rlm_pap: WARNING! No "known good" password found for the user.
Hi!
radtest fred somepass localhost 1813 somesecret Sending Access-Request of id 102 to 127.0.0.1 port 1812 User-Name = "fred" User-Password = "somepass" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.)
radiusd -X rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=102, length=56 User-Name = "fred" User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "fred", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> fred attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 102 to 127.0.0.1 port 32770 Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 2 ID 102 with timestamp +151 Ready to process requests.
cat client.conf client 127.0.0.1 { secret = somesecret shortname = localhost nastype = other }
cat users fred Cleartext-Password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
wilma Auth-Type := CHAP, User-password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP barney Auth-Type := MS-CHAP, User-Password == "somepass" Service-Type = Framed-User, Framed-Protocol = PPP What's wrong with this line >User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" ??? Thanks for the support! -- ------------------------ Maciej Drobniuch
You probably have two instances of the server installed. These files don't belong to the server that is running. Ivan Kalik Kalik Informatika ISP Dana 11/7/2008, "Maciej Drobniuch" <maciej@drobniuch.pl> piše:
Hi!
radtest fred somepass localhost 1813 somesecret Sending Access-Request of id 102 to 127.0.0.1 port 1812 User-Name = "fred" User-Password = "somepass" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.)
radiusd -X rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=102, length=56 User-Name = "fred" User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "fred", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> fred attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 102 to 127.0.0.1 port 32770 Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 2 ID 102 with timestamp +151 Ready to process requests.
cat client.conf client 127.0.0.1 { secret = somesecret shortname = localhost nastype = other }
cat users fred Cleartext-Password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
wilma Auth-Type := CHAP, User-password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
barney Auth-Type := MS-CHAP, User-Password == "somepass" Service-Type = Framed-User, Framed-Protocol = PPP
What's wrong with this line >User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" ??? Thanks for the support!
-- ------------------------ Maciej Drobniuch
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi! I've deleted the old /sbin /bin /raddb dirs and then i've executed make install in the freerad 2.0.5 dir... So what is the fastest and the cleanest way to remove the old version? Usually I use packages but I've had problems running radiusd when installing from them... Thanks and sorry for my lame eng. On Fri, 11 Jul 2008 19:30:26 +0100, "Ivan Kalik" <tnt@kalik.net> wrote:
You probably have two instances of the server installed. These files don't belong to the server that is running.
Ivan Kalik Kalik Informatika ISP
Dana 11/7/2008, "Maciej Drobniuch" <maciej@drobniuch.pl> piše:
Hi!
radtest fred somepass localhost 1813 somesecret Sending Access-Request of id 102 to 127.0.0.1 port 1812 User-Name = "fred" User-Password = "somepass" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.)
radiusd -X rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=102, length=56 User-Name = "fred" User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "fred", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. WARNING: Unprintable characters in the password. Double-check
the
shared secret on the server and the NAS! Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> fred attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 102 to 127.0.0.1 port 32770 Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 2 ID 102 with timestamp +151 Ready to process requests.
cat client.conf client 127.0.0.1 { secret = somesecret shortname = localhost nastype = other }
cat users fred Cleartext-Password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
wilma Auth-Type := CHAP, User-password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
barney Auth-Type := MS-CHAP, User-Password == "somepass" Service-Type = Framed-User, Framed-Protocol = PPP
What's wrong with this line >User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" ??? Thanks for the support!
-- ------------------------ Maciej Drobniuch
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --
Maciej Drobniuch
I've cleaned the mess up like you've said, but i've got new errors for you which are not familiar to me ;) Fri Jul 11 21:17:56 2008 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Fri Jul 11 21:17:56 2008 : Debug: auth: Failed to validate the user. Am I using an old definition of Auth-Type in my users file? Or what ? fred Auth-Type := Local, Cleartext-Password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP With what should i replace the "Auth-Type" variable or variable name? Thanks for your tips! On Fri, 11 Jul 2008 19:30:26 +0100, "Ivan Kalik" <tnt@kalik.net> wrote:
You probably have two instances of the server installed. These files don't belong to the server that is running.
Ivan Kalik Kalik Informatika ISP
Dana 11/7/2008, "Maciej Drobniuch" <maciej@drobniuch.pl> piše:
Hi!
radtest fred somepass localhost 1813 somesecret Sending Access-Request of id 102 to 127.0.0.1 port 1812 User-Name = "fred" User-Password = "somepass" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.)
radiusd -X rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=102, length=56 User-Name = "fred" User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "fred", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. WARNING: Unprintable characters in the password. Double-check
the
shared secret on the server and the NAS! Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> fred attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 102 to 127.0.0.1 port 32770 Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 2 ID 102 with timestamp +151 Ready to process requests.
cat client.conf client 127.0.0.1 { secret = somesecret shortname = localhost nastype = other }
cat users fred Cleartext-Password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
wilma Auth-Type := CHAP, User-password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
barney Auth-Type := MS-CHAP, User-Password == "somepass" Service-Type = Framed-User, Framed-Protocol = PPP
What's wrong with this line >User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" ??? Thanks for the support!
-- ------------------------ Maciej Drobniuch
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --
Maciej Drobniuch
Hello I think I had a very similar problem couple of days back. I think your authorization is working but authentication is failing right ? Thanks Sambuddho On Fri, 2008-07-11 at 21:21 +0200, Maciej Drobniuch wrote:
I've cleaned the mess up like you've said, but i've got new errors for you which are not familiar to me ;)
Fri Jul 11 21:17:56 2008 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Fri Jul 11 21:17:56 2008 : Debug: auth: Failed to validate the user.
Am I using an old definition of Auth-Type in my users file? Or what ?
fred Auth-Type := Local, Cleartext-Password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
With what should i replace the "Auth-Type" variable or variable name? Thanks for your tips!
On Fri, 11 Jul 2008 19:30:26 +0100, "Ivan Kalik" <tnt@kalik.net> wrote:
You probably have two instances of the server installed. These files don't belong to the server that is running.
Ivan Kalik Kalik Informatika ISP
Dana 11/7/2008, "Maciej Drobniuch" <maciej@drobniuch.pl> piše:
Hi!
radtest fred somepass localhost 1813 somesecret Sending Access-Request of id 102 to 127.0.0.1 port 1812 User-Name = "fred" User-Password = "somepass" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.)
radiusd -X rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=102, length=56 User-Name = "fred" User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "fred", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. WARNING: Unprintable characters in the password. Double-check
the
shared secret on the server and the NAS! Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> fred attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 102 to 127.0.0.1 port 32770 Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 2 ID 102 with timestamp +151 Ready to process requests.
cat client.conf client 127.0.0.1 { secret = somesecret shortname = localhost nastype = other }
cat users fred Cleartext-Password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
wilma Auth-Type := CHAP, User-password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
barney Auth-Type := MS-CHAP, User-Password == "somepass" Service-Type = Framed-User, Framed-Protocol = PPP
What's wrong with this line >User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" ??? Thanks for the support!
-- ------------------------ Maciej Drobniuch
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --
Maciej Drobniuch
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I thing that authorization because the user can't be found in the users file... just look at the part of debug output: Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[files] returns noop And this is the whole freerad request: rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=28, length=56 User-Name = "fred" User-Password = "somepass" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 Fri Jul 11 21:40:46 2008 : Debug: +- entering group authorize Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[preprocess] returns ok Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[chap] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[mschap] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Fri Jul 11 21:40:46 2008 : Debug: rlm_realm: No '@' in User-Name = "fred", looking up realm NULL Fri Jul 11 21:40:46 2008 : Debug: rlm_realm: No such realm "NULL" Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[suffix] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: rlm_eap: No EAP-Message, not doing EAP Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[eap] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling unix (rlm_unix) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from unix (rlm_unix) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[unix] returns notfound Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[files] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling expiration (rlm_expiration) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from expiration (rlm_expiration) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[expiration] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling logintime (rlm_logintime) for request 1 Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from logintime (rlm_logintime) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[logintime] returns noop Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[pap] returns noop Fri Jul 11 21:40:46 2008 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Fri Jul 11 21:40:46 2008 : Debug: auth: Failed to validate the user. Fri Jul 11 21:40:46 2008 : Debug: Found Post-Auth-Type Reject Fri Jul 11 21:40:46 2008 : Debug: +- entering group REJECT Fri Jul 11 21:40:46 2008 : Debug: modsingle[post-auth]: calling attr_filter.access_reject (rlm_attr_filter) for request 1 Fri Jul 11 21:40:46 2008 : Debug: expand: %{User-Name} -> fred Fri Jul 11 21:40:46 2008 : Debug: attr_filter: Matched entry DEFAULT at line 11 Fri Jul 11 21:40:46 2008 : Debug: modsingle[post-auth]: returned from attr_filter.access_reject (rlm_attr_filter) for request 1 Fri Jul 11 21:40:46 2008 : Debug: ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 28 to 127.0.0.1 port 32770 Fri Jul 11 21:40:46 2008 : Debug: Finished request 1. Fri Jul 11 21:40:46 2008 : Debug: Going to the next request Fri Jul 11 21:40:46 2008 : Debug: Waking up in 4.9 seconds. On Fri, 11 Jul 2008 15:30:19 -0400, Sambuddho Chakravarty <sc2516@columbia.edu> wrote:
Hello I think I had a very similar problem couple of days back. I think your authorization is working but authentication is failing right ?
Thanks Sambuddho On Fri, 2008-07-11 at 21:21 +0200, Maciej Drobniuch wrote:
I've cleaned the mess up like you've said, but i've got new errors for you which are not familiar to me ;)
Fri Jul 11 21:17:56 2008 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Fri Jul 11 21:17:56 2008 : Debug: auth: Failed to validate the user.
Am I using an old definition of Auth-Type in my users file? Or what ?
fred Auth-Type := Local, Cleartext-Password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
With what should i replace the "Auth-Type" variable or variable name? Thanks for your tips!
On Fri, 11 Jul 2008 19:30:26 +0100, "Ivan Kalik" <tnt@kalik.net> wrote:
You probably have two instances of the server installed. These files don't belong to the server that is running.
Ivan Kalik Kalik Informatika ISP
Dana 11/7/2008, "Maciej Drobniuch" <maciej@drobniuch.pl> piše:
Hi!
radtest fred somepass localhost 1813 somesecret Sending Access-Request of id 102 to 127.0.0.1 port 1812 User-Name = "fred" User-Password = "somepass" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port
1812
with invalid signature (err=2)! (Shared secret is incorrect.)
radiusd -X rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=102, length=56 User-Name = "fred" User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "fred", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> fred attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 102 to 127.0.0.1 port 32770 Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 2 ID 102 with timestamp +151 Ready to process requests.
cat client.conf client 127.0.0.1 { secret = somesecret shortname = localhost nastype = other }
cat users fred Cleartext-Password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
wilma Auth-Type := CHAP, User-password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
barney Auth-Type := MS-CHAP, User-Password == "somepass" Service-Type = Framed-User, Framed-Protocol = PPP
What's wrong with this line >User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" ??? Thanks for the support!
-- ------------------------ Maciej Drobniuch
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Maciej Drobniuch
Am I using an old definition of Auth-Type in my users file? Or what ?
fred Auth-Type := Local, Cleartext-Password =="somepass" Service-Type = Framed-User, Framed-Protocol = PPP
With what should i replace the "Auth-Type" variable or variable name?
Read instructions in users file. Don't force Auth-Type. Don't use == with Cleartext-Password. Ivan Kalik Kalik Informatika ISP
Hi Ivan, Here I want to ask for your advise. I have a server with two ethernets connection. Internet ------- [eth1] (DNS, DHCP server, Radius Server) Red Hat [eth0] ----- Wifi (Client) If I plugin XP to eth0 (network line), the server will assign an IP address to that computer and immediately able to connect to internet (iptables redirect traffic to eth1). then I try to authenticate the wifi client I wonder why the NAS-IP-Address always show 0.0.0.0 but when I run radtest on terminal server it shows IP address.. # radtest MarsNet 000 localhost 0 testing123 User-Name = MarsNet User-Password = 000 NAS-IP-Address = 192.168.1.10 ( server IP address) NAS-Port = 0 # I guess this might be the problem causing the client fail to connect to server. (Client never connected but instead showing "acquiring network address") Further for testing purpose if I want to switch the incoming authentication through eth1, which ports shall I open? In previous email you were mention about client attribute fail. How to fix it?
If I plugin XP to eth0 (network line), the server will assign an IP address to that computer and immediately able to connect to internet (iptables redirect traffic to eth1).
So you have DHCP working there. No authentication.
then I try to authenticate the wifi client I wonder why the NAS-IP-Address always show 0.0.0.0
You will have to consult NAS documentation about setting IP addresses on that device.
but when I run radtest on terminal server it shows IP address..
# radtest MarsNet 000 localhost 0 testing123
User-Name = MarsNet
User-Password = 000
NAS-IP-Address = 192.168.1.10 ( server IP address)
NAS-Port = 0
#
Ugh. This is also wrong. Localhost should resolve to 127.0.0.1 not server IP address. This is nothing to do with radius. Your network setup is bad. Fix the network so IP addresses resolve properly.
In previous email you were mention about client attribute fail. How to fix it?
Which attribute? Was it State? If it was, than that equipment is unusable. Replace it with equipment that works. Ivan Kalik Kalik Informatika ISP
On Fri, Jul 11, 2008 at 08:14:13PM +0200, Maciej Drobniuch wrote:
Hi!
radtest fred somepass localhost 1813 somesecret Sending Access-Request of id 102 to 127.0.0.1 port 1812 User-Name = "fred" User-Password = "somepass" NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.)
radiusd -X rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=102, length=56 User-Name = "fred" User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021["
Clue number one. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
NAS-IP-Address = 127.0.0.1 NAS-Port = 1813 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "fred", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
Useful hint. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
What's wrong with this line >User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021[" ???
Please read the debug output. -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org
participants (5)
-
Ivan Kalik -
Kwok Sianbin -
Maciej Drobniuch -
Sambuddho Chakravarty -
Scott Lambert