Hello again to all.
Currently I 'm also trying to authenticate users with mySQL db.
Here is my problem:
For testing purposes only, I've added only one record in radcheck table:
fredf | Cleartext-Password | := | wilma
I assign the user to a specific group called "dynamic" (the only record in
radusergroup table):
fredf | dynamic | 1|
and I assign the "Accept" reply using a record in radgroupreply table:
| 4 | dynamic | Auth-Type | := | Accept |
Running freeradius -X and testing this user, I get this strange replies:
(0) sql: Executing select query: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id
(0) sql: Group "dynamic": Merging reply items
(0) sql: *Auth-Type := Accept*
rlm_sql (sql): Released connection (1)
(0) [sql] = ok
(0) } # authorize = ok
(0) WARNING: Please update your configuration, and remove 'Auth-Type =
Local'
(0) WARNING: Use the PAP or CHAP modules instead
*(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
Reject*
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
which means that, even if the Auth-Type is "Accept" it replies that
Auth-type is not found
In the /etc/freeradius/3.0/users file, I have this configuration:
DEFAULT SQL-Group == "dynamic"
Reply-Message = "You're in dynamic group and accepted",
Auth-Type := Accept,
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-ID = "8"
Either this works as it's supposed to, because radtest replies:
Sent Access-Request Id 87 from 0.0.0.0:28271 to 127.0.0.1:1812 length 75
User-Name = "fredf"
User-Password = "wilma"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "wilma"
Received Access-Reject Id 87 from 127.0.0.1:1812 to 127.0.0.1:28271 length
58
Reply-Message = "You're in dynamic group and accepted"
(0) -: Expected Access-Accept got Access-Reject
I really cannot understand what may be the problem here.
Consider also that, if I add the record
fredf | Auth-Type | := | Accept
in radcheck table, works fine
Thank you in advance for the support and assistance
Kind regards
On Mon, Jul 19, 2021 at 4:15 PM Odysseas Basdekis <odyb...@gmail.com> wrote:
> Hello Nicolas
>
> Thank you for the reply
> The Realm looks OK, It's joined successfully.
> I am mostly concerned on the message "Authentication FAILED against XXX
> (*Unable
> to validate credentials at the moment*)"
> What may cause this?
>
>
> On Mon, Jul 19, 2021 at 3:47 PM Quiniou-Briand, Nicolas <
> nquin...@akamai.com> wrote:
>
>> Hello,
>>
>>
>>
>> > Why does the pftest command looks like not work properly?
>>
>>
>>
>> It could mean you are not testing exactly like when you plugged your
>> device on the network.
>>
>> This is certainly related to the REALM being
>>
>>
>>
>> *Nicolas Quiniou-Briand*
>> *Product Support Engineer*
>>
>> *Office:* +33156696210
>>
>> Akamai Technologies
>> 145 Broadway
>> Cambridge, MA 02142
>>
>> Connect with Us:
>>
>> <https://community.akamai.com/> <http://blogs.akamai.com/>
>> <https://twitter.com/akamai>
>> <http://www.facebook.com/AkamaiTechnologies>
>> <http://www.linkedin.com/company/akamai-technologies>
>> <http://www.youtube.com/user/akamaitechnologies?feature=results_main>
>>
>>
>>
>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
