/server.pem
certificate_file =
/usr/local/openssl/ssl/certs/server/server.pem
CA_file = /usr/local/openssl/ssl/certs/ca/ca.pem
dh_file = /usr/local/openssl/ssl/certs/dh
random_file =
/usr/local/openssl/ssl/certs/random
fragment_size = 1024
include_length = yes } ttls { default_eap_type=md5 copy_request_to_tunnel = no use_tunneled_reply=no
} }
Jos� Luis Solano SGI - Soluciones Globales Internet S.A. Delegaci�n Regional Sur [EMAIL PROTECTED] (+34) 954.088.060
-- -- Jean-Paul Chapalain - GICM - Resp. Reseaux et Infrastructure -- 32 rue Mirabeau - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE -- Tel +33298002873 - Fax +33298284005 - [EMAIL PROTECTED] -- Key Fingerprint: 192C 1CFE F24A 050D F280 A086 AF15 8631 3ABB 4C7D
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- -- Jean-Paul Chapalain - GICM - Resp. Reseaux et Infrastructure -- 32 rue Mirabeau - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE -- Tel +33298002873 - Fax +33298284005 - [EMAIL PROTECTED] -- Key Fingerprint: 192C 1CFE F24A 050D F280 A086 AF15 8631 3ABB 4C7D
smime.p7s
Description: S/MIME Cryptographic Signature
