Re: Need help authenticating local users on Apple server
Since it's not marked as stable, it's not built by default. Try rebuilding it, but this time using ./configure --with-experimental-modules | tee configure.log ... then look at configure.log, see what it says about rlm_opendirectory. Thanks. I now have the opendirectory module working. I am getting the following error now with radtest: [opendirectory] The host 127.0.0.1 does not have an access group. [opendirectory] no access control groups, all users allowed. [opendirectory] Setting Auth-Type = opendirectory ++[opendirectory] returns ok ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user I was instructed to remove information under authentication, so not sure how to satisfy this error message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
On Thu, Aug 18, 2011 at 10:50 PM, Raymond Norton ad...@lctn.org wrote: Since it's not marked as stable, it's not built by default. Try rebuilding it, but this time using ./configure --with-experimental-modules | tee configure.log ... then look at configure.log, see what it says about rlm_opendirectory. Thanks. I now have the opendirectory module working. I am getting the following error now with radtest: [opendirectory] The host 127.0.0.1 does not have an access group. [opendirectory] no access control groups, all users allowed. [opendirectory] Setting Auth-Type = opendirectory ++[opendirectory] returns ok ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user I was instructed to remove information under authentication, so not sure how to satisfy this error message. It doesn't hurt to try adding it again :) I'm pretty sure it needs to be in both: http://lists.cistron.nl/pipermail/freeradius-users/2011-July/msg00447.html Your previous error might be because opendirectory module was not available at that time. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
It doesn't hurt to try adding it again :) I'm pretty sure it needs to be in both: http://lists.cistron.nl/pipermail/freeradius-users/2011-July/msg00447.html Yes, that worked. I am now able to authenticate local users with radtest. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
And then list it in the authorize section. What is the proper syntax for adding the opendirectory module? I am getting errors when attempting to start radius: /usr/local/etc/raddb/sites-enabled/inner-tunnel[195]: Entry is not a reference to a module /usr/local/etc/raddb/sites-enabled/inner-tunnel[189]: Errors parsing authenticate section. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
On 2011/08/16 10:39 PM, Raymond Norton wrote: And then list it in the authorize section. What is the proper syntax for adding the opendirectory module? I am getting errors when attempting to start radius: /usr/local/etc/raddb/sites-enabled/inner-tunnel[195]: Entry is not a reference to a module /usr/local/etc/raddb/sites-enabled/inner-tunnel[189]: Errors parsing authenticate section. Read again. list it in the authorize section not the authenticate section -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 Before acting on this email or opening any attachments you should read Cape PC Service's email disclaimer at: http://www.pcservices.co.za/disclaimer.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
Read again. list it in the authorize section not the authenticate section My mistake. I thought the word And meant do both, based on my question. Removed from authenticate and listed opendirectory under authorize of inner tunnel. I now get the following error: /usr/local/etc/raddb/modules/opendirectory[11]: Failed to link to module 'rlm_opendirectory': dlopen(rlm_opendirectory.so, 9): image not found /usr/local/etc/raddb/sites-enabled/default[150]: Failed to load module opendirectory. /usr/local/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
Raymond Norton wrote: What is the proper syntax for adding the opendirectory module? $ man unlang Or, read the dozens of examples in the configuration file you edited. I am getting errors when attempting to start radius: /usr/local/etc/raddb/sites-enabled/inner-tunnel[195]: Entry is not a reference to a module /usr/local/etc/raddb/sites-enabled/inner-tunnel[189]: Errors parsing authenticate section. OK... you made a change to the file which created that error. Is it a secret? Or did you think we could guess what you did wrong? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
OK... you made a change to the file which created that error. Is it a secret? Or did you think we could guess what you did wrong? Johan informed me I misunderstood your original instructions and I was not to put anything under Authenticate of the inner-tunnel. I removed what I had there. My entry under Authorize is only this: authorize { opendirectory # And this is the error I now get with radiusd _X: Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load /usr/local/etc/raddb/modules/opendirectory[11]: Failed to link to module 'rlm_opendirectory': dlopen(rlm_opendirectory.so, 9): image not found /usr/local/etc/raddb/sites-enabled/inner-tunnel[48]: Failed to load module opendirectory. /usr/local/etc/raddb/sites-enabled/inner-tunnel[47]: Errors parsing authorize section. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
On Wed, Aug 17, 2011 at 7:51 AM, Raymond Norton ad...@lctn.org wrote: And this is the error I now get with radiusd _X: Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load /usr/local/etc/raddb/modules/opendirectory[11]: Failed to link to module 'rlm_opendirectory': dlopen(rlm_opendirectory.so, 9): image not found Is your freeradius installation built with opendirectory support? Since it's not marked as stable, it's not built by default. Try rebuilding it, but this time using ./configure --with-experimental-modules | tee configure.log ... then look at configure.log, see what it says about rlm_opendirectory. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need help authenticating local users on Apple server
Just installed v 2.1.11 on a mac (OSX 6.3) . Freeradius is working with clear text passwords and radtest. According to the wiki, I should be able to authenticate local users accounts without changing anything on the config. That's the way I understood it anyway. However, I am getting Access-Reject errors when using local credentials. What documentation specifically addresses authenticating local users? Raymond - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
Raymond Norton wrote: Just installed v 2.1.11 on a mac (OSX 6.3) . Freeradius is working with clear text passwords and radtest. According to the wiki, I should be able to authenticate local users accounts without changing anything on the config. No, it doesn't do that any more. That's the way I understood it anyway. However, I am getting Access-Reject errors when using local credentials. What documentation specifically addresses authenticating local users? On Mac OS X Server, configure the opendirectory module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
On Mac OS X Server, configure the opendirectory module. Do you mean just enable the module? The module itself says: # This module is only used when the server is running on the same # system as OpenDirectory. The configuration of the module is hard-coded # by Apple, and cannot be changed here. # # There are no configuration entries for this module. # opendirectory { } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
Raymond Norton wrote: Do you mean just enable the module? The module itself says: And then list it in the authorize section. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html