<div dir="ltr">
<p class="">From the logs I interpret, the error is incorrect password for the user. Is this correct interpretation?</p><p class="">I believe we have added in the NAS correctly to the clients file.<br></p><p class="">Also the username and password, we are testing, authenticates both locally and from another NAS, without issue.</p>
<p class="">Here is an excerpt of our radius -X</p><p class=""><br></p><p class="">FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar 31 2010 at 00:25:31</p><p class="">Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. </p>
<p class="">There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A </p><p class="">PARTICULAR PURPOSE. </p><p class="">You may redistribute copies of FreeRADIUS under the terms of the </p><p class="">GNU General Public License v2. </p>
<p class="">Starting - reading configuration files ...</p><p class=""><br></p><p class=""><br></p><p class=""> client 192.168.1.239 {</p><p class=""><span class="" style="white-space:pre"> </span>require_message_authenticator = no</p>
<p class=""><span class="" style="white-space:pre"> </span>secret = "FreeRADIUS"</p><p class=""><span class="" style="white-space:pre"> </span>shortname = "New_NAS"</p><p class=""> }</p><p class=""><br>
</p><p class=""><br></p><p class=""><br></p><p class=""><br></p><p class="">rad_recv: Access-Request packet from host 192.168.1.239 port 1645, id=30, length=140</p>
<p class=""><span class=""> </span>Framed-Protocol = PPP</p>
<p class=""><span class=""> </span>User-Name = "<a href="mailto:username@domain.com">username@domain.com</a>"</p>
<p class=""><span class=""> </span>User-Password = "password"</p>
<p class=""><span class=""> </span>NAS-Port-Type = Virtual</p>
<p class=""><span class=""> </span>NAS-Port = 0</p>
<p class=""><span class=""> </span>NAS-Port-Id = "0/0/1/2890"</p>
<p class=""><span class=""> </span>Cisco-AVPair = "client-mac-address=a820.6654.6a6f"</p>
<p class=""><span class=""> </span>Service-Type = Framed-User</p>
<p class=""><span class=""> </span>NAS-IP-Address = 192.168.1.239</p>
<p class="">+- entering group authorize {...}</p>
<p class="">++[preprocess] returns ok</p>
<p class="">++[chap] returns noop</p>
<p class="">++[mschap] returns noop</p>
<p class="">[suffix] Looking up realm "<a href="http://domain.com">domain.com</a>" for User-Name = "<a href="mailto:username@domain.com">username@domain.com</a>"</p>
<p class="">[suffix] Found realm "<a href="http://domain.com">domain.com</a>"</p>
<p class="">[suffix] Adding Stripped-User-Name = "username"</p>
<p class="">[suffix] Adding Realm = "<a href="http://domain.com">domain.com</a>"</p>
<p class="">[suffix] Authentication realm is LOCAL.</p>
<p class="">++[suffix] returns ok</p>
<p class="">[eap] No EAP-Message, not doing EAP</p>
<p class="">++[eap] returns noop</p>
<p class="">++[files] returns noop</p>
<p class="">++? if (control:Auth-Type == Reject)</p>
<p class=""> (Attribute control:Auth-Type was not found)</p>
<p class="">++- entering else else {...}</p>
<p class="">[sql] <span class=""> </span>expand: %{Stripped-User-Name} -> username</p>
<p class="">[sql] <span class=""> </span>expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> username</p>
<p class="">[sql] sql_set_user escaped user --> 'username'</p>
<p class="">rlm_sql (sql): Reserving sql socket id: 23</p>
<p class="">[sql] <span class=""> </span>expand: SELECT '1' as id, userId as username, 'Cleartext-Password' as attribute, checkNASIPPassword( '%{NAS-IP-Address}','%{SQL-User-Name}') as value, ':=' as op FROM radiusUsers WHERE userId = '%{SQL-User-Name}' ORDER BY id -> SELECT '1' as id, userId as username, 'Cleartext-Password' as attribute, checkNASIPPassword( '192.168.1.239','username') as value, ':=' as op FROM radiusUsers WHERE userId = 'username' ORDER BY id</p>
<p class="">[sql] User found in radcheck table</p>
<p class="">[sql] <span class=""> </span>expand: SELECT '1' as id, userId as username, 'Framed-IP-Address' as attribute, assignIPAddress('%{NAS-IP-Address}','%{SQL-User-Name}') as value, '==' as op FROM radiusUsers WHERE userId = '%{SQL-User-Name}' ORDER BY id -> SELECT '1' as id, userId as username, 'Framed-IP-Address' as attribute, assignIPAddress('192.168.1.239','username') as value, '==' as op FROM radiusUsers WHERE userId = 'username' ORDER BY id</p>
<p class="">[sql] <span class=""> </span>expand: SELECT userID as groupname FROM radiusUsers WHERE userId = '**-Not-Using-Groups-**' -> SELECT userID as groupname FROM radiusUsers WHERE userId = '**-Not-Using-Groups-**' </p>
<p class="">rlm_sql (sql): Released sql socket id: 23</p>
<p class="">+++[sql] returns ok</p>
<p class="">++- else else returns ok</p>
<p class="">++[expiration] returns noop</p>
<p class="">++[logintime] returns noop</p>
<p class="">++[pap] returns updated</p>
<p class="">Found Auth-Type = PAP</p>
<p class="">+- entering group PAP {...}</p>
<p class="">[pap] login attempt with password "password"</p>
<p class="">[pap] Using clear text password "**-User-Not-Allowed-To-Use-This-NAS-**"</p>
<p class="">[pap] Passwords don't match</p>
<p class="">++[pap] returns reject</p>
<p class="">Failed to authenticate the user.</p>
<p class="">Login incorrect (rlm_pap: CLEAR TEXT password check failed): [<a href="http://username@domain.com/password">username@domain.com/password</a>] (from client SHL-BRAS-01_239 port 0)</p>
<p class="">Using Post-Auth-Type Reject</p>
<p class="">+- entering group REJECT {...}</p>
<p class="">[attr_filter.access_reject] <span class=""> </span>expand: %{User-Name} -> <a href="mailto:username@domain.com">username@domain.com</a></p>
<p class=""> attr_filter: Matched entry DEFAULT attrt line 11</p>
<p class="">++[attr_filter.access_reject] returns updated</p>
<p class="">Sending Access-Reject of id 30 to 192.168.1.239 port 1645</p>
<p class="">Finished request 70.</p></div>