Freeradius not working with Ubuntu's default install
John Dennis
jdennis at redhat.com
Thu Dec 3 19:28:54 CET 2009
On 12/03/2009 12:56 PM, Wim De Hul wrote:
> Dear members,
>
>
> I have an issue with the default install of freeradius on Ubuntu 9.04.
> I only added a user in /etc/freeradius/users:
>
> wim Cleartext-Password := "test123"
>
> I started freeradius:
>
> /usr/sbin/freeradius -X
>
> But when I try:
>
> radtest wim test123 127.0.0.1 0 testing123
>
> I see:
>
> Sending Access-Request of id 96 to 127.0.0.1 port 1812
> User-Name = "wim"
> User-Password = "test123"
> NAS-IP-Address = 192.168.1.152
> NAS-Port = 0
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
> length=20
>
> In my radiusd output, I see that the passwords do not match:
>
> <snip>
> ++[pap] returns updated
> Found Auth-Type = PAP
> +- entering group PAP {...}
> [pap] login attempt with password "test123"
> [pap] Using CRYPT encryption.
> [pap] Passwords don't match
> ++[pap] returns reject
> Failed to authenticate the user.
> Login incorrect (rlm_pap: CRYPT password check failed): [wim/test123]
> (from client localhost port 0)
> Does anyone have an idea of what's going on?
The message is pretty clear. You've passed a clear text password but
somebody had configured freeradius to use an password encryption scheme
of CRYPT, thats not part of the default configuration. Encrypted
passwords won't match clear text passwords. Search the files under
/etc/raddb to see who has set encryption_scheme to crypt (probably in
/etc/raddb/modules/pap).
If ubuntu shipped with this configuration file a bug. If you modified
the configuration files then resist the urge :-)
see: http://deployingradius.com/documents/configuration/pap.html
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list