rlm_pap: WARNING! No "known good" password found for the user.
Maciej Drobniuch
maciej at drobniuch.pl
Fri Jul 11 21:42:14 CEST 2008
I thing that authorization because the user can't be found in the users
file... just look at the part of debug output:
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 1
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[files] returns noop
And this is the whole freerad request:
rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=28,
length=56
User-Name = "fred"
User-Password = "somepass"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1813
Fri Jul 11 21:40:46 2008 : Debug: +- entering group authorize
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 1
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[preprocess] returns ok
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 1
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from
chap (rlm_chap) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[chap] returns noop
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 1
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[mschap] returns noop
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 1
Fri Jul 11 21:40:46 2008 : Debug: rlm_realm: No '@' in User-Name =
"fred", looking up realm NULL
Fri Jul 11 21:40:46 2008 : Debug: rlm_realm: No such realm "NULL"
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[suffix] returns noop
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 1
Fri Jul 11 21:40:46 2008 : Debug: rlm_eap: No EAP-Message, not doing EAP
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from eap
(rlm_eap) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[eap] returns noop
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling unix
(rlm_unix) for request 1
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from
unix (rlm_unix) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[unix] returns notfound
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 1
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[files] returns noop
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling
expiration (rlm_expiration) for request 1
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from
expiration (rlm_expiration) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[expiration] returns noop
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling logintime
(rlm_logintime) for request 1
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from
logintime (rlm_logintime) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[logintime] returns noop
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: calling pap
(rlm_pap) for request 1
Fri Jul 11 21:40:46 2008 : Debug: rlm_pap: WARNING! No "known good"
password found for the user. Authentication may fail because of this.
Fri Jul 11 21:40:46 2008 : Debug: modsingle[authorize]: returned from pap
(rlm_pap) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[pap] returns noop
Fri Jul 11 21:40:46 2008 : Debug: auth: No authenticate method (Auth-Type)
configuration found for the request: Rejecting the user
Fri Jul 11 21:40:46 2008 : Debug: auth: Failed to validate the user.
Fri Jul 11 21:40:46 2008 : Debug: Found Post-Auth-Type Reject
Fri Jul 11 21:40:46 2008 : Debug: +- entering group REJECT
Fri Jul 11 21:40:46 2008 : Debug: modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter) for request 1
Fri Jul 11 21:40:46 2008 : Debug: expand: %{User-Name} -> fred
Fri Jul 11 21:40:46 2008 : Debug: attr_filter: Matched entry DEFAULT at
line 11
Fri Jul 11 21:40:46 2008 : Debug: modsingle[post-auth]: returned from
attr_filter.access_reject (rlm_attr_filter) for request 1
Fri Jul 11 21:40:46 2008 : Debug: ++[attr_filter.access_reject] returns
updated
Sending Access-Reject of id 28 to 127.0.0.1 port 32770
Fri Jul 11 21:40:46 2008 : Debug: Finished request 1.
Fri Jul 11 21:40:46 2008 : Debug: Going to the next request
Fri Jul 11 21:40:46 2008 : Debug: Waking up in 4.9 seconds.
On Fri, 11 Jul 2008 15:30:19 -0400, Sambuddho Chakravarty
<sc2516 at columbia.edu> wrote:
> Hello
> I think I had a very similar problem couple of days back. I think your
> authorization is working but authentication is failing right ?
>
> Thanks
> Sambuddho
> On Fri, 2008-07-11 at 21:21 +0200, Maciej Drobniuch wrote:
>> I've cleaned the mess up like you've said, but i've got new errors for
> you
>> which are not familiar to me ;)
>>
>> Fri Jul 11 21:17:56 2008 : Debug: auth: No authenticate method
> (Auth-Type)
>> configuration found for the request: Rejecting the user
>> Fri Jul 11 21:17:56 2008 : Debug: auth: Failed to validate the user.
>>
>> Am I using an old definition of Auth-Type in my users file?
>> Or what ?
>>
>> fred Auth-Type := Local, Cleartext-Password =="somepass"
>> Service-Type = Framed-User,
>> Framed-Protocol = PPP
>>
>> With what should i replace the "Auth-Type" variable or variable name?
>> Thanks for your tips!
>>
>> On Fri, 11 Jul 2008 19:30:26 +0100, "Ivan Kalik" <tnt at kalik.net> wrote:
>> > You probably have two instances of the server installed. These files
>> > don't belong to the server that is running.
>> >
>> > Ivan Kalik
>> > Kalik Informatika ISP
>> >
>> >
>> > Dana 11/7/2008, "Maciej Drobniuch" <maciej at drobniuch.pl> piše:
>> >
>> >>
>> >>Hi!
>> >>
>> >>>radtest fred somepass localhost 1813 somesecret
>> >>Sending Access-Request of id 102 to 127.0.0.1 port 1812
>> >> User-Name = "fred"
>> >> User-Password = "somepass"
>> >> NAS-IP-Address = 127.0.0.1
>> >> NAS-Port = 1813
>> >>rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102,
>> >>length=20
>> >>rad_verify: Received Access-Reject packet from client 127.0.0.1 port
> 1812
>> >>with invalid signature (err=2)! (Shared secret is incorrect.)
>> >>
>> >>>radiusd -X
>> >>rad_recv: Access-Request packet from host 127.0.0.1 port 32770,
> id=102,
>> >>length=56
>> >> User-Name = "fred"
>> >> User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021["
>> >> NAS-IP-Address = 127.0.0.1
>> >> NAS-Port = 1813
>> >>+- entering group authorize
>> >>++[preprocess] returns ok
>> >>++[chap] returns noop
>> >>++[mschap] returns noop
>> >> rlm_realm: No '@' in User-Name = "fred", looking up realm NULL
>> >> rlm_realm: No such realm "NULL"
>> >>++[suffix] returns noop
>> >> rlm_eap: No EAP-Message, not doing EAP
>> >>++[eap] returns noop
>> >>++[unix] returns notfound
>> >>++[files] returns noop
>> >>++[expiration] returns noop
>> >>++[logintime] returns noop
>> >>rlm_pap: WARNING! No "known good" password found for the user.
>> >>Authentication may fail because of this.
>> >>++[pap] returns noop
>> >>auth: No authenticate method (Auth-Type) configuration found for the
>> >>request: Rejecting the user
>> >>auth: Failed to validate the user.
>> >> WARNING: Unprintable characters in the password. Double-check
>> > the
>> >>shared secret on the server and the NAS!
>> >> Found Post-Auth-Type Reject
>> >>+- entering group REJECT
>> >> expand: %{User-Name} -> fred
>> >> attr_filter: Matched entry DEFAULT at line 11
>> >>++[attr_filter.access_reject] returns updated
>> >>Sending Access-Reject of id 102 to 127.0.0.1 port 32770
>> >>Finished request 2.
>> >>Going to the next request
>> >>Waking up in 4.9 seconds.
>> >>Cleaning up request 2 ID 102 with timestamp +151
>> >>Ready to process requests.
>> >>
>> >>>cat client.conf
>> >>client 127.0.0.1 {
>> >> secret = somesecret
>> >> shortname = localhost
>> >> nastype = other
>> >>}
>> >>
>> >>>cat users
>> >>fred Cleartext-Password =="somepass"
>> >> Service-Type = Framed-User,
>> >> Framed-Protocol = PPP
>> >>
>> >>wilma Auth-Type := CHAP, User-password =="somepass"
>> >> Service-Type = Framed-User,
>> >> Framed-Protocol = PPP
>> >>
>> >>barney Auth-Type := MS-CHAP, User-Password == "somepass"
>> >> Service-Type = Framed-User,
>> >> Framed-Protocol = PPP
>> >>
>> >>What's wrong with this line >User-Password =
>> >>"h\347`\005\270\202\336<\336i~e\031\r\021[" ???
>> >>Thanks for the support!
>> >>
>> >>--
>> >>------------------------
>> >>Maciej Drobniuch
>> >>
>> >>-
>> >>List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >>
>> >>
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>>
--
------------------------
Maciej Drobniuch
More information about the Freeradius-Users
mailing list