Problem with Solaris 8 to Solaris 10 migration (same radius version).
James Vautin
jvautin at tusc.com.au
Tue Jul 18 06:57:39 CEST 2006
Hello,
We have a Solaris 8 box running freeradius 1.0.4. This machine is being
upgraded to a bigger beast running Solaris 10. The problem I am having
has occurred on all versions of freeradius I have tested on the new
Solaris 10 machine - including 1.0.4, 1.0.5, and 1.1.1.
The error, when running radiusd -X is this:
auth: Failed to validate the user.
WARNING: Unprintable characters in the password. ? Double-check the
shared secret on the server and the NAS!
Facts:
1. We are connecting the same NAS box to the new machine and getting the
same error.
2. We are using the same exact configuration files (and obviously the
same secret.)
3. The NAS box is a Cisco Catalyst 3450 (24 DC Powered) Protocol 1645,
IOS 12.1[13]EA1C.
4. I have verified that the same configuration file with the same secret
is being read, and that the secret on the NAS box stays the same when
connecting to both hosts.
5. I am sending no extra options to ./configure at compile time.
I thank you so much for any leads anyone can give me into the cause of
this.
Here is the entire output:
bash-3.00# /usr/local/sbin/radiusd -X -p 1645
Ignoring deprecated command-line option -pStarting - reading
configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1645
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd.pid"
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
Using deprecated realms file. Support for this will go away soon.
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded System
unix: cache = yes
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 300
HASH: Reinitializing hash structures and lists for caching...
HASH: user root found in hashtable bucket 11726
HASH: user daemon found in hashtable bucket 11668
HASH: user bin found in hashtable bucket 86651
HASH: user sys found in hashtable bucket 64201
HASH: user adm found in hashtable bucket 26466
HASH: user lp found in hashtable bucket 54068
HASH: user uucp found in hashtable bucket 38541
HASH: user nuucp found in hashtable bucket 74587
HASH: user smmsp found in hashtable bucket 13600
HASH: user listen found in hashtable bucket 49327
HASH: user gdm found in hashtable bucket 50360
HASH: user webservd found in hashtable bucket 39570
HASH: user nobody found in hashtable bucket 99723
HASH: user noaccess found in hashtable bucket 80609
HASH: user nobody4 found in hashtable bucket 84789
HASH: user c927693 found in hashtable bucket 51401
HASH: Stored 16 entries from /etc/passwd
HASH: Stored 21 entries from /etc/group
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1645
Listening on accounting *:1646
Listening on proxy *:1647
Ready to process requests.
rad_recv: Access-Request packet from host 144.133.145.11:1812, id=164,
length=82
NAS-IP-Address = 144.133.145.11
NAS-Port = 2
NAS-Port-Type = Virtual
User-Name = "c927693"
Calling-Station-Id = "144.133.188.238"
User-Password = "TI.\331\255\254Z3\036\247sj\262\274[\222"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_realm: No '@' in User-Name = "c927693", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
HASH: user c927693 found in hashtable bucket 51401
users: Matched entry DEFAULT at line 40
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
HASH: user c927693 found in hashtable bucket 51401
modcall[authenticate]: module "unix" returns reject for request 0
modcall: group authenticate returns reject for request 0
auth: Failed to validate the user.
WARNING: Unprintable characters in the password. ? Double-check the
shared secret on the server and the NAS!
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 164 to 144.133.145.11:1812
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 164 with timestamp 44a38917
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 144.133.145.11:1812, id=165,
length=82
NAS-IP-Address = 144.133.145.11
NAS-Port = 2
NAS-Port-Type = Virtual
User-Name = "c927693"
Calling-Station-Id = "144.133.188.238"
User-Password = "\036\000\247\352!m\001\251\3149\220HZKqP"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 1
rlm_realm: No '@' in User-Name = "c927693", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
HASH: user c927693 found in hashtable bucket 51401
users: Matched entry DEFAULT at line 40
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
HASH: user c927693 found in hashtable bucket 51401
modcall[authenticate]: module "unix" returns reject for request 1
modcall: group authenticate returns reject for request 1
auth: Failed to validate the user.
WARNING: Unprintable characters in the password. ? Double-check the
shared secret on the server and the NAS!
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 165 to 144.133.145.11:1812
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 165 with timestamp 44a389a7
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 144.133.145.11:1812, id=166,
length=79
NAS-IP-Address = 144.133.145.11
NAS-Port = 2
NAS-Port-Type = Virtual
User-Name = "fred"
Calling-Station-Id = "144.133.188.238"
User-Password = "8y\356\005\243\251\252W\234\rT\220\262{\347?"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 2
rlm_realm: No '@' in User-Name = "fred", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched entry DEFAULT at line 40
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
modcall[authenticate]: module "unix" returns notfound for request 2
modcall: group authenticate returns notfound for request 2
auth: Failed to validate the user.
WARNING: Unprintable characters in the password. ? Double-check the
shared secret on the server and the NAS!
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 166 to 144.133.145.11:1812
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 166 with timestamp 44a389df
Nothing to do. Sleeping until we see a request.
^C
bash-3.00#
More information about the Freeradius-Users
mailing list