No known good password
Nicolas Goutte
nicolas.goutte at extragroup.de
Tue Mar 3 13:28:10 CET 2009
Am 03.03.2009 um 12:54 schrieb Ove Fagerheim:
> Hello all
>
> Are there room for a newbee question here? This is my first Radius
> server.
> I get the message "No known good password" when trying to
> authenticate users. The users are coming from one of two possible
> VPN tunnels. I assume "clients.conf" is correctly configured.
> Any help is highly appreciated.
>
>
> Best regards
> Ove Fagerheim
>
>> From "Users.conf":
> <snip>
> user1 Service-Type == Framed-User, User-Password == "password",
> # Adresses from 10.194.0.1 to 10.194.63.254
> # Auth-Type = System,
> Framed-IP-Address = 10.194.0.1,
> Framed-IP-Netmask = 255.255.192.0,
> Fall-Through = Yes
>
> DEFAULT Service-Type == Framed-User, Huntgroup-Name == "Huntgroup-1",
> Framed-Protocol = GPRS-PDP-Context,
> NAS-Identifier = STCGGSN3,
> Called-Station_id = "My-Station-Id-String",
> Reply-Message = "%u is granted access"
>
>
> user1 Service-Type == Framed-User, User-Password == "password",
You must "assign" passwords, not "compare" them. So try to use :=
instead of ==
And as in the previous answer, probably you need Cleartext-Password
instead of User-Password
> # Adresser fra 10.192.64.1 til 10.192.127.254
> # Auth-Type = System,
> Framed-IP-Address = 10.192.64.1,
> Framed-IP-Netmask = 255.255.192.0,
> Fall-Through = Yes
>
> DEFAULT Service-Type == Framed-User, Huntgroup-Name ==
> ""Huntgroup-2", ",
> Framed-Protocol = GPRS-PDP-Context,
> NAS-Identifier = FBUGGSN3,
> Called-Station_id = "My-Station-Id-String",
> Reply-Message = "%u is granted access"
> <snip>
>
>> From "Huntgroups":
> <snip>
> Huntgroup-1 NAS-IP-Address == 172.x.x.0
> Huntgroup-1 NAS-IP-Address == 172.x.x.1
> .
> .
> .
> Huntgroup-1 NAS-IP-Address == 172.x.x.14
> #
> #
> Huntgroup-2 NAS-IP-Address == 172.y.y.240
> Huntgroup-2 NAS-IP-Address == 172.y.y.241
> .
> .
> .
> Huntgroup-2 NAS-IP-Address == 172.y.y.254
> <snip>
>
>
> logfile "log\radius\radacct\"NAS-IPAddress"\auth-
> detail-20090303.log: (username is client telephone number)
> <snip>
> Packet-Type = Access-Request
> Tue Mar 3 08:37:36 2009
> NAS-IP-Address = 172.x.x.2
> NAS-Identifier = "STCGGSN3"
> Called-Station-Id = "My-Station-Id-String"
> Framed-Protocol = GPRS-PDP-Context
> Service-Type = Framed-User
> NAS-Port-Type = Virtual
> NAS-Port = 16861232
> User-Name = "user1"
> User-Password = "password"
> Calling-Station-Id = "user1"
> Client-IP-Address = 172.x.x.2
> Huntgroup-Name = "Huntgroup-1"
> <snip>
>
>
> logfile "log\radius\radius.log"
> <snip>
> Mon Feb 16 12:00:54 2009 : Info: Ready to process requests.
> Mon Feb 16 12:01:49 2009 : Auth: Login incorrect: [user1/password]
> (from client TelenorTVK1 port 35970456 cli 4790622859)
> Mon Feb 16 12:02:04 2009 : Auth: Login incorrect: [user1/password]
> (from client TelenorTVK1 port 33168936 cli 4790622859)
> Mon Feb 16 12:02:17 2009 : Auth: Login incorrect: [user1/password]
> (from client TelenorTVK1 port 30960664 cli 4790622859)
> Mon Feb 16 12:03:57 2009 : Info: Using deprecated naslist file.
> Support for this will go away soon.
> Mon Feb 16 12:03:57 2009 : Info: rlm_exec: Wait=yes but no output
> defined. Did you mean output=none?
> Mon Feb 16 12:03:57 2009 : Info: rlm_eap_tls: Loading the
> certificate file as a chain
> Mon Feb 16 12:03:57 2009 : Info: WARNING: rlm_eap_tls: Unable to
> set DH parameters. DH cipher suites may not work!
> Mon Feb 16 12:03:57 2009 : Info: Ready to process requests.
> <snip>
>
> If the abow errors is unrelated to my issue, I still would very
> much appreciante any hints on how to fix them.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
Nicolas Goutte
extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
More information about the Freeradius-Users
mailing list