Freeradius: problem with PAP auth

[magarra]

Hello everyone!

I'm trying to set up free version of Openvpn AS to work with freeradius. Both servers based on the same machine, so I want to use PAP auth between them to get on freeradius cleartext-password from PAP requests, make some md5+salt actions with user-passords and compare result with my database.
When I test with NTRadPing without CHAP (with cleartext-passwords), freeradius gets correct password and able to deal with it.
When I try to authorize client with OpenVPN AS with PAP auth in server config, freeradius module PAP didn't recognize PAP requests an the password comes to freeradius in strange form. Here is a part of freeradius log:

rad_recv: Access-Request packet from host 127.0.0.1 port 56628, id=0, length=98
NAS-Identifier = "OpenVPN.mynet.local"
User-Name = "magarra"
User-Password = "\214?\366*\237\263h\217\036|\241\207\367\206\313;"
NAS-Port = 18
Service-Type = Outbound-User
Framed-Protocol = PPP
NAS-Port-Type = Virtual
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop

I don't understand, on which step the password becomes such pumpkin? And why pap module of freeradius didn't understand pap requests? And even more - every new connection try with the same password I see different bla-bla-bla instead of passwords There are a few examples (three connections one after enother):

1

rad_recv: Access-Request packet from host 127.0.0.1 port 56628, id=3, length=98
NAS-Identifier = "OpenVPN.mynet.local"
User-Name = "magarra"
User-Password = "\222\255\355\273\033\361\337\021\277jb\024x\254\352\006"
NAS-Port = 19
Service-Type = Outbound-User
Framed-Protocol = PPP
NAS-Port-Type = Virtual
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop

2

rad_recv: Access-Request packet from host 127.0.0.1 port 56628, id=9, length=98
NAS-Identifier = "OpenVPN.mynet.local"
User-Name = "magarra"
User-Password = "J\375\357\363\n?\263\2657\273\327=\236\272н╣"
NAS-Port = 20
Service-Type = Outbound-User
Framed-Protocol = PPP
NAS-Port-Type = Virtual
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop

3

rad_recv: Access-Request packet from host 127.0.0.1 port 56628, id=11, length=98
NAS-Identifier = "OpenVPN.mynet.local"
User-Name = "magarra"
User-Password = "\322]7\373\204\022\027\rS\352P=\262\014C\376"
NAS-Port = 21
Service-Type = Outbound-User
Framed-Protocol = PPP
NAS-Port-Type = Virtual
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop

Please, any sugestions?

[magarra]

Unexpectedly found desigion, thanks a lot to VanDyke from sysadmins.ru

The problem - wrong private key, configured in /etc/freeradius/clients.conf for localhost client. I've had configured some remote clients with correct key, but localhost section was from default config: with test123 password.