Re: IKEv2+PEAP no joy
Hi, Run the server with '-Xx' to get a hex dump of the tunneled data. That will give a bit more information about what's going on. that doesn't reveal much new info. For outer id set, it dumps the inner EAP-Message, but for unset, only the error message. -Xxxx (-Xx looks the same): - with id privacy Mon Apr 12 08:08:25 2010 : Info: +- entering group authenticate {...} Mon Apr 12 08:08:25 2010 : Info: [eap] Request found, released from the list Mon Apr 12 08:08:25 2010 : Info: [eap] EAP/peap Mon Apr 12 08:08:25 2010 : Info: [eap] processing type peap Mon Apr 12 08:08:25 2010 : Info: [peap] processing EAP-TLS Mon Apr 12 08:08:25 2010 : Info: [peap] eaptls_verify returned 7 Mon Apr 12 08:08:25 2010 : Info: [peap] Done initial handshake Mon Apr 12 08:08:25 2010 : Info: [peap] eaptls_process returned 7 Mon Apr 12 08:08:25 2010 : Info: [peap] EAPTLS_OK Mon Apr 12 08:08:25 2010 : Info: [peap] Session established. Decoding tunneled attributes. Mon Apr 12 08:08:25 2010 : Info: [peap] Identity - claude.tomp...@education.lu Mon Apr 12 08:08:25 2010 : Info: [peap] Got tunneled request EAP-Message = 0x0205002001636c617564652e746f6d7065727340656475636174696f6e2e6c75 server VPN { Mon Apr 12 08:08:25 2010 : Debug: PEAP: Got tunneled identity of claude.tomp...@education.lu Mon Apr 12 08:08:25 2010 : Debug: PEAP: Setting default EAP type for tunneled EAP session. Mon Apr 12 08:08:25 2010 : Debug: PEAP: Setting User-Name to claude.tomp...@education.lu Sending tunneled request EAP-Message = 0x0205002001636c617564652e746f6d7065727340656475636174696f6e2e6c75 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = claude.tomp...@education.lu NAS-Port-Type = Virtual NAS-Identifier = strongSwan RESTENA-Service-Type = VPN - without id privacy: Mon Apr 12 08:07:38 2010 : Info: +- entering group authenticate {...} Mon Apr 12 08:07:38 2010 : Info: [eap] Request found, released from the list Mon Apr 12 08:07:38 2010 : Info: [eap] EAP/peap Mon Apr 12 08:07:38 2010 : Info: [eap] processing type peap Mon Apr 12 08:07:38 2010 : Info: [peap] processing EAP-TLS Mon Apr 12 08:07:38 2010 : Info: [peap] eaptls_verify returned 7 Mon Apr 12 08:07:38 2010 : Info: [peap] Done initial handshake Mon Apr 12 08:07:38 2010 : Info: [peap] eaptls_process returned 7 Mon Apr 12 08:07:38 2010 : Info: [peap] EAPTLS_OK Mon Apr 12 08:07:38 2010 : Info: [peap] Session established. Decoding tunneled attributes. Mon Apr 12 08:07:38 2010 : Info: [peap] Tunneled data is invalid. Mon Apr 12 08:07:38 2010 : Info: [eap] Handler failed in EAP/peap Mon Apr 12 08:07:38 2010 : Info: [eap] Failed in EAP select Mon Apr 12 08:07:38 2010 : Info: ++[eap] returns invalid Mon Apr 12 08:07:38 2010 : Info: Failed to authenticate the user. Mon Apr 12 08:07:38 2010 : Auth: Login incorrect: [ \001\n\030\000\000\004\003\235A\2112\236\240\242\220/via A uth-Type = EAP] (from client vpn6-test-v4 port 0) Stefan -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: rlm_eap: No EAP session matching the State variable.
Rupesh Kumar wrote: I am using latest freeradius server (version 2.1.8). Which AP supplicant (client PC) are you using? I have two authenticated sessions established with radius server and when disable and reenable the dot1x sessions, then I am seeing the following error and one request is getting Reject message from the server. ... Is it a known issue in radius server or what is the root cause of it. The supplicant and/or the Access Point is broken. I have attached radius server failure log messages The supplicant starts EAP, and the server responds with a request for EAP-TLS. The supplicant NAKs it, and asks for EAP-MD5. The server responds with EAP-MD5. The supplicant then responds with a NAK for EAP-MD5. This packet from the AP contains the *old* State variable from the previous NAK. A close look at the packet traces shows that either the supplicant is re-using the old NAK (and confusing the AP), or the AP is re-using an old packet (and confusing the supplicant). Either way, the packet traces on the server show that the server is behaving correctly. The error message about no matching state is because the server has moved on to the *next* step of EAP, and it receives a packet from the *previous* step. So there really is no matching state. Try using another supplicant and/or AP. You won't be able to fix this by editing the server configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxied Accounting
hello all, i am currently trying to proxy accounting to another freeradius server. the accounting request receives the proxied server but i get the following message in with debug: +- entering group accounting {...} [sql_default] expand: packet has no accounting status type. [user '%{User-Name}', nas '%{NAS-IP-Address}'] - packet has no accounting status type. [user 'b...@realm', nas '10.80.10.140'] [sql_default] packet has no accounting status type. [user 'b...@realm', nas '10.80.10.140'] ++[sql_default] returns invalid my configuration on the server sending the accounting data looks like: home_server radiusa.domain { type = auth+acct ipaddr = 10.10.9.51 port = 1812 secret = xxx response_window = 20 zombie_period = 40 revive_interval = 60 status_check = status-server check_interval = 30 num_ansers_to_alive = 3 } home_server_pool REALM-RadPool { type = fail-over home_server = radiusa.domain home_server = radiusb.domain } realm realm { type = auth+acct pool = REALM-RadPool nostrip } i am missing something? -euro - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: rlm_eap: No EAP session matching the State variable.
I have attached radius server failure log messages The supplicant starts EAP, and the server responds with a request for EAP-TLS. The supplicant NAKs it, and asks for EAP-MD5. The server responds with EAP-MD5. The supplicant then responds with a NAK for EAP-MD5. This packet from the AP contains the *old* State variable from the previous NAK. A close look at the packet traces shows that either the supplicant is re-using the old NAK (and confusing the AP), or the AP is re-using an old packet (and confusing the supplicant). Either way, the packet traces on the server show that the server is behaving correctly. The error message about no matching state is because the server has moved on to the *next* step of EAP, and it receives a packet from the *previous* step. So there really is no matching state. Try using another supplicant and/or AP. You won't be able to fix this by editing the server configuration. Alan DeKok. Thanks Alan, I got the problem. The Access point was corrupting the state variable and sending same state for both the sessions. Thanks Rupesh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxied Accounting
Hi, +- entering group accounting {...} [sql_default] expand: packet has no accounting status type. [user '%{User-Name}', nas '%{NAS-IP-Address}'] - packet has no accounting status type. [user 'b...@realm', nas '10.80.10.140'] [sql_default] packet has no accounting status type. [user 'b...@realm', nas '10.80.10.140'] ++[sql_default] returns invalid the packet didnt have an accounting status-type. therefore sql_default couldnt do anything with it - as it needs such a type to do its thing by default.. have a look at the packets to see what/why things are not working. eg increase SQL verbosity (log to file) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, I'm newbie in FreeRadius, I installed latest version of it and followed the steps as mentioned in the websites: http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-management-with-daloradiusand http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I issue radtest sqltest testpwd 127.0.0.1 1812 testing123. The logs are listed down below; FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Apr 9 2010 at 12:11:15 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/sql.conf including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/default.orig including configuration file /usr/local/etc/raddb/sites-enabled/control-socket including configuration file /usr/local/etc/raddb/sites-enabled/default main { allow_core_dumps = no } including dictionary file /usr/local/etc/raddb/dictionary main { prefix = /usr/local localstatedir = /usr/local/var logdir = /usr/local/var/log/radius libdir = /usr/local/lib radacctdir =
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
hi, the log said [pap] WARNING! No known good password found for the user. Authentication may fail because of this. could you show your users file? ciao omega BK 2010/4/12 Ahmed Munir ahmedmunir...@gmail.com Hi, I'm newbie in FreeRadius, I installed latest version of it and followed the steps as mentioned in the websites: http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-management-with-daloradiusand http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I issue radtest sqltest testpwd 127.0.0.1 1812 testing123. The logs are listed down below; FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Apr 9 2010 at 12:11:15 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/ detail.example.com including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/sql.conf including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/default.orig including configuration file /usr/local/etc/raddb/sites-enabled/control-socket including configuration file
[2.1.8] No actions performed on (own) received accounting packets.
Hello List, I seen to have a small issue. I have 2 running Freeradius 2.1.8 servers. I have set up proxying via the detail file readers - but for some strange reason, when the packet arrives at the remote server It says that it has received the Accounting-Request but then does no processing. The strange thing is, is that I have accounting packet proxied to me from my up stream provider and they are being processed as expected. Where should I look to see why the server is not processing the Accounting-Request. Kind Regards, Etienne - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, I'm newbie in FreeRadius, I installed latest version of it and followed the steps as mentioned in the websites: http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-management-with-daloradius and http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I issue radtest sqltest testpwd 127.0.0.1 1812 testing123. the username 'sqltest' gives a slight hint. is this user in 'users' file or in SQL? if the username is in SQL, then you need to activate the SQL stuff (uncomment or add SQL to the auth section) - its not on by default because then all sites would have to have SQL up and running for anything to work (or else it'd crash and burn) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IKEv2+PEAP no joy
Stefan Winter wrote: that doesn't reveal much new info. For outer id set, it dumps the inner EAP-Message, but for unset, only the error message. -Xxxx (-Xx looks the same): Hmm... OK. Maybe you need to build a development version. I'll see if I can fix this for 2.1.9, so it prints out the hex by default for bad packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [2.1.8] No actions performed on (own) received accounting packets.
Etienne Pretorius wrote: I have 2 running Freeradius 2.1.8 servers. I have set up proxying via the detail file readers - but for some strange reason, when the packet arrives at the remote server It says that it has received the Accounting-Request but then does no processing. So... what does it say when you run it in debugging mode? The strange thing is, is that I have accounting packet proxied to me from my up stream provider and they are being processed as expected. Where should I look to see why the server is not processing the Accounting-Request. Debug mode. This is in the FAQ, README, INSTALL, man page, and daily on this list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [2.1.8] No actions performed on (own) received accounting packets.
Etienne Pretorius wrote: Hello List, I seen to have a small issue. I have 2 running Freeradius 2.1.8 servers. I have set up proxying via the detail file readers - but for some strange reason, when the packet arrives at the remote server It says that it has received the Accounting-Request but then does no processing. The strange thing is, is that I have accounting packet proxied to me from my up stream provider and they are being processed as expected. Where should I look to see why the server is not processing the Accounting-Request. Kind Regards, Etienne - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Never mind, figured it out :D It was not owned by any virtual server... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Somewhat OT: Empty SubjectAltName on server certificate (EAP-PEAP)
Hi, I have a certificate with xpextensions but its SubjectAltName is empty. Is Mandatory or only is wrong when its content doesn't match with FQDN? Thanks in advance! -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com Sergio Belkin - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Error: rlm_eap: No EAP session matching the State variable.
hello.. he wanted to know if they can help me with the configuration of a servant radius in centus 5, what happens is that I am beginner in this. already and installed the system centus, the packages radius and openssl that biene in the dvd of intalacion of the centus, configure the radius files eap.config, radiusd.config, client.config and user, but when lifting the servant it leaves me failure when lifting the service. the authentification way that I am using is eap-peap with the incriptacion wpa2 aes. here sends them the files that it configures. Atentamente: Marco Zamora Date: Mon, 12 Apr 2010 10:07:26 +0530 Subject: Error: rlm_eap: No EAP session matching the State variable. From: a.rupes...@gmail.com To: freeradius-users@lists.freeradius.org Hi, I am using latest freeradius server (version 2.1.8). I have two authenticated sessions established with radius server and when disable and reenable the dot1x sessions, then I am seeing the following error and one request is getting Reject message from the server. Info: Found Auth-Type = EAP Info: +- entering group authenticate {...} Error: rlm_eap: No EAP session matching the State variable. Info: [eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request Info: [eap] Failed in handler Info: ++[eap] returns invalid I have seen the archive and found there are some old issues related to this error. Is it a known issue in radius server or what is the root cause of it. I have attached radius server failure log messages Thanks in advance ! Cheers Rupesh _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=createwx_url=/friends.aspxmkt=en-us Configuracion.rar Description: Binary data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Somewhat OT: Empty SubjectAltName on server certificate (EAP-PEAP)
On 04/12/2010 10:54 AM, Sergio Belkin wrote: Hi, I have a certificate with xpextensions but its SubjectAltName is empty. Is Mandatory or only is wrong when its content doesn't match with FQDN? Thanks in advance! I believe you mean to say you have a certificate with x509 certificate extensions. Do you mean there is a SubjectAltName extension present in the certificate but it's value is empty or do you mean there is no SubjectAltName in the certificate? There are numerous x509 certificate extensions, SubjectAltName is just one of the possibilities, just because a cert has extensions does *not* mean it needs to have SubjectAltName. SubjectAltName needs to be present when the CN component of the certificate subject does not match the FQDN of the server presenting the cert, otherwise it is not necessary. As an aside the SubjectAltName still needs to be validated by some means. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to handle dynamic update of shared secret and client configuration in free radius
Hello, I am a client program running on machine A. It want to talk to free radius on machine B. { cleint on Machine A } --- { free radius on machine B} Now the client wants to dynamically update the shared secret and other client information by just talking to the free radius over simple network connection. After that free radius should use the new information right away as well as update the static file(s) in /etc/raddb... Any pointers for achieveing this would be appreciated. Thanks, Rajendra Hegde The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer. Please see our legal details at http://www.cryptocard.com CRYPTOCard Inc. is registered in the province of Ontario, Canada with Business number 80531 6478. CRYPTOCard Europe is limited liability company registered in England and Wales (with registered number 05728808 and VAT number 869 3979 41); its registered office is Aztec Centre, Aztec West, Almondsbury, Bristol, UK, BS32 4TD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found
Hi, Thanks for reply. Well user is created on SQL, and I uncommented 'sql' from sites-enabled/default on Authorized section and Accounting Section. But when I add 'sql' in Authenticate section I'm getting same error. i.e. [r...@newtest raddb]# radtest sqltest testpwd 127.0.0.1 1812 testing123 Sending Access-Request of id 38 to 127.0.0.1 port 1812 User-Name = sqltest User-Password = testpwd NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=38, length=20 The user I created in SQL listed down below; idusername attribute opvalue 1 sqltest Cleartext-Password:=testpwd Please advise what am I missing? Kindly assist me. Date: Mon, 12 Apr 2010 13:25:45 +0100 From: Alan Buxey a.l.m.bu...@lboro.ac.uk Subject: Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: 20100412122545.ga14...@lboro.ac.uk Content-Type: text/plain; charset=us-ascii Hi, I'm newbie in FreeRadius, I installed latest version of it and followed the steps as mentioned in the websites: http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-management-with-daloradiusand http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I issue radtest sqltest testpwd 127.0.0.1 1812 testing123. the username 'sqltest' gives a slight hint. is this user in 'users' file or in SQL? if the username is in SQL, then you need to activate the SQL stuff (uncomment or add SQL to the auth section) - its not on by default because then all sites would have to have SQL up and running for anything to work (or else it'd crash and burn) alan -- Regards, Ahmed Munir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html