<br><div class="gmail_quote"><div class="gmail_quote"><div dir="ltr"><ul><li>First, I known this question had been asked many times, and I had read many posts about it, and reenter the shared secret many times, but still could not resolve my problem, I had been blocked on this nearly a week, so I need your help, thanks in advance<br>
</li><li>radius server : freeradius-server-2.2.0<br></li><li>radius client : freeradius-client-1.1.6<br></li><li>OS : Ubuntu 10.10<br></li><li><b><font size="4">Following is one full log of the radius server :</font></b><br>
</li><li></li><li>Info: FreeRADIUS Version 2.2.0, for host i686-pc-linux-gnu, built on May 31 2013 at 22:41:36</li><li>Info: Copyright (C) 1999-2012 The FreeRADIUS server project and contributors. </li><li>Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A </li>
<li>Info: PARTICULAR PURPOSE. </li><li>Info: You may redistribute copies of FreeRADIUS under the terms of the </li><li>Info: GNU General Public License v2. </li><li>Info: Starting - reading configuration files ...</li><li>
Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/radiusd.conf</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/proxy.conf</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/clients.conf</li>
<li>Debug: including files in directory /usr/local/freeradius-server-2.2.0/etc/raddb/modules/</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/soh</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/rediswho</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/ippool</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/expr</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/opendirectory</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/radrelay</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/chap</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail.log</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/mac2vlan</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/cache</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/dynamic_clients</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/mschap</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/always</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/wimax</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/sqlcounter_expire_on_login</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/exec</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/ldap</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/redis</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/attr_rewrite</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/logintime</li><li>
Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/linelog</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/echo</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/acct_unique</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/checkval</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/pam</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/cui</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/replicate</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/inner-eap</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/radutmp</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/realm</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/smsotp</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/<a href="http://detail.example.com" target="_blank">detail.example.com</a></li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/files</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/sql_log</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/krb5</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/dhcp_sqlippool</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/sql/mysql/ippool-dhcp.conf</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/digest</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/sradutmp</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/passwd</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/attr_filter</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/etc_group</li><li>
Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/policy</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/perl</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/counter</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/smbpasswd</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/otp</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/ntlm_auth</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/pap</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/preprocess</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/mac2ip</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/expiration</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/unix</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/eap.conf</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/policy.conf</li>
<li>Debug: including files in directory /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default</li><li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/inner-tunnel</li>
<li>Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/control-socket</li><li>Debug: main {</li><li>Debug: <span style="white-space:pre-wrap"> </span>allow_core_dumps = no</li>
<li>Debug: }</li><li>Debug: including dictionary file /usr/local/freeradius-server-2.2.0/etc/raddb/dictionary</li><li>Debug: main {</li><li>Debug: <span style="white-space:pre-wrap"> </span>name = "radiusd"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>prefix = "/usr/local/freeradius-server-2.2.0"</li><li>Debug: <span style="white-space:pre-wrap"> </span>localstatedir = "/usr/local/freeradius-server-2.2.0/var"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>sbindir = "/usr/local/freeradius-server-2.2.0/sbin"</li><li>Debug: <span style="white-space:pre-wrap"> </span>logdir = "/usr/local/freeradius-server-2.2.0/var/log/radius"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>run_dir = "/usr/local/freeradius-server-2.2.0/var/run/radiusd"</li><li>Debug: <span style="white-space:pre-wrap"> </span>libdir = "/usr/local/freeradius-server-2.2.0/lib"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>radacctdir = "/usr/local/freeradius-server-2.2.0/var/log/radius/radacct"</li><li>Debug: <span style="white-space:pre-wrap"> </span>hostname_lookups = no</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>max_request_time = 30</li><li>Debug: <span style="white-space:pre-wrap"> </span>cleanup_delay = 5</li><li>Debug: <span style="white-space:pre-wrap"> </span>max_requests = 1024</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>pidfile = "/usr/local/freeradius-server-2.2.0/var/run/radiusd/radiusd.pid"</li><li>Debug: <span style="white-space:pre-wrap"> </span>checkrad = "/usr/local/freeradius-server-2.2.0/sbin/checkrad"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>debug_level = 0</li><li>Debug: <span style="white-space:pre-wrap"> </span>proxy_requests = yes</li><li>Debug: log {</li><li>Debug: <span style="white-space:pre-wrap"> </span>stripped_names = no</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>auth = no</li><li>Debug: <span style="white-space:pre-wrap"> </span>auth_badpass = no</li><li>Debug: <span style="white-space:pre-wrap"> </span>auth_goodpass = no</li>
<li>Debug: }</li><li>Debug: security {</li><li>Debug: <span style="white-space:pre-wrap"> </span>max_attributes = 200</li><li>Debug: <span style="white-space:pre-wrap"> </span>reject_delay = 1</li><li>Debug: <span style="white-space:pre-wrap"> </span>status_server = yes</li>
<li>Debug: }</li><li>Debug: }</li><li>Debug: radiusd: #### Loading Realms and Home Servers ####</li><li>Debug: proxy server {</li><li>Debug: <span style="white-space:pre-wrap"> </span>retry_delay = 5</li><li>Debug: <span style="white-space:pre-wrap"> </span>retry_count = 3</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>default_fallback = no</li><li>Debug: <span style="white-space:pre-wrap"> </span>dead_time = 120</li><li>Debug: <span style="white-space:pre-wrap"> </span>wake_all_if_all_dead = no</li>
<li>Debug: }</li><li>Debug: home_server localhost {</li><li>Debug: <span style="white-space:pre-wrap"> </span>ipaddr = 127.0.0.1</li><li>Debug: <span style="white-space:pre-wrap"> </span>port = 1812</li><li>Debug: <span style="white-space:pre-wrap"> </span>type = "auth"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>secret = "testing123"</li><li>Debug: <span style="white-space:pre-wrap"> </span>response_window = 20</li><li>Debug: <span style="white-space:pre-wrap"> </span>max_outstanding = 65536</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>require_message_authenticator = yes</li><li>Debug: <span style="white-space:pre-wrap"> </span>zombie_period = 40</li><li>Debug: <span style="white-space:pre-wrap"> </span>status_check = "status-server"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>ping_interval = 30</li><li>Debug: <span style="white-space:pre-wrap"> </span>check_interval = 30</li><li>Debug: <span style="white-space:pre-wrap"> </span>num_answers_to_alive = 3</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>num_pings_to_alive = 3</li><li>Debug: <span style="white-space:pre-wrap"> </span>revive_interval = 120</li><li>Debug: <span style="white-space:pre-wrap"> </span>status_check_timeout = 4</li>
<li>Debug: coa {</li><li>Debug: <span style="white-space:pre-wrap"> </span>irt = 2</li><li>Debug: <span style="white-space:pre-wrap"> </span>mrt = 16</li><li>Debug: <span style="white-space:pre-wrap"> </span>mrc = 5</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>mrd = 30</li><li>Debug: }</li><li>Debug: }</li><li>Debug: home_server_pool my_auth_failover {</li><li>Debug: <span style="white-space:pre-wrap"> </span>type = fail-over</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>home_server = localhost</li><li>Debug: }</li><li>Debug: realm <a href="http://example.com" target="_blank">example.com</a> {</li><li>Debug: <span style="white-space:pre-wrap"> </span>auth_pool = my_auth_failover</li>
<li>Debug: }</li><li>Debug: realm LOCAL {</li><li>Debug: }</li><li>Debug: radiusd: #### Loading Clients ####</li><li>Debug: client localhost {</li><li>Debug: <span style="white-space:pre-wrap"> </span>ipaddr = 127.0.0.1</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>require_message_authenticator = no</li><li>Debug: <span style="white-space:pre-wrap"> </span>secret = "testing123"</li><li>Debug: <span style="white-space:pre-wrap"> </span>nastype = "other"</li>
<li>Debug: }</li><li>Debug: radiusd: #### Instantiating modules ####</li><li>Debug: instantiate {</li><li>Debug: (Loaded rlm_exec, checking if it's valid)</li><li>Debug: Module: Linked to module rlm_exec</li><li>
Debug: Module: Instantiating module "exec" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/exec</li><li>Debug: exec {</li><li>Debug: <span style="white-space:pre-wrap"> </span>wait = no</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>input_pairs = "request"</li><li>Debug: <span style="white-space:pre-wrap"> </span>shell_escape = yes</li><li>Debug: }</li><li>Debug: (Loaded rlm_expr, checking if it's valid)</li>
<li>Debug: Module: Linked to module rlm_expr</li><li>Debug: Module: Instantiating module "expr" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/expr</li><li>Debug: (Loaded rlm_expiration, checking if it's valid)</li>
<li>Debug: Module: Linked to module rlm_expiration</li><li>Debug: Module: Instantiating module "expiration" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/expiration</li><li>Debug: expiration {</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>reply-message = "Password Has Expired "</li><li>Debug: }</li><li>Debug: (Loaded rlm_logintime, checking if it's valid)</li><li>Debug: Module: Linked to module rlm_logintime</li>
<li>Debug: Module: Instantiating module "logintime" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/logintime</li><li>Debug: logintime {</li><li>Debug: <span style="white-space:pre-wrap"> </span>reply-message = "You are calling outside your allowed timespan "</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>minimum-timeout = 60</li><li>Debug: }</li><li>Debug: }</li><li>Debug: radiusd: #### Loading Virtual Servers ####</li><li>Debug: server { # from file /usr/local/freeradius-server-2.2.0/etc/raddb/radiusd.conf</li>
<li>Debug: modules {</li><li>Debug: Module: Creating Auth-Type = digest</li><li>Debug: Module: Creating Post-Auth-Type = REJECT</li><li>Debug: Module: Checking authenticate {...} for more modules to load</li><li>Debug: (Loaded rlm_pap, checking if it's valid)</li>
<li>Debug: Module: Linked to module rlm_pap</li><li>Debug: Module: Instantiating module "pap" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/pap</li><li>Debug: pap {</li><li>Debug: <span style="white-space:pre-wrap"> </span>encryption_scheme = "auto"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>auto_header = no</li><li>Debug: }</li><li>Debug: (Loaded rlm_chap, checking if it's valid)</li><li>Debug: Module: Linked to module rlm_chap</li><li>Debug: Module: Instantiating module "chap" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/chap</li>
<li>Debug: (Loaded rlm_mschap, checking if it's valid)</li><li>Debug: Module: Linked to module rlm_mschap</li><li>Debug: Module: Instantiating module "mschap" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/mschap</li>
<li>Debug: mschap {</li><li>Debug: <span style="white-space:pre-wrap"> </span>use_mppe = yes</li><li>Debug: <span style="white-space:pre-wrap"> </span>require_encryption = no</li><li>Debug: <span style="white-space:pre-wrap"> </span>require_strong = no</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>with_ntdomain_hack = no</li><li>Debug: <span style="white-space:pre-wrap"> </span>allow_retry = yes</li><li>Debug: }</li><li>Debug: (Loaded rlm_digest, checking if it's valid)</li>
<li>Debug: Module: Linked to module rlm_digest</li><li>Debug: Module: Instantiating module "digest" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/digest</li><li>Debug: (Loaded rlm_unix, checking if it's valid)</li>
<li>Debug: Module: Linked to module rlm_unix</li><li>Debug: Module: Instantiating module "unix" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/unix</li><li>Debug: unix {</li><li>Debug: <span style="white-space:pre-wrap"> </span>radwtmp = "/usr/local/freeradius-server-2.2.0/var/log/radius/radwtmp"</li>
<li>Debug: }</li><li>Debug: (Loaded rlm_eap, checking if it's valid)</li><li>Debug: Module: Linked to module rlm_eap</li><li>Debug: Module: Instantiating module "eap" from file /usr/local/freeradius-server-2.2.0/etc/raddb/eap.conf</li>
<li>Debug: eap {</li><li>Debug: <span style="white-space:pre-wrap"> </span>default_eap_type = "md5"</li><li>Debug: <span style="white-space:pre-wrap"> </span>timer_expire = 60</li><li>Debug: <span style="white-space:pre-wrap"> </span>ignore_unknown_eap_types = no</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>cisco_accounting_username_bug = no</li><li>Debug: <span style="white-space:pre-wrap"> </span>max_sessions = 4096</li><li>Debug: }</li><li>Debug: Module: Linked to sub-module rlm_eap_md5</li>
<li>Debug: Module: Instantiating eap-md5</li><li>Debug: Module: Linked to sub-module rlm_eap_leap</li><li>Debug: Module: Instantiating eap-leap</li><li>Debug: Module: Linked to sub-module rlm_eap_gtc</li><li>Debug: Module: Instantiating eap-gtc</li>
<li>Debug: gtc {</li><li>Debug: <span style="white-space:pre-wrap"> </span>challenge = "Password: "</li><li>Debug: <span style="white-space:pre-wrap"> </span>auth_type = "PAP"</li><li>Debug: }</li>
<li>Debug: Ignoring EAP-Type/tls because we do not have OpenSSL support.</li><li>Debug: Ignoring EAP-Type/ttls because we do not have OpenSSL support.</li><li>Debug: Ignoring EAP-Type/peap because we do not have OpenSSL support.</li>
<li>Debug: Module: Linked to sub-module rlm_eap_mschapv2</li><li>Debug: Module: Instantiating eap-mschapv2</li><li>Debug: mschapv2 {</li><li>Debug: <span style="white-space:pre-wrap"> </span>with_ntdomain_hack = no</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>send_error = no</li><li>Debug: }</li><li>Debug: Module: Checking authorize {...} for more modules to load</li><li>Debug: (Loaded rlm_preprocess, checking if it's valid)</li>
<li>Debug: Module: Linked to module rlm_preprocess</li><li>Debug: Module: Instantiating module "preprocess" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/preprocess</li><li>Debug: preprocess {</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>huntgroups = "/usr/local/freeradius-server-2.2.0/etc/raddb/huntgroups"</li><li>Debug: <span style="white-space:pre-wrap"> </span>hints = "/usr/local/freeradius-server-2.2.0/etc/raddb/hints"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>with_ascend_hack = no</li><li>Debug: <span style="white-space:pre-wrap"> </span>ascend_channels_per_line = 23</li><li>Debug: <span style="white-space:pre-wrap"> </span>with_ntdomain_hack = no</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>with_specialix_jetstream_hack = no</li><li>Debug: <span style="white-space:pre-wrap"> </span>with_cisco_vsa_hack = no</li><li>Debug: <span style="white-space:pre-wrap"> </span>with_alvarion_vsa_hack = no</li>
<li>Debug: }</li><li>Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/huntgroups</li><li>Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/hints</li><li>Debug: (Loaded rlm_realm, checking if it's valid)</li>
<li>Debug: Module: Linked to module rlm_realm</li><li>Debug: Module: Instantiating module "suffix" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/realm</li><li>Debug: realm suffix {</li><li>
Debug: <span style="white-space:pre-wrap"> </span>format = "suffix"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>delimiter = "@"</li><li>Debug: <span style="white-space:pre-wrap"> </span>ignore_default = no</li><li>Debug: <span style="white-space:pre-wrap"> </span>ignore_null = no</li>
<li>Debug: }</li><li>Debug: (Loaded rlm_files, checking if it's valid)</li><li>Debug: Module: Linked to module rlm_files</li><li>Debug: Module: Instantiating module "files" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/files</li>
<li>Debug: files {</li><li>Debug: <span style="white-space:pre-wrap"> </span>usersfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/users"</li><li>Debug: <span style="white-space:pre-wrap"> </span>acctusersfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/acct_users"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>preproxy_usersfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/preproxy_users"</li><li>Debug: <span style="white-space:pre-wrap"> </span>compat = "no"</li>
<li>Debug: }</li><li>Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/users</li><li>Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/acct_users</li><li>Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/preproxy_users</li>
<li>Debug: Module: Checking preacct {...} for more modules to load</li><li>Debug: (Loaded rlm_acct_unique, checking if it's valid)</li><li>Debug: Module: Linked to module rlm_acct_unique</li><li>Debug: Module: Instantiating module "acct_unique" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/acct_unique</li>
<li>Debug: acct_unique {</li><li>Debug: <span style="white-space:pre-wrap"> </span>key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"</li><li>Debug: }</li><li>Debug: Module: Checking accounting {...} for more modules to load</li>
<li>Debug: (Loaded rlm_detail, checking if it's valid)</li><li>Debug: Module: Linked to module rlm_detail</li><li>Debug: Module: Instantiating module "detail" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail</li>
<li>Debug: detail {</li><li>Debug: <span style="white-space:pre-wrap"> </span>detailfile = "/usr/local/freeradius-server-2.2.0/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Ad</li><li>Debug: <span style="white-space:pre-wrap"> </span>header = "%t"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>detailperm = 384</li><li>Debug: <span style="white-space:pre-wrap"> </span>dirperm = 493</li><li>Debug: <span style="white-space:pre-wrap"> </span>locking = no</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>log_packet_header = no</li><li>Debug: }</li><li>Debug: (Loaded rlm_attr_filter, checking if it's valid)</li><li>Debug: Module: Linked to module rlm_attr_filter</li>
<li>Debug: Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/freeradius-server-2.2.0/etc/raddb/mod</li><li>Debug: attr_filter attr_filter.accounting_response {</li><li>Debug: <span style="white-space:pre-wrap"> </span>attrsfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/attrs.accounting_response"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>key = "%{User-Name}"</li><li>Debug: <span style="white-space:pre-wrap"> </span>relaxed = no</li><li>Debug: }</li><li>Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/attrs.accounting_response</li>
<li>Debug: Module: Checking session {...} for more modules to load</li><li>Debug: (Loaded rlm_radutmp, checking if it's valid)</li><li>Debug: Module: Linked to module rlm_radutmp</li><li>Debug: Module: Instantiating module "radutmp" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/radutmp</li>
<li>Debug: radutmp {</li><li>Debug: <span style="white-space:pre-wrap"> </span>filename = "/usr/local/freeradius-server-2.2.0/var/log/radius/radutmp"</li><li>Debug: <span style="white-space:pre-wrap"> </span>username = "%{User-Name}"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>case_sensitive = yes</li><li>Debug: <span style="white-space:pre-wrap"> </span>check_with_nas = yes</li><li>Debug: <span style="white-space:pre-wrap"> </span>perm = 384</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>callerid = yes</li><li>Debug: }</li><li>Debug: Module: Checking post-proxy {...} for more modules to load</li><li>Debug: Module: Checking post-auth {...} for more modules to load</li>
<li>Debug: Module: Instantiating module "attr_filter.access_reject" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/a</li><li>Debug: attr_filter attr_filter.access_reject {</li><li>Debug: <span style="white-space:pre-wrap"> </span>attrsfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/attrs.access_reject"</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>key = "%{User-Name}"</li><li>Debug: <span style="white-space:pre-wrap"> </span>relaxed = no</li><li>Debug: }</li><li>Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/attrs.access_reject</li>
<li>Debug: } # modules</li><li>Debug: } # server</li><li>Debug: server inner-tunnel { # from file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/inner-tunnel</li><li>Debug: modules {</li><li>Debug: Module: Checking authenticate {...} for more modules to load</li>
<li>Debug: Module: Checking authorize {...} for more modules to load</li><li>Debug: Module: Checking session {...} for more modules to load</li><li>Debug: Module: Checking post-proxy {...} for more modules to load</li>
<li>Debug: Module: Checking post-auth {...} for more modules to load</li><li>Debug: } # modules</li><li>Debug: } # server</li><li>Debug: radiusd: #### Opening IP addresses and Ports ####</li><li>Debug: listen {</li><li>
Debug: <span style="white-space:pre-wrap"> </span>type = "auth"</li><li>Debug: <span style="white-space:pre-wrap"> </span>ipaddr = *</li><li>Debug: <span style="white-space:pre-wrap"> </span>port = 0</li>
<li>Debug: }</li><li>Debug: listen {</li><li>Debug: <span style="white-space:pre-wrap"> </span>type = "acct"</li><li>Debug: <span style="white-space:pre-wrap"> </span>ipaddr = *</li><li>Debug: <span style="white-space:pre-wrap"> </span>port = 0</li>
<li>Debug: }</li><li>Debug: listen {</li><li>Debug: <span style="white-space:pre-wrap"> </span>type = "control"</li><li>Debug: listen {</li><li>Debug: <span style="white-space:pre-wrap"> </span>socket = "/usr/local/freeradius-server-2.2.0/var/run/radiusd/radiusd.sock"</li>
<li>Debug: }</li><li>Debug: }</li><li>Debug: listen {</li><li>Debug: <span style="white-space:pre-wrap"> </span>type = "auth"</li><li>Debug: <span style="white-space:pre-wrap"> </span>ipaddr = 127.0.0.1</li>
<li>Debug: <span style="white-space:pre-wrap"> </span>port = 18120</li><li>Debug: }</li><li>Debug: ... adding new socket proxy address * port 53579</li><li>Debug: Listening on authentication address * port 1812</li><li>
Debug: Listening on accounting address * port 1813</li><li>Debug: Listening on command file /usr/local/freeradius-server-2.2.0/var/run/radiusd/radiusd.sock</li><li>Debug: Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel</li>
<li>Debug: Listening on proxy address * port 1814</li><li>Info: Ready to process requests.</li><li>Info: # Executing section authorize from file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default</li><li>
Info: +- entering group authorize {...}</li>
<li>Info: ++[preprocess] returns ok</li><li>Info: ++[chap] returns noop</li><li>Info: ++[mschap] returns noop</li><li>Info: ++[digest] returns noop</li><li>Info: [suffix] No '@' in User-Name = "steve", looking up realm NULL</li>
<li>Info: [suffix] No such realm "NULL"</li><li>Info: ++[suffix] returns noop</li><li>Info: [eap] No EAP-Message, not doing EAP</li><li>Info: ++[eap] returns noop</li><li>Info: [files] users: Matched entry steve at line 76</li>
<li>Info: ++[files] returns ok</li><li>Info: ++[expiration] returns noop</li><li>Info: ++[logintime] returns noop</li><li>Info: ++[pap] returns updated</li><li>Info: Found Auth-Type = PAP</li><li>Info: # Executing group from file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default</li>
<li>Info: +- entering group PAP {...}</li><li>Info: [pap] login attempt with password "<b><font size="4" color="#ff0000">f言U?(?Wk?b ?</font></b>"</li><li>Info: [pap] Using clear text password "testing"</li>
<li>Info: [pap] Passwords don't match</li>
<li>Info: ++[pap] returns reject</li><li>Info: Failed to authenticate the user.</li><li>Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!</li><li>Info: Using Post-Auth-Type REJECT</li>
<li>Info: # Executing group from file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default</li><li>Info: +- entering group REJECT {...}</li><li>Info: [attr_filter.access_reject] <span style="white-space:pre-wrap"> </span>expand: %{User-Name} -> steve</li>
<li>Debug: attr_filter: Matched entry DEFAULT at line 11</li><li>Info: ++[attr_filter.access_reject] returns updated</li><li>Info: Delaying reject of request 0 for 1 seconds</li><li>Debug: Going to the next request</li><li>
Debug: Waking up in 0.9 seconds.</li><li>Info: Sending delayed reject for request 0</li><li>Debug: Waking up in 4.9 seconds.</li><li>Info: Cleaning up request 0 ID 183 with timestamp +24</li><li>Info: Ready to process requests.</li>
<li><b><font size="4">I found that every time the password which are transformed from the client is different though I input at the client with the same password every time(the part I marked as red)</font></b></li></ul><div>
<font size="4"><b><br></b></font></div><ul>
<li><font size="4"><b>The server's one configure file : users, is as following, I only uncommented the user "steve" and changed its IP :</b></font></li><li></li><li>#</li><li>#<span style="white-space:pre-wrap"> </span>Please read the documentation file ../doc/processing_users_file,</li>
<li>#<span style="white-space:pre-wrap"> </span>or 'man 5 users' (after installing the server) for more information.</li><li>#</li><li>#<span style="white-space:pre-wrap"> </span>This file contains authentication security and configuration</li>
<li>#<span style="white-space:pre-wrap"> </span>information for each user. Accounting requests are NOT processed</li><li>#<span style="white-space:pre-wrap"> </span>through this file. Instead, see 'acct_users', in this directory.</li>
<li>#</li><li>#<span style="white-space:pre-wrap"> </span>The first field is the user's name and can be up to</li><li>#<span style="white-space:pre-wrap"> </span>253 characters in length. This is followed (on the same line) with</li>
<li>#<span style="white-space:pre-wrap"> </span>the list of authentication requirements for that user. This can</li><li>#<span style="white-space:pre-wrap"> </span>include password, comm server name, comm server port number, protocol</li>
<li>#<span style="white-space:pre-wrap"> </span>type (perhaps set by the "hints" file), and huntgroup name (set by</li><li>#<span style="white-space:pre-wrap"> </span>the "huntgroups" file).</li>
<li>#</li><li>#<span style="white-space:pre-wrap"> </span>If you are not sure why a particular reply is being sent by the</li><li>#<span style="white-space:pre-wrap"> </span>server, then run the server in debugging mode (radiusd -X), and</li>
<li>#<span style="white-space:pre-wrap"> </span>you will see which entries in this file are matched.</li><li>#</li><li>#<span style="white-space:pre-wrap"> </span>When an authentication request is received from the comm server,</li>
<li>#<span style="white-space:pre-wrap"> </span>these values are tested. Only the first match is used unless the</li><li>#<span style="white-space:pre-wrap"> </span>"Fall-Through" variable is set to "Yes".</li>
<li>#</li><li>#<span style="white-space:pre-wrap"> </span>A special user named "DEFAULT" matches on all usernames.</li><li>#<span style="white-space:pre-wrap"> </span>You can have several DEFAULT entries. All entries are processed</li>
<li>#<span style="white-space:pre-wrap"> </span>in the order they appear in this file. The first entry that</li><li>#<span style="white-space:pre-wrap"> </span>matches the login-request will stop processing unless you use</li>
<li>#<span style="white-space:pre-wrap"> </span>the Fall-Through variable.</li><li>#</li><li>#<span style="white-space:pre-wrap"> </span>If you use the database support to turn this file into a .db or .dbm</li><li>
#<span style="white-space:pre-wrap"> </span>file, the DEFAULT entries _have_ to be at the end of this file and</li><li>#<span style="white-space:pre-wrap"> </span>you can't have multiple entries for one username.</li>
<li>#</li><li>#<span style="white-space:pre-wrap"> </span>Indented (with the tab character) lines following the first</li><li>#<span style="white-space:pre-wrap"> </span>line indicate the configuration values to be passed back to</li>
<li>#<span style="white-space:pre-wrap"> </span>the comm server to allow the initiation of a user session.</li><li>#<span style="white-space:pre-wrap"> </span>This can include things like the PPP configuration values</li>
<li>#<span style="white-space:pre-wrap"> </span>or the host to log the user onto.</li><li>#</li><li>#<span style="white-space:pre-wrap"> </span>You can include another `users' file with `$INCLUDE users.other'</li>
<li>#</li><li><br></li><li>#</li><li>#<span style="white-space:pre-wrap"> </span>For a list of RADIUS attributes, and links to their definitions,</li><li>#<span style="white-space:pre-wrap"> </span>see:</li><li>#</li>
<li>#<span style="white-space:pre-wrap"> </span><a href="http://www.freeradius.org/rfc/attributes.html" target="_blank">http://www.freeradius.org/rfc/attributes.html</a></li><li>#</li><li><br></li><li>#</li><li># Deny access for a specific user. Note that this entry MUST</li>
<li># be before any other 'Auth-Type' attribute which results in the user</li><li># being authenticated.</li><li>#</li><li># Note that there is NO 'Fall-Through' attribute, so the user will not</li><li># be given any additional resources.</li>
<li>#</li><li>#lameuser<span style="white-space:pre-wrap"> </span>Auth-Type := Reject</li><li>#<span style="white-space:pre-wrap"> </span>Reply-Message = "Your account has been disabled."</li><li><br></li>
<li>#</li><li># Deny access for a group of users.</li><li>#</li><li># Note that there is NO 'Fall-Through' attribute, so the user will not</li><li># be given any additional resources.</li><li>#</li><li>#DEFAULT<span style="white-space:pre-wrap"> </span>Group == "disabled", Auth-Type := Reject</li>
<li>#<span style="white-space:pre-wrap"> </span>Reply-Message = "Your account has been disabled."</li><li>#</li><li><br></li><li>#</li><li># This is a complete entry for "steve". Note that there is no Fall-Through</li>
<li># entry so that no DEFAULT entry will be used, and the user will NOT</li><li># get any attributes in addition to the ones listed here.</li><li>#</li><li>steve<span style="white-space:pre-wrap"> </span>Cleartext-Password := "testing"</li>
<li><span style="white-space:pre-wrap"> </span>Service-Type = Framed-User,</li><li><span style="white-space:pre-wrap"> </span>Framed-Protocol = PPP,</li><li><span style="white-space:pre-wrap"> </span>Framed-IP-Address = 127.0.0.1,</li>
<li><span style="white-space:pre-wrap"> </span>Framed-IP-Netmask = 255.255.255.0,</li><li><span style="white-space:pre-wrap"> </span>Framed-Routing = Broadcast-Listen,</li><li><span style="white-space:pre-wrap"> </span>Framed-Filter-Id = "std.ppp",</li>
<li><span style="white-space:pre-wrap"> </span>Framed-MTU = 1500,</li><li><span style="white-space:pre-wrap"> </span>Framed-Compression = Van-Jacobsen-TCP-IP</li><li><br></li><li>#</li><li># This is an entry for a user with a space in their name.</li>
<li># Note the double quotes surrounding the name.</li><li>#</li><li>#"John Doe"<span style="white-space:pre-wrap"> </span>Cleartext-Password := "hello"</li><li>#<span style="white-space:pre-wrap"> </span>Reply-Message = "Hello, %{User-Name}"</li>
<li><br></li><li>#</li><li># Dial user back and telnet to the default host for that port</li><li>#</li><li>#Deg<span style="white-space:pre-wrap"> </span>Cleartext-Password := "ge55ged"</li><li>#<span style="white-space:pre-wrap"> </span>Service-Type = Callback-Login-User,</li>
<li>#<span style="white-space:pre-wrap"> </span>Login-IP-Host = 0.0.0.0,</li><li>#<span style="white-space:pre-wrap"> </span>Callback-Number = "9,5551212",</li><li>#<span style="white-space:pre-wrap"> </span>Login-Service = Telnet,</li>
<li>#<span style="white-space:pre-wrap"> </span>Login-TCP-Port = Telnet</li><li><br></li><li>#</li><li># Another complete entry. After the user "dialbk" has logged in, the</li><li># connection will be broken and the user will be dialed back after which</li>
<li># he will get a connection to the host "timeshare1".</li><li>#</li><li>#dialbk<span style="white-space:pre-wrap"> </span>Cleartext-Password := "callme"</li><li>#<span style="white-space:pre-wrap"> </span>Service-Type = Callback-Login-User,</li>
<li>#<span style="white-space:pre-wrap"> </span>Login-IP-Host = timeshare1,</li><li>#<span style="white-space:pre-wrap"> </span>Login-Service = PortMaster,</li><li>#<span style="white-space:pre-wrap"> </span>Callback-Number = "9,1-800-555-1212"</li>
<li><br></li><li>#</li><li># user "swilson" will only get a static IP number if he logs in with</li><li># a framed protocol on a terminal server in Alphen (see the huntgroups file).</li><li>#</li><li># Note that by setting "Fall-Through", other attributes will be added from</li>
<li># the following DEFAULT entries</li><li>#</li><li>#swilson<span style="white-space:pre-wrap"> </span>Service-Type == Framed-User, Huntgroup-Name == "alphen"</li><li>#<span style="white-space:pre-wrap"> </span>Framed-IP-Address = 192.168.1.65,</li>
<li>#<span style="white-space:pre-wrap"> </span>Fall-Through = Yes</li><li><br></li><li>#</li><li># If the user logs in as 'username.shell', then authenticate them</li><li># using the default method, give them shell access, and stop processing</li>
<li># the rest of the file.</li><li>#</li><li>#DEFAULT<span style="white-space:pre-wrap"> </span>Suffix == ".shell"</li><li>#<span style="white-space:pre-wrap"> </span>Service-Type = Login-User,</li><li>
#<span style="white-space:pre-wrap"> </span>Login-Service = Telnet,</li><li>#<span style="white-space:pre-wrap"> </span>Login-IP-Host = your.shell.machine</li><li><br></li><li><br></li><li>#</li><li># The rest of this file contains the several DEFAULT entries.</li>
<li># DEFAULT entries match with all login names.</li><li># Note that DEFAULT entries can also Fall-Through (see first entry).</li><li># A name-value pair from a DEFAULT entry will _NEVER_ override</li><li># an already existing name-value pair.</li>
<li>#</li><li><br></li><li>#</li><li># Set up different IP address pools for the terminal servers.</li><li># Note that the "+" behind the IP address means that this is the "base"</li><li># IP address. The Port-Id (S0, S1 etc) will be added to it.</li>
<li>#</li><li>#DEFAULT<span style="white-space:pre-wrap"> </span>Service-Type == Framed-User, Huntgroup-Name == "alphen"</li><li>#<span style="white-space:pre-wrap"> </span>Framed-IP-Address = 192.168.1.32+,</li>
<li>#<span style="white-space:pre-wrap"> </span>Fall-Through = Yes</li><li><br></li><li>#DEFAULT<span style="white-space:pre-wrap"> </span>Service-Type == Framed-User, Huntgroup-Name == "delft"</li><li>
#<span style="white-space:pre-wrap"> </span>Framed-IP-Address = 192.168.2.32+,</li><li>#<span style="white-space:pre-wrap"> </span>Fall-Through = Yes</li><li><br></li><li>#</li><li># Sample defaults for all framed connections.</li>
<li>#</li><li>#DEFAULT<span style="white-space:pre-wrap"> </span>Service-Type == Framed-User</li><li>#<span style="white-space:pre-wrap"> </span>Framed-IP-Address = 255.255.255.254,</li><li>#<span style="white-space:pre-wrap"> </span>Framed-MTU = 576,</li>
<li>#<span style="white-space:pre-wrap"> </span>Service-Type = Framed-User,</li><li>#<span style="white-space:pre-wrap"> </span>Fall-Through = Yes</li><li><br></li><li>#</li><li># Default for PPP: dynamic IP address, PPP mode, VJ-compression.</li>
<li># NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected</li><li>#<span style="white-space:pre-wrap"> </span>by the terminal server in which case there may not be a "P" suffix.</li>
<li>#<span style="white-space:pre-wrap"> </span>The terminal server sends "Framed-Protocol = PPP" for auto PPP.</li><li>#</li><li>DEFAULT<span style="white-space:pre-wrap"> </span>Framed-Protocol == PPP</li>
<li><span style="white-space:pre-wrap"> </span>Framed-Protocol = PPP,</li><li><span style="white-space:pre-wrap"> </span>Framed-Compression = Van-Jacobson-TCP-IP</li><li><br></li><li>#</li><li># Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.</li>
<li>#</li><li>DEFAULT<span style="white-space:pre-wrap"> </span>Hint == "CSLIP"</li><li><span style="white-space:pre-wrap"> </span>Framed-Protocol = SLIP,</li><li><span style="white-space:pre-wrap"> </span>Framed-Compression = Van-Jacobson-TCP-IP</li>
<li><br></li><li>#</li><li># Default for SLIP: dynamic IP address, SLIP mode.</li><li>#</li><li>DEFAULT<span style="white-space:pre-wrap"> </span>Hint == "SLIP"</li><li><span style="white-space:pre-wrap"> </span>Framed-Protocol = SLIP</li>
<li><br></li><li>#</li><li># Last default: rlogin to our main server.</li><li>#</li><li>#DEFAULT</li><li>#<span style="white-space:pre-wrap"> </span>Service-Type = Login-User,</li><li>#<span style="white-space:pre-wrap"> </span>Login-Service = Rlogin,</li>
<li>#<span style="white-space:pre-wrap"> </span>Login-IP-Host = <a href="http://shellbox.ispdomain.com" target="_blank">shellbox.ispdomain.com</a></li><li><br></li><li># #</li><li># # Last default: shell on the local terminal server.</li>
<li># #</li><li># DEFAULT</li><li># <span style="white-space:pre-wrap"> </span>Service-Type = Administrative-User</li><li><br></li><li># On no match, the user is denied access.</li><li><font size="4"><b>The server's another configure file : clients.conf, and I changed nothing . yes, I used the default secret as the shared secret:</b></font></li>
<li></li><li><br></li><li><font size="4"><b>The client's one configure file : servers. BTW, I also tried the ways that only keep one localhost in the left side and changed it to 127.0.0.1 , the error is still and same, and I also tried reenter the shared secret many times</b></font></li>
<li></li><li>## Server Name or Client/Server pair<span style="white-space:pre-wrap"> </span>Key<span style="white-space:pre-wrap"> </span></li><li>## ----------------<span style="white-space:pre-wrap"> </span>---------------</li>
<li>#</li><li>#<a href="http://portmaster.elemental.net" target="_blank">portmaster.elemental.net</a><span style="white-space:pre-wrap"> </span>hardlyasecret</li><li>#<a href="http://portmaster2.elemental.net" target="_blank">portmaster2.elemental.net</a><span style="white-space:pre-wrap"> </span>donttellanyone</li>
<li>#</li><li>## uncomment the following line for simple testing of radlogin</li><li>## with freeradius-server</li><li>#</li><li>localhost/localhost<span style="white-space:pre-wrap"> </span>testing123</li><li><font size="4"><b>The client's another configure file : radiusclient.conf, I changed nothing</b></font></li>
</ul></div>
</div><br>
</div><br>