- First, I known this question had been asked many times, and I had read many posts about it, and reenter the shared secret many times, but still could not resolve my problem, I had been blocked on this nearly a week, so I need your help, thanks in advance - radius server : freeradius-server-2.2.0 - radius client : freeradius-client-1.1.6 - OS : Ubuntu 10.10 - *Following is one full log of the radius server :* - - Info: FreeRADIUS Version 2.2.0, for host i686-pc-linux-gnu, built on May 31 2013 at 22:41:36 - Info: Copyright (C) 1999-2012 The FreeRADIUS server project and contributors. - Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A - Info: PARTICULAR PURPOSE. - Info: You may redistribute copies of FreeRADIUS under the terms of the - Info: GNU General Public License v2. - Info: Starting - reading configuration files ... - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/radiusd.conf - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/proxy.conf - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/clients.conf - Debug: including files in directory /usr/local/freeradius-server-2.2.0/etc/raddb/modules/ - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/soh - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/rediswho - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/ippool - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/expr - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/opendirectory - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/radrelay - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/chap - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail.log - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/mac2vlan - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/cache - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/dynamic_clients - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/mschap - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/always - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/wimax - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/sqlcounter_expire_on_login - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/exec - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/ldap - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/redis - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/attr_rewrite - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/logintime - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/linelog - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/echo - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/acct_unique - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/checkval - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/pam - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/cui - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/replicate - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/inner-eap - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/radutmp - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/realm - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/smsotp - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail.example.com - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/files - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/sql_log - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/krb5 - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/dhcp_sqlippool - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/sql/mysql/ippool-dhcp.conf - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/digest - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/sradutmp - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/passwd - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/attr_filter - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/etc_group - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/policy - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/perl - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/counter - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/smbpasswd - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/otp - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/ntlm_auth - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/pap - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/preprocess - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/mac2ip - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/expiration - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/unix - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/eap.conf - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/policy.conf - Debug: including files in directory /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/ - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/inner-tunnel - Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/control-socket - Debug: main { - Debug: allow_core_dumps = no - Debug: } - Debug: including dictionary file /usr/local/freeradius-server-2.2.0/etc/raddb/dictionary - Debug: main { - Debug: name = "radiusd" - Debug: prefix = "/usr/local/freeradius-server-2.2.0" - Debug: localstatedir = "/usr/local/freeradius-server-2.2.0/var" - Debug: sbindir = "/usr/local/freeradius-server-2.2.0/sbin" - Debug: logdir = "/usr/local/freeradius-server-2.2.0/var/log/radius" - Debug: run_dir = "/usr/local/freeradius-server-2.2.0/var/run/radiusd" - Debug: libdir = "/usr/local/freeradius-server-2.2.0/lib" - Debug: radacctdir = "/usr/local/freeradius-server-2.2.0/var/log/radius/radacct" - Debug: hostname_lookups = no - Debug: max_request_time = 30 - Debug: cleanup_delay = 5 - Debug: max_requests = 1024 - Debug: pidfile = "/usr/local/freeradius-server-2.2.0/var/run/radiusd/radiusd.pid" - Debug: checkrad = "/usr/local/freeradius-server-2.2.0/sbin/checkrad" - Debug: debug_level = 0 - Debug: proxy_requests = yes - Debug: log { - Debug: stripped_names = no - Debug: auth = no - Debug: auth_badpass = no - Debug: auth_goodpass = no - Debug: } - Debug: security { - Debug: max_attributes = 200 - Debug: reject_delay = 1 - Debug: status_server = yes - Debug: } - Debug: } - Debug: radiusd: #### Loading Realms and Home Servers #### - Debug: proxy server { - Debug: retry_delay = 5 - Debug: retry_count = 3 - Debug: default_fallback = no - Debug: dead_time = 120 - Debug: wake_all_if_all_dead = no - Debug: } - Debug: home_server localhost { - Debug: ipaddr = 127.0.0.1 - Debug: port = 1812 - Debug: type = "auth" - Debug: secret = "testing123" - Debug: response_window = 20 - Debug: max_outstanding = 65536 - Debug: require_message_authenticator = yes - Debug: zombie_period = 40 - Debug: status_check = "status-server" - Debug: ping_interval = 30 - Debug: check_interval = 30 - Debug: num_answers_to_alive = 3 - Debug: num_pings_to_alive = 3 - Debug: revive_interval = 120 - Debug: status_check_timeout = 4 - Debug: coa { - Debug: irt = 2 - Debug: mrt = 16 - Debug: mrc = 5 - Debug: mrd = 30 - Debug: } - Debug: } - Debug: home_server_pool my_auth_failover { - Debug: type = fail-over - Debug: home_server = localhost - Debug: } - Debug: realm example.com { - Debug: auth_pool = my_auth_failover - Debug: } - Debug: realm LOCAL { - Debug: } - Debug: radiusd: #### Loading Clients #### - Debug: client localhost { - Debug: ipaddr = 127.0.0.1 - Debug: require_message_authenticator = no - Debug: secret = "testing123" - Debug: nastype = "other" - Debug: } - Debug: radiusd: #### Instantiating modules #### - Debug: instantiate { - Debug: (Loaded rlm_exec, checking if it's valid) - Debug: Module: Linked to module rlm_exec - Debug: Module: Instantiating module "exec" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/exec - Debug: exec { - Debug: wait = no - Debug: input_pairs = "request" - Debug: shell_escape = yes - Debug: } - Debug: (Loaded rlm_expr, checking if it's valid) - Debug: Module: Linked to module rlm_expr - Debug: Module: Instantiating module "expr" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/expr - Debug: (Loaded rlm_expiration, checking if it's valid) - Debug: Module: Linked to module rlm_expiration - Debug: Module: Instantiating module "expiration" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/expiration - Debug: expiration { - Debug: reply-message = "Password Has Expired " - Debug: } - Debug: (Loaded rlm_logintime, checking if it's valid) - Debug: Module: Linked to module rlm_logintime - Debug: Module: Instantiating module "logintime" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/logintime - Debug: logintime { - Debug: reply-message = "You are calling outside your allowed timespan " - Debug: minimum-timeout = 60 - Debug: } - Debug: } - Debug: radiusd: #### Loading Virtual Servers #### - Debug: server { # from file /usr/local/freeradius-server-2.2.0/etc/raddb/radiusd.conf - Debug: modules { - Debug: Module: Creating Auth-Type = digest - Debug: Module: Creating Post-Auth-Type = REJECT - Debug: Module: Checking authenticate {...} for more modules to load - Debug: (Loaded rlm_pap, checking if it's valid) - Debug: Module: Linked to module rlm_pap - Debug: Module: Instantiating module "pap" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/pap - Debug: pap { - Debug: encryption_scheme = "auto" - Debug: auto_header = no - Debug: } - Debug: (Loaded rlm_chap, checking if it's valid) - Debug: Module: Linked to module rlm_chap - Debug: Module: Instantiating module "chap" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/chap - Debug: (Loaded rlm_mschap, checking if it's valid) - Debug: Module: Linked to module rlm_mschap - Debug: Module: Instantiating module "mschap" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/mschap - Debug: mschap { - Debug: use_mppe = yes - Debug: require_encryption = no - Debug: require_strong = no - Debug: with_ntdomain_hack = no - Debug: allow_retry = yes - Debug: } - Debug: (Loaded rlm_digest, checking if it's valid) - Debug: Module: Linked to module rlm_digest - Debug: Module: Instantiating module "digest" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/digest - Debug: (Loaded rlm_unix, checking if it's valid) - Debug: Module: Linked to module rlm_unix - Debug: Module: Instantiating module "unix" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/unix - Debug: unix { - Debug: radwtmp = "/usr/local/freeradius-server-2.2.0/var/log/radius/radwtmp" - Debug: } - Debug: (Loaded rlm_eap, checking if it's valid) - Debug: Module: Linked to module rlm_eap - Debug: Module: Instantiating module "eap" from file /usr/local/freeradius-server-2.2.0/etc/raddb/eap.conf - Debug: eap { - Debug: default_eap_type = "md5" - Debug: timer_expire = 60 - Debug: ignore_unknown_eap_types = no - Debug: cisco_accounting_username_bug = no - Debug: max_sessions = 4096 - Debug: } - Debug: Module: Linked to sub-module rlm_eap_md5 - Debug: Module: Instantiating eap-md5 - Debug: Module: Linked to sub-module rlm_eap_leap - Debug: Module: Instantiating eap-leap - Debug: Module: Linked to sub-module rlm_eap_gtc - Debug: Module: Instantiating eap-gtc - Debug: gtc { - Debug: challenge = "Password: " - Debug: auth_type = "PAP" - Debug: } - Debug: Ignoring EAP-Type/tls because we do not have OpenSSL support. - Debug: Ignoring EAP-Type/ttls because we do not have OpenSSL support. - Debug: Ignoring EAP-Type/peap because we do not have OpenSSL support. - Debug: Module: Linked to sub-module rlm_eap_mschapv2 - Debug: Module: Instantiating eap-mschapv2 - Debug: mschapv2 { - Debug: with_ntdomain_hack = no - Debug: send_error = no - Debug: } - Debug: Module: Checking authorize {...} for more modules to load - Debug: (Loaded rlm_preprocess, checking if it's valid) - Debug: Module: Linked to module rlm_preprocess - Debug: Module: Instantiating module "preprocess" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/preprocess - Debug: preprocess { - Debug: huntgroups = "/usr/local/freeradius-server-2.2.0/etc/raddb/huntgroups" - Debug: hints = "/usr/local/freeradius-server-2.2.0/etc/raddb/hints" - Debug: with_ascend_hack = no - Debug: ascend_channels_per_line = 23 - Debug: with_ntdomain_hack = no - Debug: with_specialix_jetstream_hack = no - Debug: with_cisco_vsa_hack = no - Debug: with_alvarion_vsa_hack = no - Debug: } - Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/huntgroups - Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/hints - Debug: (Loaded rlm_realm, checking if it's valid) - Debug: Module: Linked to module rlm_realm - Debug: Module: Instantiating module "suffix" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/realm - Debug: realm suffix { - Debug: format = "suffix" - Debug: delimiter = "@" - Debug: ignore_default = no - Debug: ignore_null = no - Debug: } - Debug: (Loaded rlm_files, checking if it's valid) - Debug: Module: Linked to module rlm_files - Debug: Module: Instantiating module "files" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/files - Debug: files { - Debug: usersfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/users" - Debug: acctusersfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/acct_users" - Debug: preproxy_usersfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/preproxy_users" - Debug: compat = "no" - Debug: } - Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/users - Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/acct_users - Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/preproxy_users - Debug: Module: Checking preacct {...} for more modules to load - Debug: (Loaded rlm_acct_unique, checking if it's valid) - Debug: Module: Linked to module rlm_acct_unique - Debug: Module: Instantiating module "acct_unique" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/acct_unique - Debug: acct_unique { - Debug: key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" - Debug: } - Debug: Module: Checking accounting {...} for more modules to load - Debug: (Loaded rlm_detail, checking if it's valid) - Debug: Module: Linked to module rlm_detail - Debug: Module: Instantiating module "detail" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail - Debug: detail { - Debug: detailfile = "/usr/local/freeradius-server-2.2.0/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Ad - Debug: header = "%t" - Debug: detailperm = 384 - Debug: dirperm = 493 - Debug: locking = no - Debug: log_packet_header = no - Debug: } - Debug: (Loaded rlm_attr_filter, checking if it's valid) - Debug: Module: Linked to module rlm_attr_filter - Debug: Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/freeradius-server-2.2.0/etc/raddb/mod - Debug: attr_filter attr_filter.accounting_response { - Debug: attrsfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/attrs.accounting_response" - Debug: key = "%{User-Name}" - Debug: relaxed = no - Debug: } - Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/attrs.accounting_response - Debug: Module: Checking session {...} for more modules to load - Debug: (Loaded rlm_radutmp, checking if it's valid) - Debug: Module: Linked to module rlm_radutmp - Debug: Module: Instantiating module "radutmp" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/radutmp - Debug: radutmp { - Debug: filename = "/usr/local/freeradius-server-2.2.0/var/log/radius/radutmp" - Debug: username = "%{User-Name}" - Debug: case_sensitive = yes - Debug: check_with_nas = yes - Debug: perm = 384 - Debug: callerid = yes - Debug: } - Debug: Module: Checking post-proxy {...} for more modules to load - Debug: Module: Checking post-auth {...} for more modules to load - Debug: Module: Instantiating module "attr_filter.access_reject" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/a - Debug: attr_filter attr_filter.access_reject { - Debug: attrsfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/attrs.access_reject" - Debug: key = "%{User-Name}" - Debug: relaxed = no - Debug: } - Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/attrs.access_reject - Debug: } # modules - Debug: } # server - Debug: server inner-tunnel { # from file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/inner-tunnel - Debug: modules { - Debug: Module: Checking authenticate {...} for more modules to load - Debug: Module: Checking authorize {...} for more modules to load - Debug: Module: Checking session {...} for more modules to load - Debug: Module: Checking post-proxy {...} for more modules to load - Debug: Module: Checking post-auth {...} for more modules to load - Debug: } # modules - Debug: } # server - Debug: radiusd: #### Opening IP addresses and Ports #### - Debug: listen { - Debug: type = "auth" - Debug: ipaddr = * - Debug: port = 0 - Debug: } - Debug: listen { - Debug: type = "acct" - Debug: ipaddr = * - Debug: port = 0 - Debug: } - Debug: listen { - Debug: type = "control" - Debug: listen { - Debug: socket = "/usr/local/freeradius-server-2.2.0/var/run/radiusd/radiusd.sock" - Debug: } - Debug: } - Debug: listen { - Debug: type = "auth" - Debug: ipaddr = 127.0.0.1 - Debug: port = 18120 - Debug: } - Debug: ... adding new socket proxy address * port 53579 - Debug: Listening on authentication address * port 1812 - Debug: Listening on accounting address * port 1813 - Debug: Listening on command file /usr/local/freeradius-server-2.2.0/var/run/radiusd/radiusd.sock - Debug: Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel - Debug: Listening on proxy address * port 1814 - Info: Ready to process requests. - Info: # Executing section authorize from file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default - Info: +- entering group authorize {...} - Info: ++[preprocess] returns ok - Info: ++[chap] returns noop - Info: ++[mschap] returns noop - Info: ++[digest] returns noop - Info: [suffix] No '@' in User-Name = "steve", looking up realm NULL - Info: [suffix] No such realm "NULL" - Info: ++[suffix] returns noop - Info: [eap] No EAP-Message, not doing EAP - Info: ++[eap] returns noop - Info: [files] users: Matched entry steve at line 76 - Info: ++[files] returns ok - Info: ++[expiration] returns noop - Info: ++[logintime] returns noop - Info: ++[pap] returns updated - Info: Found Auth-Type = PAP - Info: # Executing group from file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default - Info: +- entering group PAP {...} - Info: [pap] login attempt with password "*f言U?(?Wk?b ?*" - Info: [pap] Using clear text password "testing" - Info: [pap] Passwords don't match - Info: ++[pap] returns reject - Info: Failed to authenticate the user. - Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! - Info: Using Post-Auth-Type REJECT - Info: # Executing group from file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default - Info: +- entering group REJECT {...} - Info: [attr_filter.access_reject] expand: %{User-Name} -> steve - Debug: attr_filter: Matched entry DEFAULT at line 11 - Info: ++[attr_filter.access_reject] returns updated - Info: Delaying reject of request 0 for 1 seconds - Debug: Going to the next request - Debug: Waking up in 0.9 seconds. - Info: Sending delayed reject for request 0 - Debug: Waking up in 4.9 seconds. - Info: Cleaning up request 0 ID 183 with timestamp +24 - Info: Ready to process requests. - *I found that every time the password which are transformed from the client is different though I input at the client with the same password every time(the part I marked as red)* * * - *The server's one configure file : users, is as following, I only uncommented the user "steve" and changed its IP :* - - # - # Please read the documentation file ../doc/processing_users_file, - # or 'man 5 users' (after installing the server) for more information. - # - # This file contains authentication security and configuration - # information for each user. Accounting requests are NOT processed - # through this file. Instead, see 'acct_users', in this directory. - # - # The first field is the user's name and can be up to - # 253 characters in length. This is followed (on the same line) with - # the list of authentication requirements for that user. This can - # include password, comm server name, comm server port number, protocol - # type (perhaps set by the "hints" file), and huntgroup name (set by - # the "huntgroups" file). - # - # If you are not sure why a particular reply is being sent by the - # server, then run the server in debugging mode (radiusd -X), and - # you will see which entries in this file are matched. - # - # When an authentication request is received from the comm server, - # these values are tested. Only the first match is used unless the - # "Fall-Through" variable is set to "Yes". - # - # A special user named "DEFAULT" matches on all usernames. - # You can have several DEFAULT entries. All entries are processed - # in the order they appear in this file. The first entry that - # matches the login-request will stop processing unless you use - # the Fall-Through variable. - # - # If you use the database support to turn this file into a .db or .dbm - # file, the DEFAULT entries _have_ to be at the end of this file and - # you can't have multiple entries for one username. - # - # Indented (with the tab character) lines following the first - # line indicate the configuration values to be passed back to - # the comm server to allow the initiation of a user session. - # This can include things like the PPP configuration values - # or the host to log the user onto. - # - # You can include another `users' file with `$INCLUDE users.other' - # - - # - # For a list of RADIUS attributes, and links to their definitions, - # see: - # - # http://www.freeradius.org/rfc/attributes.html - # - - # - # Deny access for a specific user. Note that this entry MUST - # be before any other 'Auth-Type' attribute which results in the user - # being authenticated. - # - # Note that there is NO 'Fall-Through' attribute, so the user will not - # be given any additional resources. - # - #lameuser Auth-Type := Reject - # Reply-Message = "Your account has been disabled." - - # - # Deny access for a group of users. - # - # Note that there is NO 'Fall-Through' attribute, so the user will not - # be given any additional resources. - # - #DEFAULT Group == "disabled", Auth-Type := Reject - # Reply-Message = "Your account has been disabled." - # - - # - # This is a complete entry for "steve". Note that there is no Fall-Through - # entry so that no DEFAULT entry will be used, and the user will NOT - # get any attributes in addition to the ones listed here. - # - steve Cleartext-Password := "testing" - Service-Type = Framed-User, - Framed-Protocol = PPP, - Framed-IP-Address = 127.0.0.1, - Framed-IP-Netmask = 255.255.255.0, - Framed-Routing = Broadcast-Listen, - Framed-Filter-Id = "std.ppp", - Framed-MTU = 1500, - Framed-Compression = Van-Jacobsen-TCP-IP - - # - # This is an entry for a user with a space in their name. - # Note the double quotes surrounding the name. - # - #"John Doe" Cleartext-Password := "hello" - # Reply-Message = "Hello, %{User-Name}" - - # - # Dial user back and telnet to the default host for that port - # - #Deg Cleartext-Password := "ge55ged" - # Service-Type = Callback-Login-User, - # Login-IP-Host = 0.0.0.0, - # Callback-Number = "9,5551212", - # Login-Service = Telnet, - # Login-TCP-Port = Telnet - - # - # Another complete entry. After the user "dialbk" has logged in, the - # connection will be broken and the user will be dialed back after which - # he will get a connection to the host "timeshare1". - # - #dialbk Cleartext-Password := "callme" - # Service-Type = Callback-Login-User, - # Login-IP-Host = timeshare1, - # Login-Service = PortMaster, - # Callback-Number = "9,1-800-555-1212" - - # - # user "swilson" will only get a static IP number if he logs in with - # a framed protocol on a terminal server in Alphen (see the huntgroups file). - # - # Note that by setting "Fall-Through", other attributes will be added from - # the following DEFAULT entries - # - #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen" - # Framed-IP-Address = 192.168.1.65, - # Fall-Through = Yes - - # - # If the user logs in as 'username.shell', then authenticate them - # using the default method, give them shell access, and stop processing - # the rest of the file. - # - #DEFAULT Suffix == ".shell" - # Service-Type = Login-User, - # Login-Service = Telnet, - # Login-IP-Host = your.shell.machine - - - # - # The rest of this file contains the several DEFAULT entries. - # DEFAULT entries match with all login names. - # Note that DEFAULT entries can also Fall-Through (see first entry). - # A name-value pair from a DEFAULT entry will _NEVER_ override - # an already existing name-value pair. - # - - # - # Set up different IP address pools for the terminal servers. - # Note that the "+" behind the IP address means that this is the "base" - # IP address. The Port-Id (S0, S1 etc) will be added to it. - # - #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen" - # Framed-IP-Address = 192.168.1.32+, - # Fall-Through = Yes - - #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft" - # Framed-IP-Address = 192.168.2.32+, - # Fall-Through = Yes - - # - # Sample defaults for all framed connections. - # - #DEFAULT Service-Type == Framed-User - # Framed-IP-Address = 255.255.255.254, - # Framed-MTU = 576, - # Service-Type = Framed-User, - # Fall-Through = Yes - - # - # Default for PPP: dynamic IP address, PPP mode, VJ-compression. - # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected - # by the terminal server in which case there may not be a "P" suffix. - # The terminal server sends "Framed-Protocol = PPP" for auto PPP. - # - DEFAULT Framed-Protocol == PPP - Framed-Protocol = PPP, - Framed-Compression = Van-Jacobson-TCP-IP - - # - # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. - # - DEFAULT Hint == "CSLIP" - Framed-Protocol = SLIP, - Framed-Compression = Van-Jacobson-TCP-IP - - # - # Default for SLIP: dynamic IP address, SLIP mode. - # - DEFAULT Hint == "SLIP" - Framed-Protocol = SLIP - - # - # Last default: rlogin to our main server. - # - #DEFAULT - # Service-Type = Login-User, - # Login-Service = Rlogin, - # Login-IP-Host = shellbox.ispdomain.com - - # # - # # Last default: shell on the local terminal server. - # # - # DEFAULT - # Service-Type = Administrative-User - - # On no match, the user is denied access. - *The server's another configure file : clients.conf, and I changed nothing . yes, I used the default secret as the shared secret:* - - - *The client's one configure file : servers. BTW, I also tried the ways that only keep one localhost in the left side and changed it to 127.0.0.1 , the error is still and same, and I also tried reenter the shared secret many times* - - ## Server Name or Client/Server pair Key - ## ---------------- --------------- - # - #portmaster.elemental.net hardlyasecret - #portmaster2.elemental.net donttellanyone - # - ## uncomment the following line for simple testing of radlogin - ## with freeradius-server - # - localhost/localhost testing123 - *The client's another configure file : radiusclient.conf, I changed nothing*