No known good password

tnt at kalik.net tnt at kalik.net
Tue Mar 3 13:15:52 CET 2009


>Are there room for a newbee question here? This is my first Radius server.
>I get the message "No known good password" when trying to authenticate users The users are coming from one of two possible VPN tunnels. I assume "clients.conf" is correctly configured.
>Any help is highly appreciated.
>
>
>Best regards
>Ove Fagerheim
>
>>From "Users.conf":
><snip>
>user1   Service-Type == Framed-User, User-Password == "password",
>        # Adresses from 10.194.0.1 to 10.194.63.254
>        # Auth-Type = System,
>        Framed-IP-Address = 10.194.0.1,
>        Framed-IP-Netmask = 255.255.192.0,
>        Fall-Through = Yes
>
>DEFAULT Service-Type == Framed-User, Huntgroup-Name == "Huntgroup-1",
>        Framed-Protocol = GPRS-PDP-Context,
>        NAS-Identifier = STCGGSN3,
>        Called-Station_id = "My-Station-Id-String",
>        Reply-Message = "%u is granted access"
>
>
>user1   Service-Type == Framed-User, User-Password == "password",
>        # Adresser fra 10.192.64.1 til 10.192.127.254
>        # Auth-Type = System,
>        Framed-IP-Address = 10.192.64.1,
>        Framed-IP-Netmask = 255.255.192.0,
>        Fall-Through = Yes
>
>DEFAULT Service-Type == Framed-User, Huntgroup-Name == ""Huntgroup-2", ",
>        Framed-Protocol = GPRS-PDP-Context,
>        NAS-Identifier = FBUGGSN3,
>        Called-Station_id = "My-Station-Id-String",
>        Reply-Message = "%u is granted access"
><snip>
>
>>From "Huntgroups":
><snip>
>Huntgroup-1             NAS-IP-Address == 172.x.x.0
>Huntgroup-1             NAS-IP-Address == 172.x.x.1
>..
>..
>..
>Huntgroup-1             NAS-IP-Address == 172.x.x.14
>#
>#
>Huntgroup-2             NAS-IP-Address == 172.y.y.240
>Huntgroup-2             NAS-IP-Address == 172.y.y.241
>..
>..
>..
>Huntgroup-2             NAS-IP-Address == 172.y.y.254
><snip>
>
>
>logfile "log\radius\radacct\"NAS-IPAddress"\auth-detail-20090303.log: (username is client telephone number)
><snip>
>Packet-Type = Access-Request
>Tue Mar  3 08:37:36 2009
>        NAS-IP-Address = 172.x.x.2
>        NAS-Identifier = "STCGGSN3"
>        Called-Station-Id = "My-Station-Id-String"
>        Framed-Protocol = GPRS-PDP-Context
>        Service-Type = Framed-User
>        NAS-Port-Type = Virtual
>        NAS-Port = 16861232
>        User-Name = "user1"
>        User-Password = "password"
>        Calling-Station-Id = "user1"
>        Client-IP-Address = 172.x.x.2
>        Huntgroup-Name = "Huntgroup-1"
><snip>
>
>
>logfile "log\radius\radius.log"
><snip>
>Mon Feb 16 12:00:54 2009 : Info: Ready to process requests.
>Mon Feb 16 12:01:49 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 35970456 cli 4790622859)
>Mon Feb 16 12:02:04 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 33168936 cli 4790622859)
>Mon Feb 16 12:02:17 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 30960664 cli 4790622859)
>Mon Feb 16 12:03:57 2009 : Info: Using deprecated naslist file.  Support for this will go away soon.
>Mon Feb 16 12:03:57 2009 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
>Mon Feb 16 12:03:57 2009 : Info: rlm_eap_tls: Loading the certificate file as a chain
>Mon Feb 16 12:03:57 2009 : Info: WARNING: rlm_eap_tls: Unable to set DH parameters.  DH cipher suites may not work!
>Mon Feb 16 12:03:57 2009 : Info: Ready to process requests.
><snip>
>
>If the abow errors is unrelated to my issue, I still would very much appreciante any hints on how to fix them.

What freeradius version is this? You probably shouldn't be using
User-Password but Cleartext-Password. Post the output of radiusd -X from
request processing.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list