Fwd: Authentication failure issue
fieldpeak
fieldpeak at gmail.com
Fri Aug 5 14:05:49 CEST 2011
Stefan & Alan,
Great! The issue was resolved by re-correcting the secret of program on
NAS...
Apprecited very much for your dedicated help!! :)
Regards,
Charles
2011/8/5 Stefan Winter <stefan.winter at restena.lu>
> Hi,
>
> your FreeRADIUS Server reads the clients from this file:
>
> including configuration file /usr/local/etc/raddb/clients.conf
>
> which is what you edited - good. Now you have to check where
> radiusclient reads its secret from. Can't help you with that.
>
> Stefan
>
> Am 05.08.2011 11:09, schrieb fieldpeak:
> > Hi Stefan,
> >
> > Attached is the fully log from FreeRadius start, i tried to identify
> > it myself however i'm new comer to FR, can you please advise, thanks a
> > lot!
> >
> > Regards,
> > Charles
> >
> > 2011/8/5 Stefan Winter <stefan.winter at restena.lu
> > <mailto:stefan.winter at restena.lu>>
> >
> > Hi,
> >
> > if the password is mangled that way, there is not much other
> > reason than
> > a misconfigured shared secret.
> >
> > I can't tell you which config file exactly does what on your system;
> > that depends on the configure settings you used to install
> FreeRADIUS,
> > and on where and how you installed the NAS stuff with radiusclient.
> >
> > You could post a *full* debug output of radiusd -X, *including*
> what's
> > printed on server startup - it will print out which files it reads
> for
> > its configuration.
> >
> > Stefan
> >
> > Am 05.08.2011 10:21, schrieb fieldpeak:
> > > Hi Stefan,
> > >
> > > Sorry for the confusion, actullay i have checked both secret on
> both
> > > NAS and server sides, it is same.
> > > below is debug output, the confusion pasword "Q?²ÊÃ
> > > ëê¢p?¤F?+Õa" is very suspecious, it should be '1111' that i
> > > configure in database.
> > > maybe i check the wrong conf files for secrect, below is files
> > that i
> > > checked. is it correct?
> > > NAS:
> > > usr/local/etc/radiusclient/
> > > servers
> > > localhost/localhost testing123
> > >
> > > Server:
> > > /usr/local/etc/raddb/clients.conf
> > > secret = testing123
> > >
> > >
> > > debug output:
> > >
> > > Found Auth-Type = PAP
> > > # Executing group from file
> > /usr/local/etc/raddb/sites-enabled/default
> > > +- entering group PAP {...}
> > > [pap] login attempt with password "Q?²Êà ëê¢p?¤F?+Õa"
> > > [pap] Using clear text password "1111"
> > > [pap] Passwords don't match
> > > ++[pap] returns reject
> > > Failed to authenticate the user.
> > > WARNING: Unprintable characters in the password. Double-check the
> > > shared secret on the server and the NAS!
> > > Using Post-Auth-Type Reject
> > > # Executing group from file
> > /usr/local/etc/raddb/sites-enabled/default
> > > +- entering group REJECT {...}
> > > [attr_filter.access_reject] expand: %{User-Name} -> 1001
> > > attr_filter: Matched entry DEFAULT at line 11
> > > ++[attr_filter.access_reject] returns updated
> > > Delaying reject of request 38 for 1 seconds
> > >
> > >
> > > Regards,
> > > Charles
> > >
> > > 2011/8/5 Stefan Winter <stefan.winter at restena.lu
> > <mailto:stefan.winter at restena.lu>
> > > <mailto:stefan.winter at restena.lu <mailto:stefan.winter at restena.lu
> >>>
> > >
> > > Hello,
> > >
> > > while you marked lots of stuff in yellow, you missed the REALLY
> > > helpful
> > > part:
> > >
> > > "WARNING: Unprintable characters in the password. Double-check
> > > the shared secret on the server and the NAS!"
> > >
> > > How about doing exactly that...?
> > >
> > > Stefan Winter
> > >
> > >
> > > Am 05.08.2011 06:14, schrieb fieldpeak:
> > > > Hello Friends,
> > > >
> > > > I met a issue regarding password/authentication with FreeRadius,
> > > Could
> > > > anybody help for the issue, Thanks!
> > > >
> > > > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
> > > >
> > > > [pap] WARNING! No "known good" password found for the user.
> > > > Authentication may fail because of this.
> > > > ++[pap] returns noop
> > > > ERROR: No authenticate method (Auth-Type) found for the request:
> > > > Rejecting the user
> > > >
> > > > The details in below mails.
> > > >
> > > > Regards,
> > > > Charles
> > > >
> > > > Forwarded conversation
> > > > Subject: *Authentication failure issue*
> > > > ------------------------
> > > >
> > > > From: *fieldpeak* <fieldpeak at gmail.com
> > <mailto:fieldpeak at gmail.com>
> > > <mailto:fieldpeak at gmail.com <mailto:fieldpeak at gmail.com>>
> > <mailto:fieldpeak at gmail.com <mailto:fieldpeak at gmail.com>
> > > <mailto:fieldpeak at gmail.com <mailto:fieldpeak at gmail.com>>>>
> > > > Date: 2011/8/4
> > > > To: freeradius-users at lists.freeradius.org
> > <mailto:freeradius-users at lists.freeradius.org>
> > > <mailto:freeradius-users at lists.freeradius.org
> > <mailto:freeradius-users at lists.freeradius.org>>
> > > > <mailto:freeradius-users at lists.freeradius.org
> > <mailto:freeradius-users at lists.freeradius.org>
> > > <mailto:freeradius-users at lists.freeradius.org
> > <mailto:freeradius-users at lists.freeradius.org>>>
> > > >
> > > >
> > > > Dear Friends,
> > > >
> > > > I'm trying integrate Freeswitch with Freeradius, I met below
> > issue,
> > > > can anyone help, thanks in adance.
> > > >
> > > > Freeradius server log:
> > > >
> > > > rad_recv: Access-Request packet from host 127.0.0.1 port 52684,
> > > id=49,
> > > > length=111
> > > > User-Name = "1001"
> > > > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
> > > > Called-Station-Id = "888"
> > > > h323-conf-id = "749d2b5a-16ad-48e4-af58-
> > > > 24011949d1b5"
> > > > Calling-Station-Id = "1001"
> > > > NAS-Port = 0
> > > > NAS-IP-Address = 127.0.0.1
> > > > # Executing section authorize from file
> > > > /usr/local/etc/raddb/sites-enabled/default
> > > > +- entering group authorize {...}
> > > > ++[preprocess] returns ok
> > > > [auth_log] expand:
> > > >
> > >
> >
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> > > > ->
> > > /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803
> > <http://127.0.0.1/auth-detail-20110803>
> > > <http://127.0.0.1/auth-detail-20110803>
> > > > <http://127.0.0.1/auth-detail-20110803>
> > > > [auth_log]
> > > >
> > >
> >
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> > > > expands to
> > > >
> > /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803
> > <http://127.0.0.1/auth-detail-20110803>
> > > <http://127.0.0.1/auth-detail-20110803>
> > > > <http://127.0.0.1/auth-detail-20110803>
> > > > [auth_log] expand: %t -> Wed Aug 3 12:06:33 2011
> > > > ++[auth_log] returns ok
> > > > ++[chap] returns noop
> > > > ++[mschap] returns noop
> > > > ++[digest] returns noop
> > > > [suffix] No '@' in User-Name = "1001", looking up realm NULL
> > > > [suffix] No such realm "NULL"
> > > > ++[suffix] returns noop
> > > > [eap] No EAP-Message, not doing EAP
> > > > ++[eap] returns noop
> > > > ++[unix] returns notfound
> > > > ++[files] returns noop
> > > > [sql] expand: %{User-Name} -> 1001
> > > > [sql] sql_set_user escaped user --> '1001'
> > > > rlm_sql (sql): Reserving sql socket id: 4
> > > > [sql] expand: SELECT id, username, attribute, value, op
> > > > FROM radcheck WHERE username = '%{SQL-User-Name}'
> > > > ORDER BY id -> SELECT id, username, attribute, value, op
> > > > FROM radcheck WHERE username = '1001' ORDER BY id
> > > > [sql] expand: SELECT groupname FROM radusergroup
> > > > WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
> > > > SELECT groupname FROM radusergroup WHERE username
> > > > = '1001' ORDER BY priority
> > > > rlm_sql (sql): Released sql socket id: 4
> > > > [sql] User 1001 not found
> > > > ++[sql] returns notfound
> > > > ++[expiration] returns noop
> > > > ++[logintime] returns noop
> > > > [pap] WARNING! No "known good" password found for the user.
> > > > Authentication may fail because of this.
> > > > ++[pap] returns noop
> > > > ERROR: No authenticate method (Auth-Type) found for the request:
> > > > Rejecting the user
> > > > Failed to authenticate the user.
> > > > WARNING: Unprintable characters in the password. Double-check
> > > > the shared secret on the server and the NAS!
> > > > Using Post-Auth-Type Reject
> > > > # Executing group from file
> > > /usr/local/etc/raddb/sites-enabled/default
> > > > +- entering group REJECT {...}
> > > > [attr_filter.access_reject] expand: %{User-Name} -> 1001
> > > > attr_filter: Matched entry DEFAULT at line 11
> > > > ++[attr_filter.access_reject] returns updated
> > > > Delaying reject of request 8 for 1 seconds
> > > > Going to the next request
> > > > Waking up in 0.9 seconds.
> > > > Sending delayed reject for request 8
> > > > Sending Access-Reject of id 49 to 127.0.0.1 port 52684
> > > > Waking up in 4.9 seconds.
> > > > Cleaning up request 8 ID 49 with timestamp +7674
> > > > Ready to process requests.
> > > > WARNING! No "known good" password found for the user
> > > >
> > > > Regards,
> > > > Charles
> > > >
> > > > ----------
> > > > From: *fieldpeak* <fieldpeak at gmail.com
> > <mailto:fieldpeak at gmail.com>
> > > <mailto:fieldpeak at gmail.com <mailto:fieldpeak at gmail.com>>
> > <mailto:fieldpeak at gmail.com <mailto:fieldpeak at gmail.com>
> > > <mailto:fieldpeak at gmail.com <mailto:fieldpeak at gmail.com>>>>
> > > > Date: 2011/8/4
> > > > To: freeradius-users at lists.freeradius.org
> > <mailto:freeradius-users at lists.freeradius.org>
> > > <mailto:freeradius-users at lists.freeradius.org
> > <mailto:freeradius-users at lists.freeradius.org>>
> > > > <mailto:freeradius-users at lists.freeradius.org
> > <mailto:freeradius-users at lists.freeradius.org>
> > > <mailto:freeradius-users at lists.freeradius.org
> > <mailto:freeradius-users at lists.freeradius.org>>>
> > > >
> > > >
> > > > Hello Gurus,
> > > >
> > > > I've double checked the shared secret on both server and NAS
> > are the
> > > > same, the problem still exist, it trouble me a few days, can
> > anyone
> > > > kindly help?
> > > >
> > > > nas:
> > > > /usr/local/etc/radiusclient/servers
> > > > localhost/localhost testing123
> > > >
> > > > server:
> > > > /usr/local/etc/raddb/clients.conf
> > > > secret = testing123
> > > >
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > >
> > > --
> > > Stefan WINTER
> > > Ingenieur de Recherche
> > > Fondation RESTENA - Réseau Téléinformatique de l'Education
> > > Nationale et de la Recherche
> > > 6, rue Richard Coudenhove-Kalergi
> > > L-1359 Luxembourg
> > >
> > > Tel: +352 424409 1
> > > Fax: +352 422473
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> > --
> > Stefan WINTER
> > Ingenieur de Recherche
> > Fondation RESTENA - Réseau Téléinformatique de l'Education
> > Nationale et de la Recherche
> > 6, rue Richard Coudenhove-Kalergi
> > L-1359 Luxembourg
> >
> > Tel: +352 424409 1
> > Fax: +352 422473
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> --
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
> la Recherche
> 6, rue Richard Coudenhove-Kalergi
> L-1359 Luxembourg
>
> Tel: +352 424409 1
> Fax: +352 422473
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110805/452cd295/attachment.html>
More information about the Freeradius-Users
mailing list