Help with Radius errors
Philip Bellino
pbellino at mrv.com
Thu May 14 21:40:38 CEST 2015
Hello,
I was running FreeRadius version 2.1.1 on Fedora Core 4. This worked fine,
using a vanilla configuration with perhaps a dozen users defined.
Due to a hard disk crash we had to replace our radius server PC. Our newer PC
is running Fedora Core 21. We then downloaded the FreeRadius 3.0.8 tar.gz file,
built and installed it. We now cannot get past the following errors (in bold below).
We have tried reconfiguring the shared secret as suggested, on the server (editing the clients.conf
file and retyping the secret) and the client side but still get these errors.
In the 2.1.1 version, the only files we changed were "radiusd.conf", "clients.conf" and "users" and added our own dictionary file.
So for 3.0.8, we followed suit.
Any assistance would be most appreciated.
Thanks,
Phil
Partial output from running radiusd -X: I have attached the entire output.
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Opening new proxy socket 'proxy address * port 0'
Listening on proxy address * port 54743
Ready to process requests
(0) Received Access-Request Id 24 from 10.242.135.17:1026 to 10.242.135.10:1812 length 68
(0) MRV-Remote-Access-List = 'gina'
(0) MRV-Outlet-Group-Access-List = ' ???'
(0) MRV-Login-Mode = '
(0) NAS-Port-Type = Virtual
(0) MRV-Port-Access-List = '^????D???a????S?'
(0) MRV-Menu-Name = '
(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (!&User-Name) {
(0) if (!&User-Name) -> TRUE
(0) if (!&User-Name) {
(0) [noop] = noop
(0) } # if (!&User-Name) = noop
(0) if (&User-Name =~ / /) {
(0) ERROR: Failed retrieving values required to evaluate condition
(0) if (&User-Name =~ /@.*@/<mailto:/@.*@/> ) {
(0) ERROR: Failed retrieving values required to evaluate condition
(0) if (&User-Name =~ /\.\./ ) {
(0) ERROR: Failed retrieving values required to evaluate condition
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))<mailto:/@(.+)\.(.+)$/))> {
(0) ERROR: Failed retrieving values required to evaluate condition
(0) if (&User-Name =~ /\.$/) {
(0) ERROR: Failed retrieving values required to evaluate condition
(0) if (&User-Name =~ /@\./<mailto:/@\./>) {
(0) ERROR: Failed retrieving values required to evaluate condition
(0) } # policy filter_username = noop
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "gina", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) eap: No EAP-Message, not doing EAP
(0) [eap] = noop
(0) files: users: Matched entry gina at line 128
(0) [files] = ok
(0) [expiration] = noop
(0) [logintime] = noop
(0) [pap] = updated
(0) } # authorize = updated
(0) Found Auth-Type = PAP
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0) Auth-Type PAP {
(0) pap: Login attempt with password
(0) pap: ERROR: Cleartext password does not match "known good" password
(0) pap: Passwords don't match
(0) [pap] = reject
(0) } # Auth-Type PAP = reject
(0) Failed to authenticate the user
(0) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0) Post-Auth-Type REJECT {
(0) attr_filter.access_reject: EXPAND %{User-Name}
(0) attr_filter.access_reject: -->
(0) [attr_filter.access_reject] = noop
(0) [eap] = noop
(0) policy remove_reply_message_if_eap {
(0) if (&reply:EAP-Message && &reply:Reply-Message) {
(0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(0) else {
(0) [noop] = noop
(0) } # else = noop
(0) } # policy remove_reply_message_if_eap = noop
(0) } # Post-Auth-Type REJECT = noop
(0) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(0) <delay>: Sending delayed response
(0) <delay>: Sent Access-Reject Id 24 from 10.242.135.10:1812 to 10.242.135.17:1026 length 20
Waking up in 3.9 seconds.
(0) <delay>: Cleaning up request packet ID 24 with timestamp +19
Ready to process requests
Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive | Chelmsford, MA 01824
Phone: 978-674-6870 | Fax: 978-674-6799
www.mrv.com
[MRV-email]
[E-Banner]<http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform>
MRV Communications is a global supplier of packet and optical solutions that power the world's largest networks. Our products combine innovative hardware with intelligent software to make networks smarter, faster and more efficient.
The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6563 bytes
Desc: image001.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150514/b7773366/attachment-0001.png>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radiusoutput.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150514/b7773366/attachment-0001.txt>
More information about the Freeradius-Users
mailing list