Good afternoon, I'm new in Radius and I have no clue what happens, can anybody help me? from the server in the command line works fine, from the wireless client get this one. Thanks Regards ad_recv: Access-Request packet from host 127.0.0.1 port 35226, id=0, length=200 User-Name = "mysqltest" User-Password = "O%:snv\nB\334Ξ\300H\035\235e" NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.5 Calling-Station-Id = "68-A3-C4-37-A2-59" Called-Station-Id = "08-00-27-26-2C-CD" NAS-Identifier = "nas01" Acct-Session-Id = "4f54a3d900000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x6fb3594ad7f0fad5aa33deab91da2216 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Mon Mar 5 12:36:33 2012 : Info: # Executing section authorize from file /etc/freeradius/radiusd.conf Mon Mar 5 12:36:33 2012 : Info: +- entering group authorize {...} Mon Mar 5 12:36:33 2012 : Info: ++[preprocess] returns ok Mon Mar 5 12:36:33 2012 : Info: ++[chap] returns noop Mon Mar 5 12:36:33 2012 : Info: ++[mschap] returns noop Mon Mar 5 12:36:33 2012 : Info: [suffix] No '@' in User-Name = "mysqltest", looking up realm NULL Mon Mar 5 12:36:33 2012 : Info: [suffix] No such realm "NULL" Mon Mar 5 12:36:33 2012 : Info: ++[suffix] returns noop Mon Mar 5 12:36:33 2012 : Info: [eap] No EAP-Message, not doing EAP Mon Mar 5 12:36:33 2012 : Info: ++[eap] returns noop Mon Mar 5 12:36:33 2012 : Info: [sql] expand: %{User-Name} -> mysqltest Mon Mar 5 12:36:33 2012 : Info: [sql] sql_set_user escaped user --> 'mysqltest' Mon Mar 5 12:36:33 2012 : Debug: rlm_sql (sql): Reserving sql socket id: 0 Mon Mar 5 12:36:33 2012 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'mysqltest' ORDER BY id Mon Mar 5 12:36:33 2012 : Info: [sql] User found in radcheck table Mon Mar 5 12:36:33 2012 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'mysqltest' ORDER BY id Mon Mar 5 12:36:33 2012 : Info: [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'mysqltest' ORDER BY priority Mon Mar 5 12:36:33 2012 : Debug: rlm_sql (sql): Released sql socket id: 0 Mon Mar 5 12:36:33 2012 : Info: ++[sql] returns ok Mon Mar 5 12:36:33 2012 : Info: ++[pap] returns updated Mon Mar 5 12:36:33 2012 : Info: Found Auth-Type = PAP Mon Mar 5 12:36:33 2012 : Info: # Executing group from file /etc/freeradius/radiusd.conf Mon Mar 5 12:36:33 2012 : Info: +- entering group PAP {...} Mon Mar 5 12:36:33 2012 : Info: [pap] login attempt with password "O%:snv B��?�H??e" Mon Mar 5 12:36:33 2012 : Info: [pap] Using clear text password "testsecret" Mon Mar 5 12:36:33 2012 : Info: [pap] Passwords don't match Mon Mar 5 12:36:33 2012 : Info: ++[pap] returns reject Mon Mar 5 12:36:33 2012 : Info: Failed to authenticate the user. Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Mon Mar 5 12:36:33 2012 : Info: Using Post-Auth-Type Reject Mon Mar 5 12:36:33 2012 : Info: # Executing group from file /etc/freeradius/sites-enabled/default Mon Mar 5 12:36:33 2012 : Info: +- entering group REJECT {...} Mon Mar 5 12:36:33 2012 : Info: [attr_filter.access_reject] expand: %{User-Name} -> mysqltest Mon Mar 5 12:36:33 2012 : Debug: attr_filter: Matched entry DEFAULT at line 11 Mon Mar 5 12:36:33 2012 : Info: ++[attr_filter.access_reject] returns updated Mon Mar 5 12:36:33 2012 : Info: Delaying reject of request 14 for 1 seconds Mon Mar 5 12:36:33 2012 : Debug: Going to the next request Mon Mar 5 12:36:33 2012 : Debug: Waking up in 0.9 seconds. Mon Mar 5 12:36:34 2012 : Info: Sending delayed reject for request 14 Sending Access-Reject of id 0 to 127.0.0.1 port 35226 Mon Mar 5 12:36:34 2012 : Debug: Waking up in 4.9 seconds. Mon Mar 5 12:36:39 2012 : Info: Cleaning up request 14 ID 0 with timestamp +3498 Mon Mar 5 12:36:39 2012 : Info: Ready to process requests. Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002
On 05/03/12 13:55, Javier Ruiz Escalante wrote:
Good afternoon,
I'm new in Radius and I have no clue what happens, can anybody help me? from the server in the command line works fine, from the wireless client get this one.
Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
This message should be clear, no?
Sorry, I have no idea which files to check despite the message is clear. Thanks in advance. Best regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002
Date: Mon, 5 Mar 2012 14:34:21 +0000 From: p.mayers@imperial.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: Authentification
On 05/03/12 13:55, Javier Ruiz Escalante wrote:
Good afternoon,
I'm new in Radius and I have no clue what happens, can anybody help me? from the server in the command line works fine, from the wireless client get this one.
Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
This message should be clear, no? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 5 Mar 2012, at 15:53, Javier Ruiz Escalante wrote: > > Sorry, > > I have no idea which files to check despite the message is clear. raddb/clients.conf and the configuration of your NAS. RADIUS uses pre-shared secret to encrypt parts of the packet and for authenticator hashes. The pre-shared secret is not the same in the clients.conf entry associated with your NAS and the RADIUS server configuration on your NAS, it needs to be, go make it the same :) -Arran > > Thanks in advance. > > Best regards > > > Javier Ruiz Escalante > Teléfono: 00 34 512 700 524 > > Skype: fruiz002 > > > > > Date: Mon, 5 Mar 2012 14:34:21 +0000 > > From: p.mayers@imperial.ac.uk > > To: freeradius-users@lists.freeradius.org > > Subject: Re: Authentification > > > > On 05/03/12 13:55, Javier Ruiz Escalante wrote: > > > Good afternoon, > > > > > > I'm new in Radius and I have no clue what happens, can anybody help me? > > > from the server in the command line works fine, from the wireless client > > > get this one. > > > > > > > > Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the > > > password. Double-check the shared secret on the server and the NAS! > > > > This message should be clear, no? > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudbardb@networkradius.com Technical consultant and solutions architect 15 Ave. du Granier, Meylan, France +33 4 69 66 54 50
Date: Mon, 5 Mar 2012 14:34:21 +0000 From: p.mayers@imperial.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: Authentification
On 05/03/12 13:55, Javier Ruiz Escalante wrote:
Good afternoon,
I'm new in Radius and I have no clue what happens, can anybody help me? from the server in the command line works fine, from the wireless client get this one.
Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
This message should be clear, no? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello, The secret is set in clients.conf, where has to be se also? Regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 From: a.cudbardb@freeradius.org Subject: Re: Double-check the shared secret on the server and the NAS! Date: Mon, 5 Mar 2012 16:10:37 +0100 To: freeradius-users@lists.freeradius.org On 5 Mar 2012, at 15:53, Javier Ruiz Escalante wrote: Sorry, I have no idea which files to check despite the message is clear. raddb/clients.conf and the configuration of your NAS. RADIUS uses pre-shared secret to encrypt parts of the packet and for authenticator hashes. The pre-shared secret is not the same in the clients.conf entry associated with your NAS and the RADIUS server configuration on your NAS, it needs to be, go make it the same :) -Arran Thanks in advance. Best regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudbardb@networkradius.com Technical consultant and solutions architect 15 Ave. du Granier, Meylan, France +33 4 69 66 54 50 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
In nas table in case you're using sql... On 5.3.2012 16:40, Javier Ruiz Escalante wrote:
Hello,
The secret is set in clients.conf, where has to be se also?
Regards
**
Javier Ruiz Escalante* * **Teléfono: *00 34 512 700 524 * Skype: fruiz002**
------------------------------------------------------------------------ From: a.cudbardb@freeradius.org Subject: Re: Double-check the shared secret on the server and the NAS! Date: Mon, 5 Mar 2012 16:10:37 +0100 To: freeradius-users@lists.freeradius.org
On 5 Mar 2012, at 15:53, Javier Ruiz Escalante wrote:
Sorry,
I have no idea which files to check despite the message is clear.
raddb/clients.conf and the configuration of your NAS. RADIUS uses pre-shared secret to encrypt parts of the packet and for authenticator hashes.
The pre-shared secret is not the same in the clients.conf entry associated with your NAS and the RADIUS server configuration on your NAS, it needs to be, go make it the same :)
-Arran
Thanks in advance.
Best regards **
Javier Ruiz Escalante* * **Teléfono:*00 34 512 700 524 * Skype: fruiz002**
> Date: Mon, 5 Mar 2012 14:34:21 +0000 > From:p.mayers@imperial.ac.uk <mailto:p.mayers@imperial.ac.uk> > To:freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > Subject: Re: Authentification > > On 05/03/12 13:55, Javier Ruiz Escalante wrote: > > Good afternoon, > > > > I'm new in Radius and I have no clue what happens, can anybody help me? > > from the server in the command line works fine, from the wireless client > > get this one. > > > > > Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the > > password. Double-check the shared secret on the server and the NAS! > > This message should be clear, no? > - > List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html
Arran Cudbard-Bell a.cudbardb@networkradius.com <mailto:a.cudbardb@networkradius.com>
Technical consultant and solutions architect
15 Ave. du Granier, Meylan, France +33 4 69 66 54 50
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm using SQL but there is no NAS table... Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 Date: Mon, 5 Mar 2012 16:49:03 +0100 From: mangia81@gmail.com To: freeradius-users@lists.freeradius.org Subject: Re: Double-check the shared secret on the server and the NAS! In nas table in case you're using sql... On 5.3.2012 16:40, Javier Ruiz Escalante wrote: Hello, The secret is set in clients.conf, where has to be se also? Regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 From: a.cudbardb@freeradius.org Subject: Re: Double-check the shared secret on the server and the NAS! Date: Mon, 5 Mar 2012 16:10:37 +0100 To: freeradius-users@lists.freeradius.org On 5 Mar 2012, at 15:53, Javier Ruiz Escalante wrote: Sorry, I have no idea which files to check despite the message is clear. raddb/clients.conf and the configuration of your NAS. RADIUS uses pre-shared secret to encrypt parts of the packet and for authenticator hashes. The pre-shared secret is not the same in the clients.conf entry associated with your NAS and the RADIUS server configuration on your NAS, it needs to be, go make it the same :) -Arran Thanks in advance. Best regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 > Date: Mon, 5 Mar 2012 14:34:21 +0000 > From: p.mayers@imperial.ac.uk > To: freeradius-users@lists.freeradius.org > Subject: Re: Authentification > > On 05/03/12 13:55, Javier Ruiz Escalante wrote: > > Good afternoon, > > > > I'm new in Radius and I have no clue what happens, can anybody help me? > > from the server in the command line works fine, from the wireless client > > get this one. > > > > > Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the > > password. Double-check the shared secret on the server and the NAS! > > This message should be clear, no? > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudbardb@networkradius.com Technical consultant and solutions architect 15 Ave. du Granier, Meylan, France +33 4 69 66 54 50 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Could it be the problem? # Table to keep radius client info nas_table = "nas" It makes reference to the "nas" table but there is no "nas" table in my sql database... If I uncomment the line "#readclients = yes" radius gives me an error. Regards and thanks Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 Date: Mon, 5 Mar 2012 16:49:03 +0100 From: mangia81@gmail.com To: freeradius-users@lists.freeradius.org Subject: Re: Double-check the shared secret on the server and the NAS! In nas table in case you're using sql... On 5.3.2012 16:40, Javier Ruiz Escalante wrote: Hello, The secret is set in clients.conf, where has to be se also? Regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 From: a.cudbardb@freeradius.org Subject: Re: Double-check the shared secret on the server and the NAS! Date: Mon, 5 Mar 2012 16:10:37 +0100 To: freeradius-users@lists.freeradius.org On 5 Mar 2012, at 15:53, Javier Ruiz Escalante wrote: Sorry, I have no idea which files to check despite the message is clear. raddb/clients.conf and the configuration of your NAS. RADIUS uses pre-shared secret to encrypt parts of the packet and for authenticator hashes. The pre-shared secret is not the same in the clients.conf entry associated with your NAS and the RADIUS server configuration on your NAS, it needs to be, go make it the same :) -Arran Thanks in advance. Best regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 > Date: Mon, 5 Mar 2012 14:34:21 +0000 > From: p.mayers@imperial.ac.uk > To: freeradius-users@lists.freeradius.org > Subject: Re: Authentification > > On 05/03/12 13:55, Javier Ruiz Escalante wrote: > > Good afternoon, > > > > I'm new in Radius and I have no clue what happens, can anybody help me? > > from the server in the command line works fine, from the wireless client > > get this one. > > > > > Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the > > password. Double-check the shared secret on the server and the NAS! > > This message should be clear, no? > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudbardb@networkradius.com Technical consultant and solutions architect 15 Ave. du Granier, Meylan, France +33 4 69 66 54 50 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello, Coonected to the eth1 I have my Mikrotik, and connected to the Mikrotik I have the computer via Wireless, can it be the Problem? thanks!! Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 Date: Mon, 5 Mar 2012 16:49:03 +0100 From: mangia81@gmail.com To: freeradius-users@lists.freeradius.org Subject: Re: Double-check the shared secret on the server and the NAS! In nas table in case you're using sql... On 5.3.2012 16:40, Javier Ruiz Escalante wrote: Hello, The secret is set in clients.conf, where has to be se also? Regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 From: a.cudbardb@freeradius.org Subject: Re: Double-check the shared secret on the server and the NAS! Date: Mon, 5 Mar 2012 16:10:37 +0100 To: freeradius-users@lists.freeradius.org On 5 Mar 2012, at 15:53, Javier Ruiz Escalante wrote: Sorry, I have no idea which files to check despite the message is clear. raddb/clients.conf and the configuration of your NAS. RADIUS uses pre-shared secret to encrypt parts of the packet and for authenticator hashes. The pre-shared secret is not the same in the clients.conf entry associated with your NAS and the RADIUS server configuration on your NAS, it needs to be, go make it the same :) -Arran Thanks in advance. Best regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 > Date: Mon, 5 Mar 2012 14:34:21 +0000 > From: p.mayers@imperial.ac.uk > To: freeradius-users@lists.freeradius.org > Subject: Re: Authentification > > On 05/03/12 13:55, Javier Ruiz Escalante wrote: > > Good afternoon, > > > > I'm new in Radius and I have no clue what happens, can anybody help me? > > from the server in the command line works fine, from the wireless client > > get this one. > > > > > Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the > > password. Double-check the shared secret on the server and the NAS! > > This message should be clear, no? > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudbardb@networkradius.com Technical consultant and solutions architect 15 Ave. du Granier, Meylan, France +33 4 69 66 54 50 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Javier Ruiz Escalante wrote:
Hello,
Coonected to the eth1 I have my Mikrotik, and connected to the Mikrotik I have the computer via Wireless, can it be the Problem?
You are asking too many questions. This usually indicates you're trying random things, rather than trying to understand the problem. The shared secret is in clients.conf. And on the NAS. It's that simple. Go re-enter them. Nothing else will fix the problem. Alan DeKok.
Sorry that I confuse you, I just wanted to give you more information just in case... It's clear for me that the secret has to be the same everywhere, but where do I write the secret in the NAS? the NAS is the AP connected to the Radius Server ethernet 1, is it the Wireless client? Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002
Date: Mon, 5 Mar 2012 17:47:23 +0100 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Double-check the shared secret on the server and the NAS!
Javier Ruiz Escalante wrote:
Hello,
Coonected to the eth1 I have my Mikrotik, and connected to the Mikrotik I have the computer via Wireless, can it be the Problem?
You are asking too many questions.
This usually indicates you're trying random things, rather than trying to understand the problem.
The shared secret is in clients.conf. And on the NAS. It's that simple. Go re-enter them. Nothing else will fix the problem.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Javier Ruiz Escalante wrote:
Sorry that I confuse you, I just wanted to give you more information just in case... It's clear for me that the secret has to be the same everywhere, but where do I write the secret in the NAS? the NAS is the AP connected to the Radius Server ethernet 1, is it the Wireless client?
It's the access point. Read it's documentation for how to configure it. Alan DeKok.
Hello, It's already working, the NAS is my Chillispot, and the problem was that the"UAMSECRET" wa commented... Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 Date: Mon, 5 Mar 2012 16:49:03 +0100 From: mangia81@gmail.com To: freeradius-users@lists.freeradius.org Subject: Re: Double-check the shared secret on the server and the NAS! In nas table in case you're using sql... On 5.3.2012 16:40, Javier Ruiz Escalante wrote: Hello, The secret is set in clients.conf, where has to be se also? Regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 From: a.cudbardb@freeradius.org Subject: Re: Double-check the shared secret on the server and the NAS! Date: Mon, 5 Mar 2012 16:10:37 +0100 To: freeradius-users@lists.freeradius.org On 5 Mar 2012, at 15:53, Javier Ruiz Escalante wrote: Sorry, I have no idea which files to check despite the message is clear. raddb/clients.conf and the configuration of your NAS. RADIUS uses pre-shared secret to encrypt parts of the packet and for authenticator hashes. The pre-shared secret is not the same in the clients.conf entry associated with your NAS and the RADIUS server configuration on your NAS, it needs to be, go make it the same :) -Arran Thanks in advance. Best regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 > Date: Mon, 5 Mar 2012 14:34:21 +0000 > From: p.mayers@imperial.ac.uk > To: freeradius-users@lists.freeradius.org > Subject: Re: Authentification > > On 05/03/12 13:55, Javier Ruiz Escalante wrote: > > Good afternoon, > > > > I'm new in Radius and I have no clue what happens, can anybody help me? > > from the server in the command line works fine, from the wireless client > > get this one. > > > > > Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the > > password. Double-check the shared secret on the server and the NAS! > > This message should be clear, no? > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudbardb@networkradius.com Technical consultant and solutions architect 15 Ave. du Granier, Meylan, France +33 4 69 66 54 50 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have no idea which files to check despite the message is clear.
Did you set up this server or did someone else? The NAS is a client to the freeRADIUS server, normally these are setup in clients.conf. Also, keep in mind that your password will be sent over the network as text and processed as text so using special characters that evaluate to keystrokes (like ^ + M) are likely to cause you trouble. Hence the unprintable warning. Jake Sallee Godfather of Bandwidth Network Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________ From: freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org [freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org] on behalf of Javier Ruiz Escalante [fruiz002@hotmail.com] Sent: Monday, March 05, 2012 8:53 AM To: freeradius-users@lists.freeradius.org Subject: Double-check the shared secret on the server and the NAS! Sorry, I have no idea which files to check despite the message is clear. Thanks in advance. Best regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002
Date: Mon, 5 Mar 2012 14:34:21 +0000 From: p.mayers@imperial.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: Authentification
On 05/03/12 13:55, Javier Ruiz Escalante wrote:
Good afternoon,
I'm new in Radius and I have no clue what happens, can anybody help me? from the server in the command line works fine, from the wireless client get this one.
Mon Mar 5 12:36:33 2012 : Debug: WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
This message should be clear, no? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, NOTE the section here:
User-Name = "mysqltest" User-Password = "O%:snv\nB\334Ξ\300H\035\235e"
And here
Mon Mar 5 12:36:33 2012 : Info: [pap] login attempt with password "O%:snv B��?�H??e" Mon Mar 5 12:36:33 2012 : Info: [pap] Using clear text password "testsecret" Mon Mar 5 12:36:33 2012 : Info: [pap] Passwords don't match
The password that the client is sending and the one listed in the DB are different. You will need to fix the client password or update the DB. --Ward -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authentification-tp5537600p5537725.h... Sent from the FreeRadius - User mailing list archive at Nabble.com.
Thank you very much, but the password is ""testsecret", I don't know why it shows this strange password, I don't know if it is related to the port 443, as in the server console is working perfectly with the password "testsecret" Thanks!! Regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002
Date: Mon, 5 Mar 2012 06:46:01 -0800 From: whopeman@vocollect.com To: freeradius-users@lists.freeradius.org Subject: Re: Authentification
Hi, NOTE the section here:
User-Name = "mysqltest" User-Password = "O%:snv\nB\334Ξ\300H\035\235e"
And here
Mon Mar 5 12:36:33 2012 : Info: [pap] login attempt with password "O%:snv B��?�H??e" Mon Mar 5 12:36:33 2012 : Info: [pap] Using clear text password "testsecret" Mon Mar 5 12:36:33 2012 : Info: [pap] Passwords don't match
The password that the client is sending and the one listed in the DB are different. You will need to fix the client password or update the DB.
--Ward
-- View this message in context: http://freeradius.1045715.n5.nabble.com/Authentification-tp5537600p5537725.h... Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can you paste the output of radiusd -X? Please dont use -XX, we dont need timestamps. Jake Sallee Godfather of Bandwidth Network Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________ From: freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org [freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org] on behalf of Javier Ruiz Escalante [fruiz002@hotmail.com] Sent: Monday, March 05, 2012 9:03 AM To: freeradius-users@lists.freeradius.org Subject: RE: Authentification Thank you very much, but the password is ""testsecret", I don't know why it shows this strange password, I don't know if it is related to the port 443, as in the server console is working perfectly with the password "testsecret" Thanks!! Regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002
Date: Mon, 5 Mar 2012 06:46:01 -0800 From: whopeman@vocollect.com To: freeradius-users@lists.freeradius.org Subject: Re: Authentification
Hi, NOTE the section here:
User-Name = "mysqltest" User-Password = "O%:snv\nB\334Ξ\300H\035\235e"
And here
Mon Mar 5 12:36:33 2012 : Info: [pap] login attempt with password "O%:snv B��?�H??e" Mon Mar 5 12:36:33 2012 : Info: [pap] Using clear text password "testsecret" Mon Mar 5 12:36:33 2012 : Info: [pap] Passwords don't match
The password that the client is sending and the one listed in the DB are different. You will need to fix the client password or update the DB.
--Ward
-- View this message in context: http://freeradius.1045715.n5.nabble.com/Authentification-tp5537600p5537725.h... Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Here we go,...
ncluding configuration file /etc/freeradius/sites-enabled/default
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "1107"
nastype = "other"
}
client 192.168.0.0/24 {
require_message_authenticator = no
secret = "1107"
shortname = "private-network-1"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.key"
certificate_file = "/etc/freeradius/certs/server.pem"
CA_file = "/etc/freeradius/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/freeradius/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/freeradius/modules/files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server { # from file /etc/freeradius/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_sql
Module: Instantiating module "sql" from file /etc/freeradius/sql.conf
sql {
driver = "rlm_sql_mysql"
server = "localhost"
port = ""
login = "root"
password = "1107"
radius_db = "radius"
read_groups = yes
sqltrace = no
sqltracefile = "/var/log/freeradius/sqltrace.sql"
readclients = no
deletestalesessions = yes
num_sql_socks = 5
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"
accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
detail {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
Javier Ruiz Escalante
Teléfono: 00 34 512 700 524
Skype: fruiz002
> From: Jake.Sallee@umhb.edu
> To: freeradius-users@lists.freeradius.org
> Subject: RE: Authentification
> Date: Mon, 5 Mar 2012 15:13:13 +0000
>
> Can you paste the output of radiusd -X? Please dont use -XX, we dont need timestamps.
>
> Jake Sallee
> Godfather of Bandwidth
> Network Engineer
> University of Mary Hardin-Baylor
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
> ________________________________
> From: freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org [freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org] on behalf of Javier Ruiz Escalante [fruiz002@hotmail.com]
> Sent: Monday, March 05, 2012 9:03 AM
> To: freeradius-users@lists.freeradius.org
> Subject: RE: Authentification
>
> Thank you very much, but the password is ""testsecret", I don't know why it shows this strange password, I don't know if it is related to the port 443, as in the server console is working perfectly with the password "testsecret"
>
> Thanks!!
>
> Regards
>
>
>
> Javier Ruiz Escalante
> Teléfono: 00 34 512 700 524
>
> Skype: fruiz002
>
>
>
> > Date: Mon, 5 Mar 2012 06:46:01 -0800
> > From: whopeman@vocollect.com
> > To: freeradius-users@lists.freeradius.org
> > Subject: Re: Authentification
> >
> > Hi,
> > NOTE the section here:
> >
> > > User-Name = "mysqltest"
> > > User-Password = "O%:snv\nB\334Ξ\300H\035\235e"
> >
> > And here
> >
> > > Mon Mar 5 12:36:33 2012 : Info: [pap] login attempt with password "O%:snv
> > > B��?�H??e"
> > > Mon Mar 5 12:36:33 2012 : Info: [pap] Using clear text password
> > > "testsecret"
> > > Mon Mar 5 12:36:33 2012 : Info: [pap] Passwords don't match
> >
> > The password that the client is sending and the one listed in the DB are
> > different. You will need to fix the client password or update the DB.
> >
> > --Ward
> >
> >
> > --
> > View this message in context: http://freeradius.1045715.n5.nabble.com/Authentification-tp5537600p5537725.html
> > Sent from the FreeRadius - User mailing list archive at Nabble.com.
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The password and the secret are two different things. When you set up FreeRadius you had to put a "secret = " line in the client clause for your NAS. You have to put that same secret in the NAS (don't ask us where, that depends on the NAS.) In your case your "NAS" is your AP or your LWAP/CWAP controller. The secret is used to encrypt sensitive fields in RADIUS packets. If it does not match on both ends, those fields look scrambled on the receiving end. ________________________________ From: freeradius-users-bounces+bjulin=clarku.edu@lists.freeradius.org [mailto:freeradius-users-bounces+bjulin=clarku.edu@lists.freeradius.org] On Behalf Of Javier Ruiz Escalante Sent: Monday, March 05, 2012 10:04 AM To: freeradius-users@lists.freeradius.org Subject: RE: Authentification Thank you very much, but the password is ""testsecret", I don't know why it shows this strange password, I don't know if it is related to the port 443, as in the server console is working perfectly with the password "testsecret" Thanks!! Regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002
Date: Mon, 5 Mar 2012 06:46:01 -0800 From: whopeman@vocollect.com To: freeradius-users@lists.freeradius.org Subject: Re: Authentification
Hi, NOTE the section here:
User-Name = "mysqltest" User-Password = "O%:snv\nB\334Ξ\300H\035\235e"
And here
Mon Mar 5 12:36:33 2012 : Info: [pap] login attempt with password "O%:snv B��?�H??e" Mon Mar 5 12:36:33 2012 : Info: [pap] Using clear text password "testsecret" Mon Mar 5 12:36:33 2012 : Info: [pap] Passwords don't match
The password that the client is sending and the one listed in the DB are different. You will need to fix the client password or update the DB.
--Ward
-- View this message in context: http://freeradius.1045715.n5.nabble.com/Authentification-tp5537600p5537725.h... Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 5 Mar 2012, at 16:03, Javier Ruiz Escalante wrote: > Thank you very much, but the password is ""testsecret", I don't know why it shows this strange password, I don't know if it is related to the port 443, as in the server console is working perfectly with the password "testsecret" > Because the RADIUS server cannot correctly decrypt the password that was encrypted with the shared secret, its showing the garbled incorrectly decrypted version. -Arran > Thanks!! > > Regards > > > > Javier Ruiz Escalante > Teléfono: 00 34 512 700 524 > > Skype: fruiz002 > > > > > Date: Mon, 5 Mar 2012 06:46:01 -0800 > > From: whopeman@vocollect.com > > To: freeradius-users@lists.freeradius.org > > Subject: Re: Authentification > > > > Hi, > > NOTE the section here: > > > > > User-Name = "mysqltest" > > > User-Password = "O%:snv\nB\334Ξ\300H\035\235e" > > > > And here > > > > > Mon Mar 5 12:36:33 2012 : Info: [pap] login attempt with password "O%:snv > > > B��?�H??e" > > > Mon Mar 5 12:36:33 2012 : Info: [pap] Using clear text password > > > "testsecret" > > > Mon Mar 5 12:36:33 2012 : Info: [pap] Passwords don't match > > > > The password that the client is sending and the one listed in the DB are > > different. You will need to fix the client password or update the DB. > > > > --Ward > > > > > > -- > > View this message in context: http://freeradius.1045715.n5.nabble.com/Authentification-tp5537600p5537725.html > > Sent from the FreeRadius - User mailing list archive at Nabble.com. > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudbardb@networkradius.com Technical consultant and solutions architect 15 Ave. du Granier, Meylan, France +33 4 69 66 54 50
Date: Mon, 5 Mar 2012 06:46:01 -0800 From: whopeman@vocollect.com To: freeradius-users@lists.freeradius.org Subject: Re: Authentification
Hi, NOTE the section here:
User-Name = "mysqltest" User-Password = "O%:snv\nB\334Ξ\300H\035\235e"
And here
Mon Mar 5 12:36:33 2012 : Info: [pap] login attempt with password "O%:snv B��?�H??e" Mon Mar 5 12:36:33 2012 : Info: [pap] Using clear text password "testsecret" Mon Mar 5 12:36:33 2012 : Info: [pap] Passwords don't match
The password that the client is sending and the one listed in the DB are different. You will need to fix the client password or update the DB.
--Ward
-- View this message in context: http://freeradius.1045715.n5.nabble.com/Authentification-tp5537600p5537725.h... Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
But where is the shared secret? I have written the same secret everywhere... Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 From: a.cudbardb@freeradius.org Subject: Re: Authentification Date: Mon, 5 Mar 2012 16:20:43 +0100 To: freeradius-users@lists.freeradius.org On 5 Mar 2012, at 16:03, Javier Ruiz Escalante wrote:Thank you very much, but the password is ""testsecret", I don't know why it shows this strange password, I don't know if it is related to the port 443, as in the server console is working perfectly with the password "testsecret" Because the RADIUS server cannot correctly decrypt the password that was encrypted with the shared secret, its showing the garbled incorrectly decrypted version. -Arran Thanks!! Regards Javier Ruiz Escalante Teléfono: 00 34 512 700 524 Skype: fruiz002 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudbardb@networkradius.com Technical consultant and solutions architect 15 Ave. du Granier, Meylan, France +33 4 69 66 54 50 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
But where is the shared secret? I have written the same secret everywhere...
on the FreeRADIUS server its in clients.conf (or, if you have configured SQL to have NAS tables then in the nas table) on your AP its in the configuration section. note that 'clients' as you know them (laptops, tablets etc) dont know single thing about RADIUS secrets...in the world of RADIUS, clients are the devices that talk directly to the RADIUS server - also knows as NAS (network authentication server) - this will be your microtik device etc.... alan
Huh... It seems you're firing with closed eyes and you're expecting to hit something... Check this five blog posts and you'll see that RADIUS is not "black box" when you want to read something... http://www.serveradminblog.com/category/freeradius/ On 3/5/2012 6:20 PM, Alan Buxey wrote:
Hi,
But where is the shared secret? I have written the same secret everywhere...
on the FreeRADIUS server its in clients.conf (or, if you have configured SQL to have NAS tables then in the nas table)
on your AP its in the configuration section. note that 'clients' as you know them (laptops, tablets etc) dont know single thing about RADIUS secrets...in the world of RADIUS, clients are the devices that talk directly to the RADIUS server - also knows as NAS (network authentication server) - this will be your microtik device etc....
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (10)
-
Alan Buxey -
Alan DeKok -
Arran Cudbard-Bell -
Brian Julin -
Javier Ruiz Escalante -
Marinko Tarlac -
Marinko Tarlać -
Phil Mayers -
Sallee, Stephen (Jake) -
whopeman