freeradius authentication problem
Hello, I'm implementing free-radius authentication with nginx web server, Actually free-radius server is authenticating properly when I send the user credentials from terminal. But when I send the user credentials from browser I'm not able to authenticate the user credentials with free-radius. I'm getting some issue in terminal, attached screenshot of it. Kindly let me know the solution. Best Regards,
On Wed, 2018-07-11 at 16:23 +0530, Mallikarjuna wrote:
I'm implementing free-radius authentication with nginx web server, Actually free-radius server is authenticating properly when I send the user credentials from terminal. But when I send the user credentials from browser I'm not able to authenticate the user credentials with free-radius.
I'm getting some issue in terminal, attached screenshot of it. Kindly let me know the solution.
The debug output says you should check the shared secret, so maybe you could check the shared secret. It can't make it much clearer than that... -- Matthew
On Jul 11, 2018, at 6:56 AM, Matthew Newton <mcn@freeradius.org> wrote:
On Wed, 2018-07-11 at 16:23 +0530, Mallikarjuna wrote:
I'm implementing free-radius authentication with nginx web server, Actually free-radius server is authenticating properly when I send the user credentials from terminal. But when I send the user credentials from browser I'm not able to authenticate the user credentials with free-radius.
I'm getting some issue in terminal, attached screenshot of it. Kindly let me know the solution.
The debug output says you should check the shared secret, so maybe you could check the shared secret. It can't make it much clearer than that...
I mean it's highlighted in yellow and bold FFS. Also, don't send screenshots, it's obnoxious. -Arran
Hi, Actually I'm getting password as follows in the terminal * **User-Name = "bob"** **(137) User-Password = "\273m\000\372\366"* But the actual password is "hello". I'm using *bob Cleartext-Password := 'hello' *in**users file of freeradius. this causing my issue. Best Regards, LEGAL NOTICE: This message and any attachments are confidential and are intended only for the addressee. If you are not the intended recipient, you are hereby notified that any use, dissemination and / or unauthorized copying is prohibited by applicable law. If you have received this email in error, please notify us immediately via email or phone, described above, and kindly delete it from your system. PERSONAL DATA PROTECTION INFO According to the General Data Protection Regulation (UE) 2016/679, regarding your personal data management, we inform you: Data Controller: IGRID, S.L., C/ MARIE CURIE, 8-14, 08042, BARCELONA (BARCELONA). Purpose: Sending info and answering your questions and inquiries as long our relationship is going on and we have your consent. Lawful basis for processing: Performance of a contract or data subject's consent. Data disclosure. Your personal data will not be disclosed unless forced by law. Rights. You have right of access, right to rectification, right to erasure and data portability, and right to restriction of processing, writing a letter accompanied by a copy of an official document evidencing your identity to the Data Controller. You have also the right to logde a complaint with a Supervisory Authority (Spanish Supervisory Authority is Agencia Española de Protección de Datos). More info. Please visit the legal notice (Aviso Legal) in our website. INFORMACION SOBRE PROTECCION Y TRATAMIENTO DE DATOS PERSONALES: Este mensaje y los archivos adjuntos son confidenciales y se dirigen exclusivamente a su destinatario. Si no es usted el destinatario indicado, queda notificado de que la utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. Si usted ha recibido este correo por error, por favor avísenos inmediatamente a través de correo electrónico o por teléfono, descritos en la parte superior, y tenga la amabilidad de eliminarlo de su sistema. En cumplimiento del REGLAMENTO (UE) 2016/679, y en relación al tratamiento de sus datos personales, le informamos de lo siguiente: Responsable: El responsable del tratamiento es IGRID, S.L., C/ MARIE CURIE, 8-14, 08042, BARCELONA (BARCELONA). Finalidad: Envío de información, respuesta a sus consultas y peticiones, mientras dure nuestra relación y tengamos su consentimiento. Legitimación: Ejecución de contrato o consentimiento del interesado. Destinatarios: No se cederán datos a terceros salvo obligación legal. Derechos: Puede ejercer los derechos de acceso, rectificación, supresión y portabilidad de sus datos, y la limitación u oposición al tratamiento mediante escrito acompañado de copia de documento oficial que le identifique, dirigido al Responsable del tratamiento. En caso de disconformidad con el tratamiento, también tiene derecho a presentar una reclamación ante la Agencia Española de Protección de Datos. Más información: Consulte el aviso legal de nuestra web. On 11-07-2018 16:59, Arran Cudbard-Bell wrote:
On Jul 11, 2018, at 6:56 AM, Matthew Newton <mcn@freeradius.org> wrote:
On Wed, 2018-07-11 at 16:23 +0530, Mallikarjuna wrote:
I'm implementing free-radius authentication with nginx web server, Actually free-radius server is authenticating properly when I send the user credentials from terminal. But when I send the user credentials from browser I'm not able to authenticate the user credentials with free-radius.
I'm getting some issue in terminal, attached screenshot of it. Kindly let me know the solution. The debug output says you should check the shared secret, so maybe you could check the shared secret. It can't make it much clearer than that... I mean it's highlighted in yellow and bold FFS.
Also, don't send screenshots, it's obnoxious.
-Arran
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 12/07/2018, at 8:02 PM, Mallikarjuna <mallikarjuna.peddappanavara@igrid-td.com> wrote:
Hi,
Actually I'm getting password as follows in the terminal * **User-Name = "bob"** **(137) User-Password = "\273m\000\372\366"*
But the actual password is "hello". I'm using *bob Cleartext-Password := 'hello' *in**users file of freeradius.
Yep. Check that the shared secret is correct. In RADIUS, there must be a shared secret configured in both the client and the server. This is *not* the users’ password. The secret is used to encode the User-Password attribute, so, if you get the secret wrong you get junk in that attribute - just like you are getting - and unsurprisingly, you’re getting 5 characters, the same as the length of “hello”. Also, the response packets do not have the right Authenticator on them so your client should not accept the response. Check your clients.conf file, see what secret you have configured for the RADIUS client. Just like the output tells you to. -- Nathan Ward
On Jul 11, 2018, at 6:53 AM, Mallikarjuna <mallikarjuna.peddappanavara@igrid-td.com> wrote:
I'm implementing free-radius authentication with nginx web server, Actually free-radius server is authenticating properly when I send the user credentials from terminal. But when I send the user credentials from browser I'm not able to authenticate the user credentials with free-radius.
I'm getting some issue in terminal, attached screenshot of it.
Don't post screenshots. The debug output is text, and the mailing list is text. Post text. Alan DeKok.
participants (5)
-
Alan DeKok -
Arran Cudbard-Bell -
Mallikarjuna -
Matthew Newton -
Nathan Ward