Regarding pam_radius_auth to be integrated with busybox

Deep Shah deep.shah at strixsystems.com
Mon Oct 29 20:44:09 CET 2012


Hi Alan,

To give some more debug, the below print is what I am getting on client
side. Can you please look in to it?

"pam_radius_auth: packet from RADIUS server 192.168.100.19 fails
verification: The shared secret is probably incorrect."

Regards,
Deep



On Mon, Oct 29, 2012 at 6:54 PM, Deep Shah <deep.shah at strixsystems.com>wrote:

> Hi,
>
>
> I am trying to integrate linux-pam library and pam_radius_auth module to
> my busybox 1.17.3 version. I want to login through radius server on the
> host machine. I am using power pc as my board. I have configured the files
> of configuration as below.
>
> *client.conf* * (conf file)*
> client 192.168.100.26 {
>          secret          = testing123
> }
>
> *user (conf file)*
>
> test Auth-Type := PAP, Cleartext-Password := "testpass"
>           Reply-Message = "Hello, %{User-Name}, you have successfully
> authenticated your login"
>
> I am getting request on the server side but some error is coming on the
> server of password mismatch. Please find the below log for the same.
>
> rad_recv: Access-Request packet from host 192.168.100.26 port 2970,
> id=106, length=69
>     User-Name = "test"
>     User-Password = "C\2758\330E\345RZ\3707\227\001\265[\202H"
>     NAS-Identifier = "login"
>     NAS-Port = 1945
>     NAS-Port-Type = Virtual
>     Service-Type = Authenticate-Only
> # Executing section authorize from file
> /usr/local/etc/raddb//sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "test", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> [files] users: Matched entry test at line 54
> [files]     expand: Hello, %{User-Name}, you have successfully
> authenticated your login -> Hello, test, you have successfully
> authenticated your login
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns updated
> Found Auth-Type = PAP
>
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!!    Replacing User-Password in config items with
> Cleartext-Password.     !!!
>
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!! Please update your configuration so that the "known
> good"               !!!
> !!! clear text password is in Cleartext-Password, and not in
> User-Password. !!!
>
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> # Executing group from file /usr/local/etc/raddb//sites-enabled/default
> +- entering group PAP {...}
> [pap] login attempt with password "C�8�E�RZ�7??�[?H"
> [pap] Using clear text password "testpass"
> [pap] Passwords don't match
> ++[pap] returns reject
> Failed to authenticate the user.
>   WARNING: Unprintable characters in the password.  Double-check the
> shared secret on the server and the NAS!
> Using Post-Auth-Type Reject
> # Executing group from file /usr/local/etc/raddb//sites-enabled/default
> +- entering group REJECT {...}
> [attr_filter.access_reject]     expand: %{User-Name} -> test
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 1 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 1
> Sending Access-Reject of id 106 to 192.168.100.26 port 2970
>     Reply-Message = "Hello, test, you have successfully authenticated your
> login"
> Waking up in 4.9 seconds.
> Cleaning up request 1 ID 106 with timestamp +37
> Ready to process requests.
>
> Can you please suggest what might be the issue is? I am getting password
> as not readable string when I have used the correct password in radius
> client and radius server.
>
> Regards,
> Deep
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121030/715c9b9f/attachment-0001.html>


More information about the Freeradius-Users mailing list