I resolved this. Thanks. On Wed, Sep 22, 2010 at 2:59 PM, Marlon Duksa <mdu...@gmail.com> wrote:
> Hi - we recently upgraded to version 2.1.8 (freeradius) and my > authentication does not work any more. > > This used to work (configured in Radius): > > basic-a User-Password == "csetestp" > User-Name =~ "^([aA-zZ]+)-([aA-zZ]+)$", > Framed-Pool := "21", > Class := 2, > Session-Timeout := 600, > Fall-Through = No > > > This is not pap/chap authentication - our NAS is sending auth-req for a > DHCP user. > > I also tried to change to cleartext-password. > Also I tried this: > basic-a Auth-Type := Local, User-Password == "csetestp" but no luck > > > This is what I'm getting on Radius: > > rad_recv: Access-Request packet from host 114.0.1.11 port 50633, id=62, > length=78 > User-Name = "basic-a" > User-Password = "csetestp" > NAS-IP-Address = 2.2.2.2 > NAS-Port-Type = Ethernet > NAS-Port-Id = "1/1/5:4" > NAS-Identifier = "right-b4" > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "basic-a", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] No EAP-Message, not doing EAP > ++[eap] returns noop > ++[unix] returns notfound > [files] expand: %{User-Name} -> basic-a > [files] expand: %{User-Name} -> basic-a > [files] expand: %{User-Name} -> basic-a > [files] expand: %{User-Name} -> basic-a > WARNING: Found User-Password == "...". > WARNING: Are you sure you don't mean Cleartext-Password? > WARNING: See "man rlm_pap" for more information. > [files] users: Matched entry basic-a at line 106 > ++[files] returns ok > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING! No "known good" password found for the user. Authentication > may fail because of this. > ++[pap] returns noop > Found Auth-Type = Local > WARNING: Please update your configuration, and remove 'Auth-Type = Local' > WARNING: Use the PAP or CHAP modules instead. > No "known good" password was configured for the user. > As a result, we cannot authenticate the user. > Failed to authenticate the user. > Using Post-Auth-Type Reject > +- entering group REJECT {...} > [attr_filter.access_reject] expand: %{User-Name} -> basic-a > attr_filter: Matched entry DEFAULT at line 11 > ++[attr_filter.access_reject] returns updated > Delaying reject of request 1 for 1 seconds > Going to the next request > Waking up in 0.9 seconds. > Sending delayed reject for request 1 > Sending Access-Reject of id 62 to 114.0.1.11 port 50633 > Waking up in 4.9 seconds. > Cleaning up request 1 ID 62 with timestamp +37 > Ready to process requests. > >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html