No "known good" password found for the user.

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

No "known good" password found for the user.

Users mailing list

Hi,

I can auth against a RADIATOR setup when trying to ssh into a server,
but when I try to change to auth against my freeRADIUS servers I get "
No "known good" password found for the user. "

TLSMC: MozNSS compatibility interception begins.
tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration
is present.
tlsmc_intercept_initialization: INFO: successfully intercepted TLS
initialization. Continuing with OpenSSL only.
TLSMC: MozNSS compatibility interception ends.
rlm_ldap (ldap): Bind successful
(414) pap: WARNING: No "known good" password found for the user.  Not
setting Auth-Type
(414) pap: WARNING: Authentication will fail unless a "known good"
password is available
(414) # Executing group from file /etc/raddb/sites-enabled/default
(414) ntlm_auth: Program executed successfully

Regards
Rob
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: No "known good" password found for the user.

Matthew Newton-3
On 26/08/2020 09:56, ROB HUGHES via Freeradius-Users wrote:

> I can auth against a RADIATOR setup when trying to ssh into a server,
> but when I try to change to auth against my freeRADIUS servers I get "
> No "known good" password found for the user. "
>
> TLSMC: MozNSS compatibility interception begins.
> tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration
> is present.
> tlsmc_intercept_initialization: INFO: successfully intercepted TLS
> initialization. Continuing with OpenSSL only.
> TLSMC: MozNSS compatibility interception ends.
> rlm_ldap (ldap): Bind successful
> (414) pap: WARNING: No "known good" password found for the user.  Not
> setting Auth-Type
> (414) pap: WARNING: Authentication will fail unless a "known good"
> password is available
> (414) # Executing group from file /etc/raddb/sites-enabled/default
> (414) ntlm_auth: Program executed successfully

Don't use LDAP libraries that are linked against NSS. NSS compatibility
is not actually compatible and it won't work properly.

See packages.networkradius.com for the latest FreeRADIUS packages and
there are instructions on installing the LTB LDAP libraries that are
linked against OpenSSL.

--
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html