Hello Everyone, I am new to FreeRADIUS world and got stuck at one point. My setup: - FreeRADIUS server o Users mentioned in ‘/usr/local/etc/raddb/mods-config/files/authorize’ § test Cleartext-Password := "welcome" o clients mentioned in ‘/usr/local/etc/raddb/clients.conf’ § client x.x.x.x{ § secret=test § } § Where, x.x.x.x is the IP address of RADIUS client machine - RADIUS client o RADIUS server is defined in ‘/etc/raddb/server’ § y.y.y.y test 2 § where, y.y.y.y is the IP address of RADIUS server *we have one application server where RADIUS client is already built and its working fine with newly configured RADIUS server. The issue is with RADIUS client that I have setup.* when trying to login to RADIUS client machine using user ‘test’, I am getting below error in debug logs: I have checked again and shared secret is same on NAS and RADIUS server. -------------------------------------------------------------------------------------------------------------------------------------- (1) Received Access-Request Id 33 from x.x.x.x:44896 to 10.222.34.65:1812 length 90 (1) User-Name = "test" (1) User-Password = "\010\n\r\177INCORRECT" (1) NAS-IP-Address = 10.222.34.227 (1) NAS-Identifier = "sshd" (1) NAS-Port = 3874 (1) NAS-Port-Type = Virtual (1) Service-Type = Authenticate-Only (1) Calling-Station-Id = "115.113.149.70" (1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "test", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: No EAP-Message, not doing EAP (1) [eap] = noop (1) files: users: Matched entry test at line 1 (1) [files] = ok (1) [expiration] = noop (1) [logintime] = noop (1) [pap] = updated (1) } # authorize = updated (1) Found Auth-Type = PAP (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (1) Auth-Type PAP { (1) pap: Login attempt with password (1) pap: Comparing with "known good" Cleartext-Password (1) pap: ERROR: Cleartext password "? ?INCORRECT" does not match "known good" password (1) pap: Passwords don't match (1) [pap] = reject (1) } # Auth-Type PAP = reject (1) Failed to authenticate the user (1) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! (1) Using Post-Auth-Type Reject (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (1) Post-Auth-Type REJECT { (1) attr_filter.access_reject: EXPAND %{User-Name} (1) attr_filter.access_reject: --> test (1) attr_filter.access_reject: Matched entry DEFAULT at line 11 (1) [attr_filter.access_reject] = updated (1) [eap] = noop (1) policy remove_reply_message_if_eap { (1) if (&reply:EAP-Message && &reply:Reply-Message) { (1) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (1) else { (1) [noop] = noop (1) } # else = noop (1) } # policy remove_reply_message_if_eap = noop (1) } # Post-Auth-Type REJECT = updated (1) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (1) Sending delayed response (1) Sent Access-Reject Id 33 from 10.222.34.65:1812 to x.x.x.x:44896 length 20 Waking up in 3.9 seconds. (1) Cleaning up request packet ID 33 with timestamp +132 Ready to process requests *Regards,* *Narender Yadav*