We always get this:
Mon Apr 1 15:14:24 2002 : Error: Received packet from 128.206.95.215 with invalid
Message-Authenticator!
The password is hard-coded into the users profile in the raddb file and we've
quadruple-checked the RADIUS shared secret. The NAS is a Nortel Business Policy
Switch 2000 and the EAP client is a Windows XP laptop (username gilpina, password
datiswak, domain [NULL]). Server is a Slackware 7.1 box running FreeRADIUS 0.5
(release version).
Ideas?
Here's the section of the /usr/local/etc/raddb/users file for this user:
gilpina Auth-Type := EAP, User-Password == "datiswak"
Port-Priority = Platinum,
Tunnel-Private-Group-Id = "201",
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Service-Type = Framed,
NAS-Port-Type = Ethernet
Here's what "radiusd -X -y" shows:
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated prepro^[[A^[[A
root@dnps-linux1:/var/log/radius# killall radiusd
root@dnps-linux1:/var/log/radius# cd
root@dnps-linux1:~# cat radiusd.debug.log
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 10240
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd.pid"
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
security: max_attributes = 200
security: reject_delay = 1
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
rlm_eap: Loaded and initialized the type md5
Module: Instantiated eap (eap)
Module: Loaded Pam
pam: pam_auth = "radiusd"
Module: Instantiated pam (pam)
Module: Loaded System
unix: cache = yes
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
HASH: Reinitializing hash structures and lists for caching...
HASH: user root found in hashtable bucket 11726
HASH: user bin found in hashtable bucket 86651
HASH: user daemon found in hashtable bucket 11668
HASH: user adm found in hashtable bucket 26466
HASH: user lp found in hashtable bucket 54068
HASH: user sync found in hashtable bucket 42895
HASH: user shutdown found in hashtable bucket 71746
HASH: user halt found in hashtable bucket 7481
HASH: user mail found in hashtable bucket 79471
HASH: user news found in hashtable bucket 5375
HASH: user uucp found in hashtable bucket 38541
HASH: user operator found in hashtable bucket 21748
HASH: user games found in hashtable bucket 47657
HASH: user ftp found in hashtable bucket 56226
HASH: user gdm found in hashtable bucket 50360
HASH: user nobody found in hashtable bucket 99723
HASH: user mcnuttj found in hashtable bucket 94877
HASH: user rohrss found in hashtable bucket 6971
HASH: user jscan found in hashtable bucket 11447
HASH: user gravess found in hashtable bucket 76481
HASH: user graves found in hashtable bucket 64346
HASH: user robertsmj found in hashtable bucket 85394
HASH: user ridgwaye found in hashtable bucket 84016
HASH: user irovicd found in hashtable bucket 10630
HASH: user gilpina found in hashtable bucket 40370
HASH: user blackwellta found in hashtable bucket 34722
HASH: user simmonsw found in hashtable bucket 1161
HASH: user waageb found in hashtable bucket 10993
HASH: user perryd found in hashtable bucket 21500
HASH: user Manager found in hashtable bucket 3361
HASH: user northt found in hashtable bucket 21647
HASH: Stored 31 entries from /etc/passwd
HASH: Stored 23 entries from /etc/group
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail"
detail: detailperm = 384
detail: dirperm = 493
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
main: smux_password = ""
main: snmp_write_access = no
SMUX connect try 1
Can't connect to SNMP agent with SMUX: Connection refused
Initializing the thread pool...
thread: start_servers = 5
thread: max_servers = 32
thread: min_spare_servers = 3
thread: max_spare_servers = 10
thread: max_requests_per_server = 0
thread: cleanup_delay = 5
Thread 1 waiting to be assigned a request
Thread spawned new child 1. Total threads in pool: 1
Thread spawned new child 2. Total threads in pool: 2
Thread 2 waiting to be assigned a request
Thread 3 waiting to be assigned a request
Thread spawned new child 3. Total threads in pool: 3
Thread 4 waiting to be assigned a request
Thread spawned new child 4. Total threads in pool: 4
Thread spawned new child 5. Total threads in pool: 5
Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on 1647/udp.
Ready to process requests.
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 128.206.95.215:1024, id=14, length=111
Thread 1 assigned request 0
SMUX connect try 2
Thread 1 handling request 0, (1 handled so far)
Received packet from 128.206.95.215 with invalid Message-Authenticator!
Server rejecting request 0.
Finished request 0
Going to the next request
Thread 1 waiting to be assigned a request
Can't connect to SNMP agent with SMUX: Connection refused
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/0/5
Waking up in 1 seconds...
SMUX connect try 3
Can't connect to SNMP agent with SMUX: Connection refused
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 128.206.95.215:1024, id=14, length=111
Sending duplicate authentication reply to client 128.206.95.215:1024 - ID: 14
Sending Access-Reject of id 14 to 128.206.95.215:1024
--- Walking the entire request list ---
Sending Access-Reject of id 14 to 128.206.95.215
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 14 with timestamp 3ca8cf3d
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 128.206.95.215:1024, id=15, length=111
Thread 2 assigned request 2
Thread 2 handling request 2, (1 handled so far)
Received packet from 128.206.95.215 with invalid Message-Authenticator!
Server rejecting request 2.
Finished request 2
Going to the next request
Thread 2 waiting to be assigned a request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 128.206.95.215:1024, id=15, length=111
Sending duplicate authentication reply to client 128.206.95.215:1024 - ID: 15
Sending Access-Reject of id 15 to 128.206.95.215:1024
--- Walking the entire request list ---
Sending Access-Reject of id 15 to 128.206.95.215
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 15 with timestamp 3ca8cf6b
Nothing to do. Sleeping until we see a request.
MASTER: exit.
Later...
Justin McNutt
Network Systems Analyst - Expert
DNPS, Mizzou Telecom
(573) 882-5183
One IP to rule them all, one IP to find them,
One IP to bring them all, and in the darkness BIND them,
In the land of Ether, where the packets fly.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
