SV: No known good password

Ove Fagerheim ove.fagerheim at helgelandskraft.no
Tue Mar 3 13:40:35 CET 2009 

The version is 1.1.7-r0.0.2.

I assume -X means debug mode (I really *am* a newbee)

<snip>
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.25.254.1:3067, id=98, length=118
        NAS-IP-Address = 172.25.254.1
        NAS-Identifier = "STCGGSN3"
        Called-Station-Id = "mdahelgkraftma"
        Framed-Protocol = GPRS-PDP-Context
        Service-Type = Framed-User
        NAS-Port-Type = Virtual
        NAS-Port = 43563320
        User-Name = "4790622859"
        User-Password = "password"
        Calling-Station-Id = "4790622859"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat:  '..//var/log/radius/radacct/172.25.254.1/auth-detail-20090213.log'

rlm_detail: ..//var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d.l
og expands to ..//var/log/radius/radacct/172.25.254.1/auth-detail-20090213.log
  modcall[authorize]: module "auth_log" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "4790622859", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
rlm_pap: WARNING! No "known good" password found for the user.  Authentication m
ay fail because of this.
  modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns ok) for request 1
auth: No authenticate method (Auth-Type) configuration found for the request: Re
jecting the user
auth: Failed to validate the user.
Login incorrect: [4790622859/password] (from client TelenorTVK1 port 43563320 cl
i 4790622859)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 98 to 172.25.254.1 port 3067
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 98 with timestamp 49957f8c
Nothing to do.  Sleeping until we see a request.
<snip>

I'll try Cleartext-Password instead of User-Password

Thanks
Ove

-----Opprinnelig melding-----
Fra: freeradius-users-bounces+ove.fagerheim=helgelandskraft.no at lists.freeradius.org [mailto:freeradius-users-bounces+ove.fagerheim=helgelandskraft.no at lists.freeradius.org] På vegne av tnt at kalik.net
Sendt: 3. mars 2009 13:16
Til: FreeRadius users mailing list
Emne: Re: No known good password


>Are there room for a newbee question here? This is my first Radius
>server. I get the message "No known good password" when trying to
>authenticate users The users are coming from one of two possible VPN
>tunnels. I assume "clients.conf" is correctly configured. Any help is
>highly appreciated.
>
>
>Best regards
>Ove Fagerheim
>
>>From "Users.conf":
><snip>
>user1   Service-Type == Framed-User, User-Password == "password",
>        # Adresses from 10.194.0.1 to 10.194.63.254
>        # Auth-Type = System,
>        Framed-IP-Address = 10.194.0.1,
>        Framed-IP-Netmask = 255.255.192.0,
>        Fall-Through = Yes
>
>DEFAULT Service-Type == Framed-User, Huntgroup-Name == "Huntgroup-1",
>        Framed-Protocol = GPRS-PDP-Context,
>        NAS-Identifier = STCGGSN3,
>        Called-Station_id = "My-Station-Id-String",
>        Reply-Message = "%u is granted access"
>
>
>user1   Service-Type == Framed-User, User-Password == "password",
>        # Adresser fra 10.192.64.1 til 10.192.127.254
>        # Auth-Type = System,
>        Framed-IP-Address = 10.192.64.1,
>        Framed-IP-Netmask = 255.255.192.0,
>        Fall-Through = Yes
>
>DEFAULT Service-Type == Framed-User, Huntgroup-Name == ""Huntgroup-2", ",
>        Framed-Protocol = GPRS-PDP-Context,
>        NAS-Identifier = FBUGGSN3,
>        Called-Station_id = "My-Station-Id-String",
>        Reply-Message = "%u is granted access"
><snip>
>
>>From "Huntgroups":
><snip>
>Huntgroup-1             NAS-IP-Address == 172.x.x.0
>Huntgroup-1             NAS-IP-Address == 172.x.x.1
>..
>..
>..
>Huntgroup-1             NAS-IP-Address == 172.x.x.14
>#
>#
>Huntgroup-2             NAS-IP-Address == 172.y.y.240
>Huntgroup-2             NAS-IP-Address == 172.y.y.241
>..
>..
>..
>Huntgroup-2             NAS-IP-Address == 172.y.y.254
><snip>
>
>
>logfile "log\radius\radacct\"NAS-IPAddress"\auth-detail-20090303.log:
>(username is client telephone number) <snip> Packet-Type =
>Access-Request Tue Mar  3 08:37:36 2009
>        NAS-IP-Address = 172.x.x.2
>        NAS-Identifier = "STCGGSN3"
>        Called-Station-Id = "My-Station-Id-String"
>        Framed-Protocol = GPRS-PDP-Context
>        Service-Type = Framed-User
>        NAS-Port-Type = Virtual
>        NAS-Port = 16861232
>        User-Name = "user1"
>        User-Password = "password"
>        Calling-Station-Id = "user1"
>        Client-IP-Address = 172.x.x.2
>        Huntgroup-Name = "Huntgroup-1"
><snip>
>
>
>logfile "log\radius\radius.log"
><snip>
>Mon Feb 16 12:00:54 2009 : Info: Ready to process requests. Mon Feb 16
>12:01:49 2009 : Auth: Login incorrect: [user1/password] (from client
>TelenorTVK1 port 35970456 cli 4790622859) Mon Feb 16 12:02:04 2009 :
>Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port
>33168936 cli 4790622859) Mon Feb 16 12:02:17 2009 : Auth: Login
>incorrect: [user1/password] (from client TelenorTVK1 port 30960664 cli
>4790622859) Mon Feb 16 12:03:57 2009 : Info: Using deprecated naslist
>file.  Support for this will go away soon. Mon Feb 16 12:03:57 2009 :
>Info: rlm_exec: Wait=yes but no output defined. Did you mean
>output=none? Mon Feb 16 12:03:57 2009 : Info: rlm_eap_tls: Loading the
>certificate file as a chain Mon Feb 16 12:03:57 2009 : Info: WARNING:
>rlm_eap_tls: Unable to set DH parameters.  DH cipher suites may not
>work! Mon Feb 16 12:03:57 2009 : Info: Ready to process requests.
><snip>
>
>If the abow errors is unrelated to my issue, I still would very much
>appreciante any hints on how to fix them.

What freeradius version is this? You probably shouldn't be using User-Password but Cleartext-Password. Post the output of radiusd -X from request processing.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list