pptpd+freeradius+ldap ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
= PPP
User-Name = user
Calling-Station-Id = 10.1.0.136
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[ldap] performing user authorization for user
[ldap] expand: %{Stripped-User-Name} -
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} - user
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -
(uid=user)
[ldap] expand: dc=domain,dc=private - dc=domain,dc=private
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to 10.1.98.50:389, authentication 0
[ldap] bind as cn=admin,dc=domain,dc=private/password to 10.1.98.50:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=domain,dc=private, with filter (uid=user)
[ldap] Added User-Password = {SSHA}lT5RCX6nyyU6zaCtL7rEAfN5u1DxI7xN in
check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword - Password-With-Header ==
{SSHA}lT5RCX6nyyU6zaCtL7rEAfN5u1DxI7xN
[ldap] looking for reply items in directory...
[ldap] user user authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = user, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] No clear-text password in the request. Not performing PAP.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - user
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 139 to 10.1.98.52 port 45105
Waking up in 4.9 seconds.
I've read the documentation at least one million times and searched the
mailinglist and on google but I still can't manage to find a solution,
can anyone help me pointing out the error?
users' password are stored in openldap using SSHA password, if this
information can be useful.
Thanks
Alberto
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: pptpd+freeradius+ldap ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
On 18 Apr 2013, at 11:43, Alberto Aldrigo aaldr...@ca-tron.com wrote: rad_recv: Access-Request packet from host 10.1.98.52 port 45105, id=139, length=77 Service-Type = Framed-User Framed-Protocol = PPP User-Name = user Calling-Station-Id = 10.1.0.136 NAS-IP-Address = 127.0.1.1 NAS-Port = 0 PPPD isn't sending a password. The hash is being found by LDAP fine, but there is no password in the radius request for it to validate. You need to fix PPPD, then it should work. Thanks, Adam Bishop gpg: 0x6609D460 Janet, the UK's research and education network. Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Hi, 1. The Authentication issue was solved when by accident I placed in users the name / password without any whitespace (tab or space) before the password string. So I found that this works: bob Cleartext-Password := hello888 while this does not: bob Cleartext-Password := hello888 errr, yes. because , as per the documentation, lines that dont start with white-sace are CHECK items, lines that start with whitespace are REPLY items Off the top, I would venture to guess that OpenWRT's build of FreeRadius is significantly different than the standard build and that is probably where the bug is coming from. no, not at all alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
Just writing to advise of the strange issues I came accross. 1. The Authentication issue was solved when by accident I placed in users the name / password without any whitespace (tab or space) before the password string. So I found that this works: bob Cleartext-Password := hello888 while this does not: bob Cleartext-Password := hello888 Test client now logs in very smoothly. 2. Similarly, below spec gives error (probably my mistake): DEFAULT Simultaneous-Use := 4 Fall-Through = Yes /etc/freeradius2/users[8]: Parse error (check) for entry Simultaneous-Use: Unknown attribute requires a hex string, not 4 Errors reading /etc/freeradius2/users /etc/freeradius2/modules/files[7]: Instantiation failed for module files /etc/freeradius2/sites/default[170]: Failed to find files in the modules section. /etc/freeradius2/sites/default[69]: Errors parsing authorize section. Off the top, I would venture to guess that OpenWRT's build of FreeRadius is significantly different than the standard build and that is probably where the bug is coming from. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Beeblebrox wrote: Just writing to advise of the strange issues I came accross. 1. The Authentication issue was solved when by accident I placed in users the name / password without any whitespace (tab or space) before the password string. So I found that this works: bob Cleartext-Password := hello888 while this does not: bob Cleartext-Password := hello888 Test client now logs in very smoothly. This is documented. See man users, and the comments in the users file, and in the dozens of examples. 2. Similarly, below spec gives error (probably my mistake): DEFAULT Simultaneous-Use := 4 Fall-Through = Yes /etc/freeradius2/users[8]: Parse error (check) for entry Simultaneous-Use: Unknown attribute requires a hex string, not 4 Errors reading /etc/freeradius2/users /etc/freeradius2/modules/files[7]: Instantiation failed for module files /etc/freeradius2/sites/default[170]: Failed to find files in the modules section. /etc/freeradius2/sites/default[69]: Errors parsing authorize section. Off the top, I would venture to guess that OpenWRT's build of FreeRadius is significantly different than the standard build and that is probably where the bug is coming from. It's because you're again not following the documentation. Read the documentation and follow it. It's not rocket science. If you post another message indicating you've been ignoring the documentation, you will be unsubscribed and banned. I've had it with people who whine about the bad documentation, and then fanatically refuse to follow it. Get off your high horse about the documentation. It's fine. THE PROBLEM IS YOU. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
Update: I tried connection from an XP laptop and got the message: Windows was unable to find a certificate to log you on to the network - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Hi, Update: I tried connection from an XP laptop and got the message: Windows was unable to find a certificate to log you on to the network Windows is telling you that its needing a certificate or doesnt know the certificate. have you installed the CA certificate that your RADIUS server is using onto the client? are you using EAP-TLS? if so, have you made a client certificate and installed it onto the client? have you played with the client (windows) 802.1X settings - you should be trying PEAP I'm guessing (the default value is smartcard certificate alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Beeblebrox wrote: Update: I tried connection from an XP laptop and got the message: Windows was unable to find a certificate to log you on to the network You need to follow the documentation or you will be unsubscribed, and banned from the list. 10+ years of experience shows us that this is the ONLY WAY to convince certain people to read the documentation. - You are using radiusd -Xx. Don't do that. All of the documentation says radiusd -X for a reason. Follow the documentation. - I told you to read the FAQ to see how to configure a user. Your previous message showed you didn't do that. Follow the documentation. - This message shows you have issues with EAP. Go to freeradius.org, click on the documentation link. There is an EAP-TLS howto. It has detailed instructions, including screen shots for XP. It ALWAYS WORKS. If it doesn't work for you, it's because you DID NOT FOLLOW THE DOCUMENTATION. If you think my response is harsh, then see it from my point of view. There are hundreds of pages of easily found documentation that describes exactly what you want to do. I (among many other people) spent years writing it. You can't be bothered to even click a link or two, and follow instructions. If you think my response is rude, keep it to yourself. Any response complaining that we're rude for asking you to follow the documentation will result in you being unsubscribed and banned. Follow the documentation. It's damned easy to do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
Dear Alan, First off, thanks again for your help. I fully appreciate that you are giving of your time to answer posts, when you really have no obligation to do so. I know you are one of the developers or project leader since your name keeps coming up on almost every web page that posts something about Freeradius. That said, I would like to comment on the documentation of your project. It's quite extensive, but equally confusing (at least for me). I am a FreeBSD user and have a pretty good handle on many advanced issues in that OS - so I think I am fairly capable of reading and implementing documentation. However, I have found that your documentation assumes too much, does not follow much of a logical path, is not organized by topic, does not get to the point and does not have concrete examples / solutions to at least recurring and common mistakes or errors. When reading documentation, I'm not interested in becoming an expert in that subject, I just want to get the damn thing up and working. So in essence, I'm not able to find the answers I'm looking for in your documentation, and that's frustrating. I have found (in debugging other software problems) that it is very important for the person who knows more and is assisting, to ask the right questions. Honestly, I have understoode very little from your posts in this thread (with exception of the last one). Asking some specific questions, then posting relevant links to the wiki (depending on the answers from the OP) would be immensly more helpful. I suggest that you have links in your signature to the entry-level wiki pages (like faq, debug, etc). If you think my response is rude, keep it to yourself. I don't think that at all and as stated, very much appreciated your input and taking time (again, without obligation) to provide help. In fact, I previously refrained on commenting on how I disliked the documentation structure so as not to appear rude to you. will result in you being unsubscribed and banned. Fascinating! I'm enthralled. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Beeblebrox wrote: First off, thanks again for your help. I fully appreciate that you are giving of your time to answer posts, when you really have no obligation to do so. I know you are one of the developers or project leader since your name keeps coming up on almost every web page that posts something about Freeradius. I started FreeRADIUS. I've written most of the code. I've been doing this for ~14 years. And now, probably 50% of the new RADIUS specifications are mine. That said, I would like to comment on the documentation of your project. It's quite extensive, but equally confusing (at least for me). http://freeradius.org/doc/ contains documentation for all of the problems you've seen so far. That documentation is given in pretty excruciating detail. edit this, run that command, see this output. And yet... most people who have problems start off with third-party web sites that are *worse*, in my opinion. They tell you to do things which aren't necessary, and they give wrong explanations. I am a FreeBSD user and have a pretty good handle on many advanced issues in that OS - so I think I am fairly capable of reading and implementing documentation. However, I have found that your documentation assumes too much, does not follow much of a logical path, is not organized by topic, does not get to the point and does not have concrete examples / solutions to at least recurring and common mistakes or errors. As I've been saying for !4 years: the community is free to write better documentation. No, that's not true... I've been *begging* for better documentation. It doesn't happen. When reading documentation, I'm not interested in becoming an expert in that subject, I just want to get the damn thing up and working. So in essence, I'm not able to find the answers I'm looking for in your documentation, and that's frustrating. Please explain how the pap and EAP guides don't do what you're asking for. They follow a logical path. They are clearly labeled by topic. They get to the point. They give concrete examples. Now, much *else* in the server doesn't have that. But the issues you ran into are documented *exactly* as you want. For the rest, the comments in the configuration file describe in great detail how the server works, and what the configurations do. And about becoming an expert... it helps to *understand* what you're doing. Many of the problems people run into are because they read crappy third-party documentation, and are obsessed with implementing a particular solution. They don't care to listen to the experts *here* who are telling them to do something else. And they don't care to *understand* what they're doing, so that they can do it *right*. I have found (in debugging other software problems) that it is very important for the person who knows more and is assisting, to ask the right questions. Honestly, I have understoode very little from your posts in this thread (with exception of the last one). Asking some specific questions, then posting relevant links to the wiki (depending on the answers from the OP) would be immensly more helpful. I suggest that you have links in your signature to the entry-level wiki pages (like faq, debug, etc). So... I'm supposed to cut paste links from the wiki, because you... what... don't want to look there? Can't use the search button on the wiki? And add *more* links saying please read the FAQ? That's a terrible suggestion. If you think my response is rude, keep it to yourself. I don't think that at all and as stated, very much appreciated your input and taking time (again, without obligation) to provide help. In fact, I previously refrained on commenting on how I disliked the documentation structure so as not to appear rude to you. It's a pro-active comment. Most of the time when I say I REALLY MEAN READ THE DOCUMENTATION, people get offended and accuse me of being rude. will result in you being unsubscribed and banned. Fascinating! I'm enthralled. It's the only way to convince certain people to READ THE DOCUMENTATION. It's not hard. Go to the web site. Click on documentation. The PAP / EAP issues you were having are documented from there, in great detail, exactly how you want. What *else* should we be doing to convince people to READ IT? Write it on flaming letters 150 feet high? It's already in the man pages, web pages, daily posts to this list, top entries on google. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
...and then you did comment . And added more. It's open source and the documentation and Wikipedia is there for everyone.e to contribute. Don't like it? Feel free to show the world how you think it should look, or add the missing bits you have discovered. Unfortunately , what we get is people saying the docs are poor...that they found out how to do what they want...and never tell us. The next person who comes along then faces the same issue as the initial person was selfish. It's not a developer problem. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
I know you guys have received tons of e-mail with the same title, but I
am just unable to fix this - sorry.
Today I setup freeradius on a fresh install OpenWRT router. I found some
tutorials, this one among them:
http://jackofallit.wordpress.com/2012/02/15/turn-a-60-120-router-into-an-enterprise-class-wireless-router-with-openwrt/
and started the configuration.
The initial radius test and the initial wifi radius test were
successful and I connected to the router. Later I did something wrong
and now I am getting:
: Info: +- entering group authorize {...}
: Info: [eap] No EAP-Message, not doing EAP
: Info: ++[eap] returns noop
: Info: ++[files] returns noop
: Info: [pap] WARNING! No known good password found for the user.
Authentication may fail because of this.
: Info: ++[pap] returns noop
: Info: ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
: Info: Failed to authenticate the user.
I have only modified: clients.conf and users. I have also generated new
certificates (per tutorial) and maybe this is where the problem is?
I also edited eap.conf section:
private_key_password = mypass
private_key_file = ${certdir}/server.key
The service starts fine (radiusd -XX) but cannot authenticate even from
localhost.
I am not using LDAP / SQL or any other backend.
Please give me some ideas on how I can debug the error.
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Beeblebrox wrote:
I know you guys have received tons of e-mail with the same title, but I
am just unable to fix this - sorry.
Today I setup freeradius on a fresh install OpenWRT router. I found some
tutorials, this one among them:
Why not follow the documentation that comes with the server?
The web page has a long series of instructions for creating
certificates. Whoever wrote it wasted your time, and his.
The directory raddb/certs has a README. That explains in
EXCRUCIATING detail the simplest way to make certificates for the
server. It's really not rocket science.
The initial radius test and the initial wifi radius test were
successful and I connected to the router. Later I did something wrong
and now I am getting:
: Info: +- entering group authorize {...}
: Info: [eap] No EAP-Message, not doing EAP
: Info: ++[eap] returns noop
: Info: ++[files] returns noop
: Info: [pap] WARNING! No known good password found for the user.
Authentication may fail because of this.
: Info: ++[pap] returns noop
: Info: ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
: Info: Failed to authenticate the user.
The whole point of running in debugging mode is to READ IT. The rest
of the information (deleted here) is useful, too.
I have only modified: clients.conf and users. I have also generated new
certificates (per tutorial) and maybe this is where the problem is?
The incoming request doesn't use certificate authentication. It's
using password authentication.
1) what client did you use to send the Access-Request?
2) what is in the Access-Request?
3) Why did you send the Access-Request?
4) What did you expect would happen?
I also edited eap.conf section:
private_key_password = mypass
private_key_file = ${certdir}/server.key
The service starts fine (radiusd -XX) but cannot authenticate even from
localhost.
I am not using LDAP / SQL or any other backend.
Please give me some ideas on how I can debug the error.
Follow the instructions, among other things. I don't like repeating
myself, but I'm a bit at a loss for what else to do.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
Hi Alan and thank you so much for answering
Keeping in mind that the system in question is an OpenWRT (hence
minimal install):
The directory raddb/certs has a README
The directory is /etc/freeradius2/certs (?) and has no README, also no
man pages so as to save on space.
Anyway , I read the file from
http://openisp.net/openisp/unxsVZ/browser/trunk/unxsRadius/setupradius/raddb/certs/README?rev=1
But this is not possible since a router environment is not suitable
for git + building things. But more importantly:
The incoming request doesn't use certificate authentication
So that means the certificate business is not of immediate relevance
to my problem? Good to hear!
1) what client did you use to send the Access-Request?
ssh into box and:
echo User-Name = steve, User-Password = testing | radcli
ent -x 192.168.1.2 auth mysecret
3) Why did you send the Access-Request?
To debug freeradius config since wifi connection attempt fails with
very little info. Also, to isolate any wrong settings on the network
config side of the router's admin webpage.
The whole point of running in debugging mode is to READ IT
I read the output several times before posting - nothing out of the
ordinary and all modules are loaded smoothly. Also, no debug info in
/var/log/radius.log - not even when I increase log-level in
/etc/freeradius2/radiusd.conf.
config file snippets:
users:
steve Cleartext-Password := testing
# Service-Type = Framed-User,
# Framed-Protocol = PPP,
# Framed-IP-Address = 172.16.3.33,
# Framed-IP-Netmask = 255.255.255.0,
# Framed-Routing = Broadcast-Listen,
# Framed-Filter-Id = std.ppp,
# Framed-MTU = 1500,
# Framed-Compression = Van-Jacobsen-TCP-IP
clients.conf:
client localhost {
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname(radius.example.com)
ipaddr = 192.168.1.2
secret = somesecret
LASTLY:
ı'm used to posting through nabble so I can ensure thread continuance.
Since I'm new to this method, apologies if posting through direct
e-mail does not post as foloow-up for initial topic.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Beeblebrox wrote: Keeping in mind that the system in question is an OpenWRT (hence minimal install): The web site contains documentation. As does the wiki. The distribution tar file contains documentation. You're not stuck with just a minimal install on a constrained box. But this is not possible since a router environment is not suitable for git + building things. You can run the scripts on another machine, and copy the certificates over to the constrained machine. But more importantly: The incoming request doesn't use certificate authentication So that means the certificate business is not of immediate relevance to my problem? Good to hear! Well, no. The debug log you posted doesn't use certificates. Hence my question about where it came from. 1) what client did you use to send the Access-Request? ssh into box and: echo User-Name = steve, User-Password = testing | radcli ent -x 192.168.1.2 auth mysecret So... it's a test request with a test user and test password. It's not a real request from a client. Did you configure the user on the radius server? i.e. how does the RADIUS server know how to authenticate the user? 3) Why did you send the Access-Request? To debug freeradius config since wifi connection attempt fails with very little info. That is the point of running the server in debugging mode. Do a WiFi connection, and read the debug output for *that*. The whole point of running in debugging mode is to READ IT I read the output several times before posting - nothing out of the ordinary and all modules are loaded smoothly. Messages like No known good password don't mean anything? Also, no debug info in /var/log/radius.log - not even when I increase log-level in /etc/freeradius2/radiusd.conf. The normal log file is for normal logs. It's not for debug output. config file snippets: users: steve Cleartext-Password := testing Well... the debug output shows that the files module (which handles the users file) returned noop. i.e. it didn't find that entry. Please read the FAQ about debugging authentication. It gives examples, and detailed instructions. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
Do a WiFi connection, and read the debug output for *that*.
Good idea - I have some progress in debugging:
This snippet shows that at least SSL certs are working being accepted
by radius:
-+++
Thu Jan 17 21:58:15 2013 : Info: # Executing section authorize from file
/etc/freeradius2/sites/default
Thu Jan 17 21:58:15 2013 : Info: +- entering group authorize {...}
Thu Jan 17 21:58:15 2013 : Info: [eap] EAP packet type response id 255
length 208
Thu Jan 17 21:58:15 2013 : Info: [eap] Continuing tunnel setup.
Thu Jan 17 21:58:15 2013 : Info: ++[eap] returns ok
Thu Jan 17 21:58:15 2013 : Info: Found Auth-Type = EAP
Thu Jan 17 21:58:15 2013 : Info: # Executing group from file
/etc/freeradius2/sites/default
Thu Jan 17 21:58:15 2013 : Info: +- entering group authenticate {...}
Thu Jan 17 21:58:15 2013 : Info: [eap] Request found, released from the list
Thu Jan 17 21:58:15 2013 : Info: [eap] EAP/peap
Thu Jan 17 21:58:15 2013 : Info: [eap] processing type peap
Thu Jan 17 21:58:15 2013 : Info: [peap] processing EAP-TLS
Thu Jan 17 21:58:15 2013 : Debug: TLS Length 198
Thu Jan 17 21:58:15 2013 : Info: [peap] Length Included
Thu Jan 17 21:58:15 2013 : Info: [peap] eaptls_verify returned 11
Thu Jan 17 21:58:15 2013 : Info: [peap] TLS 1.0 Handshake [length
0086], ClientKeyExchange
Thu Jan 17 21:58:16 2013 : Info: [peap] TLS_accept: SSLv3 read
client key exchange A
Thu Jan 17 21:58:16 2013 : Info: [peap] TLS 1.0 ChangeCipherSpec
[length 0001]
Thu Jan 17 21:58:16 2013 : Info: [peap] TLS 1.0 Handshake [length
0010], Finished
Thu Jan 17 21:58:16 2013 : Info: [peap] TLS_accept: SSLv3 read
finished A
Thu Jan 17 21:58:16 2013 : Info: [peap] TLS 1.0 ChangeCipherSpec
[length 0001]
Thu Jan 17 21:58:16 2013 : Info: [peap] TLS_accept: SSLv3 write
change cipher spec A
Thu Jan 17 21:58:16 2013 : Info: [peap] TLS 1.0 Handshake [length
0010], Finished
Thu Jan 17 21:58:16 2013 : Info: [peap] TLS_accept: SSLv3 write
finished A
Thu Jan 17 21:58:16 2013 : Info: [peap] TLS_accept: SSLv3 flush data
Thu Jan 17 21:58:16 2013 : Info: [peap] (other): SSL negotiation
finished successfully
Thu Jan 17 21:58:16 2013 : Debug: SSL Connection Established
-+++
OTHER INTERESTING CODE I FIND (No NT/LM-Password):
-+++
hu Jan 17 21:58:16 2013 : Info: # Executing section authorize from file
/etc/freeradius2/sites/default
Thu Jan 17 21:58:16 2013 : Info: +- entering group authorize {...}
Thu Jan 17 21:58:16 2013 : Info: [eap] EAP packet type response id 2
length 65
Thu Jan 17 21:58:16 2013 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Thu Jan 17 21:58:16 2013 : Info: ++[eap] returns updated
Thu Jan 17 21:58:16 2013 : Info: ++[files] returns noop
Thu Jan 17 21:58:16 2013 : Info: [pap] WARNING! No known good password
found for the user. Authentication may fail because of this.
Thu Jan 17 21:58:16 2013 : Info: ++[pap] returns noop
Thu Jan 17 21:58:16 2013 : Info: Found Auth-Type = EAP
Thu Jan 17 21:58:16 2013 : Info: # Executing group from file
/etc/freeradius2/sites/default
Thu Jan 17 21:58:16 2013 : Info: +- entering group authenticate {...}
Thu Jan 17 21:58:16 2013 : Info: [eap] Request found, released from the list
Thu Jan 17 21:58:16 2013 : Info: [eap] EAP/mschapv2
Thu Jan 17 21:58:16 2013 : Info: [eap] processing type mschapv2
Thu Jan 17 21:58:16 2013 : Info: [mschapv2] # Executing group from file
/etc/freeradius2/sites/default
Thu Jan 17 21:58:16 2013 : Info: [mschapv2] +- entering group MS-CHAP {...}
Thu Jan 17 21:58:16 2013 : Info: [mschap] No Cleartext-Password
configured. Cannot create LM-Password.
Thu Jan 17 21:58:16 2013 : Info: [mschap] No Cleartext-Password
configured. Cannot create NT-Password.
Thu Jan 17 21:58:16 2013 : Info: [mschap] Creating challenge hash with
username: pospda
Thu Jan 17 21:58:16 2013 : Info: [mschap] Client is using MS-CHAPv2 for
pospda, we need NT-Password
Thu Jan 17 21:58:16 2013 : Info: [mschap] FAILED: No NT/LM-Password.
Cannot perform authentication.
Thu Jan 17 21:58:16 2013 : Info: [mschap] FAILED: MS-CHAP2-Response is
incorrect
Thu Jan 17 21:58:16 2013 : Info: ++[mschap] returns reject
Thu Jan 17 21:58:16 2013 : Info: [eap] Freeing handler
Thu Jan 17 21:58:16 2013 : Info: ++[eap] returns reject
Thu Jan 17 21:58:16 2013 : Info: Failed to authenticate the user.
Thu Jan 17 21:58:16 2013 : Auth: Login incorrect: [pospda/via Auth-Type
= EAP] (from client localhost port 1 cli 00-1F-1F-91-32-E4 via TLS tunnel)
-+++
This I did not configure probaly should?
how does the RADIUS server know how to authenticate the user?
Many many thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Hi, I have just untarred the 2.2.0 tarball, and added just one line the users file: gokul Cleartext-Password:=abcde at the top of the file...or at the bottom? If you add it to the bottom then other things in the file will prevent that user from being seen/used - add your test user/pass to the top of the users file you didnt give the full output of 'radiusd -X' either - I'm assuming that you are editing the correct users file - eg /usr/local/etc/raddb/users or /etc/raddb/users and not the users file thats in the source directory... alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
On 11/10/2012 03:54 AM, Shravan S G wrote: Hi all, I am trying to configure FreeRadius 2.2.0. I am trying to test with the radtest utility. However, when I run radtest, on my radiusd server, I get the following error - ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user. I know this is some issue with the authentication part. However, I have not been able to pinpoint the problem. Also, I haven't been able to find any relevant solutions on the web. I have just untarred the 2.2.0 tarball, and added just one line the users file: gokul Cleartext-Password:=abcde If so, this hasn't taken. The debug shows: ++[files] returns noop ...and thenL [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Check you're editing the right file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Issue is resolved. I was infact editing the wrong users file. I was editing the users file in the raddb folder of the uncompressed tarball. Thanks for the help. Regards, Shravan On Sat, Nov 10, 2012 at 6:54 AM, Phil Mayers p.may...@imperial.ac.ukwrote: On 11/10/2012 03:54 AM, Shravan S G wrote: Hi all, I am trying to configure FreeRadius 2.2.0. I am trying to test with the radtest utility. However, when I run radtest, on my radiusd server, I get the following error - ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user. I know this is some issue with the authentication part. However, I have not been able to pinpoint the problem. Also, I haven't been able to find any relevant solutions on the web. I have just untarred the 2.2.0 tarball, and added just one line the users file: gokul Cleartext-Password:=abcde If so, this hasn't taken. The debug shows: ++[files] returns noop ...and thenL [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Check you're editing the right file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Hi all,
I am trying to configure FreeRadius 2.2.0. I am trying to test with the
radtest utility. However, when I run radtest, on my radiusd server, I get
the following error - ERROR: No authenticate method (Auth-Type) found for
the request: Rejecting the user. I know this is some issue with the
authentication part. However, I have not been able to pinpoint the problem.
Also, I haven't been able to find any relevant solutions on the web.
I have just untarred the 2.2.0 tarball, and added just one line the users
file: gokul Cleartext-Password:=abcde
Below is the output on the server and the client side:
Server:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 47080, id=238,
length=75
User-Name = gokul
User-Password = abcde
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0xf92ae1fda2ea8f435d95c4a7294e1e55
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = gokul, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user. Authentication
may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - gokul
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 238 to 127.0.0.1 port 47080
Waking up in 4.9 seconds.
Cleaning up request 0 ID 238 with timestamp +19
Ready to process requests.
Client:
shravan@ubuntu:~/freeradius-server-2.2.0/raddb$ sudo radtest gokul abcde
localhost 0 testing123
[sudo] password for shravan:
Sending Access-Request of id 238 to 127.0.0.1 port 1812
User-Name = gokul
User-Password = abcde
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=238,
length=20
shravan@ubuntu:~/freeradius-server-2.2.0/raddb$
This is m first attempt at using FreeRadius, so please let me know if I
have made any rookie mistakes. :)
Thanks in advance.
Shravan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MAC auth with checkval - No authenticate method (Auth-Type)
Hello all,
I'm trying to authenticate workstations with their MAC address.
Here my problem during authenticate :
rad_recv: Access-Request packet from host 192.168.64.5 port 5001, id=138,
length=136
User-Name = 00-15-c5-b2-d7-f1
User-Password = 00-15-c5-b2-d7-f1
NAS-IP-Address = 192.168.64.5
NAS-Identifier = 3822d6bed9f0
NAS-Port = 16961538
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = 00-15-C5-B2-D7-F1
Thu Feb 2 09:15:15 2012 : Info: +- entering group authorize {...}
Thu Feb 2 09:15:15 2012 : Info: ++[preprocess] returns ok
Thu Feb 2 09:15:15 2012 : Info: [files] users: Matched entry
00-15-c5-b2-d7-f1 at line 1
Thu Feb 2 09:15:15 2012 : Info: ++[files] returns ok
Thu Feb 2 09:15:15 2012 : Debug: rlm_checkval: Item Name:
Calling-Station-Id, Value: 00-15-C5-B2-D7-F1
Thu Feb 2 09:15:15 2012 : Debug: rlm_checkval: Value Name:
Calling-Station-Id, Value: 00-15-C5-B2-D7-F1
Thu Feb 2 09:15:15 2012 : Info: ++[checkval] returns ok
Thu Feb 2 09:15:15 2012 : Info: ++[expiration] returns noop
Thu Feb 2 09:15:15 2012 : Info: ++[logintime] returns noop
Thu Feb 2 09:15:15 2012 : Info: No authenticate method (Auth-Type)
configuration found for the request: Rejecting the user
Thu Feb 2 09:15:15 2012 : Info: Failed to authenticate the user.
Thu Feb 2 09:15:15 2012 : Info: Using Post-Auth-Type Reject
Thu Feb 2 09:15:15 2012 : Info: +- entering group REJECT {...}
Thu Feb 2 09:15:15 2012 : Info: [attr_filter.access_reject]expand:
%{User-Name} - 00-15-c5-b2-d7-f1
Thu Feb 2 09:15:15 2012 : Debug: attr_filter: Matched entry DEFAULT at
line 11
Thu Feb 2 09:15:15 2012 : Info: ++[attr_filter.access_reject] returns
updated
Thu Feb 2 09:15:15 2012 : Info: Delaying reject of request 0 for 1 seconds
Thu Feb 2 09:15:15 2012 : Debug: Going to the next request
Thu Feb 2 09:15:15 2012 : Debug: Waking up in 0.9 seconds.
Thu Feb 2 09:15:16 2012 : Info: Sending delayed reject for request 0
Sending Access-Reject of id 138 to 192.168.64.5 port 5001
Thu Feb 2 09:15:16 2012 : Debug: Waking up in 4.9 seconds.
Thu Feb 2 09:15:21 2012 : Info: Cleaning up request 0 ID 138 with timestamp
+16
Thu Feb 2 09:15:21 2012 : Info: Ready to process requests.
I use freeradius 2.1.8 , here is a part of my site-enabled/default file
(modified) :
...
authorize {
files
checkval
expiration
logintime
}
authenticate {
# nothing!! I know... but in fact I don't know what I can write
}
Can somebody help me? Thanks for all.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/MAC-auth-with-checkval-No-authenticate-method-Auth-Type-tp5450017p5450017.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC auth with checkval - No authenticate method (Auth-Type)
I find the solution. In fact, I forgot to set Cleartext-Password in the users file... Thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/MAC-auth-with-checkval-No-authenticate-method-Auth-Type-tp5450017p5450841.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found for the request
I am using network manager with radius server. I put this config in this files eap.conf default_eap_type = peap create new certificate as per http://deployingradius.com and network manager side i put ca.der but its giving Ready to process requests. rad_recv: Access-Request packet from host 192.168.21.32 port 32773, id=1, length=127 User-Name = testing NAS-IP-Address = 192.168.21.32 Called-Station-Id = 0001 Calling-Station-Id = 1caff76ce38c NAS-Identifier = 0001 NAS-Port = 3 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020c0174657374696e67 Message-Authenticator = 0xbc498e29bfb9f44c5276dcb7d57b082e WARNING: Empty authorize section. Using default return values. ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Delaying reject of request 5 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 5 Sending Access-Reject of id 1 to 192.168.21.32 port 32773 Waking up in 4.9 seconds. Cleaning up request 5 ID 1 with timestamp +95 Ready to process requests. thanks in advance -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Harish Mandowara wrote: but its giving ... WARNING: Empty authorize section. Using default return values. You edited the default configuration and broke it. Don't do that. Check the raddb/sites-enabled directory. Make sure that ONLY the default and inner-tunnel servers are there. Make sure that you HAVEN'T edited those files. The error occurs because the default configuration has been *deleted*. Don't do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Thank you alan,
I want to use PEAP-MSCHAP. So that i did change in eap.conf. I did not
change in raddb/sites-enabled. Even in radiusd.conf, its there.
but its giving right now
Module: Linked to module rlm_eap
Module: Instantiating module eap from file
/usr/local/etc/raddb/eap.conf
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = Password:
auth_type = PAP
}
Ignoring EAP-Type/tls because we do not have OpenSSL support.
Ignoring EAP-Type/ttls because we do not have OpenSSL support.
Ignoring EAP-Type/peap because we do not have OpenSSL support.
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
rlm_eap: No such sub-type for default EAP type peap
/usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module eap
/usr/local/etc/raddb/sites-enabled/default[310]: Failed to load module
eap.
/usr/local/etc/raddb/sites-enabled/default[252]: Errors parsing
authenticate section.
I already install all openssl library but its not working properly.
Harish Mandowara wrote:
but its giving
...
WARNING: Empty authorize section. Using default return values.
You edited the default configuration and broke it. Don't do that.
Check the raddb/sites-enabled directory. Make sure that ONLY the
default and inner-tunnel servers are there. Make sure that you
HAVEN'T edited those files.
The error occurs because the default configuration has been *deleted*.
Don't do that.
Alan DeKok.
--
With Warm Regards
Harish Mandowara
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
On Tue, Jan 24, 2012 at 6:48 PM, Harish Mandowara hari...@cdac.in wrote: Thank you alan, I want to use PEAP-MSCHAP. Ignoring EAP-Type/peap because we do not have OpenSSL support. See that error? Fix that. What OS/distro are you using? if you're having problem building FR with ssl, ready-to-use package should be available for most OS: http://wiki.freeradius.org/Packages -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Hi, Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. built within OpenSSL support - install the DEVELOPMENT libraries/headers (eg ssl-dev, openssl-devel or whatever they are called on your platform) and rebuild. or install a prebuilt package built with openssl support alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Hi,
I installed all the these libraries. Again build the code. and install but
its coming same. i am putting all debugging message over here.
main {
allow_core_dumps = no
}
including dictionary file
/home/harish/Desktop/source/freeradius-server-2.1.12/raddb/dictionary
main {
name = radiusd
prefix = /usr/local
localstatedir = /usr/local/var
sbindir = /usr/local/sbin
logdir = /usr/local/var/log/radius
run_dir = /usr/local/var/run/radiusd
libdir = /usr/local/lib
radacctdir = /usr/local/var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = /usr/local/var/run/radiusd/radiusd.pid
checkrad = /usr/local/sbin/checkrad
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = auth
secret = testing123
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = status-server
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: Loading Clients
client 192.168.21.32 {
ipaddr = 192.168.21.34
require_message_authenticator = no
secret = testing123
nastype = other
}
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module exec from file
/home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/exec
exec {
wait = no
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module expr from file
/home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module expiration from file
/home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating module logintime from file
/home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/logintime
logintime {
reply-message = You are calling outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server { # from file
/home/harish/Desktop/source/freeradius-server-2.1.12/raddb/radiusd.conf
modules {
Module: Creating Auth-Type = digest
Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module pap from file
/home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/pap
pap {
encryption_scheme = auto
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module chap from file
/home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module mschap from file
/home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
allow_retry = yes
}
Module: Linked to module rlm_digest
Module: Instantiating module digest from file
/home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/digest
Module: Linked to module rlm_unix
Module: Instantiating module unix from file
/home/harish/Desktop/source/freeradius-server-2.1.12/raddb/modules/unix
unix {
radwtmp = /usr/local/var/log/radius/radwtmp
}
Module: Linked to module rlm_eap
Module: Instantiating module eap from file
/home/harish/Desktop/source/freeradius-server-2.1.12/raddb/eap.conf
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked
Re: No authenticate method (Auth-Type) found for the request
On Tue, Jan 24, 2012 at 9:55 PM, Harish Mandowara hari...@cdac.in wrote: Hi, I installed all the these libraries. Again build the code. and install but No, you didn't. You either: - didn't have development headers installed (e.g. you have libssl, but not libssl-dev), OR - didn't re-run configure, OR - have conflicting version of openssl, possibly one installed from package and one from source, OR - somehow got a buggy version of openssl (unlikely, but possible) either way, looking at ./configure output (using tee, and later open the log with a text editor helps) should be able to tell you why it has no ssl support. Or just use packages. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found for the request
Hi, I installed all the these libraries. Again build the code. and install but its coming same. i am putting all debugging message over here. outut of the ./configure stage? once again, no OpenSSL support - so you built without the OpenSSL headers/includes for the server and/or you didnt run the ./configure stage again alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fwd: Need help on ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
attr_filter.access_reject from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = /usr/local/etc/raddb/attrs.access_reject
key = %{User-Name}
relaxed = no
}
} # modules
} # server
server inner-tunnel { # from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: Opening IP addresses and Ports
listen {
type = auth
ipaddr = *
port = 0
}
listen {
type = acct
ipaddr = *
port = 0
}
listen {
type = control
listen {
socket = /usr/local/var/run/radiusd/radiusd.sock
}
}
listen {
type = auth
ipaddr = 127.0.0.1
port = 18120
}
... adding new socket proxy address * port 63625
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
*Packet 0*
--
rad_recv: Access-Request packet from host 127.0.0.1 port 64417,
id=253, length=77
User-Name = testing
User-Password = password
NAS-IP-Address = 172.16.142.1
NAS-Port = 0
Message-Authenticator = 0xac50d12cd56157895ad148d9eae1fab3
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = testing, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user.
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - testing
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 253 to 127.0.0.1 port 64417
Waking up in 4.9 seconds.
Cleaning up request 0 ID 253 with timestamp +52
Ready to process requests.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: Need help on ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Stephen Kwok wrote: I am a newbie to FreeRADIUS and I have run into a problem during the setup. I have spent some time on researching for an answer online, but I got no luck. I have described the problem as below. Could anyone please let me know what went wrong? Thank you so much in advance. Don't post the same message to the freeradius-users and freeradius-devel list. It's not nice. The whole point of running the server in debugging mode is to *READ* the output. In this case, you've edited /sw//raddb/users, and the server is *clearly* reading /usr/local/etc/raddb/users. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: Need help on ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Hi, OS: Mac OSX 10.6.8 FreeRADIUS version:�2.1.12 Steps taken: snip okay. so you downloaded the software, extracted it, then built it... great. did you note what happened when you 'make install' ? Starting�-�reading�configuration�files�...� including�configuration�file�/usr/local/etc/raddb/radiusd.conf� including�configuration�file�/usr/local/etc/raddb/proxy.conf� including�configuration�file�/usr/local/etc/raddb/clients.conf� theres a hint the server is reading config files from the /usr/local/etc/raddb directory. the config files you have edited are the source code initial versions.. they arent being readhence your testing/password will never work alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Thank's Alan, it works! We had the same issue with python auths being serialized that we had with pam, but running out of debug mode fixed the issue. Pam probably would have worked if we tried that, but it was a pam_python module anyway so it is better going directly to python. Thanks again, Jim On Wed, May 18, 2011 at 1:44 AM, Alan DeKok al...@deployingradius.com wrote: Jim Whitescarver wrote: The only thing we want is python authentication. I just commented out everything else. I will start again and try to minimize edits. I am rather clueless about the nature the minimum edits should have. Add what you need. The default configuration *works*. It seems that every configuration file needs python in every section for it to be recognized. No. You need to list python everywhere you want it to be *used*. I don't think we want to use the users file. We only want to call the python module for any request. That's just rude. The first message you posted showed a users file entry, and wondered why it didn't work. Now you say you don't want to use it. Figure out what you want to do. The majority of the issues you're having are due to inconsistency. It's not clear why we would leave other stuff in if we are not using anything but the python module. Because you don't understand what it does. If you don't understand it, deleting it is wrong. Hey, I don't understand what this widget is on my car engine. I'll just rip it off. Hmm, my car no longer works. I know... I'll blame the mechanic! You wouldn't do that to a car mechanic. Don't do it here. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
I am hoping someone can help me. We compiled 2.1.x from source and
finally got it to accept our python Auth-Type as the default in the
users file.
DEFAULT Auth-Type := python
But, after sucessfully calling our python module the user is rejected
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Below is the complete log.
Any ideas of what we may be doing wrong?
Thanks,
Jim
Tue May 17 14:15:37 2011 : Debug: Listening on proxy address * port 1814
Tue May 17 14:15:37 2011 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 135.207.164.41 port 49346,
id=131, length=55
User-Name = owk
User-Password = test123
NAS-IP-Address = 135.207.164.41
NAS-Port = 1812
Tue May 17 14:15:50 2011 : Info: # Executing section authorize from
file /usr/local/etc/raddb/sites-enabled/default
Tue May 17 14:15:50 2011 : Info: +- entering group authorize {...}
Tue May 17 14:15:50 2011 : Info: ++[preprocess] returns ok
*** authorize ***
Tue May 17 14:15:50 2011 : Info: *** radlog call in authorize ***
(('User-Name', 'owk'), ('User-Password', 'test123'),
('NAS-IP-Address', '135.207.164.41'), ('NAS-Port', '1812'))
User-Name: owk
User-Password: test123
NAS-IP-Address: 135.207.164.41
NAS-Port: 1812
Authenticate User: owk
Tue May 17 14:16:16 2011 : Info: ++[python] returns ok
Tue May 17 14:16:16 2011 : Info: ERROR: No authenticate method
(Auth-Type) found for the request: Rejecting the user
Tue May 17 14:16:16 2011 : Info: Failed to authenticate the user.
Tue May 17 14:16:16 2011 : Info: Using Post-Auth-Type Reject
Tue May 17 14:16:16 2011 : Info: # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Tue May 17 14:16:16 2011 : Info: +- entering group REJECT {...}
Tue May 17 14:16:16 2011 : Info: [attr_filter.access_reject]
expand: %{User-Name} - owk
Tue May 17 14:16:16 2011 : Debug: attr_filter: Matched entry DEFAULT at line 11
Tue May 17 14:16:16 2011 : Info: ++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 131 to 135.207.164.41 port 49346
Tue May 17 14:16:16 2011 : Info: Finished request 0.
Tue May 17 14:16:16 2011 : Debug: Going to the next request
Tue May 17 14:16:16 2011 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 135.207.164.41 port 49346,
id=131, length=55
Tue May 17 14:16:16 2011 : Info: Sending duplicate reply to client
five-10 port 49346 - ID: 131
Sending Access-Reject of id 131 to 135.207.164.41 port 49346
Tue May 17 14:16:16 2011 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 135.207.164.41 port 49346,
id=131, length=55
Tue May 17 14:16:16 2011 : Info: Sending duplicate reply to client
five-10 port 49346 - ID: 131
Sending Access-Reject of id 131 to 135.207.164.41 port 49346
Tue May 17 14:16:16 2011 : Debug: Waking up in 4.9 seconds.
Tue May 17 14:16:21 2011 : Info: Cleaning up request 0 ID 131 with timestamp +13
Tue May 17 14:16:21 2011 : Info: Ready to process requests.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Jim Whitescarver wrote: But, after sucessfully calling our python module the user is rejected ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Don't edit the default configuration and break it. Below is the complete log. Any ideas of what we may be doing wrong? (1) Run the server in debugging mode. -Xx gives *too* much information (2) If you 3ant to use the users file, *DON'T* delete files from the authorize section. All of the work you put into simplifying the configuration files was wasted. If you don't understand how the server works, change as little as possible. Read man radiusd, and see the DEBUGGING section. It gives *EXPLICIT* instructions for how to change the configuration of the server. Follow them. This is documented. Following the documentation helps. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
On Tue, May 17, 2011 at 3:08 PM, Alan DeKok al...@deployingradius.com wrote: Jim Whitescarver wrote: But, after sucessfully calling our python module the user is rejected ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Don't edit the default configuration and break it. The only thing we want is python authentication. I just commented out everything else. I will start again and try to minimize edits. I am rather clueless about the nature the minimum edits should have. It seems that every configuration file needs python in every section for it to be recognized. Any ideas of what we may be doing wrong? (1) Run the server in debugging mode. -Xx gives *too* much information (2) If you 3ant to use the users file, *DON'T* delete files from the authorize section. I don't think we want to use the users file. We only want to call the python module for any request. All of the work you put into simplifying the configuration files was wasted. If you don't understand how the server works, change as little as possible. We will try again. It's not clear why we would leave other stuff in if we are not using anything but the python module. Thanks for the tips. Jim. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Jim Whitescarver wrote: The only thing we want is python authentication. I just commented out everything else. I will start again and try to minimize edits. I am rather clueless about the nature the minimum edits should have. Add what you need. The default configuration *works*. It seems that every configuration file needs python in every section for it to be recognized. No. You need to list python everywhere you want it to be *used*. I don't think we want to use the users file. We only want to call the python module for any request. That's just rude. The first message you posted showed a users file entry, and wondered why it didn't work. Now you say you don't want to use it. Figure out what you want to do. The majority of the issues you're having are due to inconsistency. It's not clear why we would leave other stuff in if we are not using anything but the python module. Because you don't understand what it does. If you don't understand it, deleting it is wrong. Hey, I don't understand what this widget is on my car engine. I'll just rip it off. Hmm, my car no longer works. I know... I'll blame the mechanic! You wouldn't do that to a car mechanic. Don't do it here. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSH - No authenticate method (Auth-Type)
What I am trying to setup is as follows
1. Oracle Backend for Authenticating SFTP Clients( openssh )
What I have done so far
Setup a second ssh for the SFTP only
Updated the sshd_config for using PAM.
Request comes to AAA and fails as shown in the logs below.
Also note teh password shows as *\010\n\r\177INCORRECT*
The sites-enabled default looks like the following
authorize {
sql
expiration
logintime
}
authenticate {
# I have tried just pam as you have suggested and it still says
No-Auth
Auth-Type PAM {
pam
}
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
detail
unix
radutmp
exec
attr_filter.accounting_response
}
session {
radutmp
}
post-auth {
sql
}
pre-proxy {
}
post-proxy {
}
As requested I am attaching the radiusd -X log
rad_recv: Access-Request packet from host Y.Y.Y.Y port 6975, id=15,
length=114
User-Name = test
*User-Password = \010\n\r\177INCORRECT*
NAS-IP-Address = Y.Y.Y.Y
NAS-Identifier = openssh
NAS-Port = 5950
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Calling-Station-Id = somebody
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
[sql] expand: %{User-Name} - test
[sql] sql_set_user escaped user --test
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '%{SQL-User-Name}' ORDER BY id - SELECT
id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'test' ORDER
BY id
WARNING: Found User-Password ==
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See man rlm_pap for more information.
[sql] expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' - SELECT GroupName FROM radusergroup WHERE
UserName='test'
[sql] expand: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,radusergroup WHERE radusergroup.Username =
'%{SQL-User-Name}' AND radusergroup.GroupName = radgroupcheck.GroupName
ORDER BY radgroupcheck.id - SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,radusergroup WHERE radusergroup.Username = 'test' AND
radusergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
[sql] User found in group SFTP_Client
[sql] expand: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,radusergroup WHERE radusergroup.Username =
'%{SQL-User-Name}' AND radusergroup.GroupName = radgroupreply.GroupName
ORDER BY radgroupreply.id - SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,radusergroup WHERE radusergroup.Username = 'test' AND
radusergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
WARNING: Unprintable characters in the password.Double-check the
shared secret on the server and the NAS!
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 15 to 199.106.120.244 port 6975
Password == test
Waking up in 4.9 seconds.
Cleaning up request 0 ID 15 with timestamp +10
Ready to process requests.
On Thu, Feb 17, 2011 at 5:42 PM, Marc Phillips rm...@copacetic.net wrote:
Sending Access-Request of id 58 to X.X.X.X port Y
User-Name = test
User-Password = test
NAS-IP-Address = X.X.X.X
NAS-Port = Y
Framed-Protocol = PPP
rad_recv: Access-Accept packet from host X.X.X.X port Y, id=58, length=38
The freeradius is setup with an oracle db backend.
I had something similar with PAM. What I did is have a user entry like:
DEFAULT Ldap-Group == mygroup, Auth-Type = pam
Reply-Message = Hello (admin), %{User-Name},
Fall-Through = No
and in my sites-enabled default:
authorize {
preprocess
auth_log
files
ldap
}
authenticate {
pam
}
You'll obviously have some sort of sql auth-type and probably won't
need the LDAP stuff.
Hope this helps.
R. Marc
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSH - No authenticate method (Auth-Type)
Jaikanth Krishnaswamy wrote: Setup a second ssh for the SFTP only Updated the sshd_config for using PAM. Request comes to AAA and fails as shown in the logs below. Also note teh password shows as *\010\n\r\177INCORRECT* SSH has replaced the password with that text. There is *nothing* you can do to FreeRADIUS that will fix the problem. Go fix the PAM configuration on the client machine so that it doesn't destroy the password entered by the user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSH - No authenticate method (Auth-Type)
On 18/02/11 01:03, Jaikanth Krishnaswamy wrote:
Hi All,
I am a newbie to freeradius world.
I am using freeradius 2.1.10 for authorization and authentication.
My authorization works
Sending Access-Request of id 58 to X.X.X.X port Y
User-Name = test
User-Password = test
NAS-IP-Address = X.X.X.X
NAS-Port = Y
Framed-Protocol = PPP
rad_recv: Access-Accept packet from host X.X.X.X port Y, id=58, length=38
The freeradius is setup with an oracle db backend.
The basic step is to have the Oracle database return:
username Cleartext-Password := thepassword
...and have:
authorize {
...
pap
}
authenticate {
Auth-Type PAP {
pap
}
}
If you can't get it working, send the full debug output as the docs request:
radiusd -X | tee log
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SSH - No authenticate method (Auth-Type)
Hi All, I am a newbie to freeradius world. I am using freeradius 2.1.10 for authorization and authentication. My authorization works Sending Access-Request of id 58 to X.X.X.X port Y User-Name = test User-Password = test NAS-IP-Address = X.X.X.X NAS-Port = Y Framed-Protocol = PPP rad_recv: Access-Accept packet from host X.X.X.X port Y, id=58, length=38 The freeradius is setup with an oracle db backend. I would like to use the freeradius for my SSH. I have read some online blogs and setup my SSH with PAM. When I establish an SSH Session to the host and this is what I see in the logs. ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. If I am using the oracle DB(sql) to perform authorization and it works what needs to be done to use the same oracle DB(sql maybe other tables) for authentication. Need your help or guidance with some links/documentation on how to set SSH+ Freeradius Thanks JK - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSH - No authenticate method (Auth-Type)
Sending Access-Request of id 58 to X.X.X.X port Y
User-Name = test
User-Password = test
NAS-IP-Address = X.X.X.X
NAS-Port = Y
Framed-Protocol = PPP
rad_recv: Access-Accept packet from host X.X.X.X port Y, id=58, length=38
The freeradius is setup with an oracle db backend.
I had something similar with PAM. What I did is have a user entry like:
DEFAULT Ldap-Group == mygroup, Auth-Type = pam
Reply-Message = Hello (admin), %{User-Name},
Fall-Through = No
and in my sites-enabled default:
authorize {
preprocess
auth_log
files
ldap
}
authenticate {
pam
}
You'll obviously have some sort of sql auth-type and probably won't
need the LDAP stuff.
Hope this helps.
R. Marc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSH - No authenticate method (Auth-Type)
Thanks Marc, I am trying to use the Freeradius for authentication and
authorization of SSH users with the oracle backend.
Not sure how I need to use the below info in my setup. Problems of being a
newbie.
On Thu, Feb 17, 2011 at 5:42 PM, Marc Phillips rm...@copacetic.net wrote:
Sending Access-Request of id 58 to X.X.X.X port Y
User-Name = test
User-Password = test
NAS-IP-Address = X.X.X.X
NAS-Port = Y
Framed-Protocol = PPP
rad_recv: Access-Accept packet from host X.X.X.X port Y, id=58, length=38
The freeradius is setup with an oracle db backend.
I had something similar with PAM. What I did is have a user entry like:
DEFAULT Ldap-Group == mygroup, Auth-Type = pam
Reply-Message = Hello (admin), %{User-Name},
Fall-Through = No
and in my sites-enabled default:
authorize {
preprocess
auth_log
files
ldap
}
authenticate {
pam
}
You'll obviously have some sort of sql auth-type and probably won't
need the LDAP stuff.
Hope this helps.
R. Marc
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request:
Installed FreeRadius 2.1.8 to authenticate to an LDAP back end (eDirectory)
Set it up per the document link below:
http://www.novell.com/communities/node/11321/freeradius-218-edirectory-integration
Now I'm getting a No authenticate method error. Output of radiusd -X below:
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.1.0.12 port 3915, id=9,
length=48
User-Name = radadmin
User-Password = thepassword
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = radadmin, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user. Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - radadmin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 9 to 10.1.0.12 port 3915
Waking up in 4.9 seconds.
Cleaning up request 0 ID 9 with timestamp +3
Ready to process requests.
In the Novell Cool Solution link, they say to un-comment ldap in the
authorize section of /etc/raddb/sites-enabled/inner-tunnel but I had a
question on this. Attached is my inner-tunnel config. My question is do I
also need to un-comment the following in the authenticate section or am I
missing something else entirely?
#Auth-Type LDAP {
# ldap
#}
# -*- text -*-
##
#
# This is a virtual server that handles *only* inner tunnel
# requests for EAP-TTLS and PEAP types.
#
# $Id$
#
##
server inner-tunnel {
#
# Un-comment the next section to perform test on the inner tunnel
# without needing an outer tunnel session. The tests will not be
# exactly the same as when TTLS or PEAP are used, but they will
# be close enough for many tests.
#
#listen {
# ipaddr = 127.0.0.1
# port = 18120
# type = auth
#}
# Authorization. First preprocess (hints and huntgroups files),
# then realms, and finally look in the users file.
#
# The order of the realm modules will determine the order that
# we try to find a matching realm.
#
# Make *sure* that 'preprocess' comes before any realm if you
# need to setup hints for the remote radius server
authorize {
#
# The chap module will set 'Auth-Type := CHAP' if we are
# handling a CHAP request and Auth-Type has not already been set
chap
#
# If the users are logging in with an MS-CHAP-Challenge
# attribute for authentication, the mschap module will find
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
# to the request, which will cause the server to then use
# the mschap module for authentication.
mschap
#
# Pull crypt'd passwords from /etc/passwd or /etc/shadow,
# using the system API's to get the password. If you want
# to read /etc/passwd or /etc/shadow directly, see the
# passwd module, above.
#
unix
#
# Look for IPASS style 'realm/', and if not found, look for
# '@realm', and decide whether or not to proxy, based on
# that.
# IPASS
#
# If you are using multiple kinds of realms, you probably
# want to set ignore_null = yes for all of them.
# Otherwise, when the first style of realm doesn't match,
# the other styles won't be checked.
#
# Note that proxying the inner tunnel authentication means
# that the user MAY use one identity in the outer session
# (e.g. anonymous, and a different one here
# (e.g. u...@example.com). The inner session will then be
# proxied elsewhere for authentication. If you are not
# careful, this means that the user can cause you to forward
# the authentication to another RADIUS server, and have the
# accounting logs *not* sent to the other server. This makes
# it difficult to bill people for their network activity.
#
suffix
# ntdomain
#
# The suffix module takes care of stripping the domain
# (e.g. @example.com) from the User-Name attribute, and the
# next few
Re: No authenticate method (Auth-Type) configuration found for the request:
On 17/12/10 14:40, discgolfer72 wrote:
Installed FreeRadius 2.1.8 to authenticate to an LDAP back end (eDirectory)
Set it up per the document link below:
http://www.novell.com/communities/node/11321/freeradius-218-edirectory-integration
Now I'm getting a No authenticate method error. Output of radiusd -X below:
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.1.0.12 port 3915, id=9,
length=48
User-Name = radadmin
User-Password = thepassword
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = radadmin, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user. Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Note: the ldap module doesn't appear above.
In the Novell Cool Solution link, they say to un-comment ldap in the
authorize section of /etc/raddb/sites-enabled/inner-tunnel but I had a
inner-tunnel is used for the 2nd phase of EAP. Your debug above shows
a PAP request, which is not EAP, so inner-tunnel isn't used.
If you are setting up to support EAP, use an EAP client for testing
(google for eapol_test)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request:
What would be the proper service to use for eDirectory? Can I assume
from the document that EAP is the one to use for authenticating to
eDirectory or is another one better for that? Ultimately, we want to
set up a Wireless Access Point to send it's request to the Radius Server
which then queries eDirectory to authenticate the user to the WAP.
Thanks!
Ben
On 12/17/2010 9:00 AM, Phil Mayers wrote:
On 17/12/10 14:40, discgolfer72 wrote:
Installed FreeRadius 2.1.8 to authenticate to an LDAP back end
(eDirectory)
Set it up per the document link below:
http://www.novell.com/communities/node/11321/freeradius-218-edirectory-integration
Now I'm getting a No authenticate method error. Output of radiusd -X
below:
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.1.0.12 port 3915, id=9,
length=48
User-Name = radadmin
User-Password = thepassword
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = radadmin, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user.
Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Note: the ldap module doesn't appear above.
In the Novell Cool Solution link, they say to un-comment ldap in the
authorize section of /etc/raddb/sites-enabled/inner-tunnel but I had a
inner-tunnel is used for the 2nd phase of EAP. Your debug above
shows a PAP request, which is not EAP, so inner-tunnel isn't used.
If you are setting up to support EAP, use an EAP client for testing
(google for eapol_test)
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Ben Lewis
b...@lewisit.net
615.517.4538
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request:
Ben Lewis wrote: What would be the proper service to use for eDirectory? ldap. Read raddb/sites-available/default. Look for ldap. Can I assume from the document that EAP is the one to use for authenticating to eDirectory No. or is another one better for that? Ultimately, we want to set up a Wireless Access Point to send it's request to the Radius Server which then queries eDirectory to authenticate the user to the WAP. Run 2.1.10, and read raddb/sites-available/inner-tunnel. And also look for ldap there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request:
That did the trick. Thanks Alan and Phil!!! On 12/17/2010 9:20 AM, Alan DeKok wrote: Ben Lewis wrote: What would be the proper service to use for eDirectory? ldap. Read raddb/sites-available/default. Look for ldap. Can I assume from the document that EAP is the one to use for authenticating to eDirectory No. or is another one better for that? Ultimately, we want to set up a Wireless Access Point to send it's request to the Radius Server which then queries eDirectory to authenticate the user to the WAP. Run 2.1.10, and read raddb/sites-available/inner-tunnel. And also look for ldap there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Ben Lewis b...@lewisit.net 615.517.4538 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for therequest:
Ben, its sounds like you have everything going, to you still need the screencast? Congradulations if you have it all worked out ;) Matthew Stavert ITSM, ACMT Information Systems Analyst NLSD. 69 PH:780-826-3145 Cell: 780-207-1146 Ben Lewis b...@lewisit.net 12/17/2010 9:17 AM That did the trick. Thanks Alan and Phil!!!On 12/17/2010 9:20 AM, Alan DeKok wrote: Ben Lewis wrote: What would be the proper service to use for eDirectory? ldap. Read raddb/sites-available/default. Look for "ldap". Can I assume from the document that EAP is the one to use for authenticating to eDirectory No. or is another one better for that? Ultimately, we want to set up a Wireless Access Point to send it's request to the Radius Server which then queries eDirectory to authenticate the user to the WAP. Run 2.1.10, and read raddb/sites-available/inner-tunnel. And also look for "ldap" there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Ben Lewisb...@lewisit.net615.517.4538-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for therequest:
I think we're good now. Thanks for offering the screencast though! On 12/17/2010 10:38 AM, Matthew Stavert [via FreeRadius] wrote: HTMLHEAD /HEAD BODY style=MARGIN: 4px 4px 1px; FONT: 10pt Tahoma Ben, its sounds like you have everything going, to you still need the screencast? Congradulations if you have it all worked out ;) * * * Matthew Stavert ITSM, ACMT Information Systems Analyst NLSD. 69 PH:780-826-3145 Cell: 780-207-1146 * Ben Lewis [hidden email] /user/SendEmail.jtp?type=nodenode=3309666i=0 12/17/2010 9:17 AM That did the trick. Thanks Alan and Phil!!! On 12/17/2010 9:20 AM, Alan DeKok wrote: Ben Lewis wrote: What would be the proper service to use for eDirectory? ldap. Read raddb/sites-available/default. Look for ldap. Can I assume from the document that EAP is the one to use for authenticating to eDirectory No. or is another one better for that? Ultimately, we want to set up a Wireless Access Point to send it's request to the Radius Server which then queries eDirectory to authenticate the user to the WAP. Run 2.1.10, and read raddb/sites-available/inner-tunnel. And also look for ldap there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Ben Lewis [hidden email] /user/SendEmail.jtp?type=nodenode=3309666i=1 615.517.4538 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html /BODY/HTML - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html *PIMTVUARQOFV.IMAGE_1.jpg* (21K) Download Attachment /attachment/3309666/0/PIMTVUARQOFV.IMAGE_1.jpg View message @ http://freeradius.1045715.n5.nabble.com/No-authenticate-method-Auth-Type-configuration-found-for-the-request-tp3309472p3309666.html To unsubscribe from No authenticate method (Auth-Type) configuration found for the request:, click here http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_codenode=3309472code=YmVuQGxld2lzaXQubmV0fDMzMDk0NzJ8MTgxNTY1MDM5. -- Ben Lewis b...@lewisit.net 615.517.4538 -- View this message in context: http://freeradius.1045715.n5.nabble.com/No-authenticate-method-Auth-Type-configuration-found-for-the-request-tp3309472p3309669.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with authenticate method (Auth-Type)
sltd wrote: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. What authentication do you want to use!? the user file? you should enable your prefered authentification! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problem-with-authenticate-method-Auth-Type-tp3283253p3287311.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found
Hi,
I've got some trouble with freeradius 2.0.4 and mysql on debian when i want to
connect from a remote host. Locally I can do following command successfully:
radtest guest guest 127.0.0.1 0 radiussecret
When I connect from my NAS using chilli on openwrt I get the following error:
auth: No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
auth: Failed to validate the user.
Login incorrect: [guest/MM\250f\375 \241Ñ?\247\007\242Ë?i\316] (from client
nas01 port 2 cli 00-0C-29-00-71-20)
WARNING: Unprintable characters in the password.Double-check the
shared secret on the server and the NAS!
I allready checked the secret. It's the same in chilli config and client.conf on
the server. I also tried a user with Cleartext-Passwort without success. When I
do the select on radcheck manually on the command line, the user gets found. So
I think it's only a small configuration error on server site but I can't find it.
Here you can see the hole debug output. Any help would be appreciated.
FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Sep 7 2008 at
23:35:34
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including configuration file /etc/freeradius/snmp.conf
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/sql.conf
including configuration file /etc/freeradius/sql/mysql/dialup.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
including dictionary file /etc/freeradius/dictionary
main {
prefix = /usr
localstatedir = /var
logdir = /var/log/freeradius
libdir = /usr/lib/freeradius
radacctdir = /var/log/freeradius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /var/run/freeradius/freeradius.pid
user = freerad
group = freerad
checkrad = /usr/sbin/checkrad
debug_level = 0
proxy_requests = no
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = radiussecret
nastype = other
}
client 172.16.20.10 {
require_message_authenticator = no
secret = radiussecret
shortname = nas01
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = auth
secret = radiussecret
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = status-server
ping_check = none
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = You are calling outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = auto
auto_header = yes
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong
Re: No authenticate method (Auth-Type) configuration found
Bereos OHG Michael Spinnenhirn wrote: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [guest/MM\250f\375 \241Ñ?\247\007\242Ë?i\316] (from client nas01 port 2 cli 00-0C-29-00-71-20) WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! I allready checked the secret. It's the same in chilli config and client.conf on the server. That message is pretty definitive. I suggest *deleting* the client. Then send the server packets. Verify that the server complains about unknown client. Then, add the client again. This time re-entering all of the data, rather than copying it from your existing configuration. Also try radtest (or radclient) from the remote machine. There's no need to depend on Chillispot config when you can use the FreeRADIUS software to do the tests. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found
WHERE
username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname
FROM radusergroup WHERE username = 'guest' ORDER BY
priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
!!!
!!!Replacing User-Password in config items with Cleartext-Password. !!!
!!!
!!! Please update your configuration so that the known good !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!
auth: type PAP
+- entering group PAP
rlm_pap: login attempt with password guest
rlm_pap: Using clear text password guest
rlm_pap: User authenticated successfully
++[pap] returns ok
Login OK: [guest/guest] (from client 172.16.30.6 port 0)
+- entering group post-auth
rlm_sql (sql): Processing sql_postauth
expand: %{User-Name} - guest
rlm_sql (sql): sql_set_user escaped user -- 'guest'
expand: %{User-Password} - guest
expand: INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') - INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'guest', 'guest',
'Access-Accept', '2010-10-20 15:47:40')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'guest', 'guest',
'Access-Accept', '2010-10-20 15:47:40')
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 105 to 172.16.30.6 port 42677
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 105 with timestamp +20
Ready to process requests.
What else could be wrong here?
Alan DeKok schrieb:
Bereos OHG Michael Spinnenhirn wrote:
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [guest/MM\250f\375 \241Ñ?\247\007\242Ë?i\316] (from
client nas01 port 2 cli 00-0C-29-00-71-20)
WARNING: Unprintable characters in the password.Double-check
the shared secret on the server and the NAS!
I allready checked the secret. It's the same in chilli config and
client.conf on the server.
That message is pretty definitive.
I suggest *deleting* the client. Then send the server packets.
Verify that the server complains about unknown client. Then, add the
client again. This time re-entering all of the data, rather than
copying it from your existing configuration.
Also try radtest (or radclient) from the remote machine. There's no
need to depend on Chillispot config when you can use the FreeRADIUS
software to do the tests.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found
Bereos OHG Michael Spinnenhirn wrote: The remote radclient gives the following debug output: rad_recv: Access-Request packet from host 172.16.20.10 port 56195, id=36, length User-Name = guest sigh You're not including a User-Password in the request. It needs one. What else could be wrong here? Look at the packets the server is receiving from the two clients: they're different. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found
I can see the difference between the working one on the server and the other one from the remote client. But I executed the same command on both machines. echo User-Name=guest,Password=guest | radclient 172.16.30.6:1812 auth radiussecret I have tried it from another debian server, too, with success. So it has to be a problem with the radclient on the openwrt box, doesn't it? Alan DeKok schrieb: Bereos OHG Michael Spinnenhirn wrote: The remote radclient gives the following debug output: rad_recv: Access-Request packet from host 172.16.20.10 port 56195, id=36, length User-Name = guest sigh You're not including a User-Password in the request. It needs one. What else could be wrong here? Look at the packets the server is receiving from the two clients: they're different. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found
Bereos OHG Michael Spinnenhirn wrote: I can see the difference between the working one on the server and the other one from the remote client. But I executed the same command on both machines. echo User-Name=guest,Password=guest | radclient 172.16.30.6:1812 auth radiussecret I have tried it from another debian server, too, with success. So it has to be a problem with the radclient on the openwrt box, doesn't it? Yes. Check the dictionaries, and make the clients send the same packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found
Hi Alan,
I 've found the reason why le rlm_ldap module
was not loaded.
Now it's a little better i.e., but now the LDAP
can't authenticate my account:
Below the new output when running
radtest: /usr/bin/radtest/ -d /etc/freeradius ldap
127.0.0.1:1812 10 testing123:
r/ad_recv: Access-Request packet from host 127.0.0.1 port 36154, id=158,
length=56
User-Name = ldap
User-Password =
NAS-IP-Address = 192.168.55.150
NAS-Port = 10
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '/' in User-Name = ldap, looking up realm NULL
rlm_realm: No such realm NULL
++[IPASS] returns noop
rlm_realm: No '@' in User-Name = ldap, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
++[files] returns noop
++[unix] returns notfound
rlm_ldap: - authorize
rlm_ldap: performing user authorization for ldap
expand: (sAMAccountName=%u) - (sAMAccountName=ldap)
expand: dc=privee,dc=enssib,dc=fr - dc=privee,dc=enssib,dc=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to servcdom.privee.enssib.fr:389, authentication 0
rlm_ldap: bind as cn=ldap,cn=users,dc=privee,dc=enssib,dc=fr/ to
servcdom.privee.enssib.fr:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=privee,dc=enssib,dc=fr, with filter
(sAMAccountName=ldap)
rlm_ldap: ldap_search() failed: Operations error
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns fail
Invalid user: [ldap/toti] (from client localhost port 10)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - ldap
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 158 to 127.0.0.1 port 36154
Waking up in 4.9 seconds.
Cleaning up request 0 ID 158 with timestamp +206
Ready to process requests./
I've noticed that the account 'ldap' binds successfully the LDAP,
but the connecting step fails.
Thanks for any answer.
Isabelle RECH LE RECIS
Enssib
Département informatique
17-21 Bd du 11 Novembre 1918
69623 Villeurbanne Cedex
Tel : 04 72 44 43 34
http://www.enssib.fr/
__
Le 24/08/2010 16:09, Alan DeKok a écrit :
Isabelle RECH wrote:
Hi frree-radius users !
I'm running a freeradius 2.0.4 on a DEBIAN 5.0.5
We want to access an LDAP / windows base , wich is declared
in radiusd.conf file
Below is the output produced by the radiusd -X debugging mode
when I run the radtest :
...
Obviously, it's the authenticate method which
is missing . I've add this entry it in the
/etc/freeradius/sites-available/default:
- The entries ldap pap are uncommented in Authorize { } section
Read the debug output again. You did *not* uncomment the ldap line
in the authorize section.
Alan DeKok.
--
__
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found
Isabelle RECH wrote: Hi Alan, Don't CC me on messages to the list. I *do* read the list. rlm_ldap: ldap_search() failed: Operations error Install 2.1.7 or later, and see chase_referrals and rebind in raddb/modules/ldap Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) found
Hi frree-radius users !
I'm running a freeradius 2.0.4 on a DEBIAN 5.0.5
We want to access an LDAP / windows base , wich is declared
in radiusd.conf file
Below is the output produced by the radiusd -X debugging mode
when I run the radtest :
_radtest command_:
/usr/sbin/radtest -d /etc/freeradius ldap 127.0.0.1:1812 10
testing123
_Output produced:_
rad_recv: Access-Request packet from host 127.0.0.1 port 59383, id=56,
length=56
User-Name = ldap
User-Password =
NAS-IP-Address = 192.168.55.150
NAS-Port = 10
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = ldap, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No known good password found for the user.
Authentication may fail because of this.
++[pap] returns noop
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [ldap/] (from client localhost port 10)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - ldap
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 56 to 127.0.0.1 port 59383
Waking up in 4.9 seconds.
Cleaning up request 0 ID 56 with timestamp +40
Ready to process requests.
Obviously, it's the authenticate method which
is missing . I've add this entry it in the
/etc/freeradius/sites-available/default:
- The entries ldap pap are uncommented in Authorize { } section
- The entry
Auth-Type LDAP {
ldap
}
is in the authenticate {} section.
Any idea ?
Have a nice day, everybody !!
--
__
Isabelle RECH LE RECIS
Enssib
Département informatique
17-21 Bd du 11 Novembre 1918
69623 Villeurbanne Cedex
Tel : 04 72 44 43 34
http://www.enssib.fr/
__
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) found
Isabelle RECH wrote:
Hi frree-radius users !
I'm running a freeradius 2.0.4 on a DEBIAN 5.0.5
We want to access an LDAP / windows base , wich is declared
in radiusd.conf file
Below is the output produced by the radiusd -X debugging mode
when I run the radtest :
...
Obviously, it's the authenticate method which
is missing . I've add this entry it in the
/etc/freeradius/sites-available/default:
- The entries ldap pap are uncommented in Authorize { } section
Read the debug output again. You did *not* uncomment the ldap line
in the authorize section.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Johnny R wrote: Hi all, Problem solved about CopSpot and Freeradius, it works against the user file (not OpenLDAP). Actually, I am wondering if I can do the authentication using eap-tls module. I enabled it and it gave me the following output: ... Tue Apr 27 11:12:19 2010 : Error: rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory Tue Apr 27 11:12:19 2010 : Error: rlm_eap_tls: Error reading certificate file $/etc/freeradius/certs/serverd.pem So... that file doesn't exist. Maybe you need to create it? And this error occurs only if you edit the default configuration, and break it. Frankly, I don't know what the error means: is that the rlm_eap module was not found (and it's right, it is not present in my system) , if so how can I install it without reinstalling the whole freeradius ? You should try reading *all* of the error messages, rather than only the last one or two. The server is telling you what's wrong. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Johnny R wrote: * is the cipher login/password which comes from CopSpot(or any captive portal) deciphered before ipcop sends it to freeradius-server? (It's a kind of question which can not be asked here but ... never know) I have no idea what that means. * the authentication type set in ipcop is just radius (and its ip), so I don't understand why the packet contains CHAP? shrug Go ask the ipcop people. according to http://deployingradius.com/documents/configuration/active_directory.html, centralizing the authentication in samba will work fine, but I want to do it against ldap. I think, what's wrong here is that I added users by smbldap-useradd, not simply ldapadd (which won't work actually, it says: invalid credentials) ... * So how can I force freeradius to use pap You can't. The NAS (ipcop) determines what to put in the Access-Request, not FreeRADIUS. You need to put the clear-text password into the database. That's the only thing you can do to FreeRADIUS which will help. (to be able to authenticate it against ldap) even the passwd/login is tls ciphered (from chilispot)I m really convinced that that's not possible, even senseless but I have to know why ... I have no idea what that means. Finally, once again, I really want to thank the list for your availability, the freeradius dev. team, because this is a success for the open source community. Thanks, It's what I do... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
: Info: ++[pap] returns noop
Thu Apr 22 14:17:59 2010 : Info: No authenticate method (Auth-Type)
configuration found for the request: Rejecting the user
Thu Apr 22 14:17:59 2010 : Info: Failed to authenticate the user.
Thu Apr 22 14:17:59 2010 : Info: Using Post-Auth-Type Reject
Thu Apr 22 14:17:59 2010 : Info: +- entering group REJECT {...}
Thu Apr 22 14:17:59 2010 : Info: [attr_filter.access_reject]expand:
%{User-Name} - kkigor14
Thu Apr 22 14:17:59 2010 : Debug: attr_filter: Matched entry DEFAULT at
line 11
Thu Apr 22 14:17:59 2010 : Info: ++[attr_filter.access_reject] returns
updated
Thu Apr 22 14:17:59 2010 : Info: Delaying reject of request 0 for 1 seconds
Thu Apr 22 14:17:59 2010 : Debug: Going to the next request
Thu Apr 22 14:17:59 2010 : Debug: Waking up in 0.9 seconds.
Thu Apr 22 14:18:00 2010 : Info: Sending delayed reject for request 0
Sending Access-Reject of id 0 to 192.168.2.1 port 32790
Thu Apr 22 14:18:00 2010 : Debug: Waking up in 4.9 seconds.
Thu Apr 22 14:18:05 2010 : Info: Cleaning up request 0 ID 0 with timestamp
+188
Thu Apr 22 14:18:05 2010 : Info: Ready to process requests.
All the Best
--
-
|JJohnny RANDRIAMAMPIONONA |
| Phone: +212663682554|
| National School of Applied Sciences |
| 1818 TANGIER 9 |
||
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Johnny R wrote: The authentication worked well locally against openldap (in the same server). When an user try to connect to internet in the Blue Zone (WLAN), it generates the following error in the radius-server. I am really stuck here, any help will be welcome. Look at the debug log. The packet contains CHAP, and the database has only NT-Password and LM-Passwords. They are simply not compatible: http://deployingradius.com/documents/protocols/compatibility.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi again List, Thank very much Alan, I am so sorry if I am a little bit bothering ... but all seems to be jumbled in my head. So I have some questions: - is the cipher login/password which comes from CopSpot(or any captive portal) deciphered before ipcop sends it to freeradius-server? (It's a kind of question which can not be asked here but ... never know) - the authentication type set in ipcop is just radius (and its ip), so I don't understand why the packet contains CHAP? according to http://deployingradius.com/documents/configuration/active_directory.html, centralizing the authentication in samba will work fine, but I want to do it against ldap. I think, what's wrong here is that I added users by smbldap-useradd, not simply ldapadd (which won't work actually, it says: invalid credentials) ... - So how can I force freeradius to use pap (to be able to authenticate it against ldap) even the passwd/login is tls ciphered (from chilispot)I m really convinced that that's not possible, even senseless but I have to know why ... Finally, once again, I really want to thank the list for your availability, the freeradius dev. team, because this is a success for the open source community. Thanks, On Thu, Apr 22, 2010 at 4:45 PM, Alan DeKok al...@deployingradius.comwrote: Johnny R wrote: The authentication worked well locally against openldap (in the same server). When an user try to connect to internet in the Blue Zone (WLAN), it generates the following error in the radius-server. I am really stuck here, any help will be welcome. Look at the debug log. The packet contains CHAP, and the database has only NT-Password and LM-Passwords. They are simply not compatible: http://deployingradius.com/documents/protocols/compatibility.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - |JJohnny RANDRIAMAMPIONONA | | Phone: +212663682554| | National School of Applied Sciences | | 1818 TANGIER 9 | || - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, * is the cipher login/password which comes from CopSpot(or any captive portal) deciphered before ipcop sends it to freeradius-server? (It's a kind of question which can not be asked here but ... never know) if the server says its CHAP then its probably sent as CHAP rather than PAP... * the authentication type set in ipcop is just radius (and its ip), so I don't understand why the packet contains CHAP? RADIUS is the method of AAA - the CHAP is what the NAS/AP/captive system is sending the user details as CHAP and DB is a problem check your CopSpot system to see if that method can be changed alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Ahmed Munir wrote: Thanks for replying. I already enabled sql in sites-enabled/default in accounting and authorize section and even in sessions section as well, which is optional, but unfortunately radius is unable to connect with MySQL. Can you post the error, or is it a secret? If there is no error, then FreeRADIUS *isn't* trying to connect to MySQL, and you didn't edit the right files. When the word sql appears in the debug output, it means that the server is trying to use the SQL module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
On 04/16/2010 01:24 AM, Ahmed Munir wrote: Hi, Thanks for replying. I already enabled sql in sites-enabled/default in accounting and authorize section and even in sessions section as well, which is optional, but unfortunately radius is unable to connect with MySQL. Even I can access the MySQL using radius credentials. Sorry, but you haven't enabled sql or mysql, it's not in the debug output you posted. It would say so if it was. You would see lines like this in your debug output: Module: Linked to module rlm_sql Module: Instantiating sql rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked I see no such in your debug output. Kindly advise me what other method radius connection with MySQL. There is no other way, you have to enable it *and* it has to be available. Are you sure you're editing the right files? I noticed from your debug ouput that your config files are located under /usr/local/etc/raddb. That only happens when you build the server yourself. If you've got a pre-built version the config files are usually under /etc/raddb. If you have both a locally built version and a pre-built version installed you have to be *very* careful as to which one you're working with. If you built the server yourself did you have all the necessary SQL development libraries and headers installed? Does your build log show you actually compiled rlm_sql and rlm_mysql? -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
On 04/15/2010 01:13 AM, Ahmed Munir wrote: Hi, I installed latest version of it and followed the steps as mentioned in the website: http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I run radtest I'm facing error as listed below; It is further to be added that I'm facing this error when I configure FreeRadius with MySQL, but working fine when using users file. I even configure sql.conf and configure mysql parameters, include sql in radius.conf and on sites-available/default I enabled sql on account and authorize section as steps mentioned in website above. I don't think you've enabled the SQL module or MySQL, I don't see either anywhere in the instantiate part of the log. I do see you're including /usr/local/etc/raddb/sql.conf. Is sql uncommented (e.g. enabled) in /usr/local/etc/raddb/sites-enabled/default? It isn't by default. Because as I pass radius credentials, I can connect to MySQL. Is there other way to check radius connection with MySQL? Note: Firewall and SELinux has been disabled on my machine. Please advise how can I resolve this issue. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, Thanks for replying. I already enabled sql in sites-enabled/default in accounting and authorize section and even in sessions section as well, which is optional, but unfortunately radius is unable to connect with MySQL. Even I can access the MySQL using radius credentials. Kindly advise me what other method radius connection with MySQL. Date: Thu, 15 Apr 2010 08:59:43 -0400 From: John Dennis jden...@redhat.com Subject: Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Cc: Ahmed Munir ahmedmunir...@gmail.com Message-ID: 4bc70dbf.90...@redhat.com Content-Type: text/plain; charset=UTF-8; format=flowed On 04/15/2010 01:13 AM, Ahmed Munir wrote: Hi, I installed latest version of it and followed the steps as mentioned in the website: http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I run radtest I'm facing error as listed below; It is further to be added that I'm facing this error when I configure FreeRadius with MySQL, but working fine when using users file. I even configure sql.conf and configure mysql parameters, include sql in radius.conf and on sites-available/default I enabled sql on account and authorize section as steps mentioned in website above. I don't think you've enabled the SQL module or MySQL, I don't see either anywhere in the instantiate part of the log. I do see you're including /usr/local/etc/raddb/sql.conf. Is sql uncommented (e.g. enabled) in /usr/local/etc/raddb/sites-enabled/default? It isn't by default. Because as I pass radius credentials, I can connect to MySQL. Is there other way to check radius connection with MySQL? Note: Firewall and SELinux has been disabled on my machine. Please advise how can I resolve this issue. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -- Regards, Ahmed Munir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi,
I installed latest version of it and followed the steps as mentioned in the
website:
http://wiki.freeradius.org/SQL_HOWTO.
After configuring basic setup I'm facing i.e. No authenticate method
(Auth-Type) configuration found for the request: Rejecting the user
when I run radtest I'm facing error as listed below;
[r...@newtest raddb]# radtest sqltest testpwd 127.0.0.1 1812 testing123
Sending Access-Request of id 38 to 127.0.0.1 port 1812
User-Name = sqltest
User-Password = testpwd
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=38,
length=20
The logs of radiusd -X are listed down below;
FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Apr 9 2010
at 12:11:15
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.
conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/etc/raddb/sites-enabled/default.orig
including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket
including configuration file /usr/local/etc/raddb/sites-enabled/default
main {
allow_core_dumps = no
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
Re: No authenticate method (Auth-Type) configuration found
Ahmed Munir wrote: Thanks for reply. Well user is created on SQL, and I uncommented 'sql' from sites-enabled/default on Authorized section and Accounting Section. But when I add 'sql' in Authenticate section I'm getting same error. i.e. [r...@newtest raddb]# radtest sqltest testpwd 127.0.0.1 1812 testing123 sigh Run the server in debugging mode, as suggested in the FAQ, README, INSTALL, man page, and daily on this list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi,
I'm newbie in FreeRadius, I installed latest version of it and followed the
steps as mentioned in the websites:
http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-management-with-daloradiusand
http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm
facing i.e. No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user when I issue radtest sqltest testpwd 127.0.0.1
1812 testing123.
The logs are listed down below;
FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Apr 9 2010
at 12:11:15
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/etc/raddb/sites-enabled/default.orig
including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket
including configuration file /usr/local/etc/raddb/sites-enabled/default
main {
allow_core_dumps = no
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
localstatedir = /usr/local/var
logdir = /usr/local/var/log/radius
libdir = /usr/local/lib
radacctdir = /usr/local/var/log/radius
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
hi, the log said [pap] WARNING! No known good password found for the user. Authentication may fail because of this. could you show your users file? ciao omega BK 2010/4/12 Ahmed Munir ahmedmunir...@gmail.com Hi, I'm newbie in FreeRadius, I installed latest version of it and followed the steps as mentioned in the websites: http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-management-with-daloradiusand http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I issue radtest sqltest testpwd 127.0.0.1 1812 testing123. The logs are listed down below; FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Apr 9 2010 at 12:11:15 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/ detail.example.com including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/sql.conf including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/default.orig including configuration file /usr/local/etc/raddb/sites-enabled/control-socket including configuration file /usr/local/etc/raddb/sites-enabled
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, I'm newbie in FreeRadius, I installed latest version of it and followed the steps as mentioned in the websites: http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-management-with-daloradius and http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I issue radtest sqltest testpwd 127.0.0.1 1812 testing123. the username 'sqltest' gives a slight hint. is this user in 'users' file or in SQL? if the username is in SQL, then you need to activate the SQL stuff (uncomment or add SQL to the auth section) - its not on by default because then all sites would have to have SQL up and running for anything to work (or else it'd crash and burn) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found
Hi, Thanks for reply. Well user is created on SQL, and I uncommented 'sql' from sites-enabled/default on Authorized section and Accounting Section. But when I add 'sql' in Authenticate section I'm getting same error. i.e. [r...@newtest raddb]# radtest sqltest testpwd 127.0.0.1 1812 testing123 Sending Access-Request of id 38 to 127.0.0.1 port 1812 User-Name = sqltest User-Password = testpwd NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=38, length=20 The user I created in SQL listed down below; idusername attribute opvalue 1 sqltest Cleartext-Password:=testpwd Please advise what am I missing? Kindly assist me. Date: Mon, 12 Apr 2010 13:25:45 +0100 From: Alan Buxey a.l.m.bu...@lboro.ac.uk Subject: Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: 20100412122545.ga14...@lboro.ac.uk Content-Type: text/plain; charset=us-ascii Hi, I'm newbie in FreeRadius, I installed latest version of it and followed the steps as mentioned in the websites: http://www.howtoforge.com/authentication-authorization-and-accounting-with-freeradius-and-mysql-backend-and-webbased-management-with-daloradiusand http://wiki.freeradius.org/SQL_HOWTO. After configuring basic setup I'm facing i.e. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user when I issue radtest sqltest testpwd 127.0.0.1 1812 testing123. the username 'sqltest' gives a slight hint. is this user in 'users' file or in SQL? if the username is in SQL, then you need to activate the SQL stuff (uncomment or add SQL to the auth section) - its not on by default because then all sites would have to have SQL up and running for anything to work (or else it'd crash and burn) alan -- Regards, Ahmed Munir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
hello, i sucess dpkg-buildpackage (after reinstalling os ubuntu on my server test) so i installed FreeRADIUS Version 2.1.8 via .deb file ok so know i tried the same configuration like before, but launching freeradius -X ireturns rad_recv: Access-Request packet from host 192.168.20.253 port 1645, id=254, length=155 User-Name = linatest Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = 00-1A-A1-64-BB-1A Calling-Station-Id = 00-18-8B-B5-26-B7 EAP-Message = 0x0202000d016c696e6174657374 Message-Authenticator = 0xf55c29bf173484be884411a62582014c Cisco-NAS-Port = FastEthernet0/24 NAS-Port = 50024 NAS-Port-Type = Ethernet NAS-IP-Address = 192.168.20.253 WARNING: Empty section. Using default return values. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. ?? = why? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, i sucess dpkg-buildpackage (after reinstalling os ubuntu on my server test) so i installed FreeRADIUS Version 2.1.8 via .deb file ok so know i tried the same configuration like before, but launching freeradius -X ireturns rad_recv: Access-Request packet from host 192.168.20.253 port 1645, id=254, length=155 User-Name = linatest Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = 00-1A-A1-64-BB-1A Calling-Station-Id = 00-18-8B-B5-26-B7 EAP-Message = 0x0202000d016c696e6174657374 Message-Authenticator = 0xf55c29bf173484be884411a62582014c Cisco-NAS-Port = FastEthernet0/24 NAS-Port = 50024 NAS-Port-Type = Ethernet NAS-IP-Address = 192.168.20.253 WARNING: Empty section. Using default return values. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. ?? = why? thats not the full output form debug. why do you not send all the output? how do you think this little bit you DID send to the list helps? i suspect that you dont have SSL support in your server and this connection is EAP based - and thus failing as it doesnt have the required code and modules to handle EAP alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
ok,
my all freeradis -X is:
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.20.253 port 1645, id=2,
length=155
User-Name = linatest
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = 00-1A-A1-64-BB-1A
Calling-Station-Id = 00-18-8B-B5-26-B7
EAP-Message = 0x0202000d016c696e6174657374
Message-Authenticator = 0xe883c52a443c41c4f9b53935c0214d5b
Cisco-NAS-Port = FastEthernet0/24
NAS-Port = 50024
NAS-Port-Type = Ethernet
NAS-IP-Address = 192.168.20.253
WARNING: Empty section. Using default return values.
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 2 to 192.168.20.253 port 1645
Waking up in 4.9 seconds.
Cleaning up request 0 ID 2 with timestamp +16
Ready to process requests.
#
i tried a radtest:
radtest linatest linagora 10.75.128.251:1813 1 testing123
/usr/bin/radclient: error while loading shared libraries:
libfreeradius-radius-2.1.0.so: cannot open shared object file: No such file
or directory
#
so i tried also strace freeradius -V
##
execve(/usr/sbin/freeradius, [freeradius, -V], [/* 21 vars */]) = 0
brk(0) = 0x978
access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or
directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb77cd000
access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or
directory)
open(/usr/lib/freeradius/tls/i686/sse2/cmov/libfreeradius-radius-2.1.8.so,
O_RDONLY) = -1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/tls/i686/sse2/cmov, 0xbf8c9d2c) = -1 ENOENT (No
such file or directory)
open(/usr/lib/freeradius/tls/i686/sse2/libfreeradius-radius-2.1.8.so,
O_RDONLY) = -1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/tls/i686/sse2, 0xbf8c9d2c) = -1 ENOENT (No such
file or directory)
open(/usr/lib/freeradius/tls/i686/cmov/libfreeradius-radius-2.1.8.so,
O_RDONLY) = -1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/tls/i686/cmov, 0xbf8c9d2c) = -1 ENOENT (No such
file or directory)
open(/usr/lib/freeradius/tls/i686/libfreeradius-radius-2.1.8.so, O_RDONLY)
= -1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/tls/i686, 0xbf8c9d2c) = -1 ENOENT (No such file
or directory)
open(/usr/lib/freeradius/tls/sse2/cmov/libfreeradius-radius-2.1.8.so,
O_RDONLY) = -1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/tls/sse2/cmov, 0xbf8c9d2c) = -1 ENOENT (No such
file or directory)
open(/usr/lib/freeradius/tls/sse2/libfreeradius-radius-2.1.8.so, O_RDONLY)
= -1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/tls/sse2, 0xbf8c9d2c) = -1 ENOENT (No such file
or directory)
open(/usr/lib/freeradius/tls/cmov/libfreeradius-radius-2.1.8.so, O_RDONLY)
= -1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/tls/cmov, 0xbf8c9d2c) = -1 ENOENT (No such file
or directory)
open(/usr/lib/freeradius/tls/libfreeradius-radius-2.1.8.so, O_RDONLY) = -1
ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/tls, 0xbf8c9d2c) = -1 ENOENT (No such file or
directory)
open(/usr/lib/freeradius/i686/sse2/cmov/libfreeradius-radius-2.1.8.so,
O_RDONLY) = -1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/i686/sse2/cmov, 0xbf8c9d2c) = -1 ENOENT (No
such file or directory)
open(/usr/lib/freeradius/i686/sse2/libfreeradius-radius-2.1.8.so,
O_RDONLY) = -1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/i686/sse2, 0xbf8c9d2c) = -1 ENOENT (No such
file or directory)
open(/usr/lib/freeradius/i686/cmov/libfreeradius-radius-2.1.8.so,
O_RDONLY) = -1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/i686/cmov, 0xbf8c9d2c) = -1 ENOENT (No such
file or directory)
open(/usr/lib/freeradius/i686/libfreeradius-radius-2.1.8.so, O_RDONLY) =
-1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/i686, 0xbf8c9d2c) = -1 ENOENT (No such file or
directory)
open(/usr/lib/freeradius/sse2/cmov/libfreeradius-radius-2.1.8.so,
O_RDONLY) = -1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/sse2/cmov, 0xbf8c9d2c) = -1 ENOENT (No such
file or directory)
open(/usr/lib/freeradius/sse2/libfreeradius-radius-2.1.8.so, O_RDONLY) =
-1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/sse2, 0xbf8c9d2c) = -1 ENOENT (No such file or
directory)
open(/usr/lib/freeradius/cmov/libfreeradius-radius-2.1.8.so, O_RDONLY) =
-1 ENOENT (No such file or directory)
stat64(/usr/lib/freeradius/cmov, 0xbf8c9d2c) = -1 ENOENT (No such file or
directory)
open(/usr/lib/freeradius/libfreeradius-radius-2.1.8.so, O_RDONLY) = 3
read(3,
\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\0\0004\0\0\0..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0644, st_size
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
you're right my connexion is eap based and i did not build freeradius with ssl support how to make it work, please? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user / sites-enabled
8 15:02:43 2010 : Debug: } # server
Mon Mar 8 15:02:43 2010 : Debug: radiusd: Opening IP addresses and
Ports
Mon Mar 8 15:02:43 2010 : Debug: listen {
Mon Mar 8 15:02:43 2010 : Debug: type = auth
Mon Mar 8 15:02:43 2010 : Debug: ipaddr = *
Mon Mar 8 15:02:43 2010 : Debug: port = 1812
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: listen {
Mon Mar 8 15:02:43 2010 : Debug: type = acct
Mon Mar 8 15:02:43 2010 : Debug: ipaddr = *
Mon Mar 8 15:02:43 2010 : Debug: port = 0
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: Listening on authentication address *
port 1812
Mon Mar 8 15:02:43 2010 : Debug: Listening on accounting address * port
1813
Mon Mar 8 15:02:43 2010 : Debug: Listening on proxy address * port 1814
Mon Mar 8 15:02:43 2010 : Info: Ready to process requests.
The complete error message was by the way:
Ready to process requests.
rad_recv: Access-Request packet from host 193.170.39.105 port 1027,
id=1, length=109
NAS-IP-Address = 193.170.39.105
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
Calling-Station-Id = 0019d296e00f
Called-Station-Id = 00118550acf5
NAS-Identifier = wlan-ap5
EAP-Message = 0x0201000501
Message-Authenticator = 0x793e8d344397eca7613421f7d482b309
WARNING: Empty section. Using default return values.
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [no User-Name attribute/no User-Password attribute]
(from client ap5 port 1 cli 0019d296e00f)
Delaying reject of request 3 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 1 to 193.170.39.105 port 1027
Waking up in 4.9 seconds.
Cleaning up request 3 ID 1 with timestamp +852861
Ready to process requests
I tried this with several different methods, meaning also with user-name
and password...
If you need me to provide any further info please let me know!
Your's Klaus
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user / sites-enabled
8 15:02:43 2010 : Debug: } # server
Mon Mar 8 15:02:43 2010 : Debug: radiusd: Opening IP addresses and
Ports
Mon Mar 8 15:02:43 2010 : Debug: listen {
Mon Mar 8 15:02:43 2010 : Debug: type = auth
Mon Mar 8 15:02:43 2010 : Debug: ipaddr = *
Mon Mar 8 15:02:43 2010 : Debug: port = 1812
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: listen {
Mon Mar 8 15:02:43 2010 : Debug: type = acct
Mon Mar 8 15:02:43 2010 : Debug: ipaddr = *
Mon Mar 8 15:02:43 2010 : Debug: port = 0
Mon Mar 8 15:02:43 2010 : Debug: }
Mon Mar 8 15:02:43 2010 : Debug: Listening on authentication address *
port 1812
Mon Mar 8 15:02:43 2010 : Debug: Listening on accounting address * port
1813
Mon Mar 8 15:02:43 2010 : Debug: Listening on proxy address * port 1814
Mon Mar 8 15:02:43 2010 : Info: Ready to process requests.
The complete error message was by the way:
Ready to process requests.
rad_recv: Access-Request packet from host 193.170.39.105 port 1027,
id=1, length=109
NAS-IP-Address = 193.170.39.105
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
Calling-Station-Id = 0019d296e00f
Called-Station-Id = 00118550acf5
NAS-Identifier = wlan-ap5
EAP-Message = 0x0201000501
Message-Authenticator = 0x793e8d344397eca7613421f7d482b309
WARNING: Empty section. Using default return values.
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [no User-Name attribute/no User-Password attribute]
(from client ap5 port 1 cli 0019d296e00f)
Delaying reject of request 3 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 1 to 193.170.39.105 port 1027
Waking up in 4.9 seconds.
Cleaning up request 3 ID 1 with timestamp +852861
Ready to process requests
I tried this with several different methods, meaning also with user-name
and password...
If you need me to provide any further info please let me know!
Your's Klaus
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
I rebuild deb files so i got: -rw-r--r-- 1 root root1040 2010-03-08 15:52 freeradius_2.1.8+git.dsc -rw-r--r-- 1 root root5212 2010-03-08 15:56 freeradius_2.1.8+git_i386.changes -rw-r--r-- 1 root root 1352152 2010-03-08 15:55 * freeradius_2.1.8+git_i386.deb* -rw-r--r-- 1 root root 3925016 2010-03-08 15:52 freeradius_2.1.8+git.tar.gz -rw-r--r-- 1 root root 212818 2010-03-08 15:56 * freeradius-common_2.1.8+git_all.deb* -rw-r--r-- 1 root root 1121616 2010-03-08 15:56 * freeradius-dbg_2.1.8+git_i386.deb* -rw-r--r-- 1 root root 118676 2010-03-08 15:56*freeradius-dialupadmin_2.1.8+git_all.deb * -rw-r--r-- 1 root root 18240 2010-03-08 15:56 freeradius-iodbc_2.1.8+git_i386.deb -rw-r--r-- 1 root root 19236 2010-03-08 15:56 freeradius-krb5_2.1.8+git_i386.deb -rw-r--r-- 1 root root 36732 2010-03-08 15:56*freeradius-ldap_2.1.8+git_i386.deb * -rw-r--r-- 1 root root 26068 2010-03-08 15:56 * freeradius-mysql_2.1.8+git_i386.deb* -rw-r--r-- 1 root root 36364 2010-03-08 15:56 freeradius-postgresql_2.1.8+git_i386.deb -rw-r--r-- 1 root root 74538 2010-03-08 15:55*freeradius-utils_2.1.8+git_i386.deb * -rw-r--r-- 1 root root 92308 2010-03-08 15:55*libfreeradius2_2.1.8+git_i386.deb * -rw-r--r-- 1 root root 126532 2010-03-08 15:55*libfreeradius-dev_2.1.8+git_i386.deb * i checked for tls support dpkg --contents freeradius_2.1.8+git_i386.deb | grep tls.so lrwxrwxrwx root/root 0 2010-03-08 15:55 ./usr/lib/freeradius/rlm_eap_tls.so - rlm_eap_tls-2.1.8.so lrwxrwxrwx root/root 0 2010-03-08 15:55 ./usr/lib/freeradius/rlm_eap_ttls.so - rlm_eap_ttls-2.1.8.so so know i need to authenticate my users with our openldap. what i did before: first : apt-get freeradius apt-get freeradius-ldap apt-get freeradius-mysql Secondly: dpkg -i *freeradius_2.1.8+git_i386.deb* *freeradius-ldap_2.1.8+git_i386.deb* *freeradius-mysql_2.1.8+git_i386.deb* *freeradius2_2.1.8+git_i386.deb* i just wanted before to change users file to support ldap , to check it with Cleartext-password. so it fails 2 010/3/8 omega bk omeg...@gmail.com you're right my connexion is eap based and i did not build freeradius with ssl support how to make it work, please? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user / sites-enabled
Klaus Schinkinger wrote: I got this error as you can see from the subject, as far as I have learned now this is due to me not having any sites-enabled, problem is I don't even know which ones to enable. The default install of 2.1.8 enables the ones you need. So here's what I am actually trying to accomplish: Currently we have a freeradius in the version 1.1.13 running on Debian Etch and I want to port this to 2.1.18 on Lenny, which isn't that easy as the config files/structure have completely changed... No. (1) It's 1.1.3 and 2.1.8, not 1.1.13 and 2.1.18. Details matter. (2) the *layout* has changed, but the contents have remained 90% or more identical. (3) i.e. Your configuration from 1.1.3 would very likely work with minor changes. (4) Don't use the config from 1.1.3. Instead, do a DEFAULT INSTALL of 2.1.8, and copy a piece of the configuration at a time. (5) see man radiusd in 2.1.8 for more instructions on how to go from a default install to a final configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
still the same rad_recv: Access-Request packet from host 192.168.20.253 port 1645, id=3, length=155 User-Name = linatest Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = 00-1A-A1-64-BB-1A Calling-Station-Id = 00-18-8B-B5-26-B7 EAP-Message = 0x0202000d016c696e6174657374 Message-Authenticator = 0x671915501878ed97349cbff815409677 Cisco-NAS-Port = FastEthernet0/24 NAS-Port = 50024 NAS-Port-Type = Ethernet NAS-IP-Address = 192.168.20.253 WARNING: Empty section. Using default return values. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 3 to 192.168.20.253 port 1645 Waking up in 4.9 seconds. Cleaning up request 0 ID 3 with timestamp +20 Ready to process requests. please help me 2010/3/8 omega bk omeg...@gmail.com I rebuild deb files so i got: -rw-r--r-- 1 root root1040 2010-03-08 15:52 freeradius_2.1.8+git.dsc -rw-r--r-- 1 root root5212 2010-03-08 15:56 freeradius_2.1.8+git_i386.changes -rw-r--r-- 1 root root 1352152 2010-03-08 15:55 * freeradius_2.1.8+git_i386.deb* -rw-r--r-- 1 root root 3925016 2010-03-08 15:52 freeradius_2.1.8+git.tar.gz -rw-r--r-- 1 root root 212818 2010-03-08 15:56 * freeradius-common_2.1.8+git_all.deb* -rw-r--r-- 1 root root 1121616 2010-03-08 15:56 * freeradius-dbg_2.1.8+git_i386.deb* -rw-r--r-- 1 root root 118676 2010-03-08 15:56*freeradius-dialupadmin_2.1.8+git_all.deb * -rw-r--r-- 1 root root 18240 2010-03-08 15:56 freeradius-iodbc_2.1.8+git_i386.deb -rw-r--r-- 1 root root 19236 2010-03-08 15:56 freeradius-krb5_2.1.8+git_i386.deb -rw-r--r-- 1 root root 36732 2010-03-08 15:56*freeradius-ldap_2.1.8+git_i386.deb * -rw-r--r-- 1 root root 26068 2010-03-08 15:56 * freeradius-mysql_2.1.8+git_i386.deb* -rw-r--r-- 1 root root 36364 2010-03-08 15:56 freeradius-postgresql_2.1.8+git_i386.deb -rw-r--r-- 1 root root 74538 2010-03-08 15:55*freeradius-utils_2.1.8+git_i386.deb * -rw-r--r-- 1 root root 92308 2010-03-08 15:55*libfreeradius2_2.1.8+git_i386.deb * -rw-r--r-- 1 root root 126532 2010-03-08 15:55*libfreeradius-dev_2.1.8+git_i386.deb * i checked for tls support dpkg --contents freeradius_2.1.8+git_i386.deb | grep tls.so lrwxrwxrwx root/root 0 2010-03-08 15:55 ./usr/lib/freeradius/rlm_eap_tls.so - rlm_eap_tls-2.1.8.so lrwxrwxrwx root/root 0 2010-03-08 15:55 ./usr/lib/freeradius/rlm_eap_ttls.so - rlm_eap_ttls-2.1.8.so so know i need to authenticate my users with our openldap. what i did before: first : apt-get freeradius apt-get freeradius-ldap apt-get freeradius-mysql Secondly: dpkg -i *freeradius_2.1.8+git_i386.deb* * freeradius-ldap_2.1.8+git_i386.deb* *freeradius-mysql_2.1.8+git_i386.deb* *freeradius2_2.1.8+git_i386.deb* i just wanted before to change users file to support ldap , to check it with Cleartext-password. so it fails 2 010/3/8 omega bk omeg...@gmail.com you're right my connexion is eap based and i did not build freeradius with ssl support how to make it work, please? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
On 03/08/2010 10:04 AM, omega bk wrote: so know i need to authenticate my users with our openldap. [useless information not requested deleted] what i did before: If you want people to help please don't ignore what you've been asked to do. We need to see the *full* output of radiusd -X. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
= 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: Loading Clients
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = testing123
nastype = other
}
client 192.168.20.253 {
require_message_authenticator = no
secret = testinglinagora
shortname = ciscoswitch
nastype = cisco
}
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = You are calling outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server {
modules {
} # modules
} # server
radiusd: Opening IP addresses and Ports
listen {
type = auth
ipaddr = *
port = 0
}
listen {
type = acct
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 46107, id=162,
length=60
User-Name = linatest
User-Password = linagora
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
WARNING: Empty section. Using default return values.
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 162 to 127.0.0.1 port 46107
Waking up in 4.9 seconds.
Cleaning up request 0 ID 162 with timestamp +6
Ready to process requests.
Still stuck.
thank for your help
2010/3/8 John Dennis jden...@redhat.com
On 03/08/2010 11:10 AM, omega bk wrote:
sorry.
here is:
Why send this to just me and not the list?
Anyway, you don't have the user linatest defined anywhere, that's you're
first problem. Start by following the directions here:
http://deployingradius.com/
do #1 first, then do #2
Once you have EAP working in a test scenario then move onto storing your
users in LDAP if that's your goal. If you're trying to authenticate Windows
users just be aware you're either going to need to store cleartext passwords
in ldap or use samba, or use ntlmauth.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi, including files in directory /etc/freeradius/sites-enabled/ ...empty..nothing in there WARNING: Empty section. Using default return values. and hence nothing there too! ensure that you have a virtual server or more defined in the sites-enabled directory. the default sites should be in sites-available a default install from source code from www.freeradius.org will result in a working system. I'm not sure why your build isnt doing this basic stuff right - please contact whoever looks after your platform distribution because right now its broken badly! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
omega bk wrote:
including files in directory /etc/freeradius/sites-enabled/
main {
You have NOTHING in the sites-enabled directory. Go fix that.
You likely need default and inner-tunnel.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
On 03/08/2010 11:35 AM, omega bk wrote: ok, i put on the top of users file: You or somebody else have badly broken the default configuration. It appears as though there is nothing defined in /etc/raddb/sites-enabled. At a minimum /etc/raddb/sites-enabled should contain these symbolic links: default - ../sites-available/default inner-tunnel - ../sites-available/inner-tunnel You may also want (but is not necessary): control-socket - ../sites-available/control-socket -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Thanks for your advice, learn a lots. - Original Message From: Josip Rodin j...@entuzijast.net To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Sat, January 16, 2010 3:59:19 AM Subject: Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user On Fri, Jan 15, 2010 at 08:55:24AM -0800, piston wrote: i don't event know how i managed to delete all virtual server, managed to solved the problem by copy back entire freeradius folder under /etc/ upgrade from 2.1.6 2.1.7 2.1.8 prelease was very smooth without problem, basically i just executed dpkg -i command,but this time no luck. If you used dpkg -i, you might not have noticed the new freeradius-common package. In the future, to install/upgrade FreeRADIUS packages on Debian(-like) systems, just use the standard official repositories with APT, so that you get the tested packages with all the necessary dependencies resolved automatically. We haven't had 2.1.6 and earlier 2.1.x versions in there, but now we do. Also if you're running the stable distribution - the Debian packages built (backported) for release 5.0/lenny are available at the standard place: http://www.backports.org/ One just has to add another line to sources.list(5) and use the target release 'lenny-backports'. -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
i don't event know how i managed to delete all virtual server, managed to solved the problem by copy back entire freeradius folder under /etc/ upgrade from 2.1.6 2.1.7 2.1.8 prelease was very smooth without problem, basically i just executed dpkg -i command,but this time no luck. anyway thanks for your answer. KH - Original Message From: Alan DeKok al...@deployingradius.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Fri, January 15, 2010 3:10:12 PM Subject: Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user piston wrote: hi after upgrade 2.1.8 prelease to 2.1.8, i get No authenticate method (Auth-Type) configuration found for the request: Rejecting the user You have managed to delete all of the virtual servers from raddb/sites-enabled. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
On Fri, Jan 15, 2010 at 08:55:24AM -0800, piston wrote: i don't event know how i managed to delete all virtual server, managed to solved the problem by copy back entire freeradius folder under /etc/ upgrade from 2.1.6 2.1.7 2.1.8 prelease was very smooth without problem, basically i just executed dpkg -i command,but this time no luck. If you used dpkg -i, you might not have noticed the new freeradius-common package. In the future, to install/upgrade FreeRADIUS packages on Debian(-like) systems, just use the standard official repositories with APT, so that you get the tested packages with all the necessary dependencies resolved automatically. We haven't had 2.1.6 and earlier 2.1.x versions in there, but now we do. Also if you're running the stable distribution - the Debian packages built (backported) for release 5.0/lenny are available at the standard place: http://www.backports.org/ One just has to add another line to sources.list(5) and use the target release 'lenny-backports'. -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
hi after upgrade 2.1.8 prelease to 2.1.8, i get No authenticate method (Auth-Type) configuration found for the request: Rejecting the user please help. here's my debug info radius2:/etc/freeradius# freeradius -Xxx Fri Jan 15 02:21:01 2010 : Info: FreeRADIUS Version 2.1.8, for host x86_64-pc-linux-gnu, built on Jan 15 2010 at 00:56:39 Fri Jan 15 02:21:01 2010 : Info: Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. Fri Jan 15 02:21:01 2010 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Fri Jan 15 02:21:01 2010 : Info: PARTICULAR PURPOSE. Fri Jan 15 02:21:01 2010 : Info: You may redistribute copies of FreeRADIUS under the terms of the Fri Jan 15 02:21:01 2010 : Info: GNU General Public License v2. Fri Jan 15 02:21:01 2010 : Info: Starting - reading configuration files ... Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/radiusd.conf Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/proxy.conf Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/clients.conf Fri Jan 15 02:21:01 2010 : Debug: including files in directory /etc/freeradius/modules/ Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/preprocess Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/always Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/logintime Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/smbpasswd Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/counter Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/detail Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/digest Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/smsotp Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/cui Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/realm Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/mschap Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/ippool Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/expr Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/attr_rewrite Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/linelog Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/attr_filter Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/inner-eap Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/unix Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/otp Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/sql_log Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/ntlm_auth Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/etc_group Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/perl Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/policy Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/chap Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/exec Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/echo Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/detail.example.com Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/sradutmp Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/krb5 Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/expiration Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/pam Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/checkval Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/acct_unique Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/passwd Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/mac2vlan Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/wimax Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/files Fri Jan 15 02:21:01 2010 : Debug: including configuration file /etc/freeradius/modules/mac2ip Fri Jan 15 02:21:01 2010 : Debug: including
Re: freeradius 2.1.8 : No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
piston wrote: hi after upgrade 2.1.8 prelease to 2.1.8, i get No authenticate method (Auth-Type) configuration found for the request: Rejecting the user You have managed to delete all of the virtual servers from raddb/sites-enabled. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user - Failed to authenticate the user.
Realms and Home Servers proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = auth
secret = testing123
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = status-server
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: Loading Clients
client 91.50.12.116 {
require_message_authenticator = no
secret = test
shortname = 91.50.12.116
}
client 91.50.53.68 {
require_message_authenticator = no
secret = test
shortname = 91.50.53.68
}
client 127.0.0.1 {
require_message_authenticator = no
secret = test
shortname = 127.0.0.1
}
radiusd: Instantiating modules instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = You are calling outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers modules { }
radiusd: Opening IP addresses and Ports listen {
type = auth
ipaddr = *
port = 0
}
listen {
type = acct
ipaddr = *
port = 0
}
Listening on authentication address * port 1812 Listening on accounting address
* port 1813 Listening on proxy address * port 1814 Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 41090, id=213,
length=59
User-Name = michael
User-Password = 1234
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user Failed to authenticate the user.
Delaying reject of request 0 for 1 seconds Going to the next request Waking up
in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 213 to 127.0.0.1 port 41090 Waking up in 4.9
seconds.
Cleaning up request 0 ID 213 with timestamp +55 Ready to process requests.
Radtest access-reject packet:
(13:29:52) [bin] ./radtest michael 1234 127.0.0.1 0 test Sending Access-Request
of id 213 to 127.0.0.1 port 1812
User-Name = michael
User-Password = 1234
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=213, length=20
I changed the original path in the email to mypath for security reasons.
Thanks for your help.
Best regards
Michael
Email: michael.ziem...@herber-herber.de
D-66706 Nennig
Oberwiesstraße 31
Tel.:fill30 +49 (0)6866 / 930 15
Fax:fill30 +49 (0)6866 / 930 16
Inhaber: Ingo und Jürgen Herber
Rechtsform: GbR
Ust-Id: DE-205 934 442
St-Nr.: 020/155/2
www.HERBER-HERBER.de
i...@herber-herber.de
...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user - Failed to authenticate the user.
I have some problems with my RADIUS, when I send a message with radtest, I get following error: DEBUG-INFO: FreeRADIUS Version 2.1.5, for host i686-pc-linux-gnu, built on Mar 26 2009 at 14:24:27 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file mypath/freeradius/etc/raddb/radiusd.conf including configuration file mypath/freeradius/etc/raddb/proxy.conf including configuration file mypath/freeradius/etc/raddb/clients.conf including files in directory mypath/freeradius/etc/raddb/modules/ including configuration file mypath/freeradius/etc/raddb/modules/chap including configuration file mypath/freeradius/etc/raddb/modules/acct_unique including configuration file mypath/freeradius/etc/raddb/modules/always including configuration file mypath/freeradius/etc/raddb/modules/attr_filter including configuration file mypath/freeradius/etc/raddb/modules/attr_rewrite including configuration file mypath/freeradius/etc/raddb/modules/checkval including configuration file mypath/freeradius/etc/raddb/modules/counter including configuration file mypath/freeradius/etc/raddb/modules/detail including configuration file mypath/freeradius/etc/raddb/modules/detail.example.com including configuration file mypath/freeradius/etc/raddb/modules/detail.log including configuration file mypath/freeradius/etc/raddb/modules/digest including configuration file mypath/freeradius/etc/raddb/modules/echo including configuration file mypath/freeradius/etc/raddb/modules/etc_group including configuration file mypath/freeradius/etc/raddb/modules/exec including configuration file mypath/freeradius/etc/raddb/modules/expiration including configuration file mypath/freeradius/etc/raddb/modules/expr including configuration file mypath/freeradius/etc/raddb/modules/files including configuration file mypath/freeradius/etc/raddb/modules/inner-eap including configuration file mypath/freeradius/etc/raddb/modules/ippool including configuration file mypath/freeradius/etc/raddb/modules/krb5 including configuration file mypath/freeradius/etc/raddb/modules/ldap including configuration file mypath/freeradius/etc/raddb/modules/linelog including configuration file mypath/freeradius/etc/raddb/modules/logintime including configuration file mypath/freeradius/etc/raddb/modules/mac2ip including configuration file mypath/freeradius/etc/raddb/modules/mac2vlan including configuration file mypath/freeradius/etc/raddb/modules/mschap including configuration file mypath/freeradius/etc/raddb/modules/otp including configuration file mypath/freeradius/etc/raddb/modules/pam including configuration file mypath/freeradius/etc/raddb/modules/pap including configuration file mypath/freeradius/etc/raddb/modules/passwd including configuration file mypath/freeradius/etc/raddb/modules/perl including configuration file mypath/freeradius/etc/raddb/modules/policy including configuration file mypath/freeradius/etc/raddb/modules/preprocess including configuration file mypath/freeradius/etc/raddb/modules/radutmp including configuration file mypath/freeradius/etc/raddb/modules/realm including configuration file mypath/freeradius/etc/raddb/modules/smbpasswd including configuration file mypath/freeradius/etc/raddb/modules/smsotp including configuration file mypath/freeradius/etc/raddb/modules/sql_log including configuration file mypath/freeradius/etc/raddb/modules/sqlcounter_expire_on_login including configuration file mypath/freeradius/etc/raddb/modules/sradutmp including configuration file mypath/freeradius/etc/raddb/modules/unix including configuration file mypath/freeradius/etc/raddb/modules/wimax including configuration file mypath/freeradius/etc/raddb/eap.conf including configuration file mypath/freeradius/etc/raddb/sql.conf including configuration file mypath/freeradius/etc/raddb/sql/mysql/dialup.conf including configuration file mypath/freeradius/etc/raddb/policy.conf including dictionary file mypath/freeradius/etc/raddb/dictionary ... You have edited radiusd.conf and commented out virual servers (sites-enabled). Very effective way of disabling the server. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user - Failed to authenticate the user.
{
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = auth
secret = testing123
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = status-server
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: Loading Clients
client 91.50.12.116 {
require_message_authenticator = no
secret = test
shortname = 91.50.12.116
}
client 91.50.53.68 {
require_message_authenticator = no
secret = test
shortname = 91.50.53.68
}
client 127.0.0.1 {
require_message_authenticator = no
secret = test
shortname = 127.0.0.1
}
radiusd: Instantiating modules instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = You are calling outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers modules { }
radiusd: Opening IP addresses and Ports listen {
type = auth
ipaddr = *
port = 0
}
listen {
type = acct
ipaddr = *
port = 0
}
Listening on authentication address * port 1812 Listening on accounting address
* port 1813 Listening on proxy address * port 1814 Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 41090, id=213,
length=59
User-Name = michael
User-Password = 1234
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user Failed to authenticate the user.
Delaying reject of request 0 for 1 seconds Going to the next request Waking up
in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 213 to 127.0.0.1 port 41090 Waking up in 4.9
seconds.
Cleaning up request 0 ID 213 with timestamp +55 Ready to process requests.
Radtest access-reject packet:
(13:29:52) [bin] ./radtest michael 1234 127.0.0.1 0 test Sending Access-Request
of id 213 to 127.0.0.1 port 1812
User-Name = michael
User-Password = 1234
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=213, length=20
I changed the original path in the email to mypath for security reasons.
Thanks for your help.
Best regards
-Ursprüngliche Nachricht-
Von:
freeradius-users-bounces+michael.ziemann=herber-herber...@lists.freeradius.org
[mailto:freeradius-users-bounces+michael.ziemann=herber-herber...@lists.freeradius.org]
Im Auftrag von Ivan Kalik
Gesendet: Freitag, 29. Mai 2009 14:10
An: FreeRadius users mailing list
Betreff: Re: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user - Failed to authenticate the user.
I have some problems with my RADIUS, when I send a message with radtest, I
get following error:
DEBUG-INFO:
FreeRADIUS Version 2.1.5, for host i686-pc-linux-gnu, built on Mar 26 2009
at 14:24:27 Copyright (C) 1999-2008 The FreeRADIUS server project and
contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the GNU
General Public License v2
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
