>Are there room for a newbee question here? This is my first Radius server. >I get the message "No known good password" when trying to authenticate users >The users are coming from one of two possible VPN tunnels. I assume >"clients.conf" is correctly configured. >Any help is highly appreciated. > > >Best regards >Ove Fagerheim > >>From "Users.conf": ><snip> >user1 Service-Type == Framed-User, User-Password == "password", > # Adresses from 10.194.0.1 to 10.194.63.254 > # Auth-Type = System, > Framed-IP-Address = 10.194.0.1, > Framed-IP-Netmask = 255.255.192.0, > Fall-Through = Yes > >DEFAULT Service-Type == Framed-User, Huntgroup-Name == "Huntgroup-1", > Framed-Protocol = GPRS-PDP-Context, > NAS-Identifier = STCGGSN3, > Called-Station_id = "My-Station-Id-String", > Reply-Message = "%u is granted access" > > >user1 Service-Type == Framed-User, User-Password == "password", > # Adresser fra 10.192.64.1 til 10.192.127.254 > # Auth-Type = System, > Framed-IP-Address = 10.192.64.1, > Framed-IP-Netmask = 255.255.192.0, > Fall-Through = Yes > >DEFAULT Service-Type == Framed-User, Huntgroup-Name == ""Huntgroup-2", ", > Framed-Protocol = GPRS-PDP-Context, > NAS-Identifier = FBUGGSN3, > Called-Station_id = "My-Station-Id-String", > Reply-Message = "%u is granted access" ><snip> > >>From "Huntgroups": ><snip> >Huntgroup-1 NAS-IP-Address == 172.x.x.0 >Huntgroup-1 NAS-IP-Address == 172.x.x.1 >.. >.. >.. >Huntgroup-1 NAS-IP-Address == 172.x.x.14 ># ># >Huntgroup-2 NAS-IP-Address == 172.y.y.240 >Huntgroup-2 NAS-IP-Address == 172.y.y.241 >.. >.. >.. >Huntgroup-2 NAS-IP-Address == 172.y.y.254 ><snip> > > >logfile "log\radius\radacct\"NAS-IPAddress"\auth-detail-20090303.log: >(username is client telephone number) ><snip> >Packet-Type = Access-Request >Tue Mar 3 08:37:36 2009 > NAS-IP-Address = 172.x.x.2 > NAS-Identifier = "STCGGSN3" > Called-Station-Id = "My-Station-Id-String" > Framed-Protocol = GPRS-PDP-Context > Service-Type = Framed-User > NAS-Port-Type = Virtual > NAS-Port = 16861232 > User-Name = "user1" > User-Password = "password" > Calling-Station-Id = "user1" > Client-IP-Address = 172.x.x.2 > Huntgroup-Name = "Huntgroup-1" ><snip> > > >logfile "log\radius\radius.log" ><snip> >Mon Feb 16 12:00:54 2009 : Info: Ready to process requests. >Mon Feb 16 12:01:49 2009 : Auth: Login incorrect: [user1/password] (from >client TelenorTVK1 port 35970456 cli 4790622859) >Mon Feb 16 12:02:04 2009 : Auth: Login incorrect: [user1/password] (from >client TelenorTVK1 port 33168936 cli 4790622859) >Mon Feb 16 12:02:17 2009 : Auth: Login incorrect: [user1/password] (from >client TelenorTVK1 port 30960664 cli 4790622859) >Mon Feb 16 12:03:57 2009 : Info: Using deprecated naslist file. Support for >this will go away soon. >Mon Feb 16 12:03:57 2009 : Info: rlm_exec: Wait=yes but no output defined. Did >you mean output=none? >Mon Feb 16 12:03:57 2009 : Info: rlm_eap_tls: Loading the certificate file as >a chain >Mon Feb 16 12:03:57 2009 : Info: WARNING: rlm_eap_tls: Unable to set DH >parameters. DH cipher suites may not work! >Mon Feb 16 12:03:57 2009 : Info: Ready to process requests. ><snip> > >If the abow errors is unrelated to my issue, I still would very much >appreciante any hints on how to fix them.
What freeradius version is this? You probably shouldn't be using User-Password but Cleartext-Password. Post the output of radiusd -X from request processing. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html