Freeradius authentication failed for unknown reason

Question

I followed this instruction to force freeradius to use mysql database.

and run freeradius in debug mod. but it rejects all authentication.

mysql database :

mysql> select * from radcheck;
+----+----------+-----------+----+---------+
| id | username | attribute | op | value   |
+----+----------+-----------+----+---------+
|  1 | test     | Password  | == | test123 | 
|  2 | test     | Auth-Type | == | Local   | 
+----+----------+-----------+----+---------+
2 rows in set (0.02 sec)

radtest command :

# radtest test test123 localhost 0 testing123
Sending Access-Request of id 235 to 127.0.0.1 port 1812
    User-Name = "test"
    User-Password = "test123"
    NAS-IP-Address = 127.0.0.1
    NAS-Port = 0
    Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=235, length=20

radiusd debug mod log:

rad_recv: Access-Request packet from host 127.0.0.1 port 51034, id=235, length=74
    User-Name = "test"
    User-Password = "test123"
    NAS-IP-Address = 127.0.0.1
    NAS-Port = 0
    Message-Authenticator = 0xbf111cbbae24fb0f0a558bfa26f53476
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> test
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 20 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 20
Sending Access-Reject of id 235 to 127.0.0.1 port 51034
Waking up in 4.9 seconds.
Cleaning up request 20 ID 235 with timestamp +4325
Ready to process requests.

where is the problem and how should I solve it?

score 3 · Answer 1 · answered Jun 22 '12 at 05:59

3

I've always seen the Cleartext-Password attribute set, not Password, and using the := operator, not ==. Also, I believe that setting Auth-Type is almost always wrong, so I suggest that you remove that. Try the following in the database table:

username="test", attribute="Cleartext-Password", op=":=", value="test123"

answered Jun 22 '12 at 05:59

mgorven

30,036
7
76
121

I did it ,but it will return following error again: radtest test test123 localhost 0 testing123 Sending Access-Request of id 40 to 127.0.0.1 port 1812 User-Name = "test" User-Password = "test123" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=40, length=20 – Moein Hosseini Jun 22 '12 at 06:07

score 2 · Answer 2 · answered Jun 22 '12 at 00:53

2

Might be a stupid question but have you uncommented the line

$INCLUDE  sql.conf

?

answered Jun 22 '12 at 00:53

Christopher Perrin

4,741
17
32

yes,I uncommented this line. – Moein Hosseini Jun 22 '12 at 06:04

Freeradius authentication failed for unknown reason

2 Answers2