authentication problem with mysql integration
I have installed freeradius-1.1.6 configured as mentioned http://wiki.freeradius.org/SQL_HOWTO when i do test radtest 12345 12345 x.x.x.x 1645 secret Sending Access-Request of id 2 to x.x.x.x port 1812 User-Name = "12345" User-Password = "12345" NAS-IP-Address = 255.255.255.255 NAS-Port = 1645 rad_recv: Access-Reject packet from host x.x.x.x:1812, id=2, length=20 rad_verify: Received Access-Reject packet from client x.x.x.x port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) rad_recv: Access-Request packet from host x.x.x.x:32772, id=2, length=57 User-Name = "12345" User-Password = "\234\312\252Q\312\261\202\354\227X\364A\271\277" NAS-IP-Address = 255.255.255.255 NAS-Port = 1645 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 modcall[authorize]: module "digest" returns noop for request 9 rlm_realm: No '@' in User-Name = "12345", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9 radius_xlat: '12345' rlm_sql (sql): sql_set_user escaped user --> '12345' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '12345' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName, radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '12345' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '12345' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName, radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '12345' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 1 rlm_sql (sql): No matching entry in the database for request from user [12345] modcall[authorize]: module "sql" returns notfound for request 9 modcall: leaving group authorize (returns ok) for request 9 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! Delaying request 9 for 1 seconds Finished request 9 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 2 to x.x.x.x port 32772 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 9 ID 2 with timestamp 46b896e7 Nothing to do. Sleeping until we see a request. any suggestions. ram
On Tuesday 07 August 2007 12:08:07 ram wrote:
rad_verify: Received Access-Reject packet from client x.x.x.x port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) ... WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! ... any suggestions.
ram
Those messages seem pretty clear to me. Have you verified the secret is the same? -Kevin
If your secret is the same than your MD5 libraries are broken. It's far more likely that secret is wrong. Type it in clients.conf again. Ivan Kalik Kalik Informatika ISP Dana 7/8/2007, "ram" <talk2ram@gmail.com> piše:
Those messages seem pretty clear to me. Have you verified the secret is the same?
yes i verified the secret is the same
ram
On Tue 07 Aug 2007, ram wrote:
Those messages seem pretty clear to me. Have you verified the secret is the same?
yes i verified the secret is the same
yes, but unfortunately the code has verified that it is not... -- Peter Nixon http://peternixon.net/
participants (5)
-
A.L.M.Buxey@lboro.ac.uk -
Kevin Bonner -
Peter Nixon -
ram -
tnt@kalik.co.yu