Fresh Install PID but I get "Auth-Type EAP' section."

tfc · June 18, 2019, 11:04am

Hi,
I try to Install PID on Centos7 by using directive in Two-Factor-Authentication with OTP on Centos7
When I came to Test Freeradius step, I got an error while run freeradius in debug mode

freeradius -X
…
…
Instantiating module “eap” from file /etc/raddb/mods-enabled/eap
/etc/raddb/mods-enabled/eap[14]: Failed to find ‘Auth-Type EAP’ section. Cannot authenticate users.
/etc/raddb/mods-enabled/eap[14]: Instantiation failed for module “eap”

can you have any idea why happen this?

plettich · June 18, 2019, 12:26pm

Hi and welcome to the forum,
the linked HowTo is quite outdated and will be replaced soon.
Centos7 uses FreeRadius 3.0 which changes the config, maybe this post might help:

tfc · June 18, 2019, 1:35pm

Sorry but I dont’t understand. The link that Is shared, is exactly same that you offer.
Anser not clear for me. But, you mean I’ve to change
/etc/raddb/sites-available/privacyidea file according to Provide config for packing for FreeRADIUS2 and 3 ?

Do I have to delete old one:

server default {
listen {
type = auth
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipaddr = *
port = 0
type = acct
limit {
}
}

authorize {
preprocess
digest
suffix
ntdomain
files
expiration
logintime
pap
update control {
Auth-Type := Perl
}
}

authenticate {
Auth-Type Perl {
perl
}
digest
}

preacct {
suffix
files
}

accounting {
detail
}

session {
}
post-auth {
}
pre-proxy {
}
post-proxy {
}
}

And Write this?

server {
authorize {
files
perl
if (ok || updated) {
update control {
Auth-Type := Perl
}
}
}
listen {
type = auth
ipaddr = *
port = 0
}
authenticate {
Auth-Type Perl {
perl
}
}
}

tfc · June 18, 2019, 2:18pm

Freeradius versions is 3.0.13
And I change /etc/raddb/sites-available file as:

server {
        authorize {
                #files
                perl
                if (ok || updated) {
                        update control {
                                Auth-Type := Perl
                        }
                }
        }
	listen {
                type = auth
                ipaddr = *
                port = 0
        }
	authenticate {
                Auth-Type Perl {
                        perl
                }
        }
}

And /etc/raddb/mods-available as:

perl {
#filename = ${modconfdir}/${.:instance}/example.pl
#filename = ${modconfdir}/${.:instance}/privacyidea_radius.pm
filename = /etc/raddb/mods-config/perl/privacyidea_radius.pm
}

But nothing change. Still I get same error.

cornelinux · June 18, 2019, 6:19pm

Delete this file: /etc/raddb/mods-enabled/eap (which actually is a link)
It fails to initialize eap. You are not using eap. So the logical step is to disable eap (by deleting the file.

Use

radius -X

to run freeradius in debug mode. Read the output and try to understand that.
Buy this book: https://www.amazon.com/FreeRADIUS-Beginners-Guide-Dirk-Walt/dp/1849514089
It is a bit outdated but it is still a good introduction to freeradius.

Use the radclient tool to check your authentication.
https://privacyidea.readthedocs.io/en/latest/application_plugins/index.html?highlight=radclient#freeradius

FreeRADIUS has a great debug output when running with the -X option.