Solved FreeRadius PAP Authentication Issue in OpenVPN

Description: In this trutorial I’ll explain about the issue related to PAP Authentication which is due to the shared secret key. You need to follow the steps if you see this:

WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject.

[pap] Passwords don’t match.

Open the radius log /var/log/radiuslog and you see this kind of error:

WARNING: Unprintable characters in the password.  Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject ([pap] Passwords don’t match).

[pap] login attempt with password “5?q¦¦?!##+Y?E¦¦”
[pap] Using clear text password “mypassword”

As the warning address the location of the error so you should match your key as described in warning .This should be NAS shared secret and shared secret on other freeradius.

If you see the NAS table and freeradius both have same key (keep in mind there should be no special character in the key like @) then change the key so some simple charters like “mysecretkey”. This may be due to too long shared secret or data type conversion mismatch between your Radius server and Service Shared Secret.

The shared key is in 3 place and you should change them all.

1) Radcheck database table in Radius Server
2) /etc/raddb/clients.conf (In case of CentOS)
3) /etc/openvpn/radiusplugin.cnf

Other thing that cause this error is the raddb/client you should check the file and check the Authentication type, may the single IP is enter in this file and you should allow all the IP (it depends on the configuration).

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *