Freeradius 3 and empty password from authorization

chose chose at ajetaci.cz
Tue Apr 24 09:16:07 CEST 2018


   Hi,
   thanks for the answer.
   You are right - radius didn't recieved any password, where should be 
an error ? I'm authorizing Iphone and Windows 7 prof. , all systems 
asked me for login and password. Authorized wifi network is controlled 
by Cisco wireless controller 2504, isn't there some missconfiguration 
for radius ?
   Thanks and best regards
   J.Karliak

(732) Received Access-Request Id 13 from 192.168.26.10:32773 to 
195.123.183.11:1812 length 282
(732)   User-Name = "username at domain.tld"
(732)   Chargeable-User-Identity = 0x00
(732)   Location-Capable = Civix-Location
(732)   Calling-Station-Id = "a0-88-b4-43-4a-54"
(732)   Called-Station-Id = "88-1d-3c-42-00-00:WIFI-TEST"
(732)   NAS-Port = 13
(732)   Cisco-AVPair = "audit-session-id=c0a8ce0a003494f65aded7cf"
(732)   Acct-Session-Id = "5aded7cf/a0:88:b4:43:4a:54/5397550"
(732)   NAS-IP-Address = 192.168.206.10
(732)   NAS-Identifier = "wireless1"
(732)   Airespace-Wlan-Id = 2
(732)   Service-Type = Framed-User
(732)   Framed-MTU = 1300
(732)   NAS-Port-Type = Wireless-802.11
(732)   Tunnel-Type:0 = VLAN
(732)   Tunnel-Medium-Type:0 = IEEE-802
(732)   Tunnel-Private-Group-Id:0 = "75"
(732)   EAP-Message = 0x020200120163686f736540666e686b2e637a
(732)   Message-Authenticator = 0x4d80f3857dc7786c664c8ce8444372c3
(732) # Executing section authorize from file 
/etc/raddb/sites-enabled/default
(732)   authorize {
(732)     if (&User-Name =~ /@domain.tld/ || &User-Name =~ 
/@domain.tld/) {
(732)     if (&User-Name =~ /@domain.tld/ || &User-Name =~ 
/@domain.tld/)  -> TRUE
(732)     if (&User-Name =~ /@domain.tld/ || &User-Name =~ 
/@domain.tld/)  {
(732)       if ("%{request:User-Name}" =~ /^(.*)@/) {
(732)       EXPAND %{request:User-Name}
(732)          --> username at domain.tld
(732)       if ("%{request:User-Name}" =~ /^(.*)@/)  -> TRUE
(732)       if ("%{request:User-Name}" =~ /^(.*)@/)  {
(732)         update request {
(732)           EXPAND %{1}
(732)              --> username
(732)           Stripped-User-Name := username
(732)           EXPAND %{2}
(732)              -->
(732)           Realm :=
(732)         } # update request = noop
(732)       } # if ("%{request:User-Name}" =~ /^(.*)@/)  = noop
(732)       [files] = noop
(732) ntlm_auth: Executing: /usr/bin/ntlm_auth --request-nt-key 
--domain=domain.tld --username=%{Stripped-User-Name} 
--password=%{User-Password}:
(732) ntlm_auth: EXPAND --username=%{Stripped-User-Name}
(732) ntlm_auth:    --> --username=username
(732) ntlm_auth: EXPAND --password=%{User-Password}
(732) ntlm_auth:    --> --password=
(732) ntlm_auth: ERROR: Program returned code (1) and output 
'NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)'
(732)       [ntlm_auth] = reject
(732)     } # if (&User-Name =~ /@domain.tld/ || &User-Name =~ 
/@domain.tld/)  = reject
(732)   } # authorize = reject
(732) Invalid user (ntlm_auth: Program returned code (1) and output 
'NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)'): [username] 
(from client wireless1 port 13 cli a0-88-b4-43-4a-54)

Dne 2018-04-23 23:06, Arran Cudbard-Bell napsal:
>> On Apr 24, 2018, at 12:13 AM, Alan DeKok <aland at deployingradius.com> 
>> wrote:
>> 
>> On Apr 23, 2018, at 4:22 AM, chose <chose at ajetaci.cz> wrote:
>>> 
>>> Good morning,
>>> I couldn't authorize over my radius, when I run it with debug, I see 
>>> that user password is empty:
>> 
>>  Because the server doesn't receive a User-Password.
>> 
>>  READ the debug log.  ALL OF IT.
>> 
>>   http://wiki.freeradius.org/radius-X
> 
> http://wiki.freeradius.org/radiusd-X
> 
> -Arran
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

-- 
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (s ADSP) a implementaci DMARC. Pokud mate problemy s
dorucenim emailu, zacnete pouzivat metody overeni puvody emailu
zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and implementation of the DMARC. If you've problem with sending
emails to me, start using email origin methods mentioned above. Thank
you.


More information about the Freeradius-Users mailing list