No known good password
tnt at kalik.net
tnt at kalik.net
Tue Mar 3 13:15:52 CET 2009
>Are there room for a newbee question here? This is my first Radius server.
>I get the message "No known good password" when trying to authenticate users The users are coming from one of two possible VPN tunnels. I assume "clients.conf" is correctly configured.
>Any help is highly appreciated.
>
>
>Best regards
>Ove Fagerheim
>
>>From "Users.conf":
><snip>
>user1 Service-Type == Framed-User, User-Password == "password",
> # Adresses from 10.194.0.1 to 10.194.63.254
> # Auth-Type = System,
> Framed-IP-Address = 10.194.0.1,
> Framed-IP-Netmask = 255.255.192.0,
> Fall-Through = Yes
>
>DEFAULT Service-Type == Framed-User, Huntgroup-Name == "Huntgroup-1",
> Framed-Protocol = GPRS-PDP-Context,
> NAS-Identifier = STCGGSN3,
> Called-Station_id = "My-Station-Id-String",
> Reply-Message = "%u is granted access"
>
>
>user1 Service-Type == Framed-User, User-Password == "password",
> # Adresser fra 10.192.64.1 til 10.192.127.254
> # Auth-Type = System,
> Framed-IP-Address = 10.192.64.1,
> Framed-IP-Netmask = 255.255.192.0,
> Fall-Through = Yes
>
>DEFAULT Service-Type == Framed-User, Huntgroup-Name == ""Huntgroup-2", ",
> Framed-Protocol = GPRS-PDP-Context,
> NAS-Identifier = FBUGGSN3,
> Called-Station_id = "My-Station-Id-String",
> Reply-Message = "%u is granted access"
><snip>
>
>>From "Huntgroups":
><snip>
>Huntgroup-1 NAS-IP-Address == 172.x.x.0
>Huntgroup-1 NAS-IP-Address == 172.x.x.1
>..
>..
>..
>Huntgroup-1 NAS-IP-Address == 172.x.x.14
>#
>#
>Huntgroup-2 NAS-IP-Address == 172.y.y.240
>Huntgroup-2 NAS-IP-Address == 172.y.y.241
>..
>..
>..
>Huntgroup-2 NAS-IP-Address == 172.y.y.254
><snip>
>
>
>logfile "log\radius\radacct\"NAS-IPAddress"\auth-detail-20090303.log: (username is client telephone number)
><snip>
>Packet-Type = Access-Request
>Tue Mar 3 08:37:36 2009
> NAS-IP-Address = 172.x.x.2
> NAS-Identifier = "STCGGSN3"
> Called-Station-Id = "My-Station-Id-String"
> Framed-Protocol = GPRS-PDP-Context
> Service-Type = Framed-User
> NAS-Port-Type = Virtual
> NAS-Port = 16861232
> User-Name = "user1"
> User-Password = "password"
> Calling-Station-Id = "user1"
> Client-IP-Address = 172.x.x.2
> Huntgroup-Name = "Huntgroup-1"
><snip>
>
>
>logfile "log\radius\radius.log"
><snip>
>Mon Feb 16 12:00:54 2009 : Info: Ready to process requests.
>Mon Feb 16 12:01:49 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 35970456 cli 4790622859)
>Mon Feb 16 12:02:04 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 33168936 cli 4790622859)
>Mon Feb 16 12:02:17 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 30960664 cli 4790622859)
>Mon Feb 16 12:03:57 2009 : Info: Using deprecated naslist file. Support for this will go away soon.
>Mon Feb 16 12:03:57 2009 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
>Mon Feb 16 12:03:57 2009 : Info: rlm_eap_tls: Loading the certificate file as a chain
>Mon Feb 16 12:03:57 2009 : Info: WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not work!
>Mon Feb 16 12:03:57 2009 : Info: Ready to process requests.
><snip>
>
>If the abow errors is unrelated to my issue, I still would very much appreciante any hints on how to fix them.
What freeradius version is this? You probably shouldn't be using
User-Password but Cleartext-Password. Post the output of radiusd -X from
request processing.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list