[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Capturing Access-Reject data in the radpostauth table
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2010-04-30 7:31:40
Message-ID: 4BDA875C.9030901 () deployingradius ! com
[Download RAW message or body]

Aaron Paetznick wrote:
> Huh.  Then it should be working but it isn't.
> 
> radiusd -X says:
> ...
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
> Failed to authenticate the user.
> Login incorrect: [username/badpass] (from client somenas port 0 cli
> somecallinginfo)
> Using Post-Auth-Type Reject

  As I said:

>>    But the log message *uses* it:
>>
>> Login incorrect (rlm_pap: CLEAR TEXT password check failed) ..
>>
>>    The text between the () *is* the Module-Failure-Message attribute.
>> See src/main/auth.c.

  Look closely at the two log messages.  They're different.  One
references "rlm_pap", which means it's using Module-Failure-Message.
The other doesn't reference rlm_pap, which means it's not using
Module-Failure-Method.

  i.e. In this example, you failed to configure a way for the user to be
authenticated.  The server didn't run any module for authentication.
So.... there's no Module-Failure-Method.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]