Re: pptpd+freeradius+ldap ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
On 18 Apr 2013, at 11:43, Alberto Aldrigo wrote: > rad_recv: Access-Request packet from host 10.1.98.52 port 45105, id=139, > length=77 > Service-Type = Framed-User > Framed-Protocol = PPP > User-Name = "user" > Calling-Station-Id = "10.1.0.136" > NAS-IP-Address = 127.0.1.1 > NAS-Port = 0 PPPD isn't sending a password. The hash is being found by LDAP fine, but there is no password in the radius request for it to validate. You need to fix PPPD, then it should work. Thanks, Adam Bishop gpg: 0x6609D460 Janet, the UK's research and education network. Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pptpd+freeradius+ldap ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
le: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: Opening IP addresses and Ports listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.1.98.52 port 45105, id=139, length=77 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "user" Calling-Station-Id = "10.1.0.136" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} [ldap] performing user authorization for user [ldap] expand: %{Stripped-User-Name} -> [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> user [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=user) [ldap] expand: dc=domain,dc=private -> dc=domain,dc=private [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to 10.1.98.50:389, authentication 0 [ldap] bind as cn=admin,dc=domain,dc=private/password to 10.1.98.50:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in dc=domain,dc=private, with filter (uid=user) [ldap] Added User-Password = {SSHA}lT5RCX6nyyU6zaCtL7rEAfN5u1DxI7xN in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{SSHA}lT5RCX6nyyU6zaCtL7rEAfN5u1DxI7xN" [ldap] looking for reply items in directory... [ldap] user user authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] No clear-text password in the request. Not performing PAP. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> user attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 139 to 10.1.98.52 port 45105 Waking up in 4.9 seconds. I've read the documentation at least one million times and searched the mailinglist and on google but I still can't manage to find a solution, can anyone help me pointing out the error? users' password are stored in openldap using SSHA password, if this information can be useful. Thanks Alberto - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Issue is resolved. I was infact editing the wrong users file. I was editing the users file in the raddb folder of the uncompressed tarball. Thanks for the help. Regards, Shravan On Sat, Nov 10, 2012 at 6:54 AM, Phil Mayers wrote: > On 11/10/2012 03:54 AM, Shravan S G wrote: > >> Hi all, >> >> I am trying to configure FreeRadius 2.2.0. I am trying to test with the >> radtest utility. However, when I run radtest, on my radiusd server, I >> get the following error - "ERROR: No authenticate method (Auth-Type) >> found for the request: Rejecting the user". I know this is some issue >> with the authentication part. However, I have not been able to pinpoint >> the problem. Also, I haven't been able to find any relevant solutions on >> the web. >> I have just untarred the 2.2.0 tarball, and added just one line the >> users file: gokul Cleartext-Password:="abcde" >> > > If so, this hasn't taken. The debug shows: > > ++[files] returns noop >> > > ...and thenL > > > [pap] WARNING! No "known good" password found for the user. >> Authentication may fail because of this. >> ++[pap] returns noop >> ERROR: No authenticate method (Auth-Type) found for the request: >> > > Check you're editing the right file. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/** > list/users.html <http://www.freeradius.org/list/users.html> > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
On 11/10/2012 03:54 AM, Shravan S G wrote: Hi all, I am trying to configure FreeRadius 2.2.0. I am trying to test with the radtest utility. However, when I run radtest, on my radiusd server, I get the following error - "ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user". I know this is some issue with the authentication part. However, I have not been able to pinpoint the problem. Also, I haven't been able to find any relevant solutions on the web. I have just untarred the 2.2.0 tarball, and added just one line the users file: gokul Cleartext-Password:="abcde" If so, this hasn't taken. The debug shows: ++[files] returns noop ...and thenL [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Check you're editing the right file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Hi, >I have just untarred the 2.2.0 tarball, and added just one line the users >file: gokul Cleartext-Password:="abcde" at the top of the file...or at the bottom? If you add it to the bottom then other things in the file will prevent that user from being seen/used - add your test user/pass to the top of the users file you didnt give the full output of 'radiusd -X' either - I'm assuming that you are editing the correct users file - eg /usr/local/etc/raddb/users or /etc/raddb/users and not the users file thats in the source directory... alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Hi all, I am trying to configure FreeRadius 2.2.0. I am trying to test with the radtest utility. However, when I run radtest, on my radiusd server, I get the following error - "ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user". I know this is some issue with the authentication part. However, I have not been able to pinpoint the problem. Also, I haven't been able to find any relevant solutions on the web. I have just untarred the 2.2.0 tarball, and added just one line the users file: gokul Cleartext-Password:="abcde" Below is the output on the server and the client side: Server: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 47080, id=238, length=75 User-Name = "gokul" User-Password = "abcde" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Message-Authenticator = 0xf92ae1fda2ea8f435d95c4a7294e1e55 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "gokul", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type REJECT # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> gokul attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 238 to 127.0.0.1 port 47080 Waking up in 4.9 seconds. Cleaning up request 0 ID 238 with timestamp +19 Ready to process requests. Client: shravan@ubuntu:~/freeradius-server-2.2.0/raddb$ sudo radtest gokul abcde localhost 0 testing123 [sudo] password for shravan: Sending Access-Request of id 238 to 127.0.0.1 port 1812 User-Name = "gokul" User-Password = "abcde" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 Message-Authenticator = 0x rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=238, length=20 shravan@ubuntu:~/freeradius-server-2.2.0/raddb$ This is m first attempt at using FreeRadius, so please let me know if I have made any rookie mistakes. :) Thanks in advance. Shravan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: Need help on "ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user"
Hi, >OS: Mac OSX 10.6.8 >FreeRADIUS version:�2.1.12 >Steps taken: okay. so you downloaded the software, extracted it, then built it... great. did you note what happened when you 'make install' ? >Starting�-�reading�configuration�files�...� >including�configuration�file�/usr/local/etc/raddb/radiusd.conf� >including�configuration�file�/usr/local/etc/raddb/proxy.conf� >including�configuration�file�/usr/local/etc/raddb/clients.conf� theres a hint the server is reading config files from the /usr/local/etc/raddb directory. the config files you have edited are the source code initial versions.. they arent being readhence your testing/password will never work alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: Need help on "ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user"
Stephen Kwok wrote: > I am a newbie to FreeRADIUS and I have run into a problem during the > setup. I have spent some time on researching for an answer online, but > I got no luck. I have described the problem as below. Could anyone > please let me know what went wrong? Thank you so much in advance. Don't post the same message to the freeradius-users and freeradius-devel list. It's not nice. The whole point of running the server in debugging mode is to *READ* the output. In this case, you've edited /sw//raddb/users, and the server is *clearly* reading /usr/local/etc/raddb/users. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fwd: Need help on "ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user"
radutmp Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/usr/local/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/usr/local/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: Opening IP addresses and Ports listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/usr/local/var/run/radiusd/radiusd.sock" } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } ... adding new socket proxy address * port 63625 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. *Packet 0* -- rad_recv: Access-Request packet from host 127.0.0.1 port 64417, id=253, length=77 User-Name = "testing" User-Password = "password" NAS-IP-Address = 172.16.142.1 NAS-Port = 0 Message-Authenticator = 0xac50d12cd56157895ad148d9eae1fab3 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "testing", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> testing attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 253 to 127.0.0.1 port 64417 Waking up in 4.9 seconds. Cleaning up request 0 ID 253 with timestamp +52 Ready to process requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Thank's Alan, it works! We had the same issue with python auths being serialized that we had with pam, but running out of debug mode fixed the issue. Pam probably would have worked if we tried that, but it was a pam_python module anyway so it is better going directly to python. Thanks again, Jim On Wed, May 18, 2011 at 1:44 AM, Alan DeKok wrote: > Jim Whitescarver wrote: >> The only thing we want is python authentication. I just commented out >> everything else. I will start again and try to minimize edits. I am >> rather clueless about the nature the minimum edits should have. > > Add what you need. The default configuration *works*. > >> It seems that every configuration file needs python in every section >> for it to be recognized. > > No. You need to list "python" everywhere you want it to be *used*. > >> I don't think we want to use the "users" file. We only want to call >> the python module for any request. > > That's just rude. > > The first message you posted showed a "users" file entry, and wondered > why it didn't work. Now you say you don't want to use it. > > Figure out what you want to do. The majority of the issues you're > having are due to inconsistency. > >> It's not clear why we would leave other stuff in if we are not using >> anything but the python module. > > Because you don't understand what it does. If you don't understand > it, deleting it is wrong. > > "Hey, I don't understand what this widget is on my car engine. I'll > just rip it off. Hmm, my car no longer works. I know... I'll blame the > mechanic!" > > You wouldn't do that to a car mechanic. Don't do it here. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Jim Whitescarver wrote: > The only thing we want is python authentication. I just commented out > everything else. I will start again and try to minimize edits. I am > rather clueless about the nature the minimum edits should have. Add what you need. The default configuration *works*. > It seems that every configuration file needs python in every section > for it to be recognized. No. You need to list "python" everywhere you want it to be *used*. > I don't think we want to use the "users" file. We only want to call > the python module for any request. That's just rude. The first message you posted showed a "users" file entry, and wondered why it didn't work. Now you say you don't want to use it. Figure out what you want to do. The majority of the issues you're having are due to inconsistency. > It's not clear why we would leave other stuff in if we are not using > anything but the python module. Because you don't understand what it does. If you don't understand it, deleting it is wrong. "Hey, I don't understand what this widget is on my car engine. I'll just rip it off. Hmm, my car no longer works. I know... I'll blame the mechanic!" You wouldn't do that to a car mechanic. Don't do it here. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
On Tue, May 17, 2011 at 3:08 PM, Alan DeKok wrote: > Jim Whitescarver wrote: >> But, after sucessfully calling our python module the user is rejected >> >> ERROR: No authenticate method (Auth-Type) found for the request: >> Rejecting the user > > Don't edit the default configuration and break it. The only thing we want is python authentication. I just commented out everything else. I will start again and try to minimize edits. I am rather clueless about the nature the minimum edits should have. It seems that every configuration file needs python in every section for it to be recognized. >> Any ideas of what we may be doing wrong? > > (1) Run the server in debugging mode. "-Xx" gives *too* much information > > (2) If you 3ant to use the "users" file, *DON'T* delete "files" from > the "authorize" section. I don't think we want to use the "users" file. We only want to call the python module for any request. > All of the work you put into "simplifying" the configuration files was > wasted. If you don't understand how the server works, change as little > as possible. We will try again. It's not clear why we would leave other stuff in if we are not using anything but the python module. Thanks for the tips. Jim. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Jim Whitescarver wrote: > But, after sucessfully calling our python module the user is rejected > > ERROR: No authenticate method (Auth-Type) found for the request: > Rejecting the user Don't edit the default configuration and break it. > Below is the complete log. > > Any ideas of what we may be doing wrong? (1) Run the server in debugging mode. "-Xx" gives *too* much information (2) If you 3ant to use the "users" file, *DON'T* delete "files" from the "authorize" section. All of the work you put into "simplifying" the configuration files was wasted. If you don't understand how the server works, change as little as possible. Read "man radiusd", and see the DEBUGGING section. It gives *EXPLICIT* instructions for how to change the configuration of the server. Follow them. This is documented. Following the documentation helps. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
I am hoping someone can help me. We compiled 2.1.x from source and finally got it to accept our python Auth-Type as the default in the users file. DEFAULT Auth-Type := python But, after sucessfully calling our python module the user is rejected ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Below is the complete log. Any ideas of what we may be doing wrong? Thanks, Jim Tue May 17 14:15:37 2011 : Debug: Listening on proxy address * port 1814 Tue May 17 14:15:37 2011 : Info: Ready to process requests. rad_recv: Access-Request packet from host 135.207.164.41 port 49346, id=131, length=55 User-Name = "owk" User-Password = "test123" NAS-IP-Address = 135.207.164.41 NAS-Port = 1812 Tue May 17 14:15:50 2011 : Info: # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Tue May 17 14:15:50 2011 : Info: +- entering group authorize {...} Tue May 17 14:15:50 2011 : Info: ++[preprocess] returns ok *** authorize *** Tue May 17 14:15:50 2011 : Info: *** radlog call in authorize *** (('User-Name', '"owk"'), ('User-Password', '"test123"'), ('NAS-IP-Address', '135.207.164.41'), ('NAS-Port', '1812')) User-Name: "owk" User-Password: "test123" NAS-IP-Address: 135.207.164.41 NAS-Port: 1812 Authenticate User: owk Tue May 17 14:16:16 2011 : Info: ++[python] returns ok Tue May 17 14:16:16 2011 : Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Tue May 17 14:16:16 2011 : Info: Failed to authenticate the user. Tue May 17 14:16:16 2011 : Info: Using Post-Auth-Type Reject Tue May 17 14:16:16 2011 : Info: # Executing group from file /usr/local/etc/raddb/sites-enabled/default Tue May 17 14:16:16 2011 : Info: +- entering group REJECT {...} Tue May 17 14:16:16 2011 : Info: [attr_filter.access_reject] expand: %{User-Name} -> owk Tue May 17 14:16:16 2011 : Debug: attr_filter: Matched entry DEFAULT at line 11 Tue May 17 14:16:16 2011 : Info: ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 131 to 135.207.164.41 port 49346 Tue May 17 14:16:16 2011 : Info: Finished request 0. Tue May 17 14:16:16 2011 : Debug: Going to the next request Tue May 17 14:16:16 2011 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 135.207.164.41 port 49346, id=131, length=55 Tue May 17 14:16:16 2011 : Info: Sending duplicate reply to client five-10 port 49346 - ID: 131 Sending Access-Reject of id 131 to 135.207.164.41 port 49346 Tue May 17 14:16:16 2011 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 135.207.164.41 port 49346, id=131, length=55 Tue May 17 14:16:16 2011 : Info: Sending duplicate reply to client five-10 port 49346 - ID: 131 Sending Access-Reject of id 131 to 135.207.164.41 port 49346 Tue May 17 14:16:16 2011 : Debug: Waking up in 4.9 seconds. Tue May 17 14:16:21 2011 : Info: Cleaning up request 0 ID 131 with timestamp +13 Tue May 17 14:16:21 2011 : Info: Ready to process requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html