Fwd: Authentication failure issue

fieldpeak fieldpeak at gmail.com
Fri Aug 5 10:21:47 CEST 2011 

Hi Stefan,

Sorry for the confusion, actullay i have checked both secret on both NAS and
server sides, it is same.
below is debug output, the confusion pasword "Q?²Êà ëê¢p?¤F?+Õa"  is
very suspecious, it should be '1111' that i configure in database.
maybe i check the wrong conf files for secrect, below is files that i
checked. is it correct?
NAS:
  usr/local/etc/radiusclient/
servers
  localhost/localhost    testing123

  Server:
  /usr/local/etc/raddb/clients.conf
  secret        = testing123


debug output:

Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "Q?²Êà ëê¢p?¤F?+Õa"
[pap] Using clear text password "1111"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
  WARNING: Unprintable characters in the password.        Double-check
the shared secret on the server and the NAS!

Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> 1001
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 38 for 1 seconds


Regards,
Charles

2011/8/5 Stefan Winter <stefan.winter at restena.lu>

> Hello,
>
> while you marked lots of stuff in yellow, you missed the REALLY helpful
> part:
>
> "WARNING: Unprintable characters in the password.        Double-check
> the shared secret on the server and the NAS!"
>
> How about doing exactly that...?
>
> Stefan Winter
>
>
> Am 05.08.2011 06:14, schrieb fieldpeak:
> > Hello Friends,
> >
> > I met a issue regarding password/authentication with FreeRadius, Could
> > anybody help for the issue, Thanks!
> >
> > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
> >
> > [pap] WARNING! No "known good" password found for the user.
> > Authentication may fail because of this.
> > ++[pap] returns noop
> > ERROR: No authenticate method (Auth-Type) found for the request:
> > Rejecting the user
> >
> > The details in below mails.
> >
> > Regards,
> > Charles
> >
> > Forwarded conversation
> > Subject: *Authentication failure issue*
> > ------------------------
> >
> > From: *fieldpeak* <fieldpeak at gmail.com <mailto:fieldpeak at gmail.com>>
> > Date: 2011/8/4
> > To: freeradius-users at lists.freeradius.org
> > <mailto:freeradius-users at lists.freeradius.org>
> >
> >
> > Dear Friends,
> >
> > I'm trying integrate Freeswitch with Freeradius, I met below issue,
> > can anyone help, thanks in adance.
> >
> > Freeradius server log:
> >
> > rad_recv: Access-Request packet from host 127.0.0.1 port 52684, id=49,
> > length=111
> >         User-Name = "1001"
> >         User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
> >         Called-Station-Id = "888"
> >         h323-conf-id = "749d2b5a-16ad-48e4-af58-
> > 24011949d1b5"
> >         Calling-Station-Id = "1001"
> >         NAS-Port = 0
> >         NAS-IP-Address = 127.0.0.1
> > # Executing section authorize from file
> > /usr/local/etc/raddb/sites-enabled/default
> > +- entering group authorize {...}
> > ++[preprocess] returns ok
> > [auth_log]      expand:
> > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> > -> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803
> > <http://127.0.0.1/auth-detail-20110803>
> > [auth_log]
> > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> > expands to
> > /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803
> > <http://127.0.0.1/auth-detail-20110803>
> > [auth_log]      expand: %t -> Wed Aug  3 12:06:33 2011
> > ++[auth_log] returns ok
> > ++[chap] returns noop
> > ++[mschap] returns noop
> > ++[digest] returns noop
> > [suffix] No '@' in User-Name = "1001", looking up realm NULL
> > [suffix] No such realm "NULL"
> > ++[suffix] returns noop
> > [eap] No EAP-Message, not doing EAP
> > ++[eap] returns noop
> > ++[unix] returns notfound
> > ++[files] returns noop
> > [sql]   expand: %{User-Name} -> 1001
> > [sql] sql_set_user escaped user --> '1001'
> > rlm_sql (sql): Reserving sql socket id: 4
> > [sql]   expand: SELECT id, username, attribute, value, op
> > FROM radcheck           WHERE username = '%{SQL-User-Name}'
> > ORDER BY id -> SELECT id, username, attribute, value, op
> > FROM radcheck           WHERE username = '1001'           ORDER BY id
> > [sql]   expand: SELECT groupname           FROM radusergroup
> > WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
> > SELECT groupname           FROM radusergroup           WHERE username
> > = '1001'           ORDER BY priority
> > rlm_sql (sql): Released sql socket id: 4
> > [sql] User 1001 not found
> > ++[sql] returns notfound
> > ++[expiration] returns noop
> > ++[logintime] returns noop
> > [pap] WARNING! No "known good" password found for the user.
> > Authentication may fail because of this.
> > ++[pap] returns noop
> > ERROR: No authenticate method (Auth-Type) found for the request:
> > Rejecting the user
> > Failed to authenticate the user.
> >   WARNING: Unprintable characters in the password.        Double-check
> > the shared secret on the server and the NAS!
> > Using Post-Auth-Type Reject
> > # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> > +- entering group REJECT {...}
> > [attr_filter.access_reject]     expand: %{User-Name} -> 1001
> >  attr_filter: Matched entry DEFAULT at line 11
> > ++[attr_filter.access_reject] returns updated
> > Delaying reject of request 8 for 1 seconds
> > Going to the next request
> > Waking up in 0.9 seconds.
> > Sending delayed reject for request 8
> > Sending Access-Reject of id 49 to 127.0.0.1 port 52684
> > Waking up in 4.9 seconds.
> > Cleaning up request 8 ID 49 with timestamp +7674
> > Ready to process requests.
> > WARNING! No "known good" password found for the user
> >
> > Regards,
> > Charles
> >
> > ----------
> > From: *fieldpeak* <fieldpeak at gmail.com <mailto:fieldpeak at gmail.com>>
> > Date: 2011/8/4
> > To: freeradius-users at lists.freeradius.org
> > <mailto:freeradius-users at lists.freeradius.org>
> >
> >
> > Hello Gurus,
> >
> > I've double checked the shared secret on both server and NAS are the
> > same, the problem still exist, it trouble me a few days, can anyone
> > kindly help?
> >
> > nas:
> > /usr/local/etc/radiusclient/servers
> > localhost/localhost    testing123
> >
> > server:
> > /usr/local/etc/raddb/clients.conf
> > secret        = testing123
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> --
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
> la Recherche
> 6, rue Richard Coudenhove-Kalergi
> L-1359 Luxembourg
>
> Tel: +352 424409 1
> Fax: +352 422473
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110805/160f381e/attachment.html>

More information about the Freeradius-Users mailing list