<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
sorry, but where i checked the shared secret? in clients.conf?<br>
<br>
if yes, secret is ok!<br>
<br>
thanks for any help.<br>
<br>
<br>
<br>
On 11/04/2010 09:51 AM, eduardo moreira wrote:
<blockquote
cite="mid:AANLkTi=cMM9L3T2C93e=9Lr11iosp6duRGW3pFr=zpmh@mail.gmail.com"
type="cite">SOrry about this mail Josip, but i checked again my
clients.conf, and i put conf here for u see.<br>
<br>
clients.conf<br>
client 127.0.0.1 {<br>
secret = password<br>
shortname = localhost<br>
nastype = other # localhost isn't usually a NAS...<br>
}<br>
client 10.12.60.19 {<br>
secret = password<br>
shortname = any<br>
nastype = other<br>
}<br>
<br>
and i use this command to test connection:<br>
radtest username 123456 10.12.60.19 1812 0 password<br>
<br>
And i see log of debug and receive this message:<br>
Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests.<br>
rad_recv: Access-Request packet from host 10.12.60.19 port 50105,
id=100, length=73<br>
User-Name = "username"<br>
User-Password = "c\355W'\021tC\372\177R\232(\007\027n\263"<br>
NAS-IP-Address = 127.0.1.1<br>
NAS-Port = 1812<br>
Framed-Protocol = PPP<br>
Thu Nov 4 09:30:02 2010 : Debug: +- entering group authorize<br>
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 1<br>
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from preprocess (rlm_preprocess) for request 1<br>
Thu Nov 4 09:30:02 2010 : Debug: ++[preprocess] returns ok<br>
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling
mschap (rlm_mschap) for request 1<br>
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from mschap (rlm_mschap) for request 1<br>
Thu Nov 4 09:30:02 2010 : Debug: ++[mschap] returns noop<br>
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling
ldap (rlm_ldap) for request 1<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: - authorize<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing user
authorization for username<br>
Thu Nov 4 09:30:02 2010 : Debug: expand: (uid=%u) ->
(uid=username)<br>
Thu Nov 4 09:30:02 2010 : Debug: expand: dc=a,dc=a,dc=c,dc=b
-> dc=a,dc=a,dc=c,dc=b<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn:
Checking Id: 0<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id:
0<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in
dc=a,dc=a,dc=c,dc=b,dc=a,dc=a,dc=c,dc=b, with filter
(uid=username)<br>
Thu Nov 4 09:30:02 2010 : Error: rlm_ldap: ldap_search() failed:
LDAP connection lost.<br>
Thu Nov 4 09:30:02 2010 : Info: rlm_ldap: Attempting reconnect<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: attempting LDAP
reconnection<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: closing existing LDAP
connection<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: (re)connect to
ldap.intra proxy.intra localhost:389, authentication 0<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: bind as
cn=Administrator,dc=a,dc=c,dc=a,dc=c,dc=b/password to ldap.intra
proxy.intra localhost:389<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: waiting for bind
result ...<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Bind was successful<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in
dc=a,dc=c,dc=a,dc=a,dc=c,dc=a,dc=c, with filter (uid=username)<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Added User-Password =
{crypt}tg/iHj5yM2iXI in check items<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: No default NMAS login
sequence<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for check
items in directory...<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute
userPassword as RADIUS attribute Password-With-Header ==
"{crypt}tg/iHj5yM2iXI"<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute
sambantPassword as RADIUS attribute NT-Password ==
0x3738463934413643303931413730423936454135373046344341353438304531<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute
sambalmPassword as RADIUS attribute LM-Password ==
0x3743414142444638393134314430423841414433423433354235313430344545<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute cn as
RADIUS attribute Group == "username"<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for reply
items in directory...<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: user username
authorized to use remote access<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_release_conn:
Release Id: 0<br>
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from ldap (rlm_ldap) for request 1<br>
Thu Nov 4 09:30:02 2010 : Debug: ++[ldap] returns ok<br>
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling
eap (rlm_eap) for request 1<br>
Thu Nov 4 09:30:02 2010 : Debug: rlm_eap: No EAP-Message, not
doing EAP<br>
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from eap (rlm_eap) for request 1<br>
Thu Nov 4 09:30:02 2010 : Debug: ++[eap] returns noop<br>
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling
chap (rlm_chap) for request 1<br>
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned
from chap (rlm_chap) for request 1<br>
Thu Nov 4 09:30:02 2010 : Debug: ++[chap] returns noop<br>
Thu Nov 4 09:30:02 2010 : Debug:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>
Thu Nov 4 09:30:02 2010 : Debug: !!! Replacing User-Password
in config items with Cleartext-Password. !!!<br>
Thu Nov 4 09:30:02 2010 : Debug:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>
Thu Nov 4 09:30:02 2010 : Debug: !!! Please update your
configuration so that the "known good" !!!<br>
Thu Nov 4 09:30:02 2010 : Debug: !!! clear text password is in
Cleartext-Password, and not in User-Password. !!!<br>
Thu Nov 4 09:30:02 2010 : Debug:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>
Thu Nov 4 09:30:02 2010 : Debug: auth: type Local<br>
Thu Nov 4 09:30:02 2010 : Debug: auth: user supplied
User-Password does NOT match local User-Password<br>
Thu Nov 4 09:30:02 2010 : Debug: auth: Failed to validate the
user.<br>
Thu Nov 4 09:30:02 2010 : Auth: Login incorrect:
[username/c\355W'\021tC\372\177R\232(\007\027n\263] (from client
any port 1812)<br>
Thu Nov 4 09:30:02 2010 : Debug: WARNING: Unprintable
characters in the password. Double-check the shared secret
on the server and the NAS!<br>
Thu Nov 4 09:30:02 2010 : Debug: Delaying reject of request 1 for
1 seconds<br>
Thu Nov 4 09:30:02 2010 : Debug: Going to the next request<br>
Thu Nov 4 09:30:02 2010 : Debug: Waking up in 0.9 seconds.<br>
Thu Nov 4 09:30:03 2010 : Debug: Sending delayed reject for
request 1<br>
Sending Access-Reject of id 100 to 10.12.60.19 port 50105<br>
Thu Nov 4 09:30:03 2010 : Debug: Waking up in 4.9 seconds.<br>
Thu Nov 4 09:30:08 2010 : Debug: Cleaning up request 1 ID 100
with timestamp +239035<br>
Thu Nov 4 09:30:08 2010 : Debug: Ready to process requests.<br>
<br>
if u see here: Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: user
username authorized to use remote access<br>
my username is authorized to use, but in last line appears failed
to validade the user ...<br>
Thu Nov 4 09:30:02 2010 : Debug:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>
Thu Nov 4 09:30:02 2010 : Debug: !!! Replacing User-Password
in config items with Cleartext-Password. !!!<br>
Thu Nov 4 09:30:02 2010 : Debug:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>
Thu Nov 4 09:30:02 2010 : Debug: !!! Please update your
configuration so that the "known good" !!!<br>
Thu Nov 4 09:30:02 2010 : Debug: !!! clear text password is in
Cleartext-Password, and not in User-Password. !!!<br>
Thu Nov 4 09:30:02 2010 : Debug:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>
Thu Nov 4 09:30:02 2010 : Debug: auth: type Local<br>
Thu Nov 4 09:30:02 2010 : Debug: auth: user supplied
User-Password does NOT match local User-Password<br>
Thu Nov 4 09:30:02 2010 : Debug: auth: Failed to validate the
user.<br>
Thu Nov 4 09:30:02 2010 : Auth: Login incorrect:
[username/c\355W'\021tC\372\177R\232(\007\027n\263] (from client
any port 1812)<br>
Thu Nov 4 09:30:02 2010 : Debug: WARNING: Unprintable
characters in the password. Double-check the shared secret
on the server and the NAS!<br>
<br>
sorry josip, i chek again my clients.conf but i still dont
uderstand.<br>
<br>
thanks again for u help.<br>
<br>
<br>
<br>
<div class="gmail_quote">2010/11/1 Josip Rodin <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:joy@entuzijast.net">joy@entuzijast.net</a>></span><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div class="im">On Tue, Nov 02, 2010 at 07:30:23AM +1300,
Peter Lambrechtsen wrote:<br>
> It's probably since you didn't compile OpenLDAP and
FreeRadius with OpenSSL<br>
> support.<br>
><br>
> So you will need to recompile OpenLDAP, Cyrus SASL,
OpenLDAP and FreeRadius.<br>
<br>
</div>
No, no, no, and no. <sigh><br>
<br>
If you want to read random debug messages, don't pick just
any.<br>
<br>
Yes, he doesn't have SSL support, but the log also says pretty
clearly:<br>
<div class="im"><br>
> > Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No
EAP-Message, not doing EAP<br>
<br>
</div>
When the client does not use EAP, it's completely irrelevant
that the server<br>
doesn't have support for SSL-using EAP methods.<br>
<br>
And there's clearly no reason to recompile even FR, let alone
three other<br>
different pieces of software. (For the former, just use
lenny-backports.)<br>
<br>
The final error state is:<br>
<div class="im"><br>
> > Mon Nov 1 15:06:10 2010 : Auth: Login incorrect:<br>
> >
[eduardo/1\320\026\305\020B)\323I\211????\001\nx\204] (from
client<br>
> > BrasilTelecom port 1812)<br>
> > Mon Nov 1 15:06:10 2010 : Debug: WARNING:
Unprintable characters in the<br>
> > password. Double-check the shared secret on the
server and the NAS!<br>
<br>
</div>
So, have you double-checked the shared secret?<br>
<font color="#888888"><br>
--<br>
2. That which causes joy or happiness.<br>
</font>
<div>
<div class="h5">-<br>
List info/subscribe/unsubscribe? See <a
moz-do-not-send="true"
href="http://www.freeradius.org/list/users.html"
target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</blockquote>
<br>
</body>
</html>