Re: Hints file and Strip-User-Name
When run radiusd -W I can see it enter the preprocess module and match an entry, but the suffix is not being stripped and entry in users file not being matched: Not being stripped? You think that's the problem. Tue Jun 3 12:54:15 2008 : Debug: +- entering group authorize Tue Jun 3 12:54:15 2008 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 .. Tue Jun 3 12:54:15 2008 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 .. Tue Jun 3 12:54:15 2008 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user You haven't hacked away at the default configuration by any chance? Users file entry is not matched because you prevented the server from looking there. Even if you put files back in it still won't work as you have broken every single authentication method. Well done! Now put the configuration back the way it was and watch it work. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Hints file and Strip-User-Name
files is there in authentication { } section.
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
Auth-Type PAP {
pap
}
#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
Auth-Type CHAP {
chap
}
#
# MSCHAP authentication.
Auth-Type MS-CHAP {
mschap
}
#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authorize' section.
# digest
#
# Pluggable Authentication Modules.
# pam
#
# See 'man getpwent' for information on how the 'unix'
# module checks the users password. Note that packets
# containing CHAP-Password attributes CANNOT be authenticated
# against /etc/passwd! See the FAQ for details.
#
# unix
# Uncomment it if you want to use ldap for authentication
#
# Note that this means check plain-text password against
# the ldap database, which means that EAP won't work,
# as it does not supply a plain-text password.
# Auth-Type LDAP {
# ldap
# }
#
# Allow EAP authentication.
eap
files
}
Paul
-Original Message-
From:
[EMAIL PROTECTED]
rg
[mailto:[EMAIL PROTECTED]
radius.org] On Behalf Of Ivan Kalik
Sent: June 3, 2008 2:07 PM
To: FreeRadius users mailing list
Subject: Re: Hints file and Strip-User-Name
When run radiusd -W I can see it enter the preprocess module and match
an entry, but the suffix is not being stripped and entry in users file
not being matched:
Not being stripped? You think that's the problem.
Tue Jun 3 12:54:15 2008 : Debug: +- entering group authorize
Tue Jun 3 12:54:15 2008 : Debug: modsingle[authorize]: calling
suffix
(rlm_realm) for request 0
..
Tue Jun 3 12:54:15 2008 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 0
..
Tue Jun 3 12:54:15 2008 : Debug: auth: No authenticate method
(Auth-Type) configuration found for the request: Rejecting the user
You haven't hacked away at the default configuration by any chance?
Users file entry is not matched because you prevented the server from
looking there. Even if you put files back in it still won't work as
you have broken every single authentication method. Well done! Now put
the configuration back the way it was and watch it work.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Hints file and Strip-User-Name
authenticate{}??? What are they doing there. Files are a part of
authorize{} section.
Ivan Kalik
Kalik Informatika ISP
Dana 3/6/2008, Paul Khavkine [EMAIL PROTECTED] piše:
files is there in authentication { } section.
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
Auth-Type PAP {
pap
}
#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
Auth-Type CHAP {
chap
}
#
# MSCHAP authentication.
Auth-Type MS-CHAP {
mschap
}
#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authorize' section.
# digest
#
# Pluggable Authentication Modules.
# pam
#
# See 'man getpwent' for information on how the 'unix'
# module checks the users password. Note that packets
# containing CHAP-Password attributes CANNOT be authenticated
# against /etc/passwd! See the FAQ for details.
#
# unix
# Uncomment it if you want to use ldap for authentication
#
# Note that this means check plain-text password against
# the ldap database, which means that EAP won't work,
# as it does not supply a plain-text password.
# Auth-Type LDAP {
# ldap
# }
#
# Allow EAP authentication.
eap
files
}
Paul
-Original Message-
From:
[EMAIL PROTECTED]
rg
[mailto:[EMAIL PROTECTED]
radius.org] On Behalf Of Ivan Kalik
Sent: June 3, 2008 2:07 PM
To: FreeRadius users mailing list
Subject: Re: Hints file and Strip-User-Name
When run radiusd -W I can see it enter the preprocess module and match
an entry, but the suffix is not being stripped and entry in users file
not being matched:
Not being stripped? You think that's the problem.
Tue Jun 3 12:54:15 2008 : Debug: +- entering group authorize
Tue Jun 3 12:54:15 2008 : Debug: modsingle[authorize]: calling
suffix
(rlm_realm) for request 0
...
Tue Jun 3 12:54:15 2008 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 0
...
Tue Jun 3 12:54:15 2008 : Debug: auth: No authenticate method
(Auth-Type) configuration found for the request: Rejecting the user
You haven't hacked away at the default configuration by any chance?
Users file entry is not matched because you prevented the server from
looking there. Even if you put files back in it still won't work as
you have broken every single authentication method. Well done! Now put
the configuration back the way it was and watch it work.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Hints file and Strip-User-Name
You are right actually, not having a good day today.
I unbroken my config, found what was originally not working, had to uncomment
the key setting in the files {} configuration block to match
Stripped-User-Name in the users file.
Thanx
Paul
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan Kalik
Sent: June 3, 2008 2:47 PM
To: FreeRadius users mailing list
Subject: RE: Hints file and Strip-User-Name
authenticate{}??? What are they doing there. Files are a part of
authorize{} section.
Ivan Kalik
Kalik Informatika ISP
Dana 3/6/2008, Paul Khavkine [EMAIL PROTECTED] piše:
files is there in authentication { } section.
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
Auth-Type PAP {
pap
}
#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
Auth-Type CHAP {
chap
}
#
# MSCHAP authentication.
Auth-Type MS-CHAP {
mschap
}
#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authorize' section.
# digest
#
# Pluggable Authentication Modules.
# pam
#
# See 'man getpwent' for information on how the 'unix'
# module checks the users password. Note that packets
# containing CHAP-Password attributes CANNOT be authenticated
# against /etc/passwd! See the FAQ for details.
#
# unix
# Uncomment it if you want to use ldap for authentication
#
# Note that this means check plain-text password against
# the ldap database, which means that EAP won't work,
# as it does not supply a plain-text password.
# Auth-Type LDAP {
# ldap
# }
#
# Allow EAP authentication.
eap
files
}
Paul
-Original Message-
From:
[EMAIL PROTECTED]
rg
[mailto:[EMAIL PROTECTED]
radius.org] On Behalf Of Ivan Kalik
Sent: June 3, 2008 2:07 PM
To: FreeRadius users mailing list
Subject: Re: Hints file and Strip-User-Name
When run radiusd -W I can see it enter the preprocess module and match
an entry, but the suffix is not being stripped and entry in users file
not being matched:
Not being stripped? You think that's the problem.
Tue Jun 3 12:54:15 2008 : Debug: +- entering group authorize
Tue Jun 3 12:54:15 2008 : Debug: modsingle[authorize]: calling
suffix
(rlm_realm) for request 0
...
Tue Jun 3 12:54:15 2008 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 0
...
Tue Jun 3 12:54:15 2008 : Debug: auth: No authenticate method
(Auth-Type) configuration found for the request: Rejecting the user
You haven't hacked away at the default configuration by any chance?
Users file entry is not matched because you prevented the server from
looking there. Even if you put files back in it still won't work as
you have broken every single authentication method. Well done! Now put
the configuration back the way it was and watch it work.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
