The version is 1.1.7-r0.0.2. I assume -X means debug mode (I really *am* a newbee) <snip> Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 172.25.254.1:3067, id=98, length=118 NAS-IP-Address = 172.25.254.1 NAS-Identifier = "STCGGSN3" Called-Station-Id = "mdahelgkraftma" Framed-Protocol = GPRS-PDP-Context Service-Type = Framed-User NAS-Port-Type = Virtual NAS-Port = 43563320 User-Name = "4790622859" User-Password = "password" Calling-Station-Id = "4790622859" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 radius_xlat: '..//var/log/radius/radacct/172.25.254.1/auth-detail-20090213.log' rlm_detail: ..//var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d.l og expands to ..//var/log/radius/radacct/172.25.254.1/auth-detail-20090213.log modcall[authorize]: module "auth_log" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "4790622859", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 1 rlm_pap: WARNING! No "known good" password found for the user. Authentication m ay fail because of this. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns ok) for request 1 auth: No authenticate method (Auth-Type) configuration found for the request: Re jecting the user auth: Failed to validate the user. Login incorrect: [4790622859/password] (from client TelenorTVK1 port 43563320 cl i 4790622859) Delaying request 1 for 1 seconds Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 98 to 172.25.254.1 port 3067 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 98 with timestamp 49957f8c Nothing to do. Sleeping until we see a request. <snip> I'll try Cleartext-Password instead of User-Password Thanks Ove -----Opprinnelig melding----- Fra: freeradius-users-bounces+ove.fagerheim=helgelandskraft.no@lists.freeradius.org [mailto:freeradius-users-bounces+ove.fagerheim=helgelandskraft.no@lists.freeradius.org] På vegne av tnt@kalik.net Sendt: 3. mars 2009 13:16 Til: FreeRadius users mailing list Emne: Re: No known good password
Are there room for a newbee question here? This is my first Radius server. I get the message "No known good password" when trying to authenticate users The users are coming from one of two possible VPN tunnels. I assume "clients.conf" is correctly configured. Any help is highly appreciated.
Best regards Ove Fagerheim
From "Users.conf": <snip> user1 Service-Type == Framed-User, User-Password == "password", # Adresses from 10.194.0.1 to 10.194.63.254 # Auth-Type = System, Framed-IP-Address = 10.194.0.1, Framed-IP-Netmask = 255.255.192.0, Fall-Through = Yes
DEFAULT Service-Type == Framed-User, Huntgroup-Name == "Huntgroup-1", Framed-Protocol = GPRS-PDP-Context, NAS-Identifier = STCGGSN3, Called-Station_id = "My-Station-Id-String", Reply-Message = "%u is granted access"
user1 Service-Type == Framed-User, User-Password == "password", # Adresser fra 10.192.64.1 til 10.192.127.254 # Auth-Type = System, Framed-IP-Address = 10.192.64.1, Framed-IP-Netmask = 255.255.192.0, Fall-Through = Yes
DEFAULT Service-Type == Framed-User, Huntgroup-Name == ""Huntgroup-2", ", Framed-Protocol = GPRS-PDP-Context, NAS-Identifier = FBUGGSN3, Called-Station_id = "My-Station-Id-String", Reply-Message = "%u is granted access" <snip>
From "Huntgroups": <snip> Huntgroup-1 NAS-IP-Address == 172.x.x.0 Huntgroup-1 NAS-IP-Address == 172.x.x.1 .. .. .. Huntgroup-1 NAS-IP-Address == 172.x.x.14 # # Huntgroup-2 NAS-IP-Address == 172.y.y.240 Huntgroup-2 NAS-IP-Address == 172.y.y.241 .. .. .. Huntgroup-2 NAS-IP-Address == 172.y.y.254 <snip>
logfile "log\radius\radacct\"NAS-IPAddress"\auth-detail-20090303.log: (username is client telephone number) <snip> Packet-Type = Access-Request Tue Mar 3 08:37:36 2009 NAS-IP-Address = 172.x.x.2 NAS-Identifier = "STCGGSN3" Called-Station-Id = "My-Station-Id-String" Framed-Protocol = GPRS-PDP-Context Service-Type = Framed-User NAS-Port-Type = Virtual NAS-Port = 16861232 User-Name = "user1" User-Password = "password" Calling-Station-Id = "user1" Client-IP-Address = 172.x.x.2 Huntgroup-Name = "Huntgroup-1" <snip>
logfile "log\radius\radius.log" <snip> Mon Feb 16 12:00:54 2009 : Info: Ready to process requests. Mon Feb 16 12:01:49 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 35970456 cli 4790622859) Mon Feb 16 12:02:04 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 33168936 cli 4790622859) Mon Feb 16 12:02:17 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 30960664 cli 4790622859) Mon Feb 16 12:03:57 2009 : Info: Using deprecated naslist file. Support for this will go away soon. Mon Feb 16 12:03:57 2009 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Mon Feb 16 12:03:57 2009 : Info: rlm_eap_tls: Loading the certificate file as a chain Mon Feb 16 12:03:57 2009 : Info: WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not work! Mon Feb 16 12:03:57 2009 : Info: Ready to process requests. <snip>
If the abow errors is unrelated to my issue, I still would very much appreciante any hints on how to fix them.
What freeradius version is this? You probably shouldn't be using User-Password but Cleartext-Password. Post the output of radiusd -X from request processing. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html