Windows Authentication and Authorization via LDAP on FreeRadius v 2.1.4 Configuration Help!!!
Hello All,
Excuse me for my lack of knowledge with Linux and FreeRadius. I hardly have
any experience and I've been using version 1.1.3 for the past few weeks and
had authentication working properly for Cisco devices. I decided to install
the latest version 2.1.4 and forgot to save all my configuration for 1.1.3.
Hopefully I'll learn my lesson next time =) The radiusd.conf file from what
I recall looks totally different. I inserted my ldap information in the
modules section, but running the basic debug I'm seeing an error No
authenticate method (Auth-Type). Even running the recommended radtest it's
failing in reviewing the debug. I believe I'm missing authenticate config.
If so do I need to modify another file or add it to radiusd.conf? I'm a
little lost here if someone can point me the right direction and hopefully I
can proceed with getting authorization working afterwards. Let me know if
you need any additional information. I've added the debug info below.
Another quick question has anyone configured this for F5 devices?
rad_recv: Access-Request packet from host 127.0.0.1 port 1027, id=254,
length=56
User-Name = test
User-Password = test
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = test, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user. Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [test] (from client localhost port 0)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - test
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 254 to 127.0.0.1 port 1027
Waking up in 4.9 seconds.
Cleaning up request 0 ID 254 with timestamp +783
Thanks,
Ed
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows Authentication and Authorization via LDAP on FreeRadius v 2.1.4 Configuration Help!!!
Am Dienstag, 24. März 2009 15:58:09 schrieb Edwin Isada:
Hello All,
Excuse me for my lack of knowledge with Linux and FreeRadius. I hardly
have any experience and I've been using version 1.1.3 for the past few
weeks and had authentication working properly for Cisco devices. I decided
to install the latest version 2.1.4 and forgot to save all my configuration
for 1.1.3. Hopefully I'll learn my lesson next time =) The radiusd.conf
file from what I recall looks totally different. I inserted my ldap
information in the modules section, but running the basic debug I'm seeing
an error No authenticate method (Auth-Type). Even running the recommended
radtest it's failing in reviewing the debug. I believe I'm missing
authenticate config. If so do I need to modify another file or add it to
radiusd.conf? I'm a little lost here if someone can point me the right
direction and hopefully I can proceed with getting authorization working
afterwards. Let me know if you need any additional information. I've
added the debug info below. Another quick question has anyone configured
this for F5 devices?
rad_recv: Access-Request packet from host 127.0.0.1 port 1027, id=254,
length=56
User-Name = test
User-Password = test
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = test, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user. Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [test] (from client localhost port 0)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - test
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 254 to 127.0.0.1 port 1027
Waking up in 4.9 seconds.
Cleaning up request 0 ID 254 with timestamp +783
Thanks,
Ed
Did you enter the nescessary config in the modules/ldap file?
Did you uncomment the ldap sections in authorize and authenticate sections in
the default server (servers-enabled/default)?
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75
mail: mi...@multinet.de
web: www.multinet.de
Sitz der Gesellschaft: 85630 Grasbrunn
Registergericht: Amtsgericht München HRB 114375
Geschäftsführer: Günter Jurgeneit, Hubert Martens
---
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows Authentication and Authorization via LDAP on FreeRadius v 2.1.4 Configuration Help!!!
Edwin Isada wrote: Hello All, Excuse me for my lack of knowledge with Linux and FreeRadius. I hardly have any experience and I've been using version 1.1.3 for the past few weeks and had authentication working properly for Cisco devices. I decided to install the latest version 2.1.4 and forgot to save all my configuration for 1.1.3. When you install the server, it does NOT over-write existing configurations. The radiusd.conf file from what I recall looks totally different. I inserted my ldap information in the modules section, Please READ the configuration files. The modules section has comments saying where the module configurations are now located. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
