Per your suggestions from the last email I checked and the:
Un-comment the "unix" entry from the "authorize" section of raddb/sites-available/default Was un-commented and below is the output from trying to authenticate a user that is a member of the DialupFS group and does not have an account in /etc/passwd. For some reason it is falling though to PAP and saying "No authenticate method (Auth-Type) configuration found for the request:". This behavior only started when I tried to implement redundant ldap servers and in the users file having DEFAULT LDAP Groups for each LDAP module. If I do not use the redundant LDAP servers and just place both LDAP servers in the LDAP module like this it works correctly: server ="server1.somedomain.com, server2.somedomain.com" Thanks for your help rad_recv: Access-Request packet from host 127.0.0.1 port 52514, id=166, length=60 User-Name = "testuser1" User-Password = "testpassword" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "testuser1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [ldap-server1] Entering ldap_groupcmp() [files] expand: ou=people,o=test <http://isu.edu/>,o=isp -> ou=people,o=test <http://isu.edu/>,o=isp [files] expand: %{Stripped-User-Name} -> [files] ... expanding second conditional [files] expand: %{User-Name} -> testuser1 [files] expand: (uid=%{%{Stripped-User-Name}:- %{User-Name}}) -> (uid=testuser1) [ldap-server1] ldap_get_conn: Checking Id: 0 [ldap-server1] ldap_get_conn: Got Id: 0 [ldap-server1] attempting LDAP reconnection [ldap-server1] (re)connect to server1.somedomain.com:389<http://frank.isos.isu.edu:389/>, authentication 0 [ldap-server1] bind as uid=raduser, ou=people, o=test <http://isu.edu/>, o=isp/testpassword to server1.somedomain.com:389<http://frank.isos.isu.edu:389/> [ldap-server1] waiting for bind result ... [ldap-server1] Bind was successful [ldap-server1] performing search in ou=people,o=test <http://isu.edu/>,o=isp, with filter (uid=testuser1) [ldap-server1] ldap_release_conn: Release Id: 0 [files] expand: (|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=uid\3dtestuser1\2cou\3dpeople\2co\ 3dtest <http://3disu.edu/> \2co\3disp))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid\3dtestuser1\2cou\3dpeople\2co\ 3dtest <http://3disu.edu/>\2co\3disp))) [ldap-server1] ldap_get_conn: Checking Id: 0 [ldap-server1] ldap_get_conn: Got Id: 0 [ldap-server1] performing search in cn=DialupFS,ou=Groups,o=test<http://isu.edu/>,o=isp, with filter (|(&(objectClass=GroupOfNames)(member=uid\3dtestuser1\2cou\3dpeople\2co\ 3dtest <http://3disu.edu/> \2co\3disp))(&(objectClass=GroupOfUniqueNames)(uniquemember=uid\3dtestuser1\2cou\3dpeople\2co\ 3dtest <http://3disu.edu/>\2co\3disp))) [ldap-server1] ldap_release_conn: Release Id: 0 [files] users: Matched entry DEFAULT at line 166 ++[files] returns ok ++- entering policy redundant {...} [ldap-server1] performing user authorization for testuser1 [ldap-server1] expand: %{Stripped-User-Name} -> [ldap-server1] ... expanding second conditional [ldap-server1] expand: %{User-Name} -> testuser1 [ldap-server1] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=testuser1) [ldap-server1] expand: ou=people,o=test <http://isu.edu/>,o=isp -> ou=people,o=test <http://isu.edu/>,o=isp [ldap-server1] ldap_get_conn: Checking Id: 0 [ldap-server1] ldap_get_conn: Got Id: 0 [ldap-server1] performing search in ou=people,o=test <http://isu.edu/>,o=isp, with filter (uid=testuser1) [ldap-server1] looking for check items in directory... [ldap-server1] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap-server1] user testuser1 authorized to use remote access [ldap rlm_ldap::ldap_groupcmp: User found in group cn=DialupFS,ou=Groups,o=test <http://isu.edu/>,o=isp -server1] ldap_release_conn: Release Id: 0 +++[ldap-server1] returns ok ++- policy redundant returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request:Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> testuser1 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 166 to 127.0.0.1 port 52514 Reply-Message = "FS User Authorized" Waking up in 4.9 seconds. Cleaning up request 0 ID 166 with timestamp +74 Ready to process requests. On Thu, Aug 12, 2010 at 1:59 AM, Alan Buxey <a.l.m.bu...@lboro.ac.uk> wrote: > Hi, > > I apologize for the inconvenience of sending the configuration files. I > thought sending more detail would help :-). The below steps you provided > still didn't work and ended with the same problem. Again I apologize. > > ....radiusd -X ? > > > we cannot help without this information > > > alan > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html