Re: Fwd: Authentication failure issue

Fri, 05 Aug 2011 02:53:17 -0700 

Hi,

your FreeRADIUS Server reads the clients from this file:

including configuration file /usr/local/etc/raddb/clients.conf

which is what you edited - good. Now you have to check where
radiusclient reads its secret from. Can't help you with that.

Stefan

Am 05.08.2011 11:09, schrieb fieldpeak:
> Hi Stefan,
>
> Attached is the fully log from FreeRadius start, i tried to identify
> it myself however i'm new comer to FR, can you please advise, thanks a
> lot!
>
> Regards,
> Charles
>
> 2011/8/5 Stefan Winter <stefan.win...@restena.lu
> <mailto:stefan.win...@restena.lu>>
>
>     Hi,
>
>     if the password is mangled that way, there is not much other
>     reason than
>     a misconfigured shared secret.
>
>     I can't tell you which config file exactly does what on your system;
>     that depends on the configure settings you used to install FreeRADIUS,
>     and on where and how you installed the NAS stuff with radiusclient.
>
>     You could post a *full* debug output of radiusd -X, *including* what's
>     printed on server startup - it will print out which files it reads for
>     its configuration.
>
>     Stefan
>
>     Am 05.08.2011 10:21, schrieb fieldpeak:
>     > Hi Stefan,
>     >
>     > Sorry for the confusion, actullay i have checked both secret on both
>     > NAS and server sides, it is same.
>     > below is debug output, the confusion pasword "Q?²ÊÃ
>     > ëê¢p?¤F?+Õa" is very suspecious, it should be '1111' that i
>     > configure in database.
>     > maybe i check the wrong conf files for secrect, below is files
>     that i
>     > checked. is it correct?
>     > NAS:
>     > usr/local/etc/radiusclient/
>     > servers
>     > localhost/localhost testing123
>     >
>     > Server:
>     > /usr/local/etc/raddb/clients.conf
>     > secret = testing123
>     >
>     >
>     > debug output:
>     >
>     > Found Auth-Type = PAP
>     > # Executing group from file
>     /usr/local/etc/raddb/sites-enabled/default
>     > +- entering group PAP {...}
>     > [pap] login attempt with password "Q?²Êà ëê¢p?¤F?+Õa"
>     > [pap] Using clear text password "1111"
>     > [pap] Passwords don't match
>     > ++[pap] returns reject
>     > Failed to authenticate the user.
>     > WARNING: Unprintable characters in the password. Double-check the
>     > shared secret on the server and the NAS!
>     > Using Post-Auth-Type Reject
>     > # Executing group from file
>     /usr/local/etc/raddb/sites-enabled/default
>     > +- entering group REJECT {...}
>     > [attr_filter.access_reject] expand: %{User-Name} -> 1001
>     > attr_filter: Matched entry DEFAULT at line 11
>     > ++[attr_filter.access_reject] returns updated
>     > Delaying reject of request 38 for 1 seconds
>     >
>     >
>     > Regards,
>     > Charles
>     >
>     > 2011/8/5 Stefan Winter <stefan.win...@restena.lu
>     <mailto:stefan.win...@restena.lu>
>     > <mailto:stefan.win...@restena.lu <mailto:stefan.win...@restena.lu>>>
>     >
>     > Hello,
>     >
>     > while you marked lots of stuff in yellow, you missed the REALLY
>     > helpful
>     > part:
>     >
>     > "WARNING: Unprintable characters in the password. Double-check
>     > the shared secret on the server and the NAS!"
>     >
>     > How about doing exactly that...?
>     >
>     > Stefan Winter
>     >
>     >
>     > Am 05.08.2011 06:14, schrieb fieldpeak:
>     > > Hello Friends,
>     > >
>     > > I met a issue regarding password/authentication with FreeRadius,
>     > Could
>     > > anybody help for the issue, Thanks!
>     > >
>     > > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
>     > >
>     > > [pap] WARNING! No "known good" password found for the user.
>     > > Authentication may fail because of this.
>     > > ++[pap] returns noop
>     > > ERROR: No authenticate method (Auth-Type) found for the request:
>     > > Rejecting the user
>     > >
>     > > The details in below mails.
>     > >
>     > > Regards,
>     > > Charles
>     > >
>     > > Forwarded conversation
>     > > Subject: *Authentication failure issue*
>     > > ------------------------
>     > >
>     > > From: *fieldpeak* <fieldp...@gmail.com
>     <mailto:fieldp...@gmail.com>
>     > <mailto:fieldp...@gmail.com <mailto:fieldp...@gmail.com>>
>     <mailto:fieldp...@gmail.com <mailto:fieldp...@gmail.com>
>     > <mailto:fieldp...@gmail.com <mailto:fieldp...@gmail.com>>>>
>     > > Date: 2011/8/4
>     > > To: freeradius-users@lists.freeradius.org
>     <mailto:freeradius-users@lists.freeradius.org>
>     > <mailto:freeradius-users@lists.freeradius.org
>     <mailto:freeradius-users@lists.freeradius.org>>
>     > > <mailto:freeradius-users@lists.freeradius.org
>     <mailto:freeradius-users@lists.freeradius.org>
>     > <mailto:freeradius-users@lists.freeradius.org
>     <mailto:freeradius-users@lists.freeradius.org>>>
>     > >
>     > >
>     > > Dear Friends,
>     > >
>     > > I'm trying integrate Freeswitch with Freeradius, I met below
>     issue,
>     > > can anyone help, thanks in adance.
>     > >
>     > > Freeradius server log:
>     > >
>     > > rad_recv: Access-Request packet from host 127.0.0.1 port 52684,
>     > id=49,
>     > > length=111
>     > > User-Name = "1001"
>     > > User-Password = "?\210\365@\263\t\306\343\243iT?\311C\t\002"
>     > > Called-Station-Id = "888"
>     > > h323-conf-id = "749d2b5a-16ad-48e4-af58-
>     > > 24011949d1b5"
>     > > Calling-Station-Id = "1001"
>     > > NAS-Port = 0
>     > > NAS-IP-Address = 127.0.0.1
>     > > # Executing section authorize from file
>     > > /usr/local/etc/raddb/sites-enabled/default
>     > > +- entering group authorize {...}
>     > > ++[preprocess] returns ok
>     > > [auth_log] expand:
>     > >
>     >
>     /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>     > > ->
>     > /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803
>     <http://127.0.0.1/auth-detail-20110803>
>     > <http://127.0.0.1/auth-detail-20110803>
>     > > <http://127.0.0.1/auth-detail-20110803>
>     > > [auth_log]
>     > >
>     >
>     /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>     > > expands to
>     > >
>     /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20110803
>     <http://127.0.0.1/auth-detail-20110803>
>     > <http://127.0.0.1/auth-detail-20110803>
>     > > <http://127.0.0.1/auth-detail-20110803>
>     > > [auth_log] expand: %t -> Wed Aug 3 12:06:33 2011
>     > > ++[auth_log] returns ok
>     > > ++[chap] returns noop
>     > > ++[mschap] returns noop
>     > > ++[digest] returns noop
>     > > [suffix] No '@' in User-Name = "1001", looking up realm NULL
>     > > [suffix] No such realm "NULL"
>     > > ++[suffix] returns noop
>     > > [eap] No EAP-Message, not doing EAP
>     > > ++[eap] returns noop
>     > > ++[unix] returns notfound
>     > > ++[files] returns noop
>     > > [sql] expand: %{User-Name} -> 1001
>     > > [sql] sql_set_user escaped user --> '1001'
>     > > rlm_sql (sql): Reserving sql socket id: 4
>     > > [sql] expand: SELECT id, username, attribute, value, op
>     > > FROM radcheck WHERE username = '%{SQL-User-Name}'
>     > > ORDER BY id -> SELECT id, username, attribute, value, op
>     > > FROM radcheck WHERE username = '1001' ORDER BY id
>     > > [sql] expand: SELECT groupname FROM radusergroup
>     > > WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
>     > > SELECT groupname FROM radusergroup WHERE username
>     > > = '1001' ORDER BY priority
>     > > rlm_sql (sql): Released sql socket id: 4
>     > > [sql] User 1001 not found
>     > > ++[sql] returns notfound
>     > > ++[expiration] returns noop
>     > > ++[logintime] returns noop
>     > > [pap] WARNING! No "known good" password found for the user.
>     > > Authentication may fail because of this.
>     > > ++[pap] returns noop
>     > > ERROR: No authenticate method (Auth-Type) found for the request:
>     > > Rejecting the user
>     > > Failed to authenticate the user.
>     > > WARNING: Unprintable characters in the password. Double-check
>     > > the shared secret on the server and the NAS!
>     > > Using Post-Auth-Type Reject
>     > > # Executing group from file
>     > /usr/local/etc/raddb/sites-enabled/default
>     > > +- entering group REJECT {...}
>     > > [attr_filter.access_reject] expand: %{User-Name} -> 1001
>     > > attr_filter: Matched entry DEFAULT at line 11
>     > > ++[attr_filter.access_reject] returns updated
>     > > Delaying reject of request 8 for 1 seconds
>     > > Going to the next request
>     > > Waking up in 0.9 seconds.
>     > > Sending delayed reject for request 8
>     > > Sending Access-Reject of id 49 to 127.0.0.1 port 52684
>     > > Waking up in 4.9 seconds.
>     > > Cleaning up request 8 ID 49 with timestamp +7674
>     > > Ready to process requests.
>     > > WARNING! No "known good" password found for the user
>     > >
>     > > Regards,
>     > > Charles
>     > >
>     > > ----------
>     > > From: *fieldpeak* <fieldp...@gmail.com
>     <mailto:fieldp...@gmail.com>
>     > <mailto:fieldp...@gmail.com <mailto:fieldp...@gmail.com>>
>     <mailto:fieldp...@gmail.com <mailto:fieldp...@gmail.com>
>     > <mailto:fieldp...@gmail.com <mailto:fieldp...@gmail.com>>>>
>     > > Date: 2011/8/4
>     > > To: freeradius-users@lists.freeradius.org
>     <mailto:freeradius-users@lists.freeradius.org>
>     > <mailto:freeradius-users@lists.freeradius.org
>     <mailto:freeradius-users@lists.freeradius.org>>
>     > > <mailto:freeradius-users@lists.freeradius.org
>     <mailto:freeradius-users@lists.freeradius.org>
>     > <mailto:freeradius-users@lists.freeradius.org
>     <mailto:freeradius-users@lists.freeradius.org>>>
>     > >
>     > >
>     > > Hello Gurus,
>     > >
>     > > I've double checked the shared secret on both server and NAS
>     are the
>     > > same, the problem still exist, it trouble me a few days, can
>     anyone
>     > > kindly help?
>     > >
>     > > nas:
>     > > /usr/local/etc/radiusclient/servers
>     > > localhost/localhost testing123
>     > >
>     > > server:
>     > > /usr/local/etc/raddb/clients.conf
>     > > secret = testing123
>     > >
>     > >
>     > >
>     > > -
>     > > List info/subscribe/unsubscribe? See
>     > http://www.freeradius.org/list/users.html
>     >
>     >
>     > --
>     > Stefan WINTER
>     > Ingenieur de Recherche
>     > Fondation RESTENA - Réseau Téléinformatique de l'Education
>     > Nationale et de la Recherche
>     > 6, rue Richard Coudenhove-Kalergi
>     > L-1359 Luxembourg
>     >
>     > Tel: +352 424409 1
>     > Fax: +352 422473
>     >
>     >
>     >
>     > -
>     > List info/subscribe/unsubscribe? See
>     > http://www.freeradius.org/list/users.html
>     >
>     >
>     >
>     >
>     > -
>     > List info/subscribe/unsubscribe? See
>     http://www.freeradius.org/list/users.html
>
>
>     --
>     Stefan WINTER
>     Ingenieur de Recherche
>     Fondation RESTENA - Réseau Téléinformatique de l'Education
>     Nationale et de la Recherche
>     6, rue Richard Coudenhove-Kalergi
>     L-1359 Luxembourg
>
>     Tel: +352 424409 1
>     Fax: +352 422473
>
>
>
>     -
>     List info/subscribe/unsubscribe? See
>     http://www.freeradius.org/list/users.html
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la 
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

Attachment: signature.asc
Description: OpenPGP digital signature

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to