Help with Radius errors

Philip Bellino pbellino at mrv.com
Fri May 15 14:48:58 CEST 2015


Alan,
I attached an edited  dictionary.mrv by mistake. I attached our original one for you here.
My apologies.
Phil

-----Original Message-----
From: Philip Bellino
Sent: Friday, May 15, 2015 6:08 AM
To: FreeRadius users mailing list
Subject: RE: Help with Radius errors

Alan,
Your points are well taken. Thank you.
We commented out using including our dictionary.mrv file (attached) in dictionary and references to our attributes in the users file and now Radius authentication succeeds.

Here is an entry in the users file that used our attributes successfully in freeradius 2.1.1

###################################
# MRV Vender Specific Testing
###################################
zeusCleartext-Password := "dog"
Service-Type == NAS-Prompt-User,
Idle-Timeout == 60,
MRV-Login-Mode == "cli",
MRV-Security-Level == "outlet shell",
MRV-Command-Logging == "syslog",
MRV-Audit-Logging == "syslog",
MRV-User-Prompt == "zeus",
MRV-Menu-Name == "/config/M_demo_menu",
MRV-Web-Menu-Name == "/config/M_demo_menu",
MRV-Port-Access-List == "2 4",
MRV-Remote-Access-List == "telnet",
MRV-Outlet-Access-List == "3:1 4:1",
MRV-Outlet-Group-Access-List == "2"

If you can point me in the right direction with regards to what I need to change to use our dictionary attributes, I would appreciate it.
Thanks again,
Phil


-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+pbellino=mrv.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Thursday, May 14, 2015 4:02 PM
To: FreeRadius users mailing list
Subject: Re: Help with Radius errors

On May 14, 2015, at 3:40 PM, Philip Bellino <pbellino at mrv.com> wrote:
> Due to a hard disk crash we had to replace our radius server PC. Our
> newer PC is running Fedora Core 21. We then downloaded the FreeRadius
> 3.0.8 tar.gz file, built and installed it.  We now cannot get past the following errors (in bold below).
> We have tried reconfiguring the shared secret as suggested, on the
> server (editing the clients.conf file and retyping the secret) and the client side but still get these errors.

  I think you've broken something.

> In the 2.1.1 version, the only files we changed were "radiusd.conf", "clients.conf" and "users" and added our own dictionary file.
> So for 3.0.8, we followed suit.

  What did you put into the dictionary file?
>
> Ready to process requests
> (0) Received Access-Request Id 24 from 10.242.135.17:1026 to 10.242.135.10:1812 length 68
> (0)   MRV-Remote-Access-List = 'gina'
> (0)   MRV-Outlet-Group-Access-List = ' ???'
> (0)   MRV-Login-Mode = '
> (0)   NAS-Port-Type = Virtual
> (0)   MRV-Port-Access-List = '^????D???a????S?'
> (0)   MRV-Menu-Name = '

  What are those attributes?  They are NOT standard RADIUS attributes.  There is no User-Name in the packet, which is typically required.  There is no User-Password in the packet, which is also typically required.

> (0) WARNING: Unprintable characters in the password.  Double-check the shared secret on the server and the NAS!

  That message is printed ONLY if there's a User-Password in the attribute.

  So.. .you've done something, and broken the server.  The short answer is "don't do that".

  Go back to the default configuration.  i.e. back out ALL of your local changes.  Check that you can get users authenticated, by adding a Cleartext-Password for that user.  Check that it works with radtest.  Then, make another change.

  You've fallen into the trap of "make 100 changes, and then something doesn't work".  You'll never get it debugged doing that.

  Make ONE change.  Test it.  Make ANOTHER change.  Test it.  This is all documented in "man radiusd".

  And post your dictionary here.  Odds are it poaches on the standard space, and breaks all of RADIUS.

  Alan DeKok.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[E-Banner]<http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform>


MRV Communications is a global supplier of packet and optical solutions that power the world’s largest networks. Our products combine innovative hardware with intelligent software to make networks smarter, faster and more efficient.


The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dictionary.mrv.ORIG
Type: application/octet-stream
Size: 1067 bytes
Desc: dictionary.mrv.ORIG
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150515/14a13050/attachment.obj>


More information about the Freeradius-Users mailing list