You are right actually, not having a good day today. I unbroken my config, found what was originally not working, had to uncomment the "key" setting in the files {} configuration block to match Stripped-User-Name in the users file.
Thanx Paul -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan Kalik Sent: June 3, 2008 2:47 PM To: FreeRadius users mailing list Subject: RE: Hints file and Strip-User-Name authenticate{}??? What are they doing there. Files are a part of authorize{} section. Ivan Kalik Kalik Informatika ISP Dana 3/6/2008, "Paul Khavkine" <[EMAIL PROTECTED]> piše: > > >files is there in authentication { } section. > >authenticate { > # > # PAP authentication, when a back-end database listed > # in the 'authorize' section supplies a password. The > # password can be clear-text, or encrypted. > Auth-Type PAP { > pap > } > > # > # Most people want CHAP authentication > # A back-end database listed in the 'authorize' section > # MUST supply a CLEAR TEXT password. Encrypted passwords > # won't work. > Auth-Type CHAP { > chap > } > > # > # MSCHAP authentication. > Auth-Type MS-CHAP { > mschap > } > > # > # If you have a Cisco SIP server authenticating against > # FreeRADIUS, uncomment the following line, and the 'digest' > # line in the 'authorize' section. ># digest > > # > # Pluggable Authentication Modules. ># pam > > # > # See 'man getpwent' for information on how the 'unix' > # module checks the users password. Note that packets > # containing CHAP-Password attributes CANNOT be authenticated > # against /etc/passwd! See the FAQ for details. > # ># unix > > # Uncomment it if you want to use ldap for authentication > # > # Note that this means "check plain-text password against > # the ldap database", which means that EAP won't work, > # as it does not supply a plain-text password. ># Auth-Type LDAP { ># ldap ># } > > # > # Allow EAP authentication. > eap > files > } > > >Paul > > > >-----Original Message----- >From: >[EMAIL PROTECTED] >rg >[mailto:[EMAIL PROTECTED] >radius.org] On Behalf Of Ivan Kalik >Sent: June 3, 2008 2:07 PM >To: FreeRadius users mailing list >Subject: Re: Hints file and Strip-User-Name > >> >>When run radiusd -W I can see it enter the preprocess module and match >>an entry, but the suffix is not being stripped and entry in users file >>not being matched: >> > >Not being stripped? You think that's the problem. > >> >> >>Tue Jun 3 12:54:15 2008 : Debug: +- entering group authorize >> >>Tue Jun 3 12:54:15 2008 : Debug: modsingle[authorize]: calling >suffix >>(rlm_realm) for request 0 >... >>Tue Jun 3 12:54:15 2008 : Debug: modsingle[authorize]: calling >>preprocess (rlm_preprocess) for request 0 >> >... >>Tue Jun 3 12:54:15 2008 : Debug: auth: No authenticate method >>(Auth-Type) configuration found for the request: Rejecting the user >> > >You haven't hacked away at the default configuration by any chance? >Users file entry is not matched because you prevented the server from >looking there. Even if you put "files" back in it still won't work as >you have broken every single authentication method. Well done! Now put >the configuration back the way it was and watch it work. > >Ivan Kalik >Kalik Informatika ISP > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html