Hi I have run the server in the debug mode and it keeps saying the error *1) pap: Comparing with "known-good" Crypt-password* *(1) pap: ERROR: Crypt digest does not match "known good" digest* I gave same credentials which i have in radcheck table mysql> select * from radcheck; +----+-----------+--------------------+----+------------+ | id | username | attribute | op | value | +----+-----------+--------------------+----+------------+ | 5 | *testuser2* | Cleartext-Password | := | *GeForce-23* | +----+-----------+--------------------+----+------------+ Here is the complete info (1) Received Access-Request Id 146 from 127.0.0.1:51406 to 127.0.0.1:1812 length 79 (1) User-Name = "testuser2" (1) User-Password = "GeForce-23" (1) NAS-IP-Address = 10.0.0.140 (1) NAS-Port = 0 (1) Message-Authenticator = 0x8d9aa944e7a240ed28d9bc5f112de505 (1) # Executing section authorize from file /etc/raddb/sites-enabled/default (1) authorize { (1) [preprocess] = ok (1) auth_log: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (1) auth_log: --> /var/log/radius/radacct/127.0.0.1/auth-detail-20190421 (1) auth_log: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20190421 (1) auth_log: EXPAND %t (1) auth_log: --> Sun Apr 21 10:24:18 2019 (1) [auth_log] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "testuser2", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: No EAP-Message, not doing EAP (1) [eap] = noop (1) [unix] = updated (1) [files] = noop (1) sql: EXPAND %{User-Name} (1) sql: --> testuser2 (1) sql: SQL-User-Name set to 'testuser2' rlm_sql (sql): Closing connection (3): Hit idle_timeout, was idle for 2961 seconds rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): Closing connection (4): Hit idle_timeout, was idle for 2961 seconds rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): Closing connection (0): Hit idle_timeout, was idle for 2961 seconds rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): Closing connection (5): Hit idle_timeout, was idle for 2961 seconds rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 2944 seconds rlm_sql (sql): You probably need to lower "min" rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): Closing connection (6): Hit idle_timeout, was idle for 2944 seconds rlm_sql (sql): You probably need to lower "min" rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): Closing connection (2): Hit idle_timeout, was idle for 2944 seconds rlm_sql (sql): You probably need to lower "min" rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): 0 of 0 connections in use. You may need to increase "spare" rlm_sql (sql): Opening additional connection (7), 1 of 32 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 8.0.15, protocol version 10 rlm_sql (sql): Reserved connection (7) (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (1) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testuser2' ORDER BY id (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testuser2' ORDER BY id (1) sql: User found in radcheck table (1) sql: Conditional check items matched, merging assignment check items (1) sql: Cleartext-Password := "GeForce-23" (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (1) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'testuser2' ORDER BY id (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'testuser2' ORDER BY id (1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (1) sql: --> SELECT groupname FROM radusergroup WHERE username = 'testuser2' ORDER BY priority (1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'testuser2' ORDER BY priority (1) sql: User not found in any groups rlm_sql (sql): Released connection (7) Need 2 more connections to reach min connections (3) rlm_sql (sql): Opening additional connection (8), 1 of 31 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 8.0.15, protocol version 10 (1) [sql] = ok (1) [expiration] = noop (1) [logintime] = noop (1) [pap] = updated (1) chillispot_max_bytes: WARNING: Couldn't find check attribute, control:ChilliSpot-Max-Total-Octets, doing nothing... (1) [chillispot_max_bytes] = noop (1) noresetcounter: WARNING: Couldn't find check attribute, control:Max-All-Session, doing nothing... (1) [noresetcounter] = noop (1) } # authorize = updated (1) Found Auth-Type = PAP (1) # Executing group from file /etc/raddb/sites-enabled/default (1) Auth-Type PAP { *(1) pap: Login attempt with password* *(1) pap: Comparing with "known-good" Crypt-password* *(1) pap: ERROR: Crypt digest does not match "known good" digest* *(1) pap: Passwords don't match* (1) [pap] = reject (1) } # Auth-Type PAP = reject (1) Failed to authenticate the user (1) Using Post-Auth-Type Reject (1) # Executing group from file /etc/raddb/sites-enabled/default (1) Post-Auth-Type REJECT { (1) sql: EXPAND .query (1) sql: --> .query (1) sql: Using query template 'query' rlm_sql (sql): Reserved connection (7) (1) sql: EXPAND %{User-Name} (1) sql: --> testuser2 (1) sql: SQL-User-Name set to 'testuser2' (1) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (1) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'testuser2', 'GeForce-23', 'Access-Reject', '2019-04-21 10:24:18.924630') (1) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'testuser2', 'GeForce-23', 'Access-Reject', '2019-04-21 10:24:18.924630') (1) sql: SQL query returned: success (1) sql: 1 record(s) updated rlm_sql (sql): Released connection (7) (1) [sql] = ok (1) attr_filter.access_reject: EXPAND %{User-Name} (1) attr_filter.access_reject: --> testuser2 (1) attr_filter.access_reject: Matched entry DEFAULT at line 11 (1) [attr_filter.access_reject] = updated (1) [eap] = noop (1) policy remove_reply_message_if_eap { (1) if (&reply:EAP-Message && &reply:Reply-Message) { (1) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (1) else { (1) [noop] = noop (1) } # else = noop (1) } # policy remove_reply_message_if_eap = noop (1) } # Post-Auth-Type REJECT = updated (1) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (1) Sending delayed response (1) Sent Access-Reject Id 146 from 127.0.0.1:1812 to 127.0.0.1:51406 length 20 Waking up in 3.9 seconds. (1) Cleaning up request packet ID 146 with timestamp +2961 Ready to process requests The stored credentials and input credentials are same , I just don't get why it reject me? Thank you in advance. On Sat, Apr 20, 2019 at 7:10 PM Alan DeKok <aland@deployingradius.com> wrote:
On Apr 20, 2019, at 8:53 AM, Surya Teja <suryateja042@gmail.com> wrote:
Thanks for suggestion and i have followed the steps as per documentation from freeradius.org installed free radius and the tested with same example given, its working fine.
That's good.
[root@nusalxsl0983 ~]# radtest testing password 127.0.0.1 0 testing123
We don't need to see that.
but i have few other integration which needs changes in few configuration files I am trying to configure the cova chilli with freeradius for captive portal as a result of it i need to integrate mysql with freeradius and need to change the secret key of freeradius default one(testing123) to that of mysql free radius user password as suggested in forum i have modified the secrekey on following config files *1)sudo vi /etc/raddb/mods-available/sql* Uncomment and or change the following parameters: driver = "rlm_sql_mysql" dialect = ”mysql” server = "localhost" port = 3306 login = "*FREERADIUS_DB_USER*" password = "*FREERADIUS_DB_PASS*" read_clients = yes
If you add that, you should also put client information into SQL.
*2)sudo vi /etc/raddb/clients.conf* Change the password to the password used above for FreeRadius MySQL database: *secret* = [*FREERADIUS_DB_PASS*]
That is 100% the wrong thing to do. Nothing in the documentation suggests that you put the database password into the "clients.conf" file. The secret here is for the RADIUS shared secret.
updated above and restarted freeradius server and tried the same above test case of with new password (secret key)now i am getting exception in radiusd.log
Stop wasting everyones time. You were told to look at the debug output. Why are you refusing to do that?
If you run the server in debug mode, it will tell you which clients it's creating. You don't need to look at the log file.
can i know is the this secret key needs to be updated in any other configuration files, any idea or suggestion will be more helpful Any help can be appreciated.
Follow the documentation. Read the configuration files. It's all pretty clear if you *read* it.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html