Re: Regarding pam_radius_auth to be integrated with busybox
Hi Arran, On one another board, still I am getting the same error. Still should I need to change any other thing? Regards, Deep On Tue, Oct 30, 2012 at 8:31 PM, Arran Cudbard-Bell < a.cudba...@freeradius.org> wrote: > > On 30 Oct 2012, at 14:13, Deep Shah wrote: > > > Sorry for inconvenience. > > > > I have enabled flag of mips in md5.c file of pam_radius_auth and my > issue is resolved now. > > Ahhh. > > > https://github.com/FreeRADIUS/pam_radius/commit/c61a218efb2a0ec4f493bcc9fa735306f779ea64 > > -Arran > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Regarding pam_radius_auth to be integrated with busybox
Sorry for inconvenience. I have enabled flag of mips in md5.c file of pam_radius_auth and my issue is resolved now. Regards, Deep On Tue, Oct 30, 2012 at 11:20 AM, Fajar A. Nugraha wrote: > On Tue, Oct 30, 2012 at 12:42 PM, Deep Shah > wrote: > > Hi, > > > > Thank you for your reply. > > > > Here, radius server is at /usr/local/etc/raddb/ (which is on pc side) > and I > > have configured and put my client which is at /etc/raddb/server. > > > > When I am getting " pam_radius_auth: packet from RADIUS server > > 192.168.100.27 fails verification: The shared secret is probably > incorrect." > > on my radius client. > > > If you're not going to listen to suggestion then I wont bother > answering your mail anymore. > > I just tested it on Ubuntu 12.04. The package is libpam-radius-auth, > and (despite the comment in the config file), pam_radius_auth.conf > must be in /etc. It works. > > Again, my advice is start with known good config, and work from there. > If you decide to ignore that advice, it's your choice, but please stop > wasting everyone's time. > > -- > Fajar > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Regarding pam_radius_auth to be integrated with busybox
Hi, Thank you for your reply. Here, radius server is at /usr/local/etc/raddb/ (which is on pc side) and I have configured and put my client which is at /etc/raddb/server. When I am getting " pam_radius_auth: packet from RADIUS server 192.168.100.27 fails verification: The shared secret is probably incorrect." on my radius client. I am getting below error message on my server(written client here by mistake in previous email). " !!! !!!Replacing User-Password in config items with Cleartext-Password. !!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!! # Executing group from file /usr/local/etc/raddb//sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "?U��?R�S4?H�0+R�" [pap] Using clear text password "test" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject " Regards, Deep Regards, Deep On Tue, Oct 30, 2012 at 10:58 AM, Fajar A. Nugraha wrote: > On Tue, Oct 30, 2012 at 12:14 PM, Deep Shah > wrote: > > Please find below my pam_radius_auth.conf file snap shot. > > # pam_radius_auth configuration file. Copy to: /etc/raddb/server > > Is it in the correct place? > > Since your earlier logs says "/usr/local/etc/raddb", you might also > try copying the file there, just in case. > > > Please find below my client.conf file snap shot which is taken from > server > > side. My client IP is 192.168.100.18 and my server IP is 192.168.100.27. > > That's not what you said in your earlier post > > > Can you please let me know which configuration is wrong if there is any? > > Not sure. > > For this I'd actually suggest you start with known good working > config. Either RHEL/Centos or Ubuntu/Debian is usually a good place to > start. IIRC last time I tested this with RHEL it works just fine. > Assuming you configure it correctly (hint: read the READMEs and docs > that comes with the source/package). > > After you at least got THAT to work, then start working on your > busybox-thingy. Just in case it's busybox-specific bug, in which case > you should probably ask the devs there. > > -- > Fajar > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Regarding pam_radius_auth to be integrated with busybox
Hi, Thank you for your reply. Here, radius server is at /usr/local/etc/raddb/ (which is on pc side) and I have configured and put my client which is at /etc/raddb/server. When I am getting " pam_radius_auth: packet from RADIUS server 192.168.100.27 fails verification: The shared secret is probably incorrect." on my radius client. I am getting below error message on my client. " !!! !!!Replacing User-Password in config items with Cleartext-Password. !!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!! # Executing group from file /usr/local/etc/raddb//sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "?U��?R�S4?H�0+R�" [pap] Using clear text password "test" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject " Regards, Deep On Tue, Oct 30, 2012 at 10:58 AM, Fajar A. Nugraha wrote: > On Tue, Oct 30, 2012 at 12:14 PM, Deep Shah > wrote: > > Please find below my pam_radius_auth.conf file snap shot. > > # pam_radius_auth configuration file. Copy to: /etc/raddb/server > > Is it in the correct place? > > Since your earlier logs says "/usr/local/etc/raddb", you might also > try copying the file there, just in case. > > > Please find below my client.conf file snap shot which is taken from > server > > side. My client IP is 192.168.100.18 and my server IP is 192.168.100.27. > > That's not what you said in your earlier post > > > Can you please let me know which configuration is wrong if there is any? > > Not sure. > > For this I'd actually suggest you start with known good working > config. Either RHEL/Centos or Ubuntu/Debian is usually a good place to > start. IIRC last time I tested this with RHEL it works just fine. > Assuming you configure it correctly (hint: read the READMEs and docs > that comes with the source/package). > > After you at least got THAT to work, then start working on your > busybox-thingy. Just in case it's busybox-specific bug, in which case > you should probably ask the devs there. > > -- > Fajar > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Regarding pam_radius_auth to be integrated with busybox
Hi Fajar and Mathhew, Thank you so much for your reply. I have checked several times that both the keys from pam_radius_auth.conf and my radius server are same. But then also I am getting these prints. Please find below my pam_radius_auth.conf file snap shot. # pam_radius_auth configuration file. Copy to: /etc/raddb/server # # The timeout field controls how many seconds the module waits before # deciding that the server has failed to respond. # # server[:port]shared_secret timeout (s) #127.0.0.1secret 1 #other-serverother-secret 3 127.0.0.1secret 1 192.168.100.27testing1232 other-serverother-secret 3 # # having localhost in your radius configuration is a Good Thing. # # See the INSTALL file for pam.conf hints. Please find below my client.conf file snap shot which is taken from server side. My client IP is 192.168.100.18 and my server IP is 192.168.100.27. client 192.168.100.18 { secret = testing123 } Can you please let me know which configuration is wrong if there is any? Thank you very much for your help in advance. Regards, Deep On Tue, Oct 30, 2012 at 7:28 AM, Fajar A. Nugraha wrote: > On Tue, Oct 30, 2012 at 5:24 AM, Matthew Newton > wrote: > > On Tue, Oct 30, 2012 at 01:14:09AM +0530, Deep Shah wrote: > >> "pam_radius_auth: packet from RADIUS server 192.168.100.19 fails > >> verification: The shared secret is probably incorrect." > > > >> > WARNING: Unprintable characters in the password. Double-check the > >> > shared secret on the server and the NAS! > > > >> > Can you please suggest what might be the issue is? I am getting > password > > > > Please read the debug output. It's telling you the answer. > > Correct. > > @Deep: There should be pam_radius_auth.conf somewhere where you can > specify the shared secret on the NAS (i.e. pam_radius_auth) side. > > -- > Fajar > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Regarding pam_radius_auth to be integrated with busybox
Hi Alan, To give some more debug, the below print is what I am getting on client side. Can you please look in to it? "pam_radius_auth: packet from RADIUS server 192.168.100.19 fails verification: The shared secret is probably incorrect." Regards, Deep On Mon, Oct 29, 2012 at 6:54 PM, Deep Shah wrote: > Hi, > > > I am trying to integrate linux-pam library and pam_radius_auth module to > my busybox 1.17.3 version. I want to login through radius server on the > host machine. I am using power pc as my board. I have configured the files > of configuration as below. > > *client.conf* * (conf file)* > client 192.168.100.26 { > secret = testing123 > } > > *user (conf file)* > > test Auth-Type := PAP, Cleartext-Password := "testpass" > Reply-Message = "Hello, %{User-Name}, you have successfully > authenticated your login" > > I am getting request on the server side but some error is coming on the > server of password mismatch. Please find the below log for the same. > > rad_recv: Access-Request packet from host 192.168.100.26 port 2970, > id=106, length=69 > User-Name = "test" > User-Password = "C\2758\330E\345RZ\3707\227\001\265[\202H" > NAS-Identifier = "login" > NAS-Port = 1945 > NAS-Port-Type = Virtual > Service-Type = Authenticate-Only > # Executing section authorize from file > /usr/local/etc/raddb//sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > ++[digest] returns noop > [suffix] No '@' in User-Name = "test", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] No EAP-Message, not doing EAP > ++[eap] returns noop > [files] users: Matched entry test at line 54 > [files] expand: Hello, %{User-Name}, you have successfully > authenticated your login -> Hello, test, you have successfully > authenticated your login > ++[files] returns ok > ++[expiration] returns noop > ++[logintime] returns noop > ++[pap] returns updated > Found Auth-Type = PAP > > !!! > !!!Replacing User-Password in config items with > Cleartext-Password. !!! > > !!! > !!! Please update your configuration so that the "known > good" !!! > !!! clear text password is in Cleartext-Password, and not in > User-Password. !!! > > !!! > # Executing group from file /usr/local/etc/raddb//sites-enabled/default > +- entering group PAP {...} > [pap] login attempt with password "C�8�E�RZ�7??�[?H" > [pap] Using clear text password "testpass" > [pap] Passwords don't match > ++[pap] returns reject > Failed to authenticate the user. > WARNING: Unprintable characters in the password. Double-check the > shared secret on the server and the NAS! > Using Post-Auth-Type Reject > # Executing group from file /usr/local/etc/raddb//sites-enabled/default > +- entering group REJECT {...} > [attr_filter.access_reject] expand: %{User-Name} -> test > attr_filter: Matched entry DEFAULT at line 11 > ++[attr_filter.access_reject] returns updated > Delaying reject of request 1 for 1 seconds > Going to the next request > Waking up in 0.9 seconds. > Sending delayed reject for request 1 > Sending Access-Reject of id 106 to 192.168.100.26 port 2970 > Reply-Message = "Hello, test, you have successfully authenticated your > login" > Waking up in 4.9 seconds. > Cleaning up request 1 ID 106 with timestamp +37 > Ready to process requests. > > Can you please suggest what might be the issue is? I am getting password > as not readable string when I have used the correct password in radius > client and radius server. > > Regards, > Deep > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Regarding pam_radius_auth to be integrated with busybox
Hi, I am trying to integrate linux-pam library and pam_radius_auth module to my busybox 1.17.3 version. I want to login through radius server on the host machine. I am using power pc as my board. I have configured the files of configuration as below. *client.conf* * (conf file)* client 192.168.100.26 { secret = testing123 } *user (conf file)* test Auth-Type := PAP, Cleartext-Password := "testpass" Reply-Message = "Hello, %{User-Name}, you have successfully authenticated your login" I am getting request on the server side but some error is coming on the server of password mismatch. Please find the below log for the same. rad_recv: Access-Request packet from host 192.168.100.26 port 2970, id=106, length=69 User-Name = "test" User-Password = "C\2758\330E\345RZ\3707\227\001\265[\202H" NAS-Identifier = "login" NAS-Port = 1945 NAS-Port-Type = Virtual Service-Type = Authenticate-Only # Executing section authorize from file /usr/local/etc/raddb//sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry test at line 54 [files] expand: Hello, %{User-Name}, you have successfully authenticated your login -> Hello, test, you have successfully authenticated your login ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP !!! !!!Replacing User-Password in config items with Cleartext-Password. !!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!! # Executing group from file /usr/local/etc/raddb//sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "C�8�E�RZ�7??�[?H" [pap] Using clear text password "testpass" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb//sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> test attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 106 to 192.168.100.26 port 2970 Reply-Message = "Hello, test, you have successfully authenticated your login" Waking up in 4.9 seconds. Cleaning up request 1 ID 106 with timestamp +37 Ready to process requests. Can you please suggest what might be the issue is? I am getting password as not readable string when I have used the correct password in radius client and radius server. Regards, Deep - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html