Re: Login rejected. Error 691.

2007-12-04 Thread pungki arianto 
On Dec 4, 2007 1:19 PM, Alan DeKok [EMAIL PROTECTED] wrote:

 pungki arianto wrote:
  How can I create clear text password for user? Is there any
  documentation that I have to read for setting that?

  Yes.  Lots.  The FAQ, config files, etc.



I read the FAQ from
http://wiki.freeradius.org/index.php/FAQ#Debugging_it_yourself
but the Cleartext-Password attribute is only for freeradius 1.1.6 / 1.1.7 or
2.0.0pre2. I'm using freeRadius 1.1.2 and Cleartext-Password attribut is not
known by the server. Does this version (1.1.2) support Cleartext-Password?

-Pungki
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Login rejected. Error 691.

2007-12-02 Thread pungki arianto 
I installed FreeRadius 1.1.2 on FreeBSD 6.0. I followed the HOWTO from
http://tldp.org/HOWTO/8021X-HOWTO/freeradius.html to configure the server.
When I ran radtest, it show the message like this:

Sending Access-Request of id 153 to 10.1.1.3 port 1645
User-Name = [EMAIL PROTECTED]
User-Password = sni
NAS-IP-Address = 255.255.255.255
NAS-Port = 1645
rad_recv: Access-Accept packet from host 10.1.1.3:1645, id=153, length=20

or

Sending Access-Request of id 153 to 10.1.1.3 port 1645
User-Name = user
User-Password = sni
NAS-IP-Address = 255.255.255.255
NAS-Port = 1645
rad_recv: Access-Accept packet from host 10.1.1.3:1645, id=153, length=20

The user 'user' already registered inside /etc/password:
user:*:1006:1006:user_radius_sisni:/home/user:/usr/sbin/nologin

In radius.conf , proxy_request is set to No. And the $INCLUDE
${confdir}/proxy.conf is already commented.
But I still got this message:  rlm_realm: Proxy reply, or no User-Name.
Ignoring.

This is the content from huntgroup file:
LNS-KPU-SM2 NAS-IP-Address == 10.1.1.0

This is the content from hints file
DEFAULT Suffix == @sisni, Strip-User-Name = Yes
Hint = sisni,


If I tried to dial the Radius from Windows terminal, it always give me an
error like this:
*Error 691*: Access was denied because the user name and/or password was
invalid on the domain

Please help me to fix the error.
Thank you.


-Pungki



Here is the last message in  /var/log/radacct/10.1.1.0/detail-20071203

 Acct-Status-Type = Accounting-On
NAS-IP-Address = 10.1.1.0
NAS-Identifier = LNS-KPU-SM2
Acct-Authentic = RADIUS
Acct-Session-Id = load:2147484043
Event-Timestamp = Nov 22 2007 10:25:47 WIT
Acct-Delay-Time = 957324
Client-IP-Address = 10.1.1.0
Timestamp = 1196662186


Here is the message that show after radiusd -X command.

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = /usr/local
 main: localstatedir = /var
 main: logdir = /var/log
 main: libdir = /usr/local/lib
 main: radacctdir = /var/log/radacct
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = /var/log/radius.log
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = /var/run/radiusd/radiusd.pid
 main: user = (null)
 main: group = (null)
 main: usercollide = no
 main: lower_user = no
 main: lower_pass = no
 main: nospace_user = no
 main: nospace_pass = no
 main: checkrad = /usr/local/sbin/checkrad
 main: proxy_requests = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
 exec: wait = yes
 exec: program = (null)
 exec: input_pairs = request
 exec: output_pairs = (null)
 exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
 pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no
 mschap: passwd = (null)
 mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded System
 unix: cache = no
 unix: passwd = /etc/passwd
 unix: shadow = /etc/shadow
 unix: group = /etc/group
 unix: radwtmp = /var/log/radwtmp
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
 eap: default_eap_type = md5
eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = Password: 
 gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = /usr/local/etc/raddb/huntgroups
 preprocess: hints = /usr/local/etc/raddb/hints
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)