Hello, [EMAIL PROTECTED] root]# vi /etc/raddb/server ?? the config file will this be ? correct directory;
#vi /etc/raddb/clients.conf oke. > ----- Original Message ----- > From: "Le Gal Philippe" <[EMAIL PROTECTED]> > To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> > Subject: Freeradius authentication question > Date: Fri, 20 Jan 2006 11:34:51 -0000 > > > > Hi everybody, > > I'm trying to authenticate users login in a machine using ssh. I > have configured ssh & PAM on that server to autenticate against the > radius server (Redhat Application Server 2.1). > > Please find below the debug of the radius server as well as my conf files. > > The Free radius server says : > > Login incorrect: [test/\010\n\INCORRECT] (from client > us067.eudra.org port 1500 cli 192.168.xx.xx) > WARNING: Unprintable characters in the password. ? Double-check > the shared secret on the server and the NAS! > > So did I . I checked the secrets on the server and they are *IDENTICAL*... > > I used the NTRadPing utility with exactly the same parameters and > it works absolutely fine ! > > Thank you for your help ! > > my /etc/raddb/server file : (on the client machine) : > > [EMAIL PROTECTED] root]# vi /etc/raddb/server > # pam_radius_auth configuration file. Copy to: /etc/raddb/server > # > # For proper security, this file SHOULD have permissions 0600, > # that is readable by root, and NO ONE else. If anyone other than > # root can read this file, then they can spoof responses from the server! > # > # There are 3 fields per line in this file. There may be multiple > # lines. Blank lines or lines beginning with '#' are treated as > # comments, and are ignored. The fields are: > # > # server[:port] secret [timeout] > # > # the port name or number is optional. The default port name is > # "radius", and is looked up from /etc/services The timeout field is > # optional. The default timeout is 3 seconds. > # > # If multiple RADIUS server lines exist, they are tried in order. The > # first server to return success or failure causes the module to return > # success or failure. Only if a server fails to response is it skipped, > # and the next server in turn is used. > # > # The timeout field controls how many seconds the module waits before > # deciding that the server has failed to respond. > # > # server[:port] shared_secret timeout (s) > loginhost.eudra.org philippe123456 1 > # > # having localhost in your radius configuration is a Good Thing. > # > # See the INSTALL file for pam.conf hints. > > > clients.conf : > > client us067.eudra.org { > secret = philippe123456 > shortname = us067.eudra.org > } > > > [EMAIL PROTECTED] raddb]# radiusd -X > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Config: including file: /usr/local/etc/raddb/proxy.conf > Config: including file: /usr/local/etc/raddb/clients.conf > Config: including file: /usr/local/etc/raddb/snmp.conf > Config: including file: /usr/local/etc/raddb/eap.conf > Config: including file: /usr/local/etc/raddb/sql.conf > main: prefix = "/usr/local" > main: localstatedir = "/usr/local/var" > main: logdir = "/usr/local/var/log/radius" > main: libdir = "/usr/local/lib" > main: radacctdir = "/usr/local/var/log/radius/radacct" > main: hostname_lookups = no > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_file = "/usr/local/var/log/radius/radius.log" > main: log_auth = yes > main: log_auth_badpass = yes > main: log_auth_goodpass = yes > main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" > main: user = "(null)" > main: group = "(null)" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: checkrad = "/usr/local/sbin/checkrad" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > proxy: post_proxy_authorize = yes > proxy: wake_all_if_all_dead = no > security: max_attributes = 200 > security: reject_delay = 1 > security: status_server = no > main: debug_level = 0 > read_config_files: reading dictionary > read_config_files: reading naslist > Using deprecated naslist file. Support for this will go away soon. > read_config_files: reading clients > read_config_files: reading realms > radiusd: entering modules setup > Module: Library search path is /usr/local/lib > Module: Loaded exec > exec: wait = yes > exec: program = "(null)" > exec: input_pairs = "request" > exec: output_pairs = "(null)" > exec: packet_type = "(null)" > rlm_exec: Wait=yes but no output defined. Did you mean output=none? > Module: Instantiated exec (exec) > Module: Loaded expr > Module: Instantiated expr (expr) > Module: Loaded PAP > pap: encryption_scheme = "crypt" > Module: Instantiated pap (pap) > Module: Loaded CHAP > Module: Instantiated chap (chap) > Module: Loaded MS-CHAP > mschap: use_mppe = yes > mschap: require_encryption = no > mschap: require_strong = no > mschap: with_ntdomain_hack = no > mschap: passwd = "(null)" > mschap: authtype = "MS-CHAP" > mschap: ntlm_auth = "(null)" > Module: Instantiated mschap (mschap) > Module: Loaded System > unix: cache = no > unix: passwd = "(null)" > unix: shadow = "(null)" > unix: group = "(null)" > unix: radwtmp = "/usr/local/var/log/radius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 > Module: Instantiated unix (unix) > Module: Loaded eap > eap: default_eap_type = "md5" > eap: timer_expire = 60 > eap: ignore_unknown_eap_types = no > eap: cisco_accounting_username_bug = no > rlm_eap: Loaded and initialized type md5 > rlm_eap: Loaded and initialized type leap > gtc: challenge = "Password: " > gtc: auth_type = "PAP" > rlm_eap: Loaded and initialized type gtc > mschapv2: with_ntdomain_hack = no > rlm_eap: Loaded and initialized type mschapv2 > Module: Instantiated eap (eap) > Module: Loaded preprocess > preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" > preprocess: hints = "/usr/local/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > preprocess: with_specialix_jetstream_hack = no > preprocess: with_cisco_vsa_hack = no > Module: Instantiated preprocess (preprocess) > Module: Loaded realm > realm: format = "suffix" > realm: delimiter = "@" > realm: ignore_default = no > realm: ignore_null = no > Module: Instantiated realm (suffix) > Module: Loaded files > files: usersfile = "/usr/local/etc/raddb/users" > files: acctusersfile = "/usr/local/etc/raddb/acct_users" > files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" > files: compat = "no" > Module: Instantiated files (files) > Module: Loaded Acct-Unique-Session-Id > acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, > Client-IP-Address, NAS-Port" > Module: Instantiated acct_unique (acct_unique) > Module: Loaded detail > detail: detailfile = > "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" > detail: detailperm = 384 > detail: dirperm = 493 > detail: locking = no > Module: Instantiated detail (detail) > Module: Loaded radutmp > radutmp: filename = "/usr/local/var/log/radius/radutmp" > radutmp: username = "%{User-Name}" > radutmp: case_sensitive = yes > radutmp: check_with_nas = yes > radutmp: perm = 384 > radutmp: callerid = yes > Module: Instantiated radutmp (radutmp) > Listening on authentication *:1812 > Listening on accounting *:1813 > Ready to process requests. > rad_recv: Access-Request packet from host 172.16.51.67:2531, id=82, length=89 > User-Name = "test" > User-Password = "\010\n\INCORRECT" > NAS-IP-Address = 172.16.51.67 > NAS-Identifier = "sshd" > NAS-Port = 1506 > NAS-Port-Type = Virtual > Service-Type = Authenticate-Only > Calling-Station-Id = "192.168.60.76" > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "test", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 0 > rlm_eap: No EAP-Message, not doing EAP > modcall[authorize]: module "eap" returns noop for request 0 > users: Matched entry DEFAULT at line 156 > modcall[authorize]: module "files" returns ok for request 0 > modcall: group authorize returns ok for request 0 > rad_check_password: Found Auth-Type System > auth: type "System" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 0 > rlm_unix: [test]: invalid password > modcall[authenticate]: module "unix" returns reject for request 0 > modcall: group authenticate returns reject for request 0 > auth: Failed to validate the user. > Login incorrect: [test/\010\n\INCORRECT] (from client > us067.eudra.org port 1506 cli 192.168.60.76) > WARNING: Unprintable characters in the password. ? Double-check > the shared secret on the server and the NAS! > Delaying request 0 for 1 seconds > Finished request 0 > Going to the next request > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Sending Access-Reject of id 82 to 172.16.51.67:2531 > Waking up in 4 seconds... > --- Walking the entire request list --- > Cleaning up request 0 ID 82 with timestamp 43d0c994 > Nothing to do. Sleeping until we see a request. > > ________________________________________________________________________ > This e-mail has been scanned for all known viruses by EMEA. > ________________________________________________________________________ > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-. _ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai "Ozgur" Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- _______________________________________________ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html