Alan DeKok wrote:
> But you don't say WHERE in the "users" file it is, or if the users
> file you're editing is being read by the server.
....weird. My users file is and always has been in /etc/raddb. This is the
same directory which holds my radiusd.conf and all other radius config
files. The users file exists with permissions 640 and is owned by radiusd.
I have no idea why this:
modcall[authorize]: module "files" returns notfound for request 0
is coming out of the debug output.
For testing puposes, I changed,
test User-Password == "testing", MS-CHAP-Use-NTLM-Auth = No
in /etc/raddb/users back to this:
test Auth-Type = Local, Password = "testing"
radtest output:
houston:/etc/raddb # radtest test testing localhost 43.191.112.164 SECRET
Sending Access-Request of id 192 to 127.0.0.1:1812
User-Name = "test"
User-Password = "testing"
NAS-IP-Address = houston
NAS-Port = 43
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=192, length=20
I then changed the line in /etc/raddb/users to this:
test Auth-Type = Local, Password = "wrongpw"
radtest output:
houston:/etc/raddb # radtest test testing localhost 43.191.112.164 SECRET
Sending Access-Request of id 229 to 127.0.0.1:1812
User-Name = "test"
User-Password = "testing"
NAS-IP-Address = houston
NAS-Port = 43
Re-sending Access-Request of id 229 to 127.0.0.1:1812
User-Name = "test"
User-Password = "\t\333=\037\212\340M_{\264\rU\263\203n\024"
NAS-IP-Address = houston
NAS-Port = 43
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=229, length=20
One more radtest, just to be sure:
houston:/etc/raddb # radtest test wrongpw localhost 43.191.112.164 SECRET
Sending Access-Request of id 4 to 127.0.0.1:1812
User-Name = "test"
User-Password = "wrongpw"
NAS-IP-Address = houston
NAS-Port = 43
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=4, length=20
The fact that it rejects me only when I give it the wrong password in this
scenario, really leads me to believe that it is reading the file. I stil
don't know why debug put out this:
modcall[authorize]: module "files" returns notfound for request 0
Does anyone else?
All help much appreciated.
~Brandon
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Monday, February 07, 2005 4:03 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: MSCHAP V2 local
"DeYoung, Brandon" <[EMAIL PROTECTED]> wrote:
> Unfortunately it didn't work. Users who exist in the Active Directory
> backend are still properly authenticated, but local users are rejected.
The debug log says why. Please read it.
> rlm_mschap: No User-Password configured. Cannot create LM-Password.
> rlm_mschap: No User-Password configured. Cannot create NT-Password.
That message should tell you that the entry in the "users" file
isn't being used.
Earlier in the debug log:
> modcall[authorize]: module "files" returns notfound for request 0
In fact, the "files" module ALWAYS returns "notfound" for that user.
Are you sure the "test" entry you're quoting is actually in the
"users" file that the server is reading?
Please ensure that the debug log says that the "files" module
matched SOMETHING. You say:
> As instructed, I tried changing:
>
> test Auth-Type = Local, Password = "testing"
>
> In my users file to:
>
> test User-Password == "testing", MS-CHAP-Use-NTLM-Auth = No
But you don't say WHERE in the "users" file it is, or if the users
file you're editing is being read by the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
