User-Password formats

niall el-assaad niallel at gmail.com
Wed May 14 13:53:18 CEST 2008


Thanks Ivan,
I don't get this in my config, probably because we are passing the password
to an external script to do the authentication.

So I need to make the script send a message about possible mismatched secret
if it see's unreadable characters.

Many thanks for the help,

niall

2008/5/14 Ivan Kalik <tnt at kalik.net>:

> rad_recv: Access-Request packet from host 127.0.0.1:46636, id=35,
> length=58
>        User-Name = "proba1"
>        User-Password =
> "\210\363\353\036\337S\342i\023c&\212\240\267\350\026"
>        NAS-IP-Address = 255.255.255.255
>        NAS-Port = 2
>  Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>  modcall[authorize]: module "preprocess" returns ok for request 0
>  modcall[authorize]: module "chap" returns noop for request 0
>  modcall[authorize]: module "mschap" returns noop for request 0
>    rlm_realm: No '@' in User-Name = "proba1", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 0
>  rlm_eap: No EAP-Message, not doing EAP
>  modcall[authorize]: module "eap" returns noop for request 0
>  modcall[authorize]: module "files" returns notfound for request 0
> radius_xlat:  'proba1'
> rlm_sql (sql): sql_set_user escaped user --> 'proba1'
> radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
> radcheck           WHERE Username = 'proba1'           ORDER BY id'
> rlm_sql (sql): Reserving sql socket id: 3
> radius_xlat:  'SELECT
> radgroupcheck.id
> ,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
>  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'proba1' AND
> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
> radreply           WHERE Username = 'proba1'           ORDER BY id'
> radius_xlat:  'SELECT
> radgroupreply.id
> ,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
>  FROM radgroupreply,usergroup WHERE usergroup.Username = 'proba1' AND
> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql (sql): Released sql socket id: 3
> rlm_sql (sql): No matching entry in the database for request from user
> [proba1]
>  modcall[authorize]: module "sql" returns notfound for request 0
> rlm_pap: WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
>  modcall[authorize]: module "pap" returns noop for request 0
> modcall: leaving group authorize (returns ok) for request 0
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> Login incorrect:
> [proba1/\210\363\353\036\337S\342i\023c&\212\240\267\350\026]
> (from client localhost port 2)
>  WARNING: Unprintable characters in the password. ?  Double-check the
> shared secret on the server and the NAS!
>
> There it is at the end. This is 1.1.7 built from the source.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 14/5/2008, "niall el-assaad" <niallel at gmail.com> piše:
>
> >Its 1.1.7 (actually 1.1.7-3.1.fc6)
> >thanks,
> >
> >2008/5/14 Ivan Kalik <tnt at kalik.net>:
> >
> >> freeradius version?
> >>
> >> Ivan Kalik
> >> Kalik Informatika ISP
> >>
> >>
> >> Dana 14/5/2008, "niall el-assaad" <niallel at gmail.com> piše:
> >>
> >> >Yes capital X as in -X
> >> >thanks,
> >> >
> >> >2008/5/14 Ivan Kalik <tnt at kalik.net>:
> >> >
> >> >> Are you using -X (capital X) or something else?
> >> >>
> >> >> Ivan Kalik
> >> >> Kalik Informatika ISP
> >> >>
> >> >>
> >> >> Dana 13/5/2008, "niall el-assaad" <niallel at gmail.com> piše:
> >> >>
> >> >> >Thanks Ivan,
> >> >> >I don't have this message in the debug output, is this possibly
> >> because
> >> >> I'm
> >> >> >running an external script? Or is there a chance that its not a
> >> >> mismatched
> >> >> >secret?
> >> >> >
> >> >> >thanks,
> >> >> >
> >> >> >2008/5/14 Ivan Kalik <tnt at kalik.net>:
> >> >> >
> >> >> >> Threre is a "Unprintable characters ..." warning about the
> potential
> >> >> >> shared secret mismatch in the debug.
> >> >> >>
> >> >> >> Ivan Kalik
> >> >> >> Kalik Informatika ISP
> >> >> >>
> >> >> >>
> >> >> >> Dana 13/5/2008, "niall el-assaad" <niallel at gmail.com> piše:
> >> >> >>
> >> >> >> >thanks alan, much appreciated.
> >> >> >> >I think you may be right. Its just strange the FR server doesn't
> >> >> mention
> >> >> >> >this - or would it not know and only the radius client know
> this?
> >> >> >> >
> >> >> >> >thanks again,
> >> >> >> >
> >> >> >> >On Tue, May 13, 2008 at 10:02 PM, <A.L.M.Buxey at lboro.ac.uk>
> wrote:
> >> >> >> >
> >> >> >> >> hi,
> >> >> >> >>
> >> >> >> >> incorrect shared secret between FR server and WLC?
> >> >> >> >>
> >> >> >> >> alan
> >> >> >> >> -
> >> >> >> >> List info/subscribe/unsubscribe? See
> >> >> >> >> http://www.freeradius.org/list/users.html
> >> >> >> >>
> >> >> >> >
> >> >> >> >
> >> >> >>
> >> >> >> -
> >> >> >> List info/subscribe/unsubscribe? See
> >> >> >> http://www.freeradius.org/list/users.html
> >> >> >>
> >> >> >
> >> >>
> >> >> -
> >> >> List info/subscribe/unsubscribe? See
> >> >> http://www.freeradius.org/list/users.html
> >> >>
> >> >
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080514/160b3fd4/attachment.html>


More information about the Freeradius-Users mailing list