getting access-reject not sure why

Andrew Meyer andrewm659 at yahoo.com
Fri Jun 30 20:37:44 CEST 2017 

So I decided to blow away my FreeRADIUS v3 setup to authenticate from my cisco devices. I am doing this for documentation purposes.

I am currently running CentOS 7.3. 

Here is what I have in my users file: 
  
test1           Cleartext-Password := "hello" 
Service-Type = Administrative-User, 
Auth-Type := Accept, 
Reply-Message := "Hello, %{User-Name}", 
Cisco-AVPair = "shell:roles=network-admin", 
Cisco-AVPair = "shell:priv-lvl=15" 
Here is my clients config: 

clients network-equipment { 
ipaddr = 10.150.1.0/24 
secret = Infotech5! 
nas_type = cisco 
shortname = network-equipment 
} 

clients linux-servers { 
ipaddr = 10.150.10.0/24 
secret = Infotech5! 
proto = * 
nas_type = other 
shortname = linux-servers 
} 
Everything else is default. 

Here is the debug output log: 


Ready to process requests 
Waking up in 0.3 seconds. 
(1) Received Access-Request packet from host 10.150.1.213 port 1645, id=11, length=98 
(1)     User-Name = 'test1' 
(1)     Reply-Message = 'Password: ' 
(1)     User-Password = '\305ɥ\273\306\335\026\257l{\033)z\017\343o' 
(1)     NAS-Port = 1 
(1)     NAS-Port-Type = Virtual 
(1)     Calling-Station-Id = '10.150.1.250' 
(1)     NAS-IP-Address = 10.150.1.213 
(1)     NAS-Identifier = 'ASMCAP1' 
(1) # Executing section authorize from file /etc/raddb/sites-enabled/default 
(1) # Executing group from file /etc/raddb/sites-enabled/default 
(1)  pap : Login attempt with password 
(1)  ERROR: pap : Cleartext password does not match "known good" password 
(1)  pap : Passwords don't match 
(1) # Executing group from file /etc/raddb/sites-enabled/default 
Waking up in 0.6 seconds. 
(1) Sending Access-Reject packet to host 10.150.1.213 port 1645, id=11, length=0 
(1)     Reply-Message = 'Hello, test1' 
Waking up in 3.9 seconds. 
Ready to process requests 
Waking up in 0.3 seconds. 
(2) Received Access-Request packet from host 10.150.1.213 port 1645, id=11, length=98 
(2)     User-Name = 'test1' 
(2)     Reply-Message = 'Password: ' 
(2)     User-Password = '\305ɥ\273\306\335\026\257l{\033)z\017\343o' 
(2)     NAS-Port = 1 
(2)     NAS-Port-Type = Virtual 
(2)     Calling-Station-Id = '10.150.1.250' 
(2)     NAS-IP-Address = 10.150.1.213 
(2)     NAS-Identifier = 'ASMCAP1' 
(2) # Executing section authorize from file /etc/raddb/sites-enabled/default 
(2) # Executing group from file /etc/raddb/sites-enabled/default 
(2)  pap : Login attempt with password 
(2)  ERROR: pap : Cleartext password does not match "known good" password 
(2)  pap : Passwords don't match 
(2) # Executing group from file /etc/raddb/sites-enabled/default 
Waking up in 0.6 seconds. 
(2) Sending Access-Reject packet to host 10.150.1.213 port 1645, id=11, length=0 
(2)     Reply-Message = 'Hello, test1' 
Waking up in 3.9 seconds. 

I don't understand why i'm getting a denied packet.

More information about the Freeradius-Users mailing list