Fwd: Authentication failure issue

Stefan Winter stefan.winter at restena.lu
Fri Aug 5 08:55:27 CEST 2011


Hello,

while you marked lots of stuff in yellow, you missed the REALLY helpful
part:

"WARNING: Unprintable characters in the password.        Double-check
the shared secret on the server and the NAS!"

How about doing exactly that...?

Stefan Winter


Am 05.08.2011 06:14, schrieb fieldpeak:
> Hello Friends,
>
> I met a issue regarding password/authentication with FreeRadius, Could
> anybody help for the issue, Thanks!
>
> User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
>
> [pap] WARNING! No "known good" password found for the user. 
> Authentication may fail because of this.
> ++[pap] returns noop
> ERROR: No authenticate method (Auth-Type) found for the request:
> Rejecting the user
>
> The details in below mails.
>
> Regards,
> Charles
>
> Forwarded conversation
> Subject: *Authentication failure issue*
> ------------------------
>
> From: *fieldpeak* <fieldpeak at gmail.com <mailto:fieldpeak at gmail.com>>
> Date: 2011/8/4
> To: freeradius-users at lists.freeradius.org
> <mailto:freeradius-users at lists.freeradius.org>
>
>
> Dear Friends,
>
> I'm trying integrate Freeswitch with Freeradius, I met below issue,
> can anyone help, thanks in adance.
>
> Freeradius server log:
>
> rad_recv: Access-Request packet from host 127.0.0.1 port 52684, id=49,
> length=111
>         User-Name = "1001"
>         User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
>         Called-Station-Id = "888"
>         h323-conf-id = "749d2b5a-16ad-48e4-af58-
> 24011949d1b5"
>         Calling-Station-Id = "1001"
>         NAS-Port = 0
>         NAS-IP-Address = 127.0.0.1
> # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [auth_log]      expand:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> -> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803
> <http://127.0.0.1/auth-detail-20110803>
> [auth_log]
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to
> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803
> <http://127.0.0.1/auth-detail-20110803>
> [auth_log]      expand: %t -> Wed Aug  3 12:06:33 2011
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "1001", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> ++[files] returns noop
> [sql]   expand: %{User-Name} -> 1001
> [sql] sql_set_user escaped user --> '1001'
> rlm_sql (sql): Reserving sql socket id: 4
> [sql]   expand: SELECT id, username, attribute, value, op          
> FROM radcheck           WHERE username = '%{SQL-User-Name}'          
> ORDER BY id -> SELECT id, username, attribute, value, op          
> FROM radcheck           WHERE username = '1001'           ORDER BY id
> [sql]   expand: SELECT groupname           FROM radusergroup          
> WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
> SELECT groupname           FROM radusergroup           WHERE username
> = '1001'           ORDER BY priority
> rlm_sql (sql): Released sql socket id: 4
> [sql] User 1001 not found
> ++[sql] returns notfound
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user. 
> Authentication may fail because of this.
> ++[pap] returns noop
> ERROR: No authenticate method (Auth-Type) found for the request:
> Rejecting the user
> Failed to authenticate the user.
>   WARNING: Unprintable characters in the password.        Double-check
> the shared secret on the server and the NAS!
> Using Post-Auth-Type Reject
> # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> +- entering group REJECT {...}
> [attr_filter.access_reject]     expand: %{User-Name} -> 1001
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 8 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 8
> Sending Access-Reject of id 49 to 127.0.0.1 port 52684
> Waking up in 4.9 seconds.
> Cleaning up request 8 ID 49 with timestamp +7674
> Ready to process requests.
> WARNING! No "known good" password found for the user
>
> Regards,
> Charles
>
> ----------
> From: *fieldpeak* <fieldpeak at gmail.com <mailto:fieldpeak at gmail.com>>
> Date: 2011/8/4
> To: freeradius-users at lists.freeradius.org
> <mailto:freeradius-users at lists.freeradius.org>
>
>
> Hello Gurus,
>
> I've double checked the shared secret on both server and NAS are the
> same, the problem still exist, it trouble me a few days, can anyone
> kindly help?
>
> nas:
> /usr/local/etc/radiusclient/servers
> localhost/localhost    testing123
>
> server:
> /usr/local/etc/raddb/clients.conf
> secret        = testing123
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110805/4396eb7e/attachment.pgp>


More information about the Freeradius-Users mailing list