Josh Howlett wrote: > What happens if, using radtest, you specify the username *without* the > realm from the remote machine?
It fails just the same way It fails whether user is in /etc/passwd or /etc/raddb/users It fails whether "Auth := local" is in there or not It fails whether I check for User-password or Cleartext-password ===================== rad_recv: Access-Request packet from host nnn.nnn.nnn.nnn:32773, id=209, length=58 User-Name = "username" User-Password = "\356za\360V\202oljug\263\025M!)" NAS-IP-Address = 255.255.255.255 NAS-Port = 212 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 35 modcall[authorize]: module "preprocess" returns ok for request 35 radius_xlat: '/var/log/radius/radacct/nnn.nnn.nnn.nnn/auth-detail-20070704' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/nnn.nnn.nnn.nnn/auth-detail-20070704 modcall[authorize]: module "auth_log" returns ok for request 35 modcall[authorize]: module "chap" returns noop for request 35 modcall[authorize]: module "mschap" returns noop for request 35 rlm_realm: No '@' in User-Name = "username", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "username" rlm_realm: Proxying request from user username to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 35 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 35 users: Matched entry DEFAULT at line 20 modcall[authorize]: module "files" returns ok for request 35 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 35 modcall: leaving group authorize (returns ok) for request 35 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 35 modcall[authenticate]: module "unix" returns notfound for request 35 modcall: leaving group authenticate (returns notfound) for request 35 auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! ===================== If I try another user with no "Auth := local" in the user definition, just the username and "User-password", it is much the same until: ===================== modcall[authorize]: module "suffix" returns noop for request 37 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 37 users: Matched entry username at line 6 modcall[authorize]: module "files" returns ok for request 37 modcall[authorize]: module "pap" returns updated for request 37 modcall: leaving group authorize (returns updated) for request 37 rad_check_password: Found Auth-Type pap auth: type "PAP" Processing the authenticate section of radiusd.conf modcall: entering group PAP for request 37 rlm_pap: login attempt with password pÌ?¶ákýÌ2p?c?¡MS rlm_pap: Using clear text password "NoAuthpwd1". rlm_pap: Passwords don't match modcall[authenticate]: module "pap" returns reject for request 37 modcall: leaving group PAP (returns reject) for request 37 auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! ===================== - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html