Dusty Doris wrote:
>> The only part the does not work is the chap authentication all other
>> authentication works as it should. Our wholesale provider says we are
>> doing PAP just fine but no chap. They had very old instructions for
>> Freeradius but decided to start out with a totally clean install.
>>
>> This user below is in mysql database, and the system passwd/shadow
files.
>>
>> He will not authenticate with the mysql database when we include a realm
>> @domain
>> and chap password.
>>
>> It gets the slipstream false from the database so I'm not sure why it
>> won't authenticate
>> the rest.
>>
>> Thread 1 handling request 0, (1 handled so far)
>> User-Name = "[EMAIL PROTECTED]"
>> User-Password = "test123"
>> NAS-IP-Address = 255.255.255.255
>> NAS-Port = 100
>>
>
>
> I don't see a CHAP password in there.
>
>
>
>> Processing the authorize section of radiusd.conf
>> modcall: entering group authorize for request 0
>> hints: Matched other at 80
>>
>
>
> You matched on the hints file on line 80 - what does your hints file say?
>
>
>
DEFAULT Suffix == ".ppp", Strip-User-Name = Yes
Hint = "PPP",
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Suffix == ".slip", Strip-User-Name = Yes
Hint = "SLIP",
Service-Type = Framed-User,
Framed-Protocol = SLIP
DEFAULT Suffix == ".cslip", Strip-User-Name = Yes
Hint = "CSLIP",
Service-Type = Framed-User,
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
other Suffix == "@surftheusa.com", Strip-User-Name = Yes
Hint = "PPP",
Service-Type = Framed-User,
Framed-Protocol = PPP
>> modcall[authorize]: module "preprocess" returns ok for request 0
>> modcall[authorize]: module "attr_filter" returns noop for request 0
>> modcall[authorize]: module "chap" returns noop for request 0
>> rlm_realm: No '@' in User-Name = "rniclh", skipping NULL due to
config.
>> modcall[authorize]: module "suffix" returns noop for request 0
>> rlm_eap: No EAP-Message, not doing EAP
>> modcall[authorize]: module "eap" returns noop for request 0
>> users: Matched entry DEFAULT at line 159
>> users: Matched entry DEFAULT at line 178
>> users: Matched entry DEFAULT at line 190
>>
>
>
> You matched the users file in three seperate lines, 159, 178, and 190.
> What does your users file say on each of those lines?
>
>
>
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT Auth-Type == System
Fall-Through = 1
# Defaults for all framed connections.
#
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
#
# Default for PPP: dynamic IP address, PPP mode, VJ-compression.
# NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected
# by the terminal server in which case there may not be a "P" suffix.
# The terminal server sends "Framed-Protocol = PPP" for auto PPP.
#
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
#
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for SLIP: dynamic IP address, SLIP mode.
#
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
>> modcall[authorize]: module "files" returns ok for request 0
>> radius_xlat: 'rniclh'
>> rlm_sql (sql): sql_set_user escaped user --> 'rniclh'
>>
>
> ...
>
>
>> modcall[authorize]: module "sql" returns ok for request 0
>> modcall: group authorize returns ok for request 0
>>
>
>
> Your sql call returned OK, that means the sql part worked.
>
>
>
>> rad_check_password: Found Auth-Type System
>> auth: type "System"
>>
>
>
> Now it just got changed to Auth-Type System. Is this from your users
> file?
>
>
>
>> Processing the authenticate section of radiusd.conf
>> modcall: entering group authenticate for request 0
>> rlm_unix: [rniclh]: invalid password
>>
>
>
> You authenticated with the unix module, is that what you want? The user
> failed because the password did not match your /etc/passwd file.
>
>
>
>> modcall[authenticate]: module "unix" returns reject for request 0
>> modcall: group authenticate returns reject for request 0
>> auth: Failed to validate the user.
>>
>
>
> I would look at your hints file and your users file to the lines it
> matched at - post them here if you want us to take a look at it.
Also, if
> you don't want to use /etc/passwd, then disable the unix module in the
> authentication section.
>
>
> - List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
>
>
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
