Help, authentication problems!!

miha- miha_zoubek at hotmail.com
Mon Dec 6 08:23:28 CET 2010


Hello,


I am having problems with authentication. I chacked secret on NAS and on
Radius server. Bouth are some but the radius is keep telling to check the
secret.

What could be worng or I am missing ?

Thanks!!!

This is configuration on nas.

##----- Activate RADIUS connection

setProperty com.centile.connectors.aaa.watchdog.enable false

setProperty com.centile.connectors.aaa radius

setProperty com.centile.connectors.aaa.localserv intraswitch

setProperty com.centile.connectors.aaa.localpass b        (secret)

setProperty com.centile.connectors.aaa.remotserv 1.2.3.4

setProperty com.centile.connectors.aaa.remotport 1812

setProperty com.centile.connectors.aaa.calltype any



--


This is in cliente.cong


client 212.13.228.58 {
        secret          = b
        shortname       = intraswitch
        nastype         = cisco


1. Sample
If I typed wrong pass in sql for user authentication I see password from
user connection (12345) but it is wrong (12 in sql). 

In sample 2 I put right pass in sql for user, but you can see that is the
radius is showing me that is encrypted and saying me  WARNING: Unprintable
characters in the password.        Double-check the shared secret on the
server and the NAS! . why?



1.

Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "12345"
[pap] Using clear text password "12"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file



2.

ap] returns noop
[sql]   expand: %{User-Name} -> 081609000
[sql] sql_set_user escaped user --> '081609000'
rlm_sql (sql): Reserving sql socket id: 1
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM radcheck          
WHERE username = '081609000'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM radreply          
WHERE username = '081609000'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = '081609000'          
ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute,           Value, op          
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'          
ORDER BY id -> SELECT id, groupname, attribute,           Value, op          
FROM radgroupcheck           WHERE groupname = 'static'           ORDER BY
id
[sql] User found in group static
[sql]   expand: SELECT id, groupname, attribute,           value, op          
FROM radgroupreply           WHERE groupname = '%{Sql-Group}'          
ORDER BY id -> SELECT id, groupname, attribute,           value, op          
FROM radgroupreply           WHERE groupname = 'static'           ORDER BY
id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "þqL?%"
[pap] Using clear text password "12345"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
  WARNING: Unprintable characters in the password.        Double-check the
shared secret on the server and the NAS!
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> 081609000
 attr_filter: Matched entry DEFAULT at line 11
-- 
View this message in context: http://freeradius.1045715.n5.nabble.com/Help-authentication-problems-tp3293661p3293661.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list