Am 03.03.2009 um 12:54 schrieb Ove Fagerheim:
Hello all
Are there room for a newbee question here? This is my first Radius server. I get the message "No known good password" when trying to authenticate users. The users are coming from one of two possible VPN tunnels. I assume "clients.conf" is correctly configured. Any help is highly appreciated.
Best regards Ove Fagerheim
From "Users.conf": <snip> user1 Service-Type == Framed-User, User-Password == "password", # Adresses from 10.194.0.1 to 10.194.63.254 # Auth-Type = System, Framed-IP-Address = 10.194.0.1, Framed-IP-Netmask = 255.255.192.0, Fall-Through = Yes
DEFAULT Service-Type == Framed-User, Huntgroup-Name == "Huntgroup-1", Framed-Protocol = GPRS-PDP-Context, NAS-Identifier = STCGGSN3, Called-Station_id = "My-Station-Id-String", Reply-Message = "%u is granted access"
user1 Service-Type == Framed-User, User-Password == "password",
You must "assign" passwords, not "compare" them. So try to use := instead of == And as in the previous answer, probably you need Cleartext-Password instead of User-Password
# Adresser fra 10.192.64.1 til 10.192.127.254 # Auth-Type = System, Framed-IP-Address = 10.192.64.1, Framed-IP-Netmask = 255.255.192.0, Fall-Through = Yes
DEFAULT Service-Type == Framed-User, Huntgroup-Name == ""Huntgroup-2", ", Framed-Protocol = GPRS-PDP-Context, NAS-Identifier = FBUGGSN3, Called-Station_id = "My-Station-Id-String", Reply-Message = "%u is granted access" <snip>
From "Huntgroups": <snip> Huntgroup-1 NAS-IP-Address == 172.x.x.0 Huntgroup-1 NAS-IP-Address == 172.x.x.1 . . . Huntgroup-1 NAS-IP-Address == 172.x.x.14 # # Huntgroup-2 NAS-IP-Address == 172.y.y.240 Huntgroup-2 NAS-IP-Address == 172.y.y.241 . . . Huntgroup-2 NAS-IP-Address == 172.y.y.254 <snip>
logfile "log\radius\radacct\"NAS-IPAddress"\auth- detail-20090303.log: (username is client telephone number) <snip> Packet-Type = Access-Request Tue Mar 3 08:37:36 2009 NAS-IP-Address = 172.x.x.2 NAS-Identifier = "STCGGSN3" Called-Station-Id = "My-Station-Id-String" Framed-Protocol = GPRS-PDP-Context Service-Type = Framed-User NAS-Port-Type = Virtual NAS-Port = 16861232 User-Name = "user1" User-Password = "password" Calling-Station-Id = "user1" Client-IP-Address = 172.x.x.2 Huntgroup-Name = "Huntgroup-1" <snip>
logfile "log\radius\radius.log" <snip> Mon Feb 16 12:00:54 2009 : Info: Ready to process requests. Mon Feb 16 12:01:49 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 35970456 cli 4790622859) Mon Feb 16 12:02:04 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 33168936 cli 4790622859) Mon Feb 16 12:02:17 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 30960664 cli 4790622859) Mon Feb 16 12:03:57 2009 : Info: Using deprecated naslist file. Support for this will go away soon. Mon Feb 16 12:03:57 2009 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Mon Feb 16 12:03:57 2009 : Info: rlm_eap_tls: Loading the certificate file as a chain Mon Feb 16 12:03:57 2009 : Info: WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not work! Mon Feb 16 12:03:57 2009 : Info: Ready to process requests. <snip>
If the abow errors is unrelated to my issue, I still would very much appreciante any hints on how to fix them.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841