radcheck question

Ivan Kalik tnt at kalik.net
Wed May 28 20:18:35 CEST 2008


>My freeradius works if I use a test client to send in the username and
>password, but when I switch to sip server, it does not work anymore.  I have
>searched the internet and some people suggested that this may be due to
>Attribute setting, so I tried 'Cleartext-Password','User-Password', and
>'Digest-HA1', but none of those work.  What is wrong with my radius
>setting?
>

Nothing. Your password attribute is wrong.

>
>Here is the radiusd -X log:
>
>
>Waking up in 4.9 seconds.
>        User-Name = "1006 at 192.168.1.104"
>        Digest-Attributes = 0x0a0631303036
>        Digest-Attributes = 0x010f3139322e3136382e312e313034
>        Digest-Attributes = 0x022a3438336465356263616637653
>5646335323862373335643661393364363634636237376533396636
>        Digest-Attributes = 0x04137369703a3139322e3136382e312e313034
>        Digest-Attributes = 0x030a5245474953544552
>        Digest-Response = "9b614ed006554a3a7ea094b14237dae9"
>        Service-Type = IAPP-Register
>        X-Ascend-PW-Lifetime = 825241654
>        NAS-Port = 5060
>        NAS-IP-Address = 127.0.0.1
>+- entering group authorize
>++[preprocess] returns ok
>        expand:
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
>/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
>rlm_detail:
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
>        expand: %t -> Thu May 29 07:02:41 2008
>++[auth_log] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>rlm_digest: Adding Auth-Type = DIGEST
>++[digest] returns ok
>    rlm_realm: Looking up realm "192.168.1.104" for User-Name = "
>1006 at 192.168.1.104"
>    rlm_realm: Found realm "192.168.1.104"
>    rlm_realm: Adding Stripped-User-Name = "1006"
>    rlm_realm: Adding Realm = "192.168.1.104"
>    rlm_realm: Authentication realm is LOCAL.
>++[suffix] returns noop
>  rlm_eap: No EAP-Message, not doing EAP
>++[eap] returns noop
>++[files] returns noop

All fine so far. But wrong attribute/operator are stored in SQL.

>rlm_pap: Found existing Auth-Type, not changing it.
>++[pap] returns noop
>  rad_check_password:  Found Auth-Type Local
>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>!!!    Replacing User-Password in config items with Cleartext-Password.
>!!!
>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>!!! Please update your configuration so that the "known good"
>!!!
>!!! clear text password is in Cleartext-Password, and not in User-Password.
>!!!
>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Instructions couldn't be clearer:

http://wiki.freeradius.org/Digest

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list