Password Scrambled - Shared Secrets Match
Hi All, I'm pulling my hair out on this on. I have setup freeradius as a package on pfsense (freeBSD) and when attempting to authenticate using the pppoe server built into free radius i get the below output: I have checked and double checked the shared secret and even set it to a single figure for the below test. What am I doing wrong??? Thanks in advance!! Tim rad_recv: Access-Request packet from host 192.168.1.254 port 23599, id=140, length=105 NAS-Identifier = "raph-firewall.local" NAS-Port = 1 NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "0023df8bf13c" Called-Station-Id = "*" User-Name = "tim" User-Password = "\376\211\001\214\030rOIT\246\225\327\333\3256\321" # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "tim", skipping NULL due to config. ++[suffix] returns noop [ntdomain] No '\' in User-Name = "tim", skipping NULL due to config. ++[ntdomain] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry tim at line 2 ++[files] returns ok rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair ++[daily] returns noop rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair ++[weekly] returns noop rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair ++[monthly] returns noop rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair ++[forever] returns noop rlm_checkval: Item Name: Calling-Station-Id, Value: 0023df8bf13c rlm_checkval: Could not find attribute named Calling-Station-Id in check pairs ++[checkval] returns notfound ++[expiration] returns noop
Tim Raphael wrote:
Hi All,
I'm pulling my hair out on this on. I have setup freeradius as a package on pfsense (freeBSD) and when attempting to authenticate using the pppoe server built into free radius i get the below output:
I have checked and double checked the shared secret and even set it to a single figure for the below test. What am I doing wrong???
The FreeBDS box isn't implementing RADIUS correctly. Or, you're not editing the secrets that the software is using. There really isn't much else that can go wrong. Alan DeKok.
On 31/05/12 15:52, Tim Raphael wrote:
Hi All,
I'm pulling my hair out on this on. I have setup freeradius as a package on pfsense (freeBSD) and when attempting to authenticate using the pppoe server built into free radius i get the below output:
I have checked and double checked the shared secret and even set it to a single figure for the below test. What am I doing wrong???
There are only two possibilites: 1. The shared secret is wrong, despite your efforts. Check you are editing the correct file, and that the client is matching the clients definition you think it is. 2. The NAS or your system have broken MD5 / crypto libraries.
Hi,
I'm pulling my hair out on this on. I have setup freeradius as a package on pfsense (freeBSD) and when attempting to authenticate using the pppoe server built into free radius i get the below output:
I have checked and double checked the shared secret and even set it to a single figure for the below test. What am I doing wrong???
you are checking the RIGHT shared secret on each system - and the right file on each system? (so many times someone has /etc/raddb/clients.conf and /usr/local/etc/raddb/clients.conf ....) alan
On Thu, May 31, 2012 at 04:34:54PM +0100, alan buxey wrote:
What am I doing wrong???
you are checking the RIGHT shared secret on each system - and the right file on each system?
(so many times someone has /etc/raddb/clients.conf and /usr/local/etc/raddb/clients.conf ....)
radiusd -X helps here of course (note about providing whole debug output to list, again...) - # radiusd -X FreeRADIUS Version 2.2.0, for host x86_64-pc-linux-gnu, built on Apr 13 2012 at 16:42:24 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /srv/radius/radiusd.conf including configuration file /srv/radius/local/localserver.conf including configuration file /srv/radius/proxy.conf including configuration file /srv/radius/clients.conf including files in directory /srv/radius/modules/ including configuration file /srv/radius/modules/acct_unique including configuration file /srv/radius/modules/mschap including configuration file /srv/radius/modules/files including configuration file /srv/radius/modules/uol_log including configuration file /srv/radius/modules/preprocess including configuration file /srv/radius/modules/sradutmp ... See where it's picking up clients.conf in at the top of the debug output. Then further down ... radiusd: #### Loading Clients #### client 127.0.0.1 { require_message_authenticator = no secret = "testing123" shortname = "localhost" nastype = "other" } ... etc. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
participants (5)
-
alan buxey -
Alan DeKok -
Matthew Newton -
Phil Mayers -
Tim Raphael