No known good password

Ove Fagerheim ove.fagerheim at helgelandskraft.no
Tue Mar 3 12:54:30 CET 2009 

Hello all

Are there room for a newbee question here? This is my first Radius server.
I get the message "No known good password" when trying to authenticate users. The users are coming from one of two possible VPN tunnels. I assume "clients.conf" is correctly configured.
Any help is highly appreciated.


Best regards
Ove Fagerheim

>From "Users.conf":
<snip>
user1   Service-Type == Framed-User, User-Password == "password",
        # Adresses from 10.194.0.1 to 10.194.63.254
        # Auth-Type = System,
        Framed-IP-Address = 10.194.0.1,
        Framed-IP-Netmask = 255.255.192.0,
        Fall-Through = Yes

DEFAULT Service-Type == Framed-User, Huntgroup-Name == "Huntgroup-1",
        Framed-Protocol = GPRS-PDP-Context,
        NAS-Identifier = STCGGSN3,
        Called-Station_id = "My-Station-Id-String",
        Reply-Message = "%u is granted access"


user1   Service-Type == Framed-User, User-Password == "password",
        # Adresser fra 10.192.64.1 til 10.192.127.254
        # Auth-Type = System,
        Framed-IP-Address = 10.192.64.1,
        Framed-IP-Netmask = 255.255.192.0,
        Fall-Through = Yes

DEFAULT Service-Type == Framed-User, Huntgroup-Name == ""Huntgroup-2", ",
        Framed-Protocol = GPRS-PDP-Context,
        NAS-Identifier = FBUGGSN3,
        Called-Station_id = "My-Station-Id-String",
        Reply-Message = "%u is granted access"
<snip>

>From "Huntgroups":
<snip>
Huntgroup-1             NAS-IP-Address == 172.x.x.0
Huntgroup-1             NAS-IP-Address == 172.x.x.1
.
.
.
Huntgroup-1             NAS-IP-Address == 172.x.x.14
#
#
Huntgroup-2             NAS-IP-Address == 172.y.y.240
Huntgroup-2             NAS-IP-Address == 172.y.y.241
.
.
.
Huntgroup-2             NAS-IP-Address == 172.y.y.254
<snip>


logfile "log\radius\radacct\"NAS-IPAddress"\auth-detail-20090303.log: (username is client telephone number)
<snip>
Packet-Type = Access-Request
Tue Mar  3 08:37:36 2009
        NAS-IP-Address = 172.x.x.2
        NAS-Identifier = "STCGGSN3"
        Called-Station-Id = "My-Station-Id-String"
        Framed-Protocol = GPRS-PDP-Context
        Service-Type = Framed-User
        NAS-Port-Type = Virtual
        NAS-Port = 16861232
        User-Name = "user1"
        User-Password = "password"
        Calling-Station-Id = "user1"
        Client-IP-Address = 172.x.x.2
        Huntgroup-Name = "Huntgroup-1"
<snip>


logfile "log\radius\radius.log"
<snip>
Mon Feb 16 12:00:54 2009 : Info: Ready to process requests.
Mon Feb 16 12:01:49 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 35970456 cli 4790622859)
Mon Feb 16 12:02:04 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 33168936 cli 4790622859)
Mon Feb 16 12:02:17 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 30960664 cli 4790622859)
Mon Feb 16 12:03:57 2009 : Info: Using deprecated naslist file.  Support for this will go away soon.
Mon Feb 16 12:03:57 2009 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Mon Feb 16 12:03:57 2009 : Info: rlm_eap_tls: Loading the certificate file as a chain
Mon Feb 16 12:03:57 2009 : Info: WARNING: rlm_eap_tls: Unable to set DH parameters.  DH cipher suites may not work!
Mon Feb 16 12:03:57 2009 : Info: Ready to process requests.
<snip>

If the abow errors is unrelated to my issue, I still would very much appreciante any hints on how to fix them.

More information about the Freeradius-Users mailing list