Hello, We have a Solaris 8 box running freeradius 1.0.4. This machine is being upgraded to a bigger beast running Solaris 10. The problem I am having has occurred on all versions of freeradius I have tested on the new Solaris 10 machine - including 1.0.4, 1.0.5, and 1.1.1.
The error, when running radiusd -X is this: auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! Facts: 1. We are connecting the same NAS box to the new machine and getting the same error. 2. We are using the same exact configuration files (and obviously the same secret.) 3. The NAS box is a Cisco Catalyst 3450 (24 DC Powered) Protocol 1645, IOS 12.1[13]EA1C. 4. I have verified that the same configuration file with the same secret is being read, and that the secret on the NAS box stays the same when connecting to both hosts. 5. I am sending no extra options to ./configure at compile time. I thank you so much for any leads anyone can give me into the cause of this. Here is the entire output: bash-3.00# /usr/local/sbin/radiusd -X -p 1645 Ignoring deprecated command-line option -pStarting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1645 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd.pid" main: user = "root" main: group = "root" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded System unix: cache = yes unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 300 HASH: Reinitializing hash structures and lists for caching... HASH: user root found in hashtable bucket 11726 HASH: user daemon found in hashtable bucket 11668 HASH: user bin found in hashtable bucket 86651 HASH: user sys found in hashtable bucket 64201 HASH: user adm found in hashtable bucket 26466 HASH: user lp found in hashtable bucket 54068 HASH: user uucp found in hashtable bucket 38541 HASH: user nuucp found in hashtable bucket 74587 HASH: user smmsp found in hashtable bucket 13600 HASH: user listen found in hashtable bucket 49327 HASH: user gdm found in hashtable bucket 50360 HASH: user webservd found in hashtable bucket 39570 HASH: user nobody found in hashtable bucket 99723 HASH: user noaccess found in hashtable bucket 80609 HASH: user nobody4 found in hashtable bucket 84789 HASH: user c927693 found in hashtable bucket 51401 HASH: Stored 16 entries from /etc/passwd HASH: Stored 21 entries from /etc/group Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1645 Listening on accounting *:1646 Listening on proxy *:1647 Ready to process requests. rad_recv: Access-Request packet from host 144.133.145.11:1812, id=164, length=82 NAS-IP-Address = 144.133.145.11 NAS-Port = 2 NAS-Port-Type = Virtual User-Name = "c927693" Calling-Station-Id = "144.133.188.238" User-Password = "TI.\331\255\254Z3\036\247sj\262\274[\222" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 Invalid operator for item Prefix: reverting to '==' Invalid operator for item Prefix: reverting to '==' Invalid operator for item Prefix: reverting to '==' Invalid operator for item Prefix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 0 rlm_realm: No '@' in User-Name = "c927693", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 HASH: user c927693 found in hashtable bucket 51401 users: Matched entry DEFAULT at line 40 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 HASH: user c927693 found in hashtable bucket 51401 modcall[authenticate]: module "unix" returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 164 to 144.133.145.11:1812 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 164 with timestamp 44a38917 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 144.133.145.11:1812, id=165, length=82 NAS-IP-Address = 144.133.145.11 NAS-Port = 2 NAS-Port-Type = Virtual User-Name = "c927693" Calling-Station-Id = "144.133.188.238" User-Password = "\036\000\247\352!m\001\251\3149\220HZKqP" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 Invalid operator for item Prefix: reverting to '==' Invalid operator for item Prefix: reverting to '==' Invalid operator for item Prefix: reverting to '==' Invalid operator for item Prefix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 1 rlm_realm: No '@' in User-Name = "c927693", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 HASH: user c927693 found in hashtable bucket 51401 users: Matched entry DEFAULT at line 40 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 HASH: user c927693 found in hashtable bucket 51401 modcall[authenticate]: module "unix" returns reject for request 1 modcall: group authenticate returns reject for request 1 auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! Delaying request 1 for 1 seconds Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 165 to 144.133.145.11:1812 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 165 with timestamp 44a389a7 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 144.133.145.11:1812, id=166, length=79 NAS-IP-Address = 144.133.145.11 NAS-Port = 2 NAS-Port-Type = Virtual User-Name = "fred" Calling-Station-Id = "144.133.188.238" User-Password = "8y\356\005\243\251\252W\234\rT\220\262{\347?" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 Invalid operator for item Prefix: reverting to '==' Invalid operator for item Prefix: reverting to '==' Invalid operator for item Prefix: reverting to '==' Invalid operator for item Prefix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 2 rlm_realm: No '@' in User-Name = "fred", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 users: Matched entry DEFAULT at line 40 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 modcall[authenticate]: module "unix" returns notfound for request 2 modcall: group authenticate returns notfound for request 2 auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! Delaying request 2 for 1 seconds Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 166 to 144.133.145.11:1812 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 166 with timestamp 44a389df Nothing to do. Sleeping until we see a request. ^C bash-3.00# - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html