Using radiusd: FreeRADIUS Version 0.5, for host i686-pc-linux-gnu, built on Jun 14 2002 at 10:26:10
If I send a packet with both the MS-CHAP-Challenge & MS-CHAP-Response I get a Segmentation fault. If I don't send the MS-CHAP-Response, just the MS-CHAP-Challenge the server runs, but of course complains about the missing LM/NT password. As you can see from the following output 'mschap' is not run during authorization - it dies after 'files'. I've tried pointing it to the SAMBA password file but it makes no difference. Here's the authentication when there's no MS-CHAP-Response - looks correct. Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.137:1339, id=12, length=84 NAS-IP-Address = 127.0.0.1 NAS-Identifier = "radtest" NAS-Port-Id = 1 Acct-Tunnel-Client-Endpoint = "\000149.225.44.2" User-Name = "michael" Password = "\373\366 \363\246o\021\001\325k\276\320\013\336\322\333" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair modcall[authorize]: module "counter" returns noop modcall[authorize]: module "suffix" returns ok users: Matched michael at 38 modcall[authorize]: module "files" returns ok modcall[authorize]: module "mschap" returns noop modcall: group authorize returns ok rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" modcall: entering group authenticate Looking for LM password. Looking for NT password. rlm_mschap: No LM/NT password configured. Check authorization. modcall[authenticate]: module "mschap" returns invalid modcall: group authenticate returns invalid auth: Failed to validate the user. Login incorrect: [michael] (from nas UNKNOWN-NAS port 1) Sending Access-Reject of id 12 to 192.168.1.137:1339 Finished request 0 Here's what happens if the MS-CHAP-Response is present (full debug dump): [root@tb6 michael]# /usr/local/sbin/radiusd -xx -s Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 256 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd.pid" main: user = "root" main: group = "root" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 security: max_attributes = 200 security: reject_delay = 0 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded System unix: cache = yes unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 HASH: Reinitializing hash structures and lists for caching... ... HASH: Stored 34 entries from /etc/passwd HASH: Stored 47 entries from /etc/group Module: Instantiated unix (unix) Module: Loaded MS-CHAP mschap: ignore_password = no mschap: use_mppe = no mschap: require_encryption = no mschap: require_strong = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded Counter counter: filename = "/etc/raddb/db.counter" counter: key = "User-Name" counter: reset = "daily" counter: count-attribute = "Acct-Session-Time" counter: counter-name = "Daily-Session-Time" counter: check-name = "Max-Daily-Session" counter: allowed-servicetype = "Framed-User" counter: cache-size = 5000 rlm_counter: Counter attribute Daily-Session-Time is number 1145 rlm_counter: Current Time: 1024064994, Next reset 1024113600 Module: Instantiated counter (counter) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail" detail: detailperm = 384 detail: dirperm = 493 Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.137:1325, id=10, length=136 NAS-IP-Address = 127.0.0.1 NAS-Identifier = "radtest" NAS-Port-Id = 1 MS-CHAP-Challenge = 0x827d8a93f0f874dc MS-CHAP-Response = 0x640220db4e865aeb78a1e0b5a1fd77c8938bf8b0f66659e2767dad76c2c8c842d03b1cc1965e22726dbfeef095e2a00d2be5 User-Name = "michael" Password = "J\210"\371JR^\202F\204:\225\242lt\321" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair modcall[authorize]: module "counter" returns noop modcall[authorize]: module "suffix" returns ok users: Matched michael at 38 modcall[authorize]: module "files" returns ok Segmentation fault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html