freeradius | shared secret is incorrect | unprintable characters in the password
Shi Xiaoyan
shixiaoyan.c at gmail.com
Sun Jun 2 07:34:24 CEST 2013
- First, I known this question had been asked many times, and I had read
many posts about it, and reenter the shared secret many times, but still
could not resolve my problem, I had been blocked on this nearly a week, so
I need your help, thanks in advance
- radius server : freeradius-server-2.2.0
- radius client : freeradius-client-1.1.6
- OS : Ubuntu 10.10
- *Following is one full log of the radius server :*
-
- Info: FreeRADIUS Version 2.2.0, for host i686-pc-linux-gnu, built on
May 31 2013 at 22:41:36
- Info: Copyright (C) 1999-2012 The FreeRADIUS server project and
contributors.
- Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS
FOR A
- Info: PARTICULAR PURPOSE.
- Info: You may redistribute copies of FreeRADIUS under the terms of the
- Info: GNU General Public License v2.
- Info: Starting - reading configuration files ...
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/radiusd.conf
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/proxy.conf
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/clients.conf
- Debug: including files in directory
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/soh
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/rediswho
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/ippool
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/expr
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/opendirectory
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/radrelay
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/chap
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail.log
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/mac2vlan
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/cache
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/dynamic_clients
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/mschap
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/always
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/wimax
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/sqlcounter_expire_on_login
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/exec
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/ldap
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/redis
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/attr_rewrite
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/logintime
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/linelog
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/echo
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/acct_unique
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/checkval
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/pam
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/cui
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/replicate
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/inner-eap
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/radutmp
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/realm
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/smsotp
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail.example.com
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/files
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/sql_log
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/krb5
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/dhcp_sqlippool
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/sql/mysql/ippool-dhcp.conf
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/digest
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/sradutmp
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/passwd
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/attr_filter
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/etc_group
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/policy
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/perl
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/counter
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/smbpasswd
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/otp
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/ntlm_auth
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/pap
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/preprocess
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/mac2ip
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/expiration
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/unix
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/eap.conf
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/policy.conf
- Debug: including files in directory
/usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/inner-tunnel
- Debug: including configuration file
/usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/control-socket
- Debug: main {
- Debug: allow_core_dumps = no
- Debug: }
- Debug: including dictionary file
/usr/local/freeradius-server-2.2.0/etc/raddb/dictionary
- Debug: main {
- Debug: name = "radiusd"
- Debug: prefix = "/usr/local/freeradius-server-2.2.0"
- Debug: localstatedir = "/usr/local/freeradius-server-2.2.0/var"
- Debug: sbindir = "/usr/local/freeradius-server-2.2.0/sbin"
- Debug: logdir = "/usr/local/freeradius-server-2.2.0/var/log/radius"
- Debug: run_dir = "/usr/local/freeradius-server-2.2.0/var/run/radiusd"
- Debug: libdir = "/usr/local/freeradius-server-2.2.0/lib"
- Debug: radacctdir =
"/usr/local/freeradius-server-2.2.0/var/log/radius/radacct"
- Debug: hostname_lookups = no
- Debug: max_request_time = 30
- Debug: cleanup_delay = 5
- Debug: max_requests = 1024
- Debug: pidfile =
"/usr/local/freeradius-server-2.2.0/var/run/radiusd/radiusd.pid"
- Debug: checkrad = "/usr/local/freeradius-server-2.2.0/sbin/checkrad"
- Debug: debug_level = 0
- Debug: proxy_requests = yes
- Debug: log {
- Debug: stripped_names = no
- Debug: auth = no
- Debug: auth_badpass = no
- Debug: auth_goodpass = no
- Debug: }
- Debug: security {
- Debug: max_attributes = 200
- Debug: reject_delay = 1
- Debug: status_server = yes
- Debug: }
- Debug: }
- Debug: radiusd: #### Loading Realms and Home Servers ####
- Debug: proxy server {
- Debug: retry_delay = 5
- Debug: retry_count = 3
- Debug: default_fallback = no
- Debug: dead_time = 120
- Debug: wake_all_if_all_dead = no
- Debug: }
- Debug: home_server localhost {
- Debug: ipaddr = 127.0.0.1
- Debug: port = 1812
- Debug: type = "auth"
- Debug: secret = "testing123"
- Debug: response_window = 20
- Debug: max_outstanding = 65536
- Debug: require_message_authenticator = yes
- Debug: zombie_period = 40
- Debug: status_check = "status-server"
- Debug: ping_interval = 30
- Debug: check_interval = 30
- Debug: num_answers_to_alive = 3
- Debug: num_pings_to_alive = 3
- Debug: revive_interval = 120
- Debug: status_check_timeout = 4
- Debug: coa {
- Debug: irt = 2
- Debug: mrt = 16
- Debug: mrc = 5
- Debug: mrd = 30
- Debug: }
- Debug: }
- Debug: home_server_pool my_auth_failover {
- Debug: type = fail-over
- Debug: home_server = localhost
- Debug: }
- Debug: realm example.com {
- Debug: auth_pool = my_auth_failover
- Debug: }
- Debug: realm LOCAL {
- Debug: }
- Debug: radiusd: #### Loading Clients ####
- Debug: client localhost {
- Debug: ipaddr = 127.0.0.1
- Debug: require_message_authenticator = no
- Debug: secret = "testing123"
- Debug: nastype = "other"
- Debug: }
- Debug: radiusd: #### Instantiating modules ####
- Debug: instantiate {
- Debug: (Loaded rlm_exec, checking if it's valid)
- Debug: Module: Linked to module rlm_exec
- Debug: Module: Instantiating module "exec" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/exec
- Debug: exec {
- Debug: wait = no
- Debug: input_pairs = "request"
- Debug: shell_escape = yes
- Debug: }
- Debug: (Loaded rlm_expr, checking if it's valid)
- Debug: Module: Linked to module rlm_expr
- Debug: Module: Instantiating module "expr" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/expr
- Debug: (Loaded rlm_expiration, checking if it's valid)
- Debug: Module: Linked to module rlm_expiration
- Debug: Module: Instantiating module "expiration" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/expiration
- Debug: expiration {
- Debug: reply-message = "Password Has Expired "
- Debug: }
- Debug: (Loaded rlm_logintime, checking if it's valid)
- Debug: Module: Linked to module rlm_logintime
- Debug: Module: Instantiating module "logintime" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/logintime
- Debug: logintime {
- Debug: reply-message = "You are calling outside your allowed timespan
"
- Debug: minimum-timeout = 60
- Debug: }
- Debug: }
- Debug: radiusd: #### Loading Virtual Servers ####
- Debug: server { # from file
/usr/local/freeradius-server-2.2.0/etc/raddb/radiusd.conf
- Debug: modules {
- Debug: Module: Creating Auth-Type = digest
- Debug: Module: Creating Post-Auth-Type = REJECT
- Debug: Module: Checking authenticate {...} for more modules to load
- Debug: (Loaded rlm_pap, checking if it's valid)
- Debug: Module: Linked to module rlm_pap
- Debug: Module: Instantiating module "pap" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/pap
- Debug: pap {
- Debug: encryption_scheme = "auto"
- Debug: auto_header = no
- Debug: }
- Debug: (Loaded rlm_chap, checking if it's valid)
- Debug: Module: Linked to module rlm_chap
- Debug: Module: Instantiating module "chap" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/chap
- Debug: (Loaded rlm_mschap, checking if it's valid)
- Debug: Module: Linked to module rlm_mschap
- Debug: Module: Instantiating module "mschap" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/mschap
- Debug: mschap {
- Debug: use_mppe = yes
- Debug: require_encryption = no
- Debug: require_strong = no
- Debug: with_ntdomain_hack = no
- Debug: allow_retry = yes
- Debug: }
- Debug: (Loaded rlm_digest, checking if it's valid)
- Debug: Module: Linked to module rlm_digest
- Debug: Module: Instantiating module "digest" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/digest
- Debug: (Loaded rlm_unix, checking if it's valid)
- Debug: Module: Linked to module rlm_unix
- Debug: Module: Instantiating module "unix" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/unix
- Debug: unix {
- Debug: radwtmp =
"/usr/local/freeradius-server-2.2.0/var/log/radius/radwtmp"
- Debug: }
- Debug: (Loaded rlm_eap, checking if it's valid)
- Debug: Module: Linked to module rlm_eap
- Debug: Module: Instantiating module "eap" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/eap.conf
- Debug: eap {
- Debug: default_eap_type = "md5"
- Debug: timer_expire = 60
- Debug: ignore_unknown_eap_types = no
- Debug: cisco_accounting_username_bug = no
- Debug: max_sessions = 4096
- Debug: }
- Debug: Module: Linked to sub-module rlm_eap_md5
- Debug: Module: Instantiating eap-md5
- Debug: Module: Linked to sub-module rlm_eap_leap
- Debug: Module: Instantiating eap-leap
- Debug: Module: Linked to sub-module rlm_eap_gtc
- Debug: Module: Instantiating eap-gtc
- Debug: gtc {
- Debug: challenge = "Password: "
- Debug: auth_type = "PAP"
- Debug: }
- Debug: Ignoring EAP-Type/tls because we do not have OpenSSL support.
- Debug: Ignoring EAP-Type/ttls because we do not have OpenSSL support.
- Debug: Ignoring EAP-Type/peap because we do not have OpenSSL support.
- Debug: Module: Linked to sub-module rlm_eap_mschapv2
- Debug: Module: Instantiating eap-mschapv2
- Debug: mschapv2 {
- Debug: with_ntdomain_hack = no
- Debug: send_error = no
- Debug: }
- Debug: Module: Checking authorize {...} for more modules to load
- Debug: (Loaded rlm_preprocess, checking if it's valid)
- Debug: Module: Linked to module rlm_preprocess
- Debug: Module: Instantiating module "preprocess" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/preprocess
- Debug: preprocess {
- Debug: huntgroups =
"/usr/local/freeradius-server-2.2.0/etc/raddb/huntgroups"
- Debug: hints = "/usr/local/freeradius-server-2.2.0/etc/raddb/hints"
- Debug: with_ascend_hack = no
- Debug: ascend_channels_per_line = 23
- Debug: with_ntdomain_hack = no
- Debug: with_specialix_jetstream_hack = no
- Debug: with_cisco_vsa_hack = no
- Debug: with_alvarion_vsa_hack = no
- Debug: }
- Debug: reading pairlist file
/usr/local/freeradius-server-2.2.0/etc/raddb/huntgroups
- Debug: reading pairlist file
/usr/local/freeradius-server-2.2.0/etc/raddb/hints
- Debug: (Loaded rlm_realm, checking if it's valid)
- Debug: Module: Linked to module rlm_realm
- Debug: Module: Instantiating module "suffix" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/realm
- Debug: realm suffix {
- Debug: format = "suffix"
- Debug: delimiter = "@"
- Debug: ignore_default = no
- Debug: ignore_null = no
- Debug: }
- Debug: (Loaded rlm_files, checking if it's valid)
- Debug: Module: Linked to module rlm_files
- Debug: Module: Instantiating module "files" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/files
- Debug: files {
- Debug: usersfile = "/usr/local/freeradius-server-2.2.0/etc/raddb/users"
- Debug: acctusersfile =
"/usr/local/freeradius-server-2.2.0/etc/raddb/acct_users"
- Debug: preproxy_usersfile =
"/usr/local/freeradius-server-2.2.0/etc/raddb/preproxy_users"
- Debug: compat = "no"
- Debug: }
- Debug: reading pairlist file
/usr/local/freeradius-server-2.2.0/etc/raddb/users
- Debug: reading pairlist file
/usr/local/freeradius-server-2.2.0/etc/raddb/acct_users
- Debug: reading pairlist file
/usr/local/freeradius-server-2.2.0/etc/raddb/preproxy_users
- Debug: Module: Checking preacct {...} for more modules to load
- Debug: (Loaded rlm_acct_unique, checking if it's valid)
- Debug: Module: Linked to module rlm_acct_unique
- Debug: Module: Instantiating module "acct_unique" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/acct_unique
- Debug: acct_unique {
- Debug: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
NAS-Identifier, NAS-Port"
- Debug: }
- Debug: Module: Checking accounting {...} for more modules to load
- Debug: (Loaded rlm_detail, checking if it's valid)
- Debug: Module: Linked to module rlm_detail
- Debug: Module: Instantiating module "detail" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/detail
- Debug: detail {
- Debug: detailfile =
"/usr/local/freeradius-server-2.2.0/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Ad
- Debug: header = "%t"
- Debug: detailperm = 384
- Debug: dirperm = 493
- Debug: locking = no
- Debug: log_packet_header = no
- Debug: }
- Debug: (Loaded rlm_attr_filter, checking if it's valid)
- Debug: Module: Linked to module rlm_attr_filter
- Debug: Module: Instantiating module "attr_filter.accounting_response"
from file /usr/local/freeradius-server-2.2.0/etc/raddb/mod
- Debug: attr_filter attr_filter.accounting_response {
- Debug: attrsfile =
"/usr/local/freeradius-server-2.2.0/etc/raddb/attrs.accounting_response"
- Debug: key = "%{User-Name}"
- Debug: relaxed = no
- Debug: }
- Debug: reading pairlist file
/usr/local/freeradius-server-2.2.0/etc/raddb/attrs.accounting_response
- Debug: Module: Checking session {...} for more modules to load
- Debug: (Loaded rlm_radutmp, checking if it's valid)
- Debug: Module: Linked to module rlm_radutmp
- Debug: Module: Instantiating module "radutmp" from file
/usr/local/freeradius-server-2.2.0/etc/raddb/modules/radutmp
- Debug: radutmp {
- Debug: filename =
"/usr/local/freeradius-server-2.2.0/var/log/radius/radutmp"
- Debug: username = "%{User-Name}"
- Debug: case_sensitive = yes
- Debug: check_with_nas = yes
- Debug: perm = 384
- Debug: callerid = yes
- Debug: }
- Debug: Module: Checking post-proxy {...} for more modules to load
- Debug: Module: Checking post-auth {...} for more modules to load
- Debug: Module: Instantiating module "attr_filter.access_reject" from
file /usr/local/freeradius-server-2.2.0/etc/raddb/modules/a
- Debug: attr_filter attr_filter.access_reject {
- Debug: attrsfile =
"/usr/local/freeradius-server-2.2.0/etc/raddb/attrs.access_reject"
- Debug: key = "%{User-Name}"
- Debug: relaxed = no
- Debug: }
- Debug: reading pairlist file
/usr/local/freeradius-server-2.2.0/etc/raddb/attrs.access_reject
- Debug: } # modules
- Debug: } # server
- Debug: server inner-tunnel { # from file
/usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/inner-tunnel
- Debug: modules {
- Debug: Module: Checking authenticate {...} for more modules to load
- Debug: Module: Checking authorize {...} for more modules to load
- Debug: Module: Checking session {...} for more modules to load
- Debug: Module: Checking post-proxy {...} for more modules to load
- Debug: Module: Checking post-auth {...} for more modules to load
- Debug: } # modules
- Debug: } # server
- Debug: radiusd: #### Opening IP addresses and Ports ####
- Debug: listen {
- Debug: type = "auth"
- Debug: ipaddr = *
- Debug: port = 0
- Debug: }
- Debug: listen {
- Debug: type = "acct"
- Debug: ipaddr = *
- Debug: port = 0
- Debug: }
- Debug: listen {
- Debug: type = "control"
- Debug: listen {
- Debug: socket =
"/usr/local/freeradius-server-2.2.0/var/run/radiusd/radiusd.sock"
- Debug: }
- Debug: }
- Debug: listen {
- Debug: type = "auth"
- Debug: ipaddr = 127.0.0.1
- Debug: port = 18120
- Debug: }
- Debug: ... adding new socket proxy address * port 53579
- Debug: Listening on authentication address * port 1812
- Debug: Listening on accounting address * port 1813
- Debug: Listening on command file
/usr/local/freeradius-server-2.2.0/var/run/radiusd/radiusd.sock
- Debug: Listening on authentication address 127.0.0.1 port 18120 as
server inner-tunnel
- Debug: Listening on proxy address * port 1814
- Info: Ready to process requests.
- Info: # Executing section authorize from file
/usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default
- Info: +- entering group authorize {...}
- Info: ++[preprocess] returns ok
- Info: ++[chap] returns noop
- Info: ++[mschap] returns noop
- Info: ++[digest] returns noop
- Info: [suffix] No '@' in User-Name = "steve", looking up realm NULL
- Info: [suffix] No such realm "NULL"
- Info: ++[suffix] returns noop
- Info: [eap] No EAP-Message, not doing EAP
- Info: ++[eap] returns noop
- Info: [files] users: Matched entry steve at line 76
- Info: ++[files] returns ok
- Info: ++[expiration] returns noop
- Info: ++[logintime] returns noop
- Info: ++[pap] returns updated
- Info: Found Auth-Type = PAP
- Info: # Executing group from file
/usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default
- Info: +- entering group PAP {...}
- Info: [pap] login attempt with password "*f言U?(?Wk?b ?*"
- Info: [pap] Using clear text password "testing"
- Info: [pap] Passwords don't match
- Info: ++[pap] returns reject
- Info: Failed to authenticate the user.
- Debug: WARNING: Unprintable characters in the password.
Double-check the shared secret on the server and the NAS!
- Info: Using Post-Auth-Type REJECT
- Info: # Executing group from file
/usr/local/freeradius-server-2.2.0/etc/raddb/sites-enabled/default
- Info: +- entering group REJECT {...}
- Info: [attr_filter.access_reject] expand: %{User-Name} -> steve
- Debug: attr_filter: Matched entry DEFAULT at line 11
- Info: ++[attr_filter.access_reject] returns updated
- Info: Delaying reject of request 0 for 1 seconds
- Debug: Going to the next request
- Debug: Waking up in 0.9 seconds.
- Info: Sending delayed reject for request 0
- Debug: Waking up in 4.9 seconds.
- Info: Cleaning up request 0 ID 183 with timestamp +24
- Info: Ready to process requests.
- *I found that every time the password which are transformed from the
client is different though I input at the client with the same password
every time(the part I marked as red)*
*
*
- *The server's one configure file : users, is as following, I only
uncommented the user "steve" and changed its IP :*
-
- #
- # Please read the documentation file ../doc/processing_users_file,
- # or 'man 5 users' (after installing the server) for more information.
- #
- # This file contains authentication security and configuration
- # information for each user. Accounting requests are NOT processed
- # through this file. Instead, see 'acct_users', in this directory.
- #
- # The first field is the user's name and can be up to
- # 253 characters in length. This is followed (on the same line) with
- # the list of authentication requirements for that user. This can
- # include password, comm server name, comm server port number, protocol
- # type (perhaps set by the "hints" file), and huntgroup name (set by
- # the "huntgroups" file).
- #
- # If you are not sure why a particular reply is being sent by the
- # server, then run the server in debugging mode (radiusd -X), and
- # you will see which entries in this file are matched.
- #
- # When an authentication request is received from the comm server,
- # these values are tested. Only the first match is used unless the
- # "Fall-Through" variable is set to "Yes".
- #
- # A special user named "DEFAULT" matches on all usernames.
- # You can have several DEFAULT entries. All entries are processed
- # in the order they appear in this file. The first entry that
- # matches the login-request will stop processing unless you use
- # the Fall-Through variable.
- #
- # If you use the database support to turn this file into a .db or .dbm
- # file, the DEFAULT entries _have_ to be at the end of this file and
- # you can't have multiple entries for one username.
- #
- # Indented (with the tab character) lines following the first
- # line indicate the configuration values to be passed back to
- # the comm server to allow the initiation of a user session.
- # This can include things like the PPP configuration values
- # or the host to log the user onto.
- #
- # You can include another `users' file with `$INCLUDE users.other'
- #
-
- #
- # For a list of RADIUS attributes, and links to their definitions,
- # see:
- #
- # http://www.freeradius.org/rfc/attributes.html
- #
-
- #
- # Deny access for a specific user. Note that this entry MUST
- # be before any other 'Auth-Type' attribute which results in the user
- # being authenticated.
- #
- # Note that there is NO 'Fall-Through' attribute, so the user will not
- # be given any additional resources.
- #
- #lameuser Auth-Type := Reject
- # Reply-Message = "Your account has been disabled."
-
- #
- # Deny access for a group of users.
- #
- # Note that there is NO 'Fall-Through' attribute, so the user will not
- # be given any additional resources.
- #
- #DEFAULT Group == "disabled", Auth-Type := Reject
- # Reply-Message = "Your account has been disabled."
- #
-
- #
- # This is a complete entry for "steve". Note that there is no
Fall-Through
- # entry so that no DEFAULT entry will be used, and the user will NOT
- # get any attributes in addition to the ones listed here.
- #
- steve Cleartext-Password := "testing"
- Service-Type = Framed-User,
- Framed-Protocol = PPP,
- Framed-IP-Address = 127.0.0.1,
- Framed-IP-Netmask = 255.255.255.0,
- Framed-Routing = Broadcast-Listen,
- Framed-Filter-Id = "std.ppp",
- Framed-MTU = 1500,
- Framed-Compression = Van-Jacobsen-TCP-IP
-
- #
- # This is an entry for a user with a space in their name.
- # Note the double quotes surrounding the name.
- #
- #"John Doe" Cleartext-Password := "hello"
- # Reply-Message = "Hello, %{User-Name}"
-
- #
- # Dial user back and telnet to the default host for that port
- #
- #Deg Cleartext-Password := "ge55ged"
- # Service-Type = Callback-Login-User,
- # Login-IP-Host = 0.0.0.0,
- # Callback-Number = "9,5551212",
- # Login-Service = Telnet,
- # Login-TCP-Port = Telnet
-
- #
- # Another complete entry. After the user "dialbk" has logged in, the
- # connection will be broken and the user will be dialed back after
which
- # he will get a connection to the host "timeshare1".
- #
- #dialbk Cleartext-Password := "callme"
- # Service-Type = Callback-Login-User,
- # Login-IP-Host = timeshare1,
- # Login-Service = PortMaster,
- # Callback-Number = "9,1-800-555-1212"
-
- #
- # user "swilson" will only get a static IP number if he logs in with
- # a framed protocol on a terminal server in Alphen (see the huntgroups
file).
- #
- # Note that by setting "Fall-Through", other attributes will be added
from
- # the following DEFAULT entries
- #
- #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen"
- # Framed-IP-Address = 192.168.1.65,
- # Fall-Through = Yes
-
- #
- # If the user logs in as 'username.shell', then authenticate them
- # using the default method, give them shell access, and stop processing
- # the rest of the file.
- #
- #DEFAULT Suffix == ".shell"
- # Service-Type = Login-User,
- # Login-Service = Telnet,
- # Login-IP-Host = your.shell.machine
-
-
- #
- # The rest of this file contains the several DEFAULT entries.
- # DEFAULT entries match with all login names.
- # Note that DEFAULT entries can also Fall-Through (see first entry).
- # A name-value pair from a DEFAULT entry will _NEVER_ override
- # an already existing name-value pair.
- #
-
- #
- # Set up different IP address pools for the terminal servers.
- # Note that the "+" behind the IP address means that this is the "base"
- # IP address. The Port-Id (S0, S1 etc) will be added to it.
- #
- #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen"
- # Framed-IP-Address = 192.168.1.32+,
- # Fall-Through = Yes
-
- #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft"
- # Framed-IP-Address = 192.168.2.32+,
- # Fall-Through = Yes
-
- #
- # Sample defaults for all framed connections.
- #
- #DEFAULT Service-Type == Framed-User
- # Framed-IP-Address = 255.255.255.254,
- # Framed-MTU = 576,
- # Service-Type = Framed-User,
- # Fall-Through = Yes
-
- #
- # Default for PPP: dynamic IP address, PPP mode, VJ-compression.
- # NOTE: we do not use Hint = "PPP", since PPP might also be
auto-detected
- # by the terminal server in which case there may not be a "P" suffix.
- # The terminal server sends "Framed-Protocol = PPP" for auto PPP.
- #
- DEFAULT Framed-Protocol == PPP
- Framed-Protocol = PPP,
- Framed-Compression = Van-Jacobson-TCP-IP
-
- #
- # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
- #
- DEFAULT Hint == "CSLIP"
- Framed-Protocol = SLIP,
- Framed-Compression = Van-Jacobson-TCP-IP
-
- #
- # Default for SLIP: dynamic IP address, SLIP mode.
- #
- DEFAULT Hint == "SLIP"
- Framed-Protocol = SLIP
-
- #
- # Last default: rlogin to our main server.
- #
- #DEFAULT
- # Service-Type = Login-User,
- # Login-Service = Rlogin,
- # Login-IP-Host = shellbox.ispdomain.com
-
- # #
- # # Last default: shell on the local terminal server.
- # #
- # DEFAULT
- # Service-Type = Administrative-User
-
- # On no match, the user is denied access.
- *The server's another configure file : clients.conf, and I changed
nothing . yes, I used the default secret as the shared secret:*
-
-
- *The client's one configure file : servers. BTW, I also tried the ways
that only keep one localhost in the left side and changed it to 127.0.0.1 ,
the error is still and same, and I also tried reenter the shared secret
many times*
-
- ## Server Name or Client/Server pair Key
- ## ---------------- ---------------
- #
- #portmaster.elemental.net hardlyasecret
- #portmaster2.elemental.net donttellanyone
- #
- ## uncomment the following line for simple testing of radlogin
- ## with freeradius-server
- #
- localhost/localhost testing123
- *The client's another configure file : radiusclient.conf, I changed
nothing*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130602/d5866711/attachment-0001.html>
More information about the Freeradius-Users
mailing list