I did delete the client from clients.conf and tried radclient from the remote
host:
echo "User-Name=guest,Password=guest" | radclient 172.
16.30.6:1812 auth radiussecret
I get the following error.
Ignoring request to authentication address * port 1812 from unknown client
172.16.20.10 port 36735
Ready to process requests
Then I re-entered (manually) the following lines to clients.conf:
client 172.16.20.10 {
secret = radiussecret
require_message_authenticator = no
}
client 172.16.30.6 {
secret = radiussecret
require_message_authenticator = no
}
The remote radclient gives the following debug output:
rad_recv: Access-Request packet from host 172.16.20.10 port 56195, id=36, length
=27
User-Name = "guest"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "guest", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> guest
rlm_sql (sql): sql_set_user escaped user --> 'guest'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op FROM radchec
k WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op FROM radcheck WHERE usern
ame = 'guest' ORDER BY id
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radrepl
y WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op FROM radreply WHERE usern
ame = 'guest' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE use
rname = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname
FROM radusergroup WHERE username = 'guest' ORDER BY pri
ority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: No clear-text password in the request. Not performing PAP.
++[pap] returns noop
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [guest/<no User-Password attribute>] (from client 172.16.20.10
port 0)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> guest
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 36 to 172.16.20.10 port 56195
Waking up in 4.9 seconds.
Cleaning up request 0 ID 36 with timestamp +10
Ready to process requests.
while the radclient on the local radius server receives no error:
rad_recv: Access-Request packet from host 172.16.30.6 port 42677, id=105,
length=45
User-Name = "guest"
User-Password = "guest"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "guest", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> guest
rlm_sql (sql): sql_set_user escaped user --> 'guest'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id ->
SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'guest' ORDER BY id
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id ->
SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'guest' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname
FROM radusergroup WHERE username = 'guest' ORDER BY
priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "guest"
rlm_pap: Using clear text password "guest"
rlm_pap: User authenticated successfully
++[pap] returns ok
Login OK: [guest/guest] (from client 172.16.30.6 port 0)
+- entering group post-auth
rlm_sql (sql): Processing sql_postauth
expand: %{User-Name} -> guest
rlm_sql (sql): sql_set_user escaped user --> 'guest'
expand: %{User-Password} -> guest
expand: INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'guest', 'guest',
'Access-Accept', '2010-10-20 15:47:40')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'guest', 'guest',
'Access-Accept', '2010-10-20 15:47:40')
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 105 to 172.16.30.6 port 42677
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 105 with timestamp +20
Ready to process requests.
What else could be wrong here?
Alan DeKok schrieb:
Bereos OHG Michael Spinnenhirn wrote:
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [guest/MM\250f\375 \241Ñ?\247\007\242Ë?i\316] (from
client nas01 port 2 cli 00-0C-29-00-71-20)
WARNING: Unprintable characters in the password. Double-check
the shared secret on the server and the NAS!
I allready checked the secret. It's the same in chilli config and
client.conf on the server.
That message is pretty definitive.
I suggest *deleting* the client. Then send the server packets.
Verify that the server complains about "unknown client". Then, add the
client again. This time re-entering all of the data, rather than
copying it from your existing configuration.
Also try "radtest" (or radclient) from the remote machine. There's no
need to depend on Chillispot config when you can use the FreeRADIUS
software to do the tests.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html