Re: Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34
Hi, Hi, I am unable to locally authenticate a user from users file. Below is the log : what does the entry in your users file look like? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34
No Worries .. I managed to get past the error. Actually, i was using a same username that was in my /etc/shadow . I renamed the user and it worked. Cheers On Sun, Mar 14, 2010 at 7:04 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: Hi, Hi, I am unable to locally authenticate a user from users file. Below is the log : what does the entry in your users file look like? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34
Hi,
I am unable to locally authenticate a user from users file. Below is the log
:
Server :
rad_recv: Access-Request packet from host 127.0.0.1 port 37881, id=29,
length=57
User-Name = suman
User-Password = hello
NAS-IP-Address = 20x.20x.20x.20x
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = suman, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
[files] users: Matched entry suman at line 90
[files] expand: Hello, %{User-Name} - Hello, suman
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password hello
[pap] Using CRYPT encryption.
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - suman
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.10 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 29 to 127.0.0.1 port 37881
Reply-Message = Hello, suman
Waking up in 4.9 seconds.
Cleaning up request 2 ID 29 with timestamp +164
Ready to process requests.
Radtest
sudo radtest suman hello 127.0.0.1 0 testing123
Log
Sending Access-Request of id 203 to 127.0.0.1 port 1812
User-Name = suman
User-Password = hello
NAS-IP-Address = 204.232.205.196
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=203,
length=34
Reply-Message = Hello, suman
Please let me know what i am doing wrong as i am a complete starter.
Thanks and Regards
Suman Dash
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34
On Sat, Mar 13, 2010 at 8:14 PM, Suman Dash sumand...@gmail.com wrote:
+- entering group PAP {...}
[pap] login attempt with password hello
[pap] Using CRYPT encryption.
[pap] Passwords don't match
++[pap] returns reject
I don't think you used a crypt password in your users file
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34
No, The Password is in Cleartext. How do i disable / Enable the CRYPT
password ?
On Sun, Mar 14, 2010 at 1:45 AM, YvesDM ydm...@gmail.com wrote:
On Sat, Mar 13, 2010 at 8:14 PM, Suman Dash sumand...@gmail.com wrote:
+- entering group PAP {...}
[pap] login attempt with password hello
[pap] Using CRYPT encryption.
[pap] Passwords don't match
++[pap] returns reject
I don't think you used a crypt password in your users file
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34
On Sun, Mar 14, 2010 at 8:35 AM, Suman Dash sumand...@gmail.com wrote: No, The Password is in Cleartext. How do i disable / Enable the CRYPT password ? On the first day google was born http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg61708.html kind regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=227, length=20
Hello, I use freeradius 2.1.0 package from ubuntu server 9.10 with freeradius-mysql installed. But I've got error message when tested. What should I do ? r...@radius:/etc/freeradius# radtest user localhost 1812 testing123 Sending Access-Request of id 227 to 127.0.0.1 port 1812 User-Name = user User-Password = NAS-IP-Address = 192.168.0.3 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=227, length=20 Below freeradius log on var/log/freeradius/radius.log Thu Feb 11 10:31:02 2010 : Error: [sql] database query error, SELECT groupname FROM radusergroup WHERE username = 'user' ORDER BY priority: Table 'radius.radusergroup' doesn't exist Thu Feb 11 10:31:02 2010 : Error: [sql] Error retrieving group list Thu Feb 11 10:31:02 2010 : Error: [sql] Error processing groups; rejecting user Thank You Teguh Kurniawan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sending Access-Request of id 42 to 10.0.6.29 port 1812 User-Name = test User-Password = testing123 NAS-IP-Address = 10.30.1.104 NAS-Port = 1812 rad_recv: Access-Reject packet from host 10.0.6.29 p
hello! now i have this. i hope this time your answerme!!1 Sending Access-Request of id 42 to 10.0.6.29 port 1812 User-Name = test User-Password = testing123 NAS-IP-Address = 10.30.1.104 NAS-Port = 1812 rad_recv: Access-Reject packet from host 10.0.6.29 port 1812, id=42, length=88 State = 0xb58bf2bf2470c7b33a07ab72ff21378e Message-Authenticator = 0x53f17e1045e6a2f65d3a3f48704ea2c9 ¿? could you help me -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending Access-Request of id 42 to 10.0.6.29 port 1812 User-Name = test User-Password = testing123 NAS-IP-Address = 10.30.1.104 NAS-Port = 1812 rad_recv: Access-Reject packet from host 10.0.6.
hi, you need to look at the debug log for the RADIUS server which lives at 10.0.6.29 as that is the thing doing the rejecting! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending Access-Request of id 42 to 10.0.6.29 port 1812 User-Name = test User-Password = testing123 NAS-IP-Address = 10.30.1.104 NAS-Port = 1812 rad_recv: Access-Reject packet from host 10.0.6.
Martin Silvero wrote: now i have this. i hope this time your answerme!!1 Why? Is there some kind of contractual obligation requiring people here to respond? Sending Access-Request of id 42 to 10.0.6.29 http://10.0.6.29 port 1812 User-Name = test User-Password = testing123 NAS-IP-Address = 10.30.1.104 http://10.30.1.104 NAS-Port = 1812 rad_recv: Access-Reject packet from host 10.0.6.29 http://10.0.6.29 port 1812, id=42, length=88 State = 0xb58bf2bf2470c7b33a07ab72ff21378e Message-Authenticator = 0x53f17e1045e6a2f65d3a3f48704ea2c9 The RADIUS server isn't FreeRADIUS. Go ask the RADIUS server vendor what's going on. Don't be surprised if they ask for money before answering your questions. Questions about other RADIUS servers don't belong on this list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending Access-Request of id 42 to 10.0.6.29 port 1812 User-Name = test User-Password = testing123 NAS-IP-Address = 10.30.1.104 NAS-Port = 1812 rad_recv: Access-Reject packet from host 10.0.6.
preacct {...} for more
modules to load
Thu Aug 14 17:36:15 2008 : Debug: (Loaded rlm_acct_unique, checking if
it's valid)
Thu Aug 14 17:36:15 2008 : Debug: Module: Linked to module rlm_acct_unique
Thu Aug 14 17:36:15 2008 : Debug: Module: Instantiating acct_unique
Thu Aug 14 17:36:15 2008 : Debug: acct_unique {
Thu Aug 14 17:36:15 2008 : Debug: key = User-Name, Acct-Session-Id,
NAS-IP-Address, Client-IP-Address, NAS-Port
Thu Aug 14 17:36:15 2008 : Debug: }
Thu Aug 14 17:36:15 2008 : Debug: Module: Checking accounting {...} for
more modules to load
Thu Aug 14 17:36:15 2008 : Debug: (Loaded rlm_detail, checking if it's
valid)
Thu Aug 14 17:36:15 2008 : Debug: Module: Linked to module rlm_detail
Thu Aug 14 17:36:15 2008 : Debug: Module: Instantiating detail
Thu Aug 14 17:36:15 2008 : Debug: detail {
Thu Aug 14 17:36:15 2008 : Debug: detailfile =
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
Thu Aug 14 17:36:15 2008 : Debug: header = %t
Thu Aug 14 17:36:15 2008 : Debug: detailperm = 384
Thu Aug 14 17:36:15 2008 : Debug: dirperm = 493
Thu Aug 14 17:36:15 2008 : Debug: locking = no
Thu Aug 14 17:36:15 2008 : Debug: log_packet_header = no
Thu Aug 14 17:36:15 2008 : Debug: }
Thu Aug 14 17:36:15 2008 : Debug: Module: Instantiating
attr_filter.accounting_response
Thu Aug 14 17:36:15 2008 : Debug: attr_filter
attr_filter.accounting_response {
Thu Aug 14 17:36:15 2008 : Debug: attrsfile =
/usr/local/etc/raddb/attrs.accounting_response
Thu Aug 14 17:36:15 2008 : Debug: key = %{User-Name}
Thu Aug 14 17:36:15 2008 : Debug: }
Thu Aug 14 17:36:15 2008 : Debug: Module: Checking session {...} for more
modules to load
Thu Aug 14 17:36:15 2008 : Debug: Module: Checking post-proxy {...} for
more modules to load
Thu Aug 14 17:36:15 2008 : Debug: Module: Checking post-auth {...} for more
modules to load
Thu Aug 14 17:36:15 2008 : Debug: }
Thu Aug 14 17:36:15 2008 : Debug: }
Thu Aug 14 17:36:15 2008 : Debug: radiusd: Opening IP addresses and
Ports
Thu Aug 14 17:36:15 2008 : Debug: Listening on authentication address
10.30.1.104 port 1812
Thu Aug 14 17:36:15 2008 : Debug: Listening on accounting address
10.30.1.104 port 1813
Thu Aug 14 17:36:15 2008 : Debug: Listening on proxy address
10.30.1.104port 1814
Thu Aug 14 17:36:15 2008 : Debug: Ready to process requests.
ok, and when i write : radtest test testing123 10.0.6.29 1812 testing123 i
get:
Sending Access-Request of id 74 to 10.0.6.29 port 1812
User-Name = test
User-Password = testing123
NAS-IP-Address = 10.30.1.104
NAS-Port = 1812
rad_recv: Access-Reject packet from host 10.0.6.29 port 1812, id=74,
length=88
State =
0xb58bf2bf2470c7b33a07ab72ff21378e
Message-Authenticator = 0xbefeb88cc603cce206c6101378ca48b4
and to second alan, no understand very much you say.
sorry my ingles, is not my lenguage native..
thanks for you time!!!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending Access-Request of id 42 to 10.0.6.29 port 1812 User-Name = test User-Password = testing123 NAS-IP-Address = 10.30.1.104 NAS-Port = 1812 rad_recv: Access-Reject packet from host 10.0.6.
Hi, hi ! to firts alan my server is 10.30.1.104 no 10.0.6.29 and when i write this: radiusd -i 10.30.1.104 -p 1812 -x -X : okay. your server is 10.30.1.104 ok, and when i write : radtest test testing123 10.0.6.29 1812 testing123 i get: do you know what that command means? you are sending a request for user 'test' with password 'testing123' to server 10.0.6.29 so WHAT is server 10.0.6.29 ? its certainly not the server you've just started. THAT server was 10.30.1.104 alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending Access-Request of id 42 to 10.0.6.29 port 1812 User-Name= test User-Password = testing123 NAS-IP-Address =10.30.1.104 NAS-Port = 1812 rad_recv: Access-Reject packet fromhost 10.0.6.29
hi ! to firts alan my server is 10.30.1.104 no 10.0.6.29 Fine. ok, and when i write : radtest test testing123 10.0.6.29 1812 testing123 So why are you sending the request to the wrong radius server? Read instructions how to use radtest again. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: access reject packet
i create a testuser by adding following to /etc/freeradius/users:
lim User-Password == lim
DEFAULT Auth-Type := sql
Fall-Through := 1
and also change the shared radius secret for localhost in
/etc/freeradius/clients.conf
client 127.0.0.1 {
secret = testing123nastype = other #
localhost isn't usually a NAS...
}but when i ran the radtest lim lim 127.0.0.1 0 testing123the access packet was
rejected.any1 can show me the guide regarding this?thanks!
- Original Message
From: lim chee hong [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Monday, September 3, 2007 11:37:25 AM
Subject: access reject packet
[EMAIL PROTECTED] raddb]# radtest lim lim localhost 1645 testing123
Sending Access-Request of id 194 to 127.0.0.1 port 1812
User-Name = lim
User-Password = lim
NAS-IP-Address = 255.255.255.255
NAS-Port = 1645
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=194, length=20
this is the result when i ran my radtest for my freeradius 1.1.6 in fedora core
2.
unfortunely i get the access reject packet for the result.i had edited in my
radius.config and client.config but i think i did wrongly since i get the
access rejected.anybody know how to solve this problem?where should i correct
in the config file.
thanks in advance for ur help.i'm new in freeradius and hope tat can seek the
help from u all.once again thank you to u all.
Send instant messages to your online friends http://uk.messenger.yahoo.com
Send instant messages to your online friends http://uk.messenger.yahoo.com -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: access reject packet
lim chee hong wrote: i create a testuser by adding following to */etc/freeradius/users:* lim User-Password == lim DEFAULT Auth-Type := sql That's wrong. See the FAQ. but when i ran the radtest lim lim 127.0..0.1 0 testing123 the access packet was rejected.any1 can show me the guide regarding this? The README, FAQ, INSTALL, etc. all document this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: access reject packet
hi rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=194, length=20 you should also post the output of radius -X , the relevant contents of radius.conf, clients.conf, huntgroups and the users file. without these, it's very difficult to tell anything - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
access reject packet
[EMAIL PROTECTED] raddb]# radtest lim lim localhost 1645 testing123 Sending Access-Request of id 194 to 127.0.0.1 port 1812 User-Name = lim User-Password = lim NAS-IP-Address = 255.255.255.255 NAS-Port = 1645 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=194, length=20 this is the result when i ran my radtest for my freeradius 1.1.6 in fedora core 2. unfortunely i get the access reject packet for the result.i had edited in my radius.config and client.config but i think i did wrongly since i get the access rejected.anybody know how to solve this problem?where should i correct in the config file. thanks in advance for ur help.i'm new in freeradius and hope tat can seek the help from u all.once again thank you to u all. Send instant messages to your online friends http://uk.messenger.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
attribute Password in an Access-Reject packet
Hy all, I am trying to include two pairs attribute/value in my Radius Response Packet. This is my code: ... pairadd(request-reply-vps, pairmake(Password, ***\n, T_OP_EQ)); pairadd (request-reply-vps, pairmake(Reply-Message, TID-2002, T_OP_EQ)); ... When I do some tests, I observe this: 1) If my radius Response Packet is an Access-Accept, the FreeRadius server sends: Received response ID 255, code 2, length = 71 User-Password = ***\n Reply-Message = TID-2002 2) If my radius Response Packet is an Access-Reject, the FreeRadius server sends: Received response ID 252, code 3, length = 30 Reply-Message = TID-2002 * Why the Password attribute does not appear in the Access-Reject packet? * Why does the Password attribute (in the Access-Accept packet) appear like User-Password? Thank you very much Susana __ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: attribute Password in an Access-Reject packet
Susana Macias wrote: * Why the Password attribute does not appear in the Access-Reject packet? User-Password is not permitted in Access-Rejects; see the RFC. * Why does the Password attribute (in the Access-Accept packet) appear like User-Password? That's how it's defined in the dictionary file. josh. Thank you very much Susana __ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: attribute Password in an Access-Reject packet
--- Josh Howlett [EMAIL PROTECTED] escribió: Susana Macias wrote: * Why the Password attribute does not appear in the Access-Reject packet? User-Password is not permitted in Access-Rejects; see the RFC. Yes, but in the RFC says that the User-Password attribute is only used in Access-Request packets. However I have been able to send it in an Access-Accept packet (this is why I asked) * Why does the Password attribute (in the Access-Accept packet) appear like User-Password? That's how it's defined in the dictionary file. And is there any form to send Password instead User-Password? Thanks again josh. Thank you very much Susana __ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: attribute Password in an Access-Reject packet
Susana Macias [EMAIL PROTECTED] wrote: Yes, but in the RFC says that the User-Password attribute is only used in Access-Request packets. However I have been able to send it in an Access-Accept packet (this is why I asked) It's not a good idea to send passwords in Access-Accept. Technically, the RFC's should have forbidden that, too. And is there any form to send Password instead User-Password? The names are unimportant. They both refer to the same attribute: number 2. The names are used only by the server. See man dictionary for details. Perhaps you could explain why you're sending the password in response packets, and why you think it's useful. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
In which point does the FR sever send the Access-Accept or Access-Reject packet?
Hy all,I have a doubt about when FreeRadius server decides to send an Access-Accept or an Access-Reject packet. When the authenticate module returns with a RLM_MODULE_REJECT, does the FR server send an Access-Reject packet? ordoes it occurlater? When the authenticate module returns with a RLM_MODULE_OK, does the FR server send the Access-Accept packet? ordoes it occurlater? Thanks in advance, Marta Correo Yahoo!Comprueba qué es nuevo, aquíhttp://correo.yahoo.es- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: In which point does the FR sever send the Access-Accept or Access-Reject packet?
Marta Lajas [EMAIL PROTECTED] writes:
I have a doubt about when FreeRadius server decides to send an
Access-Accept or an Access-Reject packet.
When the authenticate module returns with a RLM_MODULE_REJECT,
does the FR server send an Access-Reject packet? or does it occur
later?
When the authenticate module returns with a RLM_MODULE_OK, does
the FR server send the Access-Accept packet? or does it occur
later?
You can find the answers in src/main/modcall.c. The default
authenticate actions are:
{
MOD_ACTION_RETURN, /* reject */
1, /* fail */
MOD_ACTION_RETURN, /* ok */
MOD_ACTION_RETURN, /* handled */
1, /* invalid */
MOD_ACTION_RETURN, /* userlock */
MOD_ACTION_RETURN, /* notfound */
1, /* noop */
1 /* updated */
},
Which means that both RLM_MODULE_REJECT and RLM_MODULE_OK will cause
an immediate return action without calling any further modules in the
authenticate section.
Note that these actions may be modified by redundant or append
module grouping, or even configured on code by code basis. See
doc/configurable_failover
The modules in postauth will of course still be called before sending
Access-Reject or Access-Accept.
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: In which point does the FR sever send the Access-Accept or Access-Reject packet?
Marta Lajas [EMAIL PROTECTED] wrote: I have a doubt about when FreeRadius server decides to send an Access-Accept or an Access-Reject packet. Why ask the list when you can run it yourself and see? When the authenticate module returns with a RLM_MODULE_REJECT, does the FR server send an Access-Reject packet? or does it occur later? Yes. It *may* occur later because of reject_delay. See radiusd.conf. When the authenticate module returns with a RLM_MODULE_OK, does the FR server send the Access-Accept packet? or does it occur later? Yes. And it's sent immediately. I can't help but think these questions are *not* the questions you want answered. What problem are you trying to solve? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Access-Reject packet from host 127.0.0.1:1812
Hi all,
I am a complete newbie with radius. I have try to configure freeradius on
fedora core 3 to authenticates against unix password /etc/passwd,
/etc/shadow, but seem to be fail until now.. can any want pls guide me
though this.. Besides, pls advice me if i doing anything wrong.
My installation step:-
1) install freeradius using apt-get command:-
=
[EMAIL PROTECTED] ~]# apt-get install freeradius
=
2) As i go though the doc, the default seem to be ok.., so i just start
the services:-
=
[EMAIL PROTECTED] ~]# /etc/init.d/radiusd start
Starting RADIUS server:[ OK ]
[EMAIL PROTECTED] ~]#
=
3) add a dummy user and assigh a password to user dummy:-
=
[EMAIL PROTECTED] ~]# adduser dummy
[EMAIL PROTECTED] ~]# passwd dummy
Changing password for user dummy.
New UNIX password: testing
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password: testing
passwd: all authentication tokens updated successfully.
[EMAIL PROTECTED] ~]#
=
4) testing to autheticate the user dummy:-
=
[EMAIL PROTECTED] ~]# radtest dummy testing localhost:1812 1 testing123
Sending Access-Request of id 251 to 127.0.0.1:1812
User-Name = dummy
User-Password = testing
NAS-IP-Address = cerebro.osedge.com
NAS-Port = 1
Re-sending Access-Request of id 251 to 127.0.0.1:1812
User-Name = dummy
User-Password = \271g\343\034{~\235\364M\344ID%\345\021j
NAS-IP-Address = cerebro.osedge.com
NAS-Port = 1
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=251, length=20
[EMAIL PROTECTED] ~]#
=
The output of /var/log/radius/radius.log
=
[EMAIL PROTECTED] radius]# tail -f /var/log/radius/radius.log
Thu Jul 28 03:54:16 2005 : Info: rlm_exec: Wait=yes but no output defined.
Did you mean output=none?
Thu Jul 28 03:54:16 2005 : Info: Ready to process requests.
Thu Jul 28 03:55:38 2005 : Info: Using deprecated naslist file. Support
for this will go away soon.
Thu Jul 28 03:55:38 2005 : Info: rlm_exec: Wait=yes but no output defined.
Did you mean output=none?
Thu Jul 28 03:55:38 2005 : Info: Ready to process requests.
Thu Jul 28 03:55:42 2005 : Info: Using deprecated naslist file. Support
for this will go away soon.
Thu Jul 28 03:55:42 2005 : Info: rlm_exec: Wait=yes but no output defined.
Did you mean output=none?
Thu Jul 28 03:55:42 2005 : Info: Ready to process requests.
Thu Jul 28 03:55:45 2005 : Auth: rlm_unix: [dummy]: invalid password
Thu Jul 28 03:56:25 2005 : Auth: rlm_unix: [dummy]: invalid password
Thu Jul 28 03:56:37 2005 : Auth: rlm_unix: [dummy]: invalid password
=
output of the command radiusd -X
=
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = /usr
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/lib
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /var/run/radiusd/radiusd.pid
main: user = radiusd
main: group = radiusd
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon
Re: Access-Reject packet from host 127.0.0.1:1812
Hi,
BAD PASSWORD: it is based on a dictionary word
I hope you dont let folk SSH into this box :-)
[EMAIL PROTECTED] ~]# radtest dummy testing localhost:1812 1 testing123
Sending Access-Request of id 251 to 127.0.0.1:1812
User-Name = dummy
User-Password = testing
NAS-IP-Address = cerebro.osedge.com
NAS-Port = 1
Re-sending Access-Request of id 251 to 127.0.0.1:1812
User-Name = dummy
User-Password = \271g\343\034{~\235\364M\344ID%\345\021j
NAS-IP-Address = cerebro.osedge.com
NAS-Port = 1
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=251, length=20
from a quick look att he logs, it looks as if the FreeRADIUS process
is unable to read your /etc/passwd file
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject packet from host 127.0.0.1:1812
3. Re: Access-Reject packet from host 127.0.0.1:1812
--
Message: 3
Date: Wed, 27 Jul 2005 21:34:01 +0100
From: [EMAIL PROTECTED]
Subject: Re: Access-Reject packet from host 127.0.0.1:1812
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=us-ascii
Hi,
BAD PASSWORD: it is based on a dictionary word
I hope you dont let folk SSH into this box :-)
[EMAIL PROTECTED] ~]# radtest dummy testing localhost:1812 1 testing123
Sending Access-Request of id 251 to 127.0.0.1:1812
User-Name = dummy
User-Password = testing
NAS-IP-Address = cerebro.osedge.com
NAS-Port = 1
Re-sending Access-Request of id 251 to 127.0.0.1:1812
User-Name = dummy
User-Password = \271g\343\034{~\235\364M\344ID%\345\021j
NAS-IP-Address = cerebro.osedge.com
NAS-Port = 1
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=251, length=20
from a quick look att he logs, it looks as if the FreeRADIUS process
is unable to read your /etc/passwd file
alan
Hi Alan, i have do some chown on the shadow file and everything seem to
be work fine.. Thank you very much for your advices..
check the below output:-
==
[EMAIL PROTECTED] ~]# radtest dummy testing localhost:1812 1 testing123
Sending Access-Request of id 226 to 127.0.0.1:1812
User-Name = dummy
User-Password = testing
NAS-IP-Address = cerebro.osedge.com
NAS-Port = 1
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=226, length=20
[EMAIL PROTECTED] ~]#
==
Best Regards,
--
Peter Cheng
Chief Technical Officer
Open Source Edge
O.S. Edge Sdn Bhd
Mobile: +6.012.4766.202
Office: +6.03.4023.0337/8337
Fax : +6.03.4023.2337
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rad_recv: Access-Reject packet
Hi, I installed the freeRADIUS on my RedHat7.3 it was successfully installed and when i am trying using radtes in root mode. it is working very well. My problem is, i add new user in users file like : bob Auth-Type:=EAP,User-Password == test but when i am trying to radtes it is not working and i am getting the message: [EMAIL PROTECTED] root]# radtest boo test localhost 0 testing123 Sending Access-Request of id 125 to 127.0.0.1:1812 User-Name = boo User-Password = test NAS-IP-Address = localhost.localadmin NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=125, length=20 If anyone can help me or redirect me any usefull URL i willbe really thank full. __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rad_recv: Access-Reject packet
- Original Message - From: Abdul Lateef [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Sunday, February 20, 2005 10:52 AM Subject: rad_recv: Access-Reject packet My problem is, i add new user in users file like : bob Auth-Type:=EAP,User-Password == test [EMAIL PROTECTED] root]# radtest boo test localhost 0 testing123 Sending Access-Request of id 125 to 127.0.0.1:1812 User-Name = boo User-Password = test If you have 'bob' in your users file but used 'boo' instead, then, you will surely get an Access-Reject message. Do another radtest as below: radtest bob test localhost 0 testing123 Or else post the unedited debug (radiusd -X) Goodluck! __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
