Hello, I am having problems with authentication. I chacked secret on NAS and on Radius server. Bouth are some but the radius is keep telling to check the secret. What could be worng or I am missing ? Thanks!!! This is configuration on nas. ##----- Activate RADIUS connection setProperty com.centile.connectors.aaa.watchdog.enable false setProperty com.centile.connectors.aaa radius setProperty com.centile.connectors.aaa.localserv intraswitch setProperty com.centile.connectors.aaa.localpass b (secret) setProperty com.centile.connectors.aaa.remotserv 1.2.3.4 setProperty com.centile.connectors.aaa.remotport 1812 setProperty com.centile.connectors.aaa.calltype any -- This is in cliente.cong client 212.13.228.58 { secret = b shortname = intraswitch nastype = cisco 1. Sample If I typed wrong pass in sql for user authentication I see password from user connection (12345) but it is wrong (12 in sql). In sample 2 I put right pass in sql for user, but you can see that is the radius is showing me that is encrypted and saying me WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! . why? 1. Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "12345" [pap] Using clear text password "12" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file 2. ap] returns noop [sql] expand: %{User-Name} -> 081609000 [sql] sql_set_user escaped user --> '081609000' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '081609000' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '081609000' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '081609000' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'static' ORDER BY id [sql] User found in group static [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'static' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "þqL?%" [pap] Using clear text password "12345" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 081609000 attr_filter: Matched entry DEFAULT at line 11 -- View this message in context: http://freeradius.1045715.n5.nabble.com/Help-authentication-problems-tp32936... Sent from the FreeRadius - User mailing list archive at Nabble.com.
miha- wrote:
I am having problems with authentication. I chacked secret on NAS and on Radius server. Bouth are some but the radius is keep telling to check the secret.
What could be worng or I am missing ?
The secret is wrong. Change it on *both* NAS and server to something simple, like "secret". If that still fails, you're not editing the configuration files that the server is reading. Alan DeKok.
participants (2)
-
Alan DeKok -
miha-