pptpd+freeradius+ldap ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
= PPP User-Name = user Calling-Station-Id = 10.1.0.136 NAS-IP-Address = 127.0.1.1 NAS-Port = 0 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} [ldap] performing user authorization for user [ldap] expand: %{Stripped-User-Name} - [ldap] ... expanding second conditional [ldap] expand: %{User-Name} - user [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) - (uid=user) [ldap] expand: dc=domain,dc=private - dc=domain,dc=private [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to 10.1.98.50:389, authentication 0 [ldap] bind as cn=admin,dc=domain,dc=private/password to 10.1.98.50:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in dc=domain,dc=private, with filter (uid=user) [ldap] Added User-Password = {SSHA}lT5RCX6nyyU6zaCtL7rEAfN5u1DxI7xN in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword - Password-With-Header == {SSHA}lT5RCX6nyyU6zaCtL7rEAfN5u1DxI7xN [ldap] looking for reply items in directory... [ldap] user user authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = user, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] No clear-text password in the request. Not performing PAP. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - user attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 139 to 10.1.98.52 port 45105 Waking up in 4.9 seconds. I've read the documentation at least one million times and searched the mailinglist and on google but I still can't manage to find a solution, can anyone help me pointing out the error? users' password are stored in openldap using SSHA password, if this information can be useful. Thanks Alberto - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: pptpd+freeradius+ldap ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
On 18 Apr 2013, at 11:43, Alberto Aldrigo aaldr...@ca-tron.com wrote: rad_recv: Access-Request packet from host 10.1.98.52 port 45105, id=139, length=77 Service-Type = Framed-User Framed-Protocol = PPP User-Name = user Calling-Station-Id = 10.1.0.136 NAS-IP-Address = 127.0.1.1 NAS-Port = 0 PPPD isn't sending a password. The hash is being found by LDAP fine, but there is no password in the radius request for it to validate. You need to fix PPPD, then it should work. Thanks, Adam Bishop gpg: 0x6609D460 Janet, the UK's research and education network. Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Hi, 1. The Authentication issue was solved when by accident I placed in users the name / password without any whitespace (tab or space) before the password string. So I found that this works: bob Cleartext-Password := hello888 while this does not: bob Cleartext-Password := hello888 errr, yes. because , as per the documentation, lines that dont start with white-sace are CHECK items, lines that start with whitespace are REPLY items Off the top, I would venture to guess that OpenWRT's build of FreeRadius is significantly different than the standard build and that is probably where the bug is coming from. no, not at all alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
Just writing to advise of the strange issues I came accross. 1. The Authentication issue was solved when by accident I placed in users the name / password without any whitespace (tab or space) before the password string. So I found that this works: bob Cleartext-Password := hello888 while this does not: bob Cleartext-Password := hello888 Test client now logs in very smoothly. 2. Similarly, below spec gives error (probably my mistake): DEFAULT Simultaneous-Use := 4 Fall-Through = Yes /etc/freeradius2/users[8]: Parse error (check) for entry Simultaneous-Use: Unknown attribute requires a hex string, not 4 Errors reading /etc/freeradius2/users /etc/freeradius2/modules/files[7]: Instantiation failed for module files /etc/freeradius2/sites/default[170]: Failed to find files in the modules section. /etc/freeradius2/sites/default[69]: Errors parsing authorize section. Off the top, I would venture to guess that OpenWRT's build of FreeRadius is significantly different than the standard build and that is probably where the bug is coming from. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Beeblebrox wrote: Just writing to advise of the strange issues I came accross. 1. The Authentication issue was solved when by accident I placed in users the name / password without any whitespace (tab or space) before the password string. So I found that this works: bob Cleartext-Password := hello888 while this does not: bob Cleartext-Password := hello888 Test client now logs in very smoothly. This is documented. See man users, and the comments in the users file, and in the dozens of examples. 2. Similarly, below spec gives error (probably my mistake): DEFAULT Simultaneous-Use := 4 Fall-Through = Yes /etc/freeradius2/users[8]: Parse error (check) for entry Simultaneous-Use: Unknown attribute requires a hex string, not 4 Errors reading /etc/freeradius2/users /etc/freeradius2/modules/files[7]: Instantiation failed for module files /etc/freeradius2/sites/default[170]: Failed to find files in the modules section. /etc/freeradius2/sites/default[69]: Errors parsing authorize section. Off the top, I would venture to guess that OpenWRT's build of FreeRadius is significantly different than the standard build and that is probably where the bug is coming from. It's because you're again not following the documentation. Read the documentation and follow it. It's not rocket science. If you post another message indicating you've been ignoring the documentation, you will be unsubscribed and banned. I've had it with people who whine about the bad documentation, and then fanatically refuse to follow it. Get off your high horse about the documentation. It's fine. THE PROBLEM IS YOU. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
Update: I tried connection from an XP laptop and got the message: Windows was unable to find a certificate to log you on to the network - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Hi, Update: I tried connection from an XP laptop and got the message: Windows was unable to find a certificate to log you on to the network Windows is telling you that its needing a certificate or doesnt know the certificate. have you installed the CA certificate that your RADIUS server is using onto the client? are you using EAP-TLS? if so, have you made a client certificate and installed it onto the client? have you played with the client (windows) 802.1X settings - you should be trying PEAP I'm guessing (the default value is smartcard certificate alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Beeblebrox wrote: Update: I tried connection from an XP laptop and got the message: Windows was unable to find a certificate to log you on to the network You need to follow the documentation or you will be unsubscribed, and banned from the list. 10+ years of experience shows us that this is the ONLY WAY to convince certain people to read the documentation. - You are using radiusd -Xx. Don't do that. All of the documentation says radiusd -X for a reason. Follow the documentation. - I told you to read the FAQ to see how to configure a user. Your previous message showed you didn't do that. Follow the documentation. - This message shows you have issues with EAP. Go to freeradius.org, click on the documentation link. There is an EAP-TLS howto. It has detailed instructions, including screen shots for XP. It ALWAYS WORKS. If it doesn't work for you, it's because you DID NOT FOLLOW THE DOCUMENTATION. If you think my response is harsh, then see it from my point of view. There are hundreds of pages of easily found documentation that describes exactly what you want to do. I (among many other people) spent years writing it. You can't be bothered to even click a link or two, and follow instructions. If you think my response is rude, keep it to yourself. Any response complaining that we're rude for asking you to follow the documentation will result in you being unsubscribed and banned. Follow the documentation. It's damned easy to do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
Dear Alan, First off, thanks again for your help. I fully appreciate that you are giving of your time to answer posts, when you really have no obligation to do so. I know you are one of the developers or project leader since your name keeps coming up on almost every web page that posts something about Freeradius. That said, I would like to comment on the documentation of your project. It's quite extensive, but equally confusing (at least for me). I am a FreeBSD user and have a pretty good handle on many advanced issues in that OS - so I think I am fairly capable of reading and implementing documentation. However, I have found that your documentation assumes too much, does not follow much of a logical path, is not organized by topic, does not get to the point and does not have concrete examples / solutions to at least recurring and common mistakes or errors. When reading documentation, I'm not interested in becoming an expert in that subject, I just want to get the damn thing up and working. So in essence, I'm not able to find the answers I'm looking for in your documentation, and that's frustrating. I have found (in debugging other software problems) that it is very important for the person who knows more and is assisting, to ask the right questions. Honestly, I have understoode very little from your posts in this thread (with exception of the last one). Asking some specific questions, then posting relevant links to the wiki (depending on the answers from the OP) would be immensly more helpful. I suggest that you have links in your signature to the entry-level wiki pages (like faq, debug, etc). If you think my response is rude, keep it to yourself. I don't think that at all and as stated, very much appreciated your input and taking time (again, without obligation) to provide help. In fact, I previously refrained on commenting on how I disliked the documentation structure so as not to appear rude to you. will result in you being unsubscribed and banned. Fascinating! I'm enthralled. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Beeblebrox wrote: First off, thanks again for your help. I fully appreciate that you are giving of your time to answer posts, when you really have no obligation to do so. I know you are one of the developers or project leader since your name keeps coming up on almost every web page that posts something about Freeradius. I started FreeRADIUS. I've written most of the code. I've been doing this for ~14 years. And now, probably 50% of the new RADIUS specifications are mine. That said, I would like to comment on the documentation of your project. It's quite extensive, but equally confusing (at least for me). http://freeradius.org/doc/ contains documentation for all of the problems you've seen so far. That documentation is given in pretty excruciating detail. edit this, run that command, see this output. And yet... most people who have problems start off with third-party web sites that are *worse*, in my opinion. They tell you to do things which aren't necessary, and they give wrong explanations. I am a FreeBSD user and have a pretty good handle on many advanced issues in that OS - so I think I am fairly capable of reading and implementing documentation. However, I have found that your documentation assumes too much, does not follow much of a logical path, is not organized by topic, does not get to the point and does not have concrete examples / solutions to at least recurring and common mistakes or errors. As I've been saying for !4 years: the community is free to write better documentation. No, that's not true... I've been *begging* for better documentation. It doesn't happen. When reading documentation, I'm not interested in becoming an expert in that subject, I just want to get the damn thing up and working. So in essence, I'm not able to find the answers I'm looking for in your documentation, and that's frustrating. Please explain how the pap and EAP guides don't do what you're asking for. They follow a logical path. They are clearly labeled by topic. They get to the point. They give concrete examples. Now, much *else* in the server doesn't have that. But the issues you ran into are documented *exactly* as you want. For the rest, the comments in the configuration file describe in great detail how the server works, and what the configurations do. And about becoming an expert... it helps to *understand* what you're doing. Many of the problems people run into are because they read crappy third-party documentation, and are obsessed with implementing a particular solution. They don't care to listen to the experts *here* who are telling them to do something else. And they don't care to *understand* what they're doing, so that they can do it *right*. I have found (in debugging other software problems) that it is very important for the person who knows more and is assisting, to ask the right questions. Honestly, I have understoode very little from your posts in this thread (with exception of the last one). Asking some specific questions, then posting relevant links to the wiki (depending on the answers from the OP) would be immensly more helpful. I suggest that you have links in your signature to the entry-level wiki pages (like faq, debug, etc). So... I'm supposed to cut paste links from the wiki, because you... what... don't want to look there? Can't use the search button on the wiki? And add *more* links saying please read the FAQ? That's a terrible suggestion. If you think my response is rude, keep it to yourself. I don't think that at all and as stated, very much appreciated your input and taking time (again, without obligation) to provide help. In fact, I previously refrained on commenting on how I disliked the documentation structure so as not to appear rude to you. It's a pro-active comment. Most of the time when I say I REALLY MEAN READ THE DOCUMENTATION, people get offended and accuse me of being rude. will result in you being unsubscribed and banned. Fascinating! I'm enthralled. It's the only way to convince certain people to READ THE DOCUMENTATION. It's not hard. Go to the web site. Click on documentation. The PAP / EAP issues you were having are documented from there, in great detail, exactly how you want. What *else* should we be doing to convince people to READ IT? Write it on flaming letters 150 feet high? It's already in the man pages, web pages, daily posts to this list, top entries on google. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
...and then you did comment . And added more. It's open source and the documentation and Wikipedia is there for everyone.e to contribute. Don't like it? Feel free to show the world how you think it should look, or add the missing bits you have discovered. Unfortunately , what we get is people saying the docs are poor...that they found out how to do what they want...and never tell us. The next person who comes along then faces the same issue as the initial person was selfish. It's not a developer problem. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
I know you guys have received tons of e-mail with the same title, but I am just unable to fix this - sorry. Today I setup freeradius on a fresh install OpenWRT router. I found some tutorials, this one among them: http://jackofallit.wordpress.com/2012/02/15/turn-a-60-120-router-into-an-enterprise-class-wireless-router-with-openwrt/ and started the configuration. The initial radius test and the initial wifi radius test were successful and I connected to the router. Later I did something wrong and now I am getting: : Info: +- entering group authorize {...} : Info: [eap] No EAP-Message, not doing EAP : Info: ++[eap] returns noop : Info: ++[files] returns noop : Info: [pap] WARNING! No known good password found for the user. Authentication may fail because of this. : Info: ++[pap] returns noop : Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user : Info: Failed to authenticate the user. I have only modified: clients.conf and users. I have also generated new certificates (per tutorial) and maybe this is where the problem is? I also edited eap.conf section: private_key_password = mypass private_key_file = ${certdir}/server.key The service starts fine (radiusd -XX) but cannot authenticate even from localhost. I am not using LDAP / SQL or any other backend. Please give me some ideas on how I can debug the error. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Beeblebrox wrote: I know you guys have received tons of e-mail with the same title, but I am just unable to fix this - sorry. Today I setup freeradius on a fresh install OpenWRT router. I found some tutorials, this one among them: Why not follow the documentation that comes with the server? The web page has a long series of instructions for creating certificates. Whoever wrote it wasted your time, and his. The directory raddb/certs has a README. That explains in EXCRUCIATING detail the simplest way to make certificates for the server. It's really not rocket science. The initial radius test and the initial wifi radius test were successful and I connected to the router. Later I did something wrong and now I am getting: : Info: +- entering group authorize {...} : Info: [eap] No EAP-Message, not doing EAP : Info: ++[eap] returns noop : Info: ++[files] returns noop : Info: [pap] WARNING! No known good password found for the user. Authentication may fail because of this. : Info: ++[pap] returns noop : Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user : Info: Failed to authenticate the user. The whole point of running in debugging mode is to READ IT. The rest of the information (deleted here) is useful, too. I have only modified: clients.conf and users. I have also generated new certificates (per tutorial) and maybe this is where the problem is? The incoming request doesn't use certificate authentication. It's using password authentication. 1) what client did you use to send the Access-Request? 2) what is in the Access-Request? 3) Why did you send the Access-Request? 4) What did you expect would happen? I also edited eap.conf section: private_key_password = mypass private_key_file = ${certdir}/server.key The service starts fine (radiusd -XX) but cannot authenticate even from localhost. I am not using LDAP / SQL or any other backend. Please give me some ideas on how I can debug the error. Follow the instructions, among other things. I don't like repeating myself, but I'm a bit at a loss for what else to do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
Hi Alan and thank you so much for answering Keeping in mind that the system in question is an OpenWRT (hence minimal install): The directory raddb/certs has a README The directory is /etc/freeradius2/certs (?) and has no README, also no man pages so as to save on space. Anyway , I read the file from http://openisp.net/openisp/unxsVZ/browser/trunk/unxsRadius/setupradius/raddb/certs/README?rev=1 But this is not possible since a router environment is not suitable for git + building things. But more importantly: The incoming request doesn't use certificate authentication So that means the certificate business is not of immediate relevance to my problem? Good to hear! 1) what client did you use to send the Access-Request? ssh into box and: echo User-Name = steve, User-Password = testing | radcli ent -x 192.168.1.2 auth mysecret 3) Why did you send the Access-Request? To debug freeradius config since wifi connection attempt fails with very little info. Also, to isolate any wrong settings on the network config side of the router's admin webpage. The whole point of running in debugging mode is to READ IT I read the output several times before posting - nothing out of the ordinary and all modules are loaded smoothly. Also, no debug info in /var/log/radius.log - not even when I increase log-level in /etc/freeradius2/radiusd.conf. config file snippets: users: steve Cleartext-Password := testing # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = std.ppp, # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP clients.conf: client localhost { # Allowed values are: # dotted quad (1.2.3.4) # hostname(radius.example.com) ipaddr = 192.168.1.2 secret = somesecret LASTLY: ı'm used to posting through nabble so I can ensure thread continuance. Since I'm new to this method, apologies if posting through direct e-mail does not post as foloow-up for initial topic. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Beeblebrox wrote: Keeping in mind that the system in question is an OpenWRT (hence minimal install): The web site contains documentation. As does the wiki. The distribution tar file contains documentation. You're not stuck with just a minimal install on a constrained box. But this is not possible since a router environment is not suitable for git + building things. You can run the scripts on another machine, and copy the certificates over to the constrained machine. But more importantly: The incoming request doesn't use certificate authentication So that means the certificate business is not of immediate relevance to my problem? Good to hear! Well, no. The debug log you posted doesn't use certificates. Hence my question about where it came from. 1) what client did you use to send the Access-Request? ssh into box and: echo User-Name = steve, User-Password = testing | radcli ent -x 192.168.1.2 auth mysecret So... it's a test request with a test user and test password. It's not a real request from a client. Did you configure the user on the radius server? i.e. how does the RADIUS server know how to authenticate the user? 3) Why did you send the Access-Request? To debug freeradius config since wifi connection attempt fails with very little info. That is the point of running the server in debugging mode. Do a WiFi connection, and read the debug output for *that*. The whole point of running in debugging mode is to READ IT I read the output several times before posting - nothing out of the ordinary and all modules are loaded smoothly. Messages like No known good password don't mean anything? Also, no debug info in /var/log/radius.log - not even when I increase log-level in /etc/freeradius2/radiusd.conf. The normal log file is for normal logs. It's not for debug output. config file snippets: users: steve Cleartext-Password := testing Well... the debug output shows that the files module (which handles the users file) returned noop. i.e. it didn't find that entry. Please read the FAQ about debugging authentication. It gives examples, and detailed instructions. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
Do a WiFi connection, and read the debug output for *that*. Good idea - I have some progress in debugging: This snippet shows that at least SSL certs are working being accepted by radius: -+++ Thu Jan 17 21:58:15 2013 : Info: # Executing section authorize from file /etc/freeradius2/sites/default Thu Jan 17 21:58:15 2013 : Info: +- entering group authorize {...} Thu Jan 17 21:58:15 2013 : Info: [eap] EAP packet type response id 255 length 208 Thu Jan 17 21:58:15 2013 : Info: [eap] Continuing tunnel setup. Thu Jan 17 21:58:15 2013 : Info: ++[eap] returns ok Thu Jan 17 21:58:15 2013 : Info: Found Auth-Type = EAP Thu Jan 17 21:58:15 2013 : Info: # Executing group from file /etc/freeradius2/sites/default Thu Jan 17 21:58:15 2013 : Info: +- entering group authenticate {...} Thu Jan 17 21:58:15 2013 : Info: [eap] Request found, released from the list Thu Jan 17 21:58:15 2013 : Info: [eap] EAP/peap Thu Jan 17 21:58:15 2013 : Info: [eap] processing type peap Thu Jan 17 21:58:15 2013 : Info: [peap] processing EAP-TLS Thu Jan 17 21:58:15 2013 : Debug: TLS Length 198 Thu Jan 17 21:58:15 2013 : Info: [peap] Length Included Thu Jan 17 21:58:15 2013 : Info: [peap] eaptls_verify returned 11 Thu Jan 17 21:58:15 2013 : Info: [peap] TLS 1.0 Handshake [length 0086], ClientKeyExchange Thu Jan 17 21:58:16 2013 : Info: [peap] TLS_accept: SSLv3 read client key exchange A Thu Jan 17 21:58:16 2013 : Info: [peap] TLS 1.0 ChangeCipherSpec [length 0001] Thu Jan 17 21:58:16 2013 : Info: [peap] TLS 1.0 Handshake [length 0010], Finished Thu Jan 17 21:58:16 2013 : Info: [peap] TLS_accept: SSLv3 read finished A Thu Jan 17 21:58:16 2013 : Info: [peap] TLS 1.0 ChangeCipherSpec [length 0001] Thu Jan 17 21:58:16 2013 : Info: [peap] TLS_accept: SSLv3 write change cipher spec A Thu Jan 17 21:58:16 2013 : Info: [peap] TLS 1.0 Handshake [length 0010], Finished Thu Jan 17 21:58:16 2013 : Info: [peap] TLS_accept: SSLv3 write finished A Thu Jan 17 21:58:16 2013 : Info: [peap] TLS_accept: SSLv3 flush data Thu Jan 17 21:58:16 2013 : Info: [peap] (other): SSL negotiation finished successfully Thu Jan 17 21:58:16 2013 : Debug: SSL Connection Established -+++ OTHER INTERESTING CODE I FIND (No NT/LM-Password): -+++ hu Jan 17 21:58:16 2013 : Info: # Executing section authorize from file /etc/freeradius2/sites/default Thu Jan 17 21:58:16 2013 : Info: +- entering group authorize {...} Thu Jan 17 21:58:16 2013 : Info: [eap] EAP packet type response id 2 length 65 Thu Jan 17 21:58:16 2013 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation Thu Jan 17 21:58:16 2013 : Info: ++[eap] returns updated Thu Jan 17 21:58:16 2013 : Info: ++[files] returns noop Thu Jan 17 21:58:16 2013 : Info: [pap] WARNING! No known good password found for the user. Authentication may fail because of this. Thu Jan 17 21:58:16 2013 : Info: ++[pap] returns noop Thu Jan 17 21:58:16 2013 : Info: Found Auth-Type = EAP Thu Jan 17 21:58:16 2013 : Info: # Executing group from file /etc/freeradius2/sites/default Thu Jan 17 21:58:16 2013 : Info: +- entering group authenticate {...} Thu Jan 17 21:58:16 2013 : Info: [eap] Request found, released from the list Thu Jan 17 21:58:16 2013 : Info: [eap] EAP/mschapv2 Thu Jan 17 21:58:16 2013 : Info: [eap] processing type mschapv2 Thu Jan 17 21:58:16 2013 : Info: [mschapv2] # Executing group from file /etc/freeradius2/sites/default Thu Jan 17 21:58:16 2013 : Info: [mschapv2] +- entering group MS-CHAP {...} Thu Jan 17 21:58:16 2013 : Info: [mschap] No Cleartext-Password configured. Cannot create LM-Password. Thu Jan 17 21:58:16 2013 : Info: [mschap] No Cleartext-Password configured. Cannot create NT-Password. Thu Jan 17 21:58:16 2013 : Info: [mschap] Creating challenge hash with username: pospda Thu Jan 17 21:58:16 2013 : Info: [mschap] Client is using MS-CHAPv2 for pospda, we need NT-Password Thu Jan 17 21:58:16 2013 : Info: [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. Thu Jan 17 21:58:16 2013 : Info: [mschap] FAILED: MS-CHAP2-Response is incorrect Thu Jan 17 21:58:16 2013 : Info: ++[mschap] returns reject Thu Jan 17 21:58:16 2013 : Info: [eap] Freeing handler Thu Jan 17 21:58:16 2013 : Info: ++[eap] returns reject Thu Jan 17 21:58:16 2013 : Info: Failed to authenticate the user. Thu Jan 17 21:58:16 2013 : Auth: Login incorrect: [pospda/via Auth-Type = EAP] (from client localhost port 1 cli 00-1F-1F-91-32-E4 via TLS tunnel) -+++ This I did not configure probaly should? how does the RADIUS server know how to authenticate the user? Many many thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Hi, I have just untarred the 2.2.0 tarball, and added just one line the users file: gokul Cleartext-Password:=abcde at the top of the file...or at the bottom? If you add it to the bottom then other things in the file will prevent that user from being seen/used - add your test user/pass to the top of the users file you didnt give the full output of 'radiusd -X' either - I'm assuming that you are editing the correct users file - eg /usr/local/etc/raddb/users or /etc/raddb/users and not the users file thats in the source directory... alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
On 11/10/2012 03:54 AM, Shravan S G wrote: Hi all, I am trying to configure FreeRadius 2.2.0. I am trying to test with the radtest utility. However, when I run radtest, on my radiusd server, I get the following error - ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user. I know this is some issue with the authentication part. However, I have not been able to pinpoint the problem. Also, I haven't been able to find any relevant solutions on the web. I have just untarred the 2.2.0 tarball, and added just one line the users file: gokul Cleartext-Password:=abcde If so, this hasn't taken. The debug shows: ++[files] returns noop ...and thenL [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Check you're editing the right file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Issue is resolved. I was infact editing the wrong users file. I was editing the users file in the raddb folder of the uncompressed tarball. Thanks for the help. Regards, Shravan On Sat, Nov 10, 2012 at 6:54 AM, Phil Mayers p.may...@imperial.ac.ukwrote: On 11/10/2012 03:54 AM, Shravan S G wrote: Hi all, I am trying to configure FreeRadius 2.2.0. I am trying to test with the radtest utility. However, when I run radtest, on my radiusd server, I get the following error - ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user. I know this is some issue with the authentication part. However, I have not been able to pinpoint the problem. Also, I haven't been able to find any relevant solutions on the web. I have just untarred the 2.2.0 tarball, and added just one line the users file: gokul Cleartext-Password:=abcde If so, this hasn't taken. The debug shows: ++[files] returns noop ...and thenL [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Check you're editing the right file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Hi all, I am trying to configure FreeRadius 2.2.0. I am trying to test with the radtest utility. However, when I run radtest, on my radiusd server, I get the following error - ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user. I know this is some issue with the authentication part. However, I have not been able to pinpoint the problem. Also, I haven't been able to find any relevant solutions on the web. I have just untarred the 2.2.0 tarball, and added just one line the users file: gokul Cleartext-Password:=abcde Below is the output on the server and the client side: Server: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 47080, id=238, length=75 User-Name = gokul User-Password = abcde NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Message-Authenticator = 0xf92ae1fda2ea8f435d95c4a7294e1e55 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = gokul, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type REJECT # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - gokul attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 238 to 127.0.0.1 port 47080 Waking up in 4.9 seconds. Cleaning up request 0 ID 238 with timestamp +19 Ready to process requests. Client: shravan@ubuntu:~/freeradius-server-2.2.0/raddb$ sudo radtest gokul abcde localhost 0 testing123 [sudo] password for shravan: Sending Access-Request of id 238 to 127.0.0.1 port 1812 User-Name = gokul User-Password = abcde NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Message-Authenticator = 0x rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=238, length=20 shravan@ubuntu:~/freeradius-server-2.2.0/raddb$ This is m first attempt at using FreeRadius, so please let me know if I have made any rookie mistakes. :) Thanks in advance. Shravan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MAC auth with checkval - No authenticate method (Auth-Type)
Hello all, I'm trying to authenticate workstations with their MAC address. Here my problem during authenticate : rad_recv: Access-Request packet from host 192.168.64.5 port 5001, id=138, length=136 User-Name = 00-15-c5-b2-d7-f1 User-Password = 00-15-c5-b2-d7-f1 NAS-IP-Address = 192.168.64.5 NAS-Identifier = 3822d6bed9f0 NAS-Port = 16961538 NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = 00-15-C5-B2-D7-F1 Thu Feb 2 09:15:15 2012 : Info: +- entering group authorize {...} Thu Feb 2 09:15:15 2012 : Info: ++[preprocess] returns ok Thu Feb 2 09:15:15 2012 : Info: [files] users: Matched entry 00-15-c5-b2-d7-f1 at line 1 Thu Feb 2 09:15:15 2012 : Info: ++[files] returns ok Thu Feb 2 09:15:15 2012 : Debug: rlm_checkval: Item Name: Calling-Station-Id, Value: 00-15-C5-B2-D7-F1 Thu Feb 2 09:15:15 2012 : Debug: rlm_checkval: Value Name: Calling-Station-Id, Value: 00-15-C5-B2-D7-F1 Thu Feb 2 09:15:15 2012 : Info: ++[checkval] returns ok Thu Feb 2 09:15:15 2012 : Info: ++[expiration] returns noop Thu Feb 2 09:15:15 2012 : Info: ++[logintime] returns noop Thu Feb 2 09:15:15 2012 : Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Thu Feb 2 09:15:15 2012 : Info: Failed to authenticate the user. Thu Feb 2 09:15:15 2012 : Info: Using Post-Auth-Type Reject Thu Feb 2 09:15:15 2012 : Info: +- entering group REJECT {...} Thu Feb 2 09:15:15 2012 : Info: [attr_filter.access_reject]expand: %{User-Name} - 00-15-c5-b2-d7-f1 Thu Feb 2 09:15:15 2012 : Debug: attr_filter: Matched entry DEFAULT at line 11 Thu Feb 2 09:15:15 2012 : Info: ++[attr_filter.access_reject] returns updated Thu Feb 2 09:15:15 2012 : Info: Delaying reject of request 0 for 1 seconds Thu Feb 2 09:15:15 2012 : Debug: Going to the next request Thu Feb 2 09:15:15 2012 : Debug: Waking up in 0.9 seconds. Thu Feb 2 09:15:16 2012 : Info: Sending delayed reject for request 0 Sending Access-Reject of id 138 to 192.168.64.5 port 5001 Thu Feb 2 09:15:16 2012 : Debug: Waking up in 4.9 seconds. Thu Feb 2 09:15:21 2012 : Info: Cleaning up request 0 ID 138 with timestamp +16 Thu Feb 2 09:15:21 2012 : Info: Ready to process requests. I use freeradius 2.1.8 , here is a part of my site-enabled/default file (modified) : ... authorize { files checkval expiration logintime } authenticate { # nothing!! I know... but in fact I don't know what I can write } Can somebody help me? Thanks for all. -- View this message in context: http://freeradius.1045715.n5.nabble.com/MAC-auth-with-checkval-No-authenticate-method-Auth-Type-tp5450017p5450017.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC auth with checkval - No authenticate method (Auth-Type)
I find the solution. In fact, I forgot to set Cleartext-Password in the users file... Thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/MAC-auth-with-checkval-No-authenticate-method-Auth-Type-tp5450017p5450841.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
I am using network manager with radius server. I put this config in this files eap.conf default_eap_type = peap create new certificate as per http://deployingradius.com and network manager side i put ca.der but its giving Ready to process requests. rad_recv: Access-Request packet from host 192.168.21.32 port 32773, id=1, length=127 User-Name = testing NAS-IP-Address = 192.168.21.32 Called-Station-Id = 0001 Calling-Station-Id = 1caff76ce38c NAS-Identifier = 0001 NAS-Port = 3 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020c0174657374696e67 Message-Authenticator = 0xbc498e29bfb9f44c5276dcb7d57b082e WARNING: Empty authorize section. Using default return values. ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Delaying reject of request 5 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 5 Sending Access-Reject of id 1 to 192.168.21.32 port 32773 Waking up in 4.9 seconds. Cleaning up request 5 ID 1 with timestamp +95 Ready to process requests. thanks in advance -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Harish Mandowara wrote: but its giving ... WARNING: Empty authorize section. Using default return values. You edited the default configuration and broke it. Don't do that. Check the raddb/sites-enabled directory. Make sure that ONLY the default and inner-tunnel servers are there. Make sure that you HAVEN'T edited those files. The error occurs because the default configuration has been *deleted*. Don't do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Thank you alan, I want to use PEAP-MSCHAP. So that i did change in eap.conf. I did not change in raddb/sites-enabled. Even in radiusd.conf, its there. but its giving right now Module: Linked to module rlm_eap Module: Instantiating module eap from file /usr/local/etc/raddb/eap.conf eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = Password: auth_type = PAP } Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } rlm_eap: No such sub-type for default EAP type peap /usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module eap /usr/local/etc/raddb/sites-enabled/default[310]: Failed to load module eap. /usr/local/etc/raddb/sites-enabled/default[252]: Errors parsing authenticate section. I already install all openssl library but its not working properly. Harish Mandowara wrote: but its giving ... WARNING: Empty authorize section. Using default return values. You edited the default configuration and broke it. Don't do that. Check the raddb/sites-enabled directory. Make sure that ONLY the default and inner-tunnel servers are there. Make sure that you HAVEN'T edited those files. The error occurs because the default configuration has been *deleted*. Don't do that. Alan DeKok. -- With Warm Regards Harish Mandowara -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
On Tue, Jan 24, 2012 at 6:48 PM, Harish Mandowara hari...@cdac.in wrote: Thank you alan, I want to use PEAP-MSCHAP. Ignoring EAP-Type/peap because we do not have OpenSSL support. See that error? Fix that. What OS/distro are you using? if you're having problem building FR with ssl, ready-to-use package should be available for most OS: http://wiki.freeradius.org/Packages -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Hi, Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. built within OpenSSL support - install the DEVELOPMENT libraries/headers (eg ssl-dev, openssl-devel or whatever they are called on your platform) and rebuild. or install a prebuilt package built with openssl support alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Hi, I installed all the these libraries. Again build the code. and install but its coming same. i am putting all debugging message over here. main { allow_core_dumps = no } including dictionary file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/dictionary main { name = radiusd prefix = /usr/local localstatedir = /usr/local/var sbindir = /usr/local/sbin logdir = /usr/local/var/log/radius run_dir = /usr/local/var/run/radiusd libdir = /usr/local/lib radacctdir = /usr/local/var/log/radius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = /usr/local/var/run/radiusd/radiusd.pid checkrad = /usr/local/sbin/checkrad debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = auth secret = testing123 response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = status-server ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: Loading Clients client 192.168.21.32 { ipaddr = 192.168.21.34 require_message_authenticator = no secret = testing123 nastype = other } radiusd: Instantiating modules instantiate { Module: Linked to module rlm_exec Module: Instantiating module exec from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/exec exec { wait = no input_pairs = request shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module expr from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module expiration from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/expiration expiration { reply-message = Password Has Expired } Module: Linked to module rlm_logintime Module: Instantiating module logintime from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/logintime logintime { reply-message = You are calling outside your allowed timespan minimum-timeout = 60 } } radiusd: Loading Virtual Servers server { # from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/radiusd.conf modules { Module: Creating Auth-Type = digest Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module pap from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/pap pap { encryption_scheme = auto auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module chap from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module mschap from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module digest from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/digest Module: Linked to module rlm_unix Module: Instantiating module unix from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/unix unix { radwtmp = /usr/local/var/log/radius/radwtmp } Module: Linked to module rlm_eap Module: Instantiating module eap from file /home/harish/Desktop/source/freeradius-server-2.1.12/raddb/eap.conf eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked
Re: No authenticate method (Auth-Type) found for the request
On Tue, Jan 24, 2012 at 9:55 PM, Harish Mandowara hari...@cdac.in wrote: Hi, I installed all the these libraries. Again build the code. and install but No, you didn't. You either: - didn't have development headers installed (e.g. you have libssl, but not libssl-dev), OR - didn't re-run configure, OR - have conflicting version of openssl, possibly one installed from package and one from source, OR - somehow got a buggy version of openssl (unlikely, but possible) either way, looking at ./configure output (using tee, and later open the log with a text editor helps) should be able to tell you why it has no ssl support. Or just use packages. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Hi, I installed all the these libraries. Again build the code. and install but its coming same. i am putting all debugging message over here. outut of the ./configure stage? once again, no OpenSSL support - so you built without the OpenSSL headers/includes for the server and/or you didnt run the ./configure stage again alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fwd: Need help on ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
attr_filter.access_reject from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = /usr/local/etc/raddb/attrs.access_reject key = %{User-Name} relaxed = no } } # modules } # server server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: Opening IP addresses and Ports listen { type = auth ipaddr = * port = 0 } listen { type = acct ipaddr = * port = 0 } listen { type = control listen { socket = /usr/local/var/run/radiusd/radiusd.sock } } listen { type = auth ipaddr = 127.0.0.1 port = 18120 } ... adding new socket proxy address * port 63625 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. *Packet 0* -- rad_recv: Access-Request packet from host 127.0.0.1 port 64417, id=253, length=77 User-Name = testing User-Password = password NAS-IP-Address = 172.16.142.1 NAS-Port = 0 Message-Authenticator = 0xac50d12cd56157895ad148d9eae1fab3 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = testing, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - testing attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 253 to 127.0.0.1 port 64417 Waking up in 4.9 seconds. Cleaning up request 0 ID 253 with timestamp +52 Ready to process requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: Need help on ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Stephen Kwok wrote: I am a newbie to FreeRADIUS and I have run into a problem during the setup. I have spent some time on researching for an answer online, but I got no luck. I have described the problem as below. Could anyone please let me know what went wrong? Thank you so much in advance. Don't post the same message to the freeradius-users and freeradius-devel list. It's not nice. The whole point of running the server in debugging mode is to *READ* the output. In this case, you've edited /sw//raddb/users, and the server is *clearly* reading /usr/local/etc/raddb/users. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: Need help on ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Hi, OS: Mac OSX 10.6.8 FreeRADIUS version:�2.1.12 Steps taken: snip okay. so you downloaded the software, extracted it, then built it... great. did you note what happened when you 'make install' ? Starting�-�reading�configuration�files�...� including�configuration�file�/usr/local/etc/raddb/radiusd.conf� including�configuration�file�/usr/local/etc/raddb/proxy.conf� including�configuration�file�/usr/local/etc/raddb/clients.conf� theres a hint the server is reading config files from the /usr/local/etc/raddb directory. the config files you have edited are the source code initial versions.. they arent being readhence your testing/password will never work alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Thank's Alan, it works! We had the same issue with python auths being serialized that we had with pam, but running out of debug mode fixed the issue. Pam probably would have worked if we tried that, but it was a pam_python module anyway so it is better going directly to python. Thanks again, Jim On Wed, May 18, 2011 at 1:44 AM, Alan DeKok al...@deployingradius.com wrote: Jim Whitescarver wrote: The only thing we want is python authentication. I just commented out everything else. I will start again and try to minimize edits. I am rather clueless about the nature the minimum edits should have. Add what you need. The default configuration *works*. It seems that every configuration file needs python in every section for it to be recognized. No. You need to list python everywhere you want it to be *used*. I don't think we want to use the users file. We only want to call the python module for any request. That's just rude. The first message you posted showed a users file entry, and wondered why it didn't work. Now you say you don't want to use it. Figure out what you want to do. The majority of the issues you're having are due to inconsistency. It's not clear why we would leave other stuff in if we are not using anything but the python module. Because you don't understand what it does. If you don't understand it, deleting it is wrong. Hey, I don't understand what this widget is on my car engine. I'll just rip it off. Hmm, my car no longer works. I know... I'll blame the mechanic! You wouldn't do that to a car mechanic. Don't do it here. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
I am hoping someone can help me. We compiled 2.1.x from source and finally got it to accept our python Auth-Type as the default in the users file. DEFAULT Auth-Type := python But, after sucessfully calling our python module the user is rejected ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Below is the complete log. Any ideas of what we may be doing wrong? Thanks, Jim Tue May 17 14:15:37 2011 : Debug: Listening on proxy address * port 1814 Tue May 17 14:15:37 2011 : Info: Ready to process requests. rad_recv: Access-Request packet from host 135.207.164.41 port 49346, id=131, length=55 User-Name = owk User-Password = test123 NAS-IP-Address = 135.207.164.41 NAS-Port = 1812 Tue May 17 14:15:50 2011 : Info: # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Tue May 17 14:15:50 2011 : Info: +- entering group authorize {...} Tue May 17 14:15:50 2011 : Info: ++[preprocess] returns ok *** authorize *** Tue May 17 14:15:50 2011 : Info: *** radlog call in authorize *** (('User-Name', 'owk'), ('User-Password', 'test123'), ('NAS-IP-Address', '135.207.164.41'), ('NAS-Port', '1812')) User-Name: owk User-Password: test123 NAS-IP-Address: 135.207.164.41 NAS-Port: 1812 Authenticate User: owk Tue May 17 14:16:16 2011 : Info: ++[python] returns ok Tue May 17 14:16:16 2011 : Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Tue May 17 14:16:16 2011 : Info: Failed to authenticate the user. Tue May 17 14:16:16 2011 : Info: Using Post-Auth-Type Reject Tue May 17 14:16:16 2011 : Info: # Executing group from file /usr/local/etc/raddb/sites-enabled/default Tue May 17 14:16:16 2011 : Info: +- entering group REJECT {...} Tue May 17 14:16:16 2011 : Info: [attr_filter.access_reject] expand: %{User-Name} - owk Tue May 17 14:16:16 2011 : Debug: attr_filter: Matched entry DEFAULT at line 11 Tue May 17 14:16:16 2011 : Info: ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 131 to 135.207.164.41 port 49346 Tue May 17 14:16:16 2011 : Info: Finished request 0. Tue May 17 14:16:16 2011 : Debug: Going to the next request Tue May 17 14:16:16 2011 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 135.207.164.41 port 49346, id=131, length=55 Tue May 17 14:16:16 2011 : Info: Sending duplicate reply to client five-10 port 49346 - ID: 131 Sending Access-Reject of id 131 to 135.207.164.41 port 49346 Tue May 17 14:16:16 2011 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 135.207.164.41 port 49346, id=131, length=55 Tue May 17 14:16:16 2011 : Info: Sending duplicate reply to client five-10 port 49346 - ID: 131 Sending Access-Reject of id 131 to 135.207.164.41 port 49346 Tue May 17 14:16:16 2011 : Debug: Waking up in 4.9 seconds. Tue May 17 14:16:21 2011 : Info: Cleaning up request 0 ID 131 with timestamp +13 Tue May 17 14:16:21 2011 : Info: Ready to process requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Jim Whitescarver wrote: But, after sucessfully calling our python module the user is rejected ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Don't edit the default configuration and break it. Below is the complete log. Any ideas of what we may be doing wrong? (1) Run the server in debugging mode. -Xx gives *too* much information (2) If you 3ant to use the users file, *DON'T* delete files from the authorize section. All of the work you put into simplifying the configuration files was wasted. If you don't understand how the server works, change as little as possible. Read man radiusd, and see the DEBUGGING section. It gives *EXPLICIT* instructions for how to change the configuration of the server. Follow them. This is documented. Following the documentation helps. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
On Tue, May 17, 2011 at 3:08 PM, Alan DeKok al...@deployingradius.com wrote: Jim Whitescarver wrote: But, after sucessfully calling our python module the user is rejected ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Don't edit the default configuration and break it. The only thing we want is python authentication. I just commented out everything else. I will start again and try to minimize edits. I am rather clueless about the nature the minimum edits should have. It seems that every configuration file needs python in every section for it to be recognized. Any ideas of what we may be doing wrong? (1) Run the server in debugging mode. -Xx gives *too* much information (2) If you 3ant to use the users file, *DON'T* delete files from the authorize section. I don't think we want to use the users file. We only want to call the python module for any request. All of the work you put into simplifying the configuration files was wasted. If you don't understand how the server works, change as little as possible. We will try again. It's not clear why we would leave other stuff in if we are not using anything but the python module. Thanks for the tips. Jim. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Jim Whitescarver wrote: The only thing we want is python authentication. I just commented out everything else. I will start again and try to minimize edits. I am rather clueless about the nature the minimum edits should have. Add what you need. The default configuration *works*. It seems that every configuration file needs python in every section for it to be recognized. No. You need to list python everywhere you want it to be *used*. I don't think we want to use the users file. We only want to call the python module for any request. That's just rude. The first message you posted showed a users file entry, and wondered why it didn't work. Now you say you don't want to use it. Figure out what you want to do. The majority of the issues you're having are due to inconsistency. It's not clear why we would leave other stuff in if we are not using anything but the python module. Because you don't understand what it does. If you don't understand it, deleting it is wrong. Hey, I don't understand what this widget is on my car engine. I'll just rip it off. Hmm, my car no longer works. I know... I'll blame the mechanic! You wouldn't do that to a car mechanic. Don't do it here. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSH - No authenticate method (Auth-Type)
What I am trying to setup is as follows 1. Oracle Backend for Authenticating SFTP Clients( openssh ) What I have done so far Setup a second ssh for the SFTP only Updated the sshd_config for using PAM. Request comes to AAA and fails as shown in the logs below. Also note teh password shows as *\010\n\r\177INCORRECT* The sites-enabled default looks like the following authorize { sql expiration logintime } authenticate { # I have tried just pam as you have suggested and it still says No-Auth Auth-Type PAM { pam } } preacct { preprocess acct_unique suffix files } accounting { detail unix radutmp exec attr_filter.accounting_response } session { radutmp } post-auth { sql } pre-proxy { } post-proxy { } As requested I am attaching the radiusd -X log rad_recv: Access-Request packet from host Y.Y.Y.Y port 6975, id=15, length=114 User-Name = test *User-Password = \010\n\r\177INCORRECT* NAS-IP-Address = Y.Y.Y.Y NAS-Identifier = openssh NAS-Port = 5950 NAS-Port-Type = Virtual Service-Type = Authenticate-Only Calling-Station-Id = somebody # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} [sql] expand: %{User-Name} - test [sql] sql_set_user escaped user --test rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id - SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'test' ORDER BY id WARNING: Found User-Password == WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See man rlm_pap for more information. [sql] expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' - SELECT GroupName FROM radusergroup WHERE UserName='test' [sql] expand: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,radusergroup WHERE radusergroup.Username = '%{SQL-User-Name}' AND radusergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id - SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,radusergroup WHERE radusergroup.Username = 'test' AND radusergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id [sql] User found in group SFTP_Client [sql] expand: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,radusergroup WHERE radusergroup.Username = '%{SQL-User-Name}' AND radusergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id - SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,radusergroup WHERE radusergroup.Username = 'test' AND radusergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 15 to 199.106.120.244 port 6975 Password == test Waking up in 4.9 seconds. Cleaning up request 0 ID 15 with timestamp +10 Ready to process requests. On Thu, Feb 17, 2011 at 5:42 PM, Marc Phillips rm...@copacetic.net wrote: Sending Access-Request of id 58 to X.X.X.X port Y User-Name = test User-Password = test NAS-IP-Address = X.X.X.X NAS-Port = Y Framed-Protocol = PPP rad_recv: Access-Accept packet from host X.X.X.X port Y, id=58, length=38 The freeradius is setup with an oracle db backend. I had something similar with PAM. What I did is have a user entry like: DEFAULT Ldap-Group == mygroup, Auth-Type = pam Reply-Message = Hello (admin), %{User-Name}, Fall-Through = No and in my sites-enabled default: authorize { preprocess auth_log files ldap } authenticate { pam } You'll obviously have some sort of sql auth-type and probably won't need the LDAP stuff. Hope this helps. R. Marc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSH - No authenticate method (Auth-Type)
Jaikanth Krishnaswamy wrote: Setup a second ssh for the SFTP only Updated the sshd_config for using PAM. Request comes to AAA and fails as shown in the logs below. Also note teh password shows as *\010\n\r\177INCORRECT* SSH has replaced the password with that text. There is *nothing* you can do to FreeRADIUS that will fix the problem. Go fix the PAM configuration on the client machine so that it doesn't destroy the password entered by the user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSH - No authenticate method (Auth-Type)
On 18/02/11 01:03, Jaikanth Krishnaswamy wrote: Hi All, I am a newbie to freeradius world. I am using freeradius 2.1.10 for authorization and authentication. My authorization works Sending Access-Request of id 58 to X.X.X.X port Y User-Name = test User-Password = test NAS-IP-Address = X.X.X.X NAS-Port = Y Framed-Protocol = PPP rad_recv: Access-Accept packet from host X.X.X.X port Y, id=58, length=38 The freeradius is setup with an oracle db backend. The basic step is to have the Oracle database return: username Cleartext-Password := thepassword ...and have: authorize { ... pap } authenticate { Auth-Type PAP { pap } } If you can't get it working, send the full debug output as the docs request: radiusd -X | tee log - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SSH - No authenticate method (Auth-Type)
Hi All, I am a newbie to freeradius world. I am using freeradius 2.1.10 for authorization and authentication. My authorization works Sending Access-Request of id 58 to X.X.X.X port Y User-Name = test User-Password = test NAS-IP-Address = X.X.X.X NAS-Port = Y Framed-Protocol = PPP rad_recv: Access-Accept packet from host X.X.X.X port Y, id=58, length=38 The freeradius is setup with an oracle db backend. I would like to use the freeradius for my SSH. I have read some online blogs and setup my SSH with PAM. When I establish an SSH Session to the host and this is what I see in the logs. ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. If I am using the oracle DB(sql) to perform authorization and it works what needs to be done to use the same oracle DB(sql maybe other tables) for authentication. Need your help or guidance with some links/documentation on how to set SSH+ Freeradius Thanks JK - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSH - No authenticate method (Auth-Type)
Sending Access-Request of id 58 to X.X.X.X port Y User-Name = test User-Password = test NAS-IP-Address = X.X.X.X NAS-Port = Y Framed-Protocol = PPP rad_recv: Access-Accept packet from host X.X.X.X port Y, id=58, length=38 The freeradius is setup with an oracle db backend. I had something similar with PAM. What I did is have a user entry like: DEFAULT Ldap-Group == mygroup, Auth-Type = pam Reply-Message = Hello (admin), %{User-Name}, Fall-Through = No and in my sites-enabled default: authorize { preprocess auth_log files ldap } authenticate { pam } You'll obviously have some sort of sql auth-type and probably won't need the LDAP stuff. Hope this helps. R. Marc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSH - No authenticate method (Auth-Type)
Thanks Marc, I am trying to use the Freeradius for authentication and authorization of SSH users with the oracle backend. Not sure how I need to use the below info in my setup. Problems of being a newbie. On Thu, Feb 17, 2011 at 5:42 PM, Marc Phillips rm...@copacetic.net wrote: Sending Access-Request of id 58 to X.X.X.X port Y User-Name = test User-Password = test NAS-IP-Address = X.X.X.X NAS-Port = Y Framed-Protocol = PPP rad_recv: Access-Accept packet from host X.X.X.X port Y, id=58, length=38 The freeradius is setup with an oracle db backend. I had something similar with PAM. What I did is have a user entry like: DEFAULT Ldap-Group == mygroup, Auth-Type = pam Reply-Message = Hello (admin), %{User-Name}, Fall-Through = No and in my sites-enabled default: authorize { preprocess auth_log files ldap } authenticate { pam } You'll obviously have some sort of sql auth-type and probably won't need the LDAP stuff. Hope this helps. R. Marc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request:
Installed FreeRadius 2.1.8 to authenticate to an LDAP back end (eDirectory) Set it up per the document link below: http://www.novell.com/communities/node/11321/freeradius-218-edirectory-integration Now I'm getting a No authenticate method error. Output of radiusd -X below: Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.1.0.12 port 3915, id=9, length=48 User-Name = radadmin User-Password = thepassword +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = radadmin, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - radadmin attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 9 to 10.1.0.12 port 3915 Waking up in 4.9 seconds. Cleaning up request 0 ID 9 with timestamp +3 Ready to process requests. In the Novell Cool Solution link, they say to un-comment ldap in the authorize section of /etc/raddb/sites-enabled/inner-tunnel but I had a question on this. Attached is my inner-tunnel config. My question is do I also need to un-comment the following in the authenticate section or am I missing something else entirely? #Auth-Type LDAP { # ldap #} # -*- text -*- ## # # This is a virtual server that handles *only* inner tunnel # requests for EAP-TTLS and PEAP types. # # $Id$ # ## server inner-tunnel { # # Un-comment the next section to perform test on the inner tunnel # without needing an outer tunnel session. The tests will not be # exactly the same as when TTLS or PEAP are used, but they will # be close enough for many tests. # #listen { # ipaddr = 127.0.0.1 # port = 18120 # type = auth #} # Authorization. First preprocess (hints and huntgroups files), # then realms, and finally look in the users file. # # The order of the realm modules will determine the order that # we try to find a matching realm. # # Make *sure* that 'preprocess' comes before any realm if you # need to setup hints for the remote radius server authorize { # # The chap module will set 'Auth-Type := CHAP' if we are # handling a CHAP request and Auth-Type has not already been set chap # # If the users are logging in with an MS-CHAP-Challenge # attribute for authentication, the mschap module will find # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' # to the request, which will cause the server to then use # the mschap module for authentication. mschap # # Pull crypt'd passwords from /etc/passwd or /etc/shadow, # using the system API's to get the password. If you want # to read /etc/passwd or /etc/shadow directly, see the # passwd module, above. # unix # # Look for IPASS style 'realm/', and if not found, look for # '@realm', and decide whether or not to proxy, based on # that. # IPASS # # If you are using multiple kinds of realms, you probably # want to set ignore_null = yes for all of them. # Otherwise, when the first style of realm doesn't match, # the other styles won't be checked. # # Note that proxying the inner tunnel authentication means # that the user MAY use one identity in the outer session # (e.g. anonymous, and a different one here # (e.g. u...@example.com). The inner session will then be # proxied elsewhere for authentication. If you are not # careful, this means that the user can cause you to forward # the authentication to another RADIUS server, and have the # accounting logs *not* sent to the other server. This makes # it difficult to bill people for their network activity. # suffix # ntdomain # # The suffix module takes care of stripping the domain # (e.g. @example.com) from the User-Name attribute, and the # next few
Re: No authenticate method (Auth-Type) configuration found for the request:
On 17/12/10 14:40, discgolfer72 wrote: Installed FreeRadius 2.1.8 to authenticate to an LDAP back end (eDirectory) Set it up per the document link below: http://www.novell.com/communities/node/11321/freeradius-218-edirectory-integration Now I'm getting a No authenticate method error. Output of radiusd -X below: Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.1.0.12 port 3915, id=9, length=48 User-Name = radadmin User-Password = thepassword +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = radadmin, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Note: the ldap module doesn't appear above. In the Novell Cool Solution link, they say to un-comment ldap in the authorize section of /etc/raddb/sites-enabled/inner-tunnel but I had a inner-tunnel is used for the 2nd phase of EAP. Your debug above shows a PAP request, which is not EAP, so inner-tunnel isn't used. If you are setting up to support EAP, use an EAP client for testing (google for eapol_test) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request:
What would be the proper service to use for eDirectory? Can I assume from the document that EAP is the one to use for authenticating to eDirectory or is another one better for that? Ultimately, we want to set up a Wireless Access Point to send it's request to the Radius Server which then queries eDirectory to authenticate the user to the WAP. Thanks! Ben On 12/17/2010 9:00 AM, Phil Mayers wrote: On 17/12/10 14:40, discgolfer72 wrote: Installed FreeRadius 2.1.8 to authenticate to an LDAP back end (eDirectory) Set it up per the document link below: http://www.novell.com/communities/node/11321/freeradius-218-edirectory-integration Now I'm getting a No authenticate method error. Output of radiusd -X below: Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.1.0.12 port 3915, id=9, length=48 User-Name = radadmin User-Password = thepassword +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = radadmin, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Note: the ldap module doesn't appear above. In the Novell Cool Solution link, they say to un-comment ldap in the authorize section of /etc/raddb/sites-enabled/inner-tunnel but I had a inner-tunnel is used for the 2nd phase of EAP. Your debug above shows a PAP request, which is not EAP, so inner-tunnel isn't used. If you are setting up to support EAP, use an EAP client for testing (google for eapol_test) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Ben Lewis b...@lewisit.net 615.517.4538 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request:
Ben Lewis wrote: What would be the proper service to use for eDirectory? ldap. Read raddb/sites-available/default. Look for ldap. Can I assume from the document that EAP is the one to use for authenticating to eDirectory No. or is another one better for that? Ultimately, we want to set up a Wireless Access Point to send it's request to the Radius Server which then queries eDirectory to authenticate the user to the WAP. Run 2.1.10, and read raddb/sites-available/inner-tunnel. And also look for ldap there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request:
That did the trick. Thanks Alan and Phil!!! On 12/17/2010 9:20 AM, Alan DeKok wrote: Ben Lewis wrote: What would be the proper service to use for eDirectory? ldap. Read raddb/sites-available/default. Look for ldap. Can I assume from the document that EAP is the one to use for authenticating to eDirectory No. or is another one better for that? Ultimately, we want to set up a Wireless Access Point to send it's request to the Radius Server which then queries eDirectory to authenticate the user to the WAP. Run 2.1.10, and read raddb/sites-available/inner-tunnel. And also look for ldap there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Ben Lewis b...@lewisit.net 615.517.4538 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for therequest:
Ben, its sounds like you have everything going, to you still need the screencast? Congradulations if you have it all worked out ;) Matthew Stavert ITSM, ACMT Information Systems Analyst NLSD. 69 PH:780-826-3145 Cell: 780-207-1146 Ben Lewis b...@lewisit.net 12/17/2010 9:17 AM That did the trick. Thanks Alan and Phil!!!On 12/17/2010 9:20 AM, Alan DeKok wrote: Ben Lewis wrote: What would be the proper service to use for eDirectory? ldap. Read raddb/sites-available/default. Look for "ldap". Can I assume from the document that EAP is the one to use for authenticating to eDirectory No. or is another one better for that? Ultimately, we want to set up a Wireless Access Point to send it's request to the Radius Server which then queries eDirectory to authenticate the user to the WAP. Run 2.1.10, and read raddb/sites-available/inner-tunnel. And also look for "ldap" there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Ben Lewisb...@lewisit.net615.517.4538-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for therequest:
I think we're good now. Thanks for offering the screencast though! On 12/17/2010 10:38 AM, Matthew Stavert [via FreeRadius] wrote: HTMLHEAD /HEAD BODY style=MARGIN: 4px 4px 1px; FONT: 10pt Tahoma Ben, its sounds like you have everything going, to you still need the screencast? Congradulations if you have it all worked out ;) * * * Matthew Stavert ITSM, ACMT Information Systems Analyst NLSD. 69 PH:780-826-3145 Cell: 780-207-1146 * Ben Lewis [hidden email] /user/SendEmail.jtp?type=nodenode=3309666i=0 12/17/2010 9:17 AM That did the trick. Thanks Alan and Phil!!! On 12/17/2010 9:20 AM, Alan DeKok wrote: Ben Lewis wrote: What would be the proper service to use for eDirectory? ldap. Read raddb/sites-available/default. Look for ldap. Can I assume from the document that EAP is the one to use for authenticating to eDirectory No. or is another one better for that? Ultimately, we want to set up a Wireless Access Point to send it's request to the Radius Server which then queries eDirectory to authenticate the user to the WAP. Run 2.1.10, and read raddb/sites-available/inner-tunnel. And also look for ldap there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Ben Lewis [hidden email] /user/SendEmail.jtp?type=nodenode=3309666i=1 615.517.4538 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html /BODY/HTML - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html *PIMTVUARQOFV.IMAGE_1.jpg* (21K) Download Attachment /attachment/3309666/0/PIMTVUARQOFV.IMAGE_1.jpg View message @ http://freeradius.1045715.n5.nabble.com/No-authenticate-method-Auth-Type-configuration-found-for-the-request-tp3309472p3309666.html To unsubscribe from No authenticate method (Auth-Type) configuration found for the request:, click here http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_codenode=3309472code=YmVuQGxld2lzaXQubmV0fDMzMDk0NzJ8MTgxNTY1MDM5. -- Ben Lewis b...@lewisit.net 615.517.4538 -- View this message in context: http://freeradius.1045715.n5.nabble.com/No-authenticate-method-Auth-Type-configuration-found-for-the-request-tp3309472p3309669.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with authenticate method (Auth-Type)
sltd wrote: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. What authentication do you want to use!? the user file? you should enable your prefered authentification! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problem-with-authenticate-method-Auth-Type-tp3283253p3287311.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found
Hi, I've got some trouble with freeradius 2.0.4 and mysql on debian when i want to connect from a remote host. Locally I can do following command successfully: radtest guest guest 127.0.0.1 0 radiussecret When I connect from my NAS using chilli on openwrt I get the following error: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [guest/MM\250f\375 \241Ñ?\247\007\242Ë?i\316] (from client nas01 port 2 cli 00-0C-29-00-71-20) WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! I allready checked the secret. It's the same in chilli config and client.conf on the server. I also tried a user with Cleartext-Passwort without success. When I do the select on radcheck manually on the command line, the user gets found. So I think it's only a small configuration error on server site but I can't find it. Here you can see the hole debug output. Any help would be appreciated. FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Sep 7 2008 at 23:35:34 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including configuration file /etc/freeradius/snmp.conf including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel including dictionary file /etc/freeradius/dictionary main { prefix = /usr localstatedir = /var logdir = /var/log/freeradius libdir = /usr/lib/freeradius radacctdir = /var/log/freeradius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = /var/run/freeradius/freeradius.pid user = freerad group = freerad checkrad = /usr/sbin/checkrad debug_level = 0 proxy_requests = no security { max_attributes = 200 reject_delay = 1 status_server = yes } } client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = radiussecret nastype = other } client 172.16.20.10 { require_message_authenticator = no secret = radiussecret shortname = nas01 } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = auth secret = radiussecret response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = status-server ping_check = none ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: Instantiating modules instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = yes input_pairs = request shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = Password Has Expired } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = You are calling outside your allowed timespan minimum-timeout = 60 } } radiusd: Loading Virtual Servers server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = auto auto_header = yes } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong
Re: No authenticate method (Auth-Type) configuration found
Bereos OHG Michael Spinnenhirn wrote: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [guest/MM\250f\375 \241Ñ?\247\007\242Ë?i\316] (from client nas01 port 2 cli 00-0C-29-00-71-20) WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! I allready checked the secret. It's the same in chilli config and client.conf on the server. That message is pretty definitive. I suggest *deleting* the client. Then send the server packets. Verify that the server complains about unknown client. Then, add the client again. This time re-entering all of the data, rather than copying it from your existing configuration. Also try radtest (or radclient) from the remote machine. There's no need to depend on Chillispot config when you can use the FreeRADIUS software to do the tests. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found
WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM radusergroup WHERE username = 'guest' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type !!! !!!Replacing User-Password in config items with Cleartext-Password. !!! !!! !!! Please update your configuration so that the known good !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!! auth: type PAP +- entering group PAP rlm_pap: login attempt with password guest rlm_pap: Using clear text password guest rlm_pap: User authenticated successfully ++[pap] returns ok Login OK: [guest/guest] (from client 172.16.30.6 port 0) +- entering group post-auth rlm_sql (sql): Processing sql_postauth expand: %{User-Name} - guest rlm_sql (sql): sql_set_user escaped user -- 'guest' expand: %{User-Password} - guest expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') - INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'guest', 'guest', 'Access-Accept', '2010-10-20 15:47:40') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'guest', 'guest', 'Access-Accept', '2010-10-20 15:47:40') rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 105 to 172.16.30.6 port 42677 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 105 with timestamp +20 Ready to process requests. What else could be wrong here? Alan DeKok schrieb: Bereos OHG Michael Spinnenhirn wrote: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [guest/MM\250f\375 \241Ñ?\247\007\242Ë?i\316] (from client nas01 port 2 cli 00-0C-29-00-71-20) WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! I allready checked the secret. It's the same in chilli config and client.conf on the server. That message is pretty definitive. I suggest *deleting* the client. Then send the server packets. Verify that the server complains about unknown client. Then, add the client again. This time re-entering all of the data, rather than copying it from your existing configuration. Also try radtest (or radclient) from the remote machine. There's no need to depend on Chillispot config when you can use the FreeRADIUS software to do the tests. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found
Bereos OHG Michael Spinnenhirn wrote: The remote radclient gives the following debug output: rad_recv: Access-Request packet from host 172.16.20.10 port 56195, id=36, length User-Name = guest sigh You're not including a User-Password in the request. It needs one. What else could be wrong here? Look at the packets the server is receiving from the two clients: they're different. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found
I can see the difference between the working one on the server and the other one from the remote client. But I executed the same command on both machines. echo User-Name=guest,Password=guest | radclient 172.16.30.6:1812 auth radiussecret I have tried it from another debian server, too, with success. So it has to be a problem with the radclient on the openwrt box, doesn't it? Alan DeKok schrieb: Bereos OHG Michael Spinnenhirn wrote: The remote radclient gives the following debug output: rad_recv: Access-Request packet from host 172.16.20.10 port 56195, id=36, length User-Name = guest sigh You're not including a User-Password in the request. It needs one. What else could be wrong here? Look at the packets the server is receiving from the two clients: they're different. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found
Bereos OHG Michael Spinnenhirn wrote: I can see the difference between the working one on the server and the other one from the remote client. But I executed the same command on both machines. echo User-Name=guest,Password=guest | radclient 172.16.30.6:1812 auth radiussecret I have tried it from another debian server, too, with success. So it has to be a problem with the radclient on the openwrt box, doesn't it? Yes. Check the dictionaries, and make the clients send the same packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found
Hi Alan, I 've found the reason why le rlm_ldap module was not loaded. Now it's a little better i.e., but now the LDAP can't authenticate my account: Below the new output when running radtest: /usr/bin/radtest/ -d /etc/freeradius ldap 127.0.0.1:1812 10 testing123: r/ad_recv: Access-Request packet from host 127.0.0.1 port 36154, id=158, length=56 User-Name = ldap User-Password = NAS-IP-Address = 192.168.55.150 NAS-Port = 10 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '/' in User-Name = ldap, looking up realm NULL rlm_realm: No such realm NULL ++[IPASS] returns noop rlm_realm: No '@' in User-Name = ldap, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop ++[files] returns noop ++[unix] returns notfound rlm_ldap: - authorize rlm_ldap: performing user authorization for ldap expand: (sAMAccountName=%u) - (sAMAccountName=ldap) expand: dc=privee,dc=enssib,dc=fr - dc=privee,dc=enssib,dc=fr rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to servcdom.privee.enssib.fr:389, authentication 0 rlm_ldap: bind as cn=ldap,cn=users,dc=privee,dc=enssib,dc=fr/ to servcdom.privee.enssib.fr:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=privee,dc=enssib,dc=fr, with filter (sAMAccountName=ldap) rlm_ldap: ldap_search() failed: Operations error rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns fail Invalid user: [ldap/toti] (from client localhost port 10) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} - ldap attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 158 to 127.0.0.1 port 36154 Waking up in 4.9 seconds. Cleaning up request 0 ID 158 with timestamp +206 Ready to process requests./ I've noticed that the account 'ldap' binds successfully the LDAP, but the connecting step fails. Thanks for any answer. Isabelle RECH LE RECIS Enssib Département informatique 17-21 Bd du 11 Novembre 1918 69623 Villeurbanne Cedex Tel : 04 72 44 43 34 http://www.enssib.fr/ __ Le 24/08/2010 16:09, Alan DeKok a écrit : Isabelle RECH wrote: Hi frree-radius users ! I'm running a freeradius 2.0.4 on a DEBIAN 5.0.5 We want to access an LDAP / windows base , wich is declared in radiusd.conf file Below is the output produced by the radiusd -X debugging mode when I run the radtest : ... Obviously, it's the authenticate method which is missing . I've add this entry it in the /etc/freeradius/sites-available/default: - The entries ldap pap are uncommented in Authorize { } section Read the debug output again. You did *not* uncomment the ldap line in the authorize section. Alan DeKok. -- __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found
Isabelle RECH wrote: Hi Alan, Don't CC me on messages to the list. I *do* read the list. rlm_ldap: ldap_search() failed: Operations error Install 2.1.7 or later, and see chase_referrals and rebind in raddb/modules/ldap Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found
Hi frree-radius users ! I'm running a freeradius 2.0.4 on a DEBIAN 5.0.5 We want to access an LDAP / windows base , wich is declared in radiusd.conf file Below is the output produced by the radiusd -X debugging mode when I run the radtest : _radtest command_: /usr/sbin/radtest -d /etc/freeradius ldap 127.0.0.1:1812 10 testing123 _Output produced:_ rad_recv: Access-Request packet from host 127.0.0.1 port 59383, id=56, length=56 User-Name = ldap User-Password = NAS-IP-Address = 192.168.55.150 NAS-Port = 10 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = ldap, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [ldap/] (from client localhost port 10) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} - ldap attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 56 to 127.0.0.1 port 59383 Waking up in 4.9 seconds. Cleaning up request 0 ID 56 with timestamp +40 Ready to process requests. Obviously, it's the authenticate method which is missing . I've add this entry it in the /etc/freeradius/sites-available/default: - The entries ldap pap are uncommented in Authorize { } section - The entry Auth-Type LDAP { ldap } is in the authenticate {} section. Any idea ? Have a nice day, everybody !! -- __ Isabelle RECH LE RECIS Enssib Département informatique 17-21 Bd du 11 Novembre 1918 69623 Villeurbanne Cedex Tel : 04 72 44 43 34 http://www.enssib.fr/ __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found
Isabelle RECH wrote: Hi frree-radius users ! I'm running a freeradius 2.0.4 on a DEBIAN 5.0.5 We want to access an LDAP / windows base , wich is declared in radiusd.conf file Below is the output produced by the radiusd -X debugging mode when I run the radtest : ... Obviously, it's the authenticate method which is missing . I've add this entry it in the /etc/freeradius/sites-available/default: - The entries ldap pap are uncommented in Authorize { } section Read the debug output again. You did *not* uncomment the ldap line in the authorize section. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Johnny R wrote: Hi all, Problem solved about CopSpot and Freeradius, it works against the user file (not OpenLDAP). Actually, I am wondering if I can do the authentication using eap-tls module. I enabled it and it gave me the following output: ... Tue Apr 27 11:12:19 2010 : Error: rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory Tue Apr 27 11:12:19 2010 : Error: rlm_eap_tls: Error reading certificate file $/etc/freeradius/certs/serverd.pem So... that file doesn't exist. Maybe you need to create it? And this error occurs only if you edit the default configuration, and break it. Frankly, I don't know what the error means: is that the rlm_eap module was not found (and it's right, it is not present in my system) , if so how can I install it without reinstalling the whole freeradius ? You should try reading *all* of the error messages, rather than only the last one or two. The server is telling you what's wrong. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Johnny R wrote: * is the cipher login/password which comes from CopSpot(or any captive portal) deciphered before ipcop sends it to freeradius-server? (It's a kind of question which can not be asked here but ... never know) I have no idea what that means. * the authentication type set in ipcop is just radius (and its ip), so I don't understand why the packet contains CHAP? shrug Go ask the ipcop people. according to http://deployingradius.com/documents/configuration/active_directory.html, centralizing the authentication in samba will work fine, but I want to do it against ldap. I think, what's wrong here is that I added users by smbldap-useradd, not simply ldapadd (which won't work actually, it says: invalid credentials) ... * So how can I force freeradius to use pap You can't. The NAS (ipcop) determines what to put in the Access-Request, not FreeRADIUS. You need to put the clear-text password into the database. That's the only thing you can do to FreeRADIUS which will help. (to be able to authenticate it against ldap) even the passwd/login is tls ciphered (from chilispot)I m really convinced that that's not possible, even senseless but I have to know why ... I have no idea what that means. Finally, once again, I really want to thank the list for your availability, the freeradius dev. team, because this is a success for the open source community. Thanks, It's what I do... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
: Info: ++[pap] returns noop Thu Apr 22 14:17:59 2010 : Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Thu Apr 22 14:17:59 2010 : Info: Failed to authenticate the user. Thu Apr 22 14:17:59 2010 : Info: Using Post-Auth-Type Reject Thu Apr 22 14:17:59 2010 : Info: +- entering group REJECT {...} Thu Apr 22 14:17:59 2010 : Info: [attr_filter.access_reject]expand: %{User-Name} - kkigor14 Thu Apr 22 14:17:59 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11 Thu Apr 22 14:17:59 2010 : Info: ++[attr_filter.access_reject] returns updated Thu Apr 22 14:17:59 2010 : Info: Delaying reject of request 0 for 1 seconds Thu Apr 22 14:17:59 2010 : Debug: Going to the next request Thu Apr 22 14:17:59 2010 : Debug: Waking up in 0.9 seconds. Thu Apr 22 14:18:00 2010 : Info: Sending delayed reject for request 0 Sending Access-Reject of id 0 to 192.168.2.1 port 32790 Thu Apr 22 14:18:00 2010 : Debug: Waking up in 4.9 seconds. Thu Apr 22 14:18:05 2010 : Info: Cleaning up request 0 ID 0 with timestamp +188 Thu Apr 22 14:18:05 2010 : Info: Ready to process requests. All the Best -- - |JJohnny RANDRIAMAMPIONONA | | Phone: +212663682554| | National School of Applied Sciences | | 1818 TANGIER 9 | || - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Johnny R wrote: The authentication worked well locally against openldap (in the same server). When an user try to connect to internet in the Blue Zone (WLAN), it generates the following error in the radius-server. I am really stuck here, any help will be welcome. Look at the debug log. The packet contains CHAP, and the database has only NT-Password and LM-Passwords. They are simply not compatible: http://deployingradius.com/documents/protocols/compatibility.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi again List, Thank very much Alan, I am so sorry if I am a little bit bothering ... but all seems to be jumbled in my head. So I have some questions: - is the cipher login/password which comes from CopSpot(or any captive portal) deciphered before ipcop sends it to freeradius-server? (It's a kind of question which can not be asked here but ... never know) - the authentication type set in ipcop is just radius (and its ip), so I don't understand why the packet contains CHAP? according to http://deployingradius.com/documents/configuration/active_directory.html, centralizing the authentication in samba will work fine, but I want to do it against ldap. I think, what's wrong here is that I added users by smbldap-useradd, not simply ldapadd (which won't work actually, it says: invalid credentials) ... - So how can I force freeradius to use pap (to be able to authenticate it against ldap) even the passwd/login is tls ciphered (from chilispot)I m really convinced that that's not possible, even senseless but I have to know why ... Finally, once again, I really want to thank the list for your availability, the freeradius dev. team, because this is a success for the open source community. Thanks, On Thu, Apr 22, 2010 at 4:45 PM, Alan DeKok al...@deployingradius.comwrote: Johnny R wrote: The authentication worked well locally against openldap (in the same server). When an user try to connect to internet in the Blue Zone (WLAN), it generates the following error in the radius-server. I am really stuck here, any help will be welcome. Look at the debug log. The packet contains CHAP, and the database has only NT-Password and LM-Passwords. They are simply not compatible: http://deployingradius.com/documents/protocols/compatibility.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - |JJohnny RANDRIAMAMPIONONA | | Phone: +212663682554| | National School of Applied Sciences | | 1818 TANGIER 9 | || - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, * is the cipher login/password which comes from CopSpot(or any captive portal) deciphered before ipcop sends it to freeradius-server? (It's a kind of question which can not be asked here but ... never know) if the server says its CHAP then its probably sent as CHAP rather than PAP... * the authentication type set in ipcop is just radius (and its ip), so I don't understand why the packet contains CHAP? RADIUS is the method of AAA - the CHAP is what the NAS/AP/captive system is sending the user details as CHAP and DB is a problem check your CopSpot system to see if that method can be changed alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Ahmed Munir wrote: Thanks for replying. I already enabled sql in sites-enabled/default in accounting and authorize section and even in sessions section as well, which is optional, but unfortunately radius is unable to connect with MySQL. Can you post the error, or is it a secret? If there is no error, then FreeRADIUS *isn't* trying to connect to MySQL, and you didn't edit the right files. When the word sql appears in the debug output, it means that the server is trying to use the SQL module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
On 04/16/2010 01:24 AM, Ahmed Munir wrote: Hi, Thanks for replying. I already enabled sql in sites-enabled/default in accounting and authorize section and even in sessions section as well, which is optional, but unfortunately radius is unable to connect with MySQL. Even I can access the MySQL using radius credentials. Sorry, but you haven't enabled sql or mysql, it's not in the debug output you posted. It would say so if it was. You would see lines like this in your debug output: Module: Linked to module rlm_sql Module: Instantiating sql rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked I see no such in your debug output. Kindly advise me what other method radius connection with MySQL. There is no other way, you have to enable it *and* it has to be available. Are you sure you're editing the right files? I noticed from your debug ouput that your config files are located under /usr/local/etc/raddb. That only happens when you build the server yourself. If you've got a pre-built version the config files are usually under /etc/raddb. If you have both a locally built version and a pre-built version installed you have to be *very* careful as to which one you're working with. If you built the server yourself did you have all the necessary SQL development libraries and headers installed? Does your build log show you actually compiled rlm_sql and rlm_mysql? -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
On 04/15/2010 01:13 AM, Ahmed Munir wrote: Hi, I installed latest version of it and followed the steps as mentioned in the website: http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I run radtest I'm facing error as listed below; It is further to be added that I'm facing this error when I configure FreeRadius with MySQL, but working fine when using users file. I even configure sql.conf and configure mysql parameters, include sql in radius.conf and on sites-available/default I enabled sql on account and authorize section as steps mentioned in website above. I don't think you've enabled the SQL module or MySQL, I don't see either anywhere in the instantiate part of the log. I do see you're including /usr/local/etc/raddb/sql.conf. Is sql uncommented (e.g. enabled) in /usr/local/etc/raddb/sites-enabled/default? It isn't by default. Because as I pass radius credentials, I can connect to MySQL. Is there other way to check radius connection with MySQL? Note: Firewall and SELinux has been disabled on my machine. Please advise how can I resolve this issue. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, Thanks for replying. I already enabled sql in sites-enabled/default in accounting and authorize section and even in sessions section as well, which is optional, but unfortunately radius is unable to connect with MySQL. Even I can access the MySQL using radius credentials. Kindly advise me what other method radius connection with MySQL. Date: Thu, 15 Apr 2010 08:59:43 -0400 From: John Dennis jden...@redhat.com Subject: Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Cc: Ahmed Munir ahmedmunir...@gmail.com Message-ID: 4bc70dbf.90...@redhat.com Content-Type: text/plain; charset=UTF-8; format=flowed On 04/15/2010 01:13 AM, Ahmed Munir wrote: Hi, I installed latest version of it and followed the steps as mentioned in the website: http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I run radtest I'm facing error as listed below; It is further to be added that I'm facing this error when I configure FreeRadius with MySQL, but working fine when using users file. I even configure sql.conf and configure mysql parameters, include sql in radius.conf and on sites-available/default I enabled sql on account and authorize section as steps mentioned in website above. I don't think you've enabled the SQL module or MySQL, I don't see either anywhere in the instantiate part of the log. I do see you're including /usr/local/etc/raddb/sql.conf. Is sql uncommented (e.g. enabled) in /usr/local/etc/raddb/sites-enabled/default? It isn't by default. Because as I pass radius credentials, I can connect to MySQL. Is there other way to check radius connection with MySQL? Note: Firewall and SELinux has been disabled on my machine. Please advise how can I resolve this issue. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -- Regards, Ahmed Munir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, I installed latest version of it and followed the steps as mentioned in the website: http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I run radtest I'm facing error as listed below; [r...@newtest raddb]# radtest sqltest testpwd 127.0.0.1 1812 testing123 Sending Access-Request of id 38 to 127.0.0.1 port 1812 User-Name = sqltest User-Password = testpwd NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=38, length=20 The logs of radiusd -X are listed down below; FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Apr 9 2010 at 12:11:15 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd. conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/sql.conf including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/default.orig including configuration file /usr/local/etc/raddb/sites-enabled/control-socket including configuration file /usr/local/etc/raddb/sites-enabled/default main { allow_core_dumps = no } including dictionary file /usr/local/etc/raddb/dictionary main { prefix = /usr/local
Re: No authenticate method (Auth-Type) configuration found
Ahmed Munir wrote: Thanks for reply. Well user is created on SQL, and I uncommented 'sql' from sites-enabled/default on Authorized section and Accounting Section. But when I add 'sql' in Authenticate section I'm getting same error. i.e. [r...@newtest raddb]# radtest sqltest testpwd 127.0.0.1 1812 testing123 sigh Run the server in debugging mode, as suggested in the FAQ, README, INSTALL, man page, and daily on this list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, I'm newbie in FreeRadius, I installed latest version of it and followed the steps as mentioned in the websites: http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-management-with-daloradiusand http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I issue radtest sqltest testpwd 127.0.0.1 1812 testing123. The logs are listed down below; FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Apr 9 2010 at 12:11:15 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/sql.conf including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/default.orig including configuration file /usr/local/etc/raddb/sites-enabled/control-socket including configuration file /usr/local/etc/raddb/sites-enabled/default main { allow_core_dumps = no } including dictionary file /usr/local/etc/raddb/dictionary main { prefix = /usr/local localstatedir = /usr/local/var logdir = /usr/local/var/log/radius libdir = /usr/local/lib radacctdir = /usr/local/var/log/radius
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
hi, the log said [pap] WARNING! No known good password found for the user. Authentication may fail because of this. could you show your users file? ciao omega BK 2010/4/12 Ahmed Munir ahmedmunir...@gmail.com Hi, I'm newbie in FreeRadius, I installed latest version of it and followed the steps as mentioned in the websites: http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-management-with-daloradiusand http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I issue radtest sqltest testpwd 127.0.0.1 1812 testing123. The logs are listed down below; FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Apr 9 2010 at 12:11:15 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/ detail.example.com including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/sql.conf including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/default.orig including configuration file /usr/local/etc/raddb/sites-enabled/control-socket including configuration file /usr/local/etc/raddb/sites-enabled
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, I'm newbie in FreeRadius, I installed latest version of it and followed the steps as mentioned in the websites: http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-management-with-daloradius and http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I issue radtest sqltest testpwd 127.0.0.1 1812 testing123. the username 'sqltest' gives a slight hint. is this user in 'users' file or in SQL? if the username is in SQL, then you need to activate the SQL stuff (uncomment or add SQL to the auth section) - its not on by default because then all sites would have to have SQL up and running for anything to work (or else it'd crash and burn) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found
Hi, Thanks for reply. Well user is created on SQL, and I uncommented 'sql' from sites-enabled/default on Authorized section and Accounting Section. But when I add 'sql' in Authenticate section I'm getting same error. i.e. [r...@newtest raddb]# radtest sqltest testpwd 127.0.0.1 1812 testing123 Sending Access-Request of id 38 to 127.0.0.1 port 1812 User-Name = sqltest User-Password = testpwd NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=38, length=20 The user I created in SQL listed down below; idusername attribute opvalue 1 sqltest Cleartext-Password:=testpwd Please advise what am I missing? Kindly assist me. Date: Mon, 12 Apr 2010 13:25:45 +0100 From: Alan Buxey a.l.m.bu...@lboro.ac.uk Subject: Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: 20100412122545.ga14...@lboro.ac.uk Content-Type: text/plain; charset=us-ascii Hi, I'm newbie in FreeRadius, I installed latest version of it and followed the steps as mentioned in the websites: http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-management-with-daloradiusand http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I issue radtest sqltest testpwd 127.0.0.1 1812 testing123. the username 'sqltest' gives a slight hint. is this user in 'users' file or in SQL? if the username is in SQL, then you need to activate the SQL stuff (uncomment or add SQL to the auth section) - its not on by default because then all sites would have to have SQL up and running for anything to work (or else it'd crash and burn) alan -- Regards, Ahmed Munir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
hello, i sucess dpkg-buildpackage (after reinstalling os ubuntu on my server test) so i installed FreeRADIUS Version 2.1.8 via .deb file ok so know i tried the same configuration like before, but launching freeradius -X ireturns rad_recv: Access-Request packet from host 192.168.20.253 port 1645, id=254, length=155 User-Name = linatest Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = 00-1A-A1-64-BB-1A Calling-Station-Id = 00-18-8B-B5-26-B7 EAP-Message = 0x0202000d016c696e6174657374 Message-Authenticator = 0xf55c29bf173484be884411a62582014c Cisco-NAS-Port = FastEthernet0/24 NAS-Port = 50024 NAS-Port-Type = Ethernet NAS-IP-Address = 192.168.20.253 WARNING: Empty section. Using default return values. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. ?? = why? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, i sucess dpkg-buildpackage (after reinstalling os ubuntu on my server test) so i installed FreeRADIUS Version 2.1.8 via .deb file ok so know i tried the same configuration like before, but launching freeradius -X ireturns rad_recv: Access-Request packet from host 192.168.20.253 port 1645, id=254, length=155 User-Name = linatest Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = 00-1A-A1-64-BB-1A Calling-Station-Id = 00-18-8B-B5-26-B7 EAP-Message = 0x0202000d016c696e6174657374 Message-Authenticator = 0xf55c29bf173484be884411a62582014c Cisco-NAS-Port = FastEthernet0/24 NAS-Port = 50024 NAS-Port-Type = Ethernet NAS-IP-Address = 192.168.20.253 WARNING: Empty section. Using default return values. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. ?? = why? thats not the full output form debug. why do you not send all the output? how do you think this little bit you DID send to the list helps? i suspect that you dont have SSL support in your server and this connection is EAP based - and thus failing as it doesnt have the required code and modules to handle EAP alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
ok, my all freeradis -X is: Ready to process requests. rad_recv: Access-Request packet from host 192.168.20.253 port 1645, id=2, length=155 User-Name = linatest Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = 00-1A-A1-64-BB-1A Calling-Station-Id = 00-18-8B-B5-26-B7 EAP-Message = 0x0202000d016c696e6174657374 Message-Authenticator = 0xe883c52a443c41c4f9b53935c0214d5b Cisco-NAS-Port = FastEthernet0/24 NAS-Port = 50024 NAS-Port-Type = Ethernet NAS-IP-Address = 192.168.20.253 WARNING: Empty section. Using default return values. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 2 to 192.168.20.253 port 1645 Waking up in 4.9 seconds. Cleaning up request 0 ID 2 with timestamp +16 Ready to process requests. # i tried a radtest: radtest linatest linagora 10.75.128.251:1813 1 testing123 /usr/bin/radclient: error while loading shared libraries: libfreeradius-radius-2.1.0.so: cannot open shared object file: No such file or directory # so i tried also strace freeradius -V ## execve(/usr/sbin/freeradius, [freeradius, -V], [/* 21 vars */]) = 0 brk(0) = 0x978 access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory) mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77cd000 access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/tls/i686/sse2/cmov/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/tls/i686/sse2/cmov, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/tls/i686/sse2/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/tls/i686/sse2, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/tls/i686/cmov/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/tls/i686/cmov, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/tls/i686/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/tls/i686, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/tls/sse2/cmov/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/tls/sse2/cmov, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/tls/sse2/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/tls/sse2, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/tls/cmov/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/tls/cmov, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/tls/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/tls, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/i686/sse2/cmov/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/i686/sse2/cmov, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/i686/sse2/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/i686/sse2, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/i686/cmov/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/i686/cmov, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/i686/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/i686, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/sse2/cmov/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/sse2/cmov, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/sse2/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/sse2, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/cmov/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/lib/freeradius/cmov, 0xbf8c9d2c) = -1 ENOENT (No such file or directory) open(/usr/lib/freeradius/libfreeradius-radius-2.1.8.so, O_RDONLY) = 3 read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\0\0004\0\0\0..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0644, st_size
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
you're right my connexion is eap based and i did not build freeradius with ssl support how to make it work, please? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user / sites-enabled
8 15:02:43 2010 : Debug: } # server Mon Mar 8 15:02:43 2010 : Debug: radiusd: Opening IP addresses and Ports Mon Mar 8 15:02:43 2010 : Debug: listen { Mon Mar 8 15:02:43 2010 : Debug: type = auth Mon Mar 8 15:02:43 2010 : Debug: ipaddr = * Mon Mar 8 15:02:43 2010 : Debug: port = 1812 Mon Mar 8 15:02:43 2010 : Debug: } Mon Mar 8 15:02:43 2010 : Debug: listen { Mon Mar 8 15:02:43 2010 : Debug: type = acct Mon Mar 8 15:02:43 2010 : Debug: ipaddr = * Mon Mar 8 15:02:43 2010 : Debug: port = 0 Mon Mar 8 15:02:43 2010 : Debug: } Mon Mar 8 15:02:43 2010 : Debug: Listening on authentication address * port 1812 Mon Mar 8 15:02:43 2010 : Debug: Listening on accounting address * port 1813 Mon Mar 8 15:02:43 2010 : Debug: Listening on proxy address * port 1814 Mon Mar 8 15:02:43 2010 : Info: Ready to process requests. The complete error message was by the way: Ready to process requests. rad_recv: Access-Request packet from host 193.170.39.105 port 1027, id=1, length=109 NAS-IP-Address = 193.170.39.105 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Framed-MTU = 1400 Calling-Station-Id = 0019d296e00f Called-Station-Id = 00118550acf5 NAS-Identifier = wlan-ap5 EAP-Message = 0x0201000501 Message-Authenticator = 0x793e8d344397eca7613421f7d482b309 WARNING: Empty section. Using default return values. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [no User-Name attribute/no User-Password attribute] (from client ap5 port 1 cli 0019d296e00f) Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 Sending Access-Reject of id 1 to 193.170.39.105 port 1027 Waking up in 4.9 seconds. Cleaning up request 3 ID 1 with timestamp +852861 Ready to process requests I tried this with several different methods, meaning also with user-name and password... If you need me to provide any further info please let me know! Your's Klaus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user / sites-enabled
8 15:02:43 2010 : Debug: } # server Mon Mar 8 15:02:43 2010 : Debug: radiusd: Opening IP addresses and Ports Mon Mar 8 15:02:43 2010 : Debug: listen { Mon Mar 8 15:02:43 2010 : Debug: type = auth Mon Mar 8 15:02:43 2010 : Debug: ipaddr = * Mon Mar 8 15:02:43 2010 : Debug: port = 1812 Mon Mar 8 15:02:43 2010 : Debug: } Mon Mar 8 15:02:43 2010 : Debug: listen { Mon Mar 8 15:02:43 2010 : Debug: type = acct Mon Mar 8 15:02:43 2010 : Debug: ipaddr = * Mon Mar 8 15:02:43 2010 : Debug: port = 0 Mon Mar 8 15:02:43 2010 : Debug: } Mon Mar 8 15:02:43 2010 : Debug: Listening on authentication address * port 1812 Mon Mar 8 15:02:43 2010 : Debug: Listening on accounting address * port 1813 Mon Mar 8 15:02:43 2010 : Debug: Listening on proxy address * port 1814 Mon Mar 8 15:02:43 2010 : Info: Ready to process requests. The complete error message was by the way: Ready to process requests. rad_recv: Access-Request packet from host 193.170.39.105 port 1027, id=1, length=109 NAS-IP-Address = 193.170.39.105 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Framed-MTU = 1400 Calling-Station-Id = 0019d296e00f Called-Station-Id = 00118550acf5 NAS-Identifier = wlan-ap5 EAP-Message = 0x0201000501 Message-Authenticator = 0x793e8d344397eca7613421f7d482b309 WARNING: Empty section. Using default return values. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [no User-Name attribute/no User-Password attribute] (from client ap5 port 1 cli 0019d296e00f) Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 Sending Access-Reject of id 1 to 193.170.39.105 port 1027 Waking up in 4.9 seconds. Cleaning up request 3 ID 1 with timestamp +852861 Ready to process requests I tried this with several different methods, meaning also with user-name and password... If you need me to provide any further info please let me know! Your's Klaus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
I rebuild deb files so i got: -rw-r--r-- 1 root root1040 2010-03-08 15:52 freeradius_2.1.8+git.dsc -rw-r--r-- 1 root root5212 2010-03-08 15:56 freeradius_2.1.8+git_i386.changes -rw-r--r-- 1 root root 1352152 2010-03-08 15:55 * freeradius_2.1.8+git_i386.deb* -rw-r--r-- 1 root root 3925016 2010-03-08 15:52 freeradius_2.1.8+git.tar.gz -rw-r--r-- 1 root root 212818 2010-03-08 15:56 * freeradius-common_2.1.8+git_all.deb* -rw-r--r-- 1 root root 1121616 2010-03-08 15:56 * freeradius-dbg_2.1.8+git_i386.deb* -rw-r--r-- 1 root root 118676 2010-03-08 15:56*freeradius-dialupadmin_2.1.8+git_all.deb * -rw-r--r-- 1 root root 18240 2010-03-08 15:56 freeradius-iodbc_2.1.8+git_i386.deb -rw-r--r-- 1 root root 19236 2010-03-08 15:56 freeradius-krb5_2.1.8+git_i386.deb -rw-r--r-- 1 root root 36732 2010-03-08 15:56*freeradius-ldap_2.1.8+git_i386.deb * -rw-r--r-- 1 root root 26068 2010-03-08 15:56 * freeradius-mysql_2.1.8+git_i386.deb* -rw-r--r-- 1 root root 36364 2010-03-08 15:56 freeradius-postgresql_2.1.8+git_i386.deb -rw-r--r-- 1 root root 74538 2010-03-08 15:55*freeradius-utils_2.1.8+git_i386.deb * -rw-r--r-- 1 root root 92308 2010-03-08 15:55*libfreeradius2_2.1.8+git_i386.deb * -rw-r--r-- 1 root root 126532 2010-03-08 15:55*libfreeradius-dev_2.1.8+git_i386.deb * i checked for tls support dpkg --contents freeradius_2.1.8+git_i386.deb | grep tls.so lrwxrwxrwx root/root 0 2010-03-08 15:55 ./usr/lib/freeradius/rlm_eap_tls.so - rlm_eap_tls-2.1.8.so lrwxrwxrwx root/root 0 2010-03-08 15:55 ./usr/lib/freeradius/rlm_eap_ttls.so - rlm_eap_ttls-2.1.8.so so know i need to authenticate my users with our openldap. what i did before: first : apt-get freeradius apt-get freeradius-ldap apt-get freeradius-mysql Secondly: dpkg -i *freeradius_2.1.8+git_i386.deb* *freeradius-ldap_2.1.8+git_i386.deb* *freeradius-mysql_2.1.8+git_i386.deb* *freeradius2_2.1.8+git_i386.deb* i just wanted before to change users file to support ldap , to check it with Cleartext-password. so it fails 2 010/3/8 omega bk omeg...@gmail.com you're right my connexion is eap based and i did not build freeradius with ssl support how to make it work, please? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user / sites-enabled
Klaus Schinkinger wrote: I got this error as you can see from the subject, as far as I have learned now this is due to me not having any sites-enabled, problem is I don't even know which ones to enable. The default install of 2.1.8 enables the ones you need. So here's what I am actually trying to accomplish: Currently we have a freeradius in the version 1.1.13 running on Debian Etch and I want to port this to 2.1.18 on Lenny, which isn't that easy as the config files/structure have completely changed... No. (1) It's 1.1.3 and 2.1.8, not 1.1.13 and 2.1.18. Details matter. (2) the *layout* has changed, but the contents have remained 90% or more identical. (3) i.e. Your configuration from 1.1.3 would very likely work with minor changes. (4) Don't use the config from 1.1.3. Instead, do a DEFAULT INSTALL of 2.1.8, and copy a piece of the configuration at a time. (5) see man radiusd in 2.1.8 for more instructions on how to go from a default install to a final configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
still the same rad_recv: Access-Request packet from host 192.168.20.253 port 1645, id=3, length=155 User-Name = linatest Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = 00-1A-A1-64-BB-1A Calling-Station-Id = 00-18-8B-B5-26-B7 EAP-Message = 0x0202000d016c696e6174657374 Message-Authenticator = 0x671915501878ed97349cbff815409677 Cisco-NAS-Port = FastEthernet0/24 NAS-Port = 50024 NAS-Port-Type = Ethernet NAS-IP-Address = 192.168.20.253 WARNING: Empty section. Using default return values. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 3 to 192.168.20.253 port 1645 Waking up in 4.9 seconds. Cleaning up request 0 ID 3 with timestamp +20 Ready to process requests. please help me 2010/3/8 omega bk omeg...@gmail.com I rebuild deb files so i got: -rw-r--r-- 1 root root1040 2010-03-08 15:52 freeradius_2.1.8+git.dsc -rw-r--r-- 1 root root5212 2010-03-08 15:56 freeradius_2.1.8+git_i386.changes -rw-r--r-- 1 root root 1352152 2010-03-08 15:55 * freeradius_2.1.8+git_i386.deb* -rw-r--r-- 1 root root 3925016 2010-03-08 15:52 freeradius_2.1.8+git.tar.gz -rw-r--r-- 1 root root 212818 2010-03-08 15:56 * freeradius-common_2.1.8+git_all.deb* -rw-r--r-- 1 root root 1121616 2010-03-08 15:56 * freeradius-dbg_2.1.8+git_i386.deb* -rw-r--r-- 1 root root 118676 2010-03-08 15:56*freeradius-dialupadmin_2.1.8+git_all.deb * -rw-r--r-- 1 root root 18240 2010-03-08 15:56 freeradius-iodbc_2.1.8+git_i386.deb -rw-r--r-- 1 root root 19236 2010-03-08 15:56 freeradius-krb5_2.1.8+git_i386.deb -rw-r--r-- 1 root root 36732 2010-03-08 15:56*freeradius-ldap_2.1.8+git_i386.deb * -rw-r--r-- 1 root root 26068 2010-03-08 15:56 * freeradius-mysql_2.1.8+git_i386.deb* -rw-r--r-- 1 root root 36364 2010-03-08 15:56 freeradius-postgresql_2.1.8+git_i386.deb -rw-r--r-- 1 root root 74538 2010-03-08 15:55*freeradius-utils_2.1.8+git_i386.deb * -rw-r--r-- 1 root root 92308 2010-03-08 15:55*libfreeradius2_2.1.8+git_i386.deb * -rw-r--r-- 1 root root 126532 2010-03-08 15:55*libfreeradius-dev_2.1.8+git_i386.deb * i checked for tls support dpkg --contents freeradius_2.1.8+git_i386.deb | grep tls.so lrwxrwxrwx root/root 0 2010-03-08 15:55 ./usr/lib/freeradius/rlm_eap_tls.so - rlm_eap_tls-2.1.8.so lrwxrwxrwx root/root 0 2010-03-08 15:55 ./usr/lib/freeradius/rlm_eap_ttls.so - rlm_eap_ttls-2.1.8.so so know i need to authenticate my users with our openldap. what i did before: first : apt-get freeradius apt-get freeradius-ldap apt-get freeradius-mysql Secondly: dpkg -i *freeradius_2.1.8+git_i386.deb* * freeradius-ldap_2.1.8+git_i386.deb* *freeradius-mysql_2.1.8+git_i386.deb* *freeradius2_2.1.8+git_i386.deb* i just wanted before to change users file to support ldap , to check it with Cleartext-password. so it fails 2 010/3/8 omega bk omeg...@gmail.com you're right my connexion is eap based and i did not build freeradius with ssl support how to make it work, please? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
On 03/08/2010 10:04 AM, omega bk wrote: so know i need to authenticate my users with our openldap. [useless information not requested deleted] what i did before: If you want people to help please don't ignore what you've been asked to do. We need to see the *full* output of radiusd -X. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
= 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: Loading Clients client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = testing123 nastype = other } client 192.168.20.253 { require_message_authenticator = no secret = testinglinagora shortname = ciscoswitch nastype = cisco } radiusd: Instantiating modules instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = no input_pairs = request shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = Password Has Expired } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = You are calling outside your allowed timespan minimum-timeout = 60 } } radiusd: Loading Virtual Servers server { modules { } # modules } # server radiusd: Opening IP addresses and Ports listen { type = auth ipaddr = * port = 0 } listen { type = acct ipaddr = * port = 0 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 46107, id=162, length=60 User-Name = linatest User-Password = linagora NAS-IP-Address = 127.0.1.1 NAS-Port = 0 WARNING: Empty section. Using default return values. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 162 to 127.0.0.1 port 46107 Waking up in 4.9 seconds. Cleaning up request 0 ID 162 with timestamp +6 Ready to process requests. Still stuck. thank for your help 2010/3/8 John Dennis jden...@redhat.com On 03/08/2010 11:10 AM, omega bk wrote: sorry. here is: Why send this to just me and not the list? Anyway, you don't have the user linatest defined anywhere, that's you're first problem. Start by following the directions here: http://deployingradius.com/ do #1 first, then do #2 Once you have EAP working in a test scenario then move onto storing your users in LDAP if that's your goal. If you're trying to authenticate Windows users just be aware you're either going to need to store cleartext passwords in ldap or use samba, or use ntlmauth. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, including files in directory /etc/freeradius/sites-enabled/ ...empty..nothing in there WARNING: Empty section. Using default return values. and hence nothing there too! ensure that you have a virtual server or more defined in the sites-enabled directory. the default sites should be in sites-available a default install from source code from www.freeradius.org will result in a working system. I'm not sure why your build isnt doing this basic stuff right - please contact whoever looks after your platform distribution because right now its broken badly! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
omega bk wrote: including files in directory /etc/freeradius/sites-enabled/ main { You have NOTHING in the sites-enabled directory. Go fix that. You likely need default and inner-tunnel. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
On 03/08/2010 11:35 AM, omega bk wrote: ok, i put on the top of users file: You or somebody else have badly broken the default configuration. It appears as though there is nothing defined in /etc/raddb/sites-enabled. At a minimum /etc/raddb/sites-enabled should contain these symbolic links: default - ../sites-available/default inner-tunnel - ../sites-available/inner-tunnel You may also want (but is not necessary): control-socket - ../sites-available/control-socket -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Thanks for your advice, learn a lots. - Original Message From: Josip Rodin j...@entuzijast.net To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Sat, January 16, 2010 3:59:19 AM Subject: Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user On Fri, Jan 15, 2010 at 08:55:24AM -0800, piston wrote: i don't event know how i managed to delete all virtual server, managed to solved the problem by copy back entire freeradius folder under /etc/ upgrade from 2.1.6 2.1.7 2.1.8 prelease was very smooth without problem, basically i just executed dpkg -i command,but this time no luck. If you used dpkg -i, you might not have noticed the new freeradius-common package. In the future, to install/upgrade FreeRADIUS packages on Debian(-like) systems, just use the standard official repositories with APT, so that you get the tested packages with all the necessary dependencies resolved automatically. We haven't had 2.1.6 and earlier 2.1.x versions in there, but now we do. Also if you're running the stable distribution - the Debian packages built (backported) for release 5.0/lenny are available at the standard place: http://www.backports.org/ One just has to add another line to sources.list(5) and use the target release 'lenny-backports'. -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
i don't event know how i managed to delete all virtual server, managed to solved the problem by copy back entire freeradius folder under /etc/ upgrade from 2.1.6 2.1.7 2.1.8 prelease was very smooth without problem, basically i just executed dpkg -i command,but this time no luck. anyway thanks for your answer. KH - Original Message From: Alan DeKok al...@deployingradius.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Fri, January 15, 2010 3:10:12 PM Subject: Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user piston wrote: hi after upgrade 2.1.8 prelease to 2.1.8, i get No authenticate method (Auth-Type) configuration found for the request: Rejecting the user You have managed to delete all of the virtual servers from raddb/sites-enabled. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
On Fri, Jan 15, 2010 at 08:55:24AM -0800, piston wrote: i don't event know how i managed to delete all virtual server, managed to solved the problem by copy back entire freeradius folder under /etc/ upgrade from 2.1.6 2.1.7 2.1.8 prelease was very smooth without problem, basically i just executed dpkg -i command,but this time no luck. If you used dpkg -i, you might not have noticed the new freeradius-common package. In the future, to install/upgrade FreeRADIUS packages on Debian(-like) systems, just use the standard official repositories with APT, so that you get the tested packages with all the necessary dependencies resolved automatically. We haven't had 2.1.6 and earlier 2.1.x versions in there, but now we do. Also if you're running the stable distribution - the Debian packages built (backported) for release 5.0/lenny are available at the standard place: http://www.backports.org/ One just has to add another line to sources.list(5) and use the target release 'lenny-backports'. -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
hi after upgrade 2.1.8 prelease to 2.1.8, i get No authenticate method (Auth-Type) configuration found for the request: Rejecting the user please help. here's my debug info radius2:/etc/freeradius# freeradius -Xxx Fri Jan 15 02:21:01 2010 : Info: FreeRADIUS Version 2.1.8, for host x86_64-pc-linux-gnu, built on Jan 15 2010 at 00:56:39 Fri Jan 15 02:21:01 2010 : Info: Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. Fri Jan 15 02:21:01 2010 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Fri Jan 15 02:21:01 2010 : Info: PARTICULAR PURPOSE. Fri Jan 15 02:21:01 2010 : Info: You may redistribute copies of FreeRADIUS under the terms of the Fri Jan 15 02:21:01 2010 : Info: GNU General Public License v2. Fri Jan 15 02:21:01 2010 : Info: Starting - reading configuration files ... Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/radiusd.conf Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/proxy.conf Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/clients.conf Fri Jan 15 02:21:01 2010 : Debug: including files in directory /etc/freeradius/modules/ Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/preprocess Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/always Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/logintime Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/smbpasswd Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/counter Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/detail Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/digest Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/smsotp Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/cui Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/realm Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/mschap Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/ippool Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/expr Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/attr_rewrite Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/linelog Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/attr_filter Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/inner-eap Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/unix Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/otp Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/sql_log Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/ntlm_auth Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/etc_group Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/perl Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/policy Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/chap Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/exec Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/echo Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/detail.example.com Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/sradutmp Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/krb5 Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/expiration Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/pam Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/checkval Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/acct_unique Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/passwd Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/mac2vlan Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/wimax Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/files Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/mac2ip Fri Jan 15 02:21:01 2010 : Debug: including
Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
piston wrote: hi after upgrade 2.1.8 prelease to 2.1.8, i get No authenticate method (Auth-Type) configuration found for the request: Rejecting the user You have managed to delete all of the virtual servers from raddb/sites-enabled. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user - Failed to authenticate the user.
Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = auth secret = testing123 response_window = 20 max_outstanding = 65536 require_message_authenticator = no zombie_period = 40 status_check = status-server ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: Loading Clients client 91.50.12.116 { require_message_authenticator = no secret = test shortname = 91.50.12.116 } client 91.50.53.68 { require_message_authenticator = no secret = test shortname = 91.50.53.68 } client 127.0.0.1 { require_message_authenticator = no secret = test shortname = 127.0.0.1 } radiusd: Instantiating modules instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = no input_pairs = request shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = Password Has Expired } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = You are calling outside your allowed timespan minimum-timeout = 60 } } radiusd: Loading Virtual Servers modules { } radiusd: Opening IP addresses and Ports listen { type = auth ipaddr = * port = 0 } listen { type = acct ipaddr = * port = 0 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 41090, id=213, length=59 User-Name = michael User-Password = 1234 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 213 to 127.0.0.1 port 41090 Waking up in 4.9 seconds. Cleaning up request 0 ID 213 with timestamp +55 Ready to process requests. Radtest access-reject packet: (13:29:52) [bin] ./radtest michael 1234 127.0.0.1 0 test Sending Access-Request of id 213 to 127.0.0.1 port 1812 User-Name = michael User-Password = 1234 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=213, length=20 I changed the original path in the email to mypath for security reasons. Thanks for your help. Best regards Michael Email: michael.ziem...@herber-herber.de D-66706 Nennig Oberwiesstraße 31 Tel.:fill30 +49 (0)6866 / 930 15 Fax:fill30 +49 (0)6866 / 930 16 Inhaber: Ingo und Jürgen Herber Rechtsform: GbR Ust-Id: DE-205 934 442 St-Nr.: 020/155/2 www.HERBER-HERBER.de i...@herber-herber.de ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user - Failed to authenticate the user.
I have some problems with my RADIUS, when I send a message with radtest, I get following error: DEBUG-INFO: FreeRADIUS Version 2.1.5, for host i686-pc-linux-gnu, built on Mar 26 2009 at 14:24:27 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file mypath/freeradius/etc/raddb/radiusd.conf including configuration file mypath/freeradius/etc/raddb/proxy.conf including configuration file mypath/freeradius/etc/raddb/clients.conf including files in directory mypath/freeradius/etc/raddb/modules/ including configuration file mypath/freeradius/etc/raddb/modules/chap including configuration file mypath/freeradius/etc/raddb/modules/acct_unique including configuration file mypath/freeradius/etc/raddb/modules/always including configuration file mypath/freeradius/etc/raddb/modules/attr_filter including configuration file mypath/freeradius/etc/raddb/modules/attr_rewrite including configuration file mypath/freeradius/etc/raddb/modules/checkval including configuration file mypath/freeradius/etc/raddb/modules/counter including configuration file mypath/freeradius/etc/raddb/modules/detail including configuration file mypath/freeradius/etc/raddb/modules/detail.example.com including configuration file mypath/freeradius/etc/raddb/modules/detail.log including configuration file mypath/freeradius/etc/raddb/modules/digest including configuration file mypath/freeradius/etc/raddb/modules/echo including configuration file mypath/freeradius/etc/raddb/modules/etc_group including configuration file mypath/freeradius/etc/raddb/modules/exec including configuration file mypath/freeradius/etc/raddb/modules/expiration including configuration file mypath/freeradius/etc/raddb/modules/expr including configuration file mypath/freeradius/etc/raddb/modules/files including configuration file mypath/freeradius/etc/raddb/modules/inner-eap including configuration file mypath/freeradius/etc/raddb/modules/ippool including configuration file mypath/freeradius/etc/raddb/modules/krb5 including configuration file mypath/freeradius/etc/raddb/modules/ldap including configuration file mypath/freeradius/etc/raddb/modules/linelog including configuration file mypath/freeradius/etc/raddb/modules/logintime including configuration file mypath/freeradius/etc/raddb/modules/mac2ip including configuration file mypath/freeradius/etc/raddb/modules/mac2vlan including configuration file mypath/freeradius/etc/raddb/modules/mschap including configuration file mypath/freeradius/etc/raddb/modules/otp including configuration file mypath/freeradius/etc/raddb/modules/pam including configuration file mypath/freeradius/etc/raddb/modules/pap including configuration file mypath/freeradius/etc/raddb/modules/passwd including configuration file mypath/freeradius/etc/raddb/modules/perl including configuration file mypath/freeradius/etc/raddb/modules/policy including configuration file mypath/freeradius/etc/raddb/modules/preprocess including configuration file mypath/freeradius/etc/raddb/modules/radutmp including configuration file mypath/freeradius/etc/raddb/modules/realm including configuration file mypath/freeradius/etc/raddb/modules/smbpasswd including configuration file mypath/freeradius/etc/raddb/modules/smsotp including configuration file mypath/freeradius/etc/raddb/modules/sql_log including configuration file mypath/freeradius/etc/raddb/modules/sqlcounter_expire_on_login including configuration file mypath/freeradius/etc/raddb/modules/sradutmp including configuration file mypath/freeradius/etc/raddb/modules/unix including configuration file mypath/freeradius/etc/raddb/modules/wimax including configuration file mypath/freeradius/etc/raddb/eap.conf including configuration file mypath/freeradius/etc/raddb/sql.conf including configuration file mypath/freeradius/etc/raddb/sql/mysql/dialup.conf including configuration file mypath/freeradius/etc/raddb/policy.conf including dictionary file mypath/freeradius/etc/raddb/dictionary ... You have edited radiusd.conf and commented out virual servers (sites-enabled). Very effective way of disabling the server. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user - Failed to authenticate the user.
{ retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = auth secret = testing123 response_window = 20 max_outstanding = 65536 require_message_authenticator = no zombie_period = 40 status_check = status-server ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: Loading Clients client 91.50.12.116 { require_message_authenticator = no secret = test shortname = 91.50.12.116 } client 91.50.53.68 { require_message_authenticator = no secret = test shortname = 91.50.53.68 } client 127.0.0.1 { require_message_authenticator = no secret = test shortname = 127.0.0.1 } radiusd: Instantiating modules instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = no input_pairs = request shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = Password Has Expired } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = You are calling outside your allowed timespan minimum-timeout = 60 } } radiusd: Loading Virtual Servers modules { } radiusd: Opening IP addresses and Ports listen { type = auth ipaddr = * port = 0 } listen { type = acct ipaddr = * port = 0 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 41090, id=213, length=59 User-Name = michael User-Password = 1234 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 213 to 127.0.0.1 port 41090 Waking up in 4.9 seconds. Cleaning up request 0 ID 213 with timestamp +55 Ready to process requests. Radtest access-reject packet: (13:29:52) [bin] ./radtest michael 1234 127.0.0.1 0 test Sending Access-Request of id 213 to 127.0.0.1 port 1812 User-Name = michael User-Password = 1234 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=213, length=20 I changed the original path in the email to mypath for security reasons. Thanks for your help. Best regards -Ursprüngliche Nachricht- Von: freeradius-users-bounces+michael.ziemann=herber-herber...@lists.freeradius.org [mailto:freeradius-users-bounces+michael.ziemann=herber-herber...@lists.freeradius.org] Im Auftrag von Ivan Kalik Gesendet: Freitag, 29. Mai 2009 14:10 An: FreeRadius users mailing list Betreff: Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user - Failed to authenticate the user. I have some problems with my RADIUS, when I send a message with radtest, I get following error: DEBUG-INFO: FreeRADIUS Version 2.1.5, for host i686-pc-linux-gnu, built on Mar 26 2009 at 14:24:27 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html