SOrry about this mail Josip, but i checked again my clients.conf, and i put conf here for u see.
clients.conf
client 127.0.0.1 {
secret = password
shortname = localhost
nastype = other # localhost isn't usually a NAS...
}
client 10.12.60.19 {
secret = password
shortname = any
nastype = other
}
and i use this command to test connection:
radtest username 123456 10.12.60.19 1812 0 password
And i see log of debug and receive this message:
Mon Nov 1 15:06:16 2010 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host 10.12.60.19 port 50105, id=100, length=73
User-Name = "username"
User-Password = "c\355W'\021tC\372\177R\232(\007\027n\263"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Framed-Protocol = PPP
Thu Nov 4 09:30:02 2010 : Debug: +- entering group authorize
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[preprocess] returns ok
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[mschap] returns noop
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: - authorize
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing user authorization for username
Thu Nov 4 09:30:02 2010 : Debug: expand: (uid=%u) -> (uid=username)
Thu Nov 4 09:30:02 2010 : Debug: expand: dc=a,dc=a,dc=c,dc=b -> dc=a,dc=a,dc=c,dc=b
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in dc=a,dc=a,dc=c,dc=b,dc=a,dc=a,dc=c,dc=b, with filter (uid=username)
Thu Nov 4 09:30:02 2010 : Error: rlm_ldap: ldap_search() failed: LDAP connection lost.
Thu Nov 4 09:30:02 2010 : Info: rlm_ldap: Attempting reconnect
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: attempting LDAP reconnection
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: closing existing LDAP connection
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: (re)connect to ldap.intra proxy.intra localhost:389, authentication 0
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: bind as cn=Administrator,dc=a,dc=c,dc=a,dc=c,dc=b/password to ldap.intra proxy.intra localhost:389
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: waiting for bind result ...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Bind was successful
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: performing search in dc=a,dc=c,dc=a,dc=a,dc=c,dc=a,dc=c, with filter (uid=username)
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: Added User-Password = {crypt}tg/iHj5yM2iXI in check items
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: No default NMAS login sequence
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for check items in directory...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute userPassword as RADIUS attribute Password-With-Header == "{crypt}tg/iHj5yM2iXI"
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambantPassword as RADIUS attribute NT-Password == 0x3738463934413643303931413730423936454135373046344341353438304531
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute sambalmPassword as RADIUS attribute LM-Password == 0x3743414142444638393134314430423841414433423433354235313430344545
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: LDAP attribute cn as RADIUS attribute Group == "username"
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: looking for reply items in directory...
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: user username authorized to use remote access
Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[ldap] returns ok
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[eap] returns noop
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 1
Thu Nov 4 09:30:02 2010 : Debug: ++[chap] returns noop
Thu Nov 4 09:30:02 2010 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thu Nov 4 09:30:02 2010 : Debug: !!! Replacing User-Password in config items with Cleartext-Password. !!!
Thu Nov 4 09:30:02 2010 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thu Nov 4 09:30:02 2010 : Debug: !!! Please update your configuration so that the "known good" !!!
Thu Nov 4 09:30:02 2010 : Debug: !!! clear text password is in Cleartext-Password, and not in User-Password. !!!
Thu Nov 4 09:30:02 2010 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thu Nov 4 09:30:02 2010 : Debug: auth: type Local
Thu Nov 4 09:30:02 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password
Thu Nov 4 09:30:02 2010 : Debug: auth: Failed to validate the user.
Thu Nov 4 09:30:02 2010 : Auth: Login incorrect: [username/c\355W'\021tC\372\177R\232(\007\027n\263] (from client any port 1812)
Thu Nov 4 09:30:02 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Thu Nov 4 09:30:02 2010 : Debug: Delaying reject of request 1 for 1 seconds
Thu Nov 4 09:30:02 2010 : Debug: Going to the next request
Thu Nov 4 09:30:02 2010 : Debug: Waking up in 0.9 seconds.
Thu Nov 4 09:30:03 2010 : Debug: Sending delayed reject for request 1
Sending Access-Reject of id 100 to 10.12.60.19 port 50105
Thu Nov 4 09:30:03 2010 : Debug: Waking up in 4.9 seconds.
Thu Nov 4 09:30:08 2010 : Debug: Cleaning up request 1 ID 100 with timestamp +239035
Thu Nov 4 09:30:08 2010 : Debug: Ready to process requests.
if u see here: Thu Nov 4 09:30:02 2010 : Debug: rlm_ldap: user username authorized to use remote access
my username is authorized to use, but in last line appears failed to validade the user ...
Thu Nov 4 09:30:02 2010 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thu Nov 4 09:30:02 2010 : Debug: !!! Replacing User-Password in config items with Cleartext-Password. !!!
Thu Nov 4 09:30:02 2010 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thu Nov 4 09:30:02 2010 : Debug: !!! Please update your configuration so that the "known good" !!!
Thu Nov 4 09:30:02 2010 : Debug: !!! clear text password is in Cleartext-Password, and not in User-Password. !!!
Thu Nov 4 09:30:02 2010 : Debug: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thu Nov 4 09:30:02 2010 : Debug: auth: type Local
Thu Nov 4 09:30:02 2010 : Debug: auth: user supplied User-Password does NOT match local User-Password
Thu Nov 4 09:30:02 2010 : Debug: auth: Failed to validate the user.
Thu Nov 4 09:30:02 2010 : Auth: Login incorrect: [username/c\355W'\021tC\372\177R\232(\007\027n\263] (from client any port 1812)
Thu Nov 4 09:30:02 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
sorry josip, i chek again my clients.conf but i still dont uderstand.
thanks again for u help.
2010/11/1 Josip Rodin <joy@entuzijast.net>
On Tue, Nov 02, 2010 at 07:30:23AM +1300, Peter Lambrechtsen wrote:No, no, no, and no. <sigh>
> It's probably since you didn't compile OpenLDAP and FreeRadius with OpenSSL
> support.
>
> So you will need to recompile OpenLDAP, Cyrus SASL, OpenLDAP and FreeRadius.
If you want to read random debug messages, don't pick just any.
Yes, he doesn't have SSL support, but the log also says pretty clearly:
When the client does not use EAP, it's completely irrelevant that the server
> > Mon Nov 1 15:06:10 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP
doesn't have support for SSL-using EAP methods.
And there's clearly no reason to recompile even FR, let alone three other
different pieces of software. (For the former, just use lenny-backports.)
The final error state is:
So, have you double-checked the shared secret?
> > Mon Nov 1 15:06:10 2010 : Auth: Login incorrect:
> > [eduardo/1\320\026\305\020B)\323I\211????\001\nx\204] (from client
> > BrasilTelecom port 1812)
> > Mon Nov 1 15:06:10 2010 : Debug: WARNING: Unprintable characters in the
> > password. Double-check the shared secret on the server and the NAS!
--
2. That which causes joy or happiness.