[prev in list] [next in list] [prev in thread] [next in thread]
List: packetfence-users
Subject: Re: [PacketFence-users] pftest Unable to validate credentials at the moment for domain
From: Odysseas Basdekis via PacketFence-users <packetfence-users () lists ! sourceforge ! net
Date: 2021-08-04 9:16:24
Message-ID: CAExe4NH8SbALP8fkGT2xWhGKu+KaG5muAV4MpTy7p2yWkFZ2rg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/related)]
[Attachment #4 (multipart/alternative)]
Hello again to all.
Currently I 'm also trying to authenticate users with mySQL db.
Here is my problem:
For testing purposes only, I've added only one record in radcheck table:
fredf | Cleartext-Password | := | wilma
I assign the user to a specific group called "dynamic" (the only record in
radusergroup table):
fredf | dynamic | 1|
and I assign the "Accept" reply using a record in radgroupreply table:
| 4 | dynamic | Auth-Type | := | Accept |
Running freeradius -X and testing this user, I get this strange replies:
(0) sql: Executing select query: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id
(0) sql: Group "dynamic": Merging reply items
(0) sql: *Auth-Type := Accept*
rlm_sql (sql): Released connection (1)
(0) [sql] = ok
(0) } # authorize = ok
(0) WARNING: Please update your configuration, and remove 'Auth-Type =
Local'
(0) WARNING: Use the PAP or CHAP modules instead
*(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
Reject*
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
which means that, even if the Auth-Type is "Accept" it replies that
Auth-type is not found
In the /etc/freeradius/3.0/users file, I have this configuration:
DEFAULT SQL-Group == "dynamic"
Reply-Message = "You're in dynamic group and accepted",
Auth-Type := Accept,
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-ID = "8"
Either this works as it's supposed to, because radtest replies:
Sent Access-Request Id 87 from 0.0.0.0:28271 to 127.0.0.1:1812 length 75
User-Name = "fredf"
User-Password = "wilma"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "wilma"
Received Access-Reject Id 87 from 127.0.0.1:1812 to 127.0.0.1:28271 length
58
Reply-Message = "You're in dynamic group and accepted"
(0) -: Expected Access-Accept got Access-Reject
I really cannot understand what may be the problem here.
Consider also that, if I add the record
fredf | Auth-Type | := | Accept
in radcheck table, works fine
Thank you in advance for the support and assistance
Kind regards
On Mon, Jul 19, 2021 at 4:15 PM Odysseas Basdekis <odybasd@gmail.com> wrote:
> Hello Nicolas
>
> Thank you for the reply
> The Realm looks OK, It's joined successfully.
> I am mostly concerned on the message "Authentication FAILED against XXX (*Unable
> to validate credentials at the moment*)"
> What may cause this?
>
>
> On Mon, Jul 19, 2021 at 3:47 PM Quiniou-Briand, Nicolas <
> nquiniou@akamai.com> wrote:
>
>> Hello,
>>
>>
>>
>> > Why does the pftest command looks like not work properly?
>>
>>
>>
>> It could mean you are not testing exactly like when you plugged your
>> device on the network.
>>
>> This is certainly related to the REALM being
>>
>>
>>
>> *Nicolas Quiniou-Briand*
>> *Product Support Engineer*
>>
>> *Office:* +33156696210
>>
>> Akamai Technologies
>> 145 Broadway
>> Cambridge, MA 02142
>>
>> Connect with Us:
>>
>> <https://community.akamai.com/> <http://blogs.akamai.com/>
>> <https://twitter.com/akamai>
>> <http://www.facebook.com/AkamaiTechnologies>
>> <http://www.linkedin.com/company/akamai-technologies>
>> <http://www.youtube.com/user/akamaitechnologies?feature=results_main>
>>
>>
>>
>
[Attachment #7 (text/html)]
<div dir="ltr">Hello again to all.<div><br></div><div>Currently I 'm also trying \
to authenticate users with mySQL db.</div><div>Here is my problem:</div><div>For \
testing purposes only, I've added only one record in radcheck \
table:</div><div>fredf | Cleartext-Password | := | wilma</div><div>I assign the \
user to a specific group called "dynamic" (the only record in \
radusergroup table):<br></div><div> fredf | dynamic | 1| \
<br></div><div>and I assign the "Accept" reply using a record in \
radgroupreply table:</div><div>| 4 | dynamic | Auth-Type | := | Accept \
|<br></div><div><br></div><div>Running freeradius -X and testing this user, I get \
this strange replies:</div><div><br></div><div>(0) sql: Executing select query: \
SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = \
'dynamic' ORDER BY id<br>(0) sql: Group "dynamic": Merging reply \
items<br>(0) sql: <b>Auth-Type := Accept</b><br>rlm_sql (sql): Released connection \
(1)<br>(0) [sql] = ok<br>(0) } # authorize = ok<br>(0) WARNING: Please \
update your configuration, and remove 'Auth-Type = Local'<br>(0) WARNING: Use \
the PAP or CHAP modules instead<br><b>(0) ERROR: No Auth-Type found: rejecting the \
user via Post-Auth-Type = Reject</b><br>(0) Failed to authenticate the user<br>(0) \
Using Post-Auth-Type Reject<br></div><div><br></div><div>which means that, even if \
the Auth-Type is "Accept" it replies that Auth-type is not \
found</div><div><br></div><div>In the /etc/freeradius/3.0/users file, I have this \
configuration:</div><div><br></div><div><br>DEFAULT SQL-Group == \
"dynamic"<br> Reply-Message = "You're in dynamic group and \
accepted",<br> Auth-Type := Accept,<br> Tunnel-Type = 13,<br> \
Tunnel-Medium-Type = 6,<br> Tunnel-Private-Group-ID = \
"8"<br><br></div><div>Either this works as it's supposed to, because \
radtest replies:</div><div><br></div><div>Sent Access-Request Id 87 from <a \
href="http://0.0.0.0:28271">0.0.0.0:28271</a> to <a \
href="http://127.0.0.1:1812">127.0.0.1:1812</a> length 75<br> User-Name = \
"fredf"<br> User-Password = "wilma"<br> \
NAS-IP-Address = 127.0.1.1<br> NAS-Port = 0<br> \
Message-Authenticator = 0x00<br> Cleartext-Password = \
"wilma"<br>Received Access-Reject Id 87 from <a \
href="http://127.0.0.1:1812">127.0.0.1:1812</a> to <a \
href="http://127.0.0.1:28271">127.0.0.1:28271</a> length 58<br> \
Reply-Message = "You're in dynamic group and accepted"<br>(0) -: \
Expected Access-Accept got \
Access-Reject<br></div><div><br></div><div><br></div><div><br></div><div><br></div><div>I \
really cannot understand what may be the problem here.</div><div>Consider also that, \
if I add the record</div><div>fredf | Auth-Type | := | Accept<br></div><div>in \
radcheck table, works fine</div><div><br></div><div><br></div><div>Thank you in \
advance for the support and assistance</div><div>Kind \
regards</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jul 19, 2021 at 4:15 PM \
Odysseas Basdekis <<a href="mailto:odybasd@gmail.com">odybasd@gmail.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello \
Nicolas<div><br></div><div>Thank you for the reply</div><div>The Realm looks OK, \
It's joined successfully. </div><div>I am mostly concerned on the message \
"Authentication FAILED against XXX (<b>Unable to validate credentials at the \
moment</b>)"</div><div>What may cause this?</div><div><br></div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jul 19, 2021 at 3:47 PM \
Quiniou-Briand, Nicolas <<a href="mailto:nquiniou@akamai.com" \
target="_blank">nquiniou@akamai.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div>
<p class="MsoNormal">Hello,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">> Why does the pftest command looks like not work \
properly?<u></u><u></u></p> <p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">It could mean you are not testing exactly like when you plugged \
your device on the network.<u></u><u></u></p> <p class="MsoNormal">This is certainly \
related to the REALM being <u></u><u></u></p> <p class="MsoNormal"><u></u> \
<u></u></p> <table border="0" cellspacing="0" cellpadding="0" width="360" \
style="width:3.75in"> <tbody>
<tr style="height:7.5pt">
<td colspan="3" valign="bottom" style="padding:0in 0in 4.5pt;height:7.5pt">
<p class="MsoNormal"><b><span \
style="font-size:10.5pt;font-family:Arial,sans-serif;color:rgb(0,153,204)">Nicolas \
Quiniou-Briand</span></b><span \
style="font-size:10.5pt;font-family:Arial,sans-serif;color:rgb(0,153,204)"><br> \
</span><b><span style="font-size:9pt;font-family:Arial,sans-serif;color:rgb(102,102,102)">Product \
Support Engineer</span></b><b><span \
style="font-size:10.5pt;font-family:Arial,sans-serif;color:rgb(0,153,204)"><u></u><u></u></span></b></p>
</td>
</tr>
<tr>
<td colspan="3" valign="bottom" style="padding:0in 0in 4.5pt">
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif"><img \
width="242" height="45" style="width: 2.5208in; height: 0.4687in;" \
id="gmail-m_-921535543518434993gmail-m_8786851899419956767Picture_x0020_1" \
src="cid:17abf1bcc4e4cff311"><u></u><u></u></span></p> </td>
</tr>
<tr>
<td colspan="2" valign="top" \
style="border-top:none;border-right:none;border-left:none;border-bottom:1pt solid \
rgb(143,145,148);padding:0in"> </td>
<td style="padding:0in"></td>
</tr>
<tr style="height:3.75pt">
<td valign="top" style="padding:4.5pt 0in 0in;height:3.75pt">
<p class="MsoNormal"><b><span \
style="font-size:7.5pt;font-family:Verdana,sans-serif;color:rgb(51,51,51)">Office:</span></b><span \
style="font-size:7.5pt;font-family:Verdana,sans-serif;color:rgb(51,51,51)"> \
+33156696210</span><span style="font-family:"Times New \
Roman",serif"><u></u><u></u></span></p> </td>
<td style="padding:4.5pt 0in 0in;height:3.75pt">
<p class="MsoNormal"><span \
style="font-size:7.5pt;font-family:Verdana,sans-serif;color:rgb(51,51,51)">Akamai \
Technologies<br> 145 Broadway<br>
Cambridge, MA 02142</span><span style="font-family:"Times New \
Roman",serif"><u></u><u></u></span></p> </td>
<td style="padding:0in;height:3.75pt"></td>
</tr>
<tr style="height:5.25pt">
<td colspan="2" valign="top" style="background:white;padding:0in;height:5.25pt">
</td>
<td style="padding:0in;height:5.25pt"></td>
</tr>
<tr style="height:3.75pt">
<td width="148" style="width:111pt;padding:7.5pt 0in 0in;height:3.75pt">
<p class="MsoNormal"><span \
style="font-family:Arial,sans-serif;color:rgb(102,102,102)">Connect with \
Us:<u></u><u></u></span></p> </td>
<td width="222" style="width:166.5pt;padding:7.5pt 0in 0in 0.75pt;height:3.75pt">
<p class="MsoNormal"><a href="https://community.akamai.com/" target="_blank"><span \
style="font-family:"Times New \
Roman",serif;color:blue;text-decoration:none"><img border="0" width="23" \
height="23" style="width: 0.2395in; height: 0.2395in;" \
id="gmail-m_-921535543518434993gmail-m_8786851899419956767Picture_x0020_2" \
src="cid:17abf1bcc4e5b006a2"></span></a><span style="font-family:"Times New \
Roman",serif"> </span><a href="http://blogs.akamai.com/" target="_blank"><span \
style="font-family:"Times New \
Roman",serif;color:blue;text-decoration:none"><img border="0" width="23" \
height="23" style="width: 0.2395in; height: 0.2395in;" \
id="gmail-m_-921535543518434993gmail-m_8786851899419956767Picture_x0020_3" \
src="cid:17abf1bcc4e692e333"></span></a><span style="font-family:"Times New \
Roman",serif"> </span><a href="https://twitter.com/akamai" \
target="_blank"><span style="font-family:"Times New \
Roman",serif;color:blue;text-decoration:none"><img border="0" width="23" \
height="23" style="width: 0.2395in; height: 0.2395in;" \
id="gmail-m_-921535543518434993gmail-m_8786851899419956767Picture_x0020_4" \
src="cid:17abf1bcc4e7745b44"></span></a><span style="font-family:"Times New \
Roman",serif"> </span><a href="http://www.facebook.com/AkamaiTechnologies" \
target="_blank"><span style="font-family:"Times New \
Roman",serif;color:blue;text-decoration:none"><img border="0" width="23" \
height="23" style="width: 0.2395in; height: 0.2395in;" \
id="gmail-m_-921535543518434993gmail-m_8786851899419956767Picture_x0020_5" \
src="cid:17abf1bcc4e855d355"></span></a><span style="font-family:"Times New \
Roman",serif"> </span><a \
href="http://www.linkedin.com/company/akamai-technologies" target="_blank"><span \
style="font-family:"Times New \
Roman",serif;color:blue;text-decoration:none"><img border="0" width="23" \
height="23" style="width: 0.2395in; height: 0.2395in;" \
id="gmail-m_-921535543518434993gmail-m_8786851899419956767Picture_x0020_6" \
src="cid:17abf1bcc4e9374b66"></span></a><span style="font-family:"Times New \
Roman",serif"> </span><a \
href="http://www.youtube.com/user/akamaitechnologies?feature=results_main" \
target="_blank"><span style="font-family:"Times New \
Roman",serif;color:blue;text-decoration:none"><img border="0" width="23" \
height="23" style="width: 0.2395in; height: 0.2395in;" \
id="gmail-m_-921535543518434993gmail-m_8786851899419956767Picture_x0020_7" \
src="cid:17abf1bcc4ea18c377"></span></a><span style="font-family:"Times New \
Roman",serif"><u></u><u></u></span></p> </td>
<td style="padding:0in;height:3.75pt"></td>
</tr>
</tbody>
</table>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</div>
</blockquote></div>
</blockquote></div>
--0000000000004dbe4c05c8b84272--
["image001.png" (image/png)]
["image002.jpg" (image/jpeg)]
["image003.png" (image/png)]
["image004.png" (image/png)]
["image005.png" (image/png)]
["image006.png" (image/png)]
["image007.png" (image/png)]
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic