Stefan & Alan,<br><br>Great! The issue was resolved by re-correcting the secret of program on NAS...<br><br>Apprecited very much for your dedicated help!! :)<br><br>Regards,<br>Charles<br><br><div class="gmail_quote">2011/8/5 Stefan Winter <span dir="ltr"><<a href="mailto:stefan.winter@restena.lu">stefan.winter@restena.lu</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi,<br>
<br>
your FreeRADIUS Server reads the clients from this file:<br>
<br>
including configuration file /usr/local/etc/raddb/clients.conf<br>
<br>
which is what you edited - good. Now you have to check where<br>
radiusclient reads its secret from. Can't help you with that.<br>
<br>
Stefan<br>
<br>
Am 05.08.2011 11:09, schrieb fieldpeak:<br>
<div class="im">> Hi Stefan,<br>
><br>
> Attached is the fully log from FreeRadius start, i tried to identify<br>
> it myself however i'm new comer to FR, can you please advise, thanks a<br>
> lot!<br>
><br>
> Regards,<br>
> Charles<br>
><br>
> 2011/8/5 Stefan Winter <<a href="mailto:stefan.winter@restena.lu">stefan.winter@restena.lu</a><br>
</div><div><div></div><div class="h5">> <mailto:<a href="mailto:stefan.winter@restena.lu">stefan.winter@restena.lu</a>>><br>
><br>
> Hi,<br>
><br>
> if the password is mangled that way, there is not much other<br>
> reason than<br>
> a misconfigured shared secret.<br>
><br>
> I can't tell you which config file exactly does what on your system;<br>
> that depends on the configure settings you used to install FreeRADIUS,<br>
> and on where and how you installed the NAS stuff with radiusclient.<br>
><br>
> You could post a *full* debug output of radiusd -X, *including* what's<br>
> printed on server startup - it will print out which files it reads for<br>
> its configuration.<br>
><br>
> Stefan<br>
><br>
> Am 05.08.2011 10:21, schrieb fieldpeak:<br>
> > Hi Stefan,<br>
> ><br>
> > Sorry for the confusion, actullay i have checked both secret on both<br>
> > NAS and server sides, it is same.<br>
> > below is debug output, the confusion pasword "Q?²ÊÃ<br>
> > ëê¢p?¤F?+Õa" is very suspecious, it should be '1111' that i<br>
> > configure in database.<br>
> > maybe i check the wrong conf files for secrect, below is files<br>
> that i<br>
> > checked. is it correct?<br>
> > NAS:<br>
> > usr/local/etc/radiusclient/<br>
> > servers<br>
> > localhost/localhost testing123<br>
> ><br>
> > Server:<br>
> > /usr/local/etc/raddb/clients.conf<br>
> > secret = testing123<br>
> ><br>
> ><br>
> > debug output:<br>
> ><br>
> > Found Auth-Type = PAP<br>
> > # Executing group from file<br>
> /usr/local/etc/raddb/sites-enabled/default<br>
> > +- entering group PAP {...}<br>
> > [pap] login attempt with password "Q?²Êà ëê¢p?¤F?+Õa"<br>
> > [pap] Using clear text password "1111"<br>
> > [pap] Passwords don't match<br>
> > ++[pap] returns reject<br>
> > Failed to authenticate the user.<br>
> > WARNING: Unprintable characters in the password. Double-check the<br>
> > shared secret on the server and the NAS!<br>
> > Using Post-Auth-Type Reject<br>
> > # Executing group from file<br>
> /usr/local/etc/raddb/sites-enabled/default<br>
> > +- entering group REJECT {...}<br>
> > [attr_filter.access_reject] expand: %{User-Name} -> 1001<br>
> > attr_filter: Matched entry DEFAULT at line 11<br>
> > ++[attr_filter.access_reject] returns updated<br>
> > Delaying reject of request 38 for 1 seconds<br>
> ><br>
> ><br>
> > Regards,<br>
> > Charles<br>
> ><br>
> > 2011/8/5 Stefan Winter <<a href="mailto:stefan.winter@restena.lu">stefan.winter@restena.lu</a><br>
> <mailto:<a href="mailto:stefan.winter@restena.lu">stefan.winter@restena.lu</a>><br>
</div></div>> > <mailto:<a href="mailto:stefan.winter@restena.lu">stefan.winter@restena.lu</a> <mailto:<a href="mailto:stefan.winter@restena.lu">stefan.winter@restena.lu</a>>>><br>
<div><div></div><div class="h5">> ><br>
> > Hello,<br>
> ><br>
> > while you marked lots of stuff in yellow, you missed the REALLY<br>
> > helpful<br>
> > part:<br>
> ><br>
> > "WARNING: Unprintable characters in the password. Double-check<br>
> > the shared secret on the server and the NAS!"<br>
> ><br>
> > How about doing exactly that...?<br>
> ><br>
> > Stefan Winter<br>
> ><br>
> ><br>
> > Am 05.08.2011 06:14, schrieb fieldpeak:<br>
> > > Hello Friends,<br>
> > ><br>
> > > I met a issue regarding password/authentication with FreeRadius,<br>
> > Could<br>
> > > anybody help for the issue, Thanks!<br>
> > ><br>
> > > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"<br>
> > ><br>
> > > [pap] WARNING! No "known good" password found for the user.<br>
> > > Authentication may fail because of this.<br>
> > > ++[pap] returns noop<br>
> > > ERROR: No authenticate method (Auth-Type) found for the request:<br>
> > > Rejecting the user<br>
> > ><br>
> > > The details in below mails.<br>
> > ><br>
> > > Regards,<br>
> > > Charles<br>
> > ><br>
> > > Forwarded conversation<br>
> > > Subject: *Authentication failure issue*<br>
> > > ------------------------<br>
> > ><br>
> > > From: *fieldpeak* <<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a><br>
> <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a>><br>
> > <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a> <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a>>><br>
> <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a> <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a>><br>
</div></div>> > <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a> <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a>>>>><br>
<div><div></div><div class="h5">> > > Date: 2011/8/4<br>
> > > To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
> <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
> > <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
> <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>>><br>
> > > <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
> <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
> > <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
> <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>>>><br>
> > ><br>
> > ><br>
> > > Dear Friends,<br>
> > ><br>
> > > I'm trying integrate Freeswitch with Freeradius, I met below<br>
> issue,<br>
> > > can anyone help, thanks in adance.<br>
> > ><br>
> > > Freeradius server log:<br>
> > ><br>
> > > rad_recv: Access-Request packet from host 127.0.0.1 port 52684,<br>
> > id=49,<br>
> > > length=111<br>
> > > User-Name = "1001"<br>
> > > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"<br>
> > > Called-Station-Id = "888"<br>
> > > h323-conf-id = "749d2b5a-16ad-48e4-af58-<br>
> > > 24011949d1b5"<br>
> > > Calling-Station-Id = "1001"<br>
> > > NAS-Port = 0<br>
> > > NAS-IP-Address = 127.0.0.1<br>
> > > # Executing section authorize from file<br>
> > > /usr/local/etc/raddb/sites-enabled/default<br>
> > > +- entering group authorize {...}<br>
> > > ++[preprocess] returns ok<br>
> > > [auth_log] expand:<br>
> > ><br>
> ><br>
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d<br>
> > > -><br>
> > /usr/local/var/log/radius/radacct/<a href="http://127.0.0.1/auth-detail-20110803" target="_blank">127.0.0.1/auth-detail-20110803</a><br>
> <<a href="http://127.0.0.1/auth-detail-20110803" target="_blank">http://127.0.0.1/auth-detail-20110803</a>><br>
> > <<a href="http://127.0.0.1/auth-detail-20110803" target="_blank">http://127.0.0.1/auth-detail-20110803</a>><br>
> > > <<a href="http://127.0.0.1/auth-detail-20110803" target="_blank">http://127.0.0.1/auth-detail-20110803</a>><br>
> > > [auth_log]<br>
> > ><br>
> ><br>
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d<br>
> > > expands to<br>
> > ><br>
> /usr/local/var/log/radius/radacct/<a href="http://127.0.0.1/auth-detail-20110803" target="_blank">127.0.0.1/auth-detail-20110803</a><br>
> <<a href="http://127.0.0.1/auth-detail-20110803" target="_blank">http://127.0.0.1/auth-detail-20110803</a>><br>
> > <<a href="http://127.0.0.1/auth-detail-20110803" target="_blank">http://127.0.0.1/auth-detail-20110803</a>><br>
> > > <<a href="http://127.0.0.1/auth-detail-20110803" target="_blank">http://127.0.0.1/auth-detail-20110803</a>><br>
> > > [auth_log] expand: %t -> Wed Aug 3 12:06:33 2011<br>
> > > ++[auth_log] returns ok<br>
> > > ++[chap] returns noop<br>
> > > ++[mschap] returns noop<br>
> > > ++[digest] returns noop<br>
> > > [suffix] No '@' in User-Name = "1001", looking up realm NULL<br>
> > > [suffix] No such realm "NULL"<br>
> > > ++[suffix] returns noop<br>
> > > [eap] No EAP-Message, not doing EAP<br>
> > > ++[eap] returns noop<br>
> > > ++[unix] returns notfound<br>
> > > ++[files] returns noop<br>
> > > [sql] expand: %{User-Name} -> 1001<br>
> > > [sql] sql_set_user escaped user --> '1001'<br>
> > > rlm_sql (sql): Reserving sql socket id: 4<br>
> > > [sql] expand: SELECT id, username, attribute, value, op<br>
> > > FROM radcheck WHERE username = '%{SQL-User-Name}'<br>
> > > ORDER BY id -> SELECT id, username, attribute, value, op<br>
> > > FROM radcheck WHERE username = '1001' ORDER BY id<br>
> > > [sql] expand: SELECT groupname FROM radusergroup<br>
> > > WHERE username = '%{SQL-User-Name}' ORDER BY priority -><br>
> > > SELECT groupname FROM radusergroup WHERE username<br>
> > > = '1001' ORDER BY priority<br>
> > > rlm_sql (sql): Released sql socket id: 4<br>
> > > [sql] User 1001 not found<br>
> > > ++[sql] returns notfound<br>
> > > ++[expiration] returns noop<br>
> > > ++[logintime] returns noop<br>
> > > [pap] WARNING! No "known good" password found for the user.<br>
> > > Authentication may fail because of this.<br>
> > > ++[pap] returns noop<br>
> > > ERROR: No authenticate method (Auth-Type) found for the request:<br>
> > > Rejecting the user<br>
> > > Failed to authenticate the user.<br>
> > > WARNING: Unprintable characters in the password. Double-check<br>
> > > the shared secret on the server and the NAS!<br>
> > > Using Post-Auth-Type Reject<br>
> > > # Executing group from file<br>
> > /usr/local/etc/raddb/sites-enabled/default<br>
> > > +- entering group REJECT {...}<br>
> > > [attr_filter.access_reject] expand: %{User-Name} -> 1001<br>
> > > attr_filter: Matched entry DEFAULT at line 11<br>
> > > ++[attr_filter.access_reject] returns updated<br>
> > > Delaying reject of request 8 for 1 seconds<br>
> > > Going to the next request<br>
> > > Waking up in 0.9 seconds.<br>
> > > Sending delayed reject for request 8<br>
> > > Sending Access-Reject of id 49 to 127.0.0.1 port 52684<br>
> > > Waking up in 4.9 seconds.<br>
> > > Cleaning up request 8 ID 49 with timestamp +7674<br>
> > > Ready to process requests.<br>
> > > WARNING! No "known good" password found for the user<br>
> > ><br>
> > > Regards,<br>
> > > Charles<br>
> > ><br>
> > > ----------<br>
> > > From: *fieldpeak* <<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a><br>
> <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a>><br>
> > <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a> <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a>>><br>
> <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a> <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a>><br>
</div></div>> > <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a> <mailto:<a href="mailto:fieldpeak@gmail.com">fieldpeak@gmail.com</a>>>>><br>
<div class="im">> > > Date: 2011/8/4<br>
> > > To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
> <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
> > <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
> <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>>><br>
> > > <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
> <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
> > <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
</div><div><div></div><div class="h5">> <mailto:<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>>>><br>
> > ><br>
> > ><br>
> > > Hello Gurus,<br>
> > ><br>
> > > I've double checked the shared secret on both server and NAS<br>
> are the<br>
> > > same, the problem still exist, it trouble me a few days, can<br>
> anyone<br>
> > > kindly help?<br>
> > ><br>
> > > nas:<br>
> > > /usr/local/etc/radiusclient/servers<br>
> > > localhost/localhost testing123<br>
> > ><br>
> > > server:<br>
> > > /usr/local/etc/raddb/clients.conf<br>
> > > secret = testing123<br>
> > ><br>
> > ><br>
> > ><br>
> > > -<br>
> > > List info/subscribe/unsubscribe? See<br>
> > <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
> ><br>
> ><br>
> > --<br>
> > Stefan WINTER<br>
> > Ingenieur de Recherche<br>
> > Fondation RESTENA - Réseau Téléinformatique de l'Education<br>
> > Nationale et de la Recherche<br>
> > 6, rue Richard Coudenhove-Kalergi<br>
> > L-1359 Luxembourg<br>
> ><br>
> > Tel: +352 424409 1<br>
> > Fax: +352 422473<br>
> ><br>
> ><br>
> ><br>
> > -<br>
> > List info/subscribe/unsubscribe? See<br>
> > <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > -<br>
> > List info/subscribe/unsubscribe? See<br>
> <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
><br>
><br>
> --<br>
> Stefan WINTER<br>
> Ingenieur de Recherche<br>
> Fondation RESTENA - Réseau Téléinformatique de l'Education<br>
> Nationale et de la Recherche<br>
> 6, rue Richard Coudenhove-Kalergi<br>
> L-1359 Luxembourg<br>
><br>
> Tel: +352 424409 1<br>
> Fax: +352 422473<br>
><br>
><br>
><br>
> -<br>
> List info/subscribe/unsubscribe? See<br>
> <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
><br>
><br>
><br>
><br>
> -<br>
> List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
<br>
<br>
--<br>
Stefan WINTER<br>
Ingenieur de Recherche<br>
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche<br>
6, rue Richard Coudenhove-Kalergi<br>
L-1359 Luxembourg<br>
<br>
Tel: +352 424409 1<br>
Fax: +352 422473<br>
<br>
<br>
</div></div><br>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br>