Good morning, I have a serious problem, see if you can help. It just can not authenticate any user. The throwing error is: WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. User-Password in the request does NOT match "known good" password. Failed to authenticate the user. WARNING: unprintable characters in the password. Double-check the shared secret on the server and the NAS! Working with a database mysql + freeradius + chillispot. I show the output of freeradius-X Module: Linked to rlm_files module Module: instantiating files (files usersfile = "/ etc / freeradius / users" acctusersfile = "/ etc / freeradius / acct_users" preproxy_usersfile = "/ etc / freeradius / preproxy_users" compat = "no" ) Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: instantiating radutmp (radutmp filename = "/ var / log / freeradius / radutmp" username = "% (User-Name)" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes ) Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: instantiating attr_filter.access_reject (attr_filter.access_reject attr_filter attrsfile = "/ etc / freeradius / attrs.access_reject" key = "% (User-Name)" ) ) # Modules # Server) server ( (modules Module: Checking authenticate {...} for more modules to load Module: Checking Authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: instantiating Preprocess (Preprocess huntgroups = "/ etc / freeradius / huntgroups" hints = "/ etc / freeradius / hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no ) Module: Linked to module rlm_sql Module: sql instantiating (sql driver = "rlm_sql_mysql" server = "localhost" port = "" login = "radius" password = "radpass" radius_db = "radius" read_groups = yes sqltrace = no sqltracefile = "/ var / log / freeradius / sqltrace.sql" readclients = no deletestalesessions = yes num_sql_socks = 5 lifetime = 0 max_queries = 0 sql_user_name = "% (User-Name)" default_user_profile = "" nas_query = "SELECT id, nasname, shortname, type, secret FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '% (SQL-User-Name)' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '% (SQL-User-Name)' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '% (Sql-Group)' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '% (Sql-Group)' ORDER BY id" accounting_onoff_query = "UPDATE SET radacct acctstoptime = '% S', acctsessiontime = UNIX_TIMESTAMP ('% S') - UNIX_TIMESTAMP (acctstarttime) acctterminatecause = '% (Acct-Terminate-Cause)', acctstopdelay =% (% (Acct-Delay -Time): -0) WHERE IS NULL AND acctstoptime nasipaddress = '% (NAS-IP-Address)' AND acctstarttime <= '% S' " accounting_update_query = "UPDATE SET radacct framedipaddress = '% (Framed-IP-Address)', acctsessiontime = '% (Acct-Session-Time)', acctinputoctets ='%{%{ Acct-Input-Gigawords): -0) ' <<32 |'%{%{ Acct-Input-Octets): -0) ', acctoutputoctets ='%{%{ Acct-Output-Gigawords): -0)' <<32 | Acct-'%{%{ Output-Octets): -0) 'WHERE acctsessionid ='% (Acct-Session-Id) 'AND username = "% (SQL-User-Name)' AND nasipaddress = '% (NAS-IP-address)'" accounting_update_query_alt = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, ServiceType, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES (' % (Acct-Session-Id) ','% (Acct-Unique-Session-Id) ','% (SQL-User-Name) ','% (Realm) ','% (NAS-IP-Address) ','% (NAS-Port) ','% (NAS-Port-Type) ', DATE_SUB ('% S ', INTERVAL (%{%{ Acct-Session-Time): -0) +% (% ( Acct-Delay-Time): -0)) SECOND), '% (Acct-Session-Time)', '% (Acct-Authentic)','','%{%{ Acct-Input-Gigawords): - 0) '<<32 |'%{%{ Acct-Input-Octets): -0)', Acct-Output-'%{%{ Gigawords): -0) '<<32 |'%{%{ Acct -Output-Octets): -0) ','% (Called-Station-Id) ','% (Calling-Station-Id) ','% (Service-Type) ','% (Framed-Protocol) ' , '% (Framed-IP-Address)', '0 ','% (X-Ascend-Session-Svr-Key) ') " accounting_start_query = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, ServiceType, framedprotocol, framedipaddress, acctstartdelay , acctstopdelay, xascendsessionsvrkey) VALUES ('% (Acct-Session-Id)', '% (Acct-Unique-Session-Id)', '% (SQL-User-Name)', '% (Realm)', ' % (the NAS-IP-Address) ', the NAS-Port% ()', (% Nas-Port-Type) ', "% S', NULL, '0 'for'% (Acct-Authentic) ', '% (Connect-Info) ",'', '0', '0 ','% (Called-Station-Id) ','% (Calling" Station-Id) ','','% (Service- Type) ','% (Framed-Protocol) ','% (Framed-IP-Address) ','%{%{ Acct-Delay-Time): -0)', '0 ','% (X- Ascend-Session-Svr-Key) ') " accounting_start_query_alt = "UPDATE SET radacct acctstarttime = '% S', acctstartdelay ='%{%{ Acct-Delay-Time): -0) ', connectinfo_start ='% (Connect-Info) 'WHERE acctsessionid ='% (Acct- Session-Id) 'AND username ='% (SQL-User-Name) 'AND nasipaddress ='% (NAS-IP-Address) '" accounting_stop_query = "UPDATE SET radacct acctstoptime = '% S', acctsessiontime = '% (Acct-Session-Time)', acctinputoctets ='%{%{ Acct-Input-Gigawords): -0) '<<32 |'% (% (Acct-Input-Octets): -0) ', acctoutputoctets ='%{%{ Acct-Output-Gigawords): -0)' <<32 |'%{%{ Acct-Output-Octets): - 0) ', acctterminatecause ='% (Acct-Terminate-Cause) ', acctstopdelay ='%{%{ Acct-Delay-Time): -0)', connectinfo_stop = '% (Connect-Info)' WHERE acctsessionid = ' % (Acct-Session-Id) 'AND username ='% (SQL-User-Name) 'AND nasipaddress ='% (NAS-IP-Address) '" accounting_stop_query_alt = "INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, ServiceType, framedprotocol, framedipaddress, acctstartdelay , acctstopdelay) VALUES ('% (Acct-Session-Id)', '% (Acct-Unique-Session-Id)', '% (SQL-User-Name)', '% (Realm)', '% ( NAS-IP-Address) ','% (NAS-Port) ','% (NAS-Port-Type) ', DATE_SUB ('% S ', INTERVAL (%{%{ Acct-Session-Time): -0 (%) +% (Acct-Delay-Time): -0)) SECOND), '% S', '% (Acct-Session-Time)', '% (Acct-Authentic)','', '% (Connect-Info) ','%{%{ Acct-Input-Gigawords): -0)' <<32 |'%{%{ Acct-Input-Octets): -0) ', Acct'%{%{ -Output-Gigawords): -0) '<<32 |'%{%{ Acct-Output-Octets): -0)', '% (Called-Station-Id)', '% (Calling-Station-Id ) ','% (Acct-Terminate-Cause) ','% (Service-Type) ','% (Framed-Protocol) ','% (Framed-IP-Address) ', '0', '% ( % (Acct-Delay-Time): -0) ') " group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '% (SQL-User-Name)' ORDER BY priority" connect_failure_retry_delay = 60 simul_count_query = "" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol radacct FROM WHERE username = '% (SQL-User-Name)' AND acctstoptime IS NULL" postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('% (User-Name)', User-Password'%{%{ }:-%{ Chap-Password)) ','% (reply :) Packet-Type ','% S ') " safe-characters = "@ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" ) rlm_sql (sql): Driver rlm_sql_mysql (rlm_sql_mysql module) loaded and linked rlm_sql (sql): Attempting to connect to radius @ localhost: / radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql # 0 rlm_sql_mysql: Starting connect to MySQL server for # 0 rlm_sql (sql): Connected new DB handle, # 0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql # 1 rlm_sql_mysql: Starting connect to MySQL server for # 1 rlm_sql (sql): Connected new DB handle, # 1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql # 2 rlm_sql_mysql: Starting connect to MySQL server for # 2 rlm_sql (sql): Connected new DB handle, # 2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql # 3 rlm_sql_mysql: Starting connect to MySQL server for # 3 rlm_sql (sql): Connected new DB handle, # 3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql # 4 rlm_sql_mysql: Starting connect to MySQL server for # 4 rlm_sql (sql): Connected new DB handle, # 4 Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: instantiating acct_unique (acct_unique key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" ) Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: instantiating detail (detail detailfile = "/ var / log / freeradius / radacct /% (Client-IP-Address) / detail-% Y% m% d" header = "% t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no ) Module: instantiating attr_filter.accounting_response (attr_filter.accounting_response attr_filter attrsfile = "/ etc / freeradius / attrs.accounting_response" key = "% (User-Name)" ) Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules file to load Module: Checking post-auth {...} for more modules to load ) # Modules # Server) radiusd: # # # # Opening IP addresses and Ports # # # # list ( type = "auth" ipaddr = * port = 0 ) listen ( type = "acct" ipaddr = * port = 0 ) Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 81.39.156.140 port 56 066, id = 0, length = 193 User-Name = "george" User-Password = "L] \ 357DK \ 027 \ 304 \ 033 \ 376Hx. \ 342Ö \ 336" NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 172.30.0.2 Calling-Station-Id = "00-26-B6-21-00-B6" Called-Station-Id = "00-15-6D-EA-2A-64" NAS-Identifier = "nas01" Acct-Session-Id = "4a22752700000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0xcb69aaaeb72f21b84a10ffcda684fc8d WISPr-Logoff-URL = "http://172.30.0.1:3990/logoff" + - Authorize Entering group {...} + + [Preprocess] returns ok + + [Chap] returns noop + + [MSCHAP] returns noop [Suffix] No '@' in User-Name = "george", looking up realm NULL [Suffix] No such realm "NULL" + + [Suffix] returns noop [Eap] No EAP-Message, Not doing EAP + + [Eap] returns noop + + [Unix] returns notfound [Sql] expand:% (User-Name) -> jorge [Sql] sql_set_user escaped user -> 'jorge' rlm_sql (sql): Reserving sql socket id: 4 [Sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '% (SQL-User-Name)' ORDER BY id -> SELECT id, username, attribute, value, op FROM WHERE username = radcheck 'jorge' ORDER BY id [Sql] User radcheck found in table [Sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '% (SQL-User-Name)' ORDER BY id -> SELECT id, username, attribute, value, op FROM WHERE username = radreply 'jorge' ORDER BY id [Sql] expand: SELECT groupname FROM radusergroup WHERE username = '% (SQL-User-Name)' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'jorge' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 + + [Sql] returns ok + + [Expiration] returns noop + + [Logintime] returns noop WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. User-Password in the request does NOT match "known good" password. Failed to authenticate the user. WARNING: unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject + - Entering group REJECT {...} [Attr_filter.access_reject] expand:% (User-Name) -> jorge attr_filter: Matched entry DEFAULT at line 11 + + [Attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 0 to 81.39.156.140 port 56 066 Waking up in 4.9 seconds. Cleaning up request 0 ID 0 with timestamp +10 Ready to process requests. When I try to authenticate displays the following output: rad_recv: Access-Request packet from host 81.39.156.140 port 56 607, id = 0, length = 193 User-Name = "steve" User-Password = "\ 227 \ 260 \ 342 \ 242R $, \ 274 \ 204 \ 270 \ 265 \ 035 <\ 217X \ 313" NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 172.30.0.2 Calling-Station-Id = "00-26-B6-21-00-B6" Called-Station-Id = "00-15-6D-EA-2A-64" NAS-Identifier = "nas01" Acct-Session-Id = "4a22752700000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x5024856015aed1488bc5a5ab81f96a7e WISPr-Logoff-URL = "http://172.30.0.1:3990/logoff" + - Authorize Entering group {...} & + [Preprocess] returns ok + + [Chap] returns noop & + [MSCHAP] returns noop [Suffix] No '@' in User-Name = "steve", looking up realm NULL [Suffix] No such realm "NULL" + + [Suffix] returns noop [Eap] No EAP-Message, Not doing EAP + + [Eap] returns noop + + [Unix] returns notfound [Sql] expand:% (User-Name) -> steve [Sql] sql_set_user escaped user -> 'steve' rlm_sql (sql): Reserving sql socket id: 3 [Sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '% (SQL-User-Name)' ORDER BY id -> SELECT id, username, attribute, value, op FROM WHERE username = radcheck 'steve' ORDER BY id [Sql] expand: SELECT groupname FROM radusergroup WHERE username = '% (SQL-User-Name)' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'steve' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [Sql] User not found steve + + [Sql] returns notfound + + [Expiration] returns noop + + [Logintime] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. WARNING: unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject + - Entering group REJECT {...} [Attr_filter.access_reject] expand:% (User-Name) - steve attr_filter: Matched entry DEFAULT at line 11 & & [Attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 0 to 81.39.156.140 port 56 607 Waking up in 4.9 seconds. Cleaning up request 1 ID 0 with timestamp +515 Ready to process requests. Thank you very much ;) -- View this message in context: http://old.nabble.com/Freeradius%2Bmysql%2Bchillispot-tp29149021p29149021.ht... Sent from the FreeRadius - User mailing list archive at Nabble.com.
jorge88 wrote:
I have a serious problem, see if you can help. It just can not authenticate any user. The throwing error is:
WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. User-Password in the request does NOT match "known good" password. Failed to authenticate the user. WARNING: unprintable characters in the password. Double-check the shared secret on the server and the NAS!
All of those messages should be easy to understand. Use "Cleartext-Password := .." instead of "User-Password == .." Re-enter the shared secret. Alan DeKok.
Hello Alan, Thank you very much for you request. Using "Cleartext-Password: =" message still appears: WARNING: unprintable characters in the password. Double-check the shared secret on the server and the NAS! And the user is not logged in successful, the encrypted key. What could be the problem? Thank you :) Regards, Jorge El 13/07/2010 18:44, Alan DeKok escribió:
jorge88 wrote:
I have a serious problem, see if you can help. It just can not authenticate any user. The throwing error is:
WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. User-Password in the request does NOT match "known good" password. Failed to authenticate the user. WARNING: unprintable characters in the password. Double-check the shared secret on the server and the NAS!
All of those messages should be easy to understand.
Use "Cleartext-Password := .." instead of "User-Password == .."
Re-enter the shared secret.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.830 / Virus Database: 271.1.1/3002 - Release Date: 07/13/10 08:36:00
Using "Cleartext-Password: =" message still appears: WARNING: unprintable characters in the password. Double-check the shared secret on the server and the NAS! And the user is not logged in successful, the encrypted key. What could be the problem? You need to read the error message and Alan's e-mail. The error message says: Double-check the shared secret on the server and the NAS! Tim
Hi, this:
User-Password = "L] \ 357DK \ 027 \ 304 \ 033 \ 376Hx. \ 342Ö \ 336"
and this:
WARNING: unprintable characters in the password. Double-check the shared secret on the server and the NAS!
are clear signs that the shared secret on the NAS is wrong - or you've entered the wrong string in the clients.conf (or SQL table). fix it alan
participants (5)
-
Alan Buxey -
Alan DeKok -
Jorge Fresneda -
jorge88 -
Tim Sylvester