"Known good" password

Bernd Nachtigall bnacht at web.de
Thu Jul 5 13:58:40 CEST 2018


Am 05.07.2018 um 12:03 schrieb Alan Buxey:
> your user entry is wrong. thus not matching the request.
> 
> alan

For those who dont want to be ask the oracle:


This Syntax of an user entry (old radius 2) was the cause of the error:

testuser Cleartext-Password := "mypassword", Login-Time ="Any",
Expiration >"Oct 01 2020", Simultanous-Use = 1
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 192.168.111.222,
        Framed-Routing = None,
        Filter-ID = USER

In radius3 you has to use:

testuser Cleartext-Password := "mypassword"
	Login-Time ="Any",
	Expiration >"Oct 01 2020",
	Simultanous-Use = 1,
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 192.168.111.222,
        Framed-Routing = None,
        Filter-ID = USER

The first line has a new line after the double quote and no comma.

Bernd

> 
> On 5 July 2018 at 10:58, Bernd Nachtigall <bnacht at web.de> wrote:
> 
>> Hi,
>>
>> I try to setup a basic radius service. Use Version 3.0.3
>> Most files are untouched. Edit mods-config/files/authorize and added
>> some user:
>>
>> testuser Cleartext-Password := "mypassword", Login-Time ="Any",
>> Expiration >"Oct 01 2020", Simultanous-Use = 1
>>         Service-Type = Framed-User,
>>         Framed-Protocol = PPP,
>>         Framed-IP-Address = 192.168.111.222,
>>         Framed-Routing = None,
>>         Filter-ID = USER
>>
>> Edit client.conf and added:
>> client 192.168.1.5 {
>>         secret = clientpwd
>> }
>>
>> radiusd starts w/o problem and the default test:
>> # radtest testing password 127.0.0.1 0 testing123
>> is successfull.
>>
>> When try to test (from localhost):
>>
>> # radtest testuser mypassword 127.0.0.1 0 testing123
>>
>> I think this is likely the same test as with the default user 'testing'.
>>
>> radius throw:
>> ...
>> WARNING: pap : No "known good" password found tor the user. Not setting
>> Auth-Type.
>> WARNING: pap : Authentication will faill unless a "known good" password
>> is available.
>>   [pap] = noop
>> } # authorize = ok
>> ERROR: No Auth-Tape found: rejecting the user via Post-Auth-Type = Reject
>> ...
>>
>> So my question is: What is an 'known good' password? Where should this
>> be configured?
>>
>>
>> TiA
>>
>> Bernd
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>> list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


More information about the Freeradius-Users mailing list