Hi, thanks for the answer. You are right - radius didn't recieved any password, where should be an error ? I'm authorizing Iphone and Windows 7 prof. , all systems asked me for login and password. Authorized wifi network is controlled by Cisco wireless controller 2504, isn't there some missconfiguration for radius ? Thanks and best regards J.Karliak (732) Received Access-Request Id 13 from 192.168.26.10:32773 to 195.123.183.11:1812 length 282 (732) User-Name = "username@domain.tld" (732) Chargeable-User-Identity = 0x00 (732) Location-Capable = Civix-Location (732) Calling-Station-Id = "a0-88-b4-43-4a-54" (732) Called-Station-Id = "88-1d-3c-42-00-00:WIFI-TEST" (732) NAS-Port = 13 (732) Cisco-AVPair = "audit-session-id=c0a8ce0a003494f65aded7cf" (732) Acct-Session-Id = "5aded7cf/a0:88:b4:43:4a:54/5397550" (732) NAS-IP-Address = 192.168.206.10 (732) NAS-Identifier = "wireless1" (732) Airespace-Wlan-Id = 2 (732) Service-Type = Framed-User (732) Framed-MTU = 1300 (732) NAS-Port-Type = Wireless-802.11 (732) Tunnel-Type:0 = VLAN (732) Tunnel-Medium-Type:0 = IEEE-802 (732) Tunnel-Private-Group-Id:0 = "75" (732) EAP-Message = 0x020200120163686f736540666e686b2e637a (732) Message-Authenticator = 0x4d80f3857dc7786c664c8ce8444372c3 (732) # Executing section authorize from file /etc/raddb/sites-enabled/default (732) authorize { (732) if (&User-Name =~ /@domain.tld/ || &User-Name =~ /@domain.tld/) { (732) if (&User-Name =~ /@domain.tld/ || &User-Name =~ /@domain.tld/) -> TRUE (732) if (&User-Name =~ /@domain.tld/ || &User-Name =~ /@domain.tld/) { (732) if ("%{request:User-Name}" =~ /^(.*)@/) { (732) EXPAND %{request:User-Name} (732) --> username@domain.tld (732) if ("%{request:User-Name}" =~ /^(.*)@/) -> TRUE (732) if ("%{request:User-Name}" =~ /^(.*)@/) { (732) update request { (732) EXPAND %{1} (732) --> username (732) Stripped-User-Name := username (732) EXPAND %{2} (732) --> (732) Realm := (732) } # update request = noop (732) } # if ("%{request:User-Name}" =~ /^(.*)@/) = noop (732) [files] = noop (732) ntlm_auth: Executing: /usr/bin/ntlm_auth --request-nt-key --domain=domain.tld --username=%{Stripped-User-Name} --password=%{User-Password}: (732) ntlm_auth: EXPAND --username=%{Stripped-User-Name} (732) ntlm_auth: --> --username=username (732) ntlm_auth: EXPAND --password=%{User-Password} (732) ntlm_auth: --> --password= (732) ntlm_auth: ERROR: Program returned code (1) and output 'NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)' (732) [ntlm_auth] = reject (732) } # if (&User-Name =~ /@domain.tld/ || &User-Name =~ /@domain.tld/) = reject (732) } # authorize = reject (732) Invalid user (ntlm_auth: Program returned code (1) and output 'NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)'): [username] (from client wireless1 port 13 cli a0-88-b4-43-4a-54) Dne 2018-04-23 23:06, Arran Cudbard-Bell napsal:
On Apr 24, 2018, at 12:13 AM, Alan DeKok <aland@deployingradius.com> wrote:
On Apr 23, 2018, at 4:22 AM, chose <chose@ajetaci.cz> wrote:
Good morning, I couldn't authorize over my radius, when I run it with debug, I see that user password is empty:
Because the server doesn't receive a User-Password.
READ the debug log. ALL OF IT.
http://wiki.freeradius.org/radiusd-X
-Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and implementation of the DMARC. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you.