Sorry for the long message, I really need to get this working ASAP.
I am in the process of moving a radius server from cistron to freeradius and
am having configuration issues right off the bat. I am usinging freeradius
v 0.7 on a Redhat Linux 7.3 box.
I have a local user defined and using radtest I can get the local user to
auth and get the session values set in the users file. If I try to the same
user with the default domain (since some users dial in using the domain name
after it) I get a login failure. We are also setting it so that users that
are in the ppp group are authenticated and anyone else rejected. We do this
setup under cistron and it works just fine....I really must be missing
something and any help would be appreciated. Here is the output from the
radtest:
With the domain that gets rejected:
# radtest [EMAIL PROTECTED] xxxxxxxx localhost 1 xxxxxxxx
Sending Access-Request of id 27 to 127.0.0.1:1812
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = lorien.logical.net
NAS-Port-Id = "1"
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=27, length=20
Same user without domain:
# radtest smaugy xxxxxxx localhost 1 xxxxxxxx
Sending Access-Request of id 31 to 127.0.0.1:1812
User-Name = "smaugy"
NAS-IP-Address = lorien.logical.net
NAS-Port-Id = "1"
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=31, length=68
The error that I get when I run the radius daemon with the -X flag is "auth:
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user"
Here is the users file:
#
DEFAULT Group == "email", Auth-Type := Reject
DEFAULT Group == "ppp", Auth-Type := System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.255,
Framed-Routing = None,
Idle-Timeout = 1200,
Session-Timeout = 28800,
Framed-Compression = Van-Jacobsen-TCP-IP
# On no match, the user is denied access.
Here is the proxy.conf file:
proxy server {
synchronous = no
retry_delay = 5
retry_count = 3
dead_time = 120
default_fallback = yes
}
realm traderscreek.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}
And here is the radiusd.conf file:
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
ibdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = yes
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pam {
pam_auth = radiusd
}
unix {
cache = yes
cache_reload = 600
passwd = /etc/passwd
shadow = /etc/shadow
group = /etc/group
radwtmp = ${logdir}/radwtmp
}
eap {
md5 {
}
}
mschap {
}
pap {
encryption_scheme = crypt
}
realm suffix {
format = suffix
delimiter = "@"
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
fastusers {
usersfile = ${confdir}/users_fast
hashsize = 1000
compat = no
hash_reload = 600
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
}
radutmp {
filename = ${logdir}/radutmp
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
}
authorize {
preprocess
suffix
files
}
authenticate {
unix
authtype PAP {
pap
}
}
preacct {
preprocess
suffix
files
}
accounting {
detail
unix
radutmp
}
session {
radutmp
}
-----------------------------------------------
"I have not failed. I've just found 10,000 ways
that won't work." - Thomas Edison
Michael Hendrix [EMAIL PROTECTED]
Systems Engineer / SysAdmin Team Leader
Logical Net / Capital Net (518) 292-4509
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
