Dear Michael Hare, Either your LDAP is not configured to add User-Password attribute to configuration (:= operation should be used) or mschap module is not configured to set Auth-Type to MS-CHAP (see module configuration).
--Wednesday, March 26, 2003, 7:47:48 PM, you wrote to [EMAIL PROTECTED]: MH> Hello- MH> Yes, I've seen that advice many times on the mailing list, however, I do MH> have that setup already. MH> authorize { MH> preprocess MH> attr_filter MH> suffix MH> files MH> ldap MH> chap MH> mschap MH> force_username MH> } MH> authenticate { MH> authtype PAP { MH> pap MH> } MH> authtype CHAP { MH> chap MH> } MH> authtype MS-CHAP { MH> mschap MH> } MH> authtype LDAP { MH> ldap MH> } MH> } MH> /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ MH> Michael Hare MH> UW-Madison/WiscNet Network Engineering MH> My phone: 608-262-5236 MH> 24-Hour NOC: 608-263-4188 MH> WiscNet: 608-265-6761 MH> -----Original Message----- MH> From: [EMAIL PROTECTED] MH> [mailto:[EMAIL PROTECTED] On Behalf Of 3APA3A MH> Sent: Wednesday, March 26, 2003 9:54 AM MH> To: Michael Hare MH> Subject: Re: What's a 'normal' looking debug for mschap (with ldap)? MH> Dear Michael Hare, MH> In authorize section mschap should follow the module retrieving user's MH> password (for example ldap). MH> --Wednesday, March 26, 2003, 6:26:01 PM, you wrote to MH> [EMAIL PROTECTED]: MH>> All- MH>> I'm in the initial stages of understanding and trying to set up our LDAP MH>> auth environment (storing plaintext passwords) with MSCHAP. We're using MH> a MH>> Cisco 30xx VPN concentrator. MH>> I've read the rlm_mschap doc in the docs/ subdir, and I think I have my MH>> radius config setup OK. However, I'm starting to wonder if I'm having MH>> client, VPN concentrator issues, and hopefully by looking at my debugs MH>> somebody on this list can help me decide that. MH>> This is more than likely a problem with me not understanding CHAP, but I MH>> find it strange there is no Chap-Password supplied in the access-request MH>> packet.. Perhaps there are multiple pieces missing here? (Yes, MH> non-CHAP MH>> authentication works OK) MH>> rad_recv: Access-Request packet from host 144.92.44.114:2474, id=50, MH>> length=165 MH>> User-Name = "radius.testuser" MH>> NAS-Port = 5735 MH>> Service-Type = Framed-User MH>> Framed-Protocol = PPP MH>> Tunnel-Client-Endpoint:0 = "128.104.19.106" MH>> MS-CHAP-Challenge = 0x93f85072a0d1b096d65d11bdc1a6ecba MH>> MS-CHAP2-Response = MH>> MH> 0x0200917d137fbe6068ce0ff6497fd585346f0000000000000000083a89c344e820927e54de MH>> 0aab531960ebca12bd418e6904 MH>> NAS-IP-Address = 144.92.44.114 MH>> NAS-Port-Type = Virtual MH>> ... MH>> ... MH>> rlm_chap: Could not find proper Chap-Password attribute in request MH>> modcall[authorize]: module "chap" returns noop MH>> modcall[authorize]: module "mschap" returns notfound MH>> ... MH>> ... MH>> auth: type "LDAP" MH>> modcall: entering group authtype MH>> rlm_ldap: - authenticate MH>> rlm_ldap: Attribute "User-Password" is required for authentication. MH>> modcall[authenticate]: module "ldap" returns invalid MH>> modcall: group authtype returns invalid MH>> auth: Failed to validate the user. MH>> Delaying request 1 for 1 seconds MH>> Finished request 1 MH>> Going to the next request MH>> --- Walking the entire request list --- MH>> Waking up in 1 seconds... MH>> --- Walking the entire request list --- MH>> Sending Access-Reject of id 50 to 144.92.44.114:2474 MH>> MS-CHAP-Error = "\002E=691 R=1" MH>> Waking up in 4 seconds... MH>> --- Walking the entire request list --- MH>> Cleaning up request 1 ID 50 with timestamp 3e81b844 MH>> Nothing to do. Sleeping until we see a request. MH>> /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ MH>> Michael Hare MH>> UW-Madison/WiscNet Network Engineering MH>> My phone: 608-262-5236 MH>> 24-Hour NOC: 608-263-4188 MH>> WiscNet: 608-265-6761 MH>> - MH>> List info/subscribe/unsubscribe? See MH> http://www.freeradius.org/list/users.html -- ~/ZARAZA Да, ему чертовски повезло. Эх и паршиво б ему пришлось если бы он выжил! (Твен) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html