[Serusers] ser and radius - WARNING! No "known good" password found for the user.

Greger V. Teigre greger at teigre.com
Thu Jan 25 22:00:54 CET 2007 

 From your output:

Cleartext-Password or Digest-HA1 is required for authentication.



tzieleniewski wrote:
> Hi! I am trying to use freeradius as an authentication server for ser.
> I use the latest cvs version.
>
> I am o newbee with free radius so a kindly ask for your help becouse someone who has manage to done radius support probably wouldn/t have any probelms to point me what I do wrong.
> I configured ser so it sends the requests messages to radius but I encountered a strange error. 
> Both are running on the same machine so it is enough to use the 127.0.0.1 client configuration from client.conf. 
> I defined realm that would service the request comming with the "voip.touk.pl" domain part in the proxy.conf: 
> realm voip.touk.pl 
> { 
>    type = radius 
>    authhost = LOCAL 
>    accthost = LOCAL 
>    nostrip 
> } 
> I also included the digest modules in the authentication and authorization sections in the radiusd.conf. 
> At the end I added the user data in the users file: 
> hellboy Auth-Type := Digest, User-Password := "hellboy", Huntgroup-Name == "voip.touk.pl" 
>           Fall-Through = No, 
>           User-Name = `%{User-Name}`, 
>           Reply-Message = "Accepted: %{User-Name}" 
>
> And know when SER sends the authentication request radius rejects it and there is this "strange" info" in radius debug 
> rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. 
>
> Another thing wich is strange is: 
> modcall[authorize]: module "suffix" returns noop for request 0
> When my suffix is defined in the radiusd.conf as: 
> realm suffix { 
>      format = suffix 
>      delimiter = "@" 
> } 
>
> here is the whole free radius degub outout: 
> rad_recv: Access-Request packet from host 127.0.0.1 port 32794, id=225, length=299
>         User-Name = "hellboy at voip.touk.pl"
>         Digest-Attributes = 0x0a0968656c6c626f79
>         Digest-Attributes = 0x010e766f69702e746f756b2e706c
>         Digest-Attributes = 0x022a34356238633234313732386462316132343230333639303633313264366333626338363135306563
>         Digest-Attributes = 0x04177369703a7465737440766f69702e746f756b2e706c
>         Digest-Attributes = 0x0308494e56495445
>         Digest-Attributes = 0x050661757468
>         Digest-Attributes = 0x090a3030303030303031
>         Digest-Attributes = 0x08223133304432333745384238443837353945304441383438444443323133353542
>         Digest-Response = "bd2e0fd81858b8114d326394b7b92001"
>         Service-Type = 0x0000000f00000000
>         SER-Service-Type = 0x0000000300000000
>         SER-Uri-User = "hellboy"
>         NAS-Port = 0x000013c400000000
>         NAS-IP-Address = 0x7f00000100000000
>   Processing the authorize section of radiusd.conf
> modcall:  entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
> rlm_digest: Adding Auth-Type = DIGEST
>   modcall[authorize]: module "digest" returns ok for request 0
>     rlm_realm: Looking up realm "voip.touk.pl" for User-Name = "hellboy at voip.touk.pl"
>     rlm_realm: Found realm "voip.touk.pl"
>     rlm_realm: Proxying request from user hellboy to realm voip.touk.pl
>     rlm_realm: Adding Realm = "voip.touk.pl"
>     rlm_realm: Authentication realm is LOCAL.
>   modcall[authorize]: module "suffix" returns noop for request 0
>   modcall[authorize]: module "files" returns noop for request 0
>   modcall[authorize]: module "expiration" returns noop for request 0
>   modcall[authorize]: module "logintime" returns noop for request 0
> rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
>   modcall[authorize]: module "pap" returns noop for request 0
> modcall: group authorize returns ok for request 0
>   rad_check_password:  Found Auth-Type DIGEST
> auth: type "digest"
>   Processing the authenticate section of radiusd.conf
> modcall:  entering group authenticate for request 0
> rlm_digest: Cleartext-Password or Digest-HA1 is required for authentication.
>   modcall[authenticate]: module "digest" returns invalid for request 0
> modcall: group authenticate returns invalid for request 0
> auth: Failed to validate the user.
> Login incorrect: [hellboy at voip.touk.pl/<via Auth-Type = DIGEST>] (from client ip4.localhost port 0)
>   Found Post-Auth-Type
>   Processing the post-auth section of radiusd.conf
> modcall:  entering group REJECT for request 0
> radius_xlat:  'hellboy at voip.touk.pl'
>  attr_filter: Matched entry DEFAULT at line 11
>   modcall[post-auth]: module "attr_filter.access_reject" returns updated for request 0
> modcall: group REJECT returns updated for request 0
>
> Best 
> tomasz
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
>

More information about the sr-users mailing list