Thanks for the quick response Adam. Regarding password, it is always "\010\n\r\177INCORRECT ". I have tried with passwords i.e. 'abc123', 'welcome', 'test123'. On NAS side, I am using http://freeradius.org/pam_radius_auth/ and below is the /etc/pam.d/sshd file details: ------------------------------------------------------------------------------------------------------------- #%PAM-1.0 auth sufficient pam_radius_auth.so auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session sufficient pam_radius_auth.so debug conf=/etc/raddb/server session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session required pam_namespace.so session optional pam_keyinit.so force revoke session include password-auth ------------------------------------------------------------------------------------------------------------- Please let me know if you need any further details of NAS. Regards, Narender -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+narender.yadav=mojonetworks.com@lists.freeradius.org] On Behalf Of Adam Bishop Sent: Thursday, December 29, 2016 8:27 PM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! On 29 Dec 2016, at 13:22, Narender Yadav <narender.yadav@mojonetworks.com> wrote:
(1) User-Password = "\010\n\r\177INCORRECT"
I'm making the assumption that you're trying to log into the NAS with U: "test" / P: "INCORRECT"), as you haven't mentioned it. If you're really certain that the shared secrets match, then your NAS is broken and appears to be prepending junk to the password. Specifically, "back space, line feed, carriage return, forward delete". The NAS either needs to be fixed, or you need to do some preprocessing with FreeRADIUS. If the junk is consistent, you can write a regex to ignore the first 4 bytes of the password. Regards, Adam Bishop gpg: E75B 1F92 6407 DFDF 9F1C BF10 C993 2504 6609 D460 jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html