Greetings, Can u please check with radiusd -X with debugging mode n try to check all thing again..so u will get extact where u stuck. just run command: radius -X after try to authenticat with local n see wht debugging output show and after try to using poptop and check radius debug , if still u r getting error with mschap than try to use only PAP n try again same procedure.
And 1 more can u also check with radlog file.. i hope u will solutions. On Sun, 29 Aug 2004 02:00:47 -0700 (PDT), John H. <[EMAIL PROTECTED]> wrote: > ok, as soon as I uncomment the two following lines > from /etc/ppp/options.pptpd, I can no longer connect > with anything to poptop... > > #plugin /usr/lib/pppd/2.4.3/radius.so > #radius-config-file > /etc/radiusclient/radiusclient.conf > > even though I set up freeradius for ldap, and if I use > radtest with an ldap account, it works fine... > > it will say this in the log when I try it with radius > plugin... > > Aug 29 03:54:58 server1 pppd[8736]: Plugin > /usr/lib/pppd/2.4.3/radius.so loaded. > Aug 29 03:54:58 server1 pppd[8736]: RADIUS plugin > initialized. > > so what's the deal? I am using mschap2, and when I > use radius plugin, it says > > Aug 29 03:55:11 server1 pppd[8736]: Peer username > failed CHAP authentication > > even though the same account works fine with radtest > > /etc/radiusclient/servers has > localhost password > > here is my radiusclient config file... > > # General settings > > # specify which authentication comes first > respectively which > # authentication is used. possible values are: > "radius" and "local". > # if you specify "radius,local" then the RADIUS server > is asked > # first then the local one. if only one keyword is > specified only > # this server is asked. > auth_order radius,local > > # maximum login tries a user has (default 4) > login_tries 4 > > # timeout for all login tries (default 60) > # if this time is exceeded the user is kicked out > login_timeout 60 > > # name of the nologin file which when it exists > disables logins. > # it may be extended by the ttyname which will result > in > # a terminal specific lock (e.g. /etc/nologin.ttyS2 > will disable > # logins on /dev/ttyS2) (default /etc/nologin) > nologin /etc/nologin > > # name of the issue file. it's only display when no > username is passed > # on the radlogin command line (default > /etc/radiusclient/issue) > issue /etc/radiusclient/issue > > # RADIUS settings > > # RADIUS server to use for authentication requests. > this config > # item can appear more then one time. if multiple > servers are > # defined they are tried in a round robin fashion if > one > # server is not answering. > # optionally you can specify a the port number on > which is remote > # RADIUS listens separated by a colon from the > hostname. if > # no port is specified /etc/services is consulted of > the radius > # service. if this fails also a compiled in default is > used. > authserver localhost:1812 > > # RADIUS server to use for accouting requests. All > that I > # said for authserver applies, too. > # > acctserver localhost:1813 > > # file holding shared secrets used for the > communication > # between the RADIUS client and server > servers /etc/radiusclient/servers > > # dictionary of allowed attributes and values > # just like in the normal RADIUS distributions > dictionary /etc/radiusclient/dictionary > > # program to call for a RADIUS authenticated login > # (default /usr/sbin/login.radius) > login_radius /usr/sbin/login.radius > > # file which holds sequence number for communication > with the > # RADIUS server > seqfile /var/run/radius.seq > > # file which specifies mapping between ttyname and > NAS-Port attribute > mapfile /etc/radiusclient/port-id-map > > # default authentication realm to append to all > usernames if no > # realm was explicitly specified by the user > # the radiusd directly form Livingston doesnt use any > realms, so leave > # it blank then > default_realm > > # time to wait for a reply from the RADIUS server > radius_timeout 10 > > # resend request this many times before trying the > next server > radius_retries 3 > > # NAS-Identifier > # > # If supplied, this option will cause the client to > send the given string > # as the contents of the NAS-Identifier attribute in > RADIUS requests. No > # NAS-IP-Address attribute will be sent in this case. > # > # The default behavior is to send a NAS-IP-Address > option and not send > # a NAS-Identifier. The value of the NAS-IP-Address > option is chosen > # by resolving the system hostname. > > # nas_identifier MyUniqueNASName > > # LOCAL settings > > # program to execute for local login > # it must support the -f flag for preauthenticated > login > login_local /bin/login > > any help appreciated. > > > _______________________________ > Do you Yahoo!? > Win 1 of 4,000 free domain names from Yahoo! Enter now. > http://promotions.yahoo.com/goldrush > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Regards Vipul Ramani [EMAIL PROTECTED] [EMAIL PROTECTED] ~~~~~We Know HoW NeTWoRkS !!!!~~~ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
