Issue with /etc/raddb/users
fhuzzy opened this issue · 2 comments
Following the wiki article: CentOS 7 Minimal: Two-factor Authentication using FreeRADIUS 3, SSSD 1.12, & Google Authenticator #6
If you uncomment the following lines:
DEFAULT Group == "disabled", Auth-Type := Reject
Reply-Message = "Your account has been disabled."
And add
DEFAULT Auth-Type := PAM
For final configuration as mentioned
DEFAULT Group == "disabled", Auth-Type := Reject
Reply-Message = "Your account has been disabled."
DEFAULT Auth-Type := PAM
You get the following error when doing a radtest:
[logintime] = noop
(0) WARNING: pap : Auth-Type already set. Not setting to PAP
(0) [pap] = noop
(0) } # authorize = ok
(0) Found Auth-Type = Reject
(0) Auth-Type = Reject, rejecting user
(0) Failed to authenticate the user
With
DEFAULT Group == "disabled", Auth-Type := Reject
Reply-Message = "Your account has been disabled."
DEFAULT Auth-Type := PAM
radtest is successful.
Tested with Centos 7 minimal.
Thank you for the quick reply to other note/issue, beat me to when I could reply.
Update, seems you have to install SSSD before you can have a successful radtest as given.
If anything this might help someone else attempting the same thing.
So after you create the user run:
yum install sssd realmd adcli
Then
radtest raduser Password1 localhost 0 testing123
Until then you will get the error as listed above.
At section Test FreeRADIUS with an UNIX account we are using a local unix account raduser and FreeRADIUS is configured to use PAM. PAM has not been updated to use SSSD for that follows in the next section.
I am glad you got it working, but something is not quite right. Let's leave this open and if you complete the build or I don't hear back from you in a week, I will close it. If you continue to have problems, I can spin up a virtual machine using 7.2.1511 or whatever version you are using and walk through the build. It is, also, possible something has changed.