I have a Wolverine VPN (www.coyotelinux.com) attempting to authenticate
against FreeRadius. I have installed Wolverine and it works ok with local
authentication. I have FreeRadius installed on another box. I uncommented
out user steve in the users file for testing. I can get a positive
authentications when using Radping. If I try to authenticate steve via
Wolverine (where another box trys to start a pptp session through wolverine
using steve as the userid with password) it fails. The dump of the two
conversations is below. Any ideas are way appreciated.
Wolverine is 192.168.0.2
FreeRadius is 192.168.0.3
My workstation with NTRadPing is 192.168.0.125
Thanks
GT
Here is the Trace, I put in my comments surounded by plus(+) signs:
[root@wfcRadiusSql01 raddb]# radiusd -sfxxyz -l stdout
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
security: max_attributes = 200
security: reject_delay = 1
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded System
unix: cache = yes
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
HASH: Reinitializing hash structures and lists for caching...
HASH: user root found in hashtable bucket 11726
HASH: user bin found in hashtable bucket 86651
HASH: user daemon found in hashtable bucket 11668
HASH: user adm found in hashtable bucket 26466
HASH: user lp found in hashtable bucket 54068
HASH: user sync found in hashtable bucket 42895
HASH: user shutdown found in hashtable bucket 71746
HASH: user halt found in hashtable bucket 7481
HASH: user mail found in hashtable bucket 79471
HASH: user news found in hashtable bucket 5375
HASH: user uucp found in hashtable bucket 38541
HASH: user operator found in hashtable bucket 21748
HASH: user games found in hashtable bucket 47657
HASH: user gopher found in hashtable bucket 47357
HASH: user ftp found in hashtable bucket 56226
HASH: user nobody found in hashtable bucket 99723
HASH: user ntp found in hashtable bucket 21418
HASH: user rpc found in hashtable bucket 72373
HASH: user vcsa found in hashtable bucket 25959
HASH: user nscd found in hashtable bucket 36306
HASH: user sshd found in hashtable bucket 71560
HASH: user rpm found in hashtable bucket 72383
HASH: user mailnull found in hashtable bucket 78086
HASH: user smmsp found in hashtable bucket 13600
HASH: user rpcuser found in hashtable bucket 552
HASH: user nfsnobody found in hashtable bucket 51830
HASH: user pcap found in hashtable bucket 55326
HASH: user xfs found in hashtable bucket 17213
HASH: user named found in hashtable bucket 7729
HASH: user gdm found in hashtable bucket 50360
HASH: user postgres found in hashtable bucket 19301
HASH: user apache found in hashtable bucket 26582
HASH: user postfix found in hashtable bucket 23093
HASH: user squid found in hashtable bucket 62826
HASH: user webalizer found in hashtable bucket 3037
HASH: user mysql found in hashtable bucket 46314
HASH: user glynn found in hashtable bucket 57940
HASH: Stored 37 entries from /etc/passwd
HASH: Stored 47 entries from /etc/group
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This is where it succeeds from ntRadPing
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.125:4538, id=1,
length=45
User-Name = "steve"
User-Password = "\333z\233\276\246\303\301\026\0029\241\367\003\322\027\305"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm NULL for User-Name = "steve"
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched steve at 80
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 1 to 192.168.0.125:4538
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 172.16.3.33
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Framed-Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 1 with timestamp 3dad7ad6
Nothing to do. Sleeping until we see a request.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This is where it fails with wolverine
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
rad_recv: Access-Request packet from host 192.168.0.2:32768, id=18,
length=121
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "steve"
MS-CHAP-Challenge = 0x76ee9496439d61f78db9a181d987ee42
MS-CHAP2-Response =
0x01003f787372c0ca0cd11f4b8291f102aa8f00000000000000003bca104ab18c2d6800d746
815be19f8e1167e96f523b927f
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm NULL for User-Name = "steve"
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched steve at 80
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 18 to 192.168.0.2:32768
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 18 with timestamp 3dad7ae7
Nothing to do. Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
