Problem changing secret in clients.conf
Hello! I'm totally new in Linux, as well as in freeradius... I've installed version 2.1.8 in Linuxmint 7. I think everything in installation went ok... I succeed doing: $ radtest user password 127.0.0.1 10 testing123 with user/password the ones that I use to login in my computer. I get a response Access-Accept (I had some problems here because I wasn't able to get an accept using localhost instead of 127.0.0.1 ...) I'm now in the next step. I want to change the secret in clients.conf, so I made the change: #secret = testing123 secret = abracadabra I stopped radiusd and started again. $ radtest user password 127.0.0.1 10 abracadabra doesn't work any more... and I don't understand why... because I'm using the same word. *rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=146, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.)* I get this log: rad_recv: Access-Request packet from host 127.0.0.1 port 34217, id=146, length=60 User-Name = "mjimenez" User-Password = "\353\036\355h\203l\217\362\252\003\203P\270\223\342\231" NAS-IP-Address = 127.0.1.1 NAS-Port = 10 Sat Mar 27 18:59:31 2010 : Info: +- entering group authorize {...} Sat Mar 27 18:59:31 2010 : Info: ++[preprocess] returns ok Sat Mar 27 18:59:31 2010 : Info: ++[chap] returns noop Sat Mar 27 18:59:31 2010 : Info: ++[mschap] returns noop Sat Mar 27 18:59:31 2010 : Info: [suffix] No '@' in User-Name = "mjimenez", looking up realm NULL Sat Mar 27 18:59:31 2010 : Info: [suffix] No such realm "NULL" Sat Mar 27 18:59:31 2010 : Info: ++[suffix] returns noop Sat Mar 27 18:59:31 2010 : Info: [eap] No EAP-Message, not doing EAP Sat Mar 27 18:59:31 2010 : Info: ++[eap] returns noop Sat Mar 27 18:59:31 2010 : Info: ++[unix] returns updated Sat Mar 27 18:59:31 2010 : Info: ++[files] returns noop Sat Mar 27 18:59:31 2010 : Info: ++[expiration] returns noop Sat Mar 27 18:59:31 2010 : Info: ++[logintime] returns noop Sat Mar 27 18:59:31 2010 : Info: ++[pap] returns updated Sat Mar 27 18:59:31 2010 : Info: Found Auth-Type = PAP Sat Mar 27 18:59:31 2010 : Info: +- entering group PAP {...} Sat Mar 27 18:59:31 2010 : Info: [pap] login attempt with password "�?�h?l?��??P�?�?" Sat Mar 27 18:59:31 2010 : Info: [pap] Using CRYPT encryption. Sat Mar 27 18:59:31 2010 : Info: [pap] Passwords don't match Sat Mar 27 18:59:31 2010 : Info: ++[pap] returns reject Sat Mar 27 18:59:31 2010 : Info: Failed to authenticate the user. Sat Mar 27 18:59:31 2010 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Sat Mar 27 18:59:31 2010 : Info: Using Post-Auth-Type Reject Sat Mar 27 18:59:31 2010 : Info: +- entering group REJECT {...} Sat Mar 27 18:59:31 2010 : Info: [attr_filter.access_reject] expand: %{User-Name} -> mjimenez Sat Mar 27 18:59:31 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11 Sat Mar 27 18:59:31 2010 : Info: ++[attr_filter.access_reject] returns updated Sat Mar 27 18:59:31 2010 : Info: Delaying reject of request 0 for 1 seconds Sat Mar 27 18:59:31 2010 : Debug: Going to the next request Sat Mar 27 18:59:31 2010 : Debug: Waking up in 0.9 seconds. Sat Mar 27 18:59:32 2010 : Info: Sending delayed reject for request 0 Sending Access-Reject of id 146 to 127.0.0.1 port 34217 Sat Mar 27 18:59:32 2010 : Debug: Waking up in 4.9 seconds. Sat Mar 27 18:59:37 2010 : Info: Cleaning up request 0 ID 146 with timestamp +9 When I had testing123 as secret, in User-Password I could see "my real password" and not "\353\036\355h\203l\217\362\252\00..."* * I have checked I have this line in radiusd.conf : $INCLUDE clients.conf * * Maybe is a stupid question and I've to change something more in another conf file. I've not started configuring my NAS yet... I was trying to configure radius first and checking with radtest step by step.* * Thank you in advance for any help you can give me, Marta
Hi,
I'm totally new in Linux, as well as in freeradius... I've installed version 2.1.8 in Linuxmint 7. I think everything in installation went ok... I succeed doing: $ radtest user password 127.0.0.1 10 testing123 with user/password the ones that I use to login in my computer. I get a response Access-Accept (I had some problems here because I wasn't able to get an accept using localhost instead of 127.0.0.1 ...)
I'm now in the next step. I want to change the secret in clients.conf, so I made the change: #secret = testing123 secret = abracadabra
I stopped radiusd and started again.
$ radtest user password 127.0.0.1 10 abracadabra doesn't work any more... and I don't understand why... because I'm using the same word.
does 'testing123' still work though? in which case, the server isnt reading the config file or directory you think it is!) you did edit the 127.0.0.1 {} entry in clients.conf? alan
Hi, Surprisingly yes, testing123 was still working.... Thank you for the idea... I have managed to solve the problem: There are two raddb directories (at least, I have two...): /usr/share/freeradius-server-2.1.8/raddb /usr/local/etc/raddb I was modifying clients.conf in the first one, but in radiusd.conf there is: *prefix = /usr/local* exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct and having a look at this directory, I found the second raddb directory. I'm a bit lost with this directories schema in Linux... Is there any reason to have two raddb directories or maybe I made an error in installation? Thank you very much for your help!! Marta 2010/3/27 Alan Buxey <A.L.M.Buxey@lboro.ac.uk>
Hi,
I'm totally new in Linux, as well as in freeradius... I've installed version 2.1.8 in Linuxmint 7. I think everything in installation went ok... I succeed doing: $ radtest user password 127.0.0.1 10 testing123 with user/password the ones that I use to login in my computer. I get a response Access-Accept (I had some problems here because I wasn't able to get an accept using localhost instead of 127.0.0.1 ...)
I'm now in the next step. I want to change the secret in clients.conf, so I made the change: #secret = testing123 secret = abracadabra
I stopped radiusd and started again.
$ radtest user password 127.0.0.1 10 abracadabra doesn't work any more... and I don't understand why... because I'm using the same word.
does 'testing123' still work though? in which case, the server isnt reading the config file or directory you think it is!)
you did edit the 127.0.0.1 {} entry in clients.conf?
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, Does anyone knows how I could save the CHAP password into radpostauth pass in a VISIBLE format, in mysql ? Actually I can correctly log both the successful and unsuccessful authentications, but I can see only the PAP auth in a visible format. Is there a chance to configure freeradius to see a visible chap-password when quering in mysql , not the 0xea8c35456432dd70a3bbe3ef701a669a13 encrypted formula ? thanks, John
It's a one-way hash of the password. What you're seeing is the CHAP password value. Only PAP uses a reversible password. Sallai Janos wrote:
Hi,
Does anyone knows how I could save the CHAP password into radpostauth pass in a VISIBLE format, in mysql ? Actually I can correctly log both the successful and unsuccessful authentications, but I can see only the PAP auth in a visible format. Is there a chance to configure freeradius to see a visible chap-password when quering in mysql , not the 0xea8c35456432dd70a3bbe3ef701a669a13 encrypted formula ?
thanks, John
Hi,
There are two raddb directories (at least, I have two...): /usr/share/freeradius-server-2.1.8/raddb /usr/local/etc/raddb
and having a look at this directory, I found the second raddb directory. I'm a bit lost with this directories schema in Linux... Is there any reason to have two raddb directories or maybe I made an error in installation? Thank you very much for your help!! Marta
i would guess that the directory in /usr/share is mainly due to documentation and is the default vednor supplied files untouched by the package manager - did you install via RPM or such? usually, if you install by hand you'll have the files in /etc/raddb or /usr/local/etc/raddb (most commonly chosen default locations in configuration step) in your case, from the config, looks like /usr/local/etc/radd/ is the directory to focus on :-) alan
participants (4)
-
Alan Buxey -
Marta Jiménez García -
Michael Lecuyer -
Sallai Janos