Hello,
Having a little problem with "Unknown value specified for Autz-Type".
OS CentOS 5
Freeradius version 2.1.3 latest
I have this working on a 1.1.3 version that ships with CentOS 5 but having a
little problem here.
I actually have 2 LDAP sources for testing. One source is used for the switch
(Enterasys) that does MAC authentication the other does 802.1x. The records are
in different parts of the LDAP tree. The 802.1x works fine. The error message
at the bottom is the one I get from the MAC authentication.
raddb/modules/ldap:
...
ldap devices {
server = "192.168.1.12"
identity = "uid=xxxx,ou=xxxx,dc=mbl,dc=edu"
password = xxxxxx
basedn = "ou=devices,ou=network,dc=mbl,dc=edu"
filter = "(cn=%{User-Name})"
tls {
start_tls = no
}
tls_mode = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
edir_account_policy_check = no
ldap_cache_timeout = 120
ldap_cache_size = 0
ldap_connections_number = 10
password_attribute = userPassword
timeout = 3
timelimit = 5
net_timeout = 1
compare_check_items = no
dictionary_mapping = ${confdir}/ldap.attrmap
access_attr = "radiusFilterId"
set_auth_type = yes
}
...
raddb/sites-enabled/inner-tunnel:
...
authorize {
Autz-Type DEVICES {
devices
}
...
}
...
authenticate {
Auth-Type DEVICES {
devices
}
...
}
raddb/sites-enabled/users:
# TEST C2 MAC
DEFAULT Auth-Type := DEVICES, Auth-Type := ACCEPT, Autz-Type := DEVICES,
Client-IP-Address == "192.168.1.15"
Filter-Id := "Enterasys:version=1:policy=D-Unregistered",
Fall-Through = yes
radiusd -X (MAC authentication failure):
...
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.15 port 49152, id=62,
length=146
User-Name = "00-11-24-80-40-7A"
Service-Type = Framed-User
Called-Station-Id = "00-01-F4-5C-97-80"
Calling-Station-Id = "00-11-24-80-40-7A"
NAS-IP-Address = 192.168.1.15
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "ge.1.17"
User-Password = "xxxxxxx"
Message-Authenticator = 0x21da3669c869a962c6270f0cee3d3bac
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "00-11-24-80-40-7A", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] expand: %{Client-IP-Address} -> 192.168.1.15
[files] expand: %{Client-IP-Address} -> 192.168.1.15
[files] users: Matched entry DEFAULT at line 5
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Using Autz-Type DEVICES
WARNING: Unknown value specified for Autz-Type. Cannot perform requested
action.
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 62 to 192.168.1.15 port 49152
Filter-Id := "Enterasys:version=1:policy=D-Unregistered"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 62 with timestamp +2
Ready to process requests.
Any help wold be appreciated.
Kent
Kent L. Nasveschuk
Systems Administrator
----------------------------
Marine Biological Laboratory
7 MBL St.
Woods Hole, MA 02543
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
