Radius server ans NAS keys don't match! ?
Hi, I am trying to work with Radius on a FreeBSD machine. When I try radlogin on the client machine , I get the following message from the server Ready to process requests. Service-Type = 0x0000000100000000 User-Name = "xxx" User-Password = "\240\365\313ħ\255\371\r\203\300.\275ܤ" NAS-Port = 0x0000000000000000 NAS-IP-Address = 0x0a2a009b00000000 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "xxx", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound users: Matched entry xxx at line 17 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "?õËħù ?À.½Ü?¤" rlm_pap: Using clear text password "xxx" rlm_pap: Passwords don't match ++[pap] returns reject auth: Failed to validate the user. Login incorrect (rlm_pap: CLEAR TEXT password check failed): [*kavita*/\240\365\313ħ\255\371\r\203\300.\275Ü?¤] (from client hwq5 port 0) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> xxx attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Waking up in 4.9 seconds. Cleaning up request 1 ID 127 with timestamp +24 Ready to process requests. I have checked the secret key on the server and the client and it is the same! Is there any setting to be done in /radiusclient-ng-0.5.6/etc/servers radius_server_ip secret_key and /radiusclient-ng/radiusclient.conf authserver radius_server_ip:1812 My Radius server is a 32 bit freeBSD machine where as the client is 64 bit FreeBSD Thank you, *Kavita*
Kavita Chitnis wrote:
I am trying to work with Radius on a FreeBSD machine. When I try radlogin on the client machine , I get the following message from the server
Ready to process requests. Service-Type = 0x0000000100000000
What client is this? It's *severely* broken.
User-Name = "xxx" User-Password = "\240\365\313ħ\255\371\r\203\300.\275ܤ"
And the shared secret is wrong.
NAS-Port = 0x0000000000000000 NAS-IP-Address = 0x0a2a009b00000000
It looks like the client isn't 64-bit clean.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
That's pretty definitive.
I have checked the secret key on the server and the client and it is the same!
Then the client isn't 64-bit clean.
Is there any setting to be done in /radiusclient-ng-0.5.6/etc/servers radius_server_ip secret_key
Ah. Use freeradius-client, instead. See the main freeradius web page for a link to the "client library". It's a continuation of radiusclient-ng, with bug fixes.
My Radius server is a 32 bit freeBSD machine where as the client is 64 bit FreeBSD
Yup. And you're using old software that doesn't work. Upgrade. Alan DeKok.
Alan, Thank you very much for the quick reply. I have changed the radius client package to radiusclient-0.5.6_1 Client library and basic utilities for RADIUS AAA as the old one was giving trouble (5.2 version) and now radlogin seems to work good! Now to make the client use radius login instead of regular login (authentication), I have downloaded the ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.17.tar.gz file but the setting described are for Linux and not for FreeBSD. Is it possible to get the FreeBSD settings? Thank you and again I really appreciate you responding to my first question. Kavita On Thu, Aug 21, 2008 at 2:02 AM, Alan DeKok <aland@deployingradius.com>wrote:
Kavita Chitnis wrote:
I am trying to work with Radius on a FreeBSD machine. When I try radlogin on the client machine , I get the following message from the server
Ready to process requests. Service-Type = 0x0000000100000000
What client is this? It's *severely* broken.
User-Name = "xxx" User-Password = "\240\365\313ħ\255\371\r\203\300.\275ܤ"
And the shared secret is wrong.
NAS-Port = 0x0000000000000000 NAS-IP-Address = 0x0a2a009b00000000
It looks like the client isn't 64-bit clean.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
That's pretty definitive.
I have checked the secret key on the server and the client and it is the same!
Then the client isn't 64-bit clean.
Is there any setting to be done in /radiusclient-ng-0.5.6/etc/servers radius_server_ip secret_key
Ah. Use freeradius-client, instead. See the main freeradius web page for a link to the "client library". It's a continuation of radiusclient-ng, with bug fixes.
My Radius server is a 32 bit freeBSD machine where as the client is 64 bit FreeBSD
Yup. And you're using old software that doesn't work. Upgrade.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Kavita Chitnis wrote:
Now to make the client use radius login instead of regular login (authentication), I have downloaded the ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.17.tar.gz file but the setting described are for Linux and not for FreeBSD.
Is it possible to get the FreeBSD settings?
Read the FreeBSD documentation for how to configure PAM on FreeBSD. PAM is pretty much the same across all systems. Alan DeKok.
participants (2)
-
Alan DeKok -
Kavita Chitnis