SV: "Invalid password" on OS-X

Jens W. Skov - JS Consult jens at jsconsult.dk
Fri Jun 29 10:35:07 CEST 2012


Here is what de debug shows. It seems it's first authenticated and then
denied:

Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.2 port 9903, id=94,
length=122
                      User-Name = "vpntest"
                      User-Password = "password"
                      Acct-Session-Id = "NS-0000005e"
                      NAS-IP-Address = 192.168.2.2
                      NAS-Port = 28123
                      NAS-Port-Type = Virtual
                      Called-Station-Id = "109.202.152.154"
                      Calling-Station-Id = "62.242.23.156"
                      Netscreen-Attr-10 = 0x00000003
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "vpntest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
++[files] returns noop
rlm_opendirectory: The host 192.168.2.2 does not have an access group.
rlm_opendirectory: User <vpntest> is authorized.
rlm_opendirectory: Setting Auth-Type = opendirectory
++[opendirectory] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = opendirectory
+- entering group opendirectory {...}
rlm_opendirectory: [vpntest]: invalid password
++[opendirectory] returns userlock
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]       expand: %{User-Name} -> vpntest
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 94 to 192.168.2.2 port 9903






Jens W. Skov
Civilingeniør - M. Sc. E. in Telecommunications - MCP
JS Consult
Tlf: +45 45884077
Mobil: +45 23254077
jens at jsconsult.dk (Email, MSN, Skype)
<mailto:jens at jsconsult.dk%20(Email,%20MSN,%20Skype)>

Helpdesk: helpdesk.jsconsult.dk <http://helpdesk.jsconsult.dk/> eller
helpdesk at jsconsult.dk


Rævehøjparken 58
2800 Kgs. Lyngby
 <http://eu.ntrsupport.com/inquiero/web/digisign/digisign.asp?login=I23E8F5
02C6B11A99700843&lang=en>

.... vil du også have centralt administrerede dynamiske signaturer for
alle brugere? 
Kontakt os for en demonstration af Signature Manager.
Alle priser er, med mindre andet er  oplyst, ex. moms og levering.
Der tages forbehold for fejl og prisændringer.





Den 29/06/12 07.03 skrev "Jens W. Skov - JS Consult" <jens at jsconsult.dk>:

>
>Jens W. Skov - JS Consult wrote:
>> I¹m trying to set up external authentication from our router to a
>> OSX-server.
>> 
>> I have it working fine if the user is an admin-user on the mac, but if
>> I try with a normal user I get:
>>
>> Auth: rim_opendirectory: User <vpntest> is authorized.
>> Auth: rim_opendirectory: User [vpntest]: invalid password
>
>  Are you running FreeRADIUS on the same machine running OpenDirectory?
>
>JS: 
>Yes, they have only this one server.
>I do suspect that I might be missing something in the users file.
>In the OSX gui I have selected that users and groups that should be
>allowed, but it seems it not passed on to the radius service.
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list