[Serusers] ser and radius - WARNING! No "known good" password found for the user.
Greger V. Teigre
greger at teigre.com
Thu Jan 25 22:00:54 CET 2007
From your output:
Cleartext-Password or Digest-HA1 is required for authentication.
tzieleniewski wrote:
> Hi! I am trying to use freeradius as an authentication server for ser.
> I use the latest cvs version.
>
> I am o newbee with free radius so a kindly ask for your help becouse someone who has manage to done radius support probably wouldn/t have any probelms to point me what I do wrong.
> I configured ser so it sends the requests messages to radius but I encountered a strange error.
> Both are running on the same machine so it is enough to use the 127.0.0.1 client configuration from client.conf.
> I defined realm that would service the request comming with the "voip.touk.pl" domain part in the proxy.conf:
> realm voip.touk.pl
> {
> type = radius
> authhost = LOCAL
> accthost = LOCAL
> nostrip
> }
> I also included the digest modules in the authentication and authorization sections in the radiusd.conf.
> At the end I added the user data in the users file:
> hellboy Auth-Type := Digest, User-Password := "hellboy", Huntgroup-Name == "voip.touk.pl"
> Fall-Through = No,
> User-Name = `%{User-Name}`,
> Reply-Message = "Accepted: %{User-Name}"
>
> And know when SER sends the authentication request radius rejects it and there is this "strange" info" in radius debug
> rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
>
> Another thing wich is strange is:
> modcall[authorize]: module "suffix" returns noop for request 0
> When my suffix is defined in the radiusd.conf as:
> realm suffix {
> format = suffix
> delimiter = "@"
> }
>
> here is the whole free radius degub outout:
> rad_recv: Access-Request packet from host 127.0.0.1 port 32794, id=225, length=299
> User-Name = "hellboy at voip.touk.pl"
> Digest-Attributes = 0x0a0968656c6c626f79
> Digest-Attributes = 0x010e766f69702e746f756b2e706c
> Digest-Attributes = 0x022a34356238633234313732386462316132343230333639303633313264366333626338363135306563
> Digest-Attributes = 0x04177369703a7465737440766f69702e746f756b2e706c
> Digest-Attributes = 0x0308494e56495445
> Digest-Attributes = 0x050661757468
> Digest-Attributes = 0x090a3030303030303031
> Digest-Attributes = 0x08223133304432333745384238443837353945304441383438444443323133353542
> Digest-Response = "bd2e0fd81858b8114d326394b7b92001"
> Service-Type = 0x0000000f00000000
> SER-Service-Type = 0x0000000300000000
> SER-Uri-User = "hellboy"
> NAS-Port = 0x000013c400000000
> NAS-IP-Address = 0x7f00000100000000
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> rlm_digest: Adding Auth-Type = DIGEST
> modcall[authorize]: module "digest" returns ok for request 0
> rlm_realm: Looking up realm "voip.touk.pl" for User-Name = "hellboy at voip.touk.pl"
> rlm_realm: Found realm "voip.touk.pl"
> rlm_realm: Proxying request from user hellboy to realm voip.touk.pl
> rlm_realm: Adding Realm = "voip.touk.pl"
> rlm_realm: Authentication realm is LOCAL.
> modcall[authorize]: module "suffix" returns noop for request 0
> modcall[authorize]: module "files" returns noop for request 0
> modcall[authorize]: module "expiration" returns noop for request 0
> modcall[authorize]: module "logintime" returns noop for request 0
> rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
> modcall[authorize]: module "pap" returns noop for request 0
> modcall: group authorize returns ok for request 0
> rad_check_password: Found Auth-Type DIGEST
> auth: type "digest"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> rlm_digest: Cleartext-Password or Digest-HA1 is required for authentication.
> modcall[authenticate]: module "digest" returns invalid for request 0
> modcall: group authenticate returns invalid for request 0
> auth: Failed to validate the user.
> Login incorrect: [hellboy at voip.touk.pl/<via Auth-Type = DIGEST>] (from client ip4.localhost port 0)
> Found Post-Auth-Type
> Processing the post-auth section of radiusd.conf
> modcall: entering group REJECT for request 0
> radius_xlat: 'hellboy at voip.touk.pl'
> attr_filter: Matched entry DEFAULT at line 11
> modcall[post-auth]: module "attr_filter.access_reject" returns updated for request 0
> modcall: group REJECT returns updated for request 0
>
> Best
> tomasz
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
More information about the sr-users
mailing list