Fwd: Authentication failure issue
Hello Friends, I met a issue regarding password/authentication with FreeRadius, Could anybody help for the issue, Thanks! User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002" [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user The details in below mails. Regards, Charles Forwarded conversation Subject: Authentication failure issue ------------------------ From: *fieldpeak* <fieldpeak@gmail.com> Date: 2011/8/4 To: freeradius-users@lists.freeradius.org Dear Friends, I'm trying integrate Freeswitch with Freeradius, I met below issue, can anyone help, thanks in adance. Freeradius server log: rad_recv: Access-Request packet from host 127.0.0.1 port 52684, id=49, length=111 User-Name = "1001" User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002" Called-Station-Id = "888" h323-conf-id = "749d2b5a-16ad-48e4-af58- 24011949d1b5" Calling-Station-Id = "1001" NAS-Port = 0 NAS-IP-Address = 127.0.0.1 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 [auth_log] expand: %t -> Wed Aug 3 12:06:33 2011 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "1001", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} -> 1001 [sql] sql_set_user escaped user --> '1001' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1001' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1001' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 [sql] User 1001 not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 1001 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 49 to 127.0.0.1 port 52684 Waking up in 4.9 seconds. Cleaning up request 8 ID 49 with timestamp +7674 Ready to process requests. WARNING! No "known good" password found for the user Regards, Charles ---------- From: *fieldpeak* <fieldpeak@gmail.com> Date: 2011/8/4 To: freeradius-users@lists.freeradius.org Hello Gurus, I've double checked the shared secret on both server and NAS are the same, the problem still exist, it trouble me a few days, can anyone kindly help? nas: /usr/local/etc/radiusclient/servers localhost/localhost testing123 server: /usr/local/etc/raddb/clients.conf secret = testing123
Hello, while you marked lots of stuff in yellow, you missed the REALLY helpful part: "WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!" How about doing exactly that...? Stefan Winter Am 05.08.2011 06:14, schrieb fieldpeak:
Hello Friends,
I met a issue regarding password/authentication with FreeRadius, Could anybody help for the issue, Thanks!
User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
The details in below mails.
Regards, Charles
Forwarded conversation Subject: *Authentication failure issue* ------------------------
From: *fieldpeak* <fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>> Date: 2011/8/4 To: freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>
Dear Friends,
I'm trying integrate Freeswitch with Freeradius, I met below issue, can anyone help, thanks in adance.
Freeradius server log:
rad_recv: Access-Request packet from host 127.0.0.1 port 52684, id=49, length=111 User-Name = "1001" User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002" Called-Station-Id = "888" h323-conf-id = "749d2b5a-16ad-48e4-af58- 24011949d1b5" Calling-Station-Id = "1001" NAS-Port = 0 NAS-IP-Address = 127.0.0.1 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 <http://127.0.0.1/auth-detail-20110803> [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 <http://127.0.0.1/auth-detail-20110803> [auth_log] expand: %t -> Wed Aug 3 12:06:33 2011 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "1001", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} -> 1001 [sql] sql_set_user escaped user --> '1001' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1001' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1001' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 [sql] User 1001 not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 1001 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 49 to 127.0.0.1 port 52684 Waking up in 4.9 seconds. Cleaning up request 8 ID 49 with timestamp +7674 Ready to process requests. WARNING! No "known good" password found for the user
Regards, Charles
---------- From: *fieldpeak* <fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>> Date: 2011/8/4 To: freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>
Hello Gurus,
I've double checked the shared secret on both server and NAS are the same, the problem still exist, it trouble me a few days, can anyone kindly help?
nas: /usr/local/etc/radiusclient/servers localhost/localhost testing123
server: /usr/local/etc/raddb/clients.conf secret = testing123
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
Hi Stefan, Sorry for the confusion, actullay i have checked both secret on both NAS and server sides, it is same. below is debug output, the confusion pasword "Q?²Êà ëê¢p?¤F?+Õa" is very suspecious, it should be '1111' that i configure in database. maybe i check the wrong conf files for secrect, below is files that i checked. is it correct? NAS: usr/local/etc/radiusclient/ servers localhost/localhost testing123 Server: /usr/local/etc/raddb/clients.conf secret = testing123 debug output: Found Auth-Type = PAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "Q?²Êà ëê¢p?¤F?+Õa" [pap] Using clear text password "1111" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 1001 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 38 for 1 seconds Regards, Charles 2011/8/5 Stefan Winter <stefan.winter@restena.lu>
Hello,
while you marked lots of stuff in yellow, you missed the REALLY helpful part:
"WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!"
How about doing exactly that...?
Stefan Winter
Am 05.08.2011 06:14, schrieb fieldpeak:
Hello Friends,
I met a issue regarding password/authentication with FreeRadius, Could anybody help for the issue, Thanks!
User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
The details in below mails.
Regards, Charles
Forwarded conversation Subject: *Authentication failure issue* ------------------------
From: *fieldpeak* <fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>> Date: 2011/8/4 To: freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>
Dear Friends,
I'm trying integrate Freeswitch with Freeradius, I met below issue, can anyone help, thanks in adance.
Freeradius server log:
rad_recv: Access-Request packet from host 127.0.0.1 port 52684, id=49, length=111 User-Name = "1001" User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002" Called-Station-Id = "888" h323-conf-id = "749d2b5a-16ad-48e4-af58- 24011949d1b5" Calling-Station-Id = "1001" NAS-Port = 0 NAS-IP-Address = 127.0.0.1 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 <http://127.0.0.1/auth-detail-20110803> [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 <http://127.0.0.1/auth-detail-20110803> [auth_log] expand: %t -> Wed Aug 3 12:06:33 2011 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "1001", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} -> 1001 [sql] sql_set_user escaped user --> '1001' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1001' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1001' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 [sql] User 1001 not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 1001 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 49 to 127.0.0.1 port 52684 Waking up in 4.9 seconds. Cleaning up request 8 ID 49 with timestamp +7674 Ready to process requests. WARNING! No "known good" password found for the user
Regards, Charles
---------- From: *fieldpeak* <fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>> Date: 2011/8/4 To: freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>
Hello Gurus,
I've double checked the shared secret on both server and NAS are the same, the problem still exist, it trouble me a few days, can anyone kindly help?
nas: /usr/local/etc/radiusclient/servers localhost/localhost testing123
server: /usr/local/etc/raddb/clients.conf secret = testing123
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg
Tel: +352 424409 1 Fax: +352 422473
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, if the password is mangled that way, there is not much other reason than a misconfigured shared secret. I can't tell you which config file exactly does what on your system; that depends on the configure settings you used to install FreeRADIUS, and on where and how you installed the NAS stuff with radiusclient. You could post a *full* debug output of radiusd -X, *including* what's printed on server startup - it will print out which files it reads for its configuration. Stefan Am 05.08.2011 10:21, schrieb fieldpeak:
Hi Stefan,
Sorry for the confusion, actullay i have checked both secret on both NAS and server sides, it is same. below is debug output, the confusion pasword "Q?²Êà ëê¢p?¤F?+Õa" is very suspecious, it should be '1111' that i configure in database. maybe i check the wrong conf files for secrect, below is files that i checked. is it correct? NAS: usr/local/etc/radiusclient/ servers localhost/localhost testing123
Server: /usr/local/etc/raddb/clients.conf secret = testing123
debug output:
Found Auth-Type = PAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "Q?²Êà ëê¢p?¤F?+Õa" [pap] Using clear text password "1111" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 1001 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 38 for 1 seconds
Regards, Charles
2011/8/5 Stefan Winter <stefan.winter@restena.lu <mailto:stefan.winter@restena.lu>>
Hello,
while you marked lots of stuff in yellow, you missed the REALLY helpful part:
"WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!"
How about doing exactly that...?
Stefan Winter
Am 05.08.2011 06:14, schrieb fieldpeak: > Hello Friends, > > I met a issue regarding password/authentication with FreeRadius, Could > anybody help for the issue, Thanks! > > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002" > > [pap] WARNING! No "known good" password found for the user. > Authentication may fail because of this. > ++[pap] returns noop > ERROR: No authenticate method (Auth-Type) found for the request: > Rejecting the user > > The details in below mails. > > Regards, > Charles > > Forwarded conversation > Subject: *Authentication failure issue* > ------------------------ > > From: *fieldpeak* <fieldpeak@gmail.com <mailto:fieldpeak@gmail.com> <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>>> > Date: 2011/8/4 > To: freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>> > > > Dear Friends, > > I'm trying integrate Freeswitch with Freeradius, I met below issue, > can anyone help, thanks in adance. > > Freeradius server log: > > rad_recv: Access-Request packet from host 127.0.0.1 port 52684, id=49, > length=111 > User-Name = "1001" > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002" > Called-Station-Id = "888" > h323-conf-id = "749d2b5a-16ad-48e4-af58- > 24011949d1b5" > Calling-Station-Id = "1001" > NAS-Port = 0 > NAS-IP-Address = 127.0.0.1 > # Executing section authorize from file > /usr/local/etc/raddb/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > [auth_log] expand: > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > -> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 <http://127.0.0.1/auth-detail-20110803> > <http://127.0.0.1/auth-detail-20110803> > [auth_log] > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > expands to > /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 <http://127.0.0.1/auth-detail-20110803> > <http://127.0.0.1/auth-detail-20110803> > [auth_log] expand: %t -> Wed Aug 3 12:06:33 2011 > ++[auth_log] returns ok > ++[chap] returns noop > ++[mschap] returns noop > ++[digest] returns noop > [suffix] No '@' in User-Name = "1001", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] No EAP-Message, not doing EAP > ++[eap] returns noop > ++[unix] returns notfound > ++[files] returns noop > [sql] expand: %{User-Name} -> 1001 > [sql] sql_set_user escaped user --> '1001' > rlm_sql (sql): Reserving sql socket id: 4 > [sql] expand: SELECT id, username, attribute, value, op > FROM radcheck WHERE username = '%{SQL-User-Name}' > ORDER BY id -> SELECT id, username, attribute, value, op > FROM radcheck WHERE username = '1001' ORDER BY id > [sql] expand: SELECT groupname FROM radusergroup > WHERE username = '%{SQL-User-Name}' ORDER BY priority -> > SELECT groupname FROM radusergroup WHERE username > = '1001' ORDER BY priority > rlm_sql (sql): Released sql socket id: 4 > [sql] User 1001 not found > ++[sql] returns notfound > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING! No "known good" password found for the user. > Authentication may fail because of this. > ++[pap] returns noop > ERROR: No authenticate method (Auth-Type) found for the request: > Rejecting the user > Failed to authenticate the user. > WARNING: Unprintable characters in the password. Double-check > the shared secret on the server and the NAS! > Using Post-Auth-Type Reject > # Executing group from file /usr/local/etc/raddb/sites-enabled/default > +- entering group REJECT {...} > [attr_filter.access_reject] expand: %{User-Name} -> 1001 > attr_filter: Matched entry DEFAULT at line 11 > ++[attr_filter.access_reject] returns updated > Delaying reject of request 8 for 1 seconds > Going to the next request > Waking up in 0.9 seconds. > Sending delayed reject for request 8 > Sending Access-Reject of id 49 to 127.0.0.1 port 52684 > Waking up in 4.9 seconds. > Cleaning up request 8 ID 49 with timestamp +7674 > Ready to process requests. > WARNING! No "known good" password found for the user > > Regards, > Charles > > ---------- > From: *fieldpeak* <fieldpeak@gmail.com <mailto:fieldpeak@gmail.com> <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>>> > Date: 2011/8/4 > To: freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>> > > > Hello Gurus, > > I've double checked the shared secret on both server and NAS are the > same, the problem still exist, it trouble me a few days, can anyone > kindly help? > > nas: > /usr/local/etc/radiusclient/servers > localhost/localhost testing123 > > server: > /usr/local/etc/raddb/clients.conf > secret = testing123 > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg
Tel: +352 424409 1 Fax: +352 422473
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
Hi Stefan, Attached is the fully log from FreeRadius start, i tried to identify it myself however i'm new comer to FR, can you please advise, thanks a lot! Regards, Charles 2011/8/5 Stefan Winter <stefan.winter@restena.lu>
Hi,
if the password is mangled that way, there is not much other reason than a misconfigured shared secret.
I can't tell you which config file exactly does what on your system; that depends on the configure settings you used to install FreeRADIUS, and on where and how you installed the NAS stuff with radiusclient.
You could post a *full* debug output of radiusd -X, *including* what's printed on server startup - it will print out which files it reads for its configuration.
Stefan
Am 05.08.2011 10:21, schrieb fieldpeak:
Hi Stefan,
Sorry for the confusion, actullay i have checked both secret on both NAS and server sides, it is same. below is debug output, the confusion pasword "Q?²Êà ëê¢p?¤F?+Õa" is very suspecious, it should be '1111' that i configure in database. maybe i check the wrong conf files for secrect, below is files that i checked. is it correct? NAS: usr/local/etc/radiusclient/ servers localhost/localhost testing123
Server: /usr/local/etc/raddb/clients.conf secret = testing123
debug output:
Found Auth-Type = PAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "Q?²Êà ëê¢p?¤F?+Õa" [pap] Using clear text password "1111" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 1001 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 38 for 1 seconds
Regards, Charles
2011/8/5 Stefan Winter <stefan.winter@restena.lu <mailto:stefan.winter@restena.lu>>
Hello,
while you marked lots of stuff in yellow, you missed the REALLY helpful part:
"WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!"
How about doing exactly that...?
Stefan Winter
Am 05.08.2011 06:14, schrieb fieldpeak: > Hello Friends, > > I met a issue regarding password/authentication with FreeRadius, Could > anybody help for the issue, Thanks! > > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002" > > [pap] WARNING! No "known good" password found for the user. > Authentication may fail because of this. > ++[pap] returns noop > ERROR: No authenticate method (Auth-Type) found for the request: > Rejecting the user > > The details in below mails. > > Regards, > Charles > > Forwarded conversation > Subject: *Authentication failure issue* > ------------------------ > > From: *fieldpeak* <fieldpeak@gmail.com <mailto:fieldpeak@gmail.com> <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>>> > Date: 2011/8/4 > To: freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>> > > > Dear Friends, > > I'm trying integrate Freeswitch with Freeradius, I met below issue, > can anyone help, thanks in adance. > > Freeradius server log: > > rad_recv: Access-Request packet from host 127.0.0.1 port 52684, id=49, > length=111 > User-Name = "1001" > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002" > Called-Station-Id = "888" > h323-conf-id = "749d2b5a-16ad-48e4-af58- > 24011949d1b5" > Calling-Station-Id = "1001" > NAS-Port = 0 > NAS-IP-Address = 127.0.0.1 > # Executing section authorize from file > /usr/local/etc/raddb/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > [auth_log] expand: >
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> -> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 <http://127.0.0.1/auth-detail-20110803> > <http://127.0.0.1/auth-detail-20110803> > [auth_log] >
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to > /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 <http://127.0.0.1/auth-detail-20110803> > <http://127.0.0.1/auth-detail-20110803> > [auth_log] expand: %t -> Wed Aug 3 12:06:33 2011 > ++[auth_log] returns ok > ++[chap] returns noop > ++[mschap] returns noop > ++[digest] returns noop > [suffix] No '@' in User-Name = "1001", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] No EAP-Message, not doing EAP > ++[eap] returns noop > ++[unix] returns notfound > ++[files] returns noop > [sql] expand: %{User-Name} -> 1001 > [sql] sql_set_user escaped user --> '1001' > rlm_sql (sql): Reserving sql socket id: 4 > [sql] expand: SELECT id, username, attribute, value, op > FROM radcheck WHERE username = '%{SQL-User-Name}' > ORDER BY id -> SELECT id, username, attribute, value, op > FROM radcheck WHERE username = '1001' ORDER BY id > [sql] expand: SELECT groupname FROM radusergroup > WHERE username = '%{SQL-User-Name}' ORDER BY priority -> > SELECT groupname FROM radusergroup WHERE username > = '1001' ORDER BY priority > rlm_sql (sql): Released sql socket id: 4 > [sql] User 1001 not found > ++[sql] returns notfound > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING! No "known good" password found for the user. > Authentication may fail because of this. > ++[pap] returns noop > ERROR: No authenticate method (Auth-Type) found for the request: > Rejecting the user > Failed to authenticate the user. > WARNING: Unprintable characters in the password. Double-check > the shared secret on the server and the NAS! > Using Post-Auth-Type Reject > # Executing group from file /usr/local/etc/raddb/sites-enabled/default > +- entering group REJECT {...} > [attr_filter.access_reject] expand: %{User-Name} -> 1001 > attr_filter: Matched entry DEFAULT at line 11 > ++[attr_filter.access_reject] returns updated > Delaying reject of request 8 for 1 seconds > Going to the next request > Waking up in 0.9 seconds. > Sending delayed reject for request 8 > Sending Access-Reject of id 49 to 127.0.0.1 port 52684 > Waking up in 4.9 seconds. > Cleaning up request 8 ID 49 with timestamp +7674 > Ready to process requests. > WARNING! No "known good" password found for the user > > Regards, > Charles > > ---------- > From: *fieldpeak* <fieldpeak@gmail.com <mailto:fieldpeak@gmail.com> <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>>> > Date: 2011/8/4 > To: freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>> > > > Hello Gurus, > > I've double checked the shared secret on both server and NAS are
the
> same, the problem still exist, it trouble me a few days, can anyone > kindly help? > > nas: > /usr/local/etc/radiusclient/servers > localhost/localhost testing123 > > server: > /usr/local/etc/raddb/clients.conf > secret = testing123 > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg
Tel: +352 424409 1 Fax: +352 422473
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg
Tel: +352 424409 1 Fax: +352 422473
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, your FreeRADIUS Server reads the clients from this file: including configuration file /usr/local/etc/raddb/clients.conf which is what you edited - good. Now you have to check where radiusclient reads its secret from. Can't help you with that. Stefan Am 05.08.2011 11:09, schrieb fieldpeak:
Hi Stefan,
Attached is the fully log from FreeRadius start, i tried to identify it myself however i'm new comer to FR, can you please advise, thanks a lot!
Regards, Charles
2011/8/5 Stefan Winter <stefan.winter@restena.lu <mailto:stefan.winter@restena.lu>>
Hi,
if the password is mangled that way, there is not much other reason than a misconfigured shared secret.
I can't tell you which config file exactly does what on your system; that depends on the configure settings you used to install FreeRADIUS, and on where and how you installed the NAS stuff with radiusclient.
You could post a *full* debug output of radiusd -X, *including* what's printed on server startup - it will print out which files it reads for its configuration.
Stefan
Am 05.08.2011 10:21, schrieb fieldpeak: > Hi Stefan, > > Sorry for the confusion, actullay i have checked both secret on both > NAS and server sides, it is same. > below is debug output, the confusion pasword "Q?²Êà > ëê¢p?¤F?+Õa" is very suspecious, it should be '1111' that i > configure in database. > maybe i check the wrong conf files for secrect, below is files that i > checked. is it correct? > NAS: > usr/local/etc/radiusclient/ > servers > localhost/localhost testing123 > > Server: > /usr/local/etc/raddb/clients.conf > secret = testing123 > > > debug output: > > Found Auth-Type = PAP > # Executing group from file /usr/local/etc/raddb/sites-enabled/default > +- entering group PAP {...} > [pap] login attempt with password "Q?²Êà ëê¢p?¤F?+Õa" > [pap] Using clear text password "1111" > [pap] Passwords don't match > ++[pap] returns reject > Failed to authenticate the user. > WARNING: Unprintable characters in the password. Double-check the > shared secret on the server and the NAS! > Using Post-Auth-Type Reject > # Executing group from file /usr/local/etc/raddb/sites-enabled/default > +- entering group REJECT {...} > [attr_filter.access_reject] expand: %{User-Name} -> 1001 > attr_filter: Matched entry DEFAULT at line 11 > ++[attr_filter.access_reject] returns updated > Delaying reject of request 38 for 1 seconds > > > Regards, > Charles > > 2011/8/5 Stefan Winter <stefan.winter@restena.lu <mailto:stefan.winter@restena.lu> > <mailto:stefan.winter@restena.lu <mailto:stefan.winter@restena.lu>>> > > Hello, > > while you marked lots of stuff in yellow, you missed the REALLY > helpful > part: > > "WARNING: Unprintable characters in the password. Double-check > the shared secret on the server and the NAS!" > > How about doing exactly that...? > > Stefan Winter > > > Am 05.08.2011 06:14, schrieb fieldpeak: > > Hello Friends, > > > > I met a issue regarding password/authentication with FreeRadius, > Could > > anybody help for the issue, Thanks! > > > > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002" > > > > [pap] WARNING! No "known good" password found for the user. > > Authentication may fail because of this. > > ++[pap] returns noop > > ERROR: No authenticate method (Auth-Type) found for the request: > > Rejecting the user > > > > The details in below mails. > > > > Regards, > > Charles > > > > Forwarded conversation > > Subject: *Authentication failure issue* > > ------------------------ > > > > From: *fieldpeak* <fieldpeak@gmail.com <mailto:fieldpeak@gmail.com> > <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>> <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com> > <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>>>> > > Date: 2011/8/4 > > To: freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>> > > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>>> > > > > > > Dear Friends, > > > > I'm trying integrate Freeswitch with Freeradius, I met below issue, > > can anyone help, thanks in adance. > > > > Freeradius server log: > > > > rad_recv: Access-Request packet from host 127.0.0.1 port 52684, > id=49, > > length=111 > > User-Name = "1001" > > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002" > > Called-Station-Id = "888" > > h323-conf-id = "749d2b5a-16ad-48e4-af58- > > 24011949d1b5" > > Calling-Station-Id = "1001" > > NAS-Port = 0 > > NAS-IP-Address = 127.0.0.1 > > # Executing section authorize from file > > /usr/local/etc/raddb/sites-enabled/default > > +- entering group authorize {...} > > ++[preprocess] returns ok > > [auth_log] expand: > > > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > > -> > /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 <http://127.0.0.1/auth-detail-20110803> > <http://127.0.0.1/auth-detail-20110803> > > <http://127.0.0.1/auth-detail-20110803> > > [auth_log] > > > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d > > expands to > > /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 <http://127.0.0.1/auth-detail-20110803> > <http://127.0.0.1/auth-detail-20110803> > > <http://127.0.0.1/auth-detail-20110803> > > [auth_log] expand: %t -> Wed Aug 3 12:06:33 2011 > > ++[auth_log] returns ok > > ++[chap] returns noop > > ++[mschap] returns noop > > ++[digest] returns noop > > [suffix] No '@' in User-Name = "1001", looking up realm NULL > > [suffix] No such realm "NULL" > > ++[suffix] returns noop > > [eap] No EAP-Message, not doing EAP > > ++[eap] returns noop > > ++[unix] returns notfound > > ++[files] returns noop > > [sql] expand: %{User-Name} -> 1001 > > [sql] sql_set_user escaped user --> '1001' > > rlm_sql (sql): Reserving sql socket id: 4 > > [sql] expand: SELECT id, username, attribute, value, op > > FROM radcheck WHERE username = '%{SQL-User-Name}' > > ORDER BY id -> SELECT id, username, attribute, value, op > > FROM radcheck WHERE username = '1001' ORDER BY id > > [sql] expand: SELECT groupname FROM radusergroup > > WHERE username = '%{SQL-User-Name}' ORDER BY priority -> > > SELECT groupname FROM radusergroup WHERE username > > = '1001' ORDER BY priority > > rlm_sql (sql): Released sql socket id: 4 > > [sql] User 1001 not found > > ++[sql] returns notfound > > ++[expiration] returns noop > > ++[logintime] returns noop > > [pap] WARNING! No "known good" password found for the user. > > Authentication may fail because of this. > > ++[pap] returns noop > > ERROR: No authenticate method (Auth-Type) found for the request: > > Rejecting the user > > Failed to authenticate the user. > > WARNING: Unprintable characters in the password. Double-check > > the shared secret on the server and the NAS! > > Using Post-Auth-Type Reject > > # Executing group from file > /usr/local/etc/raddb/sites-enabled/default > > +- entering group REJECT {...} > > [attr_filter.access_reject] expand: %{User-Name} -> 1001 > > attr_filter: Matched entry DEFAULT at line 11 > > ++[attr_filter.access_reject] returns updated > > Delaying reject of request 8 for 1 seconds > > Going to the next request > > Waking up in 0.9 seconds. > > Sending delayed reject for request 8 > > Sending Access-Reject of id 49 to 127.0.0.1 port 52684 > > Waking up in 4.9 seconds. > > Cleaning up request 8 ID 49 with timestamp +7674 > > Ready to process requests. > > WARNING! No "known good" password found for the user > > > > Regards, > > Charles > > > > ---------- > > From: *fieldpeak* <fieldpeak@gmail.com <mailto:fieldpeak@gmail.com> > <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>> <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com> > <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>>>> > > Date: 2011/8/4 > > To: freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>> > > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>>> > > > > > > Hello Gurus, > > > > I've double checked the shared secret on both server and NAS are the > > same, the problem still exist, it trouble me a few days, can anyone > > kindly help? > > > > nas: > > /usr/local/etc/radiusclient/servers > > localhost/localhost testing123 > > > > server: > > /usr/local/etc/raddb/clients.conf > > secret = testing123 > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > -- > Stefan WINTER > Ingenieur de Recherche > Fondation RESTENA - Réseau Téléinformatique de l'Education > Nationale et de la Recherche > 6, rue Richard Coudenhove-Kalergi > L-1359 Luxembourg > > Tel: +352 424409 1 > Fax: +352 422473 > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg
Tel: +352 424409 1 Fax: +352 422473
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
Stefan & Alan, Great! The issue was resolved by re-correcting the secret of program on NAS... Apprecited very much for your dedicated help!! :) Regards, Charles 2011/8/5 Stefan Winter <stefan.winter@restena.lu>
Hi,
your FreeRADIUS Server reads the clients from this file:
including configuration file /usr/local/etc/raddb/clients.conf
which is what you edited - good. Now you have to check where radiusclient reads its secret from. Can't help you with that.
Stefan
Am 05.08.2011 11:09, schrieb fieldpeak:
Hi Stefan,
Attached is the fully log from FreeRadius start, i tried to identify it myself however i'm new comer to FR, can you please advise, thanks a lot!
Regards, Charles
2011/8/5 Stefan Winter <stefan.winter@restena.lu <mailto:stefan.winter@restena.lu>>
Hi,
if the password is mangled that way, there is not much other reason than a misconfigured shared secret.
I can't tell you which config file exactly does what on your system; that depends on the configure settings you used to install FreeRADIUS, and on where and how you installed the NAS stuff with radiusclient.
You could post a *full* debug output of radiusd -X, *including* what's printed on server startup - it will print out which files it reads for its configuration.
Stefan
Am 05.08.2011 10:21, schrieb fieldpeak: > Hi Stefan, > > Sorry for the confusion, actullay i have checked both secret on both > NAS and server sides, it is same. > below is debug output, the confusion pasword "Q?²Êà > ëê¢p?¤F?+Õa" is very suspecious, it should be '1111' that i > configure in database. > maybe i check the wrong conf files for secrect, below is files that i > checked. is it correct? > NAS: > usr/local/etc/radiusclient/ > servers > localhost/localhost testing123 > > Server: > /usr/local/etc/raddb/clients.conf > secret = testing123 > > > debug output: > > Found Auth-Type = PAP > # Executing group from file /usr/local/etc/raddb/sites-enabled/default > +- entering group PAP {...} > [pap] login attempt with password "Q?²Êà ëê¢p?¤F?+Õa" > [pap] Using clear text password "1111" > [pap] Passwords don't match > ++[pap] returns reject > Failed to authenticate the user. > WARNING: Unprintable characters in the password. Double-check the > shared secret on the server and the NAS! > Using Post-Auth-Type Reject > # Executing group from file /usr/local/etc/raddb/sites-enabled/default > +- entering group REJECT {...} > [attr_filter.access_reject] expand: %{User-Name} -> 1001 > attr_filter: Matched entry DEFAULT at line 11 > ++[attr_filter.access_reject] returns updated > Delaying reject of request 38 for 1 seconds > > > Regards, > Charles > > 2011/8/5 Stefan Winter <stefan.winter@restena.lu <mailto:stefan.winter@restena.lu> > <mailto:stefan.winter@restena.lu <mailto:stefan.winter@restena.lu
> > Hello, > > while you marked lots of stuff in yellow, you missed the REALLY > helpful > part: > > "WARNING: Unprintable characters in the password. Double-check > the shared secret on the server and the NAS!" > > How about doing exactly that...? > > Stefan Winter > > > Am 05.08.2011 06:14, schrieb fieldpeak: > > Hello Friends, > > > > I met a issue regarding password/authentication with FreeRadius, > Could > > anybody help for the issue, Thanks! > > > > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002" > > > > [pap] WARNING! No "known good" password found for the user. > > Authentication may fail because of this. > > ++[pap] returns noop > > ERROR: No authenticate method (Auth-Type) found for the request: > > Rejecting the user > > > > The details in below mails. > > > > Regards, > > Charles > > > > Forwarded conversation > > Subject: *Authentication failure issue* > > ------------------------ > > > > From: *fieldpeak* <fieldpeak@gmail.com <mailto:fieldpeak@gmail.com> > <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>> <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com> > <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>>>> > > Date: 2011/8/4 > > To: freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>> > > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>>> > > > > > > Dear Friends, > > > > I'm trying integrate Freeswitch with Freeradius, I met below issue, > > can anyone help, thanks in adance. > > > > Freeradius server log: > > > > rad_recv: Access-Request packet from host 127.0.0.1 port 52684, > id=49, > > length=111 > > User-Name = "1001" > > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002" > > Called-Station-Id = "888" > > h323-conf-id = "749d2b5a-16ad-48e4-af58- > > 24011949d1b5" > > Calling-Station-Id = "1001" > > NAS-Port = 0 > > NAS-IP-Address = 127.0.0.1 > > # Executing section authorize from file > > /usr/local/etc/raddb/sites-enabled/default > > +- entering group authorize {...} > > ++[preprocess] returns ok > > [auth_log] expand: > > >
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> > -> > /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 <http://127.0.0.1/auth-detail-20110803> > <http://127.0.0.1/auth-detail-20110803> > > <http://127.0.0.1/auth-detail-20110803> > > [auth_log] > > >
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> > expands to > > /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803 <http://127.0.0.1/auth-detail-20110803> > <http://127.0.0.1/auth-detail-20110803> > > <http://127.0.0.1/auth-detail-20110803> > > [auth_log] expand: %t -> Wed Aug 3 12:06:33 2011 > > ++[auth_log] returns ok > > ++[chap] returns noop > > ++[mschap] returns noop > > ++[digest] returns noop > > [suffix] No '@' in User-Name = "1001", looking up realm NULL > > [suffix] No such realm "NULL" > > ++[suffix] returns noop > > [eap] No EAP-Message, not doing EAP > > ++[eap] returns noop > > ++[unix] returns notfound > > ++[files] returns noop > > [sql] expand: %{User-Name} -> 1001 > > [sql] sql_set_user escaped user --> '1001' > > rlm_sql (sql): Reserving sql socket id: 4 > > [sql] expand: SELECT id, username, attribute, value, op > > FROM radcheck WHERE username = '%{SQL-User-Name}' > > ORDER BY id -> SELECT id, username, attribute, value, op > > FROM radcheck WHERE username = '1001' ORDER BY id > > [sql] expand: SELECT groupname FROM radusergroup > > WHERE username = '%{SQL-User-Name}' ORDER BY priority -> > > SELECT groupname FROM radusergroup WHERE username > > = '1001' ORDER BY priority > > rlm_sql (sql): Released sql socket id: 4 > > [sql] User 1001 not found > > ++[sql] returns notfound > > ++[expiration] returns noop > > ++[logintime] returns noop > > [pap] WARNING! No "known good" password found for the user. > > Authentication may fail because of this. > > ++[pap] returns noop > > ERROR: No authenticate method (Auth-Type) found for the request: > > Rejecting the user > > Failed to authenticate the user. > > WARNING: Unprintable characters in the password. Double-check > > the shared secret on the server and the NAS! > > Using Post-Auth-Type Reject > > # Executing group from file > /usr/local/etc/raddb/sites-enabled/default > > +- entering group REJECT {...} > > [attr_filter.access_reject] expand: %{User-Name} -> 1001 > > attr_filter: Matched entry DEFAULT at line 11 > > ++[attr_filter.access_reject] returns updated > > Delaying reject of request 8 for 1 seconds > > Going to the next request > > Waking up in 0.9 seconds. > > Sending delayed reject for request 8 > > Sending Access-Reject of id 49 to 127.0.0.1 port 52684 > > Waking up in 4.9 seconds. > > Cleaning up request 8 ID 49 with timestamp +7674 > > Ready to process requests. > > WARNING! No "known good" password found for the user > > > > Regards, > > Charles > > > > ---------- > > From: *fieldpeak* <fieldpeak@gmail.com <mailto:fieldpeak@gmail.com> > <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>> <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com> > <mailto:fieldpeak@gmail.com <mailto:fieldpeak@gmail.com>>>> > > Date: 2011/8/4 > > To: freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>> > > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > <mailto:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>>> > > > > > > Hello Gurus, > > > > I've double checked the shared secret on both server and NAS are the > > same, the problem still exist, it trouble me a few days, can anyone > > kindly help? > > > > nas: > > /usr/local/etc/radiusclient/servers > > localhost/localhost testing123 > > > > server: > > /usr/local/etc/raddb/clients.conf > > secret = testing123 > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > -- > Stefan WINTER > Ingenieur de Recherche > Fondation RESTENA - Réseau Téléinformatique de l'Education > Nationale et de la Recherche > 6, rue Richard Coudenhove-Kalergi > L-1359 Luxembourg > > Tel: +352 424409 1 > Fax: +352 422473 > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg
Tel: +352 424409 1 Fax: +352 422473
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg
Tel: +352 424409 1 Fax: +352 422473
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
incorrect shared secret...and the radius -X log will show that too - with info saying to check the shared secret I take it your radiusclient and freeradius are running on the same box - which is why you are only using 'localhost' in the NAS config and in the freeradius config? check your clients.conf on freeradius and your NAS config - ensure that you have no eg trailing whitespace (best practice is to use quotes for the string to ensure that doesnt catch you out you can also use one of the tools that comes with FreeRADIUS - eg 'radtest' to check that your FreeRADIUS is all okay eg radtest username password localhost 101 testing123 alan
participants (3)
-
Alan Buxey -
fieldpeak -
Stefan Winter