I have set up a freeradius server in a kubernetes cluster. I have followed the instructions for setting up a test user to test with radtest, however, I still get "Access-Reject" when I run the test.
Here is the beginning of the users file, I have placed the test user at the top:
testing Cleartext-Password := "password"
#
# Configuration file for the rlm_files module.
# Please see rlm_files(5) manpage for more information.
#
# This file contains authentication security and configuration
# information for each user. Accounting requests are NOT processed
# through this file. Instead, see 'accounting', in this directory.
Here is the command I run to test:
radtest testing password 127.0.0.1 1812 password
Where "testing" is the username, "password" is the user's password, 127.0.0.1 is the address of the server (testing locally) 1812 is the port, and the second "password" is the pre shared secret between the client and the server. Here is the output from that command:
Sent Access-Request Id 24 from 0.0.0.0:53513 to 127.0.0.1:1812 length 77
User-Name = "testing"
User-Password = "password"
NAS-IP-Address = 10.233.64.70
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "password"
Received Access-Reject Id 24 from 127.0.0.1:1812 to 127.0.0.1:53513 length 20
(0) -: Expected Access-Accept got Access-Reject
Also, even though the container is supposed to start freeradius in debug mode, I don't actually see any debug messages coming to STDOUT when I open a bash shell in the container through Kubernetes.
It turns out that part of the LDAP configuration means disabling the users file. Sorry, I should have mentioned it.