Dusty Doris wrote:
The only part the does not work is the chap authentication all other
authentication works as it should. Our wholesale provider says we are
doing PAP just fine but no chap. They had very old instructions for
Freeradius but decided to start out with a totally clean install.
This user below is in mysql database, and the system passwd/shadow files.
He will not authenticate with the mysql database when we include a realm
@domain
and chap password.
It gets the slipstream false from the database so I'm not sure why it
won't authenticate
the rest.
Thread 1 handling request 0, (1 handled so far)
User-Name = "[EMAIL PROTECTED]"
User-Password = "test123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 100
I don't see a CHAP password in there.
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
hints: Matched other at 80
You matched on the hints file on line 80 - what does your hints file say?
DEFAULT Suffix == ".ppp", Strip-User-Name = Yes
Hint = "PPP",
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Suffix == ".slip", Strip-User-Name = Yes
Hint = "SLIP",
Service-Type = Framed-User,
Framed-Protocol = SLIP
DEFAULT Suffix == ".cslip", Strip-User-Name = Yes
Hint = "CSLIP",
Service-Type = Framed-User,
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
other Suffix == "@surftheusa.com", Strip-User-Name = Yes
Hint = "PPP",
Service-Type = Framed-User,
Framed-Protocol = PPP
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "attr_filter" returns noop for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_realm: No '@' in User-Name = "rniclh", skipping NULL due to config.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 159
users: Matched entry DEFAULT at line 178
users: Matched entry DEFAULT at line 190
You matched the users file in three seperate lines, 159, 178, and 190.
What does your users file say on each of those lines?
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT Auth-Type == System
Fall-Through = 1
# Defaults for all framed connections.
#
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
#
# Default for PPP: dynamic IP address, PPP mode, VJ-compression.
# NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected
# by the terminal server in which case there may not be a "P" suffix.
# The terminal server sends "Framed-Protocol = PPP" for auto PPP.
#
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
#
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for SLIP: dynamic IP address, SLIP mode.
#
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
modcall[authorize]: module "files" returns ok for request 0
radius_xlat: 'rniclh'
rlm_sql (sql): sql_set_user escaped user --> 'rniclh'
...
modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
Your sql call returned OK, that means the sql part worked.
rad_check_password: Found Auth-Type System
auth: type "System"
Now it just got changed to Auth-Type System. Is this from your users
file?
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_unix: [rniclh]: invalid password
You authenticated with the unix module, is that what you want? The user
failed because the password did not match your /etc/passwd file.
modcall[authenticate]: module "unix" returns reject for request 0
modcall: group authenticate returns reject for request 0
auth: Failed to validate the user.
I would look at your hints file and your users file to the lines it
matched at - post them here if you want us to take a look at it. Also, if
you don't want to use /etc/passwd, then disable the unix module in the
authentication section.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
