• First, I known this question had been asked many times, and I had read many posts about it, and reenter the shared secret many times, but still could not resolve my problem, I had been blocked on this nearly a week, so I need your help, thanks in advance
  • radius server : freeradius-server-2.2.0
  • radius client : freeradius-client-1.1.6
  • OS : Ubuntu 10.10
  • Following is one full log of the radius server :
  • Info: FreeRADIUS Version 2.2.0, for host i686-pc-linux-gnu, built on May 31 2013 at 22:41:36
  • Info: Copyright (C) 1999-2012 The FreeRADIUS server project and contributors. 
  • Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
  • Info: PARTICULAR PURPOSE. 
  • Info: You may redistribute copies of FreeRADIUS under the terms of the 
  • Info: GNU General Public License v2. 
  • Info: Starting - reading configuration files ...
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/radiusd.conf
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/proxy.conf
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/clients.conf
  • Debug: including files in directory /usr/local/freeradius-server-2.2.0/etc/raddb/modules/
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/soh
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/rediswho
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/ippool
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/expr
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/opendirectory
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/radrelay
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/chap
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail.log
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/mac2vlan
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/cache
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/dynamic_clients
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/mschap
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/always
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/wimax
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/sqlcounter_expire_on_login
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/exec
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/ldap
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/redis
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/attr_rewrite
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/logintime
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/linelog
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/echo
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/acct_unique
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/checkval
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/pam
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/cui
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/replicate
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/inner-eap
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/radutmp
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/realm
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/smsotp
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail.example.com
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/files
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/sql_log
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/krb5
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/dhcp_sqlippool
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/sql/mysql/ippool-dhcp.conf
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/digest
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/sradutmp
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/passwd
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/attr_filter
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/etc_group
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/policy
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/perl
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/counter
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/smbpasswd
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/otp
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/ntlm_auth
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/pap
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/preprocess
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/mac2ip
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/expiration
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/unix
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/eap.conf
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/policy.conf
  • Debug: including files in directory /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/inner-tunnel
  • Debug: including configuration file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/control-socket
  • Debug: main {
  • Debug: allow_core_dumps = no
  • Debug: }
  • Debug: including dictionary file /usr/local/freeradius-server-2.2.0/etc/raddb/dictionary
  • Debug: main {
  • Debug: name = "radiusd"
  • Debug: prefix = "/usr/local/freeradius-server-2.2.0"
  • Debug: localstatedir = "/usr/local/freeradius-server-2.2.0/var"
  • Debug: sbindir = "/usr/local/freeradius-server-2.2.0/sbin"
  • Debug: logdir = "/usr/local/freeradius-server-2.2.0/var/log/radius"
  • Debug: run_dir = "/usr/local/freeradius-server-2.2.0/var/run/radiusd"
  • Debug: libdir = "/usr/local/freeradius-server-2.2.0/lib"
  • Debug: radacctdir = "/usr/local/freeradius-server-2.2.0/var/log/radius/radacct"
  • Debug: hostname_lookups = no
  • Debug: max_request_time = 30
  • Debug: cleanup_delay = 5
  • Debug: max_requests = 1024
  • Debug: pidfile = "/usr/local/freeradius-server-2.2.0/var/run/radiusd/radiusd.pid"
  • Debug: checkrad = "/usr/local/freeradius-server-2.2.0/sbin/checkrad"
  • Debug: debug_level = 0
  • Debug: proxy_requests = yes
  • Debug:  log {
  • Debug: stripped_names = no
  • Debug: auth = no
  • Debug: auth_badpass = no
  • Debug: auth_goodpass = no
  • Debug:  }
  • Debug:  security {
  • Debug: max_attributes = 200
  • Debug: reject_delay = 1
  • Debug: status_server = yes
  • Debug:  }
  • Debug: }
  • Debug: radiusd: #### Loading Realms and Home Servers ####
  • Debug:  proxy server {
  • Debug: retry_delay = 5
  • Debug: retry_count = 3
  • Debug: default_fallback = no
  • Debug: dead_time = 120
  • Debug: wake_all_if_all_dead = no
  • Debug:  }
  • Debug:  home_server localhost {
  • Debug: ipaddr = 127.0.0.1
  • Debug: port = 1812
  • Debug: type = "auth"
  • Debug: secret = "testing123"
  • Debug: response_window = 20
  • Debug: max_outstanding = 65536
  • Debug: require_message_authenticator = yes
  • Debug: zombie_period = 40
  • Debug: status_check = "status-server"
  • Debug: ping_interval = 30
  • Debug: check_interval = 30
  • Debug: num_answers_to_alive = 3
  • Debug: num_pings_to_alive = 3
  • Debug: revive_interval = 120
  • Debug: status_check_timeout = 4
  • Debug:   coa {
  • Debug: irt = 2
  • Debug: mrt = 16
  • Debug: mrc = 5
  • Debug: mrd = 30
  • Debug:   }
  • Debug:  }
  • Debug:  home_server_pool my_auth_failover {
  • Debug: type = fail-over
  • Debug: home_server = localhost
  • Debug:  }
  • Debug:  realm example.com {
  • Debug: auth_pool = my_auth_failover
  • Debug:  }
  • Debug:  realm LOCAL {
  • Debug:  }
  • Debug: radiusd: #### Loading Clients ####
  • Debug:  client localhost {
  • Debug: ipaddr = 127.0.0.1
  • Debug: require_message_authenticator = no
  • Debug: secret = "testing123"
  • Debug: nastype = "other"
  • Debug:  }
  • Debug: radiusd: #### Instantiating modules ####
  • Debug:  instantiate {
  • Debug:     (Loaded rlm_exec, checking if it's valid)
  • Debug:  Module: Linked to module rlm_exec
  • Debug:  Module: Instantiating module "exec" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/exec
  • Debug:   exec {
  • Debug: wait = no
  • Debug: input_pairs = "request"
  • Debug: shell_escape = yes
  • Debug:   }
  • Debug:     (Loaded rlm_expr, checking if it's valid)
  • Debug:  Module: Linked to module rlm_expr
  • Debug:  Module: Instantiating module "expr" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/expr
  • Debug:     (Loaded rlm_expiration, checking if it's valid)
  • Debug:  Module: Linked to module rlm_expiration
  • Debug:  Module: Instantiating module "expiration" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/expiration
  • Debug:   expiration {
  • Debug: reply-message = "Password Has Expired  "
  • Debug:   }
  • Debug:     (Loaded rlm_logintime, checking if it's valid)
  • Debug:  Module: Linked to module rlm_logintime
  • Debug:  Module: Instantiating module "logintime" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/logintime
  • Debug:   logintime {
  • Debug: reply-message = "You are calling outside your allowed timespan  "
  • Debug: minimum-timeout = 60
  • Debug:   }
  • Debug:  }
  • Debug: radiusd: #### Loading Virtual Servers ####
  • Debug: server { # from file /usr/local/freeradius-server-2.2.0/etc/raddb/radiusd.conf
  • Debug:  modules {
  • Debug:   Module: Creating Auth-Type = digest
  • Debug:   Module: Creating Post-Auth-Type = REJECT
  • Debug:  Module: Checking authenticate {...} for more modules to load
  • Debug:     (Loaded rlm_pap, checking if it's valid)
  • Debug:  Module: Linked to module rlm_pap
  • Debug:  Module: Instantiating module "pap" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/pap
  • Debug:   pap {
  • Debug: encryption_scheme = "auto"
  • Debug: auto_header = no
  • Debug:   }
  • Debug:     (Loaded rlm_chap, checking if it's valid)
  • Debug:  Module: Linked to module rlm_chap
  • Debug:  Module: Instantiating module "chap" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/chap
  • Debug:     (Loaded rlm_mschap, checking if it's valid)
  • Debug:  Module: Linked to module rlm_mschap
  • Debug:  Module: Instantiating module "mschap" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/mschap
  • Debug:   mschap {
  • Debug: use_mppe = yes
  • Debug: require_encryption = no
  • Debug: require_strong = no
  • Debug: with_ntdomain_hack = no
  • Debug: allow_retry = yes
  • Debug:   }
  • Debug:     (Loaded rlm_digest, checking if it's valid)
  • Debug:  Module: Linked to module rlm_digest
  • Debug:  Module: Instantiating module "digest" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/digest
  • Debug:     (Loaded rlm_unix, checking if it's valid)
  • Debug:  Module: Linked to module rlm_unix
  • Debug:  Module: Instantiating module "unix" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/unix
  • Debug:   unix {
  • Debug: radwtmp = "/usr/local/freeradius-server-2.2.0/var/log/radius/radwtmp"
  • Debug:   }
  • Debug:     (Loaded rlm_eap, checking if it's valid)
  • Debug:  Module: Linked to module rlm_eap
  • Debug:  Module: Instantiating module "eap" from file /usr/local/freeradius-server-2.2.0/etc/raddb/eap.conf
  • Debug:   eap {
  • Debug: default_eap_type = "md5"
  • Debug: timer_expire = 60
  • Debug: ignore_unknown_eap_types = no
  • Debug: cisco_accounting_username_bug = no
  • Debug: max_sessions = 4096
  • Debug:   }
  • Debug:  Module: Linked to sub-module rlm_eap_md5
  • Debug:  Module: Instantiating eap-md5
  • Debug:  Module: Linked to sub-module rlm_eap_leap
  • Debug:  Module: Instantiating eap-leap
  • Debug:  Module: Linked to sub-module rlm_eap_gtc
  • Debug:  Module: Instantiating eap-gtc
  • Debug:    gtc {
  • Debug: challenge = "Password: "
  • Debug: auth_type = "PAP"
  • Debug:    }
  • Debug: Ignoring EAP-Type/tls because we do not have OpenSSL support.
  • Debug: Ignoring EAP-Type/ttls because we do not have OpenSSL support.
  • Debug: Ignoring EAP-Type/peap because we do not have OpenSSL support.
  • Debug:  Module: Linked to sub-module rlm_eap_mschapv2
  • Debug:  Module: Instantiating eap-mschapv2
  • Debug:    mschapv2 {
  • Debug: with_ntdomain_hack = no
  • Debug: send_error = no
  • Debug:    }
  • Debug:  Module: Checking authorize {...} for more modules to load
  • Debug:     (Loaded rlm_preprocess, checking if it's valid)
  • Debug:  Module: Linked to module rlm_preprocess
  • Debug:  Module: Instantiating module "preprocess" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/preprocess
  • Debug:   preprocess {
  • Debug: huntgroups = "/usr/local/freeradius-server-2.2.0/etc/raddb/huntgroups"
  • Debug: hints = "/usr/local/freeradius-server-2.2.0/etc/raddb/hints"
  • Debug: with_ascend_hack = no
  • Debug: ascend_channels_per_line = 23
  • Debug: with_ntdomain_hack = no
  • Debug: with_specialix_jetstream_hack = no
  • Debug: with_cisco_vsa_hack = no
  • Debug: with_alvarion_vsa_hack = no
  • Debug:   }
  • Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/huntgroups
  • Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/hints
  • Debug:     (Loaded rlm_realm, checking if it's valid)
  • Debug:  Module: Linked to module rlm_realm
  • Debug:  Module: Instantiating module "suffix" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/realm
  • Debug:   realm suffix {
  • Debug: format = "suffix"
  • Debug: delimiter = "@"
  • Debug: ignore_default = no
  • Debug: ignore_null = no
  • Debug:   }
  • Debug:     (Loaded rlm_files, checking if it's valid)
  • Debug:  Module: Linked to module rlm_files
  • Debug:  Module: Instantiating module "files" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/files
  • Debug:   files {
  • Debug: usersfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/users"
  • Debug: acctusersfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/acct_users"
  • Debug: preproxy_usersfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/preproxy_users"
  • Debug: compat = "no"
  • Debug:   }
  • Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/users
  • Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/acct_users
  • Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/preproxy_users
  • Debug:  Module: Checking preacct {...} for more modules to load
  • Debug:     (Loaded rlm_acct_unique, checking if it's valid)
  • Debug:  Module: Linked to module rlm_acct_unique
  • Debug:  Module: Instantiating module "acct_unique" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/acct_unique
  • Debug:   acct_unique {
  • Debug: key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
  • Debug:   }
  • Debug:  Module: Checking accounting {...} for more modules to load
  • Debug:     (Loaded rlm_detail, checking if it's valid)
  • Debug:  Module: Linked to module rlm_detail
  • Debug:  Module: Instantiating module "detail" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail
  • Debug:   detail {
  • Debug: detailfile = "/usr/local/freeradius-server-2.2.0/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Ad
  • Debug: header = "%t"
  • Debug: detailperm = 384
  • Debug: dirperm = 493
  • Debug: locking = no
  • Debug: log_packet_header = no
  • Debug:   }
  • Debug:     (Loaded rlm_attr_filter, checking if it's valid)
  • Debug:  Module: Linked to module rlm_attr_filter
  • Debug:  Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/freeradius-server-2.2.0/etc/raddb/mod
  • Debug:   attr_filter attr_filter.accounting_response {
  • Debug: attrsfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/attrs.accounting_response"
  • Debug: key = "%{User-Name}"
  • Debug: relaxed = no
  • Debug:   }
  • Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/attrs.accounting_response
  • Debug:  Module: Checking session {...} for more modules to load
  • Debug:     (Loaded rlm_radutmp, checking if it's valid)
  • Debug:  Module: Linked to module rlm_radutmp
  • Debug:  Module: Instantiating module "radutmp" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/radutmp
  • Debug:   radutmp {
  • Debug: filename = "/usr/local/freeradius-server-2.2.0/var/log/radius/radutmp"
  • Debug: username = "%{User-Name}"
  • Debug: case_sensitive = yes
  • Debug: check_with_nas = yes
  • Debug: perm = 384
  • Debug: callerid = yes
  • Debug:   }
  • Debug:  Module: Checking post-proxy {...} for more modules to load
  • Debug:  Module: Checking post-auth {...} for more modules to load
  • Debug:  Module: Instantiating module "attr_filter.access_reject" from file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/a
  • Debug:   attr_filter attr_filter.access_reject {
  • Debug: attrsfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/attrs.access_reject"
  • Debug: key = "%{User-Name}"
  • Debug: relaxed = no
  • Debug:   }
  • Debug: reading pairlist file /usr/local/freeradius-server-2.2.0/etc/raddb/attrs.access_reject
  • Debug:  } # modules
  • Debug: } # server
  • Debug: server inner-tunnel { # from file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/inner-tunnel
  • Debug:  modules {
  • Debug:  Module: Checking authenticate {...} for more modules to load
  • Debug:  Module: Checking authorize {...} for more modules to load
  • Debug:  Module: Checking session {...} for more modules to load
  • Debug:  Module: Checking post-proxy {...} for more modules to load
  • Debug:  Module: Checking post-auth {...} for more modules to load
  • Debug:  } # modules
  • Debug: } # server
  • Debug: radiusd: #### Opening IP addresses and Ports ####
  • Debug: listen {
  • Debug: type = "auth"
  • Debug: ipaddr = *
  • Debug: port = 0
  • Debug: }
  • Debug: listen {
  • Debug: type = "acct"
  • Debug: ipaddr = *
  • Debug: port = 0
  • Debug: }
  • Debug: listen {
  • Debug: type = "control"
  • Debug:  listen {
  • Debug: socket = "/usr/local/freeradius-server-2.2.0/var/run/radiusd/radiusd.sock"
  • Debug:  }
  • Debug: }
  • Debug: listen {
  • Debug: type = "auth"
  • Debug: ipaddr = 127.0.0.1
  • Debug: port = 18120
  • Debug: }
  • Debug:  ... adding new socket proxy address * port 53579
  • Debug: Listening on authentication address * port 1812
  • Debug: Listening on accounting address * port 1813
  • Debug: Listening on command file /usr/local/freeradius-server-2.2.0/var/run/radiusd/radiusd.sock
  • Debug: Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
  • Debug: Listening on proxy address * port 1814
  • Info: Ready to process requests.
  • Info: # Executing section authorize from file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default
  • Info: +- entering group authorize {...}
  • Info: ++[preprocess] returns ok
  • Info: ++[chap] returns noop
  • Info: ++[mschap] returns noop
  • Info: ++[digest] returns noop
  • Info: [suffix] No '@' in User-Name = "steve", looking up realm NULL
  • Info: [suffix] No such realm "NULL"
  • Info: ++[suffix] returns noop
  • Info: [eap] No EAP-Message, not doing EAP
  • Info: ++[eap] returns noop
  • Info: [files] users: Matched entry steve at line 76
  • Info: ++[files] returns ok
  • Info: ++[expiration] returns noop
  • Info: ++[logintime] returns noop
  • Info: ++[pap] returns updated
  • Info: Found Auth-Type = PAP
  • Info: # Executing group from file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default
  • Info: +- entering group PAP {...}
  • Info: [pap] login attempt with password "f言U?(?Wk?b ?"
  • Info: [pap] Using clear text password "testing"
  • Info: [pap] Passwords don't match
  • Info: ++[pap] returns reject
  • Info: Failed to authenticate the user.
  • Debug:   WARNING: Unprintable characters in the password.  Double-check the shared secret on the server and the NAS!
  • Info: Using Post-Auth-Type REJECT
  • Info: # Executing group from file /usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default
  • Info: +- entering group REJECT {...}
  • Info: [attr_filter.access_reject] expand: %{User-Name} -> steve
  • Debug: attr_filter: Matched entry DEFAULT at line 11
  • Info: ++[attr_filter.access_reject] returns updated
  • Info: Delaying reject of request 0 for 1 seconds
  • Debug: Going to the next request
  • Debug: Waking up in 0.9 seconds.
  • Info: Sending delayed reject for request 0
  • Debug: Waking up in 4.9 seconds.
  • Info: Cleaning up request 0 ID 183 with timestamp +24
  • Info: Ready to process requests.
  • I found that every time the password which are transformed from the client is different though I input at the client with the same password every time(the part I marked as red)

  • The server's one configure file : users, is as following, I only uncommented the user "steve" and changed its IP  :
  • #
  • # Please read the documentation file ../doc/processing_users_file,
  • # or 'man 5 users' (after installing the server) for more information.
  • #
  • # This file contains authentication security and configuration
  • # information for each user.  Accounting requests are NOT processed
  • # through this file.  Instead, see 'acct_users', in this directory.
  • #
  • # The first field is the user's name and can be up to
  • # 253 characters in length.  This is followed (on the same line) with
  • # the list of authentication requirements for that user.  This can
  • # include password, comm server name, comm server port number, protocol
  • # type (perhaps set by the "hints" file), and huntgroup name (set by
  • # the "huntgroups" file).
  • #
  • # If you are not sure why a particular reply is being sent by the
  • # server, then run the server in debugging mode (radiusd -X), and
  • # you will see which entries in this file are matched.
  • #
  • # When an authentication request is received from the comm server,
  • # these values are tested. Only the first match is used unless the
  • # "Fall-Through" variable is set to "Yes".
  • #
  • # A special user named "DEFAULT" matches on all usernames.
  • # You can have several DEFAULT entries. All entries are processed
  • # in the order they appear in this file. The first entry that
  • # matches the login-request will stop processing unless you use
  • # the Fall-Through variable.
  • #
  • # If you use the database support to turn this file into a .db or .dbm
  • # file, the DEFAULT entries _have_ to be at the end of this file and
  • # you can't have multiple entries for one username.
  • #
  • # Indented (with the tab character) lines following the first
  • # line indicate the configuration values to be passed back to
  • # the comm server to allow the initiation of a user session.
  • # This can include things like the PPP configuration values
  • # or the host to log the user onto.
  • #
  • # You can include another `users' file with `$INCLUDE users.other'
  • #

  • #
  • # For a list of RADIUS attributes, and links to their definitions,
  • # see:
  • #
  • # http://www.freeradius.org/rfc/attributes.html
  • #

  • #
  • # Deny access for a specific user.  Note that this entry MUST
  • # be before any other 'Auth-Type' attribute which results in the user
  • # being authenticated.
  • #
  • # Note that there is NO 'Fall-Through' attribute, so the user will not
  • # be given any additional resources.
  • #
  • #lameuser Auth-Type := Reject
  • # Reply-Message = "Your account has been disabled."

  • #
  • # Deny access for a group of users.
  • #
  • # Note that there is NO 'Fall-Through' attribute, so the user will not
  • # be given any additional resources.
  • #
  • #DEFAULT Group == "disabled", Auth-Type := Reject
  • # Reply-Message = "Your account has been disabled."
  • #

  • #
  • # This is a complete entry for "steve". Note that there is no Fall-Through
  • # entry so that no DEFAULT entry will be used, and the user will NOT
  • # get any attributes in addition to the ones listed here.
  • #
  • steve Cleartext-Password := "testing"
  • Service-Type = Framed-User,
  • Framed-Protocol = PPP,
  • Framed-IP-Address = 127.0.0.1,
  • Framed-IP-Netmask = 255.255.255.0,
  • Framed-Routing = Broadcast-Listen,
  • Framed-Filter-Id = "std.ppp",
  • Framed-MTU = 1500,
  • Framed-Compression = Van-Jacobsen-TCP-IP

  • #
  • # This is an entry for a user with a space in their name.
  • # Note the double quotes surrounding the name.
  • #
  • #"John Doe" Cleartext-Password := "hello"
  • # Reply-Message = "Hello, %{User-Name}"

  • #
  • # Dial user back and telnet to the default host for that port
  • #
  • #Deg Cleartext-Password := "ge55ged"
  • # Service-Type = Callback-Login-User,
  • # Login-IP-Host = 0.0.0.0,
  • # Callback-Number = "9,5551212",
  • # Login-Service = Telnet,
  • # Login-TCP-Port = Telnet

  • #
  • # Another complete entry. After the user "dialbk" has logged in, the
  • # connection will be broken and the user will be dialed back after which
  • # he will get a connection to the host "timeshare1".
  • #
  • #dialbk Cleartext-Password := "callme"
  • # Service-Type = Callback-Login-User,
  • # Login-IP-Host = timeshare1,
  • # Login-Service = PortMaster,
  • # Callback-Number = "9,1-800-555-1212"

  • #
  • # user "swilson" will only get a static IP number if he logs in with
  • # a framed protocol on a terminal server in Alphen (see the huntgroups file).
  • #
  • # Note that by setting "Fall-Through", other attributes will be added from
  • # the following DEFAULT entries
  • #
  • #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen"
  • # Framed-IP-Address = 192.168.1.65,
  • # Fall-Through = Yes

  • #
  • # If the user logs in as 'username.shell', then authenticate them
  • # using the default method, give them shell access, and stop processing
  • # the rest of the file.
  • #
  • #DEFAULT Suffix == ".shell"
  • # Service-Type = Login-User,
  • # Login-Service = Telnet,
  • # Login-IP-Host = your.shell.machine


  • #
  • # The rest of this file contains the several DEFAULT entries.
  • # DEFAULT entries match with all login names.
  • # Note that DEFAULT entries can also Fall-Through (see first entry).
  • # A name-value pair from a DEFAULT entry will _NEVER_ override
  • # an already existing name-value pair.
  • #

  • #
  • # Set up different IP address pools for the terminal servers.
  • # Note that the "+" behind the IP address means that this is the "base"
  • # IP address. The Port-Id (S0, S1 etc) will be added to it.
  • #
  • #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen"
  • # Framed-IP-Address = 192.168.1.32+,
  • # Fall-Through = Yes

  • #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft"
  • # Framed-IP-Address = 192.168.2.32+,
  • # Fall-Through = Yes

  • #
  • # Sample defaults for all framed connections.
  • #
  • #DEFAULT Service-Type == Framed-User
  • # Framed-IP-Address = 255.255.255.254,
  • # Framed-MTU = 576,
  • # Service-Type = Framed-User,
  • # Fall-Through = Yes

  • #
  • # Default for PPP: dynamic IP address, PPP mode, VJ-compression.
  • # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected
  • # by the terminal server in which case there may not be a "P" suffix.
  • # The terminal server sends "Framed-Protocol = PPP" for auto PPP.
  • #
  • DEFAULT Framed-Protocol == PPP
  • Framed-Protocol = PPP,
  • Framed-Compression = Van-Jacobson-TCP-IP

  • #
  • # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
  • #
  • DEFAULT Hint == "CSLIP"
  • Framed-Protocol = SLIP,
  • Framed-Compression = Van-Jacobson-TCP-IP

  • #
  • # Default for SLIP: dynamic IP address, SLIP mode.
  • #
  • DEFAULT Hint == "SLIP"
  • Framed-Protocol = SLIP

  • #
  • # Last default: rlogin to our main server.
  • #
  • #DEFAULT
  • # Service-Type = Login-User,
  • # Login-Service = Rlogin,
  • # Login-IP-Host = shellbox.ispdomain.com

  • # #
  • # # Last default: shell on the local terminal server.
  • # #
  • # DEFAULT
  • # Service-Type = Administrative-User

  • # On no match, the user is denied access.
  • The server's another configure file : clients.conf, and I changed nothing . yes, I used the default secret as the shared secret:

  • The client's one configure file : servers. BTW, I also tried the ways that only keep one localhost in the left side and changed it to 127.0.0.1 , the error is still and same, and I also tried reenter the shared secret many times
  • ## Server Name or Client/Server pair Key
  • ## ---------------- ---------------
  • #
  • #portmaster.elemental.net hardlyasecret
  • #portmaster2.elemental.net donttellanyone
  • #
  • ## uncomment the following line for simple testing of radlogin
  • ## with freeradius-server
  • #
  • localhost/localhost testing123
  • The client's another configure file : radiusclient.conf, I changed nothing