Help with Radius errors

Alan DeKok aland at deployingradius.com
Thu May 14 22:02:26 CEST 2015 

On May 14, 2015, at 3:40 PM, Philip Bellino <pbellino at mrv.com> wrote:
> Due to a hard disk crash we had to replace our radius server PC. Our newer PC
> is running Fedora Core 21. We then downloaded the FreeRadius 3.0.8 tar.gz file,
> built and installed it.  We now cannot get past the following errors (in bold below).
> We have tried reconfiguring the shared secret as suggested, on the server (editing the clients.conf
> file and retyping the secret) and the client side but still get these errors.

  I think you've broken something.

> In the 2.1.1 version, the only files we changed were "radiusd.conf", "clients.conf" and "users" and added our own dictionary file.
> So for 3.0.8, we followed suit.

  What did you put into the dictionary file?
> 
> Ready to process requests
> (0) Received Access-Request Id 24 from 10.242.135.17:1026 to 10.242.135.10:1812 length 68
> (0)   MRV-Remote-Access-List = 'gina'
> (0)   MRV-Outlet-Group-Access-List = ' ???'
> (0)   MRV-Login-Mode = '
> (0)   NAS-Port-Type = Virtual
> (0)   MRV-Port-Access-List = '^????D???a????S?'
> (0)   MRV-Menu-Name = '

  What are those attributes?  They are NOT standard RADIUS attributes.  There is no User-Name in the packet, which is typically required.  There is no User-Password in the packet, which is also typically required.

> (0) WARNING: Unprintable characters in the password.  Double-check the shared secret on the server and the NAS!

  That message is printed ONLY if there's a User-Password in the attribute.

  So.. .you've done something, and broken the server.  The short answer is "don't do that".

  Go back to the default configuration.  i.e. back out ALL of your local changes.  Check that you can get users authenticated, by adding a Cleartext-Password for that user.  Check that it works with radtest.  Then, make another change.

  You've fallen into the trap of "make 100 changes, and then something doesn't work".  You'll never get it debugged doing that.

  Make ONE change.  Test it.  Make ANOTHER change.  Test it.  This is all documented in "man radiusd".

  And post your dictionary here.  Odds are it poaches on the standard space, and breaks all of RADIUS.

  Alan DeKok.

More information about the Freeradius-Users mailing list