Hello all Are there room for a newbee question here? This is my first Radius server. I get the message "No known good password" when trying to authenticate users. The users are coming from one of two possible VPN tunnels. I assume "clients.conf" is correctly configured. Any help is highly appreciated.
Best regards Ove Fagerheim >From "Users.conf": <snip> user1 Service-Type == Framed-User, User-Password == "password", # Adresses from 10.194.0.1 to 10.194.63.254 # Auth-Type = System, Framed-IP-Address = 10.194.0.1, Framed-IP-Netmask = 255.255.192.0, Fall-Through = Yes DEFAULT Service-Type == Framed-User, Huntgroup-Name == "Huntgroup-1", Framed-Protocol = GPRS-PDP-Context, NAS-Identifier = STCGGSN3, Called-Station_id = "My-Station-Id-String", Reply-Message = "%u is granted access" user1 Service-Type == Framed-User, User-Password == "password", # Adresser fra 10.192.64.1 til 10.192.127.254 # Auth-Type = System, Framed-IP-Address = 10.192.64.1, Framed-IP-Netmask = 255.255.192.0, Fall-Through = Yes DEFAULT Service-Type == Framed-User, Huntgroup-Name == ""Huntgroup-2", ", Framed-Protocol = GPRS-PDP-Context, NAS-Identifier = FBUGGSN3, Called-Station_id = "My-Station-Id-String", Reply-Message = "%u is granted access" <snip> >From "Huntgroups": <snip> Huntgroup-1 NAS-IP-Address == 172.x.x.0 Huntgroup-1 NAS-IP-Address == 172.x.x.1 . . . Huntgroup-1 NAS-IP-Address == 172.x.x.14 # # Huntgroup-2 NAS-IP-Address == 172.y.y.240 Huntgroup-2 NAS-IP-Address == 172.y.y.241 . . . Huntgroup-2 NAS-IP-Address == 172.y.y.254 <snip> logfile "log\radius\radacct\"NAS-IPAddress"\auth-detail-20090303.log: (username is client telephone number) <snip> Packet-Type = Access-Request Tue Mar 3 08:37:36 2009 NAS-IP-Address = 172.x.x.2 NAS-Identifier = "STCGGSN3" Called-Station-Id = "My-Station-Id-String" Framed-Protocol = GPRS-PDP-Context Service-Type = Framed-User NAS-Port-Type = Virtual NAS-Port = 16861232 User-Name = "user1" User-Password = "password" Calling-Station-Id = "user1" Client-IP-Address = 172.x.x.2 Huntgroup-Name = "Huntgroup-1" <snip> logfile "log\radius\radius.log" <snip> Mon Feb 16 12:00:54 2009 : Info: Ready to process requests. Mon Feb 16 12:01:49 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 35970456 cli 4790622859) Mon Feb 16 12:02:04 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 33168936 cli 4790622859) Mon Feb 16 12:02:17 2009 : Auth: Login incorrect: [user1/password] (from client TelenorTVK1 port 30960664 cli 4790622859) Mon Feb 16 12:03:57 2009 : Info: Using deprecated naslist file. Support for this will go away soon. Mon Feb 16 12:03:57 2009 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Mon Feb 16 12:03:57 2009 : Info: rlm_eap_tls: Loading the certificate file as a chain Mon Feb 16 12:03:57 2009 : Info: WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not work! Mon Feb 16 12:03:57 2009 : Info: Ready to process requests. <snip> If the abow errors is unrelated to my issue, I still would very much appreciante any hints on how to fix them. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html