Re: The client does not connect _*_*_*_
Alan DeKok-2 wrote:
Martin Silvero wrote:
Thu Sep 25 12:49:16 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250
Well... did you add that IP as a client in raddb/clients.conf?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi Alan, I have the same problem with Martin, plz help me.. I added something in the raddb/clients.conf file as follow: client ipipgw { ipaddr = 192.168.6.201 secret = testing123 shortname = c3725 nastype = cisco login = user password = userpass } -- View this message in context: http://old.nabble.com/The-client-does-not-connect-_*_*_*_-tp19672841p2846888... Sent from the FreeRadius - User mailing list archive at Nabble.com.
hafthanhf wrote:
hi Alan, I have the same problem with Martin, plz help me.. I added something in the raddb/clients.conf file as follow:
So... run the server in debugging mode as suggested everywhere. READ the debug output. Is the client listed? READ the debug output. When it receives a packet, what happens? My "magical" ability to solve problems is largely a result of reading the output of the server. Alan DeKok.
thank for repy Alan, for clear, here is my topology PC | SW---Router (c3725) | Radius server when I telnet to the router fromg my PC, the radius server list the clients as "unknow clients".as soon as I entered the password. the debug output is as follow: "ignoring request to authentication address * port 1812 from unknow client 192.168.6.201 port 1645" I've also run debug radius mode on the router, and here is the output: *Mar 1 00:06:03.507: RADIUS: no sg in radius-timers: ctx 0x658A67E4 sg 0x0000 *Mar 1 00:06:03.511: RADIUS: Retransmit to (192.168.6.102:1812,1813) for id 1645/2 each time the router retransmit access requess message, the server show the output as above. On 10 May 2010 13:10, Alan DeKok <aland@deployingradius.com> wrote:
hafthanhf wrote:
hi Alan, I have the same problem with Martin, plz help me.. I added something in the raddb/clients.conf file as follow:
So... run the server in debugging mode as suggested everywhere.
READ the debug output. Is the client listed?
READ the debug output. When it receives a packet, what happens?
My "magical" ability to solve problems is largely a result of reading the output of the server.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- htt
htt thanh wrote:
thank for repy Alan, for clear, here is my topology
I didn't ask for that.
when I telnet to the router fromg my PC, the radius server list the clients as "unknow clients".as soon as I entered the password.
You already said that.
the debug output is as follow:
"ignoring request to authentication address * port 1812 from unknow client 192.168.6.201 port 1645"
Did you read the *rest* of the debug output as I suggested?
I've also run debug radius mode on the router, and here is the output:
I didn't ask for that. Honestly, it's not that difficult to see what's going on. Go back to my previous message, and READ IT. Be sure that you answer BOTH questions. The problem here is that you're not following instructions. That's a guaranteed way to *never* solve the problem. Alan DeKok.
hi Alan, thank you to get me out of the wrong way, I've checked the whole of server's output,in debug mode , and I found out that the radius included its configuration file with this path, all of them are: /usr/local/etc/raddb/xxx e.g: including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ ... while the path of configuration files I modified is: /usr/local/freeradius-server-2.1.8/raddb/ So should I change the configuration files in the path /usr/local/etc/raddb or make some modifications in the /usr/local/freeradius-server-2.1.8/raddb/radiusd.conf? .. On 10 May 2010 15:11, Alan DeKok <aland@deployingradius.com> wrote:
htt thanh wrote:
thank for repy Alan, for clear, here is my topology
I didn't ask for that.
when I telnet to the router fromg my PC, the radius server list the clients as "unknow clients".as soon as I entered the password.
You already said that.
the debug output is as follow:
"ignoring request to authentication address * port 1812 from unknow client 192.168.6.201 port 1645"
Did you read the *rest* of the debug output as I suggested?
I've also run debug radius mode on the router, and here is the output:
I didn't ask for that.
Honestly, it's not that difficult to see what's going on. Go back to my previous message, and READ IT. Be sure that you answer BOTH questions.
The problem here is that you're not following instructions. That's a guaranteed way to *never* solve the problem.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- htt
htt thanh wrote:
hi Alan, thank you to get me out of the wrong way, I've checked the whole of server's output,in debug mode , and I found out that the radius included its configuration file with this path, all of them are: /usr/local/etc/raddb/xxx e.g: including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ ...
while the path of configuration files I modified is: /usr/local/freeradius-server-2.1.8/raddb/
So should I change the configuration files in the path /usr/local/etc/raddb or make some modifications in the /usr/local/freeradius-server-2.1.8/raddb/radiusd.conf?
Which one is the server reading? Which one should you modify? Is there a reason to modify a file that the server does not read? Alan DeKok.
ok, I think the server is reading files on the path: /usr/local/etc/ so, I modified the file /usr/local/etc/raddb/clients.conf by adding: client ipipgw { ipaddr = 192.168.6.201 secret = testing123 shortname = c3725 nastype = cisco login = user password = userpass } and this is the debug output: Ready to process requests. rad_recv: Access-Request packet from host 192.168.6.201 port 1645, id=4, length=84 User-Name = "thanh" User-Password = "-*\333\003D\215\345\\\302\036\251\320:\373ȇ" NAS-Port = 98 NAS-Port-Id = "tty98" NAS-Port-Type = Virtual Calling-Station-Id = "192.168.6.20" NAS-IP-Address = 192.168.6.201 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "thanh", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> thanh attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 4 to 192.168.6.201 port 1645 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.6.201 port 1645, id=4, length=84 Sending duplicate reply to client ipipgw port 1645 - ID: 4 Sending Access-Reject of id 4 to 192.168.6.201 port 1645 Waking up in 1.2 seconds. Cleaning up request 0 ID 4 with timestamp +52 Ready to process requests. rad_recv: Access-Request packet from host 192.168.6.201 port 1645, id=4, length=84 User-Name = "thanh" User-Password = "-*\333\003D\215\345\\\302\036\251\320:\373ȇ" NAS-Port = 98 NAS-Port-Id = "tty98" NAS-Port-Type = Virtual Calling-Station-Id = "192.168.6.20" NAS-IP-Address = 192.168.6.201 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "thanh", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> thanh attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 4 to 192.168.6.201 port 1645 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.6.201 port 1645, id=4, length=84 Sending duplicate reply to client ipipgw port 1645 - ID: 4 Sending Access-Reject of id 4 to 192.168.6.201 port 1645 Waking up in 1.2 seconds. Cleaning up request 1 ID 4 with timestamp +61 Ready to process requests. plz tell me how to solve this. thank you vrey much -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- htt
Hi,
User-Password = "-*\333\003D\215\345\\\302\036\251\320:\373ȇ"
note the mess ..then note this warning:
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
not sure how much more help the server can give you. you have incorrect shared secret. double check your values...trailing space? alan
Hi, I don't know why the user-password id encrypted, how can I make a cleartext secret...;(( thank in advance On 11 May 2010 14:23, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
User-Password = "-*\333\003D\215\345\\\302\036\251\320:\373ȇ"
note the mess
..then note this warning:
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
not sure how much more help the server can give you. you have incorrect shared secret. double check your values...trailing space?
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- htt
Le 11/05/2010 10:09, htt thanh a écrit :
Hi, I don't know why the user-password id encrypted, how can I make a cleartext secret...;((
The pb is with your client shared secret: the secret you set in /etc/raddb/clients.conf and in your NAS configuration. It seems that you haven't set the same secret in your FR configuration and in your NAS so that the password sent to FR is not correctly decrypted. Thibaukt
thank in advance
On 11 May 2010 14:23, Alan Buxey <A.L.M.Buxey@lboro.ac.uk <mailto:A.L.M.Buxey@lboro.ac.uk>> wrote:
Hi,
> User-Password = "-*\333\003D\215\345\\\302\036\251\320:\373ȇ"
note the mess
..then note this warning:
> WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
not sure how much more help the server can give you. you have incorrect shared secret. double check your values...trailing space?
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- htt
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (5)
-
Alan Buxey -
Alan DeKok -
hafthanhf -
htt thanh -
Thibault Le Meur