Problem with Solaris 8 to Solaris 10 migration (same radius version).

James Vautin jvautin at tusc.com.au
Mon Sep 11 07:23:14 CEST 2006


Hello,

We have a Solaris 8 box running freeradius 1.0.4. This machine is being
upgraded to a bigger beast running Solaris 10.  The problem I am having
has occurred on all versions of freeradius I have tested on the new
Solaris 10 machine - including 1.0.4, 1.0.5, and 1.1.1. 

The error, when running radiusd -X is this:

auth: Failed to validate the user.
  WARNING: Unprintable characters in the password. ?  Double-check the
shared secret on the server and the NAS!


Facts:

1. We are connecting the same NAS box to the new machine and getting the
same error.
2. We are using the same exact configuration files (and obviously the
same secret.)
3. The NAS box is a Cisco Catalyst 3450 (24 DC Powered) Protocol 1645,
IOS 12.1[13]EA1C.
4. I have verified that the same configuration file with the same secret
is being read, and that the secret on the NAS box stays the same when
connecting to both hosts.
5. I am sending no extra options to ./configure at compile time.

I thank you so much for any leads anyone can give me into the cause of
this.

Here is the entire output:

bash-3.00# /usr/local/sbin/radiusd -X -p 1645
Ignoring deprecated command-line option -pStarting - reading
configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/var"
 main: logdir = "/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 1645
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/var/run/radiusd.pid"
 main: user = "root"
 main: group = "root"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = yes
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
Using deprecated realms file.  Support for this will go away soon.
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded System 
 unix: cache = yes
 unix: passwd = "/etc/passwd"
 unix: shadow = "/etc/shadow"
 unix: group = "/etc/group"
 unix: radwtmp = "/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 300
HASH:  Reinitializing hash structures and lists for caching...
  HASH:  user root found in hashtable bucket 11726
  HASH:  user daemon found in hashtable bucket 11668
  HASH:  user bin found in hashtable bucket 86651
  HASH:  user sys found in hashtable bucket 64201
  HASH:  user adm found in hashtable bucket 26466
  HASH:  user lp found in hashtable bucket 54068
  HASH:  user uucp found in hashtable bucket 38541
  HASH:  user nuucp found in hashtable bucket 74587
  HASH:  user smmsp found in hashtable bucket 13600
  HASH:  user listen found in hashtable bucket 49327
  HASH:  user gdm found in hashtable bucket 50360
  HASH:  user webservd found in hashtable bucket 39570
  HASH:  user nobody found in hashtable bucket 99723
  HASH:  user noaccess found in hashtable bucket 80609
  HASH:  user nobody4 found in hashtable bucket 84789
  HASH:  user c927693 found in hashtable bucket 51401
HASH:  Stored 16 entries from /etc/passwd
HASH:  Stored 21 entries from /etc/group
Module: Instantiated unix (unix) 
Module: Loaded preprocess 
 preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
 preprocess: hints = "/usr/local/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess) 
Module: Loaded realm 
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix) 
Module: Loaded files 
 files: usersfile = "/usr/local/etc/raddb/users"
 files: acctusersfile = "/usr/local/etc/raddb/acct_users"
 files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files) 
Module: Loaded detail 
 detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail) 
Module: Loaded radutmp 
 radutmp: filename = "/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp) 
Listening on authentication *:1645
Listening on accounting *:1646
Listening on proxy *:1647
Ready to process requests.
rad_recv: Access-Request packet from host 144.133.145.11:1812, id=164,
length=82
        NAS-IP-Address = 144.133.145.11
        NAS-Port = 2
        NAS-Port-Type = Virtual
        User-Name = "c927693"
        Calling-Station-Id = "144.133.188.238"
        User-Password = "TI.\331\255\254Z3\036\247sj\262\274[\222"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
  modcall[authorize]: module "preprocess" returns ok for request 0
    rlm_realm: No '@' in User-Name = "c927693", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  HASH:  user c927693 found in hashtable bucket 51401
    users: Matched entry DEFAULT at line 40
  modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  HASH:  user c927693 found in hashtable bucket 51401
  modcall[authenticate]: module "unix" returns reject for request 0
modcall: group authenticate returns reject for request 0
auth: Failed to validate the user.
  WARNING: Unprintable characters in the password. ?  Double-check the
shared secret on the server and the NAS!
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 164 to 144.133.145.11:1812
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 164 with timestamp 44a38917
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 144.133.145.11:1812, id=165,
length=82
        NAS-IP-Address = 144.133.145.11
        NAS-Port = 2
        NAS-Port-Type = Virtual
        User-Name = "c927693"
        Calling-Station-Id = "144.133.188.238"
        User-Password = "\036\000\247\352!m\001\251\3149\220HZKqP"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
  modcall[authorize]: module "preprocess" returns ok for request 1
    rlm_realm: No '@' in User-Name = "c927693", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  HASH:  user c927693 found in hashtable bucket 51401
    users: Matched entry DEFAULT at line 40
  modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns ok for request 1
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  HASH:  user c927693 found in hashtable bucket 51401
  modcall[authenticate]: module "unix" returns reject for request 1
modcall: group authenticate returns reject for request 1
auth: Failed to validate the user.
  WARNING: Unprintable characters in the password. ?  Double-check the
shared secret on the server and the NAS!
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 165 to 144.133.145.11:1812
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 165 with timestamp 44a389a7
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 144.133.145.11:1812, id=166,
length=79
        NAS-IP-Address = 144.133.145.11
        NAS-Port = 2
        NAS-Port-Type = Virtual
        User-Name = "fred"
        Calling-Station-Id = "144.133.188.238"
        User-Password = "8y\356\005\243\251\252W\234\rT\220\262{\347?"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Prefix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
  modcall[authorize]: module "preprocess" returns ok for request 2
    rlm_realm: No '@' in User-Name = "fred", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
    users: Matched entry DEFAULT at line 40
  modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns ok for request 2
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  modcall[authenticate]: module "unix" returns notfound for request 2
modcall: group authenticate returns notfound for request 2
auth: Failed to validate the user.
  WARNING: Unprintable characters in the password. ?  Double-check the
shared secret on the server and the NAS!
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 166 to 144.133.145.11:1812
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 166 with timestamp 44a389df
Nothing to do.  Sleeping until we see a request.
^C
bash-3.00#






More information about the Freeradius-Users mailing list