Re: Problems with MySQL authentication
> > root@localhost# radtest radman2 testing localhost 10 2 > hostname> Sending Access-Request of id 128 to 127.0.0.1:1812 > > User-Name = "radman2" > > User-Password = "\2529M\234\353,\006w\2657K\346m\301\022@" > > NAS-IP-Address = > > NAS-Port-Id = "10" > > Framed-Protocol = PPP > > rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=128, > > length=20 rad_decode: Received Access-Reject packet from 127.0.0.1 with > > invalid signature! > > ^^^ > > ^ > > > output from radiusd -X > > [...] > > > WARNING: Unprintable characters in the password. ? Double-check the > > shared secret on the server and the NAS! > > > > > > This WARNING says check my secret, but I know that is correct for sure. > > From > > Are you _really really_ sure you have your shared secret correct? Both > the "invalid signature" error radtest gives and the warning from radiusd > indicate that the shared secrets don't match. > Could you paste the relevant section from raddb/clients.conf? You were correct in saying that I used an incorrect secret. I looked at my clients.conf and I saw that there are different secrets for localhost, and my NAS's. I guess I didn't understand that I needed to use the secret for localhost, I was using the secret for my NAS. Once, I used the secret for localhost, everything works great!! Thanks for the excellent support everyone! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with MySQL authentication was Re: Problems with MySQL Auth-Type
At 08:52 AM 5/31/2002 +0200, Simon wrote: >On Thu, May 30, 2002 at 07:14:14PM -0500, Nick Davis wrote: > >[...] > > > root@localhost# radtest radman2 testing localhost 10 2 hostname> > > Sending Access-Request of id 128 to 127.0.0.1:1812 > > User-Name = "radman2" > > User-Password = "\2529M\234\353,\006w\2657K\346m\301\022@" > > NAS-IP-Address = > > NAS-Port-Id = "10" > > Framed-Protocol = PPP > > rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=128, length=20 > > rad_decode: Received Access-Reject packet from 127.0.0.1 with invalid > > signature!^^^ > ^ > >Are you _really really_ sure you have your shared secret correct? Both >the "invalid signature" error radtest gives and the warning from radiusd >indicate that the shared secrets don't match. >Could you paste the relevant section from raddb/clients.conf? It is most likely just really old code on the NAS. Quite a few NAS in older code revs didn't sign Accounting-Request packets properly. Livingston Portmasters were one. I'd highly recommend looking at upgrading the NAS code as the suspect here. Also, if this is an older Ascend box, Ascend didn't quite follow the RFC method of encrypting PAP passwords when sending to the NAS ( they added additional NULL pads ). Newer Ascend/Lucent allow you to switch to an RFC compliant mode. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with MySQL authentication was Re: Problems with MySQL Auth-Type
On Thu, May 30, 2002 at 07:14:14PM -0500, Nick Davis wrote: [...] > root@localhost# radtest radman2 testing localhost 10 2 > Sending Access-Request of id 128 to 127.0.0.1:1812 > User-Name = "radman2" > User-Password = "\2529M\234\353,\006w\2657K\346m\301\022@" > NAS-IP-Address = > NAS-Port-Id = "10" > Framed-Protocol = PPP > rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=128, length=20 > rad_decode: Received Access-Reject packet from 127.0.0.1 with invalid > signature!^^^ ^ > output from radiusd -X [...] > WARNING: Unprintable characters in the password. ? Double-check the shared > secret on the server and the NAS! > > > This WARNING says check my secret, but I know that is correct for sure. From Are you _really really_ sure you have your shared secret correct? Both the "invalid signature" error radtest gives and the warning from radiusd indicate that the shared secrets don't match. Could you paste the relevant section from raddb/clients.conf? -- Simon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with MySQL authentication was Re: Problems with MySQL Auth-Type
ok I think I am really close to getting this working (having everything in mysql db). as a side note. i use a table called user instead of radcheck with different titles for the columns because this db is for other stuff too.. here are the tables: mysql> select * from user; +--++-+--+--+---++ | useridnr | userid | passwd | clientid | maxmail_size | Attribute | op | +--++-+--+--+---++ | 30 | radman2| testing |0 | 2097152 | User-Password | := | +--++-+--+--+---++ mysql> select * from usergroup; +++---+ | id | UserName | GroupName | +++---+ | 2 | radman2| default | +++---+ mysql> select * from radgroupcheck; ++---+--++--+ | id | GroupName | Attribute| Value | op | ++---+--++--+ | 10 | default | Simultaneous-Use | 1 | := | | 9 | default | Auth-Type| PAP| := | ++---+--++--+ mysql> select * from radgroupreply; ++---+---+-+--+--+ | id | GroupName | Attribute | Value | op | prio | ++---+---+-+--+--+ | 2 | default | User-Service-Type | Framed-User | =|0 | | 3 | default | Framed-Protocol | PPP | =|0 | | 4 | default | Fall-Through | Yes | =|0 | ++---+---+-+--+--+ I have my radiusd.conf like this: pap { encryption_scheme = clear } authorize { preprocess sql } authenticate { authtype PAP { pap } } preacct { preprocess } accounting { unix sql radutmp } session { radutmp } When I run radtest radman2 testing localhost 10 2 radtest seems to always encrypt my password, since I am storing pwds in cleartext, the auth never works. Here is some output: root@localhost# radtest radman2 testing localhost 10 2 Sending Access-Request of id 128 to 127.0.0.1:1812 User-Name = "radman2" User-Password = "\2529M\234\353,\006w\2657K\346m\301\022@" NAS-IP-Address = NAS-Port-Id = "10" Framed-Protocol = PPP rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=128, length=20 rad_decode: Received Access-Reject packet from 127.0.0.1 with invalid signature! * output from radiusd -X rad_recv: Access-Request packet from host 127.0.0.1:1087, id=128, length=63 User-Name = "radman2" User-Password = "\2529M\234\353,\006w\2657K\346m\301\022@" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "10" Framed-Protocol = PPP modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok radius_xlat: 'radman2' sql_escape in: 'radman2' sql_escape out: 'radman2' sql_set_user: escaped user --> 'radman2' radius_xlat: 'SELECT useridnr,userid,Attribute,passwd,op FROM user WHERE userid = 'radman2' ORDER BY useridnr' rlm_sql: Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'radman2' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'radman2' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'radman2' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' radius_xlat: 'SELECT passwd,Attribute FROM user WHERE userid = 'radman2' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC' rlm_sql: Released sql socket id: 4 modcall[authorize]: module "sql" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type PAP auth: type "PAP" modcall: entering group authtype rlm_pap: login attempt by "radman2" with password à\z rlm_pap: Using password testing for user radman2 authentication. rlm_pap: Using clear text password. rlm_pap: Passwords don't match modcall[authenticate]: module "pap" returns reject modcall: group authtype returns reject auth: Failed to validate the user. Login incorrect (rlm_pap: CLEAR TEXT password check failed): [radman2/\340\\z] (from client localhost port 0) WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server a