rlm_pap: WARNING! No "known good" password found for the user.

Maciej Drobniuch maciej at drobniuch.pl
Fri Jul 11 21:42:14 CEST 2008


I thing that authorization because the user can't be found in the users
file... just look at the part of debug output:

Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: calling files
(rlm_files) for request 1
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: returned from
files (rlm_files) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[files] returns noop

And this is the whole freerad request:

rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=28,
length=56
        User-Name = "fred"
        User-Password = "somepass"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1813
Fri Jul 11 21:40:46 2008 : Debug: +- entering group authorize
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 1
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[preprocess] returns ok
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: calling chap
(rlm_chap) for request 1
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: returned from
chap (rlm_chap) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[chap] returns noop
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: calling mschap
(rlm_mschap) for request 1
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: returned from
mschap (rlm_mschap) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[mschap] returns noop
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: calling suffix
(rlm_realm) for request 1
Fri Jul 11 21:40:46 2008 : Debug:     rlm_realm: No '@' in User-Name =
"fred", looking up realm NULL
Fri Jul 11 21:40:46 2008 : Debug:     rlm_realm: No such realm "NULL"
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: returned from
suffix (rlm_realm) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[suffix] returns noop
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: calling eap
(rlm_eap) for request 1
Fri Jul 11 21:40:46 2008 : Debug:   rlm_eap: No EAP-Message, not doing EAP
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: returned from eap
(rlm_eap) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[eap] returns noop
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: calling unix
(rlm_unix) for request 1
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: returned from
unix (rlm_unix) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[unix] returns notfound
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: calling files
(rlm_files) for request 1
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: returned from
files (rlm_files) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[files] returns noop
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: calling
expiration (rlm_expiration) for request 1
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: returned from
expiration (rlm_expiration) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[expiration] returns noop
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: calling logintime
(rlm_logintime) for request 1
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: returned from
logintime (rlm_logintime) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[logintime] returns noop
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: calling pap
(rlm_pap) for request 1
Fri Jul 11 21:40:46 2008 : Debug: rlm_pap: WARNING! No "known good"
password found for the user.  Authentication may fail because of this.
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[authorize]: returned from pap
(rlm_pap) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[pap] returns noop
Fri Jul 11 21:40:46 2008 : Debug: auth: No authenticate method (Auth-Type)
configuration found for the request: Rejecting the user
Fri Jul 11 21:40:46 2008 : Debug: auth: Failed to validate the user.
Fri Jul 11 21:40:46 2008 : Debug:   Found Post-Auth-Type Reject
Fri Jul 11 21:40:46 2008 : Debug: +- entering group REJECT
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter) for request 1
Fri Jul 11 21:40:46 2008 : Debug:       expand: %{User-Name} -> fred
Fri Jul 11 21:40:46 2008 : Debug:  attr_filter: Matched entry DEFAULT at
line 11
Fri Jul 11 21:40:46 2008 : Debug:   modsingle[post-auth]: returned from
attr_filter.access_reject (rlm_attr_filter) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[attr_filter.access_reject] returns
updated
Sending Access-Reject of id 28 to 127.0.0.1 port 32770
Fri Jul 11 21:40:46 2008 : Debug: Finished request 1.
Fri Jul 11 21:40:46 2008 : Debug: Going to the next request
Fri Jul 11 21:40:46 2008 : Debug: Waking up in 4.9 seconds.


On Fri, 11 Jul 2008 15:30:19 -0400, Sambuddho Chakravarty
<sc2516 at columbia.edu> wrote:
> Hello
>  I think I had a very similar problem couple of days back. I think your
> authorization is working but authentication is failing right ?
> 
> Thanks
> Sambuddho
> On Fri, 2008-07-11 at 21:21 +0200, Maciej Drobniuch wrote:
>> I've cleaned the mess up like you've said, but i've got new errors for
> you
>> which are not familiar to me ;)
>> 
>> Fri Jul 11 21:17:56 2008 : Debug: auth: No authenticate method
> (Auth-Type)
>> configuration found for the request: Rejecting the user
>> Fri Jul 11 21:17:56 2008 : Debug: auth: Failed to validate the user.
>> 
>> Am I using an old definition of Auth-Type in my users file?
>> Or what ? 
>> 
>> fred       Auth-Type := Local, Cleartext-Password =="somepass"
>>            Service-Type = Framed-User,
>>            Framed-Protocol = PPP
>> 
>> With what should i replace the "Auth-Type" variable or variable name?
>> Thanks for your tips!
>> 
>> On Fri, 11 Jul 2008 19:30:26 +0100, "Ivan Kalik" <tnt at kalik.net> wrote:
>> > You probably have two instances of the server installed. These files
>> > don't belong to the server that is running.
>> > 
>> > Ivan Kalik
>> > Kalik Informatika ISP
>> > 
>> > 
>> > Dana 11/7/2008, "Maciej Drobniuch" <maciej at drobniuch.pl> piše:
>> > 
>> >>
>> >>Hi!
>> >>
>> >>>radtest fred somepass localhost 1813 somesecret
>> >>Sending Access-Request of id 102 to 127.0.0.1 port 1812
>> >>        User-Name = "fred"
>> >>        User-Password = "somepass"
>> >>        NAS-IP-Address = 127.0.0.1
>> >>        NAS-Port = 1813
>> >>rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102,
>> >>length=20
>> >>rad_verify: Received Access-Reject packet from client 127.0.0.1 port
> 1812
>> >>with invalid signature (err=2)!  (Shared secret is incorrect.)
>> >>
>> >>>radiusd -X
>> >>rad_recv: Access-Request packet from host 127.0.0.1 port 32770,
> id=102,
>> >>length=56
>> >>        User-Name = "fred"
>> >>        User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021["
>> >>        NAS-IP-Address = 127.0.0.1
>> >>        NAS-Port = 1813
>> >>+- entering group authorize
>> >>++[preprocess] returns ok
>> >>++[chap] returns noop
>> >>++[mschap] returns noop
>> >>    rlm_realm: No '@' in User-Name = "fred", looking up realm NULL
>> >>    rlm_realm: No such realm "NULL"
>> >>++[suffix] returns noop
>> >>  rlm_eap: No EAP-Message, not doing EAP
>> >>++[eap] returns noop
>> >>++[unix] returns notfound
>> >>++[files] returns noop
>> >>++[expiration] returns noop
>> >>++[logintime] returns noop
>> >>rlm_pap: WARNING! No "known good" password found for the user.
>> >>Authentication may fail because of this.
>> >>++[pap] returns noop
>> >>auth: No authenticate method (Auth-Type) configuration found for the
>> >>request: Rejecting the user
>> >>auth: Failed to validate the user.
>> >>  WARNING: Unprintable characters in the password.        Double-check
>> > the
>> >>shared secret on the server and the NAS!
>> >>  Found Post-Auth-Type Reject
>> >>+- entering group REJECT
>> >>        expand: %{User-Name} -> fred
>> >> attr_filter: Matched entry DEFAULT at line 11
>> >>++[attr_filter.access_reject] returns updated
>> >>Sending Access-Reject of id 102 to 127.0.0.1 port 32770
>> >>Finished request 2.
>> >>Going to the next request
>> >>Waking up in 4.9 seconds.
>> >>Cleaning up request 2 ID 102 with timestamp +151
>> >>Ready to process requests.
>> >>
>> >>>cat client.conf
>> >>client 127.0.0.1 {
>> >>        secret          = somesecret
>> >>        shortname       = localhost
>> >>        nastype         = other
>> >>}
>> >>
>> >>>cat users
>> >>fred       Cleartext-Password =="somepass"
>> >>           Service-Type = Framed-User,
>> >>           Framed-Protocol = PPP
>> >>
>> >>wilma      Auth-Type := CHAP, User-password =="somepass"
>> >>           Service-Type = Framed-User,
>> >>           Framed-Protocol = PPP
>> >>
>> >>barney     Auth-Type := MS-CHAP, User-Password == "somepass"
>> >>           Service-Type = Framed-User,
>> >>           Framed-Protocol = PPP
>> >>
>> >>What's wrong with this line >User-Password =
>> >>"h\347`\005\270\202\336<\336i~e\031\r\021[" ???
>> >>Thanks for the support!
>> >>
>> >>--
>> >>------------------------
>> >>Maciej Drobniuch
>> >>
>> >>-
>> >>List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >>
>> >>
>> > 
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>>
-- 
------------------------
Maciej Drobniuch




More information about the Freeradius-Users mailing list