RE: Authentication erros on freeradius 1.0.1 on Solaris 9
Here's two hints: > auth: No authenticate method (Auth-Type) configuration found for the > request: Rejecting the user The authorize section didn't find the user anywhere (eg in etc/raddb/users file), or anything else to tell it what authentication method to use for the user. And: > Login incorrect: [nutest1] (from client ranke-test port 0) >WARNING: Unprintable characters in the password. ? Double-check the > shared secret on the server and the NAS! So, check that the shared secret between the server and the NAS are the same (etc/raddb/clients.conf file). And run the server with the -X (capital X) option to get all the debugging output... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication erros on freeradius 1.0.1 on Solaris 9
Hi! The authorize section didn't find the user anywhere (eg in etc/raddb/users file), or anything else to tell it what authentication method to use for the user. The problem is not the authorize section. The user got an reject, because in the user-password stand something strange and not the password: User-Password = "g\\\202\t\367\010}\215\255\255\225\257\t.G\267" Perhaps the radius Server is not able to decode the password correctly ? So, check that the shared secret between the server and the NAS are the same (etc/raddb/clients.conf file). And run the server with the -X (capital X) option to get all the debugging output... Believe me, I checked the shared secret one hundred time. The shared secret is correct. I still believe that there is a problem to decode the send password. Regards, Ahmad -- Ahmad Cheikh-Moussa NetUSE AG Dr.-Hell-Straße, 24107 Kiel, Germany Telefon: +49 431 2390 400 -- Telefax: +49 431 2390 499 Service: [EMAIL PROTECTED] -- http://NetUSE.DE/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication erros on freeradius 1.0.1 on Solaris 9
Ahmad Cheikh Moussa schrieb: > Believe me, I checked the shared secret one hundred > time. > The shared secret is correct. I still believe that there > is a problem > to decode the send password. Which still hints at a bad secret... I don't really know how sensitive your cisco box or even freeradius are in this respect, but checking for whitespace or a "bad" linebreak (the infamous windows-like "\r\n" vs. unix-like "\n" ) at the end of the secret _might_ be an idea. Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication erros on freeradius 1.0.1 on Solaris 9
Ahmad Cheikh Moussa schrieb: > Believe me, I checked the shared secret one hundred > time. > The shared secret is correct. I still believe that there > is a problem > to decode the send password. Which still hints at a bad secret... I don't really know how sensitive your cisco box or even freeradius are in this respect, but checking for whitespace or a "bad" linebreak (the infamous windows-like "\r\n" vs. unix-like "\n" ) at the end of the secret _might_ be an idea. Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication erros on freeradius 1.0.1 on Solaris 9
Hi! The shared secret is test123. I don't think that this password is a problem. All radius files are edited via "vi" editor. The same config with freeradius 0.9.3 runs without any problems. I don't think that suddenly the Cisco NAS do something other than before with freeradius 0.9.3. Regards, Ahmad [EMAIL PROTECTED] wrote: Ahmad Cheikh Moussa schrieb: Believe me, I checked the shared secret one hundred time. The shared secret is correct. I still believe that there is a problem to decode the send password. Which still hints at a bad secret... I don't really know how sensitive your cisco box or even freeradius are in this respect, but checking for whitespace or a "bad" linebreak (the infamous windows-like "\r\n" vs. unix-like "\n" ) at the end of the secret _might_ be an idea. Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Ahmad Cheikh-Moussa NetUSE AG Dr.-Hell-Straße, 24107 Kiel, Germany Telefon: +49 431 2390 400 -- Telefax: +49 431 2390 499 Service: [EMAIL PROTECTED] -- http://NetUSE.DE/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication erros on freeradius 1.0.1 on Solaris 9
Ahmad Cheikh Moussa <[EMAIL PROTECTED]> wrote: > The shared secret is test123. I don't think that this > password is a problem. All radius files > are edited via "vi" editor. The same config > with freeradius 0.9.3 runs without any problems. > I don't think that suddenly the Cisco NAS do something > other than before with freeradius 0.9.3. If the User-Password is decrypted to be garbage, then either the shared secret is wrong, or there's a bug in the servers MD5 routines. Try it on another platform, like x86. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication erros on freeradius 1.0.1 on Solaris 9
Hi! > If the User-Password is decrypted to be garbage, then either the > shared secret is wrong, or there's a bug in the servers MD5 routines. > > Try it on another platform, like x86. freeradius on SuSe 9.1 functions properly. Is it a Solaris Problem ? Is there a patch for ? Regards, Ahmad -- Ahmad Cheikh-Moussa NetUSE AG Dr.-Hell-Straße, 24107 Kiel, Germany Telefon: +49 431 2390 400 -- Telefax: +49 431 2390 499 Service: [EMAIL PROTECTED] -- http://NetUSE.DE/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Authentication erros on freeradius 1.0.1 on Solaris 9
I'm on Solaris 9, and I haven't had any problems (touch wood), but I haven't tried it with a real NAS yet either - only test clients (radclient/radtest, NTRadPing on XP, Perl and Python). Just a thought - if it was a problem with Solaris/the server, then wouldn't your radtest test fail also? Have you tried using the same shared secret for localhost and the Cisco? Have you tried a different client on another platform, like NTRadPing for example? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Ahmad Cheikh-Moussa > Sent: Monday, 18 October 2004 6:10 AM > To: [EMAIL PROTECTED] > Subject: Re: Authentication erros on freeradius 1.0.1 on Solaris 9 > > Hi! > > > > If the User-Password is decrypted to be garbage, then either the > > shared secret is wrong, or there's a bug in the servers MD5 > routines. > > > > Try it on another platform, like x86. > freeradius on SuSe 9.1 functions properly. > Is it a Solaris Problem ? > Is there a patch for ? > > Regards, > Ahmad > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication erros on freeradius 1.0.1 on Solaris 9
On Mon, 18 Oct 2004 10:50 +1000, Mitchell, Michael wrote: > > Just a thought - if it was a problem with Solaris/the server, then > wouldn't your radtest test fail also? Only the radtest/radclient from the failing freeradius/Solaris installation is working. Using this radclient with a working freeradius fails too. It looks like radclient doesn't encrypt the password. With snoop I can see the password in clear! I guess on the radiusd it's the same problem. For requests from a working radclient, pair->flags.encrypt in rad_decode is always 0. As Ahmad already wrote, we are using identical configuration files on both Linux/IA32 and Solaris/Sparc. Only the Linux-version is working. Regards, Klaus -- Klaus Kastens NetUSE AG Dr.-Hell-Straße 6, D-24107 Kiel, Germany Fon: +49 431 2390 400 (07:00 GMT - 15:00 GMT) Fax: +49 431 2390 499 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html